date:20170313

[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed

2017-03-13 Thread Bill Barker

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-test-nio2 :  Tomcat 8.x, a web server implementing the 
Java Servlet 3.1,
...


Full details are available at:

http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 19 mins 51 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Dexecute.test.nio2=true -Dtest.temp=output/test-tmp-NIO2 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dtest.accesslog=true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.6-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170314.jar
 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20170314/bin/openssl
 -Dexecute.test.nio=false 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dexecute.test.apr=false -Dexecute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170314-native-src.tar.gz
 -Dtest.repor
 ts=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170314-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dtest.excludePerformance=true 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-8.0.x/true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja

buildbot success in on tomcat-trunk

2017-03-13 Thread buildbot

The Buildbot has detected a restored build on builder tomcat-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/2179

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1786797
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1786798 - /tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

2017-03-13 Thread markt

Author: markt
Date: Mon Mar 13 20:37:14 2017
New Revision: 1786798

URL: http://svn.apache.org/viewvc?rev=1786798=rev
Log:
Add release date for 8.5.12

Modified:
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1786798=1786797=1786798=diff
==
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon Mar 13 20:37:14 2017
@@ -66,7 +66,7 @@
 
   
 
-
+
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1786797 - /tomcat/trunk/webapps/docs/changelog.xml

2017-03-13 Thread markt

Author: markt
Date: Mon Mar 13 20:36:32 2017
New Revision: 1786797

URL: http://svn.apache.org/viewvc?rev=1786797=rev
Log:
Add release date for M18

Modified:
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1786797=1786796=1786797=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Mar 13 20:36:32 2017
@@ -85,7 +85,7 @@
 
   
 
-
+
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r18722 - /dev/tomcat/tomcat-8/v8.5.12/ /release/tomcat/tomcat-8/v8.5.12/

2017-03-13 Thread markt

Author: markt
Date: Mon Mar 13 20:35:51 2017
New Revision: 18722

Log:
Release 8.5.12

Added:
release/tomcat/tomcat-8/v8.5.12/
  - copied from r18721, dev/tomcat/tomcat-8/v8.5.12/
Removed:
dev/tomcat/tomcat-8/v8.5.12/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.0.42

2017-03-13 Thread Martin Grigorov

On Thu, Mar 9, 2017 at 12:05 PM, Mark Thomas  wrote:

> Correcting the subject.
>
> On 08/03/17 20:26, Mark Thomas wrote:
> > The proposed Apache Tomcat 8.0.42 release is now available for voting.
> >
> > The main changes since 8.0.41 are:
> >
> > - Limited relaxation of the HTTP request line validation
> >
> > - Support for Java 9 during annotation scanning
> >
> > - Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
> >   built with OpenSSL 1.0.2k
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.42/
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1122/
> > The svn tag is:
> > http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_42/
> >
> > The proposed 8.0.42 release is:
> > [ ] Broken - do not release
> > [ X ] Stable - go ahead and release as 8.0.42
>

Regards,
Martin


> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[VOTE][RESULT] Release Apache Tomcat 8.5.12

2017-03-13 Thread Mark Thomas

The following votes were cast:

Binding:
+1: markt, remm, fschumacher, mgrigorov

Non-binding:
+1: huxing, ebourg, csutherl

No other votes were cast.

The vote therefore passes.

Thanks to everyone who contributed towards this release.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.76

2017-03-13 Thread Martin Grigorov

On Thu, Mar 9, 2017 at 3:11 PM, Mark Thomas  wrote:

> The proposed Apache Tomcat 7.0.76 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.76/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1123/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_76/
>
> The proposed 7.0.76 release is:
> [ ] Broken - do not release
> [ X ] Stable - go ahead and release as 7.0.76 Stable
>

Regards,
Martin


> Regards,
> Violeta
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

svn commit: r1786786 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml

2017-03-13 Thread markt

Author: markt
Date: Mon Mar 13 20:16:43 2017
New Revision: 1786786

URL: http://svn.apache.org/viewvc?rev=1786786=rev
Log:
Correct year

Modified:
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1786786=1786785=1786786=diff
==
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Mon Mar 13 20:16:43 2017
@@ -345,7 +345,7 @@
   
 
 Moderate: Information Disclosure
-   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8747; 
rel="nofollow">CVE-2017-8747
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8747; 
rel="nofollow">CVE-2016-8747
 
 
 

Modified: tomcat/site/trunk/docs/security-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1786786=1786785=1786786=diff
==
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Mon Mar 13 20:16:43 2017
@@ -309,7 +309,7 @@
   
 
 Moderate: Information Disclosure
-   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8747; 
rel="nofollow">CVE-2017-8747
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8747; 
rel="nofollow">CVE-2016-8747
 
 
 

Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1786786=1786785=1786786=diff
==
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Mon Mar 13 20:16:43 2017
@@ -59,7 +59,7 @@
affected versions.
 
