Summary: | www/tomcat{85,9,10,101,-devel}: Update to 8.5.83, 9.0.68, 10.0.27, 10.1.1, 10.1.1 | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Vladimir Druzenko <vvd> | ||||||||||||
Component: | Individual Port(s) | Assignee: | Nuno Teixeira <eduardo> | ||||||||||||
Status: | Closed FIXED | ||||||||||||||
Severity: | Affects Some People | CC: | dgeo, eduardo | ||||||||||||
Priority: | --- | Flags: | vvd:
maintainer-feedback+
eduardo: merge-quarterly+ |
||||||||||||
Version: | Latest | ||||||||||||||
Hardware: | Any | ||||||||||||||
OS: | Any | ||||||||||||||
URL: | https://tomcat.apache.org | ||||||||||||||
Attachments: |
|
Description
Vladimir Druzenko
2022-10-12 06:42:53 UTC
Created attachment 237227 [details] update to 9.0.68 Tested on 13.1-p2 amd64: make check-plist/install/run. https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.68_(markt) Created attachment 237228 [details] update to 10.0.27 Tested on 13.1-p2 amd64: make check-plist/install/run. https://tomcat.apache.org/tomcat-10.0-doc/changelog.html#Tomcat_10.0.27_(markt) Created attachment 237229 [details] update to 10.1.1 Tested on 13.1-p2 amd64: make check-plist/install/run. https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.1_(markt) Created attachment 237230 [details] update to 10.1.1 Tested on 13.1-p2 amd64: make check-plist/install/run. https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.1_(markt) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=fd3e68d563493e13f2a89530e27b00275f8fddc1 commit fd3e68d563493e13f2a89530e27b00275f8fddc1 Author: VVD <vvd@unislabs.com> AuthorDate: 2022-10-12 09:46:21 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-10-12 09:46:21 +0000 www/tomcat{85,9,10,101,-devel}: Update to 8.5.83, 9.0.68, 10.0.27, 10.1.1, 10.1.1 ChangeLog: https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.83_(markt) https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.68_(markt) https://tomcat.apache.org/tomcat-10.0-doc/changelog.html#Tomcat_10.0.27_(markt) https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.1_(markt) PR: 266984 www/tomcat-devel/Makefile | 2 +- www/tomcat-devel/distinfo | 6 +++--- www/tomcat-devel/pkg-plist | 2 +- www/tomcat10/Makefile | 2 +- www/tomcat10/distinfo | 6 +++--- www/tomcat101/Makefile | 2 +- www/tomcat101/distinfo | 6 +++--- www/tomcat101/pkg-plist | 2 +- www/tomcat85/Makefile | 2 +- www/tomcat85/distinfo | 6 +++--- www/tomcat9/Makefile | 2 +- www/tomcat9/distinfo | 6 +++--- 12 files changed, 22 insertions(+), 22 deletions(-) Committed, thanks! Seems to fix CVE-2022-42252, shouldn't it be merged in quarterly ? (In reply to geoffroy desvernay from comment #7) Can't find CVE-2022-42252 mentioned in release notes, could you provide a link to it? I found this by cve search: https://nvd.nist.gov/vuln/detail/CVE-2022-42252 Vendor advisory seems to be here: https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq (With a typo noted in reply: 8.5.82 is affected, not only 8.5.52) (In reply to geoffroy desvernay from comment #9) Working on it, thanks. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=c42efc2b00b09f75badbd82788ed8c33157470b8 commit c42efc2b00b09f75badbd82788ed8c33157470b8 Author: Nuno Teixeira <eduardo@FreeBSD.org> AuthorDate: 2022-11-18 21:53:01 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-11-18 21:57:50 +0000 security/vuxml: Document Apache Tomcat vulnerability * CVE-2022-42252 Apache Tomcat - Request Smuggling PR: 266984 security/vuxml/vuln/2022.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=328f7ac7040e1d353e0898a391662393ec3e7f3d commit 328f7ac7040e1d353e0898a391662393ec3e7f3d Author: VVD <vvd@unislabs.com> AuthorDate: 2022-10-12 09:46:21 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-11-18 21:58:49 +0000 www/tomcat{85,9,10,101,-devel}: Update to 8.5.83, 9.0.68, 10.0.27, 10.1.1, 10.1.1 ChangeLog: https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.83_(markt) https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.68_(markt) https://tomcat.apache.org/tomcat-10.0-doc/changelog.html#Tomcat_10.0.27_(markt) https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.1_(markt) PR: 266984 MFH: 2022Q4 Security: 556fdf03-6785-11ed-953b-002b67dfc673 (cherry picked from commit fd3e68d563493e13f2a89530e27b00275f8fddc1) www/tomcat-devel/Makefile | 2 +- www/tomcat-devel/distinfo | 6 +++--- www/tomcat-devel/pkg-plist | 2 +- www/tomcat10/Makefile | 2 +- www/tomcat10/distinfo | 6 +++--- www/tomcat101/Makefile | 2 +- www/tomcat101/distinfo | 6 +++--- www/tomcat101/pkg-plist | 2 +- www/tomcat85/Makefile | 2 +- www/tomcat85/distinfo | 6 +++--- www/tomcat9/Makefile | 2 +- www/tomcat9/distinfo | 6 +++--- 12 files changed, 22 insertions(+), 22 deletions(-) (In reply to geoffroy desvernay from comment #9) Nice catch up. Committed, thank you |