SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for tomcat-javadoc-9.0.43-6.1.noarch.rpm :

* Thu Mar 23 2023 Michele Bussolotto - Fixed CVEs:
* CVE-2023-28708: tomcat: not including the secure attribute causes information disclosure (bsc#1209622)- Added patches:
* tomcat-9.0.43-CVE-2023-28708.patch
* Tue Feb 28 2023 Michele Bussolotto - Fixed CVEs:
* CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513)- Added patches:
* tomcat-9.0.43-CVE-2023-24998.patch
* Fri Dec 23 2022 Michele Bussolotto - set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt- use logrotate for catalina.out
* update tomcat-serverxml-tool and spec to configure server.xml- Added patch:
* tomcat-9.0-logrotate_everything.patch
* tomcat-serverxml-tool.tar.gz- Removed:
* tomcat-serverxml-tool-1.0.tar.gz
* Tue Nov 29 2022 Michele Bussolotto - Use catalina.out for logging (bsc#1205647)- Added patches:
* tomcat-9.0-fix_catalina.patch
* Mon Nov 21 2022 Michele Bussolotto - Fixed CVEs:
* CVE-2022-42252: reject invalid content-length requests. (bsc#1204918)- Added patches:
* tomcat-9.0.43-CVE-2022-42252.patch
* Thu Oct 20 2022 Michele Bussolotto - Fixed CVEs:
* CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)- Added patches:
* tomcat-9.0.43-CVE-2021-43980.patch
* Wed Jul 13 2022 Fridrich Strba - Do not hardcode /usr/libexec but use %%_libexecdir during the build
* Fixes for platforms, where /usr/libexec and %%_libexecdir are different
* Thu Jul 07 2022 Fridrich Strba - Fix bsc#1201081 by building with release=8 all files that can be built this way. The one file remaining, build it with source=8 and target=8- Modified patch:
* tomcat-9.0.43-java8compat.patch + Do not cast ByteBuffer to Buffer to call the Java 8 compatible methods. Build with release=8 instead
* Thu Apr 07 2022 Michele Bussolotto - Security hardening. Deprecate getResources() and always return null. (bsc#1198136)- Added patch: tomcat-9.0-hardening_getResources.patch
* Wed Feb 23 2022 Fridrich Strba - Remove dependency on log4j/reload4j completely (bsc#1196137)
* Tue Feb 22 2022 Fridrich Strba - Do not build against the log4j12 packages, use the new reload4j
* Fri Jan 28 2022 Michele Bussolotto - Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)- Added patches:
* tomcat-9.0-CVE-2022-23181.patch
* Mon Jan 10 2022 olafAATTaepfle.de- remove instance units from post scripts, they can not be reloaded
* Fri Dec 10 2021 Michele Bussolotto - Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch
* Wed Nov 10 2021 Fridrich Strba - Modified patch:
* tomcat-9.0-osgi-build.patch + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0
* Fri Oct 29 2021 Michele Bussolotto - Fixed CVEs:
* CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
* CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)- Added patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* Thu Oct 28 2021 Michele Bussolotto - Fixed CVEs:
* CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)- Added patches:
* tomcat-9.0-CVE-2021-41079.patch
* Mon Oct 18 2021 Marcel Witte - Update to Tomcat 9.0.43. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch- Rebased patch: tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch
* Mon Oct 18 2021 Marcel Witte - Update to Tomcat 9.0.41. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)
* Mon Oct 18 2021 Marcel Witte - Update to Tomcat 9.0.40. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2020-17527.patch
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 22 2021 Abid Mehmood - Fixed CVEs:
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)- Added patches:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
* Wed Mar 17 2021 Abid Mehmood - Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)- Added patch:
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 15 2021 Marcel Witte - Update to Tomcat 9.0.39. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)- Rebased patches:
* tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch
* Mon Mar 15 2021 Marcel Witte - Update to Tomcat 9.0.38. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)- Rebased patches:
* tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now
* Mon Feb 22 2021 Marcel Witte - Update to Tomcat 9.0.37. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)- Rebased patches:
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch
* Wed Dec 16 2020 Abid Mehmood - Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)- Added patch:
* tomcat-9.0-CVE-2020-17527.patch
* Tue Nov 03 2020 Matei Albu - Add source url for tomcat-serverxml-tool- Fix typo in tomcat-webapps %postun that caused /examples context to remain in server.xml when package was removed- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They\'re not used anymore becuse of systemd (bsc#1178396)
* Fri Oct 30 2020 Matei Albu - Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. (bsc#1092163)- Change default file ownership in tomcat-webapps from tomcat:tomcat to root:tomcat
* Tue Oct 13 2020 Matei Albu - Fix CVE-2020-13943 (bsc#1177582)- Added patch:
* tomcat-9.0-CVE-2020-13943.patch- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup scripts (bsc#1177601)
* Tue Oct 13 2020 Jan Engelhardt - Replace old specfile constructs. Remove support for SUSE 11.x.- Drop %systemd_requires, which is considered a no-op.- Trim redundant license mention from description.- Make documentation noarch.- Do not suppress errors from useradd.
* Wed Aug 26 2020 Fridrich Strba - Avoid hardcoding /usr/lib as libexecdir
* Wed Jul 29 2020 Matei Albu - Don\'t give write permissions for the tomcat group on files and directories where it\'s not needed (bsc#1172562)- Change tomcat.pid location from /var/run to /run (bsc#1173103)- Use the /sbin/nologin shell when creating the tomcat user- Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly
* Fri Jun 26 2020 Fridrich Strba - Update to Tomcat 9.0.36. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt)- Fixed CVEs: CVE-2020-11996 (bsc#1173389)
* Tue May 26 2020 Matei Albu - Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)- Fixed CVEs: - CVE-2020-9484 (bsc#1171928)- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Apr 10 2020 Javier Llorente - Update to Tomcat 9.0.34. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt)- Notable changes:
* Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann.
* When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230.
* Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.
* Mon Mar 30 2020 Matei Albu - Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)- Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438)- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Feb 28 2020 Matei Albu - Change default value of AJP connector secretRequired to false- Added patch:
* tomcat-9.0.31-secretRequired-default.patch
* Tue Feb 25 2020 Fridrich Strba - Update to Tomcat 9.0.31. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)- Fixed CVEs:
* CVE-2019-17569 (bsc#1164825)
* CVE-2020-1935 (bsc#1164860)
* CVE-2020-1938 (bsc#1164692)- Modified patch
* tomcat-9.0.30-java8compat.patch - > tomcat-9.0.31-java8compat.patch + Adapt to changed context
* Wed Jan 29 2020 Matei Albu - Modified patch:
* tomcat-9.0.30-java8compat.patch + add missing casts (bsc#1162081)
* Mon Jan 20 2020 Fridrich Strba - Change back the build to build with any Java >= 1.8- Added patch:
* tomcat-9.0.30-java8compat.patch + Cast java.nio.ByteBuffer and java.nio.CharBuffer to java.nio.Buffer in order to avoid calling Java 9+ APIs (functions with co-variant return types)- Renamed patch:
* tomcat-9.0-disable-osgi-build.patch - > tomcat-9.0-osgi-build.patch + Do not disable, but fix OSGi build since we have now aqute-bnd
* Fri Jan 17 2020 Matei Albu - Change build to always use Java 1.8 (bsc#1161025).
  
ICM