[Bug 59138] checkThreadLocalMapForLeaks has false positives

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59138

Mark Thomas  changed:

   What|Removed |Added

 Resolution|INVALID |---
 Status|RESOLVED|REOPENED

--- Comment #5 from Mark Thomas  ---
I still had the memory dump so I was able to confirm that the key was strongly
reachable.

There were a number of GC roots listed of which one was the ThreadLocal map.
Digging into the GC roots found the problem. Somehow (and I haven't figured out
how to reproduce this yet) one of the profiler's classes was loaded by the
WebappClassLoader. That was pinning the class loader in memory hence the
ThreadLocal key was strongly held.

I'm as sure as I can be that this is what I was seeing previously. If I run the
test all the way through then attach the profiler (rather than attaching at the
start so I can monitor what is going on) then the key is not strongly held, the
garbage collector does it's job after which the class loader is released.

I am therefore re-opening this issue.

At first glance, the fix appears to be as simple as removing the class loader
check for the ThreadLocal key.

However, we have had issues reported where objects being retained after web
application stop until the next GC has been sufficient to cause problems. If
memory serves me correctly, those were all JDBC related. In this case, I don't
think that will be an issue. Currently, ThreadLocal issues are cleaned up by
renewing the thread pool and that won't change with the proposed change. All
that changes is that keys won't trigger the warning messages.

We could log issues with keys at debug level on the grounds that users might
find it useful. That will complicate the code though. I'm not sure that is
worth doing. I'll think about it over night and come back to this tomorrow.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58750] Provide way to disable Server header completely

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750

--- Comment #19 from Anthony J. Biacco  ---
Sorry, i don't REBUILD the jar, i just leave
org/apache/catalina/util/ServerInfo.properties there after modded as suggested
in the Valves section of
https://tomcat.apache.org/tomcat-8.0-doc/security-howto.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58750] Provide way to disable Server header completely

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750

--- Comment #18 from Anthony J. Biacco  ---
I usually just modify server.* org/apache/catalina/util/ServerInfo.properties
and rebuild catalina.jar.
Not exactly ideal, but fairly trivial for me at least to mask the info.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59123] The JNDIRealm does not close the NamingEnumeration

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59123

--- Comment #3 from Emmanuel L  ---
Sounds good to me. Thanks for the patch and sorry for having been lazy and not
have provided it...

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59138] checkThreadLocalMapForLeaks has false positives

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59138

--- Comment #4 from Mark Thomas  ---
Hmm. The profiler was showing the key as strongly reachable. That explains why
it wasn't collected but not why it was strongly reachable. Let me take another
look at the results.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-8-trunk

2016-03-07 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-8-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/494

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1733979
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59138] checkThreadLocalMapForLeaks has false positives

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59138

--- Comment #3 from Brett Kail  ---
Entries in ThreadLocalMap weakly reference the key, which is the ThreadLocal
subclass that is loaded by the application class loader.  Assuming there are no
other retained references to the application class loader, the JVM will clear
this weak reference at the next GC.  This is basically the same as a
WeakHashMap, and the javadoc there describes the same semantics: in order for
the entry to be cleared, you need to ensure the value does not refer to the
key.  Assuming the ThreadLocal subclass is held in a static variable (common
case), that means the value must not reference anything that
directly/indirectly references the application class loader.  In this case, the
value refers to the bootstrap class loader only, so the ThreadLocal entry does
not pin the application class loader.

I cannot reproduce a memory leak, but I can reproduce the false positive:

1.  Start an empty Tomcat instance (no webapps)
2.  Use jvisualvm, collect a heapdump, run the "select x from
org.apache.catalina.loader.WebappClassLoader x" OQL, and see "The query
returned no results" (baseline)
3.  Deploy a WAR that contains a servlet with a static ThreadLocal subclass,
and have the doGet method set the ThreadLocal to an integer.
5.  Use jvisualvm again, and see there is one class loader
6.  Ping the servlet so that the ThreadLocal is loaded
7.  Undeploy the WAR, and see the checkThreadLocalMapForLeaks message
8.  Use jvisualvm again, and see there are no class loaders

In this case, the message is a false positive.  The presence of the ThreadLocal
does not prevent the class loader from being garbage collected.  However, if I
change step #3 to set the ThreadLocal to the servlet instance itself, then I
see the class loaders accumulate as I repeat this process.

Are you able to reproduce these steps?  Can you provide more details on what
you did to create the memory leak?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59139] undeployOldVersions sorts alphabetically though version numbers are normally numeric in part

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59139

--- Comment #2 from Louis Burton  ---
Thanks for clarifying.
Apologies, I was looking at the documentation for 'undeployOldVersions' and
didn't see reference to this:
http://tomcat.apache.org/tomcat-8.0-doc/config/host.html

I see it explained explicitly here:
http://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Naming

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59125] Client disconnect causes java.lang.IllegalStateException when using WriteListener

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59125

--- Comment #6 from Jes Wulfsberg Nielsen  ---
Thanks for the clarifications; re-reading the fine print I see the point on
"complete" being called from an AsyncContext listener.

Shouldn't it then be a similar state error to call it using .whenCompleteAsync?
(Is Tomcat doing something lenient here?)

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59125] Client disconnect causes java.lang.IllegalStateException when using WriteListener

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59125

--- Comment #5 from Mark Thomas  ---
As in complete() is required (by the spec) to be called as part of the error
handling and if it isn't the container has to do it. See 2.3.3.3 of the servlet
spec and search for onError.

If you have further questions, the users@ mailing list is the place to ask.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1733979 - in /tomcat/tc8.0.x/trunk: ./ build.properties.default webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 20:52:55 2016
New Revision: 1733979

URL: http://svn.apache.org/viewvc?rev=1733979=rev
Log:
Update to Tomcat Native Library 1.2.5

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/build.properties.default
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 20:52:55 2016
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1733978 - in /tomcat/trunk: build.properties.default webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 20:51:19 2016
New Revision: 1733978

URL: http://svn.apache.org/viewvc?rev=1733978=rev
Log:
Update to Tomcat Native Library 1.2.5

Modified:
tomcat/trunk/build.properties.default
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1733978=1733977=1733978=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Mon Mar  7 20:51:19 2016
@@ -154,7 +154,7 @@ jdt.loc.1=http://archive.eclipse.org/ecl
 
jdt.loc.2=http://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
 
 # - Tomcat native library -
-tomcat-native.version=1.2.4
+tomcat-native.version=1.2.5
 tomcat-native.home=${base.path}/tomcat-native-${tomcat-native.version}
 tomcat-native.tar.gz=${tomcat-native.home}/tomcat-native.tar.gz
 
tomcat-native.loc.1=${base-tomcat.loc.1}/tomcat-connectors/native/${tomcat-native.version}/source/tomcat-native-${tomcat-native.version}-src.tar.gz

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733978=1733977=1733978=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Mar  7 20:51:19 2016
@@ -253,6 +253,11 @@
 contents of any directories that have been symlinked into the Tomcat
 directory structure. (markt)
   
+  
+Update the packaged version of the Tomcat Native Library to 1.2.5 to
+pick up the Windows binaries that are based on OpenSSL 1.0.2g and APR
+1.5.1. (markt)
+  
 
   
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r12678 - /dev/tomcat/tomcat-connectors/native/1.2.5/ /release/tomcat/tomcat-connectors/native/1.2.5/

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 20:48:37 2016
New Revision: 12678

Log:
Release Tomcat Native 1.2.5

Added:
release/tomcat/tomcat-connectors/native/1.2.5/
  - copied from r12592, dev/tomcat/tomcat-connectors/native/1.2.5/
Removed:
dev/tomcat/tomcat-connectors/native/1.2.5/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59125] Client disconnect causes java.lang.IllegalStateException when using WriteListener

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59125

--- Comment #4 from Jes Wulfsberg Nielsen  ---
As in, "complete" is not a "release resources", and you don't need to do it in
case of errors?
That runs counter to all examples I've seen of async servlets, where the
"complete" is specifically outside any try-catch around the read/write.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat Native 1.2.5

2016-03-07 Thread Mark Thomas 
The following votes were cast:

Binding:
+1: markt, rjung, violetagg

No other votes were cast.

This vote therefore passes.

Thanks to everyone who tested and voted.

I'll start the release now with a view to announcing tomorrow.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59139] undeployOldVersions sorts alphabetically though version numbers are normally numeric in part

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59139

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #1 from Mark Thomas  ---
This is working as designed. The documentation for parallel deployment makes
clear that versions are ordered using Strign ordering and that zero padding
should be used if using a purely numerical scheme.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59139] New: undeployOldVersions sorts alphabetically though version numbers are normally numeric in part

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59139

Bug ID: 59139
   Summary: undeployOldVersions sorts alphabetically though
version numbers are normally numeric in part
   Product: Tomcat 8
   Version: trunk
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: louis.bur...@gmail.com

The following function is supposed to identify old applications deployed using
parallel deployment:
org.apache.catalina.startup.HostConfig#checkUndeploy

The application names are qualified with a '##' and a version identifier. This
would often be expected to be numeric. However, comparison is done using a
TreeSet:

// Need ordered set of names
SortedSet sortedAppNames = new TreeSet<>();

This will result in alphabet ordering. 'myApp##9' will be considered newer than
'myApp##10'. This does not seem sensible or intuitive to me.

This can be worked around by ensuring zero padding or otherwise guaranteeing
lexicographical ordering.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59139] undeployOldVersions sorts alphabetically though version numbers are normally numeric in part

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59139

Louis Burton  changed:

   What|Removed |Added

 CC||louis.bur...@gmail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59138] checkThreadLocalMapForLeaks has false positives

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59138

--- Comment #2 from Mark Thomas  ---
And for the record while I was 99% sure just from reading the description what
the problem was I did go to the trouble of building a simple test case and
confirming the memory leak with a profiler.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59138] checkThreadLocalMapForLeaks has false positives

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59138

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 OS||All
 Resolution|--- |INVALID

--- Comment #1 from Mark Thomas  ---
The situation described is a memory leak.

The problem is not the value but the anonymous class. It is loaded by the web
application class loader. That pins the web application class loader in memory
creating the memory leak.

The Tomcat code has been carefully written to avoid false positives. Tomcat
checks the implementing class of the key and the value and if either of them
have been loaded by the web application class loader then there is a memory
leak and it will be reported. 

The current code errs on the side of false negatives. It is possible to
construct a memory leak that this code won't spot but, given how the code is
written, a false positive could only occur as a result of a bug. There has been
no such bug reported in the previous 5+ years that this code has been in place
in this form (I could have gone back further but 5 years seem long enough to
make my point).

If you see a warning, it is extremely likely that you have a memory leak.

If a 3rd-party library believes Tomcat is falsely reporting a false positive
for a ThreadLocal that that library creates and it has been checked with a
profiler that the implementing classes for both the key and the value have not
been loaded by the web application class loader (or a child class loader) then
I'll happily take a look and fix any bug. But experience tells me that it is
far more likely that the library does have a memory leak.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58750] Provide way to disable Server header completely

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58750

Michael Osipov <1983-01...@gmx.net> changed:

   What|Removed |Added

 CC||1983-01...@gmx.net

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1733968 - /tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 19:56:37 2016
New Revision: 1733968

URL: http://svn.apache.org/viewvc?rev=1733968=rev
Log:
ws police

Modified:
tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1733968=1733967=1733968=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Mon Mar  7 
19:56:37 2016
@@ -1697,10 +1697,10 @@ public class JNDIRealm extends RealmBase
 else
 return null;
 }
-
+
 // Get result for the first entry found
 SearchResult result = results.next();
-
+
 // Check no further entries were found
 try {
 if (results.hasMore()) {
@@ -1712,32 +1712,32 @@ public class JNDIRealm extends RealmBase
 if (!adCompat)
 throw ex;
 }
-
+
 String dn = getDistinguishedName(context, userBase, result);
-
+
 if (containerLog.isTraceEnabled())
 containerLog.trace("  entry found for " + username + " with dn 
" + dn);
-
+
 // Get the entry's attributes
 Attributes attrs = result.getAttributes();
 if (attrs == null)
 return null;
-
+
 // Retrieve value of userPassword
 String password = null;
 if (userPassword != null)
 password = getAttributeValue(userPassword, attrs);
-
+
 String userRoleAttrValue = null;
 if (userRoleAttribute != null) {
 userRoleAttrValue = getAttributeValue(userRoleAttribute, 
attrs);
 }
-
+
 // Retrieve values of userRoleName attribute
 ArrayList roles = null;
 if (userRoleName != null)
 roles = addAttributeValues(userRoleName, attrs, roles);
-
+
 return new User(username, dn, password, roles, userRoleAttrValue);
 } finally {
 if (results != null) {



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot exception in on tomcat-8-trunk

2016-03-07 Thread buildbot 
The Buildbot has detected a build exception on builder tomcat-8-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/493

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1733964
Blamelist: markt

BUILD FAILED: exception upload_2

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59134] Secure websocket connection through a proxy is not ok

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59134

--- Comment #3 from Mark Thomas  ---
Thanks for the report. This has been fixed in 9.0.x for 9.0.0.M4 onwards, 8.0.x
for 8.0.33 onwards and 7.0.x for 7.0.69 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1733965 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/websocket/WsWebSocketContainer.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 19:42:49 2016
New Revision: 1733965

URL: http://svn.apache.org/viewvc?rev=1733965=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59134
Correct client connect logic for secure connections made through a proxy.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 19:42:49 2016
@@ -1,2 +1,2 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702
 
744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1726173,1
 
726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941

[Bug 59134] Secure websocket connection through a proxy is not ok

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59134

Mark Thomas  changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1733964 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/websocket/WsWebSocketContainer.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 19:42:18 2016
New Revision: 1733964

URL: http://svn.apache.org/viewvc?rev=1733964=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59134
Correct client connect logic for secure connections made through a proxy.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 19:42:18 2016
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1733963 - in /tomcat/trunk: java/org/apache/tomcat/websocket/WsWebSocketContainer.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 19:41:36 2016
New Revision: 1733963

URL: http://svn.apache.org/viewvc?rev=1733963=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59134
Correct client connect logic for secure connections made through a proxy.

Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java?rev=1733963=1733962=1733963=diff
==
--- tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java Mon 
Mar  7 19:41:36 2016
@@ -202,6 +202,7 @@ public class WsWebSocketContainer implem
 proxyPath = URI.create("http" + path.toString().substring(2));
 } else if ("wss".equalsIgnoreCase(scheme)) {
 proxyPath = URI.create("https" + path.toString().substring(3));
+secure = true;
 } else {
 throw new DeploymentException(sm.getString(
 "wsWebSocketContainer.pathWrongScheme", scheme));
@@ -243,12 +244,8 @@ public class WsWebSocketContainer implem
 } else {
 // Must be wss due to scheme validation above
 sa = new InetSocketAddress(host, 443);
-secure = true;
 }
 } else {
-if ("wss".equalsIgnoreCase(scheme)) {
-secure = true;
-}
 sa = new InetSocketAddress(host, port);
 }
 } else {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733963=1733962=1733963=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Mar  7 19:41:36 2016
@@ -216,6 +216,10 @@
 59119: Correct read logic for WebSocket client when using
 secure connections. (markt)
   
+  
+59134: Correct client connect logic for secure connections
+made through a proxy. (markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tomcat Configuration Hardening

2016-03-07 Thread Rémy Maucherat 
2016-03-07 17:52 GMT+01:00 Mark Thomas :

> On 05/03/2016 18:36, Mark Thomas wrote:
> > On 05/03/2016 17:08, Christopher Schultz wrote:
> >
> >>> First of all we could add the remote address valve and limit access to
> >>> localhost by default. That will limit some remote attacks but possibly
> >>> not all depending on reverse proxy configurations
> >>
> >> I was thinking about this as well. It would definitely make a stock
> >> Tomcat more secure.
> >>
> >>> I'd also be in favour of hard-coding a check into the MemoryRealm and
> >>> the MemoryUserDatabase that rejects [1] any of those three users if
> they
> >>> have the default password and anything other than the roles defined in
> >>> the comments.
> >>
> >> Why not ignore the roles and just refuse to use "tomcat" as passwords?
> >> Then, of course, we'll have millions of servers running with "tomcat1"
> >> as the password. :(
> >
> > Indeed. Having thought about this some more, I'm going off this idea.
> >
> > I still quite like my original idea which was:
> > "Fire the idiot that did this."
> >
> >> If we completely remove the "password" attribute, I believe the code
> >> will currently reject all logins. That would force admins to make-up
> >> their own, since there would be no default.
> >
> > That is my reading of the code as well but we should double check that
> > is what actually happens.
>
> I started to work on this. If we remove the password attribute entirely
> we'll need to add something to the file that explains how to add it
> back. That probably needs an example which brings us right back to the
> copy/paste problem.
>
> I think I have a better idea. If we change it to something that will
> break if simply uncommented then that solves the problem without making
> it too much harder for inexperienced users. Something like:
>
> password=""
>
> Now they could just edit this to remove '<' and '>' but at that point
> they really do deserve to be fired.
>

Great trick actually.

