Navigation:
Browse pkgsrc
(this page) 2024-07-18 14:52:24 by Ryo ONODERA | Files touched by this commit (5) |  |
Log message:
www/apache-tomcat55: Update to 5.5.36
Changelog:
Tomcat 5.5.36 (markt)
General
update Update to Apache Commons Daemon 1.0.10. (markt)
update Update to Apache Commons Pool 1.5.7. (markt)
update Update to Apache Tomcat Native 1.1.24. (markt)
update Update to Eclipse JDT 3.7.2. (markt)
Catalina
fix 52677: The new SetCharacterEncodingFilter needs to implement
Filter to be useful. (markt)
53050: Fix XOR arithmetics and charset issue when calculating
fix entropy to initialize random numbers generator in session manager.
Based on a proposal by Andras Rozsa. (kkolinko/jim)
fix 53531: Better checking and improved error messages for directory
creation during automatic deployment. (schultz/kkolinko)
Various improvements to the DIGEST authenticator including 52954,
fix the disabling caching of an authenticated user in the session by
default, tracking server rather than client nonces and better
handling of stale nonce values. (markt)
code Remove unneeded handling of FORM authentication in RealmBase.
(kkolinko)
fix 53830: Better handling of Manager.randomFile default value on
Windows. (kkolinko)
Coyote
fix Ensure that the chunked input filter is correctly recycled between
requests. (kkolinko/jim)
add Implement the maxHeaderCount for the HTTP connectors. (kkolinko)
42181: Better handling of edge conditions in chunk header
fix processing. Improve chunk header parsing. Properly ignore
chunk-extension suffix, not trying to parse digits contained in it.
Reject chunks whose header is incorrect. (kkolinko)
Webapps
fix 52641: Remove mentioning of ldap.jar from docs. Patch provided by
Felix Schumacher. (rjung)
fix 53158: Fix documented defaults for DBCP. Patch provided by
ph.dezanneau at gmail.com. (rjung)
Other
fix 52640: Correct set the endorsed directory location when using
the Windows installer. (markt)
update 52579: Add a note about Sun's Charset.decode() bug to the
RELEASE-NOTES file. (kkolinko)
|
| 2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030) |
Log message: www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz |
| 2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033) |
Log message: www: Remove SHA1 hashes for distfiles |
| 2020-04-29 21:44:49 by Maya Rashish | Files touched by this commit (4) |
Log message: *: Remove logic for outdated NetBSD versions. |
| 2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046) |
Log message: all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU. |
| 2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758) |
Log message: Add SHA512 digests for distfiles for www category Problems found locating distfiles: Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2 Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. |
| 2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350) |
Log message: Remove example rc.d scripts from PLISTs. These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or ignored otherwise. |
| 2012-10-28 07:31:10 by Aleksej Saushev | Files touched by this commit (600) |
Log message: Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. |
| 2012-04-04 13:34:27 by OBATA Akio | Files touched by this commit (3) |
Log message:
Update apache-tomcat to 5.5.35.
(fix CVE-2011-4858)
Tomcat 5.5.35 (jim)
Catalina
* Make configuration issues for security related Valves and Filters
result in the failure of the valve or filter rather than just a
warning message. (markt)
* Ensure changes to the configuration of the RemoteHostValve and the
RemoteAddrValve via JMX are thread-safe. (markt)
* In RequestFilterValve (RemoteAddrValve, RemoteHostValve): refactor
value matching logic into separate method and expose this new method
isAllowed through JMX. (kkolinko)
* Improve performance of parameter processing for GET and POST requests.
Also add an option to limit the maximum number of parameters processed
per request. This defaults to 10000. Excessive parameters are ignored.
Note that FailedRequestFilter can be used to reject the request if
some parameters were ignored. (markt/kkolinko)
* New filter FailedRequestFilter that will reject a request if there
were errors during HTTP parameter parsing. (kkolinko)
* 52384: Do not fail with parameter parsing when debug logging is
enabled. (kkolinko, jim)
* Do not flag extra '&' characters in parameters as parse errors.
(kkolinko, jim)
* Slightly improve performance of UDecoder.convert(). Align %2f handling
between implementations. (kkolinko)
* 52225: Fix ClassCastException when adding an alias for an existing
host via JMX. (kkolinko)
* Do not throw an IllegalArgumentException from a parseParameters() call
when a chunked POST request is too large, but treat it like an IO
error. (kkolinko)
* Add SetCharacterEncodingFilter (similar to the one contained in the
examples web application) to the org.apache.catalina.filters package
so it is available for all web applications. (kkolinko)
General
* Update Eclipse compiler to 3.7 and switch to using ecj.jar. (markt)
Coyote
* Improve multi-byte character handling in all connectors. (rjung)
Jasper
* 52335: Only handle <\% and not \% as escaped in template text. (markt)
Webapps
* 52049: Improve setup instructions for running as a Windows service:
correct information on how a JRE is identified and selected.
(kkolinko)
* 52172: Update Tomcat build instructions. Includes changes proposed by
bmargulies. (kkolinko)
* 52243: Improve windows service documentation to clarify how to include
# and/or ; in the value of an environment variable that is passed to
the service. (markt)
Other
* 52059: Ensure Windows registry keys are removed when using the
un-install option of the Windows installer. (markt)
|
| 2011-09-25 10:53:37 by OBATA Akio | Files touched by this commit (2) |
Log message:
Update apache-tomcat55 to 5.5.34.
General
* Update Tomcat-Native to 1.1.22. (jim)
* Fix CVE-2011-2729. Update to Commons Daemon 1.0.7. (markt)
* 33262: When using the Windows installer, the monitor is now auto-started for
the current user rather than all users to be consistent with menu item
creation. (markt)
* 40510: Provide an option within the Windows installer to create menu entries
for the current user or all users. (markt)
* 50949: Add the ability to specify the AJP port and the shutdown port when
using the Windows installer. (markt)
* 51135: Fix auto-detection of JAVA_HOME for 64-bit Windows platforms that only
have a 32-bit JVM installed when using the Windows installer. (markt)
Catalina
* 27988: Improve reporting of missing files. (markt)
* 28852: Add URL encoding where missing to parameters in URLs presented by Ant
tasks to the Manager application. Based on a patch by Stephane Bailliez.
(mark)
* 41179: Return 404 rather than 400 for requests to the ROOT context when no
ROOT context has been deployed. (markt)
* 50189: Once the application has finished writing to the response, prevent
further reads from the request since this causes various problems in the
connectors which do not expect this. (markt)
* Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
runtime exception (e.g. OOME) occurs while creating a new user for a
MemoryUserDatabase via JMX. (markt)
* 51042: Don't trigger session creation listeners when a session ID is changed
as part of the authentication process. (markt)
* 51324: Improve handling of exceptions when flushing the response buffer to
ensure that the doFlush flag does not get stuck in the enabled state. Patch
provided by Jeremy Norris. (kkolinko)
* 51403: Avoid NullPointerException in JULI FileHandler if formatter is
misconfigured. (kkolinko)
* 51473: Fix concatenation of values in SecurityConfig.setSecurityProperty()
when the value provided by JRE is null. (kkolinko)
* 51550: Internal errors in Tomcat components that process requests before they
are passed to a web application, such as Authenticators, now return a 500
response rather than a 200 response. (markt)
* Add additional configuration options to the DIGEST authenticator. (markt)
Coyote
* Fix CVE-2011-2526. Protect against crashes (HTTP APR) if sendfile is
configured to send more data than is available in the file. (markt)
* 50394: Return -1 from read operation instead of throwing an exception when
encountering an EOF with the HTTP APR connector. (kkolinko)
* 50744: Skip the SSL configuration check on platforms where an unbounded
socket cannot be created. (kkolinko)
* 51073: Throw an exception and do not start the APR connector if it is
configured for SSL and an invalid value is provided for SSLProtocol. (markt)
* 51698: Fix CVE-2011-3190. Prevent AJP message injection. (markt)
Jasper
* 36362: Handle the case where tag file attributes (which can use any valid XML
name) have a name which is not a Java identifier. (markt)
* Fix possible threading issue in JSP compilation when development mode is
enabled. (markt)
Cluster
* 48717: Ensure session activation events are fired. (markt)
* 50771: Ensure HttpServletRequest#getAuthType() returns the name of the
authentication scheme if request has already been authenticated. (kfujino)
* 51647: Fix session replication when a session attribute is a Java dynamic
proxy. Based on a patch by Tomasz Skutnik. (markt)
Webapps
* 41498: Add the allRolesMode attribute to the Realm configuration page in the
documentation web application. (markt)
* Configure Security Manager How-To to include a copy of the actual
conf/catalina.policy file when the documentation is built, rather than
maintaining a copy of its content. (kkolinko)
* 48997: Fixed some typos and improve cross-referencing to the HTTP Connector
and APR documentation with the SSL How-To page of the documentation web
application. (markt)
Other
* Align jpda settings in catalina.bat with catalina.sh, tc6.0.x, tc7.0.x and
trunk. (markt)
* Clarify error messages in *.sh files to mention that if a script is not found
it might be because execute permission is needed. (kkolinko)
|
New packages: