./www/apache-tomcat6, Implementation of Java Servlet and JavaServer Pages technologies

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 6.0.45, Package name: apache-tomcat-6.0.45, Maintainer: pkgsrc-users

Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.

Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.

Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.

Apache Tomcat 6.x is the current focus of development. It builds upon the
improvements made in Tomcat 5.5.x and implements the Servlet 2.5 and JSP 2.1
specifications. In addition to that, it includes the following improvements:

* Memory usage optimizations
* Advanced IO capabilities
* Refactored clustering

Required to run:

Master sites: (Expand)

SHA1: f05fad07e354c9f6fff8137e9de31f4365d3766a
RMD160: 5561452f5d2a8c6de5f2334d9f806acfcb69b4ef
Filesize: 6907.824 KB

Version history: (Expand)

CVS history: (Expand)

   2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89)
Log message:
Remove the stability entity, it has no meaning outside of an official context.
   2016-06-08 11:46:05 by Jonathan Perkin | Files touched by this commit (47)
Log message:
Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
   2016-02-28 11:14:53 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 6.0.45

Tomcat 6.0.45 (jfclere)


        fix	Back-port various improvements to the AprLifecycleListener including \ 
the fix for 57021 that improves logging when the Tomcat-Native DLL fails to \ 
load. (markt)
        add	57154: Add support for web applications (Context elements) that do \ 
not have a docBase. This is intended for use when embedding, such as Tomcat unit \ 
tests, when a web application is configured programmatically and does not serve \ 
any files. Based on a patch provided by Huxing Zhang. (kkolinko)
        add	57741: Enable the CGI servlet to use the standard error page \ 
mechanism. Note that if the CGI servlet's debug init parameter is set to 10 or \ 
higher then the standard error page mechanism will be bypassed and a debug \ 
response generated by the CGI servlet will be returned instead. (markt)
        fix	57896: Support defensive copying of "cookie" header so \ 
that unescaping double quotes in a cookie value does not corrupt original value \ 
of "cookie" header. This is an opt-in feature, enabled by \ 
org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER or \ 
org.apache.catalina.STRICT_SERVLET_COMPLIANCE system property. (kkolinko)
        fix	58031: Make the (first) reason parameter parsing failed available as \ 
a request attribute and then use it to provide a better status code via the \ 
FailedRequstFilter (if configured). (markt)
        fix	58313: Fix concurrent access of encoders map when clearing encoders \ 
during Comet processing. (markt)
        fix	58508: Escape role names when generating associated MBeans in case \ 
the role name contains characters not permitted in an MBean name. (markt)
        fix	58582: Combined realm should perform background processing on its \ 
sub-realms. Based upon a patch provided by Aidan. (kkolinko)
        add	Move the functionality that provides redirects for context roots and \ 
directories where a trailing / is added from the Mapper to the DefaultServlet. \ 
This enables such requests to be processed by any configured Valves and Filters \ 
before the redirect is made. This behaviour is configurable via the \ 
mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes \ 
of the Context which may be used to restore the previous behaviour. (markt)
        fix	58635: Enable break points to be set within agent code when running \ 
Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)
        fix	Add the StatusManagerServlet to the list of Servlets that can only \ 
be loaded by privileged applications. (markt)
        fix	Remove redundant copy of catalina.properties from o.a.c.startup. \ 
Generate this copy during the ant "compile" task. (kkolinko)
        fix	58817: Fix ArrayIndexOutOfBoundsException caused by MapperListener \ 
when ROOT context is being undeployed and \ 
mapperContextRootRedirectEnabled="false". (kkolinko)
        fix	58836: Correctly merge query string parameters when processing a \ 
forwarded request where the target includes a query string that contains a \ 
parameter with no value. (markt/kkolinko)
        add	Allow singleton server instance stored by ServerFactory to be \ 
cleared. Allow ResourceLinkFactory to be initialized more than once. This is \ 
used by unit tests when running several copies of Tomcat sequentially in the \ 
same JVM. When running with a SecurityManager the initialization method of \ 
ResourceLinkFactory is protected by requiring a RuntimePermission. (kkolinko)
        add	Extend the feature available in the cluster session manager \ 
implementations that enables session attribute replication to be filtered bases \ 
on attribute name to all session manager implementations. Note that \ 
configuration attribute name has changed from sessionAttributeFilter to \ 
sessionAttributeNameFilter. Apply the filter on load as well as unload to ensure \ 
that configuration changes made while the web application is stopped are applied \ 
to any persisted data. (markt)
        add	Extend the session attribute filtering options to include filtering \ 
based on the implementation class of the value and optional WARN level logging \ 
if an attribute is filtered. These options are available for all of the Manager \ 
implementations that ship with Tomcat. When a SecurityManager is used filtering \ 
will be enabled by default. (markt)
        fix	58946: Ensure that the request parameter map remains immutable when \ 
processing via a RequestDispatcher. (markt)


        add	Align the Java side of the tc-native connector with the Tomcat 7 \ 
implementation to ease future maintenance. (markt)
        fix	51503: Add additional validation that prevents a connector from \ 
starting if it does not have a valid port number. (kkolinko)
        add	52028: Add support for automatic binding to a free port by a \ 
connector if the special value of zero is used for the port. This is mainly \ 
useful in embedded and testing scenarios. (kkolinko)
        fix	52926: Avoid NPE when an NIO Comet connection times out on one \ 
thread at the same time as it is closed on another thread. (markt/kkolinko)
        fix	57943: Prevent the same socket being added to the cache twice. Patch \ 
based on analysis by Ian Luo / Sun Qi. (markt/kkolinko)
        fix	Improve HTTP header validation. (markt)

    Web applications

        fix	57971: Correct the documentation for the cluster configuration \ 
setting recoverySleepTime. (markt)
        fix	58112: Update the documentation for using the Catalina tasks in an \ 
Apache Ant build file. (markt)
        fix	Improve the Javadoc for some of the APR socket read functions that \ 
have inconsistent behaviour for return values. (markt)
        add	58255: Document the Semaphore valve. Patch provided by Kyohei \ 
Nakamu. (markt)
        fix	58631: Correct the continuation character use in the Windows Service \ 
How-To page of the documenation web application. (markt)
        fix	Correct some typos in the JNDI resources How-To. (markt)
        fix	Add a redirect to the web interface to the root of the Manager web \ 
application. (markt)
        fix	Don't create sessions unnecessarily in the Manager application. (markt)
        fix	Add a redirect to the web interface to the root of the Host Manager \ 
web application. (markt)
        fix	Don't create sessions unnecessarily in the Host Manager application. \ 


        fix	Ensure JULI adapters JAR in Tomcat extras package does not include \ 
the LogFactoryImpl[$*] classes. Based on patch provided by Benjamin Gandon. \ 
        code	Convert test classes to JUnit 4. (kkolinko)
        update	58596: Clarify the description in RUNNING.txt of how environment \ 
variables are used. (markt)
        update	Update the NSIS Installer used to build the Windows Installers to \ 
version 2.50. (markt/kkolinko)
        add	Add framework for client-server unit tests, porting it from Tomcat \ 
7. Add support for running the tests with Apache Ant. (kkolinko)
        update	Update to Tomcat Native Library version 1.1.34. (jfclere)
        update	Remove support for Intel Itanium CPU (i64, IA-64) in the Windows \ 
installer, as the current release of Tomcat Native does not have binaries for \ 
that processor architecture. (jfclere)
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-05-19 21:33:54 by S.P.Zeidler | Files touched by this commit (3) | Package updated
Log message:
Update to Tomcat 6.0.44

Upstream changelog:

fix	Correct typo in the message shown by HttpServlet for unexpected
	HTTP method. (kkolinko)
add	Allow to configure RemoteAddrValve and RemoteHostValve to adopt
	behavior depending on the connector port. Implemented by
	optionally adding the connector port to the string compared with
	the patterns allow and deny. Configured using addConnectorPort
	attribute on valve. (rjung)
fix	56608: Fix IllegalStateException for JavaScript files when
	switching from Writer to OutputStream. The special handling of
	this case in the DefaultServlet was broken due to a MIME type
	change for JavaScript. (markt)
fix	57675: Correctly quote strings when using the extended access
	log. (markt)

fix	57234: Make SSL protocol filtering to remove insecure protocols
	case insensitive. Correct spelling of filterInsecureProtocols
	method. (kkolinko/schultz)
fix	When applying the maxSwallowSize limit to a connection read
	that many bytes first before closing the connection to give
	the client a chance to read the response. (markt)
fix	57544: Fix a potential infinite loop when preparing a kept
	alive HTTP connection for the next request. (markt)
add	57570: Make the processing of chunked encoding trailing headers
	optional and disabled by default. (markt)
fix	57581: Change statistics byte counter in coyote Request object
	to be long to allow values above 2Gb. (kkolinko)
update	Update the minimum recommended version of the Tomcat Native
	library (if used) to 1.1.33. (markt)

fix	Fix potential issue with BeanELResolver when running under a
	security manager. Some classes may not be accessible but may
	have accessible interfaces. (markt)
fix	Simplify code in ProtectedFunctionMapper class of Jasper
	runtime. (kkolinko)
fix	57801: Improve the error message in the start script in case
	the PID read from the PID file is already owned by a process.

Web applications
fix	Update documentation for CGI servlet. Recommend to copy the
	servlet declaration into web application instead of enabling
	it globally. Correct documentation for cgiPathPrefix. (kkolinko)
update	Improve Tomcat Manager documentation. Rearrange, add section
	on HTML GUI, document /expire command and Server Status page.
add	54143: Add display of the memory pools usage (including PermGen)
	to the Status page of the Manager web application. (kkolinko)
fix	Fix several issues with status.xsd schema in Manager web
	application, testing it against actual output of
	StatusTransformer class. (kkolinko)
update	Align algorithm that generates anchor names in Tomcat
	documentation with Tomcat 7/8/9. No visible changes, but may
	help with future updates to the documentation. (kkolinko)
fix	56058: Add links to the AccessLogValve documentation for
	configuring reverse proxies and/or Tomcat to ensure that the
	desired information is used entered in the access log when
	Tomcat is running behind a reverse proxy. (markt)
fix	57503: Make clear that the JULI integration for log4j only
	works with log4j 1.2.x. (markt)
update	57644: Update examples to use Apache Standard Taglib 1.2.5.
fix	57706: Clarify the documentation for the AJP connector to make
	clearer that when using tomcatAuthentication="false" the user
	provided by the reverse proxy will not be associated with any
	roles. (markt)
fix	Correct the documentation for deployOnStartup to make clear
	that if a WAR file is updated while Tomcat is stopped and
	unpackWARs is true, Tomcat will not detect the changed WAR
	file when it starts and will not replace the unpacked WAR file
	with the contents of the updated WAR. (markt)
add	57759: Add information to the keyAlias documentation to make
	it clear that the order keys are read from the keystore is
	implementation dependent. (markt)
fix	57864: Update the documentation web application to make it
	clearer that hex values are not valid for cluster send options.
	Based on a patch by Kyohei Nakamura. (markt)

add	57344: Provide sha1 checksum files for Tomcat downloads.
fix	57558: Change catalina-tasks.xml to use all jars in
	${catalina.home}/lib to define Tomcat Ant tasks. This fixes
	a NoClassDefFoundError with validate task. (kkolinko)
update	Update to Tomcat Native Library version 1.1.33 to pick up the
	Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1.
   2015-01-03 17:43:44 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 6.0.43

# Tomcat 6.0.43 (markt)
## Catalina
* fix	Assert that mapping result object is empty before performing mapping work \ 
in Mapper. (kkolinko)

## Coyote
* fix	53952: Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a \ 
patch by Marcel Ĺ ebek. (schultz/jfclere)
* fix	56780: Enable Tomcat to start when using SSL with an IBM JRE in strict \ 
SP800-131a mode. (markt/kkolinko)
* fix	57102: Fix bug that meant sslEnabledProtocols setting was not recognised \ 
for the HTTPS NIO connector. (markt)
* add	Disable SSLv3 by default for the APR/native HTTPS connector. (markt/schultz)
* fix	Do not increase remaining counter at end of stream in IdentityInputFilter. \ 
* fix	Disable SSLv3 by default (along with SSLv2 which was already disabled by \ 
default) in light of the recently announced POODLE vulnerability \ 
(CVE-2014-3566). (markt)
* fix	57116: Do not fallback to default protocol list for HTTPS BIO connector if \ 
sslEnabledProtocols has no matches. (markt)
* update	Align calculation of default ciphers and default protocols for JSSE \ 
HTTPS connectors with Tomcat 7 which allows for per connector defaults based on \ 
the choice of sslProtocol. (markt/kkolinko)

## Web applications
* fix	Configure the Javadoc tool to read sources as ISO-8859-1, suppress \ 
timestamp comments and enable charset header. (kkolinko)
* fix	Correct typos in configuration samples on SSL Configuration page of Tomcat \ 
documentation. (kkolinko)

## Other
* update	56079: The Apache Tomcat Windows service and the Apache Tomcat Windows \ 
service monitor application are now digitally signed. (markt/kkolinko)
* update	56988: Allow to use relative path in base.path setting when building \ 
Tomcat. (kkolinko)
fix	Update documentation: the minimum version of Apache Ant required to build \ 
Tomcat is 1.8.0. (kkolinko)
* update	56596: Update to Tomcat Native Library version 1.1.32 to pick up the \ 
Windows binaries that are based on OpenSSL 1.0.1j and APR 1.5.1. (markt)
* fix	Fix timestamps in Tomcat build to use 24-hour instead of 12-hour format \ 
and use UTC timezone. (kkolinko)

# Tomcat 6.0.42 (jfclere)	not released
## Catalina
* fix	56600: In WebdavServlet: Do not waste time generating response for broken \ 
PROPFIND request. (kkolinko)
* fix	56648: Reduce scope of synchronization when adding children to a container \ 
(e.g. adding a Context to a Host) to prevent blocking requests to other children \ 
while the new child starts. (markt)
* fix	56684: Ensure that Tomcat does not shut down if the socket waiting for the \ 
shutdown command experiences a SocketTimeoutException. (markt)

## Coyote
fix	Various improvements to ChunkedInputFilter including clean-up, i18n for \ 
error messages and adding an error flag to allow subsequent attempts at reading \ 
after an error to fail fast. (markt)
fix	56661: Support using AJP request attribute AJP_LOCAL_ADDR to fix \ 
getLocalAddr(). (rjung)

## Jasper
* fix	43001: Enable the JspC Ant task to set the JspC option mappedFile. (kkolinko)
* fix	56334: Fix a regression in EL parsing when quoted string follows a \ 
whitespace. (markt)
* fix	56560: Fix NoClassDefFoundError when using Jasper Ant task defined by \ 
catalina-tasks.xml file. Patch provided by M Gemmell. (kkolinko)
* fix	56561: Avoid NoSuchElementException while handling attributes with empty \ 
string value. (violetagg)
* fix	56612: Correctly parse consecutive escaped single quotes when used in an \ 
EL expression. (markt)
* code	Use if { ... } else if { ... } rather than multiple if { ... } for \ 
alternative branches in the JSP parser. (kkolinko)
* fix	Fix a potential resource leak in JDTCompiler when checking wether a \ 
resource is a package. Reported by Coverity Scan. (fschumacher)

## Other
* fix	56606: When creating tomcat-users.xml in the Windows Installer, use the \ 
new attribute name for the name of the user. (markt)
* add	56829: Add the ability for users to define their own values for _RUNJAVA \ 
and _RUNJDB environment variables. Be more strict with executable filename on \ 
Windows (s/java/java.exe/). Based on a patch by Neeme Praks. (markt/kkolinko)
   2014-06-28 19:05:46 by S.P.Zeidler | Files touched by this commit (2) | Package updated
Log message:
security'ish update. Changelog:

Tomcat 6.0.41
fix	56529: Avoid NoSuchElementException while handling attributes
	with empty string value in custom tags. Based on a patch
	provided by Hariprasad Manchi. (violetagg/kkolinko)

Tomcat 6.0.40	not released
fix	56027: Add more options for managing FIPS mode in the
	AprLifecycleListener. (schultz/kkolinko)
fix	56082: Fix a concurrency bug in JULI's LogManager
	implementation. (markt)
fix	56236: Enable Tomcat to work with alternative Servlet and
	JSP API JARs that package the XML schemas in such as way as
	to require a dependency on the JSP API before enabling
	validation for web.xml. Tomcat has no such dependency. (markt)
fix	Change the default value of the xmlBlockExternal attribute
	of Context elements. It is now true. (kkolinko)
fix	Don't log to standard out in SSLValve. (kkolinko/markt)
code	Use StringBuilder in DefaultServlet. (kkolinko)
fix	56275: Allow web applications to be stopped cleanly even
	if filters throw exceptions when their destroy() method is
	called. (markt/kkolinko)
fix	Redefine the globalXsltFile initialisation parameter of the
	DefaultServlet as relative to CATALINA_BASE/conf or
	CATALINA_HOME/conf. Prevent user supplied XSLTs used by the
	DefaultServlet from defining external entities. (markt)
fix	Add a work around for validating XML documents (often TLDs)
	that use just the file name to refer to refer to the JavaEE
	schema on which they are based. (kkolinko)
fix	56369: Ensure that removing an MBean notification listener
	reverts all the operations performed when adding an MBean
	notification listener. (markt)
fix	Only create XML parsing objects if required and fix associated
	potential memory leak in the default Servlet. (markt)
fix	Ensure that a TLD parser obtained from the cache has the
	correct value of blockExternal. (markt/kkolinko)
add	Extend XML factory, parser etc. memory leak protection to
	cover some additional locations where, theoretically, a
	memory leak could occur. (markt)
add	Add the org.apache.naming package to the packages requiring
	code to have the defineClassInPackage permission when running
	under a security manager. (markt)
add	Add the org.apache.naming.resources package to the packages
	requiring code to have the accessClassInPackage permission
	when running under a security manager. (markt)
fix	Make the naming context tokens for containers more robust.
	Require RuntimePermission when introducing a new token.

fix	Improve processing of chuck size from chunked headers.
	Avoid overflow and use a bit shift instead of a multiplication
	as it is marginally faster. (markt/kkolinko)
fix	Fix possible overflow when parsing long values from a byte
	array. (markt)
update	56363: Update to version 1.1.30 of Tomcat Native library.
	The minimum required version of this library for APR connector
	is now 1.1.30. (kkolinko)

fix	Change the default behaviour of JspC to block XML external
	entities by default. (kkolinko)
fix	Restore the validateXml option to Jasper that was previously
	renamed validateTld. Both options are now supported.
	validateXml controls the validation of web.xml files when
	Jasper parses them and validateTld controls the validation
	of *.tld files when Jasper parses them. (markt)
fix	54475: Add Java 8 support to SMAP generation for JSPs.
	Patch by Robbie Gibson. (markt)
fix	56010: Don't throw an IllegalArgumentException when
	JspFactory.getPageContext is used with JspWriter.DEFAULT_BUFFER.
	Based on a patch by Eugene Chung. (markt)
fix	56265: Do not escape values of dynamic tag attributes
	ontaining EL expressions. (kkolinko)
fix	56283: Add support for running Tomcat 6 with ecj-P20140317-1600.jar
	(as drop-in replacement for ecj-4.3.1.jar). Add support for
	value "1.8" for the compilerSourceVM and compilerTargetVM
	options. Note that ecj-P20140317-1600.jar can only be used
	when running with Java 6 or later. The "1.8" options make
	sense only when running with Java 8 (or later). (kkolinko)
fix	56334: Fix a regression in the handling of back-slash escaping
	introduced by the fix for 55735. (markt/kkolinko)
fix	Correct the handling of back-slash escaping in the EL parser
	and no longer require that \$ or \# must be followed by { in
	order for the back-slash escaping to take effect. (markt)

code	Refactor AbstractReplicatedMap and related classes to enable
	Tomcat 6 to be compiled using Java 8. (markt)

Web applications
add	56093: Documentation for SSLValve. (markt/kkolinko)
fix	Correct documentation on Windows service options, aligning
	it with Apache Commons Daemon documentation. (kkolinko)
add	Add support for version-major, version-major-minor tags in
	documentation XSLT, to simplify documentation backports. (kkolinko)
fix	Fix target and rel attributes on links in documentation.
	They were lost during XSLT transformation. (kkolinko)

code	Remove svn keywords (such as $Id) from source files and
	documentation. (kkolinko)
update	Improvements to the Windows installer, to align it with
	installing the sevice with service.bat. Use explicit memory
	sizes (--JvmMs 128 Mb and --JvmMx 256 Mb). Specify log
	directory path when ininstalling, so that the log file is
	written to the Tomcat logs directory, instead of
	"%SystemRoot%\System32\LogFiles\Apache". (kkolinko)
update	49993, 56143: Improve service.bat script. Allow it to be
	launched from non-UAC console. The UAC prompt will be shown
	only once. Now there is no need to run the command shell
	with elevated privileges. Improve check for JAVA_HOME and
	add support for JRE_HOME. Warn if neither "client" nor
	"server" JVM is found. Align classpath, display name and
	other options with the exe installer. Make command names
	case-insensitive. Update documentation. (kkolinko)
   2014-03-11 15:34:41 by Jonathan Perkin | Files touched by this commit (99)
Log message:
Import initial SMF support for individual packages.