Re: Same request object passed to two threads

2016-12-07 Thread Violeta Georgieva
Hi, 2016-12-08 3:48 GMT+02:00 Matthew Bellew : > > I have narrowed this down quite a lot. This bug is caused by the same > Http11Processor being pushed on to the recycledProcessors stack twice. I > discovered this by add a duplicates check in recycledProcessors.push() > >

Re: [VOTE] Release Apache Tomcat 8.5.9

2016-12-07 Thread Felix Schumacher
Am 5. Dezember 2016 21:44:57 MEZ, schrieb Mark Thomas : >The proposed Apache Tomcat 8.5.9 release is now available for voting. > >The major changes compared to the 8.5.8 release are: > > >- Improvements to SPNEGO authentication. Patches provided by Michael > Osipov. > >-

Re: [VOTE] Release Apache Tomcat 9.0.0.M15

2016-12-07 Thread Felix Schumacher
Am 5. Dezember 2016 15:47:41 MEZ, schrieb Mark Thomas : >The proposed Apache Tomcat 9.0.0.M15 release is now available for >voting. > >This is a milestone release for the 9.0.x branch. It should be >noted that, as a milestone release: >- Servlet 4.0 is not finalised >- The EGs

Re: [VOTE] Release Apache Tomcat 9.0.0.M15

2016-12-07 Thread Huxing Zhang
Hi, The proposed 9.0.0.M15 release is: [ ] Broken - do not release [ X ] Alpha - go ahead and release as 9.0.0.M15 Test cases pass. Our test web app works fine. -- From:Mark Thomas Time:2016 Dec 5 (Mon) 22:47

Re: Same request object passed to two threads

2016-12-07 Thread Matthew Bellew
I have narrowed this down quite a lot. This bug is caused by the same Http11Processor being pushed on to the recycledProcessors stack twice. I discovered this by add a duplicates check in recycledProcessors.push() @SuppressWarnings("sync-override") // Size may exceed cache size a bit public

Missing commit for CVE-2016-6797 on the security pages

2016-12-07 Thread Emmanuel Bourg
Hi, The security pages are missing another commit, this time for CVE-2016-6797. The newly added validateGlobalResourceAccess method in ResourceLinkFactory was later modified to iterate over the classloader hierarchy. Without this modification some applications are no longer able to access their

svn commit: r1773156 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractEndpoint.java Nio2Endpoint.java NioEndpoint.java

2016-12-07 Thread markt
Author: markt Date: Wed Dec 7 22:06:31 2016 New Revision: 1773156 URL: http://svn.apache.org/viewvc?rev=1773156=rev Log: Remove more unused code. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java

svn commit: r1773155 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AbstractEndpoint.java AprEndpoint.java Nio2Endpoint.java NioEndpoint.java

2016-12-07 Thread markt
Author: markt Date: Wed Dec 7 21:58:38 2016 New Revision: 1773155 URL: http://svn.apache.org/viewvc?rev=1773155=rev Log: Simplify Acceptor creation. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java

svn commit: r1773154 - in /tomcat/trunk/java/org/apache/tomcat/util/net: Nio2Endpoint.java NioEndpoint.java

2016-12-07 Thread markt
Author: markt Date: Wed Dec 7 21:55:34 2016 New Revision: 1773154 URL: http://svn.apache.org/viewvc?rev=1773154=rev Log: Remove unused methods Modified: tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

[Bug 60451] java.lang.ArrayIndexOutOfBoundsException when a servlet writes more than the output buffer max length on a connection to be upgraded to HTTP/2

2016-12-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60451 --- Comment #1 from Ludovic PĂ©net --- Well, my first analysis of this problem was wrong. After further debugging, it appears that the problem is rather in the "Content-Disposition" header value. As we are in France, it

[Bug 60451] New: java.lang.ArrayIndexOutOfBoundsException when a servlet writes more than the output buffer max length on a connection to be upgraded to HTTP/2

2016-12-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60451 Bug ID: 60451 Summary: java.lang.ArrayIndexOutOfBoundsException when a servlet writes more than the output buffer max length on a connection to be upgraded to HTTP/2

svn commit: r1773094 - /tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java

2016-12-07 Thread markt
Author: markt Date: Wed Dec 7 15:10:24 2016 New Revision: 1773094 URL: http://svn.apache.org/viewvc?rev=1773094=rev Log: Remove dependency on MappingData from authenticator package (Structure 101) Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java

svn commit: r1773093 - /tomcat/trunk/java/org/apache/catalina/connector/Request.java

2016-12-07 Thread markt
Author: markt Date: Wed Dec 7 15:08:50 2016 New Revision: 1773093 URL: http://svn.apache.org/viewvc?rev=1773093=rev Log: Remove deprecated code Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java URL:

[Bug 60450] Setting keystore type shouldn't override the truststore type

2016-12-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60450 --- Comment #2 from Axel Fontaine --- Or couldn't this whole setting simply default to autodetection? After all we can now simply set it to JKS and this will autodetect both PKCS12 and JKS (see

[Bug 60450] Setting keystore type shouldn't override the truststore type

2016-12-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60450 Mark Thomas changed: What|Removed |Added OS||All --- Comment #1

[Bug 60450] New: Setting keystore type shouldn't override the truststore type

2016-12-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60450 Bug ID: 60450 Summary: Setting keystore type shouldn't override the truststore type Product: Tomcat 8 Version: 8.5.x-trunk Hardware: PC Status: NEW

Re: svn commit: r1773036 - in /tomcat/trunk: java/org/apache/coyote/ java/org/apache/coyote/ajp/ java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/websocket/server

2016-12-07 Thread Mark Thomas
On 07/12/2016 09:28, ma...@apache.org wrote: > Author: markt > Date: Wed Dec 7 09:28:40 2016 > New Revision: 1773036 > > URL: http://svn.apache.org/viewvc?rev=1773036=rev > Log: > Refactor the per Endpoint Acceptors into a single Acceptor class. Some additional commentary: - The I/O

buildbot success in on tomcat-trunk

2016-12-07 Thread buildbot
The Buildbot has detected a restored build on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/1952 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler

svn commit: r1773037 - /tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java

2016-12-07 Thread markt
Author: markt Date: Wed Dec 7 09:38:59 2016 New Revision: 1773037 URL: http://svn.apache.org/viewvc?rev=1773037=rev Log: Fix Javadoc Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java

buildbot failure in on tomcat-trunk

2016-12-07 Thread buildbot
The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/1951 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler

svn commit: r1773036 - in /tomcat/trunk: java/org/apache/coyote/ java/org/apache/coyote/ajp/ java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/websocket/server/ we

2016-12-07 Thread markt
Author: markt Date: Wed Dec 7 09:28:40 2016 New Revision: 1773036 URL: http://svn.apache.org/viewvc?rev=1773036=rev Log: Refactor the per Endpoint Acceptors into a single Acceptor class. Added: tomcat/trunk/java/org/apache/tomcat/util/net/Acceptor.java (with props) Modified: