[jboss-cvs] Repository SVN: r26739 - in apache-tomcat: 5.5.23.patch06-brew and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed May 6 17:26:41 EDT 2009
Author: dknox at redhat.com
Date: 2009-05-06 17:26:40 -0400 (Wed, 06 May 2009)
New Revision: 26739
Added:
apache-tomcat/5.5.23.patch06-brew/
apache-tomcat/5.5.23.patch06-brew/component-info.xml
apache-tomcat/5.5.23.patch06-brew/lib/
apache-tomcat/5.5.23.patch06-brew/lib/catalina-manager.jar
apache-tomcat/5.5.23.patch06-brew/lib/catalina-optional.jar
apache-tomcat/5.5.23.patch06-brew/lib/catalina.jar
apache-tomcat/5.5.23.patch06-brew/lib/jasper-compiler-jdt.jar
apache-tomcat/5.5.23.patch06-brew/lib/jasper-compiler.jar
apache-tomcat/5.5.23.patch06-brew/lib/jasper-runtime.jar
apache-tomcat/5.5.23.patch06-brew/lib/naming-resources.jar
apache-tomcat/5.5.23.patch06-brew/lib/servlets-default.jar
apache-tomcat/5.5.23.patch06-brew/lib/servlets-invoker.jar
apache-tomcat/5.5.23.patch06-brew/lib/servlets-webdav.jar
apache-tomcat/5.5.23.patch06-brew/lib/tomcat-ajp.jar
apache-tomcat/5.5.23.patch06-brew/lib/tomcat-apr.jar
apache-tomcat/5.5.23.patch06-brew/lib/tomcat-coyote.jar
apache-tomcat/5.5.23.patch06-brew/lib/tomcat-http.jar
apache-tomcat/5.5.23.patch06-brew/lib/tomcat-util.jar
apache-tomcat/5.5.23.patch06-brew/src/
apache-tomcat/5.5.23.patch06-brew/src/apache-tomcat-5.5.23-src.tar.gz
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2449.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2450.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3386.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-build-build-properties-default.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-javaxssl.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jk-build.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jspc-classpath.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jt5-build.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtc-build.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtj-build.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-skip-build-on-install.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-util-build.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5333.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-IT-168408.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-http11-build.patch
apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.link_admin_jar.patch
Log:
ASPATCH-361 Security Update for Tomcat 5.5.23 (CVE-2007-5333) JBossAS-4.0.5.GA_CP17, JBossAS-4.0.4.GA_CP17 5.5.23.patch06-brew
Added: apache-tomcat/5.5.23.patch06-brew/component-info.xml
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/component-info.xml (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/component-info.xml 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,61 @@
+<project name="apache-tomcat-component-info">
+
+ <component id="apache-tomcat"
+ licenseType="apache-2.0"
+ version="5.5.23.patch06-brew"
+ projectHome="http://tomcat.apache.org"
+ description="Tomcat 5.5 servlet 2.4 web container with fixes for ASPATCH-234 and IT #168408, as well as fixes for CVE-2007-2449, CVE-2007-2450, CVE-2007-3386, CVE-2007-3382, CVE-2007-3385, 2007-5342, and CVE-2007-5461, plus CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2007-5333"
+ scm=":ext:cvs.devel.redhat.com:/cvs/dist/tomcat5"
+ tag="tomcat5-5_5_23-3_patch06_0jpp_1jb">
+ <!-- Built using JDK 1.4 -->
+ <artifact id="catalina-manager.jar"/>
+ <artifact id="catalina-optional.jar"/>
+ <artifact id="catalina.jar"/>
+ <artifact id="jasper-compiler-jdt.jar"/>
+ <artifact id="jasper-compiler.jar"/>
+ <artifact id="jasper-runtime.jar"/>
+ <artifact id="naming-resources.jar"/>
+ <artifact id="servlets-default.jar"/>
+ <artifact id="servlets-invoker.jar"/>
+ <artifact id="servlets-webdav.jar"/>
+ <artifact id="tomcat-ajp.jar"/>
+ <artifact id="tomcat-apr.jar"/>
+ <artifact id="tomcat-coyote.jar"/>
+ <artifact id="tomcat-http.jar"/>
+ <artifact id="tomcat-util.jar"/>
+
+ <import componentref="apache-logging">
+ <compatible version="1.0.3"/>
+ <compatible version="1.0.4jboss"/>
+ <compatible version="1.0.4.1jboss"/>
+ <compatible version="1.0.5.GA-jboss"/>
+ <compatible version="1.0.5.SP1-jboss"/>
+ <compatible version="1.1"/>
+ <compatible version="1.1.0.jboss"/>
+ </import>
+ <import componentref="apache-modeler">
+ <compatible version="2.0-brew" />
+ </import>
+ <import componentref="commons-el">
+ <compatible version="1.0"/>
+ </import>
+ <export>
+ <include input="catalina-manager.jar"/>
+ <include input="catalina-optional.jar"/>
+ <include input="catalina.jar"/>
+ <include input="jasper-compiler-jdt.jar"/>
+ <include input="jasper-compiler.jar"/>
+ <include input="jasper-runtime.jar"/>
+ <include input="naming-resources.jar"/>
+ <include input="servlets-default.jar"/>
+ <include input="servlets-invoker.jar"/>
+ <include input="servlets-webdav.jar"/>
+ <include input="tomcat-ajp.jar"/>
+ <include input="tomcat-apr.jar"/>
+ <include input="tomcat-coyote.jar"/>
+ <include input="tomcat-http.jar"/>
+ <include input="tomcat-util.jar"/>
+
+ </export>
+ </component>
+</project>
Added: apache-tomcat/5.5.23.patch06-brew/lib/catalina-manager.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/catalina-manager.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/catalina-optional.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/catalina-optional.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/catalina.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/catalina.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/jasper-compiler-jdt.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/jasper-compiler-jdt.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/jasper-compiler.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/jasper-compiler.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/jasper-runtime.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/jasper-runtime.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/naming-resources.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/naming-resources.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/servlets-default.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/servlets-default.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/servlets-invoker.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/servlets-invoker.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/servlets-webdav.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/servlets-webdav.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-ajp.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-ajp.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-apr.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-apr.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-coyote.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-coyote.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-http.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-http.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-util.jar
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/lib/tomcat-util.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/src/apache-tomcat-5.5.23-src.tar.gz
===================================================================
(Binary files differ)
Property changes on: apache-tomcat/5.5.23.patch06-brew/src/apache-tomcat-5.5.23-src.tar.gz
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2449.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2449.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2449.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,104 @@
+Index: servletapi/jsr152/examples/source.jsp
+===================================================================
+--- servletapi/jsr152/examples/source.jsp (revision 547082)
++++ servletapi/jsr152/examples/source.jsp (revision 547083)
+@@ -17,4 +17,4 @@
+ <%@ taglib uri="http://jakarta.apache.org/tomcat/examples-taglib"
+ prefix="eg" %>
+
+-<eg:ShowSource jspFile="<%= request.getQueryString() %>"/>
++<eg:ShowSource jspFile="<%= util.HTMLFilter.filter(request.getQueryString()) %>"/>
+Index: servletapi/jsr152/examples/snp/snoop.html
+===================================================================
+--- servletapi/jsr152/examples/snp/snoop.html (revision 547082)
++++ servletapi/jsr152/examples/snp/snoop.html (revision 547083)
+@@ -24,8 +24,8 @@
+ <body bgcolor="#FFFFFF">
+ <p><font color="#0000FF"><a href="snoop.jsp"><img src="../images/execute.gif" align="right" border="0"></a><a href="../index.html"><img src="../images/return.gif" width="24" height="24" align="right" border="0"></a></font></p>
+
+-<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font color="#0000FF"></a>
+- </font> </h3>
++<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font color="#0000FF">
++ </font></a></h3>
+
+ </body>
+ </html>
+Index: servletapi/jsr152/examples/snp/snoop.jsp
+===================================================================
+--- servletapi/jsr152/examples/snp/snoop.jsp (revision 547082)
++++ servletapi/jsr152/examples/snp/snoop.jsp (revision 547083)
+@@ -19,37 +19,38 @@
+ <body bgcolor="white">
+ <h1> Request Information </h1>
+ <font size="4">
+-JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %>
++JSP Request Method: <%= util.HTMLFilter.filter(request.getMethod()) %>
+ <br>
+-Request URI: <%= request.getRequestURI() %>
++Request URI: <%= util.HTMLFilter.filter(request.getRequestURI()) %>
+ <br>
+-Request Protocol: <%= request.getProtocol() %>
++Request Protocol: <%= util.HTMLFilter.filter(request.getProtocol()) %>
+ <br>
+-Servlet path: <%= request.getServletPath() %>
++Servlet path: <%= util.HTMLFilter.filter(request.getServletPath()) %>
+ <br>
+-Path info: <% out.print(util.HTMLFilter.filter(request.getPathInfo())); %>
++Path info: <%= util.HTMLFilter.filter(request.getPathInfo()) %>
+ <br>
+-Query string: <% out.print(util.HTMLFilter.filter(request.getQueryString())); %>
++Query string: <%= util.HTMLFilter.filter(request.getQueryString()) %>
+ <br>
+ Content length: <%= request.getContentLength() %>
+ <br>
+-Content type: <% out.print(util.HTMLFilter.filter(request.getContentType())); %>
++Content type: <%= util.HTMLFilter.filter(request.getContentType()) %>
+ <br>
+-Server name: <%= request.getServerName() %>
++Server name: <%= util.HTMLFilter.filter(request.getServerName()) %>
+ <br>
+ Server port: <%= request.getServerPort() %>
+ <br>
+-Remote user: <%= request.getRemoteUser() %>
++Remote user: <%= util.HTMLFilter.filter(request.getRemoteUser()) %>
+ <br>
+-Remote address: <%= request.getRemoteAddr() %>
++Remote address: <%= util.HTMLFilter.filter(request.getRemoteAddr()) %>
+ <br>
+-Remote host: <%= request.getRemoteHost() %>
++Remote host: <%= util.HTMLFilter.filter(request.getRemoteHost()) %>
+ <br>
+-Authorization scheme: <%= request.getAuthType() %>
++Authorization scheme: <%= util.HTMLFilter.filter(request.getAuthType()) %>
+ <br>
+ Locale: <%= request.getLocale() %>
+ <hr>
+-The browser you are using is <% out.print(util.HTMLFilter.filter(request.getHeader("User-Agent"))); %>
++The browser you are using is
++<%= util.HTMLFilter.filter(request.getHeader("User-Agent")) %>
+ <hr>
+ </font>
+ </body>
+Index: servletapi/jsr152/examples/security/protected/index.jsp
+===================================================================
+--- servletapi/jsr152/examples/security/protected/index.jsp (revision 547082)
++++ servletapi/jsr152/examples/security/protected/index.jsp (revision 547083)
+@@ -27,14 +27,16 @@
+ </head>
+ <body bgcolor="white">
+
+-You are logged in as remote user <b><%= request.getRemoteUser() %></b>
++You are logged in as remote user
++<b><%= util.HTMLFilter.filter(request.getRemoteUser()) %></b>
+ in session <b><%= session.getId() %></b><br><br>
+
+ <%
+ if (request.getUserPrincipal() != null) {
+ %>
+ Your user principal name is
+- <b><%= request.getUserPrincipal().getName() %></b><br><br>
++ <b><%= util.HTMLFilter.filter(request.getUserPrincipal().getName()) %></b>
++ <br><br>
+ <%
+ } else {
+ %>
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2450.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2450.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-2450.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,52 @@
+Index: container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
+===================================================================
+--- container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java (revision 547081)
++++ container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java (revision 547082)
+@@ -32,6 +32,7 @@
+
+ import org.apache.catalina.Container;
+ import org.apache.catalina.Host;
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.catalina.util.ServerInfo;
+
+ /**
+@@ -195,7 +196,11 @@
+ // Message Section
+ args = new Object[3];
+ args[0] = sm.getString("htmlHostManagerServlet.messageLabel");
+- args[1] = (message == null || message.length() == 0) ? "OK" : message;
++ if (message == null || message.length() == 0) {
++ args[1] = "OK";
++ } else {
++ args[1] = RequestUtil.filter(message);
++ }
+ writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
+
+ // Manager Section
+Index: container/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java
+===================================================================
+--- container/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java (revision 547081)
++++ container/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java (revision 547082)
+@@ -107,8 +107,7 @@
+ message = stop(path);
+ } else {
+ message =
+- sm.getString("managerServlet.unknownCommand",
+- RequestUtil.filter(command));
++ sm.getString("managerServlet.unknownCommand", command);
+ }
+
+ list(request, response, message);
+@@ -282,7 +281,11 @@
+ // Message Section
+ args = new Object[3];
+ args[0] = sm.getString("htmlManagerServlet.messageLabel");
+- args[1] = (message == null || message.length() == 0) ? "OK" : message;
++ if (message == null || message.length() == 0) {
++ args[1] = "OK";
++ } else {
++ args[1] = RequestUtil.filter(message);
++ }
+ writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
+
+ // Manager Section
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3382_CVE-2007-3385.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,135 @@
+--- ./connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007-03-05 16:27:39.000000000 +0100
++++ ./connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007-08-24 14:40:51.000000000 +0200
+@@ -130,6 +130,7 @@
+ //
+ // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";
+ private static final String tspecials = ",; ";
++ private static final String tspecials2 = ",; \"";
+
+ /*
+ * Tests a string and returns true if the string counts as a
+@@ -154,6 +155,20 @@
+ return true;
+ }
+
++ public static boolean isToken2(String value) {
++ if( value==null) return true;
++ int len = value.length();
++
++ for (int i = 0; i < len; i++) {
++ char c = value.charAt(i);
++
++ if (c < 0x20 || c >= 0x7f || tspecials2.indexOf(c) != -1)
++ return false;
++ }
++ return true;
++ }
++
++
+ public static boolean checkName( String name ) {
+ if (!isToken(name)
+ || name.equalsIgnoreCase("Comment") // rfc2019
+@@ -213,7 +228,7 @@
+ // this part is the same for all cookies
+ buf.append( name );
+ buf.append("=");
+- maybeQuote(version, buf, value);
++ maybeQuote2(version, buf, value);
+
+ // XXX Netscape cookie: "; "
+ // add version 1 specific information
+@@ -284,6 +299,20 @@
+ }
+ }
+
++
++ public static void maybeQuote2 (int version, StringBuffer buf,
++ String value) {
++ // special case - a \n or \r shouldn't happen in any case
++ if (isToken2(value)) {
++ buf.append(value);
++ } else {
++ buf.append('"');
++ buf.append(escapeDoubleQuotes(value));
++ buf.append('"');
++ }
++ }
++
++
+ // log
+ static final int dbg=1;
+ public static void log(String s ) {
+@@ -306,12 +335,14 @@
+ }
+
+ StringBuffer b = new StringBuffer();
++ char p = s.charAt(0);
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+- if (c == '"')
++ if (c == '"' && p != '\\')
+ b.append('\\').append('"');
+ else
+ b.append(c);
++ p = c;
+ }
+
+ return b.toString();
+--- ./connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 14:15:10.000000000 +0200
++++ ./connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 14:50:26.000000000 +0200
+@@ -249,9 +249,11 @@
+ int endValue=startValue;
+
+ cc=bytes[pos];
+- if( cc== '\'' || cc=='"' ) {
+- startValue++;
+- endValue=indexOf( bytes, startValue, end, cc );
++ if( cc=='"' ) {
++ endValue=findDelim3( bytes, startValue+1, end, cc );
++ if (endValue == -1) {
++ endValue = findDelim2(bytes, startValue+1, end);
++ } else startValue++;
+ pos=endValue+1; // to skip to next cookie
+ } else {
+ endValue=findDelim2( bytes, startValue, end );
+@@ -335,28 +337,26 @@
+ return off;
+ }
+
+- public static int indexOf( byte bytes[], int off, int end, byte qq )
++ /*
++ * search for cc but skip \cc as required by rfc2616
++ * (according to rfc2616 cc should be ")
++ */
++ public static int findDelim3( byte bytes[], int off, int end, byte cc )
+ {
+ while( off < end ) {
+ byte b=bytes[off];
+- if( b==qq )
++ if (b=='\\') {
++ off++;
++ off++;
++ continue;
++ }
++ if( b==cc )
+ return off;
+ off++;
+ }
+- return off;
++ return -1;
+ }
+
+- public static int indexOf( byte bytes[], int off, int end, char qq )
+- {
+- while( off < end ) {
+- byte b=bytes[off];
+- if( b==qq )
+- return off;
+- off++;
+- }
+- return off;
+- }
+-
+ // XXX will be refactored soon!
+ public static boolean equals( String s, byte b[], int start, int end) {
+ int blen = end-start;
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3386.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3386.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-3386.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,24 @@
+--- container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2007/07/19 02:21:09 557457
++++ container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2007/07/19 02:21:58 557458
+@@ -253,7 +253,7 @@
+
+ if (host != null ) {
+ args = new Object[2];
+- args[0] = hostName;
++ args[0] = RequestUtil.filter(hostName);
+ String[] aliases = host.findAliases();
+ StringBuffer buf = new StringBuffer();
+ if (aliases.length > 0) {
+@@ -265,9 +265,11 @@
+
+ if (buf.length() == 0) {
+ buf.append(" ");
++ args[1] = buf.toString();
++ } else {
++ args[1] = RequestUtil.filter(buf.toString());
+ }
+
+- args[1] = buf.toString();
+ writer.print
+ (MessageFormat.format(HOSTS_ROW_DETAILS_SECTION, args));
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-CVE-2007-5461-webdav.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,72 @@
+--- container/catalina/src/share/org/apache/catalina/servlets/LocalStrings.properties.orig 2007-03-05 10:27:45.000000000 -0500
++++ container/catalina/src/share/org/apache/catalina/servlets/LocalStrings.properties 2007-11-07 11:36:48.410682000 -0500
+@@ -10,6 +10,7 @@
+ invokerServlet.notNamed=Cannot call invoker servlet with a named dispatcher
+ invokerServlet.noWrapper=Container has not called setWrapper() for this servlet
+ webdavservlet.jaxpfailed=JAXP initialization failed
++webdavservlet.enternalEntityIgnored=The request included a reference to an external entity with PublicID {0} and SystemID {1} which was ignored
+ directory.filename=Filename
+ directory.lastModified=Last Modified
+ directory.parent=Up To {0}
+--- container/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java.orig 2007-03-05 10:27:45.000000000 -0500
++++ container/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java 2007-11-07 11:36:48.420673000 -0500
+@@ -20,6 +20,7 @@
+
+
+ import java.io.IOException;
++import java.io.StringReader;
+ import java.io.StringWriter;
+ import java.io.Writer;
+ import java.security.MessageDigest;
+@@ -40,6 +41,7 @@
+ import javax.naming.NamingEnumeration;
+ import javax.naming.NamingException;
+ import javax.naming.directory.DirContext;
++import javax.servlet.ServletContext;
+ import javax.servlet.ServletException;
+ import javax.servlet.UnavailableException;
+ import javax.servlet.http.HttpServletRequest;
+@@ -60,6 +62,7 @@
+ import org.w3c.dom.Element;
+ import org.w3c.dom.Node;
+ import org.w3c.dom.NodeList;
++import org.xml.sax.EntityResolver;
+ import org.xml.sax.InputSource;
+ import org.xml.sax.SAXException;
+
+@@ -252,6 +255,8 @@
+ documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ documentBuilder = documentBuilderFactory.newDocumentBuilder();
++ documentBuilder.setEntityResolver(
++ new WebdavResolver(this.getServletContext()));
+ } catch(ParserConfigurationException e) {
+ throw new ServletException
+ (sm.getString("webdavservlet.jaxpfailed"));
+@@ -2737,6 +2742,26 @@
+ }
+
+
++ // --------------------------------------------- WebdavResolver Inner Class
++ /**
++ * Work around for XML parsers that don't fully respect
++ * {@link DocumentBuilderFactory#setExpandEntityReferences(false)}. External
++ * references are filtered out for security reasons. See CVE-2007-5461.
++ */
++ private class WebdavResolver implements EntityResolver {
++ private ServletContext context;
++
++ public WebdavResolver(ServletContext theContext) {
++ context = theContext;
++ }
++
++ public InputSource resolveEntity (String publicId, String systemId) {
++ context.log(sm.getString("webdavservlet.enternalEntityIgnored",
++ publicId, systemId));
++ return new InputSource(
++ new StringReader("Ignored external entity"));
++ }
++ }
+ };
+
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-build-build-properties-default.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-build-build-properties-default.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-build-build-properties-default.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,11 @@
+--- ./build/build.properties.default.p20 2007-03-05 10:27:32.000000000 -0500
++++ ./build/build.properties.default 2007-04-29 10:48:38.000000000 -0400
+@@ -137,7 +137,7 @@
+ # ----- Eclipse JDT, version 3.1.2 or later -----
+ jdt.home=${base.path}/eclipse/plugins
+ jdt.lib=${jdt.home}
+-jdt.jar=${jdt.lib}/org.eclipse.jdt.core_3.1.2.jar
++jdt.jar=${base.path}/jdtcore.jar
+ jdt.loc=http://archive.eclipse.org/eclipse/downloads/drops/R-3.1.2-200601181600/eclipse-JDT-3.1.2.zip
+
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-javaxssl.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-javaxssl.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-javaxssl.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,72 @@
+--- connectors/jk/java/org/apache/jk/server/JkMain.java.sav 2006-03-23 16:56:20.000000000 +0100
++++ connectors/jk/java/org/apache/jk/server/JkMain.java 2006-03-23 16:57:27.000000000 +0100
+@@ -101,7 +101,7 @@
+ return jkMain;
+ }
+
+- private static String DEFAULT_HTTPS="com.sun.net.ssl.internal.www.protocol";
++ private static String DEFAULT_HTTPS="javax.net.ssl.internal.www.protocol";
+ private void initHTTPSUrls() {
+ try {
+ // 11657: if only ajp is used, https: redirects need to work ( at least for 1.3+)
+--- connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java.sav 2006-03-23 16:58:48.000000000 +0100
++++ connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java 2006-03-23 17:01:34.000000000 +0100
+@@ -67,13 +67,13 @@
+ */
+ void init() throws IOException {
+ try {
+- try {
+- Class ssps = Class.forName("sun.security.provider.Sun");
+- Security.addProvider ((Provider)ssps.newInstance());
+- }catch(Exception cnfe) {
++ //try {
++ // Class ssps = Class.forName("sun.security.provider.Sun");
++ // Security.addProvider ((Provider)ssps.newInstance());
++ //}catch(Exception cnfe) {
+ //Ignore, since this is a non-Sun JVM
+- }
+- Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
