tomcat10-docs-webapp-10.1.18-150200.5.17.1<>, ep9| ׁZw̉YgAhNk˪eEJ|Epg@htO1sCf{¬a*,OҲ,x4k`Yp']P/`e ;GG1BG\IJ҉2&~($d@?d - Z 'AGN      . /205x88;; ; o:Fo>ޙFޡG޸HXIXY\]\^bicdefluvTz(8<BCtomcat10-docs-webapp10.1.18150200.5.17.1The "docs" web application for Apache TomcatThe documentation of web application for Apache Tomcat.eh04-ch1b*0SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://tomcat.apache.orglinuxnoarchchown -R tomcat:tomcat /usr/share/tomcat/tomcat-webapps/docs/META-INF runuser -u tomcat -g tomcat -- xsltproc --output /usr/share/tomcat/tomcat-webapps/docs/META-INF/context.xml /etc/tomcat/allowLinking.xslt /usr/share/tomcat/tomcat-webapps/docs/META-INF/context.xml if [ ! -e /usr/share/tomcat/webapps/docs ]; then ln -sf /usr/share/tomcat/tomcat-webapps/docs /usr/share/tomcat/webapps/docs fiOx>D@l5%8L@lH O>   |_!Z2,-r#E TR %ZNL.2P2U82!.7T&$:>v9Z)"&.G!N9#$i Z%'LGPz48/m PR`YURdXLSXRs+:=j~j{\#,++*<n15F< T \BO T r D P'1 QdWA큤A큤AA큤A큤A큤A큤A큤A큤AA큤AA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee4510a5b89c7afe76bdd5885981a33ea8b6860c8f7d1860d5aa7148c0bb99963d539ad0b2450e83e306f9e54b4a40c00aee470cbda377451026345655e1a1033e166bbf7cee31a0e8bf7647b4f6bea8eb1f297a6c4c30ee933052eef41ab260b6d69565edcd469f942efa4bfc9337cac7df2f72edc5ee2f4ed411d3b3e379880b18ae0f6852f87a9f6a9720b19ed633a67d38caf7dfaea2fcd0ff2f1c7efc7576aa103a04a71295e67700d064b1d4bb8033969b44fe6fe3c5d3c076db5c7cb25d3ed7d9c36caf00f0ce2ea10ebf26dd3561e2aae32dd976714914194ec6904866372821f4337d03bbe74059942085aa9db147d8d36cc41b456f22847f17af252c326e358c02efbe1e2317782d22265d23788bfb293f5053106f7b2f9e1398ce5dff7fdb1c70875875216ee3a18630a52140eab628d9cce7bcd7f69f56b5e4d09462327d5b5dae30efe37c72c99a64b704afc5bc971a028337a39b928f57bdfe95e64e3963b00eeb2aa7ffadf1d1a81a8497b7138be7c69daed2f3446093d4694c49b9f4eaed89ffd8788d9247fd33fddc1d95826866dfa6db2fcc4e196bda5b0146db1f2483a008aaf5cf25fa7bdcf5acec6a588fb67b784f2ad684d6e57e565e96f123d6eadf075dca719877b00253be1ee30847d95410120afc87d29108ee0cff7fdb1c70875875216ee3a18630a52140eab628d9cce7bcd7f69f56b5e4d09477f84b68ac01984d8566203b324eae905f1883f5dcffd6d8c7a6342a76547458d4825ba7885174a0632cf2a30c124a3900cea0f044a3e1b42550658cefee7ce4437cbd99c13c20b5710dfcea000d38bbd3a5cae2301a2a61a12d9a9d38bd72acab2459f0743cff421e724fe243454ffbeb472452d7f09d98e37982ec6d1ffc117b8134b028f5b8c206e18075b05790d27cc29c431bb9575033b37319751036f8dc5d18af5aebf5ad183db10b5d17d0caabb65a1b5371af6d4c2e1160c16649d6d9fdacbd36cf39f746e789faee0d09e629b6051395bae804fc88d309fdc8d50d92615b83a3f1ddd6b42f91b282a30b7def29e173ff69d96d6ff5b3084aefc5226ea9933b82e315fdea8859be28962fb497abe90186fceac3290758fe1f2a5547cd1b518b877892c613da5295d10573e80a643401baf9307571e1147e509516f401e052ee3a0e0757c5b5f08ce72c261147a76ddac609d311fc53882728e0ed1ca240efa669dc4137c363db090dd9fbc5b5b845830476afe582cbfe592b71df0bf390f92b159fbae05959f3c3ff8904978f8720462567d4ebd4205a944c30a389db692e24785f79099a558d554c83ca452afbf731dbe3f1d8d8e3d9a6136cf571a1f77a86b92cc872ba86a4ac538720debe5a075f56cf6ede6a52c1b1ec91b74144e18ea15e297fdf793cf6a08cda5b1087350c7e9794059a6a0f76d7f57a128bba2f4c6806ed4a3e2ca487b25b66d6cdb3f7869a9c724950c2c8a8b9ed1e2b03c82afabdbd81db652aea065f7acc712a5ba5876824860c754aa6285c92d15383896b7e78b7789374dc71e941fe2f3ddab1dd868179ac7cc83e4ea7ce45ec21aed52062fec17e8255d2145f121bb02891057dbff7448954230960e801ed019c7f91cc55e1537e1446efebc9f114c3e12241db4d2bb5a29f6b1346bc1cc92c5e697823c425b9fb4eaf2feb7f6433c2ea233f3144c6205201bc266498c3d52faf9663cd1331b890ce01d097352d56c0004b7f1a6a94a08c9a699fabb70913dd439a5482202c76aa157dc89bc6d351c56f5dbaeb339abcb56147660daa5428f5e4ae00e7a9819b398022448ea2f6b13357df2e64dc464d16094d9db051496f1655b63daa9d3559b76527f660ad45188c595d13937c57cae836acab38121477b38bdb7d0d5000791917e8758fc15476de5a54d27f4d9824bd1a1236c7ec5e8f0525833a089e1a19bdea63bc5eb12c736fca35df68cce3e46b431b22cabf51becdad778160a4368b03f48f977b3305d82fc430260fe55c513bc5c827b8718f7bf11c1e5473df71ee8350009d42120a78b0f7ef5e3e13495fe4fb6afcd4d71fa3f96e6fe20ca604493abe610c6e9918891a31c63a4c7af15f273e216ad766787ef52d1ec317c73db4b529337477e1976950f748722446bb4db1f309e0ab7c60bbe3aa9ff0085316665c25d9527e0a88aabaafe8a1b372fb71ffe76353b6167ce6caeaf1bff189dbb6900cbe648afebf6f5c5a3be8dfe247454c253d288061cfc79529352db71b1165cdd26bc2fa2233f9cfe5dd710d42c4439f824c4176e7b4830e53b8868c00ff9c48ffdbb086ba06ed8932209086f9897872ccddedc2a628d3207377af2d3428a714b73159170dcc7ee35553fb06ba846e6a5402f6d585dd089330de3dfa72cf02aa8abacd85d630b6eb8c4173b06dc2dadc1318bdb4ec5b9fad5218daaf77987d2648da2b03c928363ed9a8f2bd0150c1ab213dbdbd350a5441fbd1da248bc2dd271e7da9968ce5565c76b6515ec1f8be58a9ca58aca9d129ac75f2cfb5fbb10f09d7c4136db12df80dc029367c213fa4f07d3480e9198d3c17f7e58aeeffde2de72f02f21d9284cf0825be8cbcec69e4a3315b2fee2a2144957c0f3610c9b8e72e27480830fff74c3360569144cac58fa9cf90f9a865001e4d4235a279577b06ede42abf91b9209631844e3e1dd711b76b52d54710558fbe6db8b89360096d31da96760fc6cbaf4893be557a360178d3690569ec73ebfa0028f297855726a434565ea1f265b796140d40f2e939a2587ace3cb0caa891a1a3eae937595f828801052a952e695f5e27d5e99a6f3ccf813901e20088c97ea482c58c9c3f739cebb04ae8695e3694c0411845c120917aa353db4776c5a1e172725c504a729f0a19cd8e81f0b02a93f6c9636764551b46907d95a9eb91923b89fa2139887e0dd7dc37f63ea2f68c866ef22d6be1be30fe54e1b14e4891f81ea40b5834b176bb89e2259fceefa069093d9fbbfce034f9290cc7c4a3878c25ed12acd63fee420fb5baea0c0ab4dfe899e5600aef5a06fac37c59ee88b4753308d7c41a91f3228f8cd51c0672036a0e3e7bc375edd443b9cb178dd2a80664421473ef875b4406afa4251b17cb3e14cf082fb7cf1a3e5936aa53d1994396c393d59c8398076f4bff66b7aaa37a7fe51953d442014da38a5eff7426459b768afa62127a55dd2cce5ce78ec95eb76f1ecc80b5a1ad8e8cfedcdabfa62722f0be2f83ff6c6537fe2b3239cca68f29d55596ee4934f0c9eed53a7a08e3f861d3e4ebc55440c4507a225ecdfed447f3bc8ddaf0675f98f88d3341af13994b8637b6978255ec871ea6ff1b8e08a0059317bd59dc106fa8f29d64a75d88ebd1d241a62b3ad6ac438c2ffb59a13ffaa2c95aecb42e71f0fe73c19dfffe055b7daa4a9f6c04dac34f31025def3c5e9a225d44d70652ae6b8a60780a21a6ca33bec3825172c129279c8be2862d894cb3677b31fa0d2f74bc774079626d2273ac92410a3b6757c144397579517499d3b29b29ff5268b465c48a22f69888ddc99c79c3d56db7e6391125c93620c86d23f70df43f3fa6110b32e8926523cd51b2892b74ac1c37e40f4f6347b9fe66e02862e06fb0dce0fbdd63c15518c6e52d8ce96c3c2c91bd9ebac054e31342c212d93c5292e9b26226a5acd314049dcddb5b939af17dac8ea84b3655e85ca91ad296bf07103c9d6e5e573fdbbef3672b01491ba8ad7b5486f1c4510d6235abd5d419db4dba99bc07568a335f622da23cad6c2597dfaf4ee17321f5186e8535ef601e3a9a2d4501f3d0ff68825bada07fda3854d8d98559567b0002937a855d2db07e9bb909a2fa7d829f0d916c74557294092a56d7d21b1d2acf06e4fa3b5d351c4a446085cb2b6310208fbb0657c3bdfd611d4f79b9b0857afdbcc359c4d52112c36fa422d381aec5ffb57c31912b60ca0e47b56634beaae1a4eb8c826f1329a1d49820814f018ba95a5b2ae5c8e349d57c6663aa87559d4b6c86b1b6a0cac0dba2ac0d6abdb2d037f07499a84df7f9a949e5e76a4d89dd3913b96e3ec691568f1581537f57b4e62863524bd1511017e7f252f23ac6c125160c39b14a2a0410d16b47d3901eee99d0090e19fdb28ab78e3fff49f571c5ece6cca5eaa4ca9bff421ce09b2021f4e4bc64a8264732de30b162cb05943d9b2e92bf27138de083e056ba73609403a3ef0ac82395a4fccae251ecef1878c569a3a5ee2f4e94f2b56e19054224482be0aa7b444ab8324ed0b0c25e3abacbd87be29732356c9bb890556675373ea9ed1d0e9b5678426d69296b6801c906ca378bb426aa3d6acdc3ba392abf7aa1d006749331fa8e97ac2202596a819dd382b46d051a28dca74875a851d97fcc71c78ca279754fabc2289a600aabecec4d9e4387cab9c7400aa2d0868a21c493df0e5da1622b319e915303b1aa2b72f3cb836057eed5699f522693cd0e6f9fbe497b6a0346fde3934cbcbd7c557a334c27bb34e69c7ed430ed4a4588c27f2a933b428f5a13403157e395a9d869d176c8dd256a5f28a042e4f863b42117f27a13e776a0e6ee6d54739b08b35741f43f5776bf51a193810b51d60285dc5d18af5aebf5ad183db10b5d17d0caabb65a1b5371af6d4c2e1160c16649d65d4dbfc82ee715a653291fb987dd565b6fc567ffee828d9e4c5f181c75eca0be63b93e248018e9520b508c50c9f61fb190bb7ed7c057598111baf79d07c3ad14afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f2775c999e0a46ca71af10fccc3eec3c1d149182d380c6756881fe2d9f9e3ee3debbf3a75777812f978801b8ea3166547a30abb161911f96eefd789466404e6a373750bce6a256d73ee68aa5f71145280f317eba7f42262553dc8106d351719470a3175fb4ec771511cd3b3383413ab2fa080f979bf8feb3924f7f9feb43a0b7ab7ac5796a90ccb46b6945504864883f822f9bc2801aa145934aff917f9dc8095ac8a7e8c3cc1e2a225f5ae4c8741125b014365522b57e349836eb9bbda55dcd8c014362fbd017096962a6d662fbdd09cd7beb42ec15c18d794f577a0ae1e0b7693af590f993e0be9ee85c272f73f7f5487e2acc15e343e230d27d57d65f0798d264f67ba799960b0cdf83c5ec81525606023651c906d97c29f964c200ad2045309a0c9611a57bd87440f045554a52ff8ac8a6f2144cb27c85471b699898b7f8ff389041bf819f7c43caec2a08f0f2000d0d07c993cad82853d18d5e1bb41991ad0646d773eda4504b9646da6b58f95b80a741de42a331a994a5969537492d7535995ddbd3c1ac87bcf2df87bc93c0dd903a2467ced795dcd5c0d746f5c133a8123efac42ee261bccef8bff89d96d06690698f5f52ad45dbb62f0ffb0aad6b897646663f46a50540230523c1a24eedd379d81027fc3052ddb6bd2a4db6ae22036f7774e0f39ad56f4daede58d544ed95c1e2474ae352ad8accc878d9b4f4ce3d26054b8a26db8aef5f13607c9d863b45a251c75f1bab4a809d68b53df08dba129954d5fc2e99ff81f53662ada1888668390518f9a2b207e113dfbfea222f0946b997f8d2b19cbda37bf6a75375fd1e99a16c29914b4dbf00ee641fc955b988ef8c0f0bb27fab60ad353b73560abf260ff7d62df0fa14603c923bef550672757f86f3563b42e4abaa20dabf84670f0b026f9dddd901a13faa8a19e5a72de15f08f76926b11c3efb1ed05042f2662eb40afc4d37353e03dba86751df47c69b2c8e673f181449f30a329eda1d677e8c0f47c7a9cebe877b3f76f4a0283bb8bf4c8dc57db3ba177c2edfb9378f435313a17914ee837e9ab2e852327eb3ba4a43bf8f22a2bab22312f251e6a4da25b4336a0d658f8297294afbff75d7c9918027f28cac392fc8918005700ea29e15f989b28cc65e63a724bb92cb92e273c3cec0876f61426920052a8783d45a4db5b05f36404c4b39a27f02097909cf9bf3d2a91365ed672d777578d90b899ab177a67e1976b0f0c6d5577b6788da8baa9b936f90fddbfaa9d71b306215e5421e98378556df26877529d59e9d6f92e0c6cea9b752b6f841e05e1919ac2a3b46b50d67f4c6933117cf9f1423705a92276fae62c1f02bfafa66718bfdf24fa45a260dce388aca762410c3e2b31cd365245fd22d4b8c08855b3c208675c77e29caee0184003a846cc8a44089c239daf08225fb0ff499adcadecf1667283a3a98de518ee38dd2b9535948a82027c9d1266c348f77f38241934520773e15051ac90f0bdbce12ab462c50c79a2fb020600e561f9c2dd3424d5d410bfb3431357a8523940a81223587c90ecbd14397b2bdf6eace3a4095983dbfceb343d9c0d418d6a6f6e9ce51e7ce4bcd62339a85bf3017a339c0db1ecd20d702rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottomcat10-10.1.18-150200.5.17.1.src.rpmtomcat10-docs-webapp     /bin/shlibxslt-toolsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)tomcat10util-linux3.0.4-14.6.0-14.0.4-14.0-15.2-110.1.18-150200.5.17.1tomcat-docs-webapp4.14.1eZeeПe@ee@e@eoedeSa@e)1@e 0@e 0@e;eRdld0d?@cc@c@c{h@cQ8@bγbbN@b!b@aaaA@a@a{@azamaamaama`X`Q@`OL@`OL@`3__F@_@___FN_!d^@^^_^@^Y^U @^1s^%@^!^@]҇]Γ@]4@]?]V]@\\\r@\k\j@\Yz\X)@\LK\?\8@\'a\[v[u[@[@[ug@ZZ_:Z!D@Z@YYYY:Y@Y@XZnW@WiW|W'A@WWKV@V2V`VA@UlI@UlI@UlI@UQU hU hTTи@dcermak@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comricardo.mestre@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comolaf@aepfle.demichele.bussolotto@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comwittemar@googlemail.comwittemar@googlemail.comwittemar@googlemail.comamehmood@suse.comamehmood@suse.comwittemar@googlemail.comwittemar@googlemail.comwittemar@googlemail.comamehmood@suse.commalbu@suse.commalbu@suse.commalbu@suse.comjengelh@inai.defstrba@suse.commalbu@suse.comfstrba@suse.commalbu@suse.comjavier@opensuse.orgmalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comdimstar@opensuse.orgmalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.commalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.comecsos@opensuse.orgfstrba@suse.comsean@suspend.netmalbu@suse.comecsos@opensuse.orgmalbu@suse.commalbu@suse.commalbu@suse.defstrba@suse.commalbu@suse.comrbrown@suse.commalbu@suse.comecsos@opensuse.orgfstrba@suse.comecsos@opensuse.orgdziolkowski@suse.commalbu@suse.comastieger@suse.comtchvatal@suse.commalbu@suse.commalbu@suse.comdmacvicar@suse.dejcnengel@gmail.comtchvatal@suse.comdmacvicar@suse.dedmacvicar@suse.detchvatal@suse.comdmacvicar@suse.detchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comwittemar@googlemail.combmaryniuk@suse.com- Add missing Requires(post): util-linux to have runuser into post- Add %%systemd_ordering to packages with systemd unit files, so that the order is the right one if those packages find themselves in the same transaction with systemd- Link ecj.jar into the install instead of copying it- rpm 4.19 requires dependencies on tomcat user and group (bsc#1219530)- Fixed CVEs: * CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208)- Update to Tomcat 10.1.18 * Fixed CVEs: + CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to incorrect headers parsing (bsc#1217649) * Catalina + Update: 68378: Align extension to MIME type mappings in the global web.xml with those in httpd by adding application/vnd.geogebra.slides for ggs, text/javascript for mjs and audio/ogg for opus. (markt) + Fix: Background processes should not be run concurrently with lifecycle operations of a container. (remm) + Fix: Correct unintended escaping of XML in some WebDAV responses. The XML list of support locks when provided in response to a PROPFIND request was incorrectly XML escaped. (markt) + Fix: 68227: Ensure that AsyncListener.onComplete() is called if AsyncListener.onError() calls AsyncContext.dispatch(). (markt) + Fix: 68228: Use a 408 status code if a read timeout occurs during HTTP request processing. Includes a test case based on code provided by adwsingh. (markt) + Fix: 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter(). (michaelo) + Update: The status servlet included in the manager webapp can now output statistics as JSON, using the JSON=true URL parameter. (remm) + Update: Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) + Fix: 67793: Ensure the original session timeout is restored after FORM authentication if the user refreshes a page during the FORM authentication process. Based on a suggestion by Mircea Butmalai. (markt) + Update: 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs. (michaelo) + Fix: 66875: Ensure that setting the request attribute jakarta.servlet.error.exception is not sufficient to trigger error handling for the current request and response. (markt) + Fix: 68054: Avoid some file canonicalization calls introduced by the fix for 65433. (remm) + Fix: 68089: Improve performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: Use a 400 status code to report an error due to a bad request (e.g. an invalid trailer header) rather than a 500 status code. (markt) + Fix: Ensure that an IOException during the reading of the request triggers always error handling, regardless of whether the application swallows the exception. (markt) * Coyote + Fix: Refactor the VirtualThreadExecutor so that it can be used by the NIO2 connector which was using platform threads even when configured to use virtual threads. (markt) + Fix: Correct a regression in the fix for 67675 that broke TLS key file parsing for PKCS#8 format keys that do not specify an explicit pseudo-random function and rely on the default. This typically affects keys generated by OpenSSL 1.0.2. (markt) + Fix: Allow multiple operations with the same name on introspected mbeans, fixing a regression caused by the introduction of a second addSslHostConfig method. (remm) + Fix: Relax the check that the HTTP Host header is consistent with the host used in the request line, if any, to make the check case insensitive since host names are case insensitive. (markt) + Add: 68348: Add support for the partitioned attribute for cookies. (markt) + Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile. (michaelo) + Add: When calling SSLHostConfigCertificate.setCertificateKeystore(ks), automatically call setCertificateKeystoreType(ks.getType()). (markt) + Fix: 67628: Clarify how the ciphers attribute of the SSLHostConfig is used. (markt) + Fix: 67666: Ensure TLS connectors using PEM files either work with the TLSCertificateReloadListener or, in the rare case that they do not, log a warning on Connector start. (markt) + Fix: 67675: Support a wider range of KDF and ciphers for PEM files than the combinations supported by the JVM by default. Specifically, support the OpenSSL default of HmacSHA256 and DES-EDE3-CBC. (markt) + Fix: 67927: Reloading TLS configuration can cause the Connector to refuse new connections or the JVM to crash. (markt) + Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are available, prefer 1.2.x since it supports the APR/Native connector whereas 2.0.x does not. (markt) + Fix: 67938: Correct handling of large TLS client hello messages that were causing the TLS handshake to fail. (markt) + Fix: 68026: Convert selected MessageByte values to String when first accessed to speed up subsequent accesses and reduce garbage collection. (markt) * Jasper + Code: 68119: Refactor the CompositeELResolver to improve performance during type conversion operations. (markt) + Fix: 68068: Performance improvement for EL. Based on a suggestion by John Engebretson. (markt) * Web Applications + Fix: 68035: Additional fix to the Manager application to enable the deployment of a web application located in a Host's appBase where the web application is specified by a bare (no path) WAR or directory name as shown in the documentation. (markt) + Fix: Examples. Improve the error handling so snakes associated with a user that drops from the network are removed from the game. (markt) + Fix: 68035: Correct a regression in the fix for 56248 that prevented deployment via the Manager of a WAR or directory that was already present in the appBase or a context file that was already present in the xmlBase. (markt) * Other + Update: Update Checkstyle to 10.12.7. (markt) + Update: Update SpotBugs to 4.8.3. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update UnboundID to 6.0.11. (markt) + Update: Update Checkstyle to 10.12.5. (markt) + Update: Update SpotBugs to 4.8.2. (markt) + Update: Update Derby to 10.17.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Brazilian Portuguese translations by John William Vicente. (markt) + Add: Improvements to Russian translations by usmazat and remm. (markt) + Add: 67538: Make use of Ant's task to enfore the mininum Java build version. (michaelo) + Update: Update Checkstyle to 10.12.4. (markt) + Update: Update JaCoCo to 0.8.11. (markt) + Update: Update SpotBugs to 4.8.0. (markt) + Update: Update BND to 7.0.0. (markt) + Update: The minimum Java version required to build Tomcat has been raised to Java 17. (markt) + Update: Update the OWB module to Apache OpenWebBeans 4.0.0. (remm) - Added patches: * tomcat-10.1-build-with-java-11.patch- change server.xml during %post instead of %posttrans - add libxslt-tools requirement- Fix server.xml permission (bsc#1217768, bsc#1217402) - remove serverxmltool and use xsltproc- replace prep setup and patches macro with autosetup- Initial packaging of Tomcat 10.1.14- Update to Tomcat 9.0.82 * Catalina + Add: 65770: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. + Fix: Fix handling of an error reading a context descriptor on deployment. + Fix: Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. + Fix: 67472: Send fewer CORS-related headers when CORS is not actually being engaged. + Add: Improve handling of failures within recycle() methods. * Coyote + Fix: 67670: Fix regression with HTTP compression after code refactoring. + Fix: 67198: Ensure that the AJP connector attribute tomcatAuthorization takes precedence over the tomcatAuthentication attribute when processing an auth_type attribute received from a proxy server. + Fix: 67235: Fix a NullPointerException when an AsyncListener handles an error with a dispatch rather than a complete. + Fix: When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. + Fix: Fix logic issue trying to match no argument method in IntropectionUtil. + Fix: Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. + Fix: Avoid rare thread safety issue accessing message digest map. + Fix: Improve statistics collection for upgraded connections under load. + Fix: Align validation of HTTP trailer fields with standard fields. + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, CVE-2023-44487) * jdbc-pool + Fix: 67664: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 9.0.81 that broke the jdbc-pool. * Jasper + Fix: 67080: Improve performance of EL expressions in JSPs that use implicit objects- Update to Tomcat 9.0.80 * Catalina + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks + Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop() methods. + Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. + 66513: Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. + 66609: Ensure that the default servlet correctly escapes file names in directory listings when using XML output. + 66618: Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. + 66621: Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. + 66622: Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false as support for the associated HTTP header has been removed from all major browsers. + 59232: Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. + 66665: Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping from a properties file. + Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false. + Add utility config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible. + Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. + Make parsing of ExtendedAccessLogValve patterns more robust. + Fix failure trying to persist configuration for an internal credential handler. + 66680: When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. + Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. + 66822: Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. + The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. + If an application or library sets both a non-500 error code and the javax.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. + Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. + Avoid protocol relative redirects in FORM authentication (CVE-2023-41080, bsc#1214666). * Coyote + Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. + 66602: not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. + 66627: Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion. + 66635: Correct certificate logging on start-up so it differentiates between keystore based keys/certificates and PEM file based keys/certificates and logs the relevant information for each. + Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. + Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. + Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. + Refactor HTTP/2 implementation to reduce pinning when using virtual threads. + Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. + 66841: Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. + 66842: When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. + Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. * WebSocket + 66548: Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. + Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. + Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed. + 66681: Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. * Web applications + Documentation. Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property. + 66662: Documentation. Fix a typo in the name of the algorithms attribute in the configuration section for the Digest authentication value. + Documentation. Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * jdbc-pool + Fix the releaseIdleCounter does not increment when testAllIdle releases them. + Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. * Other + Update to Commons Daemon 1.3.4. + Improvements to French translations. + Update Checkstyle to 10.12.0. + Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built with with OpenSSL 1.1.1u. + Include the Windows specific binary distributions in the files uploaded to Maven Central. + Improvements to French translations. + Improvements to Japanese translations. + Update UnboundID to 6.0.9. + Update Checkstyle to 10.12.1. + Update BND to 6.4.1. + Update JSign to 5.0. + Correct properties for JSign dependency. + Align documentation for maxParameterCount to match hard-coded defaults. + Update NSIS to 3.0.9. + Update Checkstyle to 10.12.2. + Improvements to French translations. + Improvements to Japanese translations. + 66829: Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. + Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v. + Improvements to Chinese translations. + Improvements to French translations. + Improvements to Japanese translations - Removed patch: * tomcat-9.0.75-CVE-2023-41080.patch + integrated in this version- Fixed CVEs: * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666) - Added patches: * tomcat-9.0.75-CVE-2023-41080.patch- Modified patch: * tomcat-9.0-osgi-build.patch + make it more robust to change in number of artifacts in bnd + do not enumerate jars, just take all jars from the aqute-bnd directory into the classpath- Require(pre) shadow because groupadd is needed early- Update to Tomcat 9.0.75. * See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt) * Fixes: + bsc#1211608, CVE-2023-28709 + bsc#1208513, CVE-2023-24998 (previous incomplete fix) - Remove patches: * tomcat-9.0-CVE-2021-30640.patch * tomcat-9.0-CVE-2021-33037.patch * tomcat-9.0-CVE-2021-41079.patch * tomcat-9.0-CVE-2022-23181.patch * tomcat-9.0-NPE-JNDIRealm.patch * tomcat-9.0-hardening_getResources.patch * tomcat-9.0.43-CVE-2021-43980.patch * tomcat-9.0.43-CVE-2022-42252.patch * tomcat-9.0.43-CVE-2022-45143.patch * tomcat-9.0.43-CVE-2023-24998.patch * tomcat-9.0.43-CVE-2023-28708.patch + integrated in this version * tomcat-9.0.43-java8compat.patch + problem with Java 8 compatibility solved in this version - Modified patch: * tomcat-9.0.31-secretRequired-default.patch - > tomcat-9.0.75-secretRequired-default.patch + rediffed to changed context * tomcat-9.0-javadoc.patch + drop integrated hunks * tomcat-9.0-osgi-build.patch + fix to work with current version - Added patch: * tomcat-9.0-jdt.patch + fix build against our ecj- Fixed CVEs: * CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840) - Added patches: * tomcat-9.0.43-CVE-2022-45143.patch- Fixed CVEs: * CVE-2023-28708: tomcat: not including the secure attribute causes information disclosure (bsc#1209622) - Added patches: * tomcat-9.0.43-CVE-2023-28708.patch- Fixed CVEs: * CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513) - Added patches: * tomcat-9.0.43-CVE-2023-24998.patch- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt - use logrotate for catalina.out * update tomcat-serverxml-tool and spec to configure server.xml - Added patch: * tomcat-9.0-logrotate_everything.patch * tomcat-serverxml-tool.tar.gz - Removed: * tomcat-serverxml-tool-1.0.tar.gz- Use catalina.out for logging (bsc#1205647) - Added patches: * tomcat-9.0-fix_catalina.patch- Fixed CVEs: * CVE-2022-42252: reject invalid content-length requests. (bsc#1204918) - Added patches: * tomcat-9.0.43-CVE-2022-42252.patch- Fixed CVEs: * CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868) - Added patches: * tomcat-9.0.43-CVE-2021-43980.patch- Do not hardcode /usr/libexec but use %%_libexecdir during the build * Fixes for platforms, where /usr/libexec and %%_libexecdir are different- Fix bsc#1201081 by building with release=8 all files that can be built this way. The one file remaining, build it with source=8 and target=8 - Modified patch: * tomcat-9.0.43-java8compat.patch + Do not cast ByteBuffer to Buffer to call the Java 8 compatible methods. Build with release=8 instead- Security hardening. Deprecate getResources() and always return null. (bsc#1198136) - Added patch: tomcat-9.0-hardening_getResources.patch- Remove dependency on log4j/reload4j completely (bsc#1196137)- Do not build against the log4j12 packages, use the new reload4j- Fixed CVEs: * CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) - Added patches: * tomcat-9.0-CVE-2022-23181.patch- remove instance units from post scripts, they can not be reloaded- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) - Added patch: * tomcat-9.0-NPE-JNDIRealm.patch- Modified patch: * tomcat-9.0-osgi-build.patch + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0- Fixed CVEs: * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279) * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278) - Added patches: * tomcat-9.0-CVE-2021-30640.patch * tomcat-9.0-CVE-2021-33037.patch- Fixed CVEs: * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558) - Added patches: * tomcat-9.0-CVE-2021-41079.patch- Update to Tomcat 9.0.43. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt) - Removed Patches because fixed upstream now: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch - Rebased patch: tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch- Update to Tomcat 9.0.41. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)- Update to Tomcat 9.0.40. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt) - Removed Patches because fixed upstream now: * tomcat-9.0-CVE-2020-17527.patch * tomcat-9.0-CVE-2021-24122.patch- Fixed CVEs: * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) - Added patches: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947) - Added patch: * tomcat-9.0-CVE-2021-24122.patch- Update to Tomcat 9.0.39. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt) - Rebased patches: * tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch- Update to Tomcat 9.0.38. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt) - Rebased patches: * tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch - Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now- Update to Tomcat 9.0.37. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt) - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) - Rebased patches: * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602) - Added patch: * tomcat-9.0-CVE-2020-17527.patch- Add source url for tomcat-serverxml-tool - Fix typo in tomcat-webapps %postun that caused /examples context to remain in server.xml when package was removed - Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They're not used anymore becuse of systemd (bsc#1178396)- Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. (bsc#1092163) - Change default file ownership in tomcat-webapps from tomcat:tomcat to root:tomcat- Fix CVE-2020-13943 (bsc#1177582) - Added patch: * tomcat-9.0-CVE-2020-13943.patch - Change /usr/lib/tomcat to /usr/libexec/tomcat in startup scripts (bsc#1177601)- Replace old specfile constructs. Remove support for SUSE 11.x. - Drop %systemd_requires, which is considered a no-op. - Trim redundant license mention from description. - Make documentation noarch. - Do not suppress errors from useradd.- Avoid hardcoding /usr/lib as libexecdir- Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562) - Change tomcat.pid location from /var/run to /run (bsc#1173103) - Use the /sbin/nologin shell when creating the tomcat user - Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly- Update to Tomcat 9.0.36. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt) - Fixed CVEs: CVE-2020-11996 (bsc#1173389)- Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) - Fixed CVEs: - CVE-2020-9484 (bsc#1171928) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch- Update to Tomcat 9.0.34. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt) - Notable changes: * Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann. * When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230. * Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.- Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt) - Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch- Change default value of AJP connector secretRequired to false - Added patch: * tomcat-9.0.31-secretRequired-default.patch- Update to Tomcat 9.0.31. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: * CVE-2019-17569 (bsc#1164825) * CVE-2020-1935 (bsc#1164860) * CVE-2020-1938 (bsc#1164692) - Modified patch * tomcat-9.0.30-java8compat.patch - > tomcat-9.0.31-java8compat.patch + Adapt to changed context- Modified patch: * tomcat-9.0.30-java8compat.patch + add missing casts (bsc#1162081)- Change back the build to build with any Java >= 1.8 - Added patch: * tomcat-9.0.30-java8compat.patch + Cast java.nio.ByteBuffer and java.nio.CharBuffer to java.nio.Buffer in order to avoid calling Java 9+ APIs (functions with co-variant return types) - Renamed patch: * tomcat-9.0-disable-osgi-build.patch - > tomcat-9.0-osgi-build.patch + Do not disable, but fix OSGi build since we have now aqute-bnd- Change build to always use Java 1.8 (bsc#1161025).- Update to Tomcat 9.0.30. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: - CVE-2019-0221 (bsc#1136085) - CVE-2019-10072 (bsc#1139924) - CVE-2019-12418 (bsc#1159723) - CVE-2019-17563 (bsc#1159729) - Removed patch: * tomcat-9.0-JDTCompiler-java.patch + It was not applied- Update to Tomcat 9.0.27. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt) - Uset aqute-bnd to generate OSGi manifest, since we have that package now in openSUSE:Factory - Removed patch: * tomcat-9.0-disable-osgi-build.patch + not needed- Add maven pom files for tomcat-jni and tomcat-jaspic-api- Distribute the pom file also for tomcat-util-scan artifact- Build against compatibility log4j12 package- Adapt to the new ecj directory layout- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini- Update to Tomcat 9.0.20. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt) - increase maximum number of threads and open files for tomcat (bsc#1111966)- Update to Tomcat 9.0.19. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) Notable packaging changes: - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. The classes contained in this jar were merged into /usr/share/java/tomcat/catalina.jar. - Fixed CVEs: - CVE-2019-0199 (bsc#1131055) - Rebased patch: - tomcat-9.0-JDTCompiler-java.patch - tomcat-9.0-javadoc.patch- Build classpath directly with the geronimo jars instead of with symlinks to them- Don't overwrite changes made to server.xml contexts when updating bundled webapps.- Set javac target to 1.8 when building docs samples and serverxmltool- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps (bsc#1092341). Affected packages: - tomcat-webapps - tomcat-admin-webapps - tomcat-docs-webapp - Remove %doc directive from tomcat-docs-webapps files section so that zypper installs files even if rpm.install.excludedocs is set to yes.- Require Java 1.8 or later (bsc#1123407)- Clean up OSGi manifest injection - Put embed maven metadata into embed subpackage - Use the .mfiles* lists generated by %%add_maven_depmap macro- Fix tomcat-tool-wrapper classpath error (bsc#1120745)- Fix tomcat-digest classpath error (bsc#1120745)- Update to Tomcat 9.0.14. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)- Add pom files for tomcat-jdbc and tomcat-dbcp - Add org.eclipse.jetty.orbit* aliases to correspondant artifacts- Update to Tomcat 9.0.13. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)- Update to Tomcat 9.0.12. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt) - Fixed CVEs: - CVE-2018-11784 (bsc#1110850) - Rebased patches: - tomcat-9.0-disable-osgi-build.patch - tomcat-9.0-javadoc.patch - tomcat-9.0-sle.catalina.policy.patch - tomcat-9.0-tomcat-users-webapp.patch- Declare following files to config(noreplace) to prevent override access rights: - host-manager/META-INF/context.xml - manager/META-INF/context.xml- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's configuration during update (bsc#1067720)- Update to Tomcat 9.0.10. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) - Fixed CVEs: - CVE-2018-1336 (bsc#1102400) - CVE-2018-8014 (bsc#1093697) - CVE-2018-8034 (bsc#1102379) - CVE-2018-8037 (bsc#1102410) - Rebased patch tomcat-9.0-JDTCompiler-java.patch - Added patch tomcat-9.0-disable-osgi-build.patch to disable adding OSGi metadata to JAR files- Update to Tomcat 9.0.5. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)- Modified patch: * tomcat-9.0-javadoc.patch + Don't append to javadoc --add-modules since we are building with source=8 + Avoid accessing Internet URLs from build environment- Update to Tomcat 9.0.2: * Major update for tomcat8 from tomcat9 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html * Rename all tomcat-8.0-* files to tomcat-9.0-* - Changed patches: * Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-8.0-sle.catalina.policy.patch * Deleted: tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-8.0.33-JDTCompiler-java.patch * Deleted: tomcat-8.0.44-javadoc.patch * Deleted: tomcat-8.0.9-property-build.windows.patch * Added: tomcat-9.0-JDTCompiler-java.patch * Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch * Added: tomcat-9.0-javadoc.patch * Added: tomcat-9.0-sle.catalina.policy.patch * Added: tomcat-9.0-tomcat-users-webapp.patch - Renamed subpackage tomcat-3_1-api to tomcat-4_0-api to reflect the new Servlet API version. - Commented out JAVA_HOME in /etc/tomcat/tomcat.conf - Added "tomcat-" prefix to lib symlinks under /usr/share/java to avoid file conflicts with servletapi5 and geronimo-specs - Fixed wrong %ghost file paths for alternatives symlinks- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Build with JDK 8 to fix runtime errors when running with JDK 7 and 8 - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016)- update to 8.0.47 http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-12617 - rebase tomcat-8.0-sle.catalina.policy.patch- Added patch: * tomcat-8.0.44-javadoc.patch - generate documentation with the same source level as class files - fixes build with jdk9- Version update to 8.0.44: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-5664 (bsc#1042910)- New build dependency: javapackages-local- Version update to 8.0.43: * Another bugfix release, for full details see: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVEs: - CVE-2017-5647 (bnc#1033448) - CVE-2017-5648 (bnc#1033447) - CVE-2016-8745 - Renamed and rebased patches: * tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch - Enable optional setenv.sh script. See section "(3.4) Using the "setenv" script (optional, recommended)" in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt (bnc#1002662) - Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412). Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api, tomcat-servlet-3_0-api- update to 8.0.39: (boo#1003911) * Improve handling of I/O errors with async processing * Fail earlier on invalid HTTP request - includes changes from 8.0.38: * Refactoring the non-container thread Async complete()/dispatch() handling to remove the possibility of deadlock * Improved UTF-8 handling for the RewriteValve - includes changes from 8.0.37: * Treat paths used to obtain a request dispatcher as encoded (configurable) * Various jdbc-pool fixes - drop tomcat-8.0.36-jar-scanner-loop.patch, upstream- Switch to commons-dbcp2 fate#321029- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862) Added: tomcat-8.0.36-jar-scanner-loop.patch- Version update to 8.0.36: * Another bugfix release for the 8.0 series. Full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt) - CVE fixed by the version update: - CVE-2016-3092 (bnc#986359) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources- fix maven fragments paths to build in multiple distribution versions- Version update to 8.0.33: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt) - Rebase tomcat-8.0-tomcat-users-webapp.patch - Rebase tomcat-7.0.53-JDTCompiler-java.patch to tomcat-8.0.33-JDTCompiler-java.patch- Fix fixme for the prereq preamble value - It seems systemd prints error on adding the @ services to macros so do not do that- package was partly merged with the scripts used in the Fedora distribution - support running multiple tomcat instances on the same server (fate#317783) - add catalina-jmx-remote.jar (fate#318403) - remove sysvinit support: systemd is required- update changes file for CVE information - Fixed CVEs: - CVE-2015-5346 (bnc#967814) in 8.0.32 - CVE-2015-5351 (bnc#967812) in 8.0.32 - CVE-2016-0706 (bnc#967815) in 8.0.32 - CVE-2016-0714 (bnc#967964) in 8.0.32 - CVE-2016-0763 (bnc#967966) in 8.0.32 - CVE-2015-5345 (bnc#967965) in 8.0.30 - CVE-2015-5174 (bnc#967967) in 8.0.27- Version update to 8.0.32: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt) - Rebase patch: * tomcat-8.0.9-property-build.windows.patch- update to Tomcat 8.0.28 * Multiple fixes, read upstream changelog at: https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)- Some whitespace cleanups- Remove pointless conflicts on provide/obsolete symbols- Version bump to 8.0.23 fate#318913: * Multiple testfixes all around, read upstream changelog at: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)- Fix previous commit. Fix one rpmlint warning- Drop gpg verification from spec, it is done by obs- Fix build with new jpackage-tools- update to Tomcat 8.0.18: * Major update for tomcat8 from tomcat7 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Rename all tomcat-7.0-* files to tomcat-8.0-* * Update keyring file - Update windows patch to apply again: * Deleted: tomcat-7.0.52-property-build.windows.patch * Added: tomcat-8.0.9-property-build.windows.patch * Added:tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-7.0-tomcat-users-webapp.patch * Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch- Version 1.1.30 or higher is required for APR listener (bnc#914725)/bin/shh04-ch1b 1710225883  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{$}~10.1.18-150200.5.17.1    docsBUILDING.txtMETA-INFcontext.xmlRELEASE-NOTES.txtRUNNING.txtWEB-INFjsp403.jspweb.xmlaio.htmlannotationapiindex.htmlapiindex.htmlappdevbuild.xml.txtdeployment.htmlindex.htmlinstallation.htmlintroduction.htmlprocesses.htmlsamplebuild.xmldocsREADME.txtindex.htmlsrcmypackageHello.javawebWEB-INFweb.xmlhello.jspimagestomcat.gifindex.htmlsource.htmlweb.xml.txtapr.htmlarchitectureindex.htmloverview.htmlrequestProcessrequestProcess.htmlauthentication-process.pngrequest-process.pngstartupstartup.htmlserverStartup.pdfserverStartup.txtbalancer-howto.htmlbuilding.htmlcdi.htmlcgi-howto.htmlchangelog.htmlclass-loader-howto.htmlcluster-howto.htmlcomments.htmlconfigajp.htmlautomatic-deployment.htmlcluster-channel.htmlcluster-deployer.htmlcluster-interceptor.htmlcluster-listener.htmlcluster-manager.htmlcluster-membership.htmlcluster-receiver.htmlcluster-sender.htmlcluster-valve.htmlcluster.htmlcontext.htmlcookie-processor.htmlcredentialhandler.htmlengine.htmlexecutor.htmlfilter.htmlglobalresources.htmlhost.htmlhttp.htmlhttp2.htmlindex.htmljar-scan-filter.htmljar-scanner.htmljaspic.htmllisteners.htmlloader.htmlmanager.htmlrealm.htmlresources.htmlserver.htmlservice.htmlsessionidgenerator.htmlsystemprops.htmlvalve.htmlconnectors.htmldefault-servlet.htmldeployer-howto.htmldevelopers.htmlelapiindex.htmlgraal.htmlhost-manager-howto.htmlhtml-host-manager-howto.htmlhtml-manager-howto.htmlimagesadd.gifasf-logo.svgcode.gifcors-flowchart.pngdesign.gifdocs-stylesheet.cssdocs.giffix.giffontsOpenSans400.woffOpenSans400italic.woffOpenSans600.woffOpenSans600italic.woffOpenSans700.woffOpenSans700italic.wofffonts.csstomcat.giftomcat.pngupdate.gifvoid.gifindex.htmlintroduction.htmljasper-howto.htmljaspicapiindex.htmljdbc-pool.htmljndi-datasource-examples-howto.htmljndi-resources-howto.htmljspapiindex.htmllogging.htmlmanager-howto.htmlmaven-jars.htmlmbeans-descriptors-howto.htmlmbeans-descriptors.dtdmonitoring.htmlproxy-howto.htmlrealm-howto.htmlrewrite.htmlsecurity-howto.htmlsecurity-manager-howto.htmlservletapiindex.htmlsetup.htmlssi-howto.htmlssl-howto.htmltribesdevelopers.htmlfaq.htmlinterceptors.htmlintroduction.htmlmembership.htmlsetup.htmlstatus.htmltransport.htmlvirtual-hosting-howto.htmlweb-socket-howto.htmlwebsocketapiindex.htmlwindows-auth-howto.htmlwindows-service-howto.html/usr/share/tomcat/tomcat-webapps//usr/share/tomcat/tomcat-webapps/docs//usr/share/tomcat/tomcat-webapps/docs/META-INF//usr/share/tomcat/tomcat-webapps/docs/WEB-INF//usr/share/tomcat/tomcat-webapps/docs/WEB-INF/jsp//usr/share/tomcat/tomcat-webapps/docs/annotationapi//usr/share/tomcat/tomcat-webapps/docs/api//usr/share/tomcat/tomcat-webapps/docs/appdev//usr/share/tomcat/tomcat-webapps/docs/appdev/sample//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/docs//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/src//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/src/mypackage//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/web//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/web/WEB-INF//usr/share/tomcat/tomcat-webapps/docs/appdev/sample/web/images//usr/share/tomcat/tomcat-webapps/docs/architecture//usr/share/tomcat/tomcat-webapps/docs/architecture/requestProcess//usr/share/tomcat/tomcat-webapps/docs/architecture/startup//usr/share/tomcat/tomcat-webapps/docs/config//usr/share/tomcat/tomcat-webapps/docs/elapi//usr/share/tomcat/tomcat-webapps/docs/images//usr/share/tomcat/tomcat-webapps/docs/images/fonts//usr/share/tomcat/tomcat-webapps/docs/jaspicapi//usr/share/tomcat/tomcat-webapps/docs/jspapi//usr/share/tomcat/tomcat-webapps/docs/servletapi//usr/share/tomcat/tomcat-webapps/docs/tribes//usr/share/tomcat/tomcat-webapps/docs/websocketapi/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:32932/SUSE_SLE-15-SP2_Update/83ac4e33d10a6c6d3051fb7e42b36d37-tomcat10.SUSE_SLE-15-SP2_Updatedrpmxz5noarch-suse-linux       directoryASCII textXML 1.0 document, ASCII textHTML document, ASCII textHTML document, ASCII text, with very long linesexported SGML document, ASCII textPerl5 module source, ASCII textGIF image data, version 89a, 146 x 92PNG image data, 1873 x 846, 8-bit/color RGB, non-interlacedPNG image data, 2901 x 1431, 8-bit/color RGB, non-interlacedHTML document, UTF-8 Unicode text, with very long linesGIF image data, version 89a, 20 x 20SVG Scalable Vector Graphics imagePNG image data, 976 x 756, 8-bit/color RGB, non-interlacedWeb Open Font Format, TrueType, length 21956, version 1.1Web Open Font Format, TrueType, length 21092, version 1.1Web Open Font Format, TrueType, length 22604, version 1.1Web Open Font Format, TrueType, length 21252, version 1.1Web Open Font Format, TrueType, length 22748, version 1.1Web Open Font Format, TrueType, length 21184, version 1.1PNG image data, 146 x 92, 8-bit/color RGBA, non-interlacedGIF image data, version 89a, 1 x 1=[Fߡ)putf-88902490a299fdc37b773eef2052dc496208d976eb14e90c59bf20616c63fb62e?7zXZ !t/]"k%3fhn?Q ό$܈ʹZ48cx4=y! Gm`H8Y*X%N.MCO2IHx;ӌ{ӟ6H0 c]I[ 9|#(Zf{&#m[XΪ02&f`\5ʿZn#t~eU޼d@fW4(e=imt_aq_I{P'Y7P3,v*+{-RSM`I3y \w)eѳ Rơ@Rc?Bѝ*=Fruh%G]Ї$ LE)1out{'-VOP7'IgH%(} :FX^&<=Oy!, Q-m-B[}P`;&Sc`wA7.ߘo;,v5)oμܓ+Fnh]ɓ֘+x@Ifx0oH[hUKw#zI--iVL4+n)Sq]rYzۚLs_nXVgCET*#ws#thy+[Ӡ6Dk]x.F-VNKj7[7H~D4<.ɭ/.[{{wdύ]8m7 G=6,0mN$5XB%Lg]È݌/I 2'@ˠg#F/?Px:lbK? Hw#inrƛHugRy TPPH pq_SUM'~0E:0YNrQ5ݿڻEr|FOs):uM_6 \_c.;*aFC)]Ɋa}(RIvsm,lYv蘡|K(&a@tTW ”wV?Ϸ^FN4,!>\W6SَDHaXp3 6@RIf}~;:jvm>dA(sѥo<.PQ7 .2Zn;Z^~o/B鴞 [Cl23T uI45P]t-$kpzHA1 A`AUUۗPfg]ѤR;Jug깉 ʑF~ 2`-;~S'yoҴa7KR d)@dXWg/,PψM4⪧aU ư; g8p]1=ǚWAC|CNcK?|H1gu