News & Status page:
A security vulnerability has been confirmed to exist in
Apache Tomcat 4.0.x releases (including Tomcat 4.0.5),
which allows to use a specially crafted URL to return the
unprocessed source of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraint, without the need for being
properly authenticated. This is based on a variant of the
exploit that was disclosed on
09/24/2002.
See:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/RELEASE-NOTES
not installed because there was the control program tomcat4ctl
already. For some instances, however, tomcat4ctl is not
powerful enough. For instance when setting up multiple
instances of Tomcat, see
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/RUNNING.txt.
Also added tools.jar to pkg-plist. It should have been added
previously.
Bumped PORTREVISION.
Prompted by: Gavin Cameron <gavin@itworks.com.au>
to 3.3.1. Using HTTP_PORT i.s.o. LISTEN_PORT. Using
daemonctl.c i.s.o. tomcatctl shell script. Displaying steps
i.s.o. commands being executed. Synced man page.
in ${PREFIX}/etc/rc.d and the control script in ${PREFIX}/bin have
been refactored and now actually work very well.
Using the 'www' user and group, creating them if they don't exist.
I've used the same approach as www/apache13.
STDOUT_LOG and STDERR_LOG are now fixed (no ?= anymore) since the
package deinstall does not support a different location.
This fixes the first half of PR 28624.
See: http://www.freebsd.org/cgi/query-pr.cgi?pr=34931
Reported by: Kees Jan Koster <k.j.koster@kpn.com>
* Bumped PORTREVISION
* Now displays installation settings
* Now possible to choose JDK. By default uses FreeBSD JDK 1.3.1 (instead of FreeBSD JDK 1.1.8)
* Does not depend on pinstall anymore
* Now possible to change TOMCAT_HOME. By default uses /jakarta-tomcat-3.2.3 (instead of /tomcat)
* Now possible to change LISTEN_PORT. Default is 8080 (unchanged)
* Added support for running Tomcat as a different user/group. By default a new user 'tomcat' and a new group 'tomcat' are created and used
* A 'tomcatctl' script is installed in /usr/local/bin/, which uses interprocess communication to start/stop/restart Tomcat
* Option is added for automatically starting Tomcat after install (AUTO_START). By default Tomcat is started right away
* Appends stdout and stderr to log files
* Uses a numeric prefix for the script in /etc/rc.d (now by default 020.jakarta-tomcat.sh instead of tomcat.sh)
