- Update to Tomcat 9.0.87
* Fixed CVEs:
+ CVE-2024-24549: Improved request header validation for HTTP/2 stream
(bsc#1221386)
+ CVE-2024-23672: Ensure that WebSocket connection closure completes if
the connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection (bsc#1221385)
* Catalina
+ Fix: Minor performance improvement for building filter chains. Based
on ideas from #702 by Luke Miao. (remm)
+ Fix: Align error handling for Writer and OutputStream. Ensure use of
either once the response has been recycled triggers a
NullPointerException provided that discardFacades is configured with
the default value of true. (markt)
+ Fix: 68692: The standard thread pool implementations that are configured
using the Executor element now implement ExecutorService for better
support NIO2. (remm)
+ Fix: 68495: When restoring a saved POST request after a successful FORM
authentication, ensure that neither the URI, the query string nor the
protocol are corrupted when restoring the request body. (markt)
+ Fix: 68721: Workaround a possible cause of duplicate class definitions
when using ClassFileTransformers and the transformation of a class also
triggers the loading of the same class. (markt)
+ Fix: The rewrite valve should not do a rewrite if the output is
identical to the input. (remm)
+ Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to
allow skipping over the next valve in the Catalina pipeline. (remm)
+ Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by
removing reference to org.apache.catalina.ssi package that is no longer
included in the JAR. Based on pull request #684 by Jendrik Johannes.
(markt)
+ Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences
are correctly removed from files containing property values when
configured to do so. Bug identified by Coverity Scan. (markt)
+ Add: Add improvements to the CSRF prevention filter including the
ability to skip adding nonces for resource name and subtree URL patterns.
(schultz)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: 68089: Further improve the performance of request attribute
access for ApplicationHttpRequest and ApplicationRequest. (markt)
+ Fix: 68559: Allow asynchronous error handling to write to the
response after an error during asynchronous processing. (markt)
* Coyote
+ Fix: Improve the HTTP/2 stream prioritisation process. If a stream
uses all of the connection windows and still has content to write, it
will now be added to the backlog immediately rather than waiting until
the write attempt for the remaining content. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
a connection is marked to be closed, further asynchronous processing
cannot change that. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
the call to AsyncListener.onError() has returned to the container, only
container threads can access the AsyncContext. This protects against
various race conditions that woudl otherwise occur if application threads
continued to access the AsyncContext.
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. In particular, most of the
HTTP/2 debug logging has been changed to trace level. (remm)
+ Fix: Add support for user provided SSLContext instances configured
on SSLHostConfigCertificate instances. Based on pull request #673
provided by Hakan Altındağ. (markt)
+ Fix: Improve the Tomcat Native shutdown process to reduce the likelihood
of a JVM crash during Tomcat shutdown. (markt)
+ Fix: Partial fix for 68558: Cache the result of converting to String
for request URI, HTTP header names and the request Content-Type value to
improve performance by reducing repeated byte[] to String conversions.
(markt)
+ Fix: Improve error reporting to HTTP/2 clients for header processing
errors by reporting problems at the end of the frame where the error was
detected rather than at the end of the headers. (markt)
+ Fix: Remove the remaining reference to a stream once the stream has
been recycled. This makes the stream eligible for garbage collection
earlier and thereby improves scalability. (markt)
* Jasper
+ Add: Add support for specifying Java 22 (with the value 22) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: 68546: Generate optimal size and types for JSP imports maps, as
suggested by John Engebretson. (remm)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
* Cluster
+ Fix: Avoid updating request count stats on async. (remm)
* WebSocket
+ Fix: Correct a regression in the fix for 66508 that could cause an
UpgradeProcessor leak in some circumstances. (markt)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: Ensure that WebSocket connection closure completes if the
connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection. (markt)
* Web applications
+ Add: Add support for responses in JSON format from the examples
application RequestHeaderExample. (schultz)
* Other
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Update Checkstyle to 10.13.0. (markt)
+ Update: Update JSign to 6.0. (markt)
+ Update: Add strings for debug level messages. (remm)
+ Update: Update Tomcat Native to 1.3.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
OBS-URL: https://build.opensuse.org/request/show/1165675
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=310
- Update to Tomcat 9.0.85
* Fixed CVEs:
+ CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
incorrect headers parsing (bsc#1217649)
* Catalina
+ Update: 68378: Align extension to MIME type mappings in the
global web.xml with those in httpd by adding
application/vnd.geogebra.slides for ggs, text/javascript for mjs
and audio/ogg for opus. (markt)
+ Fix: Background processes should not be run concurrently with
lifecycle operations of a container. (remm)
+ Fix: Correct unintended escaping of XML in some WebDAV
responses. The XML list of support locks when provided in
response to a PROPFIND request was incorrectly XML escaped.
(markt)
+ Fix: 68227: Ensure that AsyncListener.onComplete() is called
if AsyncListener.onError() calls AsyncContext.dispatch().
(markt)
+ Fix: 68228: Use a 408 status code if a read timeout occurs
during HTTP request processing. Includes a test case based on
code provided by adwsingh. (markt)
+ Fix: 67667: TLSCertificateReloadListener prints unreadable
rendering of X509Certificate#getNotAfter(). (michaelo)
+ Update: The status servlet included in the manager webapp
can now output statistics as JSON, using the JSON=true URL
parameter. (remm)
+ Update: Optionally allow ServiceBindingPropertySource to
trim a trailing newline from a file containing a
property-value. (schultz)
+ Fix: 67793: Ensure the original session timeout is restored
OBS-URL: https://build.opensuse.org/request/show/1139530
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=101
- Update to Tomcat 9.0.85
* Fixed CVEs:
+ CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
incorrect headers parsing (bsc#1217649)
* Catalina
+ Update: 68378: Align extension to MIME type mappings in the
global web.xml with those in httpd by adding
application/vnd.geogebra.slides for ggs, text/javascript for mjs
and audio/ogg for opus. (markt)
+ Fix: Background processes should not be run concurrently with
lifecycle operations of a container. (remm)
+ Fix: Correct unintended escaping of XML in some WebDAV
responses. The XML list of support locks when provided in
response to a PROPFIND request was incorrectly XML escaped.
(markt)
+ Fix: 68227: Ensure that AsyncListener.onComplete() is called
if AsyncListener.onError() calls AsyncContext.dispatch().
(markt)
+ Fix: 68228: Use a 408 status code if a read timeout occurs
during HTTP request processing. Includes a test case based on
code provided by adwsingh. (markt)
+ Fix: 67667: TLSCertificateReloadListener prints unreadable
rendering of X509Certificate#getNotAfter(). (michaelo)
+ Update: The status servlet included in the manager webapp
can now output statistics as JSON, using the JSON=true URL
parameter. (remm)
+ Update: Optionally allow ServiceBindingPropertySource to
trim a trailing newline from a file containing a
property-value. (schultz)
+ Fix: 67793: Ensure the original session timeout is restored
OBS-URL: https://build.opensuse.org/request/show/1139519
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=289
- Update to Tomcat 9.0.12. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)
- Fixed CVEs:
- CVE-2018-11784 (bsc#1110850)
- Rebased patches:
- tomcat-9.0-disable-osgi-build.patch
- tomcat-9.0-javadoc.patch
- tomcat-9.0-sle.catalina.policy.patch
- tomcat-9.0-tomcat-users-webapp.patch
- Declare following files to config(noreplace) to prevent override
access rights:
- host-manager/META-INF/context.xml
- manager/META-INF/context.xml
- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's
configuration during update (bsc#1067720)
- Update to Tomcat 9.0.10. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)
- Fixed CVEs:
- CVE-2018-1336 (bsc#1102400)
- CVE-2018-8014 (bsc#1093697)
- CVE-2018-8034 (bsc#1102379)
- CVE-2018-8037 (bsc#1102410)
- Rebased patch tomcat-9.0-JDTCompiler-java.patch
- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding
OSGi metadata to JAR files
- Update to Tomcat 9.0.5. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)
- Modified patch:
* tomcat-9.0-javadoc.patch
+ Don't append to javadoc --add-modules since we are building
with source=8
+ Avoid accessing Internet URLs from build environment
- Update to Tomcat 9.0.2:
* Major update for tomcat8 from tomcat9
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
* Rename all tomcat-8.0-* files to tomcat-9.0-*
- Changed patches:
* Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-8.0-sle.catalina.policy.patch
* Deleted: tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-8.0.33-JDTCompiler-java.patch
* Deleted: tomcat-8.0.44-javadoc.patch
* Deleted: tomcat-8.0.9-property-build.windows.patch
* Added: tomcat-9.0-JDTCompiler-java.patch
* Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch
* Added: tomcat-9.0-javadoc.patch
* Added: tomcat-9.0-sle.catalina.policy.patch
* Added: tomcat-9.0-tomcat-users-webapp.patch
- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api
to reflect the new Servlet API version.
- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf
- Added "tomcat-" prefix to lib symlinks under
/usr/share/java to avoid file conflicts with servletapi5
and geronimo-specs
- Fixed wrong %ghost file paths for alternatives symlinks
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Build with JDK 8 to fix runtime errors when running with JDK 7
and 8
- Fix tomcat-digest classpath error (bsc#977410)
- Fix packaged /etc/alternatives symlinks for api libs that caused
rpm -V to report link mismatch (bsc#1019016)
- update to 8.0.47
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-12617
- rebase tomcat-8.0-sle.catalina.policy.patch
- Added patch:
* tomcat-8.0.44-javadoc.patch
- generate documentation with the same source level as class
files
- fixes build with jdk9
- Version update to 8.0.44:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-5664 (bsc#1042910)
- New build dependency: javapackages-local
- Version update to 8.0.43:
* Another bugfix release, for full details see:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVEs:
- CVE-2017-5647 (bnc#1033448)
- CVE-2017-5648 (bnc#1033447)
- CVE-2016-8745
- Renamed and rebased patches:
* tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch
- Enable optional setenv.sh script. See section
"(3.4) Using the "setenv" script (optional, recommended)" in
http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt
(bnc#1002662)
- Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412).
Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api,
tomcat-servlet-3_0-api
- update to 8.0.39: (boo#1003911)
* Improve handling of I/O errors with async processing
* Fail earlier on invalid HTTP request
- includes changes from 8.0.38:
* Refactoring the non-container thread Async complete()/dispatch()
handling to remove the possibility of deadlock
* Improved UTF-8 handling for the RewriteValve
- includes changes from 8.0.37:
* Treat paths used to obtain a request dispatcher as encoded
(configurable)
* Various jdbc-pool fixes
- drop tomcat-8.0.36-jar-scanner-loop.patch, upstream
- Switch to commons-dbcp2 fate#321029
- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862)
Added: tomcat-8.0.36-jar-scanner-loop.patch
- Version update to 8.0.36:
* Another bugfix release for the 8.0 series. Full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)
- CVE fixed by the version update:
- CVE-2016-3092 (bnc#986359)
- Fixed a deployment error in the examples webapp by changing the context.xml format to the new one
introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources
- fix maven fragments paths to build in multiple distribution
versions
- Version update to 8.0.33:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt)
- Rebase tomcat-8.0-tomcat-users-webapp.patch
- Rebase tomcat-7.0.53-JDTCompiler-java.patch
to tomcat-8.0.33-JDTCompiler-java.patch
- Fix fixme for the prereq preamble value
- It seems systemd prints error on adding the @ services to macros
so do not do that
- package was partly merged with the scripts used in the
Fedora distribution
- support running multiple tomcat instances on the same server
(fate#317783)
- add catalina-jmx-remote.jar (fate#318403)
- remove sysvinit support: systemd is required
- update changes file for CVE information
- Fixed CVEs:
- CVE-2015-5346 (bnc#967814) in 8.0.32
- CVE-2015-5351 (bnc#967812) in 8.0.32
- CVE-2016-0706 (bnc#967815) in 8.0.32
- CVE-2016-0714 (bnc#967964) in 8.0.32
- CVE-2016-0763 (bnc#967966) in 8.0.32
- CVE-2015-5345 (bnc#967965) in 8.0.30
- CVE-2015-5174 (bnc#967967) in 8.0.27
- Version update to 8.0.32:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt)
- Rebase patch:
* tomcat-8.0.9-property-build.windows.patch
- update to Tomcat 8.0.28
* Multiple fixes, read upstream changelog at:
https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)
- Some whitespace cleanups
- Remove pointless conflicts on provide/obsolete symbols
- Version bump to 8.0.23 fate#318913:
* Multiple testfixes all around, read upstream changelog at:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)
- Fix previous commit. Fix one rpmlint warning
- Drop gpg verification from spec, it is done by obs
- Fix build with new jpackage-tools
- update to Tomcat 8.0.18:
* Major update for tomcat8 from tomcat7
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Rename all tomcat-7.0-* files to tomcat-8.0-*
* Update keyring file
- Update windows patch to apply again:
* Deleted: tomcat-7.0.52-property-build.windows.patch
* Added: tomcat-8.0.9-property-build.windows.patch
* Added:tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-7.0-tomcat-users-webapp.patch
* Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch
- Version 1.1.30 or higher is required for APR listener (bnc#914725)
- SLE12 has different path for the "rm" command than older versions.
