Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 14095A5802 for ; Wed, 9 Apr 2014 14:12:14 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 7CAEA14A28D; Wed, 9 Apr 2014 14:12:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D94C614A27B for ; Wed, 9 Apr 2014 14:11:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id qsX3lLq4xqJM for ; Wed, 9 Apr 2014 14:11:00 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id EC78014A25A for ; Wed, 9 Apr 2014 14:10:59 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id E708096; Wed, 9 Apr 2014 14:10:59 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Wed, 9 Apr 2014 14:10:59 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/www/apache-tomcat7 To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20140409141059.E708096@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Wed Apr 9 14:10:59 UTC 2014 Modified Files: pkgsrc/www/apache-tomcat7 [pkgsrc-2014Q1]: Makefile PLIST distinfo Log Message: Pullup ticket #4361 - requested by ryoon www/apache-tomcat7: security update Revisions pulled up: - www/apache-tomcat7/Makefile 1.18 - www/apache-tomcat7/PLIST 1.10 - www/apache-tomcat7/distinfo 1.12 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Apr 8 20:14:55 UTC 2014 Modified Files: pkgsrc/www/apache-tomcat7: Makefile PLIST distinfo Log Message: Update to 7.0.53 * Fix CVE-2014-0050 and CVE-2013-4590, Changelog: Tomcat 7.0.53 (violetagg) Catalina add Make it easier for applications embedding and/or extending = Tomcat to modify the javaseClassLoader attribute of the WebappClassLoad= er. (markt) fix Improve the robustness of web application undeployment base= d on some code analysis triggered by the report for 54315. (markt) fix 56219: Improve merging process for web.xml files to take ac= count of the elements and attributes supported by the Servlet version o= f the merged file. (markt) fix 56190: The response should be closed (i.e. no further outpu= t is permitted) when a call to AsyncContext.complete() takes effect. (m= arkt) fix 56236: Enable Tomcat to work with alternative Servlet and J= SP API JARs that package the XML schemas in such as way as to require a= dependency on the JSP API before enabling validation for web.xml. Tomc= at has no such dependency. (markt) fix 56246: Fix NullPointerException in MemoryRealm when authent= icating an unknown user. (markt) fix 56248: Allow the deployer to update an existing WAR file wi= thout undeploying the existing application if the update flag is set. T= his allows any existing custom context.xml for the application to be re= tained. To update an application and remove any existing context.xml si= mply undeploy the old version of the application before deploying the n= ew version. (markt) fix Redefine the globalXsltFile initialisation parameter of the= DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf= . Prevent user supplied XSLTs used by the DefaultServlet from defining = external entities. (markt) add Add a work around for validating XML documents (often TLDs)= that use just the file name to refer to refer to the JavaEE schema on = which they are based. (markt) fix 56293: Cache resources loaded by the class loader from /MET= A-INF/services/ for better performance for repeated look ups. (markt) Coyote fix 53119: Make sure the NIO AJP output buffer is cleared on an= y error to prevent any possible overflow if it is written to again befo= re the connection is closed. This extends the original fix for the APR/= native output buffer to the NIO connector. (kkolinko) fix 56172: Avoid possible request corruption when using the AJP= NIO connector and a request is sent using more than one AJP message. P= atch provided by Amund Elstad. (markt) fix 56213: Reduce garbage collection when the NIO connector is = under heavy load. (markt) fix Improve processing of chuck size from chunked headers. Avoi= d overflow and use a bit shift instead of a multiplication as it is mar= ginally faster. (markt/kkolinko) fix Fix possible overflow when parsing long values from a byte = array. (markt) Jasper fix 54475: Add Java 8 support to SMAP generation for JSPs. Patc= h by Robbie Gibson. (markt) fix 55483: Improve handing of overloaded methods and constructo= rs in expression language implementation. (markt) fix 56208: Restore the validateXml option to Jasper that was pr= eviously renamed validateTld. Both options are now supported. validateX= ml controls the validation of web.xml files when Jasper parses them and= validateTld controls the validation of *.tld files when Jasper parses = them. (markt) fix 56223: Throw an IllegalStateException if a call is made to = ServletContext.setInitParameter() after the ServletContext has been ini= tialized. (markt) fix 56265: Do not escape values of dynamic tag attributes conta= ining EL expressions. (kkolinko) fix Make the default compiler source and target versions for JS= Ps Java 6 since Tomcat 7 requires Java 6 as a minimum. (markt) update 56283: Update to the Eclipse JDT Compiler P20140317-1600= which adds support for Java 8 syntax to JSPs. Add support for value "1= .8" for the compilerSourceVM and compilerTargetVM options. (markt) WebSocket fix Avoid a possible deadlock when one thread is shutting down = a connection while another thread is trying to write to it. (markt) fix Call onError if an exception is thrown calling onClose when= closing a session. (remm) Web applications code In the documentation: add support for several documentatio= n tags from Tomcat 8. Such as . (kkolinko) add 56093: Add the SSL Valve to the documentation web applicati= on. (markt) fix 56217: Improve readability by using left alignment for the = table cell containing the request information on the Manager applicatio= n status page. (markt) fix Fixed java.lang.NegativeArraySizeException when using "Expi= re sessions" command in the manager web application on a context where = the session timeout is disabled. (kfujino) fix Add support for LAST_ACCESS_AT_START system property to Man= ager web application. (kfujino) fix Add definition of org.apache.catalina.ant.FindLeaksTask. (k= fujino) fix 56273: If the Manager web application does not perform an o= peration because the web application is already being serviced, report = an error rather than reporting success. (markt) fix 56304: Add a note to the documentation about not using WebS= ocket with BIO HTTP in production. (markt) Other fix 56143: Improve service.bat so that it can be launched from = a non-UAC console. This includes using a single call to tomcat7.exe to = install the Windows service rather than three calls, and using command = line arguments instead of environment variables to pass the settings. (= markt/kkolinko) fix Fix regression in 7.0.52: when using service.bat install to= install the service the values for --StdOutput, --StdError options wer= e passed as blank instead of "auto". (kkolinko) fix Align options between service.bat and exe Windows installer= . For service.bat the changes are in --Classpath, --DisplayName, --Star= tPath, --StopPath. For exe installer the changes are in --JvmMs, --JvmM= x options, which are now 128 Mb and 256 Mb respectively instead of bein= g empty. Explicitly specify --LogPath path when uninstalling Windows se= rvice, avoiding default value for that option. (kkolinko) code Simplify Windows *.bat files: remove %OS% checks, as java = 6 does not run on ancient non-NT operating systems. (kkolinko) fix 56137: Explicitly use the BIO connector in the SSL example = in server.xml so it doesn't break if APR is enabled. (markt) fix 56139: Avoid a web application class loader leak in some un= it tests when running on Windows. (markt) fix Correct build script to avoid building JARs with empty pack= ages. (markt) add Allow to limit JUnit test run to a number of selected test = case methods. (kkolinko) fix 56189: Remove used file cpappend.bat from the distribution.= (markt) Tomcat 7.0.52 (violetagg) released 2014-02-17 Catalina fix Generate a valid root element for the effective web.xml for= a web application for all supported versions of web.xml. (markt) Coyote code Pull up SocketWrapper to AbstractProcessor. (markt) fix In some circumstances asynchronous requests could time out = too soon. (markt) Tomcat 7.0.51 (violetagg) not released Catalina fix 55287: ServletContainerInitializer defined in the container= may not be found. (markt/jboynes) fix 55855: Provide a per Context option (containerSciFilter) to= exclude container SCIs. (markt) fix 55937: When deploying applications, treat a context path of= /ROOT as equivalent to /. (markt) fix 55943: Improve the implementation of the class loader check= that prevents web applications from trying to override J2SE implementa= tion classes. As part of this fix, refactor the way a null parent class= loader is handled which enables a number of null checks and object cre= ation calls to be removed. (markt) fix 55958: Differentiate between foo.war the WAR file and foo.w= ar the directory. (markt) fix 55960: Improve the single sign on (SSO) unit tests. Patch p= rovided by Brian Burch. (markt) fix 55974: Retain order when reporting errors and warnings whil= e parsing XML configuration files. (markt) fix 56013: Fix issue with SPNEGO authentication when using IBM = JREs. IBM JREs only understand the option of infinite lifetime for Kerb= eros credentials. Based on a patch provided by Arunav Sanyal. (markt) fix 56016: When loading resources for XML schema validation, ta= ke account of the possibility that servlet-api.jar and jsp-api.jar may = not be loaded by the same class loader. Patch by Juan Carlos Estibariz.= (markt) fix 56025: When creating a WebSocket connection, always call Se= rverEndpointConfig.Configurator.getNegotiatedSubprotocol() and always c= reate the EndPoint instance after calling ServerEndpointConfig.Configur= ator.modifyHandshake(). (markt) fix 56032: Ensure that the WebSocket connection is closed after= an IO error or an interrupt while sending a WebSocket message. (markt)= fix 56042: If a request in async mode has an error but has alre= ady been dispatched don't generate an error page in the ErrorReportValv= e so the dispatch target can handle it. (markt) fix Add missing javax.annotation.sql.* classes to annotations-a= pi.jar. (markt) fix The type of logger attribute of Context MBean should be not= org.apache.commons.logging.Log but org.apache.juli.logging.Log. (kfuji= no) fix 56082: Fix a concurrency bug in JULI's LogManager implement= ation. (markt) fix 56096: When the attribute rmiBindAddress of the JMX Remote = Lifecycle Listener is specified it's value will be used when constructi= ng the address of a JMX API connector server. Patch is provided by Jim = Talbut. (violetagg) fix When environment entry with one and the same name is define= d in the web deployment descriptor and with annotation then the one spe= cified in the web deployment descriptor is with priority. (violetagg) fix Change default value of xmlBlockExternal attribute of Conte= xt. It is true now. (kkolinko) Coyote fix Avoid possible NPE if a content type is specified without a= character set. (markt) fix 55956: Make the forwarded remote IP address available to th= e Connectors via a request attribute. (markt) fix 55976: Fix sendfile support for the HTTP NIO connector. (ma= rkt) fix 55996: Ensure Async requests timeout correctly when using t= he NIO HTTP connector. (markt) add 56021: Make it possible to use the Windows-MY key store wit= h the BIO and NIO connectors for SSL configuration. It requires a keyst= oreFile=3D"" keystoreType=3D"Windows-My" to be set on the connector. Ba= sed on a patch provided by Asanka. (markt) Jasper fix Correct a regression in the XML refactoring that meant that= errors in TLD files were swallowed. (markt) fix 55671: Correct typo in the log message for a wrong value of= genStringAsCharArray init-param of JspServlet. This parameter had a di= fferent name in Tomcat 6. (kkolinko) fix 55973: Fix processing of XML schemas when validation is ena= bled in Jasper. (kkolinko) fix 56010: Don't throw an IllegalArgumentException when JspFact= ory.getPageContext is used with JspWriter.DEFAULT_BUFFER. Based on a pa= tch by Eugene Chung. (markt) fix 56012: When using the extends attribute of the page directi= ve do not import the super class if it is in an unnamed package as impo= rts from unnamed packages are now explicitly illegal. (markt) fix 56029: A regression in the fix for 55198 meant that when EL= containing a ternary expression was used in an attribute a compilation= error would occur for some expressions. (markt) fix Correct several errors in jspxml Schema and DTD. (kkolinko)= fix Change default value of the blockExternal attribute of JspC= task. The default value is true. Add support for -no-blockExternal swi= tch when JspC is run as a standalone application. (kkolinko) Cluster code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster.createM= anager(String). Remove unnecessary class cast. (kfujino) WebSocket fix Do not return an empty string for the Sec-WebSocket-Protoco= l HTTP header when no sub-protocol has been requested or no sub-protoco= l could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol he= ader is returned in this case. (markt) Web applications fix Add index.xhtml to the welcome files list for the examples = web application. (kkolinko) fix Clarify that the connectionTimeout may also be used as the = read timeout when reading a request body (if any) in the documentation = web application. (markt) fix Clarify the behaviour of the maxConnections attribute for a= connector in the documentation web application. (markt) fix 55888: Update the documentation web application to make it = clearer that a Container may define no more than one Realm. (markt) fix 55956: Where available, displayed the forwarded remote IP a= ddress available on the status page of the Manager web application. (ma= rkt) fix Correct links to the Tomcat mailing lists in the ROOT web a= pplication. (kkolinko) fix In Manager web application improve handling of file upload = errors. Display a message instead of error 500 page. Simplify parts han= dling code, as it is known that Tomcat takes care of them when recyclin= g a request. (kkolinko) Extras fix 55166, 56045: Copy the XML schemas used for validation that= are packaged in jsp-api.jar to servlet-api.jar so that an embedded Tom= cat instance can start without Jasper being available. This also enable= s validation to work without Jasper being available. (markt/kkolinko) fix 56039: Enable the JmxRemoteLifecycleListener to work over S= SL. Patch by esengstrom. (markt) Other fix 55743: Enable the stop script to work when the shutdown por= t is disabled and a PID file is defined. This is only available on plat= forms that use catalina.sh. (markt) fix 55986: When forcing Tomcat to stop via kill -9 $CATALINA_PI= D, the catalina.sh script could incorrectly report that Tomcat had not = yet completely stopped when it had. Based on a patch by jess. (markt) fix Package correct license and notice files with embedded JARs= . (markt) code Remove svn keywords (such as $Id) from source files and do= cumentation. (kkolinko) fix Fix CVE-2014-0050, a denial of service with a malicious, ma= lformed Content-Type header and multipart request processing. Fixed by = merging latest code (r1565163) from Commons FileUpload. (markt) fix 56115: Expose the httpusecaches property of Ant's get task = as some users may need to change the default. Based on a suggestion by = Anthony. (markt) Tomcat 7.0.50 (violetagg) released 2014-01-08 Catalina fix Handle the case where a context.xml file is added to a web = application deployed from a directory. Previously the file was ignored = until Tomcat was restarted. Now (assuming automatic deployment is enabl= ed) it will trigger a redeploy of the web application. (markt) fix Fix string comparison in HostConfig.setContextClass(). (kko= linko) code Streamline handling of WebSocket messages when no handler = is configured for the message currently being received. (markt) fix Handle the case where a WebSocket annotation configures a m= essage size limit larger than the default permitted by Tomcat. (markt) fix 55855: This is a partial fix that bypasses the relatively e= xpensive check for a WebSocket upgrade request if no WebSocket endpoint= s have been registered. (markt) fix 55905: Prevent a NPE when web.xml references a taglib file = that does not exist. Provide better error message. (violetagg) Coyote fix When using the BIO connector with an internal executor, do = not display a warning that the executor has not shutdown as the default= configuration for BIO connectors is not to wait. This is because threa= ds in keep-alive connections cannot be interrupted and therefore the wa= rning was nearly always displayed. (markt) Jasper fix JspC uses servlet context initialization parameters to pass= configuration so ensure that the servlet context used supports initial= ization parameters. (markt) Cluster fix In AbstractReplicatedMap#finalize, remove rpcChannel from c= hannel Listener of group channel before sending MapMessage.MSG_STOP mes= sage. This prevents that the node that sent the MapMessage.MSG_STOP by = normal shutdown is added to member map again by ping at heartbeat threa= d in the node that received the MapMessage.MSG_STOP. (kfujino) fix Add time stamp to GET_ALL_SESSIONS message. (kfujino) Web applications fix Fix the sample configuration of StaticMembershipInterceptor= in order to prevent warning log. uniqueId must be 16 bytes. (kfujino) Extras update Update dependencies that are used to build tomcat-juli e= xtras component. Apache Avalon Framework is updated to version 4.1.5, A= pache Log4J to version 1.2.17. (rjung) Tomcat 7.0.49 (violetagg) not released Catalina fix Correct a regression in the new XML local resolver that tri= ggered false failures when XML validation was configured. (markt) fix Prevent a NPE when destroying HTTP upgrade handler for WebS= ocket connections. (violetagg) Tomcat 7.0.48 (violetagg) not released Catalina add 51294: Add support for unpacking WARs located outside of th= e Host's appBase in to the appBase. (markt) fix 55656: Configure the Digester to use the server class loade= r when parsing server.xml rather than the class loader that loaded Stan= dardServer. Patch provided by Roberto Benedetti. (markt) fix 55664: Correctly handle JSR 356 WebSocket Encoder, Decoder = and MessageHandler implementations that use a generic type such as Enco= der.Text>. Includes a test case by Niki Dokovski. (markt) fix Correctly handle WebSocket Encoders, Decoders and MessageHa= ndlers that use arrays of generic types. (markt) fix 55681: Ensure that the WebSocket session is made available = to MessageHandler method calls. (markt) fix Updated servlet spec version and documentation section-numb= er reported when JAR files are rejected for containing a trigger class = (e.g. javax.servlet.Servlet). (schultz) add Modify the WebSocket handshake process so that the user pro= perties Map exposed by the ServerEndpointConfig during the call to Conf= igurator.modifyHandshake() is unique to the connection rather than shar= ed by all connections associated with the Endpoint. This allows for eas= ier configuration of per connection properties from within modifyHandsh= ake(). (markt) fix 55684: Log a warning but continue if the memory leak detect= ion code is unable to access all threads to check for possible memory l= eaks when a web application is stopped. (markt) fix Define the web-fragment.xml in tomcat7-websocket.jar as a S= ervlet 3.0 web fragment rather than as a Servlet 3.1 web fragment. (mar= kt) fix 55715: Add a per web application executor to the WebSocket = implementation and use it for calling SendHandler.onResult() when there= is a chance that the current thread also initiated the write. (markt) fix Prevent file descriptors leak and ensure that files are clo= sed when configuring the web application. (violetagg) fix Fixed the name of the provider-configuration file located i= n tomcat7-websocket.jar!/META-INF/services that exposes information for= javax.websocket.server.ServerEndpointConfig$Configurator implementatio= n. (violetagg) fix 55760: Remove the unnecessary setting of the javax.security= .auth.useSubjectCredsOnly system property in the SpnegoAuthenticator as= in addition to it being unnecessary, it causes problems with using SPN= EGO with IBM JDKs. Patch provided by Arunav Sanyal. (markt) fix 55772: Ensure that the request and response are recycled af= ter an error during asynchronous processing. Includes a test case based= on code contributed by Todd West. (markt) fix 55778: Add an option to the JNDI Realm to control the QOP u= sed for the connection to the LDAP server after authentication when usi= ng SPNEGO with delegated credentials. This value is used to set the jav= ax.security.sasl.qop environment property for the LDAP connection. (mar= kt) fix 55798: Log an error if the MemoryUserDatabase is unable to = find the specified user database file. (markt) fix 55799: Correctly enforce the restriction in JSR356 that no = more than one data message may be sent to a remote WebSocket endpoint a= t a time. (markt) fix When Catalina parses TLD files, always use a namespace awar= e parser to be consistent with how Jasper parses TLD files. The tldName= spaceAware attribute of the Context is now ignored. (markt) fix Deprecate the tldNamespaceAware Context attribute as TLDs a= re always parsed with a namespace aware parser. (markt) fix Correct a logic error that meant that unpackWARs was ignore= d and the WAR was always expanded if a WAR failed to deploy. (markt) add Add support for defining copyXML on a per Context basis. (m= arkt) fix Define the expected behaviour of the automatic deployment a= nd align the implementation to that definition. (markt) add When running under a security manager, change the default v= alue of the Host's deployXML attribute to false. (markt) add If a Host is configured with a value of false for deployXML= , a web application has an embedded descriptor at META-INF/context.xml = and no explicit descriptor has been defined for this application, do no= t allow the application to start. The reason for this is that the embed= ded descriptor may contain configuration necessary for secure operation= such as a RemoteAddrValve. (markt) fix Prevent an NPE in the WebSocket ServerContainer when proces= sing an HTTP session end event. (markt) add 55801: Add the ability to set a custom SSLContext to use fo= r client wss connections. Patch provided by Maciej Lypik. (markt) fix 55804: If the GSSCredential for the cached Principal expire= s when using SPNEGO authentication, force a re-authentication. (markt) add 55811: If the main web.xml contains an empty absolute-order= ing element and validation of web.xml is not enabled, skip parsing any = web-fragment.xml files as the result is never used. (markt) fix 55839: Extend support for digest prefixes {MD5}, {SHA} and = {SSHA} to all Realms rather than just the JNDIRealm. (markt) fix 55842: Ensure that if a larger than default response buffer= is configured that the full buffer is used when a Servlet outputs via = a Writer. (markt) fix 55851: Further fixes to enable SPNEGO authentication to wor= k with IBM JDKs. Based on a patch by Arunav Sanyal. (markt) add Fix CVE-2013-4590: Add an option to the Context to control = the blocking of XML external entities when parsing XML configuration fi= les and enable this blocking by default when a security manager is used= . The block is implemented via a custom resolver to enable the logging = of any blocked entities. (markt) Coyote code Implement a number of small refactorings to the APR/native= handler for upgraded HTTP connections. (markt) fix Fix an issue with upgraded HTTP connections over HTTPS (e.g= . secure WebSocket) when using the APR/native connector that resulted i= n the unexpected closure of the connection. (markt) fix Ensure that the application class loader is used when calli= ng the ReadListener and WriteListener methods when using non-blocking I= O. A side effect of not doing this was that JNDI was not available when= processing WebSocket events. (markt) add Make the time that the internal executor (if used) waits fo= r request processing threads to terminate before continuing with the co= nnector stop process configurable. (markt) fix 55749: Improve the error message when SSLEngine is disabled= in the AprLifecycleListener and SSL is configured for an APR/native co= nnector. (markt) add If a request that includes an Expect: 100-continue header r= eceives anything other than a 2xx response, close the connection This p= rotects against misbehaving clients that may not sent the request body = in that case and send the next request instead. (markt) fix Improve the parsing of trailing headers in HTTP requests. (= markt) Jasper fix 55735: Fix a regression caused by the fix to 55198. When pr= ocessing JSP documents, attributes in XML elements that are template co= ntent should have their text xml-escaped, but output of EL expressions = in them should not be escaped. (markt) fix 55807: The JSP compiler used a last modified time of -1 for= TLDs in JARs expanded in to WEB-INF/classes (IDEs often do this expans= ion) when creating the dependency list for JSPs that used that TLD. Thi= s meant JSPs using that TLD were recompiled on every access. (markt) Cluster add Add log message that initialization of AbstractReplicatedMa= p has been completed. (kfujino) fix The logger of AbstractReplicatedMap should be non-static in= order to enable logging of each application. Side-effects of this chan= ge is to throw RuntimeException in MapMessage#getKey() and getValue() i= nstead of Null return and error log. (kfujino) code Simplify the code of DeltaManager#startInternal(). Reduce = unnecessary nesting for acquisition of cluster instance. (kfujino) fix Remove unnecessary attributes of stateTransferCreateSendTim= e and receiverQueue from cluster manager template. These attributes sho= uld not be defined as a template. (kfujino) fix Fix MBean attribute definition of stateTransfered. The meth= od name is not isStateTransfered() but getStateTransfered(). (kfujino) fix Correct stop failure log of cluster. Failure cause is not o= nly Valve. (kfujino) fix Remove unnecessary sleep when sending session blocks on ses= sion sync phase. (kfujino) fix Expose stateTimestampDrop of org.apache.catalina.ha.session= .DeltaManager via JMX. (kfujino) fix When the ping timeouted, make sure that memberDisappeared m= ethod is not called by specifying the members that has already been rem= oved. (kfujino) add Add log message of session relocation when member disappear= ed. (kfujino) fix If ping message fails, prevent wrong timeout detection of n= ormal member that is no failure members. (kfujino) Web applications add Add some documentation on the SSL configuration options for= WebSocket clients. (markt) add Add to cluster document a description of notifyLifecycleLis= tenerOnFailure and heartbeatBackgroundEnabled. (kfujino) fix Update the documentation with information for WebSocket 1.0= specification and javadoc. (violetagg) fix 55703: Clarify the role of the singleton attribute for JNDI= resource factories. (markt) fix 55746: Add documentation on the allRolesMode to the Combine= dRealm and LockOutRealm. Patch by C=E9dric Couralet. (markt) add Expand the information on web applications that ship as par= t of Tomcat in the security how-to section of the documentation web app= lication. (markt) fix Expand the description of the WebSocket buffers in the docu= mentation web application to clarify their purpose. (markt) add Correct the documentation for Cluster manager. (kfujino) add Add information on how to configure integrated Windows auth= entication when Tomcat is running on a non-Windows host. (markt) Extras update Update commons-logging to version 1.1.3. (rjung) Other add 52323: Add support for the Cobertura code coverage tool whe= n running the unit tests. Based on a patch by mhasko. (markt/kkolinko) update Update sample Eclipse IDE project. Explicitly use a Java= 6 SE JDK. Exclude JSR356 WebSocket classes from build path, as they ca= nnot be compiled with Java 6. (kkolinko) update Update the Eclipse compiler to 4.3.1. (kkolinko/markt) To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.17.2.1 pkgsrc/www/apache-tomcat7/Makefile cvs rdiff -u -r1.9 -r1.9.2.1 pkgsrc/www/apache-tomcat7/PLIST cvs rdiff -u -r1.11 -r1.11.4.1 pkgsrc/www/apache-tomcat7/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.