Author: Ubuntu Git Importer
Author Date: 2019-01-16 12:17:18 UTC

DSC file for 8.0.32-1ubuntu1.9

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 99fabbf378b9a713124ef689606c1b2b5f8d4e70

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 99fabbf378b9a713124ef689606c1b2b5f8d4e70

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 260b08ffc3b4689a7f5f1b31045dfbd2f6704f28
Unapplied parent: abf130027e9cd47acdac05a0ab7c3248c15880d4

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

Author: Karl Stenerud
Author Date: 2018-12-10 14:08:07 UTC

Import patches-applied version 8.0.32-1ubuntu1.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 260b08ffc3b4689a7f5f1b31045dfbd2f6704f28
Unapplied parent: abf130027e9cd47acdac05a0ab7c3248c15880d4

New changelog entries:
  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

Author: Ubuntu Git Importer
Author Date: 2019-01-15 04:47:10 UTC

DSC file for 8.5.37-2

Author: Emmanuel Bourg
Author Date: 2019-01-15 00:01:24 UTC

Import patches-unapplied version 8.5.37-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8bacb4d3459ed27c54002183e189b941e0199762

New changelog entries:
  * Team upload.
  * No longer build the JavaEE API packages
  * Standards-Version updated to 4.3.0

Author: Emmanuel Bourg
Author Date: 2019-01-15 00:01:24 UTC

Import patches-applied version 8.5.37-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 6724e859de2c42cc0904981cd10379080d8c0044
Unapplied parent: 041ee58dbb49862970fc366519090a67b3937982

New changelog entries:
  * Team upload.
  * No longer build the JavaEE API packages
  * Standards-Version updated to 4.3.0

Author: Emmanuel Bourg
Author Date: 2019-01-15 00:01:24 UTC

Import patches-applied version 8.5.37-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 6724e859de2c42cc0904981cd10379080d8c0044
Unapplied parent: 041ee58dbb49862970fc366519090a67b3937982

New changelog entries:
  * Team upload.
  * No longer build the JavaEE API packages
  * Standards-Version updated to 4.3.0

Author: Emmanuel Bourg
Author Date: 2019-01-15 00:01:24 UTC

Import patches-unapplied version 8.5.37-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8bacb4d3459ed27c54002183e189b941e0199762

New changelog entries:
  * Team upload.
  * No longer build the JavaEE API packages
  * Standards-Version updated to 4.3.0

Author: Markus Koschany
Author Date: 2018-08-24 19:44:12 UTC

Import patches-applied version 8.5.14-1+deb9u3 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 0bd25f59af0183699d5bca56160fdadc2f3740dd
Unapplied parent: 6294ec78d682cfb1ea7fca9d7ffcfc719e96932d

New changelog entries:
  [ Emmanuel Bourg ]
  * Fixed CVE-2018-1304: Security constraints mapped to context root are
    ignored. The URL pattern of "" (the empty string) which exactly maps to the
    context root was not correctly handled when used as part of a security
    constraint definition. This caused the constraint to be ignored. It was,
    therefore, possible for unauthorised users to gain access to web
    application resources that should have been protected. Only security
    constraints with a URL pattern of the empty string were affected.
  * Fixed CVE-2018-1305: Security constraint annotations applied too late.
    Security constraints defined by annotations of Servlets were only applied
    once a Servlet had been loaded. Because security constraints defined in
    this way apply to the URL pattern and any URLs below that point, it was
    possible - depending on the order Servlets were loaded - for some security
    constraints not to be applied. This could have exposed resources to users
    who were not authorised to access them.
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)
  [ Markus Koschany ]
  * Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder
    with supplementary characters can lead to an infinite loop in the decoder
    causing a Denial of Service.
  * Fix CVE-2018-8034: The host name verification when using TLS with the
    WebSocket client was missing. It is now enabled by default.
  * Fix CVE-2018-8037: If an async request was completed by the application at
    the same time as the container triggered the async timeout, a race condition
    existed that could result in a user seeing a response intended for a
    different user. An additional issue was present in the NIO and NIO2
    connectors that did not correctly track the closure of the connection when an
    async request was completed by the application and timed out by the container
    at the same time. This could also result in a user seeing a response intended
    for another user.

