pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache-tomcat85 apache-tomcat85: Update to 8.5.50



details:   https://anonhg.NetBSD.org/pkgsrc/rev/0e63163c3d01
branches:  trunk
changeset: 421223:0e63163c3d01
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Mon Jan 13 07:45:20 2020 +0000

description:
apache-tomcat85: Update to 8.5.50

Changelog:
Tomcat 8.5.50 (markt)
Catalina

    Add: Improvements to CsrfPreventionFilter: additional logging, allow the CSRF nonce request parameter name to be customized. (schultz)
    Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends. (michaelo)
    Fix: 63964: Correct a regression in the static resource caching changes introduced in 9.0.28. URLs constructed from URLs obtained from the cache could not be used to access resources. (markt)
    Fix: 63968: Fix ClassCastException in the Expires filter which was a regression in the fix for 63909. (markt)
    Fix: 63970: Correct a regression in the static resource caching changes introduced in 9.0.28. Connections to URLs obtained for JAR resources could not be cast to JarURLConnection. (markt)
    Add: 63937: Add a new attribute to the standard Authenticator implementations, allowCorsPreflight, that allows the Authenticators to be configured to allow CORS preflight requests to bypass 
authentication as required by the CORS specification. (markt)
    Fix: 63939: Correct the same origin check in the CORS filter. An origin with an explicit default port is now considered to be the same as an origin without a deafult port and origins are now 
compared in a case-sensitive manner as required by the CORS specification. (markt)
    Fix: 63982: CombinedRealm makes assumptions about principal implementation (michaelo)
    Fix: 63983: Correct a regression in the static resource caching changes introduced in 9.0.28. A large number of file descriptors were opened that could reach the OS limit before being released by 
GC. (markt)
    Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo)
    Code: Add a unit test for the session FileStore implementation and refactor loops in FileStore to use the ForEach style. Pull request provided by Govinda Sakhare. (markt)
    Fix: Refactor FORM authentication to reduce duplicate code and to ensure that the authenticated Principal is not cached in the session when caching is disabled. (markt)

Coyote

    Code: Refactor the APR poller to always use a single pollset now that the Windows operating systems that required multiple smaller pollsets to be used are no longer supported. (markt)
    Update: Add vectoring for NIO in the base and SSL channels. (remm)
    Add: Add async API to the NIO and APR connector. (remm)
    Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking operations see a SocketTimeoutException if one occurs. (remm/markt)
    Fix: 63932: By default, do not compress content that has a strong ETag. This behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new Connector attribute 
noCompressionStrongETag. (markt)
    Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. All regular writes will now be buffered for a more predictable behavior. (remm)
    Fix: Send an exception directly to the completion handler when a timeout exception occurs for the operation, and add a boolean to make sure the completion handler is called only once. (remm/markt)

WebSocket

    Fix: Ensure a couple of very unlikely concurrency issues are avoided when writing WebSocket messages. (markt)

Web applications

    Fix: Fix the broken re-try link on the error page for the FORM authentication example in the JSP section of the examples web application. (markt)
    Fix: Correct the documentation for the maxConnections attribute of the Connector in the documentation web application. (markt)
    Add: Add the ability to set and display session attributes in the JSP FORM authentication example to demonstrate session persistence across restarts for authenticated sessions. (markt)

Other

    Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused various regressions, particularly with 
daemon.sh. (markt)
    Add: Expand the search made by the Windows installer for a suitable Java installation to include the 64-bit JDK registry entries and the JAVA_HOME environment variable. Pull request provided by 
Alexander Norz. (markt)
    Add: Expand the coverage of the German translations provided with Apache Tomcat. Contribution provided by Jens. (markt)
    Add: Expand the coverage of the French translations provided with Apache Tomcat. (remm)
    Add: Expand the coverage of the Japanese translations provided with Apache Tomcat. (markt)
    Add: Expand the coverage of the Korean translations provided with Apache Tomcat. (woonsan)
    Add: Expand the coverage of the Chinese translations provided with Apache Tomcat. Contributions provided by lins and ?. (markt)
    Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, 6.4.2-dev). Code clean-up only. (markt)
    Add: Update the internal fork of Apache Commons Codec to 9637dd4 (2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
    Add: Update the internal fork of Apache Commons FileUpload to 2317552 (2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
    Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 (2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
    Add: Update the internal fork of Apache Commons DBCP 2 to a36390 (2019-12-06, 2.7.1-SNAPSHOT). Minor refactoring. (markt)

2019-11-21 Tomcat 8.5.49 (markt)
Catalina

    Fix: Correption when using a RequestDispatcher. (markt)
    Add: Improvement to CsrfPreventionFilter: expose the latest available nonce as a request attribute; expose the expected nonce request parameter name as a context attribute. (schultz)

not released Tomcat 8 63872: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected. (markt)
    Fix: Make a best effort attempt to clean-up if a request fails during processing dle to see an updated last modified time but the content would be that prior to the modification. (markt)
    Update: 63905 Clean up Tomcat CSS. (michaelo)
    Fix: 63909: When the ExpiresFilter is used without a default and the response is served by the D sets a 304 (Not Found) status code. (markt)
    Fix: Update the Servlet 4 preview API to reflect changes made to the API in the final release. Note that this preview API has been deprecated for over a year and may be removed as soon as the 
next 8.5.x release. (markt)
    Fix: Refactor JMX remote RMI registry creation. (remm)

Coyote

    Fix: Ensure that ServletRequest.isAsyncStarted() returns false once AsyncContext.complete() or AsyncContext.dispatch() has been called during AsyncListener.onTimeout() or AsyncListener.onError(). 
(markt)
    Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous processing has been started but before the container thread that started asynchronous processing has completed processing the 
current request/response. (markt)
    Fix: 63825: When processing the Expect and Connection HTTP headers looking for a specific token, be stricter in ensuring that the exact token is present. (markt)
    Fix: 63829: Improve the check of the Content-Encoding header when looking to see if Tomcat is serving pre-compressed content. Ensure that only a full token is matched and that the match is case 
insensitive. (markt)
    Add: 63835: Add support for Keep-Alive response header. (michaelo)
    Fix: 63864: Refactor parsing of the transfer-encoding request header to use the shared parsing code and reduce duplication. (markt)
    Fix: 63865: Add Unset option to same-site cookies and pass through None value if set by user. Patch provided by John Kelly. (markt)
    Fix: 63894: Ensure that the configured values for certificateVerification and certificateVerificationDepth are correctly passed to the OpenSSL based SSLEngine implementation. (remm/markt)
    Fix: Do not perform a blocking read after a CPING message is received by the AJP connector because, if the JK Connector is configured with ping_mode="I", the CPING message will not always be 
followed by the start of a request. (markt)
    Fix: Properly calculate all dynamic parts of the ErrorReportValve response on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo)

Jasper

    Fix: 63897: Capture the timestamp of a JSP for the purposes of modification tracking before the JSP is compiled to prevent a race condition if the JSP is modified during compilation. Patch 
provided by Karl von Randow. (markt)
    Fix: Fix a race condition that could mean changes to a modified JSP were not visible to end users. (markt)

WebSocket

    Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater used by the PerMessageDeflate extension in an IOException so that the error can be caught and handled by the WebSocket 
error handling mechanism. (markt)

Web applications

    Fix: Correct the description of the default value for the server attribute in the security How-To. (markt)

Other

    Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell scripts to avoid the expansion of *. Note that any newlines present in CATALINA_OPTS and/or JAVA_OPTS will no longer 
removed. (markt)
    Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz from the binary zip distributions for Windows since compiled versions of those components are already included within the 
zip distributions. (markt)
    Fix: 63838: Suppress reflexive access warnings when running the unit tests on the command line. (markt)
    Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
    Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
    Add: Expand the coverage and quality of the Korean translations provided with Apache Tomcat. (woonsan)
    Add: Expand the coverage and quality of the Simplified Chinese translations provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, leeyazhou, winsonzhao, qingshi huang, Lay, 
Shucheng Hou and Yanming Zhou. (markt)

