Update to 8.5.32 Changelog: Tomcat 8.5.32 (markt) Catalina Fix: Treat the <mapped-name> element of a <env-entry> in web.xml in the same way as the mappedName element of the equivalent @Resource annotation. Both now attempt to set the mappedName property of the resource. (markt) Fix: Correct the processing of resources with <injection-target>s defined in web.xml. First look for a match using JavaBean property names and then, only if a match is not found, look for a match using fields. (markt) Fix: When restoring a saved request with a request body after FORM authentication, ensure that calls to the HttpServletRequest methods getRequestURI(), getQueryString() and getProtocol() are not corrupted by the processing of the saved request body. (markt) Fix: JNDI resources that are defined with injection targets but no value are now treated as if the resource is not defined. (markt) Fix: Ensure that JNDI names used for <lookup-name> entries in web.xml and for lookup elements of @Resource annotations specify a name with an explicit java: namespace. (markt) Code: Refactor the org.apache.naming package to reduce duplicate code. Duplicate code identified by the Simian tool. (markt) Fix: 50019: Add support for <lookup-name>. Based on a patch by Gurkan Erdogdu. (markt) Add: 51953: Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges are defined using CIDR notation. Based on a patch by Francis Galiegue. (markt) Fix: 62343: Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. (markt) Fix: Ensure that the web application resources implementation does not incorrectly cache results for resources that are only visible as class loader resources. (markt) Fix: Make all loggers associated with Tomcat provided Filters non-static to ensure that log messages are not lost when a web application is reloaded. (markt) Fix: Correct the manifest for the annotations-api.jar. The JAR implements the Common Annotations API 1.2 and the manifest should reflect that. (markt) Fix: Switch to non-static loggers where there is a possibility of a logger becoming associated with a web application class loader causing log messages to be lost if the web application is stopped. (markt) Add: 62389: Add the IPv6 loopback address to the default internalProxies regular expression. Patch by Craig Andrews. (markt) Fix: In the RemoteIpValve and RemoteIpFilter, correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. Based on a patch by zhanhb. (markt) Fix: Correct the logic in MBeanFactory.removeConnector() to ensure that the correct Connector is removed when there are multiple Connectors using different addresses but the same port. (markt) Fix: Make JAASRealm mis-configuration more obvious by requiring the authenticated Subject to include at least one Principal of a type specified by userClassNames. (markt) Fix: 62476: Use GMT timezone for the value of Expires header as required by HTTP specification (RFC 7231, 7234). (kkolinko)diff -r1.6 -r1.7 pkgsrc/www/apache-tomcat85/Makefile
(zafer)
@@ -1,37 +1,37 @@ | @@ -1,37 +1,37 @@ | |||
1 | # $NetBSD: Makefile,v 1.6 2018/03/23 13:19:13 ryoon Exp $ | 1 | # $NetBSD: Makefile,v 1.7 2018/07/25 21:29:25 zafer Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= apache-tomcat-${TOMCAT_VER} | 4 | DISTNAME= apache-tomcat-${TOMCAT_VER} | |
5 | CATEGORIES= www | 5 | CATEGORIES= www | |
6 | MASTER_SITES= ${MASTER_SITE_APACHE:=tomcat/tomcat-8/v${TOMCAT_VER}/bin/} | 6 | MASTER_SITES= ${MASTER_SITE_APACHE:=tomcat/tomcat-8/v${TOMCAT_VER}/bin/} | |
7 | 7 | |||
8 | MAINTAINER= ryoon@NetBSD.org | 8 | MAINTAINER= ryoon@NetBSD.org | |
9 | HOMEPAGE= http://tomcat.apache.org/ | 9 | HOMEPAGE= http://tomcat.apache.org/ | |
10 | COMMENT= Implementation of Java Servlet and JavaServer Pages technologies | 10 | COMMENT= Implementation of Java Servlet and JavaServer Pages technologies | |
11 | LICENSE= apache-2.0 | 11 | LICENSE= apache-2.0 | |
12 | 12 | |||
13 | CONFLICTS+= jakarta-tomcat55-[0-9]* | 13 | CONFLICTS+= jakarta-tomcat55-[0-9]* | |
14 | CONFLICTS+= jakarta-tomcat-[0-9]* | 14 | CONFLICTS+= jakarta-tomcat-[0-9]* | |
15 | 15 | |||
16 | NO_BUILD= yes | 16 | NO_BUILD= yes | |
17 | USE_LANGUAGES= # none | 17 | USE_LANGUAGES= # none | |
18 | USE_JAVA= run | 18 | USE_JAVA= run | |
19 | USE_JAVA2= 7 | 19 | USE_JAVA2= 7 | |
20 | USE_TOOLS+= pax | 20 | USE_TOOLS+= pax | |
21 | 21 | |||
22 | .include "../../mk/bsd.prefs.mk" | 22 | .include "../../mk/bsd.prefs.mk" | |
23 | 23 | |||
24 | TOMCAT_VER= 8.5.29 | 24 | TOMCAT_VER= 8.5.32 | |
25 | TOMCAT_HOME= ${PREFIX}/share/tomcat | 25 | TOMCAT_HOME= ${PREFIX}/share/tomcat | |
26 | EGDIR= ${PREFIX}/share/examples/tomcat | 26 | EGDIR= ${PREFIX}/share/examples/tomcat | |
27 | DOCDIR= ${PREFIX}/share/doc/tomcat | 27 | DOCDIR= ${PREFIX}/share/doc/tomcat | |
28 | RCD_SCRIPTS= tomcat | 28 | RCD_SCRIPTS= tomcat | |
29 | SMF_NAME= tomcat | 29 | SMF_NAME= tomcat | |
30 | TOMCAT_USER?= tomcat | 30 | TOMCAT_USER?= tomcat | |
31 | TOMCAT_GROUP?= tomcat | 31 | TOMCAT_GROUP?= tomcat | |
32 | PKG_GROUPS= ${TOMCAT_GROUP} | 32 | PKG_GROUPS= ${TOMCAT_GROUP} | |
33 | PKG_USERS= ${TOMCAT_USER}:${TOMCAT_GROUP} | 33 | PKG_USERS= ${TOMCAT_USER}:${TOMCAT_GROUP} | |
34 | PKG_GROUPS_VARS+= TOMCAT_GROUP | 34 | PKG_GROUPS_VARS+= TOMCAT_GROUP | |
35 | PKG_USERS_VARS+= TOMCAT_USER | 35 | PKG_USERS_VARS+= TOMCAT_USER | |
36 | PKG_HOME.tomcat= ${TOMCAT_HOME} | 36 | PKG_HOME.tomcat= ${TOMCAT_HOME} | |
37 | PKG_SHELL.tomcat= ${SH} | 37 | PKG_SHELL.tomcat= ${SH} |
@@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
1 | $NetBSD: distinfo,v 1.6 2018/03/23 13:19:13 ryoon Exp $ | 1 | $NetBSD: distinfo,v 1.7 2018/07/25 21:29:25 zafer Exp $ | |
2 | 2 | |||
3 | SHA1 (apache-tomcat-8.5.29.tar.gz) = fdc2ac85282af82a494e352c35e33dcfe1dbab6b | 3 | SHA1 (apache-tomcat-8.5.32.tar.gz) = 04bdc935981580ec0b3b08302f5b22f8df508944 | |
4 | RMD160 (apache-tomcat-8.5.29.tar.gz) = bee9cabd08028014b684a62262d20831b2caa6de | 4 | RMD160 (apache-tomcat-8.5.32.tar.gz) = ec1c9d1545f76a2e0c07a5c200408a483de850a8 | |
5 | SHA512 (apache-tomcat-8.5.29.tar.gz) = a7c771524052325a801b96d9553b18406019d1cea5b874e6c0fcbad46856922d97d634af29c53ec540675d43925e6e5b89685fbba4a7051514e7198f25a99297 | 5 | SHA512 (apache-tomcat-8.5.32.tar.gz) = fc010f4643cb9996cad3812594190564d0a30be717f659110211414faf8063c61fad1f18134154084ad3ddfbbbdb352fa6686a28fbb6402d3207d4e0a88fa9ce | |
6 | Size (apache-tomcat-8.5.29.tar.gz) = 9532698 bytes | 6 | Size (apache-tomcat-8.5.32.tar.gz) = 9584807 bytes |