Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tomcat-9.0.43-2.1 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: tomcat Distribution: openSUSE Tumbleweed
Version: 9.0.43 Vendor: openSUSE
Release: 2.1 Build date: Wed Nov 10 22:14:05 2021
Group: Productivity/Networking/Web/Servers Build host: lamb75
Size: 326779 Source RPM: tomcat-9.0.43-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://tomcat.apache.org
Summary: Apache Servlet/JSP/EL Engine, RI for Servlet 4.0/JSP 2.3/EL 3.0 API
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

ATTENTION: This tomcat is built with java 1.8.0.

Provides

Requires

License

Apache-2.0

Changelog

* Wed Nov 10 2021 Fridrich Strba <fstrba@suse.com>
  - Modified patch:
    * tomcat-9.0-osgi-build.patch
      + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0
* Fri Oct 29 2021 Michele Bussolotto <michele.bussolotto@suse.com>
  - Fixed CVEs:
    * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
    * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
  - Added patches:
    * tomcat-9.0-CVE-2021-30640.patch
    * tomcat-9.0-CVE-2021-33037.patch
* Thu Oct 28 2021 Michele Bussolotto <michele.bussolotto@suse.com>
  - Fixed CVEs:
    * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
  - Added patches:
    * tomcat-9.0-CVE-2021-41079.patch
* Mon Oct 18 2021 Marcel Witte <wittemar@googlemail.com>
  - Update to Tomcat 9.0.43. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)
  - Removed Patches because fixed upstream now:
    * tomcat-9.0-CVE-2021-25122.patch
    * tomcat-9.0-CVE-2021-25329.patch
  - Rebased patch:
    tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch
* Mon Oct 18 2021 Marcel Witte <wittemar@googlemail.com>
  - Update to Tomcat 9.0.41. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)
* Mon Oct 18 2021 Marcel Witte <wittemar@googlemail.com>
  - Update to Tomcat 9.0.40. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)
  - Removed Patches because fixed upstream now:
    * tomcat-9.0-CVE-2020-17527.patch
    * tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 22 2021 Abid Mehmood <amehmood@suse.com>
  - Fixed CVEs:
    * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
    * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
  - Added patches:
    * tomcat-9.0-CVE-2021-25122.patch
    * tomcat-9.0-CVE-2021-25329.patch
* Wed Mar 17 2021 Abid Mehmood <amehmood@suse.com>
  - Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)
  - Added patch:
    * tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 15 2021 Marcel Witte <wittemar@googlemail.com>
  - Update to Tomcat 9.0.39. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)
  - Rebased patches:
    * tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch
* Mon Mar 15 2021 Marcel Witte <wittemar@googlemail.com>
  - Update to Tomcat 9.0.38. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)
  - Rebased patches:
    * tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch
  - Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now
* Mon Feb 22 2021 Marcel Witte <wittemar@googlemail.com>
  - Update to Tomcat 9.0.37. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)
  - Rebased patches:
    * tomcat-9.0-osgi-build.patch
    * tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch
* Wed Dec 16 2020 Abid Mehmood <amehmood@suse.com>
  - Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)
  - Added patch:
    * tomcat-9.0-CVE-2020-17527.patch
* Tue Nov 03 2020 Matei Albu <malbu@suse.com>
  - Add source url for tomcat-serverxml-tool
  - Fix typo in tomcat-webapps %postun that caused /examples
    context to remain in server.xml when package was removed
  - Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from
    package. They're not used anymore becuse of systemd (bsc#1178396)
* Fri Oct 30 2020 Matei Albu <malbu@suse.com>
  - Fix tomcat-servlet-4_0-api package alternatives to use
    /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar.
    Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility.
    (bsc#1092163)
  - Change default file ownership in tomcat-webapps from
    tomcat:tomcat to root:tomcat
* Tue Oct 13 2020 Matei Albu <malbu@suse.com>
  - Fix CVE-2020-13943 (bsc#1177582)
  - Added patch:
    * tomcat-9.0-CVE-2020-13943.patch
  - Change /usr/lib/tomcat to /usr/libexec/tomcat in startup
    scripts (bsc#1177601)
* Tue Oct 13 2020 Jan Engelhardt <jengelh@inai.de>
  - Replace old specfile constructs. Remove support for SUSE 11.x.
  - Drop %systemd_requires, which is considered a no-op.
  - Trim redundant license mention from description.
  - Make documentation noarch.
  - Do not suppress errors from useradd.
* Wed Aug 26 2020 Fridrich Strba <fstrba@suse.com>
  - Avoid hardcoding /usr/lib as libexecdir
* Wed Jul 29 2020 Matei Albu <malbu@suse.com>
  - Don't give write permissions for the tomcat group on files and
    directories where it's not needed (bsc#1172562)
  - Change tomcat.pid location from /var/run to /run (bsc#1173103)
  - Use the /sbin/nologin shell when creating the tomcat user
  - Use %tmpfiles_create macro in %post instead of calling
    systemd-tmpfiles directly
* Fri Jun 26 2020 Fridrich Strba <fstrba@suse.com>
  - Update to Tomcat 9.0.36. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt)
  - Fixed CVEs:
    CVE-2020-11996 (bsc#1173389)
* Tue May 26 2020 Matei Albu <malbu@suse.com>
  - Update to Tomcat 9.0.35. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)
  - Fixed CVEs:
    - CVE-2020-9484 (bsc#1171928)
  - Rebased patches:
    * tomcat-9.0-javadoc.patch
    * tomcat-9.0-osgi-build.patch
    * tomcat-9.0.31-java8compat.patch
* Fri Apr 10 2020 Javier Llorente <javier@opensuse.org>
  - Update to Tomcat 9.0.34. See changelog at
    https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt)
  - Notable changes:
    * Add support for default values when using ${...} property
      replacement in configuration files. Based on a pull request
      provided by Bernd Bohmann.
    * When configuring an HTTP Connector, warn if the encoding
      specified for URIEncoding is not a superset of US-ASCII as
      required by RFC 7230.
    * Replace the system property
      org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with
      the Connector attribute encodedSolidusHandling that adds an
      additional option to pass the %2f sequence through to the
      application without decoding it in addition to rejecting such
      sequences and decoding such sequences.
* Mon Mar 30 2020 Matei Albu <malbu@suse.com>
  - Update to Tomcat 9.0.33. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)
  - Notable fix: corrected a regression in the improvements to HTTP
    header parsing (bsc#1167438)
  - Rebased patches:
    * tomcat-9.0-javadoc.patch
    * tomcat-9.0-osgi-build.patch
    * tomcat-9.0.31-java8compat.patch
* Fri Feb 28 2020 Matei Albu <malbu@suse.com>
  - Change default value of AJP connector secretRequired to false
  - Added patch:
    * tomcat-9.0.31-secretRequired-default.patch
* Tue Feb 25 2020 Fridrich Strba <fstrba@suse.com>
  - Update to Tomcat 9.0.31. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
  - Fixed CVEs:
    * CVE-2019-17569 (bsc#1164825)
    * CVE-2020-1935 (bsc#1164860)
    * CVE-2020-1938 (bsc#1164692)
  - Modified patch
    * tomcat-9.0.30-java8compat.patch
    - > tomcat-9.0.31-java8compat.patch
      + Adapt to changed context
* Wed Jan 29 2020 Matei Albu <malbu@suse.com>
  - Modified patch:
    * tomcat-9.0.30-java8compat.patch
      + add missing casts (bsc#1162081)
* Mon Jan 20 2020 Fridrich Strba <fstrba@suse.com>
  - Change back the build to build with any Java >= 1.8
  - Added patch:
    * tomcat-9.0.30-java8compat.patch
      + Cast java.nio.ByteBuffer and java.nio.CharBuffer to
      java.nio.Buffer in order to avoid calling Java 9+ APIs
      (functions with co-variant return types)
  - Renamed patch:
    * tomcat-9.0-disable-osgi-build.patch
    - > tomcat-9.0-osgi-build.patch
      + Do not disable, but fix OSGi build since we have now
      aqute-bnd
* Fri Jan 17 2020 Matei Albu <malbu@suse.com>
  - Change build to always use Java 1.8 (bsc#1161025).
* Fri Dec 27 2019 Matei Albu <malbu@suse.com>
  - Update to Tomcat 9.0.30. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
  - Fixed CVEs:
    - CVE-2019-0221 (bsc#1136085)
    - CVE-2019-10072 (bsc#1139924)
    - CVE-2019-12418 (bsc#1159723)
    - CVE-2019-17563 (bsc#1159729)
  - Removed patch:
    * tomcat-9.0-JDTCompiler-java.patch
      + It was not applied
* Mon Nov 18 2019 Fridrich Strba <fstrba@suse.com>
  - Update to Tomcat 9.0.27. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt)
  - Uset aqute-bnd to generate OSGi manifest, since we have that
    package now in openSUSE:Factory
  - Removed patch:
    * tomcat-9.0-disable-osgi-build.patch
      + not needed
* Fri Nov 15 2019 Fridrich Strba <fstrba@suse.com>
  - Add maven pom files for tomcat-jni and tomcat-jaspic-api
* Fri Oct 04 2019 Fridrich Strba <fstrba@suse.com>
  - Distribute the pom file also for tomcat-util-scan artifact
* Tue Oct 01 2019 Fridrich Strba <fstrba@suse.com>
  - Build against compatibility log4j12 package
* Wed Sep 25 2019 Fridrich Strba <fstrba@suse.com>
  - Adapt to the new ecj directory layout
* Wed Jun 12 2019 Dominique Leuenberger <dimstar@opensuse.org>
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut the build queues by allowing usage of systemd-mini
* Mon May 20 2019 Matei <malbu@suse.com>
  - Update to Tomcat 9.0.20. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt)
  - increase maximum number of threads and open files for tomcat (bsc#1111966)
* Mon Apr 22 2019 malbu@suse.com
  - Update to Tomcat 9.0.19. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt)
    Notable packaging changes:
    - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed.
      The classes contained in this jar were merged into
      /usr/share/java/tomcat/catalina.jar.
  - Fixed CVEs:
    - CVE-2019-0199 (bsc#1131055)
  - Rebased patch:
    - tomcat-9.0-JDTCompiler-java.patch
    - tomcat-9.0-javadoc.patch
* Mon Apr 15 2019 Fridrich Strba <fstrba@suse.com>
  - Build classpath directly with the geronimo jars instead of with
    symlinks to them
* Tue Feb 19 2019 malbu@suse.com
  - Don't overwrite changes made to server.xml contexts when updating
    bundled webapps.
* Mon Feb 18 2019 malbu@suse.com
  - Set javac target to 1.8 when building docs samples and serverxmltool
* Tue Feb 05 2019 malbu@suse.com
  - Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps
    (bsc#1092341). Affected packages:
    - tomcat-webapps
    - tomcat-admin-webapps
    - tomcat-docs-webapp
  - Remove %doc directive from tomcat-docs-webapps files section so that
    zypper installs files even if rpm.install.excludedocs is set to yes.
* Mon Feb 04 2019 malbu@suse.com
  - Require Java 1.8 or later (bsc#1123407)
* Sat Jan 26 2019 Fridrich Strba <fstrba@suse.com>
  - Clean up OSGi manifest injection
  - Put embed maven metadata into embed subpackage
  - Use the .mfiles* lists generated by %%add_maven_depmap macro
* Wed Jan 16 2019 malbu@suse.com
  - Fix tomcat-tool-wrapper classpath error (bsc#1120745)
* Fri Jan 11 2019 malbu@suse.com
  - Fix tomcat-digest classpath error (bsc#1120745)
* Sat Dec 29 2018 ecsos@opensuse.org
  - Update to Tomcat 9.0.14. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)
* Wed Dec 05 2018 Fridrich Strba <fstrba@suse.com>
  - Add pom files for tomcat-jdbc and tomcat-dbcp
  - Add org.eclipse.jetty.orbit* aliases to correspondant artifacts
* Fri Nov 09 2018 sean@suspend.net
  - Update to Tomcat 9.0.13. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)
* Thu Oct 18 2018 malbu@suse.com
  - Update to Tomcat 9.0.12. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)
  - Fixed CVEs:
    - CVE-2018-11784 (bsc#1110850)
  - Rebased patches:
    - tomcat-9.0-disable-osgi-build.patch
    - tomcat-9.0-javadoc.patch
    - tomcat-9.0-sle.catalina.policy.patch
    - tomcat-9.0-tomcat-users-webapp.patch
* Tue Sep 11 2018 ecsos@opensuse.org
  - Declare following files to config(noreplace) to prevent override
    access rights:
    - host-manager/META-INF/context.xml
    - manager/META-INF/context.xml
* Sun Aug 26 2018 malbu@suse.com
  - Empty tomcat-9.0.sysconfig to avoid overwriting of customer's
    configuration during update (bsc#1067720)
* Thu Aug 16 2018 malbu@suse.com
  - Update to Tomcat 9.0.10. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)
  - Fixed CVEs:
    - CVE-2018-1336 (bsc#1102400)
    - CVE-2018-8014 (bsc#1093697)
    - CVE-2018-8034 (bsc#1102379)
    - CVE-2018-8037 (bsc#1102410)
  - Rebased patch tomcat-9.0-JDTCompiler-java.patch
  - Added patch tomcat-9.0-disable-osgi-build.patch to disable adding
    OSGi metadata to JAR files
* Fri Feb 16 2018 malbu@suse.de
  - Update to Tomcat 9.0.5. See changelog at
    http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)
* Wed Jan 17 2018 fstrba@suse.com
  - Modified patch:
    * tomcat-9.0-javadoc.patch
      + Don't append to javadoc --add-modules since we are building
      with source=8
      + Avoid accessing Internet URLs from build environment

Files

/etc/logrotate.d/tomcat
/etc/tomcat
/etc/tomcat/Catalina
/etc/tomcat/catalina.policy
/etc/tomcat/catalina.properties
/etc/tomcat/conf.d
/etc/tomcat/conf.d/README
/etc/tomcat/context.xml
/etc/tomcat/jaspic-providers.xml
/etc/tomcat/log4j.properties
/etc/tomcat/logging.properties
/etc/tomcat/server.xml
/etc/tomcat/tomcat-users.xml
/etc/tomcat/tomcat.conf
/etc/tomcat/web.xml
/srv/tomcat
/srv/tomcat/webapps
/usr/bin/tomcat-digest
/usr/bin/tomcat-tool-wrapper
/usr/lib/systemd/system/tomcat.service
/usr/lib/systemd/system/tomcat@.service
/usr/libexec/tomcat
/usr/libexec/tomcat/functions
/usr/libexec/tomcat/preamble
/usr/libexec/tomcat/server
/usr/libexec/tomcat/serverxml-tool.sh
/usr/libexec/tomcat/serverxmltool.jar
/usr/sbin/rctomcat
/usr/sbin/tomcat
/usr/share/doc/packages/tomcat
/usr/share/doc/packages/tomcat/LICENSE
/usr/share/doc/packages/tomcat/NOTICE
/usr/share/doc/packages/tomcat/RELEASE-NOTES
/usr/share/fillup-templates/sysconfig.tomcat
/usr/share/tomcat
/usr/share/tomcat/bin/bootstrap.jar
/usr/share/tomcat/bin/catalina-tasks.xml
/usr/share/tomcat/bin/catalina.sh
/usr/share/tomcat/conf
/usr/share/tomcat/lib
/usr/share/tomcat/logs
/usr/share/tomcat/temp
/usr/share/tomcat/tomcat-webapps
/usr/share/tomcat/webapps
/usr/share/tomcat/work
/var/cache/tomcat
/var/cache/tomcat/Catalina
/var/cache/tomcat/temp
/var/cache/tomcat/work
/var/lib/tomcats
/var/log/tomcat
/var/log/tomcat/catalina.out


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Dec 3 23:32:37 2021