Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tomcat-7.0.76-16.el7_9 RPM for noarch

From Updates for CentOS 7.9.2009 for x86_64 / Packages

Name: tomcat Distribution: Unknown
Version: 7.0.76 Vendor: CentOS
Release: 16.el7_9 Build date: Mon Nov 16 17:52:39 2020
Group: System Environment/Daemons Build host: x86-01.bsys.centos.org
Size: 310547 Source RPM: tomcat-7.0.76-16.el7_9.src.rpm
Packager: CentOS BuildSystem <http://bugs.centos.org>
Url: http://tomcat.apache.org/
Summary: Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.

Provides

Requires

License

ASL 2.0

Changelog

* Wed Sep 23 2020 Hui Wang <huwang@redhat.com> 0:7.0.76-16
  - Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
* Fri Jul 17 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-15
  - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
* Thu May 21 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-14
  - Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127
  - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence
* Wed May 06 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-13
  - Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127
* Fri Apr 24 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-12
  - Resolves: rhbz#1367492 harden package permissions
  - Resolves: rhbz#1523112 tomcat systemd does not cope with - in service names
  - Resolves: rhbz#1629162 tomcat-dbcp.jar is missing from tomcat package
  - Resolves: rhbz#1822453 Tomcat parses a request having an absolute URI path incorrectly and returns 404 Not Found
  - Resolves: rhbz#1795645 connection leak with StatementCache, SlowQueryReport or StatementDecoratorInterceptor
  - Resolves: CVE-2019-17563 tomcat: session fixation when using FORM authentication
* Tue Mar 03 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-11
  - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
* Tue Sep 03 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-10
  - Resolves: rhbz#1748541 Bump tomcat release number
* Tue Feb 12 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-9
  - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
  - Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
  - Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
  - Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
  - Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
  - Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
  - Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
  - Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values
* Fri Oct 12 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8
  - Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
* Tue Jul 24 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7
  - Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session
* Wed Nov 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-6
  - Related: rhbz#1505762 Remove erroneous useradd
* Tue Nov 07 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-5
  - Resolves: rhbz#1485453 man page uid and gid mismatch for service accounts
  - Resolves: rhbz#1505762 Problem to start tomcat with a user whose group has a name different to the user
* Mon Nov 06 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-3
  - Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
  - Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
  - Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision
* Thu Jun 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-2
  - Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
  - Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
* Wed Mar 29 2017 Coty Sutherland <csutherl@redhat.com> - 0:7.0.76-1
  - Resolves: rhbz#1414895 Rebase tomcat to the current release
* Thu Aug 25 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-10
  - Related: rhbz#1368122
* Tue Aug 23 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-9
  - Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  - Resolves: rhbz#1368122
* Wed Aug 03 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-7
  - Resolves: rhbz#1362545
* Fri Jul 08 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-6
  - Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service
* Fri Jul 01 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-5
  - Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully
* Mon Jun 27 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-4
  - Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
* Fri Jun 17 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-3
  - Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)
* Tue Jun 07 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-2
  - Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
  - Rebase Resolves: rhbz#1320853 Add HSTS support
  - Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
  - Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
  - Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
  - Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
  - Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
  - Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
  - Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
  - Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak
* Mon Jun 06 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-1
  - Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
  - Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
  - Resolves: rhbz#1277197 tomcat user has non-existing default shell set
  - Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7
  - Resolves: rhbz#1229476 Tomcat startup ONLY options
  - Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
  - Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
  - Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
  - Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file
* Tue Mar 24 2015 David Knox <dknox@redhat.com> - 0:7.0.54-2
  - Resolves: CVE-2014-0227
* Wed Sep 17 2014 David Knox <dknox@redhat.com> - 0:7.0.54-1
  - Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd 
  - artifacts. Rebase on 7.0.54.
* Wed Jun 18 2014 David Knox <dknox@redhat.com> - 0:7.0.43-6
  - Resolves: CVE-2014-0099
  - Resolves: CVE-2014-0096
  - Resolves: CVE-2014-0075
* Wed Apr 16 2014 David Knox <dknox@redhat.com> - 0:7.0.42-5
  - Related: CVE-2013-4286
  - Related: CVE-2013-4322
  - Related: CVE-2014-0050
  - revisit patches for above.
* Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-4
  - Related: rhbz#1056696 correct packaging for sbin tomcat
* Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-3
  - Related: CVE-2013-4286. increment build number. missed doing
  - it. 
  - Resolves: rhbz#1038183 remove BR for ant-nodeps. it's
  - no long used.
* Wed Jan 22 2014 David Knox <dknox@redhat.com> - 0:7.0.42-2
  - Resolves: rhbz#1056673 Invocation of useradd with shell
  - other than sbin nologin
  - Resolves: rhbz#1056677 preun systemv scriptlet unconditionally
  - stops service
  - Resolves: rhbz#1056696 init.d tomcat does not conform to RHEL7
