View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/tomcat8
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2019-03-12 18:14:55 UTC 2019-03-12
DSC file for 8.5.38-2ubuntu1~18.04.1

Author: Ubuntu Git Importer
Author Date: 2019-03-12 18:14:55 UTC

DSC file for 8.5.38-2ubuntu1~18.04.1

ubuntu/bionic-devel 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-pro...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9119d05bcb38abb71996142102aa73372881aa58

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/bionic-devel 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bion...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: bf3e70a82bc3f28c3edb32969756b6c97f876bcb
Unapplied parent: 0173aa892bd1b578472d2e84eca1ec6731c72b94

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/bionic-proposed 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bion...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: bf3e70a82bc3f28c3edb32969756b6c97f876bcb
Unapplied parent: 0173aa892bd1b578472d2e84eca1ec6731c72b94

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/cosmic-proposed 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bion...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: bf3e70a82bc3f28c3edb32969756b6c97f876bcb
Unapplied parent: 0173aa892bd1b578472d2e84eca1ec6731c72b94

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/cosmic-devel 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-pro...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9119d05bcb38abb71996142102aa73372881aa58

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/cosmic-proposed 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-pro...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9119d05bcb38abb71996142102aa73372881aa58

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/cosmic-devel 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bion...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-applied version 8.5.38-2ubuntu1~18.04.1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: bf3e70a82bc3f28c3edb32969756b6c97f876bcb
Unapplied parent: 0173aa892bd1b578472d2e84eca1ec6731c72b94

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/bionic-proposed 2019-03-12 17:57:21 UTC 2019-03-12
Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-pro...

Author: Matthias Klose
Author Date: 2019-03-12 16:18:21 UTC

Import patches-unapplied version 8.5.38-2ubuntu1~18.04.1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9119d05bcb38abb71996142102aa73372881aa58

New changelog entries:
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/disco 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b6cc2d19934cb01a947d304ac9d4569c5f00b172

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/disco 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 07a6e52d02255a18cb8d7035ffe189676fb93574
Unapplied parent: 0a1def3055ef0d5706eda1e5ff79260d6b400fb8

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

ubuntu/devel 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b6cc2d19934cb01a947d304ac9d4569c5f00b172

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/devel 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 07a6e52d02255a18cb8d7035ffe189676fb93574
Unapplied parent: 0a1def3055ef0d5706eda1e5ff79260d6b400fb8

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

ubuntu/disco-devel 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b6cc2d19934cb01a947d304ac9d4569c5f00b172

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

ubuntu/disco-proposed 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-unapplied version 8.5.38-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b6cc2d19934cb01a947d304ac9d4569c5f00b172

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/disco-proposed 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 07a6e52d02255a18cb8d7035ffe189676fb93574
Unapplied parent: 0a1def3055ef0d5706eda1e5ff79260d6b400fb8

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/disco-devel 2019-02-27 08:18:13 UTC 2019-02-27
Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-02-27 08:13:46 UTC

Import patches-applied version 8.5.38-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 07a6e52d02255a18cb8d7035ffe189676fb93574
Unapplied parent: 0a1def3055ef0d5706eda1e5ff79260d6b400fb8

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

importer/debian/dsc 2019-02-27 05:00:29 UTC 2019-02-27
DSC file for 8.5.38-2

Author: Ubuntu Git Importer
Author Date: 2019-02-27 05:00:29 UTC

DSC file for 8.5.38-2

debian/buster 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2 to debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-unapplied version 8.5.38-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b770602c883d9a905b4b905a10977ae673ad4c1d

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

debian/sid 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2 to debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-unapplied version 8.5.38-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b770602c883d9a905b4b905a10977ae673ad4c1d

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

applied/debian/buster 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-applied version 8.5.38-2 to applied/debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-applied version 8.5.38-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 66ae6004d61442a46180b3e0e7610edea84523f9
Unapplied parent: 70cfa98dbc1dfacf73319cc96df65a34062ba1bc

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

applied/debian/sid 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-applied version 8.5.38-2 to applied/debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-applied version 8.5.38-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 66ae6004d61442a46180b3e0e7610edea84523f9
Unapplied parent: 70cfa98dbc1dfacf73319cc96df65a34062ba1bc

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

ubuntu/xenial-devel 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 99fabbf378b9a713124ef689606c1b2b5f8d4e70

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

ubuntu/xenial-proposed 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 99fabbf378b9a713124ef689606c1b2b5f8d4e70

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

applied/ubuntu/xenial-devel 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-pro...

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 260b08ffc3b4689a7f5f1b31045dfbd2f6704f28
Unapplied parent: abf130027e9cd47acdac05a0ab7c3248c15880d4

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

applied/ubuntu/xenial-proposed 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-pro...

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 260b08ffc3b4689a7f5f1b31045dfbd2f6704f28
Unapplied parent: abf130027e9cd47acdac05a0ab7c3248c15880d4

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

applied/ubuntu/xenial-updates 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-pro...

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 260b08ffc3b4689a7f5f1b31045dfbd2f6704f28
Unapplied parent: abf130027e9cd47acdac05a0ab7c3248c15880d4

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

ubuntu/xenial-updates 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 99fabbf378b9a713124ef689606c1b2b5f8d4e70

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

applied/debian/stretch 2018-11-10 17:18:32 UTC 2018-11-10
Import patches-applied version 8.5.14-1+deb9u3 to applied/debian/stretch

Author: Markus Koschany
Author Date: 2018-08-24 19:44:12 UTC

Import patches-applied version 8.5.14-1+deb9u3 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 0bd25f59af0183699d5bca56160fdadc2f3740dd
Unapplied parent: 6294ec78d682cfb1ea7fca9d7ffcfc719e96932d

New changelog entries:
  [ Emmanuel Bourg ]
  * Fixed CVE-2018-1304: Security constraints mapped to context root are
    ignored. The URL pattern of "" (the empty string) which exactly maps to the
    context root was not correctly handled when used as part of a security
    constraint definition. This caused the constraint to be ignored. It was,
    therefore, possible for unauthorised users to gain access to web
    application resources that should have been protected. Only security
    constraints with a URL pattern of the empty string were affected.
  * Fixed CVE-2018-1305: Security constraint annotations applied too late.
    Security constraints defined by annotations of Servlets were only applied
    once a Servlet had been loaded. Because security constraints defined in
    this way apply to the URL pattern and any URLs below that point, it was
    possible - depending on the order Servlets were loaded - for some security
    constraints not to be applied. This could have exposed resources to users
    who were not authorised to access them.
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)
  [ Markus Koschany ]
  * Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder
    with supplementary characters can lead to an infinite loop in the decoder
    causing a Denial of Service.
  * Fix CVE-2018-8034: The host name verification when using TLS with the
    WebSocket client was missing. It is now enabled by default.
  * Fix CVE-2018-8037: If an async request was completed by the application at
    the same time as the container triggered the async timeout, a race condition
    existed that could result in a user seeing a response intended for a
    different user. An additional issue was present in the NIO and NIO2
    connectors that did not correctly track the closure of the connection when an
    async request was completed by the application and timed out by the container
    at the same time. This could also result in a user seeing a response intended
    for another user.

debian/stretch 2018-11-10 17:18:32 UTC 2018-11-10
Import patches-unapplied version 8.5.14-1+deb9u3 to debian/stretch

Author: Markus Koschany
Author Date: 2018-08-24 19:44:12 UTC

Import patches-unapplied version 8.5.14-1+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: f0364fed3a05e43590126ea5fcf900b56ddfa9e9

New changelog entries:
  [ Emmanuel Bourg ]
  * Fixed CVE-2018-1304: Security constraints mapped to context root are
    ignored. The URL pattern of "" (the empty string) which exactly maps to the
    context root was not correctly handled when used as part of a security
    constraint definition. This caused the constraint to be ignored. It was,
    therefore, possible for unauthorised users to gain access to web
    application resources that should have been protected. Only security
    constraints with a URL pattern of the empty string were affected.
  * Fixed CVE-2018-1305: Security constraint annotations applied too late.
    Security constraints defined by annotations of Servlets were only applied
    once a Servlet had been loaded. Because security constraints defined in
    this way apply to the URL pattern and any URLs below that point, it was
    possible - depending on the order Servlets were loaded - for some security
    constraints not to be applied. This could have exposed resources to users
    who were not authorised to access them.
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)
  [ Markus Koschany ]
  * Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder
    with supplementary characters can lead to an infinite loop in the decoder
    causing a Denial of Service.
  * Fix CVE-2018-8034: The host name verification when using TLS with the
    WebSocket client was missing. It is now enabled by default.
  * Fix CVE-2018-8037: If an async request was completed by the application at
    the same time as the container triggered the async timeout, a race condition
    existed that could result in a user seeing a response intended for a
    different user. An additional issue was present in the NIO and NIO2
    connectors that did not correctly track the closure of the connection when an
    async request was completed by the application and timed out by the container
    at the same time. This could also result in a user seeing a response intended
    for another user.

ubuntu/xenial-security 2018-10-10 14:33:15 UTC 2018-10-10
Import patches-unapplied version 8.0.32-1ubuntu1.8 to ubuntu/xenial-security

Author: Marc Deslauriers
Author Date: 2018-10-09 15:28:36 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 26c63fe5e765b30779685da6c226875e80afe3c6

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

applied/ubuntu/xenial-security 2018-10-10 14:33:15 UTC 2018-10-10
Import patches-applied version 8.0.32-1ubuntu1.8 to applied/ubuntu/xenial-sec...

Author: Marc Deslauriers
Author Date: 2018-10-09 15:28:36 UTC

Import patches-applied version 8.0.32-1ubuntu1.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 5ec7713f2c3000fae9ca60f810f790d5c661b7c7
Unapplied parent: 8abc263ead7e35b677af85ec1f949a1220cecbf1

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

applied/ubuntu/cosmic 2018-09-20 08:33:17 UTC 2018-09-20
Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

ubuntu/cosmic 2018-09-20 08:33:17 UTC 2018-09-20
Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

applied/ubuntu/bionic-updates 2018-08-27 15:13:15 UTC 2018-08-27
Import patches-applied version 8.5.30-1ubuntu1.4 to applied/ubuntu/bionic-sec...

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-applied version 8.5.30-1ubuntu1.4 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 58a7f4e59b581dad867a429d19efb0ca3ce86982
Unapplied parent: b99639f4ac7bd716d98b8f588692af2621b39287

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

ubuntu/bionic-security 2018-08-27 15:13:15 UTC 2018-08-27
Import patches-unapplied version 8.5.30-1ubuntu1.4 to ubuntu/bionic-security

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-unapplied version 8.5.30-1ubuntu1.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: bc82fa2dd13b79d5a91b5ca78457fed17588a7ba

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

ubuntu/bionic-updates 2018-08-27 15:13:15 UTC 2018-08-27
Import patches-unapplied version 8.5.30-1ubuntu1.4 to ubuntu/bionic-security

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-unapplied version 8.5.30-1ubuntu1.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: bc82fa2dd13b79d5a91b5ca78457fed17588a7ba

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

applied/ubuntu/bionic-security 2018-08-27 15:13:15 UTC 2018-08-27
Import patches-applied version 8.5.30-1ubuntu1.4 to applied/ubuntu/bionic-sec...

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-applied version 8.5.30-1ubuntu1.4 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 58a7f4e59b581dad867a429d19efb0ca3ce86982
Unapplied parent: b99639f4ac7bd716d98b8f588692af2621b39287

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

applied/ubuntu/artful-devel 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

ubuntu/artful-updates 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

ubuntu/artful-security 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

ubuntu/artful-devel 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

applied/ubuntu/artful-updates 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

applied/ubuntu/artful-security 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

applied/ubuntu/bionic 2018-04-19 15:59:14 UTC 2018-04-19
Import patches-applied version 8.5.30-1ubuntu1 to applied/ubuntu/bionic-proposed

Author: Timo Aaltonen
Author Date: 2018-04-19 11:53:19 UTC

Import patches-applied version 8.5.30-1ubuntu1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: b10e93df8b71ff5e193436278f00ad01910247b9
Unapplied parent: a92e28b95dd5ca91413b323b3c49bb18b4da6b45

New changelog entries:
  * control: Break/replace tomcat8.0 binaries. (LP: #1717998)

ubuntu/bionic 2018-04-19 15:59:14 UTC 2018-04-19
Import patches-unapplied version 8.5.30-1ubuntu1 to ubuntu/bionic-proposed

Author: Timo Aaltonen
Author Date: 2018-04-19 11:53:19 UTC

Import patches-unapplied version 8.5.30-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 5fa6efd6d465677fdae1bc27517674a340cc8a2d

New changelog entries:
  * control: Break/replace tomcat8.0 binaries. (LP: #1717998)

importer/ubuntu/pristine-tar 2018-03-22 15:52:52 UTC 2018-03-22
pristine-tar data for tomcat8_8.5.29.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-22 15:52:52 UTC

pristine-tar data for tomcat8_8.5.29.orig.tar.xz

importer/debian/pristine-tar 2018-03-15 17:51:13 UTC 2018-03-15
pristine-tar data for tomcat8_8.5.29.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-15 17:51:13 UTC

pristine-tar data for tomcat8_8.5.29.orig.tar.xz

ubuntu/zesty-updates 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

applied/ubuntu/zesty-devel 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

applied/ubuntu/zesty-security 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

applied/ubuntu/zesty-updates 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

ubuntu/zesty-devel 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

ubuntu/zesty-security 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

debian/jessie 2017-12-09 17:57:37 UTC 2017-12-09
Import patches-unapplied version 8.0.14-1+deb8u11 to debian/jessie

Author: Sebastien Delafond
Author Date: 2017-09-15 11:18:33 UTC

Import patches-unapplied version 8.0.14-1+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 95750ce33e7f1b757023f0ac82d00af354758800

New changelog entries:
  * Fix CVE-2017-7674:
    The CORS Filter did not add an HTTP Vary header indicating that the
    response varies depending on Origin. This permitted client and server side
    cache poisoning in some circumstances.

applied/debian/jessie 2017-12-09 17:57:37 UTC 2017-12-09
Import patches-applied version 8.0.14-1+deb8u11 to applied/debian/jessie

Author: Sebastien Delafond
Author Date: 2017-09-15 11:18:33 UTC

Import patches-applied version 8.0.14-1+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 5030667b8a2fd232cd52392cf7ee2431681b03c1
Unapplied parent: d3ea47f06ac9c862803455ad23a1028d423f36e8

New changelog entries:
  * Fix CVE-2017-7674:
    The CORS Filter did not add an HTTP Vary header indicating that the
    response varies depending on Origin. This permitted client and server side
    cache poisoning in some circumstances.

ubuntu/artful 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0043fa8fb52ee4ad9afb9be91cd75d3617fe5f3e

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

ubuntu/artful-proposed 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0043fa8fb52ee4ad9afb9be91cd75d3617fe5f3e

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

applied/ubuntu/artful 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f0b00255f61060fc896d34114b94eb2764535856
Unapplied parent: 2d47a0810ea5b8ffc09a8430f121402ed28bd8b5

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

applied/ubuntu/artful-proposed 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f0b00255f61060fc896d34114b94eb2764535856
Unapplied parent: 2d47a0810ea5b8ffc09a8430f121402ed28bd8b5

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

applied/ubuntu/yakkety-proposed 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-pr...

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/yakkety-devel 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-pr...

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/yakkety-updates 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/yakkety-proposed 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/yakkety-devel 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/yakkety-updates 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-pr...

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/zesty-proposed 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 94b822743270fec9e1da46dcb3a1a7a92ea08dc8
Unapplied parent: c3066e65134d587314d36bebf16898bbca0bd449

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/zesty 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 94b822743270fec9e1da46dcb3a1a7a92ea08dc8
Unapplied parent: c3066e65134d587314d36bebf16898bbca0bd449

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/zesty 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8fcde4802291510660959842797a577db834e965

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/zesty-proposed 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8fcde4802291510660959842797a577db834e965

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/yakkety-security 2017-01-23 18:13:30 UTC 2017-01-23
Import patches-unapplied version 8.0.37-1ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-01-13 15:48:08 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: f250774836a3e9a7ba945f4c2cdabb1cf1950309

New changelog entries:
  * SECURITY UPDATE: HTTP response injection via invalid characters
    - debian/patches/CVE-2016-6816.patch: add additional checks for valid
      characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
      java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/http/parser/HttpParser.java.
    - CVE-2016-6816
  * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
    - debian/patches/CVE-2016-8735.patch: explicitly configure allowed
      credential types in
      java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
    - CVE-2016-8735
  * SECURITY UPDATE: information leakage between requests
    - debian/patches/CVE-2016-8745.patch: properly handle cache when unable
      to complete sendfile request in
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2016-8745
  * SECURITY UPDATE: privilege escalation during package upgrade
    - debian/rules, debian/tomcat8.postinst: properly set permissions on
      /etc/tomcat8/Catalina/localhost.
    - CVE-2016-9774
  * SECURITY UPDATE: privilege escalation during package removal
    - debian/tomcat8.postrm.in: don't reset permissions before removing
      user.
    - CVE-2016-9775
  * debian/tomcat8.init: further hardening.

applied/ubuntu/yakkety-security 2017-01-23 18:13:30 UTC 2017-01-23
Import patches-applied version 8.0.37-1ubuntu0.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2017-01-13 15:48:08 UTC

Import patches-applied version 8.0.37-1ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: adafa06c2d373b3edaf5d7f39b18a819855c1899
Unapplied parent: 9d9e980d9bf5abe73d5bd348eb507af2e2e88467

New changelog entries:
  * SECURITY UPDATE: HTTP response injection via invalid characters
    - debian/patches/CVE-2016-6816.patch: add additional checks for valid
      characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
      java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/http/parser/HttpParser.java.
    - CVE-2016-6816
  * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
    - debian/patches/CVE-2016-8735.patch: explicitly configure allowed
      credential types in
      java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
    - CVE-2016-8735
  * SECURITY UPDATE: information leakage between requests
    - debian/patches/CVE-2016-8745.patch: properly handle cache when unable
      to complete sendfile request in
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2016-8745
  * SECURITY UPDATE: privilege escalation during package upgrade
    - debian/rules, debian/tomcat8.postinst: properly set permissions on
      /etc/tomcat8/Catalina/localhost.
    - CVE-2016-9774
  * SECURITY UPDATE: privilege escalation during package removal
    - debian/tomcat8.postrm.in: don't reset permissions before removing
      user.
    - CVE-2016-9775
  * debian/tomcat8.init: further hardening.

debian/experimental 2016-11-18 04:10:16 UTC 2016-11-18
Import patches-unapplied version 8.5.8-1 to debian/experimental

Author: Emmanuel Bourg
Author Date: 2016-11-17 22:54:35 UTC

Import patches-unapplied version 8.5.8-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 39631ff17bee022de3ff0c4b6858031decb14272

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Tomcat no longer builds tomcat-embed-logging-juli.jar
    - Updated the policy files
    - Added a NEWS file detailing the major changes in Tomcat 8.5.x
  * Enabled the APR library loading by default (required for HTTP/2 support)
  * Promoted libtcnative-1 from suggested to recommended dependency
  * Enabled the APR tests
  * Fixed the test failure with TestStandardContextAliases
  * Added a link to the Tomcat 8.5 migration guide in README.Debian
  * Adapted debian/orig-tar.sh to download the 8.5.x releases

applied/debian/experimental 2016-11-18 04:10:16 UTC 2016-11-18
Import patches-applied version 8.5.8-1 to applied/debian/experimental

Author: Emmanuel Bourg
Author Date: 2016-11-17 22:54:35 UTC

Import patches-applied version 8.5.8-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4eca5cbc62672d48bf49e35b10eb60e742c8e903
Unapplied parent: 07482e5cf8232cd526e5a45279494b31340dcdd9

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Tomcat no longer builds tomcat-embed-logging-juli.jar
    - Updated the policy files
    - Added a NEWS file detailing the major changes in Tomcat 8.5.x
  * Enabled the APR library loading by default (required for HTTP/2 support)
  * Promoted libtcnative-1 from suggested to recommended dependency
  * Enabled the APR tests
  * Fixed the test failure with TestStandardContextAliases
  * Added a link to the Tomcat 8.5 migration guide in README.Debian
  * Adapted debian/orig-tar.sh to download the 8.5.x releases

ubuntu/yakkety 2016-09-19 22:28:06 UTC 2016-09-19
Import patches-unapplied version 8.0.37-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2016-09-19 07:37:33 UTC

Import patches-unapplied version 8.0.37-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 37f9d4084595f74b686aa400d6d76ef1e4c10d3f

New changelog entries:
  * Team upload.
  * New upstream release
  * Removed 0001-set-UTF-8-as-default-character-encoding.patch (fixed upstream)

applied/ubuntu/yakkety 2016-09-19 22:28:06 UTC 2016-09-19
Import patches-applied version 8.0.37-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2016-09-19 07:37:33 UTC

Import patches-applied version 8.0.37-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: a51097c2c683da12a1ffc5674a5ca80903b7ae3a
Unapplied parent: b26a373625d1c196dd88b8df19cfb0780ed7845d

New changelog entries:
  * Team upload.
  * New upstream release
  * Removed 0001-set-UTF-8-as-default-character-encoding.patch (fixed upstream)

applied/ubuntu/xenial 2016-02-19 08:19:05 UTC 2016-02-19
Import patches-applied version 8.0.32-1ubuntu1 to applied/ubuntu/xenial-proposed

Author: Nish Aravamudan
Author Date: 2016-02-05 08:20:39 UTC

Import patches-applied version 8.0.32-1ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 73754489910c3f366987c5f96e446dd1b3e0069b
Unapplied parent: 00579dc1bbd12094720bcf702bcd46cba0ecb519

New changelog entries:
  * Prepare to promote tomcat8 to main (LP: #1539903).
    - debian/control, 0021-ubuntu-mainize-build-xml.patch: Remove
      build-dependencies on libobjenesis-java and libeasymock-java, and skip
      tests that rely on the functionality they provide.

ubuntu/xenial 2016-02-19 08:19:05 UTC 2016-02-19
Import patches-unapplied version 8.0.32-1ubuntu1 to ubuntu/xenial-proposed

Author: Nish Aravamudan
Author Date: 2016-02-05 08:20:39 UTC

Import patches-unapplied version 8.0.32-1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: bc20583702224592a930e782e88b0882f6d88c5f

New changelog entries:
  * Prepare to promote tomcat8 to main (LP: #1539903).
    - debian/control, 0021-ubuntu-mainize-build-xml.patch: Remove
      build-dependencies on libobjenesis-java and libeasymock-java, and skip
      tests that rely on the functionality they provide.

applied/ubuntu/vivid-devel 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubunt...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

ubuntu/vivid-devel 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivi...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

ubuntu/vivid-security 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivi...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

ubuntu/vivid-updates 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivi...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

applied/ubuntu/vivid-updates 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubunt...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

applied/ubuntu/vivid-security 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubunt...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

ubuntu/wily-proposed 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-unapplied version 8.0.26-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

applied/ubuntu/wily 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-applied version 8.0.26-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

applied/ubuntu/wily-devel 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-applied version 8.0.26-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

applied/ubuntu/wily-proposed 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-applied version 8.0.26-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/wily 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-unapplied version 8.0.26-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/wily-devel 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-unapplied version 8.0.26-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/vivid 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-unapplied version 8.0.14-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-unapplied version 8.0.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2fab781499f33207ae62a7c84933b276b6858206

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

applied/ubuntu/vivid 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-applied version 8.0.14-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-applied version 8.0.14-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c73f8148e450648f03ff6659b2e937169ad525c4
Unapplied parent: 19db1857b25ff32994e9f3718eae2c4e4cdc70a6

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

ubuntu/vivid-proposed 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-unapplied version 8.0.14-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-unapplied version 8.0.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2fab781499f33207ae62a7c84933b276b6858206

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

applied/ubuntu/vivid-proposed 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-applied version 8.0.14-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-applied version 8.0.14-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c73f8148e450648f03ff6659b2e937169ad525c4
Unapplied parent: 19db1857b25ff32994e9f3718eae2c4e4cdc70a6

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

ubuntu/utopic 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-unapplied version 8.0.9-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

applied/ubuntu/utopic-devel 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-applied version 8.0.9-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-applied version 8.0.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: df6494fb3d6fd99fb09027b5c8cd9afc8c72eafa
Unapplied parent: e37689e14118f975fd74dde85a4da72a159e37e9

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

applied/ubuntu/utopic 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-applied version 8.0.9-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-applied version 8.0.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: df6494fb3d6fd99fb09027b5c8cd9afc8c72eafa
Unapplied parent: e37689e14118f975fd74dde85a4da72a159e37e9

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

applied/ubuntu/utopic-proposed 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-applied version 8.0.9-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-applied version 8.0.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: df6494fb3d6fd99fb09027b5c8cd9afc8c72eafa
Unapplied parent: e37689e14118f975fd74dde85a4da72a159e37e9

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

ubuntu/utopic-proposed 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-unapplied version 8.0.9-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

ubuntu/utopic-devel 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-unapplied version 8.0.9-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

1100 of 100 results

Other repositories

Name Last Modified
lp:ubuntu/+source/tomcat8 2019-03-13
lp:~kstenerud/ubuntu/+source/tomcat8 2019-02-12
lp:~powersj/ubuntu/+source/tomcat8 2017-03-28
13 of 3 results
You can't create new repositories for tomcat8 in Ubuntu.