| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tomcat | Distribution: SUSE Linux Enterprise 15 |
| Version: 9.0.36 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 3.24.1 | Build date: Thu Mar 18 14:28:07 2021 |
| Group: Productivity/Networking/Web/Servers | Build host: sheep02 |
| Size: 326789 | Source RPM: tomcat-9.0.36-3.24.1.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://tomcat.apache.org | |
| Summary: Apache Servlet/JSP/EL Engine, RI for Servlet 4.0/JSP 2.3/EL 3.0 API | |
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ATTENTION: This tomcat is built with java 1.8.0.
Apache-2.0
* Wed Mar 17 2021 amehmood@suse.com
- Fixed CVEs:
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
- Added patches:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
* Tue Feb 09 2021 amehmood@suse.com
- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)
- Added patch:
* tomcat-9.0-CVE-2021-24122.patch
* Tue Dec 15 2020 amehmood@suse.com
- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)
- Added patch:
* tomcat-9.0-CVE-2020-17527.patch
* Wed Nov 04 2020 malbu@suse.com
- Fix typo in tomcat-webapps %postun that caused /examples
context to remain in server.xml when package was removed
- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from
package. They're not used anymore becuse of systemd (bsc#1178396)
* Tue Oct 13 2020 malbu@suse.com
- Fix CVE-2020-13943 (bsc#1177582)
- Added patch:
* tomcat-9.0-CVE-2020-13943.patch
* Thu Jul 23 2020 malbu@suse.com
- Fix tomcat-servlet-4_0-api package alternatives to use
/usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar.
Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility.
(bsc#1092163)
- Don't give write permissions for the tomcat group on files and
directories where it's not needed (bsc#1172562)
- Change tomcat.pid location from /var/run to /run (bsc#1173103)
- Use %tmpfiles_create macro in %post instead of calling
systemd-tmpfiles directly
* Fri Jul 17 2020 malbu@suse.com
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
- Added patches:
* tomcat-9.0-CVE-2020-13934.patch
* tomcat-9.0-CVE-2020-13935.patch
- Rebased patches:
* tomcat-9.0.31-java8compat.patch
* Fri Jun 26 2020 fstrba@suse.com
- Update to Tomcat 9.0.36. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt)
- Fixed CVEs:
CVE-2020-11996 (bsc#1173389)
* Tue May 26 2020 malbu@suse.com
- Update to Tomcat 9.0.35. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)
- Fixed CVEs:
- CVE-2020-9484 (bsc#1171928)
- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Apr 10 2020 javier@opensuse.org
- Update to Tomcat 9.0.34. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt)
- Notable changes:
* Add support for default values when using ${...} property
replacement in configuration files. Based on a pull request
provided by Bernd Bohmann.
* When configuring an HTTP Connector, warn if the encoding
specified for URIEncoding is not a superset of US-ASCII as
required by RFC 7230.
* Replace the system property
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with
the Connector attribute encodedSolidusHandling that adds an
additional option to pass the %2f sequence through to the
application without decoding it in addition to rejecting such
sequences and decoding such sequences.
* Mon Mar 30 2020 malbu@suse.com
- Update to Tomcat 9.0.33. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)
- Notable fix: corrected a regression in the improvements to HTTP
header parsing (bsc#1167438)
- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch
* Fri Feb 28 2020 malbu@suse.com
- Change default value of AJP connector secretRequired to false
- Added patch:
* tomcat-9.0.31-secretRequired-default.patch
* Tue Feb 25 2020 fstrba@suse.com
- Update to Tomcat 9.0.31. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
- Fixed CVEs:
* CVE-2019-17569 (bsc#1164825)
* CVE-2020-1935 (bsc#1164860)
* CVE-2020-1938 (bsc#1164692)
- Modified patch
* tomcat-9.0.30-java8compat.patch
- > tomcat-9.0.31-java8compat.patch
+ Adapt to changed context
* Wed Jan 29 2020 malbu@suse.com
- Modified patch:
* tomcat-9.0.30-java8compat.patch
+ add missing casts (bsc#1162081)
* Mon Jan 20 2020 fstrba@suse.com
- Change back the build to build with any Java >= 1.8
- Added patch:
* tomcat-9.0.30-java8compat.patch
+ Cast java.nio.ByteBuffer and java.nio.CharBuffer to
java.nio.Buffer in order to avoid calling Java 9+ APIs
(functions with co-variant return types)
- Renamed patch:
* tomcat-9.0-disable-osgi-build.patch
- > tomcat-9.0-osgi-build.patch
+ Do not disable, but fix OSGi build since we have now
aqute-bnd
* Fri Jan 17 2020 malbu@suse.com
- Change build to always use Java 1.8 (bsc#1161025).
