Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: tomcat-embed | Distribution: SUSE Linux Enterprise 15 |
Version: 9.0.36 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: 150200.22.1 | Build date: Tue Apr 12 15:19:13 2022 |
Group: Productivity/Networking/Web/Servers | Build host: sheep18 |
Size: 4516086 | Source RPM: tomcat-9.0.36-150200.22.1.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://tomcat.apache.org | |
Summary: Libraries for Embedding Apache Tomcat |
Embeddeding support (various libraries) for Apache Tomcat.
Apache-2.0
* Thu Apr 07 2022 michele.bussolotto@suse.com - Security hardening. Deprecate getResources() and always return null. (bsc#1198136) - Added patch: tomcat-9.0-hardening_getResources.patch * Wed Feb 23 2022 michele.bussolotto@suse.com - Remove log4j (bsc#1196137) * Wed Feb 23 2022 michele.bussolotto@suse.com - Fixed CVEs: * CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) - Added patches: * tomcat-9.0-CVE-2022-23181.patch * Fri Dec 10 2021 michele.bussolotto@suse.com - Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) - Added patch: * tomcat-9.0-NPE-JNDIRealm.patch * Fri Oct 29 2021 michele.bussolotto@suse.com - Fixed CVEs: * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279) * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278) - Added patches: * tomcat-9.0-CVE-2021-30640.patch * tomcat-9.0-CVE-2021-33037.patch * Wed Oct 27 2021 michele.bussolotto@suse.com - Fixed CVEs: * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558) - Added patches: * tomcat-9.0-CVE-2021-41079.patch * Wed Mar 17 2021 amehmood@suse.com - Fixed CVEs: * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) - Added patches: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch * Tue Feb 09 2021 amehmood@suse.com - Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947) - Added patch: * tomcat-9.0-CVE-2021-24122.patch * Tue Dec 15 2020 amehmood@suse.com - Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602) - Added patch: * tomcat-9.0-CVE-2020-17527.patch * Wed Nov 04 2020 malbu@suse.com - Fix typo in tomcat-webapps %postun that caused /examples context to remain in server.xml when package was removed - Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They're not used anymore becuse of systemd (bsc#1178396) * Tue Oct 13 2020 malbu@suse.com - Fix CVE-2020-13943 (bsc#1177582) - Added patch: * tomcat-9.0-CVE-2020-13943.patch * Thu Jul 23 2020 malbu@suse.com - Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. (bsc#1092163) - Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562) - Change tomcat.pid location from /var/run to /run (bsc#1173103) - Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly * Fri Jul 17 2020 malbu@suse.com - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) - Added patches: * tomcat-9.0-CVE-2020-13934.patch * tomcat-9.0-CVE-2020-13935.patch - Rebased patches: * tomcat-9.0.31-java8compat.patch * Fri Jun 26 2020 fstrba@suse.com - Update to Tomcat 9.0.36. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt) - Fixed CVEs: CVE-2020-11996 (bsc#1173389) * Tue May 26 2020 malbu@suse.com - Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) - Fixed CVEs: - CVE-2020-9484 (bsc#1171928) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch * Fri Apr 10 2020 javier@opensuse.org - Update to Tomcat 9.0.34. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt) - Notable changes: * Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann. * When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230. * Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences. * Mon Mar 30 2020 malbu@suse.com - Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt) - Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch * Fri Feb 28 2020 malbu@suse.com - Change default value of AJP connector secretRequired to false - Added patch: * tomcat-9.0.31-secretRequired-default.patch * Tue Feb 25 2020 fstrba@suse.com - Update to Tomcat 9.0.31. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: * CVE-2019-17569 (bsc#1164825) * CVE-2020-1935 (bsc#1164860) * CVE-2020-1938 (bsc#1164692) - Modified patch * tomcat-9.0.30-java8compat.patch - > tomcat-9.0.31-java8compat.patch + Adapt to changed context * Wed Jan 29 2020 malbu@suse.com - Modified patch: * tomcat-9.0.30-java8compat.patch + add missing casts (bsc#1162081) * Mon Jan 20 2020 fstrba@suse.com - Change back the build to build with any Java >= 1.8 - Added patch: * tomcat-9.0.30-java8compat.patch + Cast java.nio.ByteBuffer and java.nio.CharBuffer to java.nio.Buffer in order to avoid calling Java 9+ APIs (functions with co-variant return types) - Renamed patch: * tomcat-9.0-disable-osgi-build.patch - > tomcat-9.0-osgi-build.patch + Do not disable, but fix OSGi build since we have now aqute-bnd * Fri Jan 17 2020 malbu@suse.com - Change build to always use Java 1.8 (bsc#1161025). * Fri Dec 27 2019 malbu@suse.com - Update to Tomcat 9.0.30. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: - CVE-2019-0221 (bsc#1136085) - CVE-2019-10072 (bsc#1139924) - CVE-2019-12418 (bsc#1159723) - CVE-2019-17563 (bsc#1159729) - Removed patch: * tomcat-9.0-JDTCompiler-java.patch + It was not applied * Mon Nov 18 2019 fstrba@suse.com - Update to Tomcat 9.0.27. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt) - Uset aqute-bnd to generate OSGi manifest, since we have that package now in openSUSE:Factory - Removed patch: * tomcat-9.0-disable-osgi-build.patch + not needed * Fri Nov 15 2019 fstrba@suse.com - Add maven pom files for tomcat-jni and tomcat-jaspic-api * Fri Oct 04 2019 fstrba@suse.com - Distribute the pom file also for tomcat-util-scan artifact * Tue Oct 01 2019 fstrba@suse.com - Build against compatibility log4j12 package * Wed Sep 25 2019 fstrba@suse.com - Adapt to the new ecj directory layout * Wed Jun 12 2019 dimstar@opensuse.org - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini * Mon May 20 2019 malbu@suse.com - Update to Tomcat 9.0.20. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt) - increase maximum number of threads and open files for tomcat (bsc#1111966) * Mon Apr 22 2019 malbu@suse.com - Update to Tomcat 9.0.19. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) Notable packaging changes: - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. The classes contained in this jar were merged into /usr/share/java/tomcat/catalina.jar. - Fixed CVEs: - CVE-2019-0199 (bsc#1131055) - Rebased patch: - tomcat-9.0-JDTCompiler-java.patch - tomcat-9.0-javadoc.patch * Mon Apr 15 2019 fstrba@suse.com - Build classpath directly with the geronimo jars instead of with symlinks to them * Tue Feb 19 2019 malbu@suse.com - Don't overwrite changes made to server.xml contexts when updating bundled webapps. * Mon Feb 18 2019 malbu@suse.com - Set javac target to 1.8 when building docs samples and serverxmltool * Tue Feb 05 2019 malbu@suse.com - Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps (bsc#1092341). Affected packages: - tomcat-webapps - tomcat-admin-webapps - tomcat-docs-webapp - Remove %doc directive from tomcat-docs-webapps files section so that zypper installs files even if rpm.install.excludedocs is set to yes. * Mon Feb 04 2019 malbu@suse.com - Require Java 1.8 or later (bsc#1123407) * Sat Jan 26 2019 fstrba@suse.com - Clean up OSGi manifest injection - Put embed maven metadata into embed subpackage - Use the .mfiles* lists generated by %%add_maven_depmap macro * Wed Jan 16 2019 malbu@suse.com - Fix tomcat-tool-wrapper classpath error (bsc#1120745) * Fri Jan 11 2019 malbu@suse.com - Fix tomcat-digest classpath error (bsc#1120745) * Sat Dec 29 2018 ecsos@opensuse.org - Update to Tomcat 9.0.14. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt) * Wed Dec 05 2018 fstrba@suse.com - Add pom files for tomcat-jdbc and tomcat-dbcp - Add org.eclipse.jetty.orbit* aliases to correspondant artifacts * Fri Nov 09 2018 sean@suspend.net - Update to Tomcat 9.0.13. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt) * Thu Oct 18 2018 malbu@suse.com - Update to Tomcat 9.0.12. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt) - Fixed CVEs: - CVE-2018-11784 (bsc#1110850) - Rebased patches: - tomcat-9.0-disable-osgi-build.patch - tomcat-9.0-javadoc.patch - tomcat-9.0-sle.catalina.policy.patch - tomcat-9.0-tomcat-users-webapp.patch * Tue Sep 11 2018 ecsos@opensuse.org - Declare following files to config(noreplace) to prevent override access rights: - host-manager/META-INF/context.xml - manager/META-INF/context.xml * Sun Aug 26 2018 malbu@suse.com - Empty tomcat-9.0.sysconfig to avoid overwriting of customer's configuration during update (bsc#1067720) * Thu Aug 16 2018 malbu@suse.com - Update to Tomcat 9.0.10. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) - Fixed CVEs: - CVE-2018-1336 (bsc#1102400) - CVE-2018-8014 (bsc#1093697) - CVE-2018-8034 (bsc#1102379) - CVE-2018-8037 (bsc#1102410) - Rebased patch tomcat-9.0-JDTCompiler-java.patch - Added patch tomcat-9.0-disable-osgi-build.patch to disable adding OSGi metadata to JAR files * Fri Feb 16 2018 malbu@suse.de - Update to Tomcat 9.0.5. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt) * Wed Jan 17 2018 fstrba@suse.com - Modified patch: * tomcat-9.0-javadoc.patch + Don't append to javadoc --add-modules since we are building with source=8 + Avoid accessing Internet URLs from build environment * Fri Dec 01 2017 malbu@suse.com - Update to Tomcat 9.0.2: * Major update for tomcat8 from tomcat9 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html * Rename all tomcat-8.0-* files to tomcat-9.0-* - Changed patches: * Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-8.0-sle.catalina.policy.patch * Deleted: tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-8.0.33-JDTCompiler-java.patch * Deleted: tomcat-8.0.44-javadoc.patch * Deleted: tomcat-8.0.9-property-build.windows.patch * Added: tomcat-9.0-JDTCompiler-java.patch * Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch * Added: tomcat-9.0-javadoc.patch * Added: tomcat-9.0-sle.catalina.policy.patch * Added: tomcat-9.0-tomcat-users-webapp.patch - Renamed subpackage tomcat-3_1-api to tomcat-4_0-api to reflect the new Servlet API version. - Commented out JAVA_HOME in /etc/tomcat/tomcat.conf - Added "tomcat-" prefix to lib symlinks under /usr/share/java to avoid file conflicts with servletapi5 and geronimo-specs - Fixed wrong %ghost file paths for alternatives symlinks * Thu Nov 23 2017 rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Mon Oct 23 2017 malbu@suse.com - Build with JDK 8 to fix runtime errors when running with JDK 7 and 8 - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) * Mon Oct 23 2017 ecsos@opensuse.org - update to 8.0.47 http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-12617 - rebase tomcat-8.0-sle.catalina.policy.patch * Tue Sep 19 2017 fstrba@suse.com - Added patch: * tomcat-8.0.44-javadoc.patch - generate documentation with the same source level as class files - fixes build with jdk9 * Fri Jun 09 2017 ecsos@opensuse.org - Version update to 8.0.44: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-5664 (bsc#1042910) * Fri May 19 2017 dziolkowski@suse.com - New build dependency: javapackages-local * Tue May 09 2017 malbu@suse.com - Version update to 8.0.43: * Another bugfix release, for full details see: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVEs: - CVE-2017-5647 (bnc#1033448) - CVE-2017-5648 (bnc#1033447) - CVE-2016-8745 - Renamed and rebased patches: * tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch - Enable optional setenv.sh script. See section "(3.4) Using the "setenv" script (optional, recommended)" in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt (bnc#1002662) - Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412). Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api, tomcat-servlet-3_0-api * Wed Dec 21 2016 astieger@suse.com - update to 8.0.39: (boo#1003911) * Improve handling of I/O errors with async processing * Fail earlier on invalid HTTP request - includes changes from 8.0.38: * Refactoring the non-container thread Async complete()/dispatch() handling to remove the possibility of deadlock * Improved UTF-8 handling for the RewriteValve - includes changes from 8.0.37: * Treat paths used to obtain a request dispatcher as encoded (configurable) * Various jdbc-pool fixes - drop tomcat-8.0.36-jar-scanner-loop.patch, upstream * Thu Sep 29 2016 tchvatal@suse.com - Switch to commons-dbcp2 fate#321029 * Fri Sep 02 2016 malbu@suse.com - Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862) Added: tomcat-8.0.36-jar-scanner-loop.patch * Wed Jul 06 2016 malbu@suse.com - Version update to 8.0.36: * Another bugfix release for the 8.0 series. Full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt) - CVE fixed by the version update: - CVE-2016-3092 (bnc#986359) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources * Mon May 02 2016 dmacvicar@suse.de - fix maven fragments paths to build in multiple distribution versions * Thu Apr 21 2016 jcnengel@gmail.com - Version update to 8.0.33: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt) - Rebase tomcat-8.0-tomcat-users-webapp.patch - Rebase tomcat-7.0.53-JDTCompiler-java.patch to tomcat-8.0.33-JDTCompiler-java.patch * Thu Apr 07 2016 tchvatal@suse.com - Fix fixme for the prereq preamble value - It seems systemd prints error on adding the @ services to macros so do not do that * Thu Mar 31 2016 dmacvicar@suse.de - package was partly merged with the scripts used in the Fedora distribution - support running multiple tomcat instances on the same server (fate#317783) - add catalina-jmx-remote.jar (fate#318403) - remove sysvinit support: systemd is required * Mon Feb 29 2016 dmacvicar@suse.de - update changes file for CVE information - Fixed CVEs: - CVE-2015-5346 (bnc#967814) in 8.0.32 - CVE-2015-5351 (bnc#967812) in 8.0.32 - CVE-2016-0706 (bnc#967815) in 8.0.32 - CVE-2016-0714 (bnc#967964) in 8.0.32 - CVE-2016-0763 (bnc#967966) in 8.0.32 - CVE-2015-5345 (bnc#967965) in 8.0.30 - CVE-2015-5174 (bnc#967967) in 8.0.27 * Wed Feb 17 2016 tchvatal@suse.com - Version update to 8.0.32: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt) - Rebase patch: * tomcat-8.0.9-property-build.windows.patch * Tue Nov 10 2015 dmacvicar@suse.de - update to Tomcat 8.0.28 * Multiple fixes, read upstream changelog at: https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt) * Mon Jun 01 2015 tchvatal@suse.com - Some whitespace cleanups * Mon Jun 01 2015 tchvatal@suse.com - Remove pointless conflicts on provide/obsolete symbols * Mon Jun 01 2015 tchvatal@suse.com - Version bump to 8.0.23 fate#318913: * Multiple testfixes all around, read upstream changelog at: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt) * Tue Mar 24 2015 tchvatal@suse.com - Fix previous commit. Fix one rpmlint warning * Wed Mar 18 2015 tchvatal@suse.com - Drop gpg verification from spec, it is done by obs * Wed Mar 18 2015 tchvatal@suse.com - Fix build with new jpackage-tools * Tue Feb 10 2015 wittemar@googlemail.com - update to Tomcat 8.0.18: * Major update for tomcat8 from tomcat7 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Rename all tomcat-7.0-* files to tomcat-8.0-* * Update keyring file - Update windows patch to apply again: * Deleted: tomcat-7.0.52-property-build.windows.patch * Added: tomcat-8.0.9-property-build.windows.patch * Added:tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-7.0-tomcat-users-webapp.patch * Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch * Tue Feb 03 2015 bmaryniuk@suse.com - Version 1.1.30 or higher is required for APR listener (bnc#914725)
/usr/share/java/tomcat /usr/share/java/tomcat/tomcat-embed-core.jar /usr/share/java/tomcat/tomcat-embed-el.jar /usr/share/java/tomcat/tomcat-embed-jasper.jar /usr/share/java/tomcat/tomcat-embed-websocket.jar /usr/share/maven-metadata/tomcat-embed.xml /usr/share/maven-poms/JPP.tomcat-tomcat-embed-core.pom /usr/share/maven-poms/JPP.tomcat-tomcat-embed-el.pom /usr/share/maven-poms/JPP.tomcat-tomcat-embed-jasper.pom /usr/share/maven-poms/JPP.tomcat-tomcat-embed-websocket.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 15:53:55 2024