summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorryoon <ryoon@pkgsrc.org>2020-01-13 07:45:20 +0000
committerryoon <ryoon@pkgsrc.org>2020-01-13 07:45:20 +0000
commit31e32507558fde37099261869b8a4ca7956f77ac (patch)
tree6747723f2022565033fe3cc3d6723e7ad7e0a2b3 /www
parent228ccb19c239103de78819711b311c672584a9db (diff)
downloadpkgsrc-31e32507558fde37099261869b8a4ca7956f77ac.tar.gz
apache-tomcat85: Update to 8.5.50
Changelog: Tomcat 8.5.50 (markt) Catalina Add: Improvements to CsrfPreventionFilter: additional logging, allow the CSRF nonce request parameter name to be customized. (schultz) Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends. (michaelo) Fix: 63964: Correct a regression in the static resource caching changes introduced in 9.0.28. URLs constructed from URLs obtained from the cache could not be used to access resources. (markt) Fix: 63968: Fix ClassCastException in the Expires filter which was a regression in the fix for 63909. (markt) Fix: 63970: Correct a regression in the static resource caching changes introduced in 9.0.28. Connections to URLs obtained for JAR resources could not be cast to JarURLConnection. (markt) Add: 63937: Add a new attribute to the standard Authenticator implementations, allowCorsPreflight, that allows the Authenticators to be configured to allow CORS preflight requests to bypass authentication as required by the CORS specification. (markt) Fix: 63939: Correct the same origin check in the CORS filter. An origin with an explicit default port is now considered to be the same as an origin without a deafult port and origins are now compared in a case-sensitive manner as required by the CORS specification. (markt) Fix: 63982: CombinedRealm makes assumptions about principal implementation (michaelo) Fix: 63983: Correct a regression in the static resource caching changes introduced in 9.0.28. A large number of file descriptors were opened that could reach the OS limit before being released by GC. (markt) Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo) Code: Add a unit test for the session FileStore implementation and refactor loops in FileStore to use the ForEach style. Pull request provided by Govinda Sakhare. (markt) Fix: Refactor FORM authentication to reduce duplicate code and to ensure that the authenticated Principal is not cached in the session when caching is disabled. (markt) Coyote Code: Refactor the APR poller to always use a single pollset now that the Windows operating systems that required multiple smaller pollsets to be used are no longer supported. (markt) Update: Add vectoring for NIO in the base and SSL channels. (remm) Add: Add async API to the NIO and APR connector. (remm) Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking operations see a SocketTimeoutException if one occurs. (remm/markt) Fix: 63932: By default, do not compress content that has a strong ETag. This behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new Connector attribute noCompressionStrongETag. (markt) Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. All regular writes will now be buffered for a more predictable behavior. (remm) Fix: Send an exception directly to the completion handler when a timeout exception occurs for the operation, and add a boolean to make sure the completion handler is called only once. (remm/markt) WebSocket Fix: Ensure a couple of very unlikely concurrency issues are avoided when writing WebSocket messages. (markt) Web applications Fix: Fix the broken re-try link on the error page for the FORM authentication example in the JSP section of the examples web application. (markt) Fix: Correct the documentation for the maxConnections attribute of the Connector in the documentation web application. (markt) Add: Add the ability to set and display session attributes in the JSP FORM authentication example to demonstrate session persistence across restarts for authenticated sessions. (markt) Other Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused various regressions, particularly with daemon.sh. (markt) Add: Expand the search made by the Windows installer for a suitable Java installation to include the 64-bit JDK registry entries and the JAVA_HOME environment variable. Pull request provided by Alexander Norz. (markt) Add: Expand the coverage of the German translations provided with Apache Tomcat. Contribution provided by Jens. (markt) Add: Expand the coverage of the French translations provided with Apache Tomcat. (remm) Add: Expand the coverage of the Japanese translations provided with Apache Tomcat. (markt) Add: Expand the coverage of the Korean translations provided with Apache Tomcat. (woonsan) Add: Expand the coverage of the Chinese translations provided with Apache Tomcat. Contributions provided by lins and 磊. (markt) Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, 6.4.2-dev). Code clean-up only. (markt) Add: Update the internal fork of Apache Commons Codec to 9637dd4 (2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt) Add: Update the internal fork of Apache Commons FileUpload to 2317552 (2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt) Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 (2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt) Add: Update the internal fork of Apache Commons DBCP 2 to a36390 (2019-12-06, 2.7.1-SNAPSHOT). Minor refactoring. (markt) 2019-11-21 Tomcat 8.5.49 (markt) Catalina Fix: Correption when using a RequestDispatcher. (markt) Add: Improvement to CsrfPreventionFilter: expose the latest available nonce as a request attribute; expose the expected nonce request parameter name as a context attribute. (schultz) not released Tomcat 8 63872: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected. (markt) Fix: Make a best effort attempt to clean-up if a request fails during processing dle to see an updated last modified time but the content would be that prior to the modification. (markt) Update: 63905 Clean up Tomcat CSS. (michaelo) Fix: 63909: When the ExpiresFilter is used without a default and the response is served by the D sets a 304 (Not Found) status code. (markt) Fix: Update the Servlet 4 preview API to reflect changes made to the API in the final release. Note that this preview API has been deprecated for over a year and may be removed as soon as the next 8.5.x release. (markt) Fix: Refactor JMX remote RMI registry creation. (remm) Coyote Fix: Ensure that ServletRequest.isAsyncStarted() returns false once AsyncContext.complete() or AsyncContext.dispatch() has been called during AsyncListener.onTimeout() or AsyncListener.onError(). (markt) Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous processing has been started but before the container thread that started asynchronous processing has completed processing the current request/response. (markt) Fix: 63825: When processing the Expect and Connection HTTP headers looking for a specific token, be stricter in ensuring that the exact token is present. (markt) Fix: 63829: Improve the check of the Content-Encoding header when looking to see if Tomcat is serving pre-compressed content. Ensure that only a full token is matched and that the match is case insensitive. (markt) Add: 63835: Add support for Keep-Alive response header. (michaelo) Fix: 63864: Refactor parsing of the transfer-encoding request header to use the shared parsing code and reduce duplication. (markt) Fix: 63865: Add Unset option to same-site cookies and pass through None value if set by user. Patch provided by John Kelly. (markt) Fix: 63894: Ensure that the configured values for certificateVerification and certificateVerificationDepth are correctly passed to the OpenSSL based SSLEngine implementation. (remm/markt) Fix: Do not perform a blocking read after a CPING message is received by the AJP connector because, if the JK Connector is configured with ping_mode="I", the CPING message will not always be followed by the start of a request. (markt) Fix: Properly calculate all dynamic parts of the ErrorReportValve response on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo) Jasper Fix: 63897: Capture the timestamp of a JSP for the purposes of modification tracking before the JSP is compiled to prevent a race condition if the JSP is modified during compilation. Patch provided by Karl von Randow. (markt) Fix: Fix a race condition that could mean changes to a modified JSP were not visible to end users. (markt) WebSocket Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater used by the PerMessageDeflate extension in an IOException so that the error can be caught and handled by the WebSocket error handling mechanism. (markt) Web applications Fix: Correct the description of the default value for the server attribute in the security How-To. (markt) Other Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell scripts to avoid the expansion of *. Note that any newlines present in CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (markt) Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz from the binary zip distributions for Windows since compiled versions of those components are already included within the zip distributions. (markt) Fix: 63838: Suppress reflexive access warnings when running the unit tests on the command line. (markt) Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in org.apache.tomcat.util.buf.TestCharsetCache. (michaelo) Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm) Add: Expand the coverage and quality of the Korean translations provided with Apache Tomcat. (woonsan) Add: Expand the coverage and quality of the Simplified Chinese translations provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, leeyazhou, winsonzhao, qingshi huang, Lay, Shucheng Hou and Yanming Zhou. (markt) 2019-10-11 Tomcat 8.5.47 (markt) Coyote Fix: Use URL safe base 64 encoding rather than standard base 64 encoding when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade to h2c as required by RFC 7540. (markt) Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge cases. (remm) Fix: 63766: Ensure Processor objects are recycled when processing an HTTP upgrade connection that terminates before processing switches to the Processor for the upgraded protocol. (markt) Jasper Fix: 63781: When performing various checks related to the visibility of classes, fields and methods in the EL implementation, also check that the containing module has been exported. (markt) Web Socket Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request only contains a port if a non-default port is being used. (markt) Fix: When running on Java 9 and above, don't attempt to instantiate WebSocket Endpoints found in modules that are not exported. (markt) Web Applications Docs: Add Javadoc for the Common Annotations API implementation. (markt) jdbc-pool Fix: When connections are validated without an explicit validation query, ensure that any transactions opened by the validation process are committed. Patch provided by Pascal Davoust. (markt) Other Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has been moved there. (rjung) Fix: 63759: When installing Tomcat with the Windows installer, grant sufficient privileges to enable the uninstaller to execute when user account control is active. (markt) Add: Use a build property to define the minimum supported Java version and use that build property to reduce the number of edits required to update the minimum supported Java version. (markt) Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start when running on an operating system that had not been fully updated. (markt)
Diffstat (limited to 'www')
-rw-r--r--www/apache-tomcat85/Makefile4
-rw-r--r--www/apache-tomcat85/distinfo10
2 files changed, 7 insertions, 7 deletions
diff --git a/www/apache-tomcat85/Makefile b/www/apache-tomcat85/Makefile
index 25b03906859..8b3af3f7535 100644
--- a/www/apache-tomcat85/Makefile
+++ b/www/apache-tomcat85/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2019/10/02 07:46:52 zafer Exp $
+# $NetBSD: Makefile,v 1.12 2020/01/13 07:45:20 ryoon Exp $
#
DISTNAME= apache-tomcat-${TOMCAT_VER}
@@ -21,7 +21,7 @@ USE_TOOLS+= pax
.include "../../mk/bsd.prefs.mk"
-TOMCAT_VER= 8.5.46
+TOMCAT_VER= 8.5.50
TOMCAT_HOME= ${PREFIX}/share/tomcat
EGDIR= ${PREFIX}/share/examples/tomcat
DOCDIR= ${PREFIX}/share/doc/tomcat
diff --git a/www/apache-tomcat85/distinfo b/www/apache-tomcat85/distinfo
index a25e6c75e69..d90a4d37882 100644
--- a/www/apache-tomcat85/distinfo
+++ b/www/apache-tomcat85/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.11 2019/10/02 07:46:52 zafer Exp $
+$NetBSD: distinfo,v 1.12 2020/01/13 07:45:20 ryoon Exp $
-SHA1 (apache-tomcat-8.5.46.tar.gz) = b828e44a0ed87dab82e57e133a91756c4f049dfc
-RMD160 (apache-tomcat-8.5.46.tar.gz) = ed2af86e7925f8ce4e90c1fcc071b7757077cc92
-SHA512 (apache-tomcat-8.5.46.tar.gz) = 9d6243ec47ec0f431c55a612fa6a8fac00262ed2731640ad98628b275221d3e8e241b2fee748196b64029997f4d9f8e63831b43986fedb88a62381a92b05ca68
-Size (apache-tomcat-8.5.46.tar.gz) = 11623939 bytes
+SHA1 (apache-tomcat-8.5.50.tar.gz) = 294b8a2d7a1613f41977c32649e51d310085fa17
+RMD160 (apache-tomcat-8.5.50.tar.gz) = f686801f0962f140ab25d5b2cf2355d59620703a
+SHA512 (apache-tomcat-8.5.50.tar.gz) = ffca86027d298ba107c7d01c779318c05b61ba48767cc5967ee6ce5a88271bb6ec8eed60708d45453f30eeedddcaedd1a369d6df1b49eea2cd14fa40832cfb90
+Size (apache-tomcat-8.5.50.tar.gz) = 10305939 bytes