Update to 8.0.30

Changelog:
Tomcat 8.0.30 (markt)
Catalina

    Fix: 34319: Only load those keys in StoreBase.processExpire from JDBCStore, that are old enough, to be expired. Based on a patch by Tom Anderson. (fschumacher)
    Add: 56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to use relative URIs. This is controlled by a new attribute useRelativeRedirects on the Context and defaults to true. (markt)
    Fix: 58629: Allow an embedded Tomcat instance to start when the Service has no Engine configured. (markt)
    Fix: 58635: Enable break points to be set within agent code when running Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)
    Fix: 58660: Correct a regression in 8.0.29 caused by the change that moved the redirection for context roots from the Mapper to the Default Servlet. (markt)
    Fix: Fixed potential NPE in HostConfig while deploying an application. Issue reported by coverity scan. (violetagg)
    Fix: 58655: Fix an IllegalStateException when calling HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by trying to correctly generate the absolute URI for the redirect. With the fix for 56917, redirects may now be relative making the sendRedirect() implementation for the RemoteIpFilter much simpler. This also addresses issues where the redirect may not have behaved as expected when redirecting from http to https to from https to http. (markt)
    Fix: 58657: Exceptions in a Servlet 3.1 ReadListener or WriteListener do not need to be immediately fatal to the connection. Allow an error response to be written. (markt)

Coyote

    Fix: Improve upgrade context classloader handling by using Context.bind and unbind. (remm)

Jasper

    Fix: 57136#c25: Change default value of quoteAttributeEL setting in Jasper to be true for better compatibility with other implementations and older versions of Tomcat (8.0.26/7.0.64 and earlier). Add command line option -no-quoteAttributeEL in JspC. (kkolinko)

Cluster

    Fix: Fix potential integer overflow in DeltaSession. Reported by coverity scan. (fschumacher)

WebSocket

    Add: 55006: The WebSocket client now honors the java.net.java.net.ProxySelector configuration (using the HTTP type) when establishing WebSocket connections to servers. Based on a patch by Niki Dokovski. (markt)
    Fix: 58624: Correct a thread safety issue that meant that blocking message writes could block indefinitely if the WebSocket connection was closed while a message write was in progress. (markt)

Web Applications

    Fix: 58631: Correct the continuation character use in the Windows Service How-To page of the documentation web application. (markt)

Tribes

    Fix: Ensure that the static member is registered to the add suspect list even if the static member that is registered to the remove suspect list has disappeared. (kfujino)
    Fix: Correct the warning log of when the member that is not registered in the membership is detected. (kfujino)
    Fix: When using a static cluster, add the members that have been cached in the membership service to the map members list in order to ensure that the map member is a static member. (kfujino)

jdbc-pool

    Fix: Correct evaluation of system property org.apache.tomcat.jdbc.pool.onlyAttemptCurrentClassLoader. It was basically ignored before. Reported by coverity scan. (fschumacher)
    Fix: Fix potential integer overflow in ConnectionPool and PooledConnection. Reported by coverity scan. (fschumacher)

Other

    Update: Update optional Checkstyle library to 6.13. (kkolinko)

2015-11-24 Tomcat 8.0.29 (markt)
General

    Update: 58596: Clarify the description in RUNNING.txt of how environment variables are used. (markt)

Catalina

    Add: Extend the fix for 57136 to provide a JSP Servlet initialisation parameter per web application that controls whether or not EL in JSP attributes is processed as if it uses JSP attribute quoting. By default, EL does not use JSP attribute quoting. (markt)
    Fix: 57799: InputStream.available() was causing an IO operation to occur even in blocking mode, which caused problems with NIO2. (remm)
    Add: Extend the fix for 58228 to include ServletContext.getRealPath(). (markt)
    Add: 58486: Protect against two further possible memory leaks associated with XML parsing. (markt)
    Fix: 58490: Fixed NPE thrown when scanning for javax.servlet.ServletContainerInitializer in case the web application is not extracted. (violetagg)
    Code: 58497: Make AbstractHttp11Processor easy to extend. (markt)
    Fix: 58508: Escape role names when generating associated MBeans in case the role name contains characters not permitted in an MBean name. (markt)
    Fix: 58518: Correct a regression in the fix for 56777 that added support for URIs in config file locations. File paths on Windows could previously be specified with \ or / as the separator. 56777 broke that. (markt)
    Fix: 58519: Fix ISE thrown by web application classloader in some error conditions due to trying to call initCause() on a ClassNotFoundException which is not permitted. (markt)
    Fix: 58534: Removed repeated conditional tests in o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint Patch provided by Anthony Whitford. (violetagg)
    Fix: 58535: Use Collections.reverseOrder when a reverse ordering is needed. (violetagg)
    Fix: 58537, 58546: Some of the inner classes in o.a.catalina.valves.ExtendedAccessLogValve and o.a.tomcat.util.net.SecureNio2Channel are made static. Patch provided by Anthony Whitford. (violetagg)
    Fix: 58540: Removed unused code from o.a.catalina.connector.Request. Patch provided by Anthony Whitford. (violetagg)
    Fix: 58541, 58544: It is more efficient to call Integer.toString(int) instead of Integer.valueOf(int).toString() when only a string representation of a primitive is needed. Based on a patch provided by Anthony Whitford. (violetagg)
    Fix: 58541, 58547: It is more efficient to call valueOf(...) instead of Number constructor. Based on a patch provided by Anthony Whitford. (violetagg)
    Fix: 58545: In some use cases it is more efficient to use Map.entrySet() instead of Map.keySet() Based on a patch provided by Anthony Whitford. (violetagg)
    Fix: Ensure that ServletRequest.getContentLengthLong is used instead of ServletRequest.getContentLength for servlets and valves provided by Tomcat. The API is available since Servlet specification 3.1. (violetagg)
    Add: Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs. (violetagg)
    Fix: 58578: Avoid NPE accessing cookies during access logging for request that had no context mapping. (remm)
  error page fails, fall back to the standard error page rather than throwing an NPE. Based on a patch by Huxing Zhang. (markt)
    Fix: 58582: Combined realm should perform background processing on its sub-realms. Based upon a patch provided by Aidan. (schn additional check that a client provided session ID is in use in at least one other web application before allowing it to be used as the ID for a new session in the current web application. (markt)
    Add: Add support for DIGEST authentication to the JN
    Fix: Ensure that in an embedded Tomcat the logging configuration is not lost during garbage collection. (violetagg)
    Add: Move the functionality that provides redirects for context roots and directories where a trailing / is added from the Mapper to the DefaultServlet. This enables such requests to be processed by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of the Context which may be used to restore the previous behaviour. (markt)

Coyote

    Fix: Cancel pending blocking IO operation following a timeout in the NIO2 connector. (remm)
    Fix: Add instance manager support for upgrade handlers, and set context class loader. (remm)
    Update: Synchronize OpenSSL to JSSE cipher mapping to recent OpenSSL changes. In particular, TLSv1.0 is now an alias for those ciphers that require TLSv1 and will not work with SSLv3. TLSv1 remains an alias for SSLv3. (markt)

Jasper

    Add: Deprecate the STRICT_QUOTE_ESCAPING system property and replace it with an initialisation parameter for the JSP Servlet. This enables per web application control of this configuration setting. (markt)

Cluster

    Fix: Optimize the session lock range in DeltaManager.requestCompleted. (kfujino)
    Fix: Enable an explicit configuration of local member in the static cluster membership. (kfujino)

Tribes

    Code: Distinguish the handling of the shutdown payload and member verification clearly. When handling shutdown payload, verification completion message is not required. (kfujino)
    Fix: When starting the StaticMembershipInterceptor, StaticMembershipInterceptor checks the required Interceptors. If the required Interceptor does not exist, it issues warning logs. (kfujino)

WebSocket

    Fix: Use instance manager for server endpoint instances. (remm)

Web applications

    Add: Make it clear in the documentation for the CGI servlet that the debug page is not considered secure and should not be used in production. (markt)
    Fix: The domain attribute of StaticMember is not required but optional. (kfujino)

jdbc-pool

    Fix: 58489: Correct QueryStatsComparator to hold up the general contract for Comparator. (fschumacher)
    Fix: When creating a QueryStats object, ensure that maxQueries is checked. If maxQueries is a value less than or equal to 0, QueryStats are never created. (kfujino)

Other

    Update: Update optional Checkstyle library to 6.12.1. (kkolinko)
    Add: Add support for creating a FindBugs report when building Tomcat. It is disabled by default. (violetagg)

2015-10-12 Tomcat 8.0.28 (markt)
Catalina

    Add: Add support for the custom classpath protocol in URLs. It an be used anywhere Tomcat accepts a URL for a configuration parameter. (markt)
    Fix: 56777: Allow file based configuration resources (user database, certificate revocation lists, keystores and trust stores) to be configured using URLs as well as files. (markt)
    Fix: Perform null-checking on input and stored credentials in all Realms before passing credentials off to CredentialHandlers for matching. (schultz)

Coyote

    Update: Add the new ciphers from RFC6655 and RFC7251 to the OpenSSL to JSSE cipher mapping. (markt)
    Update: Remove DES, RC2 and RC4 from DEFAULT for the OpenSSL to JSSE cipher mapping to align with the OpenSSL development branch. (markt)

Jasper

    Fix: Improve the error message when JSP parser encounters an error parsing an attribute value. (markt)

Web applications

    Update: 58474: Provide a reference to the differences between CATALINA_HOME and CATALINA_BASE in the sample application that is part of the documentation web application. (markt)

Extras

    Fix: Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)

2015-10-01 Tomcat 8.0.27 (markt)
Catalina

    Fix: 58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the automatic deployment background process. (markt)
    Fix: 58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
    Fix: 58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt)
    Fix: 58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt)
    Fix: 58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt)
    Fix: 58368: Fix a rare data race in the code that obtains the ApplicationFilterFactory instance. (markt)
    Fix: 58369: Fix a rare data race in the code that obtains the CookieProcessor for a StandardContext instance. (markt)
    Fix: Ensure the JAASRealm uses the configured CredentialHandler. (markt)
    Fix: 58372: Fix rare data races closed and suspended flags that could be triggered by async and/or comet processing. (markt)
    Fix: 58373: Fix rare data race with the application event listeners for StandardContext. (markt)
    Fix: 58374: Fix a rare data race in the AsyncContext implementation for access to the internal Tomcat request object to which it holds a reference. (markt)
    Fix: 58380: Fix two rare data races in the standard session implementation on the flag that tracks if the session is new and on the field that tracks the maximum inactive period. (markt)
    Fix: 58385: Fix a rare data race in the internal flag Tomcat uses to keep track of whether or not a request is being used for Comet processing. (markt)
    Fix: 58394: Fix a rare data race in Mapper when adding or removing a host. (markt)
    Fix: 58398: Fix a rare data race in LifecycleSupport. (markt)
    Fix: 58412: Ensure that the AsyncFileHandler has the source class and method name available for logging. (fschumacher)
    Fix: 58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt)
    Fix: 58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)
    Fix: 58845: Fix off-by one error in calculation of valid characters in a cookie domain. Patch provided by Thorsten Ehlers. (markt)

Coyote

    Fix: Correct some edge cases in RequestUtil.normalize(). (markt)
    Fix: 58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check that at least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt)
    Fix: 58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for HTTP upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt)
    Code: Minor clean-up in NIO2 SSL handshake code to address some theoretical concurrency issues. (markt)
    Fix: 58367: Fix a rare data race in the code that obtains the reason phrase for a given HTTP response code. (markt)
    Fix: 58370: Fix a rare data race in the connector shutdown code. (markt)
    Fix: 58371: Fix a rare data race when accessing request URI in String form when switching from non-async to async due to early triggering of the gathering of request statistics. (markt)
    Fix: 58375: Fix a rare data race on the internal flag Tomcat uses to mark a response as committed. (markt)
    Fix: 58377: Fix a rare data race on the internal flag Tomcat uses to mark a request as using HTTP keep-alive when switching to asynchronous processing. (markt)
    Fix: 58379: Fix a rare data race on the internal reference Tomcat retains to the socket when switching to asynchronous processing. (markt)
    Fix: 58387: Fix a rare data race when closing Comet connections. (markt)
    Fix: 58388: Fix a data race when determining if Comet processing is occurring on a container or non-container thread. (markt)
    Fix: 58389: Fix a rare data race while shutting down the thread pools on Connector stop. (markt)
    Code: Clean up use of error flag on socket wrapper prompted by 58390. (markt)
    Code: Remove some unnecessary code from the NIO Poller and fix 58396 as a side-effect. (markt)
    Fix: 57799: Remove useless sendfile check for NIO SSL. (remm)

Jasper

    Fix: 57136: Correct a regression in the previous fix for this issue. \${ should only be an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt)
    Fix: 58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt)
    Fix: 58327: Cache the expression string for value expression literals since it is frequently used and may be expensive to evaluate. Patch provided by Andreas Kohn. (markt)
    Fix: 58340: Improve error reporting for tag files packaged in JARs. (markt)
    Fix: 58424: When parsing TLD files, allow whitespace around boolean configuration values. (schultz)
    Fix: Fix a possible resource leak reported by coverity scan. (fschumacher)
    Fix: 58427: Enforce the JSP specification defined limitations of which elements are allowed in an implicit.tld file. (markt)
    Fix: 58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific code. (markt)

Cluster

    Fix: Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino)
    Fix: Correct log messages in case of using BackupManager. (kfujino)

WebSocket

    Fix: 58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
    Fix: Data races detected by RV-Predict, mostly caused by completion handlers running in separate threads. (markt)
    Fix: 58414: Correctly handle sending zero length messages when using per message deflate. (markt)

Web applications

    Fix: Correct documentation for cluster-howto. (kfujino)
    Fix: Add missing documentation for property alwaysAddExpires for the LegacyCookieProcessor. (markt)

Tribes

    Add: Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino)
    Fix: Correct log messages in case of using ReplicatedMap. (kfujino)
    Fix: 58381: Fix a rare data race in the NioReceiver. (markt)
    Fix: 58382: Fix multiple rare data races in the default membership implementation. (markt)
    Fix: 58383: Fix a data race in SenderState. (markt)
    Fix: 58386: Fix a data race in ObjectReader. (markt)
    Fix: 58391: Fix multiple data races in NonBlockingCoordinator, most of which were associated with ensuring that log messages contained the correct information. (markt)
    Fix: 58392: Fix a data race in DomainFilterInterceptor. (markt)
    Fix: 58393: Fix a data race on the listener in McastService. (markt)
    Fix: 58395: Fix multiple data races in MemberImpl that were likely to cause issues if certain properties were updated concurrently (such updates are unlikely in normal usage). (markt)
    Code: Remove some unnecessary code from PooledParallelSender and fix 58397. (markt)

jdbc-pool

    Fix: Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)

Other

    Fix: Ensure logging works for all tests in a class rather than just the first one executed. (markt)
    Add: 58344: Add build properties to enable tests to be executed against alternative binaries. Based on a patch by Petr Sumbera. (markt)

(ryoon)

Updated www/apache-tomcat7 to 7.0.67

(ryoon)

Update to 7.0.67

Changelog:
Tomcat 7.0.67 (violetagg)

    Catalina

        add 56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to use relative URIs. This is controlled by a new attribute useRelativeRedirects on the Context and defaults to true. (markt)
        fix 58660: Correct a regression in 7.0.66 caused by the change that moved the redirection for context roots from the Mapper to the Default Servlet. (markt)
        fix Fixed potential NPE in HostConfig while deploying an application. Issue reported by coverity scan. (violetagg)
        fix 58655: Fix an IllegalStateException when calling HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by trying to correctly generate the absolute URI for the redirect. With the fix for 56917, redirects may now be relative making the sendRedirect() implementation for the RemoteIpFilter much simpler. This also addresses issues where the redirect may not have behaved as expected when redirecting from http to https to from https to http. (markt)

    WebSocket

        fix 58658: Correct a regression in 7.0.66 that prevented Tomcat from starting on Java 6 unless the WebSocket JARs (that require Java 7) were removed. (markt)

    Web Applications

        add Add a description of the default value of heartbeatSleeptime attribute and optionCheck attribute in the cluster channel docs. (kfujino)

    Tribes

        fix Fix potential NPE in AbstractReplicatedMap.breakdown(). (kfujino)

Tomcat 7.0.66 (violetagg) not released

    General

        update 58596: Clarify the description in RUNNING.txt of how environment variables are used. (markt)

    Catalina

        fix 34319: Only load those keys in StoreBase.processExpire from JDBCStore, that are old enough, to be expired. Based on a patch by Tom Anderson. (fschumacher)
        fix 56777: Allow file based configuration resources (user database, certificate revocation lists, keystores and trust stores) to be configured using URLs as well as files. Back-port provided by Huxing Zhang. (markt/violetagg)
        add 57741: Enable the CGI servlet to use the standard error page mechanism. Note that if the CGI servlet's debug init parameter is set to 10 or higher then the standard error page mechanism will be bypassed and a debug response generated by the CGI servlet will be returned instead. (markt)
        add 58486: Protect against two further possible memory leaks associated with XML parsing. (markt)
        code 58497: Make AbstractHttp11Processor easy to extend. (markt)
        fix 58508: Escape role names when generating associated MBeans in case the role name contains characters not permitted in an MBean name. (markt)
        fix 58522: Fixed concurrency issue when iterating web application's resources. (violetagg)
        fix 58534: Removed repeated conditional tests in o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint Patch provided by Anthony Whitford. (violetagg)
        fix 58535: Use Collections.reverseOrder when a reverse ordering is needed. (violetagg)
        fix 58537: Some of the inner classes in o.a.catalina.valves.ExtendedAccessLogValve are made static. Patch provided by Anthony Whitford. (violetagg)
        fix 58540: Removed unused code from o.a.catalina.connector.Request. Patch provided by Anthony Whitford. (violetagg)
        fix 58541, 58544: It is more efficient to call Integer.toString(int) instead of Integer.valueOf(int).toString() when only a string representation of a primitive is needed. Based on a patch provided by Anthony Whitford. (violetagg)
        fix 58541, 58547: It is more efficient to call valueOf(...) instead of Number constructor. Based on a patch provided by Anthony Whitford. (violetagg)
        fix 58545: In some use cases it is more efficient to use Map.entrySet() instead of Map.keySet() Based on a patch provided by Anthony Whitford. (violetagg)
        add Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs. (violetagg)
        fix 58581: If a custom error page fails, fall back to the standard error page rather than throwing an NPE. Based on a patch by Huxing Zhang. (markt)
        fix 58582: Combined realm should perform background processing on its sub-realms. Based upon a patch provided by Aidan. (kkolinko)
        fix Handle the unlikely case where different versions of a web application are deployed with different session settings. (markt)
        add Add a new Context option, enabled by default, that enables an additional check that a client provided session ID is in use in at least one other web application before allowing it to be used as the ID for a new session in the current web application. (markt)
        add Add support for DIGEST authentication to the JNDIRealm. Based on a patch by Alexis Hassler. (markt)
        fix 58603: Ensure that HttpServletRequest.getRequestURL() returns the correct value when using the RemoteIpFilter. (markt)
        fix Ensure that in an embedded Tomcat the logging configuration is not lost during garbage collection. (violetagg)
        add Move the functionality that provides redirects for context roots and directories where a trailing / is added from the Mapper to the DefaultServlet. This enables such requests to be processed by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of the Context which may be used to restore the previous behaviour. (markt)
        fix 58635: Enable break points to be set within agent code when running Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)

    Jasper

        fix 57136#c25: Implement a setting that controls what quoting rule is used when parsing EL expressions in attributes on a JSP page (chapter JSP.1.6 of specification). The setting name is quoteAttributeEL and it is configured as initialisation parameter of JSP Servlet (per web application configuration is possible) and as a command line option for JspC. The default value was changed to true, which restores behaviour implemented in Tomcat 7.0.64. It means that attribute quoting is applied on top of EL quoting. This provides better compatibility with older versions of Tomcat and other implementations. (kkolinko)

    Cluster

        fix Optimize the session lock range in DeltaManager.requestCompleted. (kfujino)
        fix Enable an explicit configuration of local member in the static cluster membership. (kfujino)
        fix Fix potential integer overflow in DeltaSession. Reported by coverity scan. (fschumacher)

    Tribes

        code Distinguish the handling of the shutdown payload and member verification clearly. When handling shutdown payload, verification completion message is not required. (kfujino)
        fix When starting the StaticMembershipInterceptor, StaticMembershipInterceptor checks the required Interceptors. If the required Interceptor does not exist, it issues warning logs. (kfujino)
        fix Ensure that the static member is registered to the add suspect list even if the static member that is registered to the remove suspect list has disappeared. (kfujino)
        fix Correct the warning log of when the member that is not registered in the membership is detected. (kfujino)
        fix When using a static cluster, add the members that have been cached in the membership service to the map members list in order to ensure that the map member is a static member. (kfujino)

    WebSocket

        fix Use instance manager for server endpoint instances. (remm)
        add 55006: The WebSocket client now honors the java.net.java.net.ProxySelector configuration (using the HTTP type) when establishing WebSocket connections to servers. Based on a patch by Niki Dokovski. (markt)
        fix 58624: Correct a thread safety issue that meant that blocking message writes could block indefinitely if the WebSocket connection was closed while a message write was in progress. (markt)

    Web applications

        add Make it clear in the documentation for the CGI servlet that the debug page is not considered secure and should not be used in production. (markt)
        fix The domain attribute of StaticMember is not required but optional. (kfujino)
        fix 58631: Correct the continuation character use in the Windows Service How-To page of the documentation web application. (markt)

    jdbc-pool

        fix 58489: Correct QueryStatsComparator to hold up the general contract for Comparator. (fschumacher)
        fix When creating a QueryStats object, ensure that maxQueries is checked. If maxQueries is a value less than or equal to 0, QueryStats are never created. (kfujino)
        fix Fix potential integer overflow in ConnectionPool and PooledConnection. Reported by coverity scan. (fschumacher)

Tomcat 7.0.65 (violetagg) released 2015-10-19

    Catalina

        add 57681: Add a web application class loader implementation that supports the parallel loading of web application classes. Use of this feature requires a Java 7 or later JRE. Based on a patch by Huxing Zhang. (markt)
        fix 58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the automatic deployment background process. (markt)
        fix 58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
        fix 58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt)
        fix 58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt)
        code In preparation for implementing enhancement 57681, replace the use of the StandardClassLoader with URLClassLoader. This removes the server class loader from JMX. (markt)
        fix 58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt)
        fix 58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt)
        fix 58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)

    Coyote

        fix Correct some edge cases in RequestUtil.normalize(). (markt)
        fix 58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check that at least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt)
        fix 58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for HTTP upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt)
        fix 57799: Remove useless sendfile check for NIO SSL. (remm)

    Jasper

        fix 57136: Correct a regression in the previous fix for this issue. \${ should only be an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt)
        fix 58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt)
        fix 58340: Improve error reporting for tag files packaged in JARs. (markt)
        fix 58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific code. (markt)

    Cluster

        fix Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino)
        fix Correct log messages in case of using BackupManager. (kfujino)

    WebSocket

        fix 58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
        fix 58414: Correctly handle sending zero length messages when using per message deflate. (markt)

    Web applications

        fix Correct documentation for cluster-howto. (kfujino)

    Extras

        fix Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)

    Tribes

        add Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino)
        fix Correct log messages in case of using ReplicatedMap. (kfujino)

    jdbc-pool

        fix Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)

(ryoon)

Updated ham/fldigi to 3.23.07.04

(mef)

Update 3.23.07.03 to  3.23.07.04
--------------------------------
Previous distfile seems to be gone, so minor update.
ChangeLog not known, and sorry for updating during freeze.

(mef)

>From upstream https://bz.mercurial-scm.org/show_bug.cgi?id=4943

# Files opened in a+ mode have inconsistent behavior on various
# platforms. Windows requires that a file positioning call be made
# when the file handle transitions between reads and writes. See
# 3686fa2b8eee and the mixedfilemodewrapper in windows.py. On other
# platforms, Python or the platform itself can be buggy. Some versions
# of Solaris have been observed to not append at the end of the file
# if the file was seeked to before the end. See issue4943 for more.
#
# We work around this issue by inserting a seek() before writing.
# Note: This is likely not necessary on Python 3.

bump PKGREVISION
okay'd by wiz@

(richard)

Add devel/poco* to TODO

(ryoon)

Fix build under NetBSD 6 or other platform that has no shm_open()
Fix PR pkg/50572.

(ryoon)

update emulators/stella to 4.6.7 and enable darwin

(dbj)

Account file installed on FreeBSD specifically

Reviewed by wiz@

(sevan)

PLIST.auth_socket also applies to FreeBSD

Reviewed by wiz@

(sevan)

+ Hack-ttf-2.018, MesaLib-11.1, Sigil-0.9.2, afl-1.96b, apache24-2.4.18,
  argon2-20151206, caff-2.2, cups-filters-1.5.0, drupal-8.0,
  ffmpeg2-2.8.4, fmsx-4.4, global-6.5.2, gst-plugins1-base-1.6.2,
  gst-plugins1-good-1.6.2, gst-plugins1-ugly-1.6.2, gstreamer1-1.6.2,
  libmicrohttpd-0.9.48, lilv-0.22.0, mcsim-5.6.0, meld-3.15.1,
  musicpd-0.19.12, openttd-1.5.3, p5-Archive-Zip-1.56,
  p5-Business-ISBN-Data-20140910.003, p5-CGI-4.23, p7zip-15.09,
  py-cffi-1.4.1, py-decorator-4.0.6, py-requests-toolbelt-0.5.1,
  py-setuptools-19.1.1, py-tortoisehg-3.6.2, racket-6.3, serd-0.22.0,
  sord-0.14.0, wine-1.8, x264-devel-20151219.

(wiz)

Account files installed on FreeBSD specifically

Reviewed by wiz@

(sevan)

Note update of lang/ruby22-base package to 2.2.4nb1 replacing with previous
lang/ruby22 entry.

(taca)

Bump PKGREVISION.

There are enough period that all patch files are ignored due to missing
from distinfo.

(taca)

Revert previous commit since it was wrong packge to bump PKGREVISION.

(taca)

+ samba-4.3.3.

(taca)

Note update of lang/ruby22 package to 2.2.4nb1.

(taca)

Bump PKGREVISION.

There are enough period that all patch files are ignored due to missing
from distinfo.

(taca)

Updated www/mediawiki to 1.26.1

(wen)

Update to 1.26.1(security update)

Upstream changes:
MediaWiki 1.26.1

This is a security and bug fix release of the MediaWiki 1.26 branch.
Changes since 1.26

    (bug T117899) SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an error
    (bug T119309) SECURITY: Use hash_compare() for edit token comparison
    (bug T118032) SECURITY: Don't allow cURL to interpret POST parameters starting with '@' as file uploads
    (bug T115522) SECURITY: Passwords generated by User::randomPassword() can no longer be shorter than $wgMinimalPasswordLength
    (bug T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could result in improper blocks being issued
    (bug T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions and related pages no longer use HTTP redirects and are now redirected by MediaWiki
    Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
    Fixed stray literal \n in Special:Search.
    Fix issue that breaks HHVM Repo Authorative mode.
    (bug T120267) Work around APCu memory corruption bug

(wen)

Githubify, with GITHUB_RELEASE variable.

(mef)

blender update.

(markd)

Update blender to 2.76b

Fixes build with python35  (PR pkg/50566)

Blender 2.76, released Oct 9, 2015. (Update 2.76b is from Nov 3 2015).
- Initial support for Pixar's OpenSubdiv geometry subdivision technology.
- A huge view-port performance boost.
- Big file browser performance boost and arrow keys navigation support.
- Node auto-offset feature that helps organizing node layouts.
- Absolute grid snapping in the 3D view.
- Sculpting with tiled strokes.
- Text effect strips for the sequencer, supporting subtitle export
- As usual, hundreds of bugs fixed and other improvements!

Blender 2.75a release.
- Blender now supports a fully integrated Multi-View and Stereo 3D pipeline
- Cycles has much awaited initial support for AMD GPUs, and a new Light
  Portals feature.
- UI now allows font previews in the file browser.
- High quality options for viewport depth of field were added
- Modeling has a new Corrective Smooth modifier.
- The Decimate modifier was improved significantly.
- 3D viewport painting now supports symmetry and the distribution of Dynamic
  Topology was improved
- Video Sequence Editor: Placeholders can now replace missing frames of
  image sequences
- Game Engine now allows smoother LOD transitions, and supports mist
  attributes animation
- And: 100s of bug fixes and smaller feature improvements.

(markd)

Updated net/youtube-dl to 20151218

(leot)

Update net/youtube-dl to 2015.12.18.

Update during the freeze approved by jperkin@
(while strictly speaking net/youtube-dl is a leaf package there are various
possible consumers, e.g. multimedia/mpv)

Changes:
2015.12.18:
o Misc bugfixes and improvements (most user visible change is the fixes
  for #7900 and #7901 that fixes extraction of various youtube videos)

2015.12.13
o New [funimation] extractor
o Misc bugfixes and improvements

2015.12.10:
o Misc bugfixes and improvements

(leot)

Restrict PHP_VERSIONS_ACCEPTED to 55 and 56.

(taca)

Describe scim option.

(tsutsui)

Updated www/firefox to 43.0nb1

(martin)

Remove changes for bugzilla ticket #1026499 which has been resolved
differently upstream.

(martin)

Updated x11/mlterm to 3.6.1

(tsutsui)

Update mlterm to 3.6.1. (leaf package update)

pkgsrc changes:
- explicitly specify configure options which are changed to default
- make scim configurable via option.mk (disabled by default)

Changes noted in doc/en/ReleaseNote:

ver 3.6.1
* Support DECDHL and DECDWL.
* Support button event mouse tracking (CSI?1002) and any event mouse tracking (CSI?1003)
  in MacOSX/Cocoa and Android.
* Support blinking cursor in MacOSX/Cocoa.
* Add 'autohide' value to 'scrollbar_mode' option.
* Disable conversion from Unicode to ISCII if use_ctl = false.
* Drop mlterm.ti and mlterm.tc which haven't been maintained recently.
* Build 'extra' and 'pixmap_engine' scrollbars by default.
* Enable following configure options by default.
  --enable-ind, --enable-ssh2, --enable-utmp, --enable-uim, --enable-m17nlib,
  --enable-scim, --enable-ibus, --enable-fcitx, --enable-canna, --enable-wnn
* Support ssh2 connection on framebuffer.
* Set XID of text screen instead of top window as the value of WINDOWID environmental variable.
* Bug fixes:
  Fix a bug which disabled CSI?3h and CSI?3l. (Enbugged at 3.6.0)

(tsutsui)

Updated net/mikutter to 3.2.11

(tsutsui)

Update mikutter to 3.2.11.  (leaf package update)

* no response on clicking mouse over icons on some environments
* fix a spello method

(tsutsui)

Remove unused patch
>From David Bariod

(ryoon)

Fix build under NetBSD 6, at least i386

(ryoon)

Updated misc/libreoffice to 5.0.4.2

(ryoon)

Update to 5.0.4.2

Changelog:
5.0.4.2:
Bugs fixed compared to 5.0.4 RC1:

    tdf#94138 Form Control Text Boxes Print And Export To PDF Incorrectly [Toma転 Vajngerl]
    tdf#96072 General format lost on export to XLSX with locale using "Standard" as name for General format (FR, DE, SP...) [Eike Rathke]

5.0.4.1:
Bugs fixed compared to 5.0.3 final (RC2):

    bnc#881024 take the world scaling factor for fonts, but not the rotation [Caol叩n McNamara]
    coverity#1338592 explicit null dereferenced [Caol叩n McNamara]
    i#121382 take the world scaling factor for fonts, but not the rotation [Caol叩n McNamara]
    i#43771 sw: looping layout in SwHeadFootFrm::FormatSize() [Miklos Vajna]
    rhbz#1278885 black/absent widgetry only with libreoffice-gtk3 installed [Caol叩n McNamara]
    rhbz#988516 DOCX import: header/footer paragraph properties applied to body paragraph [Miklos Vajna]
    tdf#32082 [EDITING] Table Number Format not modified for empty table cells [Niklas Johansson]
    tdf#32834 bad result using mdeterm [Dennis Francis]
    tdf#39056 Image in wrong place, table display wrong in docx file [Miklos Vajna]
    tdf#45775 PgSQL new DB allow empty Datasource [Julien Nabet]
    tdf#59454 FILEOPEN: in particular .RTF page break after page 1 is ignored and page orientation from page 2 is wrong [Miklos Vajna]
    tdf#61228 TABLE: Function summe() does not sum up but returns last item [Julien Nabet]
    tdf#64027 Add ability to set highlight color for text in drawing objects (Writer) [Maxim Monastirsky]
    tdf#66141 CRASH (OOM) while scrolling through a specific document [Caol叩n McNamara]
    tdf#72205 LibreOffice Database - LONGVARCHAR anomaly when trying to dismiss a window without first saving [Lionel Elie Mamane]
    tdf#75256 Meta: incomplete Sifr icon theme [Matthias Freund]
    tdf#75431 FILESAVE : DOCX : Page Orientation is not preserved when mixed orientation is present [Miklos Vajna]
    tdf#75637 LOCALHELP: Images not displayed with newer icon themes [Stephan Bergmann]
    tdf#76239 OpenSymbol font is not retained after an upgrade (work around in comment 16, 32, .. install log in comment 50 ) [Andras Timar]
    tdf#76964 Automatic capitalization of "i" in a non-english language [Caol叩n McNamara]
    tdf#77014 Words in input fields are broken between lines at the end of line [Toma転 Vajngerl]
    tdf#77881 FILESAVE: Bullets are lost when saving in OOxml (.pptx or .ppsx) [Mark Hung]
    tdf#78902 FileSave: File Hangs at Save [Miklos Vajna]
    tdf#80224 FILESAVE: Custom text color changed to black on .PPTX export [Mark Hung]
    tdf#80520 FILESAVE: Format of bullets destroyed when saving as .pptx [Mark Hung]
    tdf#81144 Chinese full-width punctuation does not align properly [Mark Hung]
    tdf#83300 FILEOPEN: DOCX - Image anchored as 'As Character' positioned on wrong page [Miklos Vajna]
    tdf#85232 FORMATTING: (Grouped) drawing objects are rendered in a wrong way (.docx file) [Miklos Vajna]
    tdf#85767 SIDEBAR: Left and right alignment buttons need to be swapped in RTL [Katarina Behrens]
    tdf#87313 WIKIHELP: Update docs on certificates + Firefox [Adolfo Jayme Barrientos]
    tdf#88548 Line Style drop down missing background colour [Aybuke Ozdemir]
    tdf#89088 FILEOPEN: Section with shape and text in specific DOCX lost [Miklos Vajna]
    tdf#89165 FILEOPEN: Hang loading .docx with frame/textboxes [Miklos Vajna]
    tdf#89525 Impress does not export slides bullets to PPTX correctly [Mark Hung]
    tdf#89852 Non-ASCII characters in file name become question marks in Subject in email when a document sent by email [Andras Timar]
    tdf#89907 Text to columns only affects first line when width is auto set [Eike Rathke]
    tdf#90153 A frame is not saved correctly if the document is saved as a docx file [Miklos Vajna]
    tdf#90372 ACCESSIBILITY List Fields in dialog Text Import (Insert > Sheet from file) not accessible by key board [Katarina Behrens]
    tdf#90504 0x7 chars in .doc are not always cell/row ends [Caol叩n McNamara]
    tdf#90987 Pages/Slides pane does not remember its state on reopen [Katarina Behrens]
    tdf#91097 EDITING & FORMATTING: Disparity between inserting shapes from menu and toolbar [Yousuf Philips]
    tdf#91199 i18n: add locale data or Venetian language [Eike Rathke]
    tdf#91260 DOCX frames can extend beyond the page bottom, but not in Writer [L叩szl坦 N辿meth]
    tdf#91270 UI: Crash on exit after Manage Changes [Andras Timar]
    tdf#91288 Does not display traditional Chinese variant of Noto fonts correctly [Mark Hung]
    tdf#91453 Use configuration of text to number conversion also in arithmetic matrix operations (was: SUMPRODUCT() doesn't work well with 4.4.3) [Eike Rathke]
    tdf#92207 EDITING Setting text background colour doesn't work in Calc [Maxim Monastirsky]
    tdf#92217 UI Grey text background in read-only document infobar [Jan Holesovsky]
    tdf#92256 INDIRECT function lost interoperabilty with calc documents migrated by OOo3.2.1 [Katarina Behrens]
    tdf#92272 SLIDESHOW: slide color inversion during transitions [Tor Lillqvist]
    tdf#92527 docx export: File with shape can not be opened in word 2010 (diamond shape) [Andras Timar]
    tdf#92648 FILEOPEN / IMPORT specific DOCX (letter head) with various objects: line-picture (graphic) in footer too low [L叩szl坦 N辿meth]
    tdf#92687 Rendering: Rotated text blurry and unreadable with GTK3 [Caol叩n McNamara]
    tdf#92702 Unable to select menu items that were initially off-screen [L叩szl坦 N辿meth]
    tdf#92934 Web Wizard: Cannot Export Zip archive. [Julien Nabet]
    tdf#92993 FILEOPEN: access violation on particular .docx [Caol叩n McNamara]
    tdf#93296 When opening spreadseet, Currency cells formatting is changed. [Laurent Balland-Poirier]
    tdf#93317 "Document has been modified" Dialog does not have the focus on GTK3. [Caol叩n McNamara]
    tdf#93390 View of cell data gone in Table Data View [Lionel Elie Mamane]
    tdf#93438 Impress generate abnormal style when copy-pasting from Writer with Chinese UI [Mark Hung]
    tdf#93461 Caption of images are hidden behind the image [Caol叩n McNamara]
    tdf#93487 FORMATTING: Using Borders & Border Style button on toolbar crashes Calc [Michael Meeks]
    tdf#93509 Crash when close a LibODev if enable a While Typing/Autocorrect [Stephan Bergmann]
    tdf#93587 insert table in draw ole object [Julien Nabet]
    tdf#93618 cell value in table grid a date/time control incorrectly displayed [Lionel Elie Mamane]
    tdf#93662 white-list only the latest GL hardware and drivers [Caol叩n McNamara]
    tdf#93688 String ref syntax incorrect for new documents and in UI [Katarina Behrens]
    tdf#93720 Crash "Assertion failed" with Draw Frame on table. [Oliver Specht]
    tdf#93724 BASE: Insert Row in Filtered Form with Date/Time Fields results in Phantom zero date displayed instead of null, not saved [Lionel Elie Mamane]
    tdf#93733 Assertion failed when clear font size field in paragraph style [Julien Nabet]
    tdf#93818 Cannot open most lwp docs (booklets) [Caol叩n McNamara]
    tdf#93847 Repaint problems with LibreOffice on Gtk3 [Caol叩n McNamara]
    tdf#94008 FILEOPEN: Crash opening password protected file - CJK UI [Takeshi Abe]
    tdf#94022 Hide "Installable Options" in Linux print dialog [Michael Weghorn]
    tdf#94049 RTF IMPORT: rtf file with OLE object crashes libreoffice every time [Miklos Vajna]
    tdf#94069 EDITING: Moving a tablecontrol while editing a form leads to a hang [Caol叩n McNamara]
    tdf#94138 Form Control Text Boxes Print And Export To PDF Incorrectly [Toma転 Vajngerl]
    tdf#94214 Function FINV exported as "COM.MICROSOFT.F.INV" although it is spec'ed in OpenFormula [Winfried Donkers]
    tdf#94227 FILEOPEN: XLSX - Pattern/hatching fill no longer imported into charts [Markus Mohrhard]
    tdf#94374 Insert -> Document: "Read-Error. Error reading file." for DOCX files [Miklos Vajna]
    tdf#94384 Icons appearing with black backgrounds when "use OpenGL for Rendering" is enabled [Toma転 Vajngerl]
    tdf#94421 Web Wizard: option shift when loading saved session [Julien Nabet]
    tdf#94435 FILEOPEN: RTF - Text alignment not retained [Miklos Vajna]
    tdf#94456 FILEOPEN: RTF - Heading position incorrect [Miklos Vajna]
    tdf#94473 Properties Help buttons direct to broken weblink [Andras Timar]
    tdf#94477 missing "Format > Character" item in the customize keyboard command menu [Yousuf Philips]
    tdf#94485 VIEWING: broken UI and spreadsheet display issue after opening specific .xlsm [Jan-Marek Glogowski]
    tdf#94624 Cell formula =<A1>^2 result is different from =(<A1>)^2 if <A1> is negative [Oliver Specht]
    tdf#94679 EDITING: Text selection with Shift+PageDown broken part2 [Justin Luth]
    tdf#94743 Web Wizard: Cannot export in ftp [Julien Nabet]
    tdf#94796 LINEST and LOGEST should have ForceArray parameter types (was: LINEST and INDEX problem) [Eike Rathke]
    tdf#94804 Cross references break on reload. [Michael Stahl]
    tdf#94810 "Replace All" using regex gives wrong results [Mike Kaganski, Eike Rathke]
    tdf#94818 FILEOPEN Table layout jumbled for .doc [Caol叩n McNamara]
    tdf#94829 LibreOffice splash screen sets invalid WM_SIZE_HINTS [Julien Nabet]
    tdf#94869 Calculations involving an array and a position dependent intersection do not propagate an error if there is no intersection in non-array scalar mode [Eike Rathke]
    tdf#94871 [HELP] note and warning paragraphs are aligned incorrectly [Michael Stahl]
    tdf#94888 Display "Bad parameter" when trying to access a read/only share on Sharepoint. [Giuseppe Castagno]
    tdf#94908 [UI] Search filter in Autofilter breaks searching by typing in the list: OK button is blocked [Dennis Francis]
    tdf#94924 OpenCL: strange behavior in formulas computing [Tor Lillqvist]
    tdf#94936 FILESAVE PDF: LibreOffice crashes when saving document (GTK3, Gnome 3.18) [Maxim Monastirsky]
    tdf#95021 Crash in macro dialog [Caol叩n McNamara]
    tdf#95024 Support for new Hungarian orthography [L叩szl坦 N辿meth]
    tdf#95071 Cannot open a particular Word 2010 docx document (SAXParseException line 2) [Mike Kaganski]
    tdf#95091 Editable input fields in protected section: no delete or backspace possible [Oliver Specht]
    tdf#95096 IMDeleteSurrounding kmfl characters are not "swallowed" and writer exits with exception [Justin Luth]
    tdf#95188 DOCX import: picture in footnote is not imported [Oliver Specht]
    tdf#95220 FILEOPEN: Crash on opening attached Calc template [Mike Kaganski]
    tdf#95298 UI Crash on deleting part of animated gif [Armin Le Grand]
    tdf#95321 FILEOPEN: Tables no longer imported correctly from Word .doc files [Caol叩n McNamara]
    tdf#95352 autocorrect replacement table column misalignment after resize [Caol叩n McNamara]
    tdf#95395 EDITING: VLOOKUP fails if 1st parameter is a position dependent implicit intersection [Eike Rathke]
    tdf#95419 FILEOPEN: looong time loading specific .ods [Eike Rathke]
    tdf#95481 FILEOPEN: LibO crashes loading .odg [Armin Le Grand]
    tdf#95551 Crash changing icon themes when image has imagemap [Michael Meeks]
    tdf#95569 ODT export: conflicting style:repeat attributes on two XML elements [Michael Stahl]
    tdf#95670 CALCULATING: ForceArray parameters not properly propagated, e.g. for functions expecting scalar values but passed a range reference inside SUMPRODUCT [Eike Rathke]
    tdf#95677 Exponent must have sign when export to Excel [Laurent Balland-Poirier]
    tdf#95761 All Hotkeys with CTRL+ALT+ not worked [Juergen Funk]
    tdf#95783 VIEWING: Line breaks too early for Georgia font [Tor Lillqvist]
    tdf#95916 Alizarin master page formats date in Japanese [Laurent Balland-Poirier]

(ryoon)

Updated emulators/qemu to 2.5.0

(ryoon)

Update to 2.5.0

Changelog:
== System emulation ==
* guard pages are now inserted after guest RAM, to guard against guest-triggered buffer overflow attacks

=== Incompatible changes ===
* The mips32r5-generic CPU was renamed to P5600
* Host floppy device pass-through (block driver "host_floppy") has been removed; it is still possible to use them just like any other device file, however, a medium change will no longer be passed through to the guest

=== Future incompatible changes ===
* Three options are using different names on the command line and in configuration file.  In particular:
** The "acpi" configuration file section matches command-line option "acpitable";
** The "boot-opts" configuration file section matches command-line option "boot";
** The "smp-opts" configuration file section matches command-line option "smp".
:-readconfig will standardize on the name for the command line option.
* Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
* Image encryption is fatally flawed, and will be dropped entirely.  It'll remain available only in qemu-img, so you can use 'qemu-img convert' to convert encrypted images to uncrypted ones.
* Block device parameter aio=native has no effect without cache.direct=on.  It will be made an error.
* Block device parameter aio=native has no effect if qemu is compiled without libaio support.  It will be made an error.
* A few devices will be configured with explicit properties instead of implicitly.  Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
* QMP command blockdev-add is still a work in progress.  It doesn't support all block drivers, it lacks a matching blockdev-del, and more.  It might change incompatibly.
* The s390-virtio machine has been deprecated for 2.5; it will be removed in 2.6. s390x users should switch to the (default) s390-ccw-virtio machine.
* Changes to device "sdhci-pci" will make migration between old and new versions impossible.
* We intend to drop support for running QEMU on MacOSX 10.5 hosts in the QEMU 2.6 release, unless somebody who uses it wishes to step forward and help us with regular testing.

=== Alpha ===
=== ARM ===
* The "virt" machine type supports passing SMBIOS to the firmware.
* Semihosting support on AArch64
* New i.MX31 SoC.
* The ZynqMP and Allwinner A10 platforms support AHCI.
* Support for VGICv3 in KVM
* Support for GICv3 in the ACPI tables.
* The "virt" machine now has a second PCIe MMIO region of 512GB in size in high memory. Note that older 32-bit ARM Linux kernels built without CONFIG_LPAE have a bug where the presence of this region in high memory causes them to refuse to use the PCIe controller at all. In this case you can either reconfigure your kernel with CONFIG_LPAE=y, or pass QEMU the "-machine highmem=off" option to disable the use of high memory for PCIe. The kernel bug is expected to be fixed in Linux kernel release 4.4.
=== MIPS ===
* The mips32r5-generic CPU was renamed to P5600
* Improvements to MIPS R6 emulation

=== PowerPC ===
==== pSeries ====
* Support for memory hotplug
* The shipped version of SLOF includes GPT support.
* Using VFIO doesn't need spapr-pci-vfio-host-bridge anymore.
* virtio-vga now supported on sPAPR guests.
* [[Features/HRandomHypercall | H_RANDOM hypercall]] device for providing good random data to the guests.
==== Mac99 ====
* Improve ability to boot MacOS 9 (based upon GSoC project "Implement support for Mac OS 9 in QEMU " by Cormac O'Brien)

=== s390 ===
* Storage keys are migrated.
* New "info skeys" command in HMP to dump the storage key for a given address.
* Support for virtio 1 in the virtio-ccw devices.
** A maximum virtio-ccw revision can be specified via the "max_revision" property: max_revision=0 may be used to enforce usage of legacy virtio mode.
* Support for boot from El Torito iso images on virtio-blk has been added.

=== SH ===
=== SPARC ===

* sun4u: Fix EBus device enumeration under FreeBSD SPARC64 (OpenBIOS)

=== TileGX ===
* New target.
=== x86 ===
* The emulated IOMMU (VT-d) supports devices behind a bridge
* QEMU will warn when using a "-cpu" model that includes unsupported features. These features are disabled automatically, just like in previous versions of QEMU
* /machine/icc-bridge was removed from the QOM tree. Software relying on icc-bridge to find CPU objects should use the "qom_path" field of "query-cpus" QMP command

==== CPU models and features ====
* Haswell and Broadwell CPU models now include ABM
* Cache information passthrough (which was enabled by default on "-cpu host") is now disabled by default
* ABM, POPCNT, and SSE4a are not enabled in the default CPU models (qemu64, qemu32) anymore, as many hosts don't support it
* RDTSCP was removed from AMD CPU models, as current KVM versions can't expose RDTSCP to guests in AMD hosts
* New Intel memory instructions (clflushopt/clwb/pcommit) are now supported
* TCG now supports Debug Extensions (CR4.DE)

==== KVM ====
* Support for Hyper-V-compatible reporting of crashes.

==== Xen ====
* Support for passthrough of Intel integrated GPUs.

=== Device emulation and assignment ===
* fw_cfg supports a DMA interface on ARM and x86.  This interface makes -kernel/-initrd much faster if supported by the firmware. SeaBIOS supports the DMA interface starting with release 1.9.0 (commit 06316c9d). The UEFI guest fw for ARM VMs (known as ArmVirtQemu or AAVMF) supports the DMA interface starting with git commit 953bcbcc / SVN r18545.
==== ACPI ====
==== Audio ====
==== Block devices ====
==== Character devices ====
==== IDE ====
* AHCI ATAPI PIO transfers greater than one sector are fixed. This helps on OVMF, which utilizes such transfers.
* Zero byte count limits will no longer hang ATAPI drives.
* ATAPI PIO reads, when the byte count limit is set to the ATAPI block size, are now asynchronous. This should help to prevent hangs due to missing CDROM media mounted via NFS.

==== Mouse/keyboard ====
==== Network ====
==== SCSI ====
* scsi-generic devices now can be used together with a "readonly=on" backend.
==== Shared memory device ====
* A sample implementation of the ivshmem client and ivhsmem server is included with QEMU.
* ivshmem supports a new "x-memdev" property that uses a memory object for the backend.  This makes it possible to use ivshmem with a hugetlbfs backend. This property is experimental and may be removed in future release in favour of an alternative ivshmem device.
* Use kvm irqfd for msi notifications
* Protocol change, native long -> LE int64_t

==== PCI/PCIe ====
* hotplug support added for multifunction devices. To use, add all functions except function 0 first. Adding function 0 exposes the device to the guest. Request removal on function 0. On guest acknowledge, all functions are ejected together.

==== TPM ====
==== VFIO ====
==== virtio ====
* virtio-gpu now supports 3D mode
* vhost-user now supports live migration. client changes are required to enable this. When used with an old client without migration support, vhost-user will now block migration (instead of failing silently)
* vhost-user now supports multi-queue. Use queues=# to enable this. client changes are required to enable this mode.  When used with an old client without multi-queue support, device will automatically fall back on using a single pair of queues.
* vhost-user protocol now includes protocol feature negotiation, including multiple new messages. When used with old clients, all new messages are automatically disabled.
* vhost-user no longer sents the RESET_OWNER message on device stop. The only QEMU version that sent it was 2.4, the message is now officially deprecated.
* migration now works when virtio 1 is enabled for virtio-pci
* For virtio-pci, virtio 1 performance on kvm on Intel CPUs has been improved (on kernel 4.4 and up).
* a new flag modern-pio-notify can be used to enable PIO for notifications in virtio 1 mode, to improve performance for host kernels older than 4.4, and processors without EPT support.
* virtio devices can now be placed on the pci express bus
* vhost is no longer disabled when guest does not use MSI-X. The vhostforce flag is no longer required.
* in virtio 1 mode, scsi passthrough is now disabled for virtio blk
* Please note that for virtio-pci, the modern (virtio 1) interface is still disabled by default. To enable, set the flag disable-modern=off.

==== VGA ====

=== Character devices ===
=== GUI ===
* New syntax for enabling TLS in the VNC server:
** Equivalent to <tt>-vnc hostname:0,tls</tt>: <tt>-object tls-creds-anon,id=tls0,endpoint=server -vnc hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc hostname:0,tls,x509=/path/to/certs</tt>: <tt>-object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=no -vnc hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc hostname:0,tls,x509verify=/path/to/certs</tt>: <tt>-object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=yes -vnc hostname:0,tls-creds=tls0</tt>
* The Cocoa GUI does not have show an 'open image file' dialog box anymore even if QEMU is started without arguments
* Thu curses GUI supports 256 colors and line graphics.

=== Monitor ===
* New "info iothreads" command.
* New "query-qmp-schema" command allows the caller to [[Features/QMP/Introspection | introspect the QMP schema]] used by QEMU.

=== Migration ===
* [[Features/PostCopyLiveMigration | Postcopy migration]] for migration of large/busy guests
* A more flexible [[Features/AutoconvergeLiveMigration | auto-converge mechanism]] (for busy guests)

=== Network ===
* Support for multiqueue in vhost-user.
* Support for network filters.  Currently, the only filter objects are "filter-buffer", which batches packets every N microseconds, and "filter-dump", which can be used to log the network traffic in a file.  Filters are attached to a netdev device using e.g. "-object filter-buffer,id=filter,netdev=net0,queue=rx,interval=1000" (which creates a 1ms filter-buffer).
=== Block devices in system emulation ===
=== Command-line options ===
=== TCG ===
* Improved system emulation performance for targets with software TLBs (e.g. SPARC).
* Initial support for [[Features/record-replay | record/replay]].

