[ol7_u9_base] tomcat-admin-webapps-7.0.76-15.el7.noarch

Name:	tomcat-admin-webapps
Version:	7.0.76
Release:	15.el7
Architecture:	noarch
Group:	Applications/System
Size:	114309
License:	ASL 2.0
RPM:	tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm
Source RPM:	tomcat-7.0.76-15.el7.src.rpm
Build Date:	Thu Oct 01 2020
Build Host:	jenkins-172-17-0-2-12b27883-eefe-46f1-997c-d21ca9f6b896.appad3iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	http://tomcat.apache.org/
Summary:	The host-manager and manager web applications for Apache Tomcat
Description:	The host-manager and manager web applications for Apache Tomcat.

Changelog (Show File list) (Show related packages)

Fri Jul 17 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-15

- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

Thu May 21 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-14

- Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127
- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence

Wed May 06 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-13

- Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127

Fri Apr 24 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-12

- Resolves: rhbz#1367492 harden package permissions
- Resolves: rhbz#1523112 tomcat systemd does not cope with - in service names
- Resolves: rhbz#1629162 tomcat-dbcp.jar is missing from tomcat package
- Resolves: rhbz#1822453 Tomcat parses a request having an absolute URI path incorrectly and returns 404 Not Found
- Resolves: rhbz#1795645 connection leak with StatementCache, SlowQueryReport or StatementDecoratorInterceptor
- Resolves: CVE-2019-17563 tomcat: session fixation when using FORM authentication

Tue Mar 03 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-11

- CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

Tue Sep 03 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-10
```
- Resolves: rhbz#1748541 Bump tomcat release number
```

Tue Feb 12 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-9

- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values

Fri Oct 12 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8

- Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS

Tue Jul 24 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7

- Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session

Wed Nov 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-6
```
- Related: rhbz#1505762 Remove erroneous useradd
```

Tue Nov 07 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-5

- Resolves: rhbz#1485453 man page uid and gid mismatch for service accounts
- Resolves: rhbz#1505762 Problem to start tomcat with a user whose group has a name different to the user

Mon Nov 06 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-3

- Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision

Thu Jun 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-2

- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used

Wed Mar 29 2017 Coty Sutherland <csutherl@redhat.com> - 0:7.0.76-1
```
- Resolves: rhbz#1414895 Rebase tomcat to the current release
```
Thu Aug 25 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-10
```
- Related: rhbz#1368122
```

Tue Aug 23 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-9

- Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
- Resolves: rhbz#1368122

Wed Aug 03 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-7
```
- Resolves: rhbz#1362545
```

Fri Jul 08 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-6

- Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service

Fri Jul 01 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-5

- Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully

Mon Jun 27 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-4

- Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service

Fri Jun 17 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-3

- Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)

Tue Jun 07 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-2

- Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
- Rebase Resolves: rhbz#1320853 Add HSTS support
- Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
- Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
- Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
- Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
- Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
- Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
- Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
- Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak

Mon Jun 06 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-1

- Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
- Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
- Resolves: rhbz#1277197 tomcat user has non-existing default shell set
- Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7
- Resolves: rhbz#1229476 Tomcat startup ONLY options
- Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
- Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
- Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
- Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file

Tue Mar 24 2015 David Knox <dknox@redhat.com> - 0:7.0.54-2
```
- Resolves: CVE-2014-0227
```

Wed Sep 17 2014 David Knox <dknox@redhat.com> - 0:7.0.54-1

- Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd 
- artifacts. Rebase on 7.0.54.

Wed Jun 18 2014 David Knox <dknox@redhat.com> - 0:7.0.43-6

- Resolves: CVE-2014-0099
- Resolves: CVE-2014-0096
- Resolves: CVE-2014-0075

Wed Apr 16 2014 David Knox <dknox@redhat.com> - 0:7.0.42-5

- Related: CVE-2013-4286
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- revisit patches for above.

Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-4
```
- Related: rhbz#1056696 correct packaging for sbin tomcat
```

Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-3

- Related: CVE-2013-4286. increment build number. missed doing
- it. 
- Resolves: rhbz#1038183 remove BR for ant-nodeps. it's
- no long used.

Wed Jan 22 2014 David Knox <dknox@redhat.com> - 0:7.0.42-2

- Resolves: rhbz#1056673 Invocation of useradd with shell
- other than sbin nologin
- Resolves: rhbz#1056677 preun systemv scriptlet unconditionally
- stops service
- Resolves: rhbz#1056696 init.d tomcat does not conform to RHEL7
- systemd rules. systemv subpackage is removed.
- Resolves: CVE-2013-4286
- Resolves: CVE-2013-4322
- Resolves: CVE-2014-0050
- Built for rhel-7 RC

Tue Jan 21 2014 David Knox <dknox@redhat.com> - 0:7.0.42-1

- Resolves: rhbz#1051657 update to 7.0.42. Ant-nodeps is
- deprecated.

Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 07.0.40-3
```
- Mass rebuild 2013-12-27
```

Sat May 11 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.40-1

- Updated to 7.0.40
- Resolves: rhbz 956569 added missing commons-pool link

Mon Mar 04 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:7.0.37-2
```
- Add depmaps for org.eclipse.jetty.orbit
- Resolves: rhbz#917626
```
Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.39-1
```
- Updated to 7.0.39
```
Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.37-1
```
- Updated to 7.0.37
```

Mon Feb 04 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.35-1

- Updated to 7.0.35
- systemd SuccessExitStatus=143 for proper stop exit code processing

Mon Dec 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.34-1

- Updated to 7.0.34
- ecj >= 4.2.1 now required
- Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME

Fri Dec 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-2
```
- Resolves: rhbz 883806 refix logdir ownership
```

Sun Dec 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-1

- Updated to 7.0.33
- Resolves: rhbz 873620 need chkconfig for update-alternatives

Wed Oct 17 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.32-1
```
- Updated to 7.0.32
- Resolves: rhbz 842620 symlinks to taglibs
```

Fri Aug 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.29-1

- Updated to 7.0.29
- Add pidfile as tmpfile
- Use systemd for running as unprivileged user
- Resolves: rhbz 847751 upgrade path was broken
- Resolves: rhbz 850343 use new systemd-rpm macros

Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:7.0.28-2
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
```

Mon Jul 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.28-1

- Updated to 7.0.28
- Resolves: rhbz 820119 Remove bundled apache-commons-dbcp
- Resolves: rhbz 814900 Added tomcat-coyote POM
- Resolves: rhbz 810775 Remove systemv stuff from %post scriptlet
- Remove redhat-lsb R

Mon Apr 09 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-2
```
- Fixed native download hack
```
Sat Apr 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-1
```
- Updated to 7.0.27
- Fixed jakarta-taglibs-standard BR and R
```
Wed Mar 21 2012 Stanislav Ochotnicky <sochotnicky@redhat.com> - 0:7.0.26-2
```
- Add more depmaps to J2EE apis to help jetty/glassfish updates
```
Wed Mar 14 2012 Juan Hernandez <juan.hernandez@redhat.com> 0:7.0.26-2
```
- Added the POM files for tomcat-api and tomcat-util (#803495)
```

Wed Feb 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.26-1

- Updated to 7.0.26
- Bug 790334: Change ownership of logdir for logrotate

Thu Feb 16 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-4

- Bug 790694: Priorities of jsp, servlet and el packages updated.

Wed Feb 08 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-3
```
- Dropped indirect dependecy to tomcat 5
```

Sun Jan 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-2

- Added hack for maven depmap of tomcat-juli absolute link [ -f ] pass correctly

Sat Jan 21 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-1

- Updated to 7.0.25
- Removed EntityResolver patch (changes already in upstream sources)
- Place poms and depmaps in the same package as jars
- Added javax.servlet.descriptor to export-package of servlet-api
- Move several chkconfig actions and reqs to systemv subpackage
- New maven depmaps generation method
- Add patch to support java7. (patch sent upstream).
- Require java >= 1:1.6.0

Fri Jan 13 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.23-5

- Exported javax.servlet.* packages in version 3.0 as 2.6 to make
  servlet-api compatible with Eclipse.

Thu Jan 12 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-4
```
- Move jsvc support to subpackage
```

Wed Jan 11 2012 Alexander Kurtakov <akurtako@redhat.com> 0:7.0.23-2

- Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).

Mon Dec 12 2011 Joseph D. Wagner <joe@josephdwagner.info> 0:7.0.23-3

- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
  starting tomcat with jsvc, which allows tomcat to perform some
  privileged operations (e.g. bind to a port < 1024) and then switch
  identity to a non-privileged user. Must add USE_JSVC="true" to
  /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.

Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-1
```
- Updated to 7.0.23
```

Fri Nov 11 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-2

- Move tomcat-juli.jar to lib package
- Drop %update_maven_depmap as in tomcat6
- Provide native systemd unit file ported from tomcat6

Thu Oct 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-1
```
- Updated to 7.0.22
```
Mon Oct 03 2011 Rex Dieter <rdieter@fedoraproject.org> - 0:7.0.21-3.1
```
- rebuild (java), rel-eng#4932
```
Mon Sep 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-3
```
- Fix basedir mode
```

Tue Sep 20 2011 Roland Grunberg <rgrunber@redhat.com> 0:7.0.21-2

- Add manifests for el-api, jasper-el, jasper, tomcat, and tomcat-juli.

Thu Sep 08 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-1
```
- Updated to 7.0.21
```
Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-3
```
- Require java = 1:1.6.0
```
Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-2
```
- Require java < 1.7.0
```
Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-1
```
- Updated to 7.0.20
```
Tue Jul 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.19-1
```
- Updated to 7.0.19
```
Tue Jun 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.16-1
```
- Updated to 7.0.16
```
Mon Jun 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-3
```
- Added initial systemd service
- Fix some paths
```

Sat May 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-2

- Fixed http source link
- Securify some permissions
- Added licenses for el-api and servlet-api
- Added dependency on jpackage-utils for the javadoc subpackage

Sat May 14 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-1
```
- Updated to 7.0.14
```

Thu May 05 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-4

- Provided local paths for libs
- Fixed dependencies
- Fixed update temp/work cleanup

Mon May 02 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-3

- Fixed package groups
- Fixed some permissions
- Fixed some links
- Removed old tomcat6 crap

Thu Apr 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-2

- Package now named just tomcat instead of tomcat7
- Removed Provides:  tomcat-log4j
- Switched to apache-commons-* names instead of jakarta-commons-* .
- Remove the old changelog
- BR/R java >= 1:1.6.0 , same for java-devel
- Removed old tomcat6 crap

Wed Apr 27 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-1
```
- Tomcat7
```