[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community 
integration.
This issue affects 1 projects,
 and has been outstanding for 14 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-test-nio2 :  Tomcat 8.x, a web server implementing the 
Java Servlet 3.1,
...


Full details are available at:

http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 19 mins 46 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Dexecute.test.nio2=true -Dtest.temp=output/test-tmp-NIO2 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dtest.accesslog=true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.7-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170923.jar
 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20170923/bin/openssl
 -Dexecute.test.nio=false 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dexecute.test.apr=false -Dexecute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170923-native-src.tar.gz
 -Dtest.repor
 ts=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170923-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dtest.excludePerformance=true 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-8.0.x/true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.6-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja
 

[GUMP@vmgump-vm3]: Project tomcat-trunk-validate (in module tomcat-trunk) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-validate has an issue affecting its community integration.
This issue affects 1 projects,
 and has been outstanding for 7 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-validate :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-validate/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on checkstyle exists, no need to add for property 
checkstyle.jar.
 -INFO- Failed with reason build failed



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-validate/gump_work/build_tomcat-trunk_tomcat-trunk-validate.html
Work Name: build_tomcat-trunk_tomcat-trunk-validate (Type: Build)
Work ended in a state of : Failed
Elapsed: 27 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs 
-Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar
 -Dexecute.validate=true validate 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20170923.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/commons-cli/target/commons-cli-1.5-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.7-SNAPSHOT.jar:/srv/g
 
ump/public/workspace/apache-commons/logging/target/commons-logging-20170923.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20170923.jar:/srv/gump/public/workspace/google-guava/guava/target/guava-24.0-jre-SNAPSHOT.jar
-
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/TestValueExpressionImpl.java:34:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/lang/TestELArithmetic.java:26:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/lang/TestELSupport.java:30:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/el/parser/TestELParser.java:30:
 Extra separation in import group before 'org.junit.Ignore' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestAttributeParser.java:24:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestCompiler.java:29:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestGenerator.java:36:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestJspConfig.java:24:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestParser.java:25:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-trunk/test/org/apache/jasper/compiler/TestParserNoStrictWhitespace.java:26:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 

[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-validate (in module tomcat-8.0.x) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-validate has an issue affecting its community 
integration.
This issue affects 1 projects,
 and has been outstanding for 7 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-validate :  Tomcat 8.x, a web server implementing the Java 
Servlet 3.1,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-validate/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on checkstyle exists, no need to add for property 
checkstyle.jar.
 -INFO- Failed with reason build failed



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-validate/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-validate.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-validate (Type: Build)
Work ended in a state of : Failed
Elapsed: 35 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar
 -Dexecute.validate=true validate 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20170923.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/commons-cli/target/commons-cli-1.5-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.7-SNAPSHOT.jar:/srv/g
 
ump/public/workspace/apache-commons/logging/target/commons-logging-20170923.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20170923.jar:/srv/gump/public/workspace/google-guava/guava/target/guava-24.0-jre-SNAPSHOT.jar
-
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/TestValueExpressionImpl.java:34:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/lang/TestELArithmetic.java:26:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/lang/TestELSupport.java:30:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/el/parser/TestELParser.java:28:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestAttributeParser.java:24:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestCompiler.java:29:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestGenerator.java:36:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestJspConfig.java:24:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestParser.java:25:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-8.0.x/test/org/apache/jasper/compiler/TestParserNoStrictWhitespace.java:26:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 

[GUMP@vmgump-vm3]: Project tomcat-tc7.0.x-validate (in module tomcat-7.0.x) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc7.0.x-validate has an issue affecting its community 
integration.
This issue affects 1 projects,
 and has been outstanding for 7 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc7.0.x-validate :  Tomcat 7.x, a web server implementing Java 
Servlet 3.0,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-validate/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on checkstyle exists, no need to add for property 
checkstyle.jar.
 -INFO- Failed with reason build failed



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-validate/gump_work/build_tomcat-7.0.x_tomcat-tc7.0.x-validate.html
Work Name: build_tomcat-7.0.x_tomcat-tc7.0.x-validate (Type: Build)
Work ended in a state of : Failed
Elapsed: 29 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-build-libs 
-Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar
 -Dexecute.validate=true validate 
[Working Directory: /srv/gump/public/workspace/tomcat-7.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-8.3-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20170923.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/commons-cli/target/commons-cli-1.5-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.7-SNAPSHOT.jar:/srv/g
 
ump/public/workspace/apache-commons/logging/target/commons-logging-20170923.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20170923.jar:/srv/gump/public/workspace/google-guava/guava/target/guava-24.0-jre-SNAPSHOT.jar
-
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/TestELInJsp.java:23: 
Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/TestMethodExpressionImpl.java:30:
 Extra separation in import group before 'org.junit.Before' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/TestValueExpressionImpl.java:34:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/lang/TestELArithmetic.java:24:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/lang/TestELSupport.java:29:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/el/parser/TestELParser.java:28:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestAttributeParser.java:24:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestCompiler.java:28:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestGenerator.java:37:
 Extra separation in import group before 'org.junit.Assert' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestJspConfig.java:24:
 Extra separation in import group before 'org.junit.Test' [ImportOrder]
[checkstyle] [ERROR] 
/srv/gump/public/workspace/tomcat-7.0.x/test/org/apache/jasper/compiler/TestParser.java:26:
 Extra 

Re: [GUMP@vmgump-vm3]: Project tomcat-tc7.0.x-test-apr (in module tomcat-7.0.x) failed

[Igal @ Lucee.org]

To the administrator of these automated emails,

On 9/22/2017 9:54 PM, Bill Barker wrote:

To whom it may engage...
 
