lp://staging/ubuntu/quantal/tomcat6
- Get this branch:
- bzr branch lp://staging/ubuntu/quantal/tomcat6
Branch merges
Related source package recipes
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 49. By Tony Mancill
-
* Apply patch to README.Debian to explain setting the HTTPOnly flag
in cookies by default; CVE-2010-4312. (Closes: #608286)
- Thank you to Thijs Kinkhorst for the patch.
* Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid
updating the shipped conffile. (Closes: #687818) - 48. By Miguel Landaeta <email address hidden>
-
[ tony mancill ]
* Team upload.
* Apply patch from James Page (Closes: #671373)
- d/tomcat6-instance- create: Quote access to files and directories
so that spaces can be used when creating user instances.
- d/tomcat6.init: Make NAME dynamic, to allow starting multiple
instances. (Closes: #299635)[ Miguel Landaeta ]
* Add Slovak debconf translation (Closes: #677912).
- Thanks to Ivan Masár. - 46. By James Page
-
* Merge from Debian Unstable, remaining changes:
- d/tomcat6-instance- create: Quote access to files and directories
so that spaces can be used when creating user instances.
- d/tomcat6.init: Make NAME dynamic, to allow starting multiple instances. - 45. By James Page
-
* Handle creation of user instances with pathnames containing spaces
(LP: #977498):
- d/tomcat6-instance- create: Quote access to files and directories
so that spaces can be used when creating user instances. - 43. By Marc Deslauriers
-
debian/
patches/ 0011-CVE- 2012-0022- regression- fix.patch: fix regression
from the CVE-2012-0022 security fix that went into 6.0.35. - 42. By Tony Mancill
-
[ Miguel Landaeta ]
* New upstream release.
* Add myself to Uploaders.
* Remove 0013-CVE-2011-3190. patch since it was included upstream.
* Add mh_clean call in clean target.
* Fix error in debian/rules that caused tomcat to report no version.
Thanks to Jorge Barreiro for the patch. (Closes: #650656).[ tony mancill ]
* Update Vcs-* fields in debian/control for switch to git.
* Update to run with openjdk-7 and openjdk-6 when not default-jdk is
not present. (Closes: #651448)
* Allow java?-runtime-headless to satisfy Depends.
* Add myself to Uploaders. - 41. By Tony Mancill
-
* Team upload.
* New upstream release.
* Remove the following patches (included upstream):
- 0011-623242.patch
- 0012-CVE-2011-2204. patch
- 0015-CVE-2011-2526. patch
- 0014-CVE-2011-1184. patch
* Add patch for multi-instance startup. CATALINA_HOME no longer
depends on the instance $NAME. JVM_TMP is now $NAME-specific.
- Thank you to Julien Wajsberg. (Closes: #644365)
* Add dependency on JRE to tomcat6-common (Closes: #644340)
* Modify init script to look for JVM in /usr/lib/jvm/default- java - 40. By Marc Deslauriers
-
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/ 0014-CVE- 2011-1184. patch: add new nonce options in
java/org/apache/ catalina/ authenticator/ DigestAuthentic ator.java,
java/org/apache/ catalina/ authenticator/ LocalStrings. properties,
java/org/apache/ catalina/ authenticator/ mbeans- descriptors. xml,
java/org/apache/ catalina/ realm/RealmBase .java,
webapps/docs/config/ valve.xml.
- CVE-2011-1184
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/ 0015-CVE- 2011-2526. patch: check canonical name in
java/org/apache/ catalina/ connector/ LocalStrings. properties,
java/org/apache/ catalina/ connector/ Request. java,
java/org/apache/ catalina/ servlets/ DefaultServlet. java,
java/org/apache/ coyote/ http11/ Http11AprProces sor.java,
java/org/apache/ coyote/ http11/ LocalStrings. properties,
java/org/apache/ tomcat/ util/net/ AprEndpoint. java,
java/org/apache/ tomcat/ util/net/ NioEndpoint. java.
- CVE-2011-2526
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/raring/tomcat6
