[GitHub] [tomcat] funkman opened a new pull request, #524: Dir redirect use301
funkman opened a new pull request, #524: URL: https://github.com/apache/tomcat/pull/524 For the SEO folks (seemed to be a common ask which hasn't gone away) When a directory redirect is requested. Allow a configuration setting to use a 301 HTTP response status instead of 302. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Update patch for OpenSSL 3.0.x after reworking from scratch
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new b125c4e22 Update patch for OpenSSL 3.0.x after reworking from scratch b125c4e22 is described below commit b125c4e227096e422f1d5a38b496f24dac2bc91d Author: Mark Thomas AuthorDate: Wed Jun 15 18:51:35 2022 +0100 Update patch for OpenSSL 3.0.x after reworking from scratch --- native/srclib/openssl/openssl-msvcrt-3.0.3.patch | 99 ++-- 1 file changed, 43 insertions(+), 56 deletions(-) diff --git a/native/srclib/openssl/openssl-msvcrt-3.0.3.patch b/native/srclib/openssl/openssl-msvcrt-3.0.3.patch index 5b73397d9..2f5634ede 100644 --- a/native/srclib/openssl/openssl-msvcrt-3.0.3.patch +++ b/native/srclib/openssl/openssl-msvcrt-3.0.3.patch @@ -11,8 +11,33 @@ index 66bc81dfb4..52345e4f33 100644 )), bin_lflags => add("/subsystem:console /opt:ref"), ex_libs => add(sub { +diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c +index 059afe47b9..cbece5fcb3 100644 +--- a/apps/lib/s_socket.c b/apps/lib/s_socket.c +@@ -31,7 +31,7 @@ typedef unsigned int u_int; + + /* MSVC renamed some POSIX functions to have an underscore prefix. */ + # ifdef _MSC_VER +-# define getpid _getpid ++# define getpid GetCurrentProcessId + # endif + #endif + +diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c +index ed611d64dd..09238bfb7d 100644 +--- a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c +@@ -9,6 +9,7 @@ + * https://www.openssl.org/source/license.html + */ + ++#include "e_os.h" + #include + #include + #include "cmp_local.h" /* just for decls of internal functions defined here */ diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c -index 91656e6b80..cf51ed08fe 100644 +index 91656e6b80..e0692e5618 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -18,6 +18,7 @@ @@ -23,56 +48,6 @@ index 91656e6b80..cf51ed08fe 100644 #include #include "internal/cryptlib.h" #include "crypto/engine.h" -diff --git a/crypto/o_time.c b/crypto/o_time.c -index 23ffe16245..cd448e5483 100644 a/crypto/o_time.c -+++ b/crypto/o_time.c -@@ -41,10 +41,6 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) - if (gmtime_r(timer, result) == NULL) - return NULL; - ts = result; --#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) --if (gmtime_s(result, timer)) --return NULL; --ts = result; - #else - ts = gmtime(timer); - if (ts == NULL) -diff --git a/e_os.h b/e_os.h -index 9e2f14072f..70ef508971 100644 a/e_os.h -+++ b/e_os.h -@@ -139,7 +139,7 @@ static __inline unsigned int _strlen31(const char *str) - # endif - # include - # if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) --#if _MSC_VER>=1300 && _MSC_VER<1600 -+#ifdef _WIN64 - # undef stdin - # undef stdout - # undef stderr -@@ -147,6 +147,21 @@ FILE *__iob_func(); - # define stdin (&__iob_func()[0]) - # define stdout (&__iob_func()[1]) - # define stderr (&__iob_func()[2]) -+#else -+# undef stdin -+# undef stdout -+# undef stderr -+ /* -+ * pre-1300 has __p__iob(), but it's available only in msvcrt.lib, -+ * or in other words with /MD. Declaring implicit import, i.e. with -+ * _imp_ prefix, works correctly with all compiler options, but -+ * without /MD results in LINK warning LNK4049: 'locally defined -+ * symbol "__iob" imported'. -+ */ -+extern FILE *_imp___iob; -+# define stdin (&_imp___iob[0]) -+# define stdout (&_imp___iob[1]) -+# define stderr (&_imp___iob[2]) - #endif - # endif - # endif diff --git a/engines/e_capi.c b/engines/e_capi.c index 6f223a6922..045d1368fd 100644 --- a/engines/e_capi.c @@ -86,14 +61,26 @@ index 6f223a6922..045d1368fd 100644 # include # include diff --git a/test/testutil/basic_output.c b/test/testutil/basic_output.c -index 92f3de9300..47a4f19901 100644 +index 92f3de9300..e84301946e 100644 --- a/test/testutil/basic_output.c +++ b/test/testutil/basic_output.c -@@ -10,6 +10,7 @@ +@@ -7,6 +7,7 @@ + * https://www.openssl.org/source/license.html + */ + ++#include "e_os.h" #include "../testutil.h" #include "output.h" #include "tu_local.h" -+#include "../../e_os.h" +diff --git a/test/testutil/provider.c b/test/testutil/provider.c +index d073d732da..8a96f9a151 100644 +--- a/test/testutil/provider.c b/test/testutil/provider.c +@@ -7,6 +7,7 @@ + * https://www.openssl.org/source/license.html + */ - #include - #include ++#include "e_os.h" + #include "../testutil.h" + #include + #include
[tomcat-native] branch main updated: Restore 1.1.1 code in an effort to fix build for Windows
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new b62853fb1 Restore 1.1.1 code in an effort to fix build for Windows b62853fb1 is described below commit b62853fb1d26e1ec8d183490cd0b3c688c7319e5 Author: Mark Thomas AuthorDate: Wed Jun 15 17:04:18 2022 +0100 Restore 1.1.1 code in an effort to fix build for Windows --- native/srclib/openssl/openssl-msvcrt-3.0.3.patch | 28 +--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/native/srclib/openssl/openssl-msvcrt-3.0.3.patch b/native/srclib/openssl/openssl-msvcrt-3.0.3.patch index 1e2ef4d48..5b73397d9 100644 --- a/native/srclib/openssl/openssl-msvcrt-3.0.3.patch +++ b/native/srclib/openssl/openssl-msvcrt-3.0.3.patch @@ -1,8 +1,8 @@ diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf -index a7294d2ad1..24c887f8d3 100644 +index 66bc81dfb4..52345e4f33 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf -@@ -1361,7 +1361,7 @@ my %targets = ( +@@ -1369,7 +1369,7 @@ my %targets = ( # prefer [non-debug] openssl.exe to be free from Micorosoft RTL # redistributable. bin_cflags => add(picker(debug => "/MDd", @@ -39,7 +39,7 @@ index 23ffe16245..cd448e5483 100644 ts = gmtime(timer); if (ts == NULL) diff --git a/e_os.h b/e_os.h -index 514de967a9..49b68d10a3 100644 +index 9e2f14072f..70ef508971 100644 --- a/e_os.h +++ b/e_os.h @@ -139,7 +139,7 @@ static __inline unsigned int _strlen31(const char *str) @@ -51,6 +51,28 @@ index 514de967a9..49b68d10a3 100644 # undef stdin # undef stdout # undef stderr +@@ -147,6 +147,21 @@ FILE *__iob_func(); + # define stdin (&__iob_func()[0]) + # define stdout (&__iob_func()[1]) + # define stderr (&__iob_func()[2]) ++#else ++# undef stdin ++# undef stdout ++# undef stderr ++ /* ++ * pre-1300 has __p__iob(), but it's available only in msvcrt.lib, ++ * or in other words with /MD. Declaring implicit import, i.e. with ++ * _imp_ prefix, works correctly with all compiler options, but ++ * without /MD results in LINK warning LNK4049: 'locally defined ++ * symbol "__iob" imported'. ++ */ ++extern FILE *_imp___iob; ++# define stdin (&_imp___iob[0]) ++# define stdout (&_imp___iob[1]) ++# define stderr (&_imp___iob[2]) + #endif + # endif + # endif diff --git a/engines/e_capi.c b/engines/e_capi.c index 6f223a6922..045d1368fd 100644 --- a/engines/e_capi.c - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [External] : Re: JDK 19: Rampdown Phase 1 + EA builds 26 & JDK 20: EA builds 1
