Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tomcat6-jsp-2_1-api-6.0.33-3.11.1 RPM for noarch

From OpenSuSE 12.1 updates for noarch

Name: tomcat6-jsp-2_1-api Distribution: openSUSE 12.1
Version: 6.0.33 Vendor: openSUSE
Release: 3.11.1 Build date: Mon Jan 7 15:07:24 2013
Group: Productivity/Networking/Web/Servers Build host: build20
Size: 76697 Source RPM: tomcat6-6.0.33-3.11.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://tomcat.apache.org
Summary: Apache Tomcat JSP API implementation classes
 
Apache Tomcat JSP API implementation classes

Provides

Requires

License

Apache-2.0

Changelog

* Wed Jan 02 2013 mvyskocil@suse.com
  - fix bnc#794548 - denial of service (CVE-2012-4534)
    * apache-tomcat-CVE-2012-4534.patch
    fixes apache#53138, apache#52858
    http://svn.apache.org/viewvc?view=rev&rev=1372035
  - fix a minor issue in apache-tomcat-CVE-2012-4431.patch
    use the already initialized session variable instead of
    an another call req.getSesssion()
* Mon Dec 10 2012 mvyskocil@suse.com
  - fix bnc#793394 - bypass of security constraints (CVE-2012-3546)
    * apache-tomcat-CVE-2012-3546.patch
    http://svn.apache.org/viewvc?view=revision&revision=1381035
  - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)
    * apache-tomcat-CVE-2012-4431.patch
    http://svn.apache.org/viewvc?view=revision&revision=1394456
* Fri Dec 07 2012 mvyskocil@suse.com
  - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679)
    in README.SUSE
* Tue Dec 04 2012 mvyskocil@suse.com
  - fixes
    bnc#791423 - cnonce tracking weakness (CVE-2012-5885)
    bnc#791424 - authentication caching weakness (CVE-2012-5886)
    bnc#791426 - stale nonce weakness (CVE-2012-5887)
    * apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch
    http://svn.apache.org/viewvc?view=revision&revision=1380829
* Fri Nov 23 2012 mvyskocil@suse.com
  - fix bnc#789406 - HTTP NIO connector OOM DoS via a request with
    large headers (CVE-2012-2733)
    * http://svn.apache.org/viewvc?view=revision&revision=1356208
* Mon Feb 06 2012 mvyskocil@suse.cz
  - fix bnc#742477 - iManager throws exception in its basic functionalities
    * http://svn.apache.org/viewvc?view=revision&revision=1206324
    * http://svn.apache.org/viewvc?view=revision&revision=1229027
  - fix bnc#743055 - VUL-1: CVE-2011-3375: tomcat: information disclosure
    due to improper response and request object recycling
* Thu Jan 05 2012 mvyskocil@suse.cz
  - fix bnc#727543 - VUL-0: Apache tomcat vulnerable to hash collision attack
    backport upstream changes:
    * add isConfigProblemFatal method
      http://svn.apache.org/viewvc?view=revision&revision=1199122
    * GET POST parameter processing performance. Adds maximum number of
      parameters per request (defaults to 10000) and new FailedRequestFilter for
      rejecting requests with excessive number of parameters
      http://svn.apache.org/viewvc?view=revision&revision=1200601
  - fix bnc#712784 - tomcat6: add missing Requires on java >= 1.6.0
    * add recommends on java >= 1.6.0 and java-devel >= 1.6.0
* Mon Aug 29 2011 mvyskocil@suse.cz
  - update to latest upstream version 6.0.33 (bugfix release)
  - fix bnc#714620 - tomcat6: use of /var/lock/subsys unsupported
    use /var/run/rctomcat6 instead
* Fri Feb 11 2011 mvyskocil@suse.cz
  - update to latest upstream version 6.0.32 (bugfix release)
  - obsolete CVE-2010-4172 patch
  - fixes bnc#669897 (CVE-2010-3718), bnc#669926 (CVE-2010-4476), bnc#669928
    (CVE-2011-0013) and bnc#669930 (CVE-2011-0534)
* Thu Dec 09 2010 mvyskocil@suse.cz
  - fix bnc#655440#c14 - clean workdir of tomcat's webapps to be sure
    our fixed jsps will be redeployed on each update
* Thu Nov 25 2010 mvyskocil@suse.cz
  - fix bnc#655440 - VUL-0: tomcat6: Apache Tomcat Manager application XSS
