Navigation:
Browse pkgsrc
(this page)| 2024-08-03 16:37:11 by Makoto Fujiwara | Files touched by this commit (1) |
Log message: (www/apache-tomcat6) regen PLIST, *logo*.gif -> *logo*.svg |
2024-07-18 14:05:43 by Ryo ONODERA | Files touched by this commit (2) |  |
Log message:
www/apache-tomcat6: Update to 6.0.53
Changelog:
Tomcat 6.0.53 (violetagg)
Coyote
fix Ensure that the socket is returned only once to the poller.
(violetagg)
Tomcat 6.0.52 (violetagg) not released
Coyote
fix Improve sendfile handling when requests are pipelined. (markt)
Tomcat 6.0.51 (violetagg) released 2017-03-16
Jasper
fix 60613: Refactor code generated for JSPs to reduce the size of
the code required for tags. (markt)
Other
Change Realm configuration in the default conf/server.xml
update file to use a org.apache.catalina.realm.LockOutRealm. The
LockOutRealm is available since 6.0.19, but has not been
configured by default. (kkolinko)
Update the packaged version of the Tomcat Native Library to
update 1.2.12 to pick up the latest Windows binaries built with
OpenSSL 1.0.2k. (violetagg)
update Update the NSIS Installer used to build the Windows
installer to version 3.01. (markt)
Refactor the build script and the NSIS installer script so
that either NSIS 2.x or NSIS 3.x can be used to build the
fix installer. This is primarily to re-enable building the
installer on the Linux based CI system where the combination
of NSIS 3.x and wine leads to failed installer builds.
(markt)
Tomcat 6.0.50 (violetagg) not released
Web applications
fix Ensure the ASF logo image is correctly displayed in ROOT, docs
and host-manager applications. (violetagg)
Tomcat 6.0.49 (violetagg) not released
Coyote
fix 57799: Remove useless sendfile check for NIO SSL. (remm)
60409: When unable to complete sendfile request, ensure the
fix Processor will be added to the cache only once. (markt/
violetagg)
Jasper
add 44294: Add support for varargs in UEL expressions. (markt)
fix 60356: Fix pre-compilation of JSPs that depend on nested tag
files packaged in a JAR. (markt)
fix 60431: Improve handling of varargs in UEL expressions. Based on
a patch by Ben Wolfe. (markt)
fix 60497: Restore previous tag reuse behavior following the use of
try/finally. (remm)
fix Improve the error handling for simple tags to ensure that the
tag is released and destroyed once used. (remm)
fix 60497: Follow up fix using a better variable name for the tag
reuse flag. (remm)
fix Revert use of try/finally for simple tags. (remm)
Web applications
fix Correct a typo in Host Configuration Reference. Issue
reported via comments.apache.org. (violetagg)
In the documentation web application, be explicit that
add clustering requires a secure network for all of the cluster
network traffic. (markt)
update Update the ASF logos to the new versions. (markt)
Other
update Update the ASF logos used in the Apache Tomcat installer for
Windows to use the new versions. (markt)
Tomcat 6.0.48 (violetagg) released 2016-11-15
Catalina
fix Correctly test for control characters when reading the provided
shutdown password. (markt)
fix When configuring the JMX remote listener, specify the allowed
types for the credentials. (markt)
Coyote
fix Correct the HTTP header parser so that DEL is not treated as a
valid token character. (markt)
Add additional checks for valid characters to the HTTP request
add line parsing so invalid request lines are rejected sooner.
(markt)
Web applications
fix Correct a typo in CGI How-To. Issue reported via
comments.apache.org. (violetagg)
Extras
55017: Add the ability to configure the RMI bind address when
add using the JMX remote listener. Patch provided by Alexey Noskov.
(markt)
fix 56039: Enable the JmxRemoteLifecycleListener to work over SSL.
Patch by esengstrom. (markt)
56096: When the attribute rmiBindAddress of the JMX Remote
fix Lifecycle Listener is specified it's value will be used when
constructing the address of a JMX API connector server. Patch
is provided by Jim Talbut. (markt)
57377: Remove the restriction that prevented the use of SSL
fix when specifying a bind address with the
JMXRemoteLifecycleListener. Also enable SSL to be configured
for the registry as well as the server. (markt)
Tomcat 6.0.47 (violetagg) released 2016-10-16
Catalina
fix Fixed a warning message that is logged during Tomcat startup.