Noted, thanks for the feedback! --David On 15/06/2022 12:32, Martin Grigorov wrote: Hi David, Apache Tomcat's build and tests pass successfully with JDK 19-ea+26-2060 and 20-ea+1-3 on Linux x86_64 and aarch64! Regards, Martin On Tue, Jun 14, 2022 at 11:00 AM Martin Grigorov wrote: Hello Tomcat devs, The following test fails with JDK 19 b26: [concat] Testsuites with failed tests: [concat] TEST-javax.el.TestImportHandlerStandardPackages.APR.txt [concat] TEST-javax.el.TestImportHandlerStandardPackages.NIO.txt [concat] TEST-javax.el.TestImportHandlerStandardPackages.NIO2.txt Testsuite: javax.el.TestImportHandlerStandardPackages Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.35 sec Testcase: testClassListsAreComplete took 0.326 sec FAILED java.lang.MatchException junit.framework.AssertionFailedError: java.lang.MatchException at javax.el.TestImportHandlerStandardPackages.lambda$checkPackageClassList$13(TestImportHandlerStandardPackages.java:87) at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) at java.base/jdk.internal.module.SystemModuleFinders$ModuleContentSpliterator.tryAdvance(SystemModuleFinders.java:573) at java.base/java.util.Spliterator.forEachRemaining(Spliterator.java:332) at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596) at javax.el.TestImportHandlerStandardPackages.checkPackageClassList(TestImportHandlerStandardPackages.java:87) at javax.el.TestImportHandlerStandardPackages.testClassListsAreComplete(TestImportHandlerStandardPackages.java:49) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) On Mon, Jun 13, 2022 at 4:46 PM David Delabassee wrote: Greetings! JDK 19 has now entered Rampdown Phase One (RDP1) [1], which means that the main-line has been forked into a dedicated JDK 19 stabilization repository. At this point, the overall JDK 19 feature set is frozen and no additional JEPs will be targeted to JDK 19. The stabilization repository is open for select bug fixes and, with approval, late low-risk enhancements per the JDK Release Process [2]. Any change pushed to the main line is now bound for JDK 20, unless it is explicitly back-ported to JDK 19. The next few weeks should be leveraged to try to identify and resolve as many issues as possible, i.e. before JDK 19 enters the Release Candidates phase. Moreover, we encourage you to test your project with the `enable-preview` flag as described in this Quality Outreach Heads-up [3], and even if you don't intend to use Virtual Threads in the near future. [1] https://mail.openjdk.java.net/pipermail/jdk-dev/2022-June/006735.html [2]
[tomcat] branch 9.0.x updated: Fix references to the org.apache.tomcat.util.threads.res package
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 8a74961481 Fix references to the org.apache.tomcat.util.threads.res package 8a74961481 is described below commit 8a74961481141755af83c8b242f53ccb06d33fd1 Author: Mark Thomas AuthorDate: Wed Jun 15 14:49:15 2022 +0100 Fix references to the org.apache.tomcat.util.threads.res package The files were moved to org.apache.tomcat.util.threads --- res/bnd/tomcat-embed-core.jar.tmp.bnd | 3 +-- res/bnd/tomcat-util.jar.tmp.bnd| 3 +-- res/graal/tomcat-embed-core/native-image/tomcat-resource.json | 2 +- .../tomcat-embed-programmatic/native-image/tomcat-resource.json| 2 +- webapps/docs/changelog.xml | 7 +++ 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/res/bnd/tomcat-embed-core.jar.tmp.bnd b/res/bnd/tomcat-embed-core.jar.tmp.bnd index c41a851dde..7b9966416b 100644 --- a/res/bnd/tomcat-embed-core.jar.tmp.bnd +++ b/res/bnd/tomcat-embed-core.jar.tmp.bnd @@ -93,8 +93,7 @@ Export-Package: \ org.apache.tomcat.util.bcel,\ org.apache.tomcat.util.http.fileupload.util.mime,\ org.apache.tomcat.util.json,\ -org.apache.tomcat.util.net.jsse,\ -org.apache.tomcat.util.threads.res +org.apache.tomcat.util.net.jsse -includeresource.notice2: META-INF/NOTICE=${tomcat.output}/manifests/servlet-api.jar.notice -includeresource.license2: META-INF/LICENSE=${tomcat.output}/manifests/servlet-api.jar.license diff --git a/res/bnd/tomcat-util.jar.tmp.bnd b/res/bnd/tomcat-util.jar.tmp.bnd index 1a36c40674..f687924d3b 100644 --- a/res/bnd/tomcat-util.jar.tmp.bnd +++ b/res/bnd/tomcat-util.jar.tmp.bnd @@ -29,8 +29,7 @@ Export-Package: \ org.apache.tomcat.util.threads -includepackage: \ -org.apache.tomcat.util.json,\ -org.apache.tomcat.util.threads.res +org.apache.tomcat.util.json -jpms-module-info: \ ${module.name};\ diff --git a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json index 4b5cc5d34f..e23572b6e8 100644 --- a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json +++ b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json @@ -45,7 +45,7 @@ {"name":"org.apache.tomcat.util.net.LocalStrings"}, {"name":"org.apache.tomcat.util.scan.LocalStrings"}, {"name":"org.apache.tomcat.util.security.LocalStrings"}, -{"name":"org.apache.tomcat.util.threads.res.LocalStrings"} +{"name":"org.apache.tomcat.util.threads.LocalStrings"} ], "resources":[ {"pattern":".*/mbeans-descriptors.xml$"}, diff --git a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json index bf5ca8068e..135d134f92 100644 --- a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json +++ b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json @@ -34,7 +34,7 @@ {"name":"org.apache.tomcat.util.net.LocalStrings"}, {"name":"org.apache.tomcat.util.scan.LocalStrings"}, {"name":"org.apache.tomcat.util.security.LocalStrings"}, -{"name":"org.apache.tomcat.util.threads.res.LocalStrings"} +{"name":"org.apache.tomcat.util.threads.LocalStrings"} ], "resources":[ {"pattern":".*/Authenticators.properties$"}, diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3b8fdfd1a8..eca857cc50 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -172,6 +172,13 @@ Update the packaged version of the Tomcat Native Library to 1.2.34 to improve the support for building with OpenSSL 3.0.x.(markt) + +Remove and/or update references to the removed +org.apache.tomcat.util.threads.res package. The +LocalStrings*.properties files in that package were moved +to org.apache.tomcat.util.threads package for consistency +with the rest of the Tomcat code base. + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Fix references to the org.apache.tomcat.util.threads.res package
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new 9dd2c8a053 Fix references to the org.apache.tomcat.util.threads.res package 9dd2c8a053 is described below commit 9dd2c8a053deda8a9634b930fb8e22f3604781d1 Author: Mark Thomas AuthorDate: Wed Jun 15 14:49:15 2022 +0100 Fix references to the org.apache.tomcat.util.threads.res package The files were moved to org.apache.tomcat.util.threads --- res/bnd/tomcat-embed-core.jar.tmp.bnd | 3 +-- res/bnd/tomcat-util.jar.tmp.bnd| 3 +-- res/graal/tomcat-embed-core/native-image/tomcat-resource.json | 2 +- .../tomcat-embed-programmatic/native-image/tomcat-resource.json| 2 +- webapps/docs/changelog.xml | 7 +++ 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/res/bnd/tomcat-embed-core.jar.tmp.bnd b/res/bnd/tomcat-embed-core.jar.tmp.bnd index 0a09ef43c9..47914e68e2 100644 --- a/res/bnd/tomcat-embed-core.jar.tmp.bnd +++ b/res/bnd/tomcat-embed-core.jar.tmp.bnd @@ -93,8 +93,7 @@ Export-Package: \ org.apache.tomcat.util.bcel,\ org.apache.tomcat.util.http.fileupload.util.mime,\ org.apache.tomcat.util.json,\ -org.apache.tomcat.util.net.jsse,\ -org.apache.tomcat.util.threads.res +org.apache.tomcat.util.net.jsse -includeresource.notice2: META-INF/NOTICE=${tomcat.output}/manifests/servlet-api.jar.notice -includeresource.license2: META-INF/LICENSE=${tomcat.output}/manifests/servlet-api.jar.license diff --git a/res/bnd/tomcat-util.jar.tmp.bnd b/res/bnd/tomcat-util.jar.tmp.bnd index 1a36c40674..f687924d3b 100644 --- a/res/bnd/tomcat-util.jar.tmp.bnd +++ b/res/bnd/tomcat-util.jar.tmp.bnd @@ -29,8 +29,7 @@ Export-Package: \ org.apache.tomcat.util.threads -includepackage: \ -org.apache.tomcat.util.json,\ -org.apache.tomcat.util.threads.res +org.apache.tomcat.util.json -jpms-module-info: \ ${module.name};\ diff --git a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json index 3c8d07966c..e356bab9fb 100644 --- a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json +++ b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json @@ -45,7 +45,7 @@ {"name":"org.apache.tomcat.util.net.LocalStrings"}, {"name":"org.apache.tomcat.util.scan.LocalStrings"}, {"name":"org.apache.tomcat.util.security.LocalStrings"}, -{"name":"org.apache.tomcat.util.threads.res.LocalStrings"} +{"name":"org.apache.tomcat.util.threads.LocalStrings"} ], "resources":[ {"pattern":".*/mbeans-descriptors.xml$"}, diff --git a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json index 1ac95cf2d0..b084fa0b7a 100644 --- a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json +++ b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json @@ -34,7 +34,7 @@ {"name":"org.apache.tomcat.util.net.LocalStrings"}, {"name":"org.apache.tomcat.util.scan.LocalStrings"}, {"name":"org.apache.tomcat.util.security.LocalStrings"}, -{"name":"org.apache.tomcat.util.threads.res.LocalStrings"} +{"name":"org.apache.tomcat.util.threads.LocalStrings"} ], "resources":[ {"pattern":".*/Authenticators.properties$"}, diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 6466203bdc..1b4155f904 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -172,6 +172,13 @@ Update the packaged version of the Tomcat Native Library to 1.2.34 to improve the support for building with OpenSSL 3.0.x.(markt) + +Remove and/or update references to the removed +org.apache.tomcat.util.threads.res package. The +LocalStrings*.properties files in that package were moved +to org.apache.tomcat.util.threads package for consistency +with the rest of the Tomcat code base. + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix references to the org.apache.tomcat.util.threads.res package
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 2783ce33ae Fix references to the org.apache.tomcat.util.threads.res package 2783ce33ae is described below commit 2783ce33aeef6aeaab9aa161d1a982feb11723fa Author: Mark Thomas AuthorDate: Wed Jun 15 14:49:15 2022 +0100 Fix references to the org.apache.tomcat.util.threads.res package The files were moved to org.apache.tomcat.util.threads --- res/bnd/tomcat-embed-core.jar.tmp.bnd | 3 +-- res/bnd/tomcat-util.jar.tmp.bnd| 3 +-- res/graal/tomcat-embed-core/native-image/tomcat-resource.json | 2 +- .../tomcat-embed-programmatic/native-image/tomcat-resource.json| 2 +- webapps/docs/changelog.xml | 7 +++ 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/res/bnd/tomcat-embed-core.jar.tmp.bnd b/res/bnd/tomcat-embed-core.jar.tmp.bnd index 41474fe2f8..314f672019 100644 --- a/res/bnd/tomcat-embed-core.jar.tmp.bnd +++ b/res/bnd/tomcat-embed-core.jar.tmp.bnd @@ -93,8 +93,7 @@ Export-Package: \ org.apache.tomcat.util.bcel,\ org.apache.tomcat.util.http.fileupload.util.mime,\ org.apache.tomcat.util.json,\ -org.apache.tomcat.util.net.jsse,\ -org.apache.tomcat.util.threads.res +org.apache.tomcat.util.net.jsse -includeresource.notice2: META-INF/NOTICE=${tomcat.output}/manifests/servlet-api.jar.notice -includeresource.license2: META-INF/LICENSE=${tomcat.output}/manifests/servlet-api.jar.license diff --git a/res/bnd/tomcat-util.jar.tmp.bnd b/res/bnd/tomcat-util.jar.tmp.bnd index 1a36c40674..f687924d3b 100644 --- a/res/bnd/tomcat-util.jar.tmp.bnd +++ b/res/bnd/tomcat-util.jar.tmp.bnd @@ -29,8 +29,7 @@ Export-Package: \ org.apache.tomcat.util.threads -includepackage: \ -org.apache.tomcat.util.json,\ -org.apache.tomcat.util.threads.res +org.apache.tomcat.util.json -jpms-module-info: \ ${module.name};\ diff --git a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json index 3c8d07966c..e356bab9fb 100644 --- a/res/graal/tomcat-embed-core/native-image/tomcat-resource.json +++ b/res/graal/tomcat-embed-core/native-image/tomcat-resource.json @@ -45,7 +45,7 @@ {"name":"org.apache.tomcat.util.net.LocalStrings"}, {"name":"org.apache.tomcat.util.scan.LocalStrings"}, {"name":"org.apache.tomcat.util.security.LocalStrings"}, -{"name":"org.apache.tomcat.util.threads.res.LocalStrings"} +{"name":"org.apache.tomcat.util.threads.LocalStrings"} ], "resources":[ {"pattern":".*/mbeans-descriptors.xml$"}, diff --git a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json index 1ac95cf2d0..b084fa0b7a 100644 --- a/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json +++ b/res/graal/tomcat-embed-programmatic/native-image/tomcat-resource.json @@ -34,7 +34,7 @@ {"name":"org.apache.tomcat.util.net.LocalStrings"}, {"name":"org.apache.tomcat.util.scan.LocalStrings"}, {"name":"org.apache.tomcat.util.security.LocalStrings"}, -{"name":"org.apache.tomcat.util.threads.res.LocalStrings"} +{"name":"org.apache.tomcat.util.threads.LocalStrings"} ], "resources":[ {"pattern":".*/Authenticators.properties$"}, diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 9c2a5c26d2..059e3a9d77 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -177,6 +177,13 @@ the removal of the deprecated Java API associated with features that will be removed in Tomcat Native 2.0.x. (markt) + +Remove and/or update references to the removed +org.apache.tomcat.util.threads.res package. The +LocalStrings*.properties files in that package were moved +to org.apache.tomcat.util.threads package for consistency +with the rest of the Tomcat code base. + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 02/03: Update OpenSSL patch for 3.0.x based on 3.0.3
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 0bc92cc3dd5828f03588bfe240b0c01cbe0caeb4 Author: Mark Thomas AuthorDate: Wed Jun 15 12:01:13 2022 +0100 Update OpenSSL patch for 3.0.x based on 3.0.3 --- ...vcrt-1.1.1.patch => openssl-msvcrt-3.0.3.patch} | 77 +++--- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/native/srclib/openssl/openssl-msvcrt-1.1.1.patch b/native/srclib/openssl/openssl-msvcrt-3.0.3.patch similarity index 53% rename from native/srclib/openssl/openssl-msvcrt-1.1.1.patch rename to native/srclib/openssl/openssl-msvcrt-3.0.3.patch index d0d896107..1e2ef4d48 100644 --- a/native/srclib/openssl/openssl-msvcrt-1.1.1.patch +++ b/native/srclib/openssl/openssl-msvcrt-3.0.3.patch @@ -1,6 +1,8 @@ Configurations/10-main.conf -+++ Configurations/10-main.conf -@@ -1268,7 +1268,7 @@ +diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf +index a7294d2ad1..24c887f8d3 100644 +--- a/Configurations/10-main.conf b/Configurations/10-main.conf +@@ -1361,7 +1361,7 @@ my %targets = ( # prefer [non-debug] openssl.exe to be free from Micorosoft RTL # redistributable. bin_cflags => add(picker(debug => "/MDd", @@ -9,32 +11,51 @@ )), bin_lflags => add("/subsystem:console /opt:ref"), ex_libs => add(sub { crypto/engine/eng_openssl.c -+++ crypto/engine/eng_openssl.c -@@ -9,6 +9,7 @@ - */ +diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c +index 91656e6b80..cf51ed08fe 100644 +--- a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c +@@ -18,6 +18,7 @@ + #include "internal/deprecated.h" #include +#include "e_os.h" #include #include "internal/cryptlib.h" - #include "internal/engine.h" crypto/o_time.c -+++ crypto/o_time.c -@@ -41,10 +41,6 @@ + #include "crypto/engine.h" +diff --git a/crypto/o_time.c b/crypto/o_time.c +index 23ffe16245..cd448e5483 100644 +--- a/crypto/o_time.c b/crypto/o_time.c +@@ -41,10 +41,6 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; --#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 +-#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) -if (gmtime_s(result, timer)) -return NULL; -ts = result; #else ts = gmtime(timer); if (ts == NULL) engines/e_capi.c -+++ engines/e_capi.c -@@ -15,6 +15,7 @@ +diff --git a/e_os.h b/e_os.h +index 514de967a9..49b68d10a3 100644 +--- a/e_os.h b/e_os.h +@@ -139,7 +139,7 @@ static __inline unsigned int _strlen31(const char *str) + # endif + # include + # if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) +-#if _MSC_VER>=1300 && _MSC_VER<1600 ++#ifdef _WIN64 + # undef stdin + # undef stdout + # undef stderr +diff --git a/engines/e_capi.c b/engines/e_capi.c +index 6f223a6922..045d1368fd 100644 +--- a/engines/e_capi.c b/engines/e_capi.c +@@ -18,6 +18,7 @@ # include # include @@ -42,8 +63,10 @@ # include # include # include test/testutil/basic_output.c -+++ test/testutil/basic_output.c +diff --git a/test/testutil/basic_output.c b/test/testutil/basic_output.c +index 92f3de9300..47a4f19901 100644 +--- a/test/testutil/basic_output.c b/test/testutil/basic_output.c @@ -10,6 +10,7 @@ #include "../testutil.h" #include "output.h" @@ -52,23 +75,3 @@ #include #include e_os.h -+++ e_os.h -@@ -149,7 +149,7 @@ - # endif - # include - # if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) --#if _MSC_VER>=1300 && _MSC_VER<1600 -+#ifdef _WIN64 - # undef stdin - # undef stdout - # undef stderr -@@ -157,7 +157,7 @@ - # define stdin (&__iob_func()[0]) - # define stdout (&__iob_func()[1]) - # define stderr (&__iob_func()[2]) --#elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049) -+#else - # undef stdin - # undef stdout - # undef stderr - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/03: IPv6 patches no longer required
