[ol6_latest_archive] tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64

Name:	tomcat6-jsp-2.1-api
Version:	6.0.24
Release:	94.el6_7
Architecture:	x86_64
Group:	Internet/WWW/Dynamic Content
Size:	76570
License:	ASL 2.0
RPM:	tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm
Source RPM:	tomcat6-6.0.24-94.el6_7.src.rpm
Build Date:	Tue Mar 22 2016
Build Host:	x86-ol6-builder-06.us.oracle.com
Vendor:	Oracle America
URL:	http://tomcat.apache.org/
Summary:	Apache Tomcat JSP API implementation classes
Description:	Apache Tomcat JSP API implementation classes.

Changelog (Show File list) (Show related packages)

Thu Jan 28 2016 Coty Sutherland <csutherl@redhat.com> 0:6.0.24-94

- Resolves: rhbz#1293289 CVE-2014-7810 tomcat6 security manager bypass via EL expressions

Mon Dec 14 2015 Coty Sutherland <csutherl@redhat.com> 0:6.0.24-93
```
- Resolves: rhbz#1301646 Resolving NIO connector memory leak
```
Fri May 15 2015 David Knox <dknox@redhat.com> 0:6.0.24-90
```
- Related: rhbz#1042811 left over test value in the conf
```

Fri May 15 2015 David Knox <dknox@redhat.com> 0:6.0.24-89

- Resolves: rhbz#1042811 tomcat6 service restarts will cause a 
- duplicated command-line arguments

Thu Mar 26 2015 David Knox <dknox@redhat.com> 0:6.0.24-88

- Related: rhbz#1022061 changed in init file. Remove test
- in function stop for result after initial command to
- stop.

Wed Feb 25 2015 David Knox <dknox@redhat.com> 0:6.0.24-87

- Resolves: rhbz#1128396 NPE in chunked encoding.
- Regenerated patches for 4322 and 0227

Wed Feb 25 2015 David Knox <dknox@redhat.com> 0:6.0.24-86

- Resolves: rhbz#1068689 Add option to disable log rotation
- in FileHandler

Wed Feb 25 2015 David Knox <dknox@redhat.com> 0:6.0.24-85

- Resolves: CVE-2014-0227 Limited DoS in chunked transfer

Mon Feb 23 2015 David Knox <dknox@redhat.com> 0:6.0.24-84

- Resolves: rhbz#1022061 Tomcat init script needs to be adjusted to kill tomcat
- if stop is unsuccessful

Thu Feb 19 2015 David Knox <dknox@redhat.com> 0:6.0.24-83

- Resolves: rhbz#1054817 Mark Tomcat Manager web.xml as 
- config in spec

Thu Feb 19 2015 David Knox <dknox@redhat.com> 0:6.0.24-82

- Resolves: rhbz#1031327 Backport apache 50072 blank responses

Mon Feb 02 2015 David Knox <dknox@redhat.com> 0:6.0.24-81

- Resolves: rhbz#1183252 Tomcat breaks in serving large files
- greater than 1.7 mb and under high load and high threading

Tue Sep 16 2014 David Knox <dknox@redhat.com> 0:6.0.24-80

- Related: CVE-2013-4590  - remove xml schema names javaee_5,
- javaee_web_services_1_2, and javaee_web_services_1_2_client
- from descriptor.DigesterFactory initialization. These
- schema definitions are not relevant to 6.0.24 as the version
- of their spec did not exist at the time.
- Resolves: rhbz#1140855 - request parameter truncated

Fri Sep 12 2014 David Knox <dknox@redhat.com> 0:6.0.24-79

- Related: rhbz#1140301 - have to bump the nvr to be greater
- than 6.5.z

Tue Sep 09 2014 David Knox <dknox@redhat.com> 0:6.0.24-69

- Resolves: rhbz#1140301 - reverse changes of 845786.
- Rebuilding for compose.

Thu Jul 31 2014 David Knox <dknox@redhat.com> 0:6.0.24-68
```
- Resolves: CVE-2013-4590
- Resolves: CVE-2014-0119
```
Mon Jul 07 2014 David Knox <dknox@redhat.com> 0:6.0.24-67
```
- Related: CVE-2014-0075 incomplete
```
Wed Jul 02 2014 David Knox <dknox@redhat.com> 0:6.0.24-66
```
- Related: CVE-2014-0050 
- Related: CVE-2013-4322
```

Fri Jun 20 2014 David Knox <dknox@redhat.com> 0:6,0.24-65

- Resolves: CVE-2014-0099
- Resolves: CVE-2014-0096
- Resolves: CVE-2014-0075

Wed Jun 04 2014 David Knox <dknox@redhat.com> 0:6.0.24-64
```
- Resolves: CVE-2014-0050
```

Mon Apr 07 2014 David Knox <dknox@redhat.com> 0:6.0.24-63

- Resolves: CVE-2013-4322 CVE-2013-4286. Branched from
- rhel-6.5

Wed Sep 11 2013 David Knox <dknox@redhat.com> 0:6.0.24-62

- Related: rhbz 915447 Introduced a space char in TOMCAT_GROUP

Tue Sep 10 2013 David Knox <dknox@redhat.com> 0:6.0.24-61
```
- Related: rhbz 915447 Typo in conf and sysconf
```

Thu Sep 05 2013 David Knox <dknox@redhat.com> 0:6.0.24-60

- Related: rhbz 915447 can't start with group other than tomcat
- changes in init script. Added TOMCAT_GROUP to sysconfig and
- tomcat6.conf. Also changed default to the group that user
- tomcat belongs.

Tue Sep 03 2013 David Knox <dknox@redhat.com> 0:6.0.24-59

- Related: CVE-2012-3439 Digest Authentication. Fixed typo
- in the patch file.

Mon Aug 26 2013 David Knox <dknox@redhat.com> 0:6.0.24-58

- Resolves: CVE-2012-3439
- Resolves: CVE-2012-4534
- Resolves: CVE-2012-3546
- Increment build number to exceed 6_4 build number. Demanded
- by rpmdiff

Wed Aug 07 2013 David Knox <dknox@redhat.com> 0:6.0.24-54

- Resolves: rhbz 845786 webapps-docs contained empty files. 
- Build will fail of architectures ppc s390x ppc64. Use
- target rhel-6.5-noarch-candidate
- Resolves: rhbz 915447 can't start with group other than tomcat
- changes in init script
- Resolves: rhbz 950647 Error in checkpidfile of init script
- Resolves: rhbz 977685 Full implementation of juli and juli
- adapters. Jars placed in new extras directory
- Resolves: 960225 Status script does not return proper PID

Tue Jun 11 2013 David Knox <dknox@redhat.com> 0:6.0.24-53
```
- Resolves: CVE-2013-2067 session fixation
```
Thu May 16 2013 David Knox <dknox@redhat.com> 0:6.0.24-52
```
- Related: rhbz#955977 CVE-2013-1976
```

Thu May 16 2013 David Knox <dknox@redhat.com> 0:6.0.24-51

- Related: rhbz#955977 CVE-2013-1976 Changed location of 
- TOMCAT_LOG to /var/log where only root can write to it. Touching
- TOMCAT_LOG is no longer necessary

Tue Apr 30 2013 David Knox <dknox@redhat.com> 0:6.0.24-50

- Resolves: rhbz#955977 CVE-2013-1976 Improper TOMCAT_LOG management in
- init script

Wed Jan 16 2013 David Knox <dknox@redhat.com> 0:6.0.24-49

- Related: rhbz 576540
- Javadoc is not being generated correctly by the build

Tue Dec 11 2012 David Knox <dknox@redhat.com> 0:6.0.24-48

- Resolves: rhbz 576540 - regression init script in the 
- wrong place. Changed _initrddir definition herein to point to the 
- right place.

Thu Nov 08 2012 David Knox <dknox@redhat.com> 0:6.0.24-47

- Resolves: rhbz 857066 apache bz 48843 ArrayIndexOutofBounds

Tue Oct 02 2012 David Knox <dknox@redhat.com> 0:6.0.24-46

- Resolves: rhbz 847288 classloader deadlock compiler JSPs
- Resolves: rhbz 785954 HTML filtering needed
- Resolves: rhbz 798617 init gives incorrect status

Tue May 22 2012 David Knox <dknox@redhat.com> 0:6.0.24-45
```
- Resolves: rhbz 757632 regression
```

Thu Mar 29 2012 David Knox <dknox@redhat.com> 0:6.0.24-44

- Resolves: CVE-2012-0022 regression. Change made to patch.

