Re: [VOTE] 8.0.x EOL - 30 June 2018

[Emmanuel Bourg]

Le 23/06/2017 à 16:29, Christopher Schultz a écrit :

> Can you clarify: you voted to NOT ANNOUNCE Tomcat 8.0 EOL now, but it's
> not very kind to consumers to surprise them in 2018 by saying "security
> patches only" sometime later.
> 
> Why not state NOW that we will be EOLing Tomcat 8.0 in 2018 and starting
> NOW we will only provide security patches for it?

My concern is to keep having security support for Tomcat 8.0.x because
it will still be used by Linux distributions beyond June 2018 (and
probably others). Tomcat 8.0.x will be only 4 years old at this date,
that's a rather short life by Tomcat standards.

I wouldn't mind if feature updates stopped right now and if 8.0.x
received only security updates from now on (be it EOLed next year or
not). That would simplify the maintenance and encourage people to
upgrade to 8.5.

Emmanuel Bourg

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Christopher Schultz]

All,

On 6/22/17 11:18 AM, Mark Thomas wrote:
> We had a couple of threads discussing this. I think it is time for a
> vote.>
> [X] +1 We should announce 8.0.x EOL for 30 June 2018
> [ ] -1 We should announce 8.0.x EOL for [insert date here]
> [ ] -1 We should not announce 8.0.x EOL at this time

I think Tomcat 8.0 can go into maintenance mode (i.e. security-only)
fairly soon.

-chris



signature.asc
Description: OpenPGP digital signature

svn commit: r1799678 - /tomcat/trunk/webapps/docs/changelog.xml

[schultz]

Author: schultz
Date: Fri Jun 23 14:25:09 2017
New Revision: 1799678

URL: http://svn.apache.org/viewvc?rev=1799678=rev
Log:
Move changelog entry to correct version after review by markt.

Modified:
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799678=1799677=1799678=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 23 14:25:09 2017
@@ -58,6 +58,14 @@
   
 
   
+  
+
+  
+61127Allow human-readable names for channelSendOptions and
+mapSendOptions. Patch provided by Igal Sapir. (schultz)
+  
+
+  
 
 
   
@@ -243,14 +251,6 @@
   
 
   
-  
-
-  
-61127Allow human-readable names for channelSendOptions and
-mapSendOptions. Patch provided by Igal Sapir. (schultz)
-  
-
-  
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Christopher Schultz]

Emmanuel,

On 6/22/17 11:51 AM, Emmanuel Bourg wrote:
> Le 22/06/2017 à 17:18, Mark Thomas a écrit :
>
>> [X] -1 We should not announce 8.0.x EOL at this time
>
> I'd prefer security only releases for Tomcat 8.0.x beyond 30 June 2018
> (or even sooner).

Can you clarify: you voted to NOT ANNOUNCE Tomcat 8.0 EOL now, but it's
not very kind to consumers to surprise them in 2018 by saying "security
patches only" sometime later.

Why not state NOW that we will be EOLing Tomcat 8.0 in 2018 and starting
NOW we will only provide security patches for it?

-chris



signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.0.M22

[Huxing Zhang]

Hi,

The proposed 9.0.0.M22 release is:
[ ] Broken - do not release
[ X ] Alpha - go ahead and release as 9.0.0.M22

Unit test passed.
Our test web application works fine.

1. There is a typo in trailers.ResponseTrailers, I will fix that later.
2. Actually I have a concern of the trailer field implementation. Should we add 
an extra whitespace between the trailer field name and trailer field, just to 
keep align with the head field format?

In rfc7230 section 4.1.2 says the white space is optional.
header-field   = field-name ":" OWS field-value OWS

But right now the format is inconsistent between header and trailer field.

Examples: 

Escape character is '^]'.
GET /examples/servlets/trailers/response HTTP/1.1
Host: hsf.taobao.net:8180
User-Agent: curl/7.47.0
Accept: */*

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 23 Jun 2017 05:49:14 GMT

2b
This reponse should include trailer fields.
0
x-trailer-2:Trailer value two
x-trailer-1:Trailer value one

BTW, Jetty[1] has an white space between trailer field name and value. 
https://webtide.com/http-trailers-in-jetty/

--
From:Mark Thomas 
Time:2017 Jun 21 (Wed) 22:18
To:Tomcat Developers List 
Subject:[VOTE] Release Apache Tomcat 9.0.0.M22


The proposed Apache Tomcat 9.0.0.M22 release is now available for voting.

This is a milestone release for the 9.0.x branch. It should be
noted that, as a milestone release:
- Servlet 4.0 is not finalised
- The EGs have not started work on JSP 2.4, EL 3.1 or WebSocket 1.2/2.0

The major changes compared to the 9.0.0.M21 release are:

- Add a new JULI FileHandler configuration for specifying the maximum
  number of days to keep the log files. By default the log files will be
  kept 90 days.

- Update the Servlet 4.0 implementation to add support for setting
  trailer fields for HTTP responses.

- When pre-compiling with JspC, report all compilation errors rather
  than stopping after the first error.

Along with lots of other bug fixes and improvements

For full details, see the changelog:
http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M22/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1137/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M22/

The proposed 9.0.0.M22 release is:
[ ] Broken - do not release
[ ] Alpha - go ahead and release as 9.0.0.M22

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Huxing Zhang]

[ X ] +1 We should announce 8.0.x EOL for 30 June 2018

--
From:Mark Thomas 
Time:2017 Jun 22 (Thu) 23:18
To:Tomcat Developers List 
Subject:[VOTE] 8.0.x EOL - 30 June 2018


We had a couple of threads discussing this. I think it is time for a vote.

[ ] +1 We should announce 8.0.x EOL for 30 June 2018
[ ] -1 We should announce 8.0.x EOL for [insert date here]
[ ] -1 We should not announce 8.0.x EOL at this time

Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1799648 - /tomcat/trunk/webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.java

[huxing]

Author: huxing
Date: Fri Jun 23 06:33:17 2017
New Revision: 1799648

URL: http://svn.apache.org/viewvc?rev=1799648=rev
Log:
Fix typo in trailer fileds example

Modified:
tomcat/trunk/webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.java

Modified: 
tomcat/trunk/webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.java?rev=1799648=1799647=1799648=diff
==
--- 
tomcat/trunk/webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.java 
(original)
+++ 
tomcat/trunk/webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.java 
Fri Jun 23 06:33:17 2017
@@ -47,7 +47,7 @@ public class ResponseTrailers extends Ht
 
 PrintWriter pw  = resp.getWriter();
 
-pw.print("This reponse should include trailer fields.");
+pw.print("This response should include trailer fields.");
 }
 
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1799677 - in /tomcat/trunk: java/org/apache/catalina/valves/LoadBalancerDrainingValve.java webapps/docs/changelog.xml

[schultz]

Author: schultz
Date: Fri Jun 23 14:23:53 2017
New Revision: 1799677

URL: http://svn.apache.org/viewvc?rev=1799677=rev
Log:
Fix a bug and a small integration support improvement after review by mgrigorov.
Fix changelog after review by markt.

Modified:
tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java?rev=1799677=1799676=1799677=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java 
Fri Jun 23 14:23:53 2017
@@ -68,7 +68,7 @@ public class LoadBalancerDrainingValve
  * The request attribute key where the load-balancer's activation state
  * can be found.
  */
-static final String ATTRIBUTE_KEY_JK_LB_ACTIVATION = "JK_LB_ACTIVATION";
+public static final String ATTRIBUTE_KEY_JK_LB_ACTIVATION = 
"JK_LB_ACTIVATION";
 
 /**
  * The HTTP response code that will be used to redirect the request
@@ -259,8 +259,7 @@ public class LoadBalancerDrainingValve
 
 // Re-write the URI if it contains a ;jsessionid parameter
 String uri = request.getRequestURI();
-String sessionURIParamName = "jsessionid";
-SessionConfig.getSessionUriParamName(request.getContext());
+String sessionURIParamName = 
SessionConfig.getSessionUriParamName(request.getContext());
 if(uri.contains(";" + sessionURIParamName + "="))
 uri = uri.replaceFirst(";" + sessionURIParamName + "=[^&?]*", 
"");
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799677=1799676=1799677=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 23 14:23:53 2017
@@ -52,6 +52,10 @@
 protocol will trigger a warning in the logs since it is known to be
 insecure. (markt)
   
+  
+Add LoadBalancerDrainingValve, a Valve designed to reduce the amount of
+time required for a node to drain its authenticated users. (schultz)
+  
 
   
 
@@ -147,10 +151,6 @@
 variable for CGI executables is populated in a consistent way 
regardless
 of how the CGI servlet is mapped to a request. (markt)
   
-  
-Add LoadBalancerDrainingValve, a Valve designed to reduce the amount of
-time required for a node to drain its authenticated users. (schultz)
-  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1799704 - in /tomcat/trunk: java/org/apache/catalina/connector/Request.java java/org/apache/catalina/util/TLSUtil.java java/org/apache/catalina/valves/AbstractAccessLogValve.java webapps/

[markt]

Author: markt
Date: Fri Jun 23 21:14:43 2017
New Revision: 1799704

URL: http://svn.apache.org/viewvc?rev=1799704=rev
Log:
When the access log valve logs a TLS related request attribute and the NIO2 
connector is used with OpenSSL, ensure that the TLS attributes are available to 
the access log valve when the connection is closing.

