[GUMP@vmgump-vm3]: Project tomcat-trunk-validate (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-validate has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 26 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-trunk-validate : Tomcat 9.x, a web server implementing the Java Servlet 4.0, ... Full details are available at: http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-validate/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on checkstyle exists, no need to add for property checkstyle.jar. -INFO- Failed with reason build failed The following work was performed: http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-validate/gump_work/build_tomcat-trunk_tomcat-trunk-validate.html Work Name: build_tomcat-trunk_tomcat-trunk-validate (Type: Build) Work ended in a state of : Failed Elapsed: 36 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs -Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar -Dexecute.validate=true validate [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20171004.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/commons-cli/target/commons-cli-1.5-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.7-SNAPSHOT.jar:/srv/g ump/public/workspace/apache-commons/logging/target/commons-logging-20171004.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20171004.jar:/srv/gump/public/workspace/google-guava/guava/target/guava-HEAD-jre-SNAPSHOT.jar - [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/TestValueExpressionImpl.java:34: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/lang/TestELArithmetic.java:26: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/lang/TestELSupport.java:30: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/parser/TestELParser.java:30: Extra separation in import group before 'org.junit.Ignore' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestAttributeParser.java:24: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestCompiler.java:29: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestGenerator.java:36: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestJspConfig.java:24: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestParser.java:25: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestParserNoStrictWhitespace.java:26: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestScriptingV
[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-validate (in module tomcat-8.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-validate has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 26 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc8.0.x-validate : Tomcat 8.x, a web server implementing the Java Servlet 3.1, ... Full details are available at: http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-validate/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on checkstyle exists, no need to add for property checkstyle.jar. -INFO- Failed with reason build failed The following work was performed: http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-validate/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-validate.html Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-validate (Type: Build) Work ended in a state of : Failed Elapsed: 34 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs -Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar -Dexecute.validate=true validate [Working Directory: /srv/gump/public/workspace/tomcat-8.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20171004.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/commons-cli/target/commons-cli-1.5-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.7-SNAPSHOT.jar:/srv/g ump/public/workspace/apache-commons/logging/target/commons-logging-20171004.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20171004.jar:/srv/gump/public/workspace/google-guava/guava/target/guava-HEAD-jre-SNAPSHOT.jar - [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/TestValueExpressionImpl.java:34: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/lang/TestELArithmetic.java:26: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/lang/TestELSupport.java:30: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/parser/TestELParser.java:28: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestAttributeParser.java:24: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestCompiler.java:29: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestGenerator.java:36: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestJspConfig.java:24: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestParser.java:25: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestParserNoStrictWhitespace.java:26: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/Tes
