[pkg-java] r12687 - in tags/tomcat6: . 6.0.26-5/debian 6.0.26-5/debian/patches
Torsten Werner
twerner at alioth.debian.org
Mon Jun 28 20:03:41 UTC 2010
Author: twerner
Date: 2010-06-28 20:03:37 +0000 (Mon, 28 Jun 2010)
New Revision: 12687
Added:
tags/tomcat6/6.0.26-5/
tags/tomcat6/6.0.26-5/debian/changelog
tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch
tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch
tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch
tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch
tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch
tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch
tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch
tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch
tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch
tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch
tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch
tags/tomcat6/6.0.26-5/debian/patches/series
Removed:
tags/tomcat6/6.0.26-5/debian/changelog
tags/tomcat6/6.0.26-5/debian/patches/allow-empty-pid-file.patch
tags/tomcat6/6.0.26-5/debian/patches/catalina-sh-security-manager.patch
tags/tomcat6/6.0.26-5/debian/patches/default-encoding-utf8.patch
tags/tomcat6/6.0.26-5/debian/patches/deploy-webapps-build-xml.patch
tags/tomcat6/6.0.26-5/debian/patches/disable-ajp-connector.patch
tags/tomcat6/6.0.26-5/debian/patches/disable-apr-loading.patch
tags/tomcat6/6.0.26-5/debian/patches/jsp-api-OSGi.patch
tags/tomcat6/6.0.26-5/debian/patches/series
tags/tomcat6/6.0.26-5/debian/patches/servlet-api-OSGi.patch
tags/tomcat6/6.0.26-5/debian/patches/use-commons-dbcp.patch
tags/tomcat6/6.0.26-5/debian/patches/var_loaders.patch
tags/tomcat6/6.0.26-5/debian/patches/webapp-classloader-deadlock-fix.patch
Log:
[svn-buildpackage] Tagging tomcat6 6.0.26-5
Deleted: tags/tomcat6/6.0.26-5/debian/changelog
===================================================================
--- trunk/tomcat6/debian/changelog 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/changelog 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,426 +0,0 @@
-tomcat6 (6.0.26-4) unstable; urgency=low
-
- [ Thierry Carrez ]
- * Fix issues preventing from running Tomcat6 with a security manager:
- - debian/tomcat6.init: Remove duplicate securitymanager options.
- - debian/patches/catalina-sh-security-manager.patch: Use the right
- location for the security.policy file in catalina.sh.
- - Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original
- patches and to Adam Guthrie for the Lucid debdiff.
- * Allow binding to any interface when using authbind, rather than only allow
- binding to all (LP: #594989)
- * Force backgrounding of catalina.sh in start-stop-daemon, to allow the init
- script to be started through ssh -t (LP: #588481)
-
- [ Torsten Werner ]
- * Remove Paul from Uploaders list.
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com> Thu, 24 Jun 2010 15:55:10 +0200
-
-tomcat6 (6.0.26-3) unstable; urgency=low
-
- [ Marcus Better ]
- * Apply upstream fix for deadlock in WebappClassLoader. (Closes: #583896)
-
- [ Thierry Carrez ]
- * debian/tomcat6.{install,postinst}: Do not store the default root webapp
- in /usr/share/tomcat6/webapps as it increases confusion on what this
- directory contains (and its relation with /var/lib/tomcat6/webapps).
- Store it inside /usr/share/tomcat6-root instead (LP: #575303).
-
- -- Marcus Better <marcus at better.se> Mon, 31 May 2010 15:50:57 +0200
-
-tomcat6 (6.0.26-2) unstable; urgency=low
-
- * debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP
- as defined in /etc/default/tomcat6 when setting directory permissions and
- authbind configuration (Closes: #581018, LP: #557300)
- * debian/tomcat6.postinst: Use group "tomcat6" instead of "adm" for
- permissions in /var/lib/tomcat6, so that group "adm" doesn't get write
- permissions over /var/lib/tomcat6/webapps (LP: #569118)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com> Fri, 21 May 2010 13:51:15 +0200
-
-tomcat6 (6.0.26-1) unstable; urgency=low
-
- * New upstream version
- * Apply patch from Mark Scott to fix
- tomcat6-instance-create which failed when multiple commandline
- options are provided, fix creation of FULLPATH (Closes: #575580)
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 21 Apr 2010 23:07:09 +0100
-
-tomcat6 (6.0.24-5) unstable; urgency=low
-
- * Added optimised garbage collection options to tomcat6's default options.
- Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch.
- (Closes: LP: #541520)
- * Updated the changelog to mention closed CVE's in the 6.0.24-1 release.
- * Applied patch from Arto Jantunen fixing an issue with cleaning up the
- pid-file. (Closes: #574084)
-
- -- Niels Thykier <niels at thykier.net> Thu, 25 Mar 2010 23:45:32 +0100
-
-tomcat6 (6.0.24-4) unstable; urgency=low
-
- * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548)
- * Set UTF-8 as default character encoding - Patch by Thomas Koch
- (Closes: #573539)
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Thu, 11 Mar 2010 23:45:34 +0100
-
-tomcat6 (6.0.24-3) unstable; urgency=medium
-
- * Set the major, minor and build versions when calling Ant
- (Closes: LP: #495505)
- * Rebuild with a more recent version of maven-repo-helper which puts
- the javax jars at the correct location in the Maven repository.
- Fixes several FTBFS in other packages.
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 03 Mar 2010 00:10:15 +0100
-
-tomcat6 (6.0.24-2) unstable; urgency=low
-
- * Fix missing symlinks to tomcat-coyote.jar and
- catalina-tribes.jar causing NoClassDefFoundException
- at startup (last minute packaging change, sorry)
- (Closes: #570220)
- * tomcat6-admin, tomcat6-examples and tomcat6-docs now depend on
- tomcat6-common instead of tomcat6, this allow users to install
- those packages without requiring tomcat6 and its automatic startup scripts
- being present. tomcat-users can be installed instead and allow full
- control over when Tomcat is started or stopped.
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 17 Feb 2010 22:59:21 +0100
-
-tomcat6 (6.0.24-1) unstable; urgency=low
-
- [ Ludovic Claude ]
- * New upstream version
- - Fixes Directory traversal vulnerability (CVE-2009-2693,CVE-2009-2902)
- - Fixes Autodeployment vulnerability (CVE-2009-2901)
- * Update the POM files for the new version of Tomcat
- * Bump up Standards-Version to 3.8.4
- * Refresh patches deploy-webapps-build-xml.patch and var_loaders.patch
- * Remove patch fix_context_name.patch as it has been applied upstream
- * Fix the installation of servlet-api-2.5.jar: the jar
- goes to /usr/share/java as in older versions (6.0.20-2)
- and links to the jar are added to /usr/share/maven-repo
- * Moved NEWS.Debian into README.Debian
- * Add a link from /usr/share/doc/tomcat6-common/README.Debian to
- /usr/share/doc/tomcat6/README.Debian to include a minimum of
- documentation in the tomcat6 package and add some useful notes.
- (Closes: #563937, #563939)
- * Remove poms from the Debian packaging, use upstream pom files
-
- [ Jason Brittain ]
- * Fixed a bug in the init script: When a start fails, the PID file was
- being left in place. Now the init script makes sure it is deleted.
- * Fixed a packaging bug that results in the ROOT webapp not being properly
- installed after an uninstall, then a reinstall.
- * control: Corrected a couple of comments (no functional change).
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Tue, 09 Feb 2010 23:06:51 +0100
-
-tomcat6 (6.0.20-dfsg1-2) unstable; urgency=low
-
- * JSVC is no longer used by the package. Instead, the init script invokes
- the stock catalina.sh script.
- * Authbind is now the standard method for binding Tomcat to ports lower
- than 1024 (when using IPv4).
- * The security manager now defaults to the disabled state, and is commented
- that way in /etc/default/tomcat6.
- * Reliable restarts are now implemented in the init script.
- (Closes: #561559)
- * Tomcat now sends STDOUT and STDERR to its usual, stock log file
- CATALINA_BASE/logs/catalina.out (/var/log/tomcat6/catalina.out in this
- package's case.
-
- -- Jason Brittain <jason.brittain at mulesoft.com> Wed, 27 Jan 2010 01:08:57 +0000
-
-tomcat6 (6.0.20-dfsg1-1) unstable; urgency=low
-
- * Fix debian/orig-tar.sh to exclude binary only standard.jar and jstl.jar.
- (Closes: #528119)
- * Upload a cleaned tarball.
- * Add ${misc:Depends} in debian/control.
-
- -- Torsten Werner <twerner at debian.org> Sat, 23 Jan 2010 19:40:38 +0100
-
-tomcat6 (6.0.20-9) unstable; urgency=low
-
- * Fix spelling issues.
- * Always set JSVC_CLASSPATH to a default value in init.
-
- -- Niels Thykier <niels at thykier.net> Sat, 19 Dec 2009 19:11:33 +0100
-
-tomcat6 (6.0.20-8) unstable; urgency=low
-
- * Corrected some spelling mistakes in debian/control.
- (Closes: #557377, #557378)
- * Added patches to install the OSGi metadata in some of the jars.
- (Closes: #558176)
- * Updated 03catalina.policy to allow "setContextClassLoader".
- - Fixes a problem where Sun's JVM would fail to generate log-files.
- (Closes: LP: #410379)
- * Updated /etc/default/tomcat6:
- - Clarified that JAVA_OPTS are passed to jscv and not the JVM.
- - Updated the JSP_COMPILER to javac (jikes is not in Debian anymore).
- (Closes: LP: #440685)
- * Use default-jdk and default-jre-headless instead of openjdk in
- (Build-)Depends.
- * Added more alternatives for java implementations to the Depends of
- libservlet2.5-java.
- * Exposed JSVC_CLASSPATH to the configuration file.
- (Closes: LP: #475457)
- * Updated description so it no longer refers to non-existent package.
- (Closes: #559475)
- * Used "set -e" in postinst and postrm instead of passing "-e" to sh
- in the #!-line.
- * Changed to 3.0 (quilt) source format.
-
- -- Niels Thykier <niels at thykier.net> Mon, 07 Dec 2009 21:17:55 +0100
-
-tomcat6 (6.0.20-7) unstable; urgency=low
-
- * New patch fix_context_name.patch:
- - Allow Service name != Engine name. Regression in fix for 42707.
- Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47316
- - This has been fixed in trunk and will be in 6.0.21
- * Register libservlet2.5-java-doc API with doc-base
- * Fix short description of tomcat6-docs by using "documentation" suffix
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sat, 10 Oct 2009 21:41:55 +0200
-
-tomcat6 (6.0.20-6) unstable; urgency=low
-
- [ Ludovic Claude ]
- * tomcat6.postinst: set the ownership of files in /etc/tomcat6/
- to root:tomcat6, to prevent an attacker running inside a tomcat6
- instance to change the tomcat configuration
- * debian/policy/02debian.policy: grant access to
- /usr/share/maven-repo/ as it is a valid source of Debian JARs.
- (Closes: #545674)
- * Bump up Standards-Version to 3.8.3
- - add debian/README.source that describes the quilt patch system.
- * debian/control: Add Conflicts on libtomcat6-java with old versions
- of tomcat6-common (Closes: #542397)
-
- [ Michael Koch ]
- * Replace dh_clean -k by dh_prep.
- * Added Ludovic and myself to Uploaders.
- * Build-Depends on debhelper >= 7.
-
- -- Michael Koch <konqueror at gmx.de> Fri, 25 Sep 2009 07:14:07 +0200
-
-tomcat6 (6.0.20-5) unstable; urgency=low
-
- * Fix jsp-api dependency in the Maven descriptors.
- * Put tomcat-juli.jar in /usr/share/java instead of juli.jar.
- This fixes a broken link which prevented tomcat to start
- when logging is turned on, and restores the file layout
- defined in 6.0.20-2.
- * Restore links to the jars in usr/share/tomcat6/lib
- * Change watch to download fresh sources from SVN.
- Should fix wrong encoding in tomcat-i18n-fr/es.jar in the next upstream
- version. (Closes: #522067)
- * Update ownership for files in /etc/tomcat6 and /var/lib/tomcat6/webapps.
- The new owner is tomcat6:adm (Closes: #532284)
- * Add additional directories for the common, server and shared classloader.
- Directories are also compatible with Alfresco's packaging done for
- Ubuntu. (Closes: #521318)
- * Update checksum in postrm script to reflect changes
- in the new upstream webapp
- * postrm removes the extra directories created in /var/lib/tomcat6
- to hold shared and common classes or jars.
- * Added commented out default options for enabling debug mode.
- (Closes: LP: #375493)
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 05 Aug 2009 00:56:59 +0100
-
-tomcat6 (6.0.20-4) experimental; urgency=low
-
- * Fix init script:
- - Change Provides: tomcat6. (Closes: #532286)
- - Check for /etc/default/rcS before sourcing it.
- * Update Standards-Version: 3.8.2 (no changes).
-
- -- Torsten Werner <twerner at debian.org> Thu, 16 Jul 2009 23:36:32 +0200
-
-tomcat6 (6.0.20-3) experimental; urgency=low
-
- * Add the Maven POM to the package
- * Add a Build-Depends-Indep dependency on maven-repo-helper
- * Use mh_installpom and mh_installjar to install the POM and the jar to the
- Maven repository
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Tue, 14 Jul 2009 14:17:27 +0100
-
-tomcat6 (6.0.20-2) unstable; urgency=low
-
- * Expose tomcat-juli.jar as a library in /usr/share/java
- as it is a dependency of jasper which is used also by jetty
-
- -- Ludovic Claude <ludovic.claude at laposte.net> Mon, 15 Jun 2009 13:33:13 +0100
-
-tomcat6 (6.0.20-1) unstable; urgency=low
-
- * new upstream release (Closes: #531873)
- * Remove patch tcnative-ipv6-fix-43327.patch that has been applied upstream.
- * Refresh other patches.
-
- -- Torsten Werner <twerner at debian.org> Fri, 05 Jun 2009 23:38:44 +0200
-
-tomcat6 (6.0.18-dfsg1-1) unstable; urgency=low
-
- [ Torsten Werner ]
- * Remove jstl.jar and standard.jar from orig tarball because it comes without
- source code. (Closes: #528119)
-
- [ Marcus Better ]
- * Let the init script exit silently if the package is
- uninstalled. (Closes: #529301)
-
- -- Torsten Werner <twerner at debian.org> Tue, 19 May 2009 21:23:18 +0200
-
-tomcat6 (6.0.18-4) unstable; urgency=low
-
- * Add patch tcnative-ipv6-fix-43327.patch provided by Thierry Carrez.
- (Closes: #527033)
- * Change Section: java (from web).
- * Bump up Standards-Version: 3.8.1 (no changes).
- * Remove redundant Depends: ant because we depend on ant-optional.
-
- -- Torsten Werner <twerner at debian.org> Sun, 10 May 2009 19:41:40 +0200
-
-tomcat6 (6.0.18-3) unstable; urgency=low
-
- * Remove unneeded dirs and symlinks; thanks to Thierry Carrez. (Closes:
- #517857)
- * Improve the long description of all binary packages. (Closes: #518140)
-
- -- Torsten Werner <twerner at debian.org> Wed, 04 Mar 2009 21:58:41 +0100
-
-tomcat6 (6.0.18-2) unstable; urgency=low
-
- * upload to unstable
-
- -- Torsten Werner <twerner at debian.org> Sat, 21 Feb 2009 11:31:20 +0100
-
-tomcat6 (6.0.18-1) experimental; urgency=low
-
- * Merge changes from Ubuntu. Thanks to the Ubuntu developers we are shipping
- a full Tomcat 6.0 server stack now. (Closes: #494674)
- * Add myself to Uploaders.
- * Switch to openjdk-6 which is not the default in Debian.
-
- -- Torsten Werner <twerner at debian.org> Sat, 07 Feb 2009 17:02:57 +0100
-
-tomcat6 (6.0.18-0ubuntu5) jaunty; urgency=low
-
- [ Thierry Carrez ]
- * Removed tomcat6-[admin,docs,examples].post[inst,rm] and let Tomcat webapp
- autodeployment features handle application load/unload (LP: #302914)
- * tomcat6-instance-create, tomcat6-instance-create.1, control:
- Allow to change the HTTP port, control port and shutdown word on the
- tomcat6-instance-create command line (LP: #300691).
-
- [ Mathias Gug]
- * debian/tomcat6-instance-create: move directoryname from an option to
- an argument.
- * debian/tomcat6-instance-create.1: some updates to the man page.
- * debian/control: update maintainer field to Ubuntu Core Developers now that
- tomcat6 is in main.
-
- -- Mathias Gug <mathiaz at ubuntu.com> Wed, 07 Jan 2009 18:44:39 -0500
-
-tomcat6 (6.0.18-0ubuntu4) jaunty; urgency=low
-
- * tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default,
- README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as
- the JVM temporary directory and clean it at each restart (LP: #287452)
- * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir
- * tomcat6.init, rules: Do not use TearDown, as this results in
- LifecycleListener callbacks in webapps being bypassed (LP: #299436)
- * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs
- (LP: #286427)
- * control, rules, libservlet2.5-java-doc.install,
- libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships
- missing Servlet/JSP API documentation (LP: #279645)
- * patches/use-commons-dbcp.patch: Change default DBCP factory class
- to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
- * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
- Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
- group, so that autodeploy and admin webapps work as expected (LP: #294277)
- * patches/disable-apr-loading.patch: Disable APR library loading until we
- properly provide it.
- * patches/disable-ajp-connector: Do not load AJP13 connector by default
- (LP: #300697)
- * rules: minor fixes to prevent build being called twice.
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com> Thu, 27 Nov 2008 12:47:42 +0000
-
-tomcat6 (6.0.18-0ubuntu3) intrepid; urgency=low
-
- * debian/tomcat6.postinst:
- - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
- - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
- * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
- (fixes LP: #288218)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com> Thu, 23 Oct 2008 18:19:15 +0200
-
-tomcat6 (6.0.18-0ubuntu2) intrepid; urgency=low
-
- * debian/rules: call dh_installinit with --error-handler so that install
- doesn't fail if Tomcat cannot be started during configure (LP: #274365)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com> Mon, 06 Oct 2008 13:55:21 +0200
-
-tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
-
- * New upstream version (LP: #260016)
- - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
- - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
- - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
- * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
- * control: Improve short descriptions for the binary packages
- * copyright: Added link to /usr/share/common-licenses/Apache-2.0
- * control: To pull the right JRE, libtomcat6-java now depends on
- default-jre-headless | java6-runtime-headless
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com> Fri, 22 Aug 2008 09:15:11 +0200
-
-tomcat6 (6.0.16-1ubuntu1) intrepid; urgency=low
-
- * Adding full Tomcat 6 server stack support (LP: #256052)
- - tomcat6 handles the system instance (/var/lib/tomcat6)
- - tomcat6-user allows users to create their own private instances
- - tomcat6-common installs common files in /usr/share/tomcat6
- - libtomcat6-java installs Tomcat 6 java libs in /usr/share/java
- - tomcat6-docs installs the documentation webapp
- - tomcat6-examples installs the examples webapp
- - tomcat6-admin installs the manager and host-manager webapps
- * Other key differences with the tomcat5.5 packages:
- - default-jdk build support
- - OpenJDK-6 JRE runtime support
- - tomcat6 installs a minimal ROOT webapp
- - new webapp locations follow Debian webapp policy
- - webapps restart tomcat6 in postrm rather than in prerm
- - added a doc-base entry
- - use standard upstream server.xml
- - initscript: try to check if Tomcat is really running before returning OK
- - removed transitional configuration migration code
- - autogenerate policy in /var/cache/tomcat6 rather than /etc/tomcat6
- - logging.properties is customized to remove -webapps-related lines
- - initscript: implement TearDown spec
- * CVE-2008-1947 fix (cross-site-scripting issue in host-manager webapp)
-
- -- Thierry Carrez <thierry.carrez at ubuntu.com> Fri, 08 Aug 2008 15:37:48 +0200
-
-tomcat6 (6.0.16-1) unstable; urgency=low
-
- * Initial release.
- (Closes: #480964).
-
- -- Paul Cager <paul-debian at home.paulcager.org> Mon, 12 May 2008 23:04:49 +0000
Copied: tags/tomcat6/6.0.26-5/debian/changelog (from rev 12686, trunk/tomcat6/debian/changelog)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/changelog (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/changelog 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,434 @@
+tomcat6 (6.0.26-5) unstable; urgency=medium
+
+ * Convert patches to dep3 format.
+ * Backport security fix from trunk to fix CVE-2010-1157. (Closes: #587447)
+ * Set urgency to medium due to the security fix.
+
+ -- Torsten Werner <twerner at debian.org> Mon, 28 Jun 2010 21:41:31 +0200
+
+tomcat6 (6.0.26-4) unstable; urgency=low
+
+ [ Thierry Carrez ]
+ * Fix issues preventing from running Tomcat6 with a security manager:
+ - debian/tomcat6.init: Remove duplicate securitymanager options.
+ - debian/patches/catalina-sh-security-manager.patch: Use the right
+ location for the security.policy file in catalina.sh.
+ - Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original
+ patches and to Adam Guthrie for the Lucid debdiff.
+ * Allow binding to any interface when using authbind, rather than only allow
+ binding to all (LP: #594989)
+ * Force backgrounding of catalina.sh in start-stop-daemon, to allow the init
+ script to be started through ssh -t (LP: #588481)
+
+ [ Torsten Werner ]
+ * Remove Paul from Uploaders list.
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com> Thu, 24 Jun 2010 15:55:10 +0200
+
+tomcat6 (6.0.26-3) unstable; urgency=low
+
+ [ Marcus Better ]
+ * Apply upstream fix for deadlock in WebappClassLoader. (Closes: #583896)
+
+ [ Thierry Carrez ]
+ * debian/tomcat6.{install,postinst}: Do not store the default root webapp
+ in /usr/share/tomcat6/webapps as it increases confusion on what this
+ directory contains (and its relation with /var/lib/tomcat6/webapps).
+ Store it inside /usr/share/tomcat6-root instead (LP: #575303).
+
+ -- Marcus Better <marcus at better.se> Mon, 31 May 2010 15:50:57 +0200
+
+tomcat6 (6.0.26-2) unstable; urgency=low
+
+ * debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP
+ as defined in /etc/default/tomcat6 when setting directory permissions and
+ authbind configuration (Closes: #581018, LP: #557300)
+ * debian/tomcat6.postinst: Use group "tomcat6" instead of "adm" for
+ permissions in /var/lib/tomcat6, so that group "adm" doesn't get write
+ permissions over /var/lib/tomcat6/webapps (LP: #569118)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com> Fri, 21 May 2010 13:51:15 +0200
+
+tomcat6 (6.0.26-1) unstable; urgency=low
+
+ * New upstream version
+ * Apply patch from Mark Scott to fix
+ tomcat6-instance-create which failed when multiple commandline
+ options are provided, fix creation of FULLPATH (Closes: #575580)
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 21 Apr 2010 23:07:09 +0100
+
+tomcat6 (6.0.24-5) unstable; urgency=low
+
+ * Added optimised garbage collection options to tomcat6's default options.
+ Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch.
+ (Closes: LP: #541520)
+ * Updated the changelog to mention closed CVE's in the 6.0.24-1 release.
+ * Applied patch from Arto Jantunen fixing an issue with cleaning up the
+ pid-file. (Closes: #574084)
+
+ -- Niels Thykier <niels at thykier.net> Thu, 25 Mar 2010 23:45:32 +0100
+
+tomcat6 (6.0.24-4) unstable; urgency=low
+
+ * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548)
+ * Set UTF-8 as default character encoding - Patch by Thomas Koch
+ (Closes: #573539)
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Thu, 11 Mar 2010 23:45:34 +0100
+
+tomcat6 (6.0.24-3) unstable; urgency=medium
+
+ * Set the major, minor and build versions when calling Ant
+ (Closes: LP: #495505)
+ * Rebuild with a more recent version of maven-repo-helper which puts
+ the javax jars at the correct location in the Maven repository.
+ Fixes several FTBFS in other packages.
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 03 Mar 2010 00:10:15 +0100
+
+tomcat6 (6.0.24-2) unstable; urgency=low
+
+ * Fix missing symlinks to tomcat-coyote.jar and
+ catalina-tribes.jar causing NoClassDefFoundException
+ at startup (last minute packaging change, sorry)
+ (Closes: #570220)
+ * tomcat6-admin, tomcat6-examples and tomcat6-docs now depend on
+ tomcat6-common instead of tomcat6, this allow users to install
+ those packages without requiring tomcat6 and its automatic startup scripts
+ being present. tomcat-users can be installed instead and allow full
+ control over when Tomcat is started or stopped.
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 17 Feb 2010 22:59:21 +0100
+
+tomcat6 (6.0.24-1) unstable; urgency=low
+
+ [ Ludovic Claude ]
+ * New upstream version
+ - Fixes Directory traversal vulnerability (CVE-2009-2693,CVE-2009-2902)
+ - Fixes Autodeployment vulnerability (CVE-2009-2901)
+ * Update the POM files for the new version of Tomcat
+ * Bump up Standards-Version to 3.8.4
+ * Refresh patches deploy-webapps-build-xml.patch and var_loaders.patch
+ * Remove patch fix_context_name.patch as it has been applied upstream
+ * Fix the installation of servlet-api-2.5.jar: the jar
+ goes to /usr/share/java as in older versions (6.0.20-2)
+ and links to the jar are added to /usr/share/maven-repo
+ * Moved NEWS.Debian into README.Debian
+ * Add a link from /usr/share/doc/tomcat6-common/README.Debian to
+ /usr/share/doc/tomcat6/README.Debian to include a minimum of
+ documentation in the tomcat6 package and add some useful notes.
+ (Closes: #563937, #563939)
+ * Remove poms from the Debian packaging, use upstream pom files
+
+ [ Jason Brittain ]
+ * Fixed a bug in the init script: When a start fails, the PID file was
+ being left in place. Now the init script makes sure it is deleted.
+ * Fixed a packaging bug that results in the ROOT webapp not being properly
+ installed after an uninstall, then a reinstall.
+ * control: Corrected a couple of comments (no functional change).
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Tue, 09 Feb 2010 23:06:51 +0100
+
+tomcat6 (6.0.20-dfsg1-2) unstable; urgency=low
+
+ * JSVC is no longer used by the package. Instead, the init script invokes
+ the stock catalina.sh script.
+ * Authbind is now the standard method for binding Tomcat to ports lower
+ than 1024 (when using IPv4).
+ * The security manager now defaults to the disabled state, and is commented
+ that way in /etc/default/tomcat6.
+ * Reliable restarts are now implemented in the init script.
+ (Closes: #561559)
+ * Tomcat now sends STDOUT and STDERR to its usual, stock log file
+ CATALINA_BASE/logs/catalina.out (/var/log/tomcat6/catalina.out in this
+ package's case.
+
+ -- Jason Brittain <jason.brittain at mulesoft.com> Wed, 27 Jan 2010 01:08:57 +0000
+
+tomcat6 (6.0.20-dfsg1-1) unstable; urgency=low
+
+ * Fix debian/orig-tar.sh to exclude binary only standard.jar and jstl.jar.
+ (Closes: #528119)
+ * Upload a cleaned tarball.
+ * Add ${misc:Depends} in debian/control.
+
+ -- Torsten Werner <twerner at debian.org> Sat, 23 Jan 2010 19:40:38 +0100
+
+tomcat6 (6.0.20-9) unstable; urgency=low
+
+ * Fix spelling issues.
+ * Always set JSVC_CLASSPATH to a default value in init.
+
+ -- Niels Thykier <niels at thykier.net> Sat, 19 Dec 2009 19:11:33 +0100
+
+tomcat6 (6.0.20-8) unstable; urgency=low
+
+ * Corrected some spelling mistakes in debian/control.
+ (Closes: #557377, #557378)
+ * Added patches to install the OSGi metadata in some of the jars.
+ (Closes: #558176)
+ * Updated 03catalina.policy to allow "setContextClassLoader".
+ - Fixes a problem where Sun's JVM would fail to generate log-files.
+ (Closes: LP: #410379)
+ * Updated /etc/default/tomcat6:
+ - Clarified that JAVA_OPTS are passed to jscv and not the JVM.
+ - Updated the JSP_COMPILER to javac (jikes is not in Debian anymore).
+ (Closes: LP: #440685)
+ * Use default-jdk and default-jre-headless instead of openjdk in
+ (Build-)Depends.
+ * Added more alternatives for java implementations to the Depends of
+ libservlet2.5-java.
+ * Exposed JSVC_CLASSPATH to the configuration file.
+ (Closes: LP: #475457)
+ * Updated description so it no longer refers to non-existent package.
+ (Closes: #559475)
+ * Used "set -e" in postinst and postrm instead of passing "-e" to sh
+ in the #!-line.
+ * Changed to 3.0 (quilt) source format.
+
+ -- Niels Thykier <niels at thykier.net> Mon, 07 Dec 2009 21:17:55 +0100
+
+tomcat6 (6.0.20-7) unstable; urgency=low
+
+ * New patch fix_context_name.patch:
+ - Allow Service name != Engine name. Regression in fix for 42707.
+ Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47316
+ - This has been fixed in trunk and will be in 6.0.21
+ * Register libservlet2.5-java-doc API with doc-base
+ * Fix short description of tomcat6-docs by using "documentation" suffix
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sat, 10 Oct 2009 21:41:55 +0200
+
+tomcat6 (6.0.20-6) unstable; urgency=low
+
+ [ Ludovic Claude ]
+ * tomcat6.postinst: set the ownership of files in /etc/tomcat6/
+ to root:tomcat6, to prevent an attacker running inside a tomcat6
+ instance to change the tomcat configuration
+ * debian/policy/02debian.policy: grant access to
+ /usr/share/maven-repo/ as it is a valid source of Debian JARs.
+ (Closes: #545674)
+ * Bump up Standards-Version to 3.8.3
+ - add debian/README.source that describes the quilt patch system.
+ * debian/control: Add Conflicts on libtomcat6-java with old versions
+ of tomcat6-common (Closes: #542397)
+
+ [ Michael Koch ]
+ * Replace dh_clean -k by dh_prep.
+ * Added Ludovic and myself to Uploaders.
+ * Build-Depends on debhelper >= 7.
+
+ -- Michael Koch <konqueror at gmx.de> Fri, 25 Sep 2009 07:14:07 +0200
+
+tomcat6 (6.0.20-5) unstable; urgency=low
+
+ * Fix jsp-api dependency in the Maven descriptors.
+ * Put tomcat-juli.jar in /usr/share/java instead of juli.jar.
+ This fixes a broken link which prevented tomcat to start
+ when logging is turned on, and restores the file layout
+ defined in 6.0.20-2.
+ * Restore links to the jars in usr/share/tomcat6/lib
+ * Change watch to download fresh sources from SVN.
+ Should fix wrong encoding in tomcat-i18n-fr/es.jar in the next upstream
+ version. (Closes: #522067)
+ * Update ownership for files in /etc/tomcat6 and /var/lib/tomcat6/webapps.
+ The new owner is tomcat6:adm (Closes: #532284)
+ * Add additional directories for the common, server and shared classloader.
+ Directories are also compatible with Alfresco's packaging done for
+ Ubuntu. (Closes: #521318)
+ * Update checksum in postrm script to reflect changes
+ in the new upstream webapp
+ * postrm removes the extra directories created in /var/lib/tomcat6
+ to hold shared and common classes or jars.
+ * Added commented out default options for enabling debug mode.
+ (Closes: LP: #375493)
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Wed, 05 Aug 2009 00:56:59 +0100
+
+tomcat6 (6.0.20-4) experimental; urgency=low
+
+ * Fix init script:
+ - Change Provides: tomcat6. (Closes: #532286)
+ - Check for /etc/default/rcS before sourcing it.
+ * Update Standards-Version: 3.8.2 (no changes).
+
+ -- Torsten Werner <twerner at debian.org> Thu, 16 Jul 2009 23:36:32 +0200
+
+tomcat6 (6.0.20-3) experimental; urgency=low
+
+ * Add the Maven POM to the package
+ * Add a Build-Depends-Indep dependency on maven-repo-helper
+ * Use mh_installpom and mh_installjar to install the POM and the jar to the
+ Maven repository
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Tue, 14 Jul 2009 14:17:27 +0100
+
+tomcat6 (6.0.20-2) unstable; urgency=low
+
+ * Expose tomcat-juli.jar as a library in /usr/share/java
+ as it is a dependency of jasper which is used also by jetty
+
+ -- Ludovic Claude <ludovic.claude at laposte.net> Mon, 15 Jun 2009 13:33:13 +0100
+
+tomcat6 (6.0.20-1) unstable; urgency=low
+
+ * new upstream release (Closes: #531873)
+ * Remove patch tcnative-ipv6-fix-43327.patch that has been applied upstream.
+ * Refresh other patches.
+
+ -- Torsten Werner <twerner at debian.org> Fri, 05 Jun 2009 23:38:44 +0200
+
+tomcat6 (6.0.18-dfsg1-1) unstable; urgency=low
+
+ [ Torsten Werner ]
+ * Remove jstl.jar and standard.jar from orig tarball because it comes without
+ source code. (Closes: #528119)
+
+ [ Marcus Better ]
+ * Let the init script exit silently if the package is
+ uninstalled. (Closes: #529301)
+
+ -- Torsten Werner <twerner at debian.org> Tue, 19 May 2009 21:23:18 +0200
+
+tomcat6 (6.0.18-4) unstable; urgency=low
+
+ * Add patch tcnative-ipv6-fix-43327.patch provided by Thierry Carrez.
+ (Closes: #527033)
+ * Change Section: java (from web).
+ * Bump up Standards-Version: 3.8.1 (no changes).
+ * Remove redundant Depends: ant because we depend on ant-optional.
+
+ -- Torsten Werner <twerner at debian.org> Sun, 10 May 2009 19:41:40 +0200
+
+tomcat6 (6.0.18-3) unstable; urgency=low
+
+ * Remove unneeded dirs and symlinks; thanks to Thierry Carrez. (Closes:
+ #517857)
+ * Improve the long description of all binary packages. (Closes: #518140)
+
+ -- Torsten Werner <twerner at debian.org> Wed, 04 Mar 2009 21:58:41 +0100
+
+tomcat6 (6.0.18-2) unstable; urgency=low
+
+ * upload to unstable
+
+ -- Torsten Werner <twerner at debian.org> Sat, 21 Feb 2009 11:31:20 +0100
+
+tomcat6 (6.0.18-1) experimental; urgency=low
+
+ * Merge changes from Ubuntu. Thanks to the Ubuntu developers we are shipping
+ a full Tomcat 6.0 server stack now. (Closes: #494674)
+ * Add myself to Uploaders.
+ * Switch to openjdk-6 which is not the default in Debian.
+
+ -- Torsten Werner <twerner at debian.org> Sat, 07 Feb 2009 17:02:57 +0100
+
+tomcat6 (6.0.18-0ubuntu5) jaunty; urgency=low
+
+ [ Thierry Carrez ]
+ * Removed tomcat6-[admin,docs,examples].post[inst,rm] and let Tomcat webapp
+ autodeployment features handle application load/unload (LP: #302914)
+ * tomcat6-instance-create, tomcat6-instance-create.1, control:
+ Allow to change the HTTP port, control port and shutdown word on the
+ tomcat6-instance-create command line (LP: #300691).
+
+ [ Mathias Gug]
+ * debian/tomcat6-instance-create: move directoryname from an option to
+ an argument.
+ * debian/tomcat6-instance-create.1: some updates to the man page.
+ * debian/control: update maintainer field to Ubuntu Core Developers now that
+ tomcat6 is in main.
+
+ -- Mathias Gug <mathiaz at ubuntu.com> Wed, 07 Jan 2009 18:44:39 -0500
+
+tomcat6 (6.0.18-0ubuntu4) jaunty; urgency=low
+
+ * tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default,
+ README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as
+ the JVM temporary directory and clean it at each restart (LP: #287452)
+ * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir
+ * tomcat6.init, rules: Do not use TearDown, as this results in
+ LifecycleListener callbacks in webapps being bypassed (LP: #299436)
+ * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs
+ (LP: #286427)
+ * control, rules, libservlet2.5-java-doc.install,
+ libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships
+ missing Servlet/JSP API documentation (LP: #279645)
+ * patches/use-commons-dbcp.patch: Change default DBCP factory class
+ to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
+ * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
+ Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
+ group, so that autodeploy and admin webapps work as expected (LP: #294277)
+ * patches/disable-apr-loading.patch: Disable APR library loading until we
+ properly provide it.
+ * patches/disable-ajp-connector: Do not load AJP13 connector by default
+ (LP: #300697)
+ * rules: minor fixes to prevent build being called twice.
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com> Thu, 27 Nov 2008 12:47:42 +0000
+
+tomcat6 (6.0.18-0ubuntu3) intrepid; urgency=low
+
+ * debian/tomcat6.postinst:
+ - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
+ - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
+ * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
+ (fixes LP: #288218)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com> Thu, 23 Oct 2008 18:19:15 +0200
+
+tomcat6 (6.0.18-0ubuntu2) intrepid; urgency=low
+
+ * debian/rules: call dh_installinit with --error-handler so that install
+ doesn't fail if Tomcat cannot be started during configure (LP: #274365)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com> Mon, 06 Oct 2008 13:55:21 +0200
+
+tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
+
+ * New upstream version (LP: #260016)
+ - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
+ - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
+ - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
+ * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
+ * control: Improve short descriptions for the binary packages
+ * copyright: Added link to /usr/share/common-licenses/Apache-2.0
+ * control: To pull the right JRE, libtomcat6-java now depends on
+ default-jre-headless | java6-runtime-headless
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com> Fri, 22 Aug 2008 09:15:11 +0200
+
+tomcat6 (6.0.16-1ubuntu1) intrepid; urgency=low
+
+ * Adding full Tomcat 6 server stack support (LP: #256052)
+ - tomcat6 handles the system instance (/var/lib/tomcat6)
+ - tomcat6-user allows users to create their own private instances
+ - tomcat6-common installs common files in /usr/share/tomcat6
+ - libtomcat6-java installs Tomcat 6 java libs in /usr/share/java
+ - tomcat6-docs installs the documentation webapp
+ - tomcat6-examples installs the examples webapp
+ - tomcat6-admin installs the manager and host-manager webapps
+ * Other key differences with the tomcat5.5 packages:
+ - default-jdk build support
+ - OpenJDK-6 JRE runtime support
+ - tomcat6 installs a minimal ROOT webapp
+ - new webapp locations follow Debian webapp policy
+ - webapps restart tomcat6 in postrm rather than in prerm
+ - added a doc-base entry
+ - use standard upstream server.xml
+ - initscript: try to check if Tomcat is really running before returning OK
+ - removed transitional configuration migration code
+ - autogenerate policy in /var/cache/tomcat6 rather than /etc/tomcat6
+ - logging.properties is customized to remove -webapps-related lines
+ - initscript: implement TearDown spec
+ * CVE-2008-1947 fix (cross-site-scripting issue in host-manager webapp)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com> Fri, 08 Aug 2008 15:37:48 +0200
+
+tomcat6 (6.0.16-1) unstable; urgency=low
+
+ * Initial release.
+ (Closes: #480964).
+
+ -- Paul Cager <paul-debian at home.paulcager.org> Mon, 12 May 2008 23:04:49 +0000
Copied: tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch (from rev 12686, trunk/tomcat6/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0001-set-UTF-8-as-default-character-encoding.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,21 @@
+From: Thomas Koch <thomas at koch.ro>
+Date: Mon, 28 Jun 2010 21:32:15 +0200
+Subject: [PATCH] set UTF-8 as default character encoding
+
+---
+ conf/server.xml | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/conf/server.xml b/conf/server.xml
+index 30673f6..03894e7 100644
+--- a/conf/server.xml
++++ b/conf/server.xml
+@@ -68,6 +68,7 @@
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
++ URIEncoding="UTF-8"
+ redirectPort="8443" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch (from rev 12686, trunk/tomcat6/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0002-do-not-load-AJP13-connector-by-default.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,23 @@
+From: Thierry Carrez <thierry.carrez at ubuntu.com>
+Date: Mon, 28 Jun 2010 21:32:21 +0200
+Subject: [PATCH] do not load AJP13 connector by default
+
+---
+ conf/server.xml | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/conf/server.xml b/conf/server.xml
+index 03894e7..500e39a 100644
+--- a/conf/server.xml
++++ b/conf/server.xml
+@@ -88,7 +88,9 @@
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
++ <!--
+ <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
++ -->
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch (from rev 12686, trunk/tomcat6/debian/patches/0003-disable-APR-library-loading.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0003-disable-APR-library-loading.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,24 @@
+From: Thierry Carrez <thierry.carrez at ubuntu.com>
+Date: Mon, 28 Jun 2010 21:32:28 +0200
+Subject: [PATCH] disable APR library loading
+
+ ... until we properly provide it.
+---
+ conf/server.xml | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/conf/server.xml b/conf/server.xml
+index 500e39a..155b664 100644
+--- a/conf/server.xml
++++ b/conf/server.xml
+@@ -22,7 +22,9 @@
+ <Server port="8005" shutdown="SHUTDOWN">
+
+ <!--APR library loader. Documentation at /docs/apr.html -->
++ <!--
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
++ -->
+ <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+ <Listener className="org.apache.catalina.core.JasperListener" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch (from rev 12686, trunk/tomcat6/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,47 @@
+From: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
+Date: Mon, 28 Jun 2010 21:32:35 +0200
+Subject: [PATCH] split deploy-webapps target from deploy target
+
+---
+ build.xml | 13 ++++++++-----
+ 1 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/build.xml b/build.xml
+index 4073712..1e2ec83 100644
+--- a/build.xml
++++ b/build.xml
+@@ -469,7 +469,7 @@
+ building a tomcat release.</echo>
+ </target>
+
+- <target name="deploy" depends="build-only,build-docs,warn.dbcp">
++ <target name="deploy" depends="build-only,build-docs,warn.dbcp,deploy-webapps">
+
+ <copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
+ file="${tomcat-native.tar.gz}" />
+@@ -505,6 +505,13 @@
+ </fileset>
+ </copy>
+
++ <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib" />
++ <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
++
++ </target>
++
++ <target name="deploy-webapps" depends="build-only,build-docs">
++
+ <!-- Copy other regular webapps -->
+ <copy todir="${tomcat.build}/webapps">
+ <fileset dir="webapps">
+@@ -629,10 +636,6 @@
+ </fileset>
+ </txt2html>
+
+- <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib"
+- failonerror="false"/>
+- <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
+-
+ </target>
+
+ <target name="clean-depend"
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch (from rev 12686, trunk/tomcat6/debian/patches/0005-change-default-DBCP-factory-class.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0005-change-default-DBCP-factory-class.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,40 @@
+From: Thierry Carrez <thierry.carrez at ubuntu.com>
+Date: Mon, 28 Jun 2010 21:32:44 +0200
+Subject: [PATCH] change default DBCP factory class
+
+... to org.apache.commons.dbcp.BasicDataSourceFactory
+---
+ java/org/apache/naming/factory/Constants.java | 2 +-
+ webapps/docs/jndi-resources-howto.xml | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/java/org/apache/naming/factory/Constants.java b/java/org/apache/naming/factory/Constants.java
+index 22ef7aa..ab1d759 100644
+--- a/java/org/apache/naming/factory/Constants.java
++++ b/java/org/apache/naming/factory/Constants.java
+@@ -49,7 +49,7 @@ public final class Constants {
+ Package + ".HandlerFactory";
+
+ public static final String DBCP_DATASOURCE_FACTORY =
+- "org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory";
++ "org.apache.commons.dbcp.BasicDataSourceFactory";
+
+ public static final String OPENEJB_EJB_FACTORY =
+ Package + ".OpenEjbFactory";
+diff --git a/webapps/docs/jndi-resources-howto.xml b/webapps/docs/jndi-resources-howto.xml
+index 259d733..4f8877e 100644
+--- a/webapps/docs/jndi-resources-howto.xml
++++ b/webapps/docs/jndi-resources-howto.xml
+@@ -656,9 +656,9 @@ conn.close();
+ <code>driverName</code> parameters to match your actual database's
+ JDBC driver and connection URL.</p>
+
+- <p>The configuration properties for Tomcat's standard data source
++ <p>The configuration properties for our default data source
+ resource factory
+- (<code>org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory</code>) are
++ (<code>org.apache.commons.dbcp.BasicDataSourceFactory</code>) are
+ as follows:</p>
+ <ul>
+ <li><strong>driverClassName</strong> - Fully qualified Java class name
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch (from rev 12686, trunk/tomcat6/debian/patches/0006-add-JARs-below-var-to-class-loader.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0006-add-JARs-below-var-to-class-loader.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,40 @@
+From: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
+Date: Mon, 28 Jun 2010 21:32:57 +0200
+Subject: [PATCH] add JARs below /var to class loader
+
+---
+ conf/catalina.properties | 6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/conf/catalina.properties b/conf/catalina.properties
+index dc2db35..5971437 100644
+--- a/conf/catalina.properties
++++ b/conf/catalina.properties
+@@ -44,7 +44,7 @@ package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache
+ # "foo/*.jar": Add all the JARs of the specified folder as class
+ # repositories
+ # "foo/bar.jar": Add bar.jar as a class repository
+-common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
++common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,/var/lib/tomcat6/common/classes,/var/lib/tomcat6/common/*.jar
+
+ #
+ # List of comma-separated paths defining the contents of the "server"
+@@ -57,7 +57,7 @@ common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/l
+ # "foo/*.jar": Add all the JARs of the specified folder as class
+ # repositories
+ # "foo/bar.jar": Add bar.jar as a class repository
+-server.loader=
++server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,/var/lib/tomcat6/server/classes,/var/lib/tomcat6/server/*.jar
+
+ #
+ # List of comma-separated paths defining the contents of the "shared"
+@@ -71,7 +71,7 @@ server.loader=
+ # "foo/bar.jar": Add bar.jar as a class repository
+ # Please note that for single jars, e.g. bar.jar, you need the URL form
+ # starting with file:.
+-shared.loader=
++shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,/var/lib/tomcat6/shared/classes,/var/lib/tomcat6/shared/*.jar
+
+ #
+ # String cache configuration.
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch (from rev 12686, trunk/tomcat6/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0007-add-OSGi-headers-to-servlet-api.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,29 @@
+From: Niels Thykier <niels at thykier.net>
+Date: Mon, 28 Jun 2010 21:33:03 +0200
+Subject: [PATCH] add OSGi headers to servlet-api
+
+---
+ res/META-INF/servlet-api.jar.manifest | 9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/res/META-INF/servlet-api.jar.manifest b/res/META-INF/servlet-api.jar.manifest
+index 4dbb748..a85f9ed 100644
+--- a/res/META-INF/servlet-api.jar.manifest
++++ b/res/META-INF/servlet-api.jar.manifest
+@@ -1,6 +1,15 @@
+ Manifest-version: 1.0
+ X-Compile-Source-JDK: @source.jdk@
+ X-Compile-Target-JDK: @target.jdk@
++Bundle-ManifestVersion: 2
++Export-Package: javax.servlet;version="2.5",javax.servlet.http;version
++ ="2.5",javax.servlet.resources;version="2.5"
++Bundle-Version: 2.5.0.v200806031605
++Bundle-SymbolicName: javax.servlet
++Bundle-Name: Servlet API Bundle
++Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
++Bundle-Localization: plugin
++Bundle-Vendor: Apache Software Foundation
+
+ Name: javax/servlet/
+ Specification-Title: Java API for Servlets
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch (from rev 12686, trunk/tomcat6/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0008-add-OSGI-headers-to-jsp-api.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,32 @@
+From: Niels Thykier <niels at thykier.net>
+Date: Mon, 28 Jun 2010 21:18:30 +0200
+Subject: [PATCH] add OSGI headers to jsp-api
+
+---
+ res/META-INF/jsp-api.jar.manifest | 12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/res/META-INF/jsp-api.jar.manifest b/res/META-INF/jsp-api.jar.manifest
+index fb050ea..e44409d 100644
+--- a/res/META-INF/jsp-api.jar.manifest
++++ b/res/META-INF/jsp-api.jar.manifest
+@@ -1,6 +1,18 @@
+ Manifest-version: 1.0
+ X-Compile-Source-JDK: @source.jdk@
+ X-Compile-Target-JDK: @target.jdk@
++Import-Package: javax.servlet; version=2.5,javax.servlet.http; version
++ =2.5,javax.servlet.resources; version=2.5
++Bundle-ManifestVersion: 2
++Export-Package: javax.servlet.jsp; version=2.1,javax.servlet.jsp.el; v
++ ersion=2.1,javax.servlet.jsp.resources; version=2.1,javax.servlet.jsp
++ .tagext; version=2.1
++Bundle-Version: 2.0.1.v200806031605
++Bundle-SymbolicName: javax.servlet.jsp
++Bundle-Name: Java Server Pages API Bundle
++Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
++Bundle-Localization: plugin
++Bundle-Vendor: Apache Software Foundation
+
+ Name: javax/servlet/jsp/
+ Specification-Title: Java API for JavaServer Pages
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch (from rev 12686, trunk/tomcat6/debian/patches/0009-allow-empty-PID-file.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0009-allow-empty-PID-file.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,40 @@
+From: Arto Jantunen <viiru at debian.org>
+Date: Mon, 28 Jun 2010 21:19:14 +0200
+Subject: [PATCH] allow empty PID file
+
+---
+ bin/catalina.sh | 8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/bin/catalina.sh b/bin/catalina.sh
+index 2ef2323..5843b56 100755
+--- a/bin/catalina.sh
++++ b/bin/catalina.sh
+@@ -305,7 +305,7 @@ elif [ "$1" = "run" ]; then
+ elif [ "$1" = "start" ] ; then
+
+ if [ ! -z "$CATALINA_PID" ]; then
+- if [ -f "$CATALINA_PID" ]; then
++ if [ -s "$CATALINA_PID" ]; then
+ echo "PID file ($CATALINA_PID) found. Is Tomcat still running? Start aborted."
+ exit 1
+ fi
+@@ -363,12 +363,16 @@ elif [ "$1" = "stop" ] ; then
+ fi
+
+ if [ ! -z "$CATALINA_PID" ]; then
+- if [ -f "$CATALINA_PID" ]; then
++ if [ -s "$CATALINA_PID" ]; then
+ kill -0 `cat $CATALINA_PID` >/dev/null 2>&1
+ if [ $? -eq 1 ]; then
+ echo "PID file ($CATALINA_PID) found but no matching process was found. Stop aborted."
+ exit 1
+ fi
++ elif [ -f "$CATALINA_PID" ]; then
++ rm $CATALINA_PID
++ echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file is empty. Did Tomcat fail while starting? Stop aborted."
++ exit 1
+ else
+ echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file does not exist. Is Tomcat running? Stop aborted."
+ exit 1
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch (from rev 12686, trunk/tomcat6/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0010-avoid-deadlock-in-WebappClassLoader.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,286 @@
+From: Marcus Better <marcus at better.se>
+Date: Mon, 28 Jun 2010 21:19:59 +0200
+Subject: [PATCH] avoid deadlock in WebappClassLoader
+
+---
+ java/org/apache/catalina/loader/ResourceEntry.java | 2 +-
+ .../apache/catalina/loader/WebappClassLoader.java | 193 ++++++++++----------
+ java/org/apache/jasper/servlet/JasperLoader.java | 4 +-
+ 3 files changed, 99 insertions(+), 100 deletions(-)
+
+diff --git a/java/org/apache/catalina/loader/ResourceEntry.java b/java/org/apache/catalina/loader/ResourceEntry.java
+index d002a48..7d56590 100644
+--- a/java/org/apache/catalina/loader/ResourceEntry.java
++++ b/java/org/apache/catalina/loader/ResourceEntry.java
+@@ -47,7 +47,7 @@ public class ResourceEntry {
+ /**
+ * Loaded class.