Added:
tomcat/trunk/java/org/apache/catalina/util/TLSUtil.java   (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catalina/valves/AbstractAccessLogValve.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=1799704=1799703=1799704=diff
==
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Fri Jun 23 
21:14:43 2017
@@ -85,6 +85,7 @@ import org.apache.catalina.core.AsyncCon
 import org.apache.catalina.mapper.MappingData;
 import org.apache.catalina.util.ParameterMap;
 import org.apache.catalina.util.RequestUtil;
+import org.apache.catalina.util.TLSUtil;
 import org.apache.catalina.util.URLEncoder;
 import org.apache.coyote.ActionCode;
 import org.apache.coyote.UpgradeToken;
@@ -855,48 +856,46 @@ public class Request implements HttpServ
  */
 @Override
 public Object getAttribute(String name) {
-
 // Special attributes
 SpecialAttributeAdapter adapter = specialAttributes.get(name);
 if (adapter != null) {
 return adapter.get(this, name);
 }
 
-Object attr=attributes.get(name);
+Object attr = attributes.get(name);
 
-if(attr!=null) {
+if (attr != null) {
 return attr;
 }
 
-attr =  coyoteRequest.getAttribute(name);
-if(attr != null) {
+attr = coyoteRequest.getAttribute(name);
+if (attr != null) {
 return attr;
 }
-if( isSSLAttribute(name) || 
name.equals(SSLSupport.PROTOCOL_VERSION_KEY)) {
-coyoteRequest.action(ActionCode.REQ_SSL_ATTRIBUTE,
- coyoteRequest);
+if (TLSUtil.isTLSRequestAttribute(name)) {
+coyoteRequest.action(ActionCode.REQ_SSL_ATTRIBUTE, coyoteRequest);
 attr = coyoteRequest.getAttribute(Globals.CERTIFICATES_ATTR);
-if( attr != null) {
+if (attr != null) {
 attributes.put(Globals.CERTIFICATES_ATTR, attr);
 }
 attr = coyoteRequest.getAttribute(Globals.CIPHER_SUITE_ATTR);
-if(attr != null) {
+if (attr != null) {
 attributes.put(Globals.CIPHER_SUITE_ATTR, attr);
 }
 attr = coyoteRequest.getAttribute(Globals.KEY_SIZE_ATTR);
-if(attr != null) {
+if (attr != null) {
 attributes.put(Globals.KEY_SIZE_ATTR, attr);
 }
 attr = coyoteRequest.getAttribute(Globals.SSL_SESSION_ID_ATTR);
-if(attr != null) {
+if (attr != null) {
 attributes.put(Globals.SSL_SESSION_ID_ATTR, attr);
 }
 attr = coyoteRequest.getAttribute(Globals.SSL_SESSION_MGR_ATTR);
-if(attr != null) {
+if (attr != null) {
 attributes.put(Globals.SSL_SESSION_MGR_ATTR, attr);
 }
 attr = coyoteRequest.getAttribute(SSLSupport.PROTOCOL_VERSION_KEY);
-if(attr != null) {
+if (attr != null) {
 attributes.put(SSLSupport.PROTOCOL_VERSION_KEY, attr);
 }
 attr = attributes.get(name);
@@ -911,18 +910,6 @@ public class Request implements HttpServ
 return coyoteRequest.getContentLengthLong();
 }
 
-/**
- * Test if a given name is one of the special Servlet-spec SSL attributes.
- *
- * @return true if this is a special SSL attribute
- */
-static boolean isSSLAttribute(String name) {
-return Globals.CERTIFICATES_ATTR.equals(name) ||
-Globals.CIPHER_SUITE_ATTR.equals(name) ||
-Globals.KEY_SIZE_ATTR.equals(name)  ||
-Globals.SSL_SESSION_ID_ATTR.equals(name) ||
-Globals.SSL_SESSION_MGR_ATTR.equals(name);
-}
 
 /**
  * Return the names of all request attributes for this Request, or an

Added: tomcat/trunk/java/org/apache/catalina/util/TLSUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/TLSUtil.java?rev=1799704=auto
==
--- tomcat/trunk/java/org/apache/catalina/util/TLSUtil.java (added)
+++ tomcat/trunk/java/org/apache/catalina/util/TLSUtil.java Fri Jun 23 21:14:43 
2017
@@ -0,0 +1,43 @@
+/*
+ * Licensed to 

svn commit: r1799710 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/AprSSLSupport.java webapps/docs/changelog.xml

[remm]

Author: remm
Date: Fri Jun 23 21:36:16 2017
New Revision: 1799710

URL: http://svn.apache.org/viewvc?rev=1799710=rev
Log:
60461: Sync SSL session access for the APR connector.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jun 23 21:36:16 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1799702 - /tomcat/trunk/webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Jun 23 21:05:27 2017
New Revision: 1799702

URL: http://svn.apache.org/viewvc?rev=1799702=rev
Log:
Changelog entry for r1799701

Modified:
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799702=1799701=1799702=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 23 21:05:27 2017
@@ -56,6 +56,11 @@
 Add LoadBalancerDrainingValve, a Valve designed to reduce the amount of
 time required for a node to drain its authenticated users. (schultz)
   
+  
+Do not log a warning when a null session is returned for 
an
+OpenSSL based TLS session since this is expected when session tickets
+are enabled. (markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60461] SIGSEGV in SSLSocket.getInfos

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60461

Remy Maucherat  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #37 from Remy Maucherat  ---
I think this should be fixed by syncing for now. The changes are now included
for APR and OpenSSL in 9M23 and 8.5.17.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Emmanuel Bourg]

Le 23/06/2017 à 21:15, Christopher Schultz a écrit :

> The idea was to encourage package repository maintainers to migrate to
> Tomcat 8.5. If we never sundown Tomcat 8.0, they'll never move (witness
> the presence of Tomcat 6.0 still lurking around half the Internet).

