Changelog:
Tomcat 7.0.79 (violetagg)
Catalina
fix 61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. (remm)
add 61105: Add a new JULI FileHandler configuration for specifying the maximum number of days to keep the log files. (violetagg)
fix Improve the SSLValve so it is able to handle client certificate headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
fix 61154: Allow the Manager and Host Manager web applications to start by default when running under a security manager. This was accomplished by adding a custom permission, org.apache.catalina.security.DeployXmlPermission, that permits an application to use a META-INF/context.xml file and then granting that permission to the Manager and Host Manager. (markt)
fix 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch provided by peterhansson_se. (violetagg)
add A new configuration property crawlerIps is added to the o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can specify a regular expression that will be used to identify crawlers based on their IP address. Based on a patch provided by Tetradeus. (violetagg)
fix 61180: Log a warning message rather than an information message if it takes more than 100ms to initialised a SecureRandom instance for a web application to use to generate session identifiers. Patch provided by Piotr Chlebda. (markt)
fix 61185: When an asynchronous request is dispatched via AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request matches that of the original request. (markt)
fix 61201: Ensure that the SCRIPT_NAME environment variable for CGI executables is populated in a consistent way regardless of how the CGI servlet is mapped to a request. (markt)
fix 61215: Correctly define addConnectorPort and invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the org.apache.catalina.valves package so that the attributes are accessible via JMX. (markt)
Coyote
fix 61086: Explicitly signal an empty request body for HTTP 205 responses. (markt)
fix Revert a change introduced in the fix for bug 60718 that changed the status code recorded in the access log when the client dropped the connection from 200 to 500. (markt)
fix Make asynchronous error handling more robust. In particular ensure that onError() is called for any registered AsyncListeners after an I/O error on a non-container thread. (markt)
Jasper
fix 44787: Improve error message when JSP compiler configuration options are not valid. (markt)
WebSocket
fix Correct the log message when a MessageHandler for PongMessage does not implement MessageHandler.Whole. (rjung)
fix Improve thread-safety of Futures used to report the result of sending WebSocket messages. (markt)
fix 61183: Correct a regression in the previous fix for 58624 that could trigger a deadlock depending on the locking strategy employed by the client code. (markt)
Web applications
fix Better document the meaning of the trimSpaces option for Jasper. (markt)
fix 61150: Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start when running under a security manager. (markt)
Tribes
add Add JMX support for Tribes components. (kfujino)
Other
add 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks used to communicate with the Manager application. (markt)
fix 45879: Add the RELEASE-NOTES file to the root of the installation created by the Tomcat installer for Windows to make it easier for users to identify the installed Tomcat version. (markt)
fix 61076: Document the altDDName attribute for the Context element. (markt)
fix 61145: Add missing @Documented annotation to annotations in the annotations API. Patch provided by Katya Todorova. (markt)
fix 61146: Add missing lookup() method to @EJB annotation in the annotations API. Patch provided by Katya Todorova. (markt)
fix Correct typo in Context Container Configuration Reference. Patch provided by Katya Todorova. (violetagg)
Changelog:
Tomcat 8.5.20 (markt)
Catalina
Fix: Revert the fix for 49464 since it continued to trigger regressions. (markt)
Fix: Correct a bug in the PushBuilder implementation that meant push URLs containing %nn sequences were not correctly decoded. Identified by FindBugs. (markt)
Add: 61164: Add support for the %X pattern in the AccessLogValve that reports the connection status at the end of the request. Patch provided by Zemian Deng. (markt)
Fix: 61351: Correctly handle %nn decoding of URL patterns in web.xml and similar locations that may legitimately contain characters that are not permitted by RFC 3986. (markt)
Add: 61366: Add a new attribute, localDataSource, to the JDBCStore that allows the Store to be configured to use a DataSource defined by the web application rather than the default of using a globally defined DataSource. Patch provided by Jonathan Horowitz. (markt)
Coyote
Fix: 61086: Ensure to explicitly signal an empty request body for HTTP 205 responses. Additional fix to r1795278. Based on a patch provided by Alexandr Saperov. (violetagg)
Update: 61345: Add a server listener that can be used to do system property replacement from the property source configured in the digester. (remm)
Add: Add additional logging to record problems that occur while waiting for the NIO pollers to stop during the Connector stop process. (markt)
Jasper
Fix: 61364: Ensure that files are closed after detecting encoding of JSPs so that files do not remain locked by the file system. (markt)
WebSocket
Add: 57767: Add support to the WebSocket client for following redirects when attempting to establish a WebSocket connection. Patch provided by J Fernandez. (markt)
2017-07-28 Tomcat 8.5.19 (markt)
Catalina
Fix: Performance improvements for service loader look-ups (and look-ups of other class loader resources) when the web application is deployed in a packed WAR file. (markt)
Fix: 61253: Add warn message when Digester.updateAttributes throws an exception instead of ignoring it. (csutherl)
Fix: Correct a further regression in the fix for 49464 that could cause an byte order mark character to appear at the start of content included by the DefaultServlet. (markt)
Fix: 61313: Make the read timeout configurable in the JNDIRealm and ensure that a read timeout will result in an attempt to fail over to the alternateURL. Based on patches by Peter Maloney and Felix Schumacher. (markt)
Web applications
Fix: Correct the documentation for how StandardRoot is configured. (markt)
Other
Fix: 61316: Fix corruption of UTF-16 encoded source files in released source distributions. (markt)
Tomcat 8.5.18 (markt)
Catalina
Fix: 61232: When log rotation is disabled only one separator will be used when generating the log file name. For example if the prefix is catalina. and the suffix is .log then the log file name will be catalina.log instead of catalina..log. Patch provided by Katya Stoycheva. (violetagg)
Fix: 61264: Correct a regression in the refactoring to use Charset rather than String to store request character encoding that prevented getReader() throwing an UnsupportedEncodingException if the user agent specifies an unsupported character encoding. (markt)
Fix: Correct a regression in the fix for 49464 that could cause an incorrect Content-Length header to be sent by the DefaultServlet if the encoding of a static is not consistent with the encoding of the response. (markt)
Coyote
Fix: Enable TLS connectors to use Java key stores that contain multiple keys where each key has a separate password. Based on a patch by Frank Taffelt. (markt)
Fix: Improve the handling of HTTP/2 stream resets due to excessive headers when a continuation frame is used. (markt)
Jasper
Add: 53031: Add support for the fork option when compiling JSPs with the Jasper Ant task and javac. (markt)
Other
Add: 52791: Add the ability to set the defaults used by the Windows installer from a configuration file. Patch provided by Sandra Madden. (markt)
Tomcat 8.5.17 (markt)
Catalina
Fix: 49464: Improve the Default Servlet's handling of static files when the file encoding is not compatible with the required response encoding. (markt)
Fix: 61214: Remove deleted attribute servlets from the Context MBean description. Patch provided by Alexis Hassler. (markt)
Fix: 61215: Correctly define addConnectorPort and invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the org.apache.catalina.valves package so that the attributes are accessible via JMX. (markt)
Fix: Make asynchronous error handling more robust. In particular ensure that onError() is called for any registered AsyncListeners after an I/O error on a non-container thread. (markt)
Fix: Additional permission for deleting files is granted to JULI as it is required by FileHandler when running under a Security Manager. The thread that cleans the log files is marked as daemon thread. (violetagg)
Fix: 61229: Correct a regression in 8.5.15 that broke WebDAV handling for resources with names that included a & character. (markt)
Coyote
Fix: Restore the ability to configure support for SSLv3. Enabling this protocol will trigger a warning in the logs since it is known to be insecure. (markt)
Fix: Do not log a warning when a null session is returned for an OpenSSL based TLS session since this is expected when session tickets are enabled. (markt)
Fix: When the access log valve logs a TLS related request attribute and the NIO2 connector is used with OpenSSL, ensure that the TLS attric SSL session access for the APR connector. (remm)
Add: To ease migration from 8.0.x to 8.5.x, if the HTTP or AJP BIO connector is explicitly configured, rather than failing to start the connector because BIO has been removed, automatically switch to tribute searchExternalFirst from the documentation since the attribute is no longer supported. (markt)
2017-06-26 Tomcat 8.5.16 (markt)
Catalina
Fix: 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
Fix: Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Fix: 61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. (remm)
Add: 61105: Add a new JULI FileHandler configuration for specifying the maximum number of days to keep the log files. (violetagg)
Fix: 61125: Ensure that WarURLConnection returns the correct value for calls to getLastModified() as this is required for the correct detection of JSP modifications when the JSP is packaged in a WAR file. (markt)
Fix: Improve the SSLValve so it is able to handle client certificate headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
Fix: 61134: Do not use '[' and ']' symbols around substituted text fragments when generating the default error pages. Patch provided by Katya Todorova. (violetagg)
Fix: 61154: Allow the Manager and Host Manager web applications to start by default when running under a security manager. This was accomplished by adding a custom permission, org.apache.catalina.security.DeployXmlPermission, that permits an application to use a META-INF/context.xml file and then granting that permission to the Manager and Host Manager. (markt)
Fix: 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch provided by peterhansson_se. (violetagg)
Add: A new configuration property crawlerIps is added to the o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can specify a regular expression that will be used to identify crawlers based on their IP address. Based on a patch provided by Tetradeus. (violetagg)
Fix: 61180: Log a warning message rather than an information message if it takes more than 100ms to initialised a SecureRandom instance for a web application to use to generate session identifiers. Patch provided by Piotr Chlebda. (markt)
Fix: 61185: When an asynchronous request is dispatched via AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request matches that of the original request. (markt)
Fix: 61197: Ensure that the charset name used in the Content-Type header has exactly the same form as that provided by the application. This reverts a behavioural change in 8.5.15 that caused problems for some clients. (markt)
Fix: 61201: Ensure that the SCRIPT_NAME environment variable for CGI executables is populated in a consistent way regardless of how the CGI servlet is mapped to a request. (markt)
Coyote
Fix: 61086: Explicitly signal an empty request body for HTTP 205 responses. (markt)
Fix: 61120: Do not ignore path parameters when processing HTTP/2 requests. (markt)
Fix: Revert a change introduced in the fix for bug 60718 that changed the status code recorded in the access log when the client dropped the connection from 200 to 500. (markt)
Fix: Add additional syncs to the SSL session object provided by the OpenSSL engine so that a concurrent destruction cannot cause a JVM crash. (remm)
Fix: 61195: Backport, with deprecation where appropriate, the endpoint and protocol property changes from 9.0.x to ease migration from 8.5.x to 9.0.x. (markt)
Jasper
Fix: 44787: Improve error message when JSP compiler configuration options are not valid. (markt)
Fix: 61137: j.s.jsp.tagext.TagLibraryInfo#uri and j.s.jsp.tagext.TagLibraryInfo#prefix fields should not be final. Patch provided by Katya Todorova. (violetagg)
WebSocket
Fix: Correct the log message when a MessageHandler for PongMessage does not implement MessageHandler.Whole. (rjung)
Add: Introduce new API o.a.tomcat.websocket.WsSession#suspend/ o.a.tomcat.websocket.WsSession#resume that can be used to suspend/resume reading of the incoming messages. (violetagg)
Fix: Improve thread-safety of Futures used to report the result of sending WebSocket messages. (markt)
Fix: 61183: Correct a regression in the previous fix for 58624 that could trigger a deadlock depending on the locking strategy employed by the client code. (markt)
Web applications
Fix: Better document the meaning of the trimSpaces option for Jasper. (markt)
Fix: 61150: Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start when running under a security manager. (markt)
Fix: Correct the TLS configuration documentation to remove SSLv2 and SSLv3 from the list of supported protocols. (markt)
Tribes
Add: Add JMX support for Tribes components. (kfujino)
Other
Add: 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks used to communicate with the Manager application. (markt)
Fix: 45879: Add the RELEASE-NOTES file to the root of the installation created by the Tomcat installer for Windows to make it easier for users to identify the installed Tomcat version. (markt)
Fix: 61055: Clarify the code comments in the rewrite valve to make clear that there are no plans to provide proxy support for this valve since Tomcat does not have proxy capabilities. (markt)
Fix: 61076: Document the altDDName attribute for the Context element. (markt)
Fix: Correct typo in Jar Scan Filter Configuration Reference. Issue reported via comments.apache.org. (violetagg)
Fix: 61145: Add missing @Documented annotation to annotations in the annotations API. Patch provided by Katya Todorova. (markt)
Fix: 61146: Add missing lookup() method to @EJB annotation in the annotations API. Patch provided by Katya Todorova. (markt)
Fix: Correct typo in Context Container Configuration Reference. Patch provided by Katya Todorova. (violetagg)
-------------------------------------
0.80: # 2017-06-30T07:40:45+0200
- Fix version in META.yml in CPAN distribution. See: https://rt.cpan.org/Public/Bug/Display.html?id=122279
0.79: # 2017-06-25T23:40:45+0200
- deal with perl-5.26 change about @INC in Makefile.PL
- "available" command now also shows the URLs
2017-08-14 - libfilezilla 0.10.1 released
Bugfixes and minor changes:
MSW: Improve handling of reparse points in fz::local_filesys
2017-07-10 - libfilezilla 0.10.0 released
New features:
Added fz::percent_encode and fz::percent_encode
Added fz::uri and fz::query_string
Added fz::less_insensitive_ascii for case-insensitive strings in maps
Bugfixes and minor changes:
Moved encoding functions from string.hpp to encode.hpp
Use pkg-config instead of cppunit-config to look for cppunit.
Switch to meson build framework since autoconf one was removed.
libmpdclient 2.13 (2017/07/25)
* fix build with meson > 0.38.1
* fix connect error "Operation now in progress"
libmpdclient 2.12 (2017/07/21)
* support MPD protocol 0.21
- support tag "OriginalDate"
- command "tagtypes" plus "disable", "enable", "clear"
* support MPD protocol 0.20
- support "plchanges" and "plchangesposid" with range
* support MPD protocol 0.19
- commands "addtagid", "cleartagid"
- command "listfiles"
- grouping for "list" and "count"
- tag "AlbumSort"
- "seekid" with float time
* use relative #include paths to avoid clashes with other libmpdclient copies
* build with Meson instead of autotools
Meson is a cross-platform build system designed to be both as fast
and as user friendly as possible. It supports many languages and
compilers, including GCC, Clang and Visual Studio. Its build
definitions are written in a simple non-turing complete DSL.
---- Version 8.13.12 - 2017-07-03 ----
Fix bad height of SVG images when lyrics under the staff
(reported by Manavasu)
Don't display ottava decorations on secondary voices
(reported by Willem Vree)
Fix loss of measure bar when followed by %%score and voice absent
(reported by Simon Wascher)
---------------------------
Version 2.49b (2017-07-18):
---------------------------
- Added AFL_TMIN_EXACT to allow path constraint for crash minimization.
- Added dates for releases (retroactively for all of 2017).
---------------------------
Version 2.48b (2017-07-17):
---------------------------
- Added AFL_ALLOW_TMP to permit some scripts to run in /tmp.
- Fixed cwd handling in afl-analyze (similar to the quirk in afl-tmin).
- Made it possible to point -o and -f to the same file in afl-tmin.
---------------------------
Version 2.47b (2017-07-14):
---------------------------
- Fixed cwd handling in afl-tmin. Spotted by Jakub Wilk.
---------------------------
Version 2.46b (2017-07-10):
---------------------------
- libdislocator now supports AFL_LD_NO_CALLOC_OVER for folks who do not
want to abort on calloc() overflows.
- Made a minor fix to libtokencap. Reported by Daniel Stender.
- Added a small JSON dictionary, inspired on a dictionary done by Jakub Wilk.
---------------------------
Version 2.45b (2017-07-04):
---------------------------
- Added strstr, strcasestr support to libtokencap. Contributed by
Daniel Hodson.
- Fixed a resumption offset glitch spotted by Jakub Wilk.
- There are definitely no bugs in afl-showmap -c now.
2017-08-13 meld 3.17.3
======================
Fixes:
* Fix folder compare when using text filters (Alsan Wong)
* Make activity spinner show when inline comparisons are running (Kai
Willadsen)
* Migrate back from threads to multiprocessing for inline diffs; unusual
CPU contention caused this to harm interactivity (Kai Willadsen)
* Manually refreshing a file comparison sometimes caused diff navigation
to break (Kai Willadsen)
* Folder comparisons that update their state no longer break navigation
(Kai Willadsen)
* Version-control comparison on missing files now work again (Kai
Willadsen)
* Fix regression in initial focus for folder comparisons (Kai Willadsen)
* Fix handling for added, partially staged files in git (Kai Willadsen)
* Bugs fixed: 784436, 785603, 785859, 786043
Translations:
* Daniel Mustieles (es)
* Matej Urbančič (sl)
D-Bus 1.10.22 (2017-07-27)
==
The “roof terrace” release.
Fixes:
• dbus_message_iter_append_basic() no longer leaks memory if it fails to
append a file descriptor to a message. (fd.o #101568, Simon McVittie)
• dbus_message_iter_open_container() no longer leaks memory if it runs out
of memory. (fd.o #101568, Simon McVittie)
• dbus_message_append_args_valist() no longer leaks memory if given an
unsupported type. This situation is still considered to be a programming
error which needs to be corrected by the user of libdbus.
(fd.o #101568, Simon McVittie)
• Wrap test-pending-call-disconnected with dbus-run-session so that it can
pass in environments that are not already running a D-Bus session bus,
fixing a build-time test regression in 1.10.20
(fd.o #101698, Simon McVittie)
• Ensure that tests fail if they would otherwise have tried to connect to
the real session bus (fd.o #101698, Simon McVittie)
• Make build-time tests cope with finding Python 3, but not Python 2
(fd.o #101716, Simon McVittie)
(package still uses autoconf)
libxkbcommon 0.7.2 - 2017-08-04
==================
- Added a Meson build system as an alternative to existing autotools build
system.
The intent is to remove the autotools build in one of the next releases.
Please try to convert to it and report any problems.
See http://mesonbuild.com/Quick-guide.html for basic usage, the
meson_options.txt for the project-specific configuration options,
and the PACKAGING file for more details.
There are some noteworthy differences compared to the autotools build:
- Feature auto-detection is not performed. By default, all features are
enabled (currently: docs, x11, wayland). The build fails if any of
the required dependencies are not available. To disable a feature,
pass -Denable-<feature>=false to meson.
- The libraries are either installed as shared or static, as specified
by the -Ddefault_library=shared/static option. With autotools, both
versions are installed by default.
- xorg-util-macros is not used.
- A parser generator (bison/byacc) is always required - there is no
fallback to pre-generated output bundled in the tarball, as there is
in autotools.
- Removed Android.mk support.
- Removed the *-uninstalled.pc pkgconfig files.
- Ported the interactive-wayland demo program to v6 of the xdg-shell
protocol.
- Added new keysym definitions from xproto.
- New API:
XKB_KEY_XF86Keyboard
XKB_KEY_XF86WWAN
XKB_KEY_XF86RFKill
XKB_KEY_XF86AudioPreset
Overview of changes leading to 1.4.8
Tuesday, August 8, 2017
====================================
- Major fix to avar table handling.
- Rename hb-shape --show-message to --trace.
- Build fixes.
Overview of changes leading to 1.4.7
Tuesday, July 18, 2017
====================================
- Multiple Indic, Tibetan, and Cham fixes.
- CoreText: Allow disabling kerning.
- Adjust Arabic feature order again.
- Misc build fixes.
2.12.4
Akira TAGOH (5):
Force regenerate fcobjshash.h when updating Makefile
Fix the build failure when srcdir != builddir and have gperf 3.1 or later installed
Add a testcase for Bug#131804
Update libtool revision
Fix distcheck error
Florent Rougon (6):
FcCharSetHash(): use the 'numbers' values to compute the hash
fc-lang: gracefully handle the case where the last language initial is < 'z'
Fix an off-by-one error in FcLangSetIndex()
Fix erroneous test on language id in FcLangSetPromote()
FcLangSetCompare(): fix bug when two charsets come from different "buckets"
FcCharSetFreezeOrig(), FcCharSetFindFrozen(): use all buckets of freezer->orig_hash_table
Helmut Grohne (1):
fix cross compilation
Jan Alexander Steffens (heftig) (1):
Fix testing PCF_CONFIG_OPTION_LONG_FAMILY_NAMES (CFLAGS need to be right)
Josselin Mouette (1):
Treat C.UTF-8 and C.utf8 locales as built in the C library.
Masamichi Hosoda (1):
Bug 99360 - Fix cache file update on MinGW
libopenmpt 0.2-beta27 (2017-08-12)
[Bug] libmodplug: The CSoundFile::Read function in the emulated libmodplug C++ API returned the wrong value, causing qmmp (and possibly other software) to crash.
The ProTracker note delay quirk should not retrigger already stopped samples (fixes "Subi loses the Cops" by Subi).
ProTracker portamento between already stopped sample and another sample kept playing the old sample (fixes "anarchy-main" by Jester).
Playback fix for instruments with custom tunings and transposed note maps in MPTM format.
ProTracker quirk: If there is a note with a out-of-range note delay, it is played on the next row (with an instant portamento), unless there is a new note on that row.
ProTracker quirk: Apply tempo changes after the first tick of the row.
libopenmpt 0.2-beta26 (2017-07-07)
[Bug] Possible crashes with malformed PLM and PSM files.
[Bug] mktime() and localtime() were used for song date parsing. These functions are not guaranteed to be thread-safe by the standard. Furthermore, some standard library implementations are buggy and may cause the program to abort in out-of-memory situations. These functions are now no longer used.
Loops shorter than four sample points at the end of a sample could cause the sample data before the loop to become corrupted.
libopenmpt 0.2-beta25 (2017-07-02)
PT36: Enable VBlank timing as specified in file and read song comment.
M15: Loosen heuristics to allow a few more semi-damaged files to play.
MT2: If there were instruments with both sample and plugin assignments, sample data was not read correctly.
