Security fix. Please see ChangeLog.

2 files changed, 24 insertions, 1 deletions

diff --git a/net-www/tomcat/ChangeLog b/net-www/tomcat/ChangeLog
index 42b7228b8fa7..5d0fc88393f2 100644
--- a/net-www/tomcat/ChangeLog
+++ b/net-www/tomcat/ChangeLog
@@ -1,6 +1,22 @@
 # ChangeLog for net-www/tomcat
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/tomcat/ChangeLog,v 1.20 2003/04/10 07:24:59 absinthe Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/tomcat/ChangeLog,v 1.21 2003/05/27 04:36:16 absinthe Exp $
+
+*tomcat-4.1.24-r1 (27 May 2003)
+
+  27 May 2003; Dylan Carlson <absinthe@gentoo.org> tomcat-4.1.24-r1.ebuild:
+  /opt/tomcat/conf was vulnerable to local users who are snooping the
+  tomcat-users.xml file for passwords. The new ebuild fixes this problem for new
+  installations.
+  
+  If you have an existing installation of Tomcat you can do the following:
+  
+  1. # /etc/init.d/tomcat stop
+  2. # chmod -R 750 /opt/tomcat/
+  3. # /etc/init.d/tomcat start
+  
+  Thanks to "D.Tuinstra" <tuinstra@inteo.com> for pointing out the
+  vulnerability.
 
 *tomcat-4.1.24 (25 Mar 2003)
 
diff --git a/net-www/tomcat/Manifest b/net-www/tomcat/Manifest
new file mode 100644
index 000000000000..8953588e2d2b
--- /dev/null
+++ b/net-www/tomcat/Manifest
@@ -0,0 +1,7 @@
+MD5 4f182d3f29f1526bc09928b8e69e6351 tomcat-4.1.24-r1.ebuild 3832
+MD5 5b8aafc8bb6d1f2e3d4d4368cc8ece8f ChangeLog 5078
+MD5 f3d7f1cc3b7b8a69342e6bede7395f58 files/digest-tomcat-4.1.24-r1 74
+MD5 bf1c6e3b412968c9a06aeb15f21355e9 files/4.1.24/gentoo.diff 4002
+MD5 12a2562eeb8ec6dc5ef8b2172a5f29c4 files/4.1.24/tomcat.conf 2710
+MD5 da7e3d883b224f013f546d2a087099e8 files/4.1.24/tomcat.init 817
+MD5 53b2c10f99d7d2c05a69fc49b7acda8b files/4.1.24/21tomcat 58