Commit Graph

181 Commits

Author SHA256 Message Date
Fridrich Strba
49b963559c OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=266 2023-09-12 11:27:36 +00:00
Fridrich Strba
d3b5cc15e7 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=265 2023-09-12 11:22:53 +00:00
Fridrich Strba
d6dff44ec2 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=264 2023-09-12 11:12:01 +00:00
Fridrich Strba
8907d86932 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=263 2023-09-12 11:03:57 +00:00
Fridrich Strba
ef704ca071 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=262 2023-09-12 11:01:36 +00:00
Fridrich Strba
0b32a6ad02 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=260 2023-05-23 04:40:11 +00:00
Fridrich Strba
cdb812cd14 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=259 2023-05-22 18:03:40 +00:00
Fridrich Strba
dc50fb9b4f OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=258 2023-05-22 17:59:49 +00:00
Michele Bussolotto
6bc85246b3 Accepting request 1077841 from home:mbussolotto:branches:Java:packages
- Fixed CVEs:
  * CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840)
- Added patches:
  * tomcat-9.0.43-CVE-2022-45143.patch

OBS-URL: https://build.opensuse.org/request/show/1077841
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=256
2023-04-07 08:08:28 +00:00
Michele Bussolotto
6ef0f7376a Accepting request 1073926 from home:mbussolotto:branches:Java:packages
- Fixed CVEs:
  * CVE-2023-28708: tomcat: not including the secure attribute
    causes information disclosure (bsc#1209622)
- Added patches:
  * tomcat-9.0.43-CVE-2023-28708.patch

OBS-URL: https://build.opensuse.org/request/show/1073926
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=254
2023-03-28 10:01:54 +00:00
Fridrich Strba
db57f882c4 Accepting request 1068181 from home:mbussolotto:branches:Java:packages
- Fixed CVEs:
  * CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513)
- Added patches:
  * tomcat-9.0.43-CVE-2023-24998.patch

OBS-URL: https://build.opensuse.org/request/show/1068181
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=252
2023-03-03 05:35:10 +00:00
Fridrich Strba
503278cde3 Accepting request 1058853 from home:mbussolotto:branches:Java:packages
- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt
- use logrotate for catalina.out
  * update tomcat-serverxml-tool and spec to configure server.xml
- Added patch:
  * tomcat-9.0-logrotate_everything.patch
  * tomcat-serverxml-tool.tar.gz
- Removed:
  * tomcat-serverxml-tool-1.0.tar.gz

OBS-URL: https://build.opensuse.org/request/show/1058853
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=250
2023-01-17 12:37:11 +00:00
Fridrich Strba
7044f5b497 Accepting request 1039114 from home:mbussolotto:branches:Java:packages
- Use catalina.out for logging (bsc#1205647)
- Added patches:
  * tomcat-9.0-fix_catalina.patch

OBS-URL: https://build.opensuse.org/request/show/1039114
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=248
2022-12-02 08:23:58 +00:00
Fridrich Strba
0383717111 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=246 2022-11-22 06:28:25 +00:00
Fridrich Strba
d041727005 Accepting request 1037056 from home:mbussolotto:branches:Java:packages
- Fixed CVEs:
  * CVE-2022-42252: reject invalid content-length requests. (bsc#1204918)
- Added patches:
  * tomcat-9.0.43-CVE-2022-42252.patch

OBS-URL: https://build.opensuse.org/request/show/1037056
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=245
2022-11-21 12:28:39 +00:00
Fridrich Strba
803dc2e41e Accepting request 1030223 from home:mbussolotto:branches:Java:packages
- Fixed CVEs:
  * CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)
- Added patches:
  * tomcat-9.0.43-CVE-2021-43980.patch

OBS-URL: https://build.opensuse.org/request/show/1030223
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=244
2022-10-20 16:18:49 +00:00
Fridrich Strba
0a03fd758a OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=242 2022-07-13 13:43:12 +00:00
Fridrich Strba
c75e4afeff OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=240 2022-07-08 06:29:53 +00:00
Fridrich Strba
ab654215d5 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=238 2022-05-23 17:08:25 +00:00
Fridrich Strba
45b1f5a3f7 Accepting request 967485 from home:mbussolotto:branches:Java:packages
- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)
- Added patch: tomcat-9.0-hardening_getResources.patch

OBS-URL: https://build.opensuse.org/request/show/967485
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=236
2022-04-07 17:49:31 +00:00
Fridrich Strba
2ed7e67af2 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=235 2022-02-23 11:59:03 +00:00
Fridrich Strba
ce50f8c0d6 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=234 2022-02-22 19:00:44 +00:00
Michele Bussolotto
b42b2bcb88 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=233 2022-01-28 14:29:05 +00:00
Michele Bussolotto
c2fd26d820 - Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
  * tomcat-9.0-CVE-2022-23181.patch

OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=232
2022-01-28 14:25:17 +00:00
Fridrich Strba
7b1f875f7f Accepting request 946275 from home:olh:branches:Java:packages
- remove instance units from post scripts, they can not be reloaded

OBS-URL: https://build.opensuse.org/request/show/946275
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=231
2022-01-14 05:24:24 +00:00
Fridrich Strba
f640109f9b Accepting request 939130 from home:mbussolotto:branches:Java:packages
- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)
- Added patch:
  * tomcat-9.0-NPE-JNDIRealm.patch

OBS-URL: https://build.opensuse.org/request/show/939130
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=230
2021-12-12 08:13:13 +00:00
Fridrich Strba
eb7ec9843b Accepting request 928113 from home:mbussolotto:branches:Java:packages
- Fixed CVEs:
  * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
  * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
  * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
- Added patches:
  * tomcat-9.0-CVE-2021-30640.patch
  * tomcat-9.0-CVE-2021-33037.patch
  * tomcat-9.0-CVE-2021-41079.patch

OBS-URL: https://build.opensuse.org/request/show/928113
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=229
2021-11-10 08:18:07 +00:00
Fridrich Strba
45332d7d33 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=228 2021-11-10 07:12:31 +00:00
Fridrich Strba
d7d5c718d0 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=227 2021-11-10 06:56:56 +00:00
Fridrich Strba
e8a2685481 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=225 2021-10-19 09:36:28 +00:00
Fridrich Strba
2574a121fc Accepting request 926112 from home:balta3:tomcat9
Update Tomcat to 9.0.43, ecj 4.18 as submitted in another request is required

- Update to Tomcat 9.0.43. See changelog at
  https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)
- Removed Patches because fixed upstream now:
  * tomcat-9.0-CVE-2021-25122.patch
  * tomcat-9.0-CVE-2021-25329.patch

- Update to Tomcat 9.0.41. See changelog at
  https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)

- Update to Tomcat 9.0.40. See changelog at
  https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)
- Removed Patches because fixed upstream now:
  * tomcat-9.0-CVE-2020-17527.patch
  * tomcat-9.0-CVE-2021-24122.patch

OBS-URL: https://build.opensuse.org/request/show/926112
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=224
2021-10-19 05:08:40 +00:00
Fridrich Strba
7c32e22b9c Accepting request 925884 from home:balta3:tomcat9
- Update to 9.0.39
- aqute-bnd 5.1.1 required (separate submit request)

OBS-URL: https://build.opensuse.org/request/show/925884
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=223
2021-10-18 06:37:59 +00:00
Fridrich Strba
4a8fbc25f3 Accepting request 880517 from home:admehmood:branches:Java:packages
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
- Added patches:
  * tomcat-9.0-CVE-2021-25122.patch 
  * tomcat-9.0-CVE-2021-25329.patch

OBS-URL: https://build.opensuse.org/request/show/880517
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=221
2021-03-23 11:26:59 +00:00
Fridrich Strba
b87f5648b0 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=219 2021-03-19 05:27:29 +00:00
Fridrich Strba
6e5c662b6a Accepting request 879719 from home:admehmood:branches:Java:packages
- CVE-2021-24122

OBS-URL: https://build.opensuse.org/request/show/879719
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=218
2021-03-18 06:13:13 +00:00
Fridrich Strba
52983fd500 Accepting request 856448 from home:admehmood:branches:Java:packages
- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)
- Added patch:
  * tomcat-9.0-CVE-2020-17527.patch

OBS-URL: https://build.opensuse.org/request/show/856448
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=216
2021-01-12 10:57:31 +00:00
Fridrich Strba
5c88b47afb Accepting request 841492 from home:jengelh:branches:Java:packages
- Replace old specfile constructs. Remove support for SUSE 11.x.
- Drop %systemd_requires, which is considered a no-op.
- Trim redundant license mention from description.
- Make documentation noarch.
- Do not suppress errors from useradd.

OBS-URL: https://build.opensuse.org/request/show/841492
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=214
2020-11-03 15:34:19 +00:00
Matei Albu
92414c9e01 Accepting request 845747 from home:mateialbu:branches:Java:packages
remove tomcat-9.0-init

OBS-URL: https://build.opensuse.org/request/show/845747
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=213
2020-11-03 14:25:31 +00:00
Matei Albu
5fc16cd0d0 Accepting request 845720 from home:mateialbu:branches:Java:packages
- Add source url for tomcat-serverxml-tool
- Fix typo in tomcat-webapps %postun that caused /examples
  context to remain in server.xml when package was removed
- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from
  package. They're not used anymore becuse of systemd (bsc#1178396)

OBS-URL: https://build.opensuse.org/request/show/845720
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=212
2020-11-03 13:23:42 +00:00
Matei Albu
a14e7a9e0d Accepting request 845377 from home:mateialbu:branches:Java:packages
- Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of  /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility (bsc#1092163) 
- Change default file ownership in tomcat-webapps from 
  tomcat:tomcat to root:tomcat

OBS-URL: https://build.opensuse.org/request/show/845377
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=211
2020-11-02 16:37:37 +00:00
Matei Albu
d14a544fa7 Accepting request 841718 from home:mateialbu:branches:Java:packages
CVE-2020-13943 and bsc#1177601

OBS-URL: https://build.opensuse.org/request/show/841718
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=209
2020-10-14 08:54:21 +00:00
Fridrich Strba
14216e6c34 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=207 2020-08-26 06:05:55 +00:00
Matei Albu
32d59bc711 Accepting request 823635 from home:mateialbu:branches:Java:packages
- Don't give write permissions for the tomcat group on files and
  directories where it's not needed (bsc#1172562)
- Change tomcat.pid location from /var/run to /run (bsc#1173103)
- Use the /sbin/nologin shell when creating the tomcat user
- Use %tmpfiles_create macro in %post instead of calling
  systemd-tmpfiles directly

OBS-URL: https://build.opensuse.org/request/show/823635
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=205
2020-07-30 21:16:33 +00:00
Fridrich Strba
58c8d0d803 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=203 2020-06-26 08:05:25 +00:00
Matei Albu
1cb001bdee Accepting request 809082 from home:mateialbu:branches:Java:packages
- Update to Tomcat 9.0.35. See changelog at
  https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)
- Fixed CVEs:
  - CVE-2020-9484 (bsc#1171928)
- Rebased patches:
  * tomcat-9.0-javadoc.patch
  * tomcat-9.0-osgi-build.patch
  * tomcat-9.0.31-java8compat.patch

OBS-URL: https://build.opensuse.org/request/show/809082
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=201
2020-05-27 09:06:23 +00:00
Fridrich Strba
fe7bd6c817 Accepting request 792968 from home:javierllorente:branches:Java:packages
Update to 9.0.34

OBS-URL: https://build.opensuse.org/request/show/792968
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=199
2020-04-14 07:06:57 +00:00
Matei Albu
d682f2528e Accepting request 789762 from home:mateialbu:branches:Java:packages
- Update to Tomcat 9.0.33. See changelog at
  http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)
- Notable fix: corrected a regression in the improvements to HTTP 
  header parsing (bsc#1167438)
- Rebased patches:
  * tomcat-9.0-javadoc.patch
  * tomcat-9.0-osgi-build.patch
  * tomcat-9.0.31-java8compat.patch

OBS-URL: https://build.opensuse.org/request/show/789762
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=197
2020-03-30 12:36:04 +00:00
Matei Albu
f7af59e59f Accepting request 780240 from home:mateialbu:branches:Java:packages
- Change default value of AJP connector secretRequired to false
- Added patch:
  * tomcat-9.0.31-secretRequired-default.patch

OBS-URL: https://build.opensuse.org/request/show/780240
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=195
2020-02-28 11:40:32 +00:00
Fridrich Strba
4f512b15f8 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=193 2020-02-26 06:00:57 +00:00
Fridrich Strba
f67cfaf312 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=192 2020-02-26 05:56:48 +00:00