---
- branch: MAIN
  date: Sun May  1 00:41:29 UTC 2016
  files:
  - new: '1.28'
    old: '1.27'
    path: pkgsrc/www/apache-tomcat7/Makefile
    pathrev: pkgsrc/www/apache-tomcat7/Makefile@1.28
    type: modified
  - new: '1.16'
    old: '1.15'
    path: pkgsrc/www/apache-tomcat7/PLIST
    pathrev: pkgsrc/www/apache-tomcat7/PLIST@1.16
    type: modified
  - new: '1.23'
    old: '1.22'
    path: pkgsrc/www/apache-tomcat7/distinfo
    pathrev: pkgsrc/www/apache-tomcat7/distinfo@1.23
    type: modified
  id: 20160501T004129Z.792f44e4f1433e38a76cd408593636fdc5060258
  log: "Update to 7.0.69\n\nChangelog:\nTomcat 7.0.69 (violetagg)\n\n    Catalina\n\n
    \       fix\tFix the type of InstanceManager attribute of mbean definition of
    StandardContext. (kfujino)\n        add\t58351: Make the server build date and
    server version number accessible via JMX. Patch provided by Huxing Zhang. (markt)\n
    \       fix\t59001: Correctly handle the case when Tomcat is installed on a path
    where one of the segments ends in an exclamation mark. (markt)\n        fix\tExpand
    the fix for 59001 to cover the special sequences used in Tomcat's custom jar:war:
    URLs. (markt)\n        fix\t59043: Avoid warning while expiring sessions associated
    with a single sign on if HttpServletRequest.logout() is used. (markt)\n        fix\t59054:
    Ensure that using the CrawlerSessionManagerValve in a distributed environment
    does not trigger an error when the Valve registers itself in the session. (markt)\n
    \       add\tLog a warning message if a user tries to configure the default session
    timeout via the deprecated (and ignored) Manager.setMaxInactiveInterval() method.
    (markt)\n        fix\tCorrect a regression introduced in 7.0.68 where the deprecated
    Manager.getMaxInactiveInterval() method returned the current default session timeout
    in minutes rather than seconds. (markt)\n        fix\tWhen a Host is configured
    with an appBase that does not exist, create the appBase before trying to expand
    an external WAR file into it. (markt)\n        fix\t59115: When using the Servlet
    3.0 file upload, the submitted file name may be provided as a token or a quoted-string.
    If a quoted-string, unquote the string before returning it to the user. (markt)\n
    \       fix\t59123: Close NamingEnumeration objects used by the JNDIRealm once
    they are no longer required. (fschumacher/markt)\n        fix\t59138: Correct
    a false positive warning for ThreadLocal related memory leaks when the key class
    but not the value class has been loaded by the web application class loader. (markt)\n
    \       fix\t59145: Don't log an invalid warning when a user logs out of a session
    associated with SSO. (markt)\n        fix\t59151: Fix a regression in the fix
    for 56917 that added additional (and arguably unnecessary) validation to the provided
    redirect location. (markt)\n        fix\t59206: Ensure NPE will not be thrown
    by o.a.tomcat.util.file.ConfigFileLoader when catalina.base is not specified.
    (violetagg)\n        fix\t59213: Async dispatches should be based off a wrapped
    request. (remm)\n        fix\t59217: Remove duplication in the recycling of the
    path in o.a.tomcat.util.http.ServerCookie. Patch is provided by Kyohei Nakamura.
    (violetagg)\n        fix\tEnsure that javax.servlet.ServletRequest and javax.servlet.ServletResponse
    provided during javax.servlet.AsyncListener registration are made available via
    javax.servlet.AsyncEvent.getSuppliedRequest and javax.servlet.AsyncEvent.getSuppliedResponse
    (violetagg)\n        fix\tClarify the log message that specifying both urlPatterns
    and value attributes in WebServlet and WebFilter annotations is not allowed. (violetagg)\n
    \       fix\tEnsure the exceptions caused by Valves will be available in the log
    files so that they can be evaluated when o.a.catalina.valves.ErrorReportValve.showReport
    is disabled. Patch is provided by Svetlin Zarev. (violetagg)\n        fix\t59247:
    Preload ResourceEntry as a workaround for security manager issues on some JVMs.
    (kkolinko/remm)\n        fix\t59269: Correct the implementation of PersistentManagerBase
    so that minIdleSwap functions as designed and sessions are swapped out to keep
    the active session count below maxActiveSessions. (markt)\n\nCoyote\n\n    fix\t58646:
    Correct a problem with sendfile that resulted in a Processor being added to the
    cache twice leading to broken responses. (markt)\n    fix\t59015: Fix potential
    cause of endless APR Poller loop during shutdown if the Poller experiences an
    error during the shutdown process. (markt)\n    fix\tLimit the default TLS ciphers
    for JSSE (BIO, NIO) and OpenSSL (APR) to those currently considered secure. (markt)\n
    \   add\tAdd a new environment variable JSSE_OPTS that is intended to be used
    to pass JVM wide configuration to the JSSE implementation. The default value is
    -Djdk.tls.ephemeralDHKeySize=2048 which protects against weak Diffie-Hellman keys.
    (markt)\n\nWebSocket\n\n    fix\t59014: Ensure that a WebSocket close message
    can be sent after a close message has been received. (markt)\n    fix\tCorrectly
    handle compression of partial messages when the final message fragment has a zero
    length payload. (markt)\n    add\tExtend the WebSocket programmatic echo endpoint
    provided in the examples to handle binary messages and also partial messages.
    This aligns the code with Tomcat 8 and makes it easier to run the Autobahn testsuite
    against the WebSocket implementation. (markt)\n    fix\t59119: Correct read logic
    for WebSocket client when using secure connections. (markt)\n    fix\t59134: Correct
    client connect logic for secure connections made through a proxy. (markt)\n    fix\t59189:
    Explicitly release the native memory held by the Inflater and Deflater when using
    PerMessageDeflate and the WebSocket session ends. Based on a patch by Henrik Olsson.
    (markt)\n\nWeb Applications\n\n    fix\tCorrect the description of the ServletRequest.getServerPort()
    in Proxy How-To. Issue reported via comments.apache.org. (violetagg)\n    fix\tFix
    a potential indefinite wait in the Comet Chat servlet in the examples web application.
    (markt)\n    fix\t59229: Fix error in HTTP docs and make clear the the HTTP NIO
    connector uses non-blocking I/O to read the HTTP request headers. (markt)\n    fix\tUpdate
    in the documentation the link to the maven repository where Tomcat snapshot artifacts
    are deployed. (markt/violetagg)\n    fix\tClarify in the documentation that calls
    to ServletContext.log(String, Throwable) or GenericServlet.log(String, Throwable)
    are logged at the SEVERE level. (violetagg)\n\nTribes\n\n    fix\tIf promoting
    a proxy node to a primary node when getting a session, notify the change of the
    new primary node to the original backup node. (kfujino)\n    fix\tAvoid NPE when
    a proxy node failed to retrieve a backup entry. (kfujino)\n    add\tAdd log of
    when received an unexpected messages. (kfujino)\n    add\tAdd the flag indicating
    that member is a localMember. (kfujino)\n\nOther\n\n    fix\t58283: Change the
    default download location for libraries during the build process from /usr/share/java
    to ${user.home}/tomcat-build-libs. Patch provided by Ahmed Hosni. (markt)\n    fix\t59031:
    When using the Windows uninstaller, do not remove the contents of any directories
    that have been symlinked into the Tomcat directory structure. (markt)\n    update\tModify
    the default tomcat-users.xml file to make it harder for users to configure the
    entries intended for use with the examples web application for the Manager application.
    (markt)\n    fix\t59211: Add hamcrest to Eclipse classpath. Patch is provided
    by Huxing Zhang. (violetagg)\n    update\t59280: Update the NSIS Installer used
    to build the Windows Installers to version 2.51. (kkolinko)\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/apache-tomcat7'
  unixtime: '1462063289'
  user: ryoon