packages: tomcat/tomcat.spec, tomcat/TODO (NEW) - 4 security blockers added...

blues blues at pld-linux.org
Mon Jun 8 13:13:34 CEST 2009 

Author: blues                        Date: Mon Jun  8 11:13:34 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- 4 security blockers added and move CVE notes for previous releases

---- Files affected:
packages/tomcat:
   tomcat.spec (1.125 -> 1.126) , TODO (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/tomcat/tomcat.spec
diff -u packages/tomcat/tomcat.spec:1.125 packages/tomcat/tomcat.spec:1.126
--- packages/tomcat/tomcat.spec:1.125	Fri Jun  5 16:26:19 2009
+++ packages/tomcat/tomcat.spec	Mon Jun  8 13:13:28 2009
@@ -1,6 +1,5 @@
 # $Revision$, $Date$
-# TODO
-# - packages for *.renametojar files (-cgi and -ssi in server/lib)
+#
 # Conditional build:
 %bcond_without	javadoc		# skip building javadocs
 %bcond_with	jta		# put jta jar into tomcat lib dir.
@@ -32,6 +31,23 @@
 Patch7:		apache-%{name}-admin-struts.patch
 Patch8:		apache-%{name}-no_links_to_examples.patch
 URL:		http://tomcat.apache.org/
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch:
+# http://svn.apache.org/viewvc?rev=781362&view=rev
+BuildRequires:	security(CVE-2009-0033)
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch:
+# http://svn.apache.org/viewvc?rev=781379&view=rev
+BuildRequires:	security(CVE-2009-0580)
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patches:
+# http://svn.apache.org/viewvc?rev=781542&view=rev
+# http://svn.apache.org/viewvc?rev=681156&view=rev
+BuildRequires:	security(CVE-2009-0783)
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch:
+# http://svn.apache.org/viewvc?rev=750928&view=rev
+BuildRequires:	security(CVE-2009-0781)
 %if %{with java_sun}
 BuildRequires:	java-sun >= 1.5
 BuildRequires:	java-sun-jre >= 1.5
@@ -449,6 +465,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.126  2009/06/08 11:13:28  blues
+- 4 security blockers added and move CVE notes for previous releases
+
 Revision 1.125  2009/06/05 14:26:19  pawelz
 - missing O:
 
@@ -677,9 +696,11 @@
 
 Revision 1.57  2008/10/03 18:59:48  glen
 - 5.5.27
+  [fixes: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370]
 
 Revision 1.56  2008-04-11 07:17:10  glen
 - 5.5.26
+  [fixes: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286]
 
 Revision 1.55  2007-12-07 18:58:08  glen
 - builds again, revised symlinks

================================================================
Index: packages/tomcat/TODO
diff -u /dev/null packages/tomcat/TODO:1.1
--- /dev/null	Mon Jun  8 13:13:34 2009
+++ packages/tomcat/TODO	Mon Jun  8 13:13:28 2009
@@ -0,0 +1,4 @@
+# TODO:
+- packages for *.renametojar files (-cgi and -ssi in server/lib)
+- upgrade to 6.* series
+
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/tomcat/tomcat.spec?r1=1.125&r2=1.126&f=u

More information about the pld-cvs-commit mailing list