SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for tomcat-javadoc-9.0.82-150200.46.1.noarch.rpm :

* Fri Oct 13 2023 fstrbaAATTsuse.com- Update to Tomcat 9.0.82
* Catalina + Add: 65770: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. + Fix: Fix handling of an error reading a context descriptor on deployment. + Fix: Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. + Fix: 67472: Send fewer CORS-related headers when CORS is not actually being engaged. + Add: Improve handling of failures within recycle() methods.
* Coyote + Fix: 67670: Fix regression with HTTP compression after code refactoring. + Fix: 67198: Ensure that the AJP connector attribute tomcatAuthorization takes precedence over the tomcatAuthentication attribute when processing an auth_type attribute received from a proxy server. + Fix: 67235: Fix a NullPointerException when an AsyncListener handles an error with a dispatch rather than a complete. + Fix: When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. + Fix: Fix logic issue trying to match no argument method in IntropectionUtil. + Fix: Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. + Fix: Avoid rare thread safety issue accessing message digest map. + Fix: Improve statistics collection for upgraded connections under load. + Fix: Align validation of HTTP trailer fields with standard fields. + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, CVE-2023-44487)
* jdbc-pool + Fix: 67664: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 9.0.81 that broke the jdbc-pool.
* Jasper + Fix: 67080: Improve performance of EL expressions in JSPs that use implicit objects
* Thu Sep 21 2023 fstrbaAATTsuse.com- Update to Tomcat 9.0.80
* Catalina + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks + Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop() methods. + Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. + 66513: Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. + 66609: Ensure that the default servlet correctly escapes file names in directory listings when using XML output. + 66618: Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. + 66621: Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. + 66622: Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false as support for the associated HTTP header has been removed from all major browsers. + 59232: Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. + 66665: Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context\'s role mapping from a properties file. + Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false. + Add utility config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible. + Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. + Make parsing of ExtendedAccessLogValve patterns more robust. + Fix failure trying to persist configuration for an internal credential handler. + 66680: When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. + Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. + 66822: Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. + The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. + If an application or library sets both a non-500 error code and the javax.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. + Update code comments and Tomcat output to use MiB for 1024
* 1024 bytes and KiB for 1024 bytes rather than MB and kB. + Avoid protocol relative redirects in FORM authentication (CVE-2023-41080, bsc#1214666).
* Coyote + Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. + 66602: not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. + 66627: Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion. + 66635: Correct certificate logging on start-up so it differentiates between keystore based keys/certificates and PEM file based keys/certificates and logs the relevant information for each. + Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. + Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. + Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. + Refactor HTTP/2 implementation to reduce pinning when using virtual threads. + Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. + 66841: Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. + 66842: When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. + Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream.
* WebSocket + 66548: Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. + Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. + Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed. + 66681: Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate.
* Web applications + Documentation. Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property. + 66662: Documentation. Fix a typo in the name of the algorithms attribute in the configuration section for the Digest authentication value. + Documentation. Update documentation to use MiB for 1024
* 1024 bytes and KiB for 1024 bytes rather than MB and kB.
* jdbc-pool + Fix the releaseIdleCounter does not increment when testAllIdle releases them. + Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing.
* Other + Update to Commons Daemon 1.3.4. + Improvements to French translations. + Update Checkstyle to 10.12.0. + Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built with with OpenSSL 1.1.1u. + Include the Windows specific binary distributions in the files uploaded to Maven Central. + Improvements to French translations. + Improvements to Japanese translations. + Update UnboundID to 6.0.9. + Update Checkstyle to 10.12.1. + Update BND to 6.4.1. + Update JSign to 5.0. + Correct properties for JSign dependency. + Align documentation for maxParameterCount to match hard-coded defaults. + Update NSIS to 3.0.9. + Update Checkstyle to 10.12.2. + Improvements to French translations. + Improvements to Japanese translations. + 66829: Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. + Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v. + Improvements to Chinese translations. + Improvements to French translations. + Improvements to Japanese translations- Removed patch:
* tomcat-9.0.75-CVE-2023-41080.patch + integrated in this version
* Thu Sep 21 2023 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666)- Added patches:
* tomcat-9.0.75-CVE-2023-41080.patch
* Mon Sep 18 2023 fstrbaAATTsuse.com- Modified patch:
* tomcat-9.0-osgi-build.patch + make it more robust to change in number of artifacts in bnd + do not enumerate jars, just take all jars from the aqute-bnd directory into the classpath
* Tue Sep 12 2023 fstrbaAATTsuse.com- Require(pre) shadow because groupadd is needed early
* Tue May 23 2023 fstrbaAATTsuse.com- Update to Tomcat 9.0.75.
* See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt)
* Fixes: + bsc#1211608, CVE-2023-28709 + bsc#1208513, CVE-2023-24998 (previous incomplete fix)- Remove patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* tomcat-9.0-CVE-2021-41079.patch
* tomcat-9.0-CVE-2022-23181.patch
* tomcat-9.0-NPE-JNDIRealm.patch
* tomcat-9.0-hardening_getResources.patch
* tomcat-9.0.43-CVE-2021-43980.patch
* tomcat-9.0.43-CVE-2022-42252.patch
* tomcat-9.0.43-CVE-2022-45143.patch
* tomcat-9.0.43-CVE-2023-24998.patch
* tomcat-9.0.43-CVE-2023-28708.patch + integrated in this version
* tomcat-9.0.43-java8compat.patch + problem with Java 8 compatibility solved in this version- Modified patch:
* tomcat-9.0.31-secretRequired-default.patch - > tomcat-9.0.75-secretRequired-default.patch + rediffed to changed context
* tomcat-9.0-javadoc.patch + drop integrated hunks
* tomcat-9.0-osgi-build.patch + fix to work with current version- Added patch:
* tomcat-9.0-jdt.patch + fix build against our ecj
* Fri Apr 07 2023 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840)- Added patches:
* tomcat-9.0.43-CVE-2022-45143.patch
* Thu Mar 23 2023 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2023-28708: tomcat: not including the secure attribute causes information disclosure (bsc#1209622)- Added patches:
* tomcat-9.0.43-CVE-2023-28708.patch
* Tue Feb 28 2023 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513)- Added patches:
* tomcat-9.0.43-CVE-2023-24998.patch
* Fri Dec 23 2022 michele.bussolottoAATTsuse.com- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt- use logrotate for catalina.out
* update tomcat-serverxml-tool and spec to configure server.xml- Added patch:
* tomcat-9.0-logrotate_everything.patch
* tomcat-serverxml-tool.tar.gz- Removed:
* tomcat-serverxml-tool-1.0.tar.gz
* Tue Nov 29 2022 michele.bussolottoAATTsuse.com- Use catalina.out for logging (bsc#1205647)- Added patches:
* tomcat-9.0-fix_catalina.patch
* Mon Nov 21 2022 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2022-42252: reject invalid content-length requests. (bsc#1204918)- Added patches:
* tomcat-9.0.43-CVE-2022-42252.patch
* Thu Oct 20 2022 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)- Added patches:
* tomcat-9.0.43-CVE-2021-43980.patch
* Wed Jul 13 2022 fstrbaAATTsuse.com- Do not hardcode /usr/libexec but use %%_libexecdir during the build
* Fixes for platforms, where /usr/libexec and %%_libexecdir are different
* Thu Jul 07 2022 fstrbaAATTsuse.com- Fix bsc#1201081 by building with release=8 all files that can be built this way. The one file remaining, build it with source=8 and target=8- Modified patch:
* tomcat-9.0.43-java8compat.patch + Do not cast ByteBuffer to Buffer to call the Java 8 compatible methods. Build with release=8 instead
* Thu Apr 07 2022 michele.bussolottoAATTsuse.com- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)- Added patch: tomcat-9.0-hardening_getResources.patch
* Wed Feb 23 2022 fstrbaAATTsuse.com- Remove dependency on log4j/reload4j completely (bsc#1196137)
* Tue Feb 22 2022 fstrbaAATTsuse.com- Do not build against the log4j12 packages, use the new reload4j
* Fri Jan 28 2022 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)- Added patches:
* tomcat-9.0-CVE-2022-23181.patch
* Mon Jan 10 2022 olafAATTaepfle.de- remove instance units from post scripts, they can not be reloaded
* Fri Dec 10 2021 michele.bussolottoAATTsuse.com- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch
* Wed Nov 10 2021 fstrbaAATTsuse.com- Modified patch:
* tomcat-9.0-osgi-build.patch + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0
* Fri Oct 29 2021 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
* CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)- Added patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* Thu Oct 28 2021 michele.bussolottoAATTsuse.com- Fixed CVEs:
* CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)- Added patches:
* tomcat-9.0-CVE-2021-41079.patch
* Mon Oct 18 2021 wittemarAATTgooglemail.com- Update to Tomcat 9.0.43. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch- Rebased patch: tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch
* Mon Oct 18 2021 wittemarAATTgooglemail.com- Update to Tomcat 9.0.41. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)
* Mon Oct 18 2021 wittemarAATTgooglemail.com- Update to Tomcat 9.0.40. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2020-17527.patch
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 22 2021 amehmoodAATTsuse.com- Fixed CVEs:
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)- Added patches:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
* Wed Mar 17 2021 amehmoodAATTsuse.com- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)- Added patch:
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 15 2021 wittemarAATTgooglemail.com- Update to Tomcat 9.0.39. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)- Rebased patches:
* tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch
* Mon Mar 15 2021 wittemarAATTgooglemail.com- Update to Tomcat 9.0.38. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)- Rebased patches:
* tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now
* Mon Feb 22 2021 wittemarAATTgooglemail.com- Update to Tomcat 9.0.37. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)- Rebased patches:
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch
* Wed Dec 16 2020 amehmoodAATTsuse.com- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)- Added patch:
* tomcat-9.0-CVE-2020-17527.patch
* Tue Nov 03 2020 malbuAATTsuse.com- Add source url for tomcat-serverxml-tool- Fix typo in tomcat-webapps %postun that caused /examples context to remain in server.xml when package was removed- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They\'re not used anymore becuse of systemd (bsc#1178396)
* Fri Oct 30 2020 malbuAATTsuse.com- Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. (bsc#1092163)- Change default file ownership in tomcat-webapps from tomcat:tomcat to root:tomcat
* Tue Oct 13 2020 malbuAATTsuse.com- Fix CVE-2020-13943 (bsc#1177582)- Added patch:
* tomcat-9.0-CVE-2020-13943.patch- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup scripts (bsc#1177601)
* Tue Oct 13 2020 jengelhAATTinai.de- Replace old specfile constructs. Remove support for SUSE 11.x.- Drop %systemd_requires, which is considered a no-op.- Trim redundant license mention from description.- Make documentation noarch.- Do not suppress errors from useradd.
* Wed Aug 26 2020 fstrbaAATTsuse.com- Avoid hardcoding /usr/lib as libexecdir
* Wed Jul 29 2020 malbuAATTsuse.com- Don\'t give write permissions for the tomcat group on files and directories where it\'s not needed (bsc#1172562)- Change tomcat.pid location from /var/run to /run (bsc#1173103)- Use the /sbin/nologin shell when creating the tomcat user- Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly
* Fri Jun 26 2020 fstrbaAATTsuse.com- Update to Tomcat 9.0.36. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt)- Fixed CVEs: CVE-2020-11996 (bsc#1173389)
* Tue May 26 2020 malbuAATTsuse.com- Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)- Fixed CVEs: - CVE-2020-9484 (bsc#1171928)- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Apr 10 2020 javierAATTopensuse.org- Update to Tomcat 9.0.34. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt)- Notable changes:
* Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann.
* When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230.
* Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.