Tue Mar 13 2012 David Knox <dknox@redhat.com> 0:6.0.24-43
```
- Resolves: rhbz# 802396. Changes made to init script.
```
Thu Mar 01 2012 David Knox <dknox@redhat.com> 0:6.0.24-42
```
- Resolves cve-2012-0022 (2011-4858) rhbz 783728
```

Mon Jan 23 2012 David Knox <dknox@redhat.com> 0:6.0.24-41

- Resolves: rhbz 782400 - remove redhat-lsb dependency
- Resolves: rhbz 726169 (783407) - Unable to compile class for JSP
- Resolves: rhbz 783567 - tag attributes parsing throws exception

Thu Jan 05 2012 David Knox <dknox@redhat.com> 0:6.0.24-39

- Resolves: rhbz 757632 - version arg results in CNFException
- changes made to initscript.

Tue Oct 25 2011 David Knox <dknox@redhat.com> 0:6.0.24-38

- resolves: rhbz 748813 NPE w/no data in chunked POST request
-  Not included in 6.2. Slated for 6.3

Mon Sep 26 2011 David Knox <dknox@redhat.com> 0:6.0.24-37

- resolves: cve-2011-3190 rhbz 738504
- resolves: cve-2011-2204 rhbz 738504
- resolves: cve-2011-2526 rhbz 738504
- resolves: cve-2011-1184 rhbz 738504
- resolves: rhbz 698624 - revisited

Mon Aug 29 2011 David Knox <dknox@redhat.com> 0:6.0.24-36

- resolves: rhbz 726169 - jsp1.1 regression exception
- Not included in 6.2 slated for 6.3

Mon Jun 06 2011 David Knox <dknox@redhat.com> 0:6.0.24-35

- resolves: rhbz 687968 - tomcat6 broken when LANG="fr_FR"

Mon May 02 2011 David Knox <dknox@redhat.com> 0:6.0.24-34

- resolves: rhbz 701759 - hardcoded catalina.out 
- Not included in 6.2 slated for 6.3

Thu Apr 28 2011 David Knox <dknox@redhat.com> 0:6.0.24-33

- resolves: rhbz 695284 - multiple instances logging fiasco

Thu Apr 28 2011 David Knox <dknox@redhat.com> 0:6.0.24-32

- Resolves: rhbz 698624 - inet4address can't be cast to String

Thu Apr 28 2011 David Knox <dknox@redhat.com> 0:6.0.24-31
```
- Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error
```
Mon Apr 18 2011 David Knox <dknox@redhat.com> 0:6.0.24-30
```
- Resolves: rhbz#697504 initscript logging location
```

Wed Apr 13 2011 David Knox <dknox@redhat.com> 0:6.0.24-29

- Resolves: rhbz#656403, rhbz#675926, rhbz#676011
- CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476,
- CVE-2011-0534

Tue Apr 12 2011 David Knox <dknox@redhat.com> 0:6.0.24-28

- Resovles  rhbz#695284 - wrapper logs to different locations
- CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out 
- until needed.

Thu Mar 17 2011 David Knox <dknox@redhat.com> 0:6.0.24-27

- naming-factory-dbcp missing fix in tomcat6.conf
- Add Obsoletes for log4j

Mon Mar 14 2011 David Knox <dknox@redhat.com> 0:6.0.24-26

- Add log4j to package lib. Corrected typo in log4 Provides
- epock versus epoch

Wed Mar 09 2011 David Knox <dknox@redhat.com> 0:6.0.24-25

- Installed permissions do not allow tomcat to start
- incrementing NVR so yum won't get confused with the zstream

Fri Mar 04 2011 David Knox <dknox@redhat.com> 0:6.0.24-23

- Resolves: rhbz 678671 - useradd sets shell to nologin
- dangling symlink for log4j. Added it as R: and R(post)

Thu Feb 17 2011 David Knox <dknox@redhat.com> 0:6.0.24-21
```
- Resolves: 678671 - tomcat user requires login shell
```

Thu Feb 17 2011 David Knox <dknox@redhat.com> 0:6.0.24-20

- Resolves: rhbz#636997 Additionally created instances of tomcat
- are broken

Tue Feb 08 2011 David Knox <dknox@redhat.com> 0:6.0.24-19
```
- Resolves: CVE-2011-0534 rhbz# 675926
```

Wed Dec 08 2010 David Knox <dknox@redhat.com> 0:6.0.24-18

- Resolves: rhbz# 661244 missing tomcat6-juli link
- Fixed symlinks to commons-collections and log4j in libdir
- Removed log4j package

Tue Oct 26 2010 David Knox <dknox@redhat.com> 0:6.0.24-17

- Replacing commons-xxxx-tomcat5 with jakarta-commons-xxxx

Wed Sep 29 2010 David Knox <dknox@redhat.com> 0:6.0.24-16

- Resolves: rhbz#636997 - Additionally created instances of tomcat are
- broken

Fri Aug 13 2010 David Knox <dknox@redhat.com> 0:6.0.24-15
```
- Resolves: rhbz#617501 CVE-2010-2227
```
Wed Aug 04 2010 David Knox <dknox@redhat.com> 0:6.0.24-14
```
- Added 2227 patch
```
Mon Jul 12 2010 David Knox <dknox@redhat.com> 0:6.0.24-13
```
- fixed servlet-api typo
```

Thu Jul 01 2010 David Knox <dknox@redhat.com> 0:6.0.24-12

- Resolves: rhbz#584699. A respin was required to fix post and
- postun for el. Updated EL-spec to 2.1 from 1.0. Tomcat6 uses 
- elspec 2.1

Tue Jun 29 2010 David Knox <dknox@redhat.com> 0:6.0.24-11

- Resolves: rhbz#584699 initscript collected problems LSB
- compliant. Not complete yet. Return values are correct and 
- usage function has been implemented.

Wed Jun 23 2010 David Knox <dknox@redhat.com> 0:6.0.24-10
```
- Resolves: rhbz#606822 CVE-2010-1157
```

Thu May 20 2010 David Knox <dknox@redhat.com> 0:6.0.24-9

- Resolves: rhbz#582037 Revert to Java 1.5. Also fixed Error
- deploying web application.

Thu May 20 2010 David Knox <dknox@redhat.com> 0:6.0.24-8

- Resolves: rhbz#584699 - and two other bugs along with
- various spec flaws fixed.

Mon May 17 2010 David Knox <dknox@redhat.com> 0:6.0.24-7

- Build and run using gcj 1.5. Spec refactored. JSP examples
- are working.

Wed Apr 21 2010 David Knox <dknox@redhat.com> 0:6.0.24-6
```
- Patched spec file to avoid sinjdoc issue
```
Wed Apr 21 2010 David Knox <dknox@redhat.com> 0:6.0.24-5
```
- Adding patch for setPerformancePrefernces
```
Tue Apr 13 2010 david knox <dknox@redhat.com> 0:6.0.24-4
```
- increment build number
```

Tue Apr 13 2010 David Knox <dknox@redhat.com> 0:6.0.24-3

- Removed prerun lib and post WEB-INF/lib. Moved build-jar-repos to
- after the installs. Added Requires and BuildRequires for jakarta-
- commons-{dbcp,pool,collections}-tomcat5 and ecj. Changed define macro to
- global.

Tue Apr 13 2010 David Knox <dknox@redhat.com> 0:6.0.24-2

- Revert: Revert JDK/Java Requires and BuildRequires to version 1.5 versus 1.6

Mon Mar 01 2010 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.24-1
```
- Update to 6.0.24.
```
Tue Dec 22 2009 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.20-2
```
- Drop file requires on /usr/share/java/ecj.jar.
```
Mon Nov 09 2009 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.20-1
```
- Update to 6.0.20. Fixes CVE-2009-0033,CVE-2009-0580.
```
Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:6.0.18-10.2
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```
Wed Apr 01 2009 Alexander Kurtakov <akurtako@redhat.com> 0:6.0.18-9.2
```
- Add OSGi manifest for servlet-api.
```
Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:6.0.18-9.1
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
```
Tue Dec 02 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-8.1
```
- build for Fedora
```
Tue Dec 02 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-8
```
- fix directory ownership
```
Thu Nov 13 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-7
```
- add Requires for update-alternatives
```

Tue Oct 07 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-6

- use lsb_release instead of lsb-release to get the distributor

Tue Oct 07 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-5

- fix initscript messages on Mandriva Linux
- fix help message in initscript

Wed Oct 01 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-4

- redefine %_initrddir for FHS-compliance
- make initscript LSB-complaint

Fri Sep 26 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-3
```
- fix status in initscript
```

Thu Sep 25 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-2

- remove initscripts and /sbin/service requirement
- call initscript directly without using /sbin/service
- require /sbin/chkconfig instead of chkconfig
- remove chkconfig requirement from packages that don't require it

Tue Aug 26 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-1

- 6.0.18
- Resolves: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938
- fix definition of java.security.policy with d%{name} start-security
- don't pass $CATALINA_OPTS with d%{name} stop
- redefine tempdir and workdir for tmpwatch workaround
- change eclipse-ecj references to ecj

Thu Jul 10 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0:6.0.16-1.8
```
- drop repotag
```

Fri Apr 04 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.7.fc9

- version jsp and servlet Provides with their spec versions
- remove Obsoletes/Provides for servletapi6 package as it can co-exist
- check for java-functions existence in wrapper script
- move d%{name} to %{name} and create symlink for d%{name}
- improve status function in initscript
- change license to ASL 2.0 again as per Fedora guidelines

Mon Mar 24 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.6.fc9

- remove Requires: tomcat-native
- put back original JPackage Group (except javadoc) and License tags
- add Provides for jsp and servlet
- use ant macro
- build and install sample webapp
- call /sbin/service to stop service on uninstall
- remove references to $RPM_BUILD_DIR
- use copy instead of move to fix short-circuit install build
- remove prebuilt sample.war
- remove Thumbs.db files
- add Requires: java >= 0:1.6.0

Mon Mar 24 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.6.fc9

- remove Requires: tomcat-native
- put back original JPackage Group (except javadoc) and License tags
- add Provides for jsp and servlet
- use ant macro
- build and install sample webapp
- call /sbin/service to stop service on uninstall
- remove references to $RPM_BUILD_DIR
- use copy instead of move to fix short-circuit install build
- remove prebuilt sample.war
- remove Thumbs.db files
- add Requires: java >= 0:1.6.0

Wed Mar 19 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.5.fc9

- explicitly unset CLASSPATH
- explicitly set OPT_JAR_LIST to include ant/ant-trax

Tue Mar 18 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.4.fc9
```
- remove BuildRequires: sed
- remove specific references to icedtea
```
Mon Mar 17 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.3.fc9
```
- add digest and tool-wrapper scripts
- Requires: tomcat-native
```

Fri Mar 07 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.2.fc9

- use %{_var} for appdir instead of /srv
- use ${JAVACMD} for java executable in wrapper script
- use built-in status function in initscript where possible
- add missing require on procps for status function
- fix java.library.path setting in %{_sysconfdir}/sysconfig/%{name}
- add patch to document webapps in %{_sysconfdir}/%{name}/tomcat-users.xml
- remove %{appdir}/ROOT/admin
- move %{_bindir}/d%{name} to %{_sbindir}/d%{name}

Mon Mar 03 2008 David Walluck <dwalluck@redhat.com> 0:6.0.16-1jpp.1.fc9

- use %{_initrddir} macro instead of %{_sysconfdir}/init.d (rhbz #153187)
- fix java.library.path setting in %{name}.conf (rhbz #253605)
- fix incorrect initscript output (rhbz #380921)
- update initscript (rhbz #247077)
- add logrotate support
- fix strange-permission
- fix %prep
- replace /var with %{_var}
- replace %{_localstatedir} with %{_var}
- use %{logdir} where possible
- call build-jar-repository with full path in scriptlets
- remove file-based requires
- build with icedtea and set as the default JAVA_HOME in %{name}.conf
- fix non-standard-group
- change ecj references to eclipse-ecj
- change Apache Software License 2.0 to ASL 2.0 for rpmlint

Fri Feb 08 2008 Jason Corley <jason.corley@gmail.com> - 0:6.0.16-1jpp
```
- update to 6.0.16
```
Sun Dec 02 2007 Jason Corley <jason.corley@gmail.com> - 0:6.0.14-2jpp
```
- add /etc/tomcat6/Catalina/localhost (Alexander Kurtakov)
```
Tue Aug 14 2007 Jason Corley <jason.corley@gmail.com> 0:6.0.14-1jpp
```
- first JPackage release
```