CVS commit: pkgsrc/www/apache-tomcat7

["Ryo ONODERA" <ryoon%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Mon Dec 21 17:03:26 UTC 2015

Modified Files:
        pkgsrc/www/apache-tomcat7: Makefile distinfo

Log Message:
Update to 7.0.67

Changelog:
Tomcat 7.0.67 (violetagg)

    Catalina

        add     56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to use relative URIs. This is controlled by a new attribute useRelativeRedirects on the Context and defaults to 
true. (markt)
        fix     58660: Correct a regression in 7.0.66 caused by the change that moved the redirection for context roots from the Mapper to the Default Servlet. (markt)
        fix     Fixed potential NPE in HostConfig while deploying an application. Issue reported by coverity scan. (violetagg)
        fix     58655: Fix an IllegalStateException when calling HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by trying to correctly generate the absolute URI for the 
redirect. With the fix for 56917, redirects may now be relative making the sendRedirect() implementation for the RemoteIpFilter much simpler. This also addresses issues where the redirect may not 
have behaved as expected when redirecting from http to https to from https to http. (markt)

    WebSocket

        fix     58658: Correct a regression in 7.0.66 that prevented Tomcat from starting on Java 6 unless the WebSocket JARs (that require Java 7) were removed. (markt)

    Web Applications

        add     Add a description of the default value of heartbeatSleeptime attribute and optionCheck attribute in the cluster channel docs. (kfujino)

    Tribes

        fix     Fix potential NPE in AbstractReplicatedMap.breakdown(). (kfujino)

Tomcat 7.0.66 (violetagg)       not released

    General

        update  58596: Clarify the description in RUNNING.txt of how environment variables are used. (markt)

    Catalina

        fix     34319: Only load those keys in StoreBase.processExpire from JDBCStore, that are old enough, to be expired. Based on a patch by Tom Anderson. (fschumacher)
        fix     56777: Allow file based configuration resources (user database, certificate revocation lists, keystores and trust stores) to be configured using URLs as well as files. Back-port 
provided by Huxing Zhang. (markt/violetagg)
        add     57741: Enable the CGI servlet to use the standard error page mechanism. Note that if the CGI servlet's debug init parameter is set to 10 or higher then the standard error page 
mechanism will be bypassed and a debug response generated by the CGI servlet will be returned instead. (markt)
        add     58486: Protect against two further possible memory leaks associated with XML parsing. (markt)
        code    58497: Make AbstractHttp11Processor easy to extend. (markt)
        fix     58508: Escape role names when generating associated MBeans in case the role name contains characters not permitted in an MBean name. (markt)
        fix     58522: Fixed concurrency issue when iterating web application's resources. (violetagg)
        fix     58534: Removed repeated conditional tests in o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint Patch provided by Anthony Whitford. (violetagg)
        fix     58535: Use Collections.reverseOrder when a reverse ordering is needed. (violetagg)
        fix     58537: Some of the inner classes in o.a.catalina.valves.ExtendedAccessLogValve are made static. Patch provided by Anthony Whitford. (violetagg)
        fix     58540: Removed unused code from o.a.catalina.connector.Request. Patch provided by Anthony Whitford. (violetagg)
        fix     58541, 58544: It is more efficient to call Integer.toString(int) instead of Integer.valueOf(int).toString() when only a string representation of a primitive is needed. Based on a 
patch provided by Anthony Whitford. (violetagg)
        fix     58541, 58547: It is more efficient to call valueOf(...) instead of Number constructor. Based on a patch provided by Anthony Whitford. (violetagg)
        fix     58545: In some use cases it is more efficient to use Map.entrySet() instead of Map.keySet() Based on a patch provided by Anthony Whitford. (violetagg)
        add     Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs. (violetagg)
        fix     58581: If a custom error page fails, fall back to the standard error page rather than throwing an NPE. Based on a patch by Huxing Zhang. (markt)
        fix     58582: Combined realm should perform background processing on its sub-realms. Based upon a patch provided by Aidan. (kkolinko)
        fix     Handle the unlikely case where different versions of a web application are deployed with different session settings. (markt)
        add     Add a new Context option, enabled by default, that enables an additional check that a client provided session ID is in use in at least one other web application before allowing it to 
be used as the ID for a new session in the current web application. (markt)
        add     Add support for DIGEST authentication to the JNDIRealm. Based on a patch by Alexis Hassler. (markt)
        fix     58603: Ensure that HttpServletRequest.getRequestURL() returns the correct value when using the RemoteIpFilter. (markt)
        fix     Ensure that in an embedded Tomcat the logging configuration is not lost during garbage collection. (violetagg)
        add     Move the functionality that provides redirects for context roots and directories where a trailing / is added from the Mapper to the DefaultServlet. This enables such requests to be 
processed by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of 
the Context which may be used to restore the previous behaviour. (markt)
        fix     58635: Enable break points to be set within agent code when running Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)

