ubuntu/+source/tomcat6:ubuntu/natty-security

Last commit made on 2012-01-26
Get this branch:
git clone -b ubuntu/natty-security https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/natty-security
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

f32d4dd... by Marc Deslauriers on 2012-01-25

Import patches-unapplied version 6.0.28-10ubuntu2.3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: d6e04c0d430782b052e3f7772ca95caacaa0531d

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

d6e04c0... by Marc Deslauriers on 2011-09-26

Import patches-unapplied version 6.0.28-10ubuntu2.2 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: c053f503678b816f45ee778685539ca7677ffbb7

New changelog entries:
  * SECURITY UPDATE: information disclosure via log file
    - debian/patches/0015-CVE-2011-2204.patch: fix logging in
      java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java,
      java/org/apache/catalina/users/MemoryUserDatabase.java,
      java/org/apache/catalina/users/MemoryUser.java.
    - CVE-2011-2204
  * SECURITY UPDATE: file restriction bypass or denial of service via
    untrusted web application.
    - debian/patches/0016-CVE-2011-2526.patch: check canonical name in
      java/org/apache/catalina/connector/LocalStrings.properties,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2011-2526
  * SECURITY UPDATE: AJP request spoofing and authentication bypass
    (LP: #843701)
    - debian/patches/0017-CVE-2011-3190.patch: Properly handle request
      bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java,
      java/org/apache/coyote/ajp/AjpProcessor.java.
    - CVE-2011-3190
  * SECURITY UPDATE: HTTP DIGEST authentication weaknesses
    - debian/patches/0018-CVE-2011-1184.patch: add new nonce options in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java,
      java/org/apache/catalina/authenticator/LocalStrings.properties,
      java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
      java/org/apache/catalina/realm/RealmBase.java,
      webapps/docs/config/valve.xml.
    - CVE-2011-1184

c053f50... by Abhinav Upadhyay on 2011-03-11

Import patches-unapplied version 6.0.28-10ubuntu2 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: ecfd54e3f038ea76d6572f725ddf2df02ac8b843

New changelog entries:
  * debian/tomcat6-instance-create: Eclipse can now be configured to use a user instance
    of tomcat6 using tomcat6-instance-create without any additional work.
    tomcat6-instance-create will setup all the necessary symlinks to make eclipse work.
    (Closes: #551091) (LP: #297675)

ecfd54e... by Abhinav Upadhyay on 2011-03-07

Import patches-unapplied version 6.0.28-10ubuntu1 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: a3f480fc8eeaf1360f2ac5a374d7a29eeb59d7e8

New changelog entries:
  [ Abhinav Upadhyay ]
  * tomcat6-instance-create should accept -1 as the value of -c option
    as per http://tomcat.apache.org/tomcat-6.0-doc/config/server.html
    (LP: #707405)
  [ Dave Walker (Daviey) ]
  * debian/control: Updated Maintainer as per policy.

a3f480f... by Tony Mancill on 2011-02-10

Import patches-unapplied version 6.0.28-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: de3567263e65d88dbef6d96a8d634c4d7ef126bf

New changelog entries:
  * Team upload.
  * Add Portuguese/Brazilian debconf translation.
    Thanks to José de Figueiredo (Closes: #608527)
  * Add patches for CVE-2011-0534, CVE-2010-3718, CVE-2011-0013
    (Closes: #612257)

de35672... by Tony Mancill on 2010-12-10

Import patches-unapplied version 6.0.28-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e50290e2aa2dc57ab7d05b9f98737d0070d1c7b2

New changelog entries:
  * Team upload.
  * Update URL for manager application in README.Debian
    Thanks to Ernesto Ongaro (Closes: #606170)
  * Add patch for CVE-2010-4172. (Closes: #606388)

e50290e... by Tony Mancill on 2010-12-05

Import patches-unapplied version 6.0.28-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8a1dd0a0bed48f06ac8115f7411e0f1ae1b95341

New changelog entries:
  * Team upload.
  [ Thierry Carrez (ttx) ]
  * Do not fail to purge if /etc/tomcat6 was manually removed (LP: #648619)
  * Add missing -p option in start-stop-daemon when starting tomcat6 to avoid
    failing to start due to /bin/bash running (LP: #632554)
  * Fix build failure (missing TraXLiaison class) by adding ant-nodeps
    to the classpath.
  [ tony mancill ]
  * Use debconf to determine tomcat6 user and group to delete upon purge.
    Thanks to Misha Koshelev. (Closes: #599458)
  * Add tomcat-native to Suggests: for tomcat6 binary package.
    Thanks to Eddy Petrisor (Closes: #600590)
  * Add Danish debconf template translation.
    Thanks to Joe Dalton (Closes: #605070)
  * Actually add the Czech debconf template translation.
    Thanks this time to Christian PERRIER (Closes: #597863)

8a1dd0a... by Tony Mancill on 2010-10-06

Import patches-unapplied version 6.0.28-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fa50b9d2248eeed51201e5a39486e9844b4f0395

New changelog entries:
  * Team upload.
  * Add Czech debconf template translation.
    Thanks to Michal Simunek. (Closes: #597863)
  * Add Spanish debconf template translation.
    Thanks to Javier Fernández-Sanguino (Closes: #599230)
  * Modify postinst to handle JAVA_OPTS strings containing the '/'
    character. This was causing upgrade failures for users.
    (Closes: #597814)

fa50b9d... by Tony Mancill on 2010-09-18

Import patches-unapplied version 6.0.28-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 63bba426efd5e8c894e6fd3d805d13a94990135f

New changelog entries:
  * Team upload.
  * Add Japanese debconf template translation.
    Thanks to Hideki Yamane. (Closes: #595460)
  * Add Russian debconf template translation.
    Thanks to Yuri Kozlov. (Closes: #592627)
  * Add Portuguese debconf template translation.
    Thanks to Américo Monteiro. (Closes: #592655)
  * Add Swedish debconf template translation.
    Thanks to Martin Bagge. (Closes: #593676)
  * Add German debconf template translation.
    Thanks to Holger Wansing. (Closes: #593200)

63bba42... by Tony Mancill on 2010-09-03

Import patches-unapplied version 6.0.28-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 23fb82a44b055d8daf746b3c943f0d0e359041c5

New changelog entries:
  * Team upload.
  [Thierry Carrez (ttx)]
  * Check for group existence to avoid postinst failure (LP: #611721)
  [tony mancill]
  * Add French debconf template translation.
    Thanks to Steve Petruzzello. (Closes: #594313)