pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/apache-tomcat6
Module Name: pkgsrc
Committed By: spz
Date: Sat Sep 24 16:20:57 UTC 2011
Modified Files:
pkgsrc/www/apache-tomcat6: Makefile distinfo
Log Message:
security fixes (two of three) for a leaf package
Upstream changelog:
Catalina
--------
add Allow to search the virtual paths before the webapp or after it.
(rjung)
fix 27988: Improve reporting of missing files. (markt)
fix 28852: Add URL encoding where missing to parameters in URLs
presented by Ant tasks to the Manager application.
Based on a patch by Stephane Bailliez. (markt)
add 46252: Allow to specify character set to be used to write
the access log in AccessLogValve. (kkolinko)
add 48863: Provide an warning if there is a problem with a class
path entry but use debug level logging if it is expected due
to catalina home/base split. (kkolinko)
add 49180: Add an option to disable file rotation in JULI FileHandler.
(kkolinko)
fix 50189: Once the application has finished writing to the response,
prevent further reads from the request since this causes various
problems in the connectors which do not expect this. (markt)
fix 50700: Ensure that the override attribute of context parameters
is correctly followed. (markt)
fix 50734: Return 404 rather than 400 for requests to the ROOT
context when no ROOT context is deployed. Patch provided by
Violeta Georgieva. (markt)
fix 50751: When authenticating with the JNDI Realm, only attempt
to read user attributes from the directory if attributes are
required. (markt)
fix 50752: Fix typo in debug message in
org.apache.catalina.startup.Embedded. (markt)
fix 50855: Fix NPE on AuthenticatorBase.register() when debug
logging is enabled. (markt)
fix Correctly format the timestamp reported by version.[sh|bat].
(markt)
fix Remove unnecessary whitespace from MIME mapping entries in
global web.xml file. (markt)
fix 51042: Don't trigger session creation listeners when a
session ID is changed as part of the authentication process.
(markt)
add 51119: Add JAAS authentication support to the
JMXRemoteLifecycleListener. Patch provided by Neil Laurance.
(markt)
update Implement display of multiple request headers in AccessLogValve:
print not just the value of the first header, but of the all
of them, separated by commas. (kkolinko)
fix Correct the SSLValve so it returns the SSL key size as an
Integer rather than as a String. (markt)
fix 51162: Prevent possible NPE when removing a web application. (markt)
fix 51249: Improve system property replacement code in
ClassLoaderLogManager of Tomcat JULI to cover some corner
cases. (kkolinko)
fix 51315: Fix IAE when removing an authenticator valve from a
container. Patch provided by Violeta Georgieva. (markt)
fix 51324: Improve handling of exceptions when flushing the
response buffer to ensure that the doFlush flag does not get
stuck in the enabled state. Patch provided by Jeremy Norris.
(kkolinko)
fix 51348: Fix possible NPE when processing WebDAV locks. (markt)
add Add a container event that is fired when a session's ID is
changed, e.g. on authentication. (markt)
fix Fix CVE-2011-2204. Prevent user passwords appearing in log files
if a runtime exception (e.g. OOME) occurs while creating a
new user for a MemoryUserDatabase via JMX. (markt)
fix 51400: Avoid jvm bottleneck on String/byte[] conversion
triggered by a JVM bug. Based on patches by Dave Engberg and
Konstantin Preißer. (markt)
add 51403: Avoid NPE in JULI FileHandler if formatter is
misconfigured. (kkolinko)
update Create a directory for access log or error log (in AccessLogValve
and in JULI FileHandler) automatically when it is specified
as a part of the file name, e.g. in the prefix attribute.
Earlier this happened only if it was specified with the
directory attribute. (kkolinko)
fix Log a failure if access log file cannot be opened. Improve
i18n of messages. (kkolinko)
fix Improve handling of URLs with path parameters and prevent
incorrect 404 responses that could occur when path parameters
were present. (kkolinko)
fix 51473: Fix concatenation of values in
SecurityConfig.setSecurityProperty(). (kkolinko)
fix 51509: Fix potential concurrency issue in CSRF prevention
filter that may lead to some requests failing that should not.
(markt)
fix 51588: Make it easier to extend the AccessLogValve to add
support for custom elements. (markt)
fix Unregister DataSource MBeans when web application stops. (kfujino)
add Add additional configuration options to the DIGEST
authenticator. (markt)
Coyote
------
fix Reduce level of log message for invalid URL parameters from
WARNING to INFO. (kkolinko)
add 48208: Provide an option to specify a custom trust manager
for BIO and NIO HTTP connectors using SSL. Based on a patch
by Luciana Moreira. (markt)
fix 49595: Protect against crashes when using the APR/native
connector. (jfclere)
fix 49929: Make sure flush packet is not send after END_RESPONSE
packet. (mturk/markt)
add 50887: Enable the provider to be configured when generating
SSL certs. Based on a patch by pknopp. (markt)
fix 51073: Throw an exception and do not start the APR connector
if it is configured for SSL and an invalid value is provided
for SSLProtocol. (markt)
fix Fix CVE 2011-2526. Protect against infinite loops (HTTP NIO)
and crashes (HTTP APR) if sendfile is configured to send more
data than is available in the file. (markt)
fix Prevent NPEs when a socket is closed in non-error conditions
after sendfile processing when using the HTTP NIO connector.
(markt)
fix 51515: Prevent immediate socket close when comet is used over
HTTPS. (markt)
Jasper
------
fix 36362: Handle the case where tag file attributes (which can
use any valid XML name) have a name which is not a Java
identifier. (markt)
fix 47371: Correctly coerce the empty string to zero when used
as an operand in EL arithmetic. Patch provided by gbt. (markt)
fix 50726: Ensure that the use of the genStringAsCharArray does
not result in String constants that are too long for valid
Java code. (markt)
fix 50895: Don't initialize classes created during the compilation
stage. (markt)
add 51124: Make Tomcat more robust if an OOME occurs. Usually
after an OOME all bets are off but this change appears to help
some users and the description of a 'recoverable' OOME in
the bug is a plausible one. Based on a patch by Ramiro. (markt)
fix 51177: Ensure Tomcat's MapELResolver and ListELResolver
always return Object.class for getType() as required by the
EL specification. (markt)
fix Correct possible threading issue in JSP compilation when
development mode is used. (markt)
add 51220: Add a system property to enable tag pooling with JSPs
that use a custom base class. Based on a patch by Dan Mikusa.
(markt)
add Broaden the exception handling in the EL Parser so that more
failures to parse an expression include the failed expression
in the exception message. Hopefully, this will help track
down the cause of 51088. (markt)
add Improve error reporting of Jasper compilation. (schultz)
Cluster
-------
fix 50646: Fix cluster message data corruption if message size
exceeds the underlying buffer size. Patch provided by
Olivier Costet. (markt)
fix 50771: Ensure HttpServletRequest#getAuthType() returns the
name of the authentication scheme if request has already been
authenticated. (kfujino)
fix 50950: Correct possible NotSerializableException for an
authenticated session when running with a security manager.
(markt)
fix 51306: Avoid NPE when handleSESSION_EXPIRED is processed while
handleSESSION_CREATED is being processed. (kfujino)
fix The change in session ID is notified to the container event
listener on the backup node in cluster. This notification is
controlled by notifyContainerListenersOnReplication. (kfujino)
Webapps
-------
fix 41498: Add the allRolesMode attribute to the Realm
configuration page in the documentation web application. (markt)
fix 48997: Fixed some typos and improve cross-referencing to the
HTTP Connector and APR documentation with the SSL How-To page
of the documentation web application. (markt)
fix 50804: Update links for Servlet 2.5 and JSP 2.1 Javadoc. (markt)
update Improve class loading documentation and logging documentation.
(kkolinko)
update Configure Security Manager How-To to include a copy of the
actual conf/catalina.policy file when the documentation is
built, rather than maintaining a copy of its content. (kkolinko)
fix 51147: Fix deployment via HTML Manager that was broken by
addition of CRSF protection. Patch provided by Alexis Hassler.
(markt)
fix 51156: Ensure session expiration option is available in
Manager application was running web applications that were
defined in server.xml. (markt)
fix Correct the log4j configuration settings when defining
conversion patterns in the documentation web application. (markt)
fix Update Maven repository information in the documentation to
reflect current usage. (markt)
fix 51346: Update the documentation web application to make clear
the circumstances in which the RequestDumperValve will consume
the request's InputStream. Based on a patch by pid. (markt)
fix 51443: Document the notifySessionListenersOnReplication
attribute for the DeltaManager. (markt)
fix 51516: Correct documentation web application to show correct
system property name for changing the name of the SSO session
cookie. (markt)
update Update documentation to be even more explicit about the
implications of setting the path attribute on a Context element
in server.xml. (markt/kkolinko)
Other
-----
update Clarify error messages in *.sh files to mention that if a
script is not found it might be because execute permission
is needed. (kkolinko)
add 33262, 40510, 50949, 51135: Various improvements to the
Windows installer to be able to install several copies of
Tomcat 6 side by side. Allow to configure service name,
connector and shutdown ports. Allow to choose whether to
install Start menu shortcuts and Apache Tomcat monitor
application for all users or for the current one only.
Improve auto-detection of JAVA_HOME for 64-bit Windows
platforms: autoselect 32-bit JRE if it exists and 64-bit
one is not available. Improve server.xml file handling.
Fix uninstallation icon. (markt/kkolinko)
fix 50854: Add additional entries to the default catalina.policy
file to support running the manager web application from
CATALINA_HOME or CATALINA_BASE. (markt)
fix Update default download sources to use the central
Apache Maven 2 repository as some libraries have been removed
from the central Apache Maven 1 repository. (kkolinko)
fix 51155: Add comments to @deprecated tags that have none.
Patch provided by sebb. (kkolinko)
fix 51309: Correct logic in catalina.sh stop when using a PID
file to ensure the correct message is shown. Patch provided
by Caio Cezar. (markt)
update Update Apache Commons Pool to 1.5.6. (kkolinko)
update Update Apache Commons Daemon to 1.0.7. (kkolinko)
update At build time use two alternative download locations for
components downloaded from apache.org. (kkolinko)
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/apache-tomcat6/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/apache-tomcat6/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index