As far as Debian is concerned, the migration to Tomcat 8.5 did happen in
Debian 9. But Debian 8 users are stuck with Tomcat 8.0.x until June
2020. Tomcat 8.5 isn't a drop-in replacement for Tomcat 8.0
unfortunately, so it's a bit difficult to push this upgrade in a stable
distribution.

Emmanuel Bourg

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1799701 - /tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java

[markt]

Author: markt
Date: Fri Jun 23 21:02:37 2017
New Revision: 1799701

URL: http://svn.apache.org/viewvc?rev=1799701=rev
Log:
The SSL session ID can be null when OpenSSL is using session tickets. 
Therefore, remove the check that throws an ISE if the session ID is found to be 
null.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1799701=1799700=1799701=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Fri 
Jun 23 21:02:37 2017
@@ -1048,10 +1048,7 @@ public final class OpenSSLEngine extends
 }
 id = SSL.getSessionId(ssl);
 }
-if (id == null) {
-// The id should never be null, if it was null then the 
SESSION itself was not valid.
-throw new 
IllegalStateException(sm.getString("engine.noSession"));
-}
+
 return id;
 }
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1799703 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Jun 23 21:07:51 2017
New Revision: 1799703

URL: http://svn.apache.org/viewvc?rev=1799703=rev
Log:
The SSL session ID can be null when OpenSSL is using session tickets. 
Therefore, remove the check that throws an ISE if the session ID is found to be 
null.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jun 23 21:07:51 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1799705 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/connector/Request.java java/org/apache/catalina/util/TLSUtil.java java/org/apache/catalina/valves/AbstractAccessLogValve.ja

[markt]

Author: markt
Date: Fri Jun 23 21:15:38 2017
New Revision: 1799705

URL: http://svn.apache.org/viewvc?rev=1799705=rev
Log:
When the access log valve logs a TLS related request attribute and the NIO2 
connector is used with OpenSSL, ensure that the TLS attributes are available to 
the access log valve when the connection is closing.

Added:
tomcat/tc8.5.x/trunk/java/org/apache/catalina/util/TLSUtil.java
  - copied unchanged from r1799704, 
tomcat/trunk/java/org/apache/catalina/util/TLSUtil.java
Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Request.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/valves/AbstractAccessLogValve.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jun 23 21:15:38 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1799709 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/AprSSLSupport.java webapps/docs/changelog.xml

[remm]

Author: remm
Date: Fri Jun 23 21:34:50 2017
New Revision: 1799709

URL: http://svn.apache.org/viewvc?rev=1799709=rev
Log:
60461: Sync SSL session access for the APR connector.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1799709=1799708=1799709=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 23 
21:34:50 2017
@@ -2761,5 +2761,44 @@ public class AprEndpoint extends Abstrac
 public void setAppReadBufHandler(ApplicationBufferHandler handler) {
 // no-op
 }
+
+String getSSLInfoS(int id) {
+synchronized (closedLock) {
+if (closed) {
+return null;
+}
+try {
+return SSLSocket.getInfoS(getSocket().longValue(), id);
+} catch (Exception e) {
+throw new IllegalStateException(e);
+}
+}
+}
+
+int getSSLInfoI(int id) {
+synchronized (closedLock) {
+if (closed) {
+return 0;
+}
+try {
+return SSLSocket.getInfoI(getSocket().longValue(), id);
+} catch (Exception e) {
+throw new IllegalStateException(e);
+}
+}
+}
+
+byte[] getSSLInfoB(int id) {
+synchronized (closedLock) {
+if (closed) {
+return null;
+}
+try {
+return SSLSocket.getInfoB(getSocket().longValue(), id);
+} catch (Exception e) {
+throw new IllegalStateException(e);
+}
+}
+}
 }
 }

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java?rev=1799709=1799708=1799709=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java Fri Jun 23 
21:34:50 2017
@@ -22,7 +22,6 @@ import java.security.cert.CertificateFac
 import java.security.cert.X509Certificate;
 
 import org.apache.tomcat.jni.SSL;
-import org.apache.tomcat.jni.SSLSocket;
 
 /**
  * Implementation of SSLSupport for APR.
@@ -32,11 +31,11 @@ import org.apache.tomcat.jni.SSLSocket;
  */
 public class AprSSLSupport implements SSLSupport {
 
-private final SocketWrapperBase socketWrapper;
+private final AprEndpoint.AprSocketWrapper socketWrapper;
 private final String clientCertProvider;
 
