pkgsrc.se | The NetBSD package collection

./www/apache-tomcat55, The Apache Projects Java Servlet 2.4 and JSP 2.0 server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2008Q2, Version: 5.5.27, Package name: apache-tomcat-5.5.27, Maintainer: abs

Tomcat is the Java Servlet / Java Server Page environment produced
by the Apache Foundation's Tomcat Project. Tomcat can be run as a
standalone web server with Servlet and JSP support, or using Apache
Server as its web server via the mod_jk Apache module (www/ap-jk).

This is the Tomcat 5.5 package, which is a Java Serlet 2.4 and JSP
2.0 server.

Required to run:
[lang/sun-jre15]

SHA1: 66cf7e1a67d7a54c3d31e5bf45f06d4173af8cee
RMD160: 5479bb7dd9c0a2f9e37a9eedd5fefc62a57188a6
Filesize: 6327.063 KB

Version history: (Expand)

(2008-09-17) Updated to version: apache-tomcat-5.5.27
(2008-07-14) Package added to pkgsrc.se, version apache-tomcat-5.5.26 (created)

CVS history: (Expand)

2008-09-17 11:41:40 by Matthias Scheler | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #2525 - requested by abs
apache-tomcat55: security update

Revisions pulled up:
- www/apache-tomcat55/Makefile	1.17
- www/apache-tomcat55/PLIST	1.6
- www/apache-tomcat55/distinfo	1.7
---
    Module Name:	pkgsrc
    Committed By:	abs
    Date:		Wed Sep 10 09:53:31 UTC 2008

    Modified Files:
     	pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo

    Log message:
    Updated www/apache-tomcat55 to 5.5.27

    Tomcat 5.5.27 (fhanik)

         General

             44463: War file upload in manager webapp fails due to missing \ 
commons-io dependency. Added commons-io 1.4. (rjung)

         Catalina

             44021, 43013: Add support for # to signify multi-level contexts for \ 
directories and wars.
             44494: Backport from 6.0 (rjung)
             Add additional checks for URI normalization. (remm)
             Don't throw an ArrayIndexOutOfBoundsException when empty URL is \ 
requested. Patch provided by Charles R Caldarale. (markt)
             29936: Don't use parser from a webapp to parse web.xml and possibly \ 
context.xml files. (markt)
             43079: Correct pattern verification for suspicious URLs. Patch \ 
provided by John Kew. (markt)
             43080: Log suspicious URL pattern warnings to the correct web \ 
application. (markt)
             43117: Setting an empty workDIR could delete all of CATALINA_HOME. \ 
Patch provided by Takayuki Kaneko. (markt)
             44282: Prevent security exception in trace level logging for web \ 
application class loader when running under a security manager. (markt)
             44529: No roles specified (deny all) should take precedence over no \ 
auth-constraint specified (allow-all). (markt)
             43578: Enable start on Linux if $CATALINA_HOME contains a space. \ 
Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. \ 
(markt)
             44673: Throw IOE if ServletInputStream is closed and a call is made \ 
to any read(), ready(), mark(), reset(), or skip() method as per javadocs for \ 
Reader. (markt)
             Enable the CGIServlet to work with Windows Vista. (markt)
             Add additional permission required to read JDK logging \ 
configuration when running with a security manager. (markt)
             44943: Reduce copy/paste issues caused by different engine names in \ 
server.xml. (markt)
             45195: Prevent NPE when calling Session.getAttribute(null) and \ 
Session.removeAttribute(null). The spec is unclear but this is a regression from \ 
5.0.x. (markt)
             45293: Update name of commons-logging jar in security policy. (markt)
             45453: Fix race condition in JDBC Realm. Based on a patch provided \ 
by Santtu Hyrkk. (markt)
             JAAS Realm did not read role information for users. (markt)

         Connectors

             Log errors for AJP signoffs at DEBUG level, since it is harmless if \ 
mod_jk has hung up the phone. (billbarker)
             42727: Handle request lines that are exact multiples of 4096 in \ 
length. Patch provided by Will Pugh. (markt)
             43191: Compression could not be disabled for some file types. Based \ 
on a patch by Len Popp. (markt)
             45591: Fix NPE on shutdown failure in some cases. Based on a patch \ 
by Matt Passell. (markt)

         Jasper

             31257: Quote endorsed dirs if they contain a space. (markt)
             42943: Make sure nested element is inside <jsp:text> element \ 
before throwing exception. (markt)
             44877: Prevent collisions in tag pool names. (markt)
             45015: Enfore JSP spec rules on quoting in attrbutes. This is \ 
configurable using the system property \ 
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)

         Webapps

             42899: When saving config from admin app, correctly handle case \ 
where the old config file does not exist. (markt)
             44541: Document packetSize attribute for AJP connector. (markt)
             44715: Document use of secret for AJP connector. (markt)
             45323: Add note that context.xml files can only contain a single \ 
Context element. (markt)
             Update JNDI datasource docs since maxActive setting for unlimited \ 
changed in commons-pool > 1.2. (markt)

         Specification

             Use a localised error message if a user tries to write a negative \ 
length byte array during default processing of a HEAD request. (markt)
             44562: HEAD requests cannot use includes. Patch provided by David \ 
Jencks. (markt)