[pkg-java] r12687 - in tags/tomcat6: . 6.0.26-5/debian 6.0.26-5/debian/patches

Torsten Werner twerner at alioth.debian.org
Mon Jun 28 20:03:41 UTC 2010


Author: twerner
Date: 2010-06-28 20:03:37 +0000 (Mon, 28 Jun 2010)
New Revision: 12687

Added:
   tags/tomcat6/6.0.26-5/
   tags/tomcat6/6.0.26-5/debian/changelog
   tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch
   tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch
   tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch
   tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
   tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch
   tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch
   tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch
   tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch
   tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch
   tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch
   tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch
   tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch
   tags/tomcat6/6.0.26-5/debian/patches/series
Removed:
   tags/tomcat6/6.0.26-5/debian/changelog
   tags/tomcat6/6.0.26-5/debian/patches/allow-empty-pid-file.patch
   tags/tomcat6/6.0.26-5/debian/patches/catalina-sh-security-manager.patch
   tags/tomcat6/6.0.26-5/debian/patches/default-encoding-utf8.patch
   tags/tomcat6/6.0.26-5/debian/patches/deploy-webapps-build-xml.patch
   tags/tomcat6/6.0.26-5/debian/patches/disable-ajp-connector.patch
   tags/tomcat6/6.0.26-5/debian/patches/disable-apr-loading.patch
   tags/tomcat6/6.0.26-5/debian/patches/jsp-api-OSGi.patch
   tags/tomcat6/6.0.26-5/debian/patches/series
   tags/tomcat6/6.0.26-5/debian/patches/servlet-api-OSGi.patch
   tags/tomcat6/6.0.26-5/debian/patches/use-commons-dbcp.patch
   tags/tomcat6/6.0.26-5/debian/patches/var_loaders.patch
   tags/tomcat6/6.0.26-5/debian/patches/webapp-classloader-deadlock-fix.patch
Log:
[svn-buildpackage] Tagging tomcat6 6.0.26-5

Deleted: tags/tomcat6/6.0.26-5/debian/changelog
===================================================================
--- trunk/tomcat6/debian/changelog	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/changelog	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,426 +0,0 @@
-tomcat6 (6.0.26-4) unstable; urgency=low
-
-  [ Thierry Carrez ]
-  * Fix issues preventing from running Tomcat6 with a security manager:
-    - debian/tomcat6.init: Remove duplicate securitymanager options.
-    - debian/patches/catalina-sh-security-manager.patch: Use the right
-      location for the security.policy file in catalina.sh.
-    - Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original
-      patches and to Adam Guthrie for the Lucid debdiff.
-  * Allow binding to any interface when using authbind, rather than only allow
-    binding to all (LP: #594989)
-  * Force backgrounding of catalina.sh in start-stop-daemon, to allow the init
-    script to be started through ssh -t (LP: #588481)
-
-  [ Torsten Werner ]
-  * Remove Paul from Uploaders list.
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com>  Thu, 24 Jun 2010 15:55:10 +0200
-
-tomcat6 (6.0.26-3) unstable; urgency=low
-
-  [ Marcus Better ]
-  * Apply upstream fix for deadlock in WebappClassLoader. (Closes: #583896)
-
-  [ Thierry Carrez ]
-  * debian/tomcat6.{install,postinst}: Do not store the default root webapp
-    in /usr/share/tomcat6/webapps as it increases confusion on what this
-    directory contains (and its relation with /var/lib/tomcat6/webapps).
-    Store it inside /usr/share/tomcat6-root instead (LP: #575303).
-
- -- Marcus Better <marcus at better.se>  Mon, 31 May 2010 15:50:57 +0200
-
-tomcat6 (6.0.26-2) unstable; urgency=low
-
-  * debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP
-    as defined in /etc/default/tomcat6 when setting directory permissions and
-    authbind configuration (Closes: #581018, LP: #557300)
-  * debian/tomcat6.postinst: Use group "tomcat6" instead of "adm" for
-    permissions in /var/lib/tomcat6, so that group "adm" doesn't get write
-    permissions over /var/lib/tomcat6/webapps (LP: #569118)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com>  Fri, 21 May 2010 13:51:15 +0200
-
-tomcat6 (6.0.26-1) unstable; urgency=low
-
-  * New upstream version
-  * Apply patch from Mark Scott to fix 
-    tomcat6-instance-create which failed when multiple commandline
-    options are provided, fix creation of FULLPATH (Closes: #575580)
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 21 Apr 2010 23:07:09 +0100
-
-tomcat6 (6.0.24-5) unstable; urgency=low
-
-  * Added optimised garbage collection options to tomcat6's default options.
-    Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch.
-    (Closes: LP: #541520)
-  * Updated the changelog to mention closed CVE's in the 6.0.24-1 release.
-  * Applied patch from Arto Jantunen fixing an issue with cleaning up the
-    pid-file. (Closes: #574084)
-
- -- Niels Thykier <niels at thykier.net>  Thu, 25 Mar 2010 23:45:32 +0100
-
-tomcat6 (6.0.24-4) unstable; urgency=low
-
-  * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548)
-  * Set UTF-8 as default character encoding - Patch by Thomas Koch
-    (Closes: #573539)
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Thu, 11 Mar 2010 23:45:34 +0100
-
-tomcat6 (6.0.24-3) unstable; urgency=medium
-
-  * Set the major, minor and build versions when calling Ant
-    (Closes: LP: #495505)
-  * Rebuild with a more recent version of maven-repo-helper which puts
-    the javax jars at the correct location in the Maven repository.
-    Fixes several FTBFS in other packages.
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 03 Mar 2010 00:10:15 +0100
-
-tomcat6 (6.0.24-2) unstable; urgency=low
-
-  * Fix missing symlinks to tomcat-coyote.jar and
-    catalina-tribes.jar causing NoClassDefFoundException
-    at startup (last minute packaging change, sorry)
-    (Closes: #570220)
-  * tomcat6-admin, tomcat6-examples and tomcat6-docs now depend on
-    tomcat6-common instead of tomcat6, this allow users to install
-    those packages without requiring tomcat6 and its automatic startup scripts
-    being present. tomcat-users can be installed instead and allow full
-    control over when Tomcat is started or stopped.
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 17 Feb 2010 22:59:21 +0100
-
-tomcat6 (6.0.24-1) unstable; urgency=low
-
-  [ Ludovic Claude ]
-  * New upstream version
-    - Fixes Directory traversal vulnerability (CVE-2009-2693,CVE-2009-2902)
-    - Fixes Autodeployment vulnerability (CVE-2009-2901)
-  * Update the POM files for the new version of Tomcat
-  * Bump up Standards-Version to 3.8.4
-  * Refresh patches deploy-webapps-build-xml.patch and var_loaders.patch
-  * Remove patch fix_context_name.patch as it has been applied upstream
-  * Fix the installation of servlet-api-2.5.jar: the jar
-    goes to /usr/share/java as in older versions (6.0.20-2)
-    and links to the jar are added to /usr/share/maven-repo
-  * Moved NEWS.Debian into README.Debian
-  * Add a link from /usr/share/doc/tomcat6-common/README.Debian to
-    /usr/share/doc/tomcat6/README.Debian to include a minimum of
-    documentation in the tomcat6 package and add some useful notes. 
-    (Closes: #563937, #563939)
-  * Remove poms from the Debian packaging, use upstream pom files
-
-  [ Jason Brittain ]
-  * Fixed a bug in the init script: When a start fails, the PID file was
-    being left in place.  Now the init script makes sure it is deleted.
-  * Fixed a packaging bug that results in the ROOT webapp not being properly
-    installed after an uninstall, then a reinstall.
-  * control: Corrected a couple of comments (no functional change).
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Tue, 09 Feb 2010 23:06:51 +0100
-
-tomcat6 (6.0.20-dfsg1-2) unstable; urgency=low
-
-  * JSVC is no longer used by the package.  Instead, the init script invokes
-    the stock catalina.sh script.
-  * Authbind is now the standard method for binding Tomcat to ports lower
-    than 1024 (when using IPv4).
-  * The security manager now defaults to the disabled state, and is commented
-    that way in /etc/default/tomcat6.
-  * Reliable restarts are now implemented in the init script.
-    (Closes: #561559)
-  * Tomcat now sends STDOUT and STDERR to its usual, stock log file
-    CATALINA_BASE/logs/catalina.out (/var/log/tomcat6/catalina.out in this
-    package's case.
-
- -- Jason Brittain <jason.brittain at mulesoft.com>  Wed, 27 Jan 2010 01:08:57 +0000
-
-tomcat6 (6.0.20-dfsg1-1) unstable; urgency=low
-
-  * Fix debian/orig-tar.sh to exclude binary only standard.jar and jstl.jar.
-    (Closes: #528119)
-  * Upload a cleaned tarball.
-  * Add ${misc:Depends} in debian/control.
-
- -- Torsten Werner <twerner at debian.org>  Sat, 23 Jan 2010 19:40:38 +0100
-
-tomcat6 (6.0.20-9) unstable; urgency=low
-
-  * Fix spelling issues.
-  * Always set JSVC_CLASSPATH to a default value in init.
-
- -- Niels Thykier <niels at thykier.net>  Sat, 19 Dec 2009 19:11:33 +0100
-
-tomcat6 (6.0.20-8) unstable; urgency=low
-
-  * Corrected some spelling mistakes in debian/control.
-    (Closes: #557377, #557378)
-  * Added patches to install the OSGi metadata in some of the jars.
-    (Closes: #558176)
-  * Updated 03catalina.policy to allow "setContextClassLoader".
-    - Fixes a problem where Sun's JVM would fail to generate log-files.
-    (Closes: LP: #410379)
-  * Updated /etc/default/tomcat6:
-    - Clarified that JAVA_OPTS are passed to jscv and not the JVM.
-    - Updated the JSP_COMPILER to javac (jikes is not in Debian anymore).
-    (Closes: LP: #440685)
-  * Use default-jdk and default-jre-headless instead of openjdk in
-    (Build-)Depends.
-  * Added more alternatives for java implementations to the Depends of
-    libservlet2.5-java.
-  * Exposed JSVC_CLASSPATH to the configuration file.
-    (Closes: LP: #475457)
-  * Updated description so it no longer refers to non-existent package.
-    (Closes: #559475)
-  * Used "set -e" in postinst and postrm instead of passing "-e" to sh
-    in the #!-line.
-  * Changed to 3.0 (quilt) source format.
-
- -- Niels Thykier <niels at thykier.net>  Mon, 07 Dec 2009 21:17:55 +0100
-
-tomcat6 (6.0.20-7) unstable; urgency=low
-
-  * New patch fix_context_name.patch:
-    - Allow Service name != Engine name. Regression in fix for 42707.
-      Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47316
-    - This has been fixed in trunk and will be in 6.0.21
-  * Register libservlet2.5-java-doc API with doc-base
-  * Fix short description of tomcat6-docs by using "documentation" suffix
-
- -- Damien Raude-Morvan <drazzib at debian.org>  Sat, 10 Oct 2009 21:41:55 +0200
-
-tomcat6 (6.0.20-6) unstable; urgency=low
-
-  [ Ludovic Claude ]
-  * tomcat6.postinst: set the ownership of files in /etc/tomcat6/
-    to root:tomcat6, to prevent an attacker running inside a tomcat6
-    instance to change the tomcat configuration
-  * debian/policy/02debian.policy: grant access to 
-    /usr/share/maven-repo/ as it is a valid source of Debian JARs.
-    (Closes: #545674)
-  * Bump up Standards-Version to 3.8.3
-    - add debian/README.source that describes the quilt patch system.
-  * debian/control: Add Conflicts on libtomcat6-java with old versions
-    of tomcat6-common (Closes: #542397)
-
-  [ Michael Koch ]
-  * Replace dh_clean -k by dh_prep.
-  * Added Ludovic and myself to Uploaders.
-  * Build-Depends on debhelper >= 7.
-
- -- Michael Koch <konqueror at gmx.de>  Fri, 25 Sep 2009 07:14:07 +0200
-
-tomcat6 (6.0.20-5) unstable; urgency=low
-
-  * Fix jsp-api dependency in the Maven descriptors.
-  * Put tomcat-juli.jar in /usr/share/java instead of juli.jar.
-    This fixes a broken link which prevented tomcat to start
-    when logging is turned on, and restores the file layout
-    defined in 6.0.20-2.
-  * Restore links to the jars in usr/share/tomcat6/lib
-  * Change watch to download fresh sources from SVN. 
-    Should fix wrong encoding in tomcat-i18n-fr/es.jar in the next upstream
-    version. (Closes: #522067)
-  * Update ownership for files in /etc/tomcat6 and /var/lib/tomcat6/webapps.
-    The new owner is tomcat6:adm (Closes: #532284)
-  * Add additional directories for the common, server and shared classloader.
-    Directories are also compatible with Alfresco's packaging done for
-    Ubuntu. (Closes: #521318)
-  * Update checksum in postrm script to reflect changes
-    in the new upstream webapp
-  * postrm removes the extra directories created in /var/lib/tomcat6
-    to hold shared and common classes or jars.
-  * Added commented out default options for enabling debug mode.
-    (Closes: LP: #375493)
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 05 Aug 2009 00:56:59 +0100
-
-tomcat6 (6.0.20-4) experimental; urgency=low
-
-  * Fix init script:
-    - Change Provides: tomcat6. (Closes: #532286)
-    - Check for /etc/default/rcS before sourcing it.
-  * Update Standards-Version: 3.8.2 (no changes).
-
- -- Torsten Werner <twerner at debian.org>  Thu, 16 Jul 2009 23:36:32 +0200
-
-tomcat6 (6.0.20-3) experimental; urgency=low
-
-  * Add the Maven POM to the package
-  * Add a Build-Depends-Indep dependency on maven-repo-helper
-  * Use mh_installpom and mh_installjar to install the POM and the jar to the
-    Maven repository
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Tue, 14 Jul 2009 14:17:27 +0100
-
-tomcat6 (6.0.20-2) unstable; urgency=low
-
-  * Expose tomcat-juli.jar as a library in /usr/share/java
-    as it is a dependency of jasper which is used also by jetty
-
- -- Ludovic Claude <ludovic.claude at laposte.net>  Mon, 15 Jun 2009 13:33:13 +0100
-
-tomcat6 (6.0.20-1) unstable; urgency=low
-
-  * new upstream release (Closes: #531873)
-  * Remove patch tcnative-ipv6-fix-43327.patch that has been applied upstream.
-  * Refresh other patches.
-
- -- Torsten Werner <twerner at debian.org>  Fri, 05 Jun 2009 23:38:44 +0200
-
-tomcat6 (6.0.18-dfsg1-1) unstable; urgency=low
-
-  [ Torsten Werner ]
-  * Remove jstl.jar and standard.jar from orig tarball because it comes without
-    source code. (Closes: #528119)
-
-  [ Marcus Better ]
-  * Let the init script exit silently if the package is
-    uninstalled. (Closes: #529301)
-
- -- Torsten Werner <twerner at debian.org>  Tue, 19 May 2009 21:23:18 +0200
-
-tomcat6 (6.0.18-4) unstable; urgency=low
-
-  * Add patch tcnative-ipv6-fix-43327.patch provided by Thierry Carrez.
-    (Closes: #527033)
-  * Change Section: java (from web).
-  * Bump up Standards-Version: 3.8.1 (no changes).
-  * Remove redundant Depends: ant because we depend on ant-optional.
-
- -- Torsten Werner <twerner at debian.org>  Sun, 10 May 2009 19:41:40 +0200
-
-tomcat6 (6.0.18-3) unstable; urgency=low
-
-  * Remove unneeded dirs and symlinks; thanks to Thierry Carrez. (Closes:
-    #517857)
-  * Improve the long description of all binary packages. (Closes: #518140)
-
- -- Torsten Werner <twerner at debian.org>  Wed, 04 Mar 2009 21:58:41 +0100
-
-tomcat6 (6.0.18-2) unstable; urgency=low
-
-  * upload to unstable
-
- -- Torsten Werner <twerner at debian.org>  Sat, 21 Feb 2009 11:31:20 +0100
-
-tomcat6 (6.0.18-1) experimental; urgency=low
-
-  * Merge changes from Ubuntu. Thanks to the Ubuntu developers we are shipping
-    a full Tomcat 6.0 server stack now. (Closes: #494674)
-  * Add myself to Uploaders.
-  * Switch to openjdk-6 which is not the default in Debian.
-
- -- Torsten Werner <twerner at debian.org>  Sat, 07 Feb 2009 17:02:57 +0100
-
-tomcat6 (6.0.18-0ubuntu5) jaunty; urgency=low
-
-  [ Thierry Carrez ]
-  * Removed tomcat6-[admin,docs,examples].post[inst,rm] and let Tomcat webapp
-    autodeployment features handle application load/unload (LP: #302914)
-  * tomcat6-instance-create, tomcat6-instance-create.1, control:
-    Allow to change the HTTP port, control port and shutdown word on the
-    tomcat6-instance-create command line (LP: #300691).
-
-  [ Mathias Gug]
-  * debian/tomcat6-instance-create: move directoryname from an option to 
-    an argument.
-  * debian/tomcat6-instance-create.1: some updates to the man page.
-  * debian/control: update maintainer field to Ubuntu Core Developers now that
-    tomcat6 is in main.
-
- -- Mathias Gug <mathiaz at ubuntu.com>  Wed, 07 Jan 2009 18:44:39 -0500
-
-tomcat6 (6.0.18-0ubuntu4) jaunty; urgency=low
-
-  * tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default,
-    README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as
-    the JVM temporary directory and clean it at each restart (LP: #287452)
-  * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir
-  * tomcat6.init, rules: Do not use TearDown, as this results in
-    LifecycleListener callbacks in webapps being bypassed (LP: #299436)
-  * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs
-    (LP: #286427)
-  * control, rules, libservlet2.5-java-doc.install,
-    libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships
-    missing Servlet/JSP API documentation (LP: #279645)
-  * patches/use-commons-dbcp.patch: Change default DBCP factory class
-    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
-  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
-    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
-    group, so that autodeploy and admin webapps work as expected (LP: #294277)
-  * patches/disable-apr-loading.patch: Disable APR library loading until we
-    properly provide it.
-  * patches/disable-ajp-connector: Do not load AJP13 connector by default
-    (LP: #300697)
-  * rules: minor fixes to prevent build being called twice.
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com>  Thu, 27 Nov 2008 12:47:42 +0000
-
-tomcat6 (6.0.18-0ubuntu3) intrepid; urgency=low
-
-  * debian/tomcat6.postinst:
-    - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
-    - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
-  * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
-    (fixes LP: #288218)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com>  Thu, 23 Oct 2008 18:19:15 +0200
-
-tomcat6 (6.0.18-0ubuntu2) intrepid; urgency=low
-
-  * debian/rules: call dh_installinit with --error-handler so that install
-    doesn't fail if Tomcat cannot be started during configure (LP: #274365)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com>  Mon, 06 Oct 2008 13:55:21 +0200
-
-tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
-
-  * New upstream version (LP: #260016)
-    - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
-    - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
-    - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
-  * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
-  * control: Improve short descriptions for the binary packages
-  * copyright: Added link to /usr/share/common-licenses/Apache-2.0
-  * control: To pull the right JRE, libtomcat6-java now depends on
-    default-jre-headless | java6-runtime-headless
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com>  Fri, 22 Aug 2008 09:15:11 +0200
-
-tomcat6 (6.0.16-1ubuntu1) intrepid; urgency=low
-
-  * Adding full Tomcat 6 server stack support (LP: #256052)
-    - tomcat6 handles the system instance (/var/lib/tomcat6)
-    - tomcat6-user allows users to create their own private instances
-    - tomcat6-common installs common files in /usr/share/tomcat6
-    - libtomcat6-java installs Tomcat 6 java libs in /usr/share/java
-    - tomcat6-docs installs the documentation webapp
-    - tomcat6-examples installs the examples webapp
-    - tomcat6-admin installs the manager and host-manager webapps
-  * Other key differences with the tomcat5.5 packages:
-    - default-jdk build support
-    - OpenJDK-6 JRE runtime support
-    - tomcat6 installs a minimal ROOT webapp
-    - new webapp locations follow Debian webapp policy
-    - webapps restart tomcat6 in postrm rather than in prerm
-    - added a doc-base entry
-    - use standard upstream server.xml
-    - initscript: try to check if Tomcat is really running before returning OK
-    - removed transitional configuration migration code
-    - autogenerate policy in /var/cache/tomcat6 rather than /etc/tomcat6
-    - logging.properties is customized to remove -webapps-related lines
-    - initscript: implement TearDown spec
-  * CVE-2008-1947 fix (cross-site-scripting issue in host-manager webapp)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com>  Fri, 08 Aug 2008 15:37:48 +0200
-
-tomcat6 (6.0.16-1) unstable; urgency=low
-
-  * Initial release.
-    (Closes: #480964).
-
- -- Paul Cager <paul-debian at home.paulcager.org>  Mon, 12 May 2008 23:04:49 +0000