 
-public AprSSLSupport(SocketWrapperBase socketWrapper, String 
clientCertProvider) {
+public AprSSLSupport(AprEndpoint.AprSocketWrapper socketWrapper, String 
clientCertProvider) {
 this.socketWrapper = socketWrapper;
 this.clientCertProvider = clientCertProvider;
 }
@@ -44,12 +43,8 @@ public class AprSSLSupport implements SS
 
 @Override
 public String getCipherSuite() throws IOException {
-long socketRef = socketWrapper.getSocket().longValue();
-if (socketRef == 0) {
-return null;
-}
 try {
-return SSLSocket.getInfoS(socketRef, SSL.SSL_INFO_CIPHER);
+return socketWrapper.getSSLInfoS(SSL.SSL_INFO_CIPHER);
 } catch (Exception e) {
 throw new IOException(e);
 }
@@ -58,15 +53,10 @@ public class AprSSLSupport implements SS
 
 @Override
 public X509Certificate[] getPeerCertificateChain() throws IOException {
-long socketRef = socketWrapper.getSocket().longValue();
-if (socketRef == 0) {
-return null;
-}
-
 try {
 // certLength == -1 indicates an error
-int certLength = SSLSocket.getInfoI(socketRef, 
SSL.SSL_INFO_CLIENT_CERT_CHAIN);
-byte[] clientCert = SSLSocket.getInfoB(socketRef, 
SSL.SSL_INFO_CLIENT_CERT);
+int certLength = 
socketWrapper.getSSLInfoI(SSL.SSL_INFO_CLIENT_CERT_CHAIN);
+byte[] clientCert = 
socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT);
 X509Certificate[] certs = null;
 if (clientCert != null  && certLength > -1) {
 certs = new X509Certificate[certLength + 1];
@@ -78,7 +68,7 @@ public class AprSSLSupport implements SS
 }
 certs[0] = 

[Bug 61212] Slow application boot time due to constant jar file content read

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61212

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |DUPLICATE
 Status|NEW |RESOLVED

--- Comment #3 from Mark Thomas  ---


*** This bug has been marked as a duplicate of bug 60963 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60963] Optimize class loading for unpackWARs=false case

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60963

Mark Thomas  changed:

   What|Removed |Added

 CC||abruzgu...@eisgroup.com

--- Comment #21 from Mark Thomas  ---
*** Bug 61212 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Christopher Schultz]

Emmanuel,

On 6/23/17 11:35 AM, Emmanuel Bourg wrote:
> Le 23/06/2017 à 16:29, Christopher Schultz a écrit :
> 
>> Can you clarify: you voted to NOT ANNOUNCE Tomcat 8.0 EOL now, but it's
>> not very kind to consumers to surprise them in 2018 by saying "security
>> patches only" sometime later.
>>
>> Why not state NOW that we will be EOLing Tomcat 8.0 in 2018 and starting
>> NOW we will only provide security patches for it?
> 
> My concern is to keep having security support for Tomcat 8.0.x because
> it will still be used by Linux distributions beyond June 2018 (and
> probably others). Tomcat 8.0.x will be only 4 years old at this date,
> that's a rather short life by Tomcat standards.
> 
> I wouldn't mind if feature updates stopped right now and if 8.0.x
> received only security updates from now on (be it EOLed next year or
> not). That would simplify the maintenance and encourage people to
> upgrade to 8.5.

The idea was to encourage package repository maintainers to migrate to
Tomcat 8.5. If we never sundown Tomcat 8.0, they'll never move (witness
the presence of Tomcat 6.0 still lurking around half the Internet).

-chris



signature.asc
Description: OpenPGP digital signature

svn commit: r1799653 - /tomcat/trunk/test/org/apache/coyote/http2/TestStream.java

[markt]

Author: markt
Date: Fri Jun 23 10:29:56 2017
New Revision: 1799653

URL: http://svn.apache.org/viewvc?rev=1799653=rev
Log:
Fixing typo (r1799648) changed response body length so test needed to be 
updated.

Modified:
tomcat/trunk/test/org/apache/coyote/http2/TestStream.java

Modified: tomcat/trunk/test/org/apache/coyote/http2/TestStream.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestStream.java?rev=1799653=1799652=1799653=diff
==
--- tomcat/trunk/test/org/apache/coyote/http2/TestStream.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http2/TestStream.java Fri Jun 23 
10:29:56 2017
@@ -115,7 +115,7 @@ public class TestStream extends Http2Tes
 "3-Header-[content-type]-[text/plain;charset=UTF-8]\n" +
 "3-Header-[date]-[Wed, 11 Nov 2015 19:18:42 GMT]\n" +
 "3-HeadersEnd\n" +
-"3-Body-43\n" +
+"3-Body-44\n" +
 "3-HeadersStart\n" +
 "3-Header-[x-trailer-2]-[Trailer value two]\n" +
 "3-Header-[x-trailer-1]-[Trailer value one]\n" +



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Need a help to begin.

[Mark Thomas]

On 22/06/17 13:43, Kasun Prabath Amarasinghe wrote:
> I'm a computer Engineering undergraduate student. I would like to
> contribute to open source projects. But I don't know where to start and how
> to start.Can anyone guide me to start.
> 

Welcome to the Apache Tomcat community.

There is some useful information available at http://tomcat.apache.org/
Have a look at the links under "Get Involved" in the menu on the left
hand side.

We have recently started to mark some bugs as "Beginner" if we think
they are suitable for someone new to the project. There aren't many of
them yet.

The most important thing is to do something that you find interesting.

If you have any questions, or suggestions for how we can improve the
experience for people new to the project, do let us know.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-trunk

[buildbot]

The Buildbot has detected a new failure on builder tomcat-trunk while building 
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/2491

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1799648
Blamelist: huxing

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61210

--- Comment #3 from Coty Sutherland  ---
(In reply to Konstantin Kolinko from comment #1)
> 1. From your logs, you are running Tomcat 8.5.15. I am changing the Version
> field to match that.

I tested with 8.5.x too, apparently I copied the wrong logs.

> 2. Generally, this is a feature.
> The message text tells one to look into the catalina.policy file,
> and there is a comment there that explains the issue. 

Like I said, the message is accurate however the file that it's warning about
doesn't exist. This could cause users to see a warning in the log file that
needs to be fixed when in fact there is no problem. 
> 
> Any ideas how to improve users' experience here?
> 
> Allowing to read some random logging.properties files is not an option,
> as it is insecure.

I'm not sure what you're after here. I don't want anyone to be able to read the
file :) I want the warning message to be conditional based on whether or not
the file actually exists.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-trunk

[buildbot]

The Buildbot has detected a restored build on builder tomcat-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/2492

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1799653
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61210

--- Comment #4 from Coty Sutherland  ---
(In reply to Mark Thomas from comment #2)
> I was thinking add a privileged block that tested if the file existed and
> don't trigger the warning if it doesn't. Note I haven't dug into the code to
> see hwo easy this would be yet.

+1, that's what I was hoping for. I haven't played much with privileged blocks,
but I can try and mock up a quick patch to do that.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1799653 - /tomcat/trunk/test/org/apache/coyote/http2/TestStream.java

[Huxing Zhang]

Mark, thanks for the fix!

> On 23 Jun 2017, at 18:29, ma...@apache.org wrote:
> 
> Author: markt
> Date: Fri Jun 23 10:29:56 2017
> New Revision: 1799653
> 
> URL: http://svn.apache.org/viewvc?rev=1799653=rev
> Log:
> Fixing typo (r1799648) changed response body length so test needed to be 
> updated.
> 
> Modified:
>tomcat/trunk/test/org/apache/coyote/http2/TestStream.java
> 
> Modified: tomcat/trunk/test/org/apache/coyote/http2/TestStream.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestStream.java?rev=1799653=1799652=1799653=diff
> ==
> --- tomcat/trunk/test/org/apache/coyote/http2/TestStream.java (original)
> +++ tomcat/trunk/test/org/apache/coyote/http2/TestStream.java Fri Jun 23 
> 10:29:56 2017
> @@ -115,7 +115,7 @@ public class TestStream extends Http2Tes
> "3-Header-[content-type]-[text/plain;charset=UTF-8]\n" +
> "3-Header-[date]-[Wed, 11 Nov 2015 19:18:42 GMT]\n" +
> "3-HeadersEnd\n" +
> -"3-Body-43\n" +
> +"3-Body-44\n" +
> "3-HeadersStart\n" +
> "3-Header-[x-trailer-2]-[Trailer value two]\n" +
> "3-Header-[x-trailer-1]-[Trailer value one]\n" +
> 
> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61212] Slow application boot time due to constant jar file content read

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61212

--- Comment #2 from Adrianas  ---
We do have relativelly big spring based application with ~250mb of jars.

After migrating from tc 7 to tc 8 application boot time significantly
increased. Seems that most of the time is taken by a constant call to
java.util.jar.JarFile.getJarEntry. 

Looks like tc8 class/resource loader on each ClassLoader.loadClass(String)
iterates through all jars and asks each jar if resource exists (instead of
caching jar content once in memory).

tc 8 has the ability to read jar contens only once but to enable it we had to
extend org.apache.catalina.webresources.StandardRoot with custom
implementation.

After change total time spent on
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(String) dropped from
87sec to 39sec. It was 40+sec of time wasted on constant jar content check.

package org.apache.catalina.webresources;

import org.apache.catalina.LifecycleException;
import org.apache.catalina.WebResourceSet;

/**
 * Created by adi on 09/06/2017.
 */
public class CustomStandardRoot extends
org.apache.catalina.webresources.StandardRoot {

@Override
protected void startInternal() throws LifecycleException {
super.startInternal();
for (WebResourceSet webResourceSet : getClassResources()) {
if (webResourceSet instanceof AbstractArchiveResourceSet) {
// Load Jar Content into Memory
   
((AbstractArchiveResourceSet)webResourceSet).getArchiveEntries(false);
}
}
}
}

and register custom implementation in TOMCAT_HOME/conf/context.xml 

Context containerSciFilter="org.apache.tomcat.websocket.server.WsSci">
...
  
