Changelog for
tomcat-javadoc-9.0.58-302.7.noarch.rpm :
* Sat Oct 01 2022 Marcel Witte
- Update to Tomcat 9.0.57 and 9.0.58. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.58_(remm)- Removed patch because fixed upstream now:
* tomcat-9.0-CVE-2022-23181.patch
* Sat Oct 01 2022 Marcel Witte - Update to Tomcat 9.0.56. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.56_(remm)
* Sat Oct 01 2022 Marcel Witte - Update to Tomcat 9.0.55. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.55_(remm)
* Sat Oct 01 2022 Marcel Witte - Update to Tomcat 9.0.54. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.54_(remm)
* Sat Oct 01 2022 Marcel Witte - Update to Tomcat 9.0.53. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.53_(remm)
* Sat Oct 01 2022 Marcel Witte - Update to Tomcat 9.0.51 and 9.0.52. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.52_(remm)
* Sat Oct 01 2022 Marcel Witte - Update to Tomcat 9.0.49 and 9.0.50. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.50_(remm)
* Sat Oct 01 2022 Marcel Witte - Update to Tomcat 9.0.47 and 9.0.48. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.48_(remm)- Removed patches because fixed upstream now:
* tomcat-9.0-CVE-2021-33037.patch
* tomcat-9.0-NPE-JNDIRealm.patch
* Fri Sep 30 2022 Marcel Witte - Update to Tomcat 9.0.46. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.46_(markt)- Removed patch because fixed upstream now:
* tomcat-9.0-CVE-2021-30640.patch
* Fri Sep 30 2022 Marcel Witte - Update to Tomcat 9.0.45. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.45_(markt)
* Fri Sep 30 2022 Marcel Witte - Update to Tomcat 9.0.44. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.44_(markt)- Removed patch because fixed upstream now:
* tomcat-9.0-CVE-2021-41079.patch
* Wed Jul 13 2022 Fridrich Strba - Do not hardcode /usr/libexec but use %%_libexecdir during the build
* Fixes for platforms, where /usr/libexec and %%_libexecdir are different
* Thu Jul 07 2022 Fridrich Strba - Fix bsc#1201081 by building with release=8 all files that can be built this way. The one file remaining, build it with source=8 and target=8- Modified patch:
* tomcat-9.0.43-java8compat.patch + Do not cast ByteBuffer to Buffer to call the Java 8 compatible methods. Build with release=8 instead
* Thu Apr 07 2022 Michele Bussolotto - Security hardening. Deprecate getResources() and always return null. (bsc#1198136)- Added patch: tomcat-9.0-hardening_getResources.patch
* Wed Feb 23 2022 Fridrich Strba - Remove dependency on log4j/reload4j completely (bsc#1196137)
* Tue Feb 22 2022 Fridrich Strba - Do not build against the log4j12 packages, use the new reload4j
* Fri Jan 28 2022 Michele Bussolotto - Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)- Added patches:
* tomcat-9.0-CVE-2022-23181.patch
* Mon Jan 10 2022 olafAATTaepfle.de- remove instance units from post scripts, they can not be reloaded
* Fri Dec 10 2021 Michele Bussolotto - Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch
* Wed Nov 10 2021 Fridrich Strba - Modified patch:
* tomcat-9.0-osgi-build.patch + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0
* Fri Oct 29 2021 Michele Bussolotto - Fixed CVEs:
* CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
* CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)- Added patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* Thu Oct 28 2021 Michele Bussolotto - Fixed CVEs:
* CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)- Added patches:
* tomcat-9.0-CVE-2021-41079.patch
* Mon Oct 18 2021 Marcel Witte - Update to Tomcat 9.0.43. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch- Rebased patch: tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch
* Mon Oct 18 2021 Marcel Witte - Update to Tomcat 9.0.41. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)
* Mon Oct 18 2021 Marcel Witte - Update to Tomcat 9.0.40. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2020-17527.patch
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 22 2021 Abid Mehmood - Fixed CVEs:
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)- Added patches:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
* Wed Mar 17 2021 Abid Mehmood - Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)- Added patch:
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 15 2021 Marcel Witte - Update to Tomcat 9.0.39. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)- Rebased patches:
* tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch
* Mon Mar 15 2021 Marcel Witte - Update to Tomcat 9.0.38. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)- Rebased patches:
* tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now
* Mon Feb 22 2021 Marcel Witte - Update to Tomcat 9.0.37. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)- Rebased patches:
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch
* Wed Dec 16 2020 Abid Mehmood - Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)- Added patch:
* tomcat-9.0-CVE-2020-17527.patch
* Tue Nov 03 2020 Matei Albu - Add source url for tomcat-serverxml-tool- Fix typo in tomcat-webapps %postun that caused /examples context to remain in server.xml when package was removed- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They\'re not used anymore becuse of systemd (bsc#1178396)
* Fri Oct 30 2020 Matei Albu - Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. (bsc#1092163)- Change default file ownership in tomcat-webapps from tomcat:tomcat to root:tomcat
* Tue Oct 13 2020 Matei Albu - Fix CVE-2020-13943 (bsc#1177582)- Added patch:
* tomcat-9.0-CVE-2020-13943.patch- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup scripts (bsc#1177601)
* Tue Oct 13 2020 Jan Engelhardt - Replace old specfile constructs. Remove support for SUSE 11.x.- Drop %systemd_requires, which is considered a no-op.- Trim redundant license mention from description.- Make documentation noarch.- Do not suppress errors from useradd.
