In the process, fix the packing list to obtain a clean
pkg_add/pkg_deinstall sequence (a number of empty directory
where not created in previous versions)
The generated package now includes directives to fix
file/dir ownership after install, so that the installed tree
is identical to what you obtain after 'make install' from
the port.
Summary of changes to Tomcat since 4.1.27:
. The Coyote connector (HTTP/1.1 and AJP/1.3) has been
upgraded to Coyote 1.1, which is the one used by Tomcat
5.0.x.
. Upgrade distributed jars: DBCP (1.1) commons-modeler (1.1)
Xerces (2.5.0) regexp (1.3).
. Added support for nesting a Context Listener and a Webapp
Loader within a DefaultContext.
. Minor docs updates.
. StandardContext: Fix reloading regression.
. StandardDefaultContext: Fix support for defining
ResourceLink
. StandardWrapperValve: Fix infinite recursion when logging
in certain cases
. JNDIRealm: Many bugfixes (18698, 11678, 19864, 20518,
. 14817, 22236), and allow multiple user patterns.
. CGI Servlet: Bugfixes (22857, 22858).
. WebDAV Servlet: Fix bad handling of the destinationPath
URL.
. SecurityClassLoad: Preload a few additional classes from
Coyote.
. MemoryUser: XML-escape the values when writing out the
tomcat-users.xml file.
Submitted by: Angelo Turetta <aturetta@commit.it>
PR: 58973
Tomcat 4.1.27 includes security fixes for:
. improper recycling of SSL client certificates with Coyote JK 2
. improper handling of invalid content lengths in requests, causing
HTTP processors to be left in an invalid state in Coyote HTTP/1.1,
causing a DoS condition
. URI normalization bug in Coyote
. improper handling of certain URLs in Coyote JK 2, causing a DoS
condition
PR: 55362
Submitted by: Kang Liu <lazykang@hotmail.com>
to 3.3.1. Using HTTP_PORT i.s.o. LISTEN_PORT. Using
daemonctl.c i.s.o. tomcatctl shell script. Displaying steps
i.s.o. commands being executed. Synced man page.
