- 
    Thu Jan 28 2016 Coty Sutherland <csutherl@redhat.com> 0:6.0.24-94
    - Resolves: rhbz#1293289 CVE-2014-7810 tomcat6 security manager bypass via EL expressions 
- 
    Mon Dec 14 2015 Coty Sutherland <csutherl@redhat.com> 0:6.0.24-93
    - Resolves: rhbz#1301646 Resolving NIO connector memory leak 
- 
    Fri May 15 2015 David Knox <dknox@redhat.com> 0:6.0.24-90
    - Related: rhbz#1042811 left over test value in the conf 
- 
    Fri May 15 2015 David Knox <dknox@redhat.com> 0:6.0.24-89
    - Resolves: rhbz#1042811 tomcat6 service restarts will cause a 
- duplicated command-line arguments 
- 
    Thu Mar 26 2015 David Knox <dknox@redhat.com> 0:6.0.24-88
    - Related: rhbz#1022061 changed in init file. Remove test
- in function stop for result after initial command to
- stop. 
- 
    Wed Feb 25 2015 David Knox <dknox@redhat.com> 0:6.0.24-87
    - Resolves: rhbz#1128396 NPE in chunked encoding.
- Regenerated patches for 4322 and 0227 
- 
    Wed Feb 25 2015 David Knox <dknox@redhat.com> 0:6.0.24-86
    - Resolves: rhbz#1068689 Add option to disable log rotation
- in FileHandler 
- 
    Wed Feb 25 2015 David Knox <dknox@redhat.com> 0:6.0.24-85
    - Resolves: CVE-2014-0227 Limited DoS in chunked transfer 
- 
    Mon Feb 23 2015 David Knox <dknox@redhat.com> 0:6.0.24-84
    - Resolves: rhbz#1022061 Tomcat init script needs to be adjusted to kill tomcat
- if stop is unsuccessful 
- 
    Thu Feb 19 2015 David Knox <dknox@redhat.com> 0:6.0.24-83
    - Resolves: rhbz#1054817 Mark Tomcat Manager web.xml as 
- config in spec 
- 
    Thu Feb 19 2015 David Knox <dknox@redhat.com> 0:6.0.24-82
    - Resolves: rhbz#1031327 Backport apache 50072 blank responses 
- 
    Mon Feb 02 2015 David Knox <dknox@redhat.com> 0:6.0.24-81
    - Resolves: rhbz#1183252 Tomcat breaks in serving large files
- greater than 1.7 mb and under high load and high threading 
- 
    Tue Sep 16 2014 David Knox <dknox@redhat.com> 0:6.0.24-80
    - Related: CVE-2013-4590  - remove xml schema names javaee_5,
- javaee_web_services_1_2, and javaee_web_services_1_2_client
- from descriptor.DigesterFactory initialization. These
- schema definitions are not relevant to 6.0.24 as the version
- of their spec did not exist at the time.
- Resolves: rhbz#1140855 - request parameter truncated 
- 
    Fri Sep 12 2014 David Knox <dknox@redhat.com> 0:6.0.24-79
    - Related: rhbz#1140301 - have to bump the nvr to be greater
- than 6.5.z 
- 
    Tue Sep 09 2014 David Knox <dknox@redhat.com> 0:6.0.24-69
    - Resolves: rhbz#1140301 - reverse changes of 845786.
- Rebuilding for compose. 
- 
    Thu Jul 31 2014 David Knox <dknox@redhat.com> 0:6.0.24-68
    - Resolves: CVE-2013-4590
- Resolves: CVE-2014-0119 
- 
    Mon Jul 07 2014 David Knox <dknox@redhat.com> 0:6.0.24-67
    - Related: CVE-2014-0075 incomplete 
- 
    Wed Jul 02 2014 David Knox <dknox@redhat.com> 0:6.0.24-66
    - Related: CVE-2014-0050 
- Related: CVE-2013-4322 
- 
    Fri Jun 20 2014 David Knox <dknox@redhat.com> 0:6,0.24-65
    - Resolves: CVE-2014-0099
- Resolves: CVE-2014-0096
- Resolves: CVE-2014-0075 
- 
    Wed Jun 04 2014 David Knox <dknox@redhat.com> 0:6.0.24-64
    - Resolves: CVE-2014-0050 
- 
    Mon Apr 07 2014 David Knox <dknox@redhat.com> 0:6.0.24-63
    - Resolves: CVE-2013-4322 CVE-2013-4286. Branched from
- rhel-6.5 
- 
    Wed Sep 11 2013 David Knox <dknox@redhat.com> 0:6.0.24-62
    - Related: rhbz 915447 Introduced a space char in TOMCAT_GROUP 
- 
    Tue Sep 10 2013 David Knox <dknox@redhat.com> 0:6.0.24-61
    - Related: rhbz 915447 Typo in conf and sysconf 
- 
    Thu Sep 05 2013 David Knox <dknox@redhat.com> 0:6.0.24-60
    - Related: rhbz 915447 can't start with group other than tomcat
- changes in init script. Added TOMCAT_GROUP to sysconfig and
- tomcat6.conf. Also changed default to the group that user
- tomcat belongs. 
