Bug 209669

Summary: [PATCHE] www/tomcat7 and www/tomcat-native upgrade
Product: Ports & Packages Reporter: geoffroy desvernay <dgeo>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Only Me CC: junovitch
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (ale)
junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
www/tomcat7 svn diff
dgeo: maintainer-approval?
www/tomcat-native svn diff
dgeo: maintainer-approval?
svn diff www/tomcat8 to version 8.0.35 dgeo: maintainer-approval?

Description geoffroy desvernay 2016-05-20 16:42:23 UTC
Created attachment 170514 [details]
www/tomcat7 svn diff

Hi, 

These patches are upgrades for:
 * tomcat7 to 7.0.69 - see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
 * tomcat-native to 1.2.7 - see https://tomcat.apache.org/native-doc/miscellaneous/changelog.html

Both are poudriere build here and in production.

Hope this helps
Comment 1 geoffroy desvernay 2016-05-20 16:43:08 UTC
Created attachment 170515 [details]
www/tomcat-native svn diff
Comment 2 geoffroy desvernay 2016-05-28 10:25:58 UTC
Created attachment 170745 [details]
svn diff www/tomcat8 to version 8.0.35

While I'm there, this one is for tomcat8 (poudriere build and in production too)
Comment 3 commit-hook freebsd_committer 2016-06-23 10:29:25 UTC
A commit references this bug:

Author: ale
Date: Thu Jun 23 10:28:45 UTC 2016
New revision: 417360
URL: https://svnweb.freebsd.org/changeset/ports/417360

Log:
  - Update tomcat-native to 1.2.7 release.
  - Update tomcat7 to 7.0.70 release.
  - Update tomcat8 to 8.0.36 release.

  PR:		209669
  Submitted by:	geoffroy desvernay <dgeo@centrale-marseille.fr>

Changes:
  head/www/tomcat-native/Makefile
  head/www/tomcat-native/distinfo
  head/www/tomcat7/Makefile
  head/www/tomcat7/distinfo
  head/www/tomcat7/pkg-plist
  head/www/tomcat8/Makefile
  head/www/tomcat8/distinfo
  head/www/tomcat8/pkg-plist
Comment 4 commit-hook freebsd_committer 2016-06-26 18:14:13 UTC
A commit references this bug:

Author: junovitch
Date: Sun Jun 26 18:13:40 UTC 2016
New revision: 417596
URL: https://svnweb.freebsd.org/changeset/ports/417596

Log:
  Document remote denial of service via FileUpload component in Tomcat

  PR:		209669 [1]
  Reported by:	Geoffroy Desvernay <dgeo@centrale-marseille.fr> [1]
  Reported by:	Roger Marquis <marquis@roble.com>
  Security:	CVE-2016-3092
  Security:	https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 5 commit-hook freebsd_committer 2016-06-26 18:15:16 UTC
A commit references this bug:

Author: junovitch
Date: Sun Jun 26 18:14:14 UTC 2016
New revision: 417597
URL: https://svnweb.freebsd.org/changeset/ports/417597

Log:
  MFH: r417360

  - Update tomcat-native to 1.2.7 release.
  - Update tomcat7 to 7.0.70 release.
  - Update tomcat8 to 8.0.36 release.

  PR:		209669
  Submitted by:	geoffroy desvernay <dgeo@centrale-marseille.fr>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2016-3092
  Security:	https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/tomcat-native/Makefile
  branches/2016Q2/www/tomcat-native/distinfo
  branches/2016Q2/www/tomcat7/Makefile
  branches/2016Q2/www/tomcat7/distinfo
  branches/2016Q2/www/tomcat7/pkg-plist
  branches/2016Q2/www/tomcat8/Makefile
  branches/2016Q2/www/tomcat8/distinfo
  branches/2016Q2/www/tomcat8/pkg-plist