* Mon Mar 30 2020 malbuAATTsuse.com- Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)- Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438)- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Feb 28 2020 malbuAATTsuse.com- Change default value of AJP connector secretRequired to false- Added patch:
* tomcat-9.0.31-secretRequired-default.patch
* Tue Feb 25 2020 fstrbaAATTsuse.com- Update to Tomcat 9.0.31. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)- Fixed CVEs:
* CVE-2019-17569 (bsc#1164825)
* CVE-2020-1935 (bsc#1164860)
* CVE-2020-1938 (bsc#1164692)- Modified patch
* tomcat-9.0.30-java8compat.patch - > tomcat-9.0.31-java8compat.patch + Adapt to changed context
* Wed Jan 29 2020 malbuAATTsuse.com- Modified patch:
* tomcat-9.0.30-java8compat.patch + add missing casts (bsc#1162081)
* Mon Jan 20 2020 fstrbaAATTsuse.com- Change back the build to build with any Java >= 1.8- Added patch:
* tomcat-9.0.30-java8compat.patch + Cast java.nio.ByteBuffer and java.nio.CharBuffer to java.nio.Buffer in order to avoid calling Java 9+ APIs (functions with co-variant return types)- Renamed patch:
* tomcat-9.0-disable-osgi-build.patch - > tomcat-9.0-osgi-build.patch + Do not disable, but fix OSGi build since we have now aqute-bnd
* Fri Jan 17 2020 malbuAATTsuse.com- Change build to always use Java 1.8 (bsc#1161025).
* Fri Dec 27 2019 malbuAATTsuse.com- Update to Tomcat 9.0.30. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)- Fixed CVEs: - CVE-2019-0221 (bsc#1136085) - CVE-2019-10072 (bsc#1139924) - CVE-2019-12418 (bsc#1159723) - CVE-2019-17563 (bsc#1159729)- Removed patch:
* tomcat-9.0-JDTCompiler-java.patch + It was not applied
* Mon Nov 18 2019 fstrbaAATTsuse.com- Update to Tomcat 9.0.27. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt)- Uset aqute-bnd to generate OSGi manifest, since we have that package now in openSUSE:Factory- Removed patch:
* tomcat-9.0-disable-osgi-build.patch + not needed
* Fri Nov 15 2019 fstrbaAATTsuse.com- Add maven pom files for tomcat-jni and tomcat-jaspic-api
* Fri Oct 04 2019 fstrbaAATTsuse.com- Distribute the pom file also for tomcat-util-scan artifact
* Tue Oct 01 2019 fstrbaAATTsuse.com- Build against compatibility log4j12 package
* Wed Sep 25 2019 fstrbaAATTsuse.com- Adapt to the new ecj directory layout
* Wed Jun 12 2019 dimstarAATTopensuse.org- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini
* Mon May 20 2019 malbuAATTsuse.com- Update to Tomcat 9.0.20. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt)- increase maximum number of threads and open files for tomcat (bsc#1111966)
* Mon Apr 22 2019 malbuAATTsuse.com- Update to Tomcat 9.0.19. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) Notable packaging changes: - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. The classes contained in this jar were merged into /usr/share/java/tomcat/catalina.jar.- Fixed CVEs: - CVE-2019-0199 (bsc#1131055)- Rebased patch: - tomcat-9.0-JDTCompiler-java.patch - tomcat-9.0-javadoc.patch
* Mon Apr 15 2019 fstrbaAATTsuse.com- Build classpath directly with the geronimo jars instead of with symlinks to them
* Tue Feb 19 2019 malbuAATTsuse.com- Don\'t overwrite changes made to server.xml contexts when updating bundled webapps.
* Mon Feb 18 2019 malbuAATTsuse.com- Set javac target to 1.8 when building docs samples and serverxmltool
* Tue Feb 05 2019 malbuAATTsuse.com- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps (bsc#1092341). Affected packages: - tomcat-webapps - tomcat-admin-webapps - tomcat-docs-webapp- Remove %doc directive from tomcat-docs-webapps files section so that zypper installs files even if rpm.install.excludedocs is set to yes.
