On 09/08/2022 15:12, Christopher Schultz wrote:
All,
I'm curious to find out if anyone is able to build a byte-for-byte
identical release given the 8.5.82 tag in GitHub. You won't be able to
generate the correct signed Windows binaries, of course, but you should
theoretically be able to build everything else.
I'll give it a go.
Note that the signed Windows binaries should build correctly. The
detached signatures for the installer should be in the tag and the
installer build should be reproducible. It should be possible to insert
the detached signatures and get a valid, signed Windows binary.
You will need to consult build.properties.release in order to use the
same toolchain I used.
Hmm. I think I ran the release-prep target before upgrading my JDK to
its current version. The build.properties.release file states I used
"Adoptium 11.0.15+10" but in fact I used "Adoptium 11.0.16+8". I'm not
sure if that will have a significant impact on the build in terms of
reproducibility.
It will. The JARs that don't get processed by BND will have the Ant and
JRE version in the manifest.
Wish me luck...
Mark
Thanks,
-chris
On 8/8/22 18:15, Christopher Schultz wrote:
The proposed Apache Tomcat 8.5.82 release is now available for voting.
The notable changes compared to 8.5.81 are:
- Update the packaged version of the Tomcat Native Library to 1.2.35 to
pick up Windows binaries built with OpenSSL 1.1.1q.
- Enable the use of the FIPS provider for TLS enabled Connectors when
using Tomcat Native 1.2.34 onwards built with OpenSSL 3.0.x onwards.
- Improvements to HTTP/2 header handling.
- Fix CVE-2022-34305, a low severity XSS vulnerability in the
Form authentication example.
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.82/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1385
The tag is:
https://github.com/apache/tomcat/tree/8.5.82/
237076605ea6b44ec7b97ee1158d5aa7f2f0b53c
The proposed 8.5.82 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.82 (stable)
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
