lp:ubuntu/hardy-security/tomcat5.5
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/tomcat5.5
Branch merges
Related source package recipes
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 11. By James Page
-
* SECURITY UPDATE: Apache Tomcat Authentication bypass and information
disclosure (LP: #843701).
- connectors/jk/java/ org/apache/ coyote/ ajp/AjpAprProce ssor.java: Prevent AJP
request forgery via unread request body packet - upstream patch from Mark
Thomas
- http://svn.apache. org/viewvc? view=revision& revision= 1162960
- CVE-2011-3190 - 10. By Thierry Carrez
-
* SECURITY UPDATE: Fix information disclosure vulnerability that allowed to
access unauthorized content, fix directory traversal vulnerability that
could on specific configurations lead to the disclosure of sensitive
files, and fix two cross-site-scripting issues that could result in
arbitrary content being injected into the HTTP response.
* Security patches from upstream SVN, applied inline
(LP: #256802, LP: #256922, LP: #256926, LP: #270553)
* References
CVE-2008-1232
CVE-2008-1947
CVE-2008-2370
CVE-2008-2938 - 9. By Matti Lindell <email address hidden>
-
* Merge from Debian unstable (LP: #153672, LP: #159661, LP: #161882,
LP: #173692, LP: #179491), remaining changes:
- debian/control: Change the Maintainer address.
- debian/rules: Force flag passed to rm to `prune files that should not be
installed at all'. - 8. By Philipp Kern
-
* Merged from Debian revision 5.5.25-1; remaining Ubuntu changes:
- Modified build-deps.
- Force flag passed to rm to `prune files that should not be
installed at all'.
* This fixes CVE-2007-1355, CVS-2007-2449 and CVE-2007-2450
(LP: #150755). - 6. By Stephan Rügamer
-
* Merge from debian unstable, remaining changes:
- debian/control: Added removed (from debian) build-dep on xsltproc
* debian/control:
- Added Ubuntu MOTU Maintainer, moved old one to XSBC-Original-... - 5. By Stephan Rügamer
-
* Merge from debian unstable, remaining changes:
- debian/control: Added removed (from debian) build-dep on xsltproc - 4. By Stephan Rügamer
-
* Merge from debian unstable.
* New Ubuntu changes:
- debian/control: Added removed (from debian) build-dep on xsltproc
- debian/rules: added a -f to a rm command, which fails, when those files
are not there. - 2. By Wolfgang Baer
-
* Arnaud Vandyck <email address hidden>:
+ All the work as been done by Wolfgang to have this package in
Debian.
+ The package is now tomcat5.5 and not tomcat5.
+ Now build with gcj instead of kaffe.
+ Put cdbs and debhelper in Build-Depends.
+ Standards-Version updated to 3.7.2.
+ tomcat depends on tomcat-webapps and tomcat-admin, not only suggest
* New major upstream release
+ New source layout - adaptions all over the place
+ Ported all patches to new source layout
+ Added patch (09_UseSystemDBCP.patch) to use system dbcp instead of
repackaged tomcat stuff (naming-factory- dbcp.jar)
+ Drop now unneeded dependencies on libsaxpath-java, libjaxen-java,
libregexp-java from build-dependencies and dependencies
+ Move dependency on libcommons-collections3- java,
libcommons-fileupload- java, libcommons- beanutils- java and
libcommons-digester- java to tomcat5-admin (only needed here)
+ Move libraries around as required by new binary layout (e.g. i18n jars
into own directory)
+ Moved and linked new jars (tomcat-jkstatus- ant.jar, tomcat-juli.jar)
+ Updated 03catalina.policy to include tomcat-juli.jar, remove launcher.jar
+ Install ant task definitions with libtomcat5-java
* Remove JDK 1.3 directories from JDK_DIRS in tomcat.init (not supported)
* Updated tomcat.default to remove JDK 1.3 options
* Updated description to include host-manager, fixed URLs
* Minor updates in README.Debian
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/tomcat5.5
