Log message:
www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz

Log message:
www: Remove SHA1 hashes for distfiles

Log message:
For clarity, use tomcat_start (resp. tomcat_stop) function instead of
calling ${command} directly for start (resp. stop) within rc.d.

Tested on tomcat9; but applicable down to tomcat6.

Bump PKGREVISION.

ok ryo@.

Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.

Log message:
Update to 8.0.53

Changelog:
Tomcat 8.0.53 (violetagg)

Catalina
	Fix:  Treat the <mapped-name> element of a <env-entry> in web.xml \ 
in the same way as the mappedName element of the equivalent @Resource \ 
annotation. Both now attempt to set the mappedName property of the resource. \ 
(markt)
	Fix:  Correct the processing of resources with <injection-target>s \ 
defined in web.xml. First look for a match using JavaBean property names and \ 
then, only if a match is not found, look for a match using fields. (markt)
	Fix:  When restoring a saved request with a request body after FORM \ 
authentication, ensure that calls to the HttpServletRequest methods \ 
getRequestURI(), getQueryString() and getProtocol() are not corrupted by the \ 
processing of the saved request body. (markt)
	Fix:  JNDI resources that are defined with injection targets but no value are \ 
now treated as if the resource is not defined. (markt)
	Fix:  Ensure that JNDI names used for <lookup-name> entries in web.xml \ 
and for lookup elements of @Resource annotations specify a name with an explicit \ 
java: namespace. (markt)
	Code:  Refactor the org.apache.naming package to reduce duplicate code. \ 
Duplicate code identified by the Simian tool. (markt)
	Fix:  50019: Add support for <lookup-name>. Based on a patch by Gurkan \ 
Erdogdu. (markt)
	Fix:  60490: Various formatting and layout improvements for the \ 
ErrorReportValve. Patch provided by Michael Osipov. (markt)
	Fix:  62343: Make CORS filter defaults more secure. This is the fix for \ 
CVE-2018-8014. (markt)
	Fix:  Ensure that the web application resources implementation does not \ 
incorrectly cache results for resources that are only visible as class loader \ 
resources. (markt)
	Fix:  Make all loggers associated with Tomcat provided Filters non-static to \ 
ensure that log messages are not lost when a web application is reloaded. \ 
(markt)
	Fix:  Correct the manifest for the annotations-api.jar. The JAR implements the \ 
Common Annotations API 1.2 and the manifest should reflect that. (markt)
	Fix:  Switch to non-static loggers where there is a possibility of a logger \ 
becoming associated with a web application class loader causing log messages to \ 
be lost if the web application is stopped. (markt)
	Add:  62389: Add the IPv6 loopback address to the default internalProxies \ 
regular expression. Patch by Craig Andrews. (markt)
	Fix:  In the RemoteIpValve and RemoteIpFilter, correctly handle the case when \ 
the request passes through one or more trustedProxies but no internalProxies. \ 
Based on a patch by zhanhb. (markt)
	Fix:  Correct the logic in MBeanFactory.removeConnector() to ensure that the \ 
correct Connector is removed when there are multiple Connectors using different \ 
addresses but the same port. (markt)
	Fix:  Make JAASRealm mis-configuration more obvious by requiring the \ 
authenticated Subject to include at least one Principal of a type specified by \ 
userClassNames. (markt)
	Fix:  62476: Use GMT timezone for the value of Expires header as required by \ 
HTTP specification (RFC 7231, 7234). (kkolinko)

Log message:
Update to 8.0.50

Changelog:
Tomcat 8.0.50 (violetagg)

Catalina
    Fix: Prevent a stack trace being written to standard out when running on \ 
Java 10 due to changes in the LogManager implementation. (markt)
    Fix: Avoid duplicate load attempts if one has been made already. (remm)
    Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
    Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root \ 
cause exception is reported rather than swallowed. (markt)
    Fix: 62036: When caching an authenticated user Principal in the session when \ 
the web application is configured with the NonLoginAuthenticator, cache the \ 
internal Principal object rather than the user facing Principal object as Tomcat \ 
requires the internal object to correctly process later authorization checks. \ 
(markt)
    Fix: 62067: Correctly apply security constraints mapped to the context root \ 
using a URL pattern of "". (markt)
    Fix: When using Tomcat embedded, only perform Authenticator configuration \ 
once during web application start. (markt)
    Fix: Process all ServletSecurity annotations at web application start rather \ 
than at servlet load time to ensure constraints are applied consistently. \ 
(markt)
    Fix: Minor optimization when calling class tranformers. (rjung)

Web applications
    Add: 48672: Add documentation for the Host Manager web application. Patch \ 
provided by Marek Czernek. (markt)

Other
    Update: Update the NSIS Installer used to build the Windows installer to \ 
version 3.03. (kkolinko)

Log message:
Update www/apache-tomcat8 to 8.0.49.

Notable changes:
 - Allow a call to AsyncContext.dispatch() to terminate non-blocking I/O. (markt)

Full changelog:

  https://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Log message:
Update www/apache-tomcat8 to 8.0.47.

Notable changes:

- A fix for CVE-2017-12617.
- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
  JARs to the work directory for improved performance when deploying
  packed WAR files.
- Update the packaged version of the Tomcat Native Library to 1.2.14

Full changelog:

  https://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Log message:
Update to 8.0.46

Changelog:
Tomcat 8.0.46 (violetagg)
Catalina

    Fix: Additional permission for deleting files is granted to JULI as it is \ 
required by FileHandler when running under a Security Manager. The thread that \ 
cleans the log files is marked as daemon thread. (violetagg)
    Fix: 61229: Correct a regression in 8.0.44 that broke WebDAV handling for \ 
resources with names that included a & character. (markt)
    Fix: 61232: When log rotation is disabled only one separator will be used \ 
when generating the log file name. For example if the prefix is catalina. and \ 
the suffix is .log then the log file name will be catalina.log instead of \ 
catalina..log. Patch provided by Katya Stoycheva. (violetagg)
    Fix: Performance improvements for service loader look-ups (and look-ups of \ 
other class loader resources) when the web application is deployed in a packed \ 
WAR file. (markt)
    Fix: 61253: Add warn message when Digester.updateAttributes throws an \ 
exception instead of ignoring it. (csutherl)
    Fix: 61313: Make the read timeout configurable in the JNDIRealm and ensure \ 
that a read timeout will result in an attempt to fail over to the alternateURL. \ 
Based on patches by Peter Maloney and Felix Schumacher. (markt)
    Add: 61366: Add a new attribute, localDataSource, to the JDBCStore that \ 
allows the Store to be configured to use a DataSource defined by the web \ 
application rather than the default of using a globally defined DataSource. \ 
Patch provided by Jonathan Horowitz. (markt)

Coyote

    Fix: 61086: Ensure to explicitly signal an empty request body for HTTP 205 \ 
responses. Additional fix to r1795278. Based on a patch provided by Alexandr \ 
Saperov. (violetagg)
    Fix: 61322: Correct two regressions caused by the fix for 60319 when using \ 
BIO with an external Executor. Firstly, use the maxThreads setting from the \ 
Executor as the default for maxConnections if none is specified. Secondly, use \ 
maxThreads from the Executor when calculating the point at which to disable \ 
keep-alive. (markt)
    Fix: Prevent exceptions being thrown during normal shutdown of NIO \ 
connections. This enables TLS connections to close cleanly. (markt)

Jasper

    Add: 53031: Add support for the fork option when compiling JSPs with the \ 
Jasper Ant task and javac. (markt)

WebSocket

    Add: 57767: Add support to the WebSocket client for following redirects when \ 
attempting to establish a WebSocket connection. Patch provided by J Fernandez. \ 
(markt)

Web applications

    Fix: Remove references to the Loader attribute searchExternalFirst from the \ 
documentation since the attribute is no longer supported. (markt)
    Fix: Correct the documentation for how StandardRoot is configured. (markt)

Other

    Add: 52791: Add the ability to set the defaults used by the Windows \ 
installer from a configuration file. Patch provided by Sandra Madden. (markt)

