forked from pool/tomcat
main
9 Commits
| Author | SHA256 | Message | Date | |
|---|---|---|---|---|
| ea357e0c4a |
- Update to Tomcat 9.0.104
* Fixed CVEs:
+ CVE-2025-31650: invalid priority field values should be ignored
(bsc#1242008)
+ CVE-2025-31651: Better handling of URLs with literal ';' and '?'
(bsc#1242009)
* Catalina
+ Fix: Fix use of SSS in SimpleDateFormat pattern for AccessLogValve.
(rjung)
+ Fix: Process possible path parameters rewrite production in the rewrite
valve. (remm)
+ Fix: 69643: Optimize directory listing for large amount of files. Patch
submitted by Loic de l'Eprevier. (remm)
+ Fix: Return 400 if the amount of content sent for a partial PUT is
inconsistent with the range that was specified. (remm)
+ Add: Add a new RateLimiter implementation,
org.apache.catalina.util.ExactRateLimiter, that can be used with
org.apache.catalina.filters.RateLimitFilter to provide rate limit based
on the exact values configured. Based on pull request #794 by Chenjp.
(markt)
+ Fix: Fix parsing of the time-taken token in the ExtendedAccessLogValve.
(remm)
+ Fix: Fix invocation of the FFM OpenSSL code for setting a SSL engine and
FIPS mode. (remm)
+ Fix: 69600: Add IPv6 local addresses (RFC 4193 and RFC 4291) to the
default internal proxies for the RemoteIpFilter and RemoteIpValve.
(markt)
+ Fix: 69615: Improve integration with the not found class resources cache
for users who are using a custom web application class loader and/or
using reflection to dynamically add external repositories to the web
application class loader. (markt)
+ Add: Add a new initialisation parameter to the Default servlet -
allowPostAsGet - which controls whether a direct request (i.e. not a
forward or an include) for a static resource using the POST method will
be processed as if the GET method had been used. If not allowed, the
request will be rejected. The default behaviour of processing the request
as if the GET method had been used is unchanged. (markt)
+ Fix: 69623: Correct a long standing regression that meant that calls to
ClassLoader.getResource().getContent() failed when made from within a web
application with resource caching enabled. (markt)
+ Fix: 69634: Avoid NPE on JsonErrorReportValve. (remm)
+ Fix: Add missing throwable stack trace to JsonErrorReportValve equivalent
to the one from ErrorReportValve. (remm)
+ Fix: Improve the handling of %nn URL encoding in the RewriteValve and
document how %nn URL encoding may be used with rewrite rules. (markt)
+ Fix: Fix a potential exception when calling
WebappClassLoaderBase.getResource(""). (markt)
* Coyote
+ Fix: 69607: Allow failed initialization of MD5. Based on code submitted
by Shivam Verma. (remm)
+ Fix: 69614: HTTP/2 priority frames with an invalid priority field value
should be ignored. (markt)
+ Fix: Improve handling of unexpected errors during HTTP/2 processing.
(markt)
+ Fix: Add missing code to process an OpenSSL profile, such as PROFILE=
SYSTEM, using FFM. (remm)
+ Add: Simplify the process of using a custom SSLContext for an HTTPS
enabled connector. Based on pull request #805 by Hakky54. (markt)
* Jasper
+ Code: Replace custom URL encoding provided by the JSP runtime library
with calls to java.net.URLEncoder.encode(). (markt)
+ Add: Add compiler using the Java Compiler API, supporting exploded web
applications. The compilerClassName to use is
org.apache.jasper.compiler.JavaCompiler. (remm)
+ Add: Add support for specifying Java 25 (with the value 25) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will be used. (markt)
* Cluster
+ Fix: Fix resetting cross context sessions in the ReplicationValve.
(remm)
* Web applications
+ Add: Documentation. Add a link to the Log4j documentation that describes
how to use Log4j rather than JULI for Tomcat's internal logging. (markt)
+ Add: Documentation. Document the runtime attributes available to web
applications via the Request or the ServletContext. Based on pull request
#832 by usmazat. (markt)
* Other
+ Fix: Set sun.io.useCanonCaches in service.bat. Based on pull request
#841 by Paul Lodge. (remm)
+ Fix: The minimum Java version to build a release is now Java 22,
mirroring Tomcat 10.1. This removes the need for using a java-ffm.home
property. (remm)
+ Update: Revert JSign to 6.0 to avoid a file locking issue. (markt)
+ Update: Update to NSIS 3.11. (markt)
+ Update: Update to ByteBuddy 1.17.4. (markt)
+ Update: Update to Checkstyle 10.21.4. (markt)
+ Update: Update to SpotBugs to 4.9.3. (markt)
+ Update: Improvements to French translations. (remm)
+ Update: Improvements to Japanese translations provided by tak7iji. (markt)
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=335
|
|||
| dc50fb9b4f | OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=258 | |||
Matei Albu
|
1cb001bdee |
Accepting request 809082 from home:mateialbu:branches:Java:packages
- Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) - Fixed CVEs: - CVE-2020-9484 (bsc#1171928) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch OBS-URL: https://build.opensuse.org/request/show/809082 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=201 |
||
|
Matei Albu
|
d682f2528e |
Accepting request 789762 from home:mateialbu:branches:Java:packages
- Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt) - Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch OBS-URL: https://build.opensuse.org/request/show/789762 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=197 |
||
| b718a0951f | OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=177 | |||
|
Matei Albu
|
3e36252fe4 |
Accepting request 696887 from home:mateialbu:branches:Java:packages
- Update to Tomcat 9.0.19. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) Notable packaging changes: - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. The classes contained in this jar were merged into /usr/share/java/tomcat/catalina.jar. - Fixed CVEs: - CVE-2019-0199 (bsc#1131055) - Rebased patch: - tomcat-9.0-JDTCompiler-java.patch - tomcat-9.0-javadoc.patch OBS-URL: https://build.opensuse.org/request/show/696887 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=161 |
||
|
Matei Albu
|
499d59fd6e |
Accepting request 642919 from home:mateialbu:branches:Java:packages
- Update to Tomcat 9.0.12. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt) - Fixed CVEs: - CVE-2018-11784 (bsc#1110850) - Rebased patches: - tomcat-9.0-disable-osgi-build.patch - tomcat-9.0-javadoc.patch - tomcat-9.0-sle.catalina.policy.patch - tomcat-9.0-tomcat-users-webapp.patch - Declare following files to config(noreplace) to prevent override access rights: - host-manager/META-INF/context.xml - manager/META-INF/context.xml - Empty tomcat-9.0.sysconfig to avoid overwriting of customer's configuration during update (bsc#1067720) - Update to Tomcat 9.0.10. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) - Fixed CVEs: - CVE-2018-1336 (bsc#1102400) - CVE-2018-8014 (bsc#1093697) - CVE-2018-8034 (bsc#1102379) - CVE-2018-8037 (bsc#1102410) - Rebased patch tomcat-9.0-JDTCompiler-java.patch - Added patch tomcat-9.0-disable-osgi-build.patch to disable adding OSGi metadata to JAR files - Update to Tomcat 9.0.5. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt) - Modified patch: * tomcat-9.0-javadoc.patch + Don't append to javadoc --add-modules since we are building with source=8 + Avoid accessing Internet URLs from build environment - Update to Tomcat 9.0.2: * Major update for tomcat8 from tomcat9 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html * Rename all tomcat-8.0-* files to tomcat-9.0-* - Changed patches: * Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-8.0-sle.catalina.policy.patch * Deleted: tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-8.0.33-JDTCompiler-java.patch * Deleted: tomcat-8.0.44-javadoc.patch * Deleted: tomcat-8.0.9-property-build.windows.patch * Added: tomcat-9.0-JDTCompiler-java.patch * Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch * Added: tomcat-9.0-javadoc.patch * Added: tomcat-9.0-sle.catalina.policy.patch * Added: tomcat-9.0-tomcat-users-webapp.patch - Renamed subpackage tomcat-3_1-api to tomcat-4_0-api to reflect the new Servlet API version. - Commented out JAVA_HOME in /etc/tomcat/tomcat.conf - Added "tomcat-" prefix to lib symlinks under /usr/share/java to avoid file conflicts with servletapi5 and geronimo-specs - Fixed wrong %ghost file paths for alternatives symlinks - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Build with JDK 8 to fix runtime errors when running with JDK 7 and 8 - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) - update to 8.0.47 http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-12617 - rebase tomcat-8.0-sle.catalina.policy.patch - Added patch: * tomcat-8.0.44-javadoc.patch - generate documentation with the same source level as class files - fixes build with jdk9 - Version update to 8.0.44: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-5664 (bsc#1042910) - New build dependency: javapackages-local - Version update to 8.0.43: * Another bugfix release, for full details see: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVEs: - CVE-2017-5647 (bnc#1033448) - CVE-2017-5648 (bnc#1033447) - CVE-2016-8745 - Renamed and rebased patches: * tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch - Enable optional setenv.sh script. See section "(3.4) Using the "setenv" script (optional, recommended)" in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt (bnc#1002662) - Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412). Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api, tomcat-servlet-3_0-api - update to 8.0.39: (boo#1003911) * Improve handling of I/O errors with async processing * Fail earlier on invalid HTTP request - includes changes from 8.0.38: * Refactoring the non-container thread Async complete()/dispatch() handling to remove the possibility of deadlock * Improved UTF-8 handling for the RewriteValve - includes changes from 8.0.37: * Treat paths used to obtain a request dispatcher as encoded (configurable) * Various jdbc-pool fixes - drop tomcat-8.0.36-jar-scanner-loop.patch, upstream - Switch to commons-dbcp2 fate#321029 - Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862) Added: tomcat-8.0.36-jar-scanner-loop.patch - Version update to 8.0.36: * Another bugfix release for the 8.0 series. Full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt) - CVE fixed by the version update: - CVE-2016-3092 (bnc#986359) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources - fix maven fragments paths to build in multiple distribution versions - Version update to 8.0.33: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt) - Rebase tomcat-8.0-tomcat-users-webapp.patch - Rebase tomcat-7.0.53-JDTCompiler-java.patch to tomcat-8.0.33-JDTCompiler-java.patch - Fix fixme for the prereq preamble value - It seems systemd prints error on adding the @ services to macros so do not do that - package was partly merged with the scripts used in the Fedora distribution - support running multiple tomcat instances on the same server (fate#317783) - add catalina-jmx-remote.jar (fate#318403) - remove sysvinit support: systemd is required - update changes file for CVE information - Fixed CVEs: - CVE-2015-5346 (bnc#967814) in 8.0.32 - CVE-2015-5351 (bnc#967812) in 8.0.32 - CVE-2016-0706 (bnc#967815) in 8.0.32 - CVE-2016-0714 (bnc#967964) in 8.0.32 - CVE-2016-0763 (bnc#967966) in 8.0.32 - CVE-2015-5345 (bnc#967965) in 8.0.30 - CVE-2015-5174 (bnc#967967) in 8.0.27 - Version update to 8.0.32: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt) - Rebase patch: * tomcat-8.0.9-property-build.windows.patch - update to Tomcat 8.0.28 * Multiple fixes, read upstream changelog at: https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt) - Some whitespace cleanups - Remove pointless conflicts on provide/obsolete symbols - Version bump to 8.0.23 fate#318913: * Multiple testfixes all around, read upstream changelog at: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt) - Fix previous commit. Fix one rpmlint warning - Drop gpg verification from spec, it is done by obs - Fix build with new jpackage-tools - update to Tomcat 8.0.18: * Major update for tomcat8 from tomcat7 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Rename all tomcat-7.0-* files to tomcat-8.0-* * Update keyring file - Update windows patch to apply again: * Deleted: tomcat-7.0.52-property-build.windows.patch * Added: tomcat-8.0.9-property-build.windows.patch * Added:tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-7.0-tomcat-users-webapp.patch * Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch - Version 1.1.30 or higher is required for APR listener (bnc#914725) - SLE12 has different path for the "rm" command than older versions. To avoid possible clashes, the entire coreutils must be provided. (bnc#894292) - Fixed Security Manager policies, which makes unable properly run webapps by default. (bnc#891264) Added: tomcat-7.0-sle.catalina.policy.patch - Missing security manager policy file prevents Tomcat to start with systemd. (bnc#890995) - Tomcat 7.0.55 requires ecj 4.4.0 - include the tomcat websocket implementation (tomcat7-websocket) - Update to 7.0.55 * Update to the Eclipse JDT Compiler 4.4 * Better error handling when the error occurs after the response has been committed * Various improvements to the Mapper including fixing some concurrency bugs * See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html - build tomcat-embed as a subpackage - Drop two unused defines - touch the alternatives files to avoid build errors in older versions - Do not define default defattr as it is pointless. - One file here was not supposed to be ghost. - Fix once more the alternatives. - Add path to rm command. - Silence loads of warnings by rpmlintrc - Cleanup with spec-cleaner and format few things a bit. - Remove few deps not really needed for sle11. - Drop unused files obs.bl and local.lb - Drop unused collections-tomcat-build.xml - Version bump to 7.0.54: * bugfix update * See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html - Update to 7.0.53 * bugfix release * Update the Eclipse JDT compiler to enable full Java 8 support in JSPs. * See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html - Patch for Bug 56373 * See https://issues.apache.org/bugzilla/show_bug.cgi?id=56373 * tomcat-7.0.53-JDTCompiler-java.patch - Rename tomcat-7.0.2-property-build.windows.patch to tomcat-7.0.52-property-build.windows.patch - remove saxon build requirement for sles - disable bytecode check for sles - remove unknown option from fillup_only macro - wrap systemd %pre[un]/%post[un] in conditional - specify required ant version - Update to 7.0.52 * bugfix release * Fix CVE-2014-0050, a DoS vulnerability related to multi-part processing - Update to 7.0.50 * bugfix release - Add missing commons-pool-tomcat5 symlink (bnc#847505c#13) - Update to 7.0.47 * bugfix release * backport of JSR-356 Java WebSocket 1.0 * package tomcat now requires java7 at lease - Updated tomcat.keyring to reflect the fact new release is signed by Violeta Georgieva / D63011C7 see http://osdir.com/ml/dev-tomcat.apache.org/2013-10/msg00849.html - Add tomcat-dbcp.jar (bnc#847505) back into tomcat lib dir - Install tomcat-coyote.jar as well - Remove pointless scriplets - Move from jpackage-utils to javapackage-tools - drop a dependency on unecessary -tomcat5 packages - use commons-dbcp.jar for build - add missing commons-pool.jar to libdir - add _constraints to not schedule build on some build machines workaround for bnc#832762 - Add missing 'su root tomcat' line to logrotate. See also https://bugzilla.redhat.com/show_bug.cgi?id=790334 - call chown --no-dereference in init script (bnc#822177#c7/prevents CVE-2013-1976) - update to 7.0.42 (bugfix release) see http://tomcat.apache.org/tomcat-7.0-doc/changelog.html - fix file list to be compatible for new rpm - update to 7.0.39 (bugfix release) - install only systemd unit files on openSUSE 12.1+ * and call proper code when init script still exists - add a proper scripplets for -jsvc subpackage - don't use catalina.out, systemd redirects stderr/stdout to syslog - don't use and recommends logrotate - package /etc/ant.d properly, mark only catalina-ant as a config file - Fix tomcat init scripts generating malformed classpath (http://youtrack.jetbrains.com/issue/JT-18545) bnc#804992 - update to 7.0.35 (bugfix release) require ecj >= 4.2.1, like upstream do - make gpg-offline work distros after 12.2 - Ensure tomcat stdout/stderr output ends up in catalina.out - Recommend libtcnative-1-0 >= 1.1.24 - /etc/init.d/tomcate init script fixes: * Include /usr/bin and /usr/sbin in the PATH * Fix logic for cleaning the work directories * Fix typo (log_success_msg lsb function name) * Fix typo (reload message) - Require log4j - Require gpg-offline on 12.2+ - Verify GPG signature. - update to 7.0.33 (bugfix release) - update to 7.0.30 (bugfix release) * SSI and CGI disabled by default - fix bnc#779538: change the working dir to $CATALINA_BASE - document the CATALINA_BASE and CATALINA_HOME in tomcat.conf better - fix rpmlintrc file - fix bnc#771802 - systemd support is broken * change type froking to simple as it does not make a sense run java in a background to emulate that * remove the need of nested wrappers, so /usr/sbin/tomcat-sysd now relies on systemd features like User/EnvironmentFile * workaround the 143 exit code in Stop phase - return 0 in this case * merge the jsvc into tomcat-sysd code, the -jsvc-sysd is a symlink * properly use jsvc with pid file to start and stop - update to 7.0.26 (bugfix release) - rename package to tomcat in order to emphasise a fact, there is only one major release of tomcat maintained in distribution - add manifest files and systemd support (thanks Fedora) - create tomcat-jsvc package - update to 7.0.26 (bugfix release) - fix bnc#747771 - don't use /var/lock/subsys sync tomcat7 init with tomcat6 - update to 7.0.25 (bugfix release) - update to 7.0.22 (bugfix release) - wrote changes and prepare for inclusion to openSUSE distribution - fix bnc#726307 /etc/tomcat7 is writtable for tomcat group - update to version 7.0.21 - update to version 7.0.16 (bugfix update) - add rpmlintrc, digest, init and wrapper scripts and config file - build require geronimo apis and wsdl4j - disable webservices in javadoc target - initial packaging of tomcat7 7.0.6 OBS-URL: https://build.opensuse.org/request/show/642919 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=131 |
||
| 469edaa9ad |
Fix build with jdk10
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=119 |
|||
|
Matei Albu
|
4851db8aac |
Accepting request 547624 from home:mateialbu:branches:Java:packages
- Update to Tomcat 9.0.2:
* Major update for tomcat8 from tomcat9
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
* Rename all tomcat-8.0-* files to tomcat-9.0-*
- Changed patches:
* Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-8.0-sle.catalina.policy.patch
* Deleted: tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-8.0.33-JDTCompiler-java.patch
* Deleted: tomcat-8.0.44-javadoc.patch
* Deleted: tomcat-8.0.9-property-build.windows.patch
* Added: tomcat-9.0-JDTCompiler-java.patch
* Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch
* Added: tomcat-9.0-javadoc.patch
* Added: tomcat-9.0-sle.catalina.policy.patch
* Added: tomcat-9.0-tomcat-users-webapp.patch
- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api
- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf
- Marked /usr/share/java/*.jar symlinks to /etc/alternatives
as %ghost
OBS-URL: https://build.opensuse.org/request/show/547624
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=115
|
