pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/apache-tomcat6
Module Name: pkgsrc
Committed By: spz
Date: Thu Feb 6 12:01:43 UTC 2014
Modified Files:
pkgsrc/www/apache-tomcat6: Makefile PLIST distinfo
Log Message:
Update apache-tomcat6 to 6.0.39, including avoidance for CVE-2013-1571.
Upstream changelog:
Tomcat 6.0.39 (markt)
Catalina
fix 55166: Fix regression that broke XML validation when
running on some Java 5 JVMs. (kkolinko)
Coyote
fix Make the HTTP NIO connector tolerant of whitespace
in the individual values used for the ciphers attribute.
(markt)
fix Remove dependency introduced on the jsp-api.jar as
part of the XML validation changes introduced in 6.0.38.
(markt)
Jasper
fix Correct several errors in jspxml Schema and DTD. (kkolinko)
Cluster
code Remove an empty TestTwoPhaseCommit test from Tribes. (kkolinko)
Web applications
fix Fix broken link in Jasper How-To documentation. (markt)
fix Align index.html and index.jsp in ROOT web application.
Correct links to specifications and to the Tomcat mailing
lists. (kkolinko)
fix Remove second copy of RUNNING.txt from the full-docs
distribution. Some unpacking utilities can't handle
multiple copies of a file with the same name in a directory.
(kkolinko)
Other
update Update sample Eclipse IDE project: use JUnit 4 library
and prefer a Java 5 JDK when several JDKs are configured.
Cleanup the Ant build files. (kkolinko)
fix Correct Maven dependencies for individual JAR files. (markt)
Tomcat 6.0.38 (markt) not released
Catalina
fix Ensure that when Tomcat's anti-resource locking features
are used that the temporary copy of the web application
and not the original is removed when the web application
stops. (markt/kkolinko)
fix 55019: Fix a potential exception when accessing JSPs
while running under a SecurityManager. (jfclere)
fix 55052: Make JULI's LogManager to additionally look for
logging properties without prefixes if the property
cannot be found with a prefix. (kkolinko)
fix 55266: Ensure that the session ID is parsed from the
request before any redirect as the session ID may need
to be encoded as part of the redirect URL. (markt)
fix 55404: Log warnings about using security roles in web.xml
as warnings. (markt)
fix 55268: Added optional --service-start-wait-time
command-line option to change service start wait time
from default of 10 seconds. (schultz)
fix Correctly associate the default resource bundle with
the English locale so that requests that specify an
Accept-Language of English ahead of French, Spanish or
Japanese get the English messages they asked for. (markt)
fix Add missing JavaEE 5 XML schema definitions. (markt)
fix When Catalina parses TLD files, always use a namespace
aware parser to be consistent with how Jasper parses
TLD files. The tldNamespaceAware attribute of the Context
is now ignored. (markt)
fix As per section SRV.14.4.3 of the Servlet 2.5 specification,
a namespace aware, validating parser will be used when
processing *.tld and web.xml files if the system property
org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set
to true. (markt)
fix Ensure that sessions IDs are not parsed from URLs for
Contexts where disableURLRewriting is true. (markt)
add Add an option to the Context to control the blocking of
XML external entities when parsing XML configuration
files and enable this blocking by default when a security
manager is used. The block is implemented via a custom
resolver to enable the logging of any blocked entities.
(markt)
fix 56016: When loading resources for XML schema validation,
take account of the possibility that servlet-api.jar and
jsp-api.jar may not be loaded by the same class loader.
Patch by Juan Carlos Estibariz. (markt)
Coyote
fix 52811: Fix parsing of Content-Type header in
HttpServletResponse.setContentType(). Introduces a new
HTTP header parser that follows RFC2616. (markt)
fix 54691: Add configuration attribute "sslEnabledProtocols"
to HTTP connector and document it. (Internally this
attribute has been already implemented but not documented,
under names "protocols" and "sslProtocols". Those names
of this attribute are now deprecated). (schultz)
fix 54947: Fix the HTTP NIO connector that incorrectly
rejected a request if the CRLF terminating the request
line was split across multiple packets.
Patch by Konstantin Preißer. (markt)
fix 55228: Allow web applications to set a HTTP Date header.
(markt)
fix Better adherence to RFC2616 for content-length headers.
(markt)
fix Add support for limiting the size of chunk extensions
when using chunked encoding. (markt)
fix 55749: Improve the error message when SSLEngine is
disabled in the AprLifecycleListener and SSL is
configured for an APR/native connector. (markt)
fix Avoid possible NPE if a content type is specified without
a character set. (markt)
Jasper
fix 55198: Ensure attribute values in tagx files that include
EL and quoted XML characters are correctly quoted in
the output. (markt)
fix 55671: Consistently use the configuration option name
genStringAsCharArray rather than a mixture of
genStrAsCharArray and genStringAsCharArray but retain
support for genStrAsCharArray as in initialisation
parameter for the JSP servlet to retain backwards
compatibility with existing configurations. (markt)
fix 55691: Fix javax.el.ArrayELResolver to correctly handle
the case where the base object is an array of primitives.
(markt)
fix 55973: Fix processing of XML schemas when validation
is enabled in Jasper. (kkolinko)
Web applications
add Add documentation for
o.a.c.tribes.group.interceptors.TcpFailureDetector. (kfujino)
add Complete the documentation for MessageDispatch15Interceptor.
(kfujino)
add Add to cluster document a description of
notifyLifecycleListenerOnFailure and
heartbeatBackgroundEnabled. (kfujino)
fix 55746: Add documentation on the allRolesMode to the
CombinedRealm and LockOutRealm. Patch by Cédric Couralet.
(markt)
fix Fix the sample configuration of StaticMembershipInterceptor
in order to prevent warning log. uniqueId must be 16 bytes.
(kfujino)
fix 55119: Avoid CVE-2013-1571 when generating Javadoc. (markt)
Other
update Update Maven Central location used to download
dependencies at build time to be repo.maven.apache.org.
(kkolinko)
fix 55663: Minor correction to the wording of the NOTICE files
to align them with the requirements for NOTICE files.
(violetagg)
fix Add @since markers to the common annotations classes and
fix a few specification compliance issues. (markt)
update Update to Eclipse JDT Compiler 4.3.1. (markt)
update Update the Apache Jakarta JSTL implementation used by
the exmaples web application to 1.1.2. (markt)
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/apache-tomcat6/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/apache-tomcat6/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/apache-tomcat6/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index