tomcat6 (6.0.24-2ubuntu1.2) lucid-proposed; urgency=low

  * Fix issues preventing from running Tomcat6 with a security manager:
    - debian/tomcat6.init: Remove duplicate securitymanager options.
    - debian/patches/catalina-sh-security-manager.patch: Use the right
      location for the security.policy file in catalina.sh.
    - Closes LP: #591802. Thanks to Jeff Turner for the original
      patches and to Adam Guthrie for the Lucid debdiff.

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Mon, 05 Jul 2010 14:54:47 +0200

tomcat6 (6.0.24-2ubuntu1.1) lucid-proposed; urgency=low

  * debian/patches/fix-jsp-regression.patch: Fix regression in JSP compilation
    that resulted in "Duplicate local variable" errors when using Struts 1.2
    or bean:define (LP: #563642)
  * debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP
    as defined in /etc/default/tomcat6 when setting directory permissions and
    authbind configuration (LP: #557300)
  * debian/tomcat6.postinst: Use group "tomcat6" instead of "adm" for
    permissions in /var/lib/tomcat6, so that group "adm" doesn't get write
    permissions over /var/lib/tomcat6/webapps (LP: #569118)

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Fri, 21 May 2010 10:11:35 +0200

tomcat6 (6.0.24-2ubuntu1) lucid; urgency=low

  [ Thierry Carrez ]
  * Uploading what 6.0.24-5 should be (upload is blocked in Debian due to
    current infrastructure issues), in order to meet Beta2Freeze.

  [ Niels Thykier ]
  * Added optimised garbage collection options to tomcat6's default options.
    Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch.
    (Closes: LP: #541520)
  * Updated the changelog to mention closed CVE's in the 6.0.24-1 release.
  * Applied patch from Arto Jantunen fixing an issue with cleaning up the
    pid-file. (Closes: #574084)

  [ Ludovic Claude ]
  * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548)
  * Set UTF-8 as default character encoding - Patch by Thomas Koch
    (Closes: #573539)
  * Set the major, minor and build versions when calling Ant
    (Closes: LP: #495505)
  * Rebuild with a more recent version of maven-repo-helper which puts
    the javax jars at the correct location in the Maven repository.
    Fixes several FTBFS in other packages.

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Wed, 31 Mar 2010 10:47:51 +0200

tomcat6 (6.0.24-2) unstable; urgency=low

  * Fix missing symlinks to tomcat-coyote.jar and
    catalina-tribes.jar causing NoClassDefFoundException
    at startup (last minute packaging change, sorry)
    (Closes: #570220)
  * tomcat6-admin, tomcat6-examples and tomcat6-docs now depend on
    tomcat6-common instead of tomcat6, this allow users to install
    those packages without requiring tomcat6 and its automatic startup scripts
    being present. tomcat-users can be installed instead and allow full
    control over when Tomcat is started or stopped.

 -- Ludovic Claude <ludovic.claude@laposte.net>  Wed, 17 Feb 2010 22:59:21 +0100

tomcat6 (6.0.24-1) unstable; urgency=low

  [ Ludovic Claude ]
  * New upstream version
    - Fixes Directory traversal vulnerability (CVE-2009-2693,CVE-2009-2902)
    - Fixes Autodeployment vulnerability (CVE-2009-2901)
  * Update the POM files for the new version of Tomcat
  * Bump up Standards-Version to 3.8.4
  * Refresh patches deploy-webapps-build-xml.patch and var_loaders.patch
  * Remove patch fix_context_name.patch as it has been applied upstream
  * Fix the installation of servlet-api-2.5.jar: the jar
    goes to /usr/share/java as in older versions (6.0.20-2)
    and links to the jar are added to /usr/share/maven-repo
  * Moved NEWS.Debian into README.Debian
  * Add a link from /usr/share/doc/tomcat6-common/README.Debian to
    /usr/share/doc/tomcat6/README.Debian to include a minimum of
    documentation in the tomcat6 package and add some useful notes. 
    (Closes: #563937, #563939)
  * Remove poms from the Debian packaging, use upstream pom files

  [ Jason Brittain ]
  * Fixed a bug in the init script: When a start fails, the PID file was
    being left in place.  Now the init script makes sure it is deleted.
  * Fixed a packaging bug that results in the ROOT webapp not being properly
    installed after an uninstall, then a reinstall.
  * control: Corrected a couple of comments (no functional change).

 -- Ludovic Claude <ludovic.claude@laposte.net>  Tue, 09 Feb 2010 23:06:51 +0100

tomcat6 (6.0.20-dfsg1-2) unstable; urgency=low

  * JSVC is no longer used by the package.  Instead, the init script invokes
    the stock catalina.sh script.
  * Authbind is now the standard method for binding Tomcat to ports lower
    than 1024 (when using IPv4).
  * The security manager now defaults to the disabled state, and is commented
    that way in /etc/default/tomcat6.
  * Reliable restarts are now implemented in the init script.
    (Closes: #561559)
  * Tomcat now sends STDOUT and STDERR to its usual, stock log file
    CATALINA_BASE/logs/catalina.out (/var/log/tomcat6/catalina.out in this
    package's case.

 -- Jason Brittain <jason.brittain@mulesoft.com>  Wed, 27 Jan 2010 01:08:57 +0000

tomcat6 (6.0.20-dfsg1-1) unstable; urgency=low

  * Fix debian/orig-tar.sh to exclude binary only standard.jar and jstl.jar.
    (Closes: #528119)
  * Upload a cleaned tarball.
  * Add ${misc:Depends} in debian/control.

 -- Torsten Werner <twerner@debian.org>  Sat, 23 Jan 2010 19:40:38 +0100

tomcat6 (6.0.20-9) unstable; urgency=low

  * Fix spelling issues.
  * Always set JSVC_CLASSPATH to a default value in init.

 -- Niels Thykier <niels@thykier.net>  Sat, 19 Dec 2009 19:11:33 +0100

tomcat6 (6.0.20-8) unstable; urgency=low

  * Corrected some spelling mistakes in debian/control.
    (Closes: #557377, #557378)
  * Added patches to install the OSGi metadata in some of the jars.
    (Closes: #558176)
  * Updated 03catalina.policy to allow "setContextClassLoader".
    - Fixes a problem where Sun's JVM would fail to generate log-files.
    (Closes: LP: #410379)
  * Updated /etc/default/tomcat6:
    - Clarified that JAVA_OPTS are passed to jscv and not the JVM.
    - Updated the JSP_COMPILER to javac (jikes is not in Debian anymore).
    (Closes: LP: #440685)
  * Use default-jdk and default-jre-headless instead of openjdk in
    (Build-)Depends.
  * Added more alternatives for java implementations to the Depends of
    libservlet2.5-java.
  * Exposed JSVC_CLASSPATH to the configuration file.
    (Closes: LP: #475457)
  * Updated description so it no longer refers to non-existent package.
    (Closes: #559475)
  * Used "set -e" in postinst and postrm instead of passing "-e" to sh
    in the #!-line.
  * Changed to 3.0 (quilt) source format.

 -- Niels Thykier <niels@thykier.net>  Mon, 07 Dec 2009 21:17:55 +0100

tomcat6 (6.0.20-7) unstable; urgency=low

  * New patch fix_context_name.patch:
    - Allow Service name != Engine name. Regression in fix for 42707.
      Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47316
    - This has been fixed in trunk and will be in 6.0.21
  * Register libservlet2.5-java-doc API with doc-base
  * Fix short description of tomcat6-docs by using "documentation" suffix

 -- Damien Raude-Morvan <drazzib@debian.org>  Sat, 10 Oct 2009 21:41:55 +0200

tomcat6 (6.0.20-6) unstable; urgency=low

  [ Ludovic Claude ]
  * tomcat6.postinst: set the ownership of files in /etc/tomcat6/
    to root:tomcat6, to prevent an attacker running inside a tomcat6
    instance to change the tomcat configuration
  * debian/policy/02debian.policy: grant access to 
    /usr/share/maven-repo/ as it is a valid source of Debian JARs.
    (Closes: #545674)
  * Bump up Standards-Version to 3.8.3
    - add debian/README.source that describes the quilt patch system.
  * debian/control: Add Conflicts on libtomcat6-java with old versions
    of tomcat6-common (Closes: #542397)

  [ Michael Koch ]
  * Replace dh_clean -k by dh_prep.
  * Added Ludovic and myself to Uploaders.
  * Build-Depends on debhelper >= 7.

