������tomcat-servlet-4_0-api-9.0.82-150200.46.1���������������������������������������������������������<���>�������,��������������������������������������������������������e,9p9|��h�^�ik&y̼j�h-ux.^1<~ziz{46Ӫ�T�sCRq?L2k,s
yB*]keH_�;��f_νP~s�AUAs(G�e�X̣az+Ei'm6�A䟍�*sw߁4[v|^�C�|�'Imp ĥ��*m��#*iF٢X,f�,�+Lݘ8zU�'
VGqg|.kdƹ���>��������������������E������?�������������d���������������������������������������������������� ���������� ���,���������� ���]������������������������������������������������������������������������������������������������������������ ������������������/��������������I��������������O���������������V���������������/������������������� �����������4��� ��� �������F��� ���
�������X��� �����������|��� �������������� ���
���������� ��������������� �����������1��� �����������^������������������ ��������������
���������� ���
���������� ���
����������
���
���(������
�������8������
���e���9�������`���e���:����������e���>�������������@��������������B��������������F������>�������G������T��� ���H������x��� ���I��������� ���X���������
���Y���������
���Z������ �������[������,�������\������4��� ���]������X��� ���^��������������b�������������c������B�������d�������������e�������������f�������������l�������������u��������� ���v��������������w������8��� ���x������\��� ���y�������������z��������������������������������������������������������������C�tomcat-servlet-4_0-api�9.0.82�150200.46.1�Apache Tomcat Servlet API implementation classes�Apache Tomcat Servlet API implementation classes version 3.1���e,9h04-ch1b������FSUSE Linux Enterprise 15�SUSE LLC �Apache-2.0�https://www.suse.com/�Productivity/Networking/Web/Servers�https://tomcat.apache.org�linux�noarch�update-alternatives --install /usr/share/java/servlet.jar servlet \
/usr/share/java/tomcat-servlet-4.0-api.jar 30000
# Fix for bsc#1092163.
# Keep the /usr/share/java/tomcat-servlet.jar symlink for compatibility.
# In case of update from an older version where /usr/share/java/tomcat-servlet.jar is an alternatives symlink
# the update-alternatives in the new version will cause a rename tomcat-servlet.jar -> servlet.jar.
# This makes sure the tomcat-servlet.jar is recreated if it's missing because of the rename.
if [ ! -f /usr/share/java/tomcat-servlet.jar ]; then
echo "Recreating symlink /usr/share/java/tomcat-servlet.jar"
ln -s /usr/share/java/tomcat-servlet-4.0-api.jar /usr/share/java/tomcat-servlet.jar
fi�if [ $1 -eq 0 ] ; then
if [ ! -f /etc/alternatives/servlet ]; then
# /etc/alternatives/servlet was removed on uninstall.
# Create a broken symlink to make sure update-alternatives works correctly and falls back
# to servletapi5 or servletapi4 if they're installed.
ln -s /usr/share/java/tomcat-servlet-4.0-api.jar /etc/alternatives/servlet
fi
update-alternatives --remove servlet \
/usr/share/java/tomcat-servlet-4.0-api.jar
fi������������Y�������������������� �A큤������������������e,7e,)e,(e,'e,'e,7e&e,(e,'��59a034359a329fd4243286bffe63eb15f6d767a0fef2be203f634f3e196996ba����6f939fc48667e2ddb1ed62e9902ff4e6780b1c4d72543b9175d22609484a88ad�dd39330a0e8372cd8d826a838bb5539fed7b523bcb665bff7eb2a838799dfa0c�74b03fe1ce0e54a9dff187e44239468c071be7a5f43629f6a8b3f495c0d05f59��/etc/alternatives/servlet.jar��tomcat-servlet-4.0-api.jar�tomcat-servlet-4.0-api.jar���������@�������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�tomcat-9.0.82-150200.46.1.src.rpm�����mvn(org.apache.tomcat:tomcat-servlet-api)�mvn(org.apache.tomcat:tomcat-servlet-api:pom:)�mvn(org.mortbay.jetty:servlet-api)�mvn(org.mortbay.jetty:servlet-api:pom:)�osgi(org.apache.tomcat-servlet-api)�servlet�servlet31�servlet7�tomcat-servlet-4.0-api�tomcat-servlet-4_0-api��������������@���@����
���
���
���
��������/bin/sh�/bin/sh�java-headless�javapackages-filesystem�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�update-alternatives�update-alternatives�����3.0.4-1�4.6.0-1�4.0-1�5.2-1���4.14.1���e)1@e�0@e�0@e�;e�Rdld0�d�?@cc@c@c{h@cQ8@bγbbN@b�!b�@aa�aA@a@a{@azamaamaama`X`Q@`OL@`OL@`3__F@_�@___FN_!d^@^�^_^@^Y�^U�@^1s^%@^!^�@]҇]Γ@]4@]?]V]�@\\\r@\k\j@\Yz\X)@\LK\?�\8@\'a\�[v[u[@[@[ug@ZZ_:Z!D@Z�@YYY�Y:Y�@Y�@XZnW�@WiW|W'A@W�W�KV�@V2V`VA@UlI@UlI@UlI@U�QU hU hTTи@fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�olaf@aepfle.de�michele.bussolotto@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�wittemar@googlemail.com�wittemar@googlemail.com�wittemar@googlemail.com�amehmood@suse.com�amehmood@suse.com�wittemar@googlemail.com�wittemar@googlemail.com�wittemar@googlemail.com�amehmood@suse.com�malbu@suse.com�malbu@suse.com�malbu@suse.com�jengelh@inai.de�fstrba@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�javier@opensuse.org�malbu@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�malbu@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�dimstar@opensuse.org�malbu@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�malbu@suse.com�malbu@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�malbu@suse.com�ecsos@opensuse.org�fstrba@suse.com�sean@suspend.net�malbu@suse.com�ecsos@opensuse.org�malbu@suse.com�malbu@suse.com�malbu@suse.de�fstrba@suse.com�malbu@suse.com�rbrown@suse.com�malbu@suse.com�ecsos@opensuse.org�fstrba@suse.com�ecsos@opensuse.org�dziolkowski@suse.com�malbu@suse.com�astieger@suse.com�tchvatal@suse.com�malbu@suse.com�malbu@suse.com�dmacvicar@suse.de�jcnengel@gmail.com�tchvatal@suse.com�dmacvicar@suse.de�dmacvicar@suse.de�tchvatal@suse.com�dmacvicar@suse.de�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�wittemar@googlemail.com�bmaryniuk@suse.com�- Update to Tomcat 9.0.82
* Catalina
+ Add: 65770: Provide a lifecycle listener that will
automatically reload TLS configurations a set time before the
certificate is due to expire. This is intended to be used with
third-party tools that regularly renew TLS certificates.
+ Fix: Fix handling of an error reading a context descriptor on
deployment.
+ Fix: Fix rewrite rule qsd (query string discard) being ignored
if qsa was also use, while it should instead take precedence.
+ Fix: 67472: Send fewer CORS-related headers when CORS is not
actually being engaged.
+ Add: Improve handling of failures within recycle() methods.
* Coyote
+ Fix: 67670: Fix regression with HTTP compression after code
refactoring.
+ Fix: 67198: Ensure that the AJP connector attribute
tomcatAuthorization takes precedence over the
tomcatAuthentication attribute when processing an auth_type
attribute received from a proxy server.
+ Fix: 67235: Fix a NullPointerException when an AsyncListener
handles an error with a dispatch rather than a complete.
+ Fix: When an error occurs during asynchronous processing,
ensure that the error handling process is only triggered once
per asynchronous cycle.
+ Fix: Fix logic issue trying to match no argument method in
IntropectionUtil.
+ Fix: Improve thread safety around readNotify and writeNotify
in the NIO2 endpoint.
+ Fix: Avoid rare thread safety issue accessing message digest
map.
+ Fix: Improve statistics collection for upgraded connections
under load.
+ Fix: Align validation of HTTP trailer fields with standard
fields.
+ Fix: Improvements to HTTP/2 overhead protection (bsc#1216182,
CVE-2023-44487)
* jdbc-pool
+ Fix: 67664: Correct a regression in the clean-up of
unnecessary use of fully qualified class names in 9.0.81
that broke the jdbc-pool.
* Jasper
+ Fix: 67080: Improve performance of EL expressions in JSPs that
use implicit objects�- Update to Tomcat 9.0.80
* Catalina
+ Add RateLimitFilter which can be used to mitigate DoS and
Brute Force attacks
+ Move the management of the utility executor from the
init()/destroy() methods of components to the start()/stop()
methods.
+ Add org.apache.catalina.core.StandardVirtualThreadExecutor,
a virtual thread based executor that may be used with one or
more Connectors to process requests received by those
Connectors using virtual threads. This Executor requires a
minimum Java version of Java 21.
+ 66513: Add a per session Semaphore to the PersistentValve that
ensures that, within a single Tomcat instance, there is no
more than one concurrent request per session. Also expand the
debug logging to include whether a request bypasses the Valve
and the reason if a request fails to obtain the per session
Semaphore.
+ 66609: Ensure that the default servlet correctly escapes file
names in directory listings when using XML output.
+ 66618: Add a numeric last modified field to the XML directory
listings produced by the default servlet to enable sorting in
the XSLT.
+ 66621: Attempts to lock a collection with WebDAV may
incorrectly fail if a child collection has an expired lock.
+ 66622: Deprecate the xssProtectionEnabled setting from the
HttpHeaderSecurityFilter and change the default value to false
as support for the associated HTTP header has been removed
from all major browsers.
+ 59232: Add org.apache.catalina.core.ContextNamingInfoListener,
a listener which creates context naming information
environment entries.
+ 66665: Add
org.apache.catalina.core.PropertiesRoleMappingListener, a
listener which populates the context's role mapping from a
properties file.
+ Fix an edge case where intra-web application symlinks would be
followed if the web applications were deliberately crafted to
allow it even when allowLinking was set to false.
+ Add utility config file resource lookup on Context to allow
looking up resources from the webapp (prefixed with webapp:)
and make the resource lookup API more visible.
+ Fix potential database connection leaks in
DataSourceUserDatabase identified by Coverity Scan.
+ Make parsing of ExtendedAccessLogValve patterns more robust.
+ Fix failure trying to persist configuration for an internal
credential handler.
+ 66680: When serializing a session during the session
presistence process, do not log a warning that null Principals
are not serializable.
+ Catch NamingException in JNDIRealm#getPrincipal. It is used in
Java up to 17 to signal closed connections.
+ 66822: Use the same naming format in log messages for
Connector instances as the associated ProtocolHandler instance.
+ The parts count should also lower the actual maxParameterCount
used for parsing parameters if parts are parsed first.
+ If an application or library sets both a non-500 error code
and the javax.servlet.error.exception request attribute, use
the provided error code during error page processing rather
than assuming an error code of 500.
+ Update code comments and Tomcat output to use MiB for
1024 * 1024 bytes and KiB for 1024 bytes rather than
MB and kB.
+ Avoid protocol relative redirects in FORM authentication
(CVE-2023-41080, bsc#1214666).
* Coyote
+ Update the HTTP/2 implementation to use the prioritization
scheme defined in RFC 9218 rather than the one defined in
RFC 7540.
+ 66602: not sending WINDOW_UPDATE when dataLength is ZERO on
call SwallowedDataFramePayload.
+ 66627: Restore the documented behaviour of
MessageBytes.getType() that it returns the type of the
original content rather than reflecting the most recent
conversion.
+ 66635: Correct certificate logging on start-up so it
differentiates between keystore based keys/certificates and
PEM file based keys/certificates and logs the relevant
information for each.
+ Refactor blocking reads and writes for the NIO connector to
remove code paths that could allow a notification from the
Poller to be missed resuting in a timeout rather than the
expected read or write.
+ Refactor waiting for an HTTP/2 stream or connection window
update to handle spurious wake-ups during the wait.
+ Correct a regression introduced in 9.0.78 and use the correct
constant when constructing the default value for the
certificateKeystoreFile attribute of an
SSLHostConfigCertificate instance.
+ Refactor HTTP/2 implementation to reduce pinning when using
virtual threads.
+ Pass through ciphers referring to an OpenSSL profile, such as
PROFILE=SYSTEM instead of producing an error trying to parse
it.
+ 66841: Ensure that AsyncListener.onError() is called after an
error during asynchronous processing with HTTP/2.
+ 66842: When using asynchronous I/O (the default for NIO and
NIO2), include DATA frames when calculating the HTTP/2
overhead count to ensure that connections are not prematurely
terminated.
+ Correct a race condition that could cause spurious RST
messages to be sent after the response had been written to an
HTTP/2 stream.
* WebSocket
+ 66548: Expand the validation of the value of the
Sec-Websocket-Key header in the HTTP upgrade request that
initiates a WebSocket connection. The value is not decoded but
it is checked for the correct length and that only valid
characters from the base64 alphabet are used.
+ Improve handling of error conditions for the WebSocket server,
particularly during Tomcat shutdown.
+ Correct a regression in the fix for 66574 that meant the
WebSocket session could return false for onOpen() before the
onClose() event had been completed.
+ 66681: Fix a NullPointerException when flushing batched
messages with compression enabled using permessage-deflate.
* Web applications
+ Documentation. Expand the security guidance to cover the
embedded use case and add notes on the uses made of the
java.io.tmpdir system property.
+ 66662: Documentation. Fix a typo in the name of the algorithms
attribute in the configuration section for the Digest
authentication value.
+ Documentation. Update documentation to use MiB for
1024 * 1024 bytes and KiB for 1024 bytes rather than
MB and kB.
* jdbc-pool
+ Fix the releaseIdleCounter does not increment when testAllIdle
releases them.
+ Fix the ConnectionState state will be inconsistent with actual
state on the connection when an exception occurs while
writing.
* Other
+ Update to Commons Daemon 1.3.4.
+ Improvements to French translations.
+ Update Checkstyle to 10.12.0.
+ Update the packaged version of the Apache Tomcat Native
Library to 1.2.37 to pick up the Windows binaries built with
with OpenSSL 1.1.1u.
+ Include the Windows specific binary distributions in the files
uploaded to Maven Central.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ Update UnboundID to 6.0.9.
+ Update Checkstyle to 10.12.1.
+ Update BND to 6.4.1.
+ Update JSign to 5.0.
+ Correct properties for JSign dependency.
+ Align documentation for maxParameterCount to match hard-coded
defaults.
+ Update NSIS to 3.0.9.
+ Update Checkstyle to 10.12.2.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ 66829: Fix quoting so users can use the _RUNJAVA environment
variable as intended on Windows when the path to the Java
executable contains spaces.
+ Update Tomcat Native to 1.2.38 to pick up Windows binaries
built with OpenSSL 1.1.1v.
+ Improvements to Chinese translations.
+ Improvements to French translations.
+ Improvements to Japanese translations
- Removed patch:
* tomcat-9.0.75-CVE-2023-41080.patch
+ integrated in this version�- Fixed CVEs:
* CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666)
- Added patches:
* tomcat-9.0.75-CVE-2023-41080.patch�- Modified patch:
* tomcat-9.0-osgi-build.patch
+ make it more robust to change in number of artifacts in bnd
+ do not enumerate jars, just take all jars from the aqute-bnd
directory into the classpath�- Require(pre) shadow because groupadd is needed early�- Update to Tomcat 9.0.75.
* See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt)
* Fixes:
+ bsc#1211608, CVE-2023-28709
+ bsc#1208513, CVE-2023-24998 (previous incomplete fix)
- Remove patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* tomcat-9.0-CVE-2021-41079.patch
* tomcat-9.0-CVE-2022-23181.patch
* tomcat-9.0-NPE-JNDIRealm.patch
* tomcat-9.0-hardening_getResources.patch
* tomcat-9.0.43-CVE-2021-43980.patch
* tomcat-9.0.43-CVE-2022-42252.patch
* tomcat-9.0.43-CVE-2022-45143.patch
* tomcat-9.0.43-CVE-2023-24998.patch
* tomcat-9.0.43-CVE-2023-28708.patch
+ integrated in this version
* tomcat-9.0.43-java8compat.patch
+ problem with Java 8 compatibility solved in this version
- Modified patch:
* tomcat-9.0.31-secretRequired-default.patch
- > tomcat-9.0.75-secretRequired-default.patch
+ rediffed to changed context
* tomcat-9.0-javadoc.patch
+ drop integrated hunks
* tomcat-9.0-osgi-build.patch
+ fix to work with current version
- Added patch:
* tomcat-9.0-jdt.patch
+ fix build against our ecj�- Fixed CVEs:
* CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840)
- Added patches:
* tomcat-9.0.43-CVE-2022-45143.patch�- Fixed CVEs:
* CVE-2023-28708: tomcat: not including the secure attribute
causes information disclosure (bsc#1209622)
- Added patches:
* tomcat-9.0.43-CVE-2023-28708.patch�- Fixed CVEs:
* CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513)
- Added patches:
* tomcat-9.0.43-CVE-2023-24998.patch�- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt
- use logrotate for catalina.out
* update tomcat-serverxml-tool and spec to configure server.xml
- Added patch:
* tomcat-9.0-logrotate_everything.patch
* tomcat-serverxml-tool.tar.gz
- Removed:
* tomcat-serverxml-tool-1.0.tar.gz�- Use catalina.out for logging (bsc#1205647)
- Added patches:
* tomcat-9.0-fix_catalina.patch�- Fixed CVEs:
* CVE-2022-42252: reject invalid content-length requests. (bsc#1204918)
- Added patches:
* tomcat-9.0.43-CVE-2022-42252.patch�- Fixed CVEs:
* CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)
- Added patches:
* tomcat-9.0.43-CVE-2021-43980.patch�- Do not hardcode /usr/libexec but use %%_libexecdir during the
build
* Fixes for platforms, where /usr/libexec and %%_libexecdir are
different�- Fix bsc#1201081 by building with release=8 all files that can be
built this way. The one file remaining, build it with source=8 and
target=8
- Modified patch:
* tomcat-9.0.43-java8compat.patch
+ Do not cast ByteBuffer to Buffer to call the Java 8 compatible
methods. Build with release=8 instead�- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)
- Added patch: tomcat-9.0-hardening_getResources.patch�- Remove dependency on log4j/reload4j completely (bsc#1196137)�- Do not build against the log4j12 packages, use the new reload4j�- Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
* tomcat-9.0-CVE-2022-23181.patch�- remove instance units from post scripts, they can not be reloaded�- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)
- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch�- Modified patch:
* tomcat-9.0-osgi-build.patch
+ account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0�- Fixed CVEs:
* CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
* CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
- Added patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch�- Fixed CVEs:
* CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
- Added patches:
* tomcat-9.0-CVE-2021-41079.patch�- Update to Tomcat 9.0.43. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)
- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
- Rebased patch:
tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch�- Update to Tomcat 9.0.41. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)�- Update to Tomcat 9.0.40. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)
- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2020-17527.patch
* tomcat-9.0-CVE-2021-24122.patch�- Fixed CVEs:
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
- Added patches:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch�- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)
- Added patch:
* tomcat-9.0-CVE-2021-24122.patch�- Update to Tomcat 9.0.39. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)
- Rebased patches:
* tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch�- Update to Tomcat 9.0.38. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)
- Rebased patches:
* tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch
- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now�- Update to Tomcat 9.0.37. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
- Rebased patches:
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch�- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)
- Added patch:
* tomcat-9.0-CVE-2020-17527.patch�- Add source url for tomcat-serverxml-tool
- Fix typo in tomcat-webapps %postun that caused /examples
context to remain in server.xml when package was removed
- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from
package. They're not used anymore becuse of systemd (bsc#1178396)�- Fix tomcat-servlet-4_0-api package alternatives to use
/usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar.
Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility.
(bsc#1092163)
- Change default file ownership in tomcat-webapps from
tomcat:tomcat to root:tomcat�- Fix CVE-2020-13943 (bsc#1177582)
- Added patch:
* tomcat-9.0-CVE-2020-13943.patch
- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup
scripts (bsc#1177601)�- Replace old specfile constructs. Remove support for SUSE 11.x.
- Drop %systemd_requires, which is considered a no-op.
- Trim redundant license mention from description.
- Make documentation noarch.
- Do not suppress errors from useradd.�- Avoid hardcoding /usr/lib as libexecdir�- Don't give write permissions for the tomcat group on files and
directories where it's not needed (bsc#1172562)
- Change tomcat.pid location from /var/run to /run (bsc#1173103)
- Use the /sbin/nologin shell when creating the tomcat user
- Use %tmpfiles_create macro in %post instead of calling
systemd-tmpfiles directly�- Update to Tomcat 9.0.36. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt)
- Fixed CVEs:
CVE-2020-11996 (bsc#1173389)�- Update to Tomcat 9.0.35. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)
- Fixed CVEs:
- CVE-2020-9484 (bsc#1171928)
- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch�- Update to Tomcat 9.0.34. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt)
- Notable changes:
* Add support for default values when using ${...} property
replacement in configuration files. Based on a pull request
provided by Bernd Bohmann.
* When configuring an HTTP Connector, warn if the encoding
specified for URIEncoding is not a superset of US-ASCII as
required by RFC 7230.
* Replace the system property
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with
the Connector attribute encodedSolidusHandling that adds an
additional option to pass the %2f sequence through to the
application without decoding it in addition to rejecting such
sequences and decoding such sequences.�- Update to Tomcat 9.0.33. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)
- Notable fix: corrected a regression in the improvements to HTTP
header parsing (bsc#1167438)
- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch�- Change default value of AJP connector secretRequired to false
- Added patch:
* tomcat-9.0.31-secretRequired-default.patch�- Update to Tomcat 9.0.31. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
- Fixed CVEs:
* CVE-2019-17569 (bsc#1164825)
* CVE-2020-1935 (bsc#1164860)
* CVE-2020-1938 (bsc#1164692)
- Modified patch
* tomcat-9.0.30-java8compat.patch
- > tomcat-9.0.31-java8compat.patch
+ Adapt to changed context�- Modified patch:
* tomcat-9.0.30-java8compat.patch
+ add missing casts (bsc#1162081)�- Change back the build to build with any Java >= 1.8
- Added patch:
* tomcat-9.0.30-java8compat.patch
+ Cast java.nio.ByteBuffer and java.nio.CharBuffer to
java.nio.Buffer in order to avoid calling Java 9+ APIs
(functions with co-variant return types)
- Renamed patch:
* tomcat-9.0-disable-osgi-build.patch
- > tomcat-9.0-osgi-build.patch
+ Do not disable, but fix OSGi build since we have now
aqute-bnd�- Change build to always use Java 1.8 (bsc#1161025).�- Update to Tomcat 9.0.30. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
- Fixed CVEs:
- CVE-2019-0221 (bsc#1136085)
- CVE-2019-10072 (bsc#1139924)
- CVE-2019-12418 (bsc#1159723)
- CVE-2019-17563 (bsc#1159729)
- Removed patch:
* tomcat-9.0-JDTCompiler-java.patch
+ It was not applied�- Update to Tomcat 9.0.27. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt)
- Uset aqute-bnd to generate OSGi manifest, since we have that
package now in openSUSE:Factory
- Removed patch:
* tomcat-9.0-disable-osgi-build.patch
+ not needed�- Add maven pom files for tomcat-jni and tomcat-jaspic-api�- Distribute the pom file also for tomcat-util-scan artifact�- Build against compatibility log4j12 package�- Adapt to the new ecj directory layout�- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini�- Update to Tomcat 9.0.20. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt)
- increase maximum number of threads and open files for tomcat (bsc#1111966)�- Update to Tomcat 9.0.19. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt)
Notable packaging changes:
- File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed.
The classes contained in this jar were merged into
/usr/share/java/tomcat/catalina.jar.
- Fixed CVEs:
- CVE-2019-0199 (bsc#1131055)
- Rebased patch:
- tomcat-9.0-JDTCompiler-java.patch
- tomcat-9.0-javadoc.patch�- Build classpath directly with the geronimo jars instead of with
symlinks to them�- Don't overwrite changes made to server.xml contexts when updating
bundled webapps.�- Set javac target to 1.8 when building docs samples and serverxmltool�- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps
(bsc#1092341). Affected packages:
- tomcat-webapps
- tomcat-admin-webapps
- tomcat-docs-webapp
- Remove %doc directive from tomcat-docs-webapps files section so that
zypper installs files even if rpm.install.excludedocs is set to yes.�- Require Java 1.8 or later (bsc#1123407)�- Clean up OSGi manifest injection
- Put embed maven metadata into embed subpackage
- Use the .mfiles* lists generated by %%add_maven_depmap macro�- Fix tomcat-tool-wrapper classpath error (bsc#1120745)�- Fix tomcat-digest classpath error (bsc#1120745)�- Update to Tomcat 9.0.14. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)�- Add pom files for tomcat-jdbc and tomcat-dbcp
- Add org.eclipse.jetty.orbit* aliases to correspondant artifacts�- Update to Tomcat 9.0.13. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)�- Update to Tomcat 9.0.12. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)
- Fixed CVEs:
- CVE-2018-11784 (bsc#1110850)
- Rebased patches:
- tomcat-9.0-disable-osgi-build.patch