2019-10-11 Tomcat 8.5.47 (markt)
Coyote

    Fix: Use URL safe base 64 encoding rather than standard base 64 encoding when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade to h2c as required by RFC 7540. (markt)
    Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge cases. (remm)
    Fix: 63766: Ensure Processor objects are recycled when processing an HTTP upgrade connection that terminates before processing switches to the Processor for the upgraded protocol. (markt)

Jasper

    Fix: 63781: When performing various checks related to the visibility of classes, fields and methods in the EL implementation, also check that the containing module has been exported. (markt)

Web Socket

    Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request only contains a port if a non-default port is being used. (markt)
    Fix: When running on Java 9 and above, don't attempt to instantiate WebSocket Endpoints found in modules that are not exported. (markt)

Web Applications

    Docs: Add Javadoc for the Common Annotations API implementation. (markt)

jdbc-pool

    Fix: When connections are validated without an explicit validation query, ensure that any transactions opened by the validation process are committed. Patch provided by Pascal Davoust. (markt)

Other

    Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has been moved there. (rjung)
    Fix: 63759: When installing Tomcat with the Windows installer, grant sufficient privileges to enable the uninstaller to execute when user account control is active. (markt)
    Add: Use a build property to define the minimum supported Java version and use that build property to reduce the number of edits required to update the minimum supported Java version. (markt)
    Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start when running on an operating system 
that had not been fully updated. (markt)

diffstat:

 www/apache-tomcat85/Makefile |   4 ++--
 www/apache-tomcat85/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (33 lines):

diff -r ace37aed326c -r 0e63163c3d01 www/apache-tomcat85/Makefile
--- a/www/apache-tomcat85/Makefile      Mon Jan 13 07:39:05 2020 +0000
+++ b/www/apache-tomcat85/Makefile      Mon Jan 13 07:45:20 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2019/10/02 07:46:52 zafer Exp $
+# $NetBSD: Makefile,v 1.12 2020/01/13 07:45:20 ryoon Exp $
 #
 
 DISTNAME=      apache-tomcat-${TOMCAT_VER}
@@ -21,7 +21,7 @@
 
 .include "../../mk/bsd.prefs.mk"
 
-TOMCAT_VER=            8.5.46
+TOMCAT_VER=            8.5.50
 TOMCAT_HOME=           ${PREFIX}/share/tomcat
 EGDIR=                 ${PREFIX}/share/examples/tomcat
 DOCDIR=                        ${PREFIX}/share/doc/tomcat
diff -r ace37aed326c -r 0e63163c3d01 www/apache-tomcat85/distinfo
--- a/www/apache-tomcat85/distinfo      Mon Jan 13 07:39:05 2020 +0000
+++ b/www/apache-tomcat85/distinfo      Mon Jan 13 07:45:20 2020 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.11 2019/10/02 07:46:52 zafer Exp $
+$NetBSD: distinfo,v 1.12 2020/01/13 07:45:20 ryoon Exp $
 
-SHA1 (apache-tomcat-8.5.46.tar.gz) = b828e44a0ed87dab82e57e133a91756c4f049dfc
-RMD160 (apache-tomcat-8.5.46.tar.gz) = ed2af86e7925f8ce4e90c1fcc071b7757077cc92
-SHA512 (apache-tomcat-8.5.46.tar.gz) = 9d6243ec47ec0f431c55a612fa6a8fac00262ed2731640ad98628b275221d3e8e241b2fee748196b64029997f4d9f8e63831b43986fedb88a62381a92b05ca68
-Size (apache-tomcat-8.5.46.tar.gz) = 11623939 bytes
+SHA1 (apache-tomcat-8.5.50.tar.gz) = 294b8a2d7a1613f41977c32649e51d310085fa17
+RMD160 (apache-tomcat-8.5.50.tar.gz) = f686801f0962f140ab25d5b2cf2355d59620703a
+SHA512 (apache-tomcat-8.5.50.tar.gz) = ffca86027d298ba107c7d01c779318c05b61ba48767cc5967ee6ce5a88271bb6ec8eed60708d45453f30eeedddcaedd1a369d6df1b49eea2cd14fa40832cfb90
+Size (apache-tomcat-8.5.50.tar.gz) = 10305939 bytes



Home | Main Index | Thread Index | Old Index