   Moderate: Information Disclosure
-   CVE-2017-8747
+   CVE-2016-8747
 
 The refactoring to make wider use of ByteBuffer introduced a regression
that could cause information to leak between requests on the same

Modified: tomcat/site/trunk/xdocs/security-9.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1786786=1786785=1786786=diff
==
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Mon Mar 13 20:16:43 2017
@@ -59,7 +59,7 @@
affected versions.
 
   Moderate: Information Disclosure
-   CVE-2017-8747
+   CVE-2016-8747
 
 The refactoring to make wider use of ByteBuffer introduced a regression
that could cause information to leak between requests on the same



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn propchange: r1774161 - svn:log

2017-03-13 Thread markt

Author: markt
Revision: 1774161
Modified property: svn:log

Modified: svn:log at Mon Mar 13 20:16:04 2017
--
--- svn:log (original)
+++ svn:log Mon Mar 13 20:16:04 2017
@@ -1 +1,2 @@
 Fix intermittent test failure spotted during some refactoring.
+This is the fix for CVE-2016-8747


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn propchange: r1774166 - svn:log

2017-03-13 Thread markt

Author: markt
Revision: 1774166
Modified property: svn:log

Modified: svn:log at Mon Mar 13 20:15:34 2017
--
--- svn:log (original)
+++ svn:log Mon Mar 13 20:15:34 2017
@@ -1 +1,2 @@
 Fix intermittent test failure spotted during some refactoring.
+This is the fix for CVE-2016-8747


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[SECURITY] CVE-2016-8747 Apache Tomcat Information Disclosure

2017-03-13 Thread Mark Thomas

CVE-2016-8747 Apache Tomcat Information Disclosure

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M11 to 9.0.0.M15
Apache Tomcat 8.5.7 to 8.5.9

Description
The refactoring to make wider use of ByteBuffer introduced a regression
that could cause information to leak between requests on the same
connection. When running behind a reverse proxy, this could result in
information leakage between users. All HTTP connector variants are
affected but HTTP/2 and AJP are not affected.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 9.0.0.M17 or later
  (Apache Tomcat 9.0.0.M16 has the fix but was not released)
- Upgrade to Apache Tomcat 8.5.11 or later
  (Apache Tomcat 8.5.10 has the fix but was not released)
Earlier versions are not affected

Credit:
This issue was identified by the Tomcat security team.

History:
2017-03-13 Original advisory

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1786781 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml

2017-03-13 Thread markt

Author: markt
Date: Mon Mar 13 20:04:51 2017
New Revision: 1786781

URL: http://svn.apache.org/viewvc?rev=1786781=rev
Log:
Announce CVE-2017-8747

Modified:
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1786781=1786780=1786781=diff
==
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Mon Mar 13 20:04:51 2017
@@ -227,6 +227,9 @@
 Apache Tomcat 8.x 
vulnerabilities
 
 
+Fixed in Apache Tomcat 8.5.11
+
+
 Fixed in Apache Tomcat 8.0.41
 
 
@@ -326,6 +329,44 @@
 
   
 
+
+16 January 2017 Fixed in Apache Tomcat 
8.5.11
+
+
+
+
+Note: The issue below was fixed in Apache Tomcat 8.5.10 but the
+   release vote for the 8.5.10 release candidate did not pass. Therefore,
+   although users must download 8.5.11 to obtain a version that includes
+   the fix for this issue, version 8.5.10 is not included in the list of
+   affected versions.
+
+
+  
+
+Moderate: Information Disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8747; 
rel="nofollow">CVE-2017-8747
+
+
+
+The refactoring to make wider use of ByteBuffer introduced a regression
+   that could cause information to leak between requests on the same
+   connection. When running behind a reverse proxy, this could result in
+   information leakage between users. All HTTP connector variants are
+   affected but HTTP/2 and AJP are not affected.
+
+
+This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1774166;>1774166.
+
+
+This issue was identified by the Apache Tomcat Security Team on 14
+   December 2016 and made public on 13 March 2017.
+
+
+Affects: 8.5.7 to 8.5.9
+
+  
+
 
