packages: tomcat/tomcat.spec, tomcat/TODO (NEW) - 4 security blockers added...
blues
blues at pld-linux.org
Mon Jun 8 13:13:34 CEST 2009
Author: blues Date: Mon Jun 8 11:13:34 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- 4 security blockers added and move CVE notes for previous releases
---- Files affected:
packages/tomcat:
tomcat.spec (1.125 -> 1.126) , TODO (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/tomcat/tomcat.spec
diff -u packages/tomcat/tomcat.spec:1.125 packages/tomcat/tomcat.spec:1.126
--- packages/tomcat/tomcat.spec:1.125 Fri Jun 5 16:26:19 2009
+++ packages/tomcat/tomcat.spec Mon Jun 8 13:13:28 2009
@@ -1,6 +1,5 @@
# $Revision$, $Date$
-# TODO
-# - packages for *.renametojar files (-cgi and -ssi in server/lib)
+#
# Conditional build:
%bcond_without javadoc # skip building javadocs
%bcond_with jta # put jta jar into tomcat lib dir.
@@ -32,6 +31,23 @@
Patch7: apache-%{name}-admin-struts.patch
Patch8: apache-%{name}-no_links_to_examples.patch
URL: http://tomcat.apache.org/
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch:
+# http://svn.apache.org/viewvc?rev=781362&view=rev
+BuildRequires: security(CVE-2009-0033)
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch:
+# http://svn.apache.org/viewvc?rev=781379&view=rev
+BuildRequires: security(CVE-2009-0580)
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patches:
+# http://svn.apache.org/viewvc?rev=781542&view=rev
+# http://svn.apache.org/viewvc?rev=681156&view=rev
+BuildRequires: security(CVE-2009-0783)
+# http://tomcat.apache.org/security-5.html
+# Requires upgrade to 6.0.20 or (in future) 5.5.28. Or patch:
+# http://svn.apache.org/viewvc?rev=750928&view=rev
+BuildRequires: security(CVE-2009-0781)
%if %{with java_sun}
BuildRequires: java-sun >= 1.5
BuildRequires: java-sun-jre >= 1.5
@@ -449,6 +465,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.126 2009/06/08 11:13:28 blues
+- 4 security blockers added and move CVE notes for previous releases
+
Revision 1.125 2009/06/05 14:26:19 pawelz
- missing O:
@@ -677,9 +696,11 @@
Revision 1.57 2008/10/03 18:59:48 glen
- 5.5.27
+ [fixes: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370]
Revision 1.56 2008-04-11 07:17:10 glen
- 5.5.26
+ [fixes: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286]
Revision 1.55 2007-12-07 18:58:08 glen
- builds again, revised symlinks
================================================================
Index: packages/tomcat/TODO
diff -u /dev/null packages/tomcat/TODO:1.1
--- /dev/null Mon Jun 8 13:13:34 2009
+++ packages/tomcat/TODO Mon Jun 8 13:13:28 2009
@@ -0,0 +1,4 @@
+# TODO:
+- packages for *.renametojar files (-cgi and -ssi in server/lib)
+- upgrade to 6.* series
+
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/tomcat/tomcat.spec?r1=1.125&r2=1.126&f=u
More information about the pld-cvs-commit
mailing list