Subject: CVS commit: pkgsrc/www/apache-tomcat55
From: OBATA Akio
Date: 2011-09-25 10:53:37
Message id: 20110925085337.6D907175DD@cvs.netbsd.org

Log Message:
Update apache-tomcat55 to 5.5.34.

General
 * Update Tomcat-Native to 1.1.22. (jim)
 * Fix CVE-2011-2729. Update to Commons Daemon 1.0.7. (markt)
 * 33262: When using the Windows installer, the monitor is now auto-started for
   the current user rather than all users to be consistent with menu item
   creation. (markt)
 * 40510: Provide an option within the Windows installer to create menu entries
   for the current user or all users. (markt)
 * 50949: Add the ability to specify the AJP port and the shutdown port when
   using the Windows installer. (markt)
 * 51135: Fix auto-detection of JAVA_HOME for 64-bit Windows platforms that only
   have a 32-bit JVM installed when using the Windows installer. (markt)

Catalina
 * 27988: Improve reporting of missing files. (markt)
 * 28852: Add URL encoding where missing to parameters in URLs presented by Ant
   tasks to the Manager application. Based on a patch by Stephane Bailliez.
   (mark)
 * 41179: Return 404 rather than 400 for requests to the ROOT context when no
   ROOT context has been deployed. (markt)
 * 50189: Once the application has finished writing to the response, prevent
   further reads from the request since this causes various problems in the
   connectors which do not expect this. (markt)
 * Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
   runtime exception (e.g. OOME) occurs while creating a new user for a
   MemoryUserDatabase via JMX. (markt)
 * 51042: Don't trigger session creation listeners when a session ID is changed
   as part of the authentication process. (markt)
 * 51324: Improve handling of exceptions when flushing the response buffer to
   ensure that the doFlush flag does not get stuck in the enabled state. Patch
   provided by Jeremy Norris. (kkolinko)
 * 51403: Avoid NullPointerException in JULI FileHandler if formatter is
   misconfigured. (kkolinko)
 * 51473: Fix concatenation of values in SecurityConfig.setSecurityProperty()
   when the value provided by JRE is null. (kkolinko)
 * 51550: Internal errors in Tomcat components that process requests before they
   are passed to a web application, such as Authenticators, now return a 500
   response rather than a 200 response. (markt)
 * Add additional configuration options to the DIGEST authenticator. (markt)

Coyote
 * Fix CVE-2011-2526. Protect against crashes (HTTP APR) if sendfile is
   configured to send more data than is available in the file. (markt)
 * 50394: Return -1 from read operation instead of throwing an exception when
   encountering an EOF with the HTTP APR connector. (kkolinko)
 * 50744: Skip the SSL configuration check on platforms where an unbounded
   socket cannot be created. (kkolinko)
 * 51073: Throw an exception and do not start the APR connector if it is
   configured for SSL and an invalid value is provided for SSLProtocol. (markt)
 * 51698: Fix CVE-2011-3190. Prevent AJP message injection. (markt)

Jasper
 * 36362: Handle the case where tag file attributes (which can use any valid XML
   name) have a name which is not a Java identifier. (markt)
 * Fix possible threading issue in JSP compilation when development mode is
   enabled. (markt)

Cluster
 * 48717: Ensure session activation events are fired. (markt)
 * 50771: Ensure HttpServletRequest#getAuthType() returns the name of the
   authentication scheme if request has already been authenticated. (kfujino)
 * 51647: Fix session replication when a session attribute is a Java dynamic
   proxy. Based on a patch by Tomasz Skutnik. (markt)

Webapps
 * 41498: Add the allRolesMode attribute to the Realm configuration page in the
   documentation web application. (markt)
 *  Configure Security Manager How-To to include a copy of the actual
    conf/catalina.policy file when the documentation is built, rather than
    maintaining a copy of its content. (kkolinko)
 * 48997: Fixed some typos and improve cross-referencing to the HTTP Connector
   and APR documentation with the SSL How-To page of the documentation web
   application. (markt)

Other
 * Align jpda settings in catalina.bat with catalina.sh, tc6.0.x, tc7.0.x and
   trunk. (markt)
 * Clarify error messages in *.sh files to mention that if a script is not found
   it might be because execute permission is needed. (kkolinko)

Files:
RevisionActionfile
1.19modifypkgsrc/www/apache-tomcat55/Makefile
1.9modifypkgsrc/www/apache-tomcat55/distinfo