pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/apache-tomcat7
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Jun 7 00:24:30 UTC 2014
Modified Files:
pkgsrc/www/apache-tomcat7: Makefile distinfo
Log Message:
Update to 7.0.54
* Fix CVE-2014-0119
Changelog:
Tomcat 7.0.54 (violetagg)
Catalina
fix Fix custom UTF-8 decoder so that a byte of value 0xC1 is always
rejected immediately as it is never valid in a UTF-8 byte sequence. Update
UTF-8 decoder tests to account for UTF-8 decoding improvements in Java 8. The
custom UTF-8 decoder is still required due to bugs in the UTF-8 decoder
provided by Java. Java 8's decoder is better than Java 7's but it is still
buggy. (markt)
fix 56027: Add more options for managing FIPS mode in the
AprLifecycleListener. (schultz/kkolinko)
fix 56321: When a WAR is modified, undeploy the web application
before deleting any expanded directory as the undeploy process may refer to
classes that need to be loaded from the expanded directory. If the expanded
directory is deleted first, any attempt to load a new class during undeploy
will fail. (markt)
fix 56339: Avoid an infinite loop if an application calls
session.invalidate() from the session destroyed event for that session. (markt)
update 56365: Simplify file name pattern matching code in
StandardJarScanner. Ignore leading and trailing whitespace and empty strings
when configuring patterns. Improve documentation. (kkolinko)
fix 56369: Ensure that removing an MBean notification listener
reverts all the operations performed when adding an MBean notification
listener. (markt)
add 56382: Information about finished deployment and its execution
time is added to the log files. Patch is provided by Danila Galimov. (violetagg)
add 56383: Properties for disabling server information and error
report are added to the org.apache.catalina.valves.ErrorReportValve. Based on
the patch provided by Nick Bunn. (violetagg/kkolinko)
fix Only create XML parsing objects if required and fix associated
potential memory leak in the default Servlet. (markt)
fix Modify generic exception handling so that StackOverflowError is
not treated as a fatal error and can handled and/or logged as required. (markt)
fix 56409: Avoid StackOverflowError on non-Windows systems if a
file named \ is encountered when scanning for TLDs. (markt)
add 56430: Extend checks for suspicious URL patterns to include
patterns of the form *.a.b which are not valid patterns for extension mappings.
(markt)
add Extend XML factory, parser etc. memory leak protection to cover
some additional locations where, theoretically, a memory leak could occur.
(markt)
fix Ensure that a TLD parser obtained from the cache has the
correct value of blockExternal. (markt)
fix 56441: Raise the visibility of exceptions thrown when a problem
is encountered calling a getter or setter on a component attribute. The logging
level is raised from debug to warning. (markt)
fix 56451: Make resources accessed via a context alias accessible
via JNDI in the same way standard resources are available. (markt)
add 56463: Property for disabling server information is added to
the DefaultServlet. Server information is presented in the response sent to the
client when directory listings is enabled. (violetagg)
add Add the org.apache.naming package to the packages requiring
code to have the defineClassInPackage permission when running under a security
manager. (markt)
add Add the org.apache.naming.resources package to the packages
requiring code to have the accessClassInPackage permission when running under a
security manager. (markt)
fix Make the naming context tokens for containers more robust.
Require RuntimePermission when introducing a new token. (markt/kkolinko)
fix 56472: Allow NamingContextListener to clean up on stop if its
start failed. (kkolinko)
add 56492: Avoid eclipse debugger pausing on uncaught exceptions
when tomcat renews its threads. (slaurent)
fix Minor fixes to ThreadLocalLeakPreventionListener. Do not
trigger threads renewal for failed contexts. Do not ignore threadRenewalDelay
setting. Improve documentation. (kkolinko)
fix Correct regression introduced in r797162 that broke
authentication of users when using the JAASMemoryLoginModule. (markt)
fix 56501: HttpServletRequest.getContextPath() should return the
undecoded context path used by the user agent. (markt)
fix 56523: When using SPNEGO authentication, log the exceptions
associated with failed user logins at debug level rather than error level.
