Path to this page:
Subject: CVS commit: [pkgsrc-2008Q2] pkgsrc/www/apache-tomcat55
From: Matthias Scheler
Date: 2008-09-17 11:41:40
Message id: 20080917094140.C8161175D0@cvs.netbsd.org
Log Message:
Pullup ticket #2525 - requested by abs
apache-tomcat55: security update
Revisions pulled up:
- www/apache-tomcat55/Makefile 1.17
- www/apache-tomcat55/PLIST 1.6
- www/apache-tomcat55/distinfo 1.7
---
Module Name: pkgsrc
Committed By: abs
Date: Wed Sep 10 09:53:31 UTC 2008
Modified Files:
pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
Log Message:
Updated www/apache-tomcat55 to 5.5.27
Tomcat 5.5.27 (fhanik)
General
44463: War file upload in manager webapp fails due to missing \
commons-io dependency. Added commons-io 1.4. (rjung)
Catalina
44021, 43013: Add support for # to signify multi-level contexts for \
directories and wars.
44494: Backport from 6.0 (rjung)
Add additional checks for URI normalization. (remm)
Don't throw an ArrayIndexOutOfBoundsException when empty URL is \
requested. Patch provided by Charles R Caldarale. (markt)
29936: Don't use parser from a webapp to parse web.xml and possibly \
context.xml files. (markt)
43079: Correct pattern verification for suspicious URLs. Patch \
provided by John Kew. (markt)
43080: Log suspicious URL pattern warnings to the correct web \
application. (markt)
43117: Setting an empty workDIR could delete all of CATALINA_HOME. \
Patch provided by Takayuki Kaneko. (markt)
44282: Prevent security exception in trace level logging for web \
application class loader when running under a security manager. (markt)
44529: No roles specified (deny all) should take precedence over no \
auth-constraint specified (allow-all). (markt)
43578: Enable start on Linux if $CATALINA_HOME contains a space. \
Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. \
(markt)
44673: Throw IOE if ServletInputStream is closed and a call is made \
to any read(), ready(), mark(), reset(), or skip() method as per javadocs for \
Reader. (markt)
Enable the CGIServlet to work with Windows Vista. (markt)
Add additional permission required to read JDK logging \
configuration when running with a security manager. (markt)
44943: Reduce copy/paste issues caused by different engine names in \
server.xml. (markt)
45195: Prevent NPE when calling Session.getAttribute(null) and \
Session.removeAttribute(null). The spec is unclear but this is a regression from \
5.0.x. (markt)
45293: Update name of commons-logging jar in security policy. (markt)
45453: Fix race condition in JDBC Realm. Based on a patch provided \
by Santtu Hyrkk. (markt)
JAAS Realm did not read role information for users. (markt)
Connectors
Log errors for AJP signoffs at DEBUG level, since it is harmless if \
mod_jk has hung up the phone. (billbarker)
42727: Handle request lines that are exact multiples of 4096 in \
length. Patch provided by Will Pugh. (markt)
43191: Compression could not be disabled for some file types. Based \
on a patch by Len Popp. (markt)
45591: Fix NPE on shutdown failure in some cases. Based on a patch \
by Matt Passell. (markt)
Jasper
31257: Quote endorsed dirs if they contain a space. (markt)
42943: Make sure nested element is inside <jsp:text> element \
before throwing exception. (markt)
44877: Prevent collisions in tag pool names. (markt)
45015: Enfore JSP spec rules on quoting in attrbutes. This is \
configurable using the system property \
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)
Webapps
42899: When saving config from admin app, correctly handle case \
where the old config file does not exist. (markt)
44541: Document packetSize attribute for AJP connector. (markt)
44715: Document use of secret for AJP connector. (markt)
45323: Add note that context.xml files can only contain a single \
Context element. (markt)
Update JNDI datasource docs since maxActive setting for unlimited \
changed in commons-pool > 1.2. (markt)
Specification
Use a localised error message if a user tries to write a negative \
length byte array during default processing of a HEAD request. (markt)
44562: HEAD requests cannot use includes. Patch provided by David \
Jencks. (markt)
Files: