Bug 215865 - www/tomcat8 {tomcat7,tomcat6}: update to 8.0.40, 7.0.74, 6.0.49
Summary: www/tomcat8 {tomcat7,tomcat6}: update to 8.0.40, 7.0.74, 6.0.49
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Alex Dupre
URL: http://tomcat.apache.org/security-8.h...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2017-01-07 22:50 UTC by Jason Unovitch
Modified: 2017-03-18 01:48 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (ale)
junovitch: merge-quarterly+


Attachments
tomcat 8.0.39 to 8.0.41 update (3.01 KB, patch)
2017-02-07 20:50 UTC, Tim Z
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 commit-hook freebsd_committer 2017-01-07 22:55:48 UTC
A commit references this bug:

Author: junovitch
Date: Sat Jan  7 22:55:04 UTC 2017
New revision: 430842
URL: https://svnweb.freebsd.org/changeset/ports/430842

Log:
  Document last quarter of Tomcat security advisories

  Latest advisory is awaiting upstream release

  PR:		214599
  PR:		215865
  Security:	CVE-2016-0762
  Security:	CVE-2016-5018
  Security:	CVE-2016-6794
  Security:	CVE-2016-6796
  Security:	CVE-2016-6797
  Security:	CVE-2016-6816
  Security:	CVE-2016-8735
  Security:	CVE-2016-8745
  Security:	https://vuxml.FreeBSD.org/freebsd/0b9af110-d529-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/3ae106e2-d521-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Erik Cederstrand 2017-01-29 15:03:09 UTC
Version 8.0.41 has been released, according to http://tomcat.apache.org/download-80.cgi

The www/tomcat8 port is currently at 8.0.39.
Comment 3 Tim Z 2017-02-07 20:50:47 UTC
Created attachment 179725 [details]
tomcat 8.0.39 to 8.0.41 update

I created this patch to update tomcat from 8.0.39 to 8.0.41 for my own use, thought I would share it and maybe save someone some work.
Comment 4 Alan Somers freebsd_committer 2017-02-14 19:55:00 UTC
Poudriere warns that we could set NO_ARCH for this port.  It's probably not new in 8.0.41, but we should do it anyway.

pkg-static: DEVELOPER_MODE: Notice: arch "FreeBSD:11:amd64" -- no architecture specific files found:
**** could this package use a wildcard architecture?
Comment 5 Alan Somers freebsd_committer 2017-02-14 22:40:34 UTC
I've tested tomcat-8.0.41 with your patch.  You can consider it reviewed by me.
Comment 6 commit-hook freebsd_committer 2017-02-16 09:17:41 UTC
A commit references this bug:

Author: ale
Date: Thu Feb 16 09:17:22 UTC 2017
New revision: 434199
URL: https://svnweb.freebsd.org/changeset/ports/434199

Log:
  Update to 8.0.41 release.

  PR:		215865
  Submitted by:	junovitch

Changes:
  head/www/tomcat8/Makefile
  head/www/tomcat8/distinfo
  head/www/tomcat8/pkg-plist
Comment 8 commit-hook freebsd_committer 2017-03-05 02:43:15 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 02:42:39 UTC 2017
New revision: 435441
URL: https://svnweb.freebsd.org/changeset/ports/435441

Log:
  MFH: r434199

  Update to 8.0.41 release.

  PR:		215865
  Submitted by:	Tim Z <tez@netbsd.org>
  Reviewed by:	asomers
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/www/tomcat8/Makefile
  branches/2017Q1/www/tomcat8/distinfo
  branches/2017Q1/www/tomcat8/pkg-plist
Comment 9 commit-hook freebsd_committer 2017-03-05 02:48:22 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 02:47:49 UTC 2017
New revision: 435442
URL: https://svnweb.freebsd.org/changeset/ports/435442

Log:
  MFH: r434198

  Update to 7.0.75 release.

  PR:		215865
  PR:		216604
  Reported by:	Dani <i.dani@outlook.com>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2016-8745
  Security:	https://vuxml.FreeBSD.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html

Changes:
_U  branches/2017Q1/
  branches/2017Q1/www/tomcat7/Makefile
  branches/2017Q1/www/tomcat7/distinfo
  branches/2017Q1/www/tomcat7/pkg-plist
Comment 10 Jason Unovitch freebsd_committer 2017-03-05 02:53:08 UTC
Reopen pending an upstream fix for the CVE-2016-8745 that this PR was opened for. The only remaining update is the www/tomcat6 port which is "not yet released" per Apache.org as of right now.
Comment 11 commit-hook freebsd_committer 2017-03-18 01:36:01 UTC
A commit references this bug:

Author: junovitch
Date: Sat Mar 18 01:35:43 UTC 2017
New revision: 436372
URL: https://svnweb.freebsd.org/changeset/ports/436372

Log:
  www/tomcat6: update 6.0.48 -> 6.0.51

  PR:		215865
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2016-8745
  Security:	https://vuxml.FreeBSD.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html
  MFH:		2017Q1

Changes:
  head/www/tomcat6/Makefile
  head/www/tomcat6/distinfo
  head/www/tomcat6/pkg-plist
Comment 12 commit-hook freebsd_committer 2017-03-18 01:37:05 UTC
A commit references this bug:

Author: junovitch
Date: Sat Mar 18 01:36:30 UTC 2017
New revision: 436373
URL: https://svnweb.freebsd.org/changeset/ports/436373

Log:
  MFH: r436372

  www/tomcat6: update 6.0.48 -> 6.0.51

  PR:		215865
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2016-8745
  Security:	https://vuxml.FreeBSD.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html

Changes:
_U  branches/2017Q1/
  branches/2017Q1/www/tomcat6/Makefile
  branches/2017Q1/www/tomcat6/distinfo
  branches/2017Q1/www/tomcat6/pkg-plist
Comment 13 Jason Unovitch freebsd_committer 2017-03-18 01:48:30 UTC
All associated updates for the CVE-2016-8745 that this PR was opened for have fixed.