* Fri Dec 27 2019 malbu@suse.com
- Update to Tomcat 9.0.30. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
- Fixed CVEs:
- CVE-2019-0221 (bsc#1136085)
- CVE-2019-10072 (bsc#1139924)
- CVE-2019-12418 (bsc#1159723)
- CVE-2019-17563 (bsc#1159729)
- Removed patch:
* tomcat-9.0-JDTCompiler-java.patch
+ It was not applied
* Mon Nov 18 2019 fstrba@suse.com
- Update to Tomcat 9.0.27. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt)
- Uset aqute-bnd to generate OSGi manifest, since we have that
package now in openSUSE:Factory
- Removed patch:
* tomcat-9.0-disable-osgi-build.patch
+ not needed
* Fri Nov 15 2019 fstrba@suse.com
- Add maven pom files for tomcat-jni and tomcat-jaspic-api
* Fri Oct 04 2019 fstrba@suse.com
- Distribute the pom file also for tomcat-util-scan artifact
* Tue Oct 01 2019 fstrba@suse.com
- Build against compatibility log4j12 package
* Wed Sep 25 2019 fstrba@suse.com
- Adapt to the new ecj directory layout
* Wed Jun 12 2019 dimstar@opensuse.org
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini
* Mon May 20 2019 malbu@suse.com
- Update to Tomcat 9.0.20. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt)
- increase maximum number of threads and open files for tomcat (bsc#1111966)
* Mon Apr 22 2019 malbu@suse.com
- Update to Tomcat 9.0.19. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt)
Notable packaging changes:
- File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed.
The classes contained in this jar were merged into
/usr/share/java/tomcat/catalina.jar.
- Fixed CVEs:
- CVE-2019-0199 (bsc#1131055)
- Rebased patch:
- tomcat-9.0-JDTCompiler-java.patch
- tomcat-9.0-javadoc.patch
* Mon Apr 15 2019 fstrba@suse.com
- Build classpath directly with the geronimo jars instead of with
symlinks to them
* Tue Feb 19 2019 malbu@suse.com
- Don't overwrite changes made to server.xml contexts when updating
bundled webapps.
* Mon Feb 18 2019 malbu@suse.com
- Set javac target to 1.8 when building docs samples and serverxmltool
* Tue Feb 05 2019 malbu@suse.com
- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps
(bsc#1092341). Affected packages:
- tomcat-webapps
- tomcat-admin-webapps
- tomcat-docs-webapp
- Remove %doc directive from tomcat-docs-webapps files section so that
zypper installs files even if rpm.install.excludedocs is set to yes.
* Mon Feb 04 2019 malbu@suse.com
- Require Java 1.8 or later (bsc#1123407)
* Sat Jan 26 2019 fstrba@suse.com
- Clean up OSGi manifest injection
- Put embed maven metadata into embed subpackage
- Use the .mfiles* lists generated by %%add_maven_depmap macro
* Wed Jan 16 2019 malbu@suse.com
- Fix tomcat-tool-wrapper classpath error (bsc#1120745)
* Fri Jan 11 2019 malbu@suse.com
- Fix tomcat-digest classpath error (bsc#1120745)
* Sat Dec 29 2018 ecsos@opensuse.org
- Update to Tomcat 9.0.14. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)
* Wed Dec 05 2018 fstrba@suse.com
- Add pom files for tomcat-jdbc and tomcat-dbcp
- Add org.eclipse.jetty.orbit* aliases to correspondant artifacts
* Fri Nov 09 2018 sean@suspend.net
- Update to Tomcat 9.0.13. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)
* Thu Oct 18 2018 malbu@suse.com
- Update to Tomcat 9.0.12. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)
- Fixed CVEs:
- CVE-2018-11784 (bsc#1110850)
- Rebased patches:
- tomcat-9.0-disable-osgi-build.patch
- tomcat-9.0-javadoc.patch
- tomcat-9.0-sle.catalina.policy.patch
- tomcat-9.0-tomcat-users-webapp.patch
* Tue Sep 11 2018 ecsos@opensuse.org
- Declare following files to config(noreplace) to prevent override
access rights:
- host-manager/META-INF/context.xml
- manager/META-INF/context.xml
* Sun Aug 26 2018 malbu@suse.com
- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's
configuration during update (bsc#1067720)
* Thu Aug 16 2018 malbu@suse.com
- Update to Tomcat 9.0.10. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)
- Fixed CVEs:
- CVE-2018-1336 (bsc#1102400)
- CVE-2018-8014 (bsc#1093697)
- CVE-2018-8034 (bsc#1102379)
- CVE-2018-8037 (bsc#1102410)
- Rebased patch tomcat-9.0-JDTCompiler-java.patch
- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding
OSGi metadata to JAR files
* Fri Feb 16 2018 malbu@suse.de
- Update to Tomcat 9.0.5. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)
* Wed Jan 17 2018 fstrba@suse.com
- Modified patch:
* tomcat-9.0-javadoc.patch
+ Don't append to javadoc --add-modules since we are building
with source=8
+ Avoid accessing Internet URLs from build environment
* Fri Dec 01 2017 malbu@suse.com
- Update to Tomcat 9.0.2:
* Major update for tomcat8 from tomcat9
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
* Rename all tomcat-8.0-* files to tomcat-9.0-*
- Changed patches:
* Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-8.0-sle.catalina.policy.patch
* Deleted: tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-8.0.33-JDTCompiler-java.patch
* Deleted: tomcat-8.0.44-javadoc.patch
* Deleted: tomcat-8.0.9-property-build.windows.patch
* Added: tomcat-9.0-JDTCompiler-java.patch
* Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch
* Added: tomcat-9.0-javadoc.patch
* Added: tomcat-9.0-sle.catalina.policy.patch
* Added: tomcat-9.0-tomcat-users-webapp.patch
- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api
to reflect the new Servlet API version.
- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf
- Added "tomcat-" prefix to lib symlinks under
/usr/share/java to avoid file conflicts with servletapi5
and geronimo-specs
- Fixed wrong %ghost file paths for alternatives symlinks
* Thu Nov 23 2017 rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
* Mon Oct 23 2017 malbu@suse.com
- Build with JDK 8 to fix runtime errors when running with JDK 7
and 8
- Fix tomcat-digest classpath error (bsc#977410)
- Fix packaged /etc/alternatives symlinks for api libs that caused
rpm -V to report link mismatch (bsc#1019016)
* Mon Oct 23 2017 ecsos@opensuse.org
- update to 8.0.47
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-12617
- rebase tomcat-8.0-sle.catalina.policy.patch
* Tue Sep 19 2017 fstrba@suse.com
- Added patch:
* tomcat-8.0.44-javadoc.patch
- generate documentation with the same source level as class
files
- fixes build with jdk9
* Fri Jun 09 2017 ecsos@opensuse.org
- Version update to 8.0.44:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-5664 (bsc#1042910)
* Fri May 19 2017 dziolkowski@suse.com
- New build dependency: javapackages-local
* Tue May 09 2017 malbu@suse.com
- Version update to 8.0.43:
* Another bugfix release, for full details see:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVEs:
- CVE-2017-5647 (bnc#1033448)
- CVE-2017-5648 (bnc#1033447)
- CVE-2016-8745
- Renamed and rebased patches:
* tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch
- Enable optional setenv.sh script. See section
"(3.4) Using the "setenv" script (optional, recommended)" in
http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt
(bnc#1002662)
- Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412).
Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api,
tomcat-servlet-3_0-api
* Wed Dec 21 2016 astieger@suse.com
- update to 8.0.39: (boo#1003911)
* Improve handling of I/O errors with async processing
* Fail earlier on invalid HTTP request
- includes changes from 8.0.38:
* Refactoring the non-container thread Async complete()/dispatch()
handling to remove the possibility of deadlock
* Improved UTF-8 handling for the RewriteValve
- includes changes from 8.0.37:
* Treat paths used to obtain a request dispatcher as encoded
(configurable)
* Various jdbc-pool fixes
- drop tomcat-8.0.36-jar-scanner-loop.patch, upstream
* Thu Sep 29 2016 tchvatal@suse.com
- Switch to commons-dbcp2 fate#321029
* Fri Sep 02 2016 malbu@suse.com
- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862)
Added: tomcat-8.0.36-jar-scanner-loop.patch
* Wed Jul 06 2016 malbu@suse.com
- Version update to 8.0.36:
* Another bugfix release for the 8.0 series. Full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)
- CVE fixed by the version update:
- CVE-2016-3092 (bnc#986359)
- Fixed a deployment error in the examples webapp by changing the context.xml format to the new one
introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources
* Mon May 02 2016 dmacvicar@suse.de
- fix maven fragments paths to build in multiple distribution
versions
* Thu Apr 21 2016 jcnengel@gmail.com
- Version update to 8.0.33:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt)
- Rebase tomcat-8.0-tomcat-users-webapp.patch
- Rebase tomcat-7.0.53-JDTCompiler-java.patch
to tomcat-8.0.33-JDTCompiler-java.patch
* Thu Apr 07 2016 tchvatal@suse.com
- Fix fixme for the prereq preamble value
- It seems systemd prints error on adding the @ services to macros
so do not do that
* Thu Mar 31 2016 dmacvicar@suse.de
- package was partly merged with the scripts used in the
Fedora distribution
- support running multiple tomcat instances on the same server
(fate#317783)
- add catalina-jmx-remote.jar (fate#318403)
- remove sysvinit support: systemd is required
* Mon Feb 29 2016 dmacvicar@suse.de
- update changes file for CVE information
- Fixed CVEs:
- CVE-2015-5346 (bnc#967814) in 8.0.32
- CVE-2015-5351 (bnc#967812) in 8.0.32
- CVE-2016-0706 (bnc#967815) in 8.0.32
- CVE-2016-0714 (bnc#967964) in 8.0.32
- CVE-2016-0763 (bnc#967966) in 8.0.32
- CVE-2015-5345 (bnc#967965) in 8.0.30
- CVE-2015-5174 (bnc#967967) in 8.0.27
* Wed Feb 17 2016 tchvatal@suse.com
- Version update to 8.0.32:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt)
- Rebase patch:
* tomcat-8.0.9-property-build.windows.patch
* Tue Nov 10 2015 dmacvicar@suse.de
- update to Tomcat 8.0.28
* Multiple fixes, read upstream changelog at:
https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)
* Mon Jun 01 2015 tchvatal@suse.com
- Some whitespace cleanups
* Mon Jun 01 2015 tchvatal@suse.com
- Remove pointless conflicts on provide/obsolete symbols
* Mon Jun 01 2015 tchvatal@suse.com
- Version bump to 8.0.23 fate#318913:
* Multiple testfixes all around, read upstream changelog at:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)
* Tue Mar 24 2015 tchvatal@suse.com
- Fix previous commit. Fix one rpmlint warning
* Wed Mar 18 2015 tchvatal@suse.com
- Drop gpg verification from spec, it is done by obs
* Wed Mar 18 2015 tchvatal@suse.com
- Fix build with new jpackage-tools
* Tue Feb 10 2015 wittemar@googlemail.com
- update to Tomcat 8.0.18:
* Major update for tomcat8 from tomcat7
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Rename all tomcat-7.0-* files to tomcat-8.0-*
* Update keyring file
- Update windows patch to apply again:
* Deleted: tomcat-7.0.52-property-build.windows.patch
* Added: tomcat-8.0.9-property-build.windows.patch
* Added:tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-7.0-tomcat-users-webapp.patch
* Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch
* Tue Feb 03 2015 bmaryniuk@suse.com
- Version 1.1.30 or higher is required for APR listener (bnc#914725)
/etc/logrotate.d/tomcat /etc/tomcat /etc/tomcat/Catalina /etc/tomcat/catalina.policy /etc/tomcat/catalina.properties /etc/tomcat/conf.d /etc/tomcat/conf.d/README /etc/tomcat/context.xml /etc/tomcat/jaspic-providers.xml /etc/tomcat/log4j.properties /etc/tomcat/logging.properties /etc/tomcat/server.xml /etc/tomcat/tomcat-users.xml /etc/tomcat/tomcat.conf /etc/tomcat/web.xml /srv/tomcat /srv/tomcat/webapps /usr/bin/tomcat-digest /usr/bin/tomcat-tool-wrapper /usr/lib/systemd/system/tomcat.service /usr/lib/systemd/system/tomcat@.service /usr/lib/tomcat /usr/lib/tomcat/functions /usr/lib/tomcat/preamble /usr/lib/tomcat/server /usr/lib/tomcat/serverxml-tool.sh /usr/lib/tomcat/serverxmltool.jar /usr/sbin/rctomcat /usr/sbin/tomcat /usr/share/doc/packages/tomcat /usr/share/doc/packages/tomcat/LICENSE /usr/share/doc/packages/tomcat/NOTICE /usr/share/doc/packages/tomcat/RELEASE-NOTES /usr/share/fillup-templates/sysconfig.tomcat /usr/share/tomcat /usr/share/tomcat/bin/bootstrap.jar /usr/share/tomcat/bin/catalina-tasks.xml /usr/share/tomcat/bin/catalina.sh /usr/share/tomcat/conf /usr/share/tomcat/lib /usr/share/tomcat/logs /usr/share/tomcat/temp /usr/share/tomcat/tomcat-webapps /usr/share/tomcat/webapps /usr/share/tomcat/work /var/cache/tomcat /var/cache/tomcat/Catalina /var/cache/tomcat/temp /var/cache/tomcat/work /var/lib/tomcats /var/log/tomcat /var/log/tomcat/catalina.out
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 13:49:26 2024