 24 January 2017 Fixed in Apache Tomcat 
8.0.41
 

Modified: tomcat/site/trunk/docs/security-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1786781=1786780=1786781=diff
==
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Mon Mar 13 20:04:51 2017
@@ -227,6 +227,9 @@
 Apache Tomcat 9.x 
vulnerabilities
 
 
+Fixed in Apache Tomcat 
9.0.0.M17
+
+
 Fixed in Apache Tomcat 
9.0.0.M15
 
 
@@ -290,6 +293,44 @@
 
   
 
+
+16 January 2017 Fixed in Apache Tomcat 
9.0.0.M17
+
+
+
+
+Note: The issue below was fixed in Apache Tomcat 9.0.0.M16 but the
+   release vote for the 9.0.0.M16 release candidate did not pass. 
Therefore,
+   although users must download 9.0.0.M17 to obtain a version that includes
+   the fix for this issue, version 9.0.0.M16 is not included in the list of
+   affected versions.
+
+
+  
+
+Moderate: Information Disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8747; 
rel="nofollow">CVE-2017-8747
+
+
+
+The refactoring to make wider use of ByteBuffer introduced a regression
+   that could cause information to leak between requests on the same
+   connection. When running behind a reverse proxy, this could result in
+   information leakage between users. All HTTP connector variants are
+   affected but HTTP/2 and AJP are not affected.
+
+
+This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1774161;>1774161.
+
+
+This issue was identified by the Apache Tomcat Security Team on 14
+   December 2016 and made public on 13 March 2017.
+
+
+Affects: 9.0.0.M11 to 9.0.0.M15
+
+  
+
 
 8 December 2016 Fixed in Apache Tomcat 
9.0.0.M15
 

Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1786781=1786780=1786781=diff
==
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Mon Mar 13 20:04:51 2017
@@ -50,6 +50,32 @@
 
   
 
+  
+
+Note: The issue below was fixed in Apache Tomcat 8.5.10 but the
+   release vote for the 8.5.10 release candidate did not pass. Therefore,
+   although users must download 8.5.11 to obtain a version that includes
+   the fix for this issue, version 8.5.10 is not included in the list of
+   affected versions.
+
+  Moderate: Information Disclosure
+   CVE-2017-8747
+
+The refactoring to make wider use of ByteBuffer introduced a regression
+   that could cause information to leak between requests on the same
+   connection. When running behind a reverse proxy, this could result in
+   information leakage between users. All HTTP connector variants are
+   affected but HTTP/2 and AJP are not affected.
+
+This was fixed in

Re: [VOTE] Release Apache Tomcat 8.5.12

2017-03-13 Thread Coty Sutherland

On Mon, Mar 13, 2017 at 4:00 PM, Mark Thomas  wrote:
> On 13/03/17 19:57, Coty Sutherland wrote:
>> On Wed, Mar 8, 2017 at 1:56 PM, Mark Thomas  wrote:
>>> The proposed Apache Tomcat 8.5.12 release is now available for voting.
>>>
>>> The major changes compared to the 8.5.11 release are:
>>>
>>> - Updates to the early access version of the Serlet 4.0 API to align it
>>>   with the most recent discussions in the Servlet EG
>>>
>>> - Support for Java 9 during annotation scanning
>>>
>>> - Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
>>>   built with OpenSSL 1.0.2k
>>>
>>> It can be obtained from:
>>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.12/
>>> The Maven staging repo is:
>>> https://repository.apache.org/content/repositories/orgapachetomcat-1121/
>>> The svn tag is:
>>> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_12/
>>>
>>> The proposed 8.5.12 release is:
>>> [x] Broken - do not release
>>> [ ] Stable - go ahead and release as 8.5.12
>>
>> +1
>
> Broken how? Or did you X the wrong box?

Crap, sorry. I X'd the wrong box...it's Stable for me. Sorry again.

> Mark
>
>
>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>>
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.0.38

2017-03-13 Thread Coty Sutherland

On Wed, Mar 8, 2017 at 3:26 PM, Mark Thomas  wrote:
> The proposed Apache Tomcat 8.0.42 release is now available for voting.
>
> The main changes since 8.0.41 are:
>
> - Limited relaxation of the HTTP request line validation
>
> - Support for Java 9 during annotation scanning
>
> - Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
>   built with OpenSSL 1.0.2k
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.42/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1122/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_42/
>
> The proposed 8.0.42 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.0.42

+1

> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.12

2017-03-13 Thread Mark Thomas

On 13/03/17 19:57, Coty Sutherland wrote:
> On Wed, Mar 8, 2017 at 1:56 PM, Mark Thomas  wrote:
>> The proposed Apache Tomcat 8.5.12 release is now available for voting.
>>
>> The major changes compared to the 8.5.11 release are:
>>
>> - Updates to the early access version of the Serlet 4.0 API to align it
>>   with the most recent discussions in the Servlet EG
>>
>> - Support for Java 9 during annotation scanning
>>
>> - Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
>>   built with OpenSSL 1.0.2k
>>
>> It can be obtained from:
>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.12/
>> The Maven staging repo is:
>> https://repository.apache.org/content/repositories/orgapachetomcat-1121/
>> The svn tag is:
>> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_12/
>>
>> The proposed 8.5.12 release is:
>> [x] Broken - do not release
>> [ ] Stable - go ahead and release as 8.5.12
> 
> +1

Broken how? Or did you X the wrong box?

Mark


> 
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.12

2017-03-13 Thread Coty Sutherland

On Wed, Mar 8, 2017 at 1:56 PM, Mark Thomas  wrote:
> The proposed Apache Tomcat 8.5.12 release is now available for voting.
>
> The major changes compared to the 8.5.11 release are:
>
> - Updates to the early access version of the Serlet 4.0 API to align it
>   with the most recent discussions in the Servlet EG
>
> - Support for Java 9 during annotation scanning
>
> - Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
>   built with OpenSSL 1.0.2k
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.12/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1121/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_12/
>
> The proposed 8.5.12 release is:
> [x] Broken - do not release
> [ ] Stable - go ahead and release as 8.5.12

+1

> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60852] Connector property compressableMimeType incorrectly spelled

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60852

--- Comment #3 from Michael Osipov <1983-01...@gmx.net> ---
(In reply to Christopher Schultz from comment #2)
> This can be done in a backward-compatible way. It's just an alias of an
> existing setting (or, rather, re-naming an existing setting and then
> creating an alias with the old name).
> 
> Would you care to submit a patch?

Yes, of course. I will start with Tomcat 9 first. Do you want me to simply
break code in 9? I think this is OK since it is not GA yet.
When this is done, I will work in 8.5.

Can someone merge 60851 first? Both patches would cause a conflict.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60852] Connector property compressableMimeType incorrectly spelled

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60852

--- Comment #2 from Christopher Schultz  ---
This can be done in a backward-compatible way. It's just an alias of an
existing setting (or, rather, re-naming an existing setting and then creating
an alias with the old name).

Would you care to submit a patch?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.12

2017-03-13 Thread Martin Grigorov

On Mar 8, 2017 7:56 PM, "Mark Thomas"  wrote:

The proposed Apache Tomcat 8.5.12 release is now available for voting.

The major changes compared to the 8.5.11 release are:

- Updates to the early access version of the Serlet 4.0 API to align it
  with the most recent discussions in the Servlet EG

- Support for Java 9 during annotation scanning

- Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
  built with OpenSSL 1.0.2k

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.12/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1121/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_12/

The proposed 8.5.12 release is:
[ ] Broken - do not release
[ X ] Stable - go ahead and release as 8.5.12


Regards,
Martin


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60854] Unintended JSESSIONID value change

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60854

--- Comment #4 from Jan Engehausen  ---
I see. I need to run this by my colleagues, hope it is okay to keep open until
tomorrow.

I would argue that in the case where authentication and session creation occur
in the same request it would not be right to change the session ID on the
second request (where no authentication occurs).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60854] Unintended JSESSIONID value change

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60854

--- Comment #3 from Remy Maucherat  ---
If you don't cache authentication occurs on every request.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60854] Unintended JSESSIONID value change

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60854

--- Comment #2 from Jan Engehausen  ---
Hello Remy,

as far as I understand, session fixation prevention is there to change the
session ID when a session becomes authenticated. That's good.

But without a session to begin with, then being authenticated right away, why
change the session ID on the next response? There is no need for this - what
does this protect against? This is appears unneccessary.

Furthermore, turning principal caching off (cache=false and
changeSessionIdOnAuthentication=true) causes ANY response to set a new session
ID cookie. Is that really intended?

Thanks,
Jan

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60854] Unintended JSESSIONID value change

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60854

--- Comment #1 from Remy Maucherat  ---
My opinion is that it's a feature. If you don't like it, you should cause the
creation of a session before authentication. Will leave it open for further
comments before closing, though.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.0.38

2017-03-13 Thread Felix Schumacher



Am 8. März 2017 21:26:52 MEZ schrieb Mark Thomas :
>The proposed Apache Tomcat 8.0.42 release is now available for voting.
>
>The main changes since 8.0.41 are:
>
>- Limited relaxation of the HTTP request line validation
>
>- Support for Java 9 during annotation scanning
>
>- Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
>  built with OpenSSL 1.0.2k
>
>It can be obtained from:
>https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.42/
>The Maven staging repo is:
>https://repository.apache.org/content/repositories/orgapachetomcat-1122/
>The svn tag is:
>http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_42/
>
>The proposed 8.0.42 release is:
>[ ] Broken - do not release
>[x] Stable - go ahead and release as 8.0.42

Felix

>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.12

2017-03-13 Thread Felix Schumacher



Am 8. März 2017 19:56:32 MEZ schrieb Mark Thomas :
>The proposed Apache Tomcat 8.5.12 release is now available for voting.
>
>The major changes compared to the 8.5.11 release are:
>
>- Updates to the early access version of the Serlet 4.0 API to align it
>  with the most recent discussions in the Servlet EG
>
>- Support for Java 9 during annotation scanning
>
>- Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
>  built with OpenSSL 1.0.2k
>
>It can be obtained from:
>https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.12/
>The Maven staging repo is:
>https://repository.apache.org/content/repositories/orgapachetomcat-1121/
>The svn tag is:
>http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_12/
>
>The proposed 8.5.12 release is:
>[ ] Broken - do not release
>[x] Stable - go ahead and release as 8.5.12

Felix

>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r18713 - /dev/tomcat/tomcat-9/v9.0.0.M18/ /release/tomcat/tomcat-9/v9.0.0.M18/

2017-03-13 Thread markt

Author: markt
Date: Mon Mar 13 17:43:56 2017
New Revision: 18713

Log:
Release 9.0.0.M18

Added:
release/tomcat/tomcat-9/v9.0.0.M18/
  - copied from r18712, dev/tomcat/tomcat-9/v9.0.0.M18/
Removed:
dev/tomcat/tomcat-9/v9.0.0.M18/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 9.0.0.M18

2017-03-13 Thread Mark Thomas

The following votes were cast:

Binding:
+1: markt, fschumacher, remm

Non-binding:
+1: huxing

No other votes were cast.

The vote therefore passes.

Thanks to everyone who contributed towards this release.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60854] New: Unintended JSESSIONID value change

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60854

Bug ID: 60854
   Summary: Unintended JSESSIONID value change
   Product: Tomcat 7
   Version: 7.0.75
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: smurf...@gmail.com
  Target Milestone: ---

Hello,

we're observing a JSESSIONID value change on a second request in a scenario
where the first request both authenticated AND created a session. We expect the
JSESSIONID created in the response to the first request to remain constant in
subsequent requests.

It appears that the configuration for "cache" and
"changeSessionIdOnAuthentication" behave in an unintended way, creating new
session IDs where none are needed. Apologies if we misunderstand this, but it
looks like a bug, and not a feature.

We've detailed the situation and observations at
https://github.com/smurf667/test-tomcat-session which includes a simple,
reproducible self-contained test (Maven, Java).

Kind regards,
Jan Engehausen

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60853] New: MBeans require update for new TLS configuration

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60853

Bug ID: 60853
   Summary: MBeans require update for new TLS configuration
   Product: Tomcat 8
   Version: 8.5.x-trunk
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: ma...@apache.org
  Target Milestone: 

The MBeans have not been updated for the changes in TLS configuration made in
8.5.x onwards.