(markt)
fix 56536: Ensure that HttpSessionBindingListener.valueUnbound()
uses the correct class loader when the SingleSignOn valve is used. (markt)
Coyote
add 56399: Assert that both Coyote and Catalina request objects
have been properly recycled. (kkolinko)
fix 56416: Correct documentation for default value of socket linger
for the AJP and HTTP connectors. (markt)
Jasper
fix 56334: Fix a regression in the handling of back-slash escaping
introduced by the fix for 55735. (markt/kkolinko)
fix 56425: Improve method matching for EL expressions. When looking
for matching methods, an exact match between parameter types is preferred
followed by an assignable match followed by a coercible match. (markt)
fix Correct the handling of back-slash escaping in the EL parser
and no longer require that \$ or \# must be followed by { in order for the
back-slash escaping to take effect. (markt)
fix 56529: Avoid NoSuchElementException while handling attributes
with empty string value in custom tags. Patch provided by Hariprasad Manchi.
(violetagg)
Cluster
fix Remove cluster and replicationValve from cluster manager
template. These instance are not necessary to template. (kfujino)
fix Add support for cross context session replication to
org.apache.catalina.ha.session.BackupManager. (kfujino)
fix Remove the unnecessary cross context check. It does not matter
whether the context that is referenced by other context is set to
crossContext=true. The context that refers to the different context must be set
to crossContext=true. (kfujino)
code Move to org.apache.catalina.ha.session.ClusterManagerBase
common logics of org.apache.catalina.ha.session.BackupManager and
org.apache.catalina.ha.session.DeltaManager. (kfujino)
code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster. In order to
add or remove cluster valve to Container, use pipeline instead of
IntrospectionUtils. (kfujino)
fix There is no need to set cluster instance when
SimpleTcpCluster.unregisterClusterValve is called. Set null than cluster
instance for cleanup. (kfujino)
code Backport refactoring of AbstractReplicatedMap to implement Map
rather than extend ConcurrentHashMap to enable Tomcat 7 to be built with Java
8. (markt)
WebSocket
fix 56343: Avoid a NPE if Tomcat's Java WebSocket 1.0
implementation is used with the Java WebSocket 1.0 API JAR from the reference
implementation. (markt)
fix Increase the default maximum size of the executor used by the
WebSocket implementation for call backs associated with asynchronous writes
from 10 to 200. (markt)
add Add a warning if the thread group created for WebSocket
asynchronous write call backs can not be destroyed when the web application is
stopped. (markt)
fix Ensure that threads created to support WebSocket clients are
stopped when no longer required. This will happen automatically for WebSocket
client connections initiated by web applications but stand alone clients must
call WsWebSocketContainer.destroy(). (markt)
fix 56449: When creating a new session, add the message handlers to
the session before calling Endpoint.onOpen() so the message handlers are in
place should the onOpen() method trigger the sending of any messages. (markt)
fix 56458: Report WebSocket sessions that are created over secure
connections as secure rather than as not secure. (markt)
fix Stop threads used for secure WebSocket client connections when
they are no longer required and give them better names for easier debugging
while they are running. (markt)
Web applications
fix Add Support for copyXML attribute of Host to Host Manager.
(kfujino)
fix Ensure that "name" request parameter is used as a application
base of host if "webapps" request parameter is not set when adding host in
HostManager Application. (kfujino)
fix Correct documentation on Windows service options, aligning it
with Apache Commons Daemon documentation. (kkolinko)
update 55215: Improve log4j configuration example. Clarify access
logging documentation. Based on patches provided by Brian Burch. (kkolinko)
update 55383: Backport improved HTML markup for tables and code
fragments from Tomcat 8 documentation. (kkolinko)
fix 56418: Ensure that the Manager web application does not report
success for a web application deployment that fails. (slaurent)
fix Fix target and rel attributes on links in documentation. They
were lost during XSLT transformation. (kkolinko)
update Improve valves documentation. Split valves into groups.
(kkolinko)
Other
fix Align DisplayName of Tomcat installed by service.bat with one
installed by the *.exe installer. Print a warning in case if neither server nor
client jvm is found by service.bat. (kkolinko)
update 56363: Update to version 1.1.30 of Tomcat Native library.
(schultz)
update Update package renamed Apache Commons BCEL to r1593495 to pick
up some additional changes for Java 7 support and some code clean up. (markt)
add In tests: allow to configure directory where JUnit reports and
access log are written to. (kkolinko)
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/apache-tomcat7/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/apache-tomcat7/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index