This is an automated request, but not an unsolicited one. For

more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.


I don't mind these automated emails since I willingly and consciously 
subscribed to this mailing list, but can you please update the time on 
your machine?


The time of these emails is set to several hours in the future and so 
these emails are always at the top when sorted by "most recent first", 
making me (and others, I'm sure) miss newer emails because it looks like 
these are the latest ones.


Thank you,


Igal Sapir




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-7-trunk

[buildbot]

The Buildbot has detected a restored build on builder tomcat-7-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-7-trunk/builds/880

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1809358
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump-vm3]: Project tomcat-tc7.0.x-test-apr (in module tomcat-7.0.x) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc7.0.x-test-apr has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc7.0.x-test-apr :  Tomcat 7.x, a web server implementing Java 
Servlet 3.0,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-test-apr/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp-src.jar.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp.home.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/logs-APR
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/test-tmp-APR/logs



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-test-apr/gump_work/build_tomcat-7.0.x_tomcat-tc7.0.x-test-apr.html
Work Name: build_tomcat-7.0.x_tomcat-tc7.0.x-test-apr (Type: Build)
Work ended in a state of : Failed
Elapsed: 19 mins 18 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-build-libs 
-Dcommons-pool.home=/srv/gump/public/workspace/commons-pool-1.x 
-Dtest.temp=output/test-tmp-APR 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.7-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170922.jar
 
-Dtomcat-dbcp-src.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-src.jar
 -Dtomcat-dbcp.home=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps 
-Dtest.excludePerformance=true 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcommons-dbcp.home=/srv/gump/public/workspace/commons-dbcp-1.x 
-Dexecute.test.apr=true -Dexec
 ute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170922-native-src.tar.gz
 -Dtest.reports=output/logs-APR 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170922-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-12/dest-20170922/lib 
-Dtest.relaxTiming=true -Dexecute.test.nio=false -Dtest.accesslog=true 
-Dtomcat-dbcp.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-20170922.jar
 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.6-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-7.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-7.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-7.0

svn commit: r1809358 - /tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java

[markt]

Author: markt
Date: Fri Sep 22 21:28:47 2017
New Revision: 1809358

URL: http://svn.apache.org/viewvc?rev=1809358=rev
Log:
Fix broken tests caused by "" vs "/" when resource is at base of DirContext

Modified:
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=1809358=1809357=1809358=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
Fri Sep 22 21:28:47 2017
@@ -870,8 +870,9 @@ public class FileDirContext extends Base
 //
 // absPath is normalized so canPath needs to be normalized as well
 // Can't normalize canPath earlier as canonicalBase is not normalized
-if (canPath.length() > 0) {
-canPath = normalize(canPath);
+canPath = normalize(canPath);
+if (absPath.length() == 0) {
+absPath = "/";
 }
 if (!canPath.equals(absPath)) {
 return null;



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 8.5.22

[Mark Thomas]

The proposed Apache Tomcat 8.5.22 release is now available for voting.

The major changes compared to the 8.5.21 release are:

- Fix CVE-2017-12617

- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
  JARs to the work directory for improved performance when deploying
  packed WAR files.

Along with lots of other bug fixes and improvements.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.22/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1155/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_22/

The proposed 8.5.22 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.22

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump-vm3]: Project tomcat-tc7.0.x-test-nio (in module tomcat-7.0.x) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc7.0.x-test-nio has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc7.0.x-test-nio :  Tomcat 7.x, a web server implementing Java 
Servlet 3.0,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-test-nio/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp-src.jar.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp.home.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/logs-NIO
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/test-tmp-NIO/logs



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-test-nio/gump_work/build_tomcat-7.0.x_tomcat-tc7.0.x-test-nio.html
Work Name: build_tomcat-7.0.x_tomcat-tc7.0.x-test-nio (Type: Build)
Work ended in a state of : Failed
Elapsed: 17 mins 10 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-build-libs 
-Dcommons-pool.home=/srv/gump/public/workspace/commons-pool-1.x 
-Dtest.temp=output/test-tmp-NIO 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.7-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170922.jar
 
-Dtomcat-dbcp-src.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-src.jar
 -Dtomcat-dbcp.home=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps 
-Dtest.excludePerformance=true 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcommons-dbcp.home=/srv/gump/public/workspace/commons-dbcp-1.x 
-Dexecute.test.apr=false -Dexe
 cute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170922-native-src.tar.gz
 -Dtest.reports=output/logs-NIO 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170922-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dexecute.test.nio=true -Dtest.accesslog=true 
-Dtomcat-dbcp.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-20170922.jar
 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.6-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-7.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-7.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-7.0.x/output

svn commit: r21897 - in /dev/tomcat/tomcat-8/v8.5.22: ./ bin/ bin/embed/ bin/extras/ src/

[markt]

Author: markt
Date: Fri Sep 22 20:24:43 2017
New Revision: 21897

Log:
Upload 8.5.22 for voting

Added:
dev/tomcat/tomcat-8/v8.5.22/
dev/tomcat/tomcat-8/v8.5.22/KEYS
dev/tomcat/tomcat-8/v8.5.22/README.html
dev/tomcat/tomcat-8/v8.5.22/RELEASE-NOTES
dev/tomcat/tomcat-8/v8.5.22/bin/
dev/tomcat/tomcat-8/v8.5.22/bin/README.html
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.tar.gz.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.tar.gz.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.zip   (with 
props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.zip.asc
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.zip.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-deployer.zip.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-fulldocs.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-fulldocs.tar.gz.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-fulldocs.tar.gz.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x64.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x64.zip.asc
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x64.zip.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x64.zip.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x86.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x86.zip.asc
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x86.zip.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22-windows-x86.zip.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.exe   (with props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.exe.asc
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.exe.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.exe.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.tar.gz   (with props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.tar.gz.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.tar.gz.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.zip   (with props)
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.zip.md5
dev/tomcat/tomcat-8/v8.5.22/bin/apache-tomcat-8.5.22.zip.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/embed/
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.tar.gz.md5
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.tar.gz.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.zip.asc
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.zip.md5
dev/tomcat/tomcat-8/v8.5.22/bin/embed/apache-tomcat-8.5.22-embed.zip.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/extras/
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-jmx-remote.jar   (with 
props)
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-jmx-remote.jar.asc
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-jmx-remote.jar.md5
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-jmx-remote.jar.sha1
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-ws.jar   (with props)
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-ws.jar.asc
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-ws.jar.md5
dev/tomcat/tomcat-8/v8.5.22/bin/extras/catalina-ws.jar.sha1
dev/tomcat/tomcat-8/v8.5.22/src/
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.tar.gz   (with 
props)
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.tar.gz.md5
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.tar.gz.sha1
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.zip   (with props)
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.zip.asc
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.zip.md5
dev/tomcat/tomcat-8/v8.5.22/src/apache-tomcat-8.5.22-src.zip.sha1

Added: dev/tomcat/tomcat-8/v8.5.22/KEYS
==
--- dev/tomcat/tomcat-8/v8.5.22/KEYS (added)
+++ dev/tomcat/tomcat-8/v8.5.22/KEYS Fri Sep 22 20:24:43 2017
@@ -0,0 +1,616 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache 

[GUMP@vmgump-vm3]: Project tomcat-tc7.0.x-test-bio (in module tomcat-7.0.x) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc7.0.x-test-bio has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc7.0.x-test-bio :  Tomcat 7.x, a web server implementing Java 
Servlet 3.0,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-test-bio/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp-src.jar.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -DEBUG- Dependency on tomcat-tc7.0.x-dbcp exists, no need to add for property 
tomcat-dbcp.home.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/logs-BIO
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-7.0.x/output/test-tmp-BIO/logs



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-7.0.x/tomcat-tc7.0.x-test-bio/gump_work/build_tomcat-7.0.x_tomcat-tc7.0.x-test-bio.html
Work Name: build_tomcat-7.0.x_tomcat-tc7.0.x-test-bio (Type: Build)
Work ended in a state of : Failed
Elapsed: 16 mins 32 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-build-libs 
-Dcommons-pool.home=/srv/gump/public/workspace/commons-pool-1.x 
-Dtest.temp=output/test-tmp-BIO 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.7-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170922.jar
 
-Dtomcat-dbcp-src.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-src.jar
 -Dtomcat-dbcp.home=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps 
-Dtest.excludePerformance=true 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcommons-dbcp.home=/srv/gump/public/workspace/commons-dbcp-1.x 
-Dexecute.test.apr=false -Dexe
 cute.test.bio=true 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170922-native-src.tar.gz
 -Dtest.reports=output/logs-BIO 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170922-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dexecute.test.nio=false -Dtest.accesslog=true 
-Dtomcat-dbcp.jar=/srv/gump/public/workspace/tomcat-7.0.x/tomcat-deps/tomcat-dbcp-20170922.jar
 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.6-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-7.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-7.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-7.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-7.0.x/output

svn commit: r1809337 - in /tomcat/tc8.5.x/tags/TOMCAT_8_5_22: ./ build.properties.default webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 19:07:52 2017
New Revision: 1809337

URL: http://svn.apache.org/viewvc?rev=1809337=rev
Log:
Tag 8.5.22

Added:
tomcat/tc8.5.x/tags/TOMCAT_8_5_22/   (props changed)
  - copied from r1809336, tomcat/tc8.5.x/trunk/
Modified:
tomcat/tc8.5.x/tags/TOMCAT_8_5_22/build.properties.default
tomcat/tc8.5.x/tags/TOMCAT_8_5_22/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/tags/TOMCAT_8_5_22/
--
bugtraq:append = false

Propchange: tomcat/tc8.5.x/tags/TOMCAT_8_5_22/
--
bugtraq:label = Bugzilla ID (optional)

Propchange: tomcat/tc8.5.x/tags/TOMCAT_8_5_22/
--
--- bugtraq:logregex (added)
+++ bugtraq:logregex Fri Sep 22 19:07:52 2017
@@ -0,0 +1,2 @@
+(https?\://(bz|issues)\.apache\.org/bugzilla/show_bug.cgi\?id=\d+|BZ\s?\d+)
+(\d+)

Propchange: tomcat/tc8.5.x/tags/TOMCAT_8_5_22/
--
bugtraq:message = Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID%

Propchange: tomcat/tc8.5.x/tags/TOMCAT_8_5_22/
--
bugtraq:url = https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID%

Propchange: tomcat/tc8.5.x/tags/TOMCAT_8_5_22/
--
--- svn:ignore (added)
+++ svn:ignore Fri Sep 22 19:07:52 2017
@@ -0,0 +1,8 @@
+.*
+build.properties
+logs
+nbproject
+output
+work
+*.iml
+temp

Propchange: tomcat/tc8.5.x/tags/TOMCAT_8_5_22/
--
--- svn:mergeinfo (added)
+++ svn:mergeinfo Fri Sep 22 19:07:52 2017
@@ -0,0 +1 @@
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 

svn commit: r1809336 - in /tomcat/trunk: build.properties.default res/maven/mvn.properties.default webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 19:01:55 2017
New Revision: 1809336

URL: http://svn.apache.org/viewvc?rev=1809336=rev
Log:
Increment version ready for next development cycle

Modified:
tomcat/trunk/build.properties.default
tomcat/trunk/res/maven/mvn.properties.default
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1809336=1809335=1809336=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Fri Sep 22 19:01:55 2017
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=9
 version.minor=0
-version.build=0
+version.build=1
 version.patch=0
 version.suffix=-dev
 

Modified: tomcat/trunk/res/maven/mvn.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/res/maven/mvn.properties.default?rev=1809336=1809335=1809336=diff
==
--- tomcat/trunk/res/maven/mvn.properties.default (original)
+++ tomcat/trunk/res/maven/mvn.properties.default Fri Sep 22 19:01:55 2017
@@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repos
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=9.0.0
+maven.asf.release.deploy.version=9.0.1
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1809336=1809335=1809336=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Sep 22 19:01:55 2017
@@ -44,7 +44,9 @@
   They eventually become mixed with the numbered issues. (I.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 9.0.0

[Mark Thomas]

The proposed Apache Tomcat 9.0.0 release is now available for voting.

The major changes compared to the 9.0.0.M27 release are:

- Fix CVE-2017-12617

- Servlet 4.0 implementation is complete

- Add the ability to reconfigure TLS connectors at runtime without
  stopping the connector

- Stricter validation of the Host header

Along with lots of other bug fixes and improvements.


For full details, see the changelog:
http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1154/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0/

The proposed 9.0.0 release is:
[ ] Broken - do not release
[ ] Alpha  - go ahead and release as 9.0.0
[ ] Beta   - go ahead and release as 9.0.0
[ ] Stable - go ahead and release as 9.0.0

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r21896 - in /dev/tomcat/tomcat-9/v9.0.0: ./ bin/ bin/embed/ bin/extras/ src/

[markt]

Author: markt
Date: Fri Sep 22 18:53:49 2017
New Revision: 21896

Log:
Upload 9.0.0 for a release vote

Added:
dev/tomcat/tomcat-9/v9.0.0/
dev/tomcat/tomcat-9/v9.0.0/KEYS
dev/tomcat/tomcat-9/v9.0.0/README.html
dev/tomcat/tomcat-9/v9.0.0/RELEASE-NOTES
dev/tomcat/tomcat-9/v9.0.0/bin/
dev/tomcat/tomcat-9/v9.0.0/bin/README.html
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.tar.gz   (with 
props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.tar.gz.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.tar.gz.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.zip.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.zip.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-deployer.zip.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-fulldocs.tar.gz   (with 
props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-fulldocs.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-fulldocs.tar.gz.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-fulldocs.tar.gz.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x64.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x64.zip.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x64.zip.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x64.zip.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x86.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x86.zip.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x86.zip.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0-windows-x86.zip.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.exe   (with props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.exe.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.exe.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.exe.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.tar.gz   (with props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.tar.gz.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.tar.gz.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.zip   (with props)
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.zip.asc
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.zip.md5
dev/tomcat/tomcat-9/v9.0.0/bin/apache-tomcat-9.0.0.zip.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/embed/
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.tar.gz.md5
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.tar.gz.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.zip.asc
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.zip.md5
dev/tomcat/tomcat-9/v9.0.0/bin/embed/apache-tomcat-9.0.0-embed.zip.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/extras/
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-jmx-remote.jar   (with props)
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-jmx-remote.jar.asc
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-jmx-remote.jar.md5
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-jmx-remote.jar.sha1
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-ws.jar   (with props)
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-ws.jar.asc
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-ws.jar.md5
dev/tomcat/tomcat-9/v9.0.0/bin/extras/catalina-ws.jar.sha1
dev/tomcat/tomcat-9/v9.0.0/src/
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.tar.gz   (with props)
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.tar.gz.md5
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.tar.gz.sha1
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.zip   (with props)
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.zip.asc
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.zip.md5
dev/tomcat/tomcat-9/v9.0.0/src/apache-tomcat-9.0.0-src.zip.sha1

Added: dev/tomcat/tomcat-9/v9.0.0/KEYS
==
--- dev/tomcat/tomcat-9/v9.0.0/KEYS (added)
+++ dev/tomcat/tomcat-9/v9.0.0/KEYS Fri Sep 22 18:53:49 2017
@@ -0,0 +1,616 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache 

svn commit: r1809331 - in /tomcat/tags/TOMCAT_9_0_0: ./ build.properties.default webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 18:19:57 2017
New Revision: 1809331

URL: http://svn.apache.org/viewvc?rev=1809331=rev
Log:
Tag 9.0.0

Added:
tomcat/tags/TOMCAT_9_0_0/   (props changed)
  - copied from r1809330, tomcat/trunk/
Modified:
tomcat/tags/TOMCAT_9_0_0/build.properties.default
tomcat/tags/TOMCAT_9_0_0/webapps/docs/changelog.xml

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
bugtraq:append = false

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
bugtraq:label = Bugzilla ID (optional)

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
--- bugtraq:logregex (added)
+++ bugtraq:logregex Fri Sep 22 18:19:57 2017
@@ -0,0 +1,2 @@
+(https?\://(bz|issues)\.apache\.org/bugzilla/show_bug.cgi\?id=\d+|BZ\s?\d+)
+(\d+)

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
bugtraq:message = Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID%

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
bugtraq:url = https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID%

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
--- svn:ignore (added)
+++ svn:ignore Fri Sep 22 18:19:57 2017
@@ -0,0 +1,8 @@
+.*
+build.properties
+logs
+nbproject
+output
+work
+*.iml
+temp

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
svn:mergeinfo = /tomcat/tc8.5.x/trunk:1802799,1808880

Propchange: tomcat/tags/TOMCAT_9_0_0/
--
svnmailer:content-charset = utf-8

Modified: tomcat/tags/TOMCAT_9_0_0/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/tags/TOMCAT_9_0_0/build.properties.default?rev=1809331=1809330=1809331=diff
==
--- tomcat/tags/TOMCAT_9_0_0/build.properties.default (original)
+++ tomcat/tags/TOMCAT_9_0_0/build.properties.default Fri Sep 22 18:19:57 2017
@@ -27,7 +27,7 @@ version.major=9
 version.minor=0
 version.build=0
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Build control flags -
 # Note enabling validation uses Checkstyle which is LGPL licensed

Modified: tomcat/tags/TOMCAT_9_0_0/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tags/TOMCAT_9_0_0/webapps/docs/changelog.xml?rev=1809331=1809330=1809331=diff
==
--- tomcat/tags/TOMCAT_9_0_0/webapps/docs/changelog.xml (original)
+++ tomcat/tags/TOMCAT_9_0_0/webapps/docs/changelog.xml Fri Sep 22 18:19:57 2017
@@ -44,7 +44,7 @@
   They eventually become mixed with the numbered issues. (I.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Servlet 4.0 implementation status

[Mark Thomas]

On 22/09/17 15:16, Konstantin Kolinko wrote:
> 2017-09-22 0:16 GMT+03:00 Mark Thomas :
>> Hi all,
>>
>> As of a few minutes ago the Servlet 4.0 API implementation in 9.0.x is
>> aligned with the 4.0 final release. It is also fully implemented. That
>> opens up the possibility of both beta and stable labels for the next
>> 9.0.x release. It also means that the next release will be a point
>> release, not a milestone release.
>>
>> I'll update the version number info accordingly shortly.
> 
> Reviewing appendix A.1 "Changes Since Servlet 3.1" of Servlet 4.0
> spec, I noted two points:
> 
> "8. Clarify metadata-complete in Section 8.1, “Annotations and pluggability”."
> 
> Section 8.1. clarifies that the following annotations must be
> processed even when metadata-complete="false":
> 
> "Annotations that do not have equivalents in the deployment XSD include
> javax.servlet.annotation.HandlesTypes and all of the CDI-related
> annotations. These annotations must be processed during annotation scanning,
> regardless of the value of “metadata-complete”."

I think we are compliant here. We do look for HandlesTypes matches when
metadata-complete="true" and we don't provide a CDI implementation.

> 
> The code in DefaultInstanceManager
> [[[
> private Object newInstance(Object instance, Class clazz)
> throws IllegalAccessException, InvocationTargetException,
> NamingException {
> if (!ignoreAnnotations) {
> Map injections =
> assembleInjectionsFromClassHierarchy(clazz);
> populateAnnotationsCache(clazz, injections);
> processAnnotations(instance, injections);
> postConstruct(instance, clazz);
> }
> return instance;
> }
> ]]]
> 
> "ignoreAnnotations" flag turns all annotation processing off.

I think that is consistent with 8.1 that lists all the annotations that
can be ignored with metadata-complete="true".

> "13. Remove DTDs and Schemas from binary artifact for Servlet API."
> 
> I do not mind us continuing shipping those resources,
> but maybe there was some reason for their removal?

Let me check back in the EG archives...


we intentionally stopped including the DTDs and XSDs in the
javax.servlet:javax.servlet-api JAR, because they are better maintained
outside of that jar.  In the case of GlassFish, they end up in the dtds
and schemas directories, respectively.


Looks like a Glassfish packaging decision.

I'm not seeing a need to package these elsewhere in Tomcat.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Servlet 4.0 implementation status

[Konstantin Kolinko]

2017-09-22 0:16 GMT+03:00 Mark Thomas :
> Hi all,
>
> As of a few minutes ago the Servlet 4.0 API implementation in 9.0.x is
> aligned with the 4.0 final release. It is also fully implemented. That
> opens up the possibility of both beta and stable labels for the next
> 9.0.x release. It also means that the next release will be a point
> release, not a milestone release.
>
> I'll update the version number info accordingly shortly.

Reviewing appendix A.1 "Changes Since Servlet 3.1" of Servlet 4.0
spec, I noted two points:

"8. Clarify metadata-complete in Section 8.1, “Annotations and pluggability”."

Section 8.1. clarifies that the following annotations must be
processed even when metadata-complete="false":

"Annotations that do not have equivalents in the deployment XSD include
javax.servlet.annotation.HandlesTypes and all of the CDI-related
annotations. These annotations must be processed during annotation scanning,
regardless of the value of “metadata-complete”."

The code in DefaultInstanceManager
[[[
private Object newInstance(Object instance, Class clazz)
throws IllegalAccessException, InvocationTargetException,
NamingException {
if (!ignoreAnnotations) {
Map injections =
assembleInjectionsFromClassHierarchy(clazz);
populateAnnotationsCache(clazz, injections);
processAnnotations(instance, injections);
postConstruct(instance, clazz);
}
return instance;
}
]]]

"ignoreAnnotations" flag turns all annotation processing off.


"13. Remove DTDs and Schemas from binary artifact for Servlet API."

I do not mind us continuing shipping those resources,
but maybe there was some reason for their removal?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61542] Apache Tomcat Remote Code Execution via JSP Upload bypass

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61542

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #11 from Mark Thomas  ---
Fixed in:
- trunk for 9.0.0 onwards
- 8.5.x for 8.5.22 onwards
- 8.0.x for 8.0.47 onwards
- 7.0.x for 7.0.82 onwards

I'm on the fence regarding the suggested documentation change. If a sysadmin
doesn't understand what enabling HTTP PUT and/or DELETE means I don't think any
realistic amount of documentation is going to result in a correctly secured
Tomcat instance.

Maybe what we need is a link to the security page from every setting called out
in the security page. Something to ponder / discuss on the dev@ list.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809317 - in /tomcat/trunk: java/org/apache/coyote/http11/AbstractHttp11Protocol.java java/org/apache/coyote/http11/Http11Processor.java webapps/docs/changelog.xml webapps/docs/config/htt

[markt]

Author: markt
Date: Fri Sep 22 14:06:39 2017
New Revision: 1809317

URL: http://svn.apache.org/viewvc?rev=1809317=rev
Log:
Make host header / request line consistency check configurable since it is a 
new requirement in RFC 7230

Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/http.xml

Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1809317=1809316=1809317=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri 
Sep 22 14:06:39 2017
@@ -91,6 +91,29 @@ public abstract class AbstractHttp11Prot
 //  HTTP specific 
properties
 // -- managed in the 
ProtocolHandler
 
+private boolean allowHostHeaderMismatch = false;
+/**
+ * Will Tomcat accept an HTTP 1.1 request where the host header does not
+ * agree with the host specified (if any) in the request line?
+ *
+ * @return {@code true} if Tomcat will allow such requests, otherwise
+ * {@code false}
+ */
+public boolean getAllowHostHeaderMismatch() {
+return allowHostHeaderMismatch;
+}
+/**
+ * Will Tomcat accept an HTTP 1.1 request where the host header does not
+ * agree with the host specified (if any) in the request line?
+ *
+ * @param allowHostHeaderMismatch {@code true} to allow such requests,
+ *{@code false} to reject them with a 400
+ */
+public void setAllowHostHeaderMismatch(boolean allowHostHeaderMismatch) {
+this.allowHostHeaderMismatch = allowHostHeaderMismatch;
+}
+
+
 private boolean rejectIllegalHeaderName = true;
 /**
  * If an HTTP request is received that contains an illegal header name 
(i.e.

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1809317=1809316=1809317=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Fri Sep 22 
14:06:39 2017
@@ -782,10 +782,22 @@ public class Http11Processor extends Abs
 // the Host header
 if (!hostValueMB.getByteChunk().equals(
 uriB, uriBCStart + pos, slashPos - pos)) {
-response.setStatus(400);
-setErrorState(ErrorState.CLOSE_CLEAN, null);
-if (log.isDebugEnabled()) {
-
log.debug(sm.getString("http11processor.request.inconsistentHosts"));
+if (protocol.getAllowHostHeaderMismatch()) {
+// The requirements of RFC 2616 are being
+// applied. If the host header and the request
+// line do not agree, the request line takes
+// precedence
+hostValueMB = headers.setValue("host");
+hostValueMB.setBytes(uriB, uriBCStart + pos, 
slashPos - pos);
+} else {
+// The requirements of RFC 7230 are being
+// applied. If the host header and the request
+// line do not agree, trigger a 400 response.
+response.setStatus(400);
+setErrorState(ErrorState.CLOSE_CLEAN, null);
+if (log.isDebugEnabled()) {
+
log.debug(sm.getString("http11processor.request.inconsistentHosts"));
+}
 }
 }
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1809317=1809316=1809317=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Sep 22 14:06:39 2017
@@ -79,7 +79,10 @@
   
 Implement the requirements of RFC 7230 that any HTTP/1.1 request that
 specifies a host in the request line, must specify the same 

buildbot success in on tomcat-trunk

[buildbot]

The Buildbot has detected a restored build on builder tomcat-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/2712

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1809300
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat pull request #:

[vmassol]

Github user vmassol commented on the pull request:


https://github.com/apache/tomcat/commit/eb195bebac8239b994fa921aeedb136a93e4ccaf#commitcomment-24486575
  
In java/org/apache/catalina/Context.java:
In java/org/apache/catalina/Context.java on line 1790:
Thanks


---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat pull request #:

[efge]

Github user efge commented on the pull request:


https://github.com/apache/tomcat/commit/eb195bebac8239b994fa921aeedb136a93e4ccaf#commitcomment-24486403
  
In java/org/apache/catalina/Context.java:
In java/org/apache/catalina/Context.java on line 1790:
FYI this was backported for 7.0.81 
(be895e53fffc092fa0b5eefe49dbad31b4069057)


---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-8-trunk

[buildbot]

The Buildbot has detected a restored build on builder tomcat-8-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/1129

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1809296
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-7-trunk

[buildbot]

The Buildbot has detected a new failure on builder tomcat-7-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-7-trunk/builds/879

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1809298
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61542] Apache Tomcat Remote Code Execution via JSP Upload bypass

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61542

--- Comment #10 from Peter Stöckli  ---
Created attachment 35361
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35361=edit
proposal to improve doc of the readonly flag

First of all: your work is greatly appreciated!
And I didn't know that Tomcat is also widely used as WebDAV server. So it makes
sense to keep that option.