...


-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61212] Slow application boot time due to constant jar file content read

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61212

--- Comment #1 from Adrianas  ---
Created attachment 35072
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35072=edit
After

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61212] New: Slow application boot time due to constant jar file content read

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61212

Bug ID: 61212
   Summary: Slow application boot time due to constant jar file
content read
   Product: Tomcat 8
   Version: 8.5.15
  Hardware: PC
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: abruzgu...@eisgroup.com
  Target Milestone: 

Created attachment 35071
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35071=edit
Profile Before

We do have relativelly big spring based application with ~250mb of jars.

After migrating from tc 7 to tc 8 application boot time significantly
increased. Seems that most of the time is taken by a constant call to
java.util.jar.JarFile.getJarEntry. 

Looks like tc8 class/resource loaded on each ClassLoader.loadClass(String)
iterates throught all jars and asked each jar if resource exists instead of
caching jar content once in memmory.

tc 8 has the ability to read jar contens only once but to enable it we had to
extend org.apache.catalina.webresources.StandardRoot iwth custom
implementation.

After change total time spent on
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(String) dropped from
87sec to 39sec. It was 40+sec of time wasted on constant jar content check.

package org.apache.catalina.webresources;

import org.apache.catalina.LifecycleException;
import org.apache.catalina.WebResourceSet;

/**
 * Created by adi on 09/06/2017.
 */
public class CustomStandardRoot extends
org.apache.catalina.webresources.StandardRoot {

@Override
protected void startInternal() throws LifecycleException {
super.startInternal();
for (WebResourceSet webResourceSet : getClassResources()) {
if (webResourceSet instanceof AbstractArchiveResourceSet) {
// Load Jar Content into Memory
   
((AbstractArchiveResourceSet)webResourceSet).getArchiveEntries(false);
}
}
}
}

and register custom implementation in TOMCAT_HOME/conf/context.xml 

Context containerSciFilter="org.apache.tomcat.websocket.server.WsSci">
...
  
...


-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61212] Slow application boot time due to constant jar file content read

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61212

Adrianas  changed:

   What|Removed |Added

  Attachment #35072|After   |Profile After
description||

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: asyncError() is not valid while in Async state DISPATCHING

[Violeta Georgieva]

Hi,

2017-06-13 15:44 GMT+03:00 Mark Thomas :
>
> On 13/06/17 11:05, Violeta Georgieva wrote:
> > 2017-06-13 13:04 GMT+03:00 Violeta Georgieva :
> >>
> >> Hi,
> >>
> >>
> >> 2017-06-12 21:43 GMT+03:00 Mark Thomas :
> >>>
> >>> On 09/06/17 16:26, Violeta Georgieva wrote:
>  2017-06-09 17:25 GMT+03:00 Mark Thomas :
> >>>
> >>> 
> >>>
> > I've spent some time working through the various possible
> > combinations
> > of events and have concluded it is impossible to completely fix this
> > without imposing additional requirements on applications that the
> > specification doesn't mention.
> >
> > However, I believe that we can do better than the current
> > implementation. What I have on mind would:
> >
> > - always trigger AsyncListener.onError() for all listeners
> > - generally, process the complete() dispatch() call from the
> >   AsyncListener rather than any from the non-container thread
> > - generally, throw an ISE if complete() or dispatch() is called
> >   from the non-container thread after that thread experiences an I/O
> >error
> > - leave a small timing window where it was possible that the
> > complete()
> >   or dispatch() from the non-container thread would be used rather
> > than
> >   from the AsyncListener. In that case the AsyncListener would see
> > the
> >   ISE but any remaining AsyncListener instances would still be
called
> >
> > I don't see a way of doing better than this without spec changes /
> > clarifications.
> >
> > WDYT?
> 
>  +1
>  I'm able to test the new behavior with my real web app.
> >>>
> >>> Excellent. I've committed my proposed fix. The async unit tests pass
> >>> which is generally a good sign. If this works better with your real
web
> >>> application then we can look to back-port this.
> >>
> >> I'm seeing now the following exceptions:
>
> In the same run or different runs?
>
> > I back ported the fix to my local 8.5 branch in order to be able to
test it
> > ...
> >
> >>
> >> java.lang.IllegalStateException: Calling [asyncComplete()] is not valid
> > for a request with Async state [MUST_DISPATCH]
>
> It appears the application called dispatch() from a non-container thread
> once the error state had been entered. We could block that but there is
> a risk it will break valid use cases. Fundamentally, I don't believe the
> app should be doing this.

Ok I understand.

>
> >> at
> >
org.apache.coyote.AsyncStateMachine.doComplete(AsyncStateMachine.java:317)
> > ~[tomcat-embed-core.jar!/:8.5.16-dev]
>
> 
>
> >> ==
> >>
> >> java.lang.NullPointerException: null
>
> Appears to be the same cause as above, but triggered at a different point.
>

What about at least not throw NPE?

> >> at
> >
org.apache.catalina.core.AsyncContextImpl.setErrorState(AsyncContextImpl.java:411)
> > ~[tomcat-embed-core.jar!/:8.5.16-dev]
>
> 
>
> This is consistent with what I'd expect. In both of the above cases any
> AsyncListener.onError() methods should execute but if the app continues
> to do things on the non-container thread then there possibility of
> exceptions remains.
>

Ok I understand.

Can we back port the change to Tomcat 8.5 so that it is guaranteed that the
AsyncListeners will be invoked on error.

Thanks,
Violeta

> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

Re: svn commit: r1799462 - in /tomcat/trunk: ./ java/org/apache/catalina/ha/session/ java/org/apache/catalina/ha/tcp/ java/org/apache/catalina/tribes/ test/org/apache/catalina/tribes/test/channel/ web

[Christopher Schultz]

Mark,

Sorry... I'll get this sorted today.

Thanks,
-chris


On 6/21/17 5:26 PM, Mark Thomas wrote:
> On 21/06/17 15:58, schu...@apache.org wrote:
>> Author: schultz
>> Date: Wed Jun 21 14:58:57 2017
>> New Revision: 1799462
>>
>> URL: http://svn.apache.org/viewvc?rev=1799462=rev
>> Log:
>> Allow human-readable channelSendOptions and mapSendOptions in configurations.
>> Patch provided by Igal Sapir.
>>
>> This closes #56.
> 
> 
> 
> 
>> Modified: tomcat/trunk/webapps/docs/changelog.xml
>> URL: 
>> http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799462=1799461=1799462=diff
>> ==
>> --- tomcat/trunk/webapps/docs/changelog.xml (original)
>> +++ tomcat/trunk/webapps/docs/changelog.xml Wed Jun 21 14:58:57 2017
>> @@ -230,6 +230,14 @@
>>
>>  
>>
>> +  
>> +
>> +  
>> +61127Allow human-readable names for channelSendOptions 
>> and
>> +mapSendOptions. Patch provided by Igal Sapir. (schultz)
>> +  
>> +
>> +  
>>
>>  
>>
> 
> Wrong version. 9.0.0.M22 had already been tagged.
> 
> Mark
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 



signature.asc
Description: OpenPGP digital signature

Re: svn commit: r1799498 - in /tomcat/trunk: java/org/apache/catalina/valves/LoadBalancerDrainingValve.java test/org/apache/catalina/valves/TestLoadBalancerDrainingValve.java webapps/docs/changelog.xm

[Christopher Schultz]

Martin,

On 6/22/17 3:04 AM, Martin Grigorov wrote:
> On Wed, Jun 21, 2017 at 9:05 PM,  wrote:
>
>> +/**
>> + * The request attribute key where the load-balancer's activation
>> state
>> + * can be found.
>> + */
>> +static final String ATTRIBUTE_KEY_JK_LB_ACTIVATION =
>> "JK_LB_ACTIVATION";
>>
> > Any objection to make this constant public and visible from outside
> ? I find it useful to be able to refer the constant by name than its
> value when integrating.

No objections. It looks like I'll have a follow-on patch shortly, so I
can change this at the same time.

>> +// Kill any session cookie present
>> +if(null != cookies) {
>> +for(Cookie cookie : cookies) {
>> +final String cookieName = cookie.getName();
>> +if(containerLog.isTraceEnabled())
>> +containerLog.trace("Checking cookie " +
>> cookieName + "=" + cookie.getValue());
>> +
>> +if(sessionCookieName.equals(cookieName)
>> +   &&
request.getRequestedSessionId().equals(cookie.getValue()))
>> {
>> +sessionCookie = cookie;
>>
>
> Is it a good idea to 'break' here ?
> Do you expect more than one session cookies ?!

No, but I do expect that there may be more interesting cookies later on
in the list...

>> +} else
>> +// Is the client presenting a valid ignore-cookie
>> value?
>> +if(null != _ignoreCookieName
>> +&& _ignoreCookieName.equals(cookieName)
>> +&& null != _ignoreCookieValue
>> +&&
_ignoreCookieValue.equals(cookie.getValue()))
>> {
>> +ignoreRebalance = true;
>> +}
>> +}

Like here ^.

>> +// Re-write the URI if it contains a ;jsessionid parameter
>> +String uri = request.getRequestURI();
>> +String sessionURIParamName = "jsessionid";
>> +SessionConfig.getSessionUriParamName(request.getContext());
>>
>
> It seems this bug has been inroduced during testing/debugging.
> The return value of
> "SessionConfig.getSessionUriParamName(request.getContext());"
> is ignored and the sessionURIParamName is always "jsessionid".

+1

I'll get that fixed. This Valve is a port of a Filter that I wrote
earlier and evidently that got lost in the shuffle.

Thanks for the review.

-chris



signature.asc
Description: OpenPGP digital signature