Copied: tags/tomcat6/6.0.26-5/debian/changelog (from rev 12686, trunk/tomcat6/debian/changelog)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/changelog	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/changelog	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,434 @@
+tomcat6 (6.0.26-5) unstable; urgency=medium
+
+  * Convert patches to dep3 format.
+  * Backport security fix from trunk to fix CVE-2010-1157. (Closes: #587447)
+  * Set urgency to medium due to the security fix.
+
+ -- Torsten Werner <twerner at debian.org>  Mon, 28 Jun 2010 21:41:31 +0200
+
+tomcat6 (6.0.26-4) unstable; urgency=low
+
+  [ Thierry Carrez ]
+  * Fix issues preventing from running Tomcat6 with a security manager:
+    - debian/tomcat6.init: Remove duplicate securitymanager options.
+    - debian/patches/catalina-sh-security-manager.patch: Use the right
+      location for the security.policy file in catalina.sh.
+    - Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original
+      patches and to Adam Guthrie for the Lucid debdiff.
+  * Allow binding to any interface when using authbind, rather than only allow
+    binding to all (LP: #594989)
+  * Force backgrounding of catalina.sh in start-stop-daemon, to allow the init
+    script to be started through ssh -t (LP: #588481)
+
+  [ Torsten Werner ]
+  * Remove Paul from Uploaders list.
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Thu, 24 Jun 2010 15:55:10 +0200
+
+tomcat6 (6.0.26-3) unstable; urgency=low
+
+  [ Marcus Better ]
+  * Apply upstream fix for deadlock in WebappClassLoader. (Closes: #583896)
+
+  [ Thierry Carrez ]
+  * debian/tomcat6.{install,postinst}: Do not store the default root webapp
+    in /usr/share/tomcat6/webapps as it increases confusion on what this
+    directory contains (and its relation with /var/lib/tomcat6/webapps).
+    Store it inside /usr/share/tomcat6-root instead (LP: #575303).
+
+ -- Marcus Better <marcus at better.se>  Mon, 31 May 2010 15:50:57 +0200
+
+tomcat6 (6.0.26-2) unstable; urgency=low
+
+  * debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP
+    as defined in /etc/default/tomcat6 when setting directory permissions and
+    authbind configuration (Closes: #581018, LP: #557300)
+  * debian/tomcat6.postinst: Use group "tomcat6" instead of "adm" for
+    permissions in /var/lib/tomcat6, so that group "adm" doesn't get write
+    permissions over /var/lib/tomcat6/webapps (LP: #569118)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Fri, 21 May 2010 13:51:15 +0200
+
+tomcat6 (6.0.26-1) unstable; urgency=low
+
+  * New upstream version
+  * Apply patch from Mark Scott to fix 
+    tomcat6-instance-create which failed when multiple commandline
+    options are provided, fix creation of FULLPATH (Closes: #575580)
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 21 Apr 2010 23:07:09 +0100
+
+tomcat6 (6.0.24-5) unstable; urgency=low
+
+  * Added optimised garbage collection options to tomcat6's default options.
+    Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch.
+    (Closes: LP: #541520)
+  * Updated the changelog to mention closed CVE's in the 6.0.24-1 release.
+  * Applied patch from Arto Jantunen fixing an issue with cleaning up the
+    pid-file. (Closes: #574084)
+
+ -- Niels Thykier <niels at thykier.net>  Thu, 25 Mar 2010 23:45:32 +0100
+
+tomcat6 (6.0.24-4) unstable; urgency=low
+
+  * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548)
+  * Set UTF-8 as default character encoding - Patch by Thomas Koch
+    (Closes: #573539)
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Thu, 11 Mar 2010 23:45:34 +0100
+
+tomcat6 (6.0.24-3) unstable; urgency=medium
+
+  * Set the major, minor and build versions when calling Ant
+    (Closes: LP: #495505)
+  * Rebuild with a more recent version of maven-repo-helper which puts
+    the javax jars at the correct location in the Maven repository.
+    Fixes several FTBFS in other packages.
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 03 Mar 2010 00:10:15 +0100
+
+tomcat6 (6.0.24-2) unstable; urgency=low
+
+  * Fix missing symlinks to tomcat-coyote.jar and
+    catalina-tribes.jar causing NoClassDefFoundException
+    at startup (last minute packaging change, sorry)
+    (Closes: #570220)
+  * tomcat6-admin, tomcat6-examples and tomcat6-docs now depend on
+    tomcat6-common instead of tomcat6, this allow users to install
+    those packages without requiring tomcat6 and its automatic startup scripts
+    being present. tomcat-users can be installed instead and allow full
+    control over when Tomcat is started or stopped.
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 17 Feb 2010 22:59:21 +0100
+
+tomcat6 (6.0.24-1) unstable; urgency=low
+
+  [ Ludovic Claude ]
+  * New upstream version
+    - Fixes Directory traversal vulnerability (CVE-2009-2693,CVE-2009-2902)
+    - Fixes Autodeployment vulnerability (CVE-2009-2901)
+  * Update the POM files for the new version of Tomcat
+  * Bump up Standards-Version to 3.8.4
+  * Refresh patches deploy-webapps-build-xml.patch and var_loaders.patch
+  * Remove patch fix_context_name.patch as it has been applied upstream
+  * Fix the installation of servlet-api-2.5.jar: the jar
+    goes to /usr/share/java as in older versions (6.0.20-2)
+    and links to the jar are added to /usr/share/maven-repo
+  * Moved NEWS.Debian into README.Debian
+  * Add a link from /usr/share/doc/tomcat6-common/README.Debian to
+    /usr/share/doc/tomcat6/README.Debian to include a minimum of
+    documentation in the tomcat6 package and add some useful notes. 
+    (Closes: #563937, #563939)
+  * Remove poms from the Debian packaging, use upstream pom files
+
+  [ Jason Brittain ]
+  * Fixed a bug in the init script: When a start fails, the PID file was
+    being left in place.  Now the init script makes sure it is deleted.
+  * Fixed a packaging bug that results in the ROOT webapp not being properly
+    installed after an uninstall, then a reinstall.
+  * control: Corrected a couple of comments (no functional change).
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Tue, 09 Feb 2010 23:06:51 +0100
+
+tomcat6 (6.0.20-dfsg1-2) unstable; urgency=low
+
+  * JSVC is no longer used by the package.  Instead, the init script invokes
+    the stock catalina.sh script.
+  * Authbind is now the standard method for binding Tomcat to ports lower
+    than 1024 (when using IPv4).
+  * The security manager now defaults to the disabled state, and is commented
+    that way in /etc/default/tomcat6.
+  * Reliable restarts are now implemented in the init script.
+    (Closes: #561559)
+  * Tomcat now sends STDOUT and STDERR to its usual, stock log file
+    CATALINA_BASE/logs/catalina.out (/var/log/tomcat6/catalina.out in this
+    package's case.
+
+ -- Jason Brittain <jason.brittain at mulesoft.com>  Wed, 27 Jan 2010 01:08:57 +0000
+
+tomcat6 (6.0.20-dfsg1-1) unstable; urgency=low
+
+  * Fix debian/orig-tar.sh to exclude binary only standard.jar and jstl.jar.
+    (Closes: #528119)
+  * Upload a cleaned tarball.
+  * Add ${misc:Depends} in debian/control.
+
+ -- Torsten Werner <twerner at debian.org>  Sat, 23 Jan 2010 19:40:38 +0100
+
+tomcat6 (6.0.20-9) unstable; urgency=low
+
+  * Fix spelling issues.
+  * Always set JSVC_CLASSPATH to a default value in init.
+
+ -- Niels Thykier <niels at thykier.net>  Sat, 19 Dec 2009 19:11:33 +0100
+
+tomcat6 (6.0.20-8) unstable; urgency=low
+
+  * Corrected some spelling mistakes in debian/control.
+    (Closes: #557377, #557378)
+  * Added patches to install the OSGi metadata in some of the jars.
+    (Closes: #558176)
+  * Updated 03catalina.policy to allow "setContextClassLoader".
+    - Fixes a problem where Sun's JVM would fail to generate log-files.
+    (Closes: LP: #410379)
+  * Updated /etc/default/tomcat6:
+    - Clarified that JAVA_OPTS are passed to jscv and not the JVM.
+    - Updated the JSP_COMPILER to javac (jikes is not in Debian anymore).
+    (Closes: LP: #440685)
+  * Use default-jdk and default-jre-headless instead of openjdk in
+    (Build-)Depends.
+  * Added more alternatives for java implementations to the Depends of
+    libservlet2.5-java.
+  * Exposed JSVC_CLASSPATH to the configuration file.
+    (Closes: LP: #475457)
+  * Updated description so it no longer refers to non-existent package.
+    (Closes: #559475)
+  * Used "set -e" in postinst and postrm instead of passing "-e" to sh
+    in the #!-line.
+  * Changed to 3.0 (quilt) source format.
+
+ -- Niels Thykier <niels at thykier.net>  Mon, 07 Dec 2009 21:17:55 +0100
+
+tomcat6 (6.0.20-7) unstable; urgency=low
+
+  * New patch fix_context_name.patch:
+    - Allow Service name != Engine name. Regression in fix for 42707.
+      Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47316
+    - This has been fixed in trunk and will be in 6.0.21
+  * Register libservlet2.5-java-doc API with doc-base
+  * Fix short description of tomcat6-docs by using "documentation" suffix
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Sat, 10 Oct 2009 21:41:55 +0200
+
+tomcat6 (6.0.20-6) unstable; urgency=low
+
+  [ Ludovic Claude ]
+  * tomcat6.postinst: set the ownership of files in /etc/tomcat6/
+    to root:tomcat6, to prevent an attacker running inside a tomcat6
+    instance to change the tomcat configuration
+  * debian/policy/02debian.policy: grant access to 
+    /usr/share/maven-repo/ as it is a valid source of Debian JARs.
+    (Closes: #545674)
+  * Bump up Standards-Version to 3.8.3
+    - add debian/README.source that describes the quilt patch system.
+  * debian/control: Add Conflicts on libtomcat6-java with old versions
+    of tomcat6-common (Closes: #542397)
+
+  [ Michael Koch ]
+  * Replace dh_clean -k by dh_prep.
+  * Added Ludovic and myself to Uploaders.
+  * Build-Depends on debhelper >= 7.
+
+ -- Michael Koch <konqueror at gmx.de>  Fri, 25 Sep 2009 07:14:07 +0200
+
+tomcat6 (6.0.20-5) unstable; urgency=low
+
+  * Fix jsp-api dependency in the Maven descriptors.
+  * Put tomcat-juli.jar in /usr/share/java instead of juli.jar.
+    This fixes a broken link which prevented tomcat to start
+    when logging is turned on, and restores the file layout
+    defined in 6.0.20-2.
+  * Restore links to the jars in usr/share/tomcat6/lib
+  * Change watch to download fresh sources from SVN. 
+    Should fix wrong encoding in tomcat-i18n-fr/es.jar in the next upstream
+    version. (Closes: #522067)
+  * Update ownership for files in /etc/tomcat6 and /var/lib/tomcat6/webapps.
+    The new owner is tomcat6:adm (Closes: #532284)
+  * Add additional directories for the common, server and shared classloader.
+    Directories are also compatible with Alfresco's packaging done for
+    Ubuntu. (Closes: #521318)
+  * Update checksum in postrm script to reflect changes
+    in the new upstream webapp
+  * postrm removes the extra directories created in /var/lib/tomcat6
+    to hold shared and common classes or jars.
+  * Added commented out default options for enabling debug mode.
+    (Closes: LP: #375493)
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Wed, 05 Aug 2009 00:56:59 +0100
+
+tomcat6 (6.0.20-4) experimental; urgency=low
+
+  * Fix init script:
+    - Change Provides: tomcat6. (Closes: #532286)
+    - Check for /etc/default/rcS before sourcing it.
+  * Update Standards-Version: 3.8.2 (no changes).
+
+ -- Torsten Werner <twerner at debian.org>  Thu, 16 Jul 2009 23:36:32 +0200
+
+tomcat6 (6.0.20-3) experimental; urgency=low
+
+  * Add the Maven POM to the package
+  * Add a Build-Depends-Indep dependency on maven-repo-helper
+  * Use mh_installpom and mh_installjar to install the POM and the jar to the
+    Maven repository
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Tue, 14 Jul 2009 14:17:27 +0100
+
+tomcat6 (6.0.20-2) unstable; urgency=low
+
+  * Expose tomcat-juli.jar as a library in /usr/share/java
+    as it is a dependency of jasper which is used also by jetty
+
+ -- Ludovic Claude <ludovic.claude at laposte.net>  Mon, 15 Jun 2009 13:33:13 +0100
+
+tomcat6 (6.0.20-1) unstable; urgency=low
+
+  * new upstream release (Closes: #531873)
+  * Remove patch tcnative-ipv6-fix-43327.patch that has been applied upstream.
+  * Refresh other patches.
+
+ -- Torsten Werner <twerner at debian.org>  Fri, 05 Jun 2009 23:38:44 +0200
+
+tomcat6 (6.0.18-dfsg1-1) unstable; urgency=low
+
+  [ Torsten Werner ]
+  * Remove jstl.jar and standard.jar from orig tarball because it comes without
+    source code. (Closes: #528119)
+
+  [ Marcus Better ]
+  * Let the init script exit silently if the package is
+    uninstalled. (Closes: #529301)
+
+ -- Torsten Werner <twerner at debian.org>  Tue, 19 May 2009 21:23:18 +0200
+
+tomcat6 (6.0.18-4) unstable; urgency=low
+
+  * Add patch tcnative-ipv6-fix-43327.patch provided by Thierry Carrez.
+    (Closes: #527033)
+  * Change Section: java (from web).
+  * Bump up Standards-Version: 3.8.1 (no changes).
+  * Remove redundant Depends: ant because we depend on ant-optional.
+
+ -- Torsten Werner <twerner at debian.org>  Sun, 10 May 2009 19:41:40 +0200
+
+tomcat6 (6.0.18-3) unstable; urgency=low
+
+  * Remove unneeded dirs and symlinks; thanks to Thierry Carrez. (Closes:
+    #517857)
+  * Improve the long description of all binary packages. (Closes: #518140)
+
+ -- Torsten Werner <twerner at debian.org>  Wed, 04 Mar 2009 21:58:41 +0100
+
+tomcat6 (6.0.18-2) unstable; urgency=low
+
+  * upload to unstable
+
+ -- Torsten Werner <twerner at debian.org>  Sat, 21 Feb 2009 11:31:20 +0100
+
+tomcat6 (6.0.18-1) experimental; urgency=low
+
+  * Merge changes from Ubuntu. Thanks to the Ubuntu developers we are shipping
+    a full Tomcat 6.0 server stack now. (Closes: #494674)
+  * Add myself to Uploaders.
+  * Switch to openjdk-6 which is not the default in Debian.
+
+ -- Torsten Werner <twerner at debian.org>  Sat, 07 Feb 2009 17:02:57 +0100
+
+tomcat6 (6.0.18-0ubuntu5) jaunty; urgency=low
+
+  [ Thierry Carrez ]
+  * Removed tomcat6-[admin,docs,examples].post[inst,rm] and let Tomcat webapp
+    autodeployment features handle application load/unload (LP: #302914)
+  * tomcat6-instance-create, tomcat6-instance-create.1, control:
+    Allow to change the HTTP port, control port and shutdown word on the
+    tomcat6-instance-create command line (LP: #300691).
+
+  [ Mathias Gug]
+  * debian/tomcat6-instance-create: move directoryname from an option to 
+    an argument.
+  * debian/tomcat6-instance-create.1: some updates to the man page.
+  * debian/control: update maintainer field to Ubuntu Core Developers now that
+    tomcat6 is in main.
+
+ -- Mathias Gug <mathiaz at ubuntu.com>  Wed, 07 Jan 2009 18:44:39 -0500
+
+tomcat6 (6.0.18-0ubuntu4) jaunty; urgency=low
+
+  * tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default,
+    README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as
+    the JVM temporary directory and clean it at each restart (LP: #287452)
+  * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir
+  * tomcat6.init, rules: Do not use TearDown, as this results in
+    LifecycleListener callbacks in webapps being bypassed (LP: #299436)
+  * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs
+    (LP: #286427)
+  * control, rules, libservlet2.5-java-doc.install,
+    libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships
+    missing Servlet/JSP API documentation (LP: #279645)
+  * patches/use-commons-dbcp.patch: Change default DBCP factory class
+    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
+  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
+    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
+    group, so that autodeploy and admin webapps work as expected (LP: #294277)
+  * patches/disable-apr-loading.patch: Disable APR library loading until we
+    properly provide it.
+  * patches/disable-ajp-connector: Do not load AJP13 connector by default
+    (LP: #300697)
+  * rules: minor fixes to prevent build being called twice.
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Thu, 27 Nov 2008 12:47:42 +0000
+
+tomcat6 (6.0.18-0ubuntu3) intrepid; urgency=low
+
+  * debian/tomcat6.postinst:
+    - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
+    - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
+  * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
+    (fixes LP: #288218)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Thu, 23 Oct 2008 18:19:15 +0200
+
+tomcat6 (6.0.18-0ubuntu2) intrepid; urgency=low
+
+  * debian/rules: call dh_installinit with --error-handler so that install
+    doesn't fail if Tomcat cannot be started during configure (LP: #274365)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Mon, 06 Oct 2008 13:55:21 +0200
+
+tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
+
+  * New upstream version (LP: #260016)
+    - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
+    - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
+    - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
+  * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
+  * control: Improve short descriptions for the binary packages
+  * copyright: Added link to /usr/share/common-licenses/Apache-2.0
+  * control: To pull the right JRE, libtomcat6-java now depends on
+    default-jre-headless | java6-runtime-headless
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Fri, 22 Aug 2008 09:15:11 +0200
+
+tomcat6 (6.0.16-1ubuntu1) intrepid; urgency=low
+
+  * Adding full Tomcat 6 server stack support (LP: #256052)
+    - tomcat6 handles the system instance (/var/lib/tomcat6)
+    - tomcat6-user allows users to create their own private instances
+    - tomcat6-common installs common files in /usr/share/tomcat6
+    - libtomcat6-java installs Tomcat 6 java libs in /usr/share/java
+    - tomcat6-docs installs the documentation webapp
+    - tomcat6-examples installs the examples webapp
+    - tomcat6-admin installs the manager and host-manager webapps
+  * Other key differences with the tomcat5.5 packages:
+    - default-jdk build support
+    - OpenJDK-6 JRE runtime support
+    - tomcat6 installs a minimal ROOT webapp
+    - new webapp locations follow Debian webapp policy
+    - webapps restart tomcat6 in postrm rather than in prerm
+    - added a doc-base entry
+    - use standard upstream server.xml
+    - initscript: try to check if Tomcat is really running before returning OK
+    - removed transitional configuration migration code
+    - autogenerate policy in /var/cache/tomcat6 rather than /etc/tomcat6
+    - logging.properties is customized to remove -webapps-related lines
+    - initscript: implement TearDown spec
+  * CVE-2008-1947 fix (cross-site-scripting issue in host-manager webapp)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Fri, 08 Aug 2008 15:37:48 +0200
+
+tomcat6 (6.0.16-1) unstable; urgency=low
+
+  * Initial release.
+    (Closes: #480964).
+
+ -- Paul Cager <paul-debian at home.paulcager.org>  Mon, 12 May 2008 23:04:49 +0000

Copied: tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch (from rev 12686, trunk/tomcat6/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,21 @@
+From: Thomas Koch <thomas at koch.ro>
+Date: Mon, 28 Jun 2010 21:32:15 +0200
+Subject: [PATCH] set UTF-8 as default character encoding
+
+---
+ conf/server.xml |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/conf/server.xml b/conf/server.xml
+index 30673f6..03894e7 100644
+--- a/conf/server.xml
++++ b/conf/server.xml
+@@ -68,6 +68,7 @@
+     -->
+     <Connector port="8080" protocol="HTTP/1.1" 
+                connectionTimeout="20000" 
++               URIEncoding="UTF-8"
+                redirectPort="8443" />
+     <!-- A "Connector" using the shared thread pool-->
+     <!--
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch (from rev 12686, trunk/tomcat6/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,23 @@
+From: Thierry Carrez <thierry.carrez at ubuntu.com>
+Date: Mon, 28 Jun 2010 21:32:21 +0200
+Subject: [PATCH] do not load AJP13 connector by default
+
+---
+ conf/server.xml |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/conf/server.xml b/conf/server.xml
+index 03894e7..500e39a 100644
+--- a/conf/server.xml
++++ b/conf/server.xml
+@@ -88,7 +88,9 @@
+     -->
+ 
+     <!-- Define an AJP 1.3 Connector on port 8009 -->
++    <!--
+     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
++    -->
+ 
+ 
+     <!-- An Engine represents the entry point (within Catalina) that processes
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch (from rev 12686, trunk/tomcat6/debian/patches/0003-disable-APR-library-loading.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,24 @@
+From: Thierry Carrez <thierry.carrez at ubuntu.com>
+Date: Mon, 28 Jun 2010 21:32:28 +0200
+Subject: [PATCH] disable APR library loading
+
+    ... until we properly provide it.
+---
+ conf/server.xml |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/conf/server.xml b/conf/server.xml
+index 500e39a..155b664 100644
+--- a/conf/server.xml
++++ b/conf/server.xml
+@@ -22,7 +22,9 @@
+ <Server port="8005" shutdown="SHUTDOWN">
+ 
+   <!--APR library loader. Documentation at /docs/apr.html -->
++  <!--
+   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
++  -->
+   <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+   <Listener className="org.apache.catalina.core.JasperListener" />
+   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch (from rev 12686, trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,47 @@
+From: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
+Date: Mon, 28 Jun 2010 21:32:35 +0200
+Subject: [PATCH] split deploy-webapps target from deploy target
+
+---
+ build.xml |   13 ++++++++-----
+ 1 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/build.xml b/build.xml
+index 4073712..1e2ec83 100644
+--- a/build.xml
++++ b/build.xml
+@@ -469,7 +469,7 @@
+     building a tomcat release.</echo>
+   </target>
+ 
+-  <target name="deploy" depends="build-only,build-docs,warn.dbcp">
++  <target name="deploy" depends="build-only,build-docs,warn.dbcp,deploy-webapps">
+ 
+     <copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
+             file="${tomcat-native.tar.gz}" />
+@@ -505,6 +505,13 @@
+       </fileset>
+     </copy>
+ 
++    <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib" />
++    <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
++
++  </target>
++
++  <target name="deploy-webapps" depends="build-only,build-docs">
++
+     <!-- Copy other regular webapps -->
+     <copy todir="${tomcat.build}/webapps">
+       <fileset dir="webapps">
+@@ -629,10 +636,6 @@
+       </fileset>
+     </txt2html>
+ 
+-    <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib"
+-      failonerror="false"/>
+-    <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
+-
+   </target>
+ 
+   <target name="clean-depend"
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch (from rev 12686, trunk/tomcat6/debian/patches/0005-change-default-DBCP-factory-class.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,40 @@
+From: Thierry Carrez <thierry.carrez at ubuntu.com>
+Date: Mon, 28 Jun 2010 21:32:44 +0200
+Subject: [PATCH] change default DBCP factory class
+
+... to org.apache.commons.dbcp.BasicDataSourceFactory
+---
+ java/org/apache/naming/factory/Constants.java |    2 +-
+ webapps/docs/jndi-resources-howto.xml         |    4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/java/org/apache/naming/factory/Constants.java b/java/org/apache/naming/factory/Constants.java
+index 22ef7aa..ab1d759 100644
+--- a/java/org/apache/naming/factory/Constants.java
++++ b/java/org/apache/naming/factory/Constants.java
+@@ -49,7 +49,7 @@ public final class Constants {
+         Package + ".HandlerFactory";
+ 
+     public static final String DBCP_DATASOURCE_FACTORY = 
+-        "org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory";
++        "org.apache.commons.dbcp.BasicDataSourceFactory";
+ 
+     public static final String OPENEJB_EJB_FACTORY = 
+         Package + ".OpenEjbFactory";
+diff --git a/webapps/docs/jndi-resources-howto.xml b/webapps/docs/jndi-resources-howto.xml
+index 259d733..4f8877e 100644
+--- a/webapps/docs/jndi-resources-howto.xml
++++ b/webapps/docs/jndi-resources-howto.xml
+@@ -656,9 +656,9 @@ conn.close();
+     <code>driverName</code> parameters to match your actual database's
+     JDBC driver and connection URL.</p>
+ 
+-    <p>The configuration properties for Tomcat's standard data source
++    <p>The configuration properties for our default data source
+     resource factory
+-    (<code>org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory</code>) are
++    (<code>org.apache.commons.dbcp.BasicDataSourceFactory</code>) are
+     as follows:</p>
+     <ul>
+     <li><strong>driverClassName</strong> - Fully qualified Java class name
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch (from rev 12686, trunk/tomcat6/debian/patches/0006-add-JARs-below-var-to-class-loader.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,40 @@
+From: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
+Date: Mon, 28 Jun 2010 21:32:57 +0200
+Subject: [PATCH] add JARs below /var to class loader
+
+---
+ conf/catalina.properties |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/conf/catalina.properties b/conf/catalina.properties
+index dc2db35..5971437 100644
+--- a/conf/catalina.properties
++++ b/conf/catalina.properties
+@@ -44,7 +44,7 @@ package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache
+ #     "foo/*.jar": Add all the JARs of the specified folder as class 
+ #                  repositories
+ #     "foo/bar.jar": Add bar.jar as a class repository
+-common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
++common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,/var/lib/tomcat6/common/classes,/var/lib/tomcat6/common/*.jar
+ 
+ #
+ # List of comma-separated paths defining the contents of the "server" 
+@@ -57,7 +57,7 @@ common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/l
+ #     "foo/*.jar": Add all the JARs of the specified folder as class 
+ #                  repositories
+ #     "foo/bar.jar": Add bar.jar as a class repository
+-server.loader=
++server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,/var/lib/tomcat6/server/classes,/var/lib/tomcat6/server/*.jar
+ 
+ #
+ # List of comma-separated paths defining the contents of the "shared" 
+@@ -71,7 +71,7 @@ server.loader=
+ #     "foo/bar.jar": Add bar.jar as a class repository 
+ # Please note that for single jars, e.g. bar.jar, you need the URL form
+ # starting with file:.
+-shared.loader=
++shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,/var/lib/tomcat6/shared/classes,/var/lib/tomcat6/shared/*.jar
+ 
+ #
+ # String cache configuration.
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch (from rev 12686, trunk/tomcat6/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,29 @@
+From: Niels Thykier <niels at thykier.net>
+Date: Mon, 28 Jun 2010 21:33:03 +0200
+Subject: [PATCH] add OSGi headers to servlet-api
+
+---
+ res/META-INF/servlet-api.jar.manifest |    9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/res/META-INF/servlet-api.jar.manifest b/res/META-INF/servlet-api.jar.manifest
+index 4dbb748..a85f9ed 100644
+--- a/res/META-INF/servlet-api.jar.manifest
++++ b/res/META-INF/servlet-api.jar.manifest
+@@ -1,6 +1,15 @@
+ Manifest-version: 1.0
+ X-Compile-Source-JDK: @source.jdk@
+ X-Compile-Target-JDK: @target.jdk@
++Bundle-ManifestVersion: 2
++Export-Package: javax.servlet;version="2.5",javax.servlet.http;version
++ ="2.5",javax.servlet.resources;version="2.5"
++Bundle-Version: 2.5.0.v200806031605
++Bundle-SymbolicName: javax.servlet
++Bundle-Name: Servlet API Bundle
++Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
++Bundle-Localization: plugin
++Bundle-Vendor: Apache Software Foundation
+ 
+ Name: javax/servlet/
+ Specification-Title: Java API for Servlets
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch (from rev 12686, trunk/tomcat6/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,32 @@
+From: Niels Thykier <niels at thykier.net>
+Date: Mon, 28 Jun 2010 21:18:30 +0200
+Subject: [PATCH] add OSGI headers to jsp-api
+
+---
+ res/META-INF/jsp-api.jar.manifest |   12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/res/META-INF/jsp-api.jar.manifest b/res/META-INF/jsp-api.jar.manifest
+index fb050ea..e44409d 100644
+--- a/res/META-INF/jsp-api.jar.manifest
++++ b/res/META-INF/jsp-api.jar.manifest
+@@ -1,6 +1,18 @@
+ Manifest-version: 1.0
+ X-Compile-Source-JDK: @source.jdk@
+ X-Compile-Target-JDK: @target.jdk@
++Import-Package: javax.servlet; version=2.5,javax.servlet.http; version
++ =2.5,javax.servlet.resources; version=2.5
++Bundle-ManifestVersion: 2
++Export-Package: javax.servlet.jsp; version=2.1,javax.servlet.jsp.el; v
++ ersion=2.1,javax.servlet.jsp.resources; version=2.1,javax.servlet.jsp
++ .tagext; version=2.1
++Bundle-Version: 2.0.1.v200806031605
++Bundle-SymbolicName: javax.servlet.jsp
++Bundle-Name: Java Server Pages API Bundle
++Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
++Bundle-Localization: plugin
++Bundle-Vendor: Apache Software Foundation
+ 
+ Name: javax/servlet/jsp/
+ Specification-Title: Java API for JavaServer Pages
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch (from rev 12686, trunk/tomcat6/debian/patches/0009-allow-empty-PID-file.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,40 @@
+From: Arto Jantunen <viiru at debian.org>
+Date: Mon, 28 Jun 2010 21:19:14 +0200
+Subject: [PATCH] allow empty PID file
+
+---
+ bin/catalina.sh |    8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/bin/catalina.sh b/bin/catalina.sh
+index 2ef2323..5843b56 100755
+--- a/bin/catalina.sh
++++ b/bin/catalina.sh
+@@ -305,7 +305,7 @@ elif [ "$1" = "run" ]; then
+ elif [ "$1" = "start" ] ; then
+ 
+   if [ ! -z "$CATALINA_PID" ]; then
+-    if [ -f "$CATALINA_PID" ]; then
++    if [ -s "$CATALINA_PID" ]; then
+       echo "PID file ($CATALINA_PID) found. Is Tomcat still running? Start aborted."
+       exit 1
+     fi
+@@ -363,12 +363,16 @@ elif [ "$1" = "stop" ] ; then
+   fi
+ 
+   if [ ! -z "$CATALINA_PID" ]; then
+-    if [ -f "$CATALINA_PID" ]; then
++    if [ -s "$CATALINA_PID" ]; then
+       kill -0 `cat $CATALINA_PID` >/dev/null 2>&1
+       if [ $? -eq 1 ]; then
+         echo "PID file ($CATALINA_PID) found but no matching process was found. Stop aborted."
+         exit 1
+       fi
++    elif [ -f "$CATALINA_PID" ]; then
++        rm $CATALINA_PID
++        echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file is empty. Did Tomcat fail while starting? Stop aborted."
++        exit 1
+     else
+       echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file does not exist. Is Tomcat running? Stop aborted."
+       exit 1
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch (from rev 12686, trunk/tomcat6/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,286 @@
+From: Marcus Better <marcus at better.se>
+Date: Mon, 28 Jun 2010 21:19:59 +0200
+Subject: [PATCH] avoid deadlock in WebappClassLoader
+
+---
+ java/org/apache/catalina/loader/ResourceEntry.java |    2 +-
+ .../apache/catalina/loader/WebappClassLoader.java  |  193 ++++++++++----------
+ java/org/apache/jasper/servlet/JasperLoader.java   |    4 +-
+ 3 files changed, 99 insertions(+), 100 deletions(-)
+
+diff --git a/java/org/apache/catalina/loader/ResourceEntry.java b/java/org/apache/catalina/loader/ResourceEntry.java
+index d002a48..7d56590 100644
+--- a/java/org/apache/catalina/loader/ResourceEntry.java
++++ b/java/org/apache/catalina/loader/ResourceEntry.java
+@@ -47,7 +47,7 @@ public class ResourceEntry {
+     /**
+      * Loaded class.
+      */
+-    public Class loadedClass = null;
++    public volatile Class loadedClass = null;
+ 
+ 
+     /**
+diff --git a/java/org/apache/catalina/loader/WebappClassLoader.java b/java/org/apache/catalina/loader/WebappClassLoader.java
+index 5e5aa1a..0c9f8a5 100644
+--- a/java/org/apache/catalina/loader/WebappClassLoader.java
++++ b/java/org/apache/catalina/loader/WebappClassLoader.java
+@@ -1388,102 +1388,121 @@ public class WebappClassLoader
+      *
+      * @exception ClassNotFoundException if the class was not found
+      */
+-    public Class loadClass(String name, boolean resolve)
++    public synchronized Class loadClass(String name, boolean resolve)
+         throws ClassNotFoundException {
+ 
+-        synchronized (name.intern()) {
+-            if (log.isDebugEnabled())
+-                log.debug("loadClass(" + name + ", " + resolve + ")");
+-            Class clazz = null;
+-    
+-            // Log access to stopped classloader
+-            if (!started) {
+-                try {
+-                    throw new IllegalStateException();
+-                } catch (IllegalStateException e) {
+-                    log.info(sm.getString("webappClassLoader.stopped", name), e);
+-                }
++        if (log.isDebugEnabled())
++            log.debug("loadClass(" + name + ", " + resolve + ")");
++        Class clazz = null;
++
++        // Log access to stopped classloader
++        if (!started) {
++            try {
++                throw new IllegalStateException();
++            } catch (IllegalStateException e) {
++                log.info(sm.getString("webappClassLoader.stopped", name), e);
+             }
+-    
+-            // (0) Check our previously loaded local class cache
+-            clazz = findLoadedClass0(name);
++        }
++
++        // (0) Check our previously loaded local class cache
++        clazz = findLoadedClass0(name);
++        if (clazz != null) {
++            if (log.isDebugEnabled())
++                log.debug("  Returning class from cache");
++            if (resolve)
++                resolveClass(clazz);
++            return (clazz);
++        }
++
++        // (0.1) Check our previously loaded class cache
++        clazz = findLoadedClass(name);
++        if (clazz != null) {
++            if (log.isDebugEnabled())
++                log.debug("  Returning class from cache");
++            if (resolve)
++                resolveClass(clazz);
++            return (clazz);
++        }
++
++        // (0.2) Try loading the class with the system class loader, to prevent
++        //       the webapp from overriding J2SE classes
++        try {
++            clazz = system.loadClass(name);
+             if (clazz != null) {
+-                if (log.isDebugEnabled())
+-                    log.debug("  Returning class from cache");
+                 if (resolve)
+                     resolveClass(clazz);
+                 return (clazz);
+             }
+-    
+-            // (0.1) Check our previously loaded class cache
+-            clazz = findLoadedClass(name);
+-            if (clazz != null) {
+-                if (log.isDebugEnabled())
+-                    log.debug("  Returning class from cache");
+-                if (resolve)
+-                    resolveClass(clazz);
+-                return (clazz);
++        } catch (ClassNotFoundException e) {
++            // Ignore
++        }
++
++        // (0.5) Permission to access this class when using a SecurityManager
++        if (securityManager != null) {
++            int i = name.lastIndexOf('.');
++            if (i >= 0) {
++                try {
++                    securityManager.checkPackageAccess(name.substring(0,i));
++                } catch (SecurityException se) {
++                    String error = "Security Violation, attempt to use " +
++                        "Restricted Class: " + name;
++                    log.info(error, se);
++                    throw new ClassNotFoundException(error, se);
++                }
+             }
+-    
+-            // (0.2) Try loading the class with the system class loader, to prevent
+-            //       the webapp from overriding J2SE classes
++        }
++
++        boolean delegateLoad = delegate || filter(name);
++
++        // (1) Delegate to our parent if requested
++        if (delegateLoad) {
++            if (log.isDebugEnabled())
++                log.debug("  Delegating to parent classloader1 " + parent);
++            ClassLoader loader = parent;
++            if (loader == null)
++                loader = system;
+             try {
+-                clazz = system.loadClass(name);
++                clazz = loader.loadClass(name);
+                 if (clazz != null) {
++                    if (log.isDebugEnabled())
++                        log.debug("  Loading class from parent");
+                     if (resolve)
+                         resolveClass(clazz);
+                     return (clazz);
+                 }
+             } catch (ClassNotFoundException e) {
+-                // Ignore
+-            }
+-    
+-            // (0.5) Permission to access this class when using a SecurityManager
+-            if (securityManager != null) {
+-                int i = name.lastIndexOf('.');
+-                if (i >= 0) {
+-                    try {
+-                        securityManager.checkPackageAccess(name.substring(0,i));
+-                    } catch (SecurityException se) {
+-                        String error = "Security Violation, attempt to use " +
+-                            "Restricted Class: " + name;
+-                        log.info(error, se);
+-                        throw new ClassNotFoundException(error, se);
+-                    }
+-                }
++                ;
+             }
+-    
+-            boolean delegateLoad = delegate || filter(name);
+-    
+-            // (1) Delegate to our parent if requested
+-            if (delegateLoad) {
++        }
++
++        // (2) Search local repositories
++        if (log.isDebugEnabled())
++            log.debug("  Searching local repositories");
++        try {
++            clazz = findClass(name);
++            if (clazz != null) {
+                 if (log.isDebugEnabled())
+-                    log.debug("  Delegating to parent classloader1 " + parent);
+-                ClassLoader loader = parent;
+-                if (loader == null)
+-                    loader = system;
+-                try {
+-                    clazz = loader.loadClass(name);
+-                    if (clazz != null) {
+-                        if (log.isDebugEnabled())
+-                            log.debug("  Loading class from parent");
+-                        if (resolve)
+-                            resolveClass(clazz);
+-                        return (clazz);
+-                    }
+-                } catch (ClassNotFoundException e) {
+-                    ;
+-                }
++                    log.debug("  Loading class from local repository");
++                if (resolve)
++                    resolveClass(clazz);
++                return (clazz);
+             }
+-    
+-            // (2) Search local repositories
++        } catch (ClassNotFoundException e) {
++            ;
++        }
++
++        // (3) Delegate to parent unconditionally
++        if (!delegateLoad) {
+             if (log.isDebugEnabled())
+-                log.debug("  Searching local repositories");
++                log.debug("  Delegating to parent classloader at end: " + parent);
++            ClassLoader loader = parent;
++            if (loader == null)
++                loader = system;
+             try {
+-                clazz = findClass(name);
++                clazz = loader.loadClass(name);
+                 if (clazz != null) {
+                     if (log.isDebugEnabled())
+-                        log.debug("  Loading class from local repository");
++                        log.debug("  Loading class from parent");
+                     if (resolve)
+                         resolveClass(clazz);
+                     return (clazz);
+@@ -1491,30 +1510,10 @@ public class WebappClassLoader
+             } catch (ClassNotFoundException e) {
+                 ;
+             }
+-    
+-            // (3) Delegate to parent unconditionally
+-            if (!delegateLoad) {
+-                if (log.isDebugEnabled())
+-                    log.debug("  Delegating to parent classloader at end: " + parent);
+-                ClassLoader loader = parent;
+-                if (loader == null)
+-                    loader = system;
+-                try {
+-                    clazz = loader.loadClass(name);
+-                    if (clazz != null) {
+-                        if (log.isDebugEnabled())
+-                            log.debug("  Loading class from parent");
+-                        if (resolve)
+-                            resolveClass(clazz);
+-                        return (clazz);
+-                    }
+-                } catch (ClassNotFoundException e) {
+-                    ;
+-                }
+-            }
+-    
+-            throw new ClassNotFoundException(name);
+         }
++
++        throw new ClassNotFoundException(name);
++
+     }
+ 
+ 
+@@ -2469,7 +2468,7 @@ public class WebappClassLoader
+         if (clazz != null)
+             return clazz;
+ 
+-        synchronized (name.intern()) {
++        synchronized (this) {
+             clazz = entry.loadedClass;
+             if (clazz != null)
+                 return clazz;
+diff --git a/java/org/apache/jasper/servlet/JasperLoader.java b/java/org/apache/jasper/servlet/JasperLoader.java
+index 7a3b0f7..43d56cb 100644
+--- a/java/org/apache/jasper/servlet/JasperLoader.java
++++ b/java/org/apache/jasper/servlet/JasperLoader.java
+@@ -91,7 +91,7 @@ public class JasperLoader extends URLClassLoader {
+      *                                     
+      * @exception ClassNotFoundException if the class was not found
+      */                                    
+-    public Class loadClass(final String name, boolean resolve)
++    public synchronized Class loadClass(final String name, boolean resolve)
+         throws ClassNotFoundException {
+ 
+         Class clazz = null;                
+@@ -169,4 +169,4 @@ public class JasperLoader extends URLClassLoader {
+     public final PermissionCollection getPermissions(CodeSource codeSource) {
+         return permissionCollection;
+     }
+-}
+\ No newline at end of file
++}
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch (from rev 12686, trunk/tomcat6/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,46 @@
+From: Adam Guthrie <asguthrie at gmail.com>
+Date: Mon, 28 Jun 2010 21:53:50 +0200
+Subject: [PATCH] Use java.security.policy file in catalina.sh
+
+Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
+file location when Tomcat is started with a security manager.
+
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
+Bug-Debian: http://bugs.debian.org/585379
+Forwarded: not-needed
+---
+ bin/catalina.sh |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/bin/catalina.sh b/bin/catalina.sh
+index 5843b56..783b382 100755
+--- a/bin/catalina.sh
++++ b/bin/catalina.sh
+@@ -261,7 +261,7 @@ if [ "$1" = "debug" ] ; then
+         -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+         -sourcepath "$CATALINA_HOME"/../../java \
+         -Djava.security.manager \
+-        -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++        -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+         -Dcatalina.base="$CATALINA_BASE" \
+         -Dcatalina.home="$CATALINA_HOME" \
+         -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -288,7 +288,7 @@ elif [ "$1" = "run" ]; then
+     exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+       -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+       -Djava.security.manager \
+-      -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++      -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+       -Dcatalina.base="$CATALINA_BASE" \
+       -Dcatalina.home="$CATALINA_HOME" \
+       -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -321,7 +321,7 @@ elif [ "$1" = "start" ] ; then
+     "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+       -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+       -Djava.security.manager \
+-      -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++      -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+       -Dcatalina.base="$CATALINA_BASE" \
+       -Dcatalina.home="$CATALINA_HOME" \
+       -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+-- 

Copied: tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch (from rev 12686, trunk/tomcat6/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,59 @@
+From: Torsten Werner <twerner at debian.org>
+Date: Mon, 28 Jun 2010 21:39:20 +0200
+Subject: [PATCH] Prevent disclosure of host name or IP address
+
+Fix CVE-2010-1157. Prevent possible disclosure of host name or IP
+address via the HTTP WWW-Authenticate header when using BASIC or DIGEST
+authentication.
+---
+ .../catalina/authenticator/AuthenticatorBase.java  |    5 +++++
+ .../catalina/authenticator/BasicAuthenticator.java |    4 +---
+ .../authenticator/DigestAuthenticator.java         |    3 +--
+ 3 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+index aa425c7..9d1c182 100644
+--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
++++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+@@ -99,6 +99,11 @@ public abstract class AuthenticatorBase
+ 
+ 
+     /**
++     * Default authentication realm name.
++     */
++    protected static final String REALM_NAME = "Authentication required";
++
++    /**
+      * The message digest algorithm to be used when generating session
+      * identifiers.  This must be an algorithm supported by the
+      * <code>java.security.MessageDigest</code> class on your platform.
+diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+index 31ffaf9..b00859e 100644
+--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
++++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+@@ -194,9 +194,7 @@ public class BasicAuthenticator
+         CharChunk authenticateCC = authenticate.getCharChunk();
+         authenticateCC.append("Basic realm=\"");
+         if (config.getRealmName() == null) {
+-            authenticateCC.append(request.getServerName());
+-            authenticateCC.append(':');
+-            authenticateCC.append(Integer.toString(request.getServerPort()));
++            authenticateCC.append(REALM_NAME);
+         } else {
+             authenticateCC.append(config.getRealmName());
+         }
+diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+index 821e08f..ee5a46b 100644
+--- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
++++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+@@ -406,8 +406,7 @@ public class DigestAuthenticator
+         // Get the realm name
+         String realmName = config.getRealmName();
+         if (realmName == null)
+-            realmName = request.getServerName() + ":"
+-                + request.getServerPort();
++            realmName = REALM_NAME;
+ 
+         byte[] buffer = null;
+         synchronized (md5Helper) {
+-- 

