[jboss-cvs] Repository SVN: r13529 - in apache-tomcat: 5.5.23.patch05-brew and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Aug 22 12:02:12 EDT 2008
Author: permaine
Date: 2008-08-22 12:02:11 -0400 (Fri, 22 Aug 2008)
New Revision: 13529
Added:
apache-tomcat/5.5.23.patch05-brew/
apache-tomcat/5.5.23.patch05-brew/component-info.xml
apache-tomcat/5.5.23.patch05-brew/lib/
apache-tomcat/5.5.23.patch05-brew/lib/catalina-manager.jar
apache-tomcat/5.5.23.patch05-brew/lib/catalina-optional.jar
apache-tomcat/5.5.23.patch05-brew/lib/catalina.jar
apache-tomcat/5.5.23.patch05-brew/lib/jasper-compiler-jdt.jar
apache-tomcat/5.5.23.patch05-brew/lib/jasper-compiler.jar
apache-tomcat/5.5.23.patch05-brew/lib/jasper-runtime.jar
apache-tomcat/5.5.23.patch05-brew/lib/naming-resources.jar
apache-tomcat/5.5.23.patch05-brew/lib/servlets-default.jar
apache-tomcat/5.5.23.patch05-brew/lib/servlets-invoker.jar
apache-tomcat/5.5.23.patch05-brew/lib/servlets-webdav.jar
apache-tomcat/5.5.23.patch05-brew/lib/tomcat-ajp.jar
apache-tomcat/5.5.23.patch05-brew/lib/tomcat-apr.jar
apache-tomcat/5.5.23.patch05-brew/lib/tomcat-coyote.jar
apache-tomcat/5.5.23.patch05-brew/lib/tomcat-http.jar
apache-tomcat/5.5.23.patch05-brew/lib/tomcat-util.jar
apache-tomcat/5.5.23.patch05-brew/src/
apache-tomcat/5.5.23.patch05-brew/src/apache-tomcat-5.5.23-src.tar.gz
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2449.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2450.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3386.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-build-build-properties-default.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-javaxssl.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jk-build.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jspc-classpath.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jt5-build.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtc-build.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtj-build.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-skip-build-on-install.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-util-build.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-IT-168408.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-http11-build.patch
apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.link_admin_jar.patch
Log:
Add Brew-build 5.5.23.patch05-brew
Added: apache-tomcat/5.5.23.patch05-brew/component-info.xml
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/component-info.xml (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/component-info.xml 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,61 @@
+<project name="apache-tomcat-component-info">
+
+ <component id="apache-tomcat"
+ licenseType="apache-2.0"
+ version="5.5.23.patch05-brew"
+ projectHome="http://tomcat.apache.org"
+ description="Tomcat 5.5 servlet 2.4 web container with fixes for ASPATCH-234 and IT #168408, as well as fixes for CVE-2007-2449, CVE-2007-2450, CVE-2007-3386, CVE-2007-3382, CVE-2007-3385, 2007-5342, and CVE-2007-5461, plus CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938"
+ scm=":ext:cvs.devel.redhat.com:/cvs/dist/tomcat5"
+ tag="tomcat5-5_5_23-1_patch05_0jpp_1jb">
+ <!-- Built using JDK 1.4 -->
+ <artifact id="catalina-manager.jar"/>
+ <artifact id="catalina-optional.jar"/>
+ <artifact id="catalina.jar"/>
+ <artifact id="jasper-compiler-jdt.jar"/>
+ <artifact id="jasper-compiler.jar"/>
+ <artifact id="jasper-runtime.jar"/>
+ <artifact id="naming-resources.jar"/>
+ <artifact id="servlets-default.jar"/>
+ <artifact id="servlets-invoker.jar"/>
+ <artifact id="servlets-webdav.jar"/>
+ <artifact id="tomcat-ajp.jar"/>
+ <artifact id="tomcat-apr.jar"/>
+ <artifact id="tomcat-coyote.jar"/>
+ <artifact id="tomcat-http.jar"/>
+ <artifact id="tomcat-util.jar"/>
+
+ <import componentref="apache-logging">
+ <compatible version="1.0.3"/>
+ <compatible version="1.0.4jboss"/>
+ <compatible version="1.0.4.1jboss"/>
+ <compatible version="1.0.5.GA-jboss"/>
+ <compatible version="1.0.5.SP1-jboss"/>
+ <compatible version="1.1"/>
+ <compatible version="1.1.0.jboss"/>
+ </import>
+ <import componentref="apache-modeler">
+ <compatible version="2.0-brew" />
+ </import>
+ <import componentref="commons-el">
+ <compatible version="1.0"/>
+ </import>
+ <export>
+ <include input="catalina-manager.jar"/>
+ <include input="catalina-optional.jar"/>
+ <include input="catalina.jar"/>
+ <include input="jasper-compiler-jdt.jar"/>
+ <include input="jasper-compiler.jar"/>
+ <include input="jasper-runtime.jar"/>
+ <include input="naming-resources.jar"/>
+ <include input="servlets-default.jar"/>
+ <include input="servlets-invoker.jar"/>
+ <include input="servlets-webdav.jar"/>
+ <include input="tomcat-ajp.jar"/>
+ <include input="tomcat-apr.jar"/>
+ <include input="tomcat-coyote.jar"/>
+ <include input="tomcat-http.jar"/>
+ <include input="tomcat-util.jar"/>
+
+ </export>
+ </component>
+</project>
Added: apache-tomcat/5.5.23.patch05-brew/lib/catalina-manager.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/catalina-manager.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/catalina-optional.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/catalina-optional.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/catalina.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/catalina.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/jasper-compiler-jdt.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/jasper-compiler-jdt.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/jasper-compiler.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/jasper-compiler.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/jasper-runtime.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/jasper-runtime.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/naming-resources.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/naming-resources.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/servlets-default.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/servlets-default.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/servlets-invoker.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/servlets-invoker.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/servlets-webdav.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/servlets-webdav.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-ajp.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-ajp.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-apr.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-apr.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-coyote.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-coyote.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-http.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-http.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-util.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/lib/tomcat-util.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/src/apache-tomcat-5.5.23-src.tar.gz
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch05-brew/src/apache-tomcat-5.5.23-src.tar.gz
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2449.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2449.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2449.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,104 @@
+Index: servletapi/jsr152/examples/source.jsp
+===================================================================
+--- servletapi/jsr152/examples/source.jsp (revision 547082)
++++ servletapi/jsr152/examples/source.jsp (revision 547083)
+@@ -17,4 +17,4 @@
+ <%@ taglib uri="http://jakarta.apache.org/tomcat/examples-taglib"
+ prefix="eg" %>
+
+-<eg:ShowSource jspFile="<%= request.getQueryString() %>"/>
++<eg:ShowSource jspFile="<%= util.HTMLFilter.filter(request.getQueryString()) %>"/>
+Index: servletapi/jsr152/examples/snp/snoop.html
+===================================================================
+--- servletapi/jsr152/examples/snp/snoop.html (revision 547082)
++++ servletapi/jsr152/examples/snp/snoop.html (revision 547083)
+@@ -24,8 +24,8 @@
+ <body bgcolor="#FFFFFF">
+ <p><font color="#0000FF"><a href="snoop.jsp"><img src="../images/execute.gif" align="right" border="0"></a><a href="../index.html"><img src="../images/return.gif" width="24" height="24" align="right" border="0"></a></font></p>
+
+-<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font color="#0000FF"></a>
+- </font> </h3>
++<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font color="#0000FF">
++ </font></a></h3>
+
+ </body>
+ </html>
+Index: servletapi/jsr152/examples/snp/snoop.jsp
+===================================================================
+--- servletapi/jsr152/examples/snp/snoop.jsp (revision 547082)
++++ servletapi/jsr152/examples/snp/snoop.jsp (revision 547083)
+@@ -19,37 +19,38 @@
+ <body bgcolor="white">
+ <h1> Request Information </h1>
+ <font size="4">
+-JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %>
++JSP Request Method: <%= util.HTMLFilter.filter(request.getMethod()) %>
+ <br>
+-Request URI: <%= request.getRequestURI() %>
++Request URI: <%= util.HTMLFilter.filter(request.getRequestURI()) %>
+ <br>
+-Request Protocol: <%= request.getProtocol() %>
++Request Protocol: <%= util.HTMLFilter.filter(request.getProtocol()) %>
+ <br>
+-Servlet path: <%= request.getServletPath() %>
++Servlet path: <%= util.HTMLFilter.filter(request.getServletPath()) %>
+ <br>
+-Path info: <% out.print(util.HTMLFilter.filter(request.getPathInfo())); %>
++Path info: <%= util.HTMLFilter.filter(request.getPathInfo()) %>
+ <br>
+-Query string: <% out.print(util.HTMLFilter.filter(request.getQueryString())); %>
++Query string: <%= util.HTMLFilter.filter(request.getQueryString()) %>
+ <br>
+ Content length: <%= request.getContentLength() %>
+ <br>
+-Content type: <% out.print(util.HTMLFilter.filter(request.getContentType())); %>
++Content type: <%= util.HTMLFilter.filter(request.getContentType()) %>
+ <br>
+-Server name: <%= request.getServerName() %>
++Server name: <%= util.HTMLFilter.filter(request.getServerName()) %>
+ <br>
+ Server port: <%= request.getServerPort() %>
+ <br>
+-Remote user: <%= request.getRemoteUser() %>
++Remote user: <%= util.HTMLFilter.filter(request.getRemoteUser()) %>
+ <br>
+-Remote address: <%= request.getRemoteAddr() %>
++Remote address: <%= util.HTMLFilter.filter(request.getRemoteAddr()) %>
+ <br>
+-Remote host: <%= request.getRemoteHost() %>
++Remote host: <%= util.HTMLFilter.filter(request.getRemoteHost()) %>
+ <br>
+-Authorization scheme: <%= request.getAuthType() %>
++Authorization scheme: <%= util.HTMLFilter.filter(request.getAuthType()) %>
+ <br>
+ Locale: <%= request.getLocale() %>
+ <hr>
+-The browser you are using is <% out.print(util.HTMLFilter.filter(request.getHeader("User-Agent"))); %>
++The browser you are using is
++<%= util.HTMLFilter.filter(request.getHeader("User-Agent")) %>
+ <hr>
+ </font>
+ </body>
+Index: servletapi/jsr152/examples/security/protected/index.jsp
+===================================================================
+--- servletapi/jsr152/examples/security/protected/index.jsp (revision 547082)
++++ servletapi/jsr152/examples/security/protected/index.jsp (revision 547083)
+@@ -27,14 +27,16 @@
+ </head>
+ <body bgcolor="white">
+
+-You are logged in as remote user <b><%= request.getRemoteUser() %></b>
++You are logged in as remote user
++<b><%= util.HTMLFilter.filter(request.getRemoteUser()) %></b>
+ in session <b><%= session.getId() %></b><br><br>
+
+ <%
+ if (request.getUserPrincipal() != null) {
+ %>
+ Your user principal name is
+- <b><%= request.getUserPrincipal().getName() %></b><br><br>
++ <b><%= util.HTMLFilter.filter(request.getUserPrincipal().getName()) %></b>
++ <br><br>
+ <%
+ } else {
+ %>
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2450.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2450.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-2450.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,52 @@
+Index: container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
+===================================================================
+--- container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java (revision 547081)
++++ container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java (revision 547082)
+@@ -32,6 +32,7 @@
+
+ import org.apache.catalina.Container;
+ import org.apache.catalina.Host;
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.catalina.util.ServerInfo;
+
+ /**
+@@ -195,7 +196,11 @@
+ // Message Section
+ args = new Object[3];
+ args[0] = sm.getString("htmlHostManagerServlet.messageLabel");
+- args[1] = (message == null || message.length() == 0) ? "OK" : message;
++ if (message == null || message.length() == 0) {
++ args[1] = "OK";
++ } else {
++ args[1] = RequestUtil.filter(message);
++ }
+ writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
+
+ // Manager Section
+Index: container/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java
+===================================================================
+--- container/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java (revision 547081)
++++ container/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java (revision 547082)
+@@ -107,8 +107,7 @@
+ message = stop(path);
+ } else {
+ message =
+- sm.getString("managerServlet.unknownCommand",
+- RequestUtil.filter(command));
++ sm.getString("managerServlet.unknownCommand", command);
+ }
+
+ list(request, response, message);
+@@ -282,7 +281,11 @@
+ // Message Section
+ args = new Object[3];
+ args[0] = sm.getString("htmlManagerServlet.messageLabel");
+- args[1] = (message == null || message.length() == 0) ? "OK" : message;
++ if (message == null || message.length() == 0) {
++ args[1] = "OK";
++ } else {
++ args[1] = RequestUtil.filter(message);
++ }
+ writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
+
+ // Manager Section
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,135 @@
+--- ./connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007-03-05 16:27:39.000000000 +0100
++++ ./connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007-08-24 14:40:51.000000000 +0200
+@@ -130,6 +130,7 @@
+ //
+ // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";
+ private static final String tspecials = ",; ";
++ private static final String tspecials2 = ",; \"";
+
+ /*
+ * Tests a string and returns true if the string counts as a
+@@ -154,6 +155,20 @@
+ return true;
+ }
+
++ public static boolean isToken2(String value) {
++ if( value==null) return true;
++ int len = value.length();
++
++ for (int i = 0; i < len; i++) {
++ char c = value.charAt(i);
++
++ if (c < 0x20 || c >= 0x7f || tspecials2.indexOf(c) != -1)
++ return false;
++ }
++ return true;
++ }
++
++
+ public static boolean checkName( String name ) {
+ if (!isToken(name)
+ || name.equalsIgnoreCase("Comment") // rfc2019
+@@ -213,7 +228,7 @@
+ // this part is the same for all cookies
+ buf.append( name );
+ buf.append("=");
+- maybeQuote(version, buf, value);
++ maybeQuote2(version, buf, value);
+
+ // XXX Netscape cookie: "; "
+ // add version 1 specific information
+@@ -284,6 +299,20 @@
+ }
+ }
+
++
++ public static void maybeQuote2 (int version, StringBuffer buf,
++ String value) {
++ // special case - a \n or \r shouldn't happen in any case
++ if (isToken2(value)) {
++ buf.append(value);
++ } else {
++ buf.append('"');
++ buf.append(escapeDoubleQuotes(value));
++ buf.append('"');
++ }
++ }
++
++
+ // log
+ static final int dbg=1;
+ public static void log(String s ) {
+@@ -306,12 +335,14 @@
+ }
+
+ StringBuffer b = new StringBuffer();
++ char p = s.charAt(0);
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+- if (c == '"')
++ if (c == '"' && p != '\\')
+ b.append('\\').append('"');
+ else
+ b.append(c);
++ p = c;
+ }
+
+ return b.toString();
+--- ./connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 14:15:10.000000000 +0200
++++ ./connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 14:50:26.000000000 +0200
+@@ -249,9 +249,11 @@
+ int endValue=startValue;
+
+ cc=bytes[pos];
+- if( cc== '\'' || cc=='"' ) {
+- startValue++;
+- endValue=indexOf( bytes, startValue, end, cc );
++ if( cc=='"' ) {
++ endValue=findDelim3( bytes, startValue+1, end, cc );
++ if (endValue == -1) {
++ endValue = findDelim2(bytes, startValue+1, end);
++ } else startValue++;
+ pos=endValue+1; // to skip to next cookie
+ } else {
+ endValue=findDelim2( bytes, startValue, end );
+@@ -335,28 +337,26 @@
+ return off;
+ }
+
+- public static int indexOf( byte bytes[], int off, int end, byte qq )
++ /*
++ * search for cc but skip \cc as required by rfc2616
++ * (according to rfc2616 cc should be ")
++ */
++ public static int findDelim3( byte bytes[], int off, int end, byte cc )
+ {
+ while( off < end ) {
+ byte b=bytes[off];
+- if( b==qq )
++ if (b=='\\') {
++ off++;
++ off++;
++ continue;
++ }
++ if( b==cc )
+ return off;
+ off++;
+ }
+- return off;
++ return -1;
+ }
+
+- public static int indexOf( byte bytes[], int off, int end, char qq )
+- {
+- while( off < end ) {
+- byte b=bytes[off];
+- if( b==qq )
+- return off;
+- off++;
+- }
+- return off;
+- }
+-
+ // XXX will be refactored soon!
+ public static boolean equals( String s, byte b[], int start, int end) {
+ int blen = end-start;
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3386.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3386.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-3386.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,24 @@
+--- container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2007/07/19 02:21:09 557457
++++ container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2007/07/19 02:21:58 557458
+@@ -253,7 +253,7 @@
+
+ if (host != null ) {
+ args = new Object[2];
+- args[0] = hostName;
++ args[0] = RequestUtil.filter(hostName);
+ String[] aliases = host.findAliases();
+ StringBuffer buf = new StringBuffer();
+ if (aliases.length > 0) {
+@@ -265,9 +265,11 @@
+
+ if (buf.length() == 0) {
+ buf.append(" ");
++ args[1] = buf.toString();
++ } else {
++ args[1] = RequestUtil.filter(buf.toString());
+ }
+
+- args[1] = buf.toString();
+ writer.print
+ (MessageFormat.format(HOSTS_ROW_DETAILS_SECTION, args));
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,72 @@
+--- container/catalina/src/share/org/apache/catalina/servlets/LocalStrings.properties.orig 2007-03-05 10:27:45.000000000 -0500
++++ container/catalina/src/share/org/apache/catalina/servlets/LocalStrings.properties 2007-11-07 11:36:48.410682000 -0500
+@@ -10,6 +10,7 @@
+ invokerServlet.notNamed=Cannot call invoker servlet with a named dispatcher
+ invokerServlet.noWrapper=Container has not called setWrapper() for this servlet
+ webdavservlet.jaxpfailed=JAXP initialization failed
++webdavservlet.enternalEntityIgnored=The request included a reference to an external entity with PublicID {0} and SystemID {1} which was ignored
+ directory.filename=Filename
+ directory.lastModified=Last Modified
+ directory.parent=Up To {0}
+--- container/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java.orig 2007-03-05 10:27:45.000000000 -0500
++++ container/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java 2007-11-07 11:36:48.420673000 -0500
+@@ -20,6 +20,7 @@
+
+
+ import java.io.IOException;
++import java.io.StringReader;
+ import java.io.StringWriter;
+ import java.io.Writer;
+ import java.security.MessageDigest;
+@@ -40,6 +41,7 @@
+ import javax.naming.NamingEnumeration;
+ import javax.naming.NamingException;
+ import javax.naming.directory.DirContext;
++import javax.servlet.ServletContext;
+ import javax.servlet.ServletException;
+ import javax.servlet.UnavailableException;
+ import javax.servlet.http.HttpServletRequest;
+@@ -60,6 +62,7 @@
+ import org.w3c.dom.Element;
+ import org.w3c.dom.Node;
+ import org.w3c.dom.NodeList;
++import org.xml.sax.EntityResolver;
+ import org.xml.sax.InputSource;
+ import org.xml.sax.SAXException;
+
+@@ -252,6 +255,8 @@
+ documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ documentBuilder = documentBuilderFactory.newDocumentBuilder();
++ documentBuilder.setEntityResolver(
++ new WebdavResolver(this.getServletContext()));
+ } catch(ParserConfigurationException e) {
+ throw new ServletException
+ (sm.getString("webdavservlet.jaxpfailed"));
+@@ -2737,6 +2742,26 @@
+ }
+
+
++ // --------------------------------------------- WebdavResolver Inner Class
++ /**
++ * Work around for XML parsers that don't fully respect
++ * {@link DocumentBuilderFactory#setExpandEntityReferences(false)}. External
++ * references are filtered out for security reasons. See CVE-2007-5461.
++ */
++ private class WebdavResolver implements EntityResolver {
++ private ServletContext context;
++
++ public WebdavResolver(ServletContext theContext) {
++ context = theContext;
++ }
++
++ public InputSource resolveEntity (String publicId, String systemId) {
++ context.log(sm.getString("webdavservlet.enternalEntityIgnored",
++ publicId, systemId));
++ return new InputSource(
++ new StringReader("Ignored external entity"));
++ }
++ }
+ };
+
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-build-build-properties-default.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-build-build-properties-default.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-build-build-properties-default.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,11 @@
+--- ./build/build.properties.default.p20 2007-03-05 10:27:32.000000000 -0500
++++ ./build/build.properties.default 2007-04-29 10:48:38.000000000 -0400
+@@ -137,7 +137,7 @@
+ # ----- Eclipse JDT, version 3.1.2 or later -----
+ jdt.home=${base.path}/eclipse/plugins
+ jdt.lib=${jdt.home}
+-jdt.jar=${jdt.lib}/org.eclipse.jdt.core_3.1.2.jar
++jdt.jar=${base.path}/jdtcore.jar
+ jdt.loc=http://archive.eclipse.org/eclipse/downloads/drops/R-3.1.2-200601181600/eclipse-JDT-3.1.2.zip
+
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-javaxssl.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-javaxssl.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-javaxssl.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,72 @@
+--- connectors/jk/java/org/apache/jk/server/JkMain.java.sav 2006-03-23 16:56:20.000000000 +0100
++++ connectors/jk/java/org/apache/jk/server/JkMain.java 2006-03-23 16:57:27.000000000 +0100
+@@ -101,7 +101,7 @@
+ return jkMain;
+ }
+
+- private static String DEFAULT_HTTPS="com.sun.net.ssl.internal.www.protocol";
++ private static String DEFAULT_HTTPS="javax.net.ssl.internal.www.protocol";
+ private void initHTTPSUrls() {
+ try {
+ // 11657: if only ajp is used, https: redirects need to work ( at least for 1.3+)
+--- connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java.sav 2006-03-23 16:58:48.000000000 +0100
++++ connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java 2006-03-23 17:01:34.000000000 +0100
+@@ -67,13 +67,13 @@
+ */
+ void init() throws IOException {
+ try {
+- try {
+- Class ssps = Class.forName("sun.security.provider.Sun");
+- Security.addProvider ((Provider)ssps.newInstance());
+- }catch(Exception cnfe) {
++ //try {
++ // Class ssps = Class.forName("sun.security.provider.Sun");
++ // Security.addProvider ((Provider)ssps.newInstance());
++ //}catch(Exception cnfe) {
+ //Ignore, since this is a non-Sun JVM
+- }
+- Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
++ //}
++ //Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
+
+ String clientAuthStr = (String)attributes.get("clientauth");
+ if("true".equalsIgnoreCase(clientAuthStr) ||
+@@ -91,8 +91,8 @@
+ if (algorithm == null) algorithm = defaultAlgorithm;
+
+ // Set up KeyManager, which will extract server key
+- com.sun.net.ssl.KeyManagerFactory kmf =
+- com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
++ javax.net.ssl.KeyManagerFactory kmf =
++ javax.net.ssl.KeyManagerFactory.getInstance(algorithm);
+ String keystoreType = (String)attributes.get("keystoreType");
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+@@ -102,22 +102,22 @@
+ keystorePass.toCharArray());
+
+ // Set up TrustManager
+- com.sun.net.ssl.TrustManager[] tm = null;
++ javax.net.ssl.TrustManager[] tm = null;
+ String truststoreType = (String)attributes.get("truststoreType");
+ if(truststoreType == null) {
+ truststoreType = keystoreType;
+ }
+ KeyStore trustStore = getTrustStore(truststoreType);
+ if (trustStore != null) {
+- com.sun.net.ssl.TrustManagerFactory tmf =
+- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
++ javax.net.ssl.TrustManagerFactory tmf =
++ javax.net.ssl.TrustManagerFactory.getInstance("SunX509");
+ tmf.init(trustStore);
+ tm = tmf.getTrustManagers();
+ }
+
+ // Create and init SSLContext
+- com.sun.net.ssl.SSLContext context =
+- com.sun.net.ssl.SSLContext.getInstance(protocol);
++ javax.net.ssl.SSLContext context =
++ javax.net.ssl.SSLContext.getInstance(protocol);
+ context.init(kmf.getKeyManagers(), tm, new SecureRandom());
+
+ // Create proxy
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jk-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jk-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jk-build.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,27 @@
+--- connectors/jk/build.xml.p14 2006-03-05 02:25:22.000000000 +0100
++++ connectors/jk/build.xml 2006-03-23 19:25:51.000000000 +0100
+@@ -28,7 +28,7 @@
+ <property name="tomcat-jkshm.jar" value="${jk.build}/lib/jkshm.jar" />
+ <property name="tomcat-jk2.jar" value="${jk.build}/lib/tomcat-jk2.jar" />
+ <property name="tomcat-jni.jar" value="${jk.build}/lib/tomcat-jni.jar" />
+- <property name="tomcat-apr.jar" value="../jni/dist/tomcat-native-1.0.0.jar" />
++ <property name="tomcat-apr.jar" value="../../build/build/server/lib/tomcat-apr.jar" />
+
+ <!-- default locations, overrident by properties -->
+ <property name="base.path" location="/usr/share/java"/>
+@@ -211,6 +211,7 @@
+ <exclude name="org/apache/jk/ant/**" />
+ <classpath>
+ <pathelement location="${tomcat-apr.jar}" />
++ <pathelement location="${jk.build}/../../build/build/classes"/>
+ <path refid="xml-apis.classpath"/>
+ <path refid="build-main.classpath"/>
+ </classpath>
+@@ -252,6 +252,7 @@
+ <include name="org/apache/coyote/ajp/**"/>
+ <include name="org/apache/jk/config/**"/>
+ <classpath>
++ <pathelement location="${jk.build}/../../build/build/classes"/>
+ <path refid="xml-apis.classpath"/>
+ <path refid="build-main.classpath"/>
+ <path refid="build-tc5.classpath"/>
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jspc-classpath.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jspc-classpath.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jspc-classpath.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,10 @@
+--- build/build.xml.sav 2006-02-21 13:48:51.743828000 -0500
++++ build/build.xml 2006-02-21 13:48:56.499065000 -0500
+@@ -416,6 +416,7 @@
+
+ <path id="jspc.classpath">
+ <pathelement location="${java.home}/../lib/tools.jar"/>
++ <pathelement location="/usr/lib/jvm/java/jre/lib/rt.jar"/>
+ <pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${tomcat.build}/server/classes"/>
+ <fileset dir="${tomcat.build}/server/lib">
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jt5-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jt5-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jt5-build.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,46 @@
+--- ./build/build.xml.p2 2007-04-29 11:47:03.000000000 -0400
++++ ./build/build.xml 2007-04-29 11:48:48.000000000 -0400
+@@ -59,10 +59,10 @@
+ <property name="tomcat.release" value="${basedir}/release"/>
+ <property name="webapps.build" value="${catalina.home}/webapps/build"/>
+ <property name="webapps.dist" value="${catalina.home}/webapps/dist"/>
+- <property name="tomcat-dbcp.home" value="${base.path}/tomcat-deps" />
++ <property name="tomcat-dbcp.home" value="${base.path}" />
+ <property name="tomcat-dbcp.jar"
+- value="${tomcat-dbcp.home}/naming-factory-dbcp.jar"/>
+- <property name="jasper-compiler-jdt.home" value="${base.path}/tomcat-deps" />
++ value="${tomcat-dbcp.home}/commons-dbcp.jar"/>
++ <property name="jasper-compiler-jdt.home" value="./jasper-compiler-jdt-home" />
+ <property name="jasper-compiler-jdt.jar"
+ value="${jasper-compiler-jdt.home}/jasper-compiler-jdt.jar"/>
+
+@@ -160,11 +160,17 @@
+ failonerror="false" />
+
+ <copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
+- file="${tomcat-native.tar.gz}" />
++ file="${tomcat-native.tar.gz}"
++ failonerror="false" />
+
+ <!-- <copy todir="${tomcat.build}/common/lib" file="${ant.jar}"/>
+ <copy todir="${tomcat.build}/common/lib" file="${ant-launcher.jar}"/> -->
++<!--
+ <copy todir="${tomcat.build}/common/lib" file="${jasper-compiler-jdt.jar}"/>
++-->
++<!-- these should be links -->
++ <copy todir="${tomcat.build}/common/lib" file="${base.path}/jdtcore.jar" failonerror="false"/>
++
+ </target>
+
+ <!-- ====================== Build all components =================== -->
+@@ -956,7 +962,9 @@
+ <copy todir="embed/lib">
+ <fileset dir="build/common/lib">
+ <include name="jasper-compiler.jar"/>
+- <include name="jasper-compiler-jdt.jar"/>
++ <!-- <include name="jasper-compiler-jdt.jar"/> -->
++ <include name="jdtcore.jar"/>
++
+ </fileset>
+ </copy>
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtc-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtc-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtc-build.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,22 @@
+--- container/catalina/build.xml.sav 2006-03-23 16:46:37.000000000 +0100
++++ container/catalina/build.xml 2006-03-23 16:47:44.000000000 +0100
+@@ -42,7 +42,7 @@
+ <property name="tomcat-http11.jar"
+ value="${tomcat-http11.home}/build/lib/tomcat-http11.jar"/>
+ <property name="tomcat-dbcp.jar"
+- value="${base.path}/tomcat-deps/naming-factory-dbcp.jar"/>
++ value="${base.path}/commons-dbcp.jar"/>
+ <!-- Construct Catalina classpath -->
+ <path id="catalina.classpath">
+ <pathelement location="${activation.jar}"/>
+--- container/modules/cluster/build.xml.sav 2006-03-23 16:49:04.000000000 +0100
++++ container/modules/cluster/build.xml 2006-03-23 16:49:54.000000000 +0100
+@@ -20,7 +20,7 @@
+ <pathelement location="${commons-modeler.jar}"/>
+ <pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${jmx.jar}"/>
+- <pathelement location="${catalina.build}/common/lib/servlet-api.jar"/>
++ <pathelement location="${servlet-api.jar}"/>
+ </path>
+
+ <!-- Source path -->
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtj-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtj-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-jtj-build.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,20 @@
+--- jasper/build.xml.sav 2006-03-23 16:52:01.000000000 +0100
++++ jasper/build.xml 2006-03-23 16:53:17.000000000 +0100
+@@ -38,6 +38,8 @@
+ <pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${commons-daemon-launcher.jar}"/>
+ <pathelement location="${jasper.build}/shared/classes"/>
++ <pathelement location="${base.path}/jdtcore.jar"/>
++
+ </path>
+
+ <!-- Construct unit tests classpath -->
+@@ -54,6 +56,8 @@
+ <pathelement location="${commons-launcher.jar}"/>
+ <pathelement location="${jasper.build}/shared/classes"/>
+ <pathelement location="${jasper.build}/tests"/>
++ <pathelement location="${base.path}/jdtcore.jar"/>
++
+ </path>
+
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-skip-build-on-install.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-skip-build-on-install.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-skip-build-on-install.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,15 @@
+--- build/build.xml.sav 2006-03-23 16:22:33.000000000 +0100
++++ build/build.xml 2006-03-23 16:23:40.000000000 +0100
+@@ -763,10 +763,12 @@
+ <mkdir dir="${tomcat.build}/server/webapps" />
+
+ <!-- The build files are far too difficult to hack - just build it and copy -->
++ <!--
+ <ant dir="${api.home}/jsr154" target="dist">
+ </ant>
+ <ant dir="${api.home}/jsr152" target="dist">
+ </ant>
++ -->
+
+ <mkdir dir="${tomcat.build}/webapps/servlets-examples"/>
+ <copy todir="${tomcat.build}/webapps/servlets-examples">
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-util-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-util-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5-util-build.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,23 @@
+--- connectors/util/build.xml.sav 2006-03-23 19:16:02.000000000 +0100
++++ connectors/util/build.xml 2006-03-23 19:17:46.000000000 +0100
+@@ -23,7 +23,7 @@
+ <property name="tomcat-util.lib" value="${tomcat-util.build}/lib" />
+ <property name="tomcat-util.jar" value="${tomcat-util.lib}/tomcat-util.jar" />
+ <property name="tomcat-loader.jar" value="${tomcat-util.lib}/tomcat-loader.jar" />
+- <property name="tomcat-jni.jar" value="../jni/dist/tomcat-native-1.0.0.jar" />
++ <property name="tomcat-jni.jar" value="../../build/build/server/lib/tomcat-apr.jar" />
+
+ <path id="compile.classpath">
+ <pathelement location="${jmx.jar}" />
+@@ -73,7 +73,10 @@
+ optimize="off"
+ verbose="off"
+ excludes="**/CVS/**">
+- <classpath refid="compile.classpath"/>
++ <classpath>
++ <path refid="compile.classpath"/>
++ <pathelement location="${tomcat-util.build}/../../jakarta-tomcat-5/build/classes"/>
++ </classpath>
+ <exclude name="**/util/net/jsse/*" unless="jsse.present"/>
+ <exclude name="**/util/log/CommonLogHandler.java" unless="commons-logging.present"/>
+ <exclude name="**/util/net/puretls/*" unless="puretls.present"/>
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,623 @@
+--- ./connectors/util/java/org/apache/tomcat/util/digester/Digester.java.p22 2007-03-05 10:27:39.000000000 -0500
++++ ./connectors/util/java/org/apache/tomcat/util/digester/Digester.java 2007-07-26 19:05:06.000000000 -0400
+@@ -315,14 +315,14 @@
+ /**
+ * The Log to which most logging calls will be made.
+ */
+- protected Log log =
++ protected static Log log =
+ LogFactory.getLog("org.apache.commons.digester.Digester");
+
+
+ /**
+ * The Log to which all SAX event related logging calls will be made.
+ */
+- protected Log saxLog =
++ protected static Log saxLog =
+ LogFactory.getLog("org.apache.commons.digester.Digester.sax");
+
+
+@@ -2339,8 +2339,10 @@
+ params.clear();
+ publicId = null;
+ stack.clear();
++ /*
+ log = null;
+ saxLog = null;
++ */
+ configured = false;
+
+ }
+@@ -2555,8 +2557,8 @@
+ return;
+ }
+
+- log = LogFactory.getLog("org.apache.commons.digester.Digester");
+- saxLog = LogFactory.getLog("org.apache.commons.digester.Digester.sax");
++ //log = LogFactory.getLog("org.apache.commons.digester.Digester");
++ //saxLog = LogFactory.getLog("org.apache.commons.digester.Digester.sax");
+
+ // Perform lazy configuration as needed
+ initialize(); // call hook method for subclasses that want to be initialized once only
+--- ./container/catalina/src/share/org/apache/catalina/core/ContainerBase.java.p22 2007-03-05 10:27:43.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/core/ContainerBase.java 2007-07-26 19:05:12.000000000 -0400
+@@ -183,8 +183,8 @@
+
+ /**
+ * The Logger implementation with which this Container is associated.
+- */
+ protected Log logger = null;
++ */
+
+
+ /**
+@@ -376,10 +376,13 @@
+ */
+ public Log getLogger() {
+
++ /*
+ if (logger != null)
+ return (logger);
+ logger = LogFactory.getLog(logName());
+ return (logger);
++ */
++ return log;
+
+ }
+
+@@ -994,10 +997,12 @@
+ // Start our subordinate components, if any
+ if ((loader != null) && (loader instanceof Lifecycle))
+ ((Lifecycle) loader).start();
++ /*
+ logger = null;
+ getLogger();
+ if ((logger != null) && (logger instanceof Lifecycle))
+ ((Lifecycle) logger).start();
++ */
+ if ((manager != null) && (manager instanceof Lifecycle))
+ ((Lifecycle) manager).start();
+ if ((cluster != null) && (cluster instanceof Lifecycle))
+@@ -1085,9 +1090,11 @@
+ if ((manager != null) && (manager instanceof Lifecycle)) {
+ ((Lifecycle) manager).stop();
+ }
++ /*
+ if ((logger != null) && (logger instanceof Lifecycle)) {
+ ((Lifecycle) logger).stop();
+ }
++ */
+ if ((loader != null) && (loader instanceof Lifecycle)) {
+ ((Lifecycle) loader).stop();
+ }
+--- ./container/catalina/src/share/org/apache/catalina/core/NamingContextListener.java.p22 2007-03-05 10:27:43.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/core/NamingContextListener.java 2007-07-26 19:05:17.000000000 -0400
+@@ -81,7 +81,7 @@
+ // ----------------------------------------------------- Instance Variables
+
+
+- protected Log logger = log;
++ //protected Log log = log;
+
+
+ /**
+@@ -189,7 +189,6 @@
+
+ if (container instanceof Context) {
+ namingResources = ((Context) container).getNamingResources();
+- logger = log;
+ } else if (container instanceof Server) {
+ namingResources = ((Server) container).getGlobalNamingResources();
+ } else {
+@@ -219,7 +218,7 @@
+ try {
+ createNamingContext();
+ } catch (NamingException e) {
+- logger.error
++ log.error
+ (sm.getString("naming.namingContextCreationFailed", e));
+ }
+
+@@ -232,7 +231,7 @@
+ (container, container,
+ ((Container) container).getLoader().getClassLoader());
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ }
+
+@@ -245,7 +244,7 @@
+ (container, container,
+ this.getClass().getClassLoader());
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ if (container instanceof StandardServer) {
+ ((StandardServer) container).setGlobalNamingContext
+@@ -625,7 +624,7 @@
+ // Ignore because UserTransaction was obviously
+ // added via ResourceLink
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ }
+
+@@ -635,7 +634,7 @@
+ compCtx.bind("Resources",
+ ((Container) container).getResources());
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ }
+
+@@ -706,7 +705,7 @@
+ createSubcontexts(envCtx, ejb.getName());
+ envCtx.bind(ejb.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ }
+@@ -773,23 +772,23 @@
+ }
+ }
+ } else {
+- logger.error(sm.getString("naming.invalidEnvEntryType", env.getName()));
++ log.error(sm.getString("naming.invalidEnvEntryType", env.getName()));
+ }
+ } catch (NumberFormatException e) {
+- logger.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
++ log.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
+ } catch (IllegalArgumentException e) {
+- logger.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
++ log.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
+ }
+
+ // Binding the object to the appropriate name
+ if (value != null) {
+ try {
+- if (logger.isDebugEnabled())
+- logger.debug(" Adding environment entry " + env.getName());
++ if (log.isDebugEnabled())
++ log.debug(" Adding environment entry " + env.getName());
+ createSubcontexts(envCtx, env.getName());
+ envCtx.bind(env.getName(), value);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.invalidEnvEntryValue", e));
++ log.error(sm.getString("naming.invalidEnvEntryValue", e));
+ }
+ }
+
+@@ -824,14 +823,14 @@
+ ref.add(refAddr);
+ }
+ try {
+- if (logger.isDebugEnabled()) {
+- logger.debug(" Adding resource ref "
++ if (log.isDebugEnabled()) {
++ log.debug(" Adding resource ref "
+ + resource.getName() + " " + ref);
+ }
+ createSubcontexts(envCtx, resource.getName());
+ envCtx.bind(resource.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ if ("javax.sql.DataSource".equals(ref.getClassName())) {
+@@ -841,7 +840,7 @@
+ Registry.getRegistry(null, null).registerComponent(actualResource, on, null);
+ objectNames.put(resource.getName(), on);
+ } catch (Exception e) {
+- logger.warn(sm.getString("naming.jmxRegistrationFailed", e));
++ log.warn(sm.getString("naming.jmxRegistrationFailed", e));
+ }
+ }
+
+@@ -864,12 +863,12 @@
+ ref.add(refAddr);
+ }
+ try {
+- if (logger.isDebugEnabled())
++ if (log.isDebugEnabled())
+ log.debug(" Adding resource env ref " + resourceEnvRef.getName());
+ createSubcontexts(envCtx, resourceEnvRef.getName());
+ envCtx.bind(resourceEnvRef.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ }
+@@ -887,12 +886,12 @@
+ "UserTransaction".equals(resourceLink.getName())
+ ? compCtx : envCtx;
+ try {
+- if (logger.isDebugEnabled())
++ if (log.isDebugEnabled())
+ log.debug(" Adding resource link " + resourceLink.getName());
+ createSubcontexts(envCtx, resourceLink.getName());
+ ctx.bind(resourceLink.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ }
+@@ -906,7 +905,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -920,7 +919,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -934,7 +933,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -948,7 +947,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ ObjectName on = (ObjectName) objectNames.get(name);
+@@ -967,7 +966,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -981,7 +980,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+--- ./container/catalina/src/share/org/apache/catalina/core/StandardContext.java.p22 2007-03-05 10:27:43.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/core/StandardContext.java 2007-07-26 19:05:26.000000000 -0400
+@@ -103,7 +103,7 @@
+ *
+ * @author Craig R. McClanahan
+ * @author Remy Maucherat
+- * @version $Revision: 513599 $ $Date: 2007-03-01 19:34:17 -0700 (Thu, 01 Mar 2007) $
++ * @version $Revision: 522870 $ $Date: 2007-03-27 04:37:32 -0700 (Tue, 27 Mar 2007) $
+ */
+
+ public class StandardContext
+@@ -4115,10 +4115,12 @@
+
+ // Initialize logger again. Other components might have used it too early,
+ // so it should be reset.
++ /*
+ logger = null;
+ getLogger();
+ if ((logger != null) && (logger instanceof Lifecycle))
+ ((Lifecycle) logger).start();
++ */
+
+ if ((cluster != null) && (cluster instanceof Lifecycle))
+ ((Lifecycle) cluster).start();
+@@ -4353,9 +4355,6 @@
+ // Stop our filters
+ filterStop();
+
+- // Stop our application listeners
+- listenerStop();
+-
+ // Stop ContainerBackgroundProcessor thread
+ super.threadStop();
+
+@@ -4363,6 +4362,9 @@
+ ((Lifecycle) manager).stop();
+ }
+
++ // Stop our application listeners
++ listenerStop();
++
+ // Finalize our character set mapper
+ setCharsetMapper(null);
+
+@@ -4391,9 +4393,11 @@
+ if ((cluster != null) && (cluster instanceof Lifecycle)) {
+ ((Lifecycle) cluster).stop();
+ }
++ /*
+ if ((logger != null) && (logger instanceof Lifecycle)) {
+ ((Lifecycle) logger).stop();
+ }
++ */
+ if ((loader != null) && (loader instanceof Lifecycle)) {
+ ((Lifecycle) loader).stop();
+ }
+--- ./container/catalina/src/share/org/apache/catalina/session/ManagerBase.java.p22 2007-03-05 10:27:45.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/session/ManagerBase.java 2007-07-26 19:05:40.000000000 -0400
+@@ -62,7 +62,7 @@
+ */
+
+ public abstract class ManagerBase implements Manager, MBeanRegistration {
+- protected Log log = LogFactory.getLog(ManagerBase.class);
++ protected static Log log = LogFactory.getLog(ManagerBase.class);
+
+ // ----------------------------------------------------- Instance Variables
+
+--- ./container/catalina/src/share/org/apache/catalina/valves/ValveBase.java.p22 2007-03-05 10:27:47.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/valves/ValveBase.java 2007-07-26 19:05:47.000000000 -0400
+@@ -51,7 +51,7 @@
+ * management and lifecycle support.
+ *
+ * @author Craig R. McClanahan
+- * @version $Revision: 466608 $ $Date: 2006-10-21 17:10:15 -0600 (Sat, 21 Oct 2006) $
++ * @version $Revision: 466608 $ $Date: 2006-10-21 16:10:15 -0700 (Sat, 21 Oct 2006) $
+ */
+
+ public abstract class ValveBase
+--- ./jasper/src/share/org/apache/jasper/compiler/Compiler.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/Compiler.java 2007-07-26 19:05:53.000000000 -0400
+@@ -44,7 +44,7 @@
+ * @author Mark Roth
+ */
+ public abstract class Compiler {
+- protected org.apache.commons.logging.Log log=
++ protected static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( Compiler.class );
+
+ // ----------------------------------------------------------------- Static
+--- ./jasper/src/share/org/apache/jasper/compiler/JspConfig.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/JspConfig.java 2007-07-26 19:05:59.000000000 -0400
+@@ -43,7 +43,7 @@
+ private static final String WEB_XML = "/WEB-INF/web.xml";
+
+ // Logger
+- private Log log = LogFactory.getLog(JspConfig.class);
++ private static Log log = LogFactory.getLog(JspConfig.class);
+
+ private Vector jspProperties = null;
+ private ServletContext ctxt;
+--- ./jasper/src/share/org/apache/jasper/compiler/JspReader.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/JspReader.java 2007-07-26 19:06:06.000000000 -0400
+@@ -53,7 +53,7 @@
+ /**
+ * Logger.
+ */
+- private Log log = LogFactory.getLog(JspReader.class);
++ private static Log log = LogFactory.getLog(JspReader.class);
+
+ /**
+ * The current spot in the file.
+--- ./jasper/src/share/org/apache/jasper/compiler/JspRuntimeContext.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/JspRuntimeContext.java 2007-07-26 19:06:11.000000000 -0400
+@@ -59,7 +59,7 @@
+ public final class JspRuntimeContext implements Runnable {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspRuntimeContext.class);
++ private static Log log = LogFactory.getLog(JspRuntimeContext.class);
+
+ /*
+ * Counts how many times the webapp's JSPs have been reloaded.
+--- ./jasper/src/share/org/apache/jasper/compiler/SmapUtil.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/SmapUtil.java 2007-07-26 19:06:17.000000000 -0400
+@@ -44,7 +44,7 @@
+ */
+ public class SmapUtil {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( SmapUtil.class );
+
+ //*********************************************************************
+@@ -189,7 +189,7 @@
+ // Installation logic (from Robert Field, JSR-045 spec lead)
+ private static class SDEInstaller {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( SDEInstaller.class );
+
+ static final String nameSDE = "SourceDebugExtension";
+--- ./jasper/src/share/org/apache/jasper/compiler/TagLibraryInfoImpl.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/TagLibraryInfoImpl.java 2007-07-26 19:06:22.000000000 -0400
+@@ -63,7 +63,7 @@
+ class TagLibraryInfoImpl extends TagLibraryInfo implements TagConstants {
+
+ // Logger
+- private Log log = LogFactory.getLog(TagLibraryInfoImpl.class);
++ private static Log log = LogFactory.getLog(TagLibraryInfoImpl.class);
+
+ private Hashtable jarEntries;
+ private JspCompilationContext ctxt;
+--- ./jasper/src/share/org/apache/jasper/compiler/TldLocationsCache.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/TldLocationsCache.java 2007-07-26 19:06:26.000000000 -0400
+@@ -79,7 +79,7 @@
+ public class TldLocationsCache {
+
+ // Logger
+- private Log log = LogFactory.getLog(TldLocationsCache.class);
++ private static Log log = LogFactory.getLog(TldLocationsCache.class);
+
+ /**
+ * The types of URI one may specify for a tag library
+--- ./jasper/src/share/org/apache/jasper/runtime/JspFactoryImpl.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/runtime/JspFactoryImpl.java 2007-07-26 19:06:51.000000000 -0400
+@@ -38,7 +38,7 @@
+ public class JspFactoryImpl extends JspFactory {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspFactoryImpl.class);
++ private static Log log = LogFactory.getLog(JspFactoryImpl.class);
+
+ private static final String SPEC_VERSION = "2.0";
+ private static final boolean USE_POOL =
+--- ./jasper/src/share/org/apache/jasper/runtime/PageContextImpl.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/runtime/PageContextImpl.java 2007-07-26 19:06:57.000000000 -0400
+@@ -66,7 +66,7 @@
+ public class PageContextImpl extends PageContext implements VariableResolver {
+
+ // Logger
+- private Log log;
++ private static Log log = LogFactory.getLog(PageContextImpl.class);
+
+ // The expression evaluator, for evaluating EL expressions.
+ private static ExpressionEvaluatorImpl elExprEval
+@@ -101,7 +101,6 @@
+ * Constructor.
+ */
+ PageContextImpl(JspFactory factory) {
+- log = LogFactory.getLog(getClass());
+
+ this.variableResolver = new VariableResolverImpl(this);
+ this.outs = new BodyContentImpl[0];
+--- ./jasper/src/share/org/apache/jasper/servlet/JspServlet.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/servlet/JspServlet.java 2007-07-26 19:07:01.000000000 -0400
+@@ -56,7 +56,7 @@
+ public class JspServlet extends HttpServlet {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspServlet.class);
++ private static Log log = LogFactory.getLog(JspServlet.class);
+
+ private ServletContext context;
+ private ServletConfig config;
+--- ./jasper/src/share/org/apache/jasper/servlet/JspServletWrapper.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/servlet/JspServletWrapper.java 2007-07-26 19:07:06.000000000 -0400
+@@ -63,7 +63,7 @@
+ public class JspServletWrapper {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspServletWrapper.class);
++ private static Log log = LogFactory.getLog(JspServletWrapper.class);
+
+ private Servlet theServlet;
+ private String jspUri;
+--- ./jasper/src/share/org/apache/jasper/xmlparser/ParserUtils.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/xmlparser/ParserUtils.java 2007-07-26 19:07:15.000000000 -0400
+@@ -192,7 +192,7 @@
+ class MyEntityResolver implements EntityResolver {
+
+ // Logger
+- private Log log = LogFactory.getLog(MyEntityResolver.class);
++ private static Log log = LogFactory.getLog(MyEntityResolver.class);
+
+ public InputSource resolveEntity(String publicId, String systemId)
+ throws SAXException {
+@@ -221,7 +221,7 @@
+ class MyErrorHandler implements ErrorHandler {
+
+ // Logger
+- private Log log = LogFactory.getLog(MyErrorHandler.class);
++ private static Log log = LogFactory.getLog(MyErrorHandler.class);
+
+ public void warning(SAXParseException ex) throws SAXException {
+ if (log.isDebugEnabled())
+--- ./jasper/src/share/org/apache/jasper/xmlparser/UCSReader.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/xmlparser/UCSReader.java 2007-07-26 19:07:20.000000000 -0400
+@@ -31,7 +31,7 @@
+ */
+ public class UCSReader extends Reader {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( UCSReader.class );
+
+ //
+--- ./jasper/src/share/org/apache/jasper/xmlparser/UTF8Reader.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/xmlparser/UTF8Reader.java 2007-07-26 19:07:25.000000000 -0400
+@@ -31,7 +31,7 @@
+ public class UTF8Reader
+ extends Reader {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( UTF8Reader.class );
+
+ //
+--- ./jasper/src/share/org/apache/jasper/EmbeddedServletOptions.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/EmbeddedServletOptions.java 2007-07-26 19:06:31.000000000 -0400
+@@ -41,7 +41,7 @@
+ public final class EmbeddedServletOptions implements Options {
+
+ // Logger
+- private Log log = LogFactory.getLog(EmbeddedServletOptions.class);
++ private static Log log = LogFactory.getLog(EmbeddedServletOptions.class);
+
+ private Properties settings = new Properties();
+
+--- ./jasper/src/share/org/apache/jasper/JspC.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/JspC.java 2007-07-26 19:06:39.000000000 -0400
+@@ -95,7 +95,7 @@
+ "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93";
+
+ /** Logger (set by constructor.) */
+- private Log log;
++ private static Log log = LogFactory.getLog(JspC.class);
+
+ private static final String SWITCH_VERBOSE = "-v";
+ private static final String SWITCH_HELP = "-help";
+@@ -257,7 +257,6 @@
+
+ /** Constructor. */
+ public JspC() {
+- log = LogFactory.getLog(getClass());
+ }
+
+ public void setArgs(String[] arg) throws JasperException {
+--- ./jasper/src/share/org/apache/jasper/JspCompilationContext.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/JspCompilationContext.java 2007-07-26 19:06:44.000000000 -0400
+@@ -52,7 +52,7 @@
+ */
+ public class JspCompilationContext {
+
+- protected org.apache.commons.logging.Log log =
++ protected static org.apache.commons.logging.Log log =
+ org.apache.commons.logging.LogFactory.getLog(JspCompilationContext.class);
+
+ private Hashtable tagFileJarUrls;
+--- ./build.xml.p22 2007-03-05 10:27:32.000000000 -0500
++++ ./build.xml 2007-07-26 19:05:00.000000000 -0400
+@@ -72,6 +72,7 @@
+ <!-- Bugzilla 37977: http://issues.apache.org/bugzilla/show_bug.cgi?id=37977 -->
+ <!-- hackish: inputstring="t${line.separator}" is t+<enter> for svn -->
+ <!-- to temporarily accept the certificate of svn.apache.org. -->
++ <!--
+ <exec dir="${basedir}"
+ executable="svn"
+ inputstring="t${line.separator}"
+@@ -80,6 +81,7 @@
+ <arg value="${svnroot}/${current.loc}" />
+ <arg value="${basedir}" />
+ </exec>
++ -->
+
+ </target>
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,24 @@
+--- container/catalina/src/conf/catalina.policy 2007/09/02 21:16:25 572160
++++ container/catalina/src/conf/catalina.policy 2008/01/06 22:38:14 609451
+@@ -82,7 +82,19 @@
+
+ // These permissions apply to JULI
+ grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+- permission java.security.AllPermission;
++ permission java.util.PropertyPermission "java.util.logging.config.class", "read";
++ permission java.util.PropertyPermission "java.util.logging.config.file", "read";
++ permission java.lang.RuntimePermission "shutdownHooks";
++ permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
++ permission java.util.PropertyPermission "catalina.base", "read";
++ permission java.util.logging.LoggingPermission "control";
++ permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
++ permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
++ permission java.lang.RuntimePermission "getClassLoader";
++ // To enable per context logging configuration, permit read access to the appropriate file.
++ // Be sure that the logging configuration is secure before enabling such access
++ // eg for the examples web application:
++ // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
+ };
+
+ // These permissions apply to the servlet API classes
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,125 @@
+--- connectors/coyote/src/java/org/apache/coyote/Constants.java (original)
++++ connectors/coyote/src/java/org/apache/coyote/Constants.java Wed Jul 30 02:26:27 2008
+@@ -53,4 +53,12 @@
+ public static final int STAGE_ENDED = 7;
+
+
++ /**
++ * If true, custom HTTP status messages will be used in headers.
++ */
++ public static final boolean USE_CUSTOM_STATUS_MSG_IN_HEADER =
++ Boolean.valueOf(System.getProperty(
++ "org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER",
++ "false")).booleanValue();
++
+ }
+
+--- connectors/http11/src/java/org/apache/coyote/http11/InternalAprOutputBuffer.java (original)
++++ connectors/http11/src/java/org/apache/coyote/http11/InternalAprOutputBuffer.java Wed Jul 30 02:26:27 2008
+@@ -429,11 +429,14 @@
+ buf[pos++] = Constants.SP;
+
+ // Write message
+- String message = response.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = response.getMessage();
++ }
+ if (message == null) {
+ write(HttpMessages.getMessage(status));
+ } else {
+- write(message);
++ write(message.replace('\n', ' ').replace('\r', ' '));
+ }
+
+ // End the response status line
+
+--- connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java (original)
++++ connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java Wed Jul 30 02:26:27 2008
+@@ -448,11 +448,14 @@
+ buf[pos++] = Constants.SP;
+
+ // Write message
+- String message = response.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = response.getMessage();
++ }
+ if (message == null) {
+ write(getMessage(status));
+ } else {
+- write(message);
++ write(message.replace('\n', ' ').replace('\r', ' '));
+ }
+
+ // End the response status line
+
+--- connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java (original)
++++ connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java Wed Jul 30 02:26:27 2008
+@@ -942,7 +942,10 @@
+
+ // HTTP header contents
+ responseHeaderMessage.appendInt(response.getStatus());
+- String message = response.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = response.getMessage();
++ }
+ if (message == null){
+ message = HttpMessages.getMessage(response.getStatus());
+ } else {
+
+--- connectors/jk/java/org/apache/jk/common/JkInputStream.java (original)
++++ connectors/jk/java/org/apache/jk/common/JkInputStream.java Wed Jul 30 02:26:27 2008
+@@ -279,7 +279,10 @@
+ outputMsg.appendByte(AjpConstants.JK_AJP13_SEND_HEADERS);
+ outputMsg.appendInt( res.getStatus() );
+
+- String message=res.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = res.getMessage();
++ }
+ if( message==null ){
+ message= HttpMessages.getMessage(res.getStatus());
+ } else {
+
+--- container/catalina/src/share/org/apache/catalina/core/StandardContextValve.java (original)
++++ container/catalina/src/share/org/apache/catalina/core/StandardContextValve.java Wed Jul 30 02:26:27 2008
+@@ -119,8 +119,7 @@
+ || (requestPathMB.equalsIgnoreCase("/META-INF"))
+ || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0))
+ || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
+- String requestURI = request.getDecodedRequestURI();
+- notFound(requestURI, response);
++ notFound(response);
+ return;
+ }
+
+@@ -136,8 +135,7 @@
+ // Select the Wrapper to be used for this Request
+ Wrapper wrapper = request.getWrapper();
+ if (wrapper == null) {
+- String requestURI = request.getDecodedRequestURI();
+- notFound(requestURI, response);
++ notFound(response);
+ return;
+ }
+
+@@ -206,13 +204,12 @@
+ * application, but currently that code runs at the wrapper level rather
+ * than the context level.