== Block devices and tools ==
* The HMP "change" command (QMP's “"lockdev-change-medium") now allows you to change the read-only mode of the device (e.g. when inserting a read-only floppy disk image into a previously R/W drive)
* Fine-grained control over a block device's tray with the new QMP commands "blockdev-open-tray", "blockdev-close-tray", "x-blockdev-insert-medium", and "x-blockdev-remove-medium" (the latter two are experimental for now)
* New "reopen" command in qemu-io
* block-dirty-bitmap-add and block-dirty-bitmap-clear transaction actions have been added to now fully support (transient) incremental bitmap usage and management.
* QMP transactions now support a "completion-mode" parameter which controls the completion behavior of jobs launched by transactions, which will allow them to fail together. See the [https://github.com/qemu/qemu/blob/master/docs/bitmaps.md bitmaps.md] documentation for how this affects incremental backups.
* Block I/O accounting can now report average queue depth, min/avg/max latency, and failed/invalid request counts
* qcow2 learnt a new option ''cache-clean-interval'', which allows to free unused cache entries after some time.
* An experimental QMP command ''x-blockdev-del'' was added as a completement for the (also still experimental) ''blockdev-add'' command.
* A new QMP command ''blockdev-snapshot'' that allows creating a snapshot using as overlay an image previously opened with ''blockdev-add''. This allows opening the overlay image with arbitrary run-time options, solving one of the limitations of ''blockdev-snapshot-sync''.
* It is now possible to open an image without its backing file by specifying the empty string as a backing file reference when opening the image. This is useful for creating snapshots, since images opened with ''blockdev-add'' are not supposed to have a backing file before the ''blockdev-snapshot'' operation.
* Host CD-ROM support now works on Mac OS X hosts
* Host floppy support has been removed (it was deprecated in QEMU 2.3)
* The temporary "x-data-plane=on/off" option for virtio-blk device is removed now, all users are requested to use the canonical "-object iothread,id=<id> -device virtio-blk,iothread=<id>,..." syntax.

== Audio ==

== Guest agent ==
* Add an optional qemu-ga.conf system configuration
* Support for dumping the configuration current file with --dump-conf
* Win32 support for guest-set-user-password
* New command guest-exec

== User-mode emulation ==
* The configure option --disable-guest-base has been removed.
== Build dependencies ==
* libcacard has been moved to a standalone project, hosted at git://anongit.freedesktop.org/spice/libcacard.  The libcacard library from QEMU 2.4 can also be used to build QEMU 2.5.
* virtio-gpu 3D support requires virglrenderer.
== Known issues ==
* SDL audio only works with SDL 1.x.
* 64-bit QEMU might crash on Windows (problems with stack unwinding, depends on build environment, [http://repo.or.cz/w/qemu/ar7.git/commit/8fa9c07c9a33174905e67589bea6be3e278712cb possible fix])
* QEMU's configure script fails with pdksh from OpenBSD (see [https://bugs.launchpad.net/qemu/+bug/1525682 bug #1525682]. Using another shell with configure should work.

(ryoon)

Updated devel/xulrunner38 to 38.5.0

(ryoon)

Update to 38.5.0

Sync with firefox38-38.5.0

(ryoon)

Fix previous attempt of passing LDFLAGS
Ok joerg@

(wiedi)

Pullup tickets #4872 and #4873.

(bsiegert)

Pullup ticket #4873 - requested by cyber
devel/nbpatch: security fix

Revisions pulled up:
- devel/nbpatch/Makefile                                        1.10
- devel/nbpatch/files/backupfile.c                              1.3
- devel/nbpatch/files/common.h                                  1.5
- devel/nbpatch/files/inp.c                                    1.7
- devel/nbpatch/files/nbpatch.1                                1.2
- devel/nbpatch/files/nbpatch.cat1                              1.2
- devel/nbpatch/files/patch.c                                  1.3
- devel/nbpatch/files/pch.c                                    1.2

---
  Module Name:    pkgsrc
  Committed By:  joerg
  Date:          Sat Nov  7 18:29:50 UTC 2015

  Modified Files:
          pkgsrc/devel/nbpatch: Makefile
          pkgsrc/devel/nbpatch/files: backupfile.c common.h inp.c nbpatch.1
              nbpatch.cat1 patch.c pch.c

  Log Message:
  nbpatch-20151107: Merge various changes from NetBSD:
  (1) Allow "-V none" to disable backups.
  (2) Stricter control about valid ed-style patches.
  (3) Avoid shell use when looking for RCS, remove SCCS support.

(bsiegert)

Pullup ticket #4872 - requested by taca
net/bind910: security fix

Revisions pulled up:
- net/bind910/Makefile                                          1.13-1.14
- net/bind910/distinfo                                          1.12-1.13
- net/bind910/patches/patch-bin_dig_dighost.c                  1.3
- net/bind910/patches/patch-bin_tests_system_Makefile.in        1.3
- net/bind910/patches/patch-configure                          1.4

---
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Sun Dec 13 17:35:22 UTC 2015

  Modified Files:
          pkgsrc/net/bind910: Makefile distinfo
          pkgsrc/net/bind910/patches: patch-bin_dig_dighost.c
              patch-bin_tests_system_Makefile.in patch-configure

  Log Message:
  Update bind910 to 9.10.3.

  Security Fixes

        * An incorrect boundary check in the OPENPGPKEY rdatatype could
          trigger an assertion failure. This flaw is disclosed in
          CVE-2015-5986. [RT #40286]
        * A buffer accounting error could trigger an assertion failure when
          parsing certain malformed DNSSEC keys.
          This flaw was discovered by Hanno B旦ck of the Fuzzing Project, and
          is disclosed in CVE-2015-5722. [RT #40212]
        * A specially crafted query could trigger an assertion failure in
          message.c.
          This flaw was discovered by Jonathan Foote, and is disclosed in
          CVE-2015-5477. [RT #40046]
        * On servers configured to perform DNSSEC validation, an assertion
          failure could be triggered on answers from a specially configured
          server.
          This flaw was discovered by Breno Silveira Soares, and is disclosed
          in CVE-2015-4620. [RT #39795]

  New Features

        * New quotas have been added to limit the queries that are sent by
          recursive resolvers to authoritative servers experiencing
          denial-of-service attacks. When configured, these options can both
          reduce the harm done to authoritative servers and also avoid the
          resource exhaustion that can be experienced by recursives when they
          are being used as a vehicle for such an attack.
          NOTE: These options are not available by default; use configure
          --enable-fetchlimit to include them in the build.
            + fetches-per-server limits the number of simultaneous queries
              that can be sent to any single authoritative server. The
              configured value is a starting point; it is automatically
              adjusted downward if the server is partially or completely
              non-responsive. The algorithm used to adjust the quota can be
              configured via the fetch-quota-params option.
            + fetches-per-zone limits the number of simultaneous queries
              that can be sent for names within a single domain. (Note:
              Unlike "fetches-per-server", this value is not self-tuning.)
          Statistics counters have also been added to track the number of
          queries affected by these quotas.
        * dig +ednsflags can now be used to set yet-to-be-defined EDNS flags
          in DNS requests.
        * dig +[no]ednsnegotiation can now be used enable / disable EDNS
          version negotiation.
        * An --enable-querytrace configure switch is now available to enable
          very verbose query tracelogging. This option can only be set at
          compile time. This option has a negative performance impact and
          should be used only for debugging.

  Feature Changes

        * Large inline-signing changes should be less disruptive. Signature
          generation is now done incrementally; the number of signatures to
          be generated in each quantum is controlled by
          "sig-signing-signatures number;". [RT #37927]
        * The experimental SIT extension now uses the EDNS COOKIE option code
          point (10) and is displayed as "COOKIE: <value>". The existing
          named.conf directives; "request-sit", "sit-secret" and
          "nosit-udp-size", are still valid and will be replaced by
          "send-cookie", "cookie-secret" and "nocookie-udp-size" in BIND
          9.11. The existing dig directive "+sit" is still valid and will be
          replaced with "+cookie" in BIND 9.11.
        * When retrying a query via TCP due to the first answer being
          truncated, dig will now correctly send the COOKIE value returned by
          the server in the prior response. [RT #39047]
        * Retrieving the local port range from net.ipv4.ip_local_port_range
          on Linux is now supported.
        * Active Directory names of the form gc._msdcs.<forest> are now
          accepted as valid hostnames when using the check-names option.
          <forest> is still restricted to letters, digits and hyphens.
        * Names containing rich text are now accepted as valid hostnames in
          PTR records in DNS-SD reverse lookup zones, as specified in RFC
          6763. [RT #37889]

  Bug Fixes

        * Asynchronous zone loads were not handled correctly when the zone
          load was already in progress; this could trigger a crash in zt.c.
          [RT #37573]
        * A race during shutdown or reconfiguration could cause an assertion
          failure in mem.c. [RT #38979]
        * Some answer formatting options didn't work correctly with dig
          +short. [RT #39291]
        * Malformed records of some types, including NSAP and UNSPEC, could
          trigger assertion failures when loading text zone files. [RT
          #40274] [RT #40285]
        * Fixed a possible crash in ratelimiter.c caused by NOTIFY messages
          being removed from the wrong rate limiter queue. [RT #40350]
        * The default rrset-order of random was inconsistently applied. [RT
          #40456]
        * BADVERS responses from broken authoritative name servers were not
          handled correctly. [RT #40427]
        * Several bugs have been fixed in the RPZ implementation:
            + Policy zones that did not specifically require recursion could
              be treated as if they did; consequently, setting
              qname-wait-recurse no; was sometimes ineffective. This has
              been corrected. In most configurations, behavioral changes due
              to this fix will not be noticeable. [RT #39229]
            + The server could crash if policy zones were updated (e.g. via
              rndc reload or an incoming zone transfer) while RPZ processing
              was still ongoing for an active query. [RT #39415]
            + On servers with one or more policy zones configured as slaves,
              if a policy zone updated during regular operation (rather than
              at startup) using a full zone reload, such as via AXFR, a bug
              could allow the RPZ summary data to fall out of sync,
              potentially leading to an assertion failure in rpz.c when
              further incremental updates were made to the zone, such as via
              IXFR. [RT #39567]
            + The server could match a shorter prefix than what was
              available in CLIENT-IP policy triggers, and so, an unexpected
              action could be taken. This has been corrected. [RT #39481]
            + The server could crash if a reload of an RPZ zone was
              initiated while another reload of the same zone was already in
              progress. [RT #39649]
            + Query names could match against the wrong policy zone if
              wildcard records were present. [RT #40357]

---
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Wed Dec 16 00:31:22 UTC 2015

  Modified Files:
          pkgsrc/net/bind910: Makefile distinfo

  Log Message:
  Update bind910 package to 9.10.3pl2 (BIND 9.10.3-P2), security release.

          --- 9.10.3-P2 released ---

  4270.  [security]      Update allowed OpenSSL versions as named is
                          potentially vulnerable to CVE-2015-3193.

  4261.  [maint]        H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
                          [RT #40556]

  4260.  [security]      Insufficient testing when parsing a message allowed
                          records with an incorrect class to be be accepted,
                          triggering a REQUIRE failure when those records
                          were subsequently cached. (CVE-2015-8000) [RT #40987]

  4253.  [security]      Address fetch context reference count handling error
                          on socket error. (CVE-2015-8461) [RT#40945]

          --- 9.10.3-P1 (withdrawn) ---

(bsiegert)

Updated devel/subversion to 1.9.3

(adam)

Changes 1.9.3:

This release fixes two security issues:

    CVE-2015-5259:
    Remotely triggerable heap overflow and out-of-bounds read caused by
    integer overflow in the svn:// protocol parser.
    http://subversion.apache.org/security/CVE-2015-5259-advisory.txt

    CVE-2015-5343:
    Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn
    caused by integer overflow when parsing skel-encoded request bodies.
    http://subversion.apache.org/security/CVE-2015-5343-advisory.txt

(adam)

Deal with the directory name change in the recent distfiles.

(joerg)

Avoid UTF8, it breaks Python 3 builds in the C locale.

(joerg)

fix master site

(tnn)

Note update of lang/php70 package to 7.0.1.

(taca)

Update php70 to 7.0.1, approved by gdt@.

17 Dec 2015, PHP 7.0.1

- Core:
  . Fixed bug #71105 (Format String Vulnerability in Class Name Error Message).
    (andrew at jmpesp dot org)
  . Fixed bug #70831 (Compile fails on system with 160 CPUs).
    (Daniel Axtens)
  . Fixed bug #71006 (symbol referencing errors on Sparc/Solaris). (Dmitry)
  . Fixed bug #70997 (When using parentClass:: instead of parent::, static
    context changed). (Dmitry)
  . Fixed bug #70970 (Segfault when combining error handler with output
    buffering). (Laruence)
  . Fixed bug #70967 (Weird error handling for __toString when Error is
    thrown). (Laruence)
  . Fixed bug #70958 (Invalid opcode while using ::class as trait method
    paramater default value). (Laruence)
  . Fixed bug #70944 (try{ } finally{} can create infinite chains of
    exceptions). (Laruence)
  . Fixed bug #70931 (Two errors messages are in conflict). (dams, Laruence)
  . Fixed bug #70904 (yield from incorrectly marks valid generator as finished).
    (Bob)
  . Fixed bug #70899 (buildconf failure in extensions). (Bob, Reeze)
  . Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
    php_register_internal_extensions). (Lior Kaplan)
  . Fixed \int (or generally every scalar type name with leading backslash)
    to not be accepted as type name. (Bob)
  . Fixed exception not being thrown immediately into a generator yielding
    from an array. (Bob)
  . Fixed bug #70987 (static::class within Closure::call() causes segfault).
    (Andrea)
  . Fixed bug #71013 (Incorrect exception handler with yield from). (Bob)
  . Fixed double free in error condition of format printer. (Bob)

- CLI server:
  . Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()). (Adam)

- Intl:
  . Fixed bug #71020 (Use after free in Collator::sortWithSortKeys).
    (emmanuel dot law at gmail dot com, Laruence)

- Mysqlnd:
  . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
    (Laruence)
  . Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
    validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
    connection flag. (Andrey)

- OCI8:
  . Fixed LOB implementation size_t/zend_long mismatch reported
    by gcov. (Senthil)

- Opcache:
  . Fixed #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on
    the same server). (Anatol)
  . Fixed bug #70991 (zend_file_cache.c:710: error: array type has incomplete
    element type). (Laruence)
  . Fixed bug #70977 (Segmentation fault with opcache.huge_code_pages=1).
    (Laruence)

- Phpdbg:
  . Fixed stderr being written to stdout. (Bob)

- Reflection:
  . Fixed bug #71018 (ReflectionProperty::setValue() behavior changed).
    (Laruence)
  . Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with
    5.6). (Laruence)

- SPL:
  . Fixed bug #71028 (Undefined index with ArrayIterator). (Laruence)

- SQLite3:
  . Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead
    of internal buffer). (Laruence)

- Standard:
  . Fixed bug #70999 (php_random_bytes: called object is not a function).
    (Scott)
  . Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
    of parameters). (Laruence)

- Streams/Socket:
  . Add IPV6_V6ONLY constant / make it usable in stream contexts. (Bob)

- Soap:
  . Fixed bug #70993 (Array key references break argument processing).
    (Laruence)

- PDO_Firebird:
  . Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)

(taca)

Build nbawk and nbsed on Darwin 10.11 (El Capitan) too, it still has the sed
which fails when using a UTF-8 locale.  Ok'd during the freeze by wiz@

(jperkin)

Fix build problem on NetBSD 6.1_STABLE.

Avoid to multiple declaration by typedef.

(taca)

Fix build problem on NetBSD 7.0_STABLE.
Requires <sys/time.h> for struct timespec.

(taca)

Lowercase LICENSE.

(taca)

"test ==" portability fix.

(asau)

Upstream set the maximum queue length of the socket to INT_MAX. Increase
this value to 1024 to accommodate larger deployments until we get a proper
tunable.

(rodent)

Don't use __attribute__((__noreturn__)) without compiler guards.
should fix (or at least improve) bootstrap on DU/Tru64 with the
DEC/Compaq compiler.

(dholland)

Pullup ticket #4871.

(bsiegert)

Pullup ticket #4871 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                          1.49-1.50
- net/bind99/distinfo                                          1.34-1.35
- net/bind99/patches/patch-bin_dig_dighost.c                    1.5
- net/bind99/patches/patch-bin_tests_system_Makefile.in        1.6
- net/bind99/patches/patch-configure                            1.11

---
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Sun Dec 13 17:37:00 UTC 2015

  Modified Files:
          pkgsrc/net/bind99: Makefile distinfo
          pkgsrc/net/bind99/patches: patch-bin_dig_dighost.c
              patch-bin_tests_system_Makefile.in patch-configure

  Log Message:
  Update bind99 to 9.9.8.

  Security Fixes

        * An incorrect boundary check in the OPENPGPKEY rdatatype could
          trigger an assertion failure. This flaw is disclosed in
          CVE-2015-5986. [RT #40286]
        * A buffer accounting error could trigger an assertion failure when
          parsing certain malformed DNSSEC keys.
          This flaw was discovered by Hanno B旦ck of the Fuzzing Project, and
          is disclosed in CVE-2015-5722. [RT #40212]
        * A specially crafted query could trigger an assertion failure in
          message.c.
          This flaw was discovered by Jonathan Foote, and is disclosed in
          CVE-2015-5477. [RT #40046]
        * On servers configured to perform DNSSEC validation, an assertion
          failure could be triggered on answers from a specially configured
          server.
          This flaw was discovered by Breno Silveira Soares, and is disclosed
          in CVE-2015-4620. [RT #39795]

  New Features

        * New quotas have been added to limit the queries that are sent by
          recursive resolvers to authoritative servers experiencing
          denial-of-service attacks. When configured, these options can both
          reduce the harm done to authoritative servers and also avoid the
          resource exhaustion that can be experienced by recursives when they
          are being used as a vehicle for such an attack.
          NOTE: These options are not available by default; use configure
          --enable-fetchlimit to include them in the build.
            + fetches-per-server limits the number of simultaneous queries
              that can be sent to any single authoritative server. The
              configured value is a starting point; it is automatically
              adjusted downward if the server is partially or completely
              non-responsive. The algorithm used to adjust the quota can be
              configured via the fetch-quota-params option.
            + fetches-per-zone limits the number of simultaneous queries
              that can be sent for names within a single domain. (Note:
              Unlike "fetches-per-server", this value is not self-tuning.)
          Statistics counters have also been added to track the number of
          queries affected by these quotas.
        * An --enable-querytrace configure switch is now available to enable
          very verbose query tracelogging. This option can only be set at
          compile time. This option has a negative performance impact and
          should be used only for debugging.
        * EDNS COOKIE options content is now displayed as "COOKIE:
          <hexvalue>".

  Feature Changes

        * Large inline-signing changes should be less disruptive. Signature
          generation is now done incrementally; the number of signatures to
          be generated in each quantum is controlled by
          "sig-signing-signatures number;". [RT #37927]
        * Retrieving the local port range from net.ipv4.ip_local_port_range
          on Linux is now supported.
        * Active Directory names of the form gc._msdcs.<forest> are now
          accepted as valid hostnames when using the check-names option.
          <forest> is still restricted to letters, digits and hyphens.
        * Names containing rich text are now accepted as valid hostnames in
          PTR records in DNS-SD reverse lookup zones, as specified in RFC
          6763. [RT #37889]

  Bug Fixes

        * Asynchronous zone loads were not handled correctly when the zone
          load was already in progress; this could trigger a crash in zt.c.
          [RT #37573]
        * A race during shutdown or reconfiguration could cause an assertion
          failure in mem.c. [RT #38979]
        * Some answer formatting options didn't work correctly with dig
          +short. [RT #39291]
        * Malformed records of some types, including NSAP and UNSPEC, could
          trigger assertion failures when loading text zone files. [RT
          #40274] [RT #40285]
        * Fixed a possible crash in ratelimiter.c caused by NOTIFY messages
          being removed from the wrong rate limiter queue. [RT #40350]
        * The default rrset-order of random was inconsistently applied. [RT
          #40456]
        * BADVERS responses from broken authoritative name servers were not
          handled correctly. [RT #40427]

---
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Wed Dec 16 00:32:06 UTC 2015

  Modified Files:
          pkgsrc/net/bind99: Makefile distinfo

  Log Message:
  Update bind99 package to 9.9.8pl2 (BIND 9.9.8-P2), security release.

          --- 9.9.8-P2 released ---

  4270.  [security]      Update allowed OpenSSL versions as named is
                          potentially vulnerable to CVE-2015-3193.

  4261.  [maint]        H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
                          [RT #40556]

  4260.  [security]      Insufficient testing when parsing a message allowed
                          records with an incorrect class to be be accepted,
                          triggering a REQUIRE failure when those records
                          were subsequently cached. (CVE-2015-8000) [RT #40987]

  4253.  [security]      Address fetch context reference count handling error
                          on socket error. (CVE-2015-8461) [RT#40945]

          --- 9.9.8-P1 (withdrawn) ---

(bsiegert)

Update to Jenkins 1.642.

Changes in 1.642 (2015/12/13)

- Various kinds of settings could not be saved since 1.640.
  (issue 31954)

Changes in 1.641 (2015/12/09)

- Important security fixes (CVE-2015-7536, CVE-2015-7537,
  CVE-2015-7538, CVE-2015-7539)

Changes in 1.640 (2015/12/07)

- Added support of default values in the enum.jelly form
  element. (PR 1926)
- Bytecode Compatibility Transformer computes the common super
  class without loading classes. Fixes the ClassCircularityError
  exception in Ruby Runtime Plugin. (issue 31019)
- Extended Choice parameter definitions could not be saved since 1.637.
  (issue 31458)
- Display expected CRON run times even if a warning occurs.
  (issue 29059)
- Rework the online-node command implementation, no functional
  changes. (issue 31776)
- Fix the footer behavior in particular cases. (issue 30304,
  issue 31395)
- API changes: Deprecate subclassing of hudson.Plugin. (PR 1940)

Changes in 1.639 (2015/11/29)

- "Discard old builds" setting would be lost if resaving job
  configuration as of 1.637 without rechecking the box. (issue 31518)
- "Form too large" errors from Jetty when submitting massive
  forms. (issue 20327)
- Multiple workspace browser features broken on Windows masters
  since 1.634. (issue 31015)

Changes in 1.638 (2015/11/11)

- Important security fixes (CVE-2015-5317, CVE-2015-5318,
  CVE-2015-5319, CVE-2015-5320, CVE-2015-5324, CVE-2015-5321,
  CVE-2015-5322, CVE-2015-5323, CVE-2015-5325, CVE-2015-5326,
  CVE-2015-8103)

Changes in 1.637 (2015/11/08)

- Remove useless warnings about a JDK named null. (issue 31217)
- New OptionalJobProperty class to simplify JobProperty
  creation. (pull 1888)

Changes in 1.636 (2015/11/01)

- Add "lastCompletedBuild" job permalink. (issue 26270)

Changes in 1.635 (2015/10/25)

- Make Node implement Saveable. (issue 31055)
- Revert trigger optimizations made in 1.621 by PR 1617.
  (issue 30745)
- Delegate CLI's delete-node command to the overridable
  Computer.doDoDelete() method. Fixes the issue in OpenStack and
  JClouds plugins. (issue 31098, regression in 1.618)
- Prevent autocorrect of username on mobile devices in login
  forms. (PR 1531)
- Describe the built-in JDK as "(System)". (issue 755)
- Update JNA library to 4.2.1 in order to integrate fixes for
  linux-ppc64 and linux-arm platforms. (issue 15792)

Changes in 1.634 (2015/10/18)

- Fix order of builds in new builds history widget introduced
  in 1.633. (issue 30899)
- Bytecode Compatibility Transformer would fail to transform
  some classes resulting in ClassNotFoundException. (issue 30820)
- Prevent ClassCastException in AbstractBuild::reportError() if
  the build step is not Publisher. (issue 30730)
- Trim job names during the rename operation (it is impossible
  to delete or rename jobs with trailing spaces). (issue 30502)
- Add "graphBg" and "plothBg" background color options to plot
  URLs (PR 1769)
- API changes: Add get method for causes of interruption in
  hudson.model.Executor (PR 1712)
- Allow case insensitive file patterns in Artifacts Archiving.
  (issue 5253)
- Prevent NullPointerException while estimating duration of
  Queue executable items. (issue 30456)
- Fix the resolution of Windows symbolic links in
  SecretRewriter. (issue 30456)
- Let a combobox display its drop-down when focused, so users
  can see candidates without entering a letter. (issue 26278)

Changes in 1.633 (2015/10/11)

- Added safari pinned tab icon.
- Plugin Manager UI changes to prevent users from
  enabling/disabling/uninstalling plugins at the "wrong" time.
  (issue 23150)
- bytecode-compatibility-transformer produces malformed
  bytecode. (issue 28781)
- Properly handle RuntimeExceptions in run retention policy
  handler calls. (issue 29888)
- Prevent NullPointerException in CLI if Jenkins cannot find the
  specified job or a job with the nearest name. (issue 30742)
- Do not show REST API link for pages, which have no API
  handlers. (issue 29014)
- JS alert preventing to leave a configuration page without
  changes. (issue 21720)
- JS error triggered by collapsing build history widget. (issue 30569)
- Build history pagination and search. (issue 26445)

Changes in 1.632 (2015/10/05)

- Optimize TagCloud size calculation. (issue 30705)
- FlyWeightTasks tied to a label will not cause node
  provisioning and will be blocked forever. (issue 30084)
- Prevent NullPointerException for disabled builds in
  ReverseBuildTrigger. (issue 29876)
- ConsoleLogFilter wasn't truly global (issue 30777)
- API changes: hudson.Util.isOverridden() now supports protected
  methods. (issue 30002)
- Sidepanel controls with confirmation (lib/layout/task) did not
  assign the proper CSS style. (issue 30787)

Changes in 1.631 (2015/09/27)

- Add proper labels for plugin categories assigned to some
  plugins. (PR 1758)

Changes in 1.630 (2015/09/20)

- Make JenkinsRule useable on systems which don't support JNA
  (issue 29507)

Changes in 1.629 (2015/09/15)

- Old data monitor made Jenkins single-threaded for all saves.
  (issue 30139)

Changes in 1.628 (2015/09/06)

- Replaced all non java.util.logging logging libraries with
  slf4j interceptors. (PR 1816)
- Document allBuilds subtree in remote API for jobs. (PR 1817)

Changes in 1.627 (2015/08/30)

- Race condition in triggers could cause various
  NullPointerExceptions. (issue 29790)
- Archiving of large artifacts. Tar implementation cannot handle
  files having a size >8GB. (issue 10629)
- Allow plugins to augment or replace the plugin manager UI. (PR 1788)

Changes in 1.626 (2015/08/23)

- RunIdMigrator fails to revert Matrix and Maven jobs. (issue 29989)
- Fix error message "Failed to listen to incoming slave connection"
  after fixing port through init.groovy.d. (issue 29798)

Changes in 1.625 (2015/08/17)

- Fixed a deadlock between the old data monitor and
  authorization strategies. (issue 29936)
- Allow rejecting configurations with errors in critical fields
  via REST / CLI. (issue 28440)
- Do not display No changes if changelog is still being computed.
  (issue 2327)

Changes in 1.624 (2015/08/09)

- Allow more job types to use a custom "Build Now" text. (issue 26147)

Changes in 1.623 (2015/08/02)

- No notable changes in this release.

