[Git][java-team/tomcat7][jessie] 19 commits: Imported Upstream version 7.0.57

Tue May 22 18:47:22 BST 2018

Markus Koschany pushed to branch jessie at Debian Java Maintainers / tomcat7

Commits:
030ebe91 by Emmanuel Bourg at 2014-12-03T23:28:39+01:00
Imported Upstream version 7.0.57
- - - - -
199d93d4 by Emmanuel Bourg at 2015-02-10T22:34:05+01:00
Imported Upstream version 7.0.59
- - - - -
41444239 by Emmanuel Bourg at 2015-04-26T00:35:41+02:00
Imported Upstream version 7.0.61
- - - - -
e5721e46 by Emmanuel Bourg at 2015-05-27T11:41:01+02:00
Imported Upstream version 7.0.62
- - - - -
18cb8ae4 by Emmanuel Bourg at 2015-07-08T12:14:57+02:00
Imported Upstream version 7.0.63
- - - - -
4250255e by Emmanuel Bourg at 2015-08-28T09:41:56+02:00
Imported Upstream version 7.0.64
- - - - -
f8d2cf69 by Emmanuel Bourg at 2015-10-22T20:24:30+02:00
Imported Upstream version 7.0.65
- - - - -
8d296986 by Emmanuel Bourg at 2015-12-19T10:27:41+01:00
Imported Upstream version 7.0.67
- - - - -
0a201555 by Emmanuel Bourg at 2016-02-18T10:23:52+01:00
Imported Upstream version 7.0.68
- - - - -
d286e3e1 by Emmanuel Bourg at 2016-04-23T11:26:45+02:00
Imported Upstream version 7.0.69
- - - - -
c9fe70c3 by Emmanuel Bourg at 2016-06-15T23:58:26+02:00
Imported Upstream version 7.0.70
- - - - -
5f219389 by Emmanuel Bourg at 2016-09-20T13:24:09+02:00
New upstream version 7.0.72
- - - - -
a13e7169 by Emmanuel Bourg at 2016-11-16T10:50:44+01:00
New upstream version 7.0.73
- - - - -
7109aac2 by Emmanuel Bourg at 2017-01-16T01:36:54+01:00
New upstream version 7.0.74
- - - - -
2df0b630 by Emmanuel Bourg at 2017-01-24T13:11:44+01:00
New upstream version 7.0.75
- - - - -
309ce15a by Emmanuel Bourg at 2017-05-24T18:01:26+02:00
New upstream version 7.0.78
- - - - -
5c50ba1e by Markus Koschany at 2018-05-22T19:44:49+02:00
Import Debian changes 7.0.56-3+deb8u11

tomcat7 (7.0.56-3+deb8u11) jessie-security; urgency=high

  * Team upload.
  * Fix CVE-2017-5664.
    The error page mechanism of the Java Servlet Specification requires that,
    when an error occurs and an error page is configured for the error that
    occurred, the original request and response are forwarded to the error
    page. This means that the request is presented to the error page with the
    original HTTP method. If the error page is a static file, expected
    behaviour is to serve content of the file as if processing a GET request,
    regardless of the actual HTTP method. The Default Servlet in Apache Tomcat
    did not do this. Depending on the original request this could lead to
    unexpected and undesirable results for static error pages including, if the
    DefaultServlet is configured to permit writes, the replacement or removal
    of the custom error page. (Closes: #864447)

- - - - -
fb39b4ef by Markus Koschany at 2018-05-22T19:45:46+02:00
Import Upstream version 7.0.56-3+really7.0.88
- - - - -
6c1605f6 by Markus Koschany at 2018-05-22T19:45:47+02:00
Import Debian changes 7.0.56-3+really7.0.88-1

tomcat7 (7.0.56-3+really7.0.88-1) jessie-security; urgency=high

  * Team upload.
  * New upstream version 7.0.88.
    - Fix CVE-2017-12616, CVE-2017-7674, CVE-2018-1304, CVE-2018-1305 and
      CVE-2018-8014. (Closes: #802312, #898935)
  * Install the missing WebSocket jars in /usr/share/tomcat7/lib/
    (Closes: #787220)
  * Remove debian/keystores and use the latest upstream keystores instead.
  * Build-Depend on libeasymock-java and libobjenesis-java for improved test
    coverage.
  * Refresh all patches and drop obsolete CVE security patches.

- - - - -

30 changed files:

- + .gitattributes
- BUILDING.txt
- + CONTRIBUTING.md
- LICENSE
- NOTICE
- + README.md
- RELEASE-NOTES
- RUNNING.txt
- STATUS.txt
- bin/catalina-tasks.xml
- bin/catalina.bat
- bin/catalina.sh
- bin/daemon.sh
- bin/service.bat
- bin/setclasspath.bat
- bin/setclasspath.sh
- bin/tool-wrapper.bat
- bin/tool-wrapper.sh
- build.properties.default
- build.xml
- conf/catalina.policy
- conf/catalina.properties
- conf/server.xml
- conf/tomcat-users.xml
- conf/web.xml
- debian/changelog
- debian/control
- − debian/keystores/ca-cert.pem
- − debian/keystores/ca-key.pem
- − debian/keystores/ca.jks

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/java-team/tomcat7/compare/5047987407c1d8cd2e41f81af5675671f52943c2...6c1605f62663398e1dfcaeac173f4502a52c0d78

---
View it on GitLab: https://salsa.debian.org/java-team/tomcat7/compare/5047987407c1d8cd2e41f81af5675671f52943c2...6c1605f62663398e1dfcaeac173f4502a52c0d78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20180522/643757eb/attachment.html>