ubuntu/+source/tomcat6:ubuntu/oneiric-updates

Last commit made on 2013-01-14
Get this branch:
git clone -b ubuntu/oneiric-updates https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/oneiric-updates
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

ff1a39e... by Marc Deslauriers on 2013-01-10

Import patches-unapplied version 6.0.32-5ubuntu1.4 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 2882574aaa0acbb1a86a0b18bc690368ce407808

New changelog entries:
  * SECURITY UPDATE: security-constraint bypass with FORM auth
    - debian/patches/CVE-2012-3546.patch: remove unneeded code in
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2012-3546
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431
  * SECURITY UPDATE: denial of service with NIO connector
    - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
      in java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2012-4534

2882574... by Marc Deslauriers on 2012-11-21

Import patches-unapplied version 6.0.32-5ubuntu1.3 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6651eab3596129ea930505446fcdc505b69f1c24

New changelog entries:
  * SECURITY UPDATE: denial of service via large header data
    - debian/patches/0012-CVE-2012-2733.patch: improve size logic in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2012-2733
  * SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
    - debian/patches/0013-CVE-2012-588x.patch: disable caching of an
      authenticated user in the session by default, track server rather
      than client nonces, better handling of stale nonce values in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java.
    - CVE-2012-3439
    - CVE-2012-5885
    - CVE-2012-5886
    - CVE-2012-5887

6651eab... by Marc Deslauriers on 2012-01-25

Import patches-unapplied version 6.0.32-5ubuntu1.2 to ubuntu/oneiric-proposed

Imported using git-ubuntu import.

Changelog parent: 20bc1ca541763a28ed27b504f978caae11bbfff1

New changelog entries:
  * SECURITY UPDATE: cross-request information leakage
    - debian/patches/0016-CVE-2011-3375.patch: ensure that the request and
      response objects are recycled after being re-populated in
      java/org/apache/catalina/connector/CoyoteAdapter.java,
      java/org/apache/coyote/ajp/AjpAprProcessor.java,
      java/org/apache/coyote/ajp/AjpProcessor.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/coyote/http11/Http11Processor.java.
    - CVE-2011-3375
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FilterBase.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/filter.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

20bc1ca... by Marc Deslauriers on 2011-10-13

Import patches-unapplied version 6.0.32-5ubuntu1.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: d13c2344b51ae9a06fc09977ac30dcf41e6a3a6a

New changelog entries:
  * SECURITY UPDATE: HTTP DIGEST authentication weaknesses
    - debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java,
      java/org/apache/catalina/authenticator/LocalStrings.properties,
      java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
      java/org/apache/catalina/realm/RealmBase.java,
      webapps/docs/config/valve.xml.
    - CVE-2011-1184
  * SECURITY UPDATE: file restriction bypass or denial of service via
    untrusted web application.
    - debian/patches/0015-CVE-2011-2526.patch: check canonical name in
      java/org/apache/catalina/connector/LocalStrings.properties,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2011-2526

d13c234... by James Page on 2011-09-08

Import patches-unapplied version 6.0.32-5ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: be9c309ec65e1edd53c0c78e7bdb7ae42d7d0d4d

New changelog entries:
  * Added patch for CVE-2011-3190 (LP: #843701).

be9c309... by Tony Mancill on 2011-07-07

Import patches-unapplied version 6.0.32-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2e4ff53840388dab99f430e88c7b3082b9aaf222

New changelog entries:
  * Team upload.
  * Add Catalan debconf translation ca.po (Closes: #630073).
  * Correct Suggests for libtcnative-1 (tomcat-native) (Closes: #631919)
  * Add patch for CVE-2011-2204 (Closes: #632882)

2e4ff53... by Tony Mancill on 2011-06-09

Import patches-unapplied version 6.0.32-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 200ecded9e0bddc7e15a4a96ba34404ccae27cb2

New changelog entries:
  * Team upload.
  * Add Italian debconf translation.
    Thanks to Dario Santamaria (Closes: #624376)
  * Add logrotate for catalina.out (Closes: 607050)
  * Bump standards version to 3.9.2 (no changes needed).

200ecde... by Tony Mancill on 2011-04-19

Import patches-unapplied version 6.0.32-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 49275fe66e7b6b7e331cf40f0ef35fd88af92af0

New changelog entries:
  * Team upload.
  * Include upstream patch for ASF Bugzilla - Bug 50700
    (Context parameters are being overridden with parameters from the
     web application deployment descriptor) (Closes: #623242)

49275fe... by Tony Mancill on 2011-04-04

Import patches-unapplied version 6.0.32-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4c82841474776441e2ee48acec5f485fc8586630

New changelog entries:
  * Team upload.
  [ tony mancill ]
  * Patch debian/tomcat6-instance-create (LP: #707405)
    tomcat6-instance-create should accept -1 as the value of -c option
    as per http://tomcat.apache.org/tomcat-6.0-doc/config/server.html
    Thanks to Dave Walker. (Closes: #617553)
  * Move tomcat6-instance-create manpage from section 2 to section 8.
    Thanks to brian m. carlson (Closes: #607682)
  * Add tomcat6-extras package.
    Currently includes only catalina-jmx-remote.jar (Closes: #614333)
  [ Thierry Carrez ]
  * debian/tomcat6-instance-create: Eclipse can now be configured to use a
    user instance of tomcat6 using tomcat6-instance-create without any
    additional work. Patch from Abhinav Upadhyay (Closes: #551091, LP: #297675)

4c82841... by Tony Mancill on 2011-02-16

Import patches-unapplied version 6.0.32-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a3f480fc8eeaf1360f2ac5a374d7a29eeb59d7e8

New changelog entries:
  * Team upload.
  * New upstream release
  * Remove following patches applied upstream:
    CVE-2010-4172, CVE-2011-0534, CVE-2010-3718, CVE-2011-0013,
    0009-allow-empty-PID-file.patch
  * Adjust 0004-split-deploy-webapps-target-from-deploy-target.patch