Deleted: tags/tomcat6/6.0.26-5/debian/patches/allow-empty-pid-file.patch
===================================================================
--- trunk/tomcat6/debian/patches/allow-empty-pid-file.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/allow-empty-pid-file.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,29 +0,0 @@
---- a/bin/catalina.sh
-+++ b/bin/catalina.sh
-@@ -305,7 +305,7 @@
- elif [ "$1" = "start" ] ; then
- 
-   if [ ! -z "$CATALINA_PID" ]; then
--    if [ -f "$CATALINA_PID" ]; then
-+    if [ -s "$CATALINA_PID" ]; then
-       echo "PID file ($CATALINA_PID) found. Is Tomcat still running? Start aborted."
-       exit 1
-     fi
-@@ -363,12 +363,16 @@
-   fi
- 
-   if [ ! -z "$CATALINA_PID" ]; then
--    if [ -f "$CATALINA_PID" ]; then
-+    if [ -s "$CATALINA_PID" ]; then
-       kill -0 `cat $CATALINA_PID` >/dev/null 2>&1
-       if [ $? -eq 1 ]; then
-         echo "PID file ($CATALINA_PID) found but no matching process was found. Stop aborted."
-         exit 1
-       fi
-+    elif [ -f "$CATALINA_PID" ]; then
-+        rm $CATALINA_PID
-+        echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file is empty. Did Tomcat fail while starting? Stop aborted."
-+        exit 1
-     else
-       echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file does not exist. Is Tomcat running? Stop aborted."
-       exit 1

Deleted: tags/tomcat6/6.0.26-5/debian/patches/catalina-sh-security-manager.patch
===================================================================
--- trunk/tomcat6/debian/patches/catalina-sh-security-manager.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/catalina-sh-security-manager.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,36 +0,0 @@
-Description: Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
- file location when Tomcat is started with a security manager.
-Author: Adam Guthrie <asguthrie at gmail.com>
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
-Bug-Debian: http://bugs.debian.org/585379
-Forwarded: not-needed
-
---- tomcat6-6.0.24.orig/bin/catalina.sh
-+++ tomcat6-6.0.24/bin/catalina.sh
-@@ -261,7 +261,7 @@ if [ "$1" = "debug" ] ; then
-         -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
-         -sourcepath "$CATALINA_HOME"/../../java \
-         -Djava.security.manager \
--        -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+        -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
-         -Dcatalina.base="$CATALINA_BASE" \
-         -Dcatalina.home="$CATALINA_HOME" \
-         -Djava.io.tmpdir="$CATALINA_TMPDIR" \
-@@ -288,7 +288,7 @@ elif [ "$1" = "run" ]; then
-     exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
-       -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
-       -Djava.security.manager \
--      -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+      -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
-       -Dcatalina.base="$CATALINA_BASE" \
-       -Dcatalina.home="$CATALINA_HOME" \
-       -Djava.io.tmpdir="$CATALINA_TMPDIR" \
-@@ -321,7 +321,7 @@ elif [ "$1" = "start" ] ; then
-     "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
-       -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
-       -Djava.security.manager \
--      -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+      -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
-       -Dcatalina.base="$CATALINA_BASE" \
-       -Dcatalina.home="$CATALINA_HOME" \
-       -Djava.io.tmpdir="$CATALINA_TMPDIR" \

Deleted: tags/tomcat6/6.0.26-5/debian/patches/default-encoding-utf8.patch
===================================================================
--- trunk/tomcat6/debian/patches/default-encoding-utf8.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/default-encoding-utf8.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,10 +0,0 @@
---- a/conf/server.xml
-+++ b/conf/server.xml
-@@ -68,6 +68,7 @@
-     -->
-     <Connector port="8080" protocol="HTTP/1.1" 
-                connectionTimeout="20000" 
-+               URIEncoding="UTF-8"
-                redirectPort="8443" />
-     <!-- A "Connector" using the shared thread pool-->
-     <!--

Deleted: tags/tomcat6/6.0.26-5/debian/patches/deploy-webapps-build-xml.patch
===================================================================
--- trunk/tomcat6/debian/patches/deploy-webapps-build-xml.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/deploy-webapps-build-xml.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,36 +0,0 @@
---- a/build.xml
-+++ b/build.xml
-@@ -494,7 +494,7 @@
-     building a tomcat release.</echo>
-   </target>
- 
--  <target name="deploy" depends="build-only,build-docs,warn.dbcp">
-+  <target name="deploy" depends="build-only,build-docs,warn.dbcp,deploy-webapps">
- 
-     <copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
-             file="${tomcat-native.tar.gz}" />
-@@ -530,6 +530,13 @@
-       </fileset>
-     </copy>
- 
-+    <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib" />
-+    <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
-+
-+  </target>
-+
-+  <target name="deploy-webapps" depends="build-only,build-docs">
-+
-     <!-- Copy other regular webapps -->
-     <copy todir="${tomcat.build}/webapps">
-       <fileset dir="webapps">
-@@ -654,10 +661,6 @@
-       </fileset>
-     </txt2html>
- 
--    <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib"
--      failonerror="false"/>
--    <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
--
-   </target>
- 
-   <target name="clean-depend"

Deleted: tags/tomcat6/6.0.26-5/debian/patches/disable-ajp-connector.patch
===================================================================
--- trunk/tomcat6/debian/patches/disable-ajp-connector.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/disable-ajp-connector.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,12 +0,0 @@
---- a/conf/server.xml
-+++ b/conf/server.xml
-@@ -87,7 +87,9 @@
-     -->
- 
-     <!-- Define an AJP 1.3 Connector on port 8009 -->
-+    <!--
-     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-+    -->
- 
- 
-     <!-- An Engine represents the entry point (within Catalina) that processes

Deleted: tags/tomcat6/6.0.26-5/debian/patches/disable-apr-loading.patch
===================================================================
--- trunk/tomcat6/debian/patches/disable-apr-loading.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/disable-apr-loading.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,12 +0,0 @@
---- a/conf/server.xml
-+++ b/conf/server.xml
-@@ -22,7 +22,9 @@
- <Server port="8005" shutdown="SHUTDOWN">
- 
-   <!--APR library loader. Documentation at /docs/apr.html -->
-+  <!--
-   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
-+  -->
-   <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
-   <Listener className="org.apache.catalina.core.JasperListener" />
-   <!-- Prevent memory leaks due to use of particular java/javax APIs-->

Deleted: tags/tomcat6/6.0.26-5/debian/patches/jsp-api-OSGi.patch
===================================================================
--- trunk/tomcat6/debian/patches/jsp-api-OSGi.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/jsp-api-OSGi.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,23 +0,0 @@
-Description: Adds OSGi metadata needed by eclipse.
-
---- a/res/META-INF/jsp-api.jar.manifest
-+++ b/res/META-INF/jsp-api.jar.manifest
-@@ -1,6 +1,18 @@
- Manifest-version: 1.0
- X-Compile-Source-JDK: @source.jdk@
- X-Compile-Target-JDK: @target.jdk@
-+Import-Package: javax.servlet; version=2.5,javax.servlet.http; version
-+ =2.5,javax.servlet.resources; version=2.5
-+Bundle-ManifestVersion: 2
-+Export-Package: javax.servlet.jsp; version=2.1,javax.servlet.jsp.el; v
-+ ersion=2.1,javax.servlet.jsp.resources; version=2.1,javax.servlet.jsp
-+ .tagext; version=2.1
-+Bundle-Version: 2.0.1.v200806031605
-+Bundle-SymbolicName: javax.servlet.jsp
-+Bundle-Name: Java Server Pages API Bundle
-+Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
-+Bundle-Localization: plugin
-+Bundle-Vendor: Apache Software Foundation
- 
- Name: javax/servlet/jsp/
- Specification-Title: Java API for JavaServer Pages

Deleted: tags/tomcat6/6.0.26-5/debian/patches/series
===================================================================
--- trunk/tomcat6/debian/patches/series	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/series	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,11 +0,0 @@
-default-encoding-utf8.patch
-disable-ajp-connector.patch
-disable-apr-loading.patch
-deploy-webapps-build-xml.patch
-use-commons-dbcp.patch
-var_loaders.patch
-servlet-api-OSGi.patch
-jsp-api-OSGi.patch
-allow-empty-pid-file.patch
-webapp-classloader-deadlock-fix.patch
-catalina-sh-security-manager.patch

Copied: tags/tomcat6/6.0.26-5/debian/patches/series (from rev 12686, trunk/tomcat6/debian/patches/series)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/series	                        (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/series	2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,12 @@
+0001-set-UTF-8-as-default-character-encoding.patch
+0002-do-not-load-AJP13-connector-by-default.patch
+0003-disable-APR-library-loading.patch
+0004-split-deploy-webapps-target-from-deploy-target.patch
+0005-change-default-DBCP-factory-class.patch
+0006-add-JARs-below-var-to-class-loader.patch
+0007-add-OSGi-headers-to-servlet-api.patch
+0008-add-OSGI-headers-to-jsp-api.patch
+0009-allow-empty-PID-file.patch
+0010-avoid-deadlock-in-WebappClassLoader.patch
+0011-Use-java.security.policy-file-in-catalina.sh.patch
+0012-Prevent-disclosure-of-host-name-or-IP-address.patch

Deleted: tags/tomcat6/6.0.26-5/debian/patches/servlet-api-OSGi.patch
===================================================================
--- trunk/tomcat6/debian/patches/servlet-api-OSGi.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/servlet-api-OSGi.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,20 +0,0 @@
-Description: Adds OSGi metadata needed by eclipse.
-
---- a/res/META-INF/servlet-api.jar.manifest
-+++ b/res/META-INF/servlet-api.jar.manifest
-@@ -1,6 +1,15 @@
- Manifest-version: 1.0
- X-Compile-Source-JDK: @source.jdk@
- X-Compile-Target-JDK: @target.jdk@
-+Bundle-ManifestVersion: 2
-+Export-Package: javax.servlet;version="2.5",javax.servlet.http;version
-+ ="2.5",javax.servlet.resources;version="2.5"
-+Bundle-Version: 2.5.0.v200806031605
-+Bundle-SymbolicName: javax.servlet
-+Bundle-Name: Servlet API Bundle
-+Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
-+Bundle-Localization: plugin
-+Bundle-Vendor: Apache Software Foundation
- 
- Name: javax/servlet/
- Specification-Title: Java API for Servlets

Deleted: tags/tomcat6/6.0.26-5/debian/patches/use-commons-dbcp.patch
===================================================================
--- trunk/tomcat6/debian/patches/use-commons-dbcp.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/use-commons-dbcp.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,25 +0,0 @@
---- a/java/org/apache/naming/factory/Constants.java
-+++ b/java/org/apache/naming/factory/Constants.java
-@@ -49,7 +49,7 @@
-         Package + ".HandlerFactory";
- 
-     public static final String DBCP_DATASOURCE_FACTORY = 
--        "org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory";
-+        "org.apache.commons.dbcp.BasicDataSourceFactory";
- 
-     public static final String OPENEJB_EJB_FACTORY = 
-         Package + ".OpenEjbFactory";
---- a/webapps/docs/jndi-resources-howto.xml
-+++ b/webapps/docs/jndi-resources-howto.xml
-@@ -653,9 +653,9 @@
-     <code>driverName</code> parameters to match your actual database's
-     JDBC driver and connection URL.</p>
- 
--    <p>The configuration properties for Tomcat's standard data source
-+    <p>The configuration properties for our default data source
-     resource factory
--    (<code>org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory</code>) are
-+    (<code>org.apache.commons.dbcp.BasicDataSourceFactory</code>) are
-     as follows:</p>
-     <ul>
-     <li><strong>driverClassName</strong> - Fully qualified Java class name