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 058f6ffa6c73546d63317eb170e153d106e54ad5 Author: Mark Thomas AuthorDate: Wed Jun 15 11:34:02 2022 +0100 IPv6 patches no longer required Tomcat Native 2.0.x doesn't perform any network IO, only TLS encryption and decryption. --- native/srclib/apr/apr-enable-ipv6.patch | 11 --- native/srclib/apr/win-ipv6.patch| 125 2 files changed, 136 deletions(-) diff --git a/native/srclib/apr/apr-enable-ipv6.patch b/native/srclib/apr/apr-enable-ipv6.patch deleted file mode 100644 index a58721c01..0 --- a/native/srclib/apr/apr-enable-ipv6.patch +++ /dev/null @@ -1,11 +0,0 @@ /include/apr.hw -+++ /include/apr.hw -@@ -367,7 +367,7 @@ - /* If we have a TCP implementation that can be "corked", what flag - * do we use? - */ --#define APR_TCP_NOPUSH_FLAG @apr_tcp_nopush_flag@ -+#define APR_TCP_NOPUSH_FLAG 0 - - /* Is the TCP_NODELAY socket option inherited from listening sockets? - */ diff --git a/native/srclib/apr/win-ipv6.patch b/native/srclib/apr/win-ipv6.patch deleted file mode 100644 index 103987242..0 --- a/native/srclib/apr/win-ipv6.patch +++ /dev/null @@ -1,125 +0,0 @@ -Index: apr/apr/branches/1.7.x/include/arch/win32/apr_arch_misc.h -=== apr/apr/branches/1.7.x/include/arch/win32/apr_arch_misc.h (revision 1890229) -+++ apr/apr/branches/1.7.x/include/arch/win32/apr_arch_misc.h (revision 1890230) -@@ -110,7 +110,11 @@ - APR_WIN_XP_SP2 = 62, - APR_WIN_2003 = 70, - APR_WIN_VISTA =80, --APR_WIN_7 =90 -+APR_WIN_7 =90, -+APR_WIN_7_SP1 =91, -+APR_WIN_8 = 100, -+APR_WIN_8_1 = 110, -+APR_WIN_10 = 120 - } apr_oslevel_e; - - extern APR_DECLARE_DATA apr_oslevel_e apr_os_level; -Index: apr/apr/branches/1.7.x/misc/win32/misc.c -=== apr/apr/branches/1.7.x/misc/win32/misc.c (revision 1890229) -+++ apr/apr/branches/1.7.x/misc/win32/misc.c (revision 1890230) -@@ -27,25 +27,15 @@ - { - if (apr_os_level == APR_WIN_UNK) - { --static OSVERSIONINFO oslev; --oslev.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); --GetVersionEx(); -+OSVERSIONINFOEXW oslev; -+oslev.dwOSVersionInfoSize = sizeof(oslev); -+if (!GetVersionExW((OSVERSIONINFOW*) )) { -+return apr_get_os_error(); -+} - - if (oslev.dwPlatformId == VER_PLATFORM_WIN32_NT) - { --static unsigned int servpack = 0; --TCHAR *pservpack; --if ((pservpack = oslev.szCSDVersion)) { --while (*pservpack && !apr_isdigit(*pservpack)) { --pservpack++; --} --if (*pservpack) --#ifdef _UNICODE --servpack = _wtoi(pservpack); --#else --servpack = atoi(pservpack); --#endif --} -+unsigned int servpack = oslev.wServicePackMajor; - - if (oslev.dwMajorVersion < 3) { - apr_os_level = APR_WIN_UNSUP; -@@ -99,11 +89,19 @@ - else if (oslev.dwMajorVersion == 6) { - if (oslev.dwMinorVersion == 0) - apr_os_level = APR_WIN_VISTA; -+else if (oslev.dwMinorVersion == 1) { -+if (servpack < 1) -+apr_os_level = APR_WIN_7; -+else -+apr_os_level = APR_WIN_7_SP1; -+} -+else if (oslev.dwMinorVersion == 2) -+apr_os_level = APR_WIN_8; - else --apr_os_level = APR_WIN_7; -+apr_os_level = APR_WIN_8_1; - } - else { --apr_os_level = APR_WIN_XP; -+apr_os_level = APR_WIN_10; - } - } - #ifndef WINNT -@@ -151,7 +149,7 @@ - - *level = apr_os_level; - --if (apr_os_level < APR_WIN_UNSUP) { -+if (apr_os_level <= APR_WIN_UNSUP) { - return APR_EGENERAL; - } - -Index: apr/apr/branches/1.7.x/network_io/win32/sockets.c -=== apr/apr/branches/1.7.x/network_io/win32/sockets.c (revision 1890229) -+++ apr/apr/branches/1.7.x/network_io/win32/sockets.c (revision 1890230) -@@ -24,6 +24,13 @@ - #include "apr_arch_inherit.h" - #include "apr_arch_misc.h" - -+/* Borrow the definition of SOMAXCONN_HINT() from Windows SDK 8, -+ * in case the SDK we are building against doesn't have it. -+ */ -+#ifndef SOMAXCONN_HINT -+#define SOMAXCONN_HINT(b) (-(b)) -+#endif -+ - static char generic_inaddr_any[16] = {0}; /* big enough for IPv4 or IPv6 */ - - static
[tomcat-native] 03/03: Update docs etc for changes in Tomcat Native 2.0.x
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit aa3e7f5969c78426d81d7847eb67825d7d54ac1b Author: Mark Thomas AuthorDate: Wed Jun 15 12:01:51 2022 +0100 Update docs etc for changes in Tomcat Native 2.0.x --- README.txt | 13 ++ native/BUILDING | 123 xdocs/index.xml | 71 +--- 3 files changed, 94 insertions(+), 113 deletions(-) diff --git a/README.txt b/README.txt index e004aadb8..ca5213fab 100644 --- a/README.txt +++ b/README.txt @@ -5,10 +5,9 @@ What is it? --- -The Apache Tomcat Native Library provides portable API for features -not found in contemporary JDK's. It uses Apache Portable Runtime as -operating system abstraction layer and OpenSSL for SSL networking and -allows optimal performance in production environments. +The Apache Tomcat Native Library is an optional component for use with +Apache Tomcat that allows Tomcat to use OpenSSL as a replacement for JSSE +to support TLS connections. Licensing @@ -30,15 +29,11 @@ included in HTML format in the docs directory. The most up-to-date documentation can be found at http://tomcat.apache.org/native-doc/ -Documentation about the Tomcat APR connector which is based -on this library can be found at -http://tomcat.apache.org/tomcat-9.0-doc/apr.html. - Building -To build the Java API. Note that Java 1.8 is required to build the Java API. +To build the Java API. Note that Java 11 is required to build the Java API. > ant To build the native part see native/BUILDING. diff --git a/native/BUILDING b/native/BUILDING index 9bf7cc6e9..0e6763d61 100644 --- a/native/BUILDING +++ b/native/BUILDING @@ -20,8 +20,8 @@ Linux / Unix / OSX (dynamic linking) 1. Prerequisites - Install OpenSSL version 1.0.2 or higher - Install APR version 1.4.3 or higher. + Install OpenSSL version 3.0.0 or higher + Install APR version 1.7.0 or higher. Download and expand the source package or use an git checkout > cd native @@ -38,26 +38,19 @@ Linux / Unix / OSX (dynamic linking) > configure --with-apr=apr_install_location --with-ssl=openssl_install_location > make - This should produce a file named libtcnative-1.so + This should produce a file named libtcnative-2.so - Note: To build without SSL support use: - - > configure --disable-openssl --with-apr=apr_install_location - Linux / Unix / OSX (static linking) === -1. Build static version of OpenSSL 1.0.2 or later +1. Build static version of OpenSSL 3.0.0 or later - > ./Configure --prefix=~/natives/openssl no-shared -fPIC + > ./Configure --prefix=~/natives/openssl enable-fips > make - > make install_sw - - Note: For the Solaris platform you should use -KPIC instead -fPIC so that the - library is compiled with position independent code. + > make install -2. Build static version of APR 1.4.0 or later +2. Build static version of APR 1.7.0 or later > ./configure --prefix=~/natives/apr > make @@ -67,7 +60,7 @@ Linux / Unix / OSX (static linking) 3. Ensure the static APR library is used - Edit the ~/natives/apr/lib/libapr-1.la file and comment or delete the + Edit the ~/natives/apr/lib/libapr-2.la file and comment or delete the following sections: dlname='...' and library_names='...' This is needed so that libtool picks the static version of the library. @@ -93,59 +86,85 @@ Windows 3. Build APR Unpack the APR source distribution into native\srclib\apr - Apply apr-enable-ipv6.patch - + > c:\cmsc\setenv.bat /x86 > nmake -f NMAKEmakefile BUILD_CPU=x86 APR_DECLARE_STATIC=1 - > mkdir WINXP_X86_LIB_RELEASE\include - > mkdir WINXP_X86_LIB_RELEASE\lib - > xcopy /E include WINXP_X86_LIB_RELEASE\include\ - > copy WINXP_X86_LIB_RELEASE\apr-1.lib WINXP_X86_LIB_RELEASE\lib - + > c:\cmsc\setenv.bat /x64 > nmake -f NMAKEmakefile BUILD_CPU=x64 APR_DECLARE_STATIC=1 - > mkdir WINXP_X64_LIB_RELEASE\include - > mkdir WINXP_X64_LIB_RELEASE\lib - > xcopy /E include WINXP_X64_LIB_RELEASE\include\ - > copy WINXP_X64_LIB_RELEASE\apr-1.lib WINXP_X64_LIB_RELEASE\lib - + 4. Build OpenSSL - Unpack the OpenSSL source distribution into native\srclib\openssl - Apply openssl-msvcrt.patch - + > cd ..