Log message:
Convert @exec/@unexec to @pkgdir or drop it.

Log message:
Updated www/apache-tomcat55 to 5.5.27

Tomcat 5.5.27 (fhanik)

    General

        44463: War file upload in manager webapp fails due to missing commons-io \ 
dependency. Added commons-io 1.4. (rjung)

    Catalina

        44021, 43013: Add support for # to signify multi-level contexts for \ 
directories and wars.
        44494: Backport from 6.0 (rjung)
        Add additional checks for URI normalization. (remm)
        Don't throw an ArrayIndexOutOfBoundsException when empty URL is \ 
requested. Patch provided by Charles R Caldarale. (markt)
        29936: Don't use parser from a webapp to parse web.xml and possibly \ 
context.xml files. (markt)
        43079: Correct pattern verification for suspicious URLs. Patch provided \ 
by John Kew. (markt)
        43080: Log suspicious URL pattern warnings to the correct web \ 
application. (markt)
        43117: Setting an empty workDIR could delete all of CATALINA_HOME. Patch \ 
provided by Takayuki Kaneko. (markt)
        44282: Prevent security exception in trace level logging for web \ 
application class loader when running under a security manager. (markt)
        44529: No roles specified (deny all) should take precedence over no \ 
auth-constraint specified (allow-all). (markt)
        43578: Enable start on Linux if $CATALINA_HOME contains a space. \ 
Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. \ 
(markt)
        44673: Throw IOE if ServletInputStream is closed and a call is made to \ 
any read(), ready(), mark(), reset(), or skip() method as per javadocs for \ 
Reader. (markt)
        Enable the CGIServlet to work with Windows Vista. (markt)
        Add additional permission required to read JDK logging configuration \ 
when running with a security manager. (markt)
        44943: Reduce copy/paste issues caused by different engine names in \ 
server.xml. (markt)
        45195: Prevent NPE when calling Session.getAttribute(null) and \ 
Session.removeAttribute(null). The spec is unclear but this is a regression from \ 
5.0.x. (markt)
        45293: Update name of commons-logging jar in security policy. (markt)
        45453: Fix race condition in JDBC Realm. Based on a patch provided by \ 
Santtu Hyrkk. (markt)
        JAAS Realm did not read role information for users. (markt)

    Connectors

        Log errors for AJP signoffs at DEBUG level, since it is harmless if \ 
mod_jk has hung up the phone. (billbarker)
        42727: Handle request lines that are exact multiples of 4096 in length. \ 
Patch provided by Will Pugh. (markt)
        43191: Compression could not be disabled for some file types. Based on a \ 
patch by Len Popp. (markt)
        45591: Fix NPE on shutdown failure in some cases. Based on a patch by \ 
Matt Passell. (markt)

    Jasper

        31257: Quote endorsed dirs if they contain a space. (markt)
        42943: Make sure nested element is inside <jsp:text> element \ 
before throwing exception. (markt)
        44877: Prevent collisions in tag pool names. (markt)
        45015: Enfore JSP spec rules on quoting in attrbutes. This is \ 
configurable using the system property \ 
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)

    Webapps

        42899: When saving config from admin app, correctly handle case where \ 
the old config file does not exist. (markt)
        44541: Document packetSize attribute for AJP connector. (markt)
        44715: Document use of secret for AJP connector. (markt)
        45323: Add note that context.xml files can only contain a single Context \ 
element. (markt)
        Update JNDI datasource docs since maxActive setting for unlimited \ 
changed in commons-pool > 1.2. (markt)

    Specification

        Use a localised error message if a user tries to write a negative length \ 
byte array during default processing of a HEAD request. (markt)
        44562: HEAD requests cannot use includes. Patch provided by David \ 
Jencks. (markt)

Log message:
Add DESTDIR support.

Log message:
Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.

Log message:
Explicitly add pax dependency in those Makefiles that use it (or have
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.

Log message:
Lots of changes, see the changelog for all the details:
	http://tomcat.apache.org/tomcat-5.5-doc/changelog.html

Of note:
important: Data integrity   CVE-2007-6286
important: Information disclosure   CVE-2007-5461
low: Elevated privileges   CVE-2007-5342
low: Session hi-jacking   CVE-2007-5333

Are all fixed in this release.

Log message:
Update to 5.5.25
Fix install permissions to silence checkperms

In brief:
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host Manager. \ 
Reported by Daiki Fukumori. (markt)
Fix NPE when a ResourceLink in context.xml tries to override an env-entry in \ 
web.xml. (markt)
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. Reported by \ 
Toshiharu Sugiyama. (markt)
Add some additional mime-type mappings. (markt)
Ensure JARs in webapps are scanned for TLDs when the Tomcat installation path \ 
contains spaces. (markt)
Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)

For all the details see:
	http://tomcat.apache.org/tomcat-5.5-doc/changelog.html

Log message:
Update apache-tomcat55 to 5.5.23.

Tomcat 5.5.23 (fhanik)
Catalina
 41608 Make log levels consistent when Servlet.service() throws an exception. (markt)
 41666 Correct handling of boundary conditions for If-Unmodified-Since and \ 
If-Modified-Since headers. Patch provided by Suzuki Yuichiro. (markt)
 41674 Fix error messages when parsing context.xml that incorrectly referred to \ 
web.xml. (markt)
 41739 Correct handling of servlets with a load-on-startup value of zero. These \ 
are now the first servlets to be started. (markt)

Coyote
 Requests with multiple content-length headers are now rejected. (markt)

Tomcat 5.5.22 (fhanik)
General
 Fix regression in build that prevented connectors from building. (markt)

Tomcat 5.5.21 (fhanik)
Catalina
 41401: StandardService.getConnectorNames() return array of Connector JMX \ 
objectnames. (pero)
 29727: If env-entry values in web.xml are changed then ensure new values are \ 
applied when context is reloaded. (markt)
 34956: Ensure request and response objects passed to a RequestDispatcher meet \ 
the requirements of SRV.8.2 and SRV.14.2.5.1. This is disabled by default. The \ 
Java option -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true is required to \ 
enable this test. (markt)
 36274: When including static content with the DefaultServlet also treat content \ 
types ending in xml as text. (markt)
 36976: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for \ 
starting and stopping to be set on JAVA_OPTS and options for starting only to be \ 
set on CATALINA_OPTS. Without this fix, some startup options (eg the port for \ 
remote JMX) would cause stop to fail. Based on a fix suggested by Michael \ 
Vorburger. (markt)
 37070: Update mbean name documentation to include the StandardWrapper. (markt)
 37356: Ensure sessions time out correctly. This has been fixed by removing the \ 
accessCount feature by default. This feature prevents the session from timing \ 
out whilst requests that last longer than the session time out are being \ 
processed. This feature is enabled by setting the Java option \ 
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true The feature is now \ 
implemented with synchronization which addresses the thread safety issues \ 
associated with the original bug report. (markt)
 37439: Update documentation for Engine component to add the requirement that \ 
the name must be unique. (markt)
 37458: Add syncs to the WebappClassloader to address rare issues when multiple \ 
threads attempt to load the same class concurrently. (markt)
 37509: Do not remove whitespace from the end of values defined in \ 
logging.properties files. (markt)
 38198: Add reference to Context documentation from Host documentation that \ 
explains how Context name is obtained from the Context filename. (markt)
 39088: Prevent infinte loops when an exception is thrown that returns itself \ 
for getRootCause(). Based on a patch by Wouter Zelle. (markt)
 39436: Correct MIME type for SVG. (markt)
 39627: JULI no longer ignores a ".level=XXX" directive in \ 
logging.properties. Patch provided by Roger Keays and Richard Fearn. (markt)
 39724: Removing the last valve from a pipeline did not return the pipeline to \ 
the original state. Patch provided by David Gagon. (markt)
 40367: Update JK auto configuration documentation to clarify that \ 
workers.properties must also exist. (markt)
 40524: HttpServletRequest.getAuthType() now returns CLIENT_CERT rather than \ 
CLIENT-CERT for certificate authentication as per the spec. Note that web.xml \ 
continues to use CLIENT-CERT to specify the certificate authentication should be \ 
used. (markt)
 40526: Add support for JPDA_OPTS to catalina.bat and add a JPDA_SUSPEND \ 
environment variable to both startup scripts. Patch provided by Kurt Roy. \ 
(markt)
 40528: Add missing message localisations as provided by Ben Clifford. (markt)
 40585: Fix parameterised constructor for o.a.juli.FileHandler so parameters \ 
have an effect. (markt)
 40625: Stop CGIServlet swallowing the root cause of an exception. Patch \ 
provided by Takayoshi Kimura. (markt)
 40723: Correct table creation example in JavaDoc for JDBCAccessLogValve. (markt)
 40802: Add jsp-api.jar to fileset in catalina-tasks.xml as provided by Daniel \ 
Santos. (pero)
 40817: Correct problem where CGI scripts in the root of the ROOT context threw \ 
a StringIndexOutOfBoundsException. (markt)
 Set the SCRIPT_FILENAME environment variable required by PHP when using the \ 
CGIServlet to execute PHP. (markt)
 40823: Update context doc to clarify use of ROOT.xml, multi-level context paths \ 
and to further discourage use of server.xml (markt)
 40844: Add additional syncs to JDBCRealm to resolve NPE when two users try to \ 
authenticate using DIGEST authentication at the same time. (markt)
 40860: Log exceptions and other problems during parameter processing. (markt)
 40901: Encode directory listing output. Based on a patch provided by Chris \ 
Halstead. (markt)
 40929: Correct JavaDoc for StandardCalssLoader. (markt)
 41008: Allow POST to be used for indexed queries with CGI Servlet. Patch \ 
provided by Chris Halstead. (markt)
 41020: Improve error message when custom error report Valve fails to load. Also \ 
remove requirement that custom error report Valves extend ValveBase. (markt)
 41217: Set secure attribute on SSO cookie when cookie is created during a \ 
secure request. Patch provided by Chris Halstead. (markt)
 Ensure Accept-Language headers conform to RFC 2616. Ignore them if they do not. \ 
(markt)
 Make provided instances of RequestDispatcher thread safe. (markt)
 Fix formatting of CGI variable SCRIPT_NAME. (markt)
 34643: Improved documentation for per-user / per-session clientAuth usage in \ 
SSL Authenticator. Docs provided by jack and Ralf Hauser. (yoavs)
 40668: Update release notes and readme files specific to v5.5.20 to notify \ 
users of missing MailSessionFactory in distribution, suggest workarounds, and \ 
link to relevant Bugzilla issue. (yoavs)
 37977: adapt BUILDING.txt and net build.xml for SVN. Patch by Christopher \ 
Sahnwaldt. (yoavs)
 39055: Link to sample workaround code for using JSR160 JMX monitoring with a \ 
local firewall. Thanks to George Lindholm for the patch. (yoavs)
 39476: add xml declaration to most build.xml files, as suggested by Gregory S. \ 
Hoerner Sr. (yoavs)
 40326: stop using File#deleteOnExit in DefaultServlet to avoid JVM memory leak, \ 
as suggested by quartz. (yoavs)
 40192: update setup.html notes regarding Windows tray icon. (yoavs)
 40177: add more warnings to documentation about RequestDumperValve character \ 
encoding. (yoavs)
 39255: NPE in AuthenticatorBase when logging level is set to DEBUG and no \ 
prinicpal found. (yoavs)
 41437: Make log messages and loglevel consistent during Context start. Patch \ 
provided by Suzuki Yuichiro. (markt)

Coyote
 38332: Add backlog attribute to ChannelSocket as provided by Takayoshi Kimura. \ 
(pero)
 Backport packetSize feature from Tomcat 6.0.x at standard coyote AJP Jk \ 
handler. (pero)
 40771: Fix implementation of SavedRequestInputFilter.doRead() so POST data may \ 
be read using a Valve or Filter. Patch provided by Michael Dufel. (markt)
 41017: Restore behaviour of MessageBytes.setString(null). (remm/markt)
 41057: Modify StringCache to add a configurable upper bound to the length of \ 
cached strings. (remm/markt)
 38774: Check javax.net.ssl.keyStorePassword system property as a secondary \ 
source for keystore password in JSSESocketFactory, as suggested by Ted X. Toth. \ 
(yoavs)
 39402: Modify existing Vary HTTP header, rather than overwrite it, if it exists \ 
when using GZip compression. Patch by Matthew Cooke. (yoavs)
 40241: Catch Exceptions instead of Throwables in Default and SSI servlets. Also \ 
improve relevant logging while we're at it. (yoavs)
 40133: Better error message when context name is not available on startup, as \ 
suggested by Andreas Plesner Jacobsen. (yoavs)

Jasper
 39975: don't have static Log references to prevent classloader leaks. (yoavs)
 40104: When displaying JSP source after an exception, handle included files. (markt)
 40797: This was a regression as a result of the fix for 33407. TLD validation \ 
was failing as a result of the use of the escape character (0x1b) as a temporary \ 
replacement for \$. An alternative character (0xe000) from the unicode private \ 
use range is now used. (markt)
 41057: Make jsp:plugin output XHTML compliant. (markt)
 41327: Show full URI for a 404. Patch provided by Vijay. (markt)
 41265: Allow JspServlet checkInterval init parameter to be explicitly set to \ 
the stated default value of zero by removing the code that resets it to 300 if \ 
explicitly specified as zero. (markt)
 Display the JSP source when a compilation error occurs and display the correct \ 
line number rather than start of a scriptlet block. (markt)

Webapps
 34952: Clarify that the Windows Installer always installs a Windows service. (markt)
 35968: Make environment entry properties input a text area. Patch provided by \ 
Tristan Marly. (markt)
 37588: Fix creation of JNDI Realm in admin application. Patch provided by Terry \ 
Zhou. (markt)
 38048: Fix memory leak assoaciated with use of expression language in JSPs. \ 
Patch provided by Taras Tielkes. (markt)
 39572: Improvements to CompressionFilter example provided by Eric Hedstrom. (markt)
 40507: Update host-manager and servlet-examples web-apps to use the servlet 2.4 \ 
xsd. Patch provided by Chris Halstead. (markt)
 40581: Add information on the use of a symbloic link as the docBase for a \ 
Context to the Context documentation. (markt)
 40633: Remove references to the DefaultContext from the documentation. (markt)
 40677: Update SSL documentation to indicate that PKCS11 keystores may be used. \ 
(markt)
 40714: Admin webapp no longer requires a username for a DataSource since it is \ 
not required in all cases. (markt)
 40720: Fix exception in admin webapp when adding a group to a user. (markt)
 40874: Correct log4j configuration in documentation webapp. Patch provided by \ 
Franck Borel. (markt)
 40999: Add trust store configuration for SSL connectors to the admin webapp. (markt)
 41051: Add information on keystore aliases and case sensitivity to SSL HOW-TO. \ 
(markt)
 41182: Update the Jasper documentation for the classpath attribute. (markt)
 41493: Fix handling of APR connectors in Admin webapp. (markt)
 41512: Version number was not inserted in release notes. (markt)
 40257: Update Manager webapp howto on remote deployment to reflect need for \ 
explicit path in one specific use-case. Thanks to Venkatesh Jayaraman. (yoavs)
 40160: add reference to the Filter proposed in this Bugzilla item to the \ 
WebdavServlet. While at it, give the WebdavServlet some long-overdue TLC by \ 
cleaning up some of the old data structures in favor of modern (but still JDK \ 
1.4-compliant) interfaces. (yoavs)
 Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)

Cluster
 Add clustered SSO code and backport feature from Tomcat 6.0.x, submitted by \ 
Fabien Carrion (pero)
 Add better recovery at FastAsyncQueueSender. Made the startegy more robust for \ 
temporary connection problems (pero)

Log message:
Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.

Log message:
Update apache-tomcat55 from 5.5.17 to 5.5.20
Changes:
Tomcat 5.5.20 (fhanik)

    Catalina

        fix	Fix logic error in UserDatbaseRealm.getprincipal() that caused user \ 
roles assigned via groups to be ignored. (markt)

    Jasper

        fix	31804: Unnested tags within a tag file are now configured with the \ 
Tag represented by the containing tag file as their parent tag. (markt)
        fix	33356: Tag attributes that contained $ followed by 1 or more \ 
non-special characters and then a { character caused an exception. (markt)
        fix	33407: The string \$ in template text was reduced to $ when the \ 
isELIgnored page directive was set to true. (markt)

Tomcat 5.5.19 (fhanik)

    General

        update	Add multi attribute setting to jmx:set JMX remote ant task. Patch \ 
contributed by Didier Donsez (pero)

    Catalina

        fix	30762: Re-fix this bug that was re-introduced by the fix to 37264. \ 
(markt)
        fix	37588: Fix JNDI realm creation through JMX. Patch contributed by \ 
TerryZhou (fhanik)
        fix	39704: The use of custom classloaders failed when the context was \ 
specified in server.xml. Correction of the fault will require setting the new \ 
loader attribute useSystemClassLoaderAsParent to false. (markt)

    Coyote

        fix	40418: APR Endpoint socket evaluation (remm)

    Webapps

        fix	31339: Admin app threw exceptions if a name other than Catalina was \ 
configured for the Engine. Patch based on a suggestion from Amila Suriarachchi. \ 
(markt)

Tomcat 5.5.18 (yoavs)

    General

        update	Change MD5 release signature files to have md5 (lowercase) \ 
extension instead of MD5 (uppercase), as suggested by Henk Penning and specified \ 
in the ASF release publishing guidelines. (yoavs)

    Catalina

        fix	Fix that ManagerBase increment expireSessions counter at background \ 
task two times. (pero)
        fix	39406: Fix that StandardSession#getLastAccessedTime() uses correct \ 
exception message, suggested by Takayoshi Kimura. (pero)
        add	39661: Add documentation on JULI FileHandler properties. (yoavs)
        add	39657: Warn (and don't load jar) if JSP API is in webapp classloader \ 
repository, as suggested by David Sanchez Crespillo. (yoavs)
        add	39674: Support JRockit JVM in service.bat script, as suggested by \ 
lizongbo. (yoavs)
        fix	39711: Update Loader configuration documentation, as suggested by \ 
Stephane Bailliez. (yoavs)
        fix	39865: Add Open Office mime types to conf/web.xml. (markt)
        fix	38814: Align CGI handling of indexed queries, parameters and POST \ 
content with other CGI providers. The changes: only provide parameters on the \ 
command line for indexed queries; always provide the query string via the \ 
QUERY_STRING environment variable; provide POST content unmodified to stdin; and \ 
never call getParameters(). (markt)
        fix	34801: Partial fix that adds handling of IOExceptions during long \ 
running CGI requests. Based on a patch by Chris Davey. (markt)
        fix	39689: Allow single quotes (') and backticks (`) as well as double \ 
quotes (") to be used to delimit SSI attribute values. (markt)
        fix	40053: Correct application deployment documentation so it agrees \ 
with the classloader documentation regarding shared lib and CATALINA_BASE. \ 
(markt)
        fix	39592: Stop HEAD requests for resources handled by SSI servlet or \ 
filter generating stack traces in the logs. (markt)
        fix	Improve handling of the ';' character in the URL so that it is now \ 
allowed if properly %xx encoded. (remm)

    Coyote

        fix	Fix APR endpoint so that the acceptor thread now only processes \ 
socket accepts. (remm)

    Webapps

        fix	39813: Correct handling of new line characters in JMX attributes. \ 
Patch provided by R Bramley. (markt)
        fix	37781: Make sure that StoreConfig save external referenced war files \ 
at context.xml correct. (pero)
        fix	39791: Use correct default for useNaming within a Context. (markt)
        fix	Correctly generate re-direct for admin app index.jsp to prevent \ 
login page being displayed twice when cookies are disabled. (markt)

    Cluster

        fix	39473: Session timeout much shorter than setting at web.xml at \ 
cluster environment, suggested by Jin Jiang. (pero)