CVS commit: [pkgsrc-2008Q2] pkgsrc/www/apache-tomcat55

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2008Q2] pkgsrc/www/apache-tomcat55
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Wed, 17 Sep 2008 09:41:40 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   tron
Date:           Wed Sep 17 09:41:40 UTC 2008

Modified Files:
        pkgsrc/www/apache-tomcat55 [pkgsrc-2008Q2]: Makefile PLIST distinfo

Log Message:
Pullup ticket #2525 - requested by abs
apache-tomcat55: security update

Revisions pulled up:
- www/apache-tomcat55/Makefile  1.17
- www/apache-tomcat55/PLIST     1.6
- www/apache-tomcat55/distinfo  1.7
---
    Module Name:        pkgsrc
    Committed By:       abs
    Date:               Wed Sep 10 09:53:31 UTC 2008

    Modified Files:
        pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo

    Log Message:
    Updated www/apache-tomcat55 to 5.5.27

    Tomcat 5.5.27 (fhanik)

         General

             44463: War file upload in manager webapp fails due to missing 
commons-io dependency. Added commons-io 1.4. (rjung)

         Catalina

             44021, 43013: Add support for # to signify multi-level contexts 
for directories and wars.
             44494: Backport from 6.0 (rjung)
             Add additional checks for URI normalization. (remm)
             Don't throw an ArrayIndexOutOfBoundsException when empty URL is 
requested. Patch provided by Charles R Caldarale. (markt)
             29936: Don't use parser from a webapp to parse web.xml and 
possibly context.xml files. (markt)
             43079: Correct pattern verification for suspicious URLs. Patch 
provided by John Kew. (markt)
             43080: Log suspicious URL pattern warnings to the correct web 
application. (markt)
             43117: Setting an empty workDIR could delete all of CATALINA_HOME. 
Patch provided by Takayuki Kaneko. (markt)
             44282: Prevent security exception in trace level logging for web 
application class loader when running under a security manager. (markt)
             44529: No roles specified (deny all) should take precedence over 
no auth-constraint specified (allow-all). (markt)
             43578: Enable start on Linux if $CATALINA_HOME contains a space. 
Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. 
(markt)
             44673: Throw IOE if ServletInputStream is closed and a call is 
made to any read(), ready(), mark(), reset(), or skip() method as per javadocs 
for Reader. (markt)
             Enable the CGIServlet to work with Windows Vista. (markt)
             Add additional permission required to read JDK logging 
configuration when running with a security manager. (markt)
             44943: Reduce copy/paste issues caused by different engine names 
in server.xml. (markt)
             45195: Prevent NPE when calling Session.getAttribute(null) and 
Session.removeAttribute(null). The spec is unclear but this is a regression 
from 5.0.x. (markt)
             45293: Update name of commons-logging jar in security policy. 
(markt)
             45453: Fix race condition in JDBC Realm. Based on a patch provided 
by Santtu Hyrkk. (markt)
             JAAS Realm did not read role information for users. (markt)

         Connectors

             Log errors for AJP signoffs at DEBUG level, since it is harmless 
if mod_jk has hung up the phone. (billbarker)
             42727: Handle request lines that are exact multiples of 4096 in 
length. Patch provided by Will Pugh. (markt)
             43191: Compression could not be disabled for some file types. 
Based on a patch by Len Popp. (markt)
             45591: Fix NPE on shutdown failure in some cases. Based on a patch 
by Matt Passell. (markt)

         Jasper

             31257: Quote endorsed dirs if they contain a space. (markt)
             42943: Make sure nested element is inside <jsp:text> element 
before throwing exception. (markt)
             44877: Prevent collisions in tag pool names. (markt)
             45015: Enfore JSP spec rules on quoting in attrbutes. This is 
configurable using the system property 
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)

         Webapps

             42899: When saving config from admin app, correctly handle case 
where the old config file does not exist. (markt)
             44541: Document packetSize attribute for AJP connector. (markt)
             44715: Document use of secret for AJP connector. (markt)
             45323: Add note that context.xml files can only contain a single 
Context element. (markt)
             Update JNDI datasource docs since maxActive setting for unlimited 
changed in commons-pool > 1.2. (markt)

         Specification

             Use a localised error message if a user tries to write a negative 
length byte array during default processing of a HEAD request. (markt)
             44562: HEAD requests cannot use includes. Patch provided by David 
Jencks. (markt)


To generate a diff of this commit:
cvs rdiff -r1.16 -r1.16.4.1 pkgsrc/www/apache-tomcat55/Makefile
cvs rdiff -r1.5 -r1.5.6.1 pkgsrc/www/apache-tomcat55/PLIST
cvs rdiff -r1.6 -r1.6.6.1 pkgsrc/www/apache-tomcat55/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: [pkgsrc-2008Q2] pkgsrc/lang/ruby18-base
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: [pkgsrc-2008Q2] pkgsrc/lang/ruby18-base
Indexes:

Home | Main Index | Thread Index | Old Index