Log message:
Update to 8.0.45

Changelog:
Tomcat 8.0.45 (violetagg)
Catalina

    Fix: 61101: CORS filter should set Vary header in response. Submitted by \ 
Rick Riemer. (remm)
    Add: 61105: Add a new JULI FileHandler configuration for specifying the \ 
maximum number of days to keep the log files. (violetagg)
    Fix: 61125: Ensure that WarURLConnection returns the correct value for calls \ 
to getLastModified() as this is required for the correct detection of JSP \ 
modifications when the JSP is packaged in a WAR file. (markt)
    Fix: Improve the SSLValve so it is able to handle client certificate headers \ 
from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
    Fix: 61154: Allow the Manager and Host Manager web applications to start by \ 
default when running under a security manager. This was accomplished by adding a \ 
custom permission, org.apache.catalina.security.DeployXmlPermission, that \ 
permits an application to use a META-INF/context.xml file and then granting that \ 
permission to the Manager and Host Manager. (markt)
    Fix: 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch \ 
provided by peterhansson_se. (violetagg)
    Add: A new configuration property crawlerIps is added to the \ 
o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can \ 
specify a regular expression that will be used to identify crawlers based on \ 
their IP address. Based on a patch provided by Tetradeus. (violetagg)
    Fix: 61180: Log a warning message rather than an information message if it \ 
takes more than 100ms to initialised a SecureRandom instance for a web \ 
application to use to generate session identifiers. Patch provided by Piotr \ 
Chlebda. (markt)
    Fix: 61185: When an asynchronous request is dispatched via \ 
AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request \ 
matches that of the original request. (markt)
    Fix: 61201: Ensure that the SCRIPT_NAME environment variable for CGI \ 
executables is populated in a consistent way regardless of how the CGI servlet \ 
is mapped to a request. (markt)
    Fix: 61215: Correctly define addConnectorPort and \ 
invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the \ 
org.apache.catalina.valves package so that the attributes are accessible via \ 
JMX. (markt)

Coyote

    Fix: 61086: Explicitly signal an empty request body for HTTP 205 responses. \ 
(markt)
    Fix: Revert a change introduced in the fix for bug 60718 that changed the \ 
status code recorded in the access log when the client dropped the connection \ 
from 200 to 500. (markt)
    Fix: Make asynchronous error handling more robust. In particular ensure that \ 
onError() is called for any registered AsyncListeners after an I/O error on a \ 
non-container thread. (markt)

Jasper

    Fix: 44787: Improve error message when JSP compiler configuration options \ 
are not valid. (markt)
    Fix: 61137: j.s.jsp.tagext.TagLibraryInfo#uri and \ 
j.s.jsp.tagext.TagLibraryInfo#prefix fields should not be final. Patch provided \ 
by Katya Todorova. (violetagg)

WebSocket

    Fix: Correct the log message when a MessageHandler for PongMessage does not \ 
implement MessageHandler.Whole. (rjung)
    Fix: Improve thread-safety of Futures used to report the result of sending \ 
WebSocket messages. (markt)
    Fix: 61183: Correct a regression in the previous fix for 58624 that could \ 
trigger a deadlock depending on the locking strategy employed by the client \ 
code. (markt)

Web applications

    Fix: Better document the meaning of the trimSpaces option for Jasper. (markt)
    Fix: 61150: Configure the Manager and Host-Manager web applications to \ 
permit serialization and deserialization of CRSFPreventionFilter related session \ 
objects to avoid warning messages and/or stack traces on web application stop \ 
and/or start when running under a security manager. (markt)

Other

    Add: 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks \ 
used to communicate with the Manager application. (markt)
    Fix: 45879: Add the RELEASE-NOTES file to the root of the installation \ 
created by the Tomcat installer for Windows to make it easier for users to \ 
identify the installed Tomcat version. (markt)
    Fix: 61055: Clarify the code comments in the rewrite valve to make clear \ 
that there are no plans to provide proxy support for this valve since Tomcat \ 
does not have proxy capbilities. (markt)
    Fix: 61076: Document the altDDName attribute for the Context element. (markt)
    Fix: Correct typo in Jar Scan Filter Configuration Reference. Issue reported \ 
via comments.apache.org. (violetagg)
    Fix: 61145: Add missing @Documented annotation to annotations in the \ 
annotations API. Patch provided by Katya Todorova. (markt)
    Fix: 61146: Add missing lookup() method to @EJB annotation in the \ 
annotations API. Patch provided by Katya Todorova. (markt)
    Fix: Correct typo in Context Container Configuration Reference. Patch \ 
provided by Katya Todorova. (violetagg)