    vulnerability (CVE-2010-4172)
    http://svn.apache.org/viewvc?view=revision&revision=1037779
  - fix bnc#653586 - spacewalk 1.2 requires jasper 5.5
    * add offline jasper compiler /usr/bin/jspc
  - unpack tarball to apache-tomcat-$VERSION-src directory directly
* Tue Nov 02 2010 mvyskocil@suse.cz
  - Fix bnc#650130 - Update of tomcat6 not possible (cpio: Is a directory)
    * workaround the rpm bug - it cannot update directory to symlink
    * make /etc/tomcat6/Catalina/ as ghost file
    * create link in %posttrans
* Tue Sep 14 2010 mvyskocil@suse.cz
  - Update to 6.0.29 (bugfix release)
  - fix bnc#625415:  Tomcat6 does not have permissions to its own directories
    * also fix the /etc/tomcat6/Catalina link target
  - revert a setclasspath.sh changes
  - disable user/group verification of tomcat owned files and directories to
    allow easy change of the tomcat user without rpm --verify complaints
* Thu Jul 15 2010 mvyskocil@suse.cz
  - Update to 6.0.28 (bugfix release)
  - fix bnc#565901 - missing catalina.sh again
    * move catalina.sh to CATALINA_HOME/bin
    * add jpackage.org compatible CATALINA_HOME/bin/setclasspath.sh
  - add missing logrotate requires
  - install scripts with mode 0755
* Wed Feb 03 2010 mvyskocil@suse.cz
  - Update to 6.0.24 (bugfix release). This obsoletes patch
    * tomcat6-bug47316.patch
  - Merged with tomcat6-6.0.18-10.jpp6.src.rpm
    * return the jpackage.org license header in spec
    * polish in spec (use more macros)
    * add logrotate support
    * add patch to document webapps in %%{_sysconfdir}/%%{name}/tomcat-users.xml
    * move %%{_bindir}/d%%{name} to %%{_sbindir}/%%{name} and provide symlink to
      %%{_sbindir}/d%%{name}
    * add digest and tool-wrapper scripts
    * explicitly unset CLASSPATH
    * explicitly set OPT_JAR_LIST to include ant/ant-trax
    * build and install sample webapp
    * use copy instead of move to fix short-circuit install build
    * version jsp and servlet Provides with their spec versions
    * make initscript LSB-complaint
    * add el subpackage
* Tue Jan 05 2010 mvyskocil@suse.cz
  - fixed bnc#565901 - missing catalina.sh
    * added catalina.sh (link from dtomcat6) to improve upstream compatibility
* Wed Sep 30 2009 mvyskocil@suse.cz
  - fixed bnc#542634: Tomcat NPE on start
    applied patch from upstream bugzilla
    https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3
* Wed Aug 26 2009 mvyskocil@suse.cz
  - fixed bnc#520532: marked all webapp/ROOT/* files as config(noreplace)
  - marked /etc/ant.d/catalina-ant as config(noreplace)
* Mon Jun 15 2009 mvyskocil@suse.cz
  - added a missing -p1 for %patch0
* Wed Jun 03 2009 mvyskocil@suse.cz
  - fixed bnc#488061: work directory clean on tomcat stop
  - update to 6.0.20 - the bugfix release:
    * MemoryUserDatabase is read-only by default
    * Allow huge request body packets for AJP13
    * Never return an empty HTTP status reason phrase
    * Prevent double initialisation of JSPs
    * A node should ignore its own heartbeat messages
    * Prettry error messages (instead of stacktrace) if shutdown port is disabled
* Mon Mar 16 2009 mvyskocil@suse.cz
  - fixed bnc#418664 - Tomcat6 installation has missing bits
    - added /etc/ant.d/catalina-ant
  - another fix for bnc#471639 - tomcat does not start/work
    * merged a sysconfig and tomcat6.conf to allow a dtomcat6 start works
    * also fixs (bnc#471639)
  - fixed bnc#424675 - Access rights to /etc/tomcat6 directory not set right
    * create a link from /etc/tomcat6/Catalina to /var/cache/tomcat6/Catalina
  - removed a CATALINA_OPTS from stop in dtcomcat6 (bao#42951)

Files

/usr/share/java/jsp.jar
/usr/share/java/tomcat6-jsp-2.1-api-6.0.33.jar
/usr/share/java/tomcat6-jsp-2.1-api.jar

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Jun 15 03:34:55 2013