The old per protocol parameters need to be removed and new attributes and/or
MBeans for  the configuration now held in SSLHostConfig and
SSLHostConfigCertificate created.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed

2017-03-13 Thread Bill Barker

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-test-nio2 :  Tomcat 8.x, a web server implementing the 
Java Servlet 3.1,
...


Full details are available at:

http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 20 mins 11 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Dexecute.test.nio2=true -Dtest.temp=output/test-tmp-NIO2 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dtest.accesslog=true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.6-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170313.jar
 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20170313/bin/openssl
 -Dexecute.test.nio=false 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dexecute.test.apr=false -Dexecute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170313-native-src.tar.gz
 -Dtest.repor
 ts=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170313-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dtest.excludePerformance=true 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-8.0.x/true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x

[Bug 60844] ArrayIndexOutOfBoundsException when matching actionListener

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60844

--- Comment #3 from Christopher Schultz  ---
The error message you are likely to receive is something along the lines of "no
such method or property found: actionListener". Do you think that's a good
place to explain how to use a particular API? Something like "no such method of
property found: actionListener (remember: methods are searched before
properties)" or something to that effect? It seems a little silly to me.

When you get a FileNotFoundException, the error message doesn't tell you that
the permissions of the directories all the way back to the root of the
filesystem are significant and might be the reason why you can't find/read your
file.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60852] Connector property compressableMimeType incorrectly spelled

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60852

--- Comment #1 from Michael Osipov <1983-01...@gmx.net> ---
The correct term is "compressible", a => i

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60852] New: Connector property compressableMimeType incorrectly spelled

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60852

Bug ID: 60852
   Summary: Connector property compressableMimeType incorrectly
spelled
   Product: Tomcat 9
   Version: 9.0.0.M17
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: 1983-01...@gmx.net
  Target Milestone: -

The word "compressable" does not exist according to Merriam Webster or the
Oxford Dictionary. It seems simply to be a typo:

> $ grep -ri --exclude-dir=.svn compressable .
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:private 
> String compressableMimeType = 
> "text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml";
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:private 
> String[] compressableMimeTypes = null;
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:public String 
> getCompressableMimeType() { return compressableMimeType; }
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:public void 
> setCompressableMimeType(String valueS) {
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:
> compressableMimeType = valueS;
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:
> compressableMimeTypes = null;
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:public 
> String[] getCompressableMimeTypes() {
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:String[] 
> result = compressableMimeTypes;
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:
> StringTokenizer tokens = new StringTokenizer(compressableMimeType, ",");
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:
> compressableMimeTypes = result;
> ./java/org/apache/coyote/http11/AbstractHttp11Protocol.java:
> processor.setCompressableMimeTypes(getCompressableMimeTypes());
> ./java/org/apache/coyote/http11/Http11Processor.java:protected String[] 
> compressableMimeTypes;
> ./java/org/apache/coyote/http11/Http11Processor.java: * @param 
> compressableMimeTypes MIME types for which compression should be
> ./java/org/apache/coyote/http11/Http11Processor.java:public void 
> setCompressableMimeTypes(String[] compressableMimeTypes) {
> ./java/org/apache/coyote/http11/Http11Processor.java:
> this.compressableMimeTypes = compressableMimeTypes;
> ./java/org/apache/coyote/http11/Http11Processor.java:private boolean 
> isCompressable() {
> ./java/org/apache/coyote/http11/Http11Processor.java:if 
> (compressableMimeTypes != null) {
> ./java/org/apache/coyote/http11/Http11Processor.java:return 
> (startsWithStringArray(compressableMimeTypes,
> ./java/org/apache/coyote/http11/Http11Processor.java:boolean 
> isCompressable = false;
> ./java/org/apache/coyote/http11/Http11Processor.java:
> isCompressable = isCompressable();
> ./java/org/apache/coyote/http11/Http11Processor.java:if 
> (isCompressable) {
> ./java/org/apache/coyote/http11/Http11Processor.java:if 
> (isCompressable) {
> ./webapps/docs/config/http.xml: required="false">

