View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/tomcat8
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2019-09-10 17:57:29 UTC 2019-09-10
DSC file for 8.0.32-1ubuntu1.10

Author: Ubuntu Git Importer
Author Date: 2019-09-10 17:57:29 UTC

DSC file for 8.0.32-1ubuntu1.10

applied/ubuntu/xenial-updates 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-applied version 8.0.32-1ubuntu1.10 to applied/ubuntu/xenial-se...

Author: Maria Emilia Torino
Author Date: 2019-09-09 12:49:23 UTC

Import patches-applied version 8.0.32-1ubuntu1.10 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d075ed284fac52164623a8f46c71f1dc725cb9c8
Unapplied parent: 3823a8ee5cda941d851cf681f6c4cbd5d5cda414

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221

applied/ubuntu/xenial-security 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-applied version 8.0.32-1ubuntu1.10 to applied/ubuntu/xenial-se...

Author: Maria Emilia Torino
Author Date: 2019-09-09 12:49:23 UTC

Import patches-applied version 8.0.32-1ubuntu1.10 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d075ed284fac52164623a8f46c71f1dc725cb9c8
Unapplied parent: 3823a8ee5cda941d851cf681f6c4cbd5d5cda414

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221

applied/ubuntu/xenial-devel 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-applied version 8.0.32-1ubuntu1.10 to applied/ubuntu/xenial-se...

Author: Maria Emilia Torino
Author Date: 2019-09-09 12:49:23 UTC

Import patches-applied version 8.0.32-1ubuntu1.10 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d075ed284fac52164623a8f46c71f1dc725cb9c8
Unapplied parent: 3823a8ee5cda941d851cf681f6c4cbd5d5cda414

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221

ubuntu/xenial-devel 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-unapplied version 8.0.32-1ubuntu1.10 to ubuntu/xenial-security

Author: Maria Emilia Torino
Author Date: 2019-09-09 12:49:23 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: e5b8c0dc428bfbb35556f37b7102ae8c2463ae57

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221

ubuntu/bionic-updates 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-unapplied version 8.5.39-1ubuntu1~18.04.3 to ubuntu/bionic-sec...

Author: Maria Emilia Torino
Author Date: 2019-09-09 19:47:51 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.04.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a5f279c863c95b8b664c30c44ca28b1407f4f36c

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

ubuntu/bionic-security 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-unapplied version 8.5.39-1ubuntu1~18.04.3 to ubuntu/bionic-sec...

Author: Maria Emilia Torino
Author Date: 2019-09-09 19:47:51 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.04.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a5f279c863c95b8b664c30c44ca28b1407f4f36c

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

applied/ubuntu/bionic-devel 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-applied version 8.5.39-1ubuntu1~18.04.3 to applied/ubuntu/bion...

Author: Maria Emilia Torino
Author Date: 2019-09-09 19:47:51 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.04.3 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: aed56a6d7e71c64c8b51f0c03d521e250cdf3e69
Unapplied parent: 5be6ebe0e2db2899174913501c38f0c7ea115475

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

applied/ubuntu/bionic-security 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-applied version 8.5.39-1ubuntu1~18.04.3 to applied/ubuntu/bion...

Author: Maria Emilia Torino
Author Date: 2019-09-09 19:47:51 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.04.3 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: aed56a6d7e71c64c8b51f0c03d521e250cdf3e69
Unapplied parent: 5be6ebe0e2db2899174913501c38f0c7ea115475

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

applied/ubuntu/bionic-updates 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-applied version 8.5.39-1ubuntu1~18.04.3 to applied/ubuntu/bion...

Author: Maria Emilia Torino
Author Date: 2019-09-09 19:47:51 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.04.3 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: aed56a6d7e71c64c8b51f0c03d521e250cdf3e69
Unapplied parent: 5be6ebe0e2db2899174913501c38f0c7ea115475

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

ubuntu/bionic-devel 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-unapplied version 8.5.39-1ubuntu1~18.04.3 to ubuntu/bionic-sec...