\openssl + + Unpack the OpenSSL 3.0.x source distribution in this directory + + Apply openssl-msvcrt-3.0.x.patch. Note that you may need to skip and/or use an offset to get the patch to apply. + > c:\cmsc\setenv.bat /x86 - > perl Configure VC-WIN32 - > ms\do_nasm - > nmake -f ms\nt.mak - > mkdir release-x86 - > mkdir release-x86\include - > mkdir release-x86\lib - > xcopy /E inc32 release-x86\include\ - > copy out32\*.lib release-x86\lib\ + > perl Configure no-shared VC-WIN32 + >
[tomcat-native] branch main updated (25a99b684 -> aa3e7f596)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git from 25a99b684 Ignore local build configuration new 058f6ffa6 IPv6 patches no longer required new 0bc92cc3d Update OpenSSL patch for 3.0.x based on 3.0.3 new aa3e7f596 Update docs etc for changes in Tomcat Native 2.0.x The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: README.txt | 13 +-- native/BUILDING| 123 +++- native/srclib/apr/apr-enable-ipv6.patch| 11 -- native/srclib/apr/win-ipv6.patch | 125 - ...vcrt-1.1.1.patch => openssl-msvcrt-3.0.3.patch} | 77 +++-- xdocs/index.xml| 71 6 files changed, 134 insertions(+), 286 deletions(-) delete mode 100644 native/srclib/apr/apr-enable-ipv6.patch delete mode 100644 native/srclib/apr/win-ipv6.patch rename native/srclib/openssl/{openssl-msvcrt-1.1.1.patch => openssl-msvcrt-3.0.3.patch} (53%) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: JDK 19: Rampdown Phase 1 + EA builds 26 & JDK 20: EA builds 1
Hi David, Apache Tomcat's build and tests pass successfully with JDK 19-ea+26-2060 and 20-ea+1-3 on Linux x86_64 and aarch64! Regards, Martin On Tue, Jun 14, 2022 at 11:00 AM Martin Grigorov wrote: > Hello Tomcat devs, > > The following test fails with JDK 19 b26: > > [concat] Testsuites with failed tests: >[concat] TEST-javax.el.TestImportHandlerStandardPackages.APR.txt >[concat] TEST-javax.el.TestImportHandlerStandardPackages.NIO.txt >[concat] TEST-javax.el.TestImportHandlerStandardPackages.NIO2.txt > > > Testsuite: javax.el.TestImportHandlerStandardPackages > Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.35 sec > > Testcase: testClassListsAreComplete took 0.326 sec > FAILED > java.lang.MatchException > junit.framework.AssertionFailedError: java.lang.MatchException > at > javax.el.TestImportHandlerStandardPackages.lambda$checkPackageClassList$13(TestImportHandlerStandardPackages.java:87) > at > java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) > at > java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) > at > java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) > at > java.base/jdk.internal.module.SystemModuleFinders$ModuleContentSpliterator.tryAdvance(SystemModuleFinders.java:573) > at > java.base/java.util.Spliterator.forEachRemaining(Spliterator.java:332) > at > java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) > at > java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) > at > java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) > at > java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) > at > java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) > at > java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596) > at > javax.el.TestImportHandlerStandardPackages.checkPackageClassList(TestImportHandlerStandardPackages.java:87) > at > javax.el.TestImportHandlerStandardPackages.testClassListsAreComplete(TestImportHandlerStandardPackages.java:49) > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) > > > On Mon, Jun 13, 2022 at 4:46 PM David Delabassee < > david.delabas...@oracle.com> wrote: > >> Greetings! >> >> JDK 19 has now entered Rampdown Phase One (RDP1) [1], which means that >> the main-line has been forked into a dedicated JDK 19 stabilization >> repository. At this point, the overall JDK 19 feature set is frozen and >> no additional JEPs will be targeted to JDK 19. The stabilization >> repository is open for select bug fixes and, with approval, late >> low-risk enhancements per the JDK Release Process [2]. Any change pushed >> to the main line is now bound for JDK 20, unless it is explicitly >> back-ported to JDK 19. >> >> The next few weeks should be leveraged to try to identify and resolve as >> many issues as possible, i.e. before JDK 19 enters the Release >> Candidates phase. Moreover, we encourage you to test your project with >> the `enable-preview` flag as described in this Quality Outreach Heads-up >> [3], and even if you don't intend to use Virtual Threads in the near >> future. >> >> [1] https://mail.openjdk.java.net/pipermail/jdk-dev/2022-June/006735.html >> [2] https://openjdk.java.net/jeps/3 >> [3] https://inside.java/2022/05/16/quality-heads-up/ >> >> >> ## Heads-up - openjdk.java.net ➜ openjdk.org DNS transition >> >> The OpenJDK infrastructure is moving from the old openjdk.java.net >> subdomain to the openjdk.org top-level domain. This will affect all >> active subdomains (i.e., bugs, cr, db, git, hg, mail, and wiki)
[tomcat-native] 02/02: Ignore local build configuration
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 25a99b6845c8e98e842e8ad3239692173f11df92 Author: Mark Thomas AuthorDate: Wed Jun 15 10:43:09 2022 +0100 Ignore local build configuration --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 58107b33f..5239107b6 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,5 @@ **/*.lo **/*.o + +build.properties - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/02: Remove tests that depend on removed API
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 7cfcb51ad0058692c53483d68c633e60e5a7afa0 Author: Mark Thomas AuthorDate: Wed Jun 15 10:37:01 2022 +0100 Remove tests that depend on removed API --- test/org/apache/tomcat/jni/AbstractJniTest.java| 46 test/org/apache/tomcat/jni/TestFile.java | 67 -- test/org/apache/tomcat/jni/TestSocketServer.java | 233 - .../jni/TestSocketServerAnyLocalAddress.java | 207 -- 4 files changed, 553 deletions(-) diff --git a/test/org/apache/tomcat/jni/AbstractJniTest.java b/test/org/apache/tomcat/jni/AbstractJniTest.java deleted file mode 100644 index 84ed1ac29..0 --- a/test/org/apache/tomcat/jni/AbstractJniTest.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.tomcat.jni; - -import org.junit.After; -import org.junit.Assume; -import org.junit.Before; - -public abstract class AbstractJniTest { - -private boolean nativeLibraryPresent = false; - -@Before -public void initBase() throws Exception { -try { -Library.initialize(null); -nativeLibraryPresent = true; -} catch (LibraryNotFoundError lnfe) { -nativeLibraryPresent = false; -} -Assume.assumeTrue("APR Library not found", nativeLibraryPresent); -} - - -@After -public void destroyBase() { -if (nativeLibraryPresent) { -Library.terminate(); -} -} - -} diff --git a/test/org/apache/tomcat/jni/TestFile.java b/test/org/apache/tomcat/jni/TestFile.java deleted file mode 100644 index 433939f22..0 --- a/test/org/apache/tomcat/jni/TestFile.