 -- Michael Koch <konqueror@gmx.de>  Fri, 25 Sep 2009 07:14:07 +0200

tomcat6 (6.0.20-5) unstable; urgency=low

  * Fix jsp-api dependency in the Maven descriptors.
  * Put tomcat-juli.jar in /usr/share/java instead of juli.jar.
    This fixes a broken link which prevented tomcat to start
    when logging is turned on, and restores the file layout
    defined in 6.0.20-2.
  * Restore links to the jars in usr/share/tomcat6/lib
  * Change watch to download fresh sources from SVN. 
    Should fix wrong encoding in tomcat-i18n-fr/es.jar in the next upstream
    version. (Closes: #522067)
  * Update ownership for files in /etc/tomcat6 and /var/lib/tomcat6/webapps.
    The new owner is tomcat6:adm (Closes: #532284)
  * Add additional directories for the common, server and shared classloader.
    Directories are also compatible with Alfresco's packaging done for
    Ubuntu. (Closes: #521318)
  * Update checksum in postrm script to reflect changes
    in the new upstream webapp
  * postrm removes the extra directories created in /var/lib/tomcat6
    to hold shared and common classes or jars.
  * Added commented out default options for enabling debug mode.
    (Closes: LP: #375493)

 -- Ludovic Claude <ludovic.claude@laposte.net>  Wed, 05 Aug 2009 00:56:59 +0100

tomcat6 (6.0.20-4) experimental; urgency=low

  * Fix init script:
    - Change Provides: tomcat6. (Closes: #532286)
    - Check for /etc/default/rcS before sourcing it.
  * Update Standards-Version: 3.8.2 (no changes).

 -- Torsten Werner <twerner@debian.org>  Thu, 16 Jul 2009 23:36:32 +0200

tomcat6 (6.0.20-3) experimental; urgency=low

  * Add the Maven POM to the package
  * Add a Build-Depends-Indep dependency on maven-repo-helper
  * Use mh_installpom and mh_installjar to install the POM and the jar to the
    Maven repository

 -- Ludovic Claude <ludovic.claude@laposte.net>  Tue, 14 Jul 2009 14:17:27 +0100

tomcat6 (6.0.20-2) unstable; urgency=low

  * Expose tomcat-juli.jar as a library in /usr/share/java
    as it is a dependency of jasper which is used also by jetty

 -- Ludovic Claude <ludovic.claude@laposte.net>  Mon, 15 Jun 2009 13:33:13 +0100

tomcat6 (6.0.20-1) unstable; urgency=low

  * new upstream release (Closes: #531873)
  * Remove patch tcnative-ipv6-fix-43327.patch that has been applied upstream.
  * Refresh other patches.

 -- Torsten Werner <twerner@debian.org>  Fri, 05 Jun 2009 23:38:44 +0200

tomcat6 (6.0.18-dfsg1-1) unstable; urgency=low

  [ Torsten Werner ]
  * Remove jstl.jar and standard.jar from orig tarball because it comes without
    source code. (Closes: #528119)

  [ Marcus Better ]
  * Let the init script exit silently if the package is
    uninstalled. (Closes: #529301)

 -- Torsten Werner <twerner@debian.org>  Tue, 19 May 2009 21:23:18 +0200

tomcat6 (6.0.18-4) unstable; urgency=low

  * Add patch tcnative-ipv6-fix-43327.patch provided by Thierry Carrez.
    (Closes: #527033)
  * Change Section: java (from web).
  * Bump up Standards-Version: 3.8.1 (no changes).
  * Remove redundant Depends: ant because we depend on ant-optional.

 -- Torsten Werner <twerner@debian.org>  Sun, 10 May 2009 19:41:40 +0200

tomcat6 (6.0.18-3) unstable; urgency=low

  * Remove unneeded dirs and symlinks; thanks to Thierry Carrez. (Closes:
    #517857)
  * Improve the long description of all binary packages. (Closes: #518140)

 -- Torsten Werner <twerner@debian.org>  Wed, 04 Mar 2009 21:58:41 +0100

tomcat6 (6.0.18-2) unstable; urgency=low

  * upload to unstable

 -- Torsten Werner <twerner@debian.org>  Sat, 21 Feb 2009 11:31:20 +0100

tomcat6 (6.0.18-1) experimental; urgency=low

  * Merge changes from Ubuntu. Thanks to the Ubuntu developers we are shipping
    a full Tomcat 6.0 server stack now. (Closes: #494674)
  * Add myself to Uploaders.
  * Switch to openjdk-6 which is not the default in Debian.

 -- Torsten Werner <twerner@debian.org>  Sat, 07 Feb 2009 17:02:57 +0100

tomcat6 (6.0.18-0ubuntu5) jaunty; urgency=low

  [ Thierry Carrez ]
  * Removed tomcat6-[admin,docs,examples].post[inst,rm] and let Tomcat webapp
    autodeployment features handle application load/unload (LP: #302914)
  * tomcat6-instance-create, tomcat6-instance-create.1, control:
    Allow to change the HTTP port, control port and shutdown word on the
    tomcat6-instance-create command line (LP: #300691).

  [ Mathias Gug]
  * debian/tomcat6-instance-create: move directoryname from an option to 
    an argument.
  * debian/tomcat6-instance-create.1: some updates to the man page.
  * debian/control: update maintainer field to Ubuntu Core Developers now that
    tomcat6 is in main.

 -- Mathias Gug <mathiaz@ubuntu.com>  Wed, 07 Jan 2009 18:44:39 -0500

tomcat6 (6.0.18-0ubuntu4) jaunty; urgency=low

  * tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default,
    README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as
    the JVM temporary directory and clean it at each restart (LP: #287452)
  * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir
  * tomcat6.init, rules: Do not use TearDown, as this results in
    LifecycleListener callbacks in webapps being bypassed (LP: #299436)
  * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs
    (LP: #286427)
  * control, rules, libservlet2.5-java-doc.install,
    libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships
    missing Servlet/JSP API documentation (LP: #279645)
  * patches/use-commons-dbcp.patch: Change default DBCP factory class
    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
    group, so that autodeploy and admin webapps work as expected (LP: #294277)
  * patches/disable-apr-loading.patch: Disable APR library loading until we
    properly provide it.
  * patches/disable-ajp-connector: Do not load AJP13 connector by default
    (LP: #300697)
  * rules: minor fixes to prevent build being called twice.

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Thu, 27 Nov 2008 12:47:42 +0000

tomcat6 (6.0.18-0ubuntu3) intrepid; urgency=low

  * debian/tomcat6.postinst:
    - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
    - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
  * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
    (fixes LP: #288218)

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Thu, 23 Oct 2008 18:19:15 +0200

tomcat6 (6.0.18-0ubuntu2) intrepid; urgency=low

  * debian/rules: call dh_installinit with --error-handler so that install
    doesn't fail if Tomcat cannot be started during configure (LP: #274365)

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Mon, 06 Oct 2008 13:55:21 +0200

tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low

  * New upstream version (LP: #260016)
    - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
    - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
    - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
  * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
  * control: Improve short descriptions for the binary packages
  * copyright: Added link to /usr/share/common-licenses/Apache-2.0
  * control: To pull the right JRE, libtomcat6-java now depends on
    default-jre-headless | java6-runtime-headless

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Fri, 22 Aug 2008 09:15:11 +0200

tomcat6 (6.0.16-1ubuntu1) intrepid; urgency=low

  * Adding full Tomcat 6 server stack support (LP: #256052)
    - tomcat6 handles the system instance (/var/lib/tomcat6)
    - tomcat6-user allows users to create their own private instances
    - tomcat6-common installs common files in /usr/share/tomcat6
    - libtomcat6-java installs Tomcat 6 java libs in /usr/share/java
    - tomcat6-docs installs the documentation webapp
    - tomcat6-examples installs the examples webapp
    - tomcat6-admin installs the manager and host-manager webapps
  * Other key differences with the tomcat5.5 packages:
    - default-jdk build support
    - OpenJDK-6 JRE runtime support
    - tomcat6 installs a minimal ROOT webapp
    - new webapp locations follow Debian webapp policy
    - webapps restart tomcat6 in postrm rather than in prerm
    - added a doc-base entry
    - use standard upstream server.xml
    - initscript: try to check if Tomcat is really running before returning OK
    - removed transitional configuration migration code
    - autogenerate policy in /var/cache/tomcat6 rather than /etc/tomcat6
    - logging.properties is customized to remove -webapps-related lines
    - initscript: implement TearDown spec
  * CVE-2008-1947 fix (cross-site-scripting issue in host-manager webapp)

 -- Thierry Carrez <thierry.carrez@ubuntu.com>  Fri, 08 Aug 2008 15:37:48 +0200

tomcat6 (6.0.16-1) unstable; urgency=low

  * Initial release.
    (Closes: #480964).

 -- Paul Cager <paul-debian@home.paulcager.org>  Mon, 12 May 2008 23:04:49 +0000
