CVS commit: pkgsrc/www/apache-tomcat8

["Ryo ONODERA" <ryoon%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Mon Dec 21 17:04:13 UTC 2015

Modified Files:
        pkgsrc/www/apache-tomcat8: Makefile distinfo

Log Message:
Update to 8.0.30

Changelog:
Tomcat 8.0.30 (markt)
Catalina

    Fix: 34319: Only load those keys in StoreBase.processExpire from JDBCStore, that are old enough, to be expired. Based on a patch by Tom Anderson. (fschumacher)
    Add: 56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to use relative URIs. This is controlled by a new attribute useRelativeRedirects on the Context and defaults to true. 
(markt)
    Fix: 58629: Allow an embedded Tomcat instance to start when the Service has no Engine configured. (markt)
    Fix: 58635: Enable break points to be set within agent code when running Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)
    Fix: 58660: Correct a regression in 8.0.29 caused by the change that moved the redirection for context roots from the Mapper to the Default Servlet. (markt)
    Fix: Fixed potential NPE in HostConfig while deploying an application. Issue reported by coverity scan. (violetagg)
    Fix: 58655: Fix an IllegalStateException when calling HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by trying to correctly generate the absolute URI for the 
redirect. With the fix for 56917, redirects may now be relative making the sendRedirect() implementation for the RemoteIpFilter much simpler. This also addresses issues where the redirect may not 
have behaved as expected when redirecting from http to https to from https to http. (markt)
    Fix: 58657: Exceptions in a Servlet 3.1 ReadListener or WriteListener do not need to be immediately fatal to the connection. Allow an error response to be written. (markt)

Coyote

    Fix: Improve upgrade context classloader handling by using Context.bind and unbind. (remm)

Jasper

    Fix: 57136#c25: Change default value of quoteAttributeEL setting in Jasper to be true for better compatibility with other implementations and older versions of Tomcat (8.0.26/7.0.64 and earlier). 
Add command line option -no-quoteAttributeEL in JspC. (kkolinko)

Cluster

    Fix: Fix potential integer overflow in DeltaSession. Reported by coverity scan. (fschumacher)

WebSocket

    Add: 55006: The WebSocket client now honors the java.net.java.net.ProxySelector configuration (using the HTTP type) when establishing WebSocket connections to servers. Based on a patch by Niki 
Dokovski. (markt)
    Fix: 58624: Correct a thread safety issue that meant that blocking message writes could block indefinitely if the WebSocket connection was closed while a message write was in progress. (markt)

Web Applications

    Fix: 58631: Correct the continuation character use in the Windows Service How-To page of the documentation web application. (markt)

Tribes

    Fix: Ensure that the static member is registered to the add suspect list even if the static member that is registered to the remove suspect list has disappeared. (kfujino)
    Fix: Correct the warning log of when the member that is not registered in the membership is detected. (kfujino)
    Fix: When using a static cluster, add the members that have been cached in the membership service to the map members list in order to ensure that the map member is a static member. (kfujino)

jdbc-pool

    Fix: Correct evaluation of system property org.apache.tomcat.jdbc.pool.onlyAttemptCurrentClassLoader. It was basically ignored before. Reported by coverity scan. (fschumacher)
    Fix: Fix potential integer overflow in ConnectionPool and PooledConnection. Reported by coverity scan. (fschumacher)

Other

    Update: Update optional Checkstyle library to 6.13. (kkolinko)

2015-11-24 Tomcat 8.0.29 (markt)
General

    Update: 58596: Clarify the description in RUNNING.txt of how environment variables are used. (markt)

Catalina

    Add: Extend the fix for 57136 to provide a JSP Servlet initialisation parameter per web application that controls whether or not EL in JSP attributes is processed as if it uses JSP attribute 
quoting. By default, EL does not use JSP attribute quoting. (markt)
    Fix: 57799: InputStream.available() was causing an IO operation to occur even in blocking mode, which caused problems with NIO2. (remm)
    Add: Extend the fix for 58228 to include ServletContext.getRealPath(). (markt)
    Add: 58486: Protect against two further possible memory leaks associated with XML parsing. (markt)
    Fix: 58490: Fixed NPE thrown when scanning for javax.servlet.ServletContainerInitializer in case the web application is not extracted. (violetagg)
    Code: 58497: Make AbstractHttp11Processor easy to extend. (markt)
    Fix: 58508: Escape role names when generating associated MBeans in case the role name contains characters not permitted in an MBean name. (markt)
    Fix: 58518: Correct a regression in the fix for 56777 that added support for URIs in config file locations. File paths on Windows could previously be specified with \ or / as the separator. 56777 
broke that. (markt)
    Fix: 58519: Fix ISE thrown by web application classloader in some error conditions due to trying to call initCause() on a ClassNotFoundException which is not permitted. (markt)
    Fix: 58534: Removed repeated conditional tests in o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint Patch provided by Anthony Whitford. (violetagg)
    Fix: 58535: Use Collections.reverseOrder when a reverse ordering is needed. (violetagg)
    Fix: 58537, 58546: Some of the inner classes in o.a.catalina.valves.ExtendedAccessLogValve and o.a.tomcat.util.net.SecureNio2Channel are made static. Patch provided by Anthony Whitford. 
(violetagg)
    Fix: 58540: Removed unused code from o.a.catalina.connector.Request. Patch provided by Anthony Whitford. (violetagg)
    Fix: 58541, 58544: It is more efficient to call Integer.toString(int) instead of Integer.valueOf(int).toString() when only a string representation of a primitive is needed. Based on a patch 
provided by Anthony Whitford. (violetagg)
    Fix: 58541, 58547: It is more efficient to call valueOf(...) instead of Number constructor. Based on a patch provided by Anthony Whitford. (violetagg)
    Fix: 58545: In some use cases it is more efficient to use Map.entrySet() instead of Map.keySet() Based on a patch provided by Anthony Whitford. (violetagg)
    Fix: Ensure that ServletRequest.getContentLengthLong is used instead of ServletRequest.getContentLength for servlets and valves provided by Tomcat. The API is available since Servlet 
specification 3.1. (violetagg)
    Add: Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs. (violetagg)
    Fix: 58578: Avoid NPE accessing cookies during access logging for request that had no context mapping. (remm)
   error page fails, fall back to the standard error page rather than throwing an NPE. Based on a patch by Huxing Zhang. (markt)
    Fix: 58582: Combined realm should perform background processing on its sub-realms. Based upon a patch provided by Aidan. (schn additional check that a client provided session ID is in use in at 
least one other web application before allowing it to be used as the ID for a new session in the current web application. (markt)
    Add: Add support for DIGEST authentication to the JN
    Fix: Ensure that in an embedded Tomcat the logging configuration is not lost during garbage collection. (violetagg)
    Add: Move the functionality that provides redirects for context roots and directories where a trailing / is added from the Mapper to the DefaultServlet. This enables such requests to be processed 
by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of the Context 
which may be used to restore the previous behaviour. (markt)

Coyote

    Fix: Cancel pending blocking IO operation following a timeout in the NIO2 connector. (remm)
    Fix: Add instance manager support for upgrade handlers, and set context class loader. (remm)
    Update: Synchronize OpenSSL to JSSE cipher mapping to recent OpenSSL changes. In particular, TLSv1.0 is now an alias for those ciphers that require TLSv1 and will not work with SSLv3. TLSv1 
remains an alias for SSLv3. (markt)

Jasper

    Add: Deprecate the STRICT_QUOTE_ESCAPING system property and replace it with an initialisation parameter for the JSP Servlet. This enables per web application control of this configuration 
setting. (markt)

Cluster

    Fix: Optimize the session lock range in DeltaManager.requestCompleted. (kfujino)
    Fix: Enable an explicit configuration of local member in the static cluster membership. (kfujino)

