| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This release does not contain new "ABI features".
The ABI (Application Binary Interface) is 100% compatible
with releases 1.3.4, 1.3.4-1, and 1.3.4-2.
Changes in FLTK 1.3.5
=====================
New features and enhancements (highlights):
- Add support for macOS 10.13 "High Sierra" and 10.14 "Mojave".
- Add FL/platform.H for compatibility with FLTK 1.4 and higher.
- Improve OpenGL(3+) support.
- Improve Cairo support and (CMake) Cairo detection.
- Improve desktop scaling support for HiDPI screens.
Note: FLTK application scaling is available in FLTK 1.4.0.
Bug fixes and other improvements:
- Update CHANGES for release, remove one wrong entry
- Fix Xcode FLTK project for use under macOS 10.14
- Fix for STR 3473 (and its duplicate STR 3507) to restore configure-based
builds on recent Linux/Unix distributions where the freetype-config
command has been replaced by pkg-config.
- Fix Fl_Tree::insert() with pos out ouf range (issue #18).
- Fix Fl_GIF_Image Color Table handling (STR 3491).
- Make sure not to access Fl_Menu_ widgets if the widget gets
deleted while the menu (pulldown) is open (STR 3503).
- Fix CMake build (fluid) on case sensitive macOS file systems.
- Windows/OpenGL: improve pixel format detection (STR 3119).
- Add support for macOS 10.14 "Mojave": all drawing to windows is done
through "layer-backed views" when the app is linked to SDK 10.14.
- MacOS platform: fix regression in macOS 10.13 where an unbundled app
had its system menu bar unresponsive.
- MacOS 10.10 platform: Fl_Window::fullscreen() and fullscreen_off()
no longer call Fl_Window::hide() + Fl_Window::show().
The new procedure essentially resizes the window, as done on
the X11+EWMH and Windows platforms. This improves in particular
the possibility to turn an Fl_Gl_Window fullscreen on and off.
- MacOS platform: Support \r\n as end of line used by recent
MS Office apps in clipboard.
- Fix Fl_Text_Editor overstrike mode (STR 3463).
- More consistent and optimized "gleam" scheme box drawing.
- Fix a MinGW build error with new MinGW versions as of Feb 2018
(undefined S_OK and __FD_ISSET), see STR 3454.
- Windows/CMake: Add missing definition of WIN32 for Windows builds.
This seems to be necessary for VS2017 and other compilers that
don't #define WIN32, but FLTK relies on this preprocessor macro.
Autoconf/configure and bundled IDE files #define WIN32 as well.
- Fix illegal memory access after free when closing fluid (valgrind
reports "Invalid read of size 4"), see also STR 3427.
- Fix crash when closing fluid with Fl_Table (STR 3427).
- Fix ignored buffer pre-allocation (requestedSize) in Fl_Text_Buffer.
See fltk.general "Fl_Text_Buffer constructor bug" on Dec 5, 2016.
- Fix Fl_Browser background and text color parsing (STR 3376).
- Fix Windows CreateDC/DeleteDC mismatch (STR 3373).
- Update bundled configure scripts config.guess and config.sub.
- Fix configure --enable-cairo --enable-cairoext,
see this report in fltk.general
- Fix macOS timer implementation (STR 3387).
- Fix drop-to-FLTK-widget under MSWindows when the desktop is
rescaled (STR 3390).
- Add support for macOS 10.13 "High Sierra". Subwindows don't
move correctly under 10.13 without this fix.
|
|
|
|
- Honor LDFLAGS
- Bump PKGREVISION
|
|
|
|
CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt
|
|
See https://github.com/mdadams/jasper/issues/208
|
|
|
|
|
|
INSTALLVENDORMAN1DIR => "@PREFIX@/@PKGMANDIR@/man1"
INSTALLVENDORMAN3DIR => "@PREFIX@/@PKGMANDIR@/man3"
and INSTALLVENDORARCH located with the rest of the plugin
instead of hardwiring them to /usr/share/man/*
|
|
* Add libtool support in install and build targets
* Add libtool support to test target
* Add endian.h header for macosx
* Bump PKGREVISION
closes PR pkg/54368
|
|
|
|
|
|
|
|
|
|
pkgsrc notes:
upstream has changed their build system to cmake (and meson in the
case of gexiv2)
unfortunately the build system for exiv2-organize has rotted so it
has to be removed for now.
tested on various netbsd versions with gimp, I am expecting breakage,
sorry in advance.
Changes from version 0.27 to 0.27.1
-----------------------------------
Closed (40)
https://github.com/Exiv2/exiv2/milestone/3?closed=1
Changes from version 0.26 to 0.27
---------------------------------
https://github.com/Exiv2/exiv2/milestone/1?closed=1
88 issues have been closed on Redmine
* Build: (11)
- 0001362: Fix Clang build
(David Carlos Manuelda)
- 0001358: Unsuccessful build (Win7, MSVC2015, amd64_x86)
(Andreas Martin)
- 0001356: Small patch to configure.py
(Sridhar Boovaraghavan)
- 0001329: Error during cmake with gcc version parsing
(Maxime Daisy)
- 0001310: Provide support for msys/2.0
- 0001299: exiv2-0.26-trunk.tar.gz changed on download server
(Jonathan Riddell)
- 0001270: Using libexiv2.a/.lib in multhreaded app segfaults.
(Ben Touchette)
- 0001237: Report CMake/MinGW issues to Kitware
- 0001188: Provide build support for C++11
- 0001174: Visual Studio Support Enhancements
- 0001121: Visual Studio support for v0.27
* Basicio: (1)
- 0001374: excessively often calls stat()
(Johannes Berg)
* Coverity: (11)
- 0001265: [ Coverity : /src/basicio.cpp ] Unchecked return value from library , Time of check time of use , Incorrect deallocator used , Dereference before null check , String not null terminated
(Mahesh Hegde)
- 0001264: [ Coverity : /src/actions.cpp ] Unchecked return value from library , Logically dead code , Not restoring ostream format
(Mahesh Hegde)
- 0001263: [ Coverity : 1396730 Uninitialized scalar field ] /include/exiv2/xmp.hpp
(Mahesh Hegde)
- 0001262: [ Coverity : XMPSDK Errors ] Unused value , Explicit null dereferenced
(Mahesh Hegde)
- 0001261: [ Coverity : 1296083 Resource leak ] /src/exiv2.cpp
(Mahesh Hegde)
- 0001260: [ Coverity : 1296084 Resource leak ] /src/http.cpp
(Mahesh Hegde)
- 0001259: [ Coverity : 1396717 Out-of-bounds read ] /src/easyaccess.cpp
(Mahesh Hegde)
- 0001258: [ Coverity 1396718 Out-of-bounds access ] /src/webpimage.cpp
(Mahesh Hegde)
- 0001257: [ Coverity 1396719 Resource leak ] /src/tiffcomposite.cpp
(Mahesh Hegde)
- 0001256: [ Coverity 1396721 : /src/basicio.cpp ] String not null terminated
(Mahesh Hegde)
- 0000883: Use Coverity SCAN on exiv2 code-base
(Mahesh Hegde)
* Camera: (1)
- 0001352: Support camera Canon M100
(Daniel Zucchetto)
* Duplicate: (1)
- 0001307: exiv2: tiffvisitor.cpp:1299: virtual void Exiv2::Internal::TiffReader::visitDirectory(Exiv2::Internal::TiffDirectory*): Assertion `tc.get()' failed.
(Henri Salo)
* Exif: (6)
- 0001320: It is a heap-buffer-overflow in Exiv2::Jp2Image::readMetadata (jp2image.cpp:277)
(Zhu Liu)
- 0001319: It is a heap-buffer-overflow in Exiv2::us2Data (types.cpp:346)
(Zhu Liu)
- 0001318: Invalid memory address dereference in Exiv2::StringValueBase::read ( in value.cpp:302)
(Zhu Liu)
- 0001317: It is a heap-buffer-overflow in Exiv2::s2Data (types.cpp:383)
(Zhu Liu)
- 0001316: It is a heap-buffer-overflow in Exiv2::l2Data (types.cpp:398)
(Zhu Liu)
- 0001315: Invalid memory address dereference in Exiv2::DataValue::read (value.cpp:193)
(Zhu Liu)
* Insufficient information: (1)
- 0001347: Segfault in Digikam when saving/loading certain TIFF images
(V Engmark)
* Image format: (5)
- 0001353: Segmentation fault in the software exiv2 when the function Exiv2::tEXtToDataBuf() is finished
(chung-yi lin)
- 0001346: Assertion failure in Exiv2::Internal::CiffComponent::doRead() in libexiv2
(Sanjay Rawat)
- 0001345: Assertion Failure (SIGABRT) in Exiv2:RafImage::readMetadata() in Libexiv2
(Sanjay Rawat)
- 0001338: Exiv2 aborted (crashed) with "Error in `exiv2': free(): invalid next size (fast)"
(Sanjay Rawat)
- 0001334: Version 0.26 is returns unwanted data when the key value is received from RW2 files (Panasonic DMC-GF6 camera)
(Alex Stepanov)
* Lens: (20)
- 0001373: Tamron SP 24-70mm F/2.8 Di VC USD not recognized properly
(Achim Kilchert)
- 0001372: The lens "Tamron AF 18-200mm F3.5-6.3 XR Di II" is wrongly identified.
(Julian Hofer)
- 0001370: Add entry for new(ish) lens - Tamron 10-24mm F/3.5-4.5 Di II VC HLD (B023)
(Robert Sleator)
- 0001366: Feature Request Sigma 85mm f/1.4 DG Art Series
(Christian Fandel)
- 0001365: Feature Request fr Sigma 135mm f/1.8 DG Art Series
(Christian Fandel)
- 0001361: Wrongly identified Canon 2x extender as 1.4x extender with Tamron lens
(Simon Harhues)
- 0001355: New lens Tamron 100-400mm F/4.5-6.3 Di VC USD
(Christian Touzé)
- 0001351: Add lens: Sigma 120-300mm f/2.8 G VR
(Nikolai Försterling)
- 0001348: patch: add Tamron SP AF 150-600mm F/5-6.3 VC USD G2 (A022) for Nikon
(Mike Romanov)
- 0001339: Panasonic DMC-TZ70 lens not detected
(Tim Stahel)
- 0001336: Support for AF-P DX NIKKOR 10-20mm f/4.5-5.6G VR
(Šarūnas Burdulis)
- 0001335: Missing Nikon lense
(Niels Hansen)
- 0001333: New Lens: Tamron SP 24-70mm F/2.8 Di VC USD G2 (A032)
(LP Tech)
- 0001332: Recognise Tamron 18-200mm F/3.5-6.3 DiII VC B018 on Canon bodies
(Šarūnas Burdulis)
- 0001328: Sigma 18-300mm is wrongly reported as a Canon 75-300mm
(Jean-Luc Jean-Luc Coulon)
- 0001327: Two Sigma 24-70mm f/2.8 IF EX DG HSM lens definitions ??
(Philippe Dussart-Desart)
- 0001326: Tamron 100-300mm f/5-6.3 MACRO 1:4
(Albert Jasinski)
- 0001323: Add lens "Sigma 18-300mm f/3.5-6.3 DC Macro OS HS" for Canon ID 197
(Ronny Heidenreich)
- 0001306: the lens TAMRON SP 15-30mm F/2.8 Di VC USD A012 is not properly recognised
(rene ernenwein)
- 0001304: Lens missing Tamron SP 90mm f/2.8 Di Macro 1:1 VC USD F017
(Matze G)
* Miscellaneous: (2)
- 0001314: it is a stack-overflow vulnerability in Exiv2::Internal::stringFormat[abi:cxx11] ( in image.cpp:975 )
(Zhu Liu)
- 0001305: Segmentation fault on certain image
(Oleg Antonyan)
* Makernote: (2)
- 0001343: Irix 15mm f/2.4 on Nikon
(Ben Perston)
- 0001324: Pentax Makernote written twice
(Dominique Nerriec)
* Metadata: (7)
- 0001341: Date/Time Original not modified for NEFs
(Jean-Luc CECCOLI)
- 0001340: Infinite loop bugs in Libexiv2 Exiv2::Image::printIFDStructure()
(Sanjay Rawat)
- 0001325: Crash in exiv2 - Nikon1MakerNote::printBarValue (nikonnm.cpp)
(Thibaud Mouton)
- 0001322: Exception in PentaxMakerNote::printShutterCount, source: pentaxmn.cpp
(Norbert Wagner)
- 0001321: Invalid memory address dereference in Exiv2::getULong(types.cpp:246)
(Zhu Liu)
- 0001301: New lens: Sigma 18-35mm f/1.8 DC HSM Art for Canon
(Alexander Steffen)
- 0001300: New lens: Canon EF-S 35mm f/2.8 Macro IS STM
(Alexander Steffen)
* Not-a-bug: (8)
- 0001369: New lens Yongnuo 50mm f/1.8 II for Canon
(Michal Fapso)
- 0001368: Canon EF-M 15-45 broken LensType
(Peter Wemmert)
- 0001367: New Lens Sigma 100-400 mm, F5-6.3 DG for Nikon
(Thomas G)
- 0001364: New lens Tamron SP 24-70mm F/2.8 Di VC USD G2
(Mikko Pantsar)
- 0001350: Add lens: AF-S DX Nikkor 18-140mm
(Nikolai Försterling)
- 0001349: Add lens: Sigma 50-100mm F1.8 DC HSM | A
(Nikolai Försterling)
- 0001344: Unknown metadata
(luv zeng)
- 0001331: exiv2 fails to delete bulk of metadata in jpeg
(Denis-Carl Robidoux)
* Tools: (1)
- 0001303: #1 Use 'releases' feature on GitHub
* Tiff parser: (3)
- 0001360: exiv2 can't read metadata from tiff file (tiff directory length is too large)
(T Modes)
- 0001359: This does not look like a TIFF image
(jaeho jung)
- 0001330: Crash in Exiv2::TiffImage::readMetadata
(Tobias E.)
* Video: (2)
- 0001068: Video Code Umbrella
- 0001028: Add GSoC13 video-write code
* Website: (3)
- 0001308: Move directory /website to svn://dev.exiv2.org/svn/team/website
- 0001302: Use sha256 Checksums on Downloads and Archive pages of the web site.
- 0001288: site defaults to http://, and https:// certificate is bogus
(Matthias Andree)
* Xmp: (3)
- 0001354: Inconsistency with long XMP namespaces (e.g. 'Iptc4xmpExt')
(Jens Georg)
- 0001278: XMP SDK Split
(Ben Touchette)
- 0000941: Upgrade xmpsdk source to Adobe's current version
|
|
|
|
|
|
|
|
PR pkg/54353
|
|
|
|
|
|
There are too many changes to put them in this message.
|
|
|
|
|
|
|
|
|
|
Remove the INSTALL check and warning.
|
|
No objection on tech-pkg@.
|
|
|
|
to fix e.g.
File "/usr/pkg/lib/python3.7/site-packages/mesonbuild/dependencies/base.py", line 1966, in from_entry
return ExternalProgram(name, command=command, silent=True)
File "/usr/pkg/lib/python3.7/site-packages/mesonbuild/dependencies/base.py", line 1929, in __init__
self.path = self.command[-1]
IndexError: list index out of range
*** Error code 2
Stop.
make[1]: stopped in /usr/pkgsrc/devel/at-spi2-atk
*** Error code 1
|
|
|
|
What's new in 0.4.3:
- New API addition: WildMidi_InitVIO(). It is like WildMidi_Init(),
- but tells the library to use caller-provided functions for file IO.
- See wildmidi_lib.h or the man page WildMidi_InitVIO(3) for details.
- This was suggested and implemented by Christian Breitwieser.
- Fixed Visual Studio optimized builds (bug #192, function ptr issue.)
- Fixed a thinko in one of the buffer size checks added in v0.4.2.
- Fixed possible out of bounds reads in sysex commands (bug #190).
- Fixed invalid reads during config parse with short patch file names.
- Do not treat a missing end-of-track marker as an error for type-0
- midi files (bug #183).
- Fixed bad reading of high delta values in XMI converter (bug #199).
- Fixed a memory leak when freeing a midi (bug #204).
- Fixed slurred/echoy playback at quick tempos on looped instruments
- (bug #185).
- Fixed certain midis sounding different compared to timidity, as if
- instruments not turned off (bug #186).
- Fixed compilation on systems without libm.
- Support for RISC OS, Nintendo Switch and PS Vita.
- Several clean-ups.
What's new in 0.4.2:
- Fixed CVE-2017-11661, CVE-2017-11662, CVE-2017-11663, CVE-2017-11664
- (Bug #175).
- Fixed WildMidi_Open() might read beyond buffer with too short inputs
- (Bug #178).
- Fixed a buffer overflow during playback with malformed midi files
- (Bug #180).
- GUS patch processing changes to meet users expectations (Bug #132).
- Worked around a build failure with newer FreeBSD versions failing to
- retrieve the ONLCR constant (Bug #171).
- Fixed a minor Windows unicode issue (PR #170).
- A few other fixes / clean-ups.
What's new in 0.4.1:
- Fixed bug in handling of the "source" directive in config files.
- Fixed a nasty bug in dBm_pan_volume. Other fixes and clean-ups.
- Build system updates. Install a pkg-config file on supported platforms such as Linux. New android ndk makefile.
- File i/o updates.
- Support for OS/2.
- Support for Nintendo 3DS
- Support for Nintendo Wii
- Support for AmigaOS and its variants like MorphOS and AROS.
|
|
|
|
Changelog:
Tomcat 9.0.22 (markt)
Catalina
Fix: Improve parsing of Range request headers. (markt)
Fix: Range headers that specify a range unit Tomcat does not recognise should be ignored rather than triggering a 416 response. Based on a pull request by zhanhb. (markt)
Fix: When comparing a date from a If-Range header, an exact match is required. Based on a pull request by zhanhb. (markt)
Fix: Add an option to the default servlet to disable processing of PUT requests with Content-Range headers as partial PUTs. The default behaviour (processing as partial PUT) is unchanged. Based on a pull request by zhanhb. (markt)
Fix: Improve parsing of Content-Range headers. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
Coyote
Fix: Remove a source of potential deadlocks when using HTTP/2 when the Connector is configured with useAsyncIO as true. (markt)
Fix: 63523: Restore SSLUtilBase methods as protected to preserve compatibility. (remm)
Fix: Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
Fix: Once a URI is identified as invalid don't attempt to process it further. Based on a PR by Alex Repert. (markt)
Fix: Fix to avoid the possibility of long poll times for individual pollers when using mutliple pollers with APR. (markt)
Fix: Refactor the fix for 63205 so it only applies when using PKCS12 keystores as regressions have been reported with some other keystore types. (markt)
Jasper
Add: Include file names if SMAP processor is unable to delete or rename a class file during SMAP generation. (markt)
Update: Update to the Eclipse JDT compiler 4.12. (markt)
WebSocket
Fix: 63521: As required by the WebSocket specification, if a POJO that is deployed as a result of the SCI scan for annotated POJOs is subsequently deployed via the programmatic API ignore the programmatic deployment. (markt)
Other
Fix: Switch the check for terminal availability to test for stdin as using stdout does not work when output is piped to another process. Patch provided by Radosław Józwik. (markt)
Add: Add user buildable optional modules for easier CDI 2 and JAX-RS support. Also include a new documentation page describing how to use it. (remm)
2019-06-07 Tomcat 9.0.21 (markt)
Catalina
Add: 57287: Add file sorting to DefaultServlet (schultz)
Fix: Fix --no-jmx flag processing, which was called after registry initialization. (remm)
Fix: Ensure that a default request character encoding set on a ServletContext is used when calling ServletRequest#getReader(). (markt)
Fix: Make a best efforts attempt to clean-up if a request fails during processing due to an OutOfMemoryException. (markt)
Fix: Improve the BoM detection for static files handled by the default servlet for the rarely used UTF-32 encodings. Identified by Coverity Scan. (markt)
Fix: Ensure that the default servlet reads the entire global XSLT file if one is defined. Identified by Coverity Scan. (markt)
Fix: Avoid potential NullPointerException when generating an HTTP Allow header. Identified by Coverity Scan. (markt)
Code: Add Context.createInstanceManager() for easier framework integration. (remm)
Code: Add utility org.apache.catalina.core.FrameworkListener to allow replicating adding a Listener to context.xml in a programmatic way. (remm)
Code: Move Container.ADD_CHILD_EVENT to before the child container start, and Container.REMOVE_CHILD_EVENT to before removal of the child from the internal child collection. (remm)
Add: Remove any fragment included in the target path used to obtain a RequestDispatcher. The requested target path is logged as a warning since this is an application error. (markt)
Coyote
Fix: NIO poller seems to create some unwanted concurrency, causing rare CI test failures. Add sync when processing async operation to avoid this. (remm)
Fix: Fix concurrency issue that lead to incorrect HTTP/2 connection timeout. (remm/markt)
Fix: Avoid useless exception wrapping in async IO. (remm)
Fix: 63412: Security manager failure when using the async IO API from a webapp. (remm)
Fix: Remove acceptorThreadCount Connector attribute, one accept thread is sufficient. As documented, value 2 was the only other sensible value, but without and impact beyond certain microbenchmarks. (remm)
Fix: Avoid possible NPEs on connector stop. (remm)
Update: Remove pollerThreadCount Connector attribute for NIO, one poller thread is sufficient. (remm)
Add: Add async IO for APR connector for consistency, but disable it by default due to low performance. (remm)
Fix: Avoid blocking write of internal buffer when using async IO. (remm)
Code: Refactor async IO implementation to the SocketWrapperBase. (remm)
Update: Refactor SocketWrapperBase close using an atomic boolean and a doClose method that subclasses will implement, with a guarantee that it will be run only once. (remm)
Fix: Decouple the socket wrapper, which is not recycled, from the NIOx channel after close, and replace it with a dummy static object. (remm)
Fix: Clear buffers on socket wrapper close. (remm)
Fix: NIO2 failed to properly close sockets on connector stop. (remm)
Update: Reduce the default for maxConcurrentStreams on the Http2Protocol from 200 to 100 to align with typical defaults for HTTP/2 implementations. (markt)
Update: Reduce the default HTTP/2 header list size from 4GB to 32kB to align with typical HTTP/2 implementations. (markt)
Add: Add support for same-site cookie attribute. Patch provided by John Kelly. (markt)
Fix: Drop legacy NIO double socket close (close channel, then close socket). (remm)
Fix: Fix HTTP/2 end of stream concurrency with async. (remm)
Fix: Correct a bug in the stream flushing code that could lead to multiple threads processing the stream concurrently which in turn could cause errors processing the stream. (markt)
Cluster
Fix: 62841: Refactor the DeltaRequest serialization to reduce the window during which the DeltaSession is locked and to remove a potential cause of deadlocks during serialization. (markt)
Fix: 63441: Further streamline the processing of session creation messages in the DeltaManager to reduce the possibility of a session update message being processed before the session has been created. (markt)
WebSocket
d: Expand the explanation of how deprecated TLS configuration attributes are converted to the new TLS configuration style. (markt)
Tribes
Fix: Treat NoRouteToHostException the same way as SocketTimeoutException when checking the health of group membaven packaging. (remm)
Fix: 63403: Fix TestHttp2InitialConnection test failures when running with a non-English locale. (kkolinko)
Fix: Add Graal JreCompat, and use it to disable JMX and URL stream handlers. (remm)
Add: Expand the coverage and Expand the coverage and quality of the Simplified Chinese translations provided with Apache Tomcat. Includes contributions by 諵. (markt)
Fix: Use the test command to check for terminal availability rather than the tty command since the tty based te
Fix: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected. (markt)
Fix: Fix a potential resource leak when executing CGI scripts from a WAR file. Identified by Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the StringCache identified by Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the main Sendfile thread of the APR connector. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when running a web application from a WAR file. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on some exception paths in the DataSourceRealm. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on an exception path when parsing JSP files. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when a JNDI lookup returns an object of an in compatible class. Identified by Coverity scan. (markt)
Code: Refactor ManagerServlet to avoid loading classes when filtering JNDI resources for resources of a specified type. (markt)
Fix: 63324: Refactor the CrawlerSessionManagerValve so that the object placed in the session is compatible with session serialization with mem-cached. Patch provided by Martin Lemanski. (markt)
Add: 63358: Expand the throwOnFailure support in the Connector to include the adding of a Connector to a running Service. (markt)
Add: 63361: Add a new method (Registry.disableRegistry()) that can be used to disable JMX registration of Tomcat components providing it is called before the first component is registered. (markt)
Fix: Avoid OutOfMemoryErrors and ArrayIndexOutOfBoundsExceptions when accessing large files via the default servlet when resource caching has been disabled. (markt)
Fix: Avoid a NullPointerException when a Context is defined in server.xml with a docBase but not the optional path. (markt)
Fix: 63333: Override the isAvailable() method in the JAASRealm so that only login failures caused by invalid credentials trigger account lock out when the LockOutRealm is in use. Patch provided by jchobantonov. (markt)
Fix: Add --no-jmx flag to allow disabling JMX in startup.Tomcat.main. (remm)
Coyote
Fix: The useAsyncIO boolean attribute on the Connector element value now defaults to true. (remm)
Fix: Possible HTTP/2 connection leak issue when using async with NIO. (remm)
Fix: Fix socket close discrepancies for NIO, now the wrapper close is used everywhere except for socket accept problems. (remm)
Fix: Implement poller timeout when using async IO with NIO. (remm)
Fix: Avoid creating and using object caches when they are disabled. (remm)
Fix: When running on newer JREs that don't support SSLv2Hello, don't warn that it is not available unless explicitly configured. (markt)
Fix: Change default value of pollerThreadCount of NIO to 1. (remm)
Fix: Associate BlockPoller thread name with its NIO connector for better readability. (remm)
Fix: The async HTTP/2 frame parser should tolerate concurrency so clearing shared buffers before attempting a read is not possible. (remm)
Update: Update the HTTP/2 connection preface and initial frame reading to be asynchronous instead of blocking IO. (remm)
Code: Refactor Hostname validation to improve performance. Patch provided by Uwe Hees. (markt)
Update: Add additional NIO2 style read and write methods closer to core NIO2, for possible use with an asynchronous workflow like CompletableFuture. (remm)
Fix: Expand HTTP/2 timeout handling to include connection window exhaustion on write. This is the fix for CVE-2019-10072. (markt)
Jasper
Fix: 63359: Ensure that the type conversions used when converting from strings for jsp:setProperty actions are correctly implemented as per section JSP.1.14.2.1 of the JSP 2.3 specification. (markt)
Other
Fix: 63335: Ensure that stack traces written by the OneLineFormatter are fully indented. The entire stack trace is now indented by an additional TAB character. (markt)
Fix: 63370: Message files (LocalStrings_*.properties) of the examples webapp not converted to ascii. (woonsan)
Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Japanese translations provided with Apache Tomcat. Includes contributions by motohashi.yuki. (markt)
Add: Expand the coverage and quality of the Czech translations provided with Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Fix: When using the OneLineFormatter, don't print a blank line in the log after printing a stack trace. (markt)
Update: Update the internal fork of Apache Commons FileUpload to 41e4047 (2019-04-24) pick up some enhancements. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to dcdbc72 (2019-04-24) to pick up some clean-up and enhancements. (markt)
Update: Update the internal fork of Apache Commons Pool 2 to 0664f4d (2019-04-30) to pick up some enhancements and bug fixes. (markt)
2019-04-13 Tomcat 9.0.19 (markt)
Catalina
Fix: Fix wrong JMX registration regression in 9.0.18. (remm)
Coyote
Update: Add vectoring for NIO in the base and SSL channels. (remm)
Add: Add asynchronous IO from NIO2 to the NIO connector, with support for the async IO implementations for HTTP/2 and Websockets. The useAsyncIO boolean attribute on the Connector element allows enabling use of the asynchronous IO API. (remm)
Other
Fix: Ensure that the correct files are included in the source distribution for javacc based parsers depending on whether jjtree is used or not. (markt)
Fix: Ensure that text files in the source distribution have the correct line endings for the target platform. (markt)
not released Tomcat 9.0.18 (markt)
Catalina
Fix: 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader attribute of the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63235: Refactor Charset cache to reduce start time. (markt)
Fix: 63249: Use a consistent log level (WARN) when logging the failure to register or deregister a JMX Bean. (markt)
Fix: 63249: Use a consistent log level (ERROR) when logging the LifecycleException associated with the failure to start or stop a component. (markt)
Fix: When the SSI directive fsize is used with an invalid target, return a file size of - rather than 1k. (markt)
Fix: 63251: Implement a work-around for a known JRE bug (JDK-8194653) that may cause a dead-lock when Tomcat starts. (markt)
Fix: 63275: When using a RequestDispatcher ensure that HttpServletRequest.getContextPath() returns an encoded path in the dispatched request. (markt)
Update: Add optional listeners for Server/Listener, as a slight variant of a standard listener. The difference is that loading is not fatal when it fails. This would allow adding example configuration to the standard server.xml if deemed useful. Storeconfig will not attempt to persist the new listener. (remm)
Fix: 63286: Document the differences in behaviour between the LogFormat directive in httpd and the pattern attribute in the AccessLogValve for %D and %T. (markt)
Fix: 63287: Make logging levels more consistent for similar issues of similar severity. (markt)
Fix: 63311: Add support for https URLs to the local resolver within Tomcat used to resolve standard XML DTDs and schemas when Tomcat is configured to validate XML configuration files such as web.xml. (markt)
Fix: Encode the output of the SSI printenv command. This is the fix for CVE-2019-0221. (markt)
Code: Use constants for SSI encoding values. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the encoded form of the individual command line arguments to those values allowed by RFC 3875. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsEncoded. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the decoded form of the individual command line arguments to known safe values when running on Windows. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsDecoded. This is the fix for CVE-2019-0232. (markt)
Coyote
Fix: Fix bad interaction between NIO2 async read API and the regular read. (remm)
Fix: Refactor NIO2 write pending strategy for the classic IO API. (remm)
Fix: Restore original maxConnections default for NIO2 as the underlying close issues have been fixed. (remm)
Fix: Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
Fix: When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and instead dropped the connection. (markt)
Fix: Correct a regression in the TLS connector refactoring in Tomcat 9.0.17 that prevented the use of PKCS#8 private keys with OpenSSL based connectors. (markt)
Fix: Fix NIO2 SSL edge cases. (remm)
Fix: When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any query string present in the original HTTP/1.1 request is passed to the HTTP/2 request processing. (markt)
Fix: When Tomcat writes a final response without reading all of an HTTP/2 request, reset the stream to inform the client that the remaining request body is not required. (markt)
Jasper
Add: Add support for specifying Java 11 (with the value 11) as the compiler source and/or compiler target for JSP compilation. (markt)
Add: Add support for specifying Java 12 (with the value 12) and Java 13 (with the value 13) as the compiler source and/or compiler target for JSP compilation. If used with an ECJ version that does not support these values, a warning will be logged and the latest supported version will used. Based on a patch by Thomas Collignon. (markt)
Web applications
Fix: 63184: Expand the SSI documentation to provide more information on the supported directives and their attributes. Patch provided by nightwatchcyber. (markt)
Add: Add a note to the documentation about the risk of DoS with poorly written regular expressions and the RewriteValve. Patch provided by salgattas. (markt)
jdbc-pool
Fix: Improved maxAge handling. Add support for age check on idle connections. Connection that expired reconnects rather than closes it. Patch provided by toby1984. (kfujino)
Fix: 63320: Ensure that StatementCache caches statements that include arrays in arguments. (kfujino)
Other
Update: Update to the Eclipse JDT compiler 4.10. (markt)
Add: Expand the coverage and quality of the Spanish translations provided with Apache Tomcat. Includes contributions by Ulises Gonzalez Horta. (markt)
Add: Expand the coverage and quality of the Czech translations provided with Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Add: Expand the coverage and quality of the Chinese translations provided with Apache Tomcat. Includes contributions by winsonzhao and wjt. (markt)
Add: Expand the coverage and quality of the Russian translations provided with Apache Tomcat. (kkolinko)
Add: Expand the coverage and quality of the Japanese translations provided with Apache Tomcat. (kfujino)
Add: Expand the coverage and quality of the Korean translations provided with Apache Tomcat. (woonsan)
Add: Expand the coverage and quality of the German translations provided with Apache Tomcat. (fschumacher)
Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
|
|
|
|
Changelog:
Tomcat 8.5.43 (markt)
Catalina
Update: Modify the Default and WebDAV Servlets so that a 405 status code is returned for PUT and DELETE requests when disabled via the readonly initialisation parameter.
