https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
Tomi Korkalainen tomi.korkalai...@gmail.com changed:
What|Removed |Added
CC|
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
Jani Similä jani.sim...@gmail.com changed:
What|Removed |Added
CC|
Author: mturk
Date: Thu Apr 10 06:55:27 2014
New Revision: 1586227
URL: http://svn.apache.org/r1586227
Log:
Resolve 56363 bug
Modified:
tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
--- Comment #2 from Mladen Turk mt...@apache.org ---
Update done and tested.
We'll start release process today or tomorrow and new version containing
OpenSSL 1.0.1g will be available after VOTE finishes and we create ANN message.
I'll
https://issues.apache.org/bugzilla/show_bug.cgi?id=56374
Christopher Schultz ch...@christopherschultz.net changed:
What|Removed |Added
Resolution|FIXED
Mladen,
On 4/9/14, 11:42 PM, Mladen Turk wrote:
I plan to tag 1.1.30 either later today or tomorrow and
push for a quick release vote.
Comments?
Go for it. No bugs in it can be worse than this week's OpenSSL
vulnerability.
-chris
signature.asc
Description: OpenPGP digital signature
Nick,
Please file a Bugzilla bug and attach your patch to it.
-chris
On 4/9/14, 10:36 AM, Nick Bunn wrote:
Good Day,
As i'm sure you are all aware when the default error valve returns its
report it publishes the tomcat version and some other troubleshooting
data. This of course breaks one
Andrew,
On 4/8/14, 5:43 PM, Andrew Carr wrote:
http://www.openssl.org/news/secadv_20140407.txt
Hi Tomcat Devs,
I have been on the dev list for a few years, and a tomcat developer longer
than that. While I haven't contributed yet, I was curious if this cve
needs a contribution. As far
Mark,
On 4/8/14, 10:55 AM, Mark Thomas wrote:
On 08/04/2014 06:32, Emmanuel Bourg wrote:
Le 08/04/2014 14:03, Mark Thomas a écrit :
Can you provide the details of the failure. That might help ID a solution.
Thank you, here is the build log on Debian:
https://issues.apache.org/bugzilla/show_bug.cgi?id=55399
Konstantin Kolinko knst.koli...@gmail.com changed:
What|Removed |Added
CC|
https://issues.apache.org/bugzilla/show_bug.cgi?id=56374
Konstantin Kolinko knst.koli...@gmail.com changed:
What|Removed |Added
Resolution|INVALID
Author: mturk
Date: Thu Apr 10 09:47:07 2014
New Revision: 1586252
URL: http://svn.apache.org/r1586252
Log:
Update externals
Modified:
tomcat/native/branches/1.1.x/java/org/apache/tomcat/ (props changed)
Propchange: tomcat/native/branches/1.1.x/java/org/apache/tomcat/
Author: mturk
Date: Thu Apr 10 10:00:23 2014
New Revision: 1586254
URL: http://svn.apache.org/r1586254
Log:
Add year 2014 news section
Added:
tomcat/native/branches/1.1.x/xdocs/news/2014.xml (with props)
Modified:
tomcat/native/branches/1.1.x/xdocs/miscellaneous/project.xml
Author: mturk
Date: Thu Apr 10 10:19:54 2014
New Revision: 1586258
URL: http://svn.apache.org/r1586258
Log:
No more docs/printer files
Modified:
tomcat/native/branches/1.1.x/jnirelease.sh
Modified: tomcat/native/branches/1.1.x/jnirelease.sh
URL:
Author: mturk
Date: Thu Apr 10 10:27:08 2014
New Revision: 1586263
URL: http://svn.apache.org/r1586263
Log:
Prepare versions for 1.1.30 release
Modified:
tomcat/native/branches/1.1.x/build.properties.default
tomcat/native/branches/1.1.x/build.xml
Author: mturk
Date: Thu Apr 10 10:36:32 2014
New Revision: 1586266
URL: http://svn.apache.org/r1586266
Log:
Tag 1.1.30
Added:
tomcat/native/tags/TOMCAT_NATIVE_1_1_30/ (props changed)
- copied from r1586265, tomcat/native/branches/1.1.x/
Propchange:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56381
Bug ID: 56381
Summary: ServletRequest can be modified by Multiple Threads
Product: Tomcat 8
Version: trunk
Hardware: PC
Status: NEW
Severity: normal
Version 1.1.30 is bug fixing release with added ECDH
if supported by OpenSSL library.