To avoid possible clashes, the entire coreutils must be provided.
(bnc#894292)
- Fixed Security Manager policies, which makes unable properly
run webapps by default. (bnc#891264)
Added: tomcat-7.0-sle.catalina.policy.patch
- Missing security manager policy file prevents Tomcat to start
with systemd. (bnc#890995)
- Tomcat 7.0.55 requires ecj 4.4.0
- include the tomcat websocket implementation (tomcat7-websocket)
- Update to 7.0.55
* Update to the Eclipse JDT Compiler 4.4
* Better error handling when the error occurs after the response
has been committed
* Various improvements to the Mapper including fixing some
concurrency bugs
* See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- build tomcat-embed as a subpackage
- Drop two unused defines
- touch the alternatives files to avoid build errors
in older versions
- Do not define default defattr as it is pointless.
- One file here was not supposed to be ghost.
- Fix once more the alternatives.
- Add path to rm command.
- Silence loads of warnings by rpmlintrc
- Cleanup with spec-cleaner and format few things a bit.
- Remove few deps not really needed for sle11.
- Drop unused files obs.bl and local.lb
- Drop unused collections-tomcat-build.xml
- Version bump to 7.0.54:
* bugfix update
* See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- Update to 7.0.53
* bugfix release
* Update the Eclipse JDT compiler to enable full Java 8 support in JSPs.
* See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- Patch for Bug 56373
* See https://issues.apache.org/bugzilla/show_bug.cgi?id=56373
* tomcat-7.0.53-JDTCompiler-java.patch
- Rename tomcat-7.0.2-property-build.windows.patch to
tomcat-7.0.52-property-build.windows.patch
- remove saxon build requirement for sles
- disable bytecode check for sles
- remove unknown option from fillup_only macro
- wrap systemd %pre[un]/%post[un] in conditional
- specify required ant version
- Update to 7.0.52
* bugfix release
* Fix CVE-2014-0050, a DoS vulnerability related to multi-part processing
- Update to 7.0.50
* bugfix release
- Add missing commons-pool-tomcat5 symlink (bnc#847505c#13)
- Update to 7.0.47
* bugfix release
* backport of JSR-356 Java WebSocket 1.0
* package tomcat now requires java7 at lease
- Updated tomcat.keyring to reflect the fact new release is signed by
Violeta Georgieva / D63011C7
see http://osdir.com/ml/dev-tomcat.apache.org/2013-10/msg00849.html
- Add tomcat-dbcp.jar (bnc#847505) back into tomcat lib dir
- Install tomcat-coyote.jar as well
- Remove pointless scriplets
- Move from jpackage-utils to javapackage-tools
- drop a dependency on unecessary -tomcat5 packages
- use commons-dbcp.jar for build
- add missing commons-pool.jar to libdir
- add _constraints to not schedule build on some build machines
workaround for bnc#832762
- Add missing 'su root tomcat' line to logrotate. See also
https://bugzilla.redhat.com/show_bug.cgi?id=790334
- call chown --no-dereference in init script
(bnc#822177#c7/prevents CVE-2013-1976)
- update to 7.0.42 (bugfix release)
see http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- fix file list to be compatible for new rpm
- update to 7.0.39 (bugfix release)
- install only systemd unit files on openSUSE 12.1+
* and call proper code when init script still exists
- add a proper scripplets for -jsvc subpackage
- don't use catalina.out, systemd redirects stderr/stdout to syslog
- don't use and recommends logrotate
- package /etc/ant.d properly, mark only catalina-ant as a config file
- Fix tomcat init scripts generating malformed classpath
(http://youtrack.jetbrains.com/issue/JT-18545)
bnc#804992
- update to 7.0.35 (bugfix release)
require ecj >= 4.2.1, like upstream do
- make gpg-offline work distros after 12.2
- Ensure tomcat stdout/stderr output ends up in catalina.out
- Recommend libtcnative-1-0 >= 1.1.24
- /etc/init.d/tomcate init script fixes:
* Include /usr/bin and /usr/sbin in the PATH
* Fix logic for cleaning the work directories
* Fix typo (log_success_msg lsb function name)
* Fix typo (reload message)
- Require log4j
- Require gpg-offline on 12.2+
- Verify GPG signature.