(violetagg)
Tomcat 6.0.46 (violetagg) not released
Catalina
Log a warning message if a user tries to configure the default
add session timeout via the deprecated (and ignored)
Manager.setMaxInactiveInterval() method. (markt)
Correct a regression introduced in 6.0.45 where the deprecated
fix Manager.getMaxInactiveInterval() method returned the current
default session timeout in minutes rather than seconds. (markt)
fix 58486: Expand memory leak protection to include additional
issues identified related to XML parsing. (markt)
fix 59123: Close NamingEnumeration objects used by the JNDIRealm
once they are no longer required. (fschumacher/markt)
59138: Correct a false positive warning for ThreadLocal related
fix memory leaks when the key class but not the value class has
been loaded by the web application class loader. (markt)
59269: Correct the implementation of PersistentManagerBase so
fix that minIdleSwap functions as designed and sessions are swapped
out to keep the active session count below maxActiveSessions.
(markt)
fix 59247: Preload ResourceEntry as a workaround for security
manager issues on some JVMs. (kkolinko/remm)
59310: Do not add a Content-Length: 0 header for custom
fix responses to HEAD requests that do not set a Content-Length
value. (markt)
59449: In ContainerBase, ensure that the process to remove a
fix child container is the reverse of the process to add one. Patch
provided by Huxing Zhang. (markt)
RMI Target related memory leaks are avoidable which makes them
an application bug that needs to be fixed rather than a JRE bug
to work around. Therefore, start logging RMI Target related
fix memory leaks on web application stop. Add an option that
controls if the check for these leaks is made. Log a warning if
running on Java 9 with this check enabled but without the
command line option it requires. (markt)
59708: Modify the LockOutRealm logic. Valid authentication
fix attempts during the lock out period will no longer reset the
lock out timer to zero. (markt)
By default, treat paths used to obtain a request dispatcher as
fix encoded. This behaviour can be changed per web application via
the dispatchersUseEncodedPaths attribute of the Context.
(markt)
Provide a mechanism that enables the container to check if a
component (typically a web application) has been granted a
given permission when running under a SecurityManager without
add the current execution stack having to have passed through the
component. Use this new mechanism to extend SecurityManager
protection to the system property replacement feature of the
digester. (markt)
add When retrieving an object via a ResourceLink, ensure that the
object obtained is of the expected type. (markt)
fix Switch the CGI servlet to the standard logging mechanism and
remove support for the debug attribute. (markt)
Add a new initialisation parameter, envHttpHeaders, to the CGI
add Servlet to mitigate httpoxy (CVE-2016-5388) by default and to
provide a mechanism that can be used to mitigate any future,
similar issues. (markt)
When adding and removing ResourceLinks dynamically, ensure that
add the global resource is only visible via the ResourceLinkFactory
when it is meant to be. (markt)
fix Make timing attacks against the Realm implementations harder.
(schultz/markt)
fix Ensure Digester.useContextClassLoader is considered in case the
class loader is used. (violetagg)
60151: Improve the exception error messages when a ResourceLink
add fails to specify the type, specifies an unknown type or
specifies the wrong type. (markt)
Correct basePackage and PrivilegedFindResourceByName in
fix SecurityClassLoad so that tomcat can successfully start with
the Security Manager enabled. (csutherl)
Improve the access checks for linked global resources to handle
fix the case where the current class loader is a child of the web
application class loader. (markt)
Coyote
58646: Correct a problem with sendfile that resulted in a
fix Processor being added to the cache twice leading to broken
responses. (markt)
fix Limit the default TLS ciphers for JSSE (BIO, NIO) and OpenSSL
(APR) to those currently considered secure. (markt)
Add a new environment variable JSSE_OPTS that is intended to be
add used to pass JVM wide configuration to the JSSE implementation.
The default value is -Djdk.tls.ephemeralDHKeySize=2048 which
protects against weak Diffie-Hellman keys. (markt)
fix 59451: Correct Javadoc for MessageBytes. Patch provided by
Kyohei Nakamura. (markt)
Ensure that requests with HTTP method names that are not tokens
fix (as required by RFC 7231) are rejected with a 400 response.
(markt)
fix 59904: Add a limit (default 200) for the number of cookies
allowed per request. Based on a patch by gehui. (markt)
60123: Avoid potential threading issues that could cause
fix excessively large vales to be returned for the processing time
of a current request. (markt)
Jasper
Fix a memory leak in the expression language implementation
fix that caused the class loader of the first web application to
use expressions to be pinned in memory. (markt)
59654: Enforce the requirements of section 7.3.1 of the JSP
fix specification regarding the permitted locations for TLD files.
Patch provided by Huxing Zhang. (markt)
fix Catch and log any Exceptions during calls to Servlet.destroy()
when destroying the Servlet associated with a JSP page. (markt)
Improve the error handling for custom tags to ensure that the
fix tag is returned to the pool or released and destroyed once
used. (markt)
Web applications
fix 58935: Remove incorrect references in the documentation to
using jar:file: URLs with the Manager application. (markt)
Correct the description of the ServletRequest.getServerPort()
fix in Proxy How-To. Issue reported via comments.apache.org.