>
> The comments above could also make clear that the passwords need to be
> set if that block is uncommented.
>
> WDYT?
>
> Rémy

[Bug 59138] New: checkThreadLocalMapForLeaks has false positives

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59138

Bug ID: 59138
   Summary: checkThreadLocalMapForLeaks has false positives
   Product: Tomcat 7
   Version: unspecified
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: bjk...@gmail.com

ThreadLocal$ThreadLocalMap weakly references keys but strongly references
values.  However, it appears the checkThreadLocalMapForLeaks checking reports
false positives if the key is a ThreadLocal subclass (e.g., anonymous class)
but the value does not strongly reference the class loader (e.g., Integer,
int[], List, etc.).  Example output:

07-Mar-2016 11:27:08.258 SEVERE [localhost-startStop-2]
org.apache.catalina.loader.WebappClassLoaderBase.checkThreadLocalMapForLeaks
The web application [servlettest-0.1] created a ThreadLocal with key of type
[servlettest.TestServlet$1] (value [servlettest.TestServlet$1@40d92399]) and a
value of type [java.lang.Integer] (value [1]) but failed to remove it when the
web application was stopped. Threads are going to be renewed over time to try
and avoid a probable memory leak.

For large web applications with many such false positives, this output makes
tracking down (or even noticing new) real issues more difficult.  Third party
libraries refuse to adjust their use of ThreadLocal because they believe (IMO
rightly) their code is not causing leaks.  I have read bug 50175 comment 6, but
given that the current heuristic has false positives, can some compromise be
reached?  Perhaps some configuration for stifling the warning on a per key
class name basis could be added?  It would even be acceptable for us if that
configuration hid the per-instance message but issued a single overall
"suppressing N ThreadLocal warnings based on config" info/warning message.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59134] Secure websocket connection through a proxy is not ok

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59134

Mark Thomas  changed:

   What|Removed |Added

 Resolution|INVALID |---
 Status|RESOLVED|REOPENED

--- Comment #2 from Mark Thomas  ---
The original report looks valid. secure is never set when using a proxy

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59125] Client disconnect causes java.lang.IllegalStateException when using WriteListener

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59125

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID
 OS||All

--- Comment #3 from Mark Thomas  ---
The Servlet spec requires Tomcat (or the application) to call
AsyncContext.complete() during the error handling.

In the provided sample code, AsyncContext.complete() is always called even
after an error. For correct operation it needs to only call complete when
called via complete() but not when called via completeExceptionally()

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59134] Secure websocket connection through a proxy is not ok

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59134

Christopher Schultz  changed:

   What|Removed |Added

 OS||All
 Resolution|--- |INVALID
 Status|NEW |RESOLVED

--- Comment #1 from Christopher Schultz  ---
Sounds like your (reverse?) proxy is switching from HTTPS top HTTP internally.
Bugzilla is not a support forum. Please post a message to the users list with
questions, and only reopen this issue if there is a bug discovered in Tomcat.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57130] Allow digest.sh to accept password from a file or from stdin

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=57130

--- Comment #4 from Coty Sutherland  ---
Hmm, lack of experience in the area I suppose...I thought I did a pretty
literal implementation of the requirements from the description (specifically
the first point). I could rewrite it if you would like me to if you can
elaborate on where my misunderstanding was.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59125] Client disconnect causes java.lang.IllegalStateException when using WriteListener

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59125

Mark Thomas  changed:

   What|Removed |Added

  Attachment #33626|1   |0
   is patch||

--- Comment #2 from Mark Thomas  ---
Comment on attachment 33626
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=33626
Servlet using WriteListener and CompletionStage

Whoops. Test case, not patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59125] Client disconnect causes java.lang.IllegalStateException when using WriteListener

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59125

Mark Thomas  changed:

   What|Removed |Added

  Attachment #33626|text/x-java |text/plain
  mime type||
  Attachment #33626|0   |1
   is patch||

--- Comment #1 from Mark Thomas  ---
Comment on attachment 33626
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=33626
Servlet using WriteListener and CompletionStage

Make the patch accessible in the BZ UI

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tomcat Configuration Hardening

2016-03-07 Thread Mark Thomas 
On 05/03/2016 18:36, Mark Thomas wrote:
> On 05/03/2016 17:08, Christopher Schultz wrote:
> 
>>> First of all we could add the remote address valve and limit access to
>>> localhost by default. That will limit some remote attacks but possibly
>>> not all depending on reverse proxy configurations
>>
>> I was thinking about this as well. It would definitely make a stock
>> Tomcat more secure.
>>
>>> I'd also be in favour of hard-coding a check into the MemoryRealm and
>>> the MemoryUserDatabase that rejects [1] any of those three users if they
>>> have the default password and anything other than the roles defined in
>>> the comments.
>>
>> Why not ignore the roles and just refuse to use "tomcat" as passwords?
>> Then, of course, we'll have millions of servers running with "tomcat1"
>> as the password. :(
> 
> Indeed. Having thought about this some more, I'm going off this idea.
> 
> I still quite like my original idea which was:
> "Fire the idiot that did this."
> 
>> If we completely remove the "password" attribute, I believe the code
>> will currently reject all logins. That would force admins to make-up
>> their own, since there would be no default.
> 
> That is my reading of the code as well but we should double check that
> is what actually happens.

I started to work on this. If we remove the password attribute entirely
we'll need to add something to the file that explains how to add it
back. That probably needs an example which brings us right back to the
copy/paste problem.

I think I have a better idea. If we change it to something that will
break if simply uncommented then that solves the problem without making
it too much harder for inexperienced users. Something like:

password=""

Now they could just edit this to remove '<' and '>' but at that point
they really do deserve to be fired.