- update to 7.0.33 (bugfix release)
- update to 7.0.30 (bugfix release)
* SSI and CGI disabled by default
- fix bnc#779538: change the working dir to $CATALINA_BASE
- document the CATALINA_BASE and CATALINA_HOME in tomcat.conf better
- fix rpmlintrc file
- fix bnc#771802 - systemd support is broken
* change type froking to simple as it does not make a sense run java in a
background to emulate that
* remove the need of nested wrappers, so /usr/sbin/tomcat-sysd now relies on
systemd features like User/EnvironmentFile
* workaround the 143 exit code in Stop phase - return 0 in this case
* merge the jsvc into tomcat-sysd code, the -jsvc-sysd is a symlink
* properly use jsvc with pid file to start and stop
- update to 7.0.26 (bugfix release)
- rename package to tomcat in order to emphasise a fact, there is only one
major release of tomcat maintained in distribution
- add manifest files and systemd support (thanks Fedora)
- create tomcat-jsvc package
- update to 7.0.26 (bugfix release)
- fix bnc#747771 - don't use /var/lock/subsys
sync tomcat7 init with tomcat6
- update to 7.0.25 (bugfix release)
- update to 7.0.22 (bugfix release)
- wrote changes and prepare for inclusion to openSUSE distribution
- fix bnc#726307
/etc/tomcat7 is writtable for tomcat group
- update to version 7.0.21
- update to version 7.0.16 (bugfix update)
- add rpmlintrc, digest, init and wrapper scripts and config file
- build require geronimo apis and wsdl4j
- disable webservices in javadoc target
- initial packaging of tomcat7 7.0.6
OBS-URL: https://build.opensuse.org/request/show/642919
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=131
- Update to Tomcat 9.0.2:
* Major update for tomcat8 from tomcat9
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
* Rename all tomcat-8.0-* files to tomcat-9.0-*
- Changed patches:
* Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-8.0-sle.catalina.policy.patch
* Deleted: tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-8.0.33-JDTCompiler-java.patch
* Deleted: tomcat-8.0.44-javadoc.patch
* Deleted: tomcat-8.0.9-property-build.windows.patch
* Added: tomcat-9.0-JDTCompiler-java.patch
* Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch
* Added: tomcat-9.0-javadoc.patch
* Added: tomcat-9.0-sle.catalina.policy.patch
* Added: tomcat-9.0-tomcat-users-webapp.patch
- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api
to reflect the new Servlet API version.
- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf
- Added "tomcat-" prefix to lib symlinks under
/usr/share/java to avoid file conflicts with servletapi5
and geronimo-specs
- Fixed wrong %ghost file paths for alternatives symlinks
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Build with JDK 8 to fix runtime errors when running with JDK 7
and 8
- Fix tomcat-digest classpath error (bsc#977410)
- Fix packaged /etc/alternatives symlinks for api libs that caused
rpm -V to report link mismatch (bsc#1019016)
- update to 8.0.47
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-12617
- rebase tomcat-8.0-sle.catalina.policy.patch
- Added patch:
* tomcat-8.0.44-javadoc.patch
- generate documentation with the same source level as class
files
- fixes build with jdk9
- Version update to 8.0.44:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-5664 (bsc#1042910)
- New build dependency: javapackages-local
- Version update to 8.0.43: * Another bugfix release, for full details see:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVEs:
- CVE-2017-5647 (bnc#1033448)
- CVE-2017-5648 (bnc#1033447)
- CVE-2016-8745
- Renamed and rebased patches:
* tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch
- Enable optional setenv.sh script. See section
"(3.4) Using the "setenv" script (optional, recommended)" in
http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt
(bnc#1002662)
- Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412).
Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api,
tomcat-servlet-3_0-api
- update to 8.0.39: (boo#1003911)
* Improve handling of I/O errors with async processing
* Fail earlier on invalid HTTP request
- includes changes from 8.0.38:
* Refactoring the non-container thread Async complete()/dispatch()
handling to remove the possibility of deadlock
* Improved UTF-8 handling for the RewriteValve
- includes changes from 8.0.37:
* Treat paths used to obtain a request dispatcher as encoded
(configurable)
* Various jdbc-pool fixes
- drop tomcat-8.0.36-jar-scanner-loop.patch, upstream
- Switch to commons-dbcp2 fate#321029
- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862)
Added: tomcat-8.0.36-jar-scanner-loop.patch
- Version update to 8.0.36:
* Another bugfix release for the 8.0 series. Full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)
- CVE fixed by the version update:
- CVE-2016-3092 (bnc#986359)
- Fixed a deployment error in the examples webapp by changing the context.xml format to the new one
introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources
- fix maven fragments paths to build in multiple distribution
versions
- Version update to 8.0.33:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt)
- Rebase tomcat-8.0-tomcat-users-webapp.patch
- Rebase tomcat-7.0.53-JDTCompiler-java.patch
to tomcat-8.0.33-JDTCompiler-java.patch
- Fix fixme for the prereq preamble value
- It seems systemd prints error on adding the @ services to macros
so do not do that
- package was partly merged with the scripts used in the
Fedora distribution
- support running multiple tomcat instances on the same server
(fate#317783)
- add catalina-jmx-remote.jar (fate#318403)
- remove sysvinit support: systemd is required
- update changes file for CVE information
- Fixed CVEs:
- CVE-2015-5346 (bnc#967814) in 8.0.32
- CVE-2015-5351 (bnc#967812) in 8.0.32
- CVE-2016-0706 (bnc#967815) in 8.0.32
- CVE-2016-0714 (bnc#967964) in 8.0.32
- CVE-2016-0763 (bnc#967966) in 8.0.32
- CVE-2015-5345 (bnc#967965) in 8.0.30
- CVE-2015-5174 (bnc#967967) in 8.0.27
- Version update to 8.0.32:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt)
- Rebase patch:
* tomcat-8.0.9-property-build.windows.patch
- update to Tomcat 8.0.28
* Multiple fixes, read upstream changelog at:
https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)
- Some whitespace cleanups
- Remove pointless conflicts on provide/obsolete symbols
- Version bump to 8.0.23 fate#318913:
* Multiple testfixes all around, read upstream changelog at:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)
- Fix previous commit. Fix one rpmlint warning
- Drop gpg verification from spec, it is done by obs
- Fix build with new jpackage-tools
- update to Tomcat 8.0.18:
* Major update for tomcat8 from tomcat7
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Rename all tomcat-7.0-* files to tomcat-8.0-*
* Update keyring file
- Update windows patch to apply again:
* Deleted: tomcat-7.0.52-property-build.windows.patch
* Added: tomcat-8.0.9-property-build.windows.patch
* Added:tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-7.0-tomcat-users-webapp.patch
* Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch
- Version 1.1.30 or higher is required for APR listener (bnc#914725)
- SLE12 has different path for the "rm" command than older versions.
To avoid possible clashes, the entire coreutils must be provided.
(bnc#894292)
- Fixed Security Manager policies, which makes unable properly
run webapps by default. (bnc#891264)
Added: tomcat-7.0-sle.catalina.policy.patch
- Missing security manager policy file prevents Tomcat to start
with systemd. (bnc#890995)
- Tomcat 7.0.55 requires ecj 4.4.0
- include the tomcat websocket implementation (tomcat7-websocket)
- Update to 7.0.55
* Update to the Eclipse JDT Compiler 4.4
* Better error handling when the error occurs after the response
has been committed
* Various improvements to the Mapper including fixing some
concurrency bugs
* See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- build tomcat-embed as a subpackage
- Drop two unused defines
- touch the alternatives files to avoid build errors
in older versions
- Do not define default defattr as it is pointless.
- One file here was not supposed to be ghost.
- Fix once more the alternatives.
- Add path to rm command.
- Silence loads of warnings by rpmlintrc
- Cleanup with spec-cleaner and format few things a bit.
- Remove few deps not really needed for sle11.
- Drop unused files obs.bl and local.lb
- Drop unused collections-tomcat-build.xml
- Version bump to 7.0.54:
* bugfix update
* See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- Update to 7.0.53
* bugfix release
* Update the Eclipse JDT compiler to enable full Java 8 support in JSPs.
