Subject: CVS commit: pkgsrc/www/apache-tomcat9
From: Ryo ONODERA
Date: 2020-01-13 08:48:10
Message id: 20200113074810.5EB7EFBF4@cvs.NetBSD.org

Log Message:
apache-tomcat9: Update to 9.0.30

Changelog:
Tomcat 9.0.30 (markt)
Catalina

    Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and \ 
friends. (michaelo)
    Fix: 63964: Correct a regression in the static resource caching changes \ 
introduced in 9.0.28. URLs constructed from URLs obtained from the cache could \ 
not be used to access resources. (markt)
    Fix: 63970: Correct a regression in the static resource caching changes \ 
introduced in 9.0.28. Connections to URLs obtained for JAR resources could not \ 
be cast to JarURLConnection. (markt)
    Add: 63937: Add a new attribute to the standard Authenticator \ 
implementations, allowCorsPreflight, that allows the Authenticators to be \ 
configured to allow CORS preflight requests to bypass authentication as required \ 
by the CORS specification. (markt)
    Fix: 63939: Correct the same origin check in the CORS filter. An origin with \ 
an explicit default port is now considered to be the same as an origin without a \ 
deafult port and origins are now compared in a case-sensitive manner as required \ 
by the CORS specification. (markt)
    Fix: 63981: Allow multiple calls to Registry.disableRegistry() without the \ 
second and subsequent calls triggering the logging of a warning. Based on a \ 
patch by Andy Wilkinson. (markt)
    Fix: 63982: CombinedRealm makes assumptions about principal implementation \ 
(michaelo)
    Fix: 63983: Correct a regression in the static resource caching changes \ 
introduced in 9.0.28. A large number of file descriptors were opened that could \ 
reach the OS limit before being released by GC. (markt)
    Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo)
    Code: Add a unit test for the session FileStore implementation and refactor \ 
loops in FileStore to use the ForEach style. Pull request provided by Govinda \ 
Sakhare. (markt)
    Update: Moved server-side include (SSI) module into a separate JAR library. \ 
(schultz)
    Fix: Refactor FORM authentication to reduce duplicate code and to ensure \ 
that the authenticated Principal is not cached in the session when caching is \ 
disabled. (markt)

Coyote

    Fix: Fix endpoint closeSocket and destroySocket discrepancies, in particular \ 
in the APR connector. (remm)
    Fix: Harmonize maxConnections default value to 8192 across all connectors. (remm)
    Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking \ 
operations see a SocketTimeoutException if one occurs. (remm/markt)
    Fix: 63932: By default, do not compress content that has a strong ETag. This \ 
behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new \ 
Connector attribute noCompressionStrongETag. (markt)
    Fix: 63949: Fix non blocking write problems with NIO due to the need for a \ 
write loop. (remm)
    Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. \ 
All regular writes will now be buffered for a more predictable behavior. (remm)
    Fix: Send an exception directly to the completion handler when a timeout \ 
exception occurs for the operation, and add a boolean to make sure the \ 
completion handler is called only once. (remm/markt)

WebSocket

    Fix: Ensure a couple of very unlikely concurrency issues are avoided when \ 
writing WebSocket messages. (markt)

Web applications

    Fix: Fix the broken re-try link on the error page for the FORM \ 
authentication example in the JSP section of the examples web application. \ 
(markt)
    Add: Improvements to CsrfPreventionFilter: additional logging, allow the \ 
CSRF nonce request parameter name to be customized. (schultz)
    Fix: Correct the documentation for the maxConnections attribute of the \ 
Connector in the documentation web application. (markt)
    Add: Add the ability to set and display session attributes in the JSP FORM \ 
authentication example to demonstrate session persistence across restarts for \ 
authenticated sessions. (markt)

Other

    Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and \ 
JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused \ 
various regressions, particularly with daemon.sh. (markt)
    Update: Update the OWB module to Apache OpenWebBeans 2.0.13. (remm)
    Update: Support Java 11 in Graal Native Images with Graal 19.3+. (remm)
    Add: Expand the search made by the Windows installer for a suitable Java \ 
installation to include the 64-bit JDK registry entries and the JAVA_HOME \ 
environment variable. Pull request provided by Alexander Norz. (markt)
    Add: Expand the coverage of the Korean translations provided with Apache \ 
Tomcat. (woonsan)
    Add: Expand the coverage of the French translations provided with Apache \ 
Tomcat. (remm)
    Add: Expand the coverage of the Chinese translations provided with Apache \ 
Tomcat. Contributions provided by lins and 磊. (markt)
    Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, \ 
6.4.2-dev). Code clean-up only. (markt)
    Add: Update the internal fork of Apache Commons Codec to 9637dd4 \ 
(2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
    Add: Update the internal fork of Apache Commons FileUpload to 2317552 \ 
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
    Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 \ 
(2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
    Add: Update the internal fork of Apache Commons DBCP 2 to a36390 \ 
(2019-12-06, 2.7.1-SNAPSHOT). Minor refactoringremote RMI registry creation. \ 
(remm)
    Add: Improvement to CsrfPreventionFilter: expose the latest available nonce \ 
as a request attribute; expose the expected nonce request parameter name as a \ 
context attribute. (schultz)

Coyote

    Add: 63835: Add suormance of the HTTP and AJP connectors if socket.txBufSize \ 
is configured with an explicit value rather than using the JVM default. (markt)

Other

    Fix: Improve OWB module based using custom shade appender. (remm)
    Fix: Add security filter in OWB mo error occurs on stop. (remm)
    Add: Add more details on the usage of RewriteMap functionality in the \ 
RewriteValve. (fschumacher)
    Fix: 63836 Ensure that references to the Host object are cleared once the \ 
Host instance is destroyed. (markt)
    Fix:  static files (including JSP files) goes via the cache so that a \ 
consistent view of the static files is seen. Prior to this change it was \ 
possible to see an updated last modified time but the content would be that \ 
prior to the modification. (markt)
    Update: 63905 Clean up Tomcat CSS. (michaelo)
    Fix: 63909: When the ExpiresFilter is used without a default and the \ 
response is served by the Default Servlet, ensure that the filter processes the \ 
response if the Default Servlet sets a 304 (Not Found) status code. (markt)

Coyote

    Fix: Ensure that ServletRequest.isAsyncStarted() returns false once \ 
AsyncContext.complete() or AsyncContext.dispatch() has been called during \ 
AsyncListener.onTimeout() or AsyncListener.onError(). (markt)
    Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous \ 
processing has been started but before the container thread that started \ 
asynchronous processing has completed processing the current request/response. \ 
(markt)
    Fix: 63825: When processing the Expect and Connection HTTP headers looking \ 
for a specific token, be stricter in ensuring that the exact token is present. \ 
(markt)
    Fix: 63829: Improve the check of the Content-Encoding header when looking to \ 
see if Tomcat is serving pre-compressed content. Ensure that only a full token \ 
is matched and that the match is case insensitive. (markt)
    Fix: 63864: Refactor parsing of the transfer-encoding request header to use \ 
the shared parsing code and reduce duplication. (markt)
    Fix: 63865: Add Unset option to same-site cookies and pass through None \ 
value if set by user. Patch provided by John Kelly. (markt)
    Fix: 63879: Remove stack trace from debug logging on socket wrapper close. (remm)
    Update: Add connection tracking on the connector endpoint to remove \ 
excessive concurrency in the protocol handler when maintaining an association \ 
between the socket wrapper and its current processor. (remm)
    Fix: 63894: Ensure that the configured values for certificateVerification \ 
and certificateVerificationDepth are correctly passed to the OpenSSL based \ 
SSLEngine implementation. (remm/markt)
    Fix: Improve cleanup after errors when setting socket options. (remm)
    Fix: Do not perform a blocking read after a CPING message is received by the \ 
AJP connector because, if the JK Connector is configured with \ 
ping_mode="I", the CPING message will not always be followed by the \ 
start of a request. (markt)
    Fix: Properly calculate all dynamic parts of the ErrorReportValve response \ 
on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo)

Jasper

    Fix: 63897: Capture the timestamp of a JSP for the purposes of modification \ 
tracking before the JSP is compiled to prevent a race condition if the JSP is \ 
modified during compilation. Patch provided by Karl von Randow. (markt)
    Fix: Fix a race condition that could mean changes to a modified JSP were not \ 
visible to end users. (markt)

WebSocket

    Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater \ 
used by the PerMessageDeflate extension in an IOException so that the error can \ 
be caught and handled by the WebSocket error handling mechanism. (markt)

Web applications

    Fix: Correct the description of the default value for the server attribute \ 
in the security How-To. (markt)

Other

    Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell \ 
scripts to avoid the expansion of *. Note that any newlines present in \ 
CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (markt)
    Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz \ 
from the binary zip distributions for Windows since compiled versions of those \ 
components are already included within the zip distributions. (markt)
    Fix: 63838: Suppress reflexive access warnings when running the unit tests \ 
on the command line. (markt)
    Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in \ 
org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
    Update: Update the CXF module to Apache CXF 3.3.4. (remm)
    Add: Expand the coverage and quality of the French translations provided \ 
with Apache Tomcat. (remm)
    Add: Expand the coverage and quality of the Japanese translations provided \ 
with Apache Tomcat. Patch provided by motohashi.yuki. (markt)
    Add: Expand the coverage and quality of the Simplified Chinese translations \ 
provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, \ 
leeyazhou, winsonzhao, qingshi huang, Lay, Shucheng Hou and Yanming Zhou. \ 
(markt)
    Add: Expand the coverage and quality of the Brazilian Portuguese \ 
translations provided with Apache Tomcat. Patch provided by Danielamorais. \ 
(markt)

2019-10-11 Tomcat 9.0.27 (markt)
Catalina

    Fix: Correct a regression introduced in 9.0.25 that prevented configuration \ 
files from being loaded from the class path. (markt)

Coyote

    Fix: Use URL safe base 64 encoding rather than standard base 64 encoding \ 
when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade \ 
to h2c as required by RFC 7540. (markt)
    Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge \ 
cases. (remm)
    Fix: 63766: Ensure Processor objects are recycled when processing an HTTP \ 
upgrade connection that terminates before processing switches to the Processor \ 
for the upgraded protocol. (markt)
    Fix: Fix a memory leak introduced by the HTTP/2 timeout refactoring in \ 
9.0.23 that could occur when HTTP/2 or WebSocket was used. (markt)

Jasper

    Update: Update to the Eclipse JDT compiler 4.13. (markt)
    Fix: Add GraalVM specific ELResolver to avoid BeanInfo use in BeanElResolver \ 
if possible, as it needs manual reflection configuration. (remm)
    Fix: 63781: When performing various checks related to the visibility of \ 
classes, fields an methods in the EL implementation, also check that the \ 
containing module has been exported. (markt)

Web Socket

    Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request \ 
only contains a port if a non-default port is being used. (markt)
    Fix: When running on Java 9 and above, don't attempt to instantiate \ 
WebSocket Endpoints found in modules that are not exported. (markt)

Web Applications

    Add: Add base GraalVM documentation. (remm)
    Add: Add Javadoc for the Common Annotations API implementation. (markt)
    Fix: Correct various typos in the comments, error messages and Javadoc. \ 
Patch provided by 康智冬. (markt)

jdbc-pool

    Fix: When connections are validated without an explicit validation query, \ 
ensure that any transactions opened by the validation process are committed. \ 
Patch provided by Pascal Davoust. (markt)

Other

    Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was \ 
only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has \ 
been moved there. (rjung)
    Fix: 63759: When installing Tomcat with the Windows installer, grant \ 
sufficient privileges to enable the uninstaller to execute when user account \ 
control is active. (markt)
    Add: Use a build property to define the minimum supported Java version and \ 
use that build property to reduce the number of edits required to update the \ 
minimum supported Java version. (markt)
    Update: Update the OWB module to Apache OpenWebBeans 2.0.12. (remm)
    Update: Update the CXF module to Apache CXF 3.3.3. (remm)
    Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in \ 
Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start \ 
when running on an operating system that had not been fully updated. (markt)

Files:
RevisionActionfile
1.5modifypkgsrc/www/apache-tomcat9/Makefile
1.5modifypkgsrc/www/apache-tomcat9/PLIST
1.5modifypkgsrc/www/apache-tomcat9/distinfo