Bug 209669 - [PATCHE] www/tomcat7 and www/tomcat-native upgrade
Summary: [PATCHE] www/tomcat7 and www/tomcat-native upgrade
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Alex Dupre
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-05-20 16:42 UTC by geoffroy desvernay
Modified: 2016-06-26 18:19 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ale)
junovitch: merge-quarterly+

Attachments
www/tomcat7 svn diff (2.27 KB, patch)
2016-05-20 16:42 UTC, geoffroy desvernay 		dgeo: maintainer-approval?
Details | Diff
www/tomcat-native svn diff (1.29 KB, patch)
2016-05-20 16:43 UTC, geoffroy desvernay 		dgeo: maintainer-approval?
Details | Diff
svn diff www/tomcat8 to version 8.0.35 (1.53 KB, patch)
2016-05-28 10:25 UTC, geoffroy desvernay 		dgeo: maintainer-approval?
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description geoffroy desvernay 2016-05-20 16:42:23 UTC 
Created attachment 170514 [details]
www/tomcat7 svn diff

Hi, 

These patches are upgrades for:
 * tomcat7 to 7.0.69 - see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
 * tomcat-native to 1.2.7 - see https://tomcat.apache.org/native-doc/miscellaneous/changelog.html

Both are poudriere build here and in production.

Hope this helps
Comment 1 geoffroy desvernay 2016-05-20 16:43:08 UTC 
Created attachment 170515 [details]
www/tomcat-native svn diff
Comment 2 geoffroy desvernay 2016-05-28 10:25:58 UTC 
Created attachment 170745 [details]
svn diff www/tomcat8 to version 8.0.35

While I'm there, this one is for tomcat8 (poudriere build and in production too)
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-06-23 10:29:25 UTC 
A commit references this bug:

Author: ale
Date: Thu Jun 23 10:28:45 UTC 2016
New revision: 417360
URL: https://svnweb.freebsd.org/changeset/ports/417360

Log:
  - Update tomcat-native to 1.2.7 release.
  - Update tomcat7 to 7.0.70 release.
  - Update tomcat8 to 8.0.36 release.

  PR:		209669
  Submitted by:	geoffroy desvernay <dgeo@centrale-marseille.fr>

Changes:
  head/www/tomcat-native/Makefile
  head/www/tomcat-native/distinfo
  head/www/tomcat7/Makefile
  head/www/tomcat7/distinfo
  head/www/tomcat7/pkg-plist
  head/www/tomcat8/Makefile
  head/www/tomcat8/distinfo
  head/www/tomcat8/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-06-26 18:14:13 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Jun 26 18:13:40 UTC 2016
New revision: 417596
URL: https://svnweb.freebsd.org/changeset/ports/417596

Log:
  Document remote denial of service via FileUpload component in Tomcat

  PR:		209669 [1]
  Reported by:	Geoffroy Desvernay <dgeo@centrale-marseille.fr> [1]
  Reported by:	Roger Marquis <marquis@roble.com>
  Security:	CVE-2016-3092
  Security:	https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-06-26 18:15:16 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Jun 26 18:14:14 UTC 2016
New revision: 417597
URL: https://svnweb.freebsd.org/changeset/ports/417597

Log:
  MFH: r417360

  - Update tomcat-native to 1.2.7 release.
  - Update tomcat7 to 7.0.70 release.
  - Update tomcat8 to 8.0.36 release.

  PR:		209669
  Submitted by:	geoffroy desvernay <dgeo@centrale-marseille.fr>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2016-3092
  Security:	https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/tomcat-native/Makefile
  branches/2016Q2/www/tomcat-native/distinfo
  branches/2016Q2/www/tomcat7/Makefile
  branches/2016Q2/www/tomcat7/distinfo
  branches/2016Q2/www/tomcat7/pkg-plist
  branches/2016Q2/www/tomcat8/Makefile
  branches/2016Q2/www/tomcat8/distinfo
  branches/2016Q2/www/tomcat8/pkg-plist