The comments above could also make clear that the passwords need to be
set if that block is uncommented.

WDYT?

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59123] The JNDIRealm does not close the NamingEnumeration

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59123

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #2 from Mark Thomas  ---
Thanks for the report.

I've applied Felix's patch to 9.0.x (for 9.0.0.M4 onwards), 8.0.x (for 8.0.33
onwards) and 7.0.x (for 7.0.69 onwards). It has also been back-ported to 6.0.x
for 6.0.46 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1733944 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 16:36:16 2016
New Revision: 1733944

URL: http://svn.apache.org/viewvc?rev=1733944=rev
Log:
Correct changelog

Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1733944=1733943=1733944=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Mar  7 16:36:16 2016
@@ -52,7 +52,7 @@
 Manager.setMaxInactiveInterval() method. (markt)
   
   
-Correct a regression introduced in 7.0.68 where the deprecated
+Correct a regression introduced in 6.0.45 where the deprecated
 Manager.getMaxInactiveInterval() method returned the
 current default session timeout in minutes rather than seconds. (markt)
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1733943 - in /tomcat/tc6.0.x/trunk: ./ java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 16:35:51 2016
New Revision: 1733943

URL: http://svn.apache.org/viewvc?rev=1733943=rev
Log:
Close NamingEnumeration objects used by the JNDIRealm once they are no longer 
required.

Modified:
tomcat/tc6.0.x/trunk/   (props changed)
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc6.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 16:35:51 2016
@@ -1,3 +1,3 @@
-/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989
 
,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675
-/tomcat/tc8.0.x/trunk:1637685,1637709,1640674,1641726,1641729-1641730,1643513,1643539,1643571,1643581-1643582,1644018,1648816,1656300,1658801-1658803,1658811,1659522,1663997,1664175,1665086,1666967,1666988,1668634,1669801,1676556,1681182,1681840,1681864,1685827,1689921,1693108,1694291,1694427,1694873,1696379,1701944,1710347,1712618,1712655,1713872,1713998,1714004,1714538,1715207,1716216-1716217,1716414,1717208-1717209,1720235,1720396,1720442,1720463,1721813,1721882,1722800,1723130,1724434,1724674,1724792,1724803,1725929,1725963-1725965,1725970,1725974,1726172,1726175,1726179-1726182,1726195-1726198,1726200,1726203,1726226,1726576,1726630,1727029,1727037,1727671,1727900,1728449,1729362,1731009,1731955,1731977,1732360,1732672
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,656018,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770
 
809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,890139,890265

svn commit: r1733942 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 16:29:52 2016
New Revision: 1733942

URL: http://svn.apache.org/viewvc?rev=1733942=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59123
Close NamingEnumeration objects used by the JNDIRealm once they are no longer 
required.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 16:29:52 2016
@@ -1,2 +1,2 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702
 
744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1726173,1
 
726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915

svn commit: r1733941 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 16:29:15 2016
New Revision: 1733941

URL: http://svn.apache.org/viewvc?rev=1733941=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59123
Close NamingEnumeration objects used by the JNDIRealm once they are no longer 
required.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 16:29:15 2016
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1733940 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 16:28:09 2016
New Revision: 1733940

URL: http://svn.apache.org/viewvc?rev=1733940=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59123
Close NamingEnumeration objects used by the JNDIRealm once they are no longer 
required.

Modified:
tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1733940=1733939=1733940=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Mon Mar  7 
16:28:09 2016
@@ -1685,60 +1685,65 @@ public class JNDIRealm extends RealmBase
 NamingEnumeration results =
 context.search(userBase, filter, constraints);
 
-
-// Fail if no entries found
 try {
-if (results == null || !results.hasMore()) {
-return null;
-}
-} catch (PartialResultException ex) {
-if (!adCompat)
-throw ex;
-else
-return null;
-}
-
-// Get result for the first entry found
-SearchResult result = results.next();
-
-// Check no further entries were found
-try {
-if (results.hasMore()) {
-if(containerLog.isInfoEnabled())
-containerLog.info("username " + username + " has multiple 
entries");
+// Fail if no entries found
+try {
+if (results == null || !results.hasMore()) {
+return null;
+}
+} catch (PartialResultException ex) {
+if (!adCompat)
+throw ex;
+else
+return null;
+}
+
+// Get result for the first entry found
+SearchResult result = results.next();
+
+// Check no further entries were found
+try {
+if (results.hasMore()) {
+if(containerLog.isInfoEnabled())
+containerLog.info("username " + username + " has 
multiple entries");
+return null;
+}
+} catch (PartialResultException ex) {
+if (!adCompat)
+throw ex;
+}
+
+String dn = getDistinguishedName(context, userBase, result);
+
+if (containerLog.isTraceEnabled())
+containerLog.trace("  entry found for " + username + " with dn 
" + dn);
+
+// Get the entry's attributes
+Attributes attrs = result.getAttributes();
+if (attrs == null)
 return null;
+
+// Retrieve value of userPassword
+String password = null;
+if (userPassword != null)
+password = getAttributeValue(userPassword, attrs);
+
+String userRoleAttrValue = null;
+if (userRoleAttribute != null) {
+userRoleAttrValue = getAttributeValue(userRoleAttribute, 
attrs);
+}
+
+// Retrieve values of userRoleName attribute
+ArrayList roles = null;
+if (userRoleName != null)
+roles = addAttributeValues(userRoleName, attrs, roles);
+
+return new User(username, dn, password, roles, userRoleAttrValue);
+} finally {
+if (results != null) {
+results.close();
 }
-} catch (PartialResultException ex) {
-if (!adCompat)
-throw ex;
 }
-
-String dn = getDistinguishedName(context, userBase, result);
-
-if (containerLog.isTraceEnabled())
-containerLog.trace("  entry found for " + username + " with dn " + 
dn);
-
-// Get the entry's attributes
-Attributes attrs = result.getAttributes();
-if (attrs == null)
-return null;
-
-// Retrieve value of userPassword
-String password = null;
-if (userPassword != null)
-password = getAttributeValue(userPassword, attrs);
-
-String userRoleAttrValue = null;
-if (userRoleAttribute != null) {
-userRoleAttrValue = getAttributeValue(userRoleAttribute, attrs);
-}
-
-// Retrieve values of userRoleName attribute
-ArrayList roles = null;
-if (userRoleName != null)
-roles = addAttributeValues(userRoleName, attrs, roles);
-
-return new User(username, dn, password, roles, userRoleAttrValue);
 }
 