* Mon Feb 04 2019 malbuAATTsuse.com- Require Java 1.8 or later (bsc#1123407)
* Sat Jan 26 2019 fstrbaAATTsuse.com- Clean up OSGi manifest injection- Put embed maven metadata into embed subpackage- Use the .mfiles
* lists generated by %%add_maven_depmap macro
* Wed Jan 16 2019 malbuAATTsuse.com- Fix tomcat-tool-wrapper classpath error (bsc#1120745)
* Fri Jan 11 2019 malbuAATTsuse.com- Fix tomcat-digest classpath error (bsc#1120745)
* Sat Dec 29 2018 ecsosAATTopensuse.org- Update to Tomcat 9.0.14. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)
* Wed Dec 05 2018 fstrbaAATTsuse.com- Add pom files for tomcat-jdbc and tomcat-dbcp- Add org.eclipse.jetty.orbit
* aliases to correspondant artifacts
* Fri Nov 09 2018 seanAATTsuspend.net- Update to Tomcat 9.0.13. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)
* Thu Oct 18 2018 malbuAATTsuse.com- Update to Tomcat 9.0.12. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)- Fixed CVEs: - CVE-2018-11784 (bsc#1110850)- Rebased patches: - tomcat-9.0-disable-osgi-build.patch - tomcat-9.0-javadoc.patch - tomcat-9.0-sle.catalina.policy.patch - tomcat-9.0-tomcat-users-webapp.patch
* Tue Sep 11 2018 ecsosAATTopensuse.org- Declare following files to config(noreplace) to prevent override access rights: - host-manager/META-INF/context.xml - manager/META-INF/context.xml
* Sun Aug 26 2018 malbuAATTsuse.com- Empty tomcat-9.0.sysconfig to avoid overwriting of customer\'s configuration during update (bsc#1067720)
* Thu Aug 16 2018 malbuAATTsuse.com- Update to Tomcat 9.0.10. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)- Fixed CVEs: - CVE-2018-1336 (bsc#1102400) - CVE-2018-8014 (bsc#1093697) - CVE-2018-8034 (bsc#1102379) - CVE-2018-8037 (bsc#1102410)- Rebased patch tomcat-9.0-JDTCompiler-java.patch- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding OSGi metadata to JAR files
* Fri Feb 16 2018 malbuAATTsuse.de- Update to Tomcat 9.0.5. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)
* Wed Jan 17 2018 fstrbaAATTsuse.com- Modified patch:
* tomcat-9.0-javadoc.patch + Don\'t append to javadoc --add-modules since we are building with source=8 + Avoid accessing Internet URLs from build environment
* Fri Dec 01 2017 malbuAATTsuse.com- Update to Tomcat 9.0.2:
* Major update for tomcat8 from tomcat9
* For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
* Rename all tomcat-8.0-
* files to tomcat-9.0-
*- Changed patches:
* Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-8.0-sle.catalina.policy.patch
* Deleted: tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-8.0.33-JDTCompiler-java.patch
* Deleted: tomcat-8.0.44-javadoc.patch
* Deleted: tomcat-8.0.9-property-build.windows.patch
* Added: tomcat-9.0-JDTCompiler-java.patch
* Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch
* Added: tomcat-9.0-javadoc.patch
* Added: tomcat-9.0-sle.catalina.policy.patch
* Added: tomcat-9.0-tomcat-users-webapp.patch- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api to reflect the new Servlet API version.- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf- Added \"tomcat-\" prefix to lib symlinks under /usr/share/java to avoid file conflicts with servletapi5 and geronimo-specs- Fixed wrong %ghost file paths for alternatives symlinks
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Mon Oct 23 2017 malbuAATTsuse.com- Build with JDK 8 to fix runtime errors when running with JDK 7 and 8- Fix tomcat-digest classpath error (bsc#977410)- Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016)
* Mon Oct 23 2017 ecsosAATTopensuse.org- update to 8.0.47 http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE: - CVE-2017-12617- rebase tomcat-8.0-sle.catalina.policy.patch
* Tue Sep 19 2017 fstrbaAATTsuse.com- Added patch:
* tomcat-8.0.44-javadoc.patch - generate documentation with the same source level as class files - fixes build with jdk9
* Fri Jun 09 2017 ecsosAATTopensuse.org- Version update to 8.0.44: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE: - CVE-2017-5664 (bsc#1042910)
* Fri May 19 2017 dziolkowskiAATTsuse.com- New build dependency: javapackages-local
* Tue May 09 2017 malbuAATTsuse.com- Version update to 8.0.43:
* Another bugfix release, for full details see: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVEs: - CVE-2017-5647 (bnc#1033448) - CVE-2017-5648 (bnc#1033447) - CVE-2016-8745- Renamed and rebased patches:
* tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch- Enable optional setenv.sh script. See section \"(3.4) Using the \"setenv\" script (optional, recommended)\" in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt (bnc#1002662)- Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412). Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api, tomcat-servlet-3_0-api
* Wed Dec 21 2016 astiegerAATTsuse.com- update to 8.0.39: (boo#1003911)
* Improve handling of I/O errors with async processing
* Fail earlier on invalid HTTP request- includes changes from 8.0.38:
* Refactoring the non-container thread Async complete()/dispatch() handling to remove the possibility of deadlock
* Improved UTF-8 handling for the RewriteValve- includes changes from 8.0.37:
* Treat paths used to obtain a request dispatcher as encoded (configurable)
* Various jdbc-pool fixes- drop tomcat-8.0.36-jar-scanner-loop.patch, upstream
* Thu Sep 29 2016 tchvatalAATTsuse.com- Switch to commons-dbcp2 fate#321029
* Fri Sep 02 2016 malbuAATTsuse.com- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862) Added: tomcat-8.0.36-jar-scanner-loop.patch
* Wed Jul 06 2016 malbuAATTsuse.com- Version update to 8.0.36:
* Another bugfix release for the 8.0 series. Full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)- CVE fixed by the version update: - CVE-2016-3092 (bnc#986359)- Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources
* Mon May 02 2016 dmacvicarAATTsuse.de- fix maven fragments paths to build in multiple distribution versions
* Thu Apr 21 2016 jcnengelAATTgmail.com- Version update to 8.0.33:
* Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt)- Rebase tomcat-8.0-tomcat-users-webapp.patch- Rebase tomcat-7.0.53-JDTCompiler-java.patch to tomcat-8.0.33-JDTCompiler-java.patch
* Thu Apr 07 2016 tchvatalAATTsuse.com- Fix fixme for the prereq preamble value- It seems systemd prints error on adding the AATT services to macros so do not do that
* Thu Mar 31 2016 dmacvicarAATTsuse.de- package was partly merged with the scripts used in the Fedora distribution- support running multiple tomcat instances on the same server (fate#317783)- add catalina-jmx-remote.jar (fate#318403)- remove sysvinit support: systemd is required
* Mon Feb 29 2016 dmacvicarAATTsuse.de- update changes file for CVE information- Fixed CVEs: - CVE-2015-5346 (bnc#967814) in 8.0.32 - CVE-2015-5351 (bnc#967812) in 8.0.32 - CVE-2016-0706 (bnc#967815) in 8.0.32 - CVE-2016-0714 (bnc#967964) in 8.0.32 - CVE-2016-0763 (bnc#967966) in 8.0.32 - CVE-2015-5345 (bnc#967965) in 8.0.30 - CVE-2015-5174 (bnc#967967) in 8.0.27
* Wed Feb 17 2016 tchvatalAATTsuse.com- Version update to 8.0.32:
* Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt)- Rebase patch:
* tomcat-8.0.9-property-build.windows.patch
* Tue Nov 10 2015 dmacvicarAATTsuse.de- update to Tomcat 8.0.28
* Multiple fixes, read upstream changelog at: https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)
* Mon Jun 01 2015 tchvatalAATTsuse.com- Some whitespace cleanups
* Mon Jun 01 2015 tchvatalAATTsuse.com- Remove pointless conflicts on provide/obsolete symbols
* Mon Jun 01 2015 tchvatalAATTsuse.com- Version bump to 8.0.23 fate#318913:
* Multiple testfixes all around, read upstream changelog at: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)
* Tue Mar 24 2015 tchvatalAATTsuse.com- Fix previous commit. Fix one rpmlint warning
* Wed Mar 18 2015 tchvatalAATTsuse.com- Drop gpg verification from spec, it is done by obs
* Wed Mar 18 2015 tchvatalAATTsuse.com- Fix build with new jpackage-tools
* Tue Feb 10 2015 wittemarAATTgooglemail.com- update to Tomcat 8.0.18:
* Major update for tomcat8 from tomcat7
* For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Rename all tomcat-7.0-
* files to tomcat-8.0-
*
* Update keyring file- Update windows patch to apply again:
* Deleted: tomcat-7.0.52-property-build.windows.patch
* Added: tomcat-8.0.9-property-build.windows.patch
* Added:tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-7.0-tomcat-users-webapp.patch
* Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch
* Tue Feb 03 2015 bmaryniukAATTsuse.com- Version 1.1.30 or higher is required for APR listener (bnc#914725)
  
ICM