++ //}
++ //Security.addProvider (new com.sun.net.ssl.internal.ssl.Provider());
+
+ String clientAuthStr = (String)attributes.get("clientauth");
+ if("true".equalsIgnoreCase(clientAuthStr) ||
+@@ -91,8 +91,8 @@
+ if (algorithm == null) algorithm = defaultAlgorithm;
+
+ // Set up KeyManager, which will extract server key
+- com.sun.net.ssl.KeyManagerFactory kmf =
+- com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
++ javax.net.ssl.KeyManagerFactory kmf =
++ javax.net.ssl.KeyManagerFactory.getInstance(algorithm);
+ String keystoreType = (String)attributes.get("keystoreType");
+ if (keystoreType == null) {
+ keystoreType = defaultKeystoreType;
+@@ -102,22 +102,22 @@
+ keystorePass.toCharArray());
+
+ // Set up TrustManager
+- com.sun.net.ssl.TrustManager[] tm = null;
++ javax.net.ssl.TrustManager[] tm = null;
+ String truststoreType = (String)attributes.get("truststoreType");
+ if(truststoreType == null) {
+ truststoreType = keystoreType;
+ }
+ KeyStore trustStore = getTrustStore(truststoreType);
+ if (trustStore != null) {
+- com.sun.net.ssl.TrustManagerFactory tmf =
+- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
++ javax.net.ssl.TrustManagerFactory tmf =
++ javax.net.ssl.TrustManagerFactory.getInstance("SunX509");
+ tmf.init(trustStore);
+ tm = tmf.getTrustManagers();
+ }
+
+ // Create and init SSLContext
+- com.sun.net.ssl.SSLContext context =
+- com.sun.net.ssl.SSLContext.getInstance(protocol);
++ javax.net.ssl.SSLContext context =
++ javax.net.ssl.SSLContext.getInstance(protocol);
+ context.init(kmf.getKeyManagers(), tm, new SecureRandom());
+
+ // Create proxy
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jk-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jk-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jk-build.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,27 @@
+--- connectors/jk/build.xml.p14 2006-03-05 02:25:22.000000000 +0100
++++ connectors/jk/build.xml 2006-03-23 19:25:51.000000000 +0100
+@@ -28,7 +28,7 @@
+ <property name="tomcat-jkshm.jar" value="${jk.build}/lib/jkshm.jar" />
+ <property name="tomcat-jk2.jar" value="${jk.build}/lib/tomcat-jk2.jar" />
+ <property name="tomcat-jni.jar" value="${jk.build}/lib/tomcat-jni.jar" />
+- <property name="tomcat-apr.jar" value="../jni/dist/tomcat-native-1.0.0.jar" />
++ <property name="tomcat-apr.jar" value="../../build/build/server/lib/tomcat-apr.jar" />
+
+ <!-- default locations, overrident by properties -->
+ <property name="base.path" location="/usr/share/java"/>
+@@ -211,6 +211,7 @@
+ <exclude name="org/apache/jk/ant/**" />
+ <classpath>
+ <pathelement location="${tomcat-apr.jar}" />
++ <pathelement location="${jk.build}/../../build/build/classes"/>
+ <path refid="xml-apis.classpath"/>
+ <path refid="build-main.classpath"/>
+ </classpath>
+@@ -252,6 +252,7 @@
+ <include name="org/apache/coyote/ajp/**"/>
+ <include name="org/apache/jk/config/**"/>
+ <classpath>
++ <pathelement location="${jk.build}/../../build/build/classes"/>
+ <path refid="xml-apis.classpath"/>
+ <path refid="build-main.classpath"/>
+ <path refid="build-tc5.classpath"/>
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jspc-classpath.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jspc-classpath.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jspc-classpath.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,10 @@
+--- build/build.xml.sav 2006-02-21 13:48:51.743828000 -0500
++++ build/build.xml 2006-02-21 13:48:56.499065000 -0500
+@@ -416,6 +416,7 @@
+
+ <path id="jspc.classpath">
+ <pathelement location="${java.home}/../lib/tools.jar"/>
++ <pathelement location="/usr/lib/jvm/java/jre/lib/rt.jar"/>
+ <pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${tomcat.build}/server/classes"/>
+ <fileset dir="${tomcat.build}/server/lib">
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jt5-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jt5-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jt5-build.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,46 @@
+--- ./build/build.xml.p2 2007-04-29 11:47:03.000000000 -0400
++++ ./build/build.xml 2007-04-29 11:48:48.000000000 -0400
+@@ -59,10 +59,10 @@
+ <property name="tomcat.release" value="${basedir}/release"/>
+ <property name="webapps.build" value="${catalina.home}/webapps/build"/>
+ <property name="webapps.dist" value="${catalina.home}/webapps/dist"/>
+- <property name="tomcat-dbcp.home" value="${base.path}/tomcat-deps" />
++ <property name="tomcat-dbcp.home" value="${base.path}" />
+ <property name="tomcat-dbcp.jar"
+- value="${tomcat-dbcp.home}/naming-factory-dbcp.jar"/>
+- <property name="jasper-compiler-jdt.home" value="${base.path}/tomcat-deps" />
++ value="${tomcat-dbcp.home}/commons-dbcp.jar"/>
++ <property name="jasper-compiler-jdt.home" value="./jasper-compiler-jdt-home" />
+ <property name="jasper-compiler-jdt.jar"
+ value="${jasper-compiler-jdt.home}/jasper-compiler-jdt.jar"/>
+
+@@ -160,11 +160,17 @@
+ failonerror="false" />
+
+ <copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
+- file="${tomcat-native.tar.gz}" />
++ file="${tomcat-native.tar.gz}"
++ failonerror="false" />
+
+ <!-- <copy todir="${tomcat.build}/common/lib" file="${ant.jar}"/>
+ <copy todir="${tomcat.build}/common/lib" file="${ant-launcher.jar}"/> -->
++<!--
+ <copy todir="${tomcat.build}/common/lib" file="${jasper-compiler-jdt.jar}"/>
++-->
++<!-- these should be links -->
++ <copy todir="${tomcat.build}/common/lib" file="${base.path}/jdtcore.jar" failonerror="false"/>
++
+ </target>
+
+ <!-- ====================== Build all components =================== -->
+@@ -956,7 +962,9 @@
+ <copy todir="embed/lib">
+ <fileset dir="build/common/lib">
+ <include name="jasper-compiler.jar"/>
+- <include name="jasper-compiler-jdt.jar"/>
++ <!-- <include name="jasper-compiler-jdt.jar"/> -->
++ <include name="jdtcore.jar"/>
++
+ </fileset>
+ </copy>
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtc-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtc-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtc-build.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,22 @@
+--- container/catalina/build.xml.sav 2006-03-23 16:46:37.000000000 +0100
++++ container/catalina/build.xml 2006-03-23 16:47:44.000000000 +0100
+@@ -42,7 +42,7 @@
+ <property name="tomcat-http11.jar"
+ value="${tomcat-http11.home}/build/lib/tomcat-http11.jar"/>
+ <property name="tomcat-dbcp.jar"
+- value="${base.path}/tomcat-deps/naming-factory-dbcp.jar"/>
++ value="${base.path}/commons-dbcp.jar"/>
+ <!-- Construct Catalina classpath -->
+ <path id="catalina.classpath">
+ <pathelement location="${activation.jar}"/>
+--- container/modules/cluster/build.xml.sav 2006-03-23 16:49:04.000000000 +0100
++++ container/modules/cluster/build.xml 2006-03-23 16:49:54.000000000 +0100
+@@ -20,7 +20,7 @@
+ <pathelement location="${commons-modeler.jar}"/>
+ <pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${jmx.jar}"/>
+- <pathelement location="${catalina.build}/common/lib/servlet-api.jar"/>
++ <pathelement location="${servlet-api.jar}"/>
+ </path>
+
+ <!-- Source path -->
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtj-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtj-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-jtj-build.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,20 @@
+--- jasper/build.xml.sav 2006-03-23 16:52:01.000000000 +0100
++++ jasper/build.xml 2006-03-23 16:53:17.000000000 +0100
+@@ -38,6 +38,8 @@
+ <pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${commons-daemon-launcher.jar}"/>
+ <pathelement location="${jasper.build}/shared/classes"/>
++ <pathelement location="${base.path}/jdtcore.jar"/>
++
+ </path>
+
+ <!-- Construct unit tests classpath -->
+@@ -54,6 +56,8 @@
+ <pathelement location="${commons-launcher.jar}"/>
+ <pathelement location="${jasper.build}/shared/classes"/>
+ <pathelement location="${jasper.build}/tests"/>
++ <pathelement location="${base.path}/jdtcore.jar"/>
++
+ </path>
+
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-skip-build-on-install.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-skip-build-on-install.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-skip-build-on-install.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,15 @@
+--- build/build.xml.sav 2006-03-23 16:22:33.000000000 +0100
++++ build/build.xml 2006-03-23 16:23:40.000000000 +0100
+@@ -763,10 +763,12 @@
+ <mkdir dir="${tomcat.build}/server/webapps" />
+
+ <!-- The build files are far too difficult to hack - just build it and copy -->
++ <!--
+ <ant dir="${api.home}/jsr154" target="dist">
+ </ant>
+ <ant dir="${api.home}/jsr152" target="dist">
+ </ant>
++ -->
+
+ <mkdir dir="${tomcat.build}/webapps/servlets-examples"/>
+ <copy todir="${tomcat.build}/webapps/servlets-examples">
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-util-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-util-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5-util-build.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,23 @@
+--- connectors/util/build.xml.sav 2006-03-23 19:16:02.000000000 +0100
++++ connectors/util/build.xml 2006-03-23 19:17:46.000000000 +0100
+@@ -23,7 +23,7 @@
+ <property name="tomcat-util.lib" value="${tomcat-util.build}/lib" />
+ <property name="tomcat-util.jar" value="${tomcat-util.lib}/tomcat-util.jar" />
+ <property name="tomcat-loader.jar" value="${tomcat-util.lib}/tomcat-loader.jar" />
+- <property name="tomcat-jni.jar" value="../jni/dist/tomcat-native-1.0.0.jar" />
++ <property name="tomcat-jni.jar" value="../../build/build/server/lib/tomcat-apr.jar" />
+
+ <path id="compile.classpath">
+ <pathelement location="${jmx.jar}" />
+@@ -73,7 +73,10 @@
+ optimize="off"
+ verbose="off"
+ excludes="**/CVS/**">
+- <classpath refid="compile.classpath"/>
++ <classpath>
++ <path refid="compile.classpath"/>
++ <pathelement location="${tomcat-util.build}/../../jakarta-tomcat-5/build/classes"/>
++ </classpath>
+ <exclude name="**/util/net/jsse/*" unless="jsse.present"/>
+ <exclude name="**/util/log/CommonLogHandler.java" unless="commons-logging.present"/>
+ <exclude name="**/util/net/puretls/*" unless="puretls.present"/>
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-ASPATCH-234-u.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,623 @@
+--- ./connectors/util/java/org/apache/tomcat/util/digester/Digester.java.p22 2007-03-05 10:27:39.000000000 -0500
++++ ./connectors/util/java/org/apache/tomcat/util/digester/Digester.java 2007-07-26 19:05:06.000000000 -0400
+@@ -315,14 +315,14 @@
+ /**
+ * The Log to which most logging calls will be made.
+ */
+- protected Log log =
++ protected static Log log =
+ LogFactory.getLog("org.apache.commons.digester.Digester");
+
+
+ /**
+ * The Log to which all SAX event related logging calls will be made.
+ */
+- protected Log saxLog =
++ protected static Log saxLog =
+ LogFactory.getLog("org.apache.commons.digester.Digester.sax");
+
+
+@@ -2339,8 +2339,10 @@
+ params.clear();
+ publicId = null;
+ stack.clear();
++ /*
+ log = null;
+ saxLog = null;
++ */
+ configured = false;
+
+ }
+@@ -2555,8 +2557,8 @@
+ return;
+ }
+
+- log = LogFactory.getLog("org.apache.commons.digester.Digester");
+- saxLog = LogFactory.getLog("org.apache.commons.digester.Digester.sax");
++ //log = LogFactory.getLog("org.apache.commons.digester.Digester");
++ //saxLog = LogFactory.getLog("org.apache.commons.digester.Digester.sax");
+
+ // Perform lazy configuration as needed
+ initialize(); // call hook method for subclasses that want to be initialized once only
+--- ./container/catalina/src/share/org/apache/catalina/core/ContainerBase.java.p22 2007-03-05 10:27:43.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/core/ContainerBase.java 2007-07-26 19:05:12.000000000 -0400
+@@ -183,8 +183,8 @@
+
+ /**
+ * The Logger implementation with which this Container is associated.
+- */
+ protected Log logger = null;
++ */
+
+
+ /**
+@@ -376,10 +376,13 @@
+ */
+ public Log getLogger() {
+
++ /*
+ if (logger != null)
+ return (logger);
+ logger = LogFactory.getLog(logName());
+ return (logger);
++ */
++ return log;
+
+ }
+
+@@ -994,10 +997,12 @@
+ // Start our subordinate components, if any
+ if ((loader != null) && (loader instanceof Lifecycle))
+ ((Lifecycle) loader).start();
++ /*
+ logger = null;
+ getLogger();
+ if ((logger != null) && (logger instanceof Lifecycle))
+ ((Lifecycle) logger).start();
++ */
+ if ((manager != null) && (manager instanceof Lifecycle))
+ ((Lifecycle) manager).start();
+ if ((cluster != null) && (cluster instanceof Lifecycle))
+@@ -1085,9 +1090,11 @@
+ if ((manager != null) && (manager instanceof Lifecycle)) {
+ ((Lifecycle) manager).stop();
+ }
++ /*
+ if ((logger != null) && (logger instanceof Lifecycle)) {
+ ((Lifecycle) logger).stop();
+ }
++ */
+ if ((loader != null) && (loader instanceof Lifecycle)) {
+ ((Lifecycle) loader).stop();
+ }
+--- ./container/catalina/src/share/org/apache/catalina/core/NamingContextListener.java.p22 2007-03-05 10:27:43.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/core/NamingContextListener.java 2007-07-26 19:05:17.000000000 -0400
+@@ -81,7 +81,7 @@
+ // ----------------------------------------------------- Instance Variables
+
+
+- protected Log logger = log;
++ //protected Log log = log;
+
+
+ /**
+@@ -189,7 +189,6 @@
+
+ if (container instanceof Context) {
+ namingResources = ((Context) container).getNamingResources();
+- logger = log;
+ } else if (container instanceof Server) {
+ namingResources = ((Server) container).getGlobalNamingResources();
+ } else {
+@@ -219,7 +218,7 @@
+ try {
+ createNamingContext();
+ } catch (NamingException e) {
+- logger.error
++ log.error
+ (sm.getString("naming.namingContextCreationFailed", e));
+ }
+
+@@ -232,7 +231,7 @@
+ (container, container,
+ ((Container) container).getLoader().getClassLoader());
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ }
+
+@@ -245,7 +244,7 @@
+ (container, container,
+ this.getClass().getClassLoader());
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ if (container instanceof StandardServer) {
+ ((StandardServer) container).setGlobalNamingContext
+@@ -625,7 +624,7 @@
+ // Ignore because UserTransaction was obviously
+ // added via ResourceLink
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ }
+
+@@ -635,7 +634,7 @@
+ compCtx.bind("Resources",
+ ((Container) container).getResources());
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+ }
+
+@@ -706,7 +705,7 @@
+ createSubcontexts(envCtx, ejb.getName());
+ envCtx.bind(ejb.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ }
+@@ -773,23 +772,23 @@
+ }
+ }
+ } else {
+- logger.error(sm.getString("naming.invalidEnvEntryType", env.getName()));
++ log.error(sm.getString("naming.invalidEnvEntryType", env.getName()));
+ }
+ } catch (NumberFormatException e) {
+- logger.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
++ log.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
+ } catch (IllegalArgumentException e) {
+- logger.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
++ log.error(sm.getString("naming.invalidEnvEntryValue", env.getName()));
+ }
+
+ // Binding the object to the appropriate name
+ if (value != null) {
+ try {
+- if (logger.isDebugEnabled())
+- logger.debug(" Adding environment entry " + env.getName());
++ if (log.isDebugEnabled())
++ log.debug(" Adding environment entry " + env.getName());
+ createSubcontexts(envCtx, env.getName());
+ envCtx.bind(env.getName(), value);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.invalidEnvEntryValue", e));
++ log.error(sm.getString("naming.invalidEnvEntryValue", e));
+ }
+ }
+
+@@ -824,14 +823,14 @@
+ ref.add(refAddr);
+ }
+ try {
+- if (logger.isDebugEnabled()) {
+- logger.debug(" Adding resource ref "
++ if (log.isDebugEnabled()) {
++ log.debug(" Adding resource ref "
+ + resource.getName() + " " + ref);
+ }
+ createSubcontexts(envCtx, resource.getName());
+ envCtx.bind(resource.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ if ("javax.sql.DataSource".equals(ref.getClassName())) {
+@@ -841,7 +840,7 @@
+ Registry.getRegistry(null, null).registerComponent(actualResource, on, null);
+ objectNames.put(resource.getName(), on);
+ } catch (Exception e) {
+- logger.warn(sm.getString("naming.jmxRegistrationFailed", e));
++ log.warn(sm.getString("naming.jmxRegistrationFailed", e));
+ }
+ }
+
+@@ -864,12 +863,12 @@
+ ref.add(refAddr);
+ }
+ try {
+- if (logger.isDebugEnabled())
++ if (log.isDebugEnabled())
+ log.debug(" Adding resource env ref " + resourceEnvRef.getName());
+ createSubcontexts(envCtx, resourceEnvRef.getName());
+ envCtx.bind(resourceEnvRef.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ }
+@@ -887,12 +886,12 @@
+ "UserTransaction".equals(resourceLink.getName())
+ ? compCtx : envCtx;
+ try {
+- if (logger.isDebugEnabled())
++ if (log.isDebugEnabled())
+ log.debug(" Adding resource link " + resourceLink.getName());
+ createSubcontexts(envCtx, resourceLink.getName());
+ ctx.bind(resourceLink.getName(), ref);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.bindFailed", e));
++ log.error(sm.getString("naming.bindFailed", e));
+ }
+
+ }
+@@ -906,7 +905,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -920,7 +919,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -934,7 +933,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -948,7 +947,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ ObjectName on = (ObjectName) objectNames.get(name);
+@@ -967,7 +966,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+@@ -981,7 +980,7 @@
+ try {
+ envCtx.unbind(name);
+ } catch (NamingException e) {
+- logger.error(sm.getString("naming.unbindFailed", e));
++ log.error(sm.getString("naming.unbindFailed", e));
+ }
+
+ }
+--- ./container/catalina/src/share/org/apache/catalina/core/StandardContext.java.p22 2007-03-05 10:27:43.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/core/StandardContext.java 2007-07-26 19:05:26.000000000 -0400
+@@ -103,7 +103,7 @@
+ *
+ * @author Craig R. McClanahan
+ * @author Remy Maucherat
+- * @version $Revision: 513599 $ $Date: 2007-03-01 19:34:17 -0700 (Thu, 01 Mar 2007) $
++ * @version $Revision: 522870 $ $Date: 2007-03-27 04:37:32 -0700 (Tue, 27 Mar 2007) $
+ */
+
+ public class StandardContext
+@@ -4115,10 +4115,12 @@
+
+ // Initialize logger again. Other components might have used it too early,
+ // so it should be reset.
++ /*
+ logger = null;
+ getLogger();
+ if ((logger != null) && (logger instanceof Lifecycle))
+ ((Lifecycle) logger).start();
++ */
+
+ if ((cluster != null) && (cluster instanceof Lifecycle))
+ ((Lifecycle) cluster).start();
+@@ -4353,9 +4355,6 @@
+ // Stop our filters
+ filterStop();
+
+- // Stop our application listeners
+- listenerStop();
+-
+ // Stop ContainerBackgroundProcessor thread
+ super.threadStop();
+
+@@ -4363,6 +4362,9 @@
+ ((Lifecycle) manager).stop();
+ }
+
++ // Stop our application listeners
++ listenerStop();
++
+ // Finalize our character set mapper
+ setCharsetMapper(null);
+
+@@ -4391,9 +4393,11 @@
+ if ((cluster != null) && (cluster instanceof Lifecycle)) {
+ ((Lifecycle) cluster).stop();
+ }
++ /*
+ if ((logger != null) && (logger instanceof Lifecycle)) {
+ ((Lifecycle) logger).stop();
+ }
++ */
+ if ((loader != null) && (loader instanceof Lifecycle)) {
+ ((Lifecycle) loader).stop();
+ }
+--- ./container/catalina/src/share/org/apache/catalina/session/ManagerBase.java.p22 2007-03-05 10:27:45.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/session/ManagerBase.java 2007-07-26 19:05:40.000000000 -0400
+@@ -62,7 +62,7 @@
+ */
+
+ public abstract class ManagerBase implements Manager, MBeanRegistration {
+- protected Log log = LogFactory.getLog(ManagerBase.class);
++ protected static Log log = LogFactory.getLog(ManagerBase.class);
+
+ // ----------------------------------------------------- Instance Variables
+
+--- ./container/catalina/src/share/org/apache/catalina/valves/ValveBase.java.p22 2007-03-05 10:27:47.000000000 -0500
++++ ./container/catalina/src/share/org/apache/catalina/valves/ValveBase.java 2007-07-26 19:05:47.000000000 -0400
+@@ -51,7 +51,7 @@
+ * management and lifecycle support.
+ *
+ * @author Craig R. McClanahan
+- * @version $Revision: 466608 $ $Date: 2006-10-21 17:10:15 -0600 (Sat, 21 Oct 2006) $
++ * @version $Revision: 466608 $ $Date: 2006-10-21 16:10:15 -0700 (Sat, 21 Oct 2006) $
+ */
+
+ public abstract class ValveBase
+--- ./jasper/src/share/org/apache/jasper/compiler/Compiler.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/Compiler.java 2007-07-26 19:05:53.000000000 -0400
+@@ -44,7 +44,7 @@
+ * @author Mark Roth
+ */
+ public abstract class Compiler {
+- protected org.apache.commons.logging.Log log=
++ protected static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( Compiler.class );
+
+ // ----------------------------------------------------------------- Static
+--- ./jasper/src/share/org/apache/jasper/compiler/JspConfig.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/JspConfig.java 2007-07-26 19:05:59.000000000 -0400
+@@ -43,7 +43,7 @@
+ private static final String WEB_XML = "/WEB-INF/web.xml";
+
+ // Logger
+- private Log log = LogFactory.getLog(JspConfig.class);
++ private static Log log = LogFactory.getLog(JspConfig.class);
+
+ private Vector jspProperties = null;
+ private ServletContext ctxt;
+--- ./jasper/src/share/org/apache/jasper/compiler/JspReader.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/JspReader.java 2007-07-26 19:06:06.000000000 -0400
+@@ -53,7 +53,7 @@
+ /**
+ * Logger.
+ */
+- private Log log = LogFactory.getLog(JspReader.class);
++ private static Log log = LogFactory.getLog(JspReader.class);
+
+ /**
+ * The current spot in the file.
+--- ./jasper/src/share/org/apache/jasper/compiler/JspRuntimeContext.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/JspRuntimeContext.java 2007-07-26 19:06:11.000000000 -0400
+@@ -59,7 +59,7 @@
+ public final class JspRuntimeContext implements Runnable {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspRuntimeContext.class);
++ private static Log log = LogFactory.getLog(JspRuntimeContext.class);
+
+ /*
+ * Counts how many times the webapp's JSPs have been reloaded.
+--- ./jasper/src/share/org/apache/jasper/compiler/SmapUtil.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/SmapUtil.java 2007-07-26 19:06:17.000000000 -0400
+@@ -44,7 +44,7 @@
+ */
+ public class SmapUtil {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( SmapUtil.class );
+
+ //*********************************************************************
+@@ -189,7 +189,7 @@
+ // Installation logic (from Robert Field, JSR-045 spec lead)
+ private static class SDEInstaller {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( SDEInstaller.class );
+
+ static final String nameSDE = "SourceDebugExtension";
+--- ./jasper/src/share/org/apache/jasper/compiler/TagLibraryInfoImpl.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/TagLibraryInfoImpl.java 2007-07-26 19:06:22.000000000 -0400
+@@ -63,7 +63,7 @@
+ class TagLibraryInfoImpl extends TagLibraryInfo implements TagConstants {
+
+ // Logger
+- private Log log = LogFactory.getLog(TagLibraryInfoImpl.class);
++ private static Log log = LogFactory.getLog(TagLibraryInfoImpl.class);
+
+ private Hashtable jarEntries;
+ private JspCompilationContext ctxt;
+--- ./jasper/src/share/org/apache/jasper/compiler/TldLocationsCache.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/compiler/TldLocationsCache.java 2007-07-26 19:06:26.000000000 -0400
+@@ -79,7 +79,7 @@
+ public class TldLocationsCache {
+
+ // Logger
+- private Log log = LogFactory.getLog(TldLocationsCache.class);
++ private static Log log = LogFactory.getLog(TldLocationsCache.class);
+
+ /**
+ * The types of URI one may specify for a tag library
+--- ./jasper/src/share/org/apache/jasper/runtime/JspFactoryImpl.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/runtime/JspFactoryImpl.java 2007-07-26 19:06:51.000000000 -0400
+@@ -38,7 +38,7 @@
+ public class JspFactoryImpl extends JspFactory {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspFactoryImpl.class);
++ private static Log log = LogFactory.getLog(JspFactoryImpl.class);
+
+ private static final String SPEC_VERSION = "2.0";
+ private static final boolean USE_POOL =
+--- ./jasper/src/share/org/apache/jasper/runtime/PageContextImpl.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/runtime/PageContextImpl.java 2007-07-26 19:06:57.000000000 -0400
+@@ -66,7 +66,7 @@
+ public class PageContextImpl extends PageContext implements VariableResolver {
+
+ // Logger
+- private Log log;
++ private static Log log = LogFactory.getLog(PageContextImpl.class);
+
+ // The expression evaluator, for evaluating EL expressions.
+ private static ExpressionEvaluatorImpl elExprEval
+@@ -101,7 +101,6 @@
+ * Constructor.
+ */
+ PageContextImpl(JspFactory factory) {
+- log = LogFactory.getLog(getClass());
+
+ this.variableResolver = new VariableResolverImpl(this);
+ this.outs = new BodyContentImpl[0];
+--- ./jasper/src/share/org/apache/jasper/servlet/JspServlet.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/servlet/JspServlet.java 2007-07-26 19:07:01.000000000 -0400
+@@ -56,7 +56,7 @@
+ public class JspServlet extends HttpServlet {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspServlet.class);
++ private static Log log = LogFactory.getLog(JspServlet.class);
+
+ private ServletContext context;
+ private ServletConfig config;
+--- ./jasper/src/share/org/apache/jasper/servlet/JspServletWrapper.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/servlet/JspServletWrapper.java 2007-07-26 19:07:06.000000000 -0400
+@@ -63,7 +63,7 @@
+ public class JspServletWrapper {
+
+ // Logger
+- private Log log = LogFactory.getLog(JspServletWrapper.class);
++ private static Log log = LogFactory.getLog(JspServletWrapper.class);
+
+ private Servlet theServlet;
+ private String jspUri;
+--- ./jasper/src/share/org/apache/jasper/xmlparser/ParserUtils.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/xmlparser/ParserUtils.java 2007-07-26 19:07:15.000000000 -0400
+@@ -192,7 +192,7 @@
+ class MyEntityResolver implements EntityResolver {
+
+ // Logger
+- private Log log = LogFactory.getLog(MyEntityResolver.class);
++ private static Log log = LogFactory.getLog(MyEntityResolver.class);
+
+ public InputSource resolveEntity(String publicId, String systemId)
+ throws SAXException {
+@@ -221,7 +221,7 @@
+ class MyErrorHandler implements ErrorHandler {
+
+ // Logger
+- private Log log = LogFactory.getLog(MyErrorHandler.class);
++ private static Log log = LogFactory.getLog(MyErrorHandler.class);
+
+ public void warning(SAXParseException ex) throws SAXException {
+ if (log.isDebugEnabled())
+--- ./jasper/src/share/org/apache/jasper/xmlparser/UCSReader.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/xmlparser/UCSReader.java 2007-07-26 19:07:20.000000000 -0400
+@@ -31,7 +31,7 @@
+ */
+ public class UCSReader extends Reader {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( UCSReader.class );
+
+ //
+--- ./jasper/src/share/org/apache/jasper/xmlparser/UTF8Reader.java.p22 2007-03-05 10:27:59.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/xmlparser/UTF8Reader.java 2007-07-26 19:07:25.000000000 -0400
+@@ -31,7 +31,7 @@
+ public class UTF8Reader
+ extends Reader {
+
+- private org.apache.commons.logging.Log log=
++ private static org.apache.commons.logging.Log log=
+ org.apache.commons.logging.LogFactory.getLog( UTF8Reader.class );
+
+ //
+--- ./jasper/src/share/org/apache/jasper/EmbeddedServletOptions.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/EmbeddedServletOptions.java 2007-07-26 19:06:31.000000000 -0400
+@@ -41,7 +41,7 @@
+ public final class EmbeddedServletOptions implements Options {
+
+ // Logger
+- private Log log = LogFactory.getLog(EmbeddedServletOptions.class);
++ private static Log log = LogFactory.getLog(EmbeddedServletOptions.class);
+
+ private Properties settings = new Properties();
+
+--- ./jasper/src/share/org/apache/jasper/JspC.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/JspC.java 2007-07-26 19:06:39.000000000 -0400
+@@ -95,7 +95,7 @@
+ "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93";
+
+ /** Logger (set by constructor.) */
+- private Log log;
++ private static Log log = LogFactory.getLog(JspC.class);
+
+ private static final String SWITCH_VERBOSE = "-v";
+ private static final String SWITCH_HELP = "-help";
+@@ -257,7 +257,6 @@
+
+ /** Constructor. */
+ public JspC() {
+- log = LogFactory.getLog(getClass());
+ }
+
+ public void setArgs(String[] arg) throws JasperException {
+--- ./jasper/src/share/org/apache/jasper/JspCompilationContext.java.p22 2007-03-05 10:27:58.000000000 -0500
++++ ./jasper/src/share/org/apache/jasper/JspCompilationContext.java 2007-07-26 19:06:44.000000000 -0400
+@@ -52,7 +52,7 @@
+ */
+ public class JspCompilationContext {
+
+- protected org.apache.commons.logging.Log log =
++ protected static org.apache.commons.logging.Log log =
+ org.apache.commons.logging.LogFactory.getLog(JspCompilationContext.class);
+
+ private Hashtable tagFileJarUrls;
+--- ./build.xml.p22 2007-03-05 10:27:32.000000000 -0500
++++ ./build.xml 2007-07-26 19:05:00.000000000 -0400
+@@ -72,6 +72,7 @@
+ <!-- Bugzilla 37977: http://issues.apache.org/bugzilla/show_bug.cgi?id=37977 -->
+ <!-- hackish: inputstring="t${line.separator}" is t+<enter> for svn -->
+ <!-- to temporarily accept the certificate of svn.apache.org. -->
++ <!--
+ <exec dir="${basedir}"
+ executable="svn"
+ inputstring="t${line.separator}"
+@@ -80,6 +81,7 @@
+ <arg value="${svnroot}/${current.loc}" />
+ <arg value="${basedir}" />
+ </exec>
++ -->
+
+ </target>
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5333.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5333.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5333.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,975 @@
+--- connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2009-04-15 13:31:33.000000000 +0200
++++ connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2009-04-15 16:03:59.000000000 +0200
+@@ -45,6 +45,27 @@
+ boolean unprocessed=true;
+
+ MimeHeaders headers;
++
++ /*
++ List of Separator Characters (see isSeparator())
++ Excluding the '/' char violates the RFC, but
++ it looks like a lot of people put '/'
++ in unquoted values: '/': ; //47
++ '\t':9 ' ':32 '\"':34 '\'':39 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
++ '=':61 '>':62 '?':63 '@':64 '[':91 '\\':92 ']':93 '{':123 '}':125
++ */
++ public static final char SEPARATORS[] = { '\t', ' ', '\"', '\'', '(', ')', ',',
++ ':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' };
++
++ protected static final boolean separators[] = new boolean[128];
++ static {
++ for (int i = 0; i < 128; i++) {
++ separators[i] = false;
++ }
++ for (int i = 0; i < SEPARATORS.length; i++) {
++ separators[SEPARATORS[i]] = true;
++ }
++ }
+
+ /**
+ * Construct a new cookie collection, that will extract
+@@ -182,181 +203,6 @@
+ }
+ }
+
+- /** Process a byte[] header - allowing fast processing of the
+- * raw data
+- */
+- void processCookieHeader( byte bytes[], int off, int len )
+- {
+- if( len<=0 || bytes==null ) return;
+- int end=off+len;
+- int pos=off;
+-
+- int version=0; //sticky
+- ServerCookie sc=null;
+-
+-
+- while( pos<end ) {
+- byte cc;
+- // [ skip_spaces name skip_spaces "=" skip_spaces value EXTRA ; ] *
+- if( dbg>0 ) log( "Start: " + pos + " " + end );
+-
+- pos=skipSpaces(bytes, pos, end);
+- if( pos>=end )
+- return; // only spaces
+- int startName=pos;
+- if( dbg>0 ) log( "SN: " + pos );
+-
+- // Version should be the first token
+- boolean isSpecial=false;
+- if(bytes[pos]=='$') { pos++; isSpecial=true; }
+-
+- pos= findDelim1( bytes, startName, end); // " =;,"
+- int endName=pos;
+- // current = "=" or " " or DELIM
+- pos= skipSpaces( bytes, endName, end );
+- if( dbg>0 ) log( "DELIM: " + endName + " " + (char)bytes[pos]);
+-
+- if(pos >= end ) {
+- // it's a name-only cookie ( valid in RFC2109 )
+- if( ! isSpecial ) {
+- sc=addCookie();
+- sc.getName().setBytes( bytes, startName,
+- endName-startName );
+- sc.getValue().setString("");
+- sc.setVersion( version );
+- if( dbg>0 ) log( "Name only, end: " + startName + " " +
+- endName);
+- }
+- return;
+- }
+-
+- cc=bytes[pos];
+- pos++;
+- if( cc==';' || cc==',' || pos>=end ) {
+- if( ! isSpecial && startName!= endName ) {
+- sc=addCookie();
+- sc.getName().setBytes( bytes, startName,
+- endName-startName );
+- sc.getValue().setString("");
+- sc.setVersion( version );
+- if( dbg>0 ) log( "Name only: " + startName + " " + endName);
+- }
+- continue;
+- }
+-
+- // we should have "=" ( tested all other alternatives )
+- int startValue=skipSpaces( bytes, pos, end);
+- int endValue=startValue;
+-
+- cc=bytes[pos];
+- if( cc=='"' ) {
+- endValue=findDelim3( bytes, startValue+1, end, cc );
+- if (endValue == -1) {
+- endValue = findDelim2(bytes, startValue+1, end);
+- } else startValue++;
+- pos=endValue+1; // to skip to next cookie
+- } else {
+- endValue=findDelim2( bytes, startValue, end );
+- pos=endValue+1;
+- }
+-
+- // if not $Version, etc
+- if( ! isSpecial ) {
+- sc=addCookie();
+- sc.getName().setBytes( bytes, startName, endName-startName );
+- sc.getValue().setBytes( bytes, startValue, endValue-startValue);
+- sc.setVersion( version );
+- if( dbg>0 ) {
+- log( "New: " + sc.getName() + "X=X" + sc.getValue());
+- }
+- continue;
+- }
+-
+- // special - Path, Version, Domain, Port
+- if( dbg>0 ) log( "Special: " + startName + " " + endName);
+- // XXX TODO
+- if( equals( "$Version", bytes, startName, endName ) ) {
+- if(dbg>0 ) log( "Found version " );
+- if( bytes[startValue]=='1' && endValue==startValue+1 ) {
+- version=1;
+- if(dbg>0 ) log( "Found version=1" );
+- }
+- continue;
+- }
+- if( sc==null ) {
+- // Path, etc without a previous cookie
+- continue;
+- }
+- if( equals( "$Path", bytes, startName, endName ) ) {
+- sc.getPath().setBytes( bytes,
+- startValue,
+- endValue-startValue );
+- }
+- if( equals( "$Domain", bytes, startName, endName ) ) {
+- sc.getDomain().setBytes( bytes,
+- startValue,
+- endValue-startValue );
+- }
+- if( equals( "$Port", bytes, startName, endName ) ) {
+- // sc.getPort().setBytes( bytes,
+- // startValue,
+- // endValue-startValue );
+- }
+- }
+- }
+-
+- // -------------------- Utils --------------------
+- public static int skipSpaces( byte bytes[], int off, int end ) {
+- while( off < end ) {
+- byte b=bytes[off];
+- if( b!= ' ' ) return off;
+- off ++;
+- }
+- return off;
+- }
+-
+- public static int findDelim1( byte bytes[], int off, int end )
+- {
+- while( off < end ) {
+- byte b=bytes[off];
+- if( b==' ' || b=='=' || b==';' || b==',' )
+- return off;
+- off++;
+- }
+- return off;
+- }
+-
+- public static int findDelim2( byte bytes[], int off, int end )
+- {
+- while( off < end ) {
+- byte b=bytes[off];
+- if( b==';' || b==',' )
+- return off;
+- off++;
+- }
+- return off;
+- }
+-
+- /*
+- * search for cc but skip \cc as required by rfc2616
+- * (according to rfc2616 cc should be ")
+- */
+- public static int findDelim3( byte bytes[], int off, int end, byte cc )
+- {
+- while( off < end ) {
+- byte b=bytes[off];
+- if (b=='\\') {
+- off++;
+- off++;
+- continue;
+- }
+- if( b==cc )
+- return off;
+- off++;
+- }
+- return -1;
+- }
+-
+ // XXX will be refactored soon!
+ public static boolean equals( String s, byte b[], int start, int end) {
+ int blen = end-start;
+@@ -412,7 +258,7 @@
+ /**
+ *
+ * Strips quotes from the start and end of the cookie string
+- * This conforms to RFC 2109
++ * This conforms to RFC 2965
+ *
+ * @param value a <code>String</code> specifying the cookie
+ * value (possibly quoted).
+@@ -423,8 +269,7 @@
+ private static String stripQuote( String value )
+ {
+ // log("Strip quote from " + value );
+- if (((value.startsWith("\"")) && (value.endsWith("\""))) ||
+- ((value.startsWith("'") && (value.endsWith("'"))))) {
++ if (value.startsWith("\"") && value.endsWith("\"")) {
+ try {
+ return value.substring(1,value.length()-1);
+ } catch (Exception ex) {
+@@ -441,42 +286,298 @@
+ log.debug("Cookies: " + s);
+ }
+
+- /*
+- public static void main( String args[] ) {
+- test("foo=bar; a=b");
+- test("foo=bar;a=b");
+- test("foo=bar;a=b;");
+- test("foo=bar;a=b; ");
+- test("foo=bar;a=b; ;");
+- test("foo=;a=b; ;");
+- test("foo;a=b; ;");
+- // v1
+- test("$Version=1; foo=bar;a=b");
+- test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"");
+- test("$Version=1;foo=bar;a=b; ; ");
+- test("$Version=1;foo=;a=b; ; ");
+- test("$Version=1;foo= ;a=b; ; ");
+- test("$Version=1;foo;a=b; ; ");
+- test("$Version=1;foo=\"bar\";a=b; ; ");
+- test("$Version=1;foo=\"bar\";$Path=/examples;a=b; ; ");
+- test("$Version=1;foo=\"bar\";$Domain=apache.org;a=b");
+- test("$Version=1;foo=\"bar\";$Domain=apache.org;a=b;$Domain=yahoo.com");
+- // rfc2965
+- test("$Version=1;foo=\"bar\";$Domain=apache.org;$Port=8080;a=b");
+-
+- // wrong
+- test("$Version=1;foo=\"bar\";$Domain=apache.org;$Port=8080;a=b");
+- }
+-
+- public static void test( String s ) {
+- System.out.println("Processing " + s );
+- Cookies cs=new Cookies(null);
+- cs.processCookieHeader( s.getBytes(), 0, s.length());
+- for( int i=0; i< cs.getCookieCount() ; i++ ) {
+- System.out.println("Cookie: " + cs.getCookie( i ));
++ /**
++ * Returns true if the byte is a separator character as
++ * defined in RFC2619. Since this is called often, this
++ * function should be organized with the most probable
++ * outcomes first.
++ */
++ public static final boolean isSeparator(final byte c) {
++ if (c > 0 && c < 126)
++ return separators[c];
++ else
++ return false;
++ }
++
++ /**
++ * Returns true if the byte is a whitespace character as
++ * defined in RFC2619.
++ */
++ public static final boolean isWhiteSpace(final byte c) {
++ // This switch statement is slightly slower
++ // for my vm than the if statement.
++ // Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_07-164)
++ /*
++ switch (c) {
++ case ' ':;
++ case '\t':;
++ case '\n':;
++ case '\r':;
++ case '\f':;
++ return true;
++ default:;
++ return false;
++ }
++ */
++ if (c == ' ' || c == '\t' || c == '\n' || c == '\r' || c == '\f')
++ return true;
++ else
++ return false;
++ }
++
++ /**
++ * Parses a cookie header after the initial "Cookie:"
++ * [WS][$]token[WS]=[WS](token|QV)[;|,]
++ * RFC 2965
++ * JVK
++ */
++ public final void processCookieHeader(byte bytes[], int off, int len){
++ if( len<=0 || bytes==null ) return;
++ int end=off+len;
++ int pos=off;
++ int nameStart=0;
++ int nameEnd=0;
++ int valueStart=0;
++ int valueEnd=0;
++ int version = 0;
++ ServerCookie sc=null;
++ boolean isSpecial;
++ boolean isQuoted;
++
++ while (pos < end) {
++ isSpecial = false;
++ isQuoted = false;
++
++ // Skip whitespace and non-token characters (separators)
++ while (pos < end &&
++ (isSeparator(bytes[pos]) || isWhiteSpace(bytes[pos])))
++ {pos++; }
++
++ if (pos >= end)
++ return;
++
++ // Detect Special cookies
++ if (bytes[pos] == '$') {
++ isSpecial = true;
++ pos++;
++ }
++
++ // Get the cookie name. This must be a token
++ valueEnd = valueStart = nameStart = pos;
++ pos = nameEnd = getTokenEndPosition(bytes,pos,end);
++
++ // Skip whitespace
++ while (pos < end && isWhiteSpace(bytes[pos])) {pos++; };
++
++
++ // Check for an '=' -- This could also be a name-only
++ // cookie at the end of the cookie header, so if we
++ // are past the end of the header, but we have a name
++ // skip to the name-only part.
++ if (pos < end && bytes[pos] == '=') {
++
++ // Skip whitespace
++ do {
++ pos++;
++ } while (pos < end && isWhiteSpace(bytes[pos]));
++
++ if (pos >= end)
++ return;
++
++ // Determine what type of value this is, quoted value,
++ // token, name-only with an '=', or other (bad)
++ switch (bytes[pos]) {
++ case '"':; // Quoted Value
++ isQuoted = true;
++ valueStart=pos + 1; // strip "
++ // getQuotedValue returns the position before
++ // at the last qoute. This must be dealt with
++ // when the bytes are copied into the cookie
++ valueEnd=getQuotedValueEndPosition(bytes,
++ valueStart, end);
++ // We need pos to advance
++ pos = valueEnd;
++ // Handles cases where the quoted value is
++ // unterminated and at the end of the header,
++ // e.g. [myname="value]
++ if (pos >= end)
++ return;
++ break;
++ case ';':
++ case ',':
++ // Name-only cookie with an '=' after the name token
++ // This may not be RFC compliant
++ valueStart = valueEnd = -1;
++ // The position is OK (On a delimiter)
++ break;
++ default:;
++ if (!isSeparator(bytes[pos])) {
++ // Token
++ valueStart=pos;
++ // getToken returns the position at the delimeter
++ // or other non-token character
++ valueEnd=getTokenEndPosition(bytes, valueStart, end);
++ // We need pos to advance
++ pos = valueEnd;
++ } else {
++ // INVALID COOKIE, advance to next delimiter
++ // The starting character of the cookie value was
++ // not valid.
++ log("Invalid cookie. Value not a token or quoted value");
++ while (pos < end && bytes[pos] != ';' &&
++ bytes[pos] != ',')
++ {pos++; };
++ pos++;
++ // Make sure no special avpairs can be attributed to
++ // the previous cookie by setting the current cookie
++ // to null
++ sc = null;
++ continue;
++ }
++ }
++ } else {
++ // Name only cookie
++ valueStart = valueEnd = -1;
++ pos = nameEnd;
++
++ }
++
++ // We should have an avpair or name-only cookie at this
++ // point. Perform some basic checks to make sure we are
++ // in a good state.
++
++ // Skip whitespace
++ while (pos < end && isWhiteSpace(bytes[pos])) {pos++; };
++
++
++ // Make sure that after the cookie we have a separator. This
++ // is only important if this is not the last cookie pair
++ while (pos < end && bytes[pos] != ';' && bytes[pos] != ',') {
++ pos++;
++ }
++
++ pos++;
++
++ /*
++ if (nameEnd <= nameStart || valueEnd < valueStart ) {
++ // Something is wrong, but this may be a case
++ // of having two ';' characters in a row.
++ // log("Cookie name/value does not conform to RFC 2965");
++ // Advance to next delimiter (ignoring everything else)
++ while (pos < end && bytes[pos] != ';' && bytes[pos] != ',')
++ { pos++; };
++ pos++;
++ // Make sure no special cookies can be attributed to
++ // the previous cookie by setting the current cookie
++ // to null
++ sc = null;
++ continue;
++ }
++ */
++
++ // All checks passed. Add the cookie, start with the
++ // special avpairs first
++ if (isSpecial) {
++ isSpecial = false;
++ // $Version must be the first avpair in the cookie header
++ // (sc must be null)
++ if (equals( "Version", bytes, nameStart, nameEnd) &&
++ sc == null) {
++ // Set version
++ if( bytes[valueStart] =='1' && valueEnd == (valueStart+1)) {
++ version=1;
++ } else {
++ // unknown version (Versioning is not very strict)
++ }
++ continue;
++ }
++
++ // We need an active cookie for Path/Port/etc.
++ if (sc == null) {
++ continue;
++ }
++
++ // Domain is more common, so it goes first
++ if (equals( "Domain", bytes, nameStart, nameEnd)) {
++ sc.getDomain().setBytes( bytes,
++ valueStart,
++ valueEnd-valueStart);
++ continue;
++ }
++
++ if (equals( "Path", bytes, nameStart, nameEnd)) {
++ sc.getPath().setBytes( bytes,
++ valueStart,
++ valueEnd-valueStart);
++ continue;
++ }
++
++
++ if (equals( "Port", bytes, nameStart, nameEnd)) {
++ // sc.getPort is not currently implemented.
++ // sc.getPort().setBytes( bytes,
++ // valueStart,
++ // valueEnd-valueStart );
++ continue;
++ }
++
++ // Unknown cookie, complain
++ log("Unknown Special Cookie");
++
++ } else { // Normal Cookie
++ sc = addCookie();
++ sc.setVersion( version );
++ sc.getName().setBytes( bytes, nameStart,
++ nameEnd-nameStart);
++
++ if (valueStart != -1) { // Normal AVPair
++ sc.getValue().setBytes( bytes, valueStart,
++ valueEnd-valueStart);
++ if (isQuoted) {
++ // We know this is a byte value so this is safe
++ ServerCookie.unescapeDoubleQuotes(
++ sc.getValue().getByteChunk());
++ }
++ } else {
++ // Name Only
++ sc.getValue().setString("");
++ }
++ continue;
++ }
+ }
+-
+ }
+- */
+
++ /**
++ * Given the starting position of a token, this gets the end of the
++ * token, with no separator characters in between.
++ * JVK
++ */
++ public static final int getTokenEndPosition(byte bytes[], int off, int end){
++ int pos = off;
++ while (pos < end && !isSeparator(bytes[pos])) {pos++; };
++
++ if (pos > end)
++ return end;
++ return pos;
++ }
++
++ /**
++ * Given a starting position after an initial quote chracter, this gets
++ * the position of the end quote. This escapes anything after a '\' char
++ * JVK RFC 2616
++ */
++ public static final int getQuotedValueEndPosition(byte bytes[], int off, int end){
++ int pos = off;
++ while (pos < end) {
++ if (bytes[pos] == '"') {
++ return pos;
++ } else if (bytes[pos] == '\\' && pos < (end - 1)) {
++ pos+=2;
++ } else {
++ pos++;
++ }
++ }
++ // Error, we have reached the end of the header w/o a end quote
++ return end;
++ }
+ }
+--- connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2009-04-15 13:31:33.000000000 +0200
++++ connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2009-04-20 12:33:34.000000000 +0200
+@@ -21,13 +21,14 @@
+ import java.text.FieldPosition;
+ import java.util.Date;
+
++import org.apache.tomcat.util.buf.ByteChunk;
+ import org.apache.tomcat.util.buf.DateTool;
+ import org.apache.tomcat.util.buf.MessageBytes;
+
+
+ /**
+ * Server-side cookie representation.
+- * Allows recycling and uses MessageBytes as low-level
++ * Allows recycling and uses MessageBytes as low-level
+ * representation ( and thus the byte-> char conversion can be delayed
+ * until we know the charset ).
+ *
+@@ -54,6 +55,9 @@
+ private int version = 0; // ;Version=1
+
+ //XXX CommentURL, Port -> use notes ?
++
++ public static final boolean VERSION_SWITCH =
++ Boolean.valueOf(System.getProperty("org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH", "true")).booleanValue();
+
+ public ServerCookie() {
+
+@@ -87,7 +91,6 @@
+ return maxAge;
+ }
+
+-
+ public MessageBytes getPath() {
+ return path;
+ }
+@@ -112,7 +115,6 @@
+ return version;
+ }
+
+-
+ public void setVersion(int v) {
+ version = v;
+ }
+@@ -130,7 +132,8 @@
+ //
+ // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";
+ private static final String tspecials = ",; ";
+- private static final String tspecials2 = ",; \"";
++ private static final String tspecials2 = "()<>@,;:\\\"/[]?={} \t";
++ private static final String tspecials2NoSlash = "()<>@,;:\\\"[]?={} \t";
+
+ /*
+ * Tests a string and returns true if the string counts as a
+@@ -143,26 +146,52 @@
+ * if it is not
+ */
+ public static boolean isToken(String value) {
++ return isToken(value,null);
++ }
++
++ public static boolean isToken(String value, String literals) {
++ String tspecials = (literals==null?ServerCookie.tspecials:literals);
++
+ if( value==null) return true;
+ int len = value.length();
+
+ for (int i = 0; i < len; i++) {
+ char c = value.charAt(i);
+
+- if (c < 0x20 || c >= 0x7f || tspecials.indexOf(c) != -1)
++ if (tspecials.indexOf(c) != -1)
+ return false;
+ }
+ return true;
+ }
+
++ public static boolean containsCTL(String value, int version) {
++ if( value==null) return false;
++ int len = value.length();
++ for (int i = 0; i < len; i++) {
++ char c = value.charAt(i);
++ if (c < 0x20 || c >= 0x7f) {
++ if (c == 0x09)
++ continue; //allow horizontal tabs
++ return true;
++ }
++ }
++ return false;
++ }
++
+ public static boolean isToken2(String value) {
++ return isToken2(value,null);
++ }
++
++ public static boolean isToken2(String value, String literals) {
++ String tspecials2 = (literals==null?ServerCookie.tspecials2:literals);
++
+ if( value==null) return true;
+ int len = value.length();
+
+ for (int i = 0; i < len; i++) {
+ char c = value.charAt(i);
+
+- if (c < 0x20 || c >= 0x7f || tspecials2.indexOf(c) != -1)
++ if (tspecials2.indexOf(c) != -1)
+ return false;
+ }
+ return true;
+@@ -188,8 +217,8 @@
+ // -------------------- Cookie parsing tools
+
+
+- /** Return the header name to set the cookie, based on cookie
+- * version
++ /**
++ * Return the header name to set the cookie, based on cookie version.