* See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- Patch for Bug 56373
* See https://issues.apache.org/bugzilla/show_bug.cgi?id=56373
* tomcat-7.0.53-JDTCompiler-java.patch
- Rename tomcat-7.0.2-property-build.windows.patch to
tomcat-7.0.52-property-build.windows.patch
- remove saxon build requirement for sles
- disable bytecode check for sles
- remove unknown option from fillup_only macro
- wrap systemd %pre[un]/%post[un] in conditional
- specify required ant version
- Update to 7.0.52
* bugfix release
* Fix CVE-2014-0050, a DoS vulnerability related to multi-part processing
- Update to 7.0.50
* bugfix release
- Add missing commons-pool-tomcat5 symlink (bnc#847505c#13)
- Update to 7.0.47
* bugfix release
* backport of JSR-356 Java WebSocket 1.0
* package tomcat now requires java7 at lease
- Updated tomcat.keyring to reflect the fact new release is signed by
Violeta Georgieva / D63011C7
see http://osdir.com/ml/dev-tomcat.apache.org/2013-10/msg00849.html
- Add tomcat-dbcp.jar (bnc#847505) back into tomcat lib dir
- Install tomcat-coyote.jar as well
- Remove pointless scriplets
- Move from jpackage-utils to javapackage-tools
- drop a dependency on unecessary -tomcat5 packages
- use commons-dbcp.jar for build
- add missing commons-pool.jar to libdir
- add _constraints to not schedule build on some build machines
workaround for bnc#832762
- Add missing 'su root tomcat' line to logrotate. See also
https://bugzilla.redhat.com/show_bug.cgi?id=790334
- call chown --no-dereference in init script
(bnc#822177#c7/prevents CVE-2013-1976)
- update to 7.0.42 (bugfix release)
see http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- fix file list to be compatible for new rpm
- update to 7.0.39 (bugfix release)
- install only systemd unit files on openSUSE 12.1+
* and call proper code when init script still exists
- add a proper scripplets for -jsvc subpackage
- don't use catalina.out, systemd redirects stderr/stdout to syslog
- don't use and recommends logrotate
- package /etc/ant.d properly, mark only catalina-ant as a config file
- Fix tomcat init scripts generating malformed classpath
(http://youtrack.jetbrains.com/issue/JT-18545)
bnc#804992
- update to 7.0.35 (bugfix release)
require ecj >= 4.2.1, like upstream do
- make gpg-offline work distros after 12.2
- Ensure tomcat stdout/stderr output ends up in catalina.out
- Recommend libtcnative-1-0 >= 1.1.24
- /etc/init.d/tomcate init script fixes:
* Include /usr/bin and /usr/sbin in the PATH
* Fix logic for cleaning the work directories
* Fix typo (log_success_msg lsb function name)
* Fix typo (reload message)
- Require log4j
- Require gpg-offline on 12.2+
- Verify GPG signature.
- update to 7.0.33 (bugfix release)
- update to 7.0.30 (bugfix release)
* SSI and CGI disabled by default
- fix bnc#779538: change the working dir to $CATALINA_BASE
- document the CATALINA_BASE and CATALINA_HOME in tomcat.conf better
- fix rpmlintrc file
- fix bnc#771802 - systemd support is broken
* change type froking to simple as it does not make a sense run java in a
background to emulate that
* remove the need of nested wrappers, so /usr/sbin/tomcat-sysd now relies on
systemd features like User/EnvironmentFile
* workaround the 143 exit code in Stop phase - return 0 in this case
* merge the jsvc into tomcat-sysd code, the -jsvc-sysd is a symlink
* properly use jsvc with pid file to start and stop
- update to 7.0.26 (bugfix release)
- rename package to tomcat in order to emphasise a fact, there is only one
major release of tomcat maintained in distribution
- add manifest files and systemd support (thanks Fedora)
- create tomcat-jsvc package
- update to 7.0.26 (bugfix release)
- fix bnc#747771 - don't use /var/lock/subsys
sync tomcat7 init with tomcat6
- update to 7.0.25 (bugfix release)
- update to 7.0.22 (bugfix release)
- wrote changes and prepare for inclusion to openSUSE distribution
- fix bnc#726307
/etc/tomcat7 is writtable for tomcat group
- update to version 7.0.21
- update to version 7.0.16 (bugfix update)
- add rpmlintrc, digest, init and wrapper scripts and config file
- build require geronimo apis and wsdl4j
- disable webservices in javadoc target
- initial packaging of tomcat7 7.0.6
OBS-URL: https://build.opensuse.org/request/show/548119
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=117
- Fix fixme for the prereq preamble value
- It seems systemd prints error on adding the @ services to macros
so do not do that
- package was partly merged with the scripts used in the
Fedora distribution
- support running multiple tomcat instances on the same server
(fate#317783)
- add catalina-jmx-remote.jar (fate#318403)
- remove sysvinit support: systemd is required
OBS-URL: https://build.opensuse.org/request/show/385752
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=28
- Do not define default defattr as it is pointless.
