SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for tomcat5-jasper-5.5.23-0jpp.40.el5_9.i386.rpm :

* Fri May 24 2013 David Knox 0:5.5.23-0jpp.40- Related: CVE-2013-1976 It was found during additional testing- that the tomcat5 init may fail to start because the user- shell is set to sbin/nologin. Fixed in init scrip. SU now- uses -s /bin/sh during startup
* Wed May 22 2013 David Knox 0:5.5.23-0jpp.39- Resolves: CVE-2013-1976 Improper TOMCAT_LOG management in - initscript. Change location of TOMCAT_LOG to /var/log so- only root can write to it. Touching TOMCAT_LOG is no longer - required during initscript startup. Permissions and ownership- changed to 0755 tomcat:root for logdir
* Fri Feb 22 2013 David Knox 0:5.5.23-0jpp.38- Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication- implementation- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.- Remove unneeded handling of FORM authentication in RealmBase
* Fri Aug 10 2012 David Knox 0:5.5.23-0jpp.37- Related: rhbz#543995
* Fri Aug 10 2012 David Knox 0:5.5.23-0jpp.36- Related: rhbz#543995, rhbz#691833, rhbz#689924, rhbz#578648, rhbz#530089
* Thu Aug 09 2012 David Knox 0:5.5.23-0jpp.35- Resolve: rhbz#543995, rhbz#691833, rhbz#689924, - rhbz#578648, rhbz#530089. Remove patch46.
* Tue Apr 24 2012 David Knox 0:5.5.23-0jpp.34- Resolve: rhbz#578648 - re-enable JSP compiliation on s380x and - ppc64
* Thu Apr 19 2012 David Knox 0:5.5.23-0jpp.33- Resolves: rhbz#548961 - tomcat-juli.jar missing
* Fri Mar 30 2012 David Knox 0:5.5.23-0jpp.32- Resolves: CVE-2012-0022 regression. Changed patch.
* Mon Feb 06 2012 David Knox 0:5.5.23-0jpp.31- Resolves: CVE-2012-0022
* Wed Jan 18 2012 David Knox 0:5.5.23-0jpp.30- Resolves: rhbz#587215 - LSB compliance. Changed initscript to- return 3 if status is stopped.
* Wed Jan 11 2012 David Knox 0:5.5.23-0jpp.29- Resolves: rhbz#493007 - tomcat relink scripts have data loss window- Made call to relink in init script conditional
* Mon Dec 19 2011 David Knox 0:5.5.23-0jpp.28- Resolves rhbz#767195 - correct variable dist in release string
* Tue Nov 08 2011 David Knox 0:5.5.23-0jpp.27- Resolves CVE-2011-0013 rhbz#675933- Resolves CVE-2011-3718 rhbz#675933
* Thu Nov 03 2011 David Knox 0:5.5.23-0jpp.23- Resolves CVE-2011-1184 rhbz#744984- Resolves CVE-2011-2204 rhbz#719188
* Wed Oct 19 2011 David Knox 0:5.5.23-0jpp.22- Resolves rhbz#543995 TRACE option returned when not allowed
* Thu Jun 23 2011 David Knox 0:5.5.23-0jpp.20- Resolves rhbz#691833 - NPE when deploying context.xml in Catalina/localhost
* Thu May 19 2011 David Knox 0:5.5.23-0jpp.19- Resolves: rhbz#689924 - NPE on start
* Thu Feb 03 2011 David Knox 0:5.5.23-0jpp.18- Resolves: rhbz#674601 - JDK Double.parseDouble DoS
* Fri Dec 10 2010 David Knox 0:5.5.23-0jpp.17- Resolves: rhbz#530089 - cookieparsing error - Port patches for JBPAPP-3626 and 3627
* Fri Dec 10 2010 David Knox 0:5.5.23-0jpp.16- Resolves: rhbz#623465 - NPE and ConcurrentModification Exception
* Thu Dec 09 2010 David Knox 0:5.5.23-0jpp.15- Resolves: rhbz#217630, 217141 naming-factory-dbcp.jar missing causes- JNDI errors. Change made to tomcat5.conf, added javax.sql.DataSource.- Factory to JAVA_OPTS
* Wed Sep 29 2010 David Knox 0:5.5.23-0jpp.14- Resolves rhbz#613005, rhbz#584514
* Thu Aug 05 2010 David Knox 0:5.5.23-0jpp.13- Fixed problem with CVE 2009-2902 which introduced a stack overflow- Resolves: rhbz#620996
* Thu Jul 29 2010 David Knox 0:5.5.23-0jpp.12- Adding the patch for 0781 to cvs -
* Fri Jul 16 2010 David Knox 0:5.5.23-0jpp.11- Initscript edited to correct permissions and made partially LSB compliant
* Sat Apr 24 2010 David Knox 0:5.5.23-0jpp.10- Resolves:rhbz#584514
* Mon Aug 10 2009 David Knox 0:5.5.23-0jpp.9.1t- Test build to merge CVE-2009-0781
* Fri Jun 26 2009 Fernando Nasser 0:5.5.23-0jpp.9- Merge fixes from Z-Streams to incorporate fixes for: Resolves: rhbz#427780 rhbz#504759 rhbz#503981 rhbz#504163 Resolves: rhbz#457727 rhbz#449917 rhbz#458635 rhbz#456216
* Fri Jun 26 2009 Fernando Nasser 0:5.5.23-0jpp.7.2From David Knox :- add patch for CVE-2007-5333 Resolves: rhbz#427780- add patch for CVE-2008-5515 Resolves: rhbz#504759- add patch for CVE-2009-0033- add patch for CVE-2009-0580 Resolves: rhbz#503981- add patch for CVE-2009-0783 Resolves: rhbz#504163
* Tue Jun 23 2009 David Knox - 0:5.5.23-0jpp.8- First attempt to merge in: Resolves: rhbz#427780 rhbz#504759 rhbz#503981 rhbz#504163 Resolves: rhbz#457727 rhbz#449917 rhbz#458635 rhbz#456216
* Sat Aug 23 2008 David Walluck 0:5.5.23-0jpp.7.1- add patch for CVE-2008-1232 Resolves: rhbz#457727- add patch for CVE-2008-1947 Resolves: rhbz#449917- add patch for CVE-2008-2370 Resolves: rhbz#458635- add patch for CVE-2008-2938 Resolves: rhbz#456216
* Thu Feb 28 2008 Deepak Bhole - 0:5.5.23-0jpp.7- Patch for CVE-2007-5342 Resolves: bz# 427777- Patch for CVE-2007-5461 Resolves: bz# 334571
* Tue Jan 29 2008 Deepak Bhole - 0:5.5.23-0jpp.6- Resolves: bz# 240739. Update version string
* Fri Aug 31 2007 Fernando Nasser - 0:5.5.23-0jpp.5From jean-frederic clere :- Patch for CVE-2007-3382 and CVE-2007-3385 Resolves: rhbz#254156
* Thu Aug 30 2007 Fernando Nasser - 0:5.5.23-0jpp.4From jean-frederic clere :- Patch for CVE-2007-3386 Resolves: rhbz#254156
* Wed Jun 20 2007 Vivek Lakshmanan - 0:5.5.23-0jpp.3- Remove erroneous rebuild-gcj-db for javadoc subpackage- Add fixes for CVE-2007-2449 and CVE-2007-2450- Resolves: bug 244846, bug 244817
* Wed May 09 2007 Vivek Lakshmanan - 0:5.5.23-0jpp.2- Rebuild- Add catalina.out to the rpm and set explicit permissions; tomcat ownership- Resolves: bug 237088
* Tue Apr 24 2007 Vivek Lakshmanan - 0:5.5.23-0jpp.1- Resolves: bug 237088 - Merge 0:5.5.17-8jpp.2 with sources/patches from 5.5.23- Build against jakarta-commons-modeler 1.1 with MODELER-15 patch
* Fri Jan 19 2007 Rafael Schloming - 0:5.5.17-8jpp.2- Changed PreReq to Requires(pre)
* Thu Oct 05 2006 Fernando Nasser 0:5.5.17-8jpp.1- Merge with upstream
* Thu Oct 05 2006 Permaine Cheung 0:5.5.17-8jpp- Fix condrestart in init script and location of init script in the spec file.
* Tue Oct 03 2006 Permaine Cheung 0:5.5.17-7jpp- Add the new config file, and add the CONNECTOR_PORT variable in it.
* Tue Oct 03 2006 Permaine Cheung 0:5.5.17-6jpp- Add the ability to start multiple instances of tomcat on the same machine.