+ */
+ public String getCookieHeaderName() {
+ return getCookieHeaderName(version);
+@@ -199,7 +228,6 @@
+ * version
+ */
+ public static String getCookieHeaderName(int version) {
+- if( dbg>0 ) log( (version==1) ? "Set-Cookie2" : "Set-Cookie");
+ if (version == 1) {
+ // RFC2109
+ return "Set-Cookie";
+@@ -215,7 +243,7 @@
+
+ private static final String ancientDate=DateTool.formatOldCookie(new Date(10000));
+
+- public static void appendCookieValue( StringBuffer buf,
++ public static void appendCookieValue( StringBuffer headerBuf,
+ int version,
+ String name,
+ String value,
+@@ -226,9 +254,10 @@
+ boolean isSecure )
+ {
+ // this part is the same for all cookies
++ StringBuffer buf = new StringBuffer();
+ buf.append( name );
+ buf.append("=");
+- maybeQuote2(version, buf, value);
++ version = maybeQuote2(version, buf, value, true);
+
+ // XXX Netscape cookie: "; "
+ // add version 1 specific information
+@@ -239,7 +268,7 @@
+ // Comment=comment
+ if ( comment!=null ) {
+ buf.append ("; Comment=");
+- maybeQuote (version, buf, comment);
++ maybeQuote2 (version, buf, comment);
+ }
+ }
+
+@@ -247,7 +276,7 @@
+
+ if (domain!=null) {
+ buf.append("; Domain=");
+- maybeQuote (version, buf, domain);
++ maybeQuote2 (version, buf, domain);
+ }
+
+ // Max-Age=secs/Discard ... or use old "Expires" format
+@@ -276,14 +305,18 @@
+ // Path=path
+ if (path!=null) {
+ buf.append ("; Path=");
+- maybeQuote (version, buf, path);
++ if (version==0) {
++ maybeQuote2(version, buf, path);
++ } else {
++ maybeQuote2(version, buf, path, ServerCookie.tspecials2NoSlash, false);
++ }
+ }
+
+ // Secure
+ if (isSecure) {
+ buf.append ("; Secure");
+ }
+-
++ headerBuf.append(buf);
+
+ }
+
+@@ -294,25 +327,51 @@
+ buf.append(value);
+ } else {
+ buf.append('"');
+- buf.append(escapeDoubleQuotes(value));
++ buf.append(escapeDoubleQuotes(value,0,value.length()));
+ buf.append('"');
+ }
+ }
+
++ public static boolean alreadyQuoted (String value) {
++ if (value==null || value.length()==0) return false;
++ return (value.charAt(0)=='\"' && value.charAt(value.length()-1)=='\"');
++ }
+
+- public static void maybeQuote2 (int version, StringBuffer buf,
+- String value) {
+- // special case - a \n or \r shouldn't happen in any case
+- if (isToken2(value)) {
+- buf.append(value);
+- } else {
++ public static int maybeQuote2(int version, StringBuffer buf, String value) {
++ return maybeQuote2(version,buf,value,false);
++ }
++ public static int maybeQuote2 (int version, StringBuffer buf, String value, boolean allowVersionSwitch) {
++ return maybeQuote2(version,buf,value,null,allowVersionSwitch);
++ }
++
++ public static int maybeQuote2 (int version, StringBuffer buf, String value, String literals, boolean allowVersionSwitch) {
++ if (value==null || value.length()==0) {
++ buf.append("\"\"");
++ } else if (containsCTL(value,version))
++ throw new IllegalArgumentException("Control character in cookie value, consider BASE64 encoding your value");
++ else if (alreadyQuoted(value)) {
++ buf.append('"');
++ buf.append(escapeDoubleQuotes(value,1,value.length()-1));
++ buf.append('"');
++ } else if (allowVersionSwitch && VERSION_SWITCH && version==0 && !isToken2(value, literals)) {
+ buf.append('"');
+- buf.append(escapeDoubleQuotes(value));
++ buf.append(escapeDoubleQuotes(value,0,value.length()));
+ buf.append('"');
++ version = 1;
++ } else if (version==0 && !isToken(value, literals)) {
++ buf.append('"');
++ buf.append(escapeDoubleQuotes(value,0,value.length()));
++ buf.append('"');
++ } else if (version==1 && !isToken2(value, literals)) {
++ buf.append('"');
++ buf.append(escapeDoubleQuotes(value,0,value.length()));
++ buf.append('"');
++ } else {
++ buf.append(value);
+ }
++ return version;
+ }
+
+-
+ // log
+ static final int dbg=1;
+ public static void log(String s ) {
+@@ -328,25 +387,55 @@
+ *
+ * @return The (possibly) escaped string
+ */
+- private static String escapeDoubleQuotes(String s) {
++ private static String escapeDoubleQuotes(String s, int beginIndex,
++ int endIndex) {
+
+ if (s == null || s.length() == 0 || s.indexOf('"') == -1) {
+ return s;
+ }
+
+ StringBuffer b = new StringBuffer();
+- char p = s.charAt(0);
+- for (int i = 0; i < s.length(); i++) {
++ for (int i = beginIndex; i < endIndex; i++) {
+ char c = s.charAt(i);
+- if (c == '"' && p != '\\')
++ if (c == '\\' ) {
++ b.append(c);
++ //ignore the character after an escape, just append it
++ if (++i>=endIndex) throw new IllegalArgumentException("Invalid escape character in cookie value.");
++ b.append(s.charAt(i));
++ } else if (c == '"')
+ b.append('\\').append('"');
+ else
+ b.append(c);
+- p = c;
+ }
+
+ return b.toString();
+ }
++ /**
++ * Unescapes any double quotes in the given cookie value.
++ *
++ * @param bc The cookie value to modify
++ */
++ public static void unescapeDoubleQuotes(ByteChunk bc) {
++
++ if (bc == null || bc.getLength() == 0 || bc.indexOf('"', 0) == -1) {
++ return;
++ }
++
++ int src = bc.getStart();
++ int end = bc.getEnd();
++ int dest = src;
++ byte[] buffer = bc.getBuffer();
++
++ while (src < end) {
++ if (buffer[src] == '\\' && src < end && buffer[src+1] == '"') {
++ src++;
++ }
++ buffer[dest] = buffer[src];
++ dest ++;
++ src ++;
++ }
++ bc.setEnd(dest);
++ }
+
+ }
+
+--- container/catalina/src/share/org/apache/catalina/connector/Request.java 2007-03-05 16:27:42.000000000 +0100
++++ container/catalina/src/share/org/apache/catalina/connector/Request.java 2009-04-15 14:04:36.000000000 +0200
+@@ -2271,6 +2271,22 @@
+ }
+ }
+
++ protected String unescape(String s) {
++ if (s==null) return null;
++ if (s.indexOf('\\') == -1) return s;
++ StringBuffer buf = new StringBuffer();
++ for (int i=0; i<s.length(); i++) {
++ char c = s.charAt(i);
++ if (c!='\\') buf.append(c);
++ else {
++ if (++i >= s.length()) throw new IllegalArgumentException();//invalid escape, hence invalid cookie
++ c = s.charAt(i);
++ buf.append(c);
++ }
++ }
++ return buf.toString();
++ }
++
+ /**
+ * Parse cookies.
+ */
+@@ -2289,14 +2305,18 @@
+ for (int i = 0; i < count; i++) {
+ ServerCookie scookie = serverCookies.getCookie(i);
+ try {
+- Cookie cookie = new Cookie(scookie.getName().toString(),
+- scookie.getValue().toString());
+- cookie.setPath(scookie.getPath().toString());
+- cookie.setVersion(scookie.getVersion());
++ /*
++ we must unescape the '\\' escape character
++ */
++ Cookie cookie = new Cookie(scookie.getName().toString(),null);
++ int version = scookie.getVersion();
++ cookie.setVersion(version);
++ cookie.setValue(unescape(scookie.getValue().toString()));
++ cookie.setPath(unescape(scookie.getPath().toString()));
+ String domain = scookie.getDomain().toString();
+- if (domain != null) {
+- cookie.setDomain(scookie.getDomain().toString());
+- }
++ if (domain!=null) cookie.setDomain(unescape(domain));//avoid NPE
++ String comment = scookie.getComment().toString();
++ cookie.setComment(version==1?unescape(comment):null);
+ cookies[idx++] = cookie;
+ } catch(IllegalArgumentException e) {
+ // Ignore bad cookie
+--- container/catalina/src/share/org/apache/catalina/connector/Response.java 2007-03-05 16:27:42.000000000 +0100
++++ container/catalina/src/share/org/apache/catalina/connector/Response.java 2009-04-15 14:04:36.000000000 +0200
+@@ -931,9 +931,9 @@
+ if (included)
+ return;
+
+- cookies.add(cookie);
+-
+ final StringBuffer sb = new StringBuffer();
++ //web application code can receive a IllegalArgumentException
++ //from the appendCookieValue invokation
+ if (SecurityUtil.isPackageProtectionEnabled()) {
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run(){
+@@ -952,11 +952,13 @@
+ cookie.getMaxAge(), cookie.getSecure());
+ }
+
++ // if we reached here, no exception, cookie is valid
+ // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
+ // RFC2965 is not supported by browsers and the Servlet spec
+ // asks for 2109.
+ addHeader("Set-Cookie", sb.toString());
+
++ cookies.add(cookie);
+ }
+
+
+--- container/webapps/docs/changelog.xml 2007-03-05 16:27:55.000000000 +0100
++++ container/webapps/docs/changelog.xml 2009-04-15 14:04:36.000000000 +0200
+@@ -52,6 +52,18 @@
+ Fix regression in build that prevented connectors from building.
+ (markt)
+ </fix>
++ <fix>
++ Cookie handling/parsing changes!
++ The following behavior has been changed with regards to Tomcat's cookie
++ handling:<br/>
++ a) Cookies containing control characters, except 0x09(HT), are rejected
++ using an InvalidArgumentException.<br/>
++ b) If cookies are not quoted, they will be quoted if they contain
++ <code>tspecials(ver0)</code> or <code>tspecials2(ver1)</code>
++ characters.<br/>
++ c) Escape character '\\' is allowed and respected as a escape character,
++ and will be unescaped during parsing.
++ </fix>
+ </changelog>
+ </subsection>
+ </section>
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2007-5342.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,24 @@
+--- container/catalina/src/conf/catalina.policy 2007/09/02 21:16:25 572160
++++ container/catalina/src/conf/catalina.policy 2008/01/06 22:38:14 609451
+@@ -82,7 +82,19 @@
+
+ // These permissions apply to JULI
+ grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+- permission java.security.AllPermission;
++ permission java.util.PropertyPermission "java.util.logging.config.class", "read";
++ permission java.util.PropertyPermission "java.util.logging.config.file", "read";
++ permission java.lang.RuntimePermission "shutdownHooks";
++ permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
++ permission java.util.PropertyPermission "catalina.base", "read";
++ permission java.util.logging.LoggingPermission "control";
++ permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
++ permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
++ permission java.lang.RuntimePermission "getClassLoader";
++ // To enable per context logging configuration, permit read access to the appropriate file.
++ // Be sure that the logging configuration is secure before enabling such access
++ // eg for the examples web application:
++ // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
+ };
+
+ // These permissions apply to the servlet API classes
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1232.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,125 @@
+--- connectors/coyote/src/java/org/apache/coyote/Constants.java (original)
++++ connectors/coyote/src/java/org/apache/coyote/Constants.java Wed Jul 30 02:26:27 2008
+@@ -53,4 +53,12 @@
+ public static final int STAGE_ENDED = 7;
+
+
++ /**
++ * If true, custom HTTP status messages will be used in headers.