* Wed Aug 26 2020 Fridrich Strba - Avoid hardcoding /usr/lib as libexecdir
* Wed Jul 29 2020 Matei Albu - Don\'t give write permissions for the tomcat group on files and directories where it\'s not needed (bsc#1172562)- Change tomcat.pid location from /var/run to /run (bsc#1173103)- Use the /sbin/nologin shell when creating the tomcat user- Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly
* Fri Jun 26 2020 Fridrich Strba - Update to Tomcat 9.0.36. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt)- Fixed CVEs: CVE-2020-11996 (bsc#1173389)
* Tue May 26 2020 Matei Albu - Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)- Fixed CVEs: - CVE-2020-9484 (bsc#1171928)- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Apr 10 2020 Javier Llorente - Update to Tomcat 9.0.34. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt)- Notable changes:
* Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann.
* When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230.
* Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.
* Mon Mar 30 2020 Matei Albu - Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)- Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438)- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Feb 28 2020 Matei Albu - Change default value of AJP connector secretRequired to false- Added patch:
* tomcat-9.0.31-secretRequired-default.patch
* Tue Feb 25 2020 Fridrich Strba - Update to Tomcat 9.0.31. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)- Fixed CVEs:
* CVE-2019-17569 (bsc#1164825)
* CVE-2020-1935 (bsc#1164860)
* CVE-2020-1938 (bsc#1164692)- Modified patch
* tomcat-9.0.30-java8compat.patch - > tomcat-9.0.31-java8compat.patch + Adapt to changed context
* Wed Jan 29 2020 Matei Albu - Modified patch:
* tomcat-9.0.30-java8compat.patch + add missing casts (bsc#1162081)
* Mon Jan 20 2020 Fridrich Strba - Change back the build to build with any Java >= 1.8- Added patch:
* tomcat-9.0.30-java8compat.patch + Cast java.nio.ByteBuffer and java.nio.CharBuffer to java.nio.Buffer in order to avoid calling Java 9+ APIs (functions with co-variant return types)- Renamed patch:
* tomcat-9.0-disable-osgi-build.patch - > tomcat-9.0-osgi-build.patch + Do not disable, but fix OSGi build since we have now aqute-bnd
* Fri Jan 17 2020 Matei Albu - Change build to always use Java 1.8 (bsc#1161025).
* Fri Dec 27 2019 Matei Albu - Update to Tomcat 9.0.30. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)- Fixed CVEs: - CVE-2019-0221 (bsc#1136085) - CVE-2019-10072 (bsc#1139924) - CVE-2019-12418 (bsc#1159723) - CVE-2019-17563 (bsc#1159729)- Removed patch:
* tomcat-9.0-JDTCompiler-java.patch + It was not applied
* Mon Nov 18 2019 Fridrich Strba - Update to Tomcat 9.0.27. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt)- Uset aqute-bnd to generate OSGi manifest, since we have that package now in openSUSE:Factory- Removed patch:
* tomcat-9.0-disable-osgi-build.patch + not needed
* Fri Nov 15 2019 Fridrich Strba - Add maven pom files for tomcat-jni and tomcat-jaspic-api
* Fri Oct 04 2019 Fridrich Strba - Distribute the pom file also for tomcat-util-scan artifact
* Tue Oct 01 2019 Fridrich Strba - Build against compatibility log4j12 package
* Wed Sep 25 2019 Fridrich Strba - Adapt to the new ecj directory layout
* Wed Jun 12 2019 Dominique Leuenberger - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini
* Mon May 20 2019 Matei - Update to Tomcat 9.0.20. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt)- increase maximum number of threads and open files for tomcat (bsc#1111966)
* Mon Apr 22 2019 malbuAATTsuse.com- Update to Tomcat 9.0.19. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) Notable packaging changes: - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. The classes contained in this jar were merged into /usr/share/java/tomcat/catalina.jar.- Fixed CVEs: - CVE-2019-0199 (bsc#1131055)- Rebased patch: - tomcat-9.0-JDTCompiler-java.patch - tomcat-9.0-javadoc.patch
* Mon Apr 15 2019 Fridrich Strba - Build classpath directly with the geronimo jars instead of with symlinks to them
* Tue Feb 19 2019 malbuAATTsuse.com- Don\'t overwrite changes made to server.xml contexts when updating bundled webapps.
* Mon Feb 18 2019 malbuAATTsuse.com- Set javac target to 1.8 when building docs samples and serverxmltool
* Tue Feb 05 2019 malbuAATTsuse.com- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps (bsc#1092341). Affected packages: - tomcat-webapps - tomcat-admin-webapps - tomcat-docs-webapp- Remove %doc directive from tomcat-docs-webapps files section so that zypper installs files even if rpm.install.excludedocs is set to yes.
* Mon Feb 04 2019 malbuAATTsuse.com- Require Java 1.8 or later (bsc#1123407)
* Sat Jan 26 2019 Fridrich Strba - Clean up OSGi manifest injection- Put embed maven metadata into embed subpackage- Use the .mfiles
* lists generated by %%add_maven_depmap macro
* Wed Jan 16 2019 malbuAATTsuse.com- Fix tomcat-tool-wrapper classpath error (bsc#1120745)
* Fri Jan 11 2019 malbuAATTsuse.com- Fix tomcat-digest classpath error (bsc#1120745)