 
@@ -2003,6 +2008,8 @@ public class JNDIRealm extends RealmBase
 } catch (PartialResultException ex) {
 if (!adCompat)

[GUMP@vmgump]: Project tomcat-tc7.0.x-test-apr (in module tomcat-7.0.x) failed

2016-03-07 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc7.0.x-test-apr has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc7.0.x-test-apr :  Tomcat 7.x, a web server implementing Java 
Servlet 3.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-7.0.x/tomcat-tc7.0.x-test-apr/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp-src.jar.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp.home.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/logs-APR
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/test-tmp-APR/logs



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-7.0.x/tomcat-tc7.0.x-test-apr/gump_work/build_tomcat-7.0.x_tomcat-tc7.0.x-test-apr.html
Work Name: build_tomcat-7.0.x_tomcat-tc7.0.x-test-apr (Type: Build)
Work ended in a state of : Failed
Elapsed: 54 mins 22 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-build-libs 
-Dcommons-pool.home=/srv/gump/public/workspace/commons-pool-1.x 
-Dtest.temp=output/test-tmp-APR 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.3-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20160307.jar
 
-Dtomcat-dbcp-src.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-src.jar
 -Dtomcat-dbcp.home=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps 
-Dtest.excludePerformance=true 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcommons-dbcp.home=/srv/gump/public/workspace/commons-dbcp-1.x 
-Dexecute.test.apr=true -Dexec
 ute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dtest.reports=output/logs-APR 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20160307/lib 
-Dexecute.test.nio=false -Dtest.accesslog=true 
-Dtomcat-dbcp.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-20160307.jar
 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-7.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-7.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-7.0.x/output

[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59122

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|NEW |RESOLVED
 OS||All

--- Comment #1 from Mark Thomas  ---
There is insufficient evidence in this report of a bug in Tomcat. The most
likely explanation is an application bug.

The Tomcat 7 version being used is quite old. I don't recall any session
handling issues but it is worth testing to see if an upgrade resolves the
issue.

There are only things that can trigger a Set-Cookie header. The first is
creation of a new session and the second is the session ID change on
authentication.

Given that the original session expires 30 mins after the new session is
created this isn't a session ID change due to authentication. Therefore, a new
session is being created because the previous session cannot be found.

The Set-Cookie="-" looks very strange.

You'll need to do some more investigation with the application to figure out
what is going wrong. You might want to consider logging the HTTP requets
headers and the stack trace for the session creation. If you need help with
investigating your application, the users@ mailing list is the place to ask,
not Bugzilla.

If the discussion on users@ identifies a Tomcat bug then please feel free to
re-open this issue and provide the details.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59092] Shutdown of ISAPI filter leads to infinite wait and hangs whole IIS

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59092

--- Comment #2 from Matthew Reiter  ---
This is the same defect as https://bz.apache.org/bugzilla/show_bug.cgi?id=58813
(Incoming requests hang after a website using the ISAPI connector is
restarted).

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59120] The protocol "TLS" has different interpretation in different JRE, better use "SSL"

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59120

--- Comment #3 from Jack  ---
When you say "it behaves the same way as Oracle", did you mean the
communication used the same TLS version? From my test (by setting
-Djavax.net.debug=ssl) Oracle uses TLS v1.2, and IBM uses TLS v1.0.

I think it's probably better to use SSLContext.getDefault() as you suggested in
Comment #1 as THE DEFAULT, and then allow people to use
org.apache.tomcat.websocket.SSL_PROTOCOLS to override. That way people can also
use common JDK options like -Djdk.tls.client.protocols [1] to override.


[1]
https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: tcnative NMAKEmakefiles updates for APR 1.5.2

2016-03-07 Thread Mark Thomas 
On 06/03/2016 21:20, Rainer Jung wrote:
> Am 06.03.2016 um 19:49 schrieb Rainer Jung:
>> I updated the tcnative NMAKEmakefiles and the provided openssl patch for
>> building with APR 1.5.2 and OpenSSL 1.0.2g.
>>
>> Can others please see, whether it still works for them? I did run a
>> build myself, but there are many possible variations of parameters
>> influencing the build, so it would be better if others can have a look
>> before the next release.
>>
>> I did not yet test the resulting tcnative using the Tomcat test suite.
> 
> Tests on Windows using TC trunk ran without failure (well except NIO2
> TestHttp11InputBuffer).

Built locally and tests passed for APR/native with trunk. Thanks for
fixing our build script for APR.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump]: Project tomcat-trunk-test-apr (in module tomcat-trunk) failed

2016-03-07 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-test-apr has an issue affecting its community integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-test-apr :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/logs-APR
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs]



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/gump_work/build_tomcat-trunk_tomcat-trunk-test-apr.html
Work Name: build_tomcat-trunk_tomcat-trunk-test-apr (Type: Build)
Work ended in a state of : Failed
Elapsed: 42 mins 52 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.3-SNAPSHOT.jar
 -Dtest.reports=output/logs-APR 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dexamples.sources.skip=true 
-Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-trunk/dest-20160307/lib 
-Dtest.relaxTiming=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20160307.jar
 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-nat
 ive-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true 
-Dexecute.test.nio=false 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20160307/bin/openssl
 -Dexecute.test.apr=true -Dtest.excludePerformance=true 
-Dexecute.test.nio2=false 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina

[Bug 59120] The protocol "TLS" has different interpretation in different JRE, better use "SSL"

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59120

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #2 from Mark Thomas  ---
OK, that isn't going to work.