    Jasper

        fix     57136#c25: Implement a setting that controls what quoting rule is used when parsing EL expressions in attributes on a JSP page (chapter JSP.1.6 of specification). The setting name is 
quoteAttributeEL and it is configured as initialisation parameter of JSP Servlet (per web application configuration is possible) and as a command line option for JspC. The default value was changed 
to true, which restores behaviour implemented in Tomcat 7.0.64. It means that attribute quoting is applied on top of EL quoting. This provides better compatibility with older versions of Tomcat and 
other implementations. (kkolinko)

    Cluster

        fix     Optimize the session lock range in DeltaManager.requestCompleted. (kfujino)
        fix     Enable an explicit configuration of local member in the static cluster membership. (kfujino)
        fix     Fix potential integer overflow in DeltaSession. Reported by coverity scan. (fschumacher)

    Tribes

        code    Distinguish the handling of the shutdown payload and member verification clearly. When handling shutdown payload, verification completion message is not required. (kfujino)
        fix     When starting the StaticMembershipInterceptor, StaticMembershipInterceptor checks the required Interceptors. If the required Interceptor does not exist, it issues warning logs. 
(kfujino)
        fix     Ensure that the static member is registered to the add suspect list even if the static member that is registered to the remove suspect list has disappeared. (kfujino)
        fix     Correct the warning log of when the member that is not registered in the membership is detected. (kfujino)
        fix     When using a static cluster, add the members that have been cached in the membership service to the map members list in order to ensure that the map member is a static member. 
(kfujino)

    WebSocket

        fix     Use instance manager for server endpoint instances. (remm)
        add     55006: The WebSocket client now honors the java.net.java.net.ProxySelector configuration (using the HTTP type) when establishing WebSocket connections to servers. Based on a patch by 
Niki Dokovski. (markt)
        fix     58624: Correct a thread safety issue that meant that blocking message writes could block indefinitely if the WebSocket connection was closed while a message write was in progress. 
(markt)

    Web applications

        add     Make it clear in the documentation for the CGI servlet that the debug page is not considered secure and should not be used in production. (markt)
        fix     The domain attribute of StaticMember is not required but optional. (kfujino)
        fix     58631: Correct the continuation character use in the Windows Service How-To page of the documentation web application. (markt)

    jdbc-pool

        fix     58489: Correct QueryStatsComparator to hold up the general contract for Comparator. (fschumacher)
        fix     When creating a QueryStats object, ensure that maxQueries is checked. If maxQueries is a value less than or equal to 0, QueryStats are never created. (kfujino)
        fix     Fix potential integer overflow in ConnectionPool and PooledConnection. Reported by coverity scan. (fschumacher)

Tomcat 7.0.65 (violetagg)       released 2015-10-19

    Catalina

        add     57681: Add a web application class loader implementation that supports the parallel loading of web application classes. Use of this feature requires a Java 7 or later JRE. Based on a 
patch by Huxing Zhang. (markt)
        fix     58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the 
automatic deployment background process. (markt)
        fix     58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
        fix     58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt)
        fix     58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt)
        code    In preparation for implementing enhancement 57681, replace the use of the StandardClassLoader with URLClassLoader. This removes the server class loader from JMX. (markt)
        fix     58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt)
        fix     58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt)
        fix     58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)

    Coyote

        fix     Correct some edge cases in RequestUtil.normalize(). (markt)
        fix     58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check 
that at least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt)
        fix     58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for 
HTTP upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt)
        fix     57799: Remove useless sendfile check for NIO SSL. (remm)

    Jasper

        fix     57136: Correct a regression in the previous fix for this issue. \${ should only be an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL 
specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt)
        fix     58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt)
        fix     58340: Improve error reporting for tag files packaged in JARs. (markt)
        fix     58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific 
code. (markt)

    Cluster

        fix     Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino)
        fix     Correct log messages in case of using BackupManager. (kfujino)

    WebSocket

        fix     58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
        fix     58414: Correctly handle sending zero length messages when using per message deflate. (markt)

    Web applications

        fix     Correct documentation for cluster-howto. (kfujino)

    Extras

        fix     Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)

    Tribes

        add     Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino)
        fix     Correct log messages in case of using ReplicatedMap. (kfujino)

    jdbc-pool

        fix     Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/www/apache-tomcat7/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/apache-tomcat7/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.