Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages pecifications are developed by
Sun under the Java Community Process.
Authors:
--------
Hans Bergsten <hans@gefionsoftware.com>
James Duncan <Davidson duncan@x180.com>
Pierpaolo Fumagalli <pier@apache.org>
Craig McClanahan <cmcclanahan@mytownnet.com>
Sam Ruby <rubys@us.ibm.com>
Jon Stevens <jon@clearink.com>
Anil Vijendran <akv@eng.sun.com>
Brian Behlendorf <brian@behlendorf.com>
Kevin Burton <burton@relativity.yi.org>
Danno Ferrin <shemnon@earthlink.net>
Jason Hunter <jh@servlets.com>
Ramesh Mandava <rmandava@talentportal.com>
Stefano Mazzocchi <stefano@apache.org>
Rajiv Mordani <mode@chinet.com>
Harish Prabhandham <harishp@onebox.com>
Jean-Luc Rochat <shachor@il.ibm.com>
James Todd <jwtodd@pacbell.net>
Provides
Requires
Copyright
BSD 3-Clause, The Apache Software License
Signatures
internal MD5: 75c1459c853da904e9628f61084f9995
GPG
Changelog
* Tue May 15 2007 - dbornkessel@suse.de
- bug fix for Bug #274237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in
Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows
remote attackers to inject arbitrary web script or HTML via certain
header values.
* Tue Mar 20 2007 - dbornkessel@suse.de
- backported security fix (Bug #254482)
CVE-2007-0450
Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request containing strings like "/\../"
allow attackers to break out of the given context. Additionally, when using Tomcat behind a proxy
configured to only proxy some contexts this permits access to non-proxied contexts. When used
behind a proxy it is recommended that Tomcat is secured as if the proxy were not present.
The following Java startup options have been added to Tomcat to provide additional control of the handling of '\' and '%5c' in URLs:
* -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
* -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
These options default to false.
* Fri Sep 22 2006 - dbornkessel@suse.de
- set source=1.4 for java and fix code ambiguity (cf. bsc#4983021)
* Thu Aug 17 2006 - dbornkessel@suse.de
- added docu for admin-webapps package
- repackaged addons as bz2 archive
* Tue Jul 04 2006 - dbornkessel@suse.de
- added jsp-api.jar -> jspapi.jar link for compatibility reasons
thanks to Roman Asendorf for pointing that out
* Wed Jun 21 2006 - dbornkessel@suse.de
- added 'findutils' to the PreReq list, as 'find' is used in %preun
* Wed Apr 19 2006 - dbornkessel@suse.de
- removed jdbc as PreReq as it is not provided on all plattforms.
Instead, links and build properties for jdbc are only created
when jdbc is really there (Bug #164836)
* Mon Mar 27 2006 - dbornkessel@suse.de
- link /usr/share/tomcat5/common/lib/servletapi5.jar -> /usr/share/tomcat5/common/lib/servlet-api.jar
for eclipse server runtime verification script (Bug #160769)
* Tue Mar 21 2006 - dbornkessel@suse.de
- amended startup script for correct shutdown (Bug #157069)
* Wed Mar 15 2006 - dbornkessel@suse.de
- replaced test -n $JAVA_OPTS
with test -n "$JAVA_OPTS"
* Fri Mar 10 2006 - dbornkessel@suse.de
- added symlinks to tomcat in order to be recognized by some programs (i.e. eclipse)
as a valid tomcat installation (Bug #134338)
- added more variables to /etc/sysconfig/j2ee
- sysconfig allows now to set the user & group with which to run tomcat
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Nov 23 2005 - dbornkessel@suse.de
- changed logrotate conf file and tomcat logger configuration / Bug #118763
- changed rctomcat5 script as proposed in Bug #134572
- fixed bug in struts config
- patched catalina.sh to have a work around if JAVA_HOME is wrong / Bug #129641
- added log4j.properties for tomcat
- added creation to log4j package in common/lib dir / Bug #113701
- added log4j as a requirement as it is used by tomcat
* Thu Sep 29 2005 - dmueller@suse.de
- add norootforbuild
* Thu Sep 01 2005 - skh@suse.de
- fix struts-config.xml in admin webapp (#113319)
* Fri Mar 04 2005 - skh@suse.de
- remove superfluous %defines
* Tue Feb 22 2005 - skh@suse.de
- update to version 5.0.30
- fix build with current struts
* Mon Feb 21 2005 - skh@suse.de
- update to version 5.0.28
* Fri Oct 01 2004 - skh@suse.de
- Fix %files section breakage from last change (#46620)
- Fix documentation (#46599)
* Wed Sep 29 2004 - skh@suse.de
- Fix %files section to remove file conflicts between main package and
subpackages.
* Mon Sep 27 2004 - skh@suse.de
- Set CATALINA_HOME in /etc/sysconfig/j2ee correctly when updating from
jakarta-tomcat (#46080)
* Fri Sep 17 2004 - skh@suse.de
- Create correct and backwards-compatible directory and symlink
structure (#45503)
- really fix prerequires
* Thu Sep 16 2004 - skh@suse.de
- Use SUSE config files and rc scripts following the old
jakarta-tomcat package
- fix prerequires
* Mon Sep 13 2004 - skh@suse.de
- Be FHS compliant again (install below /srv/www/tomcat5 instead
of /var/lib/tomcat5)
- Fix Provides and Obsoletes
* Tue Sep 07 2004 - skh@suse.de
- Fix PreRequires.
* Mon Sep 06 2004 - skh@suse.de
- ... and use correct file permissions.
* Mon Sep 06 2004 - skh@suse.de
- Don't use fixed uid/gid
* Mon Sep 06 2004 - skh@suse.de
- Switched to JPackage version with 5.0.27 (JPackage 1.5)
Files
H�è�)
Generated by rpm2html 1.8.1
Daniel Veillard, Wed Oct 8 04:55:09 2008