From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Apr 3 01:30:01 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E177626A for ; Thu, 3 Apr 2014 01:30:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BA0AA371 for ; Thu, 3 Apr 2014 01:30:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s331U0J5069167 for ; Thu, 3 Apr 2014 01:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s331U05h069166; Thu, 3 Apr 2014 01:30:00 GMT (envelope-from gnats) Resent-Date: Thu, 3 Apr 2014 01:30:00 GMT Resent-Message-Id: <201404030130.s331U05h069166@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Patrick Abeya Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5AB35142 for ; Thu, 3 Apr 2014 01:21:57 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2C31F334 for ; Thu, 3 Apr 2014 01:21:57 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s331LuSb080489 for ; Thu, 3 Apr 2014 01:21:56 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s331LuQw080479; Thu, 3 Apr 2014 01:21:56 GMT (envelope-from nobody) Message-Id: <201404030121.s331LuQw080479@cgiserv.freebsd.org> Date: Thu, 3 Apr 2014 01:21:56 GMT From: Patrick Abeya To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/188211: [PATCH] www/tomcat7 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2014 01:30:01 -0000 >Number: 188211 >Category: ports >Synopsis: [PATCH] www/tomcat7 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Apr 03 01:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Patrick Abeya >Release: 10.0-RELEASE >Organization: >Environment: FreeBSD wallaby 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Changes since 7.0.50 Tomcat 7.0.53 (violetagg) Catalina add Make it easier for applications embedding and/or extending Tomcat to modify the javaseClassLoader attribute of the WebappClassLoader. (markt) fix Improve the robustness of web application undeployment based on some code analysis triggered by the report for 54315. (markt) fix 56219: Improve merging process for web.xml files to take account of the elements and attributes supported by the Servlet version of the merged file. (markt) fix 56190: The response should be closed (i.e. no further output is permitted) when a call to AsyncContext.complete() takes effect. (markt) fix 56236: Enable Tomcat to work with alternative Servlet and JSP API JARs that package the XML schemas in such as way as to require a dependency on the JSP API before enabling validation for web.xml. Tomcat has no such dependency. (markt) fix 56246: Fix NullPointerException in MemoryRealm when authenticating an unknown user. (markt) fix 56248: Allow the deployer to update an existing WAR file without undeploying the existing application if the update flag is set. This allows any existing custom context.xml for the application to be retained. To update an application and remove any existing context.xml simply undeploy the old version of the application before deploying the new version. (markt) fix Redefine the globalXsltFile initialisation parameter of the DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf. Prevent user supplied XSLTs used by the DefaultServlet from defining external entities. (markt) add Add a work around for validating XML documents (often TLDs) that use just the file name to refer to refer to the JavaEE schema on which they are based. (markt) fix 56293: Cache resources loaded by the class loader from /META-INF/services/ for better performance for repeated look ups. (markt) Coyote fix 53119: Make sure the NIO AJP output buffer is cleared on any error to prevent any possible overflow if it is written to again before the connection is closed. This extends the original fix for the APR/native output buffer to the NIO connector. (kkolinko) fix 56172: Avoid possible request corruption when using the AJP NIO connector and a request is sent using more than one AJP message. Patch provided by Amund Elstad. (markt) fix 56213: Reduce garbage collection when the NIO connector is under heavy load. (markt) fix Improve processing of chuck size from chunked headers. Avoid overflow and use a bit shift instead of a multiplication as it is marginally faster. (markt/kkolinko) fix Fix possible overflow when parsing long values from a byte array. (markt) Jasper fix 54475: Add Java 8 support to SMAP generation for JSPs. Patch by Robbie Gibson. (markt) fix 55483: Improve handing of overloaded methods and constructors in expression language implementation. (markt) fix 56208: Restore the validateXml option to Jasper that was previously renamed validateTld. Both options are now supported. validateXml controls the validation of web.xml files when Jasper parses them and validateTld controls the validation of *.tld files when Jasper parses them. (markt) fix 56223: Throw an IllegalStateException if a call is made to ServletContext.setInitParameter() after the ServletContext has been initialized. (markt) fix 56265: Do not escape values of dynamic tag attributes containing EL expressions. (kkolinko) fix Make the default compiler source and target versions for JSPs Java 6 since Tomcat 7 requires Java 6 as a minimum. (markt) update 56283: Update to the Eclipse JDT Compiler P20140317-1600 which adds support for Java 8 syntax to JSPs. Add support for value "1.8" for the compilerSourceVM and compilerTargetVM options. (markt) WebSocket fix Avoid a possible deadlock when one thread is shutting down a connection while another thread is trying to write to it. (markt) fix Call onError if an exception is thrown calling onClose when closing a session. (remm) Web applications code In the documentation: add support for several documentation tags from Tomcat 8. Such as . (kkolinko) add 56093: Add the SSL Valve to the documentation web application. (markt) fix 56217: Improve readability by using left alignment for the table cell containing the request information on the Manager application status page. (markt) fix Fixed java.lang.NegativeArraySizeException when using "Expire sessions" command in the manager web application on a context where the session timeout is disabled. (kfujino) fix Add support for LAST_ACCESS_AT_START system property to Manager web application. (kfujino) fix Add definition of org.apache.catalina.ant.FindLeaksTask. (kfujino) fix 56273: If the Manager web application does not perform an operation because the web application is already being serviced, report an error rather than reporting success. (markt) fix 56304: Add a note to the documentation about not using WebSocket with BIO HTTP in production. (markt) Other fix 56143: Improve service.bat so that it can be launched from a non-UAC console. This includes using a single call to tomcat7.exe to install the Windows service rather than three calls, and using command line arguments instead of environment variables to pass the settings. (markt/kkolinko) fix Fix regression in 7.0.52: when using service.bat install to install the service the values for --StdOutput, --StdError options were passed as blank instead of "auto". (kkolinko) fix Align options between service.bat and exe Windows installer. For service.bat the changes are in --Classpath, --DisplayName, --StartPath, --StopPath. For exe installer the changes are in --JvmMs, --JvmMx options, which are now 128 Mb and 256 Mb respectively instead of being empty. Explicitly specify --LogPath path when uninstalling Windows service, avoiding default value for that option. (kkolinko) code Simplify Windows *.bat files: remove %OS% checks, as java 6 does not run on ancient non-NT operating systems. (kkolinko) fix 56137: Explicitly use the BIO connector in the SSL example in server.xml so it doesn't break if APR is enabled. (markt) fix 56139: Avoid a web application class loader leak in some unit tests when running on Windows. (markt) fix Correct build script to avoid building JARs with empty packages. (markt) add Allow to limit JUnit test run to a number of selected test case methods. (kkolinko) fix 56189: Remove used file cpappend.bat from the distribution. (markt) Tomcat 7.0.52 (violetagg) released 2014-02-17 Catalina fix Generate a valid root element for the effective web.xml for a web application for all supported versions of web.xml. (markt) Coyote code Pull up SocketWrapper to AbstractProcessor. (markt) fix In some circumstances asynchronous requests could time out too soon. (markt) Tomcat 7.0.51 (violetagg) not released Catalina fix 55287: ServletContainerInitializer defined in the container may not be found. (markt/jboynes) fix 55855: Provide a per Context option (containerSciFilter) to exclude container SCIs. (markt) fix 55937: When deploying applications, treat a context path of /ROOT as equivalent to /. (markt) fix 55943: Improve the implementation of the class loader check that prevents web applications from trying to override J2SE implementation classes. As part of this fix, refactor the way a null parent class loader is handled which enables a number of null checks and object creation calls to be removed. (markt) fix 55958: Differentiate between foo.war the WAR file and foo.war the directory. (markt) fix 55960: Improve the single sign on (SSO) unit tests. Patch provided by Brian Burch. (markt) fix 55974: Retain order when reporting errors and warnings while parsing XML configuration files. (markt) fix 56013: Fix issue with SPNEGO authentication when using IBM JREs. IBM JREs only understand the option of infinite lifetime for Kerberos credentials. Based on a patch provided by Arunav Sanyal. (markt) fix 56016: When loading resources for XML schema validation, take account of the possibility that servlet-api.jar and jsp-api.jar may not be loaded by the same class loader. Patch by Juan Carlos Estibariz. (markt) fix 56025: When creating a WebSocket connection, always call ServerEndpointConfig.Configurator.getNegotiatedSubprotocol() and always create the EndPoint instance after calling ServerEndpointConfig.Configurator.modifyHandshake(). (markt) fix 56032: Ensure that the WebSocket connection is closed after an IO error or an interrupt while sending a WebSocket message. (markt) fix 56042: If a request in async mode has an error but has already been dispatched don't generate an error page in the ErrorReportValve so the dispatch target can handle it. (markt) fix Add missing javax.annotation.sql.* classes to annotations-api.jar. (markt) fix The type of logger attribute of Context MBean should be not org.apache.commons.logging.Log but org.apache.juli.logging.Log. (kfujino) fix 56082: Fix a concurrency bug in JULI's LogManager implementation. (markt) fix 56096: When the attribute rmiBindAddress of the JMX Remote Lifecycle Listener is specified it's value will be used when constructing the address of a JMX API connector server. Patch is provided by Jim Talbut. (violetagg) fix When environment entry with one and the same name is defined in the web deployment descriptor and with annotation then the one specified in the web deployment descriptor is with priority. (violetagg) fix Change default value of xmlBlockExternal attribute of Context. It is true now. (kkolinko) Coyote fix Avoid possible NPE if a content type is specified without a character set. (markt) fix 55956: Make the forwarded remote IP address available to the Connectors via a request attribute. (markt) fix 55976: Fix sendfile support for the HTTP NIO connector. (markt) fix 55996: Ensure Async requests timeout correctly when using the NIO HTTP connector. (markt) add 56021: Make it possible to use the Windows-MY key store with the BIO and NIO connectors for SSL configuration. It requires a keystoreFile="" keystoreType="Windows-My" to be set on the connector. Based on a patch provided by Asanka. (markt) Jasper fix Correct a regression in the XML refactoring that meant that errors in TLD files were swallowed. (markt) fix 55671: Correct typo in the log message for a wrong value of genStringAsCharArray init-param of JspServlet. This parameter had a different name in Tomcat 6. (kkolinko) fix 55973: Fix processing of XML schemas when validation is enabled in Jasper. (kkolinko) fix 56010: Don't throw an IllegalArgumentException when JspFactory.getPageContext is used with JspWriter.DEFAULT_BUFFER. Based on a patch by Eugene Chung. (markt) fix 56012: When using the extends attribute of the page directive do not import the super class if it is in an unnamed package as imports from unnamed packages are now explicitly illegal. (markt) fix 56029: A regression in the fix for 55198 meant that when EL containing a ternary expression was used in an attribute a compilation error would occur for some expressions. (markt) fix Correct several errors in jspxml Schema and DTD. (kkolinko) fix Change default value of the blockExternal attribute of JspC task. The default value is true. Add support for -no-blockExternal switch when JspC is run as a standalone application. (kkolinko) Cluster code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster.createManager(String). Remove unnecessary class cast. (kfujino) WebSocket fix Do not return an empty string for the Sec-WebSocket-Protocol HTTP header when no sub-protocol has been requested or no sub-protocol could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol header is returned in this case. (markt) Web applications fix Add index.xhtml to the welcome files list for the examples web application. (kkolinko) fix Clarify that the connectionTimeout may also be used as the read timeout when reading a request body (if any) in the documentation web application. (markt) fix Clarify the behaviour of the maxConnections attribute for a connector in the documentation web application. (markt) fix 55888: Update the documentation web application to make it clearer that a Container may define no more than one Realm. (markt) fix 55956: Where available, displayed the forwarded remote IP address available on the status page of the Manager web application. (markt) fix Correct links to the Tomcat mailing lists in the ROOT web application. (kkolinko) fix In Manager web application improve handling of file upload errors. Display a message instead of error 500 page. Simplify parts handling code, as it is known that Tomcat takes care of them when recycling a request. (kkolinko) Extras fix 55166, 56045: Copy the XML schemas used for validation that are packaged in jsp-api.jar to servlet-api.jar so that an embedded Tomcat instance can start without Jasper being available. This also enables validation to work without Jasper being available. (markt/kkolinko) fix 56039: Enable the JmxRemoteLifecycleListener to work over SSL. Patch by esengstrom. (markt) Other fix 55743: Enable the stop script to work when the shutdown port is disabled and a PID file is defined. This is only available on platforms that use catalina.sh. (markt) fix 55986: When forcing Tomcat to stop via kill -9 $CATALINA_PID, the catalina.sh script could incorrectly report that Tomcat had not yet completely stopped when it had. Based on a patch by jess. (markt) fix Package correct license and notice files with embedded JARs. (markt) code Remove svn keywords (such as $Id) from source files and documentation. (kkolinko) fix Fix CVE-2014-0050, a denial of service with a malicious, malformed Content-Type header and multipart request processing. Fixed by merging latest code (r1565163) from Commons FileUpload. (markt) fix 56115: Expose the httpusecaches property of Ant's get task as some users may need to change the default. Based on a suggestion by Anthony. (markt) >How-To-Repeat: >Fix: Attached diff file Patch attached with submission follows: Index: Makefile =================================================================== --- Makefile (revision 349959) +++ Makefile (working copy) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= tomcat -PORTVERSION= 7.0.50 +PORTVERSION= 7.0.53 CATEGORIES= www java MASTER_SITES= APACHE MASTER_SITE_SUBDIR= tomcat/tomcat-7/v${PORTVERSION}/bin Index: distinfo =================================================================== --- distinfo (revision 349959) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (apache-tomcat-7.0.50.tar.gz) = 7be7b2d9e6626c81f2aa3d39a7e5b0e52e025d773cd29c4a0cf9e71b0d4c11e9 -SIZE (apache-tomcat-7.0.50.tar.gz) = 8313171 +SHA256 (apache-tomcat-7.0.53.tar.gz) = f5e79d70ca7962d11abfc753e47b68a11fdfb4a409e76e2b7bd0a945f80f87c9 +SIZE (apache-tomcat-7.0.53.tar.gz) = 8780629 Index: pkg-plist =================================================================== --- pkg-plist (revision 349959) +++ pkg-plist (working copy) @@ -44,7 +44,7 @@ %%T%%/lib/catalina-ha.jar %%T%%/lib/catalina-tribes.jar %%T%%/lib/catalina.jar -%%T%%/lib/ecj-4.3.1.jar +%%T%%/lib/ecj-P20140317-1600.jar %%T%%/lib/el-api.jar %%T%%/lib/jasper-el.jar %%T%%/lib/jasper.jar >Release-Note: >Audit-Trail: >Unformatted: