Change logs for tomcat8 source package in Artful

tomcat8 (8.5.21-1ubuntu1.1) artful-security; urgency=medium

  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
    - debian/patches/CVE-2017-12617.patch: add checks to
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
      java/org/apache/catalina/webresources/DirResourceSet.java,
      java/org/apache/tomcat/util/compat/JrePlatform.java,
      test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
      test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
    - CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
    - debian/patches/CVE-2017-15706.patch: adjust documentation in
      webapps/docs/cgi-howto.xml.
    - CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
    - debian/patches/CVE-2018-1304.patch: add check to
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
    - debian/patches/CVE-2018-1305.patch: change ordering in
      java/org/apache/catalina/Wrapper.java,
      java/org/apache/catalina/authenticator/AuthenticatorBase.java,
      java/org/apache/catalina/core/ApplicationContext.java,
      java/org/apache/catalina/core/ApplicationServletRegistration.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/StandardWrapper.java,
      java/org/apache/catalina/startup/ContextConfig.java,
      java/org/apache/catalina/startup/Tomcat.java,
      java/org/apache/catalina/startup/WebAnnotationSet.java.
    - CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

 -- Marc Deslauriers <email address hidden>  Mon, 28 May 2018 09:03:55 -0400

tomcat8 (8.5.21-1ubuntu1) artful; urgency=medium

  * Demote libtcnative-1 from Recommends to Suggests as it is in
    universe.

 -- Robie Basak <email address hidden>  Fri, 13 Oct 2017 12:06:51 +0100

tomcat8 (8.5.21-1) unstable; urgency=medium

  * Team upload.

  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
    - Disabled Checkstyle
  * Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
    the specification jars from libtomcat8-java instead of libservlet3.1-java
    (Closes: #867247)

  [ Miguel Landaeta ]
  * Remove myself from uploaders. (Closes: #871892)
  * Update copyright info.

 -- Emmanuel Bourg <email address hidden>  Wed, 20 Sep 2017 10:06:56 +0200

tomcat8 (8.5.16-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Standards-Version updated to 4.0.0

 -- Emmanuel Bourg <email address hidden>  Mon, 26 Jun 2017 16:03:53 +0200

tomcat8 (8.0.38-2ubuntu2) zesty; urgency=medium

  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (LP: #1666570).

 -- Joshua Powers <email address hidden>  Tue, 28 Mar 2017 16:47:32 -0700