SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for tomcat6-jsp-2_1-api-6.0.32-1.1.noarch.rpm :

* Tue Aug 27 2013 lijewski.stefanAATTgmail.com- tomcat-CVE-2013-2067.patch (bnc#831117)- tomcat-CVE-2012-3544.patch (bnc#831119)- use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976)
* Tue Jan 08 2013 lijewski.stefanAATTgmail.com- fix bnc#794548 - denial of service (CVE-2012-4534)
* apache-tomcat-CVE-2012-4534.patch fixes apache#53138, apache#52858 http://svn.apache.org/viewvc?view=rev&rev=1372035- fix a minor issue in apache-tomcat-CVE-2012-4431.patch use the already initialized session variable instead of an another call req.getSesssion()
* Wed Dec 19 2012 lijewski.stefanAATTgmail.com- fix bnc#793394 - bypass of security constraints (CVE-2012-3546)
* apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381035- fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)
* apache-tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1394456- document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE- fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887)
* apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch http://svn.apache.org/viewvc?view=revision&revision=1380829- fix bnc#789406 - HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733)
* http://svn.apache.org/viewvc?view=revision&revision=1356208
* Mon Feb 06 2012 mvyskocilAATTsuse.cz- fix bnc#742477 - iManager throws exception in its basic functionalities
* http://svn.apache.org/viewvc?view=revision&revision=1206324
* http://svn.apache.org/viewvc?view=revision&revision=1229027- fix bnc#735343 - VUL-1: tomcat: Multiple weaknesses in HTTP DIGEST
* http://svn.apache.org/viewvc?view=revision&revision=1158180 fixes CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 and CVE-2011-1184- fix bnc#743055 - VUL-1: CVE-2011-3375: tomcat: information disclosure due to improper response and request object recycling
* Thu Jan 05 2012 mvyskocilAATTsuse.cz- fix bnc#727543 - VUL-0: Apache tomcat vulnerable to hash collision attack backport upstream changes:
* add getCharset method for B2Converter http://svn.apache.org/viewvc?view=revision&revision=1140904
* add isConfigProblemFatal method http://svn.apache.org/viewvc?view=revision&revision=1199122
* GET POST parameter processing performance. Adds maximum number of parameters per request (defaults to 10000) and new FailedRequestFilter for rejecting requests with excessive number of parameters http://svn.apache.org/viewvc?view=revision&revision=1200601- fix bnc#712784 - tomcat6: add missing Requires on java >= 1.6.0
* add recommends on java >= 1.6.0 and java-devel >= 1.6.0
* Thu Sep 15 2011 mvyskocilAATTsuse.cz- fix bnc#715991 - VUL-0: tomcat authentication bypass and information disclosure (CVE-2011-3190)
* http://svn.apache.org/viewvc?view=revision&revision=1162959
* Mon Aug 15 2011 mvyskocilAATTsuse.cz- fix bnc#706404 - VUL-0: tomcat user password information leak (CVE-2011-2204)
* http://svn.apache.org/viewvc?view=revision&revision=1140071- fix bnc#706382 - VUL-0: tomcat information leak and DoS (CVE-2011-2526)
* http://svn.apache.org/viewvc?view=revision&revision=1146703- fix bnc#702289 - suse manager pam ldap authentication fails
* source CATALINA_HOME/bin/setenv.sh if exists
* Fri Feb 11 2011 mvyskocilAATTsuse.cz- update to latest upstream version 6.0.32 (bugfix release)- obsolete CVE-2010-4172 patch- fixes bnc#669897 (CVE-2010-3718), bnc#669926 (CVE-2010-4476), bnc#669928 (CVE-2011-0013) and bnc#669930 (CVE-2011-0534)