Changes in 1.622 (2015/07/27)

- Jenkins now support self-restart and daemonization in FreeBSD
  (PR 1770)
- Node provisioner may fail to correctly indicate that
  provisioning was finished. (issue 29568)

Changes in 1.621 (2015/07/19)

- Sort by 'Free Disk Space' is incorrect. (issue 29286)
- Label expression help is missing in recent Jenkins versions.
  (issue 29376)
- Pre-emptively break memory cycles causing excessive live-set
  retention in remoting layer. (issue 28844)
- Don't run trigger for disabled/copied projects. (PR 1617)

Changes in 1.620 (2015/07/12)

- Display system info even when slave is temporarily offline.
  (issue 29300)

Changes in 1.619 (2015/07/05)

- Update auto-installer metadata for newly installed plugins.
  (issue 27694)
- Allow plugins to veto process killing. (issue 9104)

Changes in 1.618 (2015/06/29)

- Fix deadlock in hudson.model.Executor. (issue 28690)
- Don't truncate /consoleText output after fixed number of
  lines. (issue 14899)
- Allow delete-* CLI commands to operate on multiple arguments.
  (issue 28041)
- Prevent NullPointerException in Executor/causeOfDeath page if
  there is no exception details. (issue 25734)
- Fixed synchronization issue when setting JDK installations.
  (issue 28292)
- Fix several loggers which are identifying as the wrong class.
  (PR 1651)
- Revert fix for issue 17290 due to the regressions it caused.
  (issue 28601)
- Fix deadlock between hudson.model.Queue and
  hudson.model.Computer. (issue 28840)
- Fix jobs getting stuck in the Queue when there exists a cycle
  of upstream/downstream blocks between them. (issue 28926)
- Always use earlier start time when merging two equivalent
  queue items. (issue 2180)

Changes in 1.617 (2015/06/07)

- Regression in build-history causing ball to not open console
  (issue 28704)
- JNLP slaves did not pick up changes to environment variables.
  (issue 27739)
- NullPointerException in AbstractProject constructor if Jenkins
  nodes has not been loaded yet (issue 28654)

Changes in 1.616 (2015/05/31)

- Job loading can be broken by NullPointerException in a build
  trigger (issue 27549)

Changes in 1.615 (2015/05/25)

- Improper calculation of queue length in UnlabeledLoadStatistics
  causing overheads in Cloud slave provisioning (issue 28446)
- Category titles in Available Plugins list appear wrong in
  reverse sort order (issue 17290)
- CronTab API: Timezone support for scheduling (issue 9283)
- NullPointerException when trying to reset Jenkins admin
  address (issue 28419)
- Reduce the thread overhead in NodeMonitorUpdater (PR 1714)
- Build history overflows (issue 28425)
- Build History badges don't wrap (issue 28455)

Changes in 1.614 (2015/05/17)

- ExtensionList even listener. (issue 28434)
- NullPointerException computing load statistics under some
  conditions. (issue 28384)
- Plugins using class loader masking did not work properly over
  the slave channel. (issue 27289)
- DefaultJnlpSlaveReceiver now returns true when rejecting a
  takeover. (issue 27939)
- Do not follow href after sending POST via l:task (issue 28437)

Changes in 1.613 (2015/05/10)

- Update bundled LDAP plugin in order to restore missing help
  files (issue 28233)
- hudson.model.Run.getLog() throws IndexOutOfBoundsException
  when called with maxLines=0 (issue 27441)

Changes in 1.612 (2015/05/03)

- Jenkins now requires Java 7. (announcement, issue 28120)
- Handle AbortException publisher status in the same way as
  deprecated false boolean status (issue 26964)
- Ensures GlobalSettingsProvider does not swallow fatal
  exceptions (issue 26604)
- add datestamp to node-offline message (issue 23917)
- Larger minimum popup menu height. (issue 27067)
- Descriptor.getId fix in 1.610 introduced regressions affecting
  at least the Performance and NodeJS plugins. (issue 28093 and
  issue 28110)
- Under rare conditions Executor.getProgress() can throw a
  Division by zero exception. (issue 28115)
- The Run from the command line option for launching a JNLP
- slave should display the configured JVM options. (issue 28111)

Changes in 1.611 (2015/04/26)

- Descriptor.getId fix in 1.610 introduced a regression
  affecting at least the Copy Artifacts plugin. (issue 28011)
- Search box did not work well inside folders. (issue 24433)
- Revert changes in 1.610 made to resolve issue 10629. (issue
  28012, issue 28013)
- Advertise JNLP slave agents to the correct host name, even in
  the presence of a reverse proxy. (issue 27218)
- Advertised TCP slave agent port number is made tweakable.
- Correctly identify Channel listener onClose propagated
  exceptions (issue 28062)

Changes in 1.610 (2015/04/19)

- Since 1.598 overrides of Descriptor.getId were not correctly
  handled by form binding, breaking at least the CloudBees
  Templates plugin. (issue 26781)
- Reverted in 1.611, reimplemented in 1.627. Archiving of large
  artifacts. Tar implementation cannot handle files having a
  size >8GB. (issue 10629)
- The queue state was not updated between scheduling builds.
  (issue 27708, issue 27871)

Changes in 1.609 (2015/04/12)

- When concurrent builds are enabled, artifact retention policy
  may delete artifact being used by an actually running build.
  (issue 27836)
- Documentation for $BUILD_ID did not reflect current reality
  (issue 26520)

Changes in 1.608 (2015/04/05)

- PeepholePermalink RunListenerImpl oncompleted should be
  triggered before downstream builds are triggered. (issue 20989)
- NPE when /script used on offline slave. (issue 26751)
- Make periodic workspace cleanup configurable through system
  properties. (issue 21322)
- Do not offer to restart on /restart and /safeRestart if the
  configuration does not support it. (issue 27414)
- Polling was skipped while quieting down, resulting in ignored
  commit notifications. This behavior was changed. (issue 26208)
- Starting this version, native packages are produced from the
  new repository. File issues related to installers and packages
  in the packaging component.

Changes in 1.607 (2015/03/30)

- JSONP served with the wrong MIME type and rejected by Chrome.
  (issue 27607)
- Security file pattern whitelist was broken for some plugins
  since 1.597. (issue 27055)
- Lock an Executor without creating a Thread (issue 25938)
- Hide flyweight master executor when ≥1 heavyweight executors
  running as subtasks (issue 26900)
- Way to mark an Executable that should not block
  isReadyToRestart (issue 22941)
- Refactor the Queue and Nodes to use a consistent locking
  strategy (issue 27565) Note that this change involved moving
  slave definitions outside the main config.xml file. If you
  downgrade after this, your slave settings will be lost.
- Makes the Jenkins is loading screen not block on the
  extensions loading lock (issue 27563)
- AdjunctManager: exception upon startup (issue 15355)
- Removes race condition rendering the list of executors (issue 27564)
- Tidy up the locks that were causing deadlocks with the once
  retention strategy in durable tasks (issue 27476)
- Remove any requirement from Jenkins Core to lock on the Queue
  when rendering the Jenkins UI (issue 27566)
- Prevent lazy loading operation when obtaining label
  information. (issue 26391)
- Ensure that the LoadStatistics return a self-consistent
  result. (issue 21618)
- Build reports to be running for 45 yr and counting. (issue 26777)

Changes in 1.606 (2015/03/23)

- Jenkins CLI doesn't handle arguments with equal signs (issue 21160)
- master/slave communication ping reacts badly if a clock jumps.
  (issue 21251)
- JNLP slaves can now connect to master through HTTP proxy.
  (issue 6167)
- Fixes to several security vulnerabilities. (advisory)

Changes in 1.605 (2015/03/16)

- Integrate Stapler fix for queue item API always returning 404
  Not Found since 1.601. (issue 27256)

Changes in 1.604 (2015/03/15)

- Added a switch (-Dhudson.model.User.allowNonExistentUserToLogin=true)
  to let users login even when the record is not found in the
  backend security realm. (issue 22346)
- Avoid deadlock when using build-monitor-plugin. (issue 27183)
- As security hardening, mark "remember me" cookie as HTTP only
  (issue 27277)
- Show displayName in build remote API. (issue 26723)

Changes in 1.602 (2015/03/08)

- Show Check Now button also on Available and Updates tabs of
  plugin manager. (PR 1593)

Changes in 1.601 (2015/03/03)

- Regression with environment variables in 1.600. (issue 27188)
- Errors with concurrent matrix builds since 1.597. (issue 26739)
- Errors in Dashboard View plugin since 1.597. (issue 26690)
- Robustness improvement when setting up Archive Artifacts
  programmatically. (issue 25779)
- Map Queue.Item.id onto Run (issue 27096)

Changes in 1.600 (2015/02/28)

- Fixes to multiple security vulnerabilities.
- JDK auto-installer for Mac OSX
- An error thrown in the wrong place in a publisher could result
  in a failure to release a workspace lock. (issue 26698)
- Cache node environment to prevent unnecessary channel usage
  (issue 26755)
- Build history text field wrap fails when containing markup
  (issue 26406)
- Maven build step fail to launch mvn process when special chars
  are present in build variables. (issue 26684)

Changes in 1.599 (2015/02/16)

- Errors in some Maven builds since 1.598. (issue 26601)
- Build format change migrator in 1.597 did not work on some
  Windows systems. (issue 26519)
- Remote FilePath.chmod fails with ClassNotFoundException:
  javax.servlet.ServletException. (issue 26476)
- Added SimpleBuildWrapper API. (issue 24673)
- Animated ball in job's build history widget won't open Console
  Output. (issue 26365)
- Show job name in Schedule Build column tool tip. (issue 25234)
- Allow OldDataMonitor to discard promoted-build-plugin
  Promotions (issue 26718)

Changes in 1.598 (2015/01/25)

- FutureImpl does not cancel its start future. (issue 25514)
- Flyweight tasks were under some conditions actually being run
  on heavyweight executors. (issue 10944) (issue 24519)
- Folder loading broken when child item loading throws
  exception. (issue 22811)
- Plugin icon images were broken when running Jenkins from a UNC
  path. (issue 26203)
- Allow admin signup from /manage as well. (issue 26382)
- Amend JAVA_HOME check to work with JDK 9. (issue 25601)
- CLI list-jobs command should display raw name, not display
  name, where they differ. (issue 25338)
- Show queue item parameters in tool tip. (issue 22311)
- Better support functional tests from Gradle-based plugins.
  (issue 26331)
- Allow users to delete builds even if they are supposed to be
  kept. (issue 26281)
- Fixed side/main panel scrolling issues. (issue 26312, issue
  26298, issue 26306)
- Improve error reporting when channel closed during build.
  (issue 26411)
- Fixed CodeMirror issue with height and re-enabled syntax
  highlighting in shell build step. (issue 25455, issue 23151)

Changes in 1.597 (2015/01/19)

- JENKINS_HOME layout change: builds are now keyed by build
  numbers and not timestamps. See Wiki for details and
  downgrade. (issue 24380)
- Do not throw exception on /signup when not possible. (issue 11172)
- Tool installer which downloads and unpacks archives should not
  fail the build if the tool already exists and the server returns
  an error code. (issue 26196)
- Fingerprint compaction aggravated lazy-loading performance
  issues. (issue 19392)
- Possible unreleased workspace lock if SCM polling fails during
  setup. (issue 26201)
- Misleading description of the 'workspace' permission. (issue 20148)
- Run parameters should show display name if set, rather than
  build numbers. (issue 25174)
- Add range check for H(X-Y) syntax. (issue 25897)

Changes in 1.596 (2015/01/04)

- Build page was broken in Hungarian localization while
  building. (issue 26155)
- Allow breaking label and node lists. (issue 25989)

Changes in 1.595 (2014/12/21)

- Spurious warnings in the log after deleting builds. (issue 25788)
- Master labels disappear when system configuration is updated.
  (issue 23966)
- Updated icon-set dependency to version 1.0.5. (issue 25499,
  issue 25498)

Changes in 1.594 (2014/12/14)

- After recent Java security updates, Jenkins would not
  gracefully recover from a deleted secrets/master.key.
  (issue 25937)
- Restrict where this project can be run regressed in 1.589 when
  using the ClearCase plugin. (issue 25533)

Changes in 1.593 (2014/12/07)

- Dynamic Single/Multi line Build History layout. (issue 25381,
  issue 25393, issue 24687, issue 24589)

Changes in 1.592 (2014/11/30)

- Performance problems on large workspaces associated with
  validating file include patterns. (issue 25759)

Changes in 1.591 (2014/11/25)

- Always use forward slashes in path separators during in ZIP
  archives generated by Directory Browser (issue 22514)

Changes in 1.590 (2014/11/16)

- Basic Authentication in combination with Session is broken
  (issue 25144)
- Some plugins broken since 1.584 if they expected certain
  events to be fired under a specific user ID. (issue 25400)
- Fixed various real or potential resource leaks discovered by
  Coverity Scan (pull request 1434)
- API changes: Expose
  AbstractProject.AbstractProjectDescriptor#validateLabelExpression
  for plugins. (pull request 1456)
- API method to aggregate multiple FormValidations into one.
  (pull request 1458)
- API method to get non-null Jenkins instance with internal
  validation (issue 23339)

Changes in 1.589 (2014/11/09)

- JNA error in WindowsInstallerLink.doDoInstall. (issue 25358)
- Restore compatibility of label assignment for some plugins.
  (issue 25372)

Changes in 1.588 (2014/11/02)

- Unnecessarily slow startup time with a massive number of jobs.
  (issue 25473)
- Custom workspace option did not work under some conditions.
  (issue 25221)

Changes in 1.587 (2014/10/29)

- Queue didn't always leave a trail for cancelled items properly
  (issue 25314)
- JNA update for deprecated JNA-POSIX library. (issue 24527)
- Introduced slave-to-master security mechanism to defend a
  master from slaves. (SECURITY-144)

Changes in 1.586 (2014/10/26)

- Bumping up JNA to 4.10. This is potentially a breaking change
  for plugins that depend on JNA 3.x (issue 24521)
- Prevent empty file creation if file parameter is left empty.
  (issue 3539)
- Servlet containers may refuse to let us set secure cookie
  flag. Deal with it gracefully. (issue 25019)
- Existing FileParameters should be handled as different values
  to avoid merging of queued builds (issue 19017)

Changes in 1.585 (2014/10/19)

- Build health computed repeatedly for a single Weather column
  cell. (issue 25074)
- Missing workspace page should use 404 status code. (issue 10450)
- Fixed memory leak occurring on pages producing incremental
  output with a progress bar. (issue 25081)
- Updated SSH Slaves plugin to 1.8.
- Due to the reaction, default umask in debian package is set
  back to 022 (issue 25065)
- Greater-than characters are not escaped in HTML outputs like
  e-mails (issue 16184)
- Thread starvation from OldDataMonitor. (issue 24763)
- Integer overflow in quiet-down timeout calculation (issue 24914)
- Don't put session IDs in URLs even when cookies are disabled.
  (issue 22358)
- Show keep build log reason in tool tips (pull request 1422)
- Do not disable projects, which do not support such operation
  (like Matrix configurations) (issue 24340)
- Improved the scalability of SSH slaves plugin caused by global
  lock in SecureRandom (issue 20108)
- Incorporated a fix for "Poodle" (CVE-2014-3566) vulnerability
  in the HTTPS connector of "java -jar jenkins.war" (issue 25169)

Changes in 1.584 (2014/10/12)

- Diagnostic thread names are now available while requests are
  still in filters
- When killing Windows processes, check its critical flag to
  avoid BSoD (issue 24453)
- When a user could not see a view, but could delete/move/rename
  jobs contained in it, the view was not properly updated.
  (issue 22769)
- Use POST for cancel quiet down link. (issue 23020, issue 23942)
- Do not consider port in use error to be a successful start of
  Jenkins on Debian. (issue 24966)

Changes in 1.583 (2014/10/01)

- Fixes to multiple security vulnerabilities:
  SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake)
  SECURITY-110/CVE-2014-3662 (User name discovery)
  SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration permission)
  SECURITY-131/CVE-2014-3664 (directory traversal attack)
  SECURITY-138/CVE-2014-3680 (Password exposure in DOM)
  SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core)
  SECURITY-150/CVE-2014-3666 (remote code execution from CLI)
  SECURITY-155/CVE-2014-3667 (exposure of plugin code)
  SECURITY-159/CVE-2013-2186 (arbitrary file system write)
  SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard)
  SECURITY-113/CVE-2014-3678 (XSS vulnerabilities in monitoring plugin)
  SECURITY-113/CVE-2014-3679 (hole in access control)

Changes in 1.582 (2014/09/28)

- Channel reader thread can end up consuming 100% CPU. (issue 23471)
- CancelledKeyException can cause all JNLP slaves to disconnect
  (and the problem remains until restart). (issue 24050)
- Consider dynamic label assignments for label load statistics.
  (issue 15576)
- Use Windows line endings for batch file build steps. (issue 7478)
- Reduced the logging clutter about the lack of @ExportedBean.
  (issue 24458)
- Character encoding problem in form submission when file
  parameters are present. (issue 11543)
- Improved error handling and "in-progress" UI feedback in JNLP
  slave to service installation.
- Winstone 2.4: reverse proxy support in the logging, request
  header size limit control, and different private key password
  from keystore password. (issue 23665)
- umask setting on Debian did not work. (pull 1397)
- handle job move when buildDir is configured to a custom
  location. (issue 24825)

Changes in 1.581 (2014/09/21)

- Use slightly larger Jenkins head icon. (pull 1360)
- Allow setting a system property to disable X-Frame-Options
  header. (issue 21881)
- Explicitly set background color of various UI elements to
  white. (issue 24625)
- Wrong Hebrew localization resulted in broken console output
  since 1.539. (issue 24614)

Changes in 1.580 (2014/09/14)

- Health reports saved to disk before 1.576 showed no weather
  icon since that version. (issue 24407)
- Renaming jobs fails if parent dir of custom build records
  directory does not exist. (issue 19764)
- Add editable descriptions for label atoms. (issue 6153)

Changes in 1.579 (2014/09/06)

- ConcurrentModificationException in
  RunListProgressiveRendering. (issue 21437)
- StackOverflowError for some old SCMListeners. (issue 23522)
- Job status page shows "Build has been executing for null on
  master" for flyweight tasks. (issue 20307)
- File locking issue when running functional tests on Windows.
  (issue 21977)
- Tolerate ?auto_refresh in reverse proxy check on /manage page.
  (issue 24014)
- Debian package now sets umask to 027 by default for better
  default privacy. See /etc/default/jenkins to change this.
  (issue 24514)

Changes in 1.578 (2014/08/31)

- Added 'no-store' to the 'Cache-Control' header to avoid
  accidental information leak through local cache backup
  (issue 24337)
- Deadlock in OldDataMonitor. (issue 24358)
- Use absolute links for computer sidepanel items so they don't
  break as easily. (issue 23963)

Changes in 1.577 (2014/08/24)

- Failure to migrate legacy user records in 1.576 properly broke
  Jenkins, resulted in NullPointerExceptions. (issue 24317)
- Jenkins did not correctly display icons contributed by plugins
  in 1.576. (issue 24316)
- Moved JUnit reporting functionality to a plugin. (issue 23263)
- Fixed ClassCastException on org.dom4j.DocumentFactory (issue 13709)
- Jenkins now logs warnings when it fails to export objects to
  XML/JSON. This can result in a lot of log output in case of
  heavy API use. We recommend that API users use the ?tree
  parameter instead of ?depth.
- Allow BuildStep to work with non-AbstractProject (issue 23713)
- Improved class loading performance when using Groovy. (issue 24309)
- Prevent NullPointerException from Executor.run. (issue 24110)
- Make the lifetime of queue items cache configurable. (issue 19691)
- Support --username/--password authentication for CLIMethod
  based CLI commands. (issue 23988)
- Don't link to /safeRestart after update if Jenkins cannot
  restart itself. (issue 24032)
- Properly consider busy executors when reducing a node's
  executor count. (issue 24095)

Changes in 1.576 (2014/08/18)

- Worked around "incompatible InnerClasses attribute" bug in IBM
  J9 VM (issue 22525)
- Fixed a file descriptor leak with CLI connections. (issue 23248)
- Fixed a regression that removed all users with uppercase
  letters in the user name since 1.566. (issue 23872)
- Improving security of set-build-parameter and set-build-result
  CLI commands. (issue 24080)
- Startup can be broken by deeply recursive causes in build
  records. (issue 24161)
- Displaying unabridged test result trend on project index page
  defeated lazy loading. (issue 23945)
- Added support for host:port format in X-Forwarded-Host header.
  (commit 19d8b80)
- API to launch processes without printing the command line.
  (issue 23027)
- Added option to increase impact of test failures on the
  weather report. (issue 24006)
- Modernized sidebar <l:pane>s and making them work better with
  new layout. (issue 23810, issue 23829)
- Add option to CLI to skip key authentication (e.g. when
  there's a password on the default key). (issue 23970)
- Modernize tabBar and bigtable. Makes the project view look
  better. Same for Plugin Manager. (issue 24030)

Changes in 1.575 (2014/08/10)

- Move option to fingerprint artifacts to Archive the Artifacts,
  Advanced options. (commit f43a450)
- Move option to keep dependencies (builds) from Fingerprint to
  Advanced Project Options. (commit a8756c6)
- Improved validation of Build Record Root Directory setting.
  (issue 14538)
- Indicate which node the workspace being viewed is on.
  (issue 23636)
- Show full project name for projects in folders. (issue 22971)
- UI redesign: Shrink the top bar, change logo, changed links in
  top bar.
- Killing processes started by builds on Unix was broken as of
  1.553. (issue 22641)
- Should not stop a build from finishing just to compute JUnit
  result difference to a prior build which is still running.
  (issue 10234)
- Do not show link to System Information page for offline
  slaves, make page more robust when offline. (issue 23041)
- Fix link to SCM polling log from downstream job cause.
  (issue 18048)
- Autocomplete logger names. (issue 23994)
- UI redesign: Fix links in header bar when logged in.
- Do not show changes for the build at the lower bound of the
  changes list. (issue 18902)
- Restrict access to SCM trigger status page to administrators.
  (pull 1282)

Changes in 1.574 (2014/07/27)

- UI redesign: Use Helvetica as default font (issue 23840)
- Synchronization issue during tool installation (issue 17667)
- Use native encoding for filenames in downloaded ZIPs. (issue 20663)

Changes in 1.573 (2014/07/20)

- UI redesign: Changed element alignment, removed sidebar link
  underlines (pull 1314, pull 1316)
- Word-break links in build logs to preserve page width (pull 1308)
- Log rotation fails with "...looks to have already been
  deleted" (issue 22395)
- Fixed unnecessary eager loading of build records in certain
  code path. (issue 18065)

Changes in 1.572 (2014/07/13)

- UI redesign: Changed header, made layout <div>-based and
  responsive (pull 1310)
- Improved handling of X-Forwarded-* headers (issue 23294)
- Do not offer automatic upgrade if war parent directory is not
  writable (issue 23683)

Changes in 1.571 (2014/07/07)

- IllegalArgumentException from AbstractProject.getEnvironment
  when trying to get environment variables from an offline
  slave. (issue 23517)
- Overall.READ is sufficient to access
  /administrativeMonitor/hudsonHomeIsFull/ (SECURITY-134)
- Master computer is not notified using ComputerListener (issue 23481)

Changes in 1.570 (2014/06/29)

- Add CLI commands to add jobs to and remove jobs from views
  (add-job-to-view, remove-job-from-view). (issue 23361)
- UI improvements / refreshing. (issue 23492)
- Failed to correctly resave a project configuration containing
  both a forward and a reverse build trigger. (issue 23191)
- Long log output resulted in missing Console link in popup.
  (issue 14264)
- HTTP error 405 when trying to restart ssh host. (issue 23094)
- Move 'None' Source Code Management option to top position.
  (issue 23434)
- Fixed NullPointerException when ArctifactArchiver is called
  for a build with the undefined status. (issue 23526)
- Allow disabling use of default exclude patterns in
  ArctifactArchiver (.git, .svn, etc.). (issue 20086)
- Fixed NullPointerException when "properties" element is
  missing in a job's configuration submission by JSON (issue 23437)

Changes in 1.569 (2014/06/23)

- Jenkins can now kill Win32 processes from Win64 JVMs. (issue 23410)
- Allow custom security realm plugins to fire events to
  SecurityListeners. (issue 23417)
- Recover gracefully if a build permalink has a non-numeric
  value. (issue 21631)
- Fix form submission via the Enter key for Internet Explorer
  version 9. (issue 22373)
- When Jenkins had a lot of jobs, submitting a view
  configuration change could overload the web server, even if
  few of the jobs were selected. (issue 20327)

Changes in 1.568 (2014/06/15)

- Fixed JNLP connection handling problem (issue 22932)
- Fixed NullPointerException caused by the uninitialized
  ProcessStarter environment in build wrappers (issue 20559)
- Support the range notation for pagination in API (issue 23228)
- Incorrect redirect after deleting a folder. (issue 23375)
- Incorrect links from Build History page inside a folder.
  (issue 19310)
- API changes allowing new job types to use SCM plugins. (issue 23365)
- API changes allowing to create nested launchers (DecoratedLauncher)
  (issue 19454)

Changes in 1.567 (2014/06/09)

- Fixed a reference counting bug in the remoting layer.
- Avoid repeatedly reading symlinks from disk to resolve build
  permalinks. (issue 22822)
- Show custom build display name in executors widget. (issue 10477)
- CodeMirror support for shell steps broke initial configuration.
  (issue 23151)
- Jenkins on Linux can not restart after plugin update when
  started without full path to java executable (issue 22818)
- Fixed NullPointerException when a build triggering returns
  null cause (issue 20499)
- Fixed NullPointerException on plugin installations when
  invalid update center is set (issue 20031)
- Use DISABLED_ANIME icon while building a disabled project
  (issue 8358)
- Process the items hierarchy when displaying the Show Poll
  Thread Count option (issue 22934)
- Compressed output was turned on even before Access Denied
  errors were shown for disallowed Remote API requests, yielding
  a confusing error. (issue 17374) (issue 18116)
- Properly close input streams in FileParameterValue (issue 22693)
- Incorrect failure age in the JUnit test results (issue 18626)
- Fixed deletion links for JVM Crash error logs (issue 22617)
- Distinguish "nodes for label offline" from "no nodes for label"
  (issue 17114)
- Add causes to queue item tool tip (issue 19250)
- RPM: added JENKINS_HTTPS_KEYSTORE and
  JENKINS_HTTPS_KEYSTORE_PASSWORD options to Jenkins sysconfig
  file (issue 11673)
- RPM: Do not install jenkins.repo file (issue 22690)
- Don't advertise POSTing config.xml on master (issue 16264)
- Handle null parameter values to avoid massive executor deaths
  (issue 15094)
- Added an option to archive artifacts only when the build is
  successful (issue 22699)

Changes in 1.566 (2014/06/01)

- Configurable case sensitivity mode for user IDs. (issue 22247)
- Extension point for project naming strategies did not work
  from actual plugins. (issue 23127)
- Introduce directly modifiable views (issue 22967)
- Jenkins cannot restart Windows service (issue 22685)

(asau)