09:25 pav 

- Remove expired www/jakarta-tomcat4 port: www/jakarta-tomcat5 is recommended
  instead for new installations

08:50 lawrance 

Clean up Tomcat 4, 4.1, 5, and 5.5 ports.

These changes apply to all ports, unless mentioned otherwise:

- Move jakarta-tomcat55 to tomcat55 (it is no longer a Jakarta project). [6]
- Improve the tomcat55 rc script.  Fix PID handling.  Improve the
  shutdown process.  Use USE_RC_SUBR to its full potential. [2]
- Backport tomcat55 rc script to the other tomcat ports.  This allows
  us to pass command line arguments to the JVM.  Noted in UPDATING.
  [1], [3], [4]
- Change ownership of installed files.  All files are now installed
  with default uid/gid (root:wheel) except for those in the conf/, logs/,
  temp/ and work/ directories. [5]
- No longer install tomcatXXctl binary.  rc scripts are more flexible
  and can be reconfigured without recompiling.
- Remove AUTO_START and STOP_TIMEOUT (replaced with rc tomcatXX_stop_timeout).
- Remove a long list of sed expressions in favour of SUB_LIST.
- Move pkg_{,de}install to files/pkg_{,de}install.in.  Add them to
  SUB_FILES.  Tidy up substitutions and remove hardcoded values.
- Some nonfunctional tidying and removal of Makefile cruft.

PR:             ports/38018 [1], ports/38020 [2], ports/74344 [3],
                ports/75143 [4], ports/83434 [5], ports/92692 [6]
Submitted by:   Ari Suutari <ari.suutari@syncrontech.com> [1] [2],
                SimpleRezo Team <freebsd@simplerezo.com> [3],
                Anton Yudin <toha@toha.org.ua> [4],
                Jan Grant <jan.grant@bristol.ac.uk> [5],
                lawrance [6]
Approved by:    Kang Liu <liukang@cn.freebsd.org> (maintainer) [6]
                Maintainer timeouts on [1], [2], [3], [4], [5]
Big thanks to:  hq for the initial tomcat55 script
                jasonb on FreeNode #tomcat for packaging advice

02:58 edwin 

Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtry

Approved by:    krion@
PR:             ports/88711 (related)

13:25 hq 

- Update to bsd.java.mk 2.0
- Backup config files during deinstall [1]
- Use MAN1 in Makefile [1]
- Fix pkg_add permission problem [2]
- ECHO_CMD -> ECHO_MSG [1]
- Bump PORTREVISION [1]
- Mark as DEPRECATED [1]
- Fix MASTER_SITE [1]
- Add $FreeBSD$ tags where missing [1]

PR:             75604 [1], 57235 [2]
Submitted by:   maintainer [1] [2]

22:51 znerd 

Upgrade to Tomcat 4.0.6, released on 9 October 2002. From the
News & Status page:

        A security vulnerability has been confirmed to exist in
        Apache Tomcat 4.0.x releases (including Tomcat 4.0.5),
        which allows to use a specially crafted URL to return the
        unprocessed source of a JSP page, or, under special
        circumstances, a static resource which would otherwise have been
        protected by security constraint, without the need for being
        properly authenticated.  This is based on a variant of the
        exploit that was disclosed on
        09/24/2002.

See:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/RELEASE-NOTES

12:37 znerd 

Security fix: Upgrade to 4.0.5.

PR:     43503

07:17 znerd 

Upgrade to Tomcat 4.0.4.

For release notes, see:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.4/RELEASE-NOTES