ubuntu/+source/tomcat8:ubuntu/artful

Last commit made on 2017-10-13
Get this branch:
git clone -b ubuntu/artful https://git.launchpad.net/ubuntu/+source/tomcat8
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/artful
Repository:
lp:ubuntu/+source/tomcat8

Recent commits

1313f8e... by Robie Basak on 2017-10-13

Import patches-unapplied version 8.5.21-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0043fa8fb52ee4ad9afb9be91cd75d3617fe5f3e

New changelog entries:
  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

0043fa8... by Emmanuel Bourg on 2017-09-20

Import patches-unapplied version 8.5.21-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 62c00ed1740ebc10666c320ca30f36e9797a1120

New changelog entries:
  * Team upload.
  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
    - Disabled Checkstyle
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)
  [ Miguel Landaeta ]
  * Remove myself from uploaders. (Closes: #871892)
  * Update copyright info.

62c00ed... by Emmanuel Bourg on 2017-06-26

Import patches-unapplied version 8.5.16-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1169300911a32cabd907fd04393b8bb89f16ba7b

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Standards-Version updated to 4.0.0

1169300... by Emmanuel Bourg on 2017-06-21

Import patches-unapplied version 8.5.15-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2e47474f21419db2c834f9d09eed5782800ce0f0

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches

2e47474... by Emmanuel Bourg on 2017-06-08

Import patches-unapplied version 8.5.14-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: de3157e6b34660fc981eff4817f1d37506d0fdd5

New changelog entries:
  * Team upload.
  * Fixed CVE-2017-5664: Static error pages can be overwritten if the
    DefaultServlet is configured to permit writes (Closes: #864447)

de3157e... by Emmanuel Bourg on 2017-05-07

Import patches-unapplied version 8.5.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 36615142f4518f90e94fb2cc2daba14d5ffbd0b8

New changelog entries:
  * Team upload.
  * New upstream release
    - Removed the CVE patches (fixed in this release)

3661514... by Emmanuel Bourg on 2017-04-18

Import patches-unapplied version 8.5.12-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f507e3a41c8307a532143533bb77e3cd8a58d3cd

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches

f507e3a... by Markus Koschany <email address hidden> on 2017-04-12

Import patches-unapplied version 8.5.11-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ba9e065ef06735172c9cbc6c578a4f4821b8cc75

New changelog entries:
  * Team upload.
  * Fix the following security vulnerabilities (Closes: #860068):
    Thanks to Salvatore Bonaccorso for the report.
   - CVE-2017-5647:
     A bug in the handling of the pipelined requests when send file was used
     resulted in the pipelined request being lost when send file processing of
     the previous request completed. This could result in responses appearing
     to be sent for the wrong request. For example, a user agent that sent
     requests A, B and C could see the correct response for request A, the
     response for request C for request B and no response for request C.
   - CVE-2017-5648:
     It was noticed that some calls to application listeners did not use the
     appropriate facade object. When running an untrusted application under a
     SecurityManager, it was therefore possible for that untrusted application
     to retain a reference to the request or response object and thereby access
     and/or modify information associated with another web application.
   - CVE-2017-5650:
     The handling of an HTTP/2 GOAWAY frame for a connection did not close
     streams associated with that connection that were currently waiting for a
     WINDOW_UPDATE before allowing the application to write more data. These
     waiting streams each consumed a thread. A malicious client could therefore
     construct a series of HTTP/2 requests that would consume all available
     processing threads.
   - CVE-2017-5651:
     The refactoring of the HTTP connectors for 8.5.x onwards, introduced a
     regression in the send file processing. If the send file processing
     completed quickly, it was possible for the Processor to be added to the
     processor cache twice. This could result in the same Processor being used
     for multiple requests which in turn could lead to unexpected errors and/or
     response mix-up.
  * debian/control: tomcat8: Fix Lintian error and depend on lsb-base.

ba9e065... by Emmanuel Bourg on 2017-01-17

Import patches-unapplied version 8.5.11-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f8677af77d14606c5288d149ac8cf856c9afdea2

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Recommend Java 8 in /etc/default/tomcat8

f8677af... by Emmanuel Bourg on 2016-12-19

Import patches-unapplied version 8.5.9-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 08831acf08d605ef49c65264d06a268f6b87ea47

New changelog entries:
  * Team upload.
  * Require Java 8 or higher (Closes: #848612)