  - systemd rules. systemv subpackage is removed.
  - Resolves: CVE-2013-4286
  - Resolves: CVE-2013-4322
  - Resolves: CVE-2014-0050
  - Built for rhel-7 RC
* Tue Jan 21 2014 David Knox <dknox@redhat.com> - 0:7.0.42-1
  - Resolves: rhbz#1051657 update to 7.0.42. Ant-nodeps is
  - deprecated.
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 07.0.40-3
  - Mass rebuild 2013-12-27
* Sat May 11 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.40-1
  - Updated to 7.0.40
  - Resolves: rhbz 956569 added missing commons-pool link
* Mon Mar 04 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:7.0.37-2
  - Add depmaps for org.eclipse.jetty.orbit
  - Resolves: rhbz#917626
* Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.39-1
  - Updated to 7.0.39
* Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.37-1
  - Updated to 7.0.37
* Mon Feb 04 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.35-1
  - Updated to 7.0.35
  - systemd SuccessExitStatus=143 for proper stop exit code processing
* Mon Dec 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.34-1
  - Updated to 7.0.34
  - ecj >= 4.2.1 now required
  - Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME
* Fri Dec 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-2
  - Resolves: rhbz 883806 refix logdir ownership
* Sun Dec 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-1
  - Updated to 7.0.33
  - Resolves: rhbz 873620 need chkconfig for update-alternatives
* Wed Oct 17 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.32-1
  - Updated to 7.0.32
  - Resolves: rhbz 842620 symlinks to taglibs
* Fri Aug 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.29-1
  - Updated to 7.0.29
  - Add pidfile as tmpfile
  - Use systemd for running as unprivileged user
  - Resolves: rhbz 847751 upgrade path was broken
  - Resolves: rhbz 850343 use new systemd-rpm macros
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:7.0.28-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jul 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.28-1
  - Updated to 7.0.28
  - Resolves: rhbz 820119 Remove bundled apache-commons-dbcp
  - Resolves: rhbz 814900 Added tomcat-coyote POM
  - Resolves: rhbz 810775 Remove systemv stuff from %post scriptlet
  - Remove redhat-lsb R
* Mon Apr 09 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-2
  - Fixed native download hack
* Sat Apr 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-1
  - Updated to 7.0.27
  - Fixed jakarta-taglibs-standard BR and R
* Wed Mar 21 2012 Stanislav Ochotnicky <sochotnicky@redhat.com> - 0:7.0.26-2
  - Add more depmaps to J2EE apis to help jetty/glassfish updates
* Wed Mar 14 2012 Juan Hernandez <juan.hernandez@redhat.com> 0:7.0.26-2
  - Added the POM files for tomcat-api and tomcat-util (#803495)
* Wed Feb 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.26-1
  - Updated to 7.0.26
  - Bug 790334: Change ownership of logdir for logrotate
* Thu Feb 16 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-4
  - Bug 790694: Priorities of jsp, servlet and el packages updated.
* Wed Feb 08 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-3
  - Dropped indirect dependecy to tomcat 5
* Sun Jan 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-2
  - Added hack for maven depmap of tomcat-juli absolute link [ -f ] pass correctly
* Sat Jan 21 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-1
  - Updated to 7.0.25
  - Removed EntityResolver patch (changes already in upstream sources)
  - Place poms and depmaps in the same package as jars
  - Added javax.servlet.descriptor to export-package of servlet-api
  - Move several chkconfig actions and reqs to systemv subpackage
  - New maven depmaps generation method
  - Add patch to support java7. (patch sent upstream).
  - Require java >= 1:1.6.0
* Fri Jan 13 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.23-5
  - Exported javax.servlet.* packages in version 3.0 as 2.6 to make
    servlet-api compatible with Eclipse.
* Thu Jan 12 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-4
  - Move jsvc support to subpackage
* Wed Jan 11 2012 Alexander Kurtakov <akurtako@redhat.com> 0:7.0.23-2
  - Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).
* Mon Dec 12 2011 Joseph D. Wagner <joe@josephdwagner.info> 0:7.0.23-3
  - Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
    starting tomcat with jsvc, which allows tomcat to perform some
    privileged operations (e.g. bind to a port < 1024) and then switch
    identity to a non-privileged user. Must add USE_JSVC="true" to
    /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.
* Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-1
  - Updated to 7.0.23
* Fri Nov 11 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-2
  - Move tomcat-juli.jar to lib package
  - Drop %update_maven_depmap as in tomcat6
  - Provide native systemd unit file ported from tomcat6
* Thu Oct 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-1
  - Updated to 7.0.22
* Mon Oct 03 2011 Rex Dieter <rdieter@fedoraproject.org> - 0:7.0.21-3.1
  - rebuild (java), rel-eng#4932
* Mon Sep 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-3
  - Fix basedir mode
* Tue Sep 20 2011 Roland Grunberg <rgrunber@redhat.com> 0:7.0.21-2
  - Add manifests for el-api, jasper-el, jasper, tomcat, and tomcat-juli.
* Thu Sep 08 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-1
  - Updated to 7.0.21
* Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-3
  - Require java = 1:1.6.0
* Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-2
  - Require java < 1.7.0
* Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-1
  - Updated to 7.0.20
* Tue Jul 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.19-1
  - Updated to 7.0.19
* Tue Jun 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.16-1
  - Updated to 7.0.16
* Mon Jun 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-3
  - Added initial systemd service
  - Fix some paths
* Sat May 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-2
  - Fixed http source link
  - Securify some permissions
  - Added licenses for el-api and servlet-api
  - Added dependency on jpackage-utils for the javadoc subpackage
* Sat May 14 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-1
  - Updated to 7.0.14
* Thu May 05 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-4
  - Provided local paths for libs
  - Fixed dependencies
  - Fixed update temp/work cleanup
* Mon May 02 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-3
  - Fixed package groups
  - Fixed some permissions
  - Fixed some links
  - Removed old tomcat6 crap
* Thu Apr 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-2
  - Package now named just tomcat instead of tomcat7
  - Removed Provides:  tomcat-log4j
  - Switched to apache-commons-* names instead of jakarta-commons-* .
  - Remove the old changelog
  - BR/R java >= 1:1.6.0 , same for java-devel
  - Removed old tomcat6 crap
* Wed Apr 27 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-1
  - Tomcat7

Files

/etc/logrotate.d/tomcat
/etc/sysconfig/tomcat
/etc/tomcat
/etc/tomcat/Catalina
/etc/tomcat/Catalina/localhost
/etc/tomcat/catalina.policy
/etc/tomcat/catalina.properties
/etc/tomcat/conf.d
/etc/tomcat/conf.d/README
/etc/tomcat/context.xml
/etc/tomcat/log4j.properties
/etc/tomcat/logging.properties
/etc/tomcat/server.xml
/etc/tomcat/tomcat-users.xml
/etc/tomcat/tomcat.conf
/etc/tomcat/web.xml
/usr/bin/tomcat-digest
/usr/bin/tomcat-tool-wrapper
/usr/lib/systemd/system/tomcat.service
/usr/lib/systemd/system/tomcat@.service
/usr/libexec/tomcat
/usr/libexec/tomcat/functions
/usr/libexec/tomcat/preamble
/usr/libexec/tomcat/server
/usr/sbin/tomcat
/usr/share/doc/tomcat-7.0.76
/usr/share/doc/tomcat-7.0.76/LICENSE
/usr/share/doc/tomcat-7.0.76/NOTICE
/usr/share/doc/tomcat-7.0.76/RELEASE-NOTES
/usr/share/tomcat
/usr/share/tomcat/bin/bootstrap.jar
/usr/share/tomcat/bin/catalina-tasks.xml
/usr/share/tomcat/conf
/usr/share/tomcat/lib
/usr/share/tomcat/logs
/usr/share/tomcat/temp
/usr/share/tomcat/webapps
/usr/share/tomcat/work
/var/cache/tomcat
/var/cache/tomcat/temp
/var/cache/tomcat/work
/var/lib/tomcat
/var/lib/tomcat/webapps
/var/lib/tomcats
/var/log/tomcat
/var/log/tomcat/catalina.out


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 23 03:05:35 2024