Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2011-12-14 08:20:13 by Matthias Scheler | Files touched by this commit (3) | |
Log message:
Pullup ticket #3629 - requested by spz
www/apache-tomcat6: security update
Revisions pulled up:
- www/apache-tomcat6/Makefile 1.10
- www/apache-tomcat6/PLIST 1.6
- www/apache-tomcat6/distinfo 1.7
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Dec 13 09:44:17 UTC 2011
Modified Files:
pkgsrc/www/apache-tomcat6: Makefile PLIST distinfo
Log message:
Upstream changelog:
Tomcat 6.0.35 (jfclere)
+++++++++++++++++++++++
Catalina
--------
fix Fix regression in decoding of parameters that contain spaces.
Patch by Willem Fibbe. (kkolinko)
Tomcat 6.0.34 (jfclere) not released
++++++++++++++++++++++++++++++++++++
Catalina
--------
fix 51550: Display an error page rather than an empty response
for an IllegalStateException caused by too many active sessions.
(markt)
add 51640: Improve the memory leak prevention for leaks triggered
by java.sql.DriverManager. (markt/kkolinko)
fix 51688: JreMemoryLeakPreventionListener now protects against
AWT thread creation. (schultz)
fix 51758: The digester (used for processing XML files) used
the logger name org.apache.commons.digester.Digester rather
than the expected org.apache.tomcat.util.digester.Digester.
The digester has been changed to use the expected logger name.
(kkolinko)
add 51862: Added a classesToInitialize attribute to
JreMemoryLeakPreventionListener to allow pre-loading of
configurable classes to avoid some classloader leaks. (slaurent)
fix 51872: Ensure that the access log always uses the correct
value for the remote IP address associated with the request
and that requests with multiple errors do not result in
multiple entries in the access log. (markt)
add Allow to overwrite the check for distributability of session
attributes by session implementations. (rjung)
add Provide the log format "OneLineFormatter" for JULI that
provides the same information as the default plus thread
name but on a single line. (markt/rjung)
fix Ensure the the memory leak protection for the HttpClient
keep-alive always operates even if the thread has already
stopped. (markt)
fix 51940: Do not limit saving of request bodies during FORM
authentication to POST requests since any HTTP method may
include a request body. Based on a patch by Nicholas Sushkin.
(kkolinko)
fix 52091: Address performance issues related to lock contention
in StandardWrapper. Based on patch provided by Taiki Sugawara.
(kkolinko)
update In GenericPrincipal, SerializablePrincipal: Do not sort lists
of roles that have only one element. (kkolinko)
add Make configuration issue for CsrfPreventionFilter result in
the failure of the filter rather than just a warning message.
(kkolinko)
fix Ensure changes to the configuration of RemoteAddrValve and
RemoteHostValve via JMX are thread-safe. (kkolinko)
add Make configuration issue for RemoteAddrValve and
RemoteHostValve result in the failure of the valve rather
than just a warning message. (kkolinko)
update In RequestFilterValve (RemoteAddrValve, RemoteHostValve):
refactor value matching logic into separate method and expose
this new method isAllowed through JMX. (kkolinko)
add Improve performance of parameter processing for GET and POST
requests. Also add an option to limit the maximum number of
parameters processed per request. This defaults to 10000.
Excessive parameters are ignored. Note that FailedRequestFilter
can be used to reject the request if some parameters were
ignored. (markt/kkolinko)
add New filter FailedRequestFilter that will reject a request
if there were errors during HTTP parameter parsing. (kkolinko)
Coyote
------
fix 50394: Return -1 from read operation instead of throwing an
exception when encountering an EOF with the HTTP APR connector.
(kkolinko)
fix 51698: Fix CVE-2011-3190. Prevent AJP message injection. (markt)
fix Detect incomplete AJP messages and reject the associated
request if one is found. (markt)
fix 51794: Fix race condition in NioEndpoint selector.
Patch provided by dlord. (fhanik)
fix 51905: Fix infinite loop in AprEndpoint shutdown if acceptor
unlock fails. Reduce timeout before forcefully closing the
socket from 30s to 10s. (kkolinko)
fix 52121: Fix possible output corruption when compression is
enabled for a connector and the response is flushed.
Test case provided by David Marcks. (kkolinko)
fix Replace unneeded call that iterated events queue in
NioEndpoint.Poller. (kkolinko)
fix Improve MimeHeaders.toString(). (kkolinko)
fix Allow the BIO HTTP connector to be used with SSL when
running under Java 7. (markt)
fix Improve multi-byte character handling in all connectors. (rjung)
Jasper
------
fix 51220: Correct copy/paste error in original commit for this
issue. (markt)
fix 52091: Address performance issues related to log creation
in TagHandlerPool. Patch provided by Taiki Sugawara. (markt)
Cluster
-------
add 51736: Make rpcTimeout configurable in BackupManager. (kfujino)
add New cluster manager attribute sessionAttributeFilter allows
to filter which session attributes are replicated using a
regular expression applied to the attribute name. (rjung)
fix Avoid an unnecessary session ID change notice.
Notice of changed session ID by JvmRouteBinderValve is
unnecessary to BackupManager. In BackupManager, change of
session ID is replicated by the call of a setId() method.
(kfujino)
fix Fix unneeded duplicate resetDeltaRequest() call in
DeltaSession.setId(String). (kkolinko)
add When Context manager does not exist, no context manager
message is replied in order to avoid timeout (default 60 sec)
of GET_ALL_SESSIONS sync phase. (kfujino)
Webapps
-------
fix Correct the documentation for the connectionLinger attribute
of the HTTP connector. (markt)
add Show build date and version in the header on every
documentation page. (kkolinko)
fix 52049: Improve setup instructions for running as a Windows
service: correct information on how a JRE is identified and
selected. (markt)
update 52172: Clarify Tomcat build instructions. Patch provided by
bmargulies. (kkolinko)
Other
-----
update Update the native component of the APR/native connectors
to 1.1.22. (markt)
update Update the recommended version of the native component
of the APR/native connectors to 1.1.22. (kkolinko)
update Update the Eclipse compiler (used for JSPs) to 3.7. (markt)
fix Correct two typos in the Windows installer. (kkolinko)
fix 52059: In Windows uninstaller: Do not forget to remove
Tomcat keys from 32-bit registry on deinstallation. (kkolinko)
|
Next | Query returned 1 messages, browsing 1 to 10 | previous