(violetagg)
fix Fix a potential indefinite wait in the Comet Chat servlet in
the examples web application. (markt)
fix Update in the documentation the link to the maven repository
where Tomcat snapshot artifacts are deployed. (markt/violetagg)
Clarify in the documentation that calls to ServletContext.log
fix (String, Throwable) or GenericServlet.log(String, Throwable)
are logged at the SEVERE level. (violetagg)
fix Correct a typo in SSL/TLS Configuration How-To. Issue reported
via comments.apache.org. (violetagg)
fix 58891: Update the SSL how-to. Based on a suggestion by
Alexander Kja:ll. (markt)
fix 59642: Mention the localDataSource in the DataSourceRealm
section of the Realm How-To. (markt)
fix 60034: Correct a typo in the Manager How-To page of the
documentation web application. (markt)
Add an example of using the classesToInitialize attribute of
add the JreMemoryLeakPreventionListener to the documentation web
application. Based on a patch by Cris Berneburg. (markt)
fix 60192: Correct a typo in the status output of the Manager
application. Patch provided by Radhakrishna Pemmasani. (markt)
Other
58283: Change the default download location for libraries
fix during the build process from /usr/share/java to $
{user.home}/temp. Patch provided by Ahmed Hosni. (markt)
59031: When using the Windows uninstaller, do not remove the
fix contents of any directories that have been symlinked into
the Tomcat directory structure. (markt)
Modify the default tomcat-users.xml file to make it harder
update for users to configure the entries intended for use with the
examples web application for the Manager application.
(markt)
update 59280: Update the NSIS Installer used to build the Windows
Installers to version 2.51. (kkolinko)
58626: Add support for a new environment variable
(USE_NOHUP) that causes nohup to be used when starting
fix Tomcat. It is disabled by default except on HP-UX where it
is enabled by default since it is required when starting
Tomcat at boot on HP-UX. (markt)
add Use the mirror network rather than the ASF master site to
download the current ASF dependencies. (markt)
Update the packaged version of the Tomcat Native Library to
update 1.2.10 to pick up the latest Windows binaries built with
OpenSSL 1.0.2j. (markt)
|
| 2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030) |
Log message: www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz |
| 2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033) |
Log message: www: Remove SHA1 hashes for distfiles |
| 2020-04-26 00:23:06 by Jean-Yves Migeon | Files touched by this commit (10) |
Log message:
For clarity, use tomcat_start (resp. tomcat_stop) function instead of
calling ${command} directly for start (resp. stop) within rc.d.
Tested on tomcat9; but applicable down to tomcat6.
Bump PKGREVISION.
ok ryo@.
|
| 2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046) |
Log message: all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU. |
| 2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89) |
Log message: Remove the stability entity, it has no meaning outside of an official context. |
| 2016-06-08 11:46:05 by Jonathan Perkin | Files touched by this commit (47) |
Log message: Change the service_bundle name to "export" to reduce diffs between the original manifest.xml file and the output from "svccfg export". |
| 2016-02-28 11:14:53 by Ryo ONODERA | Files touched by this commit (3) | |
Log message:
Update to 6.0.45
Changelog:
Tomcat 6.0.45 (jfclere)
Catalina
fix Back-port various improvements to the AprLifecycleListener including \
the fix for 57021 that improves logging when the Tomcat-Native DLL fails to \
load. (markt)
add 57154: Add support for web applications (Context elements) that do \
not have a docBase. This is intended for use when embedding, such as Tomcat unit \
tests, when a web application is configured programmatically and does not serve \
any files. Based on a patch provided by Huxing Zhang. (kkolinko)
add 57741: Enable the CGI servlet to use the standard error page \
mechanism. Note that if the CGI servlet's debug init parameter is set to 10 or \
higher then the standard error page mechanism will be bypassed and a debug \
response generated by the CGI servlet will be returned instead. (markt)
fix 57896: Support defensive copying of "cookie" header so \
that unescaping double quotes in a cookie value does not corrupt original value \
of "cookie" header. This is an opt-in feature, enabled by \
org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER or \
org.apache.catalina.STRICT_SERVLET_COMPLIANCE system property. (kkolinko)
fix 58031: Make the (first) reason parameter parsing failed available as \
a request attribute and then use it to provide a better status code via the \
FailedRequstFilter (if configured). (markt)
fix 58313: Fix concurrent access of encoders map when clearing encoders \
during Comet processing. (markt)
fix 58508: Escape role names when generating associated MBeans in case \
the role name contains characters not permitted in an MBean name. (markt)
fix 58582: Combined realm should perform background processing on its \
sub-realms. Based upon a patch provided by Aidan. (kkolinko)
add Move the functionality that provides redirects for context roots and \
directories where a trailing / is added from the Mapper to the DefaultServlet. \
This enables such requests to be processed by any configured Valves and Filters \
before the redirect is made. This behaviour is configurable via the \
mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes \
of the Context which may be used to restore the previous behaviour. (markt)
fix 58635: Enable break points to be set within agent code when running \
Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)
fix Add the StatusManagerServlet to the list of Servlets that can only \
be loaded by privileged applications. (markt)
fix Remove redundant copy of catalina.properties from o.a.c.startup. \
Generate this copy during the ant "compile" task. (kkolinko)
fix 58817: Fix ArrayIndexOutOfBoundsException caused by MapperListener \
when ROOT context is being undeployed and \
mapperContextRootRedirectEnabled="false". (kkolinko)
fix 58836: Correctly merge query string parameters when processing a \
forwarded request where the target includes a query string that contains a \
parameter with no value. (markt/kkolinko)
add Allow singleton server instance stored by ServerFactory to be \
cleared. Allow ResourceLinkFactory to be initialized more than once. This is \
used by unit tests when running several copies of Tomcat sequentially in the \
same JVM. When running with a SecurityManager the initialization method of \
ResourceLinkFactory is protected by requiring a RuntimePermission. (kkolinko)
add Extend the feature available in the cluster session manager \
implementations that enables session attribute replication to be filtered bases \
on attribute name to all session manager implementations. Note that \
configuration attribute name has changed from sessionAttributeFilter to \
sessionAttributeNameFilter. Apply the filter on load as well as unload to ensure \
that configuration changes made while the web application is stopped are applied \
to any persisted data. (markt)
add Extend the session attribute filtering options to include filtering \
based on the implementation class of the value and optional WARN level logging \
if an attribute is filtered. These options are available for all of the Manager \
implementations that ship with Tomcat. When a SecurityManager is used filtering \
will be enabled by default. (markt)
fix 58946: Ensure that the request parameter map remains immutable when \
processing via a RequestDispatcher. (markt)
Coyote
add Align the Java side of the tc-native connector with the Tomcat 7 \
implementation to ease future maintenance. (markt)
fix 51503: Add additional validation that prevents a connector from \
starting if it does not have a valid port number. (kkolinko)
add 52028: Add support for automatic binding to a free port by a \
connector if the special value of zero is used for the port. This is mainly \
useful in embedded and testing scenarios. (kkolinko)
fix 52926: Avoid NPE when an NIO Comet connection times out on one \
thread at the same time as it is closed on another thread. (markt/kkolinko)
fix 57943: Prevent the same socket being added to the cache twice. Patch \
based on analysis by Ian Luo / Sun Qi. (markt/kkolinko)
fix Improve HTTP header validation. (markt)
Web applications
fix 57971: Correct the documentation for the cluster configuration \
setting recoverySleepTime. (markt)
fix 58112: Update the documentation for using the Catalina tasks in an \
Apache Ant build file. (markt)
fix Improve the Javadoc for some of the APR socket read functions that \
have inconsistent behaviour for return values. (markt)
add 58255: Document the Semaphore valve. Patch provided by Kyohei \
Nakamu. (markt)
fix 58631: Correct the continuation character use in the Windows Service \
How-To page of the documenation web application. (markt)
fix Correct some typos in the JNDI resources How-To. (markt)
fix Add a redirect to the web interface to the root of the Manager web \
application. (markt)
fix Don't create sessions unnecessarily in the Manager application. (markt)
fix Add a redirect to the web interface to the root of the Host Manager \
web application. (markt)
fix Don't create sessions unnecessarily in the Host Manager application. \
(markt)
Other
fix Ensure JULI adapters JAR in Tomcat extras package does not include \
the LogFactoryImpl[$*] classes. Based on patch provided by Benjamin Gandon. \
(kkolinko)
code Convert test classes to JUnit 4. (kkolinko)
update 58596: Clarify the description in RUNNING.txt of how environment \
variables are used. (markt)
update Update the NSIS Installer used to build the Windows Installers to \
version 2.50. (markt/kkolinko)
add Add framework for client-server unit tests, porting it from Tomcat \
7. Add support for running the tests with Apache Ant. (kkolinko)
update Update to Tomcat Native Library version 1.1.34. (jfclere)
update Remove support for Intel Itanium CPU (i64, IA-64) in the Windows \
installer, as the current release of Tomcat Native does not have binaries for \
that processor architecture. (jfclere)
|
| 2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758) |
Log message: Add SHA512 digests for distfiles for www category Problems found locating distfiles: Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2 Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. |
New packages: