File tomcat6.changes of Package tomcat6
-------------------------------------------------------------------
Thu Jul 15 13:12:00 UTC 2010 - mvyskocil@suse.cz
- fix bnc#599554: VUL-1: tomcat information disclosure (CVE-2010-1157)
* http://svn.apache.org/viewvc?view=revision&revision=936540
- fix bnc#622188: VUL-0: tomcat: remote DoS / information disclosure
(CVE-2010-2227)
* http://svn.apache.org/viewvc?view=revision&revision=958977
- link dtomcat6 to CATALINA_HOME/bin/catalina.sh
-------------------------------------------------------------------
Thu Feb 4 10:24:52 UTC 2010 - mvyskocil@suse.cz
- fixed bnc#575083 - VUL-0: tomcat directoy traversal bugs
CVE-2009-2693, CVE-2009-2901, CVE-2009-2902
* http://svn.apache.org/viewvc?view=revision&revision=892815
-------------------------------------------------------------------
Wed Jun 10 13:58:44 CEST 2009 - mvyskocil@suse.cz
- fixed bnc#509839:
CVE-2009-0781
* http://svn.apache.org/viewvc?view=rev&revision=750924
CVE-2009-0783
* http://svn.apache.org/viewvc?view=rev&revision=739522
CVE-2008-5515
* http://svn.apache.org/viewvc?view=rev&revision=739532
-------------------------------------------------------------------
Mon Jun 8 15:10:26 CEST 2009 - mvyskocil@suse.cz
- fixed bnc#509839: CVE-2009-0580
* http://svn.apache.org/viewvc?view=rev&revision=747840
- fixed bnc#509840: CVE-2009-0033
* http://svn.apache.org/viewvc?view=rev&revision=781362
- fixed bnc#485933: cumulative fix for tomcat6:
* bnc#418664 - added /etc/ant.d/catalina-ant
* bnc#424675 - link $CATALINA_BASE/conf/Catalina ->
/var/cache/tomcat6/Catalina/
* bnc#433852 - rctomcat symlink
* bnc#446598 - dtomcat6 reads the tomcat6.conf again, better comment in
config file
-------------------------------------------------------------------
Mon Feb 9 16:57:38 CET 2009 - mvyskocil@suse.cz
- Fixed bnc#471639 - tomcat does not start/work
- fill up a default JVM in sysconfig
-------------------------------------------------------------------
Mon Nov 24 14:05:10 CET 2008 - mvyskocil@suse.cz
- Fixed bnc#446598 - Tomcat6: tomcat6.conf overwrites sysconfig/tomcat6 values
-------------------------------------------------------------------
Fri Sep 12 09:28:26 CEST 2008 - mvyskocil@suse.cz
- Update to 6.0.18. This obsoletes patches:
apache-tomcat-CVE-2008-1232
apache-tomcat-CVE-2008-1947
apache-tomcat-CVE-2008-2370
apache-tomcat-CVE-2008-2938
-------------------------------------------------------------------
Tue Aug 19 13:16:48 CEST 2008 - mvyskocil@suse.cz
- fix CVE-2008-2938: VUL-0: tomcat5: directory traversal
-------------------------------------------------------------------
Wed Aug 6 11:11:58 CEST 2008 - mvyskocil@suse.cz
- fix CVE-2008-1232 and CVE-2008-2370: VUL-0: Apache Tomcat Cross-Site
Scripting and Security Bypass [bnc#414657]
-------------------------------------------------------------------
Mon Jul 21 15:45:27 CEST 2008 - mvyskocil@suse.cz
- fixed [bnc#394503]: tomcat6 is missing rctomcat6 link
- add a /usr/sbin/rctomcat6 symlink
- and heavy rewrite and improve of original jpackage tomcat6 init script
- add Should-Start and Should-Stop section and values for Default-Start and
Default-Stop
- removed the echo_success and echo_failure functions and usage
- include a /etc/rc.status and use a rc_XXXXX functions instead of echo and
return. Plus add a comments with error codes explanations
- merge the start/stop/status messages from previous version
- use `ps' command instead of pgrep
- changes in commands: added a try-restart|force-reload|reload|probe and
removed the version|conrestart
- fixed [bnc#394499]: add a PreReq to jpackage-utils
- fixed [bnc#408253]: tomcat6 fails because if missing commons-xxxx jars
- add a removed dependencies to the jakarta-commons-*-tomcat5 packages
- fixed a proper link creation in post/n scripts
- fixed a build cycle, jakarta-commons-dbcp-tomcat5 needs the tomcat6-lib for
build, but the tomcat6-lib has this package in Requires(post). The
%post scripplet is non-fatal if the jars cannot be found (but this would
not happens in a production state).
-------------------------------------------------------------------
Fri Jun 27 14:47:03 CEST 2008 - mvyskocil@suse.cz
- fixed [bnc#396962]: VUL-0: tomcat5: [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
- fixed [bnc#403310]: Tomcat startup script uses wrong java.io.tmpdir
- the temp directory is in /var/cache/tomcat6/temp
-------------------------------------------------------------------
Tue May 6 10:12:07 CEST 2008 - mvyskocil@suse.cz
- fixed a [bnc#383331] - Tomcat cannot compile JSPs
- add a ecj requires for tomcat6-lib
- create a symlink of ecj.jar to tomcat6 libdir
- add a jakarta-taglibs-standard to BuildRequires
- use a fdupes to avoid a file duplication waste in /srv
- replace a %{_jvmdir}/jre to /etc/alternatives/jre in JAVAHOME in default
tomcat6.conf (this path is architecture independent)
- add a %stop_on_removal to %preun, %restart_on_update and %insserv_cleanup to
%postun to fix some rpmlint warnings
- add a $remote_fs dependency to init script
-------------------------------------------------------------------
Wed Feb 27 10:53:38 CET 2008 - mvyskocil@suse.cz
- update to 6.0.16
-------------------------------------------------------------------
Fri Jan 25 18:26:09 CET 2008 - coolo@suse.de
- don't require the old package names
-------------------------------------------------------------------
Fri Jan 25 15:42:30 CET 2008 - ro@suse.de
- don't use dots in package names
-------------------------------------------------------------------
Tue Jan 22 12:22:00 CET 2008 - anosek@suse.cz
- don't use macros in package names (the %package lines)
which does not work with autobuild.
-------------------------------------------------------------------
Thu Dec 20 08:36:29 CET 2007 - anosek@suse.cz
- don't use static uid/gid for tomcat user and tomcat group
-------------------------------------------------------------------
Tue Dec 4 10:00:49 CET 2007 - anosek@suse.cz
- initial version of tomcat6 package
- based on work by jpackage project
