Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tomcat-lib-7.0.76-16.el7_9 RPM for noarch

From Updates for CentOS 7.9.2009 for x86_64 / Packages

Name: tomcat-lib Distribution: Unknown
Version: 7.0.76 Vendor: CentOS
Release: 16.el7_9 Build date: Mon Nov 16 17:52:39 2020
Group: Development/Libraries Build host: x86-01.bsys.centos.org
Size: 4457541 Source RPM: tomcat-7.0.76-16.el7_9.src.rpm
Packager: CentOS BuildSystem <http://bugs.centos.org>
Url: http://tomcat.apache.org/
Summary: Libraries needed to run the Tomcat Web container
Libraries needed to run the Tomcat Web container.

Provides

Requires

License

ASL 2.0

Changelog

* Wed Sep 23 2020 Hui Wang <huwang@redhat.com> 0:7.0.76-16
  - Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
* Fri Jul 17 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-15
  - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
* Thu May 21 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-14
  - Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127
  - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence
* Wed May 06 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-13
  - Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127
* Fri Apr 24 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-12
  - Resolves: rhbz#1367492 harden package permissions
  - Resolves: rhbz#1523112 tomcat systemd does not cope with - in service names
  - Resolves: rhbz#1629162 tomcat-dbcp.jar is missing from tomcat package
  - Resolves: rhbz#1822453 Tomcat parses a request having an absolute URI path incorrectly and returns 404 Not Found
  - Resolves: rhbz#1795645 connection leak with StatementCache, SlowQueryReport or StatementDecoratorInterceptor
  - Resolves: CVE-2019-17563 tomcat: session fixation when using FORM authentication
* Tue Mar 03 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-11
  - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
* Tue Sep 03 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-10
  - Resolves: rhbz#1748541 Bump tomcat release number
* Tue Feb 12 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-9
  - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
  - Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
  - Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
  - Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
  - Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
  - Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
  - Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
  - Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values
* Fri Oct 12 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8
  - Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
* Tue Jul 24 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7
  - Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session
* Wed Nov 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-6
  - Related: rhbz#1505762 Remove erroneous useradd
* Tue Nov 07 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-5
  - Resolves: rhbz#1485453 man page uid and gid mismatch for service accounts
  - Resolves: rhbz#1505762 Problem to start tomcat with a user whose group has a name different to the user
* Mon Nov 06 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-3
  - Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
  - Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
  - Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision
* Thu Jun 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-2
  - Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
  - Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
* Wed Mar 29 2017 Coty Sutherland <csutherl@redhat.com> - 0:7.0.76-1
  - Resolves: rhbz#1414895 Rebase tomcat to the current release
* Thu Aug 25 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-10
  - Related: rhbz#1368122
* Tue Aug 23 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-9
  - Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  - Resolves: rhbz#1368122
* Wed Aug 03 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-7
  - Resolves: rhbz#1362545
* Fri Jul 08 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-6
  - Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service
* Fri Jul 01 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-5
  - Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully
* Mon Jun 27 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-4
  - Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
* Fri Jun 17 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-3
  - Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)
* Tue Jun 07 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-2
  - Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
  - Rebase Resolves: rhbz#1320853 Add HSTS support
  - Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
  - Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
  - Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
  - Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
  - Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
  - Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
  - Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
  - Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak
* Mon Jun 06 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-1
  - Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
  - Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
  - Resolves: rhbz#1277197 tomcat user has non-existing default shell set
  - Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7
  - Resolves: rhbz#1229476 Tomcat startup ONLY options
  - Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
  - Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
  - Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
  - Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file
* Tue Mar 24 2015 David Knox <dknox@redhat.com> - 0:7.0.54-2
  - Resolves: CVE-2014-0227
* Wed Sep 17 2014 David Knox <dknox@redhat.com> - 0:7.0.54-1
  - Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd 
  - artifacts. Rebase on 7.0.54.
* Wed Jun 18 2014 David Knox <dknox@redhat.com> - 0:7.0.43-6
  - Resolves: CVE-2014-0099
  - Resolves: CVE-2014-0096
  - Resolves: CVE-2014-0075
* Wed Apr 16 2014 David Knox <dknox@redhat.com> - 0:7.0.42-5
  - Related: CVE-2013-4286
  - Related: CVE-2013-4322
  - Related: CVE-2014-0050
  - revisit patches for above.
* Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-4
  - Related: rhbz#1056696 correct packaging for sbin tomcat
* Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-3
  - Related: CVE-2013-4286. increment build number. missed doing
  - it. 
  - Resolves: rhbz#1038183 remove BR for ant-nodeps. it's
  - no long used.
* Wed Jan 22 2014 David Knox <dknox@redhat.com> - 0:7.0.42-2
  - Resolves: rhbz#1056673 Invocation of useradd with shell
  - other than sbin nologin
  - Resolves: rhbz#1056677 preun systemv scriptlet unconditionally
  - stops service
  - Resolves: rhbz#1056696 init.d tomcat does not conform to RHEL7
