Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/www/apache-tomcat7
From: Matthias Scheler
Date: 2014-04-09 16:10:59
Message id: 20140409141059.E708096@cvs.netbsd.org

Log Message:
Pullup ticket #4361 - requested by ryoon
www/apache-tomcat7: security update

Revisions pulled up:
- www/apache-tomcat7/Makefile                                   1.18
- www/apache-tomcat7/PLIST                                      1.10
- www/apache-tomcat7/distinfo                                   1.12

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Tue Apr  8 20:14:55 UTC 2014

   Modified Files:
   	pkgsrc/www/apache-tomcat7: Makefile PLIST distinfo

   Log Message:
   Update to 7.0.53

   * Fix CVE-2014-0050 and CVE-2013-4590,

   Changelog:
   Tomcat 7.0.53 (violetagg)

       Catalina

           add	Make it easier for applications embedding and/or extending =
   Tomcat to modify the javaseClassLoader attribute of the WebappClassLoad=
   er. (markt)
           fix	Improve the robustness of web application undeployment base=
   d on some code analysis triggered by the report for 54315. (markt)
           fix	56219: Improve merging process for web.xml files to take ac=
   count of the elements and attributes supported by the Servlet version o=
   f the merged file. (markt)
           fix	56190: The response should be closed (i.e. no further outpu=
   t is permitted) when a call to AsyncContext.complete() takes effect. (m=
   arkt)
           fix	56236: Enable Tomcat to work with alternative Servlet and J=
   SP API JARs that package the XML schemas in such as way as to require a=
    dependency on the JSP API before enabling validation for web.xml. Tomc=
   at has no such dependency. (markt)
           fix	56246: Fix NullPointerException in MemoryRealm when authent=
   icating an unknown user. (markt)
           fix	56248: Allow the deployer to update an existing WAR file wi=
   thout undeploying the existing application if the update flag is set. T=
   his allows any existing custom context.xml for the application to be re=
   tained. To update an application and remove any existing context.xml si=
   mply undeploy the old version of the application before deploying the n=
   ew version. (markt)
           fix	Redefine the globalXsltFile initialisation parameter of the=
    DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf=
   . Prevent user supplied XSLTs used by the DefaultServlet from defining =
   external entities. (markt)
           add	Add a work around for validating XML documents (often TLDs)=
    that use just the file name to refer to refer to the JavaEE schema on =
   which they are based. (markt)
           fix	56293: Cache resources loaded by the class loader from /MET=
   A-INF/services/ for better performance for repeated look ups. (markt)

       Coyote

           fix	53119: Make sure the NIO AJP output buffer is cleared on an=
   y error to prevent any possible overflow if it is written to again befo=
   re the connection is closed. This extends the original fix for the APR/=
   native output buffer to the NIO connector. (kkolinko)
           fix	56172: Avoid possible request corruption when using the AJP=
    NIO connector and a request is sent using more than one AJP message. P=
   atch provided by Amund Elstad. (markt)
           fix	56213: Reduce garbage collection when the NIO connector is =
   under heavy load. (markt)
           fix	Improve processing of chuck size from chunked headers. Avoi=
   d overflow and use a bit shift instead of a multiplication as it is mar=
   ginally faster. (markt/kkolinko)
           fix	Fix possible overflow when parsing long values from a byte =
   array. (markt)

       Jasper

           fix	54475: Add Java 8 support to SMAP generation for JSPs. Patc=
   h by Robbie Gibson. (markt)
           fix	55483: Improve handing of overloaded methods and constructo=
   rs in expression language implementation. (markt)
           fix	56208: Restore the validateXml option to Jasper that was pr=
   eviously renamed validateTld. Both options are now supported. validateX=
   ml controls the validation of web.xml files when Jasper parses them and=
    validateTld controls the validation of *.tld files when Jasper parses =
   them. (markt)
           fix	56223: Throw an IllegalStateException if a call is made to =
   ServletContext.setInitParameter() after the ServletContext has been ini=
   tialized. (markt)
           fix	56265: Do not escape values of dynamic tag attributes conta=
   ining EL expressions. (kkolinko)
           fix	Make the default compiler source and target versions for JS=
   Ps Java 6 since Tomcat 7 requires Java 6 as a minimum. (markt)
           update	56283: Update to the Eclipse JDT Compiler P20140317-1600=
    which adds support for Java 8 syntax to JSPs. Add support for value "1=
   .8" for the compilerSourceVM and compilerTargetVM options. (markt)

       WebSocket

           fix	Avoid a possible deadlock when one thread is shutting down =
   a connection while another thread is trying to write to it. (markt)
           fix	Call onError if an exception is thrown calling onClose when=
    closing a session. (remm)

       Web applications

           code	In the documentation: add support for several documentatio=
   n tags from Tomcat 8. Such as <version-major/>. (kkolinko)
           add	56093: Add the SSL Valve to the documentation web applicati=
   on. (markt)
           fix	56217: Improve readability by using left alignment for the =
   table cell containing the request information on the Manager applicatio=
   n status page. (markt)
           fix	Fixed java.lang.NegativeArraySizeException when using "Expi=
   re sessions" command in the manager web application on a context where =
   the session timeout is disabled. (kfujino)
           fix	Add support for LAST_ACCESS_AT_START system property to Man=
   ager web application. (kfujino)
           fix	Add definition of org.apache.catalina.ant.FindLeaksTask. (k=
   fujino)
           fix	56273: If the Manager web application does not perform an o=
   peration because the web application is already being serviced, report =
   an error rather than reporting success. (markt)
           fix	56304: Add a note to the documentation about not using WebS=
   ocket with BIO HTTP in production. (markt)

       Other

           fix	56143: Improve service.bat so that it can be launched from =
   a non-UAC console. This includes using a single call to tomcat7.exe to =
   install the Windows service rather than three calls, and using command =
   line arguments instead of environment variables to pass the settings. (=
   markt/kkolinko)
           fix	Fix regression in 7.0.52: when using service.bat install to=
    install the service the values for --StdOutput, --StdError options wer=
   e passed as blank instead of "auto". (kkolinko)
           fix	Align options between service.bat and exe Windows installer=
   . For service.bat the changes are in --Classpath, --DisplayName, --Star=
   tPath, --StopPath. For exe installer the changes are in --JvmMs, --JvmM=
   x options, which are now 128 Mb and 256 Mb respectively instead of bein=
   g empty. Explicitly specify --LogPath path when uninstalling Windows se=
   rvice, avoiding default value for that option. (kkolinko)
           code	Simplify Windows *.bat files: remove %OS% checks, as java =
   6 does not run on ancient non-NT operating systems. (kkolinko)
           fix	56137: Explicitly use the BIO connector in the SSL example =
   in server.xml so it doesn't break if APR is enabled. (markt)
           fix	56139: Avoid a web application class loader leak in some un=
   it tests when running on Windows. (markt)
           fix	Correct build script to avoid building JARs with empty pack=
   ages. (markt)
           add	Allow to limit JUnit test run to a number of selected test =
   case methods. (kkolinko)
           fix	56189: Remove used file cpappend.bat from the distribution.=
    (markt)

   Tomcat 7.0.52 (violetagg)	released 2014-02-17

       Catalina

           fix	Generate a valid root element for the effective web.xml for=
    a web application for all supported versions of web.xml. (markt)

       Coyote

           code	Pull up SocketWrapper to AbstractProcessor. (markt)
           fix	In some circumstances asynchronous requests could time out =
   too soon. (markt)

