Path to this page:
Subject: CVS commit: pkgsrc/www/apache-tomcat55
From: OBATA Akio
Date: 2011-09-25 10:53:37
Message id: 20110925085337.6D907175DD@cvs.netbsd.org
Log Message:
Update apache-tomcat55 to 5.5.34.
General
* Update Tomcat-Native to 1.1.22. (jim)
* Fix CVE-2011-2729. Update to Commons Daemon 1.0.7. (markt)
* 33262: When using the Windows installer, the monitor is now auto-started for
the current user rather than all users to be consistent with menu item
creation. (markt)
* 40510: Provide an option within the Windows installer to create menu entries
for the current user or all users. (markt)
* 50949: Add the ability to specify the AJP port and the shutdown port when
using the Windows installer. (markt)
* 51135: Fix auto-detection of JAVA_HOME for 64-bit Windows platforms that only
have a 32-bit JVM installed when using the Windows installer. (markt)
Catalina
* 27988: Improve reporting of missing files. (markt)
* 28852: Add URL encoding where missing to parameters in URLs presented by Ant
tasks to the Manager application. Based on a patch by Stephane Bailliez.
(mark)
* 41179: Return 404 rather than 400 for requests to the ROOT context when no
ROOT context has been deployed. (markt)
* 50189: Once the application has finished writing to the response, prevent
further reads from the request since this causes various problems in the
connectors which do not expect this. (markt)
* Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
runtime exception (e.g. OOME) occurs while creating a new user for a
MemoryUserDatabase via JMX. (markt)
* 51042: Don't trigger session creation listeners when a session ID is changed
as part of the authentication process. (markt)
* 51324: Improve handling of exceptions when flushing the response buffer to
ensure that the doFlush flag does not get stuck in the enabled state. Patch
provided by Jeremy Norris. (kkolinko)
* 51403: Avoid NullPointerException in JULI FileHandler if formatter is
misconfigured. (kkolinko)
* 51473: Fix concatenation of values in SecurityConfig.setSecurityProperty()
when the value provided by JRE is null. (kkolinko)
* 51550: Internal errors in Tomcat components that process requests before they
are passed to a web application, such as Authenticators, now return a 500
response rather than a 200 response. (markt)
* Add additional configuration options to the DIGEST authenticator. (markt)
Coyote
* Fix CVE-2011-2526. Protect against crashes (HTTP APR) if sendfile is
configured to send more data than is available in the file. (markt)
* 50394: Return -1 from read operation instead of throwing an exception when
encountering an EOF with the HTTP APR connector. (kkolinko)
* 50744: Skip the SSL configuration check on platforms where an unbounded
socket cannot be created. (kkolinko)
* 51073: Throw an exception and do not start the APR connector if it is
configured for SSL and an invalid value is provided for SSLProtocol. (markt)
* 51698: Fix CVE-2011-3190. Prevent AJP message injection. (markt)
Jasper
* 36362: Handle the case where tag file attributes (which can use any valid XML
name) have a name which is not a Java identifier. (markt)
* Fix possible threading issue in JSP compilation when development mode is
enabled. (markt)
Cluster
* 48717: Ensure session activation events are fired. (markt)
* 50771: Ensure HttpServletRequest#getAuthType() returns the name of the
authentication scheme if request has already been authenticated. (kfujino)
* 51647: Fix session replication when a session attribute is a Java dynamic
proxy. Based on a patch by Tomasz Skutnik. (markt)
Webapps
* 41498: Add the allRolesMode attribute to the Realm configuration page in the
documentation web application. (markt)
* Configure Security Manager How-To to include a copy of the actual
conf/catalina.policy file when the documentation is built, rather than
maintaining a copy of its content. (kkolinko)
* 48997: Fixed some typos and improve cross-referencing to the HTTP Connector
and APR documentation with the SSL How-To page of the documentation web
application. (markt)
Other
* Align jpda settings in catalina.bat with catalina.sh, tc6.0.x, tc7.0.x and
trunk. (markt)
* Clarify error messages in *.sh files to mention that if a script is not found
it might be because execute permission is needed. (kkolinko)
Files: