pkgsrc/www/apache-tomcat6
spz 3e7585f7ce security'ish update. Changelog:
Tomcat 6.0.41
=============
Jasper
------
fix	56529: Avoid NoSuchElementException while handling attributes
	with empty string value in custom tags. Based on a patch
	provided by Hariprasad Manchi. (violetagg/kkolinko)

Tomcat 6.0.40	not released
============================
Catalina
--------
fix	56027: Add more options for managing FIPS mode in the
	AprLifecycleListener. (schultz/kkolinko)
fix	56082: Fix a concurrency bug in JULI's LogManager
	implementation. (markt)
fix	56236: Enable Tomcat to work with alternative Servlet and
	JSP API JARs that package the XML schemas in such as way as
	to require a dependency on the JSP API before enabling
	validation for web.xml. Tomcat has no such dependency. (markt)
fix	Change the default value of the xmlBlockExternal attribute
	of Context elements. It is now true. (kkolinko)
fix	Don't log to standard out in SSLValve. (kkolinko/markt)
code	Use StringBuilder in DefaultServlet. (kkolinko)
fix	56275: Allow web applications to be stopped cleanly even
	if filters throw exceptions when their destroy() method is
	called. (markt/kkolinko)
fix	Redefine the globalXsltFile initialisation parameter of the
	DefaultServlet as relative to CATALINA_BASE/conf or
	CATALINA_HOME/conf. Prevent user supplied XSLTs used by the
	DefaultServlet from defining external entities. (markt)
fix	Add a work around for validating XML documents (often TLDs)
	that use just the file name to refer to refer to the JavaEE
	schema on which they are based. (kkolinko)
fix	56369: Ensure that removing an MBean notification listener
	reverts all the operations performed when adding an MBean
	notification listener. (markt)
fix	Only create XML parsing objects if required and fix associated
	potential memory leak in the default Servlet. (markt)
fix	Ensure that a TLD parser obtained from the cache has the
	correct value of blockExternal. (markt/kkolinko)
add	Extend XML factory, parser etc. memory leak protection to
	cover some additional locations where, theoretically, a
	memory leak could occur. (markt)
add	Add the org.apache.naming package to the packages requiring
	code to have the defineClassInPackage permission when running
	under a security manager. (markt)
add	Add the org.apache.naming.resources package to the packages
	requiring code to have the accessClassInPackage permission
	when running under a security manager. (markt)
fix	Make the naming context tokens for containers more robust.
	Require RuntimePermission when introducing a new token.
	(markt/kkolinko)

Coyote
------
fix	Improve processing of chuck size from chunked headers.
	Avoid overflow and use a bit shift instead of a multiplication
	as it is marginally faster. (markt/kkolinko)
fix	Fix possible overflow when parsing long values from a byte
	array. (markt)
update	56363: Update to version 1.1.30 of Tomcat Native library.
	The minimum required version of this library for APR connector
	is now 1.1.30. (kkolinko)

Jasper
------
fix	Change the default behaviour of JspC to block XML external
	entities by default. (kkolinko)
fix	Restore the validateXml option to Jasper that was previously
	renamed validateTld. Both options are now supported.
	validateXml controls the validation of web.xml files when
	Jasper parses them and validateTld controls the validation
	of *.tld files when Jasper parses them. (markt)
fix	54475: Add Java 8 support to SMAP generation for JSPs.
	Patch by Robbie Gibson. (markt)
fix	56010: Don't throw an IllegalArgumentException when
	JspFactory.getPageContext is used with JspWriter.DEFAULT_BUFFER.
	Based on a patch by Eugene Chung. (markt)
fix	56265: Do not escape values of dynamic tag attributes
	ontaining EL expressions. (kkolinko)
fix	56283: Add support for running Tomcat 6 with ecj-P20140317-1600.jar
	(as drop-in replacement for ecj-4.3.1.jar). Add support for
	value "1.8" for the compilerSourceVM and compilerTargetVM
	options. Note that ecj-P20140317-1600.jar can only be used
	when running with Java 6 or later. The "1.8" options make
	sense only when running with Java 8 (or later). (kkolinko)
fix	56334: Fix a regression in the handling of back-slash escaping
	introduced by the fix for 55735. (markt/kkolinko)
fix	Correct the handling of back-slash escaping in the EL parser
	and no longer require that \$ or \# must be followed by { in
	order for the back-slash escaping to take effect. (markt)

Cluster
-------
code	Refactor AbstractReplicatedMap and related classes to enable
	Tomcat 6 to be compiled using Java 8. (markt)

Web applications
----------------
add	56093: Documentation for SSLValve. (markt/kkolinko)
fix	Correct documentation on Windows service options, aligning
	it with Apache Commons Daemon documentation. (kkolinko)
add	Add support for version-major, version-major-minor tags in
	documentation XSLT, to simplify documentation backports. (kkolinko)
fix	Fix target and rel attributes on links in documentation.
	They were lost during XSLT transformation. (kkolinko)

Other
-----
code	Remove svn keywords (such as $Id) from source files and
	documentation. (kkolinko)
update	Improvements to the Windows installer, to align it with
	installing the sevice with service.bat. Use explicit memory
	sizes (--JvmMs 128 Mb and --JvmMx 256 Mb). Specify log
	directory path when ininstalling, so that the log file is
	written to the Tomcat logs directory, instead of
	"%SystemRoot%\System32\LogFiles\Apache". (kkolinko)
update	49993, 56143: Improve service.bat script. Allow it to be
	launched from non-UAC console. The UAC prompt will be shown
	only once. Now there is no need to run the command shell
	with elevated privileges. Improve check for JAVA_HOME and
	add support for JRE_HOME. Warn if neither "client" nor
	"server" JVM is found. Align classpath, display name and
	other options with the exe installer. Make command names
	case-insensitive. Update documentation. (kkolinko)
2014-06-28 17:05:46 +00:00
..
files Import initial SMF support for individual packages. 2014-03-11 14:34:36 +00:00
DESCR
distinfo security'ish update. Changelog: 2014-06-28 17:05:46 +00:00
Makefile security'ish update. Changelog: 2014-06-28 17:05:46 +00:00
MESSAGE
PLIST Remove example rc.d scripts from PLISTs. 2014-03-11 14:04:57 +00:00