- One file here was not supposed to be ghost.
- Fix once more the alternatives.
- Add path to rm command.
- Silence loads of warnings by rpmlintrc
- Cleanup with spec-cleaner and format few things a bit.
- Remove few deps not really needed for sle11.
- Drop unused files obs.bl and local.lb
- Drop unused collections-tomcat-build.xml
OBS-URL: https://build.opensuse.org/request/show/242840
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=19
- update to 7.0.39 (bugfix release)
- install only systemd unit files on openSUSE 12.1+
* and call proper code when init script still exists
- add a proper scripplets for -jsvc subpackage
- don't use catalina.out, systemd redirects stderr/stdout to syslog
- don't use and recommends logrotate
- package /etc/ant.d properly, mark only catalina-ant as a config file
OBS-URL: https://build.opensuse.org/request/show/172490
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=11
What these changes do:
1. Fix this tomcat warning:
SEVERE: An incompatible version 1.1.23 of the APR based Apache Tomcat Native library is installed, while Tomcat requires version 1.1.24
2. Fix this tomcat warning:
WARNING: Problem with JAR file [/usr/share/java/tomcat/log4j.jar], exists: [false], canRead: [false]
3. Ensure tomcat stdout/stderr output ends up in catalina.out
4. Fix several issues in the init script
Thanks. (forwarded request 146513 from archie172)
OBS-URL: https://build.opensuse.org/request/show/146833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=7
What these changes do:
1. Fix this tomcat warning:
SEVERE: An incompatible version 1.1.23 of the APR based Apache Tomcat Native library is installed, while Tomcat requires version 1.1.24
2. Fix this tomcat warning:
WARNING: Problem with JAR file [/usr/share/java/tomcat/log4j.jar], exists: [false], canRead: [false]
3. Ensure tomcat stdout/stderr output ends up in catalina.out
4. Fix several issues in the init script
Thanks.
OBS-URL: https://build.opensuse.org/request/show/146513
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=15
Verify GPG signature: Perform build-time offline GPG verification.
Please verify that included keyring matches your needs.
For manipulation with the offline keyring, please use gpg-offline tool from openSUSE:Factory, devel-tools-building or Base:System.
See the man page and/or /usr/share/doc/packages/gpg-offline/PACKAGING.HOWTO.
If you need to build your package for older products and don't want to mess spec file with ifs, please follow PACKAGING.HOWTO:
you can link or aggregate gpg-offline from
devel:tools:building or use following trick with "osc meta prjconf":
--- Cut here ----
%if 0%{?suse_version} <= 1220
Substitute: gpg-offline
%endif
Macros:
%gpg_verify(dnf) \
%if 0%{?suse_version} > 1220\
echo "WARNING: Using %%gpg_verify macro from prjconf, not from gpg-offline package."\
gpg-offline --directory="%{-d:%{-d*}}%{!-d:%{_sourcedir}}" --package="%{-n:%{-n*}}%{!-n:%{name}}""%{-f: %{-f*}}" --verify %{**}\
%else\
echo "WARNING: Dummy prjconf macro. gpg-offline is not available, skipping %{**} GPG signature verification!"\
%endif\
%nil
-----------------
OBS-URL: https://build.opensuse.org/request/show/143936
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=12
- fix bnc#771802 - systemd support is broken
* change type froking to simple as it does not make a sense run java in a
background to emulate that
* remove the need of nested wrappers, so /usr/sbin/tomcat-sysd now relies on
systemd features like User/EnvironmentFile
* workaround the 143 exit code in Stop phase - return 0 in this case
* merge the jsvc into tomcat-sysd code, the -jsvc-sysd is a symlink
* properly use jsvc with pid file to start and stop
OBS-URL: https://build.opensuse.org/request/show/128320
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tomcat?expand=0&rev=3
* change type froking to simple as it does not make a sense run java in a
background to emulate that
* remove the need of nested wrappers, so /usr/sbin/tomcat-sysd now relies on
systemd features like User/EnvironmentFile
* workaround the 143 exit code in Stop phase - return 0 in this case
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=5