  - systemd rules. systemv subpackage is removed.
  - Resolves: CVE-2013-4286
  - Resolves: CVE-2013-4322
  - Resolves: CVE-2014-0050
  - Built for rhel-7 RC
* Tue Jan 21 2014 David Knox <dknox@redhat.com> - 0:7.0.42-1
  - Resolves: rhbz#1051657 update to 7.0.42. Ant-nodeps is
  - deprecated.
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 07.0.40-3
  - Mass rebuild 2013-12-27
* Sat May 11 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.40-1
  - Updated to 7.0.40
  - Resolves: rhbz 956569 added missing commons-pool link
* Mon Mar 04 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:7.0.37-2
  - Add depmaps for org.eclipse.jetty.orbit
  - Resolves: rhbz#917626
* Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.39-1
  - Updated to 7.0.39
* Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.37-1
  - Updated to 7.0.37
* Mon Feb 04 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.35-1
  - Updated to 7.0.35
  - systemd SuccessExitStatus=143 for proper stop exit code processing
* Mon Dec 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.34-1
  - Updated to 7.0.34
  - ecj >= 4.2.1 now required
  - Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME
* Fri Dec 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-2
  - Resolves: rhbz 883806 refix logdir ownership
* Sun Dec 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-1
  - Updated to 7.0.33
  - Resolves: rhbz 873620 need chkconfig for update-alternatives
* Wed Oct 17 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.32-1
  - Updated to 7.0.32
  - Resolves: rhbz 842620 symlinks to taglibs
* Fri Aug 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.29-1
  - Updated to 7.0.29
  - Add pidfile as tmpfile
  - Use systemd for running as unprivileged user
  - Resolves: rhbz 847751 upgrade path was broken
  - Resolves: rhbz 850343 use new systemd-rpm macros
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:7.0.28-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jul 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.28-1
  - Updated to 7.0.28
  - Resolves: rhbz 820119 Remove bundled apache-commons-dbcp
  - Resolves: rhbz 814900 Added tomcat-coyote POM
  - Resolves: rhbz 810775 Remove systemv stuff from %post scriptlet
  - Remove redhat-lsb R
* Mon Apr 09 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-2
  - Fixed native download hack
* Sat Apr 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-1
  - Updated to 7.0.27
  - Fixed jakarta-taglibs-standard BR and R
* Wed Mar 21 2012 Stanislav Ochotnicky <sochotnicky@redhat.com> - 0:7.0.26-2
  - Add more depmaps to J2EE apis to help jetty/glassfish updates
* Wed Mar 14 2012 Juan Hernandez <juan.hernandez@redhat.com> 0:7.0.26-2
  - Added the POM files for tomcat-api and tomcat-util (#803495)
* Wed Feb 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.26-1
  - Updated to 7.0.26
  - Bug 790334: Change ownership of logdir for logrotate
* Thu Feb 16 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-4
  - Bug 790694: Priorities of jsp, servlet and el packages updated.
* Wed Feb 08 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-3
  - Dropped indirect dependecy to tomcat 5
* Sun Jan 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-2
  - Added hack for maven depmap of tomcat-juli absolute link [ -f ] pass correctly
* Sat Jan 21 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-1
  - Updated to 7.0.25
  - Removed EntityResolver patch (changes already in upstream sources)
  - Place poms and depmaps in the same package as jars
  - Added javax.servlet.descriptor to export-package of servlet-api
  - Move several chkconfig actions and reqs to systemv subpackage
  - New maven depmaps generation method
  - Add patch to support java7. (patch sent upstream).
  - Require java >= 1:1.6.0
* Fri Jan 13 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.23-5
  - Exported javax.servlet.* packages in version 3.0 as 2.6 to make
    servlet-api compatible with Eclipse.
* Thu Jan 12 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-4
  - Move jsvc support to subpackage
* Wed Jan 11 2012 Alexander Kurtakov <akurtako@redhat.com> 0:7.0.23-2
  - Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).
* Mon Dec 12 2011 Joseph D. Wagner <joe@josephdwagner.info> 0:7.0.23-3
  - Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
    starting tomcat with jsvc, which allows tomcat to perform some
    privileged operations (e.g. bind to a port < 1024) and then switch
    identity to a non-privileged user. Must add USE_JSVC="true" to
    /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.
* Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-1
  - Updated to 7.0.23
* Fri Nov 11 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-2
  - Move tomcat-juli.jar to lib package
  - Drop %update_maven_depmap as in tomcat6
  - Provide native systemd unit file ported from tomcat6
* Thu Oct 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-1
  - Updated to 7.0.22
* Mon Oct 03 2011 Rex Dieter <rdieter@fedoraproject.org> - 0:7.0.21-3.1
  - rebuild (java), rel-eng#4932
* Mon Sep 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-3
  - Fix basedir mode
* Tue Sep 20 2011 Roland Grunberg <rgrunber@redhat.com> 0:7.0.21-2
  - Add manifests for el-api, jasper-el, jasper, tomcat, and tomcat-juli.
* Thu Sep 08 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-1
  - Updated to 7.0.21
* Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-3
  - Require java = 1:1.6.0
* Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-2
  - Require java < 1.7.0
* Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-1
  - Updated to 7.0.20
* Tue Jul 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.19-1
  - Updated to 7.0.19
* Tue Jun 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.16-1
  - Updated to 7.0.16
* Mon Jun 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-3
  - Added initial systemd service
  - Fix some paths
* Sat May 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-2
  - Fixed http source link
  - Securify some permissions
  - Added licenses for el-api and servlet-api
  - Added dependency on jpackage-utils for the javadoc subpackage
* Sat May 14 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-1
  - Updated to 7.0.14
* Thu May 05 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-4
  - Provided local paths for libs
  - Fixed dependencies
  - Fixed update temp/work cleanup
* Mon May 02 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-3
  - Fixed package groups
  - Fixed some permissions
  - Fixed some links
  - Removed old tomcat6 crap
* Thu Apr 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-2
  - Package now named just tomcat instead of tomcat7
  - Removed Provides:  tomcat-log4j
  - Switched to apache-commons-* names instead of jakarta-commons-* .
  - Remove the old changelog
  - BR/R java >= 1:1.6.0 , same for java-devel
  - Removed old tomcat6 crap
* Wed Apr 27 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-1
  - Tomcat7