[GUMP@vmgump-vm3]: Project tomcat-tc7.0.x-validate (in module tomcat-7.0.x) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc7.0.x-validate has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 26 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-tc7.0.x-validate : Tomcat 7.x, a web server implementing Java Servlet 3.0, ... Full details are available at: http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-validate/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on checkstyle exists, no need to add for property checkstyle.jar. -INFO- Failed with reason build failed The following work was performed: http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-validate/gump_work/build_tomcat-7.0.x_tomcat-tc7.0.x-validate.html Work Name: build_tomcat-7.0.x_tomcat-tc7.0.x-validate (Type: Build) Work ended in a state of : Failed Elapsed: 35 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Dbase.path=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-build-libs -Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar -Dexecute.validate=true validate [Working Directory: /srv/gump/public/workspace/tomcat-7.0.x] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20171004.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/commons-cli/target/commons-cli-1.5-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.7-SNAPSHOT.jar:/srv/g ump/public/workspace/apache-commons/logging/target/commons-logging-20171004.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20171004.jar:/srv/gump/public/workspace/google-guava/guava/target/guava-HEAD-jre-SNAPSHOT.jar - [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/TestELInJsp.java:23: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/TestMethodExpressionImpl.java:30: Extra separation in import group before 'org.junit.Before' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/TestValueExpressionImpl.java:34: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/lang/TestELArithmetic.java:24: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/lang/TestELSupport.java:29: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/parser/TestELParser.java:28: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestAttributeParser.java:24: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestCompiler.java:28: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestGenerator.java:37: Extra separation in import group before 'org.junit.Assert' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestJspConfig.java:24: Extra separation in import group before 'org.junit.Test' [ImportOrder] [checkstyle] [ERROR] /srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestParser.java:26: Extra sep
[Bug 57665] support x-forwarded-host
https://bz.apache.org/bugzilla/show_bug.cgi?id=57665 --- Comment #17 from Christopher Schultz --- (In reply to Robert from comment #16) > What is the release target for this patch? There is none; it hasn't been merged. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 --- Comment #7 from Daniel Ruggeri --- Hi, Mark; I can confirm that the preview build you shared corrects the problem... and I even detected no smoke! For testing, I was mistaken. The SunPKCS11 Provider does, indeed, ship on all Solaris, Windows and Linux builds but does not include a backing PKCS11 implementation - that's still separate. Can you help me understand what flexibility exists in the testing infrastructure for Tomcat? The way I test this in our environment is with NSS which is free, provides a PCKS11 implementation and is available on RedHat and Debian derivatives. If you have a Windows or Linux VM to do said testing, I can provide scripts that will generate the stores. I could also throw together a Dockerfile if docker is a thing for you. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57665] support x-forwarded-host
https://bz.apache.org/bugzilla/show_bug.cgi?id=57665 --- Comment #16 from Robert --- What is the release target for this patch? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 --- Comment #6 from Mark Thomas --- I think I have fixed this. Snapshot build available here: http://people.apache.org/~markt/dev/v8.5.24-dev/ If you could test and provide feedback that will be great. Note: This is a snapshot, not an official release. It is intended for testing this issue only. If your server catches fire when you install it you are on your own, etc. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1811032 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java java/org/apache/tomcat/util/net/jsse/JSSEUtil.java java/org/apache/tomcat/util/net/openssl/
Author: markt Date: Tue Oct 3 20:29:50 2017 New Revision: 1811032 URL: http://svn.apache.org/viewvc?rev=1811032&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 Correct a further regression in the fix to enable the use of Java key stores that contained multiple keys that did not all have the same password. This fixes PKCS11 key store handling with multiple keys selected with an alias. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Oct 3 20:29:50 2017 @@ -1,2 +1,2 @@ /tomcat/tc8.0.x/trunk:1809644 -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739492,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409 ,1741501,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744149,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747 404,1747506,1747536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1 756289,1756408-1756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-176205
svn commit: r1811031 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java java/org/apache/tomcat/util/net/jsse/JSSEUtil.java java/org/apache/tomcat/util/net/openssl/OpenSSLCont