Deleted: tags/tomcat6/6.0.26-5/debian/patches/var_loaders.patch
===================================================================
--- trunk/tomcat6/debian/patches/var_loaders.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/var_loaders.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,29 +0,0 @@
---- a/conf/catalina.properties
-+++ b/conf/catalina.properties
-@@ -44,7 +44,7 @@
- #     "foo/*.jar": Add all the JARs of the specified folder as class 
- #                  repositories
- #     "foo/bar.jar": Add bar.jar as a class repository
--common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
-+common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,/var/lib/tomcat6/common/classes,/var/lib/tomcat6/common/*.jar
- 
- #
- # List of comma-separated paths defining the contents of the "server" 
-@@ -57,7 +57,7 @@
- #     "foo/*.jar": Add all the JARs of the specified folder as class 
- #                  repositories
- #     "foo/bar.jar": Add bar.jar as a class repository
--server.loader=
-+server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,/var/lib/tomcat6/server/classes,/var/lib/tomcat6/server/*.jar
- 
- #
- # List of comma-separated paths defining the contents of the "shared" 
-@@ -71,7 +71,7 @@
- #     "foo/bar.jar": Add bar.jar as a class repository 
- # Please note that for single jars, e.g. bar.jar, you need the URL form
- # starting with file:.
--shared.loader=
-+shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,/var/lib/tomcat6/shared/classes,/var/lib/tomcat6/shared/*.jar
- 
- #
- # String cache configuration.

Deleted: tags/tomcat6/6.0.26-5/debian/patches/webapp-classloader-deadlock-fix.patch
===================================================================
--- trunk/tomcat6/debian/patches/webapp-classloader-deadlock-fix.patch	2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/webapp-classloader-deadlock-fix.patch	2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,275 +0,0 @@
-Index: trunk/java/org/apache/jasper/servlet/JasperLoader.java
-===================================================================
---- trunk/java/org/apache/jasper/servlet/JasperLoader.java	(revision 941867)
-+++ trunk/java/org/apache/jasper/servlet/JasperLoader.java	(revision 941868)
-@@ -91,7 +91,7 @@
-      *                                     
-      * @exception ClassNotFoundException if the class was not found
-      */                                    
--    public Class loadClass(final String name, boolean resolve)
-+    public synchronized Class loadClass(final String name, boolean resolve)
-         throws ClassNotFoundException {
- 
-         Class clazz = null;                
-@@ -169,4 +169,4 @@
-     public final PermissionCollection getPermissions(CodeSource codeSource) {
-         return permissionCollection;
-     }
--}
-\ No newline at end of file
-+}
-Index: trunk/java/org/apache/catalina/loader/ResourceEntry.java
-===================================================================
---- trunk/java/org/apache/catalina/loader/ResourceEntry.java	(revision 941867)
-+++ trunk/java/org/apache/catalina/loader/ResourceEntry.java	(revision 941868)
-@@ -47,7 +47,7 @@
-     /**
-      * Loaded class.
-      */
--    public Class loadedClass = null;
-+    public volatile Class loadedClass = null;
- 
- 
-     /**
-Index: trunk/java/org/apache/catalina/loader/WebappClassLoader.java
-===================================================================
---- trunk/java/org/apache/catalina/loader/WebappClassLoader.java	(revision 941867)
-+++ trunk/java/org/apache/catalina/loader/WebappClassLoader.java	(revision 941868)
-@@ -1432,102 +1432,121 @@
-      *
-      * @exception ClassNotFoundException if the class was not found
-      */
--    public Class loadClass(String name, boolean resolve)
-+    public synchronized Class loadClass(String name, boolean resolve)
-         throws ClassNotFoundException {
- 
--        synchronized (name.intern()) {
--            if (log.isDebugEnabled())
--                log.debug("loadClass(" + name + ", " + resolve + ")");
--            Class clazz = null;
--    
--            // Log access to stopped classloader
--            if (!started) {
--                try {
--                    throw new IllegalStateException();
--                } catch (IllegalStateException e) {
--                    log.info(sm.getString("webappClassLoader.stopped", name), e);
--                }
-+        if (log.isDebugEnabled())
-+            log.debug("loadClass(" + name + ", " + resolve + ")");
-+        Class clazz = null;
-+
-+        // Log access to stopped classloader
-+        if (!started) {
-+            try {
-+                throw new IllegalStateException();
-+            } catch (IllegalStateException e) {
-+                log.info(sm.getString("webappClassLoader.stopped", name), e);
-             }
--    
--            // (0) Check our previously loaded local class cache
--            clazz = findLoadedClass0(name);
-+        }
-+
-+        // (0) Check our previously loaded local class cache
-+        clazz = findLoadedClass0(name);
-+        if (clazz != null) {
-+            if (log.isDebugEnabled())
-+                log.debug("  Returning class from cache");
-+            if (resolve)
-+                resolveClass(clazz);
-+            return (clazz);
-+        }
-+
-+        // (0.1) Check our previously loaded class cache
-+        clazz = findLoadedClass(name);
-+        if (clazz != null) {
-+            if (log.isDebugEnabled())
-+                log.debug("  Returning class from cache");
-+            if (resolve)
-+                resolveClass(clazz);
-+            return (clazz);
-+        }
-+
-+        // (0.2) Try loading the class with the system class loader, to prevent
-+        //       the webapp from overriding J2SE classes
-+        try {
-+            clazz = system.loadClass(name);
-             if (clazz != null) {
--                if (log.isDebugEnabled())
--                    log.debug("  Returning class from cache");
-                 if (resolve)
-                     resolveClass(clazz);
-                 return (clazz);
-             }
--    
--            // (0.1) Check our previously loaded class cache
--            clazz = findLoadedClass(name);
--            if (clazz != null) {
--                if (log.isDebugEnabled())
--                    log.debug("  Returning class from cache");
--                if (resolve)
--                    resolveClass(clazz);
--                return (clazz);
-+        } catch (ClassNotFoundException e) {
-+            // Ignore
-+        }
-+
-+        // (0.5) Permission to access this class when using a SecurityManager
-+        if (securityManager != null) {
-+            int i = name.lastIndexOf('.');
-+            if (i >= 0) {
-+                try {
-+                    securityManager.checkPackageAccess(name.substring(0,i));
-+                } catch (SecurityException se) {
-+                    String error = "Security Violation, attempt to use " +
-+                        "Restricted Class: " + name;
-+                    log.info(error, se);
-+                    throw new ClassNotFoundException(error, se);
-+                }
-             }
--    
--            // (0.2) Try loading the class with the system class loader, to prevent
--            //       the webapp from overriding J2SE classes
-+        }
-+
-+        boolean delegateLoad = delegate || filter(name);
-+
-+        // (1) Delegate to our parent if requested
-+        if (delegateLoad) {
-+            if (log.isDebugEnabled())
-+                log.debug("  Delegating to parent classloader1 " + parent);
-+            ClassLoader loader = parent;
-+            if (loader == null)
-+                loader = system;
-             try {
--                clazz = system.loadClass(name);
-+                clazz = loader.loadClass(name);
-                 if (clazz != null) {
-+                    if (log.isDebugEnabled())
-+                        log.debug("  Loading class from parent");
-                     if (resolve)
-                         resolveClass(clazz);
-                     return (clazz);
-                 }
-             } catch (ClassNotFoundException e) {
--                // Ignore
-+                ;
-             }
--    
--            // (0.5) Permission to access this class when using a SecurityManager
--            if (securityManager != null) {
--                int i = name.lastIndexOf('.');
--                if (i >= 0) {
--                    try {
--                        securityManager.checkPackageAccess(name.substring(0,i));
--                    } catch (SecurityException se) {
--                        String error = "Security Violation, attempt to use " +
--                            "Restricted Class: " + name;
--                        log.info(error, se);
--                        throw new ClassNotFoundException(error, se);
--                    }
--                }
--            }
--    
--            boolean delegateLoad = delegate || filter(name);
--    
--            // (1) Delegate to our parent if requested
--            if (delegateLoad) {
-+        }
-+
-+        // (2) Search local repositories
-+        if (log.isDebugEnabled())
-+            log.debug("  Searching local repositories");
-+        try {
-+            clazz = findClass(name);
-+            if (clazz != null) {
-                 if (log.isDebugEnabled())
--                    log.debug("  Delegating to parent classloader1 " + parent);
--                ClassLoader loader = parent;
--                if (loader == null)
--                    loader = system;
--                try {
--                    clazz = loader.loadClass(name);
--                    if (clazz != null) {
--                        if (log.isDebugEnabled())
--                            log.debug("  Loading class from parent");
--                        if (resolve)
--                            resolveClass(clazz);
--                        return (clazz);
--                    }
--                } catch (ClassNotFoundException e) {
--                    ;
--                }
-+                    log.debug("  Loading class from local repository");
-+                if (resolve)
-+                    resolveClass(clazz);
-+                return (clazz);
-             }
--    
--            // (2) Search local repositories
-+        } catch (ClassNotFoundException e) {
-+            ;
-+        }
-+
-+        // (3) Delegate to parent unconditionally
-+        if (!delegateLoad) {
-             if (log.isDebugEnabled())
--                log.debug("  Searching local repositories");
-+                log.debug("  Delegating to parent classloader at end: " + parent);
-+            ClassLoader loader = parent;
-+            if (loader == null)
-+                loader = system;
-             try {
--                clazz = findClass(name);
-+                clazz = loader.loadClass(name);
-                 if (clazz != null) {
-                     if (log.isDebugEnabled())
--                        log.debug("  Loading class from local repository");
-+                        log.debug("  Loading class from parent");
-                     if (resolve)
-                         resolveClass(clazz);
-                     return (clazz);
-@@ -1535,30 +1554,10 @@
-             } catch (ClassNotFoundException e) {
-                 ;
-             }
--    
--            // (3) Delegate to parent unconditionally
--            if (!delegateLoad) {
--                if (log.isDebugEnabled())
--                    log.debug("  Delegating to parent classloader at end: " + parent);
--                ClassLoader loader = parent;
--                if (loader == null)
--                    loader = system;
--                try {
--                    clazz = loader.loadClass(name);
--                    if (clazz != null) {
--                        if (log.isDebugEnabled())
--                            log.debug("  Loading class from parent");
--                        if (resolve)
--                            resolveClass(clazz);
--                        return (clazz);
--                    }
--                } catch (ClassNotFoundException e) {
--                    ;
--                }
--            }
--    
--            throw new ClassNotFoundException(name);
-         }
-+
-+        throw new ClassNotFoundException(name);
-+
-     }
- 
- 
-@@ -2544,7 +2543,7 @@
-         if (clazz != null)
-             return clazz;
- 
--        synchronized (name.intern()) {
-+        synchronized (this) {
-             clazz = entry.loadedClass;
-             if (clazz != null)
-                 return clazz;




More information about the pkg-java-commits mailing list