A fix is fairly easy, but would require an incompatible change. This is
possible in Tomcat 9 only. For Tomcat 8.5.x one could introduce new methods
(getter, setter) calling old ones, mark as @Deprecated and change http.xml for
the new one only. Old config should continue to run as expected.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60851] New: Add more default compressible MIME types

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60851

Bug ID: 60851
   Summary: Add more default compressible MIME types
   Product: Tomcat 8
   Version: 8.5.11
  Hardware: All
OS: All
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: 1983-01...@gmx.net
  Target Milestone: 

Created attachment 34818
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34818=edit
New MIME types

Two promiment MIME types are missing: application/xml and application/json.
Both added in the patch attached.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60849] Tomcat NIO Connector not able to handle SSL renegotiation handshake exception

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60849

Remy Maucherat  changed:

   What|Removed |Added

   Severity|critical|enhancement

--- Comment #1 from Remy Maucherat  ---
I would say these configuration options and questionable behaviors are less
likely to be handled in any way when using the SSL engine.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60849] New: Tomcat NIO Connector not able to handle SSL renegotiation handshake exception

2017-03-13 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=60849

Bug ID: 60849
   Summary: Tomcat NIO Connector not able to handle SSL
renegotiation handshake exception
   Product: Tomcat 8
   Version: 8.0.37
  Hardware: Other
OS: Linux
Status: NEW
  Severity: critical
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: rambabu.eed...@gmail.com
  Target Milestone: 

SSL Renegotiation was restricted by using this
-Djdk.tls.rejectClientInitiatedRenegotiation=true. As expected tomcat is
throwing the exception but the exception was not handled by NIO connector.
Where as with BIO connector , the exception was handled properly and a proper
alert was sent to openssl client.

Steps To reproduce:

Tomcat version: 8.0.37
Oracle Java : 1.8.0.112

1) Configure tomcat server.xml with NIO connector on ssl port which was on 8443
by default and with self signed certificate.

 

2) Restrict SSL renegotiation by setting this flag 
CATALINA_OPTS="$CATALINA_OPTS
-Djdk.tls.rejectClientInitiatedRenegotiation=true" at setenv.sh file present in
bin folder.

3) Enable debug mode by setting this flag in CATALINA_OPTS="$CATALINA_OPTS
-Djavax.net.debug=all" at setenv.sh present in bin folder

4) Try to renegotiate with openssl and observe the cataline.out file at logs
folder.

Error Message :

%% Cached server session: [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
http-nio2-8443-exec-15, READ: TLSv1 Handshake, length = 224
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: false
Is secure renegotiation: true
*** ClientHello, TLSv1
RandomCookie:  GMT: 1358710174 bytes = { 192, 154, 132, 174, 67, 12, 146, 242,
194, 112, 62, 72, 182, 17, 144, 176, 95, 0, 228, 50, 124, 188, 160, 233, 52,
78, 195, 186 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA,
TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA,
TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA,
TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DH_RSA_WITH_SEED_CBC_SHA,
TLS_DH_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension renegotiation_info, renegotiated_connection:
df:3c:e7:d4:4d:b6:87:23:28:a7:2f:61
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime,
ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {secp256r1, secp521r1, unknown curve
28, unknown curve 27, secp384r1, unknown curve 26, secp256k1}
Unsupported extension type_35, data:
Unsupported extension type_15, data: 01
***
http-nio2-8443-exec-15, fatal error: 40: Client initiated renegotiation is not
allowed
javax.net.ssl.SSLHandshakeException: Client initiated renegotiation is not
allowed
%% Invalidated:  [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
http-nio-8443-exec-15, SEND TLSv1 ALERT:  fatal, description =
handshake_failure
http-nio-8443-exec-15, WRITE: TLSv1 Alert, length = 32
http-nio-8443-exec-17, called closeOutbound()
http-nio-8443-exec-17, closeOutboundInternal()
http-nio-8443-exec-17, fatal: engine already closed.  Rethrowing
javax.net.ssl.SSLHandshakeException: Client initiated renegotiation is not
allowed


BIO Connector Message where ssl handshake exception was handled properly.

%% Cached server session: [Session-2, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
http-bio-8443-exec-1, setSoTimeout(59673) called
http-bio-8443-exec-1, READ: TLSv1 Handshake, length = 224
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: false
Is secure

37 matches

Mail list logo