Now
pkgsrc-2008Q2 commitmail json YAML
pkgsrc/www/apache-tomcat55/Makefile@1.16.4.1
/
diff
pkgsrc/www/apache-tomcat55/PLIST@1.5.6.1 / diff
pkgsrc/www/apache-tomcat55/distinfo@1.6.6.1 / diff
pkgsrc/www/apache-tomcat55/PLIST@1.5.6.1 / diff
pkgsrc/www/apache-tomcat55/distinfo@1.6.6.1 / diff
Pullup ticket #2525 - requested by abs
apache-tomcat55: security update
Revisions pulled up:
- www/apache-tomcat55/Makefile 1.17
- www/apache-tomcat55/PLIST 1.6
- www/apache-tomcat55/distinfo 1.7
---
Module Name: pkgsrc
Committed By: abs
Date: Wed Sep 10 09:53:31 UTC 2008
Modified Files:
pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
Log Message:
Updated www/apache-tomcat55 to 5.5.27
Tomcat 5.5.27 (fhanik)
General
44463: War file upload in manager webapp fails due to missing commons-io dependency. Added commons-io 1.4. (rjung)
Catalina
44021, 43013: Add support for # to signify multi-level contexts for directories and wars.
44494: Backport from 6.0 (rjung)
Add additional checks for URI normalization. (remm)
Don't throw an ArrayIndexOutOfBoundsException when empty URL is requested. Patch provided by Charles R Caldarale. (markt)
29936: Don't use parser from a webapp to parse web.xml and possibly context.xml files. (markt)
43079: Correct pattern verification for suspicious URLs. Patch provided by John Kew. (markt)
43080: Log suspicious URL pattern warnings to the correct web application. (markt)
43117: Setting an empty workDIR could delete all of CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
44282: Prevent security exception in trace level logging for web application class loader when running under a security manager. (markt)
44529: No roles specified (deny all) should take precedence over no auth-constraint specified (allow-all). (markt)
43578: Enable start on Linux if $CATALINA_HOME contains a space. Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. (markt)
44673: Throw IOE if ServletInputStream is closed and a call is made to any read(), ready(), mark(), reset(), or skip() method as per javadocs for Reader. (markt)
Enable the CGIServlet to work with Windows Vista. (markt)
Add additional permission required to read JDK logging configuration when running with a security manager. (markt)
44943: Reduce copy/paste issues caused by different engine names in server.xml. (markt)
45195: Prevent NPE when calling Session.getAttribute(null) and Session.removeAttribute(null). The spec is unclear but this is a regression from 5.0.x. (markt)
45293: Update name of commons-logging jar in security policy. (markt)
45453: Fix race condition in JDBC Realm. Based on a patch provided by Santtu Hyrkk. (markt)
JAAS Realm did not read role information for users. (markt)
Connectors
Log errors for AJP signoffs at DEBUG level, since it is harmless if mod_jk has hung up the phone. (billbarker)
42727: Handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. (markt)
43191: Compression could not be disabled for some file types. Based on a patch by Len Popp. (markt)
45591: Fix NPE on shutdown failure in some cases. Based on a patch by Matt Passell. (markt)
Jasper
31257: Quote endorsed dirs if they contain a space. (markt)
42943: Make sure nested element is inside <jsp:text> element before throwing exception. (markt)
44877: Prevent collisions in tag pool names. (markt)
45015: Enfore JSP spec rules on quoting in attrbutes. This is configurable using the system property org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)
Webapps
42899: When saving config from admin app, correctly handle case where the old config file does not exist. (markt)
44541: Document packetSize attribute for AJP connector. (markt)
44715: Document use of secret for AJP connector. (markt)
45323: Add note that context.xml files can only contain a single Context element. (markt)
Update JNDI datasource docs since maxActive setting for unlimited changed in commons-pool > 1.2. (markt)
Specification
Use a localised error message if a user tries to write a negative length byte array during default processing of a HEAD request. (markt)
44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)
apache-tomcat55: security update
Revisions pulled up:
- www/apache-tomcat55/Makefile 1.17
- www/apache-tomcat55/PLIST 1.6
- www/apache-tomcat55/distinfo 1.7
---
Module Name: pkgsrc
Committed By: abs
Date: Wed Sep 10 09:53:31 UTC 2008
Modified Files:
pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
Log Message:
Updated www/apache-tomcat55 to 5.5.27
Tomcat 5.5.27 (fhanik)
General
44463: War file upload in manager webapp fails due to missing commons-io dependency. Added commons-io 1.4. (rjung)
Catalina
44021, 43013: Add support for # to signify multi-level contexts for directories and wars.
44494: Backport from 6.0 (rjung)
Add additional checks for URI normalization. (remm)
Don't throw an ArrayIndexOutOfBoundsException when empty URL is requested. Patch provided by Charles R Caldarale. (markt)
29936: Don't use parser from a webapp to parse web.xml and possibly context.xml files. (markt)
43079: Correct pattern verification for suspicious URLs. Patch provided by John Kew. (markt)
43080: Log suspicious URL pattern warnings to the correct web application. (markt)
43117: Setting an empty workDIR could delete all of CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
44282: Prevent security exception in trace level logging for web application class loader when running under a security manager. (markt)
44529: No roles specified (deny all) should take precedence over no auth-constraint specified (allow-all). (markt)
43578: Enable start on Linux if $CATALINA_HOME contains a space. Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. (markt)
44673: Throw IOE if ServletInputStream is closed and a call is made to any read(), ready(), mark(), reset(), or skip() method as per javadocs for Reader. (markt)
Enable the CGIServlet to work with Windows Vista. (markt)
Add additional permission required to read JDK logging configuration when running with a security manager. (markt)
44943: Reduce copy/paste issues caused by different engine names in server.xml. (markt)
45195: Prevent NPE when calling Session.getAttribute(null) and Session.removeAttribute(null). The spec is unclear but this is a regression from 5.0.x. (markt)
45293: Update name of commons-logging jar in security policy. (markt)
45453: Fix race condition in JDBC Realm. Based on a patch provided by Santtu Hyrkk. (markt)
JAAS Realm did not read role information for users. (markt)
Connectors
Log errors for AJP signoffs at DEBUG level, since it is harmless if mod_jk has hung up the phone. (billbarker)
42727: Handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. (markt)
43191: Compression could not be disabled for some file types. Based on a patch by Len Popp. (markt)
45591: Fix NPE on shutdown failure in some cases. Based on a patch by Matt Passell. (markt)
Jasper
31257: Quote endorsed dirs if they contain a space. (markt)
42943: Make sure nested element is inside <jsp:text> element before throwing exception. (markt)
44877: Prevent collisions in tag pool names. (markt)
45015: Enfore JSP spec rules on quoting in attrbutes. This is configurable using the system property org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)
Webapps
42899: When saving config from admin app, correctly handle case where the old config file does not exist. (markt)
44541: Document packetSize attribute for AJP connector. (markt)
44715: Document use of secret for AJP connector. (markt)
45323: Add note that context.xml files can only contain a single Context element. (markt)
Update JNDI datasource docs since maxActive setting for unlimited changed in commons-pool > 1.2. (markt)
Specification
Use a localised error message if a user tries to write a negative length byte array during default processing of a HEAD request. (markt)
44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)