Subject: CVS commit: pkgsrc/www
To: None <>
From: Jim Wise <>
List: pkgsrc-changes
Date: 04/19/2002 18:54:22
Module Name:	pkgsrc
Committed By:	jwise
Date:		Fri Apr 19 15:54:22 UTC 2002

Modified Files:
	pkgsrc/www/ap-jk: Makefile distinfo
	pkgsrc/www/jakarta-servletapi: Makefile distinfo
	pkgsrc/www/jakarta-tomcat: Makefile distinfo
	pkgsrc/www/jakarta-tomcat/patches: patch-aa
Added Files:
	pkgsrc/www/jakarta-tomcat/patches: patch-ae

Log Message:
Update jakarta-servletapi, jakarta-tomcat, and ap-jk to version 3.2.4.

We are not advancing to the 3.3 or 4.0 branches at the moment, as neither
will work with our native JDK without a lot more work.

Changes since Tomcat 3.2.3 (the last pkgsrc version):

7.1 Fixes and Enhancements in Release 3.2.4

This section highlights the bugs fixed in this release.

  -  Cookie name expires is a reserved token (#1114)
  -  Thread initialization problem in thread pool (#1745)
  -  AJP12 returned invalid HTTP headers when redirecting to very
     long URLS (#2333)
  -  Fixed casting problem in JspFactoryImpl.getPageContext().  (#4260)
  -  Setting sesstion-timeout in web.xml did not prevent sessions from
     timing out.  (#4412)
  -  Fixed race condition in ServerSocketFactory.getDefault().  (#4418)
  -  Removed the restrictions on encoded spcecial characters in URLs
     that was added as a security precaution in 3.2.3.  The encoded
     special characters are not decoded and remain the URL and
     path info returned to servlets.
  -  Jk_nt_service now supports the ability to be restarted automatically
     by the Windows 2000 service control manager if Tomcat terminates
  -  Fixed invalid servlet mapping in web.xml generated by JspC (#3474, #3499)
  -  Added findResource() and findResources() to AdaptiveClassLoader12
  -  A Date: HTTP header is now sent in responses when running stand
     alone. (#345)
  -  Simple held on to a reference to removed objects preventing
     garbage collection.
  -  Tomcat 3.2.4 now ships with JAXP 1.1.  Prior releases used
     JAXP 1.0.1.  Tomcat 3.2.4 remains completely compatible with
     the older version of JAXP and there is no requirement for users
     to upgrade to JAXP 1.1 unless their applications require the new
  -  Fixed NullPointerException in HttpConnectionHandler.  (#4577)

7.2 Security Vulnerabilities fixed in Tomcat 3.2.4

The randomness of generated session ids has been enhanced to prevent the
generation of guessable ids.

To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 pkgsrc/www/ap-jk/Makefile
cvs rdiff -r1.1 -r1.2 pkgsrc/www/ap-jk/distinfo
cvs rdiff -r1.8 -r1.9 pkgsrc/www/jakarta-servletapi/Makefile
cvs rdiff -r1.3 -r1.4 pkgsrc/www/jakarta-servletapi/distinfo
cvs rdiff -r1.27 -r1.28 pkgsrc/www/jakarta-tomcat/Makefile
cvs rdiff -r1.4 -r1.5 pkgsrc/www/jakarta-tomcat/distinfo
cvs rdiff -r1.8 -r1.9 pkgsrc/www/jakarta-tomcat/patches/patch-aa
cvs rdiff -r0 -r1.1 pkgsrc/www/jakarta-tomcat/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.