- tomcat-9.0-javadoc.patch
- tomcat-9.0-sle.catalina.policy.patch
- tomcat-9.0-tomcat-users-webapp.patch�- Declare following files to config(noreplace) to prevent override
access rights:
- host-manager/META-INF/context.xml
- manager/META-INF/context.xml�- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's
configuration during update (bsc#1067720)�- Update to Tomcat 9.0.10. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)
- Fixed CVEs:
- CVE-2018-1336 (bsc#1102400)
- CVE-2018-8014 (bsc#1093697)
- CVE-2018-8034 (bsc#1102379)
- CVE-2018-8037 (bsc#1102410)
- Rebased patch tomcat-9.0-JDTCompiler-java.patch
- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding
OSGi metadata to JAR files�- Update to Tomcat 9.0.5. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)�- Modified patch:
* tomcat-9.0-javadoc.patch
+ Don't append to javadoc --add-modules since we are building
with source=8
+ Avoid accessing Internet URLs from build environment�- Update to Tomcat 9.0.2:
* Major update for tomcat8 from tomcat9
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
* Rename all tomcat-8.0-* files to tomcat-9.0-*
- Changed patches:
* Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-8.0-sle.catalina.policy.patch
* Deleted: tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-8.0.33-JDTCompiler-java.patch
* Deleted: tomcat-8.0.44-javadoc.patch
* Deleted: tomcat-8.0.9-property-build.windows.patch
* Added: tomcat-9.0-JDTCompiler-java.patch
* Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch
* Added: tomcat-9.0-javadoc.patch
* Added: tomcat-9.0-sle.catalina.policy.patch
* Added: tomcat-9.0-tomcat-users-webapp.patch
- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api
to reflect the new Servlet API version.
- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf
- Added "tomcat-" prefix to lib symlinks under
/usr/share/java to avoid file conflicts with servletapi5
and geronimo-specs
- Fixed wrong %ghost file paths for alternatives symlinks�- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)�- Build with JDK 8 to fix runtime errors when running with JDK 7
and 8
- Fix tomcat-digest classpath error (bsc#977410)
- Fix packaged /etc/alternatives symlinks for api libs that caused
rpm -V to report link mismatch (bsc#1019016)�- update to 8.0.47
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-12617
- rebase tomcat-8.0-sle.catalina.policy.patch�- Added patch:
* tomcat-8.0.44-javadoc.patch
- generate documentation with the same source level as class
files
- fixes build with jdk9�- Version update to 8.0.44:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-5664 (bsc#1042910)�- New build dependency: javapackages-local�- Version update to 8.0.43:
* Another bugfix release, for full details see:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVEs:
- CVE-2017-5647 (bnc#1033448)
- CVE-2017-5648 (bnc#1033447)
- CVE-2016-8745
- Renamed and rebased patches:
* tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch
- Enable optional setenv.sh script. See section
"(3.4) Using the "setenv" script (optional, recommended)" in
http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt
(bnc#1002662)
- Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412).
Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api,
tomcat-servlet-3_0-api�- update to 8.0.39: (boo#1003911)
* Improve handling of I/O errors with async processing
* Fail earlier on invalid HTTP request
- includes changes from 8.0.38:
* Refactoring the non-container thread Async complete()/dispatch()
handling to remove the possibility of deadlock
* Improved UTF-8 handling for the RewriteValve
- includes changes from 8.0.37:
* Treat paths used to obtain a request dispatcher as encoded
(configurable)
* Various jdbc-pool fixes
- drop tomcat-8.0.36-jar-scanner-loop.patch, upstream�- Switch to commons-dbcp2 fate#321029�- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862)
Added: tomcat-8.0.36-jar-scanner-loop.patch�- Version update to 8.0.36:
* Another bugfix release for the 8.0 series. Full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)
- CVE fixed by the version update:
- CVE-2016-3092 (bnc#986359)
- Fixed a deployment error in the examples webapp by changing the context.xml format to the new one
introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources�- fix maven fragments paths to build in multiple distribution
versions�- Version update to 8.0.33:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt)
- Rebase tomcat-8.0-tomcat-users-webapp.patch
- Rebase tomcat-7.0.53-JDTCompiler-java.patch
to tomcat-8.0.33-JDTCompiler-java.patch�- Fix fixme for the prereq preamble value
- It seems systemd prints error on adding the @ services to macros
so do not do that�- package was partly merged with the scripts used in the
Fedora distribution
- support running multiple tomcat instances on the same server
(fate#317783)
- add catalina-jmx-remote.jar (fate#318403)
- remove sysvinit support: systemd is required�- update changes file for CVE information
- Fixed CVEs:
- CVE-2015-5346 (bnc#967814) in 8.0.32
- CVE-2015-5351 (bnc#967812) in 8.0.32
- CVE-2016-0706 (bnc#967815) in 8.0.32
- CVE-2016-0714 (bnc#967964) in 8.0.32
- CVE-2016-0763 (bnc#967966) in 8.0.32
- CVE-2015-5345 (bnc#967965) in 8.0.30
- CVE-2015-5174 (bnc#967967) in 8.0.27�- Version update to 8.0.32:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt)
- Rebase patch:
* tomcat-8.0.9-property-build.windows.patch�- update to Tomcat 8.0.28
* Multiple fixes, read upstream changelog at:
https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)�- Some whitespace cleanups�- Remove pointless conflicts on provide/obsolete symbols�- Version bump to 8.0.23 fate#318913:
* Multiple testfixes all around, read upstream changelog at:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)�- Fix previous commit. Fix one rpmlint warning�- Drop gpg verification from spec, it is done by obs�- Fix build with new jpackage-tools�- update to Tomcat 8.0.18:
* Major update for tomcat8 from tomcat7
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Rename all tomcat-7.0-* files to tomcat-8.0-*
* Update keyring file
- Update windows patch to apply again:
* Deleted: tomcat-7.0.52-property-build.windows.patch
* Added: tomcat-8.0.9-property-build.windows.patch
* Added:tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-7.0-tomcat-users-webapp.patch
* Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch�- Version 1.1.30 or higher is required for APR listener (bnc#914725)�/bin/sh�/bin/sh�servlet�tomcat-servlet-3_0-api�tomcat-servlet-3_1-api�h04-ch1b 1697445433���������������������������������������������������������������������� ���
�����������������������������������������������9.0.82�9.0.82�9.0.82�9.0.82�9.0.82�4.0���9.0.82-150200.46.1�9.0.82-150200.46.1��������������4.0�����������������������������������������servlet�servlet.jar�tomcat-servlet-4.0-api.jar�tomcat-servlet-api.jar�tomcat-servlet.jar�tomcat-servlet-4_0-api�LICENSE�tomcat-servlet-api.xml�JPP-tomcat-servlet-api.pom�/etc/alternatives/�/usr/share/java/�/usr/share/licenses/�/usr/share/licenses/tomcat-servlet-4_0-api/�/usr/share/maven-metadata/�/usr/share/maven-poms/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:30729/SUSE_SLE-15-SP2_Update/1f5b6e9de4003dbcae3fc0bc675fba51-tomcat.SUSE_SLE-15-SP2_Update�drpm�xz�5�noarch-suse-linux��������������������������������������cannot open `/home/abuild/rpmbuild/BUILDROOT/tomcat-9.0.82-150200.46.1.x86_64/etc/alternatives/servlet' (No such file or directory)��gzip ERROR: Stdin has more than one entry--rest ignored (Zip archive data, at least v2.0 to extract Java archive data (JAR))�directory�ASCII text�XML 1.0 document, ASCII text�������������������������������������������������������������������������P���P���P���P���P���R���R����`m���H\8&�=N]� �y�"XA��N;
V+6-KGN��-hs^m=N�9�BƜ써jĄ2F��E�CV#'fLN)�G~k%F=�톼h7�rfE`WV٨7LJ�>N�MϞx��|gY^O��iZ/��o^5�K�˭~P�S/�edr�!��W�P-F͡+z_��Ozk�c�bp�f0p|!�SZDն
RD4?:c�y(|8/z,P|EͅeD�*aCwE'��ƆH!L`C�NVKFV圔3r�K`��FUrNE?fG3P�j��t�Fb#܇"RcRAJ�jsgBT�|+�ED~A�O"ȁz6z|`z=�R}r#u^kjأ��U}5bZLrkcPL�n5.^ߵ+ָ��H昺nx5K/Lt�lX{Et�
PU:�0�(a�9�Z!:2e�"@�h�2 AA*;L;ǨBnY=��r-(kUWQ��0/V�Aj"�(Mpdqzz�AݽsbZbz�$U}i"R
��9�Gc�""9V�_TT7;�f�ZYz�\��o;�ڐ'e� Fn�R�y�.ǫ��`�sDKfWg_