- 
    Tue Sep 03 2013 David Knox <dknox@redhat.com> 0:6.0.24-59
    - Related: CVE-2012-3439 Digest Authentication. Fixed typo
- in the patch file. 
- 
    Mon Aug 26 2013 David Knox <dknox@redhat.com> 0:6.0.24-58
    - Resolves: CVE-2012-3439
- Resolves: CVE-2012-4534
- Resolves: CVE-2012-3546
- Increment build number to exceed 6_4 build number. Demanded
- by rpmdiff 
- 
    Wed Aug 07 2013 David Knox <dknox@redhat.com> 0:6.0.24-54
    - Resolves: rhbz 845786 webapps-docs contained empty files. 
- Build will fail of architectures ppc s390x ppc64. Use
- target rhel-6.5-noarch-candidate
- Resolves: rhbz 915447 can't start with group other than tomcat
- changes in init script
- Resolves: rhbz 950647 Error in checkpidfile of init script
- Resolves: rhbz 977685 Full implementation of juli and juli
- adapters. Jars placed in new extras directory
- Resolves: 960225 Status script does not return proper PID 
- 
    Tue Jun 11 2013 David Knox <dknox@redhat.com> 0:6.0.24-53
    - Resolves: CVE-2013-2067 session fixation 
- 
    Thu May 16 2013 David Knox <dknox@redhat.com> 0:6.0.24-52
    - Related: rhbz#955977 CVE-2013-1976 
- 
    Thu May 16 2013 David Knox <dknox@redhat.com> 0:6.0.24-51
    - Related: rhbz#955977 CVE-2013-1976 Changed location of 
- TOMCAT_LOG to /var/log where only root can write to it. Touching
- TOMCAT_LOG is no longer necessary 
- 
    Tue Apr 30 2013 David Knox <dknox@redhat.com> 0:6.0.24-50
    - Resolves: rhbz#955977 CVE-2013-1976 Improper TOMCAT_LOG management in
- init script 
- 
    Wed Jan 16 2013 David Knox <dknox@redhat.com> 0:6.0.24-49
    - Related: rhbz 576540
- Javadoc is not being generated correctly by the build 
- 
    Tue Dec 11 2012 David Knox <dknox@redhat.com> 0:6.0.24-48
    - Resolves: rhbz 576540 - regression init script in the 
- wrong place. Changed _initrddir definition herein to point to the 
- right place. 
- 
    Thu Nov 08 2012 David Knox <dknox@redhat.com> 0:6.0.24-47
    - Resolves: rhbz 857066 apache bz 48843 ArrayIndexOutofBounds 
- 
    Tue Oct 02 2012 David Knox <dknox@redhat.com> 0:6.0.24-46
    - Resolves: rhbz 847288 classloader deadlock compiler JSPs
- Resolves: rhbz 785954 HTML filtering needed
- Resolves: rhbz 798617 init gives incorrect status 
- 
    Tue May 22 2012 David Knox <dknox@redhat.com> 0:6.0.24-45
    - Resolves: rhbz 757632 regression 
- 
    Thu Mar 29 2012 David Knox <dknox@redhat.com> 0:6.0.24-44
    - Resolves: CVE-2012-0022 regression. Change made to patch. 
- 
    Tue Mar 13 2012 David Knox <dknox@redhat.com> 0:6.0.24-43
    - Resolves: rhbz# 802396. Changes made to init script. 