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.tomcat.jni; - -import org.junit.Assert; -import org.junit.Test; - - -public class TestFile extends AbstractJniTest { - -@Test -public void testInfoGet() throws Exception { -String testFile = "test/org/apache/tomcat/jni/TestFile.java"; -java.io.File file = new java.io.File(testFile); -Assert.assertTrue("File " + testFile + " does not exist!", file.exists()); - -Library.initialize(null); -long pool = Pool.create(0L); -int openFlags = File.APR_FOPEN_READ | File.APR_FOPEN_BUFFERED | File.APR_FOPEN_XTHREAD; -int openPermissions = File.APR_FPROT_OS_DEFAULT; -int statFlags = File.APR_FINFO_MIN; -long fd = File.open(testFile, openFlags, openPermissions, pool); -FileInfo fileInfo = new FileInfo(); -for (int i = 0; i < 10; i++) { -org.apache.tomcat.jni.File.infoGet(fileInfo, statFlags, fd); -@SuppressWarnings("unused") -String info = inspectFileInfo(fileInfo); -} -} - -public static String inspectFileInfo(FileInfo fileInfo) { -String result = fileInfo.toString() + " : {" + -String.format("\n pool : %d", Long.valueOf(fileInfo.pool)) + -String.format("\n valid : %d", Integer.valueOf(fileInfo.valid)) + -String.format("\n protection : %d", Integer.valueOf(fileInfo.protection)) + -String.format("\n filetype : %d", Integer.valueOf(fileInfo.filetype)) + -
[tomcat-native] branch main updated (e8334bd46 -> 25a99b684)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git from e8334bd46 Remove the examples since they depend on removed JNI API new 7cfcb51ad Remove tests that depend on removed API new 25a99b684 Ignore local build configuration The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .gitignore | 2 + test/org/apache/tomcat/jni/AbstractJniTest.java| 46 test/org/apache/tomcat/jni/TestFile.java | 67 -- test/org/apache/tomcat/jni/TestSocketServer.java | 233 - .../jni/TestSocketServerAnyLocalAddress.java | 207 -- 5 files changed, 2 insertions(+), 553 deletions(-) delete mode 100644 test/org/apache/tomcat/jni/AbstractJniTest.java delete mode 100644 test/org/apache/tomcat/jni/TestFile.java delete mode 100644 test/org/apache/tomcat/jni/TestSocketServer.java delete mode 100644 test/org/apache/tomcat/jni/TestSocketServerAnyLocalAddress.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Remove the examples since they depend on removed JNI API
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new e8334bd46 Remove the examples since they depend on removed JNI API e8334bd46 is described below commit e8334bd46b160b471b4b86f1d57e909ddfc44d4a Author: Mark Thomas AuthorDate: Wed Jun 15 10:34:37 2022 +0100 Remove the examples since they depend on removed JNI API --- README.txt | 18 -- TODO.txt| 21 +- build.xml | 81 -- examples/mkcerts| 216 --- examples/org/apache/tomcat/jni/Echo.java| 347 examples/org/apache/tomcat/jni/Echo.properties | 17 -- examples/org/apache/tomcat/jni/Local.properties | 23 -- examples/org/apache/tomcat/jni/LocalServer.java | 190 - examples/org/apache/tomcat/jni/SSL.properties | 22 -- examples/org/apache/tomcat/jni/SSLServer.java | 245 - 10 files changed, 1 insertion(+), 1179 deletions(-) diff --git a/README.txt b/README.txt index 8ba008fc5..e004aadb8 100644 --- a/README.txt +++ b/README.txt @@ -55,24 +55,6 @@ or overwrite it in a new file build.properties. Now run "ant test". -Running the examples - - -Before running the examples you may have to set LD_LIBRARY_PATH, something like -LD_LIBRARY_PATH=/opt/SMAWoIS/openssl/lib; export LD_LIBRARY_PATH - -1) echo example: - - Choose some free port in - dist/classes/examples/org/apache/tomcat/jni/Echo.properties - - run: ant run-echo - -2) ssl server example: - - Change parameters in dist/classes/examples/org/apache/tomcat/jni/SSL.properties - according to your needs. The certificate and key should be in - dist/classes/examples. - - run: ant run-ssl-server - - Cryptographic Software Notice - diff --git a/TODO.txt b/TODO.txt index 36660a190..eb762c693 100644 --- a/TODO.txt +++ b/TODO.txt @@ -35,29 +35,10 @@ known attacks will not work even with old OpenSSL? Should we add a remark about this topic to the docs? -Java Tests and Examples - -- "ant run-echo": what is the expected behaviour of this example. - I couldn't get it to do something understandable. - Document the example in the README.txt. - -- "ant run-ssl-server": Could't we include a test certificate in the - distribution? - -- "ant run-ssl-server": What should the test produce, if run successfully? - Document the example in the README.txt. - -- "ant run-local-server": Creates a unix socket "\\.\PIPE\test" in the - examples directory, then waits. How is the test expected to work? - And the file name doesn't seem to be appropriate for Unix. - Document the example in the README.txt. - - Java Classes Source Distribution -Check on how to handle the test and examples classes. +Check on how to handle the test classes. I think they have no other home. diff --git a/build.xml b/build.xml index 19da1f138..a055ef21a 100644 --- a/build.xml +++ b/build.xml @@ -51,7 +51,6 @@ - @@ -74,12 +73,6 @@ - - - - - - @@ -330,78 +323,4 @@ limitations under the License.--"> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/examples/mkcerts b/examples/mkcerts deleted file mode 100644 index a611ca966..0 --- a/examples/mkcerts +++ /dev/null @@ -1,216 +0,0 @@ -#!/bin/sh -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR
[tomcat] branch 8.5.x updated: Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new a89c68ef5b Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider a89c68ef5b is described below commit a89c68ef5b4e71718f603281e4195b0db028e44f Author: Mark Thomas AuthorDate: Wed Jun 1 15:33:02 2022 +0100 Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider --- .../apache/catalina/core/AprLifecycleListener.java | 81 +++--- .../apache/catalina/core/LocalStrings.properties | 2 + webapps/docs/changelog.xml | 5 ++ webapps/docs/config/listeners.xml | 22 +++--- 4 files changed, 76 insertions(+), 34 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index aa13e1f0db..201e1761fc 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -78,6 +78,11 @@ public class AprLifecycleListener implements LifecycleListener { // -- Properties +private static int tcnMajor = 0; +private static int tcnMinor = 0; +private static int tcnPatch = 0; +private static int tcnVersion = 0; + protected static String SSLEngine = "on"; //default on protected static String FIPSMode = "off"; // default off, valid only when SSLEngine="on" protected static String SSLRandomSeed = "builtin"; @@ -191,12 +196,7 @@ public class AprLifecycleListener implements LifecycleListener { } @SuppressWarnings("deprecation") -private static void init() -{ -int major = 0; -int minor = 0; -int patch = 0; -int apver = 0; +private static void init() { int rqver = TCN_REQUIRED_MAJOR * 1000 + TCN_REQUIRED_MINOR * 100 + TCN_REQUIRED_PATCH; int rcver = TCN_RECOMMENDED_MAJOR * 1000 + TCN_RECOMMENDED_MINOR * 100 + TCN_RECOMMENDED_PV; @@ -207,10 +207,10 @@ public class AprLifecycleListener implements LifecycleListener { try { Library.initialize(null); -major = Library.TCN_MAJOR_VERSION; -minor = Library.TCN_MINOR_VERSION; -patch = Library.TCN_PATCH_VERSION; -apver = major * 1000 + minor * 100 + patch; +tcnMajor = Library.TCN_MAJOR_VERSION; +tcnMinor = Library.TCN_MINOR_VERSION; +tcnPatch = Library.TCN_PATCH_VERSION; +tcnVersion = tcnMajor * 1000 + tcnMinor * 100 + tcnPatch; } catch (LibraryNotFoundError lnfe) { // Library not on path if (log.isDebugEnabled()) { @@ -228,7 +228,7 @@ public class AprLifecycleListener implements LifecycleListener { log.warn(sm.getString("aprListener.aprInitError", t.getMessage()), t); return; } -if (major > 1 && "off".equalsIgnoreCase(SSLEngine)) { +if (tcnMajor > 1 && "off".equalsIgnoreCase(SSLEngine)) { log.error(sm.getString("aprListener.sslRequired", SSLEngine, Library.versionString())); try { // Tomcat Native 2.x onwards requires SSL @@ -239,7 +239,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rqver) { +if (tcnVersion < rqver) { log.error(sm.getString("aprListener.tcnInvalid", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -255,7 +255,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rcver) { +if (tcnVersion < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -308,41 +308,66 @@ public class AprLifecycleListener implements LifecycleListener { method = clazz.getMethod(methodName, paramTypes); method.invoke(null, paramValues); -if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { +// OpenSSL 3 onwards uses providers +boolean usingProviders = tcnMajor > 1 || (tcnVersion > 1233 && (SSL.version() & 0xF000L) > 2); +// Tomcat Native 1.x built with OpenSSL 1.x without explicitly enabling +// FIPS and Tomcat Native < 1.2.34 built with OpenSSL 3.x will fail if +// any calls are made to SSL.fipsModeGet or SSL.fipsModeSet +if (usingProviders || !(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { fipsModeActive = false; - final boolean enterFipsMode; int fipsModeState = SSL.fipsModeGet();
[tomcat] branch 9.0.x updated: Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 302aec6dc1 Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider 302aec6dc1 is described below commit 302aec6dc1fd5abbb7f17f52ca829c1e2befad38 Author: Mark Thomas AuthorDate: Wed Jun 1 15:33:02 2022 +0100 Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider --- .../apache/catalina/core/AprLifecycleListener.java | 81 +++--- .../apache/catalina/core/LocalStrings.properties | 2 + webapps/docs/changelog.xml | 5 ++ webapps/docs/config/listeners.xml | 22 +++--- 4 files changed, 76 insertions(+), 34 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 719b83f9f9..07757bc753 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -76,6 +76,11 @@ public class AprLifecycleListener implements LifecycleListener { // -- Properties +private static int tcnMajor = 0; +private static int tcnMinor = 0; +private static int tcnPatch = 0; +private static int tcnVersion = 0; + protected static String SSLEngine = "on"; //default on protected static String FIPSMode = "off"; // default off, valid only when SSLEngine="on" protected static String SSLRandomSeed = "builtin"; @@ -185,12 +190,7 @@ public class AprLifecycleListener implements LifecycleListener { } @SuppressWarnings("deprecation") -private static void init() -{ -int major = 0; -int minor = 0; -int patch = 0; -int apver = 0; +private static void init() { int rqver = TCN_REQUIRED_MAJOR * 1000 + TCN_REQUIRED_MINOR * 100 + TCN_REQUIRED_PATCH; int rcver = TCN_RECOMMENDED_MAJOR * 1000 + TCN_RECOMMENDED_MINOR * 100 + TCN_RECOMMENDED_PV; @@ -201,10 +201,10 @@ public class AprLifecycleListener implements LifecycleListener { try { Library.initialize(null); -major = Library.TCN_MAJOR_VERSION; -minor = Library.TCN_MINOR_VERSION; -patch = Library.TCN_PATCH_VERSION; -apver = major * 1000 + minor * 100 + patch; +tcnMajor = Library.TCN_MAJOR_VERSION; +tcnMinor = Library.TCN_MINOR_VERSION; +tcnPatch = Library.TCN_PATCH_VERSION; +tcnVersion = tcnMajor * 1000 + tcnMinor * 100 + tcnPatch; } catch (LibraryNotFoundError lnfe) { // Library not on path if (log.isDebugEnabled()) { @@ -222,7 +222,7 @@ public class AprLifecycleListener implements LifecycleListener { log.warn(sm.getString("aprListener.aprInitError", t.getMessage()), t); return; } -if (major > 1 && "off".equalsIgnoreCase(SSLEngine)) { +if (tcnMajor > 1 && "off".equalsIgnoreCase(SSLEngine)) { log.error(sm.getString("aprListener.sslRequired", SSLEngine, Library.versionString())); try { // Tomcat Native 2.x onwards requires SSL @@ -233,7 +233,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rqver) { +if (tcnVersion < rqver) { log.error(sm.getString("aprListener.tcnInvalid", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -249,7 +249,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rcver) { +if (tcnVersion < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -303,41 +303,66 @@ public class AprLifecycleListener implements LifecycleListener { method = clazz.getMethod(methodName, paramTypes); method.invoke(null, paramValues); -if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { +// OpenSSL 3 onwards uses providers +boolean usingProviders = tcnMajor > 1 || (tcnVersion > 1233 && (SSL.version() & 0xF000L) > 2); +// Tomcat Native 1.x built with OpenSSL 1.x without explicitly enabling +// FIPS and Tomcat Native < 1.2.34 built with OpenSSL 3.x will fail if +// any calls are made to SSL.fipsModeGet or SSL.fipsModeSet +if (usingProviders || !(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { fipsModeActive = false; - final boolean enterFipsMode; int fipsModeState = SSL.fipsModeGet();
[tomcat] branch 10.0.x updated: Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new 39eb2f9127 Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider 39eb2f9127 is described below commit 39eb2f912711ba0407ccba8a48d0970cff59ff71 Author: Mark Thomas AuthorDate: Wed Jun 1 15:33:02 2022 +0100 Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider --- .../apache/catalina/core/AprLifecycleListener.java | 81 +++--- .../apache/catalina/core/LocalStrings.properties | 2 + webapps/docs/changelog.xml | 5 ++ webapps/docs/config/listeners.xml | 22 +++--- 4 files changed, 76 insertions(+), 34 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 795454cc60..ca92772ba5 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -76,6 +76,11 @@ public class AprLifecycleListener implements LifecycleListener { // -- Properties +private static int tcnMajor = 0; +private static int tcnMinor = 0; +private static int tcnPatch = 0; +private static int tcnVersion = 0; + protected static String SSLEngine = "on"; //default on protected static String FIPSMode = "off"; // default off, valid only when SSLEngine="on" protected static String SSLRandomSeed = "builtin"; @@ -185,12 +190,7 @@ public class AprLifecycleListener implements LifecycleListener { } @SuppressWarnings("deprecation") -private static void init() -{ -int major = 0; -int minor = 0; -int patch = 0; -int apver = 0; +private static void init() { int rqver = TCN_REQUIRED_MAJOR * 1000 + TCN_REQUIRED_MINOR * 100 + TCN_REQUIRED_PATCH; int rcver = TCN_RECOMMENDED_MAJOR * 1000 + TCN_RECOMMENDED_MINOR * 100 + TCN_RECOMMENDED_PV; @@ -201,10 +201,10 @@ public class AprLifecycleListener implements LifecycleListener { try { Library.initialize(null); -major = Library.TCN_MAJOR_VERSION; -minor = Library.TCN_MINOR_VERSION; -patch = Library.TCN_PATCH_VERSION; -apver = major * 1000 + minor * 100 + patch; +tcnMajor = Library.TCN_MAJOR_VERSION; +tcnMinor = Library.TCN_MINOR_VERSION; +tcnPatch = Library.TCN_PATCH_VERSION; +tcnVersion = tcnMajor * 1000 + tcnMinor * 100 + tcnPatch; } catch (LibraryNotFoundError lnfe) { // Library not on path if (log.isDebugEnabled()) { @@ -222,7 +222,7 @@ public class AprLifecycleListener implements LifecycleListener { log.warn(sm.getString("aprListener.aprInitError", t.getMessage()), t); return; } -if (major > 1 && "off".equalsIgnoreCase(SSLEngine)) { +if (tcnMajor > 1 && "off".equalsIgnoreCase(SSLEngine)) { log.error(sm.getString("aprListener.sslRequired", SSLEngine, Library.versionString())); try { // Tomcat Native 2.x onwards requires SSL @@ -233,7 +233,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rqver) { +if (tcnVersion < rqver) { log.error(sm.getString("aprListener.tcnInvalid", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -249,7 +249,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rcver) { +if (tcnVersion < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -299,41 +299,66 @@ public class AprLifecycleListener implements LifecycleListener { method = clazz.getMethod(methodName, paramTypes); method.invoke(null, paramValues); -if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { +// OpenSSL 3 onwards uses providers +boolean usingProviders = tcnMajor > 1 || (tcnVersion > 1233 && (SSL.version() & 0xF000L) > 2); +// Tomcat Native 1.x built with OpenSSL 1.x without explicitly enabling +// FIPS and Tomcat Native < 1.2.34 built with OpenSSL 3.x will fail if +// any calls are made to SSL.fipsModeGet or SSL.fipsModeSet +if (usingProviders || !(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { fipsModeActive = false; - final boolean enterFipsMode; int fipsModeState = SSL.fipsModeGet();