Attached is a patch that could help improve the documentation of the readonly
flag.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809300 - /tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java

[markt]

Author: markt
Date: Fri Sep 22 10:59:13 2017
New Revision: 1809300

URL: http://svn.apache.org/viewvc?rev=1809300=rev
Log:
Trivial clean-up to trigger a CI build

Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java

Modified: 
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1809300=1809299=1809300=diff
==
--- 
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
(original)
+++ 
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 
Fri Sep 22 10:59:13 2017
@@ -45,7 +45,6 @@ import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.Oid;
 
-
 /**
  * A SPNEGO authenticator that uses the SPNEGO/Kerberos support built in to 
Java
  * 6. Successful Kerberos authentication depends on the correct configuration 
of



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809298 - /tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java

[markt]

Author: markt
Date: Fri Sep 22 10:39:51 2017
New Revision: 1809298

URL: http://svn.apache.org/viewvc?rev=1809298=rev
Log:
Code clean-up as a result of code reviews
- Minor performance optimisation
- Simplify code
- Additional commentary

Modified:
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=1809298=1809297=1809298=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
Fri Sep 22 10:39:51 2017
@@ -815,53 +815,69 @@ public class FileDirContext extends Base
 // If the requested names ends in '/', the Java File API will return a
 // matching file if one exists. This isn't what we want as it is not
 // consistent with the Servlet spec rules for request mapping.
-if (file.isFile() && name.endsWith("/")) {
+if (name.endsWith("/") && file.isFile()) {
 return null;
 }
 
-if (!mustExist || file.exists() && file.canRead()) {
+// If the file/dir must exist but the identified file/dir can't be read
+// then signal that the resource was not found
+if (mustExist && !file.canRead()) {
+return null;
+}
 
-if (allowLinking)
-return file;
+// If allow linking is enabled, files are not limited to being located
+// under the fileBase so all further checks are disabled.
+if (allowLinking)
+return file;
+
+// Check that this file is located under the web application root
+String canPath = null;
+try {
+canPath = file.getCanonicalPath();
+} catch (IOException e) {
+// Ignore
+}
+if (canPath == null || !canPath.startsWith(absoluteBase)) {
+return null;
+}
 
-// Check that this file belongs to our root path
-String canPath = null;
-try {
-canPath = file.getCanonicalPath();
-} catch (IOException e) {
-// Ignore
-}
-if (canPath == null)
-return null;
-
-// Check to see if going outside of the web application root
-if (!canPath.startsWith(absoluteBase)) {
-return null;
-}
-
-// Case sensitivity check - this is now always done
-String fileAbsPath = file.getAbsolutePath();
-if (fileAbsPath.endsWith("."))
-fileAbsPath = fileAbsPath + "/";
-String absPath = normalize(fileAbsPath);
-canPath = normalize(canPath);
-if ((absoluteBase.length() < absPath.length())
-&& (absoluteBase.length() < canPath.length())) {
-absPath = absPath.substring(absoluteBase.length() + 1);
-if (absPath.equals(""))
-absPath = "/";
-canPath = canPath.substring(absoluteBase.length() + 1);
-if (canPath.equals(""))
-canPath = "/";
-if (!canPath.equals(absPath))
-return null;
-}
+// Ensure that the file is not outside the fileBase. This should not be
+// possible for standard requests (the request is normalized early in
+// the request processing) but might be possible for some access via 
the
+// Servlet API (RequestDispatcher, HTTP/2 push etc.) therefore these
+// checks are retained as an additional safety measure
+// absoluteBase has been normalized so absPath needs to be normalized 
as
+// well.
+String absPath = normalize(file.getAbsolutePath());
+if ((absoluteBase.length() > absPath.length())) {
+return null;
+}
 
-} else {
+// Remove the fileBase location from the start of the paths since that
+// was not part of the requested path and the remaining check only
+// applies to the request path
+absPath = absPath.substring(absoluteBase.length());
+canPath = canPath.substring(absoluteBase.length());
+
+// Case sensitivity check
+// The normalized requested path should be an exact match the 
equivalent
+// canonical path. If it is not, possible reasons include:
+// - case differences on case insensitive file systems
+// - Windows removing a trailing ' ' or '.' from the file name
+//
+// In all cases, a mis-match here results in the resource not being
+// found
+//
+// absPath is normalized so canPath needs to be normalized as well
+// 

svn commit: r1809296 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/webresources/AbstractFileResourceSet.java

[markt]

Author: markt
Date: Fri Sep 22 10:29:45 2017
New Revision: 1809296

URL: http://svn.apache.org/viewvc?rev=1809296=rev
Log:
Additional clean-up

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 10:29:45 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452
 

svn commit: r1809293 - in /tomcat/tc7.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 10:18:29 2017
New Revision: 1809293

URL: http://svn.apache.org/viewvc?rev=1809293=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
Remainder of fix for CVE-2017-12617
This ensures that a path specified for creation of a file does not end in '/' 
since that is dropped by the File API.

Modified:
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=1809293=1809292=1809293=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
Fri Sep 22 10:18:29 2017
@@ -476,11 +476,16 @@ public class FileDirContext extends Base
  * @exception NamingException if a naming exception is encountered
  */
 @Override
-public void bind(String name, Object obj, Attributes attrs)
-throws NamingException {
+public void bind(String name, Object obj, Attributes attrs) throws 
NamingException {
 
 // Note: No custom attributes allowed
 
+// bind() is meant to create a file so ensure that the path doesn't end
+// in '/'
+if (name.endsWith("/")) {
+throw new NamingException(sm.getString("resources.bindFailed", 
name));
+}
+
 File file = file(name, false);
 if (file == null) {
 throw new NamingException(sm.getString("resources.bindFailed", 
name));

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1809293=1809292=1809293=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Sep 22 10:18:29 2017
@@ -90,6 +90,11 @@
 DirContext that represented the web application in a
 ProxyDirContext twice rather than just once. (markt)
   
+  
+61542: Fix CVE-2017-12617 and prevent JSPs from being
+uploaded via a specially crafted request when HTTP PUT was enabled.
+(markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809288 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/servlets/ java/org/apache/naming/resources/ test/org/apache/naming/resources/

[markt]

Author: markt
Date: Fri Sep 22 09:46:02 2017
New Revision: 1809288

URL: http://svn.apache.org/viewvc?rev=1809288=rev
Log:
Partial fix for CVE-2017-12617
This moves a check from the Default servlet where it applied to GET, POST, HEAD 
and OPTIONS to the resources implementation where it applies to any method that 
expects the resource to exist (e.g.DELETE)
Still need to address the case where the resource does not exist (e.g. PUT)

Added:

tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestFileDirContext.java   
(with props)
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1809288=1809287=1809288=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java 
Fri Sep 22 09:46:02 2017
@@ -860,23 +860,6 @@ public class DefaultServlet
 return;
 }
 
-// If the resource is not a collection, and the resource path
-// ends with "/" or "\", return NOT FOUND
-if (cacheEntry.context == null) {
-if (path.endsWith("/") || (path.endsWith("\\"))) {
-// Check if we're included so we can return the appropriate
-// missing resource name in the error
-String requestUri = (String) request.getAttribute(
-RequestDispatcher.INCLUDE_REQUEST_URI);
-if (requestUri == null) {
-requestUri = request.getRequestURI();
-}
-response.sendError(HttpServletResponse.SC_NOT_FOUND,
-   requestUri);
-return;
-}
-}
-
 // Check if the conditions specified in the optional If headers are
 // satisfied.
 if (cacheEntry.context == null) {

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=1809288=1809287=1809288=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
Fri Sep 22 09:46:02 2017
@@ -801,11 +801,18 @@ public class FileDirContext extends Base
  */
 protected File file(String name, boolean mustExist) {
 File file = new File(base, name);
-return validate(file, mustExist, absoluteBase);
+return validate(file, name, mustExist, absoluteBase);
 }
 
 
-protected File validate(File file, boolean mustExist, String absoluteBase) 
{
+protected File validate(File file, String name, boolean mustExist, String 
absoluteBase) {
+
+// If the requested names ends in '/', the Java File API will return a
+// matching file if one exists. This isn't what we want as it is not
+// consistent with the Servlet spec rules for request mapping.
+if (file.isFile() && name.endsWith("/")) {
+return null;
+}
 
 if (!mustExist || file.exists() && file.canRead()) {
 

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java?rev=1809288=1809287=1809288=diff
==
--- 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java 
(original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java 
Fri Sep 22 09:46:02 2017
@@ -163,7 +163,7 @@ public class VirtualDirContext extends F
 String resourcesDir = dirList.get(0);
 if (name.equals(path)) {
 File f = new File(resourcesDir);
-f = validate(f, true, resourcesDir);
+f = validate(f, name, true, resourcesDir);
 if (f != null) {
 return new FileResourceAttributes(f);
 }
@@ -171,8 +171,8 @@ public class VirtualDirContext extends F
 path += "/";
 if (name.startsWith(path)) {
 String res = name.substring(path.length());
-File f = new File(resourcesDir + "/" + res);
-f = validate(f, true, resourcesDir);
+   

svn commit: r1809286 - in /tomcat/tc7.0.x/trunk/test/org/apache/naming/resources: TestProxyDirContext.java TestWarDirContext.java

[markt]

Author: markt
Date: Fri Sep 22 09:26:41 2017
New Revision: 1809286

URL: http://svn.apache.org/viewvc?rev=1809286=rev
Log:
Fix IDE warnings in this package (the comments aren't intended to be used to 
generate Javadoc)

Modified:

tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestProxyDirContext.java
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestWarDirContext.java

Modified: 
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestProxyDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestProxyDirContext.java?rev=1809286=1809285=1809286=diff
==
--- 
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestProxyDirContext.java 
(original)
+++ 
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestProxyDirContext.java 
Fri Sep 22 09:26:41 2017
@@ -32,7 +32,7 @@ import org.apache.catalina.startup.Tomca
  */
 public class TestProxyDirContext extends TomcatBaseTest {