+ *
+- * @param requestURI The request URI for the requested resource
+ * @param response The response we are creating
+ */
+- private void notFound(String requestURI, HttpServletResponse response) {
++ private void notFound(HttpServletResponse response) {
+
+ try {
+- response.sendError(HttpServletResponse.SC_NOT_FOUND, requestURI);
++ response.sendError(HttpServletResponse.SC_NOT_FOUND);
+ } catch (IllegalStateException e) {
+ ;
+ } catch (IOException e) {
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,33 @@
+--- container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2008-07-25 16:14:15 UTC (rev 729)
++++ container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2008-07-25 16:26:00 UTC (rev 730)
+@@ -21,6 +21,7 @@
+ import java.io.IOException;
+ import java.io.PrintWriter;
+ import java.io.StringWriter;
++import java.net.URLEncoder;
+ import java.text.MessageFormat;
+ import java.util.Iterator;
+ import java.util.Map;
+@@ -276,17 +277,17 @@
+ args = new Object[7];
+ args[0] = response.encodeURL
+ (request.getContextPath() +
+- "/html/start?name=" + hostName);
++ "/html/start?name=" + URLEncoder.encode(hostName, "UTF-8"));
+ args[1] = hostsStart;
+ args[2] = response.encodeURL
+ (request.getContextPath() +
+- "/html/stop?name=" + hostName);
++ "/html/stop?name=" + URLEncoder.encode(hostName, "UTF-8"));
+ args[3] = hostsStop;
+ args[4] = response.encodeURL
+ (request.getContextPath() +
+- "/html/remove?name=" + hostName);
++ "/html/remove?name=" + URLEncoder.encode(hostName, "UTF-8"));
+ args[5] = hostsRemove;
+- args[6] = hostName;
++ args[6] = RequestUtil.filter(hostName);
+ if (host == this.host) {
+ writer.print(MessageFormat.format(
+ MANAGER_HOST_ROW_BUTTON_SECTION, args));
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,48 @@
+--- container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java (original)
++++ container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java Wed Jul 30 02:34:21 2008
+@@ -379,10 +379,21 @@
+ throw new IllegalArgumentException
+ (sm.getString
+ ("applicationContext.requestDispatcher.iae", path));
++
++ // Get query string
++ String queryString = null;
++ int pos = path.indexOf('?');
++ if (pos >= 0) {
++ queryString = path.substring(pos + 1);
++ path = path.substring(0, pos);
++ }
++
+ path = normalize(path);
+ if (path == null)
+ return (null);
+
++ pos = path.length();
++
+ // Retrieve the thread local URI
+ MessageBytes uriMB = (MessageBytes) localUriMB.get();
+ if (uriMB == null) {
+@@ -394,15 +405,6 @@
+ uriMB.recycle();
+ }
+
+- // Get query string
+- String queryString = null;
+- int pos = path.indexOf('?');
+- if (pos >= 0) {
+- queryString = path.substring(pos + 1);
+- } else {
+- pos = path.length();
+- }
+-
+ // Retrieve the thread local mapping data
+ MappingData mappingData = (MappingData) localMappingData.get();
+ if (mappingData == null) {
+
+
+
+---------------------------------------------------------------------
+To unsubscribe, e-mail: dev-unsubscribe at tomcat.apache.org
+For additional commands, e-mail: dev-help at tomcat.apache.org
+
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,83 @@
+--- container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java 2008-07-17 13:13:43 UTC (rev 717)
++++ container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java 2008-07-17 17:43:56 UTC (rev 718)
+@@ -442,6 +442,12 @@
+ }
+ // Character decoding
+ convertURI(decodedURI, request);
++ // Check that the URI is still normalized
++ if (!checkNormalize(req.decodedURI())) {
++ res.setStatus(400);
++ res.setMessage("Invalid URI character encoding");
++ return false;
++ }
+ } else {
+ // The URL is chars or String, and has been sent using an in-memory
+ // protocol handler, we have to assume the URL has been properly
+@@ -821,6 +827,67 @@
+ }
+
+
++ /**
++ * Check that the URI is normalized following character decoding.
++ * <p>
++ * This method checks for "\", "//", "/./" and "/../". This method will
++ * return false if sequences that are supposed to be normalized still
++ * present in the URI.
++ *
++ * @param uriMB URI to be normalized
++ */
++ public static boolean checkNormalize(MessageBytes uriMB) {
++
++ CharChunk uriCC = uriMB.getCharChunk();
++ char[] c = uriCC.getChars();
++ int start = uriCC.getStart();
++ int end = uriCC.getEnd();
++
++ int pos = 0;
++
++ // Check for '\' and for null byte
++ for (pos = start; pos < end; pos++) {
++ if (c[pos] == '\\') {
++ return false;
++ }
++ if (c[pos] == 0) {
++ return false;
++ }
++ }
++
++ // Check for "//"
++ for (pos = start; pos < (end - 1); pos++) {
++ if (c[pos] == '/') {
++ if (c[pos + 1] == '/') {
++ return false;
++ }
++ }
++ }
++
++ // Check for URI ending with "/." or "/.."
++ if (((end - start) >= 2) && (c[end - 1] == '.')) {
++ if ((c[end - 2] == '/')
++ || ((c[end - 2] == '.')
++ && (c[end - 3] == '/'))) {
++ return false;
++ }
++ }
++
++ // Check for "/./"
++ if (uriCC.indexOf("/./", 0, 3, 0) >= 0) {
++ return false;
++ }
++
++ // Check for "/./"
++ if (uriCC.indexOf("/../", 0, 4, 0) >= 0) {
++ return false;
++ }
++
++ return true;
++
++ }
++
++
+ // ------------------------------------------------------ Protected Methods
+
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-IT-168408.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-IT-168408.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-IT-168408.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,26 @@
+--- connectors/util/java/org/apache/tomcat/util/http/Parameters.java 2007-03-05 16:27:39.000000000 +0100
++++ connectors/util/java/org/apache/tomcat/util/http/Parameters.java 2008-03-31 10:01:52.000000000 +0200
+@@ -504,17 +504,12 @@
+ public void processParameters( MessageBytes data, String encoding ) {
+ if( data==null || data.isNull() || data.getLength() <= 0 ) return;
+
+- if( data.getType() == MessageBytes.T_BYTES ) {
+- ByteChunk bc=data.getByteChunk();
+- processParameters( bc.getBytes(), bc.getOffset(),
+- bc.getLength(), encoding);
+- } else {
+- if (data.getType()!= MessageBytes.T_CHARS )
+- data.toChars();
+- CharChunk cc=data.getCharChunk();
+- processParameters( cc.getChars(), cc.getOffset(),
+- cc.getLength());
++ if (data.getType() != MessageBytes.T_BYTES) {
++ data.toBytes();
+ }
++ ByteChunk bc=data.getByteChunk();
++ processParameters( bc.getBytes(), bc.getOffset(),
++ bc.getLength(), encoding);
+ }
+
+ /** Debug purpose
+
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-http11-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-http11-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.23-http11-build.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,23 @@
+--- connectors/http11/build.xml.orig 2007-02-26 10:27:04.000000000 -0500
++++ connectors/http11/build.xml 2007-02-26 10:28:11.000000000 -0500
+@@ -31,7 +31,7 @@
+
+ <!-- The locations of necessary jar files -->
+ <property name="tomcat-util.jar" value="${util.home}/build/lib/tomcat-util.jar"/>
+- <property name="tomcat-jni.jar" value="../jni/dist/tomcat-native-1.0.0.jar" />
++ <property name="tomcat-jni.jar" value="../../build/build/server/lib/tomcat-apr.jar" />
+ <property name="tomcat-coyote.jar" value="${coyote.home}/build/lib/tomcat-coyote.jar"/>
+ <property name="tomcat33-coyote.jar"
+ value="${coyote.home}/build/lib/tomcat33-coyote.jar"/>
+@@ -169,7 +169,10 @@
+ deprecation="${compile.deprecation}"
+ optimize="${compile.optimize}">
+ <exclude name="org\apache\coyote\http11\*Apr*" unless="jdk.1.4.present" />
+- <classpath refid="compile.classpath"/>
++ <classpath>
++ <path refid="compile.classpath"/>
++ <pathelement location="${build.home}/../../jakarta-tomcat-5/build/classes"/>
++ </classpath>
+ </javac>
+ <copy todir="${build.home}/classes" filtering="on">
+ <fileset dir="${source.home}" excludes="**/*.java"/>
Added: apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.link_admin_jar.patch
===================================================================
--- apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.link_admin_jar.patch (rev 0)
+++ apache-tomcat/5.5.23.patch05-brew/src/tomcat5-5.5.link_admin_jar.patch 2008-08-22 16:02:11 UTC (rev 13529)
@@ -0,0 +1,12 @@
+--- container/webapps/admin/admin.xml.sav 2006-03-23 16:16:51.000000000 +0100
++++ container/webapps/admin/admin.xml 2006-03-23 16:17:49.000000000 +0100
+@@ -17,4 +17,9 @@
+ allow="127.0.0.1"/>
+ -->
+
++ <!-- Allow linking since JPackage do not install jar as copies -->
++
++ <Resources className="org.apache.naming.resources.FileDirContext"
++ allowLinking="true"/>
++
+ </Context>
More information about the jboss-cvs-commits
mailing list