[tomcat] branch main updated: Update changelog
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new cfaf525131 Update changelog cfaf525131 is described below commit cfaf525131b33b0d5844ed5cda790ec79947e6f1 Author: Mark Thomas AuthorDate: Wed Jun 15 09:37:51 2022 +0100 Update changelog --- webapps/docs/changelog.xml | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index ca925d19c3..9c2a5c26d2 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -122,6 +122,11 @@ org.apache.tomcat.util.net.Nio2Endpoint.handshake) for TLS handshake failures. (markt) + +Enable the use of the FIPS provider for TLS enabled Connectors when +using Tomcat Native 1.2.34 onwards built with OpenSSL 3.0.x onwards. +(markt) + @@ -165,7 +170,7 @@ Update the packaged version of the Tomcat Native Library to 1.2.34 to - improve the support for building with OpenSSL 3.0.x.(markt) +improve the support for building with OpenSSL 3.0.x.(markt) Update the minimum supported version of Tomcat Native to 1.2.34 to allow - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Ensure version error is reported correctly for Native 1.2.33 and earlier
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 22d196bb9fb3aca5d9645becf650e14a14be6cd4 Author: Mark Thomas AuthorDate: Wed Jun 15 09:35:04 2022 +0100 Ensure version error is reported correctly for Native 1.2.33 and earlier --- java/org/apache/tomcat/jni/FileInfo.java | 30 ++ java/org/apache/tomcat/jni/Sockaddr.java | 30 ++ 2 files changed, 60 insertions(+) diff --git a/java/org/apache/tomcat/jni/FileInfo.java b/java/org/apache/tomcat/jni/FileInfo.java new file mode 100644 index 00..ff807e4a60 --- /dev/null +++ b/java/org/apache/tomcat/jni/FileInfo.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.jni; + +/** + * Tomcat Native 1.2.33 and earlier won't initialise unless this class is + * present. This dummy class ensures initialisation gets as far as being able to + * check the version of the Tomcat Native library and reporting a version error + * if 1.2.33 or earlier is present. + */ +public class FileInfo { + +private FileInfo() { +// Hide default constructor +} +} diff --git a/java/org/apache/tomcat/jni/Sockaddr.java b/java/org/apache/tomcat/jni/Sockaddr.java new file mode 100644 index 00..20e73c8ad2 --- /dev/null +++ b/java/org/apache/tomcat/jni/Sockaddr.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.jni; + +/** + * Tomcat Native 1.2.33 and earlier won't initialise unless this class is + * present. This dummy class ensures initialisation gets as far as being able to + * check the version of the Tomcat Native library and reporting a version error + * if 1.2.33 or earlier is present. + */ +public class Sockaddr { + +private Sockaddr() { +// Hide default constructor +} +} - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (42197e99b7 -> 22d196bb9f)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 42197e99b7 Remove remaining deprecated code from the o.a.t.jni package new 4b124cb400 Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider new 22d196bb9f Ensure version error is reported correctly for Native 1.2.33 and earlier The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/catalina/core/AprLifecycleListener.java | 81 +++--- .../apache/catalina/core/LocalStrings.properties | 2 + .../tomcat/jni/{Buffer.java => FileInfo.java} | 21 +++--- .../tomcat/jni/{Buffer.java => Sockaddr.java} | 21 +++--- webapps/docs/config/listeners.xml | 22 +++--- 5 files changed, 87 insertions(+), 60 deletions(-) copy java/org/apache/tomcat/jni/{Buffer.java => FileInfo.java} (68%) copy java/org/apache/tomcat/jni/{Buffer.java => Sockaddr.java} (68%) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 4b124cb4005f49d6a2d1d8b8f8a12c8778b0a659 Author: Mark Thomas AuthorDate: Wed Jun 1 15:33:02 2022 +0100 Enable the use of Tomcat Native with OpenSSL 3 using the FIPS provider --- .../apache/catalina/core/AprLifecycleListener.java | 81 +++--- .../apache/catalina/core/LocalStrings.properties | 2 + webapps/docs/config/listeners.xml | 22 +++--- 3 files changed, 71 insertions(+), 34 deletions(-) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index 35c83facce..d64fedc2bd 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -76,6 +76,11 @@ public class AprLifecycleListener implements LifecycleListener { // -- Properties +private static int tcnMajor = 0; +private static int tcnMinor = 0; +private static int tcnPatch = 0; +private static int tcnVersion = 0; + protected static String SSLEngine = "on"; //default on protected static String FIPSMode = "off"; // default off, valid only when SSLEngine="on" protected static String SSLRandomSeed = "builtin"; @@ -184,12 +189,7 @@ public class AprLifecycleListener implements LifecycleListener { fipsModeActive = false; } -private static void init() -{ -int major = 0; -int minor = 0; -int patch = 0; -int apver = 0; +private static void init() { int rqver = TCN_REQUIRED_MAJOR * 1000 + TCN_REQUIRED_MINOR * 100 + TCN_REQUIRED_PATCH; int rcver = TCN_RECOMMENDED_MAJOR * 1000 + TCN_RECOMMENDED_MINOR * 100 + TCN_RECOMMENDED_PV; @@ -200,10 +200,10 @@ public class AprLifecycleListener implements LifecycleListener { try { Library.initialize(null); -major = Library.TCN_MAJOR_VERSION; -minor = Library.TCN_MINOR_VERSION; -patch = Library.TCN_PATCH_VERSION; -apver = major * 1000 + minor * 100 + patch; +tcnMajor = Library.TCN_MAJOR_VERSION; +tcnMinor = Library.TCN_MINOR_VERSION; +tcnPatch = Library.TCN_PATCH_VERSION; +tcnVersion = tcnMajor * 1000 + tcnMinor * 100 + tcnPatch; } catch (LibraryNotFoundError lnfe) { // Library not on path if (log.isDebugEnabled()) { @@ -221,7 +221,7 @@ public class AprLifecycleListener implements LifecycleListener { log.warn(sm.getString("aprListener.aprInitError", t.getMessage()), t); return; } -if (major > 1 && "off".equalsIgnoreCase(SSLEngine)) { +if (tcnMajor > 1 && "off".equalsIgnoreCase(SSLEngine)) { log.error(sm.getString("aprListener.sslRequired", SSLEngine, Library.versionString())); try { // Tomcat Native 2.x onwards requires SSL @@ -232,7 +232,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rqver) { +if (tcnVersion < rqver) { log.error(sm.getString("aprListener.tcnInvalid", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -248,7 +248,7 @@ public class AprLifecycleListener implements LifecycleListener { } return; } -if (apver < rcver) { +if (tcnVersion < rcver) { initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", Library.versionString(), TCN_REQUIRED_MAJOR + "." + @@ -290,41 +290,66 @@ public class AprLifecycleListener implements LifecycleListener { method = clazz.getMethod(methodName, paramTypes); method.invoke(null, paramValues); -if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { +// OpenSSL 3 onwards uses providers +boolean usingProviders = tcnMajor > 1 || (tcnVersion > 1233 && (SSL.version() & 0xF000L) > 2); +// Tomcat Native 1.x built with OpenSSL 1.x without explicitly enabling +// FIPS and Tomcat Native < 1.2.34 built with OpenSSL 3.x will fail if +// any calls are made to SSL.fipsModeGet or SSL.fipsModeSet +if (usingProviders || !(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) { fipsModeActive = false; - final boolean enterFipsMode; int fipsModeState = SSL.fipsModeGet(); if(log.isDebugEnabled()) { -log.debug(sm.getString("aprListener.currentFIPSMode", - Integer.valueOf(fipsModeState))); +log.debug(sm.getString("aprListener.currentFIPSMode",