Author: markt Date: Tue Oct 3 20:27:58 2017 New Revision: 1811031 URL: http://svn.apache.org/viewvc?rev=1811031&view=rev Log: Correct a further regression in the fix to enable the use of Java key stores that contained multiple keys that did not all have the same password. This fixes PKCS11 key store handling with multiple keys selected with an alias. Added: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java - copied unchanged from r1800873, tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1811031&r1=1811030&r2=1811031&view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Tue Oct 3 20:27:58 2017 @@ -53,6 +53,7 @@ import javax.net.ssl.ManagerFactoryParam import javax.net.ssl.SSLSessionContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509KeyManager; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -258,7 +259,23 @@ public class JSSEUtil extends SSLUtilBas KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ksUsed, keyPassArray); -return kmf.getKeyManagers(); +KeyManager[] kms = kmf.getKeyManagers(); + +// Only need to filter keys by alias if there are key managers to filter +// and the original key store was used. The in memory key stores only +// have a single key so don't need filtering +if (kms != null && ksUsed == ks) { +String alias = keyAlias; +// JKS keystores always convert the alias name to lower case +if ("JKS".equals(certificate.getCertificateKeystoreType())) { +alias = alias.toLowerCase(Locale.ENGLISH); +} +for(int i = 0; i < kms.length; i++) { +kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], alias); +} +} + +return kms; } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1811031&r1=1811030&r2=1811031&view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Tue Oct 3 20:27:58 2017 @@ -51,6 +51,7 @@ import org.apache.tomcat.util.net.Consta import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type; +import org.apache.tomcat.util.net.jsse.JSSEKeyManager; import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser; import org.apache.tomcat.util.res.StringManager; @@ -456,6 +457,11 @@ public class OpenSSLContext implements o private static X509KeyManager chooseKeyManager(KeyManager[] managers) throws Exception { for (KeyManager manager : managers) { +if (manager instanceof JSSEKeyManager) { +return (JSSEKeyManager) manager; +} +} +for (KeyManager manager : managers) { if (manager instanceof X509KeyManager) { return (X509KeyManager) manager; } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1811031&r1=1811030&r2=1811031&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Tue Oct 3 20:27:58 2017 @@ -45,6 +45,16 @@ issues do not "pop up" wrt. others). --> + + + +61583: Correct a further regression in the fix to enable the +use of Java key stores that contained multiple keys that did not all +have the same password. This fixes PKCS11 key store handling with +multiple keys selected with an alias. (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.47
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Violetta, On 9/29/17 10:39 AM, Violeta Georgieva wrote: > The proposed Apache Tomcat 8.0.47 release is now available for > voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.47/ The > Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-115 9/ > > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_47/ > > The proposed 8.0.47 release is: [ ] Broken - do not release [X] > Stable - go ahead and release as 8.0.47 +1 for stable release Works on development environment. Details below: * Environment * Java (build): java version "1.8.0_101" Java(TM) SE Runtime Environment (build 1.8.0_101-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode) * Java (test): java version "1.8.0_101" Java(TM) SE Runtime Environment (build 1.8.0_101-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode) * OS: Linux 2.6.32-312-ec2 x86_64 * cc: cc (Debian 4.7.2-5) 4.7.2 * make: GNU Make 3.81 * OpenSSL: OpenSSL 1.0.2k 26 Jan 2017 * APR: 1.4.6 * * Valid MD5 signature for apache-tomcat-8.0.47.zip * Valid GPG signature for apache-tomcat-8.0.47.zip * Valid MD5 signature for apache-tomcat-8.0.47.tar.gz * Valid GPG signature for apache-tomcat-8.0.47.tar.gz * Valid MD5 signature for apache-tomcat-8.0.47.exe * Valid GPG signature for apache-tomcat-8.0.47.exe * Valid MD5 signature for apache-tomcat-8.0.47-src.zip * Valid GPG signature for apache-tomcat-8.0.47-src.zip * Valid MD5 signature for apache-tomcat-8.0.47-src.tar.gz * Valid GPG signature for apache-tomcat-8.0.47-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED All below unit tests are expected to fail given the lack of multicast in my environment, and the sensitivity of openssl support in these tests . * Tests that failed: * org.apache.catalina.session.TestStandardSessionIntegration.APR.txt * org.apache.catalina.session.TestStandardSessionIntegration.BIO.txt * org.apache.catalina.session.TestStandardSessionIntegration.NIO.txt * org.apache.catalina.session.TestStandardSessionIntegration.NIO2.txt * org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.APR.txt * org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.BIO.txt * org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.NIO.txt * org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.NIO2.tx t * org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.APR.t xt * org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.BIO.t xt * org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.NIO.t xt * org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.NIO2. txt * org.apache.catalina.tribes.group.TestGroupChannelStartStop.APR.txt * org.apache.catalina.tribes.group.TestGroupChannelStartStop.BIO.txt * org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO.txt * org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO2.txt * org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator .APR.txt * org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator .BIO.txt * org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator .NIO.txt * org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator .NIO2.txt * org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.APR.t xt * org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.BIO.t xt * org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.NIO.t xt * org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.NIO2. txt * org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.APR .txt * org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.BIO .txt * org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.NIO .txt * org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.NIO 2.txt * org.apache.tomcat.util.net.jsse.openssl.TestCipher.APR.txt * org.apache.tomcat.util.net.jsse.openssl.TestCipher.BIO.txt * org.apache.tomcat.util.net.jsse.openssl.TestCipher.NIO.txt * org.apache.tomcat.util.net.jsse.openssl.TestCipher.NIO2.txt * org.apache.tomcat.util.net.jsse.openssl.TestOpenSSLCipherConfigurationPa rser.APR.txt * org.apache.tomcat.util.net.jsse.openssl.TestOpenSSLCipherConfigurationPa rser.BIO.txt * org.apache.tomcat.util.net.jsse.openssl.TestOpenSSLCipherConfigurationPa rser.NIO.txt * org.apache.tomcat.util.net.jsse.openssl.TestOpenSSLCipherConfigurationPa rser.NIO2.txt Thanks, - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnT3WEdHGNocmlzQG
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 --- Comment #5 from Mark Thomas --- I agree with Rémy's analysis. Since I messed this up, I'm happy to take a look at getting it fixed. First step will be setting up a software PKCS11 keystore for testing. Any pointers appreciated. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 --- Comment #4 from Daniel Ruggeri --- Sure, understood. If you can provide a jar, I can do testing to verify the change before committing. Thinking about the ability to test this ongoing, I *think* that the Oracle PKCS11 provider works in software on Solaris, Linux and Windows. I can try putting together some test code if you think it would be worth doing. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 jfclere changed: What|Removed |Added CC||jfcl...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 --- Comment #3 from Remy Maucherat --- After investigating, it would seem r1800874 has to be partially reverted since we cannot put the non PKCS8 key in the in memory keystore and may have to use the JSSEKeyManager wrapper instead. Unless it is always possible to do the memory keystore creation with other types [and go with putting the key there], in which case the condition "PKCS#8".equalsIgnoreCase(k.getFormat()) can simply be removed. Unfortunately, no test case here to make sure I don't do anything wrong. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 --- Comment #2 from Remy Maucherat --- It is true the alias setting will now only work if the key type is PKCS8. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 Daniel Ruggeri changed: What|Removed |Added CC||drugg...@primary.net --- Comment #1 from Daniel Ruggeri --- Also, as a side comment, I would be happy to help produce tests to catch these during release. I'm not sure where to start, but am motivated to assist. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61583] New: Regression in PKCS11 keystores - incorrect alias being used
https://bz.apache.org/bugzilla/show_bug.cgi?id=61583 Bug ID: 61583 Summary: Regression in PKCS11 keystores - incorrect alias being used Product: Tomcat 8 Version: 8.5.23 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: drugg...@primary.net Target Milestone: After upgrading from 8.5.16 to 8.5.20, PKCS11 support was broken due to #61451. Upon receiving release announcement for 8.5.23 and testing (somehow missed 8.5.21), PKCS11 support still appears broken because it does not honor the key alias set on the connector. I have verified that 8.5.21 also displays the same behavior. The testing configuration uses a single PKCS11 keystore (backed by NSS) with three keys inside: admin, server and client. The testing suite configures Tomcat with two connectors, one for administrative access and a second for "business" access. Upon running the test suite, Tomcat consistently uses the client certificate for both the server and administrative connectors. When examining the keystore with a java program, the client certificate is the first key in the store. Example connector: Store contents of NSS database: $ certutil -d /tmp/pkcs11 -K certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": < 0> rsa 40261c884934d113672666784953129ea53a6492 NSS FIPS 140-2 Certificate DB:tomcatadmin < 1> rsa dba317a2b93e771032c0b5fafb019649229dcc7c NSS FIPS 140-2 Certificate DB:tomcatserver < 2> rsa 6ed07ff1e609c5daa965bf152004e1212177a87f NSS FIPS 140-2 Certificate DB:tomcatclient Viewed as a KeyStore object and iterating over the keys: x509 test application Keystore loaded Certificate: tomcatclient (key entry) Certificate: tomcatserver (key entry) Certificate: tomcatadmin (key entry) If there is any debug logging information I can provide, please let me know. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1811012 - /tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java