I've done some testing with Oracle's JVM and the protocol used only determines
the protocols enabled by default. All protocols remain supported and may be
selected via org.apache.tomcat.websocket.SSL_PROTOCOLS.

I tried to test a current IBM JVM but downloads require a registration and the
registration is broken. I then tried to downlaod without registration and the
IBM download director hangs.

I managed to dig out an oldish IBM Java 8 install for Linux and a quick test
shows that it behaves the same way as Oracle.

There is no Tomcat issue here. Defaults will vary with platforms. You need to
use org.apache.tomcat.websocket.SSL_PROTOCOL to configure the protocols you
actually want to use.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump]: Project tomcat-trunk-test-nio2 (in module tomcat-trunk) failed

2016-03-07 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-test-nio2 has an issue affecting its community integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-test-nio2 :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio2/gump_work/build_tomcat-trunk_tomcat-trunk-test-nio2.html
Work Name: build_tomcat-trunk_tomcat-trunk-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 46 mins 3 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.3-SNAPSHOT.jar
 -Dtest.reports=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dexamples.sources.skip=true 
-Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20160307.jar
 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dtest.temp=output/test-tmp-NIO2 -Dtest.accesslog=true -Dexecute
 .test.nio=false 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20160307/bin/openssl
 -Dexecute.test.apr=false -Dtest.excludePerformance=true 
-Dexecute.test.nio2=true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina

[Bug 59120] The protocol "TLS" has different interpretation in different JRE, better use "SSL"

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59120

--- Comment #1 from Mark Thomas  ---
The documentation you quote is not consistent with the claims you make
regarding SSL being more general.

Part of the problem is that this code has to work across multiple Java versions
and multiple vendors and the respective behaviours are not always identical.

There is always the option to provide your own, pre-configured SSLContext.

Typically, I'd expect this value to not matter and the value obtained from
org.apache.tomcat.websocket.SSL_PROTOCOLS to be much more important.

One of the reasons for allowing a custom SSLContext was to avoid the
mushrooming of TLS ocnfiguration options.

I'm going to change this code to use SSLContext.getDefault() as that should
return a good, secure choice on any OS / Vendor / Java version combination.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59119] Improper forced reading causing client read timeout

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59119

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #2 from Mark Thomas  ---
Thanks for the report.

This has been fixed in 9.0.x for 9.0.0.M4 onwards, 8.0.x for 8.0.33 onwards and
7.0.x for 7.0.69 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1733916 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 12:33:06 2016
New Revision: 1733916

URL: http://svn.apache.org/viewvc?rev=1733916=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59119
Correct read logic

Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 12:33:06 2016
@@ -1,2 +1,2 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702
 
744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1726173,1
 
726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764
-/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114

svn commit: r1733915 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 12:31:19 2016
New Revision: 1733915

URL: http://svn.apache.org/viewvc?rev=1733915=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59119
Correct read logic

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar  7 12:31:19 2016
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1733914 - in /tomcat/trunk: java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java webapps/docs/changelog.xml

2016-03-07 Thread markt 
Author: markt
Date: Mon Mar  7 12:29:36 2016
New Revision: 1733914

URL: http://svn.apache.org/viewvc?rev=1733914=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59119
Correct read logic

Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java?rev=1733914=1733913=1733914=diff
==
--- 
tomcat/trunk/java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java 
(original)
+++ 
tomcat/trunk/java/org/apache/tomcat/websocket/AsyncChannelWrapperSecure.java 
Mon Mar  7 12:29:36 2016
@@ -263,8 +263,8 @@ public class AsyncChannelWrapperSecure i
 socketReadBuffer.compact();
 
 if (forceRead) {
-Future f =
-socketChannel.read(socketReadBuffer);
+forceRead = false;
+Future f = 
socketChannel.read(socketReadBuffer);
 Integer socketRead = f.get();
 if (socketRead.intValue() == -1) {
 throw new EOFException(sm.getString(

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733914=1733913=1733914=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Mar  7 12:29:36 2016
@@ -207,6 +207,10 @@
 Correctly handle compression of partial messages when the final message
 fragment has a zero length payload. (markt)
   
+  
+59119: Correct read logic for WebSocket client when using
+secure connections. (markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump]: Project tomcat-trunk-test-nio (in module tomcat-trunk) failed

2016-03-07 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-test-nio has an issue affecting its community integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-test-nio :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/logs-NIO
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO/logs]



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio/gump_work/build_tomcat-trunk_tomcat-trunk-test-nio.html
Work Name: build_tomcat-trunk_tomcat-trunk-test-nio (Type: Build)
Work ended in a state of : Failed
Elapsed: 46 mins 41 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.3-SNAPSHOT.jar
 -Dtest.reports=output/logs-NIO 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dexamples.sources.skip=true 
-Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20160307.jar
 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dtest.temp=output/test-tmp-NIO -Dtest.accesslog=true -Dexecute.t
 est.nio=true 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20160307/bin/openssl
 -Dexecute.test.apr=false -Dtest.excludePerformance=true 
-Dexecute.test.nio2=false 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv

Re: [VOTE] Release Apache Tomcat Native 1.2.5

2016-03-07 Thread Violeta Georgieva 
Hi,

2016-03-02 15:43 GMT+02:00 Mark Thomas :
>
> Version 1.2.4 includes the following changes:
>
> - Report runtime rather than compile time version for OpenSSL
> - Fixes to allow continued building with master
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.5 is
>  [X] Stable, go ahead and release
>  [ ] Broken because of ...
>

+1

Regards,
Violeta

> Thanks,
>
> Mark
>
>
> [1]
>
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.5/
> [2]
https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_NATIVE_1_2_5
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

[GUMP@vmgump]: Project tomcat-tc8.0.x-test-apr (in module tomcat-8.0.x) failed

2016-03-07 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-test-apr has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Timed Out'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-test-apr :  Tomcat 8.x, a web server implementing the Java 
Servlet 3.1,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build timed out
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/logs-APR
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-APR/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-APR/logs]



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-test-apr/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-apr (Type: Build)
Work ended in a state of : Failed
Elapsed: 1 hour 2 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.3-SNAPSHOT.jar
 -Dtest.reports=output/logs-APR 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dexamples.sources.skip=true 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native/dest-20160307/lib 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20160307.jar
 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20160307-native-src.tar.gz
 -Dtest.temp=out
 put/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20160307/bin/openssl
 -Dexecute.test.bio=false -Dexecute.test.apr=true 
-Dtest.excludePerformance=true -Dexecute.test.nio2=false 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib

Re: svn commit: r1733827 - /tomcat/native/trunk/native/srclib/openssl/openssl-msvcrt.patch

2016-03-07 Thread Mark Thomas 
On 07/03/2016 08:54, Rainer Jung wrote:
> Am 07.03.2016 um 08:27 schrieb Mark Thomas:
>> On 06/03/2016 18:46, rj...@apache.org wrote:
>>> Author: rjung
>>> Date: Sun Mar  6 18:46:46 2016
>>> New Revision: 1733827
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1733827=rev
>>> Log:
>>> Update OpenSSL patch for OpenSSL 1.0.2g.
>>
>> Why was this necessary? I built 1.2.5 with 1.0.2g on Windows without
>> this patch.



> Or was your question, why the update for the patch was needed? I got a
> reject file for the original patch.

That was my question. I didn't read the diff closely enough. I thought
you were changing what the patch did, not updating it for 1.0.2g.

I'm in the middle of building with APR 1.5.2 and OpenSSL 1.0.2g. I'll
post the results as soon as I have them.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat Native 1.2.5

2016-03-07 Thread Mark Thomas 
On 02/03/2016 13:43, Mark Thomas wrote:
> Version 1.2.4 includes the following changes:
> 
> - Report runtime rather than compile time version for OpenSSL
> - Fixes to allow continued building with master
> 
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
> 
> The Apache Tomcat Native 1.2.5 is
>  [ ] Stable, go ahead and release
>  [ ] Broken because of ...

Ping.

We have 2 PMC +1 votes for this but we need a third to get this release
out of the door.

Thanks,

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1733827 - /tomcat/native/trunk/native/srclib/openssl/openssl-msvcrt.patch

2016-03-07 Thread Rainer Jung 

Am 07.03.2016 um 08:27 schrieb Mark Thomas:

On 06/03/2016 18:46, rj...@apache.org wrote:

Author: rjung
Date: Sun Mar  6 18:46:46 2016
New Revision: 1733827

URL: http://svn.apache.org/viewvc?rev=1733827=rev
Log:
Update OpenSSL patch for OpenSSL 1.0.2g.


Why was this necessary? I built 1.2.5 with 1.0.2g on Windows without
this patch.


The srclib/BUILDING file contains:

"Apply openssl-msvcrt.patch

This patch makes sure that static version of OpenSSL libraries
is linked to msvcrt.dll instead statically linking msvcrt.
Without that patch it won't be possible to create statically linked
Tomcat native .dll"

And I followed this procedure.

The patch seems to cover two areas:

- making sure to link in the MSVC runtime library dynamically
  (see https://msdn.microsoft.com/de-de/library/2kzt1wy3.aspx)
  I didn't check, whether the above reasoning for a need of this is 
correct.


- allowing to add further dependency libs via "EXTRA_LIBS"

I will retry with the patch to check the differences. IMHO I didn't use 
any EXTRA_LIBS.


Or was your question, why the update for the patch was needed? I got a 
reject file for the original patch.


Regards,

Rainer

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59134] New: Secure websocket connection through a proxy is not ok

2016-03-07 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59134

Bug ID: 59134
   Summary: Secure websocket connection through a proxy is not ok
   Product: Tomcat 8
   Version: trunk
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: WebSocket
  Assignee: dev@tomcat.apache.org
  Reporter: zra...@gmail.com

I have been trying to open a wss connection through a http proxy, and I always
got the following exception:
  ...
  Caused by: javax.websocket.DeploymentException: The HTTP request to initiate
the WebSocket connection failed
  ...
  Caused by: java.io.EOFException: null
  ...

Looking at network traffic shows that the proxy connect request is sent, proxy
connection is established and then a plain GET request is sent instead of the
SSL handshake.

Debugging in the WsWebSocketContainer::connectToServer() shows that there is a
secure flag, to indicate whether an SSL connection is needed, but it never gets
true when the connection is through a proxy.


http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java

public Session connectToServer(Endpoint endpoint,
ClientEndpointConfig clientEndpointConfiguration, URI path)
throws DeploymentException
...
boolean secure = false

...

if (sa == null) {
if (port == -1) {
if ("ws".equalsIgnoreCase(scheme)) {
sa = new InetSocketAddress(host, 80);
} else {
// Must be wss due to scheme validation above
sa = new InetSocketAddress(host, 443);
secure = true;
}
} else {
if ("wss".equalsIgnoreCase(scheme)) {
secure = true;
}
sa = new InetSocketAddress(host, port);
}
} else {
proxyConnect = createProxyRequest(host, port);
}

...

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org