Ubuntu
tomcat7 package

lp:ubuntu/saucy-security/tomcat7

  1. Saucy (13.10)
  2. saucy-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/saucy-security/tomcat7
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

29. By Marc Deslauriers

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050

28. By Gianfranco Costamagna

[ Gianfranco Costamagna ]
* Team upload.
* New upstream release.
* Added libhamcrest-java >= 1.3 as build-dep,
  tweaked debian/rules.
* Bumped compat level to 9.
* Removed some version checks, newer releases already in oldstable.
* Refresh patches.
* debian/control: changed Vcs-Git and Vcs-Browser fields,
  now they are canonical.
* Fixed error message in Tomcat init script,
  patch by Thijs Kinkhorst (Closes: #714348)

27. By Jakub Adam

* Fix deployment of POMs for libservlet-3.0-java JARs into javax
  coordinates.
  - JARs were deployed into maven-repo, but not POMs.
* Fix servlet-api groupId in d/javaxpoms/jsp-api.pom.

26. By Miguel Landaeta

* New upstream release.
  - Addresses security issue: CVE-2013-2071
* Refresh patches:
  - 0015_disable_test_TestCometProcessor.patch

25. By James Page

* Fix FTBFS due to expired test certificates (LP: #1166187):
  - d/keystores/*.jks: Newer keystores from upstream 7.0.39.
  - d/rules: Install newer keystores for testing, tidy up after use.
  - d/p/0018-update-test-certificates.patch: Cherry picked fixes from
    upstream VCS to update text based certificates.

24. By James Page

Switch from Commons DBCP to Tomcat JDBC Pool as default connection
pool implementation (Closes: #701023).

23. By James Page

* Merge from Debian experimental, remaining changes:
  + Enabled Tomcat jdbc-pool module, aligning more closely to upstream and
    providing improved multi-threaded performance over commons-dbcp:
    - d/rules,d/libtomcat7-java.poms: Install tomcat-dbcp.jar file.
    - d/patches/0005-change-default-DBCP-factory-class.patch: Drop patch
      which switches the default DBCP factory to commons-dbcp.
    - d/p/0015-use-jdbc-pool-default.patch: Make jdbc-pool module the
      default pool implementation for DataSources.
    - d/NEWS: let users know about this change.
* Dropped changes, included in Debian:
  - d/p/0014-fix-override.patch: Fix FTBFS due to differing dependency
    versions compared to upstream.

22. By James Page

* New upstream release.
  - d/p/0014-fix-override.patch: Fix FTBFS due to differing dependency
    versions compared to upstream.
* d/p/0015-use-jdbc-pool-default.patch: Make jdbc-pool module the default
  pool implementation for DataSources (LP: #1071817).

21. By James Page

* New upstream point release including several fixes for Java 7
  specific issues.
* Refreshed patches.

20. By James Page

* Re-sync with Debian unstable.
* New upstream release:
  - Refreshed patches.
* Enabled Tomcat jdbc-pool module, aligning more closely to upstream and
  providing improved multi-threaded performance over commons-dbcp:
  - d/rules,d/libtomcat7-java.poms: Install tomcat-dbcp.jar file.
  - d/patches/0005-change-default-DBCP-factory-class.patch: Drop patch
    which switches the default DBCP factory to commons-dbcp.
  - d/NEWS: let users know about this change.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/trusty/tomcat7
This branch contains Public information 
Everyone can see this information.

Subscribers