+ */
+- public Class loadedClass = null;
++ public volatile Class loadedClass = null;
+
+
+ /**
+diff --git a/java/org/apache/catalina/loader/WebappClassLoader.java b/java/org/apache/catalina/loader/WebappClassLoader.java
+index 5e5aa1a..0c9f8a5 100644
+--- a/java/org/apache/catalina/loader/WebappClassLoader.java
++++ b/java/org/apache/catalina/loader/WebappClassLoader.java
+@@ -1388,102 +1388,121 @@ public class WebappClassLoader
+ *
+ * @exception ClassNotFoundException if the class was not found
+ */
+- public Class loadClass(String name, boolean resolve)
++ public synchronized Class loadClass(String name, boolean resolve)
+ throws ClassNotFoundException {
+
+- synchronized (name.intern()) {
+- if (log.isDebugEnabled())
+- log.debug("loadClass(" + name + ", " + resolve + ")");
+- Class clazz = null;
+-
+- // Log access to stopped classloader
+- if (!started) {
+- try {
+- throw new IllegalStateException();
+- } catch (IllegalStateException e) {
+- log.info(sm.getString("webappClassLoader.stopped", name), e);
+- }
++ if (log.isDebugEnabled())
++ log.debug("loadClass(" + name + ", " + resolve + ")");
++ Class clazz = null;
++
++ // Log access to stopped classloader
++ if (!started) {
++ try {
++ throw new IllegalStateException();
++ } catch (IllegalStateException e) {
++ log.info(sm.getString("webappClassLoader.stopped", name), e);
+ }
+-
+- // (0) Check our previously loaded local class cache
+- clazz = findLoadedClass0(name);
++ }
++
++ // (0) Check our previously loaded local class cache
++ clazz = findLoadedClass0(name);
++ if (clazz != null) {
++ if (log.isDebugEnabled())
++ log.debug(" Returning class from cache");
++ if (resolve)
++ resolveClass(clazz);
++ return (clazz);
++ }
++
++ // (0.1) Check our previously loaded class cache
++ clazz = findLoadedClass(name);
++ if (clazz != null) {
++ if (log.isDebugEnabled())
++ log.debug(" Returning class from cache");
++ if (resolve)
++ resolveClass(clazz);
++ return (clazz);
++ }
++
++ // (0.2) Try loading the class with the system class loader, to prevent
++ // the webapp from overriding J2SE classes
++ try {
++ clazz = system.loadClass(name);
+ if (clazz != null) {
+- if (log.isDebugEnabled())
+- log.debug(" Returning class from cache");
+ if (resolve)
+ resolveClass(clazz);
+ return (clazz);
+ }
+-
+- // (0.1) Check our previously loaded class cache
+- clazz = findLoadedClass(name);
+- if (clazz != null) {
+- if (log.isDebugEnabled())
+- log.debug(" Returning class from cache");
+- if (resolve)
+- resolveClass(clazz);
+- return (clazz);
++ } catch (ClassNotFoundException e) {
++ // Ignore
++ }
++
++ // (0.5) Permission to access this class when using a SecurityManager
++ if (securityManager != null) {
++ int i = name.lastIndexOf('.');
++ if (i >= 0) {
++ try {
++ securityManager.checkPackageAccess(name.substring(0,i));
++ } catch (SecurityException se) {
++ String error = "Security Violation, attempt to use " +
++ "Restricted Class: " + name;
++ log.info(error, se);
++ throw new ClassNotFoundException(error, se);
++ }
+ }
+-
+- // (0.2) Try loading the class with the system class loader, to prevent
+- // the webapp from overriding J2SE classes
++ }
++
++ boolean delegateLoad = delegate || filter(name);
++
++ // (1) Delegate to our parent if requested
++ if (delegateLoad) {
++ if (log.isDebugEnabled())
++ log.debug(" Delegating to parent classloader1 " + parent);
++ ClassLoader loader = parent;
++ if (loader == null)
++ loader = system;
+ try {
+- clazz = system.loadClass(name);
++ clazz = loader.loadClass(name);
+ if (clazz != null) {
++ if (log.isDebugEnabled())
++ log.debug(" Loading class from parent");
+ if (resolve)
+ resolveClass(clazz);
+ return (clazz);
+ }
+ } catch (ClassNotFoundException e) {
+- // Ignore
+- }
+-
+- // (0.5) Permission to access this class when using a SecurityManager
+- if (securityManager != null) {
+- int i = name.lastIndexOf('.');
+- if (i >= 0) {
+- try {
+- securityManager.checkPackageAccess(name.substring(0,i));
+- } catch (SecurityException se) {
+- String error = "Security Violation, attempt to use " +
+- "Restricted Class: " + name;
+- log.info(error, se);
+- throw new ClassNotFoundException(error, se);
+- }
+- }
++ ;
+ }
+-
+- boolean delegateLoad = delegate || filter(name);
+-
+- // (1) Delegate to our parent if requested
+- if (delegateLoad) {
++ }
++
++ // (2) Search local repositories
++ if (log.isDebugEnabled())
++ log.debug(" Searching local repositories");
++ try {
++ clazz = findClass(name);
++ if (clazz != null) {
+ if (log.isDebugEnabled())
+- log.debug(" Delegating to parent classloader1 " + parent);
+- ClassLoader loader = parent;
+- if (loader == null)
+- loader = system;
+- try {
+- clazz = loader.loadClass(name);
+- if (clazz != null) {
+- if (log.isDebugEnabled())
+- log.debug(" Loading class from parent");
+- if (resolve)
+- resolveClass(clazz);
+- return (clazz);
+- }
+- } catch (ClassNotFoundException e) {
+- ;
+- }
++ log.debug(" Loading class from local repository");
++ if (resolve)
++ resolveClass(clazz);
++ return (clazz);
+ }
+-
+- // (2) Search local repositories
++ } catch (ClassNotFoundException e) {
++ ;
++ }
++
++ // (3) Delegate to parent unconditionally
++ if (!delegateLoad) {
+ if (log.isDebugEnabled())
+- log.debug(" Searching local repositories");
++ log.debug(" Delegating to parent classloader at end: " + parent);
++ ClassLoader loader = parent;
++ if (loader == null)
++ loader = system;
+ try {
+- clazz = findClass(name);
++ clazz = loader.loadClass(name);
+ if (clazz != null) {
+ if (log.isDebugEnabled())
+- log.debug(" Loading class from local repository");
++ log.debug(" Loading class from parent");
+ if (resolve)
+ resolveClass(clazz);
+ return (clazz);
+@@ -1491,30 +1510,10 @@ public class WebappClassLoader
+ } catch (ClassNotFoundException e) {
+ ;
+ }
+-
+- // (3) Delegate to parent unconditionally
+- if (!delegateLoad) {
+- if (log.isDebugEnabled())
+- log.debug(" Delegating to parent classloader at end: " + parent);
+- ClassLoader loader = parent;
+- if (loader == null)
+- loader = system;
+- try {
+- clazz = loader.loadClass(name);
+- if (clazz != null) {
+- if (log.isDebugEnabled())
+- log.debug(" Loading class from parent");
+- if (resolve)
+- resolveClass(clazz);
+- return (clazz);
+- }
+- } catch (ClassNotFoundException e) {
+- ;
+- }
+- }
+-
+- throw new ClassNotFoundException(name);
+ }
++
++ throw new ClassNotFoundException(name);
++
+ }
+
+
+@@ -2469,7 +2468,7 @@ public class WebappClassLoader
+ if (clazz != null)
+ return clazz;
+
+- synchronized (name.intern()) {
++ synchronized (this) {
+ clazz = entry.loadedClass;
+ if (clazz != null)
+ return clazz;
+diff --git a/java/org/apache/jasper/servlet/JasperLoader.java b/java/org/apache/jasper/servlet/JasperLoader.java
+index 7a3b0f7..43d56cb 100644
+--- a/java/org/apache/jasper/servlet/JasperLoader.java
++++ b/java/org/apache/jasper/servlet/JasperLoader.java
+@@ -91,7 +91,7 @@ public class JasperLoader extends URLClassLoader {
+ *
+ * @exception ClassNotFoundException if the class was not found
+ */
+- public Class loadClass(final String name, boolean resolve)
++ public synchronized Class loadClass(final String name, boolean resolve)
+ throws ClassNotFoundException {
+
+ Class clazz = null;
+@@ -169,4 +169,4 @@ public class JasperLoader extends URLClassLoader {
+ public final PermissionCollection getPermissions(CodeSource codeSource) {
+ return permissionCollection;
+ }
+-}
+\ No newline at end of file
++}
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch (from rev 12686, trunk/tomcat6/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0011-Use-java.security.policy-file-in-catalina.sh.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,46 @@
+From: Adam Guthrie <asguthrie at gmail.com>
+Date: Mon, 28 Jun 2010 21:53:50 +0200
+Subject: [PATCH] Use java.security.policy file in catalina.sh
+
+Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
+file location when Tomcat is started with a security manager.
+
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
+Bug-Debian: http://bugs.debian.org/585379
+Forwarded: not-needed
+---
+ bin/catalina.sh | 6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/bin/catalina.sh b/bin/catalina.sh
+index 5843b56..783b382 100755
+--- a/bin/catalina.sh
++++ b/bin/catalina.sh
+@@ -261,7 +261,7 @@ if [ "$1" = "debug" ] ; then
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -sourcepath "$CATALINA_HOME"/../../java \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -288,7 +288,7 @@ elif [ "$1" = "run" ]; then
+ exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -321,7 +321,7 @@ elif [ "$1" = "start" ] ; then
+ "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+--
Copied: tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch (from rev 12686, trunk/tomcat6/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/0012-Prevent-disclosure-of-host-name-or-IP-address.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,59 @@
+From: Torsten Werner <twerner at debian.org>
+Date: Mon, 28 Jun 2010 21:39:20 +0200
+Subject: [PATCH] Prevent disclosure of host name or IP address
+
+Fix CVE-2010-1157. Prevent possible disclosure of host name or IP
+address via the HTTP WWW-Authenticate header when using BASIC or DIGEST
+authentication.
+---
+ .../catalina/authenticator/AuthenticatorBase.java | 5 +++++
+ .../catalina/authenticator/BasicAuthenticator.java | 4 +---
+ .../authenticator/DigestAuthenticator.java | 3 +--
+ 3 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+index aa425c7..9d1c182 100644
+--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
++++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+@@ -99,6 +99,11 @@ public abstract class AuthenticatorBase
+
+
+ /**
++ * Default authentication realm name.
++ */
++ protected static final String REALM_NAME = "Authentication required";
++
++ /**
+ * The message digest algorithm to be used when generating session
+ * identifiers. This must be an algorithm supported by the
+ * <code>java.security.MessageDigest</code> class on your platform.
+diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+index 31ffaf9..b00859e 100644
+--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
++++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+@@ -194,9 +194,7 @@ public class BasicAuthenticator
+ CharChunk authenticateCC = authenticate.getCharChunk();
+ authenticateCC.append("Basic realm=\"");
+ if (config.getRealmName() == null) {
+- authenticateCC.append(request.getServerName());
+- authenticateCC.append(':');
+- authenticateCC.append(Integer.toString(request.getServerPort()));
++ authenticateCC.append(REALM_NAME);
+ } else {
+ authenticateCC.append(config.getRealmName());
+ }
+diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+index 821e08f..ee5a46b 100644
+--- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
++++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+@@ -406,8 +406,7 @@ public class DigestAuthenticator
+ // Get the realm name
+ String realmName = config.getRealmName();
+ if (realmName == null)
+- realmName = request.getServerName() + ":"
+- + request.getServerPort();
++ realmName = REALM_NAME;
+
+ byte[] buffer = null;
+ synchronized (md5Helper) {
+--
Deleted: tags/tomcat6/6.0.26-5/debian/patches/allow-empty-pid-file.patch
===================================================================
--- trunk/tomcat6/debian/patches/allow-empty-pid-file.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/allow-empty-pid-file.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,29 +0,0 @@
---- a/bin/catalina.sh
-+++ b/bin/catalina.sh
-@@ -305,7 +305,7 @@
- elif [ "$1" = "start" ] ; then
-
- if [ ! -z "$CATALINA_PID" ]; then
-- if [ -f "$CATALINA_PID" ]; then
-+ if [ -s "$CATALINA_PID" ]; then
- echo "PID file ($CATALINA_PID) found. Is Tomcat still running? Start aborted."
- exit 1
- fi
-@@ -363,12 +363,16 @@
- fi
-
- if [ ! -z "$CATALINA_PID" ]; then
-- if [ -f "$CATALINA_PID" ]; then
-+ if [ -s "$CATALINA_PID" ]; then
- kill -0 `cat $CATALINA_PID` >/dev/null 2>&1
- if [ $? -eq 1 ]; then
- echo "PID file ($CATALINA_PID) found but no matching process was found. Stop aborted."
- exit 1
- fi
-+ elif [ -f "$CATALINA_PID" ]; then
-+ rm $CATALINA_PID
-+ echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file is empty. Did Tomcat fail while starting? Stop aborted."
-+ exit 1
- else
- echo "\$CATALINA_PID was set ($CATALINA_PID) but the specified file does not exist. Is Tomcat running? Stop aborted."
- exit 1
Deleted: tags/tomcat6/6.0.26-5/debian/patches/catalina-sh-security-manager.patch
===================================================================
--- trunk/tomcat6/debian/patches/catalina-sh-security-manager.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/catalina-sh-security-manager.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,36 +0,0 @@
-Description: Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
- file location when Tomcat is started with a security manager.
-Author: Adam Guthrie <asguthrie at gmail.com>
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
-Bug-Debian: http://bugs.debian.org/585379
-Forwarded: not-needed
-
---- tomcat6-6.0.24.orig/bin/catalina.sh
-+++ tomcat6-6.0.24/bin/catalina.sh
-@@ -261,7 +261,7 @@ if [ "$1" = "debug" ] ; then
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -sourcepath "$CATALINA_HOME"/../../java \
- -Djava.security.manager \
-- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
-@@ -288,7 +288,7 @@ elif [ "$1" = "run" ]; then
- exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Djava.security.manager \
-- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
-@@ -321,7 +321,7 @@ elif [ "$1" = "start" ] ; then
- "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
- -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
- -Djava.security.manager \
-- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
- -Dcatalina.base="$CATALINA_BASE" \
- -Dcatalina.home="$CATALINA_HOME" \
- -Djava.io.tmpdir="$CATALINA_TMPDIR" \
Deleted: tags/tomcat6/6.0.26-5/debian/patches/default-encoding-utf8.patch
===================================================================
--- trunk/tomcat6/debian/patches/default-encoding-utf8.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/default-encoding-utf8.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,10 +0,0 @@
---- a/conf/server.xml
-+++ b/conf/server.xml
-@@ -68,6 +68,7 @@
- -->
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
-+ URIEncoding="UTF-8"
- redirectPort="8443" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
Deleted: tags/tomcat6/6.0.26-5/debian/patches/deploy-webapps-build-xml.patch
===================================================================
--- trunk/tomcat6/debian/patches/deploy-webapps-build-xml.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/deploy-webapps-build-xml.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,36 +0,0 @@
---- a/build.xml
-+++ b/build.xml
-@@ -494,7 +494,7 @@
- building a tomcat release.</echo>
- </target>
-
-- <target name="deploy" depends="build-only,build-docs,warn.dbcp">
-+ <target name="deploy" depends="build-only,build-docs,warn.dbcp,deploy-webapps">
-
- <copy tofile="${tomcat.build}/bin/tomcat-native.tar.gz"
- file="${tomcat-native.tar.gz}" />
-@@ -530,6 +530,13 @@
- </fileset>
- </copy>
-
-+ <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib" />
-+ <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
-+
-+ </target>
-+
-+ <target name="deploy-webapps" depends="build-only,build-docs">
-+
- <!-- Copy other regular webapps -->
- <copy todir="${tomcat.build}/webapps">
- <fileset dir="webapps">
-@@ -654,10 +661,6 @@
- </fileset>
- </txt2html>
-
-- <copy file="${tomcat-dbcp.jar}" todir="${tomcat.build}/lib"
-- failonerror="false"/>
-- <copy file="${jasper-jdt.jar}" todir="${tomcat.build}/lib" />
--
- </target>
-
- <target name="clean-depend"
Deleted: tags/tomcat6/6.0.26-5/debian/patches/disable-ajp-connector.patch
===================================================================
--- trunk/tomcat6/debian/patches/disable-ajp-connector.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/disable-ajp-connector.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,12 +0,0 @@
---- a/conf/server.xml
-+++ b/conf/server.xml
-@@ -87,7 +87,9 @@
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
-+ <!--
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-+ -->
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
Deleted: tags/tomcat6/6.0.26-5/debian/patches/disable-apr-loading.patch
===================================================================
--- trunk/tomcat6/debian/patches/disable-apr-loading.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/disable-apr-loading.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,12 +0,0 @@
---- a/conf/server.xml
-+++ b/conf/server.xml
-@@ -22,7 +22,9 @@
- <Server port="8005" shutdown="SHUTDOWN">
-
- <!--APR library loader. Documentation at /docs/apr.html -->
-+ <!--
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
-+ -->
- <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
- <Listener className="org.apache.catalina.core.JasperListener" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
Deleted: tags/tomcat6/6.0.26-5/debian/patches/jsp-api-OSGi.patch
===================================================================
--- trunk/tomcat6/debian/patches/jsp-api-OSGi.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/jsp-api-OSGi.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,23 +0,0 @@
-Description: Adds OSGi metadata needed by eclipse.
-
---- a/res/META-INF/jsp-api.jar.manifest
-+++ b/res/META-INF/jsp-api.jar.manifest
-@@ -1,6 +1,18 @@
- Manifest-version: 1.0
- X-Compile-Source-JDK: @source.jdk@
- X-Compile-Target-JDK: @target.jdk@
-+Import-Package: javax.servlet; version=2.5,javax.servlet.http; version
-+ =2.5,javax.servlet.resources; version=2.5
-+Bundle-ManifestVersion: 2
-+Export-Package: javax.servlet.jsp; version=2.1,javax.servlet.jsp.el; v
-+ ersion=2.1,javax.servlet.jsp.resources; version=2.1,javax.servlet.jsp
-+ .tagext; version=2.1
-+Bundle-Version: 2.0.1.v200806031605
-+Bundle-SymbolicName: javax.servlet.jsp
-+Bundle-Name: Java Server Pages API Bundle
-+Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
-+Bundle-Localization: plugin
-+Bundle-Vendor: Apache Software Foundation
-
- Name: javax/servlet/jsp/
- Specification-Title: Java API for JavaServer Pages
Deleted: tags/tomcat6/6.0.26-5/debian/patches/series
===================================================================
--- trunk/tomcat6/debian/patches/series 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/series 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,11 +0,0 @@
-default-encoding-utf8.patch
-disable-ajp-connector.patch
-disable-apr-loading.patch
-deploy-webapps-build-xml.patch
-use-commons-dbcp.patch
-var_loaders.patch
-servlet-api-OSGi.patch
-jsp-api-OSGi.patch
-allow-empty-pid-file.patch
-webapp-classloader-deadlock-fix.patch
-catalina-sh-security-manager.patch
Copied: tags/tomcat6/6.0.26-5/debian/patches/series (from rev 12686, trunk/tomcat6/debian/patches/series)
===================================================================
--- tags/tomcat6/6.0.26-5/debian/patches/series (rev 0)
+++ tags/tomcat6/6.0.26-5/debian/patches/series 2010-06-28 20:03:37 UTC (rev 12687)
@@ -0,0 +1,12 @@
+0001-set-UTF-8-as-default-character-encoding.patch
+0002-do-not-load-AJP13-connector-by-default.patch
+0003-disable-APR-library-loading.patch
+0004-split-deploy-webapps-target-from-deploy-target.patch
+0005-change-default-DBCP-factory-class.patch
+0006-add-JARs-below-var-to-class-loader.patch
+0007-add-OSGi-headers-to-servlet-api.patch
+0008-add-OSGI-headers-to-jsp-api.patch
+0009-allow-empty-PID-file.patch
+0010-avoid-deadlock-in-WebappClassLoader.patch
+0011-Use-java.security.policy-file-in-catalina.sh.patch
+0012-Prevent-disclosure-of-host-name-or-IP-address.patch
Deleted: tags/tomcat6/6.0.26-5/debian/patches/servlet-api-OSGi.patch
===================================================================
--- trunk/tomcat6/debian/patches/servlet-api-OSGi.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/servlet-api-OSGi.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,20 +0,0 @@
-Description: Adds OSGi metadata needed by eclipse.
