Pullup ticket #2525 - requested by abs

apache-tomcat55: security update

Revisions pulled up:
- www/apache-tomcat55/Makefile	1.17
- www/apache-tomcat55/PLIST	1.6
- www/apache-tomcat55/distinfo	1.7
---
    Module Name:	pkgsrc
    Committed By:	abs
    Date:		Wed Sep 10 09:53:31 UTC 2008

    Modified Files:
     	pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo

    Log Message:
    Updated www/apache-tomcat55 to 5.5.27

    Tomcat 5.5.27 (fhanik)

         General

             44463: War file upload in manager webapp fails due to missing commons-io dependency. Added commons-io 1.4. (rjung)

         Catalina

             44021, 43013: Add support for # to signify multi-level contexts for directories and wars.
             44494: Backport from 6.0 (rjung)
             Add additional checks for URI normalization. (remm)
             Don't throw an ArrayIndexOutOfBoundsException when empty URL is requested. Patch provided by Charles R Caldarale. (markt)
             29936: Don't use parser from a webapp to parse web.xml and possibly context.xml files. (markt)
             43079: Correct pattern verification for suspicious URLs. Patch provided by John Kew. (markt)
             43080: Log suspicious URL pattern warnings to the correct web application. (markt)
             43117: Setting an empty workDIR could delete all of CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
             44282: Prevent security exception in trace level logging for web application class loader when running under a security manager. (markt)
             44529: No roles specified (deny all) should take precedence over no auth-constraint specified (allow-all). (markt)
             43578: Enable start on Linux if $CATALINA_HOME contains a space. Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. (markt)
             44673: Throw IOE if ServletInputStream is closed and a call is made to any read(), ready(), mark(), reset(), or skip() method as per javadocs for Reader. (markt)
             Enable the CGIServlet to work with Windows Vista. (markt)
             Add additional permission required to read JDK logging configuration when running with a security manager. (markt)
             44943: Reduce copy/paste issues caused by different engine names in server.xml. (markt)
             45195: Prevent NPE when calling Session.getAttribute(null) and Session.removeAttribute(null). The spec is unclear but this is a regression from 5.0.x. (markt)
             45293: Update name of commons-logging jar in security policy. (markt)
             45453: Fix race condition in JDBC Realm. Based on a patch provided by Santtu Hyrkk. (markt)
             JAAS Realm did not read role information for users. (markt)

         Connectors

             Log errors for AJP signoffs at DEBUG level, since it is harmless if mod_jk has hung up the phone. (billbarker)
             42727: Handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. (markt)
             43191: Compression could not be disabled for some file types. Based on a patch by Len Popp. (markt)
             45591: Fix NPE on shutdown failure in some cases. Based on a patch by Matt Passell. (markt)

         Jasper

             31257: Quote endorsed dirs if they contain a space. (markt)
             42943: Make sure nested element is inside <jsp:text> element before throwing exception. (markt)
             44877: Prevent collisions in tag pool names. (markt)
             45015: Enfore JSP spec rules on quoting in attrbutes. This is configurable using the system property org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)

         Webapps

             42899: When saving config from admin app, correctly handle case where the old config file does not exist. (markt)
             44541: Document packetSize attribute for AJP connector. (markt)
             44715: Document use of secret for AJP connector. (markt)
             45323: Add note that context.xml files can only contain a single Context element. (markt)
             Update JNDI datasource docs since maxActive setting for unlimited changed in commons-pool > 1.2. (markt)

         Specification

             Use a localised error message if a user tries to write a negative length byte array during default processing of a HEAD request. (markt)
             44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)

3 files changed, 11 insertions, 8 deletions

diff --git a/www/apache-tomcat55/Makefile b/www/apache-tomcat55/Makefile
index ddd4d697630..25d34fdc385 100644
--- a/www/apache-tomcat55/Makefile
+++ b/www/apache-tomcat55/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.16 2008/06/20 01:09:40 joerg Exp $
+# $NetBSD: Makefile,v 1.16.4.1 2008/09/17 09:41:40 tron Exp $
 
 DISTNAME=	apache-tomcat-${TOMCAT_VERSION}
 CATEGORIES=	www java
@@ -11,7 +11,7 @@ COMMENT=	The Apache Project's Java Servlet 2.4 and JSP 2.0 server
 