* Thu Aug 31 2006 Deepak Bhole 5.5.17-6jpp.2- Rebuilding.
* Tue Aug 22 2006 Fernando Nasser 0:5.5.17-6jpp.1- Merge with upstream
* Tue Aug 22 2006 Fernando Nasser 0:5.5.17-6jpp- Rebuild
* Tue Aug 22 2006 Fernando Nasser 0:5.5.17-5jppFrom Andrew Overholt :- Silence post common-lib and server-lib.
* Fri Jul 28 2006 Fernando Nasser 0:5.5.17-3jpp_5fc- Fix regression in relink with patch from Matt Wringe
* Sun Jul 23 2006 Jakub Jelinek - 0:5.5.17-3jpp_4fc- Rebuilt
* Fri Jul 14 2006 Fernando Nasser 0:5.5.17-3jpp_3fc- Rebuild in full
* Thu Jul 06 2006 Fernando Nasser 0:5.5.17-3jpp_2fc- Re-enable ppc64 and s390x- Disable JSP pre-compilation on ppc64 and x390x (FIXME)- Bootstrap mode (with apisonly) build
* Thu Jul 06 2006 Fernando Nasser 0:5.5.17-3jpp_1fc- Full build- Do not build on ppc64 and s390x- Fix servlet-api.jar path- Add version to catalina .soFrom Ralph Apel :- Re-add patch to add rt.jar- Add mx4j JMX API and struts to classpath
* Thu Jul 06 2006 Fernando Nasser 0:5.5.17-3jpp_0fc- Upgrade- Use any JTA for now- Try and remove exclude for sample.war- Bootstrap build with apisonly
* Thu Jul 06 2006 Fernando Nasser 0:5.5.17-3jpp_1rh- Merge with upstream
* Sat Jul 01 2006 Ralph Apel 0:5.5.17-3jpp- Create option --with apisonly to build just tomcat5-servlet-2.4-api, tomcat5-jsp-2.0-api and its -javadoc subpackages- Create option --without ecj to build even when eclipse-ecj not available- Drop several unnecessary export CLASSPATH=
* Sun Jun 18 2006 Deepak Bhole - 0:5.5.15-1jpp_7fc- Re-enable ppc64, s390 and s390x architectures now that eclipse is built there
* Tue May 16 2006 Fernando Nasser 0:5.5.17-2jpp_1rh- Merge with upstream for upgrade to 5.5.17
* Tue May 16 2006 Fernando Nasser 0:5.5.17-2jpp- Requires on post things that are linked to at post Merge changes from downstream:- Fix line breaks in the tomcat5 init script- Split preun section among main package and the two new subpackages- Move catalina-ant
*.jar to the server-lib subpackage to avoid circular dependency with the main package- Remove leading zero from alternative priorities- Rebuild with new classpath-mail as javamail alternative- Update versions of dependencies and move them to library subpackages- Use only jta from geronimo-specs
* Tue May 16 2006 Fernando Nasser 0:5.5.17-1jpp- Upgrade to 5.5.17- Remove jasper2 subdirectory of jasper from patches and this spec file
* Thu Apr 20 2006 Ralph Apel 0:5.5.16-3jpp- Drop jdtCompilerAdapter from build-jar-repository- Use ant-trax in static webapp build- Duplicate admin-webapps jars in _javadir and make them world readable- Direct install of common-lib and server-lib to _javadir and symlink for TC5
* Wed Apr 05 2006 Ralph Apel 0:5.5.16-2jpp- Require eclipse-ecj >= 3.1.1 and adapt to it
* Sat Mar 25 2006 Ralph Apel 0:5.5.16-1jpp- Upgrade to 5.5.16
* Tue Mar 07 2006 Jeremy Katz - 0:5.5.15-1jpp_6fc- stop scriptlet spew
* Sat Mar 04 2006 Thomas Fitzsimmons - 0:5.5.15-1jpp_5fc- Require java-gcj-compat for post and postun sections of servlet-2.4-api, jsp-2.0-api-javadoc and server-lib sub-packages, since these three packages call /usr/bin/rebuild-gcj-db in their post and/or postun sections.
* Thu Mar 02 2006 Rafael Schloming - 0:5.5.15-1jpp_4fc- Disabled juli logging as a workaround for a number of classpath bugs- in java.util.logging.
*
* Fri Feb 24 2006 Rafael Schloming - 0:5.5.15-1jpp_3fc- Added jasper-foo symlinks for jars.
* Thu Feb 23 2006 Rafael Schloming - 0:5.5.15-1jpp_2fc- Exclude ppc64 s390 s390x
* Thu Feb 23 2006 Rafael Schloming - 0:5.5.15-1jpp_1fc- Updated to 5.5.15
* Wed Feb 15 2006 Ralph Apel 0:5.5.12-2jpp- Fix jta.jar location
* Sat Nov 12 2005 Fernando Nasser 0:5.5.12-1jpp- Place jsp in its own subpackage- Fix alternative links to jsp and servlet- Fix alternative priorities to jsp and servlet- Create library subpackages: common-lib and server-lib From Vadim Nasardinov 0:5.5.12-1jpp- Upgrade to 5.5.12 From Deepak Bhole - Fix init script so it works with SELinux
* Thu Jun 09 2005 Fernando Nasser 0:5.5.9-1jpp- Merge for upgrade- Change the user to tomcat from tomcat4- Relax permissions on appdir directory so jonas package can build- Remove spurious links to log4j.jar from common and server/lib- Remove spurious dependency on tyrex (only needed for tomcat4)- Make sure the main package installs first so user tomcat is created- Reinstate ssl code changes so that tomcat can be built with other SDKs and not only with Sun\'s or BEA\'s.
* Tue May 10 2005 Fernando Nasser 0:5.5.9-1jpp- Upgrade to 5.5.9- Add jmx to bindir and lower requirement to java 1.4.2
* Sat Feb 05 2005 Jason Corley 0:5.5.7-2jpp- Add provides servletapi5 in addition to obsoletes servletapi5 (Martin Grotzke)
* Fri Feb 04 2005 Jason Corley 0:5.5.7-1jpp- Upgrade to current stable release, 5.5.7
* Tue Feb 01 2005 Jason Corley 0:5.5.4-17jpp- Use new eclipse-ecj package to remove old jasper-compiler-jdt.jar hack
* Fri Jan 28 2005 Jason Corley 0:5.5.4-16jpp- Attempt to replace non-free jta with free geronimo-specs
* Fri Jan 28 2005 Jason Corley 0:5.5.4-15jpp- Clean rebuild
* Fri Dec 17 2004 Jason Corley 0:5.5.4-14jpp- First attempt at jasper subpackages
* Fri Dec 17 2004 Jason Corley 0:5.5.4-13jpp- Yet another \"servletapi\" naming scheme change
* Wed Dec 15 2004 Jason Corley 0:5.5.4-12jpp- Update the servletapi and servletapi-javadoc subpackages to the way proposed by Gary Benson (based on work by Ralph Apel) in the 5.0.30 RPMs
* Thu Dec 09 2004 Jason Corley 0:5.5.4-10jpp- Incorporate Fernando Nasser\'s javaxssl patch from the tomcat 5.0.28 RPM- Replace find ... -exec\'s with find | xargs
* Wed Dec 08 2004 Jason Corley 0:5.5.4-9jpp- First attempt at the whole servletapi issue- Replace jmxri references with mx4j- Build with JDK 1.4 and require a 1.4 JDK to run- Remove cruft- Clearly lost track of some stuff between changelog entries ;-)
* Sat Dec 04 2004 Jason Corley 0:5.5.4-1jpp- First attempt at building 5.5
* Sat Sep 11 2004 Fernando Nasser 0:5.0.27-4jpp- Rebuild using Tyrex 1.0.1
* Sun Sep 05 2004 Fernando Nasser 0:5.0.27-3jpp- Rebuild with Ant 1.6.2
* Sat Jul 17 2004 Kaj J. Niemi 0:5.0.27-2jpp- Oops, don\'t require mx4j 2.0.1. 1.1.1 or later should be enough. jmxri won\'t work anymore since tc5 needs mx4j-tools.