Author: Markus Koschany
Author Date: 2018-08-24 19:44:12 UTC

Import patches-unapplied version 8.5.14-1+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: f0364fed3a05e43590126ea5fcf900b56ddfa9e9

New changelog entries:
  [ Emmanuel Bourg ]
  * Fixed CVE-2018-1304: Security constraints mapped to context root are
    ignored. The URL pattern of "" (the empty string) which exactly maps to the
    context root was not correctly handled when used as part of a security
    constraint definition. This caused the constraint to be ignored. It was,
    therefore, possible for unauthorised users to gain access to web
    application resources that should have been protected. Only security
    constraints with a URL pattern of the empty string were affected.
  * Fixed CVE-2018-1305: Security constraint annotations applied too late.
    Security constraints defined by annotations of Servlets were only applied
    once a Servlet had been loaded. Because security constraints defined in
    this way apply to the URL pattern and any URLs below that point, it was
    possible - depending on the order Servlets were loaded - for some security
    constraints not to be applied. This could have exposed resources to users
    who were not authorised to access them.
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)
  [ Markus Koschany ]
  * Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder
    with supplementary characters can lead to an infinite loop in the decoder
    causing a Denial of Service.
  * Fix CVE-2018-8034: The host name verification when using TLS with the
    WebSocket client was missing. It is now enabled by default.
  * Fix CVE-2018-8037: If an async request was completed by the application at
    the same time as the container triggered the async timeout, a race condition
    existed that could result in a user seeing a response intended for a
    different user. An additional issue was present in the NIO and NIO2
    connectors that did not correctly track the closure of the connection when an
    async request was completed by the application and timed out by the container
    at the same time. This could also result in a user seeing a response intended
    for another user.

Author: Marc Deslauriers
Author Date: 2018-10-09 15:28:36 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 26c63fe5e765b30779685da6c226875e80afe3c6

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

Author: Marc Deslauriers
Author Date: 2018-10-09 15:28:36 UTC

Import patches-applied version 8.0.32-1ubuntu1.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 5ec7713f2c3000fae9ca60f810f790d5c661b7c7
Unapplied parent: 8abc263ead7e35b677af85ec1f949a1220cecbf1

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

Author: Marc Deslauriers
Author Date: 2018-10-09 15:28:36 UTC

Import patches-applied version 8.0.32-1ubuntu1.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 5ec7713f2c3000fae9ca60f810f790d5c661b7c7
Unapplied parent: 8abc263ead7e35b677af85ec1f949a1220cecbf1

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

Author: Marc Deslauriers
Author Date: 2018-10-09 15:28:36 UTC

Import patches-unapplied version 8.0.32-1ubuntu1.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 26c63fe5e765b30779685da6c226875e80afe3c6

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-unapplied version 8.5.34-1ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4737d6aef0034e8e7d23189031934fe982bced00

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Matthias Klose
Author Date: 2018-09-20 08:12:50 UTC

Import patches-applied version 8.5.34-1ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: df0f9897748f667ca3f0ded0e4f4fbc8c894fda8
Unapplied parent: a6795bc1f71ef13e91485b1580bf2187fba2076c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - control: Break/replace tomcat8.0 binaries. (LP: #1717998)
    - support-jre8.diff.

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-unapplied version 8.5.30-1ubuntu1.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: bc82fa2dd13b79d5a91b5ca78457fed17588a7ba

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-unapplied version 8.5.30-1ubuntu1.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: bc82fa2dd13b79d5a91b5ca78457fed17588a7ba

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-unapplied version 8.5.30-1ubuntu1.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: bc82fa2dd13b79d5a91b5ca78457fed17588a7ba

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-applied version 8.5.30-1ubuntu1.4 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 58a7f4e59b581dad867a429d19efb0ca3ce86982
Unapplied parent: b99639f4ac7bd716d98b8f588692af2621b39287

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-applied version 8.5.30-1ubuntu1.4 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 58a7f4e59b581dad867a429d19efb0ca3ce86982
Unapplied parent: b99639f4ac7bd716d98b8f588692af2621b39287

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

Author: Thomas Opfer
Author Date: 2018-08-13 20:23:56 UTC

Import patches-applied version 8.5.30-1ubuntu1.4 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 58a7f4e59b581dad867a429d19efb0ca3ce86982
Unapplied parent: b99639f4ac7bd716d98b8f588692af2621b39287

New changelog entries:
  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

Author: Stefano Rivera
Author Date: 2018-07-17 03:41:29 UTC

Import patches-applied version 8.5.30-1ubuntu1.3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 6599729c92e9966bb01453744560f7b46dede14a
Unapplied parent: 6c42144bfeed31b0aafddf36e0fca05025fd4720

New changelog entries:
  * Search for Java 10 and 11 runtimes (LP: #1780345)

Author: Stefano Rivera
Author Date: 2018-07-17 03:41:29 UTC

Import patches-unapplied version 8.5.30-1ubuntu1.3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 4633173b6fdd743e625858c4f98003ba73eb5b08

New changelog entries:
  * Search for Java 10 and 11 runtimes (LP: #1780345)

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-unapplied version 8.5.21-1ubuntu1.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 1313f8e759ef627af59f2187b35a5e4ebc7f0d95

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

Author: Marc Deslauriers
Author Date: 2018-05-28 13:03:55 UTC

Import patches-applied version 8.5.21-1ubuntu1.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 39d96847e9c9bca7384b7535d6609062bb106f1a
Unapplied parent: 9da9844d224a211355cca4db0dbac78253be234c

New changelog entries:
  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

Author: Timo Aaltonen
Author Date: 2018-04-19 11:53:19 UTC

Import patches-applied version 8.5.30-1ubuntu1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: b10e93df8b71ff5e193436278f00ad01910247b9
Unapplied parent: a92e28b95dd5ca91413b323b3c49bb18b4da6b45

New changelog entries:
  * control: Break/replace tomcat8.0 binaries. (LP: #1717998)

Author: Timo Aaltonen
Author Date: 2018-04-19 11:53:19 UTC

Import patches-unapplied version 8.5.30-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 5fa6efd6d465677fdae1bc27517674a340cc8a2d

New changelog entries:
  * control: Break/replace tomcat8.0 binaries. (LP: #1717998)

Author: Ubuntu Git Importer
Author Date: 2018-03-22 15:52:52 UTC

pristine-tar data for tomcat8_8.5.29.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-15 17:51:13 UTC

pristine-tar data for tomcat8_8.5.29.orig.tar.xz

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-applied version 8.0.38-2ubuntu2.2 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1d1f35d9a08ed6ab2924a9afdea4f1cf99ccdb7b
Unapplied parent: 33665c0987c059a698780337970bfa91b2eabfd4

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

Author: Marc Deslauriers
Author Date: 2017-09-27 21:20:40 UTC

Import patches-unapplied version 8.0.38-2ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b66d69c49a35f4f34c5a2df6827333ac051c9cb2

New changelog entries:
  * SECURITY UPDATE: loss of pipeline requests
    - debian/patches/CVE-2017-5647.patch: improve sendfile handling when
      requests are pipelined in
      java/org/apache/coyote/AbstractProtocol.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11Nio2Processor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/Nio2Endpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java,
      java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
    - CVE-2017-5647
  * SECURITY UPDATE: incorrect facade object use
    - debian/patches/CVE-2017-5648.patch: ensure request and response
      facades are used when firing application listeners in
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardHostValve.java.
    - CVE-2017-5648
  * SECURITY UPDATE: unexpected and undesirable results for static error
    pages
    - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java.
    - CVE-2017-5664
  * SECURITY UPDATE: client and server side cache poisoning in CORS filter
    - debian/patches/CVE-2017-7674.patch: set Vary header in response in
      java/org/apache/catalina/filters/CorsFilter.java.
    - CVE-2017-7674

Author: Sebastien Delafond
Author Date: 2017-09-15 11:18:33 UTC

Import patches-unapplied version 8.0.14-1+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 95750ce33e7f1b757023f0ac82d00af354758800

New changelog entries:
  * Fix CVE-2017-7674:
    The CORS Filter did not add an HTTP Vary header indicating that the
    response varies depending on Origin. This permitted client and server side
    cache poisoning in some circumstances.

Author: Sebastien Delafond
Author Date: 2017-09-15 11:18:33 UTC

Import patches-applied version 8.0.14-1+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 5030667b8a2fd232cd52392cf7ee2431681b03c1
Unapplied parent: d3ea47f06ac9c862803455ad23a1028d423f36e8

New changelog entries:
  * Fix CVE-2017-7674:
    The CORS Filter did not add an HTTP Vary header indicating that the
    response varies depending on Origin. This permitted client and server side
    cache poisoning in some circumstances.

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0043fa8fb52ee4ad9afb9be91cd75d3617fe5f3e

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0043fa8fb52ee4ad9afb9be91cd75d3617fe5f3e

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f0b00255f61060fc896d34114b94eb2764535856
Unapplied parent: 2d47a0810ea5b8ffc09a8430f121402ed28bd8b5

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

Author: Robie Basak
Author Date: 2017-10-13 11:06:51 UTC

Import patches-applied version 8.5.21-1ubuntu1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f0b00255f61060fc896d34114b94eb2764535856
Unapplied parent: 2d47a0810ea5b8ffc09a8430f121402ed28bd8b5

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: a9c810e15482f92a34e00df0072b7998f1e9f0de

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:46:16 UTC

Import patches-applied version 8.0.37-1ubuntu0.2 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: d4e3e8dfdb8b82224a823889e8f1a86cb536aaa4
Unapplied parent: 468219e03a003bf5ef1c56c0cc02c9b93c19c88d

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 94b822743270fec9e1da46dcb3a1a7a92ea08dc8
Unapplied parent: c3066e65134d587314d36bebf16898bbca0bd449

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-applied version 8.0.38-2ubuntu2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 94b822743270fec9e1da46dcb3a1a7a92ea08dc8
Unapplied parent: c3066e65134d587314d36bebf16898bbca0bd449

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8fcde4802291510660959842797a577db834e965

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Joshua Powers
Author Date: 2017-03-28 23:47:32 UTC

Import patches-unapplied version 8.0.38-2ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8fcde4802291510660959842797a577db834e965

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

Author: Marc Deslauriers
Author Date: 2017-01-13 15:48:08 UTC

Import patches-unapplied version 8.0.37-1ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: f250774836a3e9a7ba945f4c2cdabb1cf1950309

New changelog entries:
  * SECURITY UPDATE: HTTP response injection via invalid characters
    - debian/patches/CVE-2016-6816.patch: add additional checks for valid
      characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
      java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/http/parser/HttpParser.java.
    - CVE-2016-6816
  * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
    - debian/patches/CVE-2016-8735.patch: explicitly configure allowed
      credential types in
      java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
    - CVE-2016-8735
  * SECURITY UPDATE: information leakage between requests
    - debian/patches/CVE-2016-8745.patch: properly handle cache when unable
      to complete sendfile request in
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2016-8745
  * SECURITY UPDATE: privilege escalation during package upgrade
    - debian/rules, debian/tomcat8.postinst: properly set permissions on
      /etc/tomcat8/Catalina/localhost.
    - CVE-2016-9774
  * SECURITY UPDATE: privilege escalation during package removal
    - debian/tomcat8.postrm.in: don't reset permissions before removing
      user.
    - CVE-2016-9775
  * debian/tomcat8.init: further hardening.

Author: Marc Deslauriers
Author Date: 2017-01-13 15:48:08 UTC

Import patches-applied version 8.0.37-1ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: adafa06c2d373b3edaf5d7f39b18a819855c1899
Unapplied parent: 9d9e980d9bf5abe73d5bd348eb507af2e2e88467

New changelog entries:
  * SECURITY UPDATE: HTTP response injection via invalid characters
    - debian/patches/CVE-2016-6816.patch: add additional checks for valid
      characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
      java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/http/parser/HttpParser.java.
    - CVE-2016-6816
  * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
    - debian/patches/CVE-2016-8735.patch: explicitly configure allowed
      credential types in
      java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
    - CVE-2016-8735
  * SECURITY UPDATE: information leakage between requests
    - debian/patches/CVE-2016-8745.patch: properly handle cache when unable
      to complete sendfile request in
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2016-8745
  * SECURITY UPDATE: privilege escalation during package upgrade
    - debian/rules, debian/tomcat8.postinst: properly set permissions on
      /etc/tomcat8/Catalina/localhost.
    - CVE-2016-9774
  * SECURITY UPDATE: privilege escalation during package removal
    - debian/tomcat8.postrm.in: don't reset permissions before removing
      user.
    - CVE-2016-9775
  * debian/tomcat8.init: further hardening.

Author: Emmanuel Bourg
Author Date: 2016-11-17 22:54:35 UTC

Import patches-unapplied version 8.5.8-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 39631ff17bee022de3ff0c4b6858031decb14272

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Tomcat no longer builds tomcat-embed-logging-juli.jar
    - Updated the policy files
    - Added a NEWS file detailing the major changes in Tomcat 8.5.x
  * Enabled the APR library loading by default (required for HTTP/2 support)
  * Promoted libtcnative-1 from suggested to recommended dependency
  * Enabled the APR tests
  * Fixed the test failure with TestStandardContextAliases
  * Added a link to the Tomcat 8.5 migration guide in README.Debian
  * Adapted debian/orig-tar.sh to download the 8.5.x releases

Author: Emmanuel Bourg
Author Date: 2016-11-17 22:54:35 UTC

Import patches-applied version 8.5.8-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4eca5cbc62672d48bf49e35b10eb60e742c8e903
Unapplied parent: 07482e5cf8232cd526e5a45279494b31340dcdd9

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Tomcat no longer builds tomcat-embed-logging-juli.jar
    - Updated the policy files
    - Added a NEWS file detailing the major changes in Tomcat 8.5.x
  * Enabled the APR library loading by default (required for HTTP/2 support)
  * Promoted libtcnative-1 from suggested to recommended dependency
  * Enabled the APR tests
  * Fixed the test failure with TestStandardContextAliases
  * Added a link to the Tomcat 8.5 migration guide in README.Debian
  * Adapted debian/orig-tar.sh to download the 8.5.x releases

Author: Emmanuel Bourg
Author Date: 2016-09-19 07:37:33 UTC

Import patches-unapplied version 8.0.37-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 37f9d4084595f74b686aa400d6d76ef1e4c10d3f

New changelog entries:
  * Team upload.
  * New upstream release
  * Removed 0001-set-UTF-8-as-default-character-encoding.patch (fixed upstream)

Author: Emmanuel Bourg
Author Date: 2016-09-19 07:37:33 UTC

Import patches-applied version 8.0.37-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: a51097c2c683da12a1ffc5674a5ca80903b7ae3a
Unapplied parent: b26a373625d1c196dd88b8df19cfb0780ed7845d

New changelog entries:
  * Team upload.
  * New upstream release
  * Removed 0001-set-UTF-8-as-default-character-encoding.patch (fixed upstream)