 PKG_DESTDIR_SUPPORT=	user-destdir
 
-TOMCAT_VERSION=	5.5.26
+TOMCAT_VERSION=	5.5.27
 
 USE_JAVA=	run
 # This needs java 1.5 or higher.
@@ -61,7 +61,7 @@ FILES_SUBST+=	JAVA_HOME=${PKG_JAVA_HOME:Q} TOMCAT_LIB=${TOMCAT_LIB:Q}
 # 	@(cd ${WRKSRC}/jsvc-src ; ${SH} ./configure)
 
 do-build:
-	@${MV} ${WRKSRC}/conf ${WRKDIR}
+	${MV} ${WRKSRC}/conf ${WRKDIR}
 
 INSTALLATION_DIRS+=	${EGDIR2} ${TOMCAT_LIB}
 
diff --git a/www/apache-tomcat55/PLIST b/www/apache-tomcat55/PLIST
index 17c3d412891..0fcef5572bf 100644
--- a/www/apache-tomcat55/PLIST
+++ b/www/apache-tomcat55/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2008/03/12 20:41:48 adrianp Exp $
+@comment $NetBSD: PLIST,v 1.5.6.1 2008/09/17 09:41:40 tron Exp $
 share/examples/rc.d/tomcat
 tomcat/LICENSE
 tomcat/NOTICE
@@ -68,6 +68,7 @@ tomcat/server/webapps/host-manager/images/void.gif
 tomcat/server/webapps/host-manager/manager.xml
 tomcat/server/webapps/manager/WEB-INF/lib/catalina-manager.jar
 tomcat/server/webapps/manager/WEB-INF/lib/commons-fileupload-1.2.jar
+tomcat/server/webapps/manager/WEB-INF/lib/commons-io-1.4.jar
 tomcat/server/webapps/manager/WEB-INF/web.xml
 tomcat/server/webapps/manager/html-manager-howto.html
 tomcat/server/webapps/manager/images/add.gif
@@ -528,11 +529,13 @@ tomcat/webapps/tomcat-docs/config/printer/realm.html
 tomcat/webapps/tomcat-docs/config/printer/resources.html
 tomcat/webapps/tomcat-docs/config/printer/server.html
 tomcat/webapps/tomcat-docs/config/printer/service.html
+tomcat/webapps/tomcat-docs/config/printer/systemprops.html
 tomcat/webapps/tomcat-docs/config/printer/valve.html
 tomcat/webapps/tomcat-docs/config/realm.html
 tomcat/webapps/tomcat-docs/config/resources.html
 tomcat/webapps/tomcat-docs/config/server.html
 tomcat/webapps/tomcat-docs/config/service.html
+tomcat/webapps/tomcat-docs/config/systemprops.html
 tomcat/webapps/tomcat-docs/config/valve.html
 tomcat/webapps/tomcat-docs/connectors.html
 tomcat/webapps/tomcat-docs/default-servlet.html
diff --git a/www/apache-tomcat55/distinfo b/www/apache-tomcat55/distinfo
index eaa3e23e8f7..c44437606b9 100644
--- a/www/apache-tomcat55/distinfo
+++ b/www/apache-tomcat55/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.6 2008/03/12 20:41:48 adrianp Exp $
+$NetBSD: distinfo,v 1.6.6.1 2008/09/17 09:41:40 tron Exp $
 
-SHA1 (apache-tomcat-5.5.26.tar.gz) = 7260b246094cc76c42c67b913b0af85450afeeb6
-RMD160 (apache-tomcat-5.5.26.tar.gz) = 85849d1e9c25fef90f59065e38eb7c788106056d
-Size (apache-tomcat-5.5.26.tar.gz) = 6372195 bytes
+SHA1 (apache-tomcat-5.5.27.tar.gz) = 66cf7e1a67d7a54c3d31e5bf45f06d4173af8cee
+RMD160 (apache-tomcat-5.5.27.tar.gz) = 5479bb7dd9c0a2f9e37a9eedd5fefc62a57188a6
+Size (apache-tomcat-5.5.27.tar.gz) = 6478912 bytes