   Tomcat 7.0.51 (violetagg)	not released

       Catalina

           fix	55287: ServletContainerInitializer defined in the container=
    may not be found. (markt/jboynes)
           fix	55855: Provide a per Context option (containerSciFilter) to=
    exclude container SCIs. (markt)
           fix	55937: When deploying applications, treat a context path of=
    /ROOT as equivalent to /. (markt)
           fix	55943: Improve the implementation of the class loader check=
    that prevents web applications from trying to override J2SE implementa=
   tion classes. As part of this fix, refactor the way a null parent class=
    loader is handled which enables a number of null checks and object cre=
   ation calls to be removed. (markt)
           fix	55958: Differentiate between foo.war the WAR file and foo.w=
   ar the directory. (markt)
           fix	55960: Improve the single sign on (SSO) unit tests. Patch p=
   rovided by Brian Burch. (markt)
           fix	55974: Retain order when reporting errors and warnings whil=
   e parsing XML configuration files. (markt)
           fix	56013: Fix issue with SPNEGO authentication when using IBM =
   JREs. IBM JREs only understand the option of infinite lifetime for Kerb=
   eros credentials. Based on a patch provided by Arunav Sanyal. (markt)
           fix	56016: When loading resources for XML schema validation, ta=
   ke account of the possibility that servlet-api.jar and jsp-api.jar may =
   not be loaded by the same class loader. Patch by Juan Carlos Estibariz.=
    (markt)
           fix	56025: When creating a WebSocket connection, always call Se=
   rverEndpointConfig.Configurator.getNegotiatedSubprotocol() and always c=
   reate the EndPoint instance after calling ServerEndpointConfig.Configur=
   ator.modifyHandshake(). (markt)
           fix	56032: Ensure that the WebSocket connection is closed after=
    an IO error or an interrupt while sending a WebSocket message. (markt)=

           fix	56042: If a request in async mode has an error but has alre=
   ady been dispatched don't generate an error page in the ErrorReportValv=
   e so the dispatch target can handle it. (markt)
           fix	Add missing javax.annotation.sql.* classes to annotations-a=
   pi.jar. (markt)
           fix	The type of logger attribute of Context MBean should be not=
    org.apache.commons.logging.Log but org.apache.juli.logging.Log. (kfuji=
   no)
           fix	56082: Fix a concurrency bug in JULI's LogManager implement=
   ation. (markt)
           fix	56096: When the attribute rmiBindAddress of the JMX Remote =
   Lifecycle Listener is specified it's value will be used when constructi=
   ng the address of a JMX API connector server. Patch is provided by Jim =
   Talbut. (violetagg)
           fix	When environment entry with one and the same name is define=
   d in the web deployment descriptor and with annotation then the one spe=
   cified in the web deployment descriptor is with priority. (violetagg)
           fix	Change default value of xmlBlockExternal attribute of Conte=
   xt. It is true now. (kkolinko)

       Coyote

           fix	Avoid possible NPE if a content type is specified without a=
    character set. (markt)
           fix	55956: Make the forwarded remote IP address available to th=
   e Connectors via a request attribute. (markt)
           fix	55976: Fix sendfile support for the HTTP NIO connector. (ma=
   rkt)
           fix	55996: Ensure Async requests timeout correctly when using t=
   he NIO HTTP connector. (markt)
           add	56021: Make it possible to use the Windows-MY key store wit=
   h the BIO and NIO connectors for SSL configuration. It requires a keyst=
   oreFile=3D"" keystoreType=3D"Windows-My" to be set on the \ 
connector. Ba=
   sed on a patch provided by Asanka. (markt)

       Jasper

           fix	Correct a regression in the XML refactoring that meant that=
    errors in TLD files were swallowed. (markt)
           fix	55671: Correct typo in the log message for a wrong value of=
    genStringAsCharArray init-param of JspServlet. This parameter had a di=
   fferent name in Tomcat 6. (kkolinko)
           fix	55973: Fix processing of XML schemas when validation is ena=
   bled in Jasper. (kkolinko)
           fix	56010: Don't throw an IllegalArgumentException when JspFact=
   ory.getPageContext is used with JspWriter.DEFAULT_BUFFER. Based on a pa=
   tch by Eugene Chung. (markt)
           fix	56012: When using the extends attribute of the page directi=
   ve do not import the super class if it is in an unnamed package as impo=
   rts from unnamed packages are now explicitly illegal. (markt)
           fix	56029: A regression in the fix for 55198 meant that when EL=
    containing a ternary expression was used in an attribute a compilation=
    error would occur for some expressions. (markt)
           fix	Correct several errors in jspxml Schema and DTD. (kkolinko)=

           fix	Change default value of the blockExternal attribute of JspC=
    task. The default value is true. Add support for -no-blockExternal swi=
   tch when JspC is run as a standalone application. (kkolinko)

       Cluster

           code	Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster.createM=
   anager(String). Remove unnecessary class cast. (kfujino)

       WebSocket

           fix	Do not return an empty string for the Sec-WebSocket-Protoco=
   l HTTP header when no sub-protocol has been requested or no sub-protoco=
   l could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol he=
   ader is returned in this case. (markt)

       Web applications

           fix	Add index.xhtml to the welcome files list for the examples =
   web application. (kkolinko)
           fix	Clarify that the connectionTimeout may also be used as the =
   read timeout when reading a request body (if any) in the documentation =
   web application. (markt)
           fix	Clarify the behaviour of the maxConnections attribute for a=
    connector in the documentation web application. (markt)
           fix	55888: Update the documentation web application to make it =
   clearer that a Container may define no more than one Realm. (markt)
           fix	55956: Where available, displayed the forwarded remote IP a=
   ddress available on the status page of the Manager web application. (ma=
   rkt)
           fix	Correct links to the Tomcat mailing lists in the ROOT web a=
   pplication. (kkolinko)
           fix	In Manager web application improve handling of file upload =
   errors. Display a message instead of error 500 page. Simplify parts han=
   dling code, as it is known that Tomcat takes care of them when recyclin=
   g a request. (kkolinko)

       Extras

           fix	55166, 56045: Copy the XML schemas used for validation that=
    are packaged in jsp-api.jar to servlet-api.jar so that an embedded Tom=
   cat instance can start without Jasper being available. This also enable=
   s validation to work without Jasper being available. (markt/kkolinko)
           fix	56039: Enable the JmxRemoteLifecycleListener to work over S=
   SL. Patch by esengstrom. (markt)

       Other

           fix	55743: Enable the stop script to work when the shutdown por=
   t is disabled and a PID file is defined. This is only available on plat=
   forms that use catalina.sh. (markt)
           fix	55986: When forcing Tomcat to stop via kill -9 $CATALINA_PI=
   D, the catalina.sh script could incorrectly report that Tomcat had not =
   yet completely stopped when it had. Based on a patch by jess. (markt)
           fix	Package correct license and notice files with embedded JARs=
   . (markt)
           code	Remove svn keywords (such as $Id) from source files and do=
   cumentation. (kkolinko)
           fix	Fix CVE-2014-0050, a denial of service with a malicious, ma=
   lformed Content-Type header and multipart request processing. Fixed by =
   merging latest code (r1565163) from Commons FileUpload. (markt)
           fix	56115: Expose the httpusecaches property of Ant's get task =
   as some users may need to change the default. Based on a suggestion by =
   Anthony. (markt)

   Tomcat 7.0.50 (violetagg)	released 2014-01-08

       Catalina

           fix	Handle the case where a context.xml file is added to a web =
   application deployed from a directory. Previously the file was ignored =
   until Tomcat was restarted. Now (assuming automatic deployment is enabl=
   ed) it will trigger a redeploy of the web application. (markt)
           fix	Fix string comparison in HostConfig.setContextClass(). (kko=
   linko)
           code	Streamline handling of WebSocket messages when no handler =
   is configured for the message currently being received. (markt)
           fix	Handle the case where a WebSocket annotation configures a m=
   essage size limit larger than the default permitted by Tomcat. (markt)
           fix	55855: This is a partial fix that bypasses the relatively e=
   xpensive check for a WebSocket upgrade request if no WebSocket endpoint=
   s have been registered. (markt)
           fix	55905: Prevent a NPE when web.xml references a taglib file =
   that does not exist. Provide better error message. (violetagg)

       Coyote

           fix	When using the BIO connector with an internal executor, do =
   not display a warning that the executor has not shutdown as the default=
    configuration for BIO connectors is not to wait. This is because threa=
   ds in keep-alive connections cannot be interrupted and therefore the wa=
   rning was nearly always displayed. (markt)

       Jasper

           fix	JspC uses servlet context initialization parameters to pass=
    configuration so ensure that the servlet context used supports initial=
   ization parameters. (markt)

       Cluster

           fix	In AbstractReplicatedMap#finalize, remove rpcChannel from c=
   hannel Listener of group channel before sending MapMessage.MSG_STOP mes=
   sage. This prevents that the node that sent the MapMessage.MSG_STOP by =
   normal shutdown is added to member map again by ping at heartbeat threa=
   d in the node that received the MapMessage.MSG_STOP. (kfujino)
           fix	Add time stamp to GET_ALL_SESSIONS message. (kfujino)

       Web applications

           fix	Fix the sample configuration of StaticMembershipInterceptor=
    in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)

       Extras

           update	Update dependencies that are used to build tomcat-juli e=
   xtras component. Apache Avalon Framework is updated to version 4.1.5, A=
   pache Log4J to version 1.2.17. (rjung)

   Tomcat 7.0.49 (violetagg)	not released

       Catalina

           fix	Correct a regression in the new XML local resolver that tri=
   ggered false failures when XML validation was configured. (markt)
           fix	Prevent a NPE when destroying HTTP upgrade handler for WebS=
   ocket connections. (violetagg)

   Tomcat 7.0.48 (violetagg)	not released

       Catalina

           add	51294: Add support for unpacking WARs located outside of th=
   e Host's appBase in to the appBase. (markt)
           fix	55656: Configure the Digester to use the server class loade=
   r when parsing server.xml rather than the class loader that loaded Stan=
   dardServer. Patch provided by Roberto Benedetti. (markt)
           fix	55664: Correctly handle JSR 356 WebSocket Encoder, Decoder =
   and MessageHandler implementations that use a generic type such as Enco=
   der.Text<List<String>>. Includes a test case by Niki Dokovski. (markt)
           fix	Correctly handle WebSocket Encoders, Decoders and MessageHa=
   ndlers that use arrays of generic types. (markt)
           fix	55681: Ensure that the WebSocket session is made available =
   to MessageHandler method calls. (markt)
           fix	Updated servlet spec version and documentation section-numb=
   er reported when JAR files are rejected for containing a trigger class =
   (e.g. javax.servlet.Servlet). (schultz)
           add	Modify the WebSocket handshake process so that the user pro=
   perties Map exposed by the ServerEndpointConfig during the call to Conf=
   igurator.modifyHandshake() is unique to the connection rather than shar=
   ed by all connections associated with the Endpoint. This allows for eas=
   ier configuration of per connection properties from within modifyHandsh=
   ake(). (markt)
           fix	55684: Log a warning but continue if the memory leak detect=
   ion code is unable to access all threads to check for possible memory l=
   eaks when a web application is stopped. (markt)
           fix	Define the web-fragment.xml in tomcat7-websocket.jar as a S=
   ervlet 3.0 web fragment rather than as a Servlet 3.1 web fragment. (mar=
   kt)
           fix	55715: Add a per web application executor to the WebSocket =
   implementation and use it for calling SendHandler.onResult() when there=
    is a chance that the current thread also initiated the write. (markt)
           fix	Prevent file descriptors leak and ensure that files are clo=
   sed when configuring the web application. (violetagg)
           fix	Fixed the name of the provider-configuration file located i=
   n tomcat7-websocket.jar!/META-INF/services that exposes information for=
    javax.websocket.server.ServerEndpointConfig$Configurator implementatio=
   n. (violetagg)
           fix	55760: Remove the unnecessary setting of the javax.security=
   .auth.useSubjectCredsOnly system property in the SpnegoAuthenticator as=
    in addition to it being unnecessary, it causes problems with using SPN=
   EGO with IBM JDKs. Patch provided by Arunav Sanyal. (markt)
           fix	55772: Ensure that the request and response are recycled af=
   ter an error during asynchronous processing. Includes a test case based=
    on code contributed by Todd West. (markt)
           fix	55778: Add an option to the JNDI Realm to control the QOP u=
   sed for the connection to the LDAP server after authentication when usi=
   ng SPNEGO with delegated credentials. This value is used to set the jav=
   ax.security.sasl.qop environment property for the LDAP connection. (mar=
   kt)
           fix	55798: Log an error if the MemoryUserDatabase is unable to =
   find the specified user database file. (markt)
           fix	55799: Correctly enforce the restriction in JSR356 that no =
   more than one data message may be sent to a remote WebSocket endpoint a=
   t a time. (markt)
           fix	When Catalina parses TLD files, always use a namespace awar=
   e parser to be consistent with how Jasper parses TLD files. The tldName=
   spaceAware attribute of the Context is now ignored. (markt)
           fix	Deprecate the tldNamespaceAware Context attribute as TLDs a=
   re always parsed with a namespace aware parser. (markt)
           fix	Correct a logic error that meant that unpackWARs was ignore=
   d and the WAR was always expanded if a WAR failed to deploy. (markt)
           add	Add support for defining copyXML on a per Context basis. (m=
   arkt)
           fix	Define the expected behaviour of the automatic deployment a=
   nd align the implementation to that definition. (markt)
           add	When running under a security manager, change the default v=
   alue of the Host's deployXML attribute to false. (markt)
           add	If a Host is configured with a value of false for deployXML=
   , a web application has an embedded descriptor at META-INF/context.xml =
   and no explicit descriptor has been defined for this application, do no=
   t allow the application to start. The reason for this is that the embed=
   ded descriptor may contain configuration necessary for secure operation=
    such as a RemoteAddrValve. (markt)
           fix	Prevent an NPE in the WebSocket ServerContainer when proces=
   sing an HTTP session end event. (markt)
           add	55801: Add the ability to set a custom SSLContext to use fo=
   r client wss connections. Patch provided by Maciej Lypik. (markt)
           fix	55804: If the GSSCredential for the cached Principal expire=
   s when using SPNEGO authentication, force a re-authentication. (markt)
           add	55811: If the main web.xml contains an empty absolute-order=
   ing element and validation of web.xml is not enabled, skip parsing any =
   web-fragment.xml files as the result is never used. (markt)
           fix	55839: Extend support for digest prefixes {MD5}, {SHA} and =
   {SSHA} to all Realms rather than just the JNDIRealm. (markt)
           fix	55842: Ensure that if a larger than default response buffer=
    is configured that the full buffer is used when a Servlet outputs via =
   a Writer. (markt)
           fix	55851: Further fixes to enable SPNEGO authentication to wor=
   k with IBM JDKs. Based on a patch by Arunav Sanyal. (markt)
           add	Fix CVE-2013-4590: Add an option to the Context to control =
   the blocking of XML external entities when parsing XML configuration fi=
   les and enable this blocking by default when a security manager is used=
   . The block is implemented via a custom resolver to enable the logging =
   of any blocked entities. (markt)

       Coyote

           code	Implement a number of small refactorings to the APR/native=
    handler for upgraded HTTP connections. (markt)
           fix	Fix an issue with upgraded HTTP connections over HTTPS (e.g=
   . secure WebSocket) when using the APR/native connector that resulted i=
   n the unexpected closure of the connection. (markt)
           fix	Ensure that the application class loader is used when calli=
   ng the ReadListener and WriteListener methods when using non-blocking I=
   O. A side effect of not doing this was that JNDI was not available when=
    processing WebSocket events. (markt)
           add	Make the time that the internal executor (if used) waits fo=
   r request processing threads to terminate before continuing with the co=
   nnector stop process configurable. (markt)
           fix	55749: Improve the error message when SSLEngine is disabled=
    in the AprLifecycleListener and SSL is configured for an APR/native co=
   nnector. (markt)
           add	If a request that includes an Expect: 100-continue header r=
   eceives anything other than a 2xx response, close the connection This p=
   rotects against misbehaving clients that may not sent the request body =
   in that case and send the next request instead. (markt)
           fix	Improve the parsing of trailing headers in HTTP requests. (=
   markt)

       Jasper

           fix	55735: Fix a regression caused by the fix to 55198. When pr=
   ocessing JSP documents, attributes in XML elements that are template co=
   ntent should have their text xml-escaped, but output of EL expressions =
   in them should not be escaped. (markt)
           fix	55807: The JSP compiler used a last modified time of -1 for=
    TLDs in JARs expanded in to WEB-INF/classes (IDEs often do this expans=
   ion) when creating the dependency list for JSPs that used that TLD. Thi=
   s meant JSPs using that TLD were recompiled on every access. (markt)

       Cluster

           add	Add log message that initialization of AbstractReplicatedMa=
   p has been completed. (kfujino)
           fix	The logger of AbstractReplicatedMap should be non-static in=
    order to enable logging of each application. Side-effects of this chan=
   ge is to throw RuntimeException in MapMessage#getKey() and getValue() i=
   nstead of Null return and error log. (kfujino)
           code	Simplify the code of DeltaManager#startInternal(). Reduce =
   unnecessary nesting for acquisition of cluster instance. (kfujino)
           fix	Remove unnecessary attributes of stateTransferCreateSendTim=
   e and receiverQueue from cluster manager template. These attributes sho=
   uld not be defined as a template. (kfujino)
           fix	Fix MBean attribute definition of stateTransfered. The meth=
   od name is not isStateTransfered() but getStateTransfered(). (kfujino)
           fix	Correct stop failure log of cluster. Failure cause is not o=
   nly Valve. (kfujino)
           fix	Remove unnecessary sleep when sending session blocks on ses=
   sion sync phase. (kfujino)
           fix	Expose stateTimestampDrop of org.apache.catalina.ha.session=
   .DeltaManager via JMX. (kfujino)
           fix	When the ping timeouted, make sure that memberDisappeared m=
   ethod is not called by specifying the members that has already been rem=
   oved. (kfujino)
           add	Add log message of session relocation when member disappear=
   ed. (kfujino)
           fix	If ping message fails, prevent wrong timeout detection of n=
   ormal member that is no failure members. (kfujino)

       Web applications

           add	Add some documentation on the SSL configuration options for=
    WebSocket clients. (markt)
           add	Add to cluster document a description of notifyLifecycleLis=
   tenerOnFailure and heartbeatBackgroundEnabled. (kfujino)
           fix	Update the documentation with information for WebSocket 1.0=
    specification and javadoc. (violetagg)
           fix	55703: Clarify the role of the singleton attribute for JNDI=
    resource factories. (markt)
           fix	55746: Add documentation on the allRolesMode to the Combine=
   dRealm and LockOutRealm. Patch by C=E9dric Couralet. (markt)
           add	Expand the information on web applications that ship as par=
   t of Tomcat in the security how-to section of the documentation web app=
   lication. (markt)
           fix	Expand the description of the WebSocket buffers in the docu=
   mentation web application to clarify their purpose. (markt)
           add	Correct the documentation for Cluster manager. (kfujino)
           add	Add information on how to configure integrated Windows auth=
   entication when Tomcat is running on a non-Windows host. (markt)

       Extras

           update	Update commons-logging to version 1.1.3. (rjung)

       Other

           add	52323: Add support for the Cobertura code coverage tool whe=
   n running the unit tests. Based on a patch by mhasko. (markt/kkolinko)
           update	Update sample Eclipse IDE project. Explicitly use a Java=
    6 SE JDK. Exclude JSR356 WebSocket classes from build path, as they ca=
   nnot be compiled with Java 6. (kkolinko)
           update	Update the Eclipse compiler to 4.3.1. (kkolinko/markt)

Files:
RevisionActionfile
1.17.2.1modifypkgsrc/www/apache-tomcat7/Makefile
1.9.2.1modifypkgsrc/www/apache-tomcat7/PLIST
1.11.4.1modifypkgsrc/www/apache-tomcat7/distinfo