Author: pawelz Date: Tue Jun 9 18:15:33 2009 GMT Module: packages Tag: HEAD ---- Log message: - added security-related patches (backported from svn trunk) - dropped security blockers - rel 2 [fixes: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783]
---- Files affected: packages/tomcat: tomcat.spec (1.126 -> 1.127) ---- Diffs: ================================================================ Index: packages/tomcat/tomcat.spec diff -u packages/tomcat/tomcat.spec:1.126 packages/tomcat/tomcat.spec:1.127 --- packages/tomcat/tomcat.spec:1.126 Mon Jun 8 13:13:28 2009 +++ packages/tomcat/tomcat.spec Tue Jun 9 20:15:28 2009 @@ -9,7 +9,7 @@ Summary(pl.UTF-8): Silnik Servlet/JSP Apache będący wzorcową implementacją API Servlet 2.4/JSP 2.0 Name: tomcat Version: 5.5.27 -Release: 1 +Release: 2 License: Apache v2.0 Group: Networking/Daemons/Java Source0: http://www.apache.org/dist/tomcat/tomcat-5/v%{version}/src/apache-%{name}-%{version}-src.tar.gz @@ -30,24 +30,14 @@ Patch6: apache-%{name}-struts.patch Patch7: apache-%{name}-admin-struts.patch Patch8: apache-%{name}-no_links_to_examples.patch +# Following patches are applied in tomcat svn. Remove them while updating to 5.5.28 +# See: http://tomcat.apache.org/security-5.html +Patch100: tomcat-CVE-2008-5515.patch +Patch101: tomcat-CVE-2009-0033.patch +Patch102: tomcat-CVE-2009-0580.patch +Patch103: tomcat-CVE-2009-0781.patch +Patch104: tomcat-CVE-2009-0783.patch URL: http://tomcat.apache.org/ -# http://tomcat.apache.org/security-5.html -# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch: -# http://svn.apache.org/viewvc?rev=781362&view=rev -BuildRequires: security(CVE-2009-0033) -# http://tomcat.apache.org/security-5.html -# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch: -# http://svn.apache.org/viewvc?rev=781379&view=rev -BuildRequires: security(CVE-2009-0580) -# http://tomcat.apache.org/security-5.html -# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patches: -# http://svn.apache.org/viewvc?rev=781542&view=rev -# http://svn.apache.org/viewvc?rev=681156&view=rev -BuildRequires: security(CVE-2009-0783) -# http://tomcat.apache.org/security-5.html -# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch: -# http://svn.apache.org/viewvc?rev=750928&view=rev -BuildRequires: security(CVE-2009-0781) %if %{with java_sun} BuildRequires: java-sun >= 1.5 BuildRequires: java-sun-jre >= 1.5 @@ -208,6 +198,12 @@ %patch7 -p1 %patch8 -p1 +%patch100 -p0 +%patch101 -p0 +%patch102 -p0 +%patch103 -p0 +%patch104 -p0 + # we don't need those scripts rm -f container/catalina/src/bin/*.bat rm -f container/catalina/src/bin/{startup,shutdown}.sh @@ -465,6 +461,12 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.127 2009/06/09 18:15:28 pawelz +- added security-related patches (backported from svn trunk) +- dropped security blockers +- rel 2 + [fixes: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783] + Revision 1.126 2009/06/08 11:13:28 blues - 4 security blockers added and move CVE notes for previous releases ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/tomcat/tomcat.spec?r1=1.126&r2=1.127&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
