ubuntu/+source/tomcat6:ubuntu/quantal-devel

Last commit made on 2013-05-29
Get this branch:
git clone -b ubuntu/quantal-devel https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/quantal-devel
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

5bbb17b... by Jamie Strandboge on 2013-05-28

Import patches-unapplied version 6.0.35-5ubuntu0.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 32ca89b725ef4f08aa0e63a3b2f166179ee6ae79

New changelog entries:
  [ Christian Kuersteiner ]
  * SECURITY UPDATE: denial of service via large header data
    - debian/patches/0012-CVE-2012-2733.patch: improve size logic in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2012-2733
    - LP: #1166649
  * SECURITY UPDATE: security-constraint bypass with FORM auth
    - debian/patches/CVE-2012-3546.patch: remove unneeded code in
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2012-3546
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431
  * SECURITY UPDATE: denial of service with NIO connector
    - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
      in java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2012-4534
  [ Jamie Strandboge ]
  * SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
    - debian/patches/0013-CVE-2012-588x.patch: disable caching of an
      authenticated user in the session by default, track server rather
      than client nonces, better handling of stale nonce values in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java.
      Patch from Marc Deslauriers.
    - CVE-2012-3439
    - CVE-2012-5885
    - CVE-2012-5886
    - CVE-2012-5887
  * SECURITY UPDATE: denial of service via chunked transfer encoding
    - debian/patches/CVE-2012-3544.patch: properly parse CRLF in requests
      in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java.
      Patch from Marc Deslauriers.
    - CVE-2012-3544
  * SECURITY UPDATE: FORM authentication request injection
    - debian/patches/CVE-2013-2067.patch: properly change session ID
      in java/org/apache/catalina/authenticator/FormAuthenticator.java.
      Patch from Marc Deslauriers.
    - CVE-2013-2067

32ca89b... by Tony Mancill on 2012-08-07

Import patches-unapplied version 6.0.35-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 861aade8a99ecb61218e96ec98133a5776526071

New changelog entries:
  * Apply patch to README.Debian to explain setting the HTTPOnly flag
    in cookies by default; CVE-2010-4312. (Closes: #608286)
    - Thank you to Thijs Kinkhorst for the patch.
  * Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid
    updating the shipped conffile. (Closes: #687818)

861aade... by Miguel Landaeta <email address hidden> on 2012-06-17

Import patches-unapplied version 6.0.35-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b5814ad2b4ae12770412630fce0839f5580fb2c8

New changelog entries:
  [ tony mancill ]
  * Team upload.
  * Apply patch from James Page (Closes: #671373)
    - d/tomcat6-instance-create: Quote access to files and directories
      so that spaces can be used when creating user instances.
    - d/tomcat6.init: Make NAME dynamic, to allow starting multiple
      instances. (Closes: #299635)
  [ Miguel Landaeta ]
  * Add Slovak debconf translation (Closes: #677912).
    - Thanks to Ivan Masár.

b5814ad... by Tony Mancill on 2012-04-14

Import patches-unapplied version 6.0.35-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 16d272edeee58af0118281744f179a86f22bb3e5

New changelog entries:
  [ Miguel Landaeta ]
  * Add Replaces and Conflicts for libservlet2.5-java to overwrite files
    in libservlet2.4-java. (Closes: #666256).
  [ tony mancill ]
  * Add libservlet2.4-java transitional package.
  * Remove /etc/authbind/byuid, /etc/authbind in postrm. (Closes: #668761)
  * Add 0011-CVE-2012-0022-regression-fix.patch. (Closes: #659748)
    - Thank you to Marc Deslauriers

16d272e... by Tony Mancill on 2012-03-29

Import patches-unapplied version 6.0.35-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 20976907001cbebb0bd47a3388dc33ded0eb52cb

New changelog entries:
  [ tony mancill ]
  * Remove Michael Koch from Uploaders. (Closes: #654136)
  * Add Turkish debconf translation (Closes: #664072)
    - Thanks to Atila KOÇ
  * Remove libservlet2.5-doc dependency on libservlet2.5.
  [ Miguel Landaeta ]
  * Bump Standards-Version to 3.9.3. No changes were required.
  * Provide 'debian' version symlink for Maven artifacts. (Closes: #665393).
  [ tony mancill ]
  *

2097690... by Tony Mancill on 2011-12-13

Import patches-unapplied version 6.0.35-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2f2ebb09c4118908b38813a2fa46fe265b5880e6

New changelog entries:
  [ Miguel Landaeta ]
  * New upstream release.
  * Add myself to Uploaders.
  * Remove 0013-CVE-2011-3190.patch since it was included upstream.
  * Add mh_clean call in clean target.
  * Fix error in debian/rules that caused tomcat to report no version.
    Thanks to Jorge Barreiro for the patch. (Closes: #650656).
  [ tony mancill ]
  * Update Vcs-* fields in debian/control for switch to git.
  * Update to run with openjdk-7 and openjdk-6 when not default-jdk is
    not present. (Closes: #651448)
  * Allow java?-runtime-headless to satisfy Depends.
  * Add myself to Uploaders.

2f2ebb0... by Tony Mancill on 2011-11-29

Import patches-unapplied version 6.0.33-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 27454480616454a909a041a24370a892409a59a1

New changelog entries:
  * Team upload.
  * New upstream release.
  * Remove the following patches (included upstream):
    - 0011-623242.patch
    - 0012-CVE-2011-2204.patch
    - 0015-CVE-2011-2526.patch
    - 0014-CVE-2011-1184.patch
  * Add patch for multi-instance startup. CATALINA_HOME no longer
    depends on the instance $NAME. JVM_TMP is now $NAME-specific.
    - Thank you to Julien Wajsberg. (Closes: #644365)
  * Add dependency on JRE to tomcat6-common (Closes: #644340)
  * Modify init script to look for JVM in /usr/lib/jvm/default-java

2745448... by Tony Mancill on 2011-11-08

Import patches-unapplied version 6.0.32-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a7440ec7f20e37d27eade521279c5d43a59792f0

New changelog entries:
  [ tony mancill ]
  * Team upload.
  * Add "unset LC_ALL" to /etc/defaults/tomcat6 to prevent user
    environment settings from leaking into the servlet container.
    - Thank you to Nicolas Pichon. (Closes: #645221)
  * Apply patch for CVE-2011-1184 and CVE-2011-2526.
    - Thank you to Marc Deslauriers. (Closes: #648038)
  [ Niels Thykier ]
  * Added build-arch and build-indep targets in d/rules.

a7440ec... by Tony Mancill on 2011-09-17

Import patches-unapplied version 6.0.32-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: be9c309ec65e1edd53c0c78e7bdb7ae42d7d0d4d

New changelog entries:
  [ tony mancill ]
  * Team upload.
  * Update Korean debconf translation. (Closes: #630950, 631482)
    Thanks to si-cheol Ko.
  * Add Dutch debconf translation. (Closes: #637507)
    Thanks to Jeroen Schot.
  [ Niels Thykier ]
  * Removed myself from uploaders.
  [ James Page ]
  * Added patch for CVE-2011-3190 (LP: #843701).

be9c309... by Tony Mancill on 2011-07-07

Import patches-unapplied version 6.0.32-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2e4ff53840388dab99f430e88c7b3082b9aaf222

New changelog entries:
  * Team upload.
  * Add Catalan debconf translation ca.po (Closes: #630073).
  * Correct Suggests for libtcnative-1 (tomcat-native) (Closes: #631919)
  * Add patch for CVE-2011-2204 (Closes: #632882)