Author: Maria Emilia Torino
Author Date: 2019-09-09 19:47:51 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.04.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a5f279c863c95b8b664c30c44ca28b1407f4f36c

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

ubuntu/xenial-updates 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-unapplied version 8.0.32-1ubuntu1.10 to ubuntu/xenial-security

Author: Maria Emilia Torino
Author Date: 2019-09-09 12:49:23 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: e5b8c0dc428bfbb35556f37b7102ae8c2463ae57

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221

ubuntu/xenial-security 2019-09-10 17:33:14 UTC 2019-09-10
Import patches-unapplied version 8.0.32-1ubuntu1.10 to ubuntu/xenial-security

Author: Maria Emilia Torino
Author Date: 2019-09-09 12:49:23 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: e5b8c0dc428bfbb35556f37b7102ae8c2463ae57

New changelog entries:
  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221

ubuntu/bionic-proposed 2019-06-13 17:18:15 UTC 2019-06-13
Import patches-unapplied version 8.5.39-1ubuntu1~18.04.2 to ubuntu/bionic-pro...

Author: Tiago Stürmer Daitx
Author Date: 2019-05-09 13:50:49 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.04.2 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 34657f8d9814b583328fc74fddbdd8873ba06c88

New changelog entries:
  * debian/tomcat8-instance-create: update regex to account for the fact that
    the shutdown port is set to 8005 as default. LP: #1827090.

applied/ubuntu/bionic-proposed 2019-06-13 17:18:15 UTC 2019-06-13
Import patches-applied version 8.5.39-1ubuntu1~18.04.2 to applied/ubuntu/bion...

Author: Tiago Stürmer Daitx
Author Date: 2019-05-09 13:50:49 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.04.2 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 269fd403db3335f0f4f36e0eabc0cfab8339abfb
Unapplied parent: 7c77df5bae8e61dbadb6d5b63ce6db1668dc35e5

New changelog entries:
  * debian/tomcat8-instance-create: update regex to account for the fact that
    the shutdown port is set to 8005 as default. LP: #1827090.

ubuntu/cosmic-security 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3b169a255f50e6ef1093d5cfb3b80dd1c406eedb

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/cosmic-proposed 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3b169a255f50e6ef1093d5cfb3b80dd1c406eedb

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/cosmic-devel 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3b169a255f50e6ef1093d5cfb3b80dd1c406eedb

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/cosmic-security 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic...

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: d1b2e524da855429409594bc4921cee48815521a
Unapplied parent: 056cd5eaebcf369fb92e67eb47cf367a3c397cd1

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/cosmic-devel 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic...

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: d1b2e524da855429409594bc4921cee48815521a
Unapplied parent: 056cd5eaebcf369fb92e67eb47cf367a3c397cd1

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/cosmic-proposed 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic...

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: d1b2e524da855429409594bc4921cee48815521a
Unapplied parent: 056cd5eaebcf369fb92e67eb47cf367a3c397cd1

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/cosmic-updates 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-unapplied version 8.5.39-1ubuntu1~18.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3b169a255f50e6ef1093d5cfb3b80dd1c406eedb

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

applied/ubuntu/cosmic-updates 2019-04-10 17:07:29 UTC 2019-04-10
Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic...

Author: Tiago Stürmer Daitx
Author Date: 2019-04-10 05:33:03 UTC

Import patches-applied version 8.5.39-1ubuntu1~18.10 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: d1b2e524da855429409594bc4921cee48815521a
Unapplied parent: 056cd5eaebcf369fb92e67eb47cf367a3c397cd1

New changelog entries:
  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
  * tomcat8 now uses systemd service instead of init scripts. See
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

ubuntu/disco-proposed 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 2705029d45ad3f8a2903f3596b0ac320f559de63

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/devel 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b22f9888401c62cb222f009b1d3df6088ee2df65
Unapplied parent: c385a34fd6e104e07bdb670ca79395263ed8ccfc

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/disco 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b22f9888401c62cb222f009b1d3df6088ee2df65
Unapplied parent: c385a34fd6e104e07bdb670ca79395263ed8ccfc

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/disco-devel 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b22f9888401c62cb222f009b1d3df6088ee2df65
Unapplied parent: c385a34fd6e104e07bdb670ca79395263ed8ccfc

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

applied/ubuntu/disco-proposed 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-applied version 8.5.39-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: b22f9888401c62cb222f009b1d3df6088ee2df65
Unapplied parent: c385a34fd6e104e07bdb670ca79395263ed8ccfc

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

ubuntu/devel 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 2705029d45ad3f8a2903f3596b0ac320f559de63

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

ubuntu/disco 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 2705029d45ad3f8a2903f3596b0ac320f559de63

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

ubuntu/disco-devel 2019-03-26 11:18:15 UTC 2019-03-26
Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-03-26 11:10:55 UTC

Import patches-unapplied version 8.5.39-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 2705029d45ad3f8a2903f3596b0ac320f559de63

New changelog entries:
  * Merge with Debian; remaining changes:
    - d/control: Break/replace tomcat8.0 binaries.

importer/debian/dsc 2019-03-25 16:33:56 UTC 2019-03-25
DSC file for 8.5.39-1

Author: Ubuntu Git Importer
Author Date: 2019-03-25 16:33:56 UTC

DSC file for 8.5.39-1

applied/debian/experimental 2019-03-25 16:28:14 UTC 2019-03-25
Import patches-applied version 8.5.39-1 to applied/debian/experimental

Author: Emmanuel Bourg
Author Date: 2019-03-25 09:47:43 UTC

Import patches-applied version 8.5.39-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 07a6e52d02255a18cb8d7035ffe189676fb93574
Unapplied parent: b884991e9d637c83ef5eba28ad83ef89dd76cd2c

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Track and download the new releases from GitHub

debian/experimental 2019-03-25 16:28:14 UTC 2019-03-25
Import patches-unapplied version 8.5.39-1 to debian/experimental

Author: Emmanuel Bourg
Author Date: 2019-03-25 09:47:43 UTC

Import patches-unapplied version 8.5.39-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b6cc2d19934cb01a947d304ac9d4569c5f00b172

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Track and download the new releases from GitHub

applied/debian/buster 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-applied version 8.5.38-2 to applied/debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-applied version 8.5.38-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 66ae6004d61442a46180b3e0e7610edea84523f9
Unapplied parent: 70cfa98dbc1dfacf73319cc96df65a34062ba1bc

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

debian/buster 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2 to debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-unapplied version 8.5.38-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b770602c883d9a905b4b905a10977ae673ad4c1d

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

applied/debian/sid 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-applied version 8.5.38-2 to applied/debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-applied version 8.5.38-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 66ae6004d61442a46180b3e0e7610edea84523f9
Unapplied parent: 70cfa98dbc1dfacf73319cc96df65a34062ba1bc

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

debian/sid 2019-02-27 04:41:02 UTC 2019-02-27
Import patches-unapplied version 8.5.38-2 to debian/sid

Author: Thorsten Glaser
Author Date: 2019-02-26 20:37:51 UTC

Import patches-unapplied version 8.5.38-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b770602c883d9a905b4b905a10977ae673ad4c1d

New changelog entries:
  * Team upload.
  * Apply upstream patch to unbreak the startup script (Closes: #922863)

ubuntu/xenial-proposed 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 99fabbf378b9a713124ef689606c1b2b5f8d4e70

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

applied/ubuntu/xenial-proposed 2019-01-16 12:03:13 UTC 2019-01-16
Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-pro...

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 260b08ffc3b4689a7f5f1b31045dfbd2f6704f28
Unapplied parent: abf130027e9cd47acdac05a0ab7c3248c15880d4

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

debian/stretch 2018-11-10 17:18:32 UTC 2018-11-10
Import patches-unapplied version 8.5.14-1+deb9u3 to debian/stretch

Author: Markus Koschany
Author Date: 2018-08-24 19:44:12 UTC

Import patches-unapplied version 8.5.14-1+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: f0364fed3a05e43590126ea5fcf900b56ddfa9e9

New changelog entries:
  [ Emmanuel Bourg ]
  * Fixed CVE-2018-1304: Security constraints mapped to context root are
    ignored. The URL pattern of "" (the empty string) which exactly maps to the
    context root was not correctly handled when used as part of a security
    constraint definition. This caused the constraint to be ignored. It was,
    therefore, possible for unauthorised users to gain access to web
    application resources that should have been protected. Only security
    constraints with a URL pattern of the empty string were affected.
  * Fixed CVE-2018-1305: Security constraint annotations applied too late.
    Security constraints defined by annotations of Servlets were only applied
    once a Servlet had been loaded. Because security constraints defined in
    this way apply to the URL pattern and any URLs below that point, it was
    possible - depending on the order Servlets were loaded - for some security
    constraints not to be applied. This could have exposed resources to users
    who were not authorised to access them.
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)
  [ Markus Koschany ]
  * Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder
    with supplementary characters can lead to an infinite loop in the decoder
    causing a Denial of Service.
  * Fix CVE-2018-8034: The host name verification when using TLS with the
    WebSocket client was missing. It is now enabled by default.
  * Fix CVE-2018-8037: If an async request was completed by the application at
    the same time as the container triggered the async timeout, a race condition
    existed that could result in a user seeing a response intended for a
    different user. An additional issue was present in the NIO and NIO2
    connectors that did not correctly track the closure of the connection when an
    async request was completed by the application and timed out by the container
    at the same time. This could also result in a user seeing a response intended
    for another user.

applied/debian/stretch 2018-11-10 17:18:32 UTC 2018-11-10
Import patches-applied version 8.5.14-1+deb9u3 to applied/debian/stretch

Author: Markus Koschany
Author Date: 2018-08-24 19:44:12 UTC

Import patches-applied version 8.5.14-1+deb9u3 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 0bd25f59af0183699d5bca56160fdadc2f3740dd
Unapplied parent: 6294ec78d682cfb1ea7fca9d7ffcfc719e96932d

New changelog entries:
  [ Emmanuel Bourg ]
  * Fixed CVE-2018-1304: Security constraints mapped to context root are
    ignored. The URL pattern of "" (the empty string) which exactly maps to the
    context root was not correctly handled when used as part of a security
    constraint definition. This caused the constraint to be ignored. It was,
    therefore, possible for unauthorised users to gain access to web
    application resources that should have been protected. Only security
    constraints with a URL pattern of the empty string were affected.
  * Fixed CVE-2018-1305: Security constraint annotations applied too late.
    Security constraints defined by annotations of Servlets were only applied
    once a Servlet had been loaded. Because security constraints defined in
    this way apply to the URL pattern and any URLs below that point, it was
    possible - depending on the order Servlets were loaded - for some security
    constraints not to be applied. This could have exposed resources to users
    who were not authorised to access them.
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)
  [ Markus Koschany ]
  * Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder
    with supplementary characters can lead to an infinite loop in the decoder
    causing a Denial of Service.
  * Fix CVE-2018-8034: The host name verification when using TLS with the
    WebSocket client was missing. It is now enabled by default.
  * Fix CVE-2018-8037: If an async request was completed by the application at
    the same time as the container triggered the async timeout, a race condition
    existed that could result in a user seeing a response intended for a
    different user. An additional issue was present in the NIO and NIO2
    connectors that did not correctly track the closure of the connection when an
    async request was completed by the application and timed out by the container
    at the same time. This could also result in a user seeing a response intended
    for another user.

applied/ubuntu/cosmic 2018-09-20 08:33:17 UTC 2018-09-20
Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

ubuntu/cosmic 2018-09-20 08:33:17 UTC 2018-09-20
Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

ubuntu/artful-updates 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

ubuntu/artful-security 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

applied/ubuntu/artful-updates 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

ubuntu/artful-devel 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

applied/ubuntu/artful-security 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

applied/ubuntu/artful-devel 2018-05-30 19:09:26 UTC 2018-05-30
Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

applied/ubuntu/bionic 2018-04-19 15:59:14 UTC 2018-04-19
Import patches-applied version 8.5.30-1ubuntu1 to applied/ubuntu/bionic-proposed

Author: Timo Aaltonen
Author Date: 2018-04-19 11:53:19 UTC

Import patches-applied version 8.5.30-1ubuntu1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: b10e93df8b71ff5e193436278f00ad01910247b9
Unapplied parent: a92e28b95dd5ca91413b323b3c49bb18b4da6b45

New changelog entries:
  * control: Break/replace tomcat8.0 binaries. (LP: #1717998)

ubuntu/bionic 2018-04-19 15:59:14 UTC 2018-04-19
Import patches-unapplied version 8.5.30-1ubuntu1 to ubuntu/bionic-proposed

Author: Timo Aaltonen
Author Date: 2018-04-19 11:53:19 UTC

Import patches-unapplied version 8.5.30-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 5fa6efd6d465677fdae1bc27517674a340cc8a2d

New changelog entries:
  * control: Break/replace tomcat8.0 binaries. (LP: #1717998)

importer/ubuntu/pristine-tar 2018-03-22 15:52:52 UTC 2018-03-22
pristine-tar data for tomcat8_8.5.29.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-22 15:52:52 UTC

pristine-tar data for tomcat8_8.5.29.orig.tar.xz

importer/debian/pristine-tar 2018-03-15 17:51:13 UTC 2018-03-15
pristine-tar data for tomcat8_8.5.29.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-15 17:51:13 UTC

pristine-tar data for tomcat8_8.5.29.orig.tar.xz

applied/ubuntu/zesty-updates 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

ubuntu/zesty-devel 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

applied/ubuntu/zesty-devel 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

applied/ubuntu/zesty-security 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

ubuntu/zesty-security 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

ubuntu/zesty-updates 2018-01-08 15:33:11 UTC 2018-01-08
Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

applied/debian/jessie 2017-12-09 17:57:37 UTC 2017-12-09
Import patches-applied version 8.0.14-1+deb8u11 to applied/debian/jessie

Author: Sebastien Delafond
Author Date: 2017-09-15 11:18:33 UTC

Import patches-applied version 8.0.14-1+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 5030667b8a2fd232cd52392cf7ee2431681b03c1
Unapplied parent: d3ea47f06ac9c862803455ad23a1028d423f36e8

New changelog entries:
  * Fix CVE-2017-7674:
    The CORS Filter did not add an HTTP Vary header indicating that the
    response varies depending on Origin. This permitted client and server side
    cache poisoning in some circumstances.

debian/jessie 2017-12-09 17:57:37 UTC 2017-12-09
Import patches-unapplied version 8.0.14-1+deb8u11 to debian/jessie

Author: Sebastien Delafond
Author Date: 2017-09-15 11:18:33 UTC

Import patches-unapplied version 8.0.14-1+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 95750ce33e7f1b757023f0ac82d00af354758800

New changelog entries:
  * Fix CVE-2017-7674:
    The CORS Filter did not add an HTTP Vary header indicating that the
    response varies depending on Origin. This permitted client and server side
    cache poisoning in some circumstances.

ubuntu/artful-proposed 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0043fa8fb52ee4ad9afb9be91cd75d3617fe5f3e

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

applied/ubuntu/artful 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f0b00255f61060fc896d34114b94eb2764535856
Unapplied parent: 2d47a0810ea5b8ffc09a8430f121402ed28bd8b5

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

applied/ubuntu/artful-proposed 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f0b00255f61060fc896d34114b94eb2764535856
Unapplied parent: 2d47a0810ea5b8ffc09a8430f121402ed28bd8b5

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

ubuntu/artful 2017-10-13 12:08:39 UTC 2017-10-13
Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0043fa8fb52ee4ad9afb9be91cd75d3617fe5f3e

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

ubuntu/yakkety-proposed 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/yakkety-updates 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-pr...

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/yakkety-proposed 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-pr...

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/yakkety-devel 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-pr...

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/yakkety-devel 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/yakkety-updates 2017-05-11 22:18:15 UTC 2017-05-11
Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/zesty-proposed 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 94b822743270fec9e1da46dcb3a1a7a92ea08dc8
Unapplied parent: c3066e65134d587314d36bebf16898bbca0bd449

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/zesty 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 94b822743270fec9e1da46dcb3a1a7a92ea08dc8
Unapplied parent: c3066e65134d587314d36bebf16898bbca0bd449

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/zesty-proposed 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8fcde4802291510660959842797a577db834e965

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

ubuntu/zesty 2017-04-11 01:23:16 UTC 2017-04-11
Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8fcde4802291510660959842797a577db834e965

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

applied/ubuntu/yakkety-security 2017-01-23 18:13:30 UTC 2017-01-23
Import patches-applied version 8.0.37-1ubuntu0.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2017-01-13 15:48:08 UTC

Import patches-applied version 8.0.37-1ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: adafa06c2d373b3edaf5d7f39b18a819855c1899
Unapplied parent: 9d9e980d9bf5abe73d5bd348eb507af2e2e88467

New changelog entries:
  * SECURITY UPDATE: HTTP response injection via invalid characters
    - debian/patches/CVE-2016-6816.patch: add additional checks for valid
      characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
      java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/http/parser/HttpParser.java.
    - CVE-2016-6816
  * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
    - debian/patches/CVE-2016-8735.patch: explicitly configure allowed
      credential types in
      java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
    - CVE-2016-8735
  * SECURITY UPDATE: information leakage between requests
    - debian/patches/CVE-2016-8745.patch: properly handle cache when unable
      to complete sendfile request in
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2016-8745
  * SECURITY UPDATE: privilege escalation during package upgrade
    - debian/rules, debian/tomcat8.postinst: properly set permissions on
      /etc/tomcat8/Catalina/localhost.
    - CVE-2016-9774
  * SECURITY UPDATE: privilege escalation during package removal
    - debian/tomcat8.postrm.in: don't reset permissions before removing
      user.
    - CVE-2016-9775
  * debian/tomcat8.init: further hardening.

ubuntu/yakkety-security 2017-01-23 18:13:30 UTC 2017-01-23
Import patches-unapplied version 8.0.37-1ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-01-13 15:48:08 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: f250774836a3e9a7ba945f4c2cdabb1cf1950309

New changelog entries:
  * SECURITY UPDATE: HTTP response injection via invalid characters
    - debian/patches/CVE-2016-6816.patch: add additional checks for valid
      characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
      java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/http/parser/HttpParser.java.
    - CVE-2016-6816
  * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
    - debian/patches/CVE-2016-8735.patch: explicitly configure allowed
      credential types in
      java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
    - CVE-2016-8735
  * SECURITY UPDATE: information leakage between requests
    - debian/patches/CVE-2016-8745.patch: properly handle cache when unable
      to complete sendfile request in
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2016-8745
  * SECURITY UPDATE: privilege escalation during package upgrade
    - debian/rules, debian/tomcat8.postinst: properly set permissions on
      /etc/tomcat8/Catalina/localhost.
    - CVE-2016-9774
  * SECURITY UPDATE: privilege escalation during package removal
    - debian/tomcat8.postrm.in: don't reset permissions before removing
      user.
    - CVE-2016-9775
  * debian/tomcat8.init: further hardening.

applied/ubuntu/yakkety 2016-09-19 22:28:06 UTC 2016-09-19
Import patches-applied version 8.0.37-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2016-09-19 07:37:33 UTC

Import patches-applied version 8.0.37-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: a51097c2c683da12a1ffc5674a5ca80903b7ae3a
Unapplied parent: b26a373625d1c196dd88b8df19cfb0780ed7845d

New changelog entries:
  * Team upload.
  * New upstream release
  * Removed 0001-set-UTF-8-as-default-character-encoding.patch (fixed upstream)

ubuntu/yakkety 2016-09-19 22:28:06 UTC 2016-09-19
Import patches-unapplied version 8.0.37-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2016-09-19 07:37:33 UTC

Import patches-unapplied version 8.0.37-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 37f9d4084595f74b686aa400d6d76ef1e4c10d3f

New changelog entries:
  * Team upload.
  * New upstream release
  * Removed 0001-set-UTF-8-as-default-character-encoding.patch (fixed upstream)

applied/ubuntu/xenial 2016-02-19 08:19:05 UTC 2016-02-19
Import patches-applied version 8.0.32-1ubuntu1 to applied/ubuntu/xenial-proposed

Author: Nish Aravamudan
Author Date: 2016-02-05 08:20:39 UTC

Import patches-applied version 8.0.32-1ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 73754489910c3f366987c5f96e446dd1b3e0069b
Unapplied parent: 00579dc1bbd12094720bcf702bcd46cba0ecb519

New changelog entries:
  * Prepare to promote tomcat8 to main (LP: #1539903).
    - debian/control, 0021-ubuntu-mainize-build-xml.patch: Remove
      build-dependencies on libobjenesis-java and libeasymock-java, and skip
      tests that rely on the functionality they provide.

ubuntu/xenial 2016-02-19 08:19:05 UTC 2016-02-19
Import patches-unapplied version 8.0.32-1ubuntu1 to ubuntu/xenial-proposed

Author: Nish Aravamudan
Author Date: 2016-02-05 08:20:39 UTC

Import patches-unapplied version 8.0.32-1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: bc20583702224592a930e782e88b0882f6d88c5f

New changelog entries:
  * Prepare to promote tomcat8 to main (LP: #1539903).
    - debian/control, 0021-ubuntu-mainize-build-xml.patch: Remove
      build-dependencies on libobjenesis-java and libeasymock-java, and skip
      tests that rely on the functionality they provide.

ubuntu/vivid-updates 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivi...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

applied/ubuntu/vivid-devel 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubunt...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

applied/ubuntu/vivid-security 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubunt...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

ubuntu/vivid-devel 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivi...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

applied/ubuntu/vivid-updates 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubunt...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

ubuntu/vivid-security 2016-01-04 20:59:06 UTC 2016-01-04
Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivi...

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

applied/ubuntu/wily 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-applied version 8.0.26-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/wily 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-unapplied version 8.0.26-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/wily-devel 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-unapplied version 8.0.26-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/wily-proposed 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-unapplied version 8.0.26-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

applied/ubuntu/wily-proposed 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-applied version 8.0.26-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

applied/ubuntu/wily-devel 2015-08-25 04:18:05 UTC 2015-08-25
Import patches-applied version 8.0.26-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/vivid 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-unapplied version 8.0.14-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-unapplied version 8.0.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2fab781499f33207ae62a7c84933b276b6858206

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

applied/ubuntu/vivid-proposed 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-applied version 8.0.14-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-applied version 8.0.14-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c73f8148e450648f03ff6659b2e937169ad525c4
Unapplied parent: 19db1857b25ff32994e9f3718eae2c4e4cdc70a6

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

applied/ubuntu/vivid 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-applied version 8.0.14-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-applied version 8.0.14-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c73f8148e450648f03ff6659b2e937169ad525c4
Unapplied parent: 19db1857b25ff32994e9f3718eae2c4e4cdc70a6

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

ubuntu/vivid-proposed 2014-09-29 16:29:32 UTC 2014-09-29
Import patches-unapplied version 8.0.14-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-unapplied version 8.0.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2fab781499f33207ae62a7c84933b276b6858206

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

ubuntu/utopic-devel 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-unapplied version 8.0.9-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

ubuntu/utopic 2014-06-25 04:24:57 UTC 2014-06-25
Import patches-unapplied version 8.0.9-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

1100 of 104 results

Other repositories

Name Last Modified
lp:ubuntu/+source/tomcat8 2019-09-10
lp:~kstenerud/ubuntu/+source/tomcat8 2019-02-12
lp:~powersj/ubuntu/+source/tomcat8 2017-03-28
13 of 3 results
You can't create new repositories for tomcat8 in Ubuntu.