- 
    Thu Mar 01 2012 David Knox <dknox@redhat.com> 0:6.0.24-42
    - Resolves cve-2012-0022 (2011-4858) rhbz 783728 
- 
    Mon Jan 23 2012 David Knox <dknox@redhat.com> 0:6.0.24-41
    - Resolves: rhbz 782400 - remove redhat-lsb dependency
- Resolves: rhbz 726169 (783407) - Unable to compile class for JSP
- Resolves: rhbz 783567 - tag attributes parsing throws exception 
- 
    Thu Jan 05 2012 David Knox <dknox@redhat.com> 0:6.0.24-39
    - Resolves: rhbz 757632 - version arg results in CNFException
- changes made to initscript. 
- 
    Tue Oct 25 2011 David Knox <dknox@redhat.com> 0:6.0.24-38
    - resolves: rhbz 748813 NPE w/no data in chunked POST request
-  Not included in 6.2. Slated for 6.3 
- 
    Mon Sep 26 2011 David Knox <dknox@redhat.com> 0:6.0.24-37
    - resolves: cve-2011-3190 rhbz 738504
- resolves: cve-2011-2204 rhbz 738504
- resolves: cve-2011-2526 rhbz 738504
- resolves: cve-2011-1184 rhbz 738504
- resolves: rhbz 698624 - revisited 
- 
    Mon Aug 29 2011 David Knox <dknox@redhat.com> 0:6.0.24-36
    - resolves: rhbz 726169 - jsp1.1 regression exception
- Not included in 6.2 slated for 6.3 
- 
    Mon Jun 06 2011 David Knox <dknox@redhat.com> 0:6.0.24-35
    - resolves: rhbz 687968 - tomcat6 broken when LANG="fr_FR" 
- 
    Mon May 02 2011 David Knox <dknox@redhat.com> 0:6.0.24-34
    - resolves: rhbz 701759 - hardcoded catalina.out 
- Not included in 6.2 slated for 6.3 
- 
    Thu Apr 28 2011 David Knox <dknox@redhat.com> 0:6.0.24-33
    - resolves: rhbz 695284 - multiple instances logging fiasco 
- 
    Thu Apr 28 2011 David Knox <dknox@redhat.com> 0:6.0.24-32
    - Resolves: rhbz 698624 - inet4address can't be cast to String 
- 
    Thu Apr 28 2011 David Knox <dknox@redhat.com> 0:6.0.24-31
    - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error 
- 
    Mon Apr 18 2011 David Knox <dknox@redhat.com> 0:6.0.24-30
    - Resolves: rhbz#697504 initscript logging location 
- 
    Wed Apr 13 2011 David Knox <dknox@redhat.com> 0:6.0.24-29
    - Resolves: rhbz#656403, rhbz#675926, rhbz#676011
- CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476,
- CVE-2011-0534 
- 
    Tue Apr 12 2011 David Knox <dknox@redhat.com> 0:6.0.24-28
    - Resovles  rhbz#695284 - wrapper logs to different locations
- CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out 
- until needed. 
- 
    Thu Mar 17 2011 David Knox <dknox@redhat.com> 0:6.0.24-27
    - naming-factory-dbcp missing fix in tomcat6.conf
- Add Obsoletes for log4j 
- 
    Mon Mar 14 2011 David Knox <dknox@redhat.com> 0:6.0.24-26
    - Add log4j to package lib. Corrected typo in log4 Provides
- epock versus epoch 
- 
    Wed Mar 09 2011 David Knox <dknox@redhat.com> 0:6.0.24-25
    - Installed permissions do not allow tomcat to start
- incrementing NVR so yum won't get confused with the zstream 
- 
    Fri Mar 04 2011 David Knox <dknox@redhat.com> 0:6.0.24-23
    - Resolves: rhbz 678671 - useradd sets shell to nologin
- dangling symlink for log4j. Added it as R: and R(post) 
- 
    Thu Feb 17 2011 David Knox <dknox@redhat.com> 0:6.0.24-21
    - Resolves: 678671 - tomcat user requires login shell 
- 
    Thu Feb 17 2011 David Knox <dknox@redhat.com> 0:6.0.24-20
    - Resolves: rhbz#636997 Additionally created instances of tomcat
- are broken 
- 
