CVS commit: pkgsrc/www/apache-tomcat6

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/apache-tomcat6
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sat, 28 Jun 2014 17:05:46 +0000
Module Name:    pkgsrc
Committed By:   spz
Date:           Sat Jun 28 17:05:46 UTC 2014

Modified Files:
        pkgsrc/www/apache-tomcat6: Makefile distinfo

Log Message:
security'ish update. Changelog:

Tomcat 6.0.41
=============
Jasper
------
fix     56529: Avoid NoSuchElementException while handling attributes
        with empty string value in custom tags. Based on a patch
        provided by Hariprasad Manchi. (violetagg/kkolinko)

Tomcat 6.0.40   not released
============================
Catalina
--------
fix     56027: Add more options for managing FIPS mode in the
        AprLifecycleListener. (schultz/kkolinko)
fix     56082: Fix a concurrency bug in JULI's LogManager
        implementation. (markt)
fix     56236: Enable Tomcat to work with alternative Servlet and
        JSP API JARs that package the XML schemas in such as way as
        to require a dependency on the JSP API before enabling
        validation for web.xml. Tomcat has no such dependency. (markt)
fix     Change the default value of the xmlBlockExternal attribute
        of Context elements. It is now true. (kkolinko)
fix     Don't log to standard out in SSLValve. (kkolinko/markt)
code    Use StringBuilder in DefaultServlet. (kkolinko)
fix     56275: Allow web applications to be stopped cleanly even
        if filters throw exceptions when their destroy() method is
        called. (markt/kkolinko)
fix     Redefine the globalXsltFile initialisation parameter of the
        DefaultServlet as relative to CATALINA_BASE/conf or
        CATALINA_HOME/conf. Prevent user supplied XSLTs used by the
        DefaultServlet from defining external entities. (markt)
fix     Add a work around for validating XML documents (often TLDs)
        that use just the file name to refer to refer to the JavaEE
        schema on which they are based. (kkolinko)
fix     56369: Ensure that removing an MBean notification listener
        reverts all the operations performed when adding an MBean
        notification listener. (markt)
fix     Only create XML parsing objects if required and fix associated
        potential memory leak in the default Servlet. (markt)
fix     Ensure that a TLD parser obtained from the cache has the
        correct value of blockExternal. (markt/kkolinko)
add     Extend XML factory, parser etc. memory leak protection to
        cover some additional locations where, theoretically, a
        memory leak could occur. (markt)
add     Add the org.apache.naming package to the packages requiring
        code to have the defineClassInPackage permission when running
        under a security manager. (markt)
add     Add the org.apache.naming.resources package to the packages
        requiring code to have the accessClassInPackage permission
        when running under a security manager. (markt)
fix     Make the naming context tokens for containers more robust.
        Require RuntimePermission when introducing a new token.
        (markt/kkolinko)

Coyote
------
fix     Improve processing of chuck size from chunked headers.
        Avoid overflow and use a bit shift instead of a multiplication
        as it is marginally faster. (markt/kkolinko)
fix     Fix possible overflow when parsing long values from a byte
        array. (markt)
update  56363: Update to version 1.1.30 of Tomcat Native library.
        The minimum required version of this library for APR connector
        is now 1.1.30. (kkolinko)

Jasper
------
fix     Change the default behaviour of JspC to block XML external
        entities by default. (kkolinko)
fix     Restore the validateXml option to Jasper that was previously
        renamed validateTld. Both options are now supported.
        validateXml controls the validation of web.xml files when
        Jasper parses them and validateTld controls the validation
        of *.tld files when Jasper parses them. (markt)
fix     54475: Add Java 8 support to SMAP generation for JSPs.
        Patch by Robbie Gibson. (markt)
fix     56010: Don't throw an IllegalArgumentException when
        JspFactory.getPageContext is used with JspWriter.DEFAULT_BUFFER.
        Based on a patch by Eugene Chung. (markt)
fix     56265: Do not escape values of dynamic tag attributes
        ontaining EL expressions. (kkolinko)
fix     56283: Add support for running Tomcat 6 with ecj-P20140317-1600.jar
        (as drop-in replacement for ecj-4.3.1.jar). Add support for
        value "1.8" for the compilerSourceVM and compilerTargetVM
        options. Note that ecj-P20140317-1600.jar can only be used
        when running with Java 6 or later. The "1.8" options make
        sense only when running with Java 8 (or later). (kkolinko)
fix     56334: Fix a regression in the handling of back-slash escaping
        introduced by the fix for 55735. (markt/kkolinko)
fix     Correct the handling of back-slash escaping in the EL parser
        and no longer require that \$ or \# must be followed by { in
        order for the back-slash escaping to take effect. (markt)

Cluster
-------
code    Refactor AbstractReplicatedMap and related classes to enable
        Tomcat 6 to be compiled using Java 8. (markt)

Web applications
----------------
add     56093: Documentation for SSLValve. (markt/kkolinko)
fix     Correct documentation on Windows service options, aligning
        it with Apache Commons Daemon documentation. (kkolinko)
add     Add support for version-major, version-major-minor tags in
        documentation XSLT, to simplify documentation backports. (kkolinko)
fix     Fix target and rel attributes on links in documentation.
        They were lost during XSLT transformation. (kkolinko)

Other
-----
code    Remove svn keywords (such as $Id) from source files and
        documentation. (kkolinko)
update  Improvements to the Windows installer, to align it with
        installing the sevice with service.bat. Use explicit memory
        sizes (--JvmMs 128 Mb and --JvmMx 256 Mb). Specify log
        directory path when ininstalling, so that the log file is
        written to the Tomcat logs directory, instead of
        "%SystemRoot%\System32\LogFiles\Apache". (kkolinko)
update  49993, 56143: Improve service.bat script. Allow it to be
        launched from non-UAC console. The UAC prompt will be shown
        only once. Now there is no need to run the command shell
        with elevated privileges. Improve check for JAVA_HOME and
        add support for JRE_HOME. Warn if neither "client" nor
        "server" JVM is found. Align classpath, display name and
        other options with the exe installer. Make command names
        case-insensitive. Update documentation. (kkolinko)


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/apache-tomcat6/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/apache-tomcat6/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Prev by Date: CVS commit: pkgsrc/www/php-tt-rss-fever-plugin
Next by Date: CVS commit: pkgsrc/devel/p5-PerlIO-gzip
Previous by Thread: CVS commit: pkgsrc/www/php-tt-rss-fever-plugin
Next by Thread: CVS commit: pkgsrc/devel/p5-PerlIO-gzip
Indexes:
Home | Main Index | Thread Index | Old Index