Fix: Align the contents of the Allow header with the response code for the Default and WebDAV Servlets. For any given resource a method that returns a 405 status code will not be listed in the Allow header and a method listed in the Allow header will not return a 405 status code. (markt)
Fix: When using WebDAV to copy a file resource to a destination that requires a collection to be overwritten, ensure that the operation succeeds rather than fails (with a 500 response). This enables Tomcat to pass two additional tests from the Litmus WebDAV test suite. (markt)
Fix: 49464: Improve the Default Servlet's handling of static files when the file encoding is not compatible with the required response encoding. (markt)
Fix: Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
Add: 58590: Add the ability for a UserDatabase to monitor the backing XML file for changes and reload the source file if a change in the last modified time is detected. This is enabled by default meaning that changes to $CATALINA_BASE/conf/tomcat-users.xml will now take effect a short time after the file is saved. (markt)
Fix: Improve parsing of Range request headers. (markt)
Fix: Range headers that specify a range unit Tomcat does not recognise should be ignored rather than triggering a 416 response. Based on a pull request by zhanhb. (markt)
Fix: When comparing a date from a If-Range header, an exact match is required. Based on a pull request by zhanhb. (markt)
Fix: Add an option to the default servlet to disable processing of PUT requests with Content-Range headers as partial PUTs. The default behaviour (processing as partial PUT) is unchanged. Based on a pull request by zhanhb. (markt)
Fix: Improve parsing of Content-Range headers. (markt)
Fix: Ensure that the HEAD response is consistent with the GET response when HttpServlet is relied upon to generate the HEAD response and the GET response uses chunking. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
Coyote
Fix: Avoid a potential hang when a client connects using TLS 1.0 to a Tomcat HTTPS connector configured to use NIO or NIO with OpenSSL 1.1.1 or later. (markt)
Fix: Once a URI is identified as invalid don't attempt to process it further. Based on a PR by Alex Repert. (markt)
Fix: Fix to avoid the possibility of long poll times for individual pollers when using mutliple pollers with APR. (markt)
Fix: Refactor the fix for 63205 so it only applies when using PKCS12 keystores as regressions have been reported with some other keystore types. (markt)
Jasper
Add: Include file names in error messages if SMAP processor is unable to delete or rename a class file during SMAP generation. (markt)
WebSocket
Fix: 63521: As required by the WebSocket specification, if a POJO that is deployed as a result of the SCI scan for annotated POJOs is subsequently deployed via the programmatic API ignore the programmatic deployment. (markt)
Other
Code: Switch i18n message files to use UTF-8 and convert to ASCII at build time. (markt)
Fix: 63523: Restore SSLUtilBase methods as protected to preserve compatibility. (remm)
Fix: Switch the check for terminal availability to test for stdin as using stdout does not work when output is piped to another process. Patch provided by Radosław Józwik. (markt)
2019-06-07 Tomcat 8.5.42 (markt)
Catalina
Add: 57287: Add file sorting to DefaultServlet (schultz)
Fix: Ensure that the default servlet reads the entire global XSLT file if one is defined. Identified by Coverity Scan. (markt)
Fix: Avoid potential NullPointerException when generating an HTTP Allow header. Identified by Coverity Scan. (markt)
Add: Remove any fragment included in the target path used to obtain a RequestDispatcher. The requested target path is logged as a warning since this is an application error. (markt)
Coyote
Update: Add additional NIO2 style read and write methods closer to core NIO2, for possible use with an asynchronous workflow like CompletableFuture. (remm)
Fix: Avoid useless exception wrapping in async IO. (remm)
Fix: 63412: Security manager failure when using the async IO API from a webapp. (remm)
Fix: Fix concurrency issue that lead to incorrect HTTP/2 connection timeout. (remm/markt)
Update: Reduce the default for maxConcurrentStreams on the Http2Protocol from 200 to 100 to align with typical defaults for HTTP/2 implementations. (markt)
Update: Reduce the default HTTP/2 header list size from 4GB to 32kB to align with typical HTTP/2 implementations. (markt)
Add: Add support for same-site cookie attribute. Patch provided by John Kelly. (markt)
Fix: Correct a bug in the stream flushing code that could lead to multiple threads processing the stream concurrently which in turn could cause errors processing the stream. (markt)
Cluster
Fix: 62841: Refactor the DeltaRequest serialization to reduce the window during which the DeltaSession is locked and to remove a potential cause of deadlocks during serialization. (markt)
Fix: 63441: Further streamline the processing of session creation messages in the DeltaManager to reduce the possibility of a session update message being processed before the session has been created. (markt)
Tribes
Fix: Treat NoRouteToHostException the same way as SocketTimeoutException when checking the health of group members. This avoids a SEVERE log message every time the check is performed when the host associated with a group member is not powered on. (markt)
Other
Update: Switch from FindBugs to SpotBugs. (fschumacher)and to check for terminal availability rather than the tty command since the tty based test fails on non-English locales. (markt)
2019-05-13 Tomcat 8.5.41 (markt)
Catalina
Fix: Fix a potential resource leak when executing CGI scripts from a WAR fileread of the APR connector. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when running a web application from a WAR file. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on some exception paths in ttified by Coverity scan. (markt)
Fix: Fix a potential resource leak when a JNDI lookup returns an object of an in compatible class. Identified by Coverity scan. (markt)
Code: Refactor ManagerServlet to avoid loading classes when filtering JNDI rescaching has been disabled. (markt)
Fix: Avoid a NullPointerException when a Context is defined in server.xml with a docBase but not the optional path. (markt)
Fix: 63324: Refactor the CrawlerSessionManagerValve so that the object placed in the sesials trigger account lock out when the LockOutRealm is in use. Patch provided by jchobantonov. (markt)
Coyote
Fix: When running on newer JREs that don't support SSLv2Hello, don't warn that it is not available unless explicitly configured. (markt)
Code: Refactor Hostname validation to improve performance. Patch provided by Uwe Hees. (markt)
Fix: Expand HTTP/2 timeout handling to include connection window exhaustion on write. This is the fix for CVE-2019-10072. (markt)
Other
Fix: 63335: Ensure that stack traces written by the OneLineFormatter are fully indented. The entire stack trace is now indented by an additional TAB character. (markt)
Fix: When using the OneLineFormatter, don't print a blank line in the log after printing a stack trace. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to dcdbc72 (2019-04-24) to pick up some clean-up and enhancements less the JDBC 4.2 related changes that require Java 8. (markt)
Update: Update the internal fork of Apache Commons Pool 2 to 0664f4d (2019-04-30) to pick up some enhancements and bug fixes. (markt)
Update: Update the internal fork of Apache Commons FileUpload to 41e4047 (2019-04-24) pick up some enhancements. (markt)
2019-04-12 Tomcat 8.5.40 (markt)
Catalina
Fix: 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader attribute of the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63235: Refactor Charset cache to reduce start time. (markt)
Fix: 63249: Use a consistent log level (WARN) when logging the failure to register or deregister a JMX Bean. (markt)
Fix: 63249: Use a consistent log level (ERROR) when logging the LifecycleException associated with the failure to start or stop a component. (markt)
Fix: When the SSI directive fsize is used with an invalid target, return a file size of - rather than 1k. (markt)
Fix: 63251: Implement a work-around for a known JRE bug (JDK-8194653) that may cause a dead-lock when Tomcat starts. (markt)
Fix: 63275: When using a RequestDispatcher ensure that HttpServletRequest.getContextPath() returns an encoded path in the dispatched request. (markt)
Fix: 63286: Document the differences in behaviour between the LogFormat directive in httpd and the pattern attribute in the AccessLogValve for %D and %T. (markt)
Fix: 63311: Add support for https URLs to the local resolver within Tomcat used to resolve standard XML DTDs and schemas when Tomcat is configured to validate XML configuration files such as web.xml. (markt)
Fix: Encode the output of the SSI printenv command. This is the fix for CVE-2019-0221. (markt)
Code: Use constants for SSI encoding values. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the encoded form of the individual command line arguments to those values allowed by RFC 3875. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsEncoded. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the decoded form of the individual command line arguments to known safe values when running on Windows. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsDecoded. This is the fix for CVE-2019-0232. (markt)
Update: Change the default for the enableCmdLineArguments parameter of the CGI servlet from true to false as additional hardening against CVE-2019-0232. (markt)
Coyote
Fix: Fix bad interaction between NIO2 async read API and the regular read. (remm)
Fix: Refactor NIO2 write pending strategy for the classic IO API. (remm)
Fix: Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
Fix: When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and instead dropped the connection. (markt)
Fix: Correct a regression in the TLS connector refactoring in Tomcat 9.0.17 that prevented the use of PKCS#8 private keys with OpenSSL based connectors. (markt)
Fix: When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any query string present in the original HTTP/1.1 request is passed to the HTTP/2 request processing. (markt)
Fix: When Tomcat writes a final response without reading all of an HTTP/2 request, reset the stream to inform the client that the remaining request body is not required. (markt)
Fix: 63312: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be changed. (markt)
Jasper
Add: Add support for specifying Java 11 (with the value 11) as the compiler source and/or compiler target for JSP compilation. (markt)
Add: Add support for specifying Java 12 (with the value 12) and Java 13 (with the value 13) as the compiler source and/or compiler target for JSP compilation. If used with an ECJ version that does not support these values, a warning will be logged and the latest supported version will used. Based on a patch by Thomas Collignon. (markt)
WebSocket
Fix: Improve the handling of exceptions during TLS handshakes for the WebSocket client. (markt)
Web applications
Fix: 63184: Expand the SSI documentation to provide more information on the supported directives and their attributes. Patch provided by nightwatchcyber. (markt)
Add: Add a note to the documentation about the risk of DoS with poorly written regular expressions and the RewriteValve. Patch provided by salgattas. (markt)
jdbc-pool
Fix: 63320: Ensure that StatementCache caches statements that include arrays in arguments. (kfujino)
|
|
from infozip's sourceforge / debian.
|
|
|
|
changes in pkgsrc:
* switch from libmad to libmpg123 for mp3 decoding.
it's more actively maintained.
* switch from libaudiofile to libsndfile for lossless formats.
it's more actively maintained.
* add more options, and try to clarify existing options to
make it obvious what is being enabled.
* enable ffmpeg by default so playing m4a files works
* fix cdparanoia support
ver 0.21.11 (2019/07/03)
* input
- tidal: deprecated because Tidal has changed the protocol
* decoder
- wildmidi: log error if library initialization fails
* output
- alsa: fix busy loop while draining
- alsa: fix missing drain call
- alsa: improve xrun-avoiding silence generator
- alsa: log when generating silence due to slow decoder
- alsa, osx: fix distortions with DSD_U32 and DoP on 32 bit CPUs
* protocol
- fix "list" with multiple "group" levels
|
|
as discussed at pkgsrccon, this was pretty much the only thing still using
or supporting esound. the esound website doesn't even exist any more. NAS
might still be useful, but maybe only if you're using IRIX or something
i'm especially worried about libaudiofile and spidermonkey52 being pulled
in by esound and pulseaudio respectively - the maintainance status of these
libraries is very unclear and their security record is quite problematic.
also:
- Linux gets ALSA.
- explicitly disable support for PlayStation video outputs
if you get pkgsrc to work on the PlayStation OS please submit a talk
- add pkg-config to USE_TOOLS, it seems to be used in some circumstances.
|
|
|
|
This adds support for dune and OCaml 4.08, and has some other minor
improvements and bugfixes as well.
|
|
|
|
0.36.0:
Added
-----
Turn off session tickets for nginx plugin by default
Added missing error types from RFC8555 to acme
Changed
-------
Support for Ubuntu 14.04 Trusty has been removed.
Update the 'manage your account' help to be more generic.
The error message when Certbot's Apache plugin is unable to modify your Apache configuration has been improved.
Certbot's config_changes subcommand has been deprecated and will be removed in a future release.
certbot config_changes no longer accepts a --num parameter.
The functions certbot.plugins.common.Installer.view_config_changes and certbot.reverter.Reverter.view_config_changes have been deprecated and will be removed in a future release.
Fixed
-----
Replace some unnecessary platform-specific line separation.
|
|
|
|
|
|
Needed as a dependency for a new version of devel/ocaml-ppx_deriving.
|
|
Install bytecode files unstripped.
|