    Tue Feb 08 2011 David Knox <dknox@redhat.com> 0:6.0.24-19
    - Resolves: CVE-2011-0534 rhbz# 675926 
- 
    Wed Dec 08 2010 David Knox <dknox@redhat.com> 0:6.0.24-18
    - Resolves: rhbz# 661244 missing tomcat6-juli link
- Fixed symlinks to commons-collections and log4j in libdir
- Removed log4j package 
- 
    Tue Oct 26 2010 David Knox <dknox@redhat.com> 0:6.0.24-17
    - Replacing commons-xxxx-tomcat5 with jakarta-commons-xxxx 
- 
    Wed Sep 29 2010 David Knox <dknox@redhat.com> 0:6.0.24-16
    - Resolves: rhbz#636997 - Additionally created instances of tomcat are
- broken 
- 
    Fri Aug 13 2010 David Knox <dknox@redhat.com> 0:6.0.24-15
    - Resolves: rhbz#617501 CVE-2010-2227 
- 
    Wed Aug 04 2010 David Knox <dknox@redhat.com> 0:6.0.24-14
    - Added 2227 patch 
- 
    Mon Jul 12 2010 David Knox <dknox@redhat.com> 0:6.0.24-13
    - fixed servlet-api typo 
- 
    Thu Jul 01 2010 David Knox <dknox@redhat.com> 0:6.0.24-12
    - Resolves: rhbz#584699. A respin was required to fix post and
- postun for el. Updated EL-spec to 2.1 from 1.0. Tomcat6 uses 
- elspec 2.1 
- 
    Tue Jun 29 2010 David Knox <dknox@redhat.com> 0:6.0.24-11
    - Resolves: rhbz#584699 initscript collected problems LSB
- compliant. Not complete yet. Return values are correct and 
- usage function has been implemented. 
- 
    Wed Jun 23 2010 David Knox <dknox@redhat.com> 0:6.0.24-10
    - Resolves: rhbz#606822 CVE-2010-1157 
- 
    Thu May 20 2010 David Knox <dknox@redhat.com> 0:6.0.24-9
    - Resolves: rhbz#582037 Revert to Java 1.5. Also fixed Error
- deploying web application. 
- 
    Thu May 20 2010 David Knox <dknox@redhat.com> 0:6.0.24-8
    - Resolves: rhbz#584699 - and two other bugs along with
- various spec flaws fixed. 
- 
    Mon May 17 2010 David Knox <dknox@redhat.com> 0:6.0.24-7
    - Build and run using gcj 1.5. Spec refactored. JSP examples
- are working. 
- 
    Wed Apr 21 2010 David Knox <dknox@redhat.com> 0:6.0.24-6
    - Patched spec file to avoid sinjdoc issue 
- 
    Wed Apr 21 2010 David Knox <dknox@redhat.com> 0:6.0.24-5
    - Adding patch for setPerformancePrefernces 
- 
    Tue Apr 13 2010 david knox <dknox@redhat.com> 0:6.0.24-4
    - increment build number 
- 
    Tue Apr 13 2010 David Knox <dknox@redhat.com> 0:6.0.24-3
    - Removed prerun lib and post WEB-INF/lib. Moved build-jar-repos to
- after the installs. Added Requires and BuildRequires for jakarta-
- commons-{dbcp,pool,collections}-tomcat5 and ecj. Changed define macro to
- global.
- 
    Tue Apr 13 2010 David Knox <dknox@redhat.com> 0:6.0.24-2
    - Revert: Revert JDK/Java Requires and BuildRequires to version 1.5 versus 1.6 
- 
    Mon Mar 01 2010 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.24-1
    - Update to 6.0.24. 
- 
    Tue Dec 22 2009 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.20-2
    - Drop file requires on /usr/share/java/ecj.jar. 
- 
    Mon Nov 09 2009 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.20-1
    - Update to 6.0.20. Fixes CVE-2009-0033,CVE-2009-0580. 
- 
    Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:6.0.18-10.2
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 
- 
    Wed Apr 01 2009 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.18-9.2
    - Add OSGi manifest for servlet-api. 
- 
    Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:6.0.18-9.1
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 
- 
    Tue Dec 02 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-8.1
    - build for Fedora 
- 
    Tue Dec 02 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-8
    - fix directory ownership 
- 
    Thu Nov 13 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-7
    - add Requires for update-alternatives 
- 
    Tue Oct 07 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-6
    - use lsb_release instead of lsb-release to get the distributor 
- 
    Tue Oct 07 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-5
    - fix initscript messages on Mandriva Linux
- fix help message in initscript 
- 
    Wed Oct 01 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-4
    - redefine %_initrddir for FHS-compliance
- make initscript LSB-complaint 
- 
    Fri Sep 26 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-3
    - fix status in initscript 
- 
    Thu Sep 25 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-2
    - remove initscripts and /sbin/service requirement
- call initscript directly without using /sbin/service
- require /sbin/chkconfig instead of chkconfig
- remove chkconfig requirement from packages that don't require it 
- 
    Tue Aug 26 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-1
    - 6.0.18
- Resolves: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938
- fix definition of java.security.policy with d%{name} start-security
- don't pass $CATALINA_OPTS with d%{name} stop
- redefine tempdir and workdir for tmpwatch workaround
- change eclipse-ecj references to ecj
- 
    Thu Jul 10 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0:6.0.16-1.8
    - drop repotag 
- 
    Fri Apr 04 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.7.fc9
    - version jsp and servlet Provides with their spec versions
- remove Obsoletes/Provides for servletapi6 package as it can co-exist
- check for java-functions existence in wrapper script
- move d%{name} to %{name} and create symlink for d%{name}
- improve status function in initscript
- change license to ASL 2.0 again as per Fedora guidelines
- 
    Mon Mar 24 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.6.fc9
    - remove Requires: tomcat-native
- put back original JPackage Group (except javadoc) and License tags
- add Provides for jsp and servlet
- use ant macro
- build and install sample webapp
- call /sbin/service to stop service on uninstall
- remove references to $RPM_BUILD_DIR
- use copy instead of move to fix short-circuit install build
- remove prebuilt sample.war
- remove Thumbs.db files
- add Requires: java >= 0:1.6.0 
- 
    Mon Mar 24 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.6.fc9
    - remove Requires: tomcat-native
- put back original JPackage Group (except javadoc) and License tags
- add Provides for jsp and servlet
- use ant macro
- build and install sample webapp
- call /sbin/service to stop service on uninstall
- remove references to $RPM_BUILD_DIR
- use copy instead of move to fix short-circuit install build
- remove prebuilt sample.war
- remove Thumbs.db files
- add Requires: java >= 0:1.6.0 
- 
    Wed Mar 19 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.5.fc9
    - explicitly unset CLASSPATH
- explicitly set OPT_JAR_LIST to include ant/ant-trax 
- 
    Tue Mar 18 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.4.fc9
    - remove BuildRequires: sed
- remove specific references to icedtea 
- 
    Mon Mar 17 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.3.fc9
    - add digest and tool-wrapper scripts
- Requires: tomcat-native 
- 
    Fri Mar 07 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.2.fc9
    - use %{_var} for appdir instead of /srv
- use ${JAVACMD} for java executable in wrapper script
- use built-in status function in initscript where possible
- add missing require on procps for status function
- fix java.library.path setting in %{_sysconfdir}/sysconfig/%{name}
- add patch to document webapps in %{_sysconfdir}/%{name}/tomcat-users.xml
- remove %{appdir}/ROOT/admin
- move %{_bindir}/d%{name} to %{_sbindir}/d%{name}
- 
    Mon Mar 03 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.1.fc9
    - use %{_initrddir} macro instead of %{_sysconfdir}/init.d (rhbz #153187)
- fix java.library.path setting in %{name}.conf (rhbz #253605)
- fix incorrect initscript output (rhbz #380921)
- update initscript (rhbz #247077)
- add logrotate support
- fix strange-permission
- fix %prep
- replace /var with %{_var}
- replace %{_localstatedir} with %{_var}
- use %{logdir} where possible
- call build-jar-repository with full path in scriptlets
- remove file-based requires
- build with icedtea and set as the default JAVA_HOME in %{name}.conf
- fix non-standard-group
- change ecj references to eclipse-ecj
- change Apache Software License 2.0 to ASL 2.0 for rpmlint
- 
    Fri Feb 08 2008 Jason Corley <jason.corley@gmail.com> - 0:6.0.16-1jpp
    - update to 6.0.16 
- 
    Sun Dec 02 2007 Jason Corley <jason.corley@gmail.com> - 0:6.0.14-2jpp
    - add /etc/tomcat6/Catalina/localhost (Alexander Kurtakov) 
- 
    Tue Aug 14 2007 Jason Corley <jason.corley@gmail.com> 0:6.0.14-1jpp
    - first JPackage release