Author: markt Date: Tue Oct 3 13:55:45 2017 New Revision: 1811012 URL: http://svn.apache.org/viewvc?rev=1811012&view=rev Log: Fix copy/paste error Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java?rev=1811012&r1=1811011&r2=1811012&view=diff == --- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/compat/Jre9Compat.java Tue Oct 3 13:55:45 2017 @@ -39,7 +39,7 @@ class Jre9Compat extends Jre8Compat { try { c1 = Class.forName("java.lang.reflect.InaccessibleObjectException"); -m2 = SSLParameters.class.getMethod("setApplicationProtocolsMethod", String[].class); +m2 = SSLParameters.class.getMethod("setApplicationProtocols", String[].class); m3 = SSLEngine.class.getMethod("getApplicationProtocol"); m4 = URLConnection.class.getMethod("setDefaultUseCaches", String.class, boolean.class); } catch (SecurityException | NoSuchMethodException e) { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.82
2017-09-29 16:16 GMT+03:00 Violeta Georgieva : > The proposed Apache Tomcat 7.0.82 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.82/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1158/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_82/ > > The proposed 7.0.82 release is: > [ ] Broken - do not release > [x] Stable - go ahead and release as 7.0.82 Stable Unit tests - OK. (Java 6, 7, 8u144 x all connectors, Windows 10, 32-bit JDKs) Smoke testing with security manager enabled - one issue. A workaround is available, thus this is not a showstopper. https://bz.apache.org/bugzilla/show_bug.cgi?id=61581 Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61581] SecurityException trying to access JNI classes in Drawboard example when running with SecurityManager
https://bz.apache.org/bugzilla/show_bug.cgi?id=61581 Konstantin Kolinko changed: What|Removed |Added OS||All Version|trunk |7.0.82 --- Comment #1 from Konstantin Kolinko --- AprServletOutputStream.java:135 is if (Status.APR_STATUS_IS_EAGAIN(-written)) { APR_STATUS_IS_EAGAIN is a method, not a constant, and thus Java tries to load the class. If I preload the Status class the issue does not happen. This is: to work-around this issue, add the following attribute to JreMemoryLeakPreventionListener configured in conf/server.xml: [[[ classesToInitialize="org.apache.tomcat.jni.Status" ]]] -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 8.5.23 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.23. Tomcat 8.x users should normally be using 8.5.x releases in preference to 8.0.x releases. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers technologies. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new features pulled forward from the 9.0.x branch. The notable changes since 8.5.20 include: - Fix CVE-2017-12617 - Add ExtractingRoot, a new WebResourceRoot implementation that extracts JARs to the work directory for improved performance when deploying packed WAR files. - Additional capabilities for the CGI Servlet. Based on patches provided by jm009. - Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-8.5-doc/changelog.html Downloads: http://tomcat.apache.org/download-80.cgi Migration guides from Apache Tomcat 7.x and 8.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 9.0.1 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.1 (beta). Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.1 is the first beta release of the 9.0.x branch. The notable changes compared to 9.0.0.M26 include: - Servlet 4.0 implementation is complete - Fix CVE-2017-12617 - Add the ability to reconfigure TLS connectors at runtime without stopping the connector - Stricter validation of the Host header - Additional capabilities for the CGI Servlet. Based on patches provided by jm009. - Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload
CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0 Apache Tomcat 8.5.0 to 8.5.22 Apache Tomcat 8.0.0.RC1 to 8.0.46 Apache Tomcat 7.0.0 to 7.0.81 Description: When running with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 9.0.1 or later - Upgrade to Apache Tomcat 8.5.23 or later - Upgrade to Apache Tomcat 8.0.47 or later - Upgrade to Apache Tomcat 7.0.82 or later Credit: This issue was first reported publicly followed by multiple reports to the Apache Tomcat Security Team. History: 2017-10-03 Original advisory References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1810975 - /tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Author: violetagg Date: Tue Oct 3 10:52:29 2017 New Revision: 1810975 URL: http://svn.apache.org/viewvc?rev=1810975&view=rev Log: Update the release date for 7.0.82 Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1810975&r1=1810974&r2=1810975&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Oct 3 10:52:29 2017 @@ -94,7 +94,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r22091 - /dev/tomcat/tomcat-7/v7.0.82/ /release/tomcat/tomcat-7/v7.0.82/
Author: violetagg Date: Tue Oct 3 10:46:46 2017 New Revision: 22091 Log: Release 7.0.82 Added: release/tomcat/tomcat-7/v7.0.82/ - copied from r22090, dev/tomcat/tomcat-7/v7.0.82/ Removed: dev/tomcat/tomcat-7/v7.0.82/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.82
2017-09-29 16:16 GMT+03:00 Violeta Georgieva : > > The proposed Apache Tomcat 7.0.82 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.82/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1158/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_82/ > > The proposed 7.0.82 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 7.0.82 Stable +1 (binding):rjung, violetagg, huxing, csutherl No other voters were cast. The vote has passed. I'll do the release shortly and announce it once the mirrors catch up. Regards, Violeta
buildbot success in on tomcat-8-trunk
The Buildbot has detected a restored build on builder tomcat-8-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-8-trunk/builds/1146 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1810671 Blamelist: violetagg Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1810673 - in /tomcat/site/trunk: docs/index.html xdocs/index.xml
Author: violetagg Date: Tue Oct 3 09:11:09 2017 New Revision: 1810673 URL: http://svn.apache.org/viewvc?rev=1810673&view=rev Log: Remove the announcement for 8.5.20 from the index.html page Modified: tomcat/site/trunk/docs/index.html tomcat/site/trunk/xdocs/index.xml Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1810673&r1=1810672&r2=1810673&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Tue Oct 3 09:11:09 2017 @@ -450,46 +450,6 @@ compared to version 7.0.79. The notable - -2017-08-08 Tomcat 8.5.20 Released - - - - -The Apache Tomcat Project is proud to announce the release of version 8.5.20 -of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes -new features pulled forward from Tomcat 9.0.x. The minimum Java version and -implemented specification versions remain unchanged. The notable changes -compared to 8.5.16 include: - - - -Add the ability to set the defaults used by the Windows installer from a -configuration file. Patch provided by Sandra Madden. - -Add support to the WebSocket client for following redirects when attempting -to establish a WebSocket connection. Patch provided by J Fernandez. - -Add support for the %X pattern in the AccessLogValve that reports the -connection status at the end of the request. Patch provided by Zemian -Deng. - - - - -Full details of these changes, and all the other changes, are available in the -Tomcat 8.5 -changelog. - - - - - -Download - - - - 2015-12-15 Tomcat Native 1.1.34 Released Modified: tomcat/site/trunk/xdocs/index.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/index.xml?rev=1810673&r1=1810672&r2=1810673&view=diff == --- tomcat/site/trunk/xdocs/index.xml (original) +++ tomcat/site/trunk/xdocs/index.xml Tue Oct 3 09:11:09 2017 @@ -171,34 +171,6 @@ Full details of these changes, and all t - - -The Apache Tomcat Project is proud to announce the release of version 8.5.20 -of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes -new features pulled forward from Tomcat 9.0.x. The minimum Java version and -implemented specification versions remain unchanged. The notable changes -compared to 8.5.16 include: - -Add the ability to set the defaults used by the Windows installer from a -configuration file. Patch provided by Sandra Madden. -Add support to the WebSocket client for following redirects when attempting -to establish a WebSocket connection. Patch provided by J Fernandez. -Add support for the %X pattern in the AccessLogValve that reports the -connection status at the end of the request. Patch provided by Zemian -Deng. - - - -Full details of these changes, and all the other changes, are available in the -Tomcat 8.5 -changelog. - - - -Download - - - The Apache Tomcat Project is proud to announce the release of version 1.1.34 of - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1810671 - /tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Author: violetagg Date: Tue Oct 3 08:56:39 2017 New Revision: 1810671 URL: http://svn.apache.org/viewvc?rev=1810671&view=rev Log: Update the release date for 8.0.47 Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1810671&r1=1810670&r2=1810671&view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Tue Oct 3 08:56:39 2017 @@ -88,7 +88,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r22090 - /dev/tomcat/tomcat-8/v8.0.47/ /release/tomcat/tomcat-8/v8.0.47/
Author: violetagg Date: Tue Oct 3 08:49:26 2017 New Revision: 22090 Log: Release 8.0.47 Added: release/tomcat/tomcat-8/v8.0.47/ - copied from r22089, dev/tomcat/tomcat-8/v8.0.47/ Removed: dev/tomcat/tomcat-8/v8.0.47/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [RESULT][VOTE] Release Apache Tomcat 8.0.47
Hi, 2017-09-29 17:39 GMT+03:00 Violeta Georgieva : > > The proposed Apache Tomcat 8.0.47 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.47/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1159/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_47/ > > The proposed 8.0.47 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 8.0.47 +1 (binding):markt, rjung, violetagg, csutherl No other voters were cast. The vote has passed. I'll do the release shortly and announce it once the mirrors catch up. Regards, Violeta