++ */
++ public static final boolean USE_CUSTOM_STATUS_MSG_IN_HEADER =
++ Boolean.valueOf(System.getProperty(
++ "org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER",
++ "false")).booleanValue();
++
+ }
+
+--- connectors/http11/src/java/org/apache/coyote/http11/InternalAprOutputBuffer.java (original)
++++ connectors/http11/src/java/org/apache/coyote/http11/InternalAprOutputBuffer.java Wed Jul 30 02:26:27 2008
+@@ -429,11 +429,14 @@
+ buf[pos++] = Constants.SP;
+
+ // Write message
+- String message = response.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = response.getMessage();
++ }
+ if (message == null) {
+ write(HttpMessages.getMessage(status));
+ } else {
+- write(message);
++ write(message.replace('\n', ' ').replace('\r', ' '));
+ }
+
+ // End the response status line
+
+--- connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java (original)
++++ connectors/http11/src/java/org/apache/coyote/http11/InternalOutputBuffer.java Wed Jul 30 02:26:27 2008
+@@ -448,11 +448,14 @@
+ buf[pos++] = Constants.SP;
+
+ // Write message
+- String message = response.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = response.getMessage();
++ }
+ if (message == null) {
+ write(getMessage(status));
+ } else {
+- write(message);
++ write(message.replace('\n', ' ').replace('\r', ' '));
+ }
+
+ // End the response status line
+
+--- connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java (original)
++++ connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java Wed Jul 30 02:26:27 2008
+@@ -942,7 +942,10 @@
+
+ // HTTP header contents
+ responseHeaderMessage.appendInt(response.getStatus());
+- String message = response.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = response.getMessage();
++ }
+ if (message == null){
+ message = HttpMessages.getMessage(response.getStatus());
+ } else {
+
+--- connectors/jk/java/org/apache/jk/common/JkInputStream.java (original)
++++ connectors/jk/java/org/apache/jk/common/JkInputStream.java Wed Jul 30 02:26:27 2008
+@@ -279,7 +279,10 @@
+ outputMsg.appendByte(AjpConstants.JK_AJP13_SEND_HEADERS);
+ outputMsg.appendInt( res.getStatus() );
+
+- String message=res.getMessage();
++ String message = null;
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ message = res.getMessage();
++ }
+ if( message==null ){
+ message= HttpMessages.getMessage(res.getStatus());
+ } else {
+
+--- container/catalina/src/share/org/apache/catalina/core/StandardContextValve.java (original)
++++ container/catalina/src/share/org/apache/catalina/core/StandardContextValve.java Wed Jul 30 02:26:27 2008
+@@ -119,8 +119,7 @@
+ || (requestPathMB.equalsIgnoreCase("/META-INF"))
+ || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0))
+ || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
+- String requestURI = request.getDecodedRequestURI();
+- notFound(requestURI, response);
++ notFound(response);
+ return;
+ }
+
+@@ -136,8 +135,7 @@
+ // Select the Wrapper to be used for this Request
+ Wrapper wrapper = request.getWrapper();
+ if (wrapper == null) {
+- String requestURI = request.getDecodedRequestURI();
+- notFound(requestURI, response);
++ notFound(response);
+ return;
+ }
+
+@@ -206,13 +204,12 @@
+ * application, but currently that code runs at the wrapper level rather
+ * than the context level.
+ *
+- * @param requestURI The request URI for the requested resource
+ * @param response The response we are creating
+ */
+- private void notFound(String requestURI, HttpServletResponse response) {
++ private void notFound(HttpServletResponse response) {
+
+ try {
+- response.sendError(HttpServletResponse.SC_NOT_FOUND, requestURI);
++ response.sendError(HttpServletResponse.SC_NOT_FOUND);
+ } catch (IllegalStateException e) {
+ ;
+ } catch (IOException e) {
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-1947.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,33 @@
+--- container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2008-07-25 16:14:15 UTC (rev 729)
++++ container/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java 2008-07-25 16:26:00 UTC (rev 730)
+@@ -21,6 +21,7 @@
+ import java.io.IOException;
+ import java.io.PrintWriter;
+ import java.io.StringWriter;
++import java.net.URLEncoder;
+ import java.text.MessageFormat;
+ import java.util.Iterator;
+ import java.util.Map;
+@@ -276,17 +277,17 @@
+ args = new Object[7];
+ args[0] = response.encodeURL
+ (request.getContextPath() +
+- "/html/start?name=" + hostName);
++ "/html/start?name=" + URLEncoder.encode(hostName, "UTF-8"));
+ args[1] = hostsStart;
+ args[2] = response.encodeURL
+ (request.getContextPath() +
+- "/html/stop?name=" + hostName);
++ "/html/stop?name=" + URLEncoder.encode(hostName, "UTF-8"));
+ args[3] = hostsStop;
+ args[4] = response.encodeURL
+ (request.getContextPath() +
+- "/html/remove?name=" + hostName);
++ "/html/remove?name=" + URLEncoder.encode(hostName, "UTF-8"));
+ args[5] = hostsRemove;
+- args[6] = hostName;
++ args[6] = RequestUtil.filter(hostName);
+ if (host == this.host) {
+ writer.print(MessageFormat.format(
+ MANAGER_HOST_ROW_BUTTON_SECTION, args));
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2370.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,48 @@
+--- container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java (original)
++++ container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java Wed Jul 30 02:34:21 2008
+@@ -379,10 +379,21 @@
+ throw new IllegalArgumentException
+ (sm.getString
+ ("applicationContext.requestDispatcher.iae", path));
++
++ // Get query string
++ String queryString = null;
++ int pos = path.indexOf('?');
++ if (pos >= 0) {
++ queryString = path.substring(pos + 1);
++ path = path.substring(0, pos);
++ }
++
+ path = normalize(path);
+ if (path == null)
+ return (null);
+
++ pos = path.length();
++
+ // Retrieve the thread local URI
+ MessageBytes uriMB = (MessageBytes) localUriMB.get();
+ if (uriMB == null) {
+@@ -394,15 +405,6 @@
+ uriMB.recycle();
+ }
+
+- // Get query string
+- String queryString = null;
+- int pos = path.indexOf('?');
+- if (pos >= 0) {
+- queryString = path.substring(pos + 1);
+- } else {
+- pos = path.length();
+- }
+-
+ // Retrieve the thread local mapping data
+ MappingData mappingData = (MappingData) localMappingData.get();
+ if (mappingData == null) {
+
+
+
+---------------------------------------------------------------------
+To unsubscribe, e-mail: dev-unsubscribe at tomcat.apache.org
+For additional commands, e-mail: dev-help at tomcat.apache.org
+
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-CVE-2008-2938.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,83 @@
+--- container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java 2008-07-17 13:13:43 UTC (rev 717)
++++ container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java 2008-07-17 17:43:56 UTC (rev 718)
+@@ -442,6 +442,12 @@
+ }
+ // Character decoding
+ convertURI(decodedURI, request);
++ // Check that the URI is still normalized
++ if (!checkNormalize(req.decodedURI())) {
++ res.setStatus(400);
++ res.setMessage("Invalid URI character encoding");
++ return false;
++ }
+ } else {
+ // The URL is chars or String, and has been sent using an in-memory
+ // protocol handler, we have to assume the URL has been properly
+@@ -821,6 +827,67 @@
+ }
+
+
++ /**
++ * Check that the URI is normalized following character decoding.
++ * <p>
++ * This method checks for "\", "//", "/./" and "/../". This method will
++ * return false if sequences that are supposed to be normalized still
++ * present in the URI.
++ *
++ * @param uriMB URI to be normalized
++ */
++ public static boolean checkNormalize(MessageBytes uriMB) {
++
++ CharChunk uriCC = uriMB.getCharChunk();
++ char[] c = uriCC.getChars();
++ int start = uriCC.getStart();
++ int end = uriCC.getEnd();
++
++ int pos = 0;
++
++ // Check for '\' and for null byte
++ for (pos = start; pos < end; pos++) {
++ if (c[pos] == '\\') {
++ return false;
++ }
++ if (c[pos] == 0) {
++ return false;
++ }
++ }
++
++ // Check for "//"
++ for (pos = start; pos < (end - 1); pos++) {
++ if (c[pos] == '/') {
++ if (c[pos + 1] == '/') {
++ return false;
++ }
++ }
++ }
++
++ // Check for URI ending with "/." or "/.."
++ if (((end - start) >= 2) && (c[end - 1] == '.')) {
++ if ((c[end - 2] == '/')
++ || ((c[end - 2] == '.')
++ && (c[end - 3] == '/'))) {
++ return false;
++ }
++ }
++
++ // Check for "/./"
++ if (uriCC.indexOf("/./", 0, 3, 0) >= 0) {
++ return false;
++ }
++
++ // Check for "/./"
++ if (uriCC.indexOf("/../", 0, 4, 0) >= 0) {
++ return false;
++ }
++
++ return true;
++
++ }
++
++
+ // ------------------------------------------------------ Protected Methods
+
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-IT-168408.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-IT-168408.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-IT-168408.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,26 @@
+--- connectors/util/java/org/apache/tomcat/util/http/Parameters.java 2007-03-05 16:27:39.000000000 +0100
++++ connectors/util/java/org/apache/tomcat/util/http/Parameters.java 2008-03-31 10:01:52.000000000 +0200
+@@ -504,17 +504,12 @@
+ public void processParameters( MessageBytes data, String encoding ) {
+ if( data==null || data.isNull() || data.getLength() <= 0 ) return;
+
+- if( data.getType() == MessageBytes.T_BYTES ) {
+- ByteChunk bc=data.getByteChunk();
+- processParameters( bc.getBytes(), bc.getOffset(),
+- bc.getLength(), encoding);
+- } else {
+- if (data.getType()!= MessageBytes.T_CHARS )
+- data.toChars();
+- CharChunk cc=data.getCharChunk();
+- processParameters( cc.getChars(), cc.getOffset(),
+- cc.getLength());
++ if (data.getType() != MessageBytes.T_BYTES) {
++ data.toBytes();
+ }
++ ByteChunk bc=data.getByteChunk();
++ processParameters( bc.getBytes(), bc.getOffset(),
++ bc.getLength(), encoding);
+ }
+
+ /** Debug purpose
+
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-http11-build.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-http11-build.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.23-http11-build.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,23 @@
+--- connectors/http11/build.xml.orig 2007-02-26 10:27:04.000000000 -0500
++++ connectors/http11/build.xml 2007-02-26 10:28:11.000000000 -0500
+@@ -31,7 +31,7 @@
+
+ <!-- The locations of necessary jar files -->
+ <property name="tomcat-util.jar" value="${util.home}/build/lib/tomcat-util.jar"/>
+- <property name="tomcat-jni.jar" value="../jni/dist/tomcat-native-1.0.0.jar" />
++ <property name="tomcat-jni.jar" value="../../build/build/server/lib/tomcat-apr.jar" />
+ <property name="tomcat-coyote.jar" value="${coyote.home}/build/lib/tomcat-coyote.jar"/>
+ <property name="tomcat33-coyote.jar"
+ value="${coyote.home}/build/lib/tomcat33-coyote.jar"/>
+@@ -169,7 +169,10 @@
+ deprecation="${compile.deprecation}"
+ optimize="${compile.optimize}">
+ <exclude name="org\apache\coyote\http11\*Apr*" unless="jdk.1.4.present" />
+- <classpath refid="compile.classpath"/>
++ <classpath>
++ <path refid="compile.classpath"/>
++ <pathelement location="${build.home}/../../jakarta-tomcat-5/build/classes"/>
++ </classpath>
+ </javac>
+ <copy todir="${build.home}/classes" filtering="on">
+ <fileset dir="${source.home}" excludes="**/*.java"/>
Added: apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.link_admin_jar.patch
===================================================================
--- apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.link_admin_jar.patch (rev 0)
+++ apache-tomcat/5.5.23.patch06-brew/src/tomcat5-5.5.link_admin_jar.patch 2009-05-06 21:26:40 UTC (rev 26739)
@@ -0,0 +1,12 @@
+--- container/webapps/admin/admin.xml.sav 2006-03-23 16:16:51.000000000 +0100
++++ container/webapps/admin/admin.xml 2006-03-23 16:17:49.000000000 +0100
+@@ -17,4 +17,9 @@
+ allow="127.0.0.1"/>
+ -->
+
++ <!-- Allow linking since JPackage do not install jar as copies -->
++
++ <Resources className="org.apache.naming.resources.FileDirContext"
++ allowLinking="true"/>
++
+ </Context>
More information about the jboss-cvs-commits
mailing list