Author: Nish Aravamudan
Author Date: 2016-02-05 08:20:39 UTC

Import patches-applied version 8.0.32-1ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 73754489910c3f366987c5f96e446dd1b3e0069b
Unapplied parent: 00579dc1bbd12094720bcf702bcd46cba0ecb519

New changelog entries:
  * Prepare to promote tomcat8 to main (LP: #1539903).
    - debian/control, 0021-ubuntu-mainize-build-xml.patch: Remove
      build-dependencies on libobjenesis-java and libeasymock-java, and skip
      tests that rely on the functionality they provide.

Author: Nish Aravamudan
Author Date: 2016-02-05 08:20:39 UTC

Import patches-unapplied version 8.0.32-1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: bc20583702224592a930e782e88b0882f6d88c5f

New changelog entries:
  * Prepare to promote tomcat8 to main (LP: #1539903).
    - debian/control, 0021-ubuntu-mainize-build-xml.patch: Remove
      build-dependencies on libobjenesis-java and libeasymock-java, and skip
      tests that rely on the functionality they provide.

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-unapplied version 8.0.14-1+deb8u1build0.15.04.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: a17d5399a1220bca1c28c711e582024bb79e8ece

New changelog entries:
  * fake sync from Debian

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

Author: Tyler Hicks
Author Date: 2016-01-04 17:18:56 UTC

Import patches-applied version 8.0.14-1+deb8u1build0.15.04.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 46adaaf5f2bba949b1927fad662ffad5ff3ce160
Unapplied parent: 7a61a894b423f1ca4865dee4f4ee2ade0b475eff

New changelog entries:
  * fake sync from Debian

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-applied version 8.0.26-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 056408e04fc5ad5c0c304f450b85aa2b2b93c5f8
Unapplied parent: 4ce542994dc1ec9d63ecbcbed0b4f6462227a9f5

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

Author: Emmanuel Bourg
Author Date: 2015-08-23 22:30:40 UTC

Import patches-unapplied version 8.0.26-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f73ca1aa93c7c8e37f985bebb22ddf4806999cb

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat8/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-unapplied version 8.0.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2fab781499f33207ae62a7c84933b276b6858206

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-applied version 8.0.14-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c73f8148e450648f03ff6659b2e937169ad525c4
Unapplied parent: 19db1857b25ff32994e9f3718eae2c4e4cdc70a6

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-unapplied version 8.0.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2fab781499f33207ae62a7c84933b276b6858206

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

Author: Emmanuel Bourg
Author Date: 2014-09-29 11:23:43 UTC

Import patches-applied version 8.0.14-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c73f8148e450648f03ff6659b2e937169ad525c4
Unapplied parent: 19db1857b25ff32994e9f3718eae2c4e4cdc70a6

New changelog entries:
  * New upstream release
    - Refreshed the patches
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-applied version 8.0.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: df6494fb3d6fd99fb09027b5c8cd9afc8c72eafa
Unapplied parent: e37689e14118f975fd74dde85a4da72a159e37e9

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-applied version 8.0.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: df6494fb3d6fd99fb09027b5c8cd9afc8c72eafa
Unapplied parent: e37689e14118f975fd74dde85a4da72a159e37e9

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-applied version 8.0.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: df6494fb3d6fd99fb09027b5c8cd9afc8c72eafa
Unapplied parent: e37689e14118f975fd74dde85a4da72a159e37e9

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.

Author: Emmanuel Bourg
Author Date: 2014-06-24 19:28:37 UTC

Import patches-unapplied version 8.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8b6dc216e873a5612c72aed9908dd8a818f7d496

New changelog entries:
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
  * Search for OpenJDK 8 and Oracle JDKs when starting the server
  * Removed the dependency on the non existent java-7-runtime package
  * Fixed a link still pointing to the Tomcat 7 documentation in README.Debian
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Update README.Debian with information about migration guides.