tomcat6 @6.0.35_1: update to 6.0.53

[l2dy (Zero King)]

​http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49

Tomcat 6.0.48 and 6.0.49 fixed three important vulnerabilities.

[l2dy (Zero King)]

Note that Tomcat 6.0.49 is not yet released.

[l2dy (Zero King)]

Tomcat 6 distfiles are not available on apache mirrors any more.

Edit: still available on ​https://archive.apache.org/dist/tomcat/tomcat-6/v6.0.53/, leave closed due to EOL.

[blair (Blair Zajac)]

In fc6a26da8ba84ed39605c6922c0e1c5307f520f6/macports-ports:

tomcat6: upgrade to 6.0.53 to resolve security issues in current version.

Closes: #53246

[blair (Blair Zajac)]

It seems wrong to leave a version with a known security issue in MacPorts since MacPorts is always live. It's not like Ubuntu 12.04 or some version which is retired, so I updated it.

[l2dy (Zero King)]

Replying to blair:

It seems wrong to leave a version with a known security issue in MacPorts since MacPorts is always live. It's not like Ubuntu 12.04 or some version which is retired, so I updated it.

I planned to create a ticket for removing the port, I dislike keeping unsupported old releases of an active project in our tree.

Your update didn't build on our Buildbot, did you test it?

[blair (Blair Zajac)]

My bad, no, I didn't try to compile it until now.

I cannot get the commons-collections dependency to compile using Java 8, so maybe we should just delete all these.

Also, compiling our own Java packages seems backwards now instead of using precompiled ones.

[l2dy (Zero King)]

Dependency commons-daemon also failed to build and is outdated, see #36522.