-
---- a/res/META-INF/servlet-api.jar.manifest
-+++ b/res/META-INF/servlet-api.jar.manifest
-@@ -1,6 +1,15 @@
- Manifest-version: 1.0
- X-Compile-Source-JDK: @source.jdk@
- X-Compile-Target-JDK: @target.jdk@
-+Bundle-ManifestVersion: 2
-+Export-Package: javax.servlet;version="2.5",javax.servlet.http;version
-+ ="2.5",javax.servlet.resources;version="2.5"
-+Bundle-Version: 2.5.0.v200806031605
-+Bundle-SymbolicName: javax.servlet
-+Bundle-Name: Servlet API Bundle
-+Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,J2SE-1.3
-+Bundle-Localization: plugin
-+Bundle-Vendor: Apache Software Foundation
-
- Name: javax/servlet/
- Specification-Title: Java API for Servlets
Deleted: tags/tomcat6/6.0.26-5/debian/patches/use-commons-dbcp.patch
===================================================================
--- trunk/tomcat6/debian/patches/use-commons-dbcp.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/use-commons-dbcp.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,25 +0,0 @@
---- a/java/org/apache/naming/factory/Constants.java
-+++ b/java/org/apache/naming/factory/Constants.java
-@@ -49,7 +49,7 @@
- Package + ".HandlerFactory";
-
- public static final String DBCP_DATASOURCE_FACTORY =
-- "org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory";
-+ "org.apache.commons.dbcp.BasicDataSourceFactory";
-
- public static final String OPENEJB_EJB_FACTORY =
- Package + ".OpenEjbFactory";
---- a/webapps/docs/jndi-resources-howto.xml
-+++ b/webapps/docs/jndi-resources-howto.xml
-@@ -653,9 +653,9 @@
- <code>driverName</code> parameters to match your actual database's
- JDBC driver and connection URL.</p>
-
-- <p>The configuration properties for Tomcat's standard data source
-+ <p>The configuration properties for our default data source
- resource factory
-- (<code>org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory</code>) are
-+ (<code>org.apache.commons.dbcp.BasicDataSourceFactory</code>) are
- as follows:</p>
- <ul>
- <li><strong>driverClassName</strong> - Fully qualified Java class name
Deleted: tags/tomcat6/6.0.26-5/debian/patches/var_loaders.patch
===================================================================
--- trunk/tomcat6/debian/patches/var_loaders.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/var_loaders.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,29 +0,0 @@
---- a/conf/catalina.properties
-+++ b/conf/catalina.properties
-@@ -44,7 +44,7 @@
- # "foo/*.jar": Add all the JARs of the specified folder as class
- # repositories
- # "foo/bar.jar": Add bar.jar as a class repository
--common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
-+common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,/var/lib/tomcat6/common/classes,/var/lib/tomcat6/common/*.jar
-
- #
- # List of comma-separated paths defining the contents of the "server"
-@@ -57,7 +57,7 @@
- # "foo/*.jar": Add all the JARs of the specified folder as class
- # repositories
- # "foo/bar.jar": Add bar.jar as a class repository
--server.loader=
-+server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,/var/lib/tomcat6/server/classes,/var/lib/tomcat6/server/*.jar
-
- #
- # List of comma-separated paths defining the contents of the "shared"
-@@ -71,7 +71,7 @@
- # "foo/bar.jar": Add bar.jar as a class repository
- # Please note that for single jars, e.g. bar.jar, you need the URL form
- # starting with file:.
--shared.loader=
-+shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,/var/lib/tomcat6/shared/classes,/var/lib/tomcat6/shared/*.jar
-
- #
- # String cache configuration.
Deleted: tags/tomcat6/6.0.26-5/debian/patches/webapp-classloader-deadlock-fix.patch
===================================================================
--- trunk/tomcat6/debian/patches/webapp-classloader-deadlock-fix.patch 2010-06-28 19:07:51 UTC (rev 12685)
+++ tags/tomcat6/6.0.26-5/debian/patches/webapp-classloader-deadlock-fix.patch 2010-06-28 20:03:37 UTC (rev 12687)
@@ -1,275 +0,0 @@
-Index: trunk/java/org/apache/jasper/servlet/JasperLoader.java
-===================================================================
---- trunk/java/org/apache/jasper/servlet/JasperLoader.java (revision 941867)
-+++ trunk/java/org/apache/jasper/servlet/JasperLoader.java (revision 941868)
-@@ -91,7 +91,7 @@
- *
- * @exception ClassNotFoundException if the class was not found
- */
-- public Class loadClass(final String name, boolean resolve)
-+ public synchronized Class loadClass(final String name, boolean resolve)
- throws ClassNotFoundException {
-
- Class clazz = null;
-@@ -169,4 +169,4 @@
- public final PermissionCollection getPermissions(CodeSource codeSource) {
- return permissionCollection;
- }
--}
-\ No newline at end of file
-+}
-Index: trunk/java/org/apache/catalina/loader/ResourceEntry.java
-===================================================================
---- trunk/java/org/apache/catalina/loader/ResourceEntry.java (revision 941867)
-+++ trunk/java/org/apache/catalina/loader/ResourceEntry.java (revision 941868)
-@@ -47,7 +47,7 @@
- /**
- * Loaded class.
- */
-- public Class loadedClass = null;
-+ public volatile Class loadedClass = null;
-
-
- /**
-Index: trunk/java/org/apache/catalina/loader/WebappClassLoader.java
-===================================================================
---- trunk/java/org/apache/catalina/loader/WebappClassLoader.java (revision 941867)
-+++ trunk/java/org/apache/catalina/loader/WebappClassLoader.java (revision 941868)
-@@ -1432,102 +1432,121 @@
- *
- * @exception ClassNotFoundException if the class was not found
- */
-- public Class loadClass(String name, boolean resolve)
-+ public synchronized Class loadClass(String name, boolean resolve)
- throws ClassNotFoundException {
-
-- synchronized (name.intern()) {
-- if (log.isDebugEnabled())
-- log.debug("loadClass(" + name + ", " + resolve + ")");
-- Class clazz = null;
--
-- // Log access to stopped classloader
-- if (!started) {
-- try {
-- throw new IllegalStateException();
-- } catch (IllegalStateException e) {
-- log.info(sm.getString("webappClassLoader.stopped", name), e);
-- }
-+ if (log.isDebugEnabled())
-+ log.debug("loadClass(" + name + ", " + resolve + ")");
-+ Class clazz = null;
-+
-+ // Log access to stopped classloader
-+ if (!started) {
-+ try {
-+ throw new IllegalStateException();
-+ } catch (IllegalStateException e) {
-+ log.info(sm.getString("webappClassLoader.stopped", name), e);
- }
--
-- // (0) Check our previously loaded local class cache
-- clazz = findLoadedClass0(name);
-+ }
-+
-+ // (0) Check our previously loaded local class cache
-+ clazz = findLoadedClass0(name);
-+ if (clazz != null) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Returning class from cache");
-+ if (resolve)
-+ resolveClass(clazz);
-+ return (clazz);
-+ }
-+
-+ // (0.1) Check our previously loaded class cache
-+ clazz = findLoadedClass(name);
-+ if (clazz != null) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Returning class from cache");
-+ if (resolve)
-+ resolveClass(clazz);
-+ return (clazz);
-+ }
-+
-+ // (0.2) Try loading the class with the system class loader, to prevent
-+ // the webapp from overriding J2SE classes
-+ try {
-+ clazz = system.loadClass(name);
- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Returning class from cache");
- if (resolve)
- resolveClass(clazz);
- return (clazz);
- }
--
-- // (0.1) Check our previously loaded class cache
-- clazz = findLoadedClass(name);
-- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Returning class from cache");
-- if (resolve)
-- resolveClass(clazz);
-- return (clazz);
-+ } catch (ClassNotFoundException e) {
-+ // Ignore
-+ }
-+
-+ // (0.5) Permission to access this class when using a SecurityManager
-+ if (securityManager != null) {
-+ int i = name.lastIndexOf('.');
-+ if (i >= 0) {
-+ try {
-+ securityManager.checkPackageAccess(name.substring(0,i));
-+ } catch (SecurityException se) {
-+ String error = "Security Violation, attempt to use " +
-+ "Restricted Class: " + name;
-+ log.info(error, se);
-+ throw new ClassNotFoundException(error, se);
-+ }
- }
--
-- // (0.2) Try loading the class with the system class loader, to prevent
-- // the webapp from overriding J2SE classes
-+ }
-+
-+ boolean delegateLoad = delegate || filter(name);
-+
-+ // (1) Delegate to our parent if requested
-+ if (delegateLoad) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Delegating to parent classloader1 " + parent);
-+ ClassLoader loader = parent;
-+ if (loader == null)
-+ loader = system;
- try {
-- clazz = system.loadClass(name);
-+ clazz = loader.loadClass(name);
- if (clazz != null) {
-+ if (log.isDebugEnabled())
-+ log.debug(" Loading class from parent");
- if (resolve)
- resolveClass(clazz);
- return (clazz);
- }
- } catch (ClassNotFoundException e) {
-- // Ignore
-+ ;
- }
--
-- // (0.5) Permission to access this class when using a SecurityManager
-- if (securityManager != null) {
-- int i = name.lastIndexOf('.');
-- if (i >= 0) {
-- try {
-- securityManager.checkPackageAccess(name.substring(0,i));
-- } catch (SecurityException se) {
-- String error = "Security Violation, attempt to use " +
-- "Restricted Class: " + name;
-- log.info(error, se);
-- throw new ClassNotFoundException(error, se);
-- }
-- }
-- }
--
-- boolean delegateLoad = delegate || filter(name);
--
-- // (1) Delegate to our parent if requested
-- if (delegateLoad) {
-+ }
-+
-+ // (2) Search local repositories
-+ if (log.isDebugEnabled())
-+ log.debug(" Searching local repositories");
-+ try {
-+ clazz = findClass(name);
-+ if (clazz != null) {
- if (log.isDebugEnabled())
-- log.debug(" Delegating to parent classloader1 " + parent);
-- ClassLoader loader = parent;
-- if (loader == null)
-- loader = system;
-- try {
-- clazz = loader.loadClass(name);
-- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Loading class from parent");
-- if (resolve)
-- resolveClass(clazz);
-- return (clazz);
-- }
-- } catch (ClassNotFoundException e) {
-- ;
-- }
-+ log.debug(" Loading class from local repository");
-+ if (resolve)
-+ resolveClass(clazz);
-+ return (clazz);
- }
--
-- // (2) Search local repositories
-+ } catch (ClassNotFoundException e) {
-+ ;
-+ }
-+
-+ // (3) Delegate to parent unconditionally
-+ if (!delegateLoad) {
- if (log.isDebugEnabled())
-- log.debug(" Searching local repositories");
-+ log.debug(" Delegating to parent classloader at end: " + parent);
-+ ClassLoader loader = parent;
-+ if (loader == null)
-+ loader = system;
- try {
-- clazz = findClass(name);
-+ clazz = loader.loadClass(name);
- if (clazz != null) {
- if (log.isDebugEnabled())
-- log.debug(" Loading class from local repository");
-+ log.debug(" Loading class from parent");
- if (resolve)
- resolveClass(clazz);
- return (clazz);
-@@ -1535,30 +1554,10 @@
- } catch (ClassNotFoundException e) {
- ;
- }
--
-- // (3) Delegate to parent unconditionally
-- if (!delegateLoad) {
-- if (log.isDebugEnabled())
-- log.debug(" Delegating to parent classloader at end: " + parent);
-- ClassLoader loader = parent;
-- if (loader == null)
-- loader = system;
-- try {
-- clazz = loader.loadClass(name);
-- if (clazz != null) {
-- if (log.isDebugEnabled())
-- log.debug(" Loading class from parent");
-- if (resolve)
-- resolveClass(clazz);
-- return (clazz);
-- }
-- } catch (ClassNotFoundException e) {
-- ;
-- }
-- }
--
-- throw new ClassNotFoundException(name);
- }
-+
-+ throw new ClassNotFoundException(name);
-+
- }
-
-
-@@ -2544,7 +2543,7 @@
- if (clazz != null)
- return clazz;
-
-- synchronized (name.intern()) {
-+ synchronized (this) {
- clazz = entry.loadedClass;
- if (clazz != null)
- return clazz;
More information about the pkg-java-commits
mailing list