* Sat Jul 17 2004 Kaj J. Niemi 0:5.0.27-1jpp- Update to 5.0.27 (stable)- Don\'t remove tomcat4 user/group on uninstall see the mailing list for discussion- build w/ xml-apis.jar instead of xmlParserAPIs.jar (release notes 5.0.27)- Require junit 3.8.1 or newer (release notes 5.0.26)- Require jakarta-commons-dbcp 1.2.1 or newer (release notes 5.0.27)- Require jakarta-commons-logging 1.0.4 or newer (release notes 5.0.27)- Require jakarta-commons-pool 1.1 or newer (release notes 5.0.27)
* Thu Jun 10 2004 Kaj J. Niemi 0:5.0.24-3jpp- Change default webapps file permissions from 0640 -> 0644
* Wed Jun 09 2004 Fernando Nasser 0:5.0.24-2jpp- Allow browsing of webapps directory so that JOnAS can build.
* Tue May 18 2004 Kaj J. Niemi 0:5.0.24-1jpp- Update to 5.0.24- Require xerces-j2 2.6.2 (release notes 5.0.21), also require ant < 1.6 as tomcat5 doesn\'t seem to build cleanly with 1.6 yet.
* Sat Mar 20 2004 Kaj J. Niemi 0:5.0.19-2jpp- Set JAVA_ENDORSED_DIRS by default in tomcat5.conf, it is otherwise empty Suggestion from Aleksander Adamowski
* Thu Feb 26 2004 Kaj J. Niemi 0:5.0.19-1jpp- Update to 5.0.19
* Sat Jan 24 2004 Kaj J. Niemi 0:5.0.18-1jpp- Update to 5.0.18- Build catalina before connectors- Hack connectors build- Require xerces-j2 2.6.0 (release notes 5.0.17)
* Sun Jan 18 2004 Kaj J. Niemi 0:5.0.16-4jpp- Create TC4 user and group separately, lets TC5 work out of the box on Trustix (Patch from Iain Arnell)
* Sun Jan 11 2004 Kaj J. Niemi - 0:5.0.16-3jpp- servletapi5 is required- move confdir/Catalina from admin-webapps to main package (otherwise we end up requiring tomcat5-admin-webapps for struts-webapps)
* Sun Jan 11 2004 Kaj J. Niemi - 0:5.0.16-2jpp- Fix conflict with tomcat4 catalina-ant.jar in %_javadir by renaming it catalina-ant5.jar for now.
* Sat Jan 10 2004 Kaj J. Niemi - 0:5.0.16-1jpp- First build for JPackage
* Tue Dec 30 2003 Kaj J. Niemi 0:5.0.16-0.11- Merge changes from tomcat4.init to tomcat5.init
* Tue Dec 23 2003 Kaj J. Niemi 0:5.0.16-0.10- Some jsp-examples require jakarta-taglibs-standard to work
* Tue Dec 23 2003 Kaj J. Niemi 0:5.0.16-0.9.1- Struts should be 1.1 or later according to the release notes- The /admin webapp works now as well- manager.xml needs to be group writeable, otherwise tomcat complains
* Sat Dec 20 2003 Kaj J. Niemi 0:5.0.16-0.7- Accept an older version of xerces-j2 as well.
* Sat Dec 20 2003 Kaj J. Niemi 0:5.0.16-0.6- Require xerces-j2 instead of just jaxp_parser_impl- Require jpackage commons-logging instead of internal version
* Thu Dec 18 2003 Kaj J. Niemi 0:5.0.16-0.5- Tomcat5 isn\'t beta anymore
* Thu Dec 18 2003 Kaj J. Niemi 0:5.0.16-0.beta.4- Place jspapi, jmxri, commons-el in common/lib as mentioned in the upstream RELEASE-NOTES.txt. This makes jsps actually work.
* Thu Dec 18 2003 Kaj J. Niemi 0:5.0.16-0.beta.3- Separated jakarta-commons-el from tomcat- Require servletapi5 and jakata-commons-el- Added Patch #4 (tomcat5-5.0.16-cluster-pathelement.patch) which fixes build failure when servlet-api is renamed something else than the default- Added Patch #5 (tomcat5-5.0.16-skip-build-on-install.patch) which corrects servletapi/jspapi related build snafu on install. They\'re already built so it\'s OK to skip.
* Fri Dec 05 2003 Kaj J. Niemi 0:5.0.16-0.beta.1- 5.0.16- jakarta-commons-el included here instead of somewhere else for now, packaging unfinished- Patch #3 removes dependency to jsvc.tar.gz which doesn\'t seem to be anywhere
* Wed Aug 06 2003 Kaj J. Niemi 0:5.0.12-0.beta.1- Based on JPackage.org\'s tomcat4 .spec- No compat stuff anymore.- First build
  
ICM