Re: [VOTE] Release Apache Tomcat 8.0.30

Am 2. Dezember 2015 00:02:08 MEZ, schrieb Mark Thomas : >The proposed Apache Tomcat 8.0.30 release is now available for voting. > >The main changes since 8.0.29 are: > >- Location headers for redirects now use relative URIs. This can > be controlled by Context with the

Time for tomcat-native 1.2.3?

Give the recent OpenSSL vulnerability announcements [1], I was planning on starting a tomcat-native 1.2.3 release to provide an updated Windows binary. There are a few fixes in trunk since 1.2.2. I'll get the changelog updated. I'm currently planning on tagging this on Tuesday 8th Dec. We can

JASPIC thoughts and a proposed way forward

I've been spending some time looking at the JASPIC implementation that was started as part of GSoC. To recap the history to save folks digging through the archives: - JASPIC provides a standard API for pluggable authentication modules - The most obvious use case is integration with one of the

svn commit: r1717937 - /tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Author: markt Date: Fri Dec 4 11:51:10 2015 New Revision: 1717937 URL: http://svn.apache.org/viewvc?rev=1717937=rev Log: Update the changelog with additional fixes since 1.2.2 Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Modified:

OpenSSLEngine Handshaker Error in Unwrap and TLS Alerts

Hi, i am using Tomcat based on APR/OpenSSL and have observed that shutdown behavior in bad case is not clean. For example if OpenSSL verify callback verify the peer certificate(s) and verification is failed e.g. unknown_certificate, revoked etc. OpenSSL sets a handshake error with an alert

OpenSSLEngine Handshaker Error in Unwrap and TLS Alerts

Hi, i am using Tomcat based on APR/OpenSSL and have observed that shutdown behavior in bad case is not clean. For example if OpenSSL verify callback verify the peer certificate(s) and verification is failed e.g. unknown_certificate, revoked etc. OpenSSL sets a handshake error with an alert

svn commit: r1717979 - /tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java

Author: markt Date: Fri Dec 4 15:13:17 2015 New Revision: 1717979 URL: http://svn.apache.org/viewvc?rev=1717979=rev Log: Fix a TODO (add explanatory comment as to why the test is correct) Modified: tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java Modified:

svn commit: r1717984 - /tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java

Author: remm Date: Fri Dec 4 15:32:16 2015 New Revision: 1717984 URL: http://svn.apache.org/viewvc?rev=1717984=rev Log: Some small cleanups. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Modified:

[Bug 58691] New: org.apache.naming.ResourceEnvRef missing factory

https://bz.apache.org/bugzilla/show_bug.cgi?id=58691 Bug ID: 58691 Summary: org.apache.naming.ResourceEnvRef missing factory Product: Tomcat 8 Version: 8.0.29 Hardware: All OS: All Status: NEW Severity:

Re: Time for tomcat-native 1.2.3?

2015-12-04 14:41 GMT+01:00 Mark Thomas : > On 04/12/2015 12:38, Rémy Maucherat wrote: > > 2015-12-04 12:42 GMT+01:00 Mark Thomas : > > > >> Give the recent OpenSSL vulnerability announcements [1], I was planning > >> on starting a tomcat-native 1.2.3 release to

Re: [VOTE] Release Apache Tomcat 8.0.30

2015-12-02 2:02 GMT+03:00 Mark Thomas : > The proposed Apache Tomcat 8.0.30 release is now available for voting. > > > The proposed 8.0.30 release is: > [ ] Broken - do not release > [x] Stable - go ahead and release as 8.0.30 Units tests pass - all 4 connectors (BIO, NIO, NIO2,

svn commit: r1717965 - in /tomcat/trunk/test/org/apache/tomcat/websocket/server: TestClose.java TesterWsCloseClient.java

Author: markt Date: Fri Dec 4 14:05:49 2015 New Revision: 1717965 URL: http://svn.apache.org/viewvc?rev=1717965=rev Log: Add test cases, currently disabled because they don't all pass, for various issues around WebSocket closing. Patch by Barry Coughlan Added:

svn commit: r1717967 - /tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java

Author: markt Date: Fri Dec 4 14:06:33 2015 New Revision: 1717967 URL: http://svn.apache.org/viewvc?rev=1717967=rev Log: Static works for me for these test cases. Modified: tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java Modified:

[Bug 57489] java.util.concurrent.ExecutionException: java.io.IOException: Key must be cancelled

https://bz.apache.org/bugzilla/show_bug.cgi?id=57489 Mark Thomas changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #21

Re: JASPIC thoughts and a proposed way forward

2015-12-04 12:42 GMT+01:00 Mark Thomas : > I've been spending some time looking at the JASPIC implementation that > was started as part of GSoC. > > To recap the history to save folks digging through the archives: > > - JASPIC provides a standard API for pluggable authentication

Re: Time for tomcat-native 1.2.3?

2015-12-04 12:42 GMT+01:00 Mark Thomas : > Give the recent OpenSSL vulnerability announcements [1], I was planning > on starting a tomcat-native 1.2.3 release to provide an updated Windows > binary. > > There are a few fixes in trunk since 1.2.2. I'll get the changelog updated.

Re: [VOTE] Release Apache Tomcat 8.0.30

2015-12-02 1:02 GMT+02:00 Mark Thomas : > > The proposed Apache Tomcat 8.0.30 release is now available for voting. > > The main changes since 8.0.29 are: > > - Location headers for redirects now use relative URIs. This can > be controlled by Context with the

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x

Hi, See you guys are making good progress with the JASPIC implementation in Tomcat. One commit that I noticed is the following: https://github.com/apache/tomcat/commit/3e1b4931867a12a74e9e9fe7ff86484cc65a21e6 It says: "Remove the programmatic login/logout override, as I don't see how JASPIC can

Re: Time for tomcat-native 1.2.3?

On 04/12/2015 12:38, Rémy Maucherat wrote: > 2015-12-04 12:42 GMT+01:00 Mark Thomas : > >> Give the recent OpenSSL vulnerability announcements [1], I was planning >> on starting a tomcat-native 1.2.3 release to provide an updated Windows >> binary. >> >> There are a few fixes in

Re: JASPIC thoughts and a proposed way forward

On 04/12/2015 12:29, Rémy Maucherat wrote: > 2015-12-04 12:42 GMT+01:00 Mark Thomas : >> The DIGEST module does not disable the default >> caching of the authenticated Principal in the session which renders the >> security benefits of digest over http largely useless. > >

svn commit: r1717968 - /tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java

Author: markt Date: Fri Dec 4 14:11:31 2015 New Revision: 1717968 URL: http://svn.apache.org/viewvc?rev=1717968=rev Log: Use a Log since that gives timestamps and thread info with minimal effort on my part Modified: tomcat/trunk/test/org/apache/tomcat/websocket/server/TestClose.java

Re: OpenSSLEngine Handshaker Error in Unwrap and TLS Alerts

2015-12-04 16:08 GMT+01:00 Rashid Mahmood : > For my application a clean shutdown is a critical requirement. Is there > anything already in discussion about this issue or should i report as a bug? > > You can add an enhancement but it looks difficult to do. Rémy

Re: JASPIC thoughts and a proposed way forward

2015-12-04 14:50 GMT+01:00 Mark Thomas : > On 04/12/2015 12:29, Rémy Maucherat wrote: > > 2015-12-04 12:42 GMT+01:00 Mark Thomas : > > >> The DIGEST module does not disable the default > >> caching of the authenticated Principal in the session which renders the

buildbot failure in ASF Buildbot on tomcat-8-trunk

The Buildbot has detected a new failure on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/318 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The

svn commit: r1718022 - in /tomcat/trunk/java/org/apache/catalina/startup: Catalina.java WebappServiceLoader.java

Author: violetagg Date: Fri Dec 4 20:23:44 2015 New Revision: 1718022 URL: http://svn.apache.org/viewvc?rev=1718022=rev Log: Stream may not be closed in all branches. Findbugs report. Modified: tomcat/trunk/java/org/apache/catalina/startup/Catalina.java

svn commit: r1718030 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/startup/Catalina.java java/org/apache/catalina/startup/WebappServiceLoader.java

Author: violetagg Date: Fri Dec 4 20:52:35 2015 New Revision: 1718030 URL: http://svn.apache.org/viewvc?rev=1718030=rev Log: Merged revision 1718022 from tomcat/trunk: Stream may not be closed in all branches. Findbugs report. Modified: tomcat/tc7.0.x/trunk/ (props changed)

svn commit: r1718024 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/startup/Catalina.java java/org/apache/catalina/startup/WebappServiceLoader.java

Author: violetagg Date: Fri Dec 4 20:31:10 2015 New Revision: 1718024 URL: http://svn.apache.org/viewvc?rev=1718024=rev Log: Merged revision 1718022 from tomcat/trunk: Stream may not be closed in all branches. Findbugs report. Modified: tomcat/tc8.0.x/trunk/ (props changed)

[Bug 58692] Odd classpath URLs cause Tomcat to abort loading webapps

https://bz.apache.org/bugzilla/show_bug.cgi?id=58692 --- Comment #1 from Derek Abdine --- Here's the stack trace from the attached test case / unit test: java.lang.IllegalArgumentException: URI scheme is not "file" at java.io.File.(File.java:421) at

[Bug 58692] Odd classpath URLs cause Tomcat to abort loading webapps

https://bz.apache.org/bugzilla/show_bug.cgi?id=58692 --- Comment #2 from Derek Abdine --- Just a slight correction: I mentioned in the description "There is no way to prevent this issue with a JarScanFilter" Just to clarify, there is no way to prevent this with the

[Bug 58692] New: Odd classpath URLs cause Tomcat to abort loading webapps

https://bz.apache.org/bugzilla/show_bug.cgi?id=58692 Bug ID: 58692 Summary: Odd classpath URLs cause Tomcat to abort loading webapps Product: Tomcat 8 Version: trunk Hardware: All OS: All

Re: [VOTE] Release Apache Tomcat 8.0.30

On 2.12.2015 0:02, Mark Thomas wrote: The proposed 8.0.30 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 8.0.30 Tested .zip distribution on Windows 7 64-bit, Oracle JDK 1.8.0_60 and APR/native 1.2.2: - Tested TLS connectivity for BIO, NIO, NIO2 and APR