ubuntu/+source/tomcat7:ubuntu/saucy-security

Last commit made on 2014-03-06
Get this branch:
git clone -b ubuntu/saucy-security https://git.launchpad.net/ubuntu/+source/tomcat7
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/saucy-security
Repository:
lp:ubuntu/+source/tomcat7

Recent commits

1cfd808... by Marc Deslauriers on 2014-03-04

Import patches-unapplied version 7.0.42-1ubuntu0.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: f98a19bf398ea850a73fb501d99c91e3f6e4fea3

New changelog entries:
  * SECURITY UPDATE: request smuggling attack via content-length headers
    - debian/patches/CVE-2013-4286.patch: use long as content length in
      java/org/apache/coyote/Request.java, handle multiple content lengths
      in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
      content length and chunked encoding being both specified in
      java/org/apache/coyote/http11/AbstractHttp11Processor.java.
    - CVE-2013-4286
  * SECURITY UPDATE: denial of service via chunked transfer coding
    - debian/patches/CVE-2013-4322.patch: enforce maximum size in
      java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
      AbstractHttp11Protocol.java, Http11AprProcessor.java,
      Http11AprProtocol.java, Http11NioProcessor.java,
      Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
      webapps/docs/config/http.xml.
    - CVE-2013-4322
  * SECURITY UPDATE: denial of service via malformed content-type header
    - debian/patches/CVE-2014-0050.patch: validate sizes in
      java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2014-0050

f98a19b... by Gianfranco Costamagna on 2013-07-16

Import patches-unapplied version 7.0.42-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fb00e5e465ce10f3f29f1f3889b629760a3f7c85

New changelog entries:
  [ Gianfranco Costamagna ]
  * Team upload.
  * New upstream release.
  * Added libhamcrest-java >= 1.3 as build-dep,
    tweaked debian/rules.
  * Bumped compat level to 9.
  * Removed some version checks, newer releases already in oldstable.
  * Refresh patches.
  * debian/control: changed Vcs-Git and Vcs-Browser fields,
    now they are canonical.
  * Fixed error message in Tomcat init script,
    patch by Thijs Kinkhorst (Closes: #714348)
  * New upstream release (Closes: #712978).
  * Refresh patches.
  * Added version check for libtcnative-1
    (Closes: #712638, lp: #1092548)

fb00e5e... by Jakub Adam on 2013-05-16

Import patches-unapplied version 7.0.40-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c605c052c9523b8c70f0daf843dfcba324b08156

New changelog entries:
  * Fix deployment of POMs for libservlet-3.0-java JARs into javax
    coordinates.
    - JARs were deployed into maven-repo, but not POMs.
  * Fix servlet-api groupId in d/javaxpoms/jsp-api.pom.

c605c05... by Miguel Landaeta on 2013-05-10

Import patches-unapplied version 7.0.40-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 20b3f62f0540b7625de8b5af546cad2664ed9e69

New changelog entries:
  * New upstream release.
    - Addresses security issue: CVE-2013-2071
  * Refresh patches:
    - 0015_disable_test_TestCometProcessor.patch

20b3f62... by Tony Mancill on 2013-05-07

Import patches-unapplied version 7.0.39-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: dbdf48824d4828f2987dcf1aaa81b153e5e7fc18

New changelog entries:
  * Upload to unstable for jessie release cycle.

dbdf488... by Miguel Landaeta on 2013-04-01

Import patches-unapplied version 7.0.39-1~exp1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 9d6236e36596267ad814163898b092335640ec28

New changelog entries:
  * New upstream release.
  * Refresh patches:
    - 0009-Use-java.security.policy-file-in-catalina.sh.patch
  * Remove patches included in the upstream release:
    - 0016_upstream_bug_54440.patch
  * Bump Standards-Version to 3.9.4. No changes were required.
  * Remove obsolete DM-Upload-Allowed field.

9d6236e... by James Page on 2013-02-24

Import patches-unapplied version 7.0.35-1~exp2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 004ca113abdb63c5e95a1819a1b895ab5af0db0d

New changelog entries:
  * Switch from Commons DBCP to Tomcat JDBC Pool as default connection
    pool implementation (Closes: #701023).

004ca11... by Tony Mancill on 2013-02-03

Import patches-unapplied version 7.0.35-1~exp1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 9763778d1342354108c40e19c91c5deec22d8ea5

New changelog entries:
  * New upstream version 7.0.35
  * Add patch to disable TestCometProcessor.testConnectionClose().
    This test fails consistently (although the Comet processor
    appears to function correctly).
  * Add patch for upstream bug 54440 (JSP compilation)

9763778... by Tony Mancill on 2013-01-02

Import patches-unapplied version 7.0.34-1~exp1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4732c5459bcdb790a2da6f69ea78f246ff3b4102

New changelog entries:
  * Upload to experimental (Vcs-Git branch is exp/master.)
  * New upstream version 7.0.34
  * remove patches included in the upstream release
    - cve-2012-3439.patch
    - cve-2012-3439-tests.patch
    - 0016-CVE-2012-4431.patch
    - 0017-CVE-2012-3546.patch
  * refresh patches
  * add /usr/lib/jvm/java-7-oracle to JDK search path
    - Thanks to Nuno Afonso. (Closes: #679012)
  * add log compression to logrotate cronjob via defaults file
    - Thanks to Thijs Kinkhorst. (Closes: #696944)
  * add distinct javax poms to install JARs using both Tomcat and javax
    coordinates (Closes: #691773)
  * update catalina.properties to expand ${catalina.home} instead of
    referencing /var/lib/tomcat7 explicitly.
    - Thanks to H.-Dirk Schmidt (Closes: #691865)

4732c54... by Tony Mancill on 2012-12-07

Import patches-unapplied version 7.0.28-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8ae5d4f828f102e4ec3755459b746eef1df461a3

New changelog entries:
  * Acknowledge NMU: 7.0.28-3+nmu1 (Closes: #692440)
    - Thank you to Michael Gilbert.
  * Add patches for the following security issues: (Closes: #695251)
    - CVE-2012-4431, CVE-2012-3546