Files

/usr/share/java/tomcat
/usr/share/java/tomcat/annotations-api.jar
/usr/share/java/tomcat/catalina-ant.jar
/usr/share/java/tomcat/catalina-ha.jar
/usr/share/java/tomcat/catalina-tribes.jar
/usr/share/java/tomcat/catalina.jar
/usr/share/java/tomcat/commons-collections.jar
/usr/share/java/tomcat/commons-dbcp.jar
/usr/share/java/tomcat/commons-pool.jar
/usr/share/java/tomcat/extras
/usr/share/java/tomcat/extras/tomcat-juli-adapters.jar
/usr/share/java/tomcat/extras/tomcat-juli.jar
/usr/share/java/tomcat/jasper-el.jar
/usr/share/java/tomcat/jasper-jdt.jar
/usr/share/java/tomcat/jasper.jar
/usr/share/java/tomcat/log4j.jar
/usr/share/java/tomcat/tomcat-api.jar
/usr/share/java/tomcat/tomcat-coyote.jar
/usr/share/java/tomcat/tomcat-i18n-es.jar
/usr/share/java/tomcat/tomcat-i18n-fr.jar
/usr/share/java/tomcat/tomcat-i18n-ja.jar
/usr/share/java/tomcat/tomcat-jdbc.jar
/usr/share/java/tomcat/tomcat-jsp-2.2-api.jar
/usr/share/java/tomcat/tomcat-juli.jar
/usr/share/java/tomcat/tomcat-servlet-3.0-api.jar
/usr/share/java/tomcat/tomcat-util.jar
/usr/share/java/tomcat/tomcat7-websocket.jar
/usr/share/java/tomcat/websocket-api.jar
/usr/share/maven-fragments/tomcat
/usr/share/maven-poms/JPP.tomcat-annotations-api.pom
/usr/share/maven-poms/JPP.tomcat-catalina-ha.pom
/usr/share/maven-poms/JPP.tomcat-catalina-tribes.pom
/usr/share/maven-poms/JPP.tomcat-catalina.pom
/usr/share/maven-poms/JPP.tomcat-jasper-el.pom
/usr/share/maven-poms/JPP.tomcat-jasper.pom
/usr/share/maven-poms/JPP.tomcat-tomcat-api.pom
/usr/share/maven-poms/JPP.tomcat-tomcat-coyote.pom
/usr/share/maven-poms/JPP.tomcat-tomcat-juli.pom
/usr/share/maven-poms/JPP.tomcat-tomcat-util.pom
/usr/share/tomcat/bin/tomcat-juli.jar


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 23 03:05:35 2024