lp:ubuntu/saucy-security/tomcat7
- Get this branch:
- bzr branch lp:ubuntu/saucy-security/tomcat7
Branch merges
Branch information
Recent revisions
- 29. By Marc Deslauriers
-
* SECURITY UPDATE: request smuggling attack via content-length headers
- debian/patches/ CVE-2013- 4286.patch: use long as content length in
java/org/apache/ coyote/ Request. java, handle multiple content lengths
in java/org/apache/ coyote/ ajp/AbstractAjp Processor. java, handle
content length and chunked encoding being both specified in
java/org/apache/ coyote/ http11/ AbstractHttp11P rocessor. java.
- CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
- debian/patches/ CVE-2013- 4322.patch: enforce maximum size in
java/org/apache/ coyote/ http11/ {AbstractHttp11 Processor. java,
AbstractHttp11Protocol. java, Http11AprProces sor.java,
Http11AprProtocol. java, Http11NioProces sor.java,
Http11NioProtocol. java, Http11Processor .java, Http11Protocol. java},
java/org/apache/ coyote/ http11/ filters/ ChunkedInputFil ter.java,
test/org/apache/ coyote/ http11/ filters/ TestChunkedInpu tFilter. java,
webapps/docs/config/ http.xml.
- CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
- debian/patches/ CVE-2014- 0050.patch: validate sizes in
java/org/apache/ tomcat/ util/http/ fileupload/ FileUploadBase. java,
java/org/apache/ tomcat/ util/http/ fileupload/ MultipartStream .java.
- CVE-2014-0050 - 28. By Gianfranco Costamagna
-
[ Gianfranco Costamagna ]
* Team upload.
* New upstream release.
* Added libhamcrest-java >= 1.3 as build-dep,
tweaked debian/rules.
* Bumped compat level to 9.
* Removed some version checks, newer releases already in oldstable.
* Refresh patches.
* debian/control: changed Vcs-Git and Vcs-Browser fields,
now they are canonical.
* Fixed error message in Tomcat init script,
patch by Thijs Kinkhorst (Closes: #714348) - 27. By Jakub Adam
-
* Fix deployment of POMs for libservlet-3.0-java JARs into javax
coordinates.
- JARs were deployed into maven-repo, but not POMs.
* Fix servlet-api groupId in d/javaxpoms/jsp-api. pom. - 26. By Miguel Landaeta
-
* New upstream release.
- Addresses security issue: CVE-2013-2071
* Refresh patches:
- 0015_disable_test_TestCometP rocessor. patch - 25. By James Page
-
* Fix FTBFS due to expired test certificates (LP: #1166187):
- d/keystores/*.jks: Newer keystores from upstream 7.0.39.
- d/rules: Install newer keystores for testing, tidy up after use.
- d/p/0018-update- test-certificat es.patch: Cherry picked fixes from
upstream VCS to update text based certificates. - 24. By James Page
-
Switch from Commons DBCP to Tomcat JDBC Pool as default connection
pool implementation (Closes: #701023). - 23. By James Page
-
* Merge from Debian experimental, remaining changes:
+ Enabled Tomcat jdbc-pool module, aligning more closely to upstream and
providing improved multi-threaded performance over commons-dbcp:
- d/rules,d/libtomcat7- java.poms: Install tomcat-dbcp.jar file.
- d/patches/0005-change- default- DBCP-factory- class.patch: Drop patch
which switches the default DBCP factory to commons-dbcp.
- d/p/0015-use-jdbc- pool-default. patch: Make jdbc-pool module the
default pool implementation for DataSources.
- d/NEWS: let users know about this change.
* Dropped changes, included in Debian:
- d/p/0014-fix-override. patch: Fix FTBFS due to differing dependency
versions compared to upstream. - 22. By James Page
-
* New upstream release.
- d/p/0014-fix-override. patch: Fix FTBFS due to differing dependency
versions compared to upstream.
* d/p/0015-use-jdbc- pool-default. patch: Make jdbc-pool module the default
pool implementation for DataSources (LP: #1071817). - 21. By James Page
-
* New upstream point release including several fixes for Java 7
specific issues.
* Refreshed patches. - 20. By James Page
-
* Re-sync with Debian unstable.
* New upstream release:
- Refreshed patches.
* Enabled Tomcat jdbc-pool module, aligning more closely to upstream and
providing improved multi-threaded performance over commons-dbcp:
- d/rules,d/libtomcat7- java.poms: Install tomcat-dbcp.jar file.
- d/patches/0005-change- default- DBCP-factory- class.patch: Drop patch
which switches the default DBCP factory to commons-dbcp.
- d/NEWS: let users know about this change.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/tomcat7