The proposed release artefacts can be found at [1],
and the build was done using tag [2].
The VOTE will remain open for at least 48 hours.
The Apache Tomcat Native 1.1.30 is
[ ] Stable, go ahead and release
https://issues.apache.org/bugzilla/show_bug.cgi?id=56381
Remy Maucherat r...@apache.org changed:
What|Removed |Added
Status|NEW |RESOLVED
2014-04-10 13:50 GMT+02:00 Mladen Turk mt...@apache.org:
The Apache Tomcat Native 1.1.30 is
[X] Stable, go ahead and release
[ ] Broken because of ...
Rémy
Author: rjung
Date: Thu Apr 10 12:37:18 2014
New Revision: 1586282
URL: http://svn.apache.org/r1586282
Log:
Followup for r1586044 (broken request chunking).
Modified:
tomcat/jk/trunk/native/common/jk_ajp_common.c
Modified: tomcat/jk/trunk/native/common/jk_ajp_common.c
URL:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56382
Bug ID: 56382
Summary: Add logging of deployment time
Product: Tomcat 7
Version: trunk
Hardware: All
Status: NEW
Severity: enhancement
Priority: P2
https://issues.apache.org/bugzilla/show_bug.cgi?id=56382
--- Comment #1 from Danila Galimov b...@mail.ru ---
Created attachment 31506
-- https://issues.apache.org/bugzilla/attachment.cgi?id=31506action=edit
Proposed patch
--
You are receiving this mail because:
You are the assignee for the
Mladen,
On 10.4.2014 13:50, Mladen Turk wrote:
The Apache Tomcat Native 1.1.30 is
[X] Stable, go ahead and release
[ ] Broken because of ...
(non-binding)
Tested with Tomcat 8.0.5, Oracle Java 1.7.0_51 on Windows 7 64-bit.
- Filippo.io [1] reports it is not vulnerable to Heartbleed bug.
On 04/10/2014 02:56 PM, Ognjen Blagojevic wrote:
Tested with Tomcat 8.0.5, Oracle Java 1.7.0_51 on Windows 7 64-bit.
- Filippo.io [1] reports it is not vulnerable to Heartbleed bug.
- SSLLabs [2] reports it is not vulnerable to Heartbleed bug.
- SSLLabs reports that Forward secrecy is
Is the TCN portion of BZ 56027 address completely or partially with this
release? I see the exposure of the FIPS_mode setting, but it looks like the
temporary 512 bit RSA key is still being done in the SSL_TMP_KEYS_INIT macro
(line 77). When I hacked my workaround eariier this year I had to
https://issues.apache.org/bugzilla/show_bug.cgi?id=56381
--- Comment #1 from Jess Holle je...@ptc.com ---
I am perfectly aware that the servlet API makes no guarantees about thread
safety of the [Http]ServletRequest interface or implementations thereof.
I also understand that providing general
Author: kkolinko
Date: Thu Apr 10 14:01:13 2014
New Revision: 1586306
URL: http://svn.apache.org/r1586306
Log:
Followup to r1586254: correct title.
Modified:
tomcat/native/branches/1.1.x/xdocs/news/2014.xml
Modified: tomcat/native/branches/1.1.x/xdocs/news/2014.xml
URL:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
Bug ID: 56383
Summary: Securing ErrorReportValve
Product: Tomcat 7
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Chris,
Done (Bug 56383 https://issues.apache.org/bugzilla/show_bug.cgi?id=56383).
I didn't know if we needed to talk about it first since it was a
enhancement. On another note do i need to make another bug for Tomcat 8 or
if this one gets excepted it will be ported over? What about documentation?
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
Luke Hall lh...@vocera.com changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment
Just tested against a CentOS 6 box configured to be in FIPS mode at boot as per
RH's directions and TCN will not start, tossing the same error I saw before in
catalina.out:
Apr 10, 2014 9:01:19 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
SEVERE: Failed to initialize the
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
--- Comment #4 from Mike Noordermeer m...@normi.net ---
While I understand that the disclosure process of this bug has been far from
optimal, and really appreciate all effort the maintainer(s) spend on this
project, a turnaround time of 3
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
Mike Noordermeer m...@normi.net changed:
What|Removed |Added
Status|NEEDINFO|NEW
--- Comment
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
--- Comment #6 from jeffrey.jan...@polydyne.com ---
Thanks to Mladen for his effort on getting this out as fast as he has.
The ease with which this problem was addressable on the *NIX platforms leads me
to ask if there is a better way of
https://issues.apache.org/bugzilla/show_bug.cgi?id=55915
--- Comment #5 from jeffrey.jan...@polydyne.com ---
Wanted to report that the Qualys SSL Labs' SSl test tool is now reporting that,
with this version, the ECDHE ciphers are available and will be used by the IE
releases that support them
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
--- Comment #7 from Konstantin Kolinko knst.koli...@gmail.com ---
(In reply to Mike Noordermeer from comment #4)
1. The timing is unfortunate. There is a conference going on right now. Key
people are there.
http://www.apachecon.com/
Also
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
Nick Bunn thrain...@gmail.com changed:
What|Removed |Added
CC||thrain...@gmail.com
Nice.
On Thu, Apr 10, 2014 at 4:09 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
Mladen,
On 4/9/14, 11:42 PM, Mladen Turk wrote:
I plan to tag 1.1.30 either later today or tomorrow and
push for a quick release vote.
Comments?
Go for it. No bugs in it can be worse
Thanks for the response, both of you.
On Thu, Apr 10, 2014 at 4:30 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
Andrew,
On 4/8/14, 5:43 PM, Andrew Carr wrote:
http://www.openssl.org/news/secadv_20140407.txt
Hi Tomcat Devs,
I have been on the dev list for a few
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
--- Comment #8 from Mike Noordermeer m...@normi.net ---
(In reply to Konstantin Kolinko from comment #7)
2. Nobody here works for Microsoft.
Providing windows binaries is a courtesy and may stop at any random moment.
That's good to
On 04/10/2014 03:15 PM, Robert Sanders wrote:
Is the TCN portion of BZ 56027 address completely or partially with this
release?
Nope. This issue was not fixed with this release.
Regards
--
^TM
-
To unsubscribe, e-mail:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
--- Comment #9 from jeffrey.jan...@polydyne.com ---
(In reply to Konstantin Kolinko from comment #7)
(In reply to Jeffrey.Janner from comment #6)
However, the Windows version is statically linked, so we had to wait for
Mladen to work
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
--- Comment #10 from Mladen Turk mt...@apache.org ---
I'll update the BUILDING with windows section since everyone are so concerned
of my health :)
It's very simple. The biggest problem is compiling apr and openssl. OpenSSL
needs to be
https://issues.apache.org/bugzilla/show_bug.cgi?id=56381
--- Comment #2 from Remy Maucherat r...@apache.org ---
Yes, sync if needed + clear the facade objects. This is a long running topic
that is well suited for the user list.
--
You are receiving this mail because:
You are the assignee for
Mladen,
On 4/10/14, 9:29 AM, Mladen Turk wrote:
On 04/10/2014 03:15 PM, Robert Sanders wrote:
Is the TCN portion of BZ 56027 address completely or partially with
this release?
Nope. This issue was not fixed with this release.
The primary tcnative bit was in svn. Did you build 1.1/trunk, or
Mladen,
On 4/10/14, 5:50 AM, Mladen Turk wrote:
Version 1.1.30 is bug fixing release with added ECDH
if supported by OpenSSL library.
The proposed release artefacts can be found at [1],
and the build was done using tag [2].
The VOTE will remain open for at least 48 hours.
The Apache
2014-04-10 15:50 GMT+04:00 Mladen Turk mt...@apache.org:
Version 1.1.30 is bug fixing release with added ECDH
if supported by OpenSSL library.
The proposed release artefacts can be found at [1],
and the build was done using tag [2].
The VOTE will remain open for at least 48 hours.
The
On 04/10/2014 05:55 PM, Christopher Schultz wrote:
Mladen,
On 4/10/14, 9:29 AM, Mladen Turk wrote:
On 04/10/2014 03:15 PM, Robert Sanders wrote:
Is the TCN portion of BZ 56027 address completely or partially with
this release?
Nope. This issue was not fixed with this release.
The primary
I'll concur with Chris for release. WRT BZ 56027 there is no regression. The
exposure of the fipsModeGet will be useful moving forward to have the main
Tomcat code avoid a double call to initialize SSL, but some one with more
understanding of the FIPS requirements that I do should look at how
On 04/10/2014 05:55 PM, Christopher Schultz wrote:
Mladen,
On 4/10/14, 9:29 AM, Mladen Turk wrote:
On 04/10/2014 03:15 PM, Robert Sanders wrote:
Is the TCN portion of BZ 56027 address completely or partially with
this release?
Nope. This issue was not fixed with this release.
The primary
https://issues.apache.org/bugzilla/show_bug.cgi?id=55943
--- Comment #12 from hifisoftw...@gmail.com ---
I was able to figure out the fix. When I added the following line to
context.xml file, class loader behaviour was restored:
Loader delegate=true/
Thanks
--
You are receiving this mail
https://issues.apache.org/bugzilla/show_bug.cgi?id=56382
--- Comment #2 from Konstantin Kolinko knst.koli...@gmail.com ---
Comment on attachment 31506
-- https://issues.apache.org/bugzilla/attachment.cgi?id=31506
Proposed patch
In reply to attachment 31506
if( log.isInfoEnabled() )
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
Konstantin Kolinko knst.koli...@gmail.com changed:
What|Removed |Added
Attachment #31507|0 |1
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
--- Comment #1 from Konstantin Kolinko knst.koli...@gmail.com ---
Comment on attachment 31507
-- https://issues.apache.org/bugzilla/attachment.cgi?id=31507
Patch for ErrorReportValve
1. Add getter methods?
2. Expose new attributes via
Hi,
With some fixes in, I think the status is now better than what the
welcome message says, which is: The NIO2 connector is currently
EXPERIMENTAL and should not be used in production
In preparation for the next build, I would like to update it to: The NIO2
connector is currently BETA and
On 04/10/2014 01:50 PM, Mladen Turk wrote:
The Apache Tomcat Native 1.1.30 is
[X] Stable, go ahead and release
[ ] Broken because of ...
My vote, FTR.
Regards
--
^TM
-
To unsubscribe, e-mail:
2014-04-08 11:52 GMT+04:00 mt...@apache.org:
Author: mturk
Date: Tue Apr 8 07:52:56 2014
New Revision: 1585657
URL: http://svn.apache.org/r1585657
Log:
Use port when calling getaddrinfo and skip bogus addresses
Modified:
tomcat/jk/trunk/native/common/jk_connect.c
Modified:
HI
Please add to the ContributorsGroup in order to edit the Tomcat wiki.
name: KeiichiFujino
--
Keiichi.Fujino
On 10/04/2014 15:43, Keiichi Fujino wrote:
HI
Please add to the ContributorsGroup in order to edit the Tomcat wiki.
name: KeiichiFujino
Done.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For
Dear Wiki user,
You have subscribed to a wiki page or wiki category on Tomcat Wiki for change
notification.
The ContributorsGroup page has been changed by markt:
https://wiki.apache.org/tomcat/ContributorsGroup?action=diffrev1=19rev2=20
* PierreJean
* GaryBriggs
* JeanFredericClere
+
Author: markt
Date: Thu Apr 10 22:02:14 2014
New Revision: 1586478
URL: http://svn.apache.org/r1586478
Log:
Ensure that the static resource cache is able to detect when a cache entry is
invalidated by being overridden by a new resource in a different WebResourceSet
Modified:
Dear Wiki user,
You have subscribed to a wiki page or wiki category on Tomcat Wiki for change
notification.
The summit-na-2014 page has been changed by KeiichiFujino:
https://wiki.apache.org/tomcat/summit-na-2014?action=diffrev1=10rev2=11
* mavenization of build
* Arquillian tests
*
Dear Wiki user,
You have subscribed to a wiki page or wiki category on Tomcat Wiki for change
notification.
The summit-na-2014 page has been changed by KeiichiFujino:
https://wiki.apache.org/tomcat/summit-na-2014?action=diffrev1=11rev2=12
* Arquillian tests
* Additions to
On 10/04/2014 02:34, Christopher Schultz wrote:
Mark,
On 4/8/14, 10:55 AM, Mark Thomas wrote:
On 08/04/2014 06:32, Emmanuel Bourg wrote:
Le 08/04/2014 14:03, Mark Thomas a écrit :
Can you provide the details of the failure. That might help
ID a solution.
Thank you, here is the build
Author: markt
Date: Thu Apr 10 23:21:19 2014
New Revision: 1586500
URL: http://svn.apache.org/r1586500
Log:
Backport refactoring of AbstractReplicatedMap to implement Map rather than
extend ConcurrentHashMap to enable Tomcat 7 to be built with Java 8.
Modified:
tomcat/tc7.0.x/trunk/
Author: markt
Date: Thu Apr 10 23:25:06 2014
New Revision: 1586501
URL: http://svn.apache.org/r1586501
Log:
Add a work around for validating XML documents (often TLDs) that use just the
file name to refer to refer to the JavaEE schema on which they are based.
Modified:
Author: markt
Date: Thu Apr 10 23:48:33 2014
New Revision: 1586509
URL: http://svn.apache.org/r1586509
Log:
CTR Javadoc Fix warning
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/el/MethodExpressionImpl.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/MethodExpressionImpl.java
URL:
Author: markt
Date: Thu Apr 10 23:49:00 2014
New Revision: 1586510
URL: http://svn.apache.org/r1586510
Log:
CTR Javadoc Fix warning
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/el/ValueExpressionImpl.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/ValueExpressionImpl.java
URL:
Author: markt
Date: Thu Apr 10 23:50:16 2014
New Revision: 1586512
URL: http://svn.apache.org/r1586512
Log:
CTR Javadoc Fix warning
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL:
The various backports have now been applied. It makes sense to wait for
the 1.1.30 release to pick up the OpenSSL fix for Windows users so I'm
currently planning on tagging this early next week (assuming 1.1.30 is
released).
Mark
2014-04-11 3:57 GMT+04:00 Mark Thomas ma...@apache.org:
The various backports have now been applied. It makes sense to wait for
the 1.1.30 release to pick up the OpenSSL fix for Windows users so I'm
currently planning on tagging this early next week (assuming 1.1.30 is
released).
There is
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
Nick Bunn thrain...@gmail.com changed:
What|Removed |Added
Attachment #31507|0 |1
is
On 04/10/2014 09:57 PM, Konstantin Kolinko wrote:
2014-04-08 11:52 GMT+04:00 mt...@apache.org:
Author: mturk
Date: Tue Apr 8 07:52:56 2014
New Revision: 1585657
URL: http://svn.apache.org/r1585657
Log:
Use port when calling getaddrinfo and skip bogus addresses
Modified:
Author: mturk
Date: Fri Apr 11 05:56:38 2014
New Revision: 1586578
URL: http://svn.apache.org/r1586578
Log:
Ensure that we use port buffer with getaddrinfo call
Modified:
tomcat/jk/trunk/native/common/jk_connect.c
Modified: tomcat/jk/trunk/native/common/jk_connect.c
URL:
75 matches
Mail list logo