* Thu Dec 09 2010 mvyskocilAATTsuse.cz- fix bnc#655440#c14 - clean workdir of tomcat\'s webapps to be sure our fixed jsps will be redeployed on each update
* Thu Nov 25 2010 mvyskocilAATTsuse.cz- fix bnc#655440 - VUL-0: tomcat6: Apache Tomcat Manager application XSS vulnerability (CVE-2010-4172) http://svn.apache.org/viewvc?view=revision&revision=1037779- fix bnc#653586 - spacewalk 1.2 requires jasper 5.5
* add offline jasper compiler /usr/bin/jspc- unpack tarball to apache-tomcat-$VERSION-src directory directly
* Tue Nov 02 2010 mvyskocilAATTsuse.cz- Fix bnc#650130 - Update of tomcat6 not possible (cpio: Is a directory)
* workaround the rpm bug - it cannot update directory to symlink
* make /etc/tomcat6/Catalina/ as ghost file
* create link in %posttrans
* Tue Sep 14 2010 mvyskocilAATTsuse.cz- Update to 6.0.29 (bugfix release)- fix bnc#625415: Tomcat6 does not have permissions to its own directories
* also fix the /etc/tomcat6/Catalina link target- revert a setclasspath.sh changes- disable user/group verification of tomcat owned files and directories to allow easy change of the tomcat user without rpm --verify complaints
* Thu Jul 15 2010 mvyskocilAATTsuse.cz- Update to 6.0.28 (bugfix release)- fix bnc#565901 - missing catalina.sh again
* move catalina.sh to CATALINA_HOME/bin
* add jpackage.org compatible CATALINA_HOME/bin/setclasspath.sh- add missing logrotate requires- install scripts with mode 0755
* Wed Feb 03 2010 mvyskocilAATTsuse.cz- Update to 6.0.24 (bugfix release). This obsoletes patch
* tomcat6-bug47316.patch- Merged with tomcat6-6.0.18-10.jpp6.src.rpm
* return the jpackage.org license header in spec
* polish in spec (use more macros)
* add logrotate support
* add patch to document webapps in %%{_sysconfdir}/%%{name}/tomcat-users.xml
* move %%{_bindir}/d%%{name} to %%{_sbindir}/%%{name} and provide symlink to %%{_sbindir}/d%%{name}
* add digest and tool-wrapper scripts
* explicitly unset CLASSPATH
* explicitly set OPT_JAR_LIST to include ant/ant-trax
* build and install sample webapp
* use copy instead of move to fix short-circuit install build
* version jsp and servlet Provides with their spec versions
* make initscript LSB-complaint
* add el subpackage
* Tue Jan 05 2010 mvyskocilAATTsuse.cz- fixed bnc#565901 - missing catalina.sh
* added catalina.sh (link from dtomcat6) to improve upstream compatibility
* Wed Sep 30 2009 mvyskocilAATTsuse.cz- fixed bnc#542634: Tomcat NPE on start applied patch from upstream bugzilla https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3
* Wed Aug 26 2009 mvyskocilAATTsuse.cz- fixed bnc#520532: marked all webapp/ROOT/
* files as config(noreplace)- marked /etc/ant.d/catalina-ant as config(noreplace)
* Mon Jun 15 2009 mvyskocilAATTsuse.cz- added a missing -p1 for %patch0
* Wed Jun 03 2009 mvyskocilAATTsuse.cz- fixed bnc#488061: work directory clean on tomcat stop- update to 6.0.20 - the bugfix release:
* MemoryUserDatabase is read-only by default
* Allow huge request body packets for AJP13
* Never return an empty HTTP status reason phrase
* Prevent double initialisation of JSPs
* A node should ignore its own heartbeat messages
* Prettry error messages (instead of stacktrace) if shutdown port is disabled
* Mon Mar 16 2009 mvyskocilAATTsuse.cz- fixed bnc#418664 - Tomcat6 installation has missing bits - added /etc/ant.d/catalina-ant- another fix for bnc#471639 - tomcat does not start/work
* merged a sysconfig and tomcat6.conf to allow a dtomcat6 start works
* also fixs (bnc#471639)- fixed bnc#424675 - Access rights to /etc/tomcat6 directory not set right
* create a link from /etc/tomcat6/Catalina to /var/cache/tomcat6/Catalina- removed a CATALINA_OPTS from stop in dtcomcat6 (bao#42951)
* Wed Feb 25 2009 mvyskocilAATTsuse.cz- fixed bnc#471301: tomcat6 doesn\'t want to be started when sun java 1.5 is selected - built with -target 1.5
* Mon Feb 09 2009 mvyskocilAATTsuse.cz- Fixed bnc#471639 - tomcat does not start/work - fill up a default JVM in sysconfig- changed a default JAVA_HOME from JRE to SDK in config
* Mon Nov 24 2008 mvyskocilAATTsuse.cz- Fixed bnc#446598 - Tomcat6: tomcat6.conf overwrites sysconfig/tomcat6 values
* Fri Sep 12 2008 mvyskocilAATTsuse.cz- Update to 6.0.18. This obsoletes patches: apache-tomcat-CVE-2008-1232 apache-tomcat-CVE-2008-1947 apache-tomcat-CVE-2008-2370 apache-tomcat-CVE-2008-2938
* Tue Aug 19 2008 mvyskocilAATTsuse.cz- fix CVE-2008-2938: VUL-0: tomcat5: directory traversal
* Wed Aug 06 2008 mvyskocilAATTsuse.cz- fix CVE-2008-1232 and CVE-2008-2370: VUL-0: Apache Tomcat Cross-Site Scripting and Security Bypass [bnc#414657]
* Mon Jul 21 2008 mvyskocilAATTsuse.cz- fixed [bnc#394503]: tomcat6 is missing rctomcat6 link - add a /usr/sbin/rctomcat6 symlink - and heavy rewrite and improve of original jpackage tomcat6 init script - add Should-Start and Should-Stop section and values for Default-Start and Default-Stop - removed the echo_success and echo_failure functions and usage - include a /etc/rc.status and use a rc_XXXXX functions instead of echo and return. Plus add a comments with error codes explanations - merge the start/stop/status messages from previous version - use `ps\' command instead of pgrep - changes in commands: added a try-restart|force-reload|reload|probe and removed the version|conrestart- fixed [bnc#394499]: add a PreReq to jpackage-utils- fixed [bnc#408253]: tomcat6 fails because if missing commons-xxxx jars - add a removed dependencies to the jakarta-commons-
*-tomcat5 packages - fixed a proper link creation in post/n scripts - fixed a build cycle, jakarta-commons-dbcp-tomcat5 needs the tomcat6-lib for build, but the tomcat6-lib has this package in Requires(post). The %post scripplet is non-fatal if the jars cannot be found (but this would not happens in a production state).
* Fri Jun 27 2008 mvyskocilAATTsuse.cz- fixed [bnc#396962]: VUL-0: tomcat5: [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability- fixed [bnc#403310]: Tomcat startup script uses wrong java.io.tmpdir - the temp directory is in /var/cache/tomcat6/temp
* Tue May 06 2008 mvyskocilAATTsuse.cz- fixed a [bnc#383331] - Tomcat cannot compile JSPs - add a ecj requires for tomcat6-lib - create a symlink of ecj.jar to tomcat6 libdir- add a jakarta-taglibs-standard to BuildRequires- use a fdupes to avoid a file duplication waste in /srv- replace a %{_jvmdir}/jre to /etc/alternatives/jre in JAVAHOME in default tomcat6.conf (this path is architecture independent)- add a %stop_on_removal to %preun, %restart_on_update and %insserv_cleanup to %postun to fix some rpmlint warnings- add a $remote_fs dependency to init script
* Wed Feb 27 2008 mvyskocilAATTsuse.cz- update to 6.0.16
* Fri Jan 25 2008 cooloAATTsuse.de- don\'t require the old package names
* Fri Jan 25 2008 roAATTsuse.de- don\'t use dots in package names
* Tue Jan 22 2008 anosekAATTsuse.cz- don\'t use macros in package names (the %package lines) which does not work with autobuild.
* Thu Dec 20 2007 anosekAATTsuse.cz- don\'t use static uid/gid for tomcat user and tomcat group
* Tue Dec 04 2007 anosekAATTsuse.cz- initial version of tomcat6 package- based on work by jpackage project
  
ICM