pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache-tomcat9 apache-tomcat9: Update to 9.0.30

branches:  trunk
changeset: 421225:b5c17272e1d4
user:      ryoon <>
date:      Mon Jan 13 07:48:10 2020 +0000

apache-tomcat9: Update to 9.0.30

Tomcat 9.0.30 (markt)

    Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends. (michaelo)
    Fix: 63964: Correct a regression in the static resource caching changes introduced in 9.0.28. URLs constructed from URLs obtained from the cache could not be used to access resources. (markt)
    Fix: 63970: Correct a regression in the static resource caching changes introduced in 9.0.28. Connections to URLs obtained for JAR resources could not be cast to JarURLConnection. (markt)
    Add: 63937: Add a new attribute to the standard Authenticator implementations, allowCorsPreflight, that allows the Authenticators to be configured to allow CORS preflight requests to bypass 
authentication as required by the CORS specification. (markt)
    Fix: 63939: Correct the same origin check in the CORS filter. An origin with an explicit default port is now considered to be the same as an origin without a deafult port and origins are now 
compared in a case-sensitive manner as required by the CORS specification. (markt)
    Fix: 63981: Allow multiple calls to Registry.disableRegistry() without the second and subsequent calls triggering the logging of a warning. Based on a patch by Andy Wilkinson. (markt)
    Fix: 63982: CombinedRealm makes assumptions about principal implementation (michaelo)
    Fix: 63983: Correct a regression in the static resource caching changes introduced in 9.0.28. A large number of file descriptors were opened that could reach the OS limit before being released by 
GC. (markt)
    Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo)
    Code: Add a unit test for the session FileStore implementation and refactor loops in FileStore to use the ForEach style. Pull request provided by Govinda Sakhare. (markt)
    Update: Moved server-side include (SSI) module into a separate JAR library. (schultz)
    Fix: Refactor FORM authentication to reduce duplicate code and to ensure that the authenticated Principal is not cached in the session when caching is disabled. (markt)


    Fix: Fix endpoint closeSocket and destroySocket discrepancies, in particular in the APR connector. (remm)
    Fix: Harmonize maxConnections default value to 8192 across all connectors. (remm)
    Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking operations see a SocketTimeoutException if one occurs. (remm/markt)
    Fix: 63932: By default, do not compress content that has a strong ETag. This behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new Connector attribute 
noCompressionStrongETag. (markt)
    Fix: 63949: Fix non blocking write problems with NIO due to the need for a write loop. (remm)
    Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. All regular writes will now be buffered for a more predictable behavior. (remm)
    Fix: Send an exception directly to the completion handler when a timeout exception occurs for the operation, and add a boolean to make sure the completion handler is called only once. (remm/markt)


    Fix: Ensure a couple of very unlikely concurrency issues are avoided when writing WebSocket messages. (markt)

Web applications

    Fix: Fix the broken re-try link on the error page for the FORM authentication example in the JSP section of the examples web application. (markt)
    Add: Improvements to CsrfPreventionFilter: additional logging, allow the CSRF nonce request parameter name to be customized. (schultz)
    Fix: Correct the documentation for the maxConnections attribute of the Connector in the documentation web application. (markt)
    Add: Add the ability to set and display session attributes in the JSP FORM authentication example to demonstrate session persistence across restarts for authenticated sessions. (markt)


    Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused various regressions, particularly with (markt)
    Update: Update the OWB module to Apache OpenWebBeans 2.0.13. (remm)
    Update: Support Java 11 in Graal Native Images with Graal 19.3+. (remm)
    Add: Expand the search made by the Windows installer for a suitable Java installation to include the 64-bit JDK registry entries and the JAVA_HOME environment variable. Pull request provided by 
Alexander Norz. (markt)
    Add: Expand the coverage of the Korean translations provided with Apache Tomcat. (woonsan)
    Add: Expand the coverage of the French translations provided with Apache Tomcat. (remm)
    Add: Expand the coverage of the Chinese translations provided with Apache Tomcat. Contributions provided by lins and ?. (markt)
    Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, 6.4.2-dev). Code clean-up only. (markt)
    Add: Update the internal fork of Apache Commons Codec to 9637dd4 (2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
    Add: Update the internal fork of Apache Commons FileUpload to 2317552 (2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
    Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 (2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
    Add: Update the internal fork of Apache Commons DBCP 2 to a36390 (2019-12-06, 2.7.1-SNAPSHOT). Minor refactoringremote RMI registry creation. (remm)
    Add: Improvement to CsrfPreventionFilter: expose the latest available nonce as a request attribute; expose the expected nonce request parameter name as a context attribute. (schultz)


    Add: 63835: Add suormance of the HTTP and AJP connectors if socket.txBufSize is configured with an explicit value rather than using the JVM default. (markt)


    Fix: Improve OWB module based using custom shade appender. (remm)
    Fix: Add security filter in OWB mo error occurs on stop. (remm)
    Add: Add more details on the usage of RewriteMap functionality in the RewriteValve. (fschumacher)
    Fix: 63836 Ensure that references to the Host object are cleared once the Host instance is destroyed. (markt)
    Fix:  static files (including JSP files) goes via the cache so that a consistent view of the static files is seen. Prior to this change it was possible to see an updated last modified time but 
the content would be that prior to the modification. (markt)
    Update: 63905 Clean up Tomcat CSS. (michaelo)
    Fix: 63909: When the ExpiresFilter is used without a default and the response is served by the Default Servlet, ensure that the filter processes the response if the Default Servlet sets a 304 
(Not Found) status code. (markt)


    Fix: Ensure that ServletRequest.isAsyncStarted() returns false once AsyncContext.complete() or AsyncContext.dispatch() has been called during AsyncListener.onTimeout() or AsyncListener.onError(). 
    Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous processing has been started but before the container thread that started asynchronous processing has completed processing the 
current request/response. (markt)
    Fix: 63825: When processing the Expect and Connection HTTP headers looking for a specific token, be stricter in ensuring that the exact token is present. (markt)
    Fix: 63829: Improve the check of the Content-Encoding header when looking to see if Tomcat is serving pre-compressed content. Ensure that only a full token is matched and that the match is case 
insensitive. (markt)
    Fix: 63864: Refactor parsing of the transfer-encoding request header to use the shared parsing code and reduce duplication. (markt)
    Fix: 63865: Add Unset option to same-site cookies and pass through None value if set by user. Patch provided by John Kelly. (markt)
    Fix: 63879: Remove stack trace from debug logging on socket wrapper close. (remm)
    Update: Add connection tracking on the connector endpoint to remove excessive concurrency in the protocol handler when maintaining an association between the socket wrapper and its current 
processor. (remm)
    Fix: 63894: Ensure that the configured values for certificateVerification and certificateVerificationDepth are correctly passed to the OpenSSL based SSLEngine implementation. (remm/markt)
    Fix: Improve cleanup after errors when setting socket options. (remm)
    Fix: Do not perform a blocking read after a CPING message is received by the AJP connector because, if the JK Connector is configured with ping_mode="I", the CPING message will not always be 
followed by the start of a request. (markt)
    Fix: Properly calculate all dynamic parts of the ErrorReportValve response on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo)


    Fix: 63897: Capture the timestamp of a JSP for the purposes of modification tracking before the JSP is compiled to prevent a race condition if the JSP is modified during compilation. Patch 
provided by Karl von Randow. (markt)
    Fix: Fix a race condition that could mean changes to a modified JSP were not visible to end users. (markt)


    Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater used by the PerMessageDeflate extension in an IOException so that the error can be caught and handled by the WebSocket 
error handling mechanism. (markt)

Web applications

    Fix: Correct the description of the default value for the server attribute in the security How-To. (markt)


    Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell scripts to avoid the expansion of *. Note that any newlines present in CATALINA_OPTS and/or JAVA_OPTS will no longer 
removed. (markt)
    Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz from the binary zip distributions for Windows since compiled versions of those components are already included within the 
zip distributions. (markt)
    Fix: 63838: Suppress reflexive access warnings when running the unit tests on the command line. (markt)
    Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
    Update: Update the CXF module to Apache CXF 3.3.4. (remm)
    Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
    Add: Expand the coverage and quality of the Japanese translations provided with Apache Tomcat. Patch provided by motohashi.yuki. (markt)
    Add: Expand the coverage and quality of the Simplified Chinese translations provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, leeyazhou, winsonzhao, qingshi huang, Lay, 
Shucheng Hou and Yanming Zhou. (markt)
    Add: Expand the coverage and quality of the Brazilian Portuguese translations provided with Apache Tomcat. Patch provided by Danielamorais. (markt)

2019-10-11 Tomcat 9.0.27 (markt)

    Fix: Correct a regression introduced in 9.0.25 that prevented configuration files from being loaded from the class path. (markt)


    Fix: Use URL safe base 64 encoding rather than standard base 64 encoding when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade to h2c as required by RFC 7540. (markt)
    Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge cases. (remm)
    Fix: 63766: Ensure Processor objects are recycled when processing an HTTP upgrade connection that terminates before processing switches to the Processor for the upgraded protocol. (markt)
    Fix: Fix a memory leak introduced by the HTTP/2 timeout refactoring in 9.0.23 that could occur when HTTP/2 or WebSocket was used. (markt)


    Update: Update to the Eclipse JDT compiler 4.13. (markt)
    Fix: Add GraalVM specific ELResolver to avoid BeanInfo use in BeanElResolver if possible, as it needs manual reflection configuration. (remm)
    Fix: 63781: When performing various checks related to the visibility of classes, fields an methods in the EL implementation, also check that the containing module has been exported. (markt)

Web Socket

    Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request only contains a port if a non-default port is being used. (markt)
    Fix: When running on Java 9 and above, don't attempt to instantiate WebSocket Endpoints found in modules that are not exported. (markt)

Web Applications

    Add: Add base GraalVM documentation. (remm)
    Add: Add Javadoc for the Common Annotations API implementation. (markt)
    Fix: Correct various typos in the comments, error messages and Javadoc. Patch provided by ???. (markt)


    Fix: When connections are validated without an explicit validation query, ensure that any transactions opened by the validation process are committed. Patch provided by Pascal Davoust. (markt)


    Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was only used for unit tests in and has been moved there. (rjung)
    Fix: 63759: When installing Tomcat with the Windows installer, grant sufficient privileges to enable the uninstaller to execute when user account control is active. (markt)
    Add: Use a build property to define the minimum supported Java version and use that build property to reduce the number of edits required to update the minimum supported Java version. (markt)
    Update: Update the OWB module to Apache OpenWebBeans 2.0.12. (remm)
    Update: Update the CXF module to Apache CXF 3.3.3. (remm)
    Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start when running on an operating system 
that had not been fully updated. (markt)


 www/apache-tomcat9/Makefile |   4 ++--
 www/apache-tomcat9/PLIST    |   6 ++++--
 www/apache-tomcat9/distinfo |  10 +++++-----
 3 files changed, 11 insertions(+), 9 deletions(-)

diffs (63 lines):

diff -r 9465f3463302 -r b5c17272e1d4 www/apache-tomcat9/Makefile
--- a/www/apache-tomcat9/Makefile       Mon Jan 13 07:45:55 2020 +0000
+++ b/www/apache-tomcat9/Makefile       Mon Jan 13 07:48:10 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.4 2019/10/04 13:54:43 ryoon Exp $
+# $NetBSD: Makefile,v 1.5 2020/01/13 07:48:10 ryoon Exp $
 DISTNAME=      apache-tomcat-${TOMCAT_VER}
@@ -21,7 +21,7 @@
 .include "../../mk/"
-TOMCAT_VER=            9.0.26
+TOMCAT_VER=            9.0.30
 TOMCAT_HOME=           ${PREFIX}/share/tomcat
 EGDIR=                 ${PREFIX}/share/examples/tomcat
 DOCDIR=                        ${PREFIX}/share/doc/tomcat
diff -r 9465f3463302 -r b5c17272e1d4 www/apache-tomcat9/PLIST
--- a/www/apache-tomcat9/PLIST  Mon Jan 13 07:45:55 2020 +0000
+++ b/www/apache-tomcat9/PLIST  Mon Jan 13 07:48:10 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2019/10/04 13:54:43 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.5 2020/01/13 07:48:10 ryoon Exp $
@@ -36,10 +36,11 @@
@@ -168,6 +169,7 @@
diff -r 9465f3463302 -r b5c17272e1d4 www/apache-tomcat9/distinfo
--- a/www/apache-tomcat9/distinfo       Mon Jan 13 07:45:55 2020 +0000
+++ b/www/apache-tomcat9/distinfo       Mon Jan 13 07:48:10 2020 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.4 2019/10/04 13:54:43 ryoon Exp $
+$NetBSD: distinfo,v 1.5 2020/01/13 07:48:10 ryoon Exp $
-SHA1 (apache-tomcat-9.0.26.tar.gz) = 284da1b0c4d3003d9e0a1161dace0a928ae44cf7
-RMD160 (apache-tomcat-9.0.26.tar.gz) = 02fd071bed3c44e99be7c2a90a95dd0e21370fd0
-SHA512 (apache-tomcat-9.0.26.tar.gz) = fcc952ca33a56aaa4d9d698813de4be1b9a59c19158fdbc7d6b35ea8b04732883887ea0131b564aa16d99f21ce7f6034308de55b4efc9a0ceea2f3ddd0c768cd
-Size (apache-tomcat-9.0.26.tar.gz) = 12326996 bytes
+SHA1 (apache-tomcat-9.0.30.tar.gz) = 3cccf4398f5a77f15403a408c75558220194bfeb
+RMD160 (apache-tomcat-9.0.30.tar.gz) = b947c8dd5b24b306808eb6cf0e9e3758cc6f12b6
+SHA512 (apache-tomcat-9.0.30.tar.gz) = 40bf428a534816317e5e8732b679e6d73f6ed977aab4ac5e2b9eaf1eb087eaa68a18b0fd3da8c39ca4b96f5b6fd919dec84517abba0d5e797285ade934a92990
+Size (apache-tomcat-9.0.30.tar.gz) = 11026056 bytes

Home | Main Index | Thread Index | Old Index