Tribes

    Code: Distinguish the handling of the shutdown payload and member verification clearly. When handling shutdown payload, verification completion message is not required. (kfujino)
    Fix: When starting the StaticMembershipInterceptor, StaticMembershipInterceptor checks the required Interceptors. If the required Interceptor does not exist, it issues warning logs. (kfujino)

WebSocket

    Fix: Use instance manager for server endpoint instances. (remm)

Web applications

    Add: Make it clear in the documentation for the CGI servlet that the debug page is not considered secure and should not be used in production. (markt)
    Fix: The domain attribute of StaticMember is not required but optional. (kfujino)

jdbc-pool

    Fix: 58489: Correct QueryStatsComparator to hold up the general contract for Comparator. (fschumacher)
    Fix: When creating a QueryStats object, ensure that maxQueries is checked. If maxQueries is a value less than or equal to 0, QueryStats are never created. (kfujino)

Other

    Update: Update optional Checkstyle library to 6.12.1. (kkolinko)
    Add: Add support for creating a FindBugs report when building Tomcat. It is disabled by default. (violetagg)

2015-10-12 Tomcat 8.0.28 (markt)
Catalina

    Add: Add support for the custom classpath protocol in URLs. It an be used anywhere Tomcat accepts a URL for a configuration parameter. (markt)
    Fix: 56777: Allow file based configuration resources (user database, certificate revocation lists, keystores and trust stores) to be configured using URLs as well as files. (markt)
    Fix: Perform null-checking on input and stored credentials in all Realms before passing credentials off to CredentialHandlers for matching. (schultz)

Coyote

    Update: Add the new ciphers from RFC6655 and RFC7251 to the OpenSSL to JSSE cipher mapping. (markt)
    Update: Remove DES, RC2 and RC4 from DEFAULT for the OpenSSL to JSSE cipher mapping to align with the OpenSSL development branch. (markt)

Jasper

    Fix: Improve the error message when JSP parser encounters an error parsing an attribute value. (markt)

Web applications

    Update: 58474: Provide a reference to the differences between CATALINA_HOME and CATALINA_BASE in the sample application that is part of the documentation web application. (markt)

Extras

    Fix: Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)

2015-10-01 Tomcat 8.0.27 (markt)
Catalina

    Fix: 58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the automatic 
deployment background process. (markt)
    Fix: 58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
    Fix: 58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt)
    Fix: 58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt)
    Fix: 58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt)
    Fix: 58368: Fix a rare data race in the code that obtains the ApplicationFilterFactory instance. (markt)
    Fix: 58369: Fix a rare data race in the code that obtains the CookieProcessor for a StandardContext instance. (markt)
    Fix: Ensure the JAASRealm uses the configured CredentialHandler. (markt)
    Fix: 58372: Fix rare data races closed and suspended flags that could be triggered by async and/or comet processing. (markt)
    Fix: 58373: Fix rare data race with the application event listeners for StandardContext. (markt)
    Fix: 58374: Fix a rare data race in the AsyncContext implementation for access to the internal Tomcat request object to which it holds a reference. (markt)
    Fix: 58380: Fix two rare data races in the standard session implementation on the flag that tracks if the session is new and on the field that tracks the maximum inactive period. (markt)
    Fix: 58385: Fix a rare data race in the internal flag Tomcat uses to keep track of whether or not a request is being used for Comet processing. (markt)
    Fix: 58394: Fix a rare data race in Mapper when adding or removing a host. (markt)
    Fix: 58398: Fix a rare data race in LifecycleSupport. (markt)
    Fix: 58412: Ensure that the AsyncFileHandler has the source class and method name available for logging. (fschumacher)
    Fix: 58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt)
    Fix: 58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)
    Fix: 58845: Fix off-by one error in calculation of valid characters in a cookie domain. Patch provided by Thorsten Ehlers. (markt)

Coyote

    Fix: Correct some edge cases in RequestUtil.normalize(). (markt)
    Fix: 58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check that at 
least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt)
    Fix: 58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for HTTP 
upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt)
    Code: Minor clean-up in NIO2 SSL handshake code to address some theoretical concurrency issues. (markt)
    Fix: 58367: Fix a rare data race in the code that obtains the reason phrase for a given HTTP response code. (markt)
    Fix: 58370: Fix a rare data race in the connector shutdown code. (markt)
    Fix: 58371: Fix a rare data race when accessing request URI in String form when switching from non-async to async due to early triggering of the gathering of request statistics. (markt)
    Fix: 58375: Fix a rare data race on the internal flag Tomcat uses to mark a response as committed. (markt)
    Fix: 58377: Fix a rare data race on the internal flag Tomcat uses to mark a request as using HTTP keep-alive when switching to asynchronous processing. (markt)
    Fix: 58379: Fix a rare data race on the internal reference Tomcat retains to the socket when switching to asynchronous processing. (markt)
    Fix: 58387: Fix a rare data race when closing Comet connections. (markt)
    Fix: 58388: Fix a data race when determining if Comet processing is occurring on a container or non-container thread. (markt)
    Fix: 58389: Fix a rare data race while shutting down the thread pools on Connector stop. (markt)
    Code: Clean up use of error flag on socket wrapper prompted by 58390. (markt)
    Code: Remove some unnecessary code from the NIO Poller and fix 58396 as a side-effect. (markt)
    Fix: 57799: Remove useless sendfile check for NIO SSL. (remm)

Jasper

    Fix: 57136: Correct a regression in the previous fix for this issue. \${ should only be an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL 
specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt)
    Fix: 58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt)
    Fix: 58327: Cache the expression string for value expression literals since it is frequently used and may be expensive to evaluate. Patch provided by Andreas Kohn. (markt)
    Fix: 58340: Improve error reporting for tag files packaged in JARs. (markt)
    Fix: 58424: When parsing TLD files, allow whitespace around boolean configuration values. (schultz)
    Fix: Fix a possible resource leak reported by coverity scan. (fschumacher)
    Fix: 58427: Enforce the JSP specification defined limitations of which elements are allowed in an implicit.tld file. (markt)
    Fix: 58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific code. 
(markt)

Cluster

    Fix: Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino)
    Fix: Correct log messages in case of using BackupManager. (kfujino)

WebSocket

    Fix: 58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
    Fix: Data races detected by RV-Predict, mostly caused by completion handlers running in separate threads. (markt)
    Fix: 58414: Correctly handle sending zero length messages when using per message deflate. (markt)

Web applications

    Fix: Correct documentation for cluster-howto. (kfujino)
    Fix: Add missing documentation for property alwaysAddExpires for the LegacyCookieProcessor. (markt)

Tribes

    Add: Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino)
    Fix: Correct log messages in case of using ReplicatedMap. (kfujino)
    Fix: 58381: Fix a rare data race in the NioReceiver. (markt)
    Fix: 58382: Fix multiple rare data races in the default membership implementation. (markt)
    Fix: 58383: Fix a data race in SenderState. (markt)
    Fix: 58386: Fix a data race in ObjectReader. (markt)
    Fix: 58391: Fix multiple data races in NonBlockingCoordinator, most of which were associated with ensuring that log messages contained the correct information. (markt)
    Fix: 58392: Fix a data race in DomainFilterInterceptor. (markt)
    Fix: 58393: Fix a data race on the listener in McastService. (markt)
    Fix: 58395: Fix multiple data races in MemberImpl that were likely to cause issues if certain properties were updated concurrently (such updates are unlikely in normal usage). (markt)
    Code: Remove some unnecessary code from PooledParallelSender and fix 58397. (markt)

jdbc-pool

    Fix: Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)

Other

    Fix: Ensure logging works for all tests in a class rather than just the first one executed. (markt)
    Add: 58344: Add build properties to enable tests to be executed against alternative binaries. Based on a patch by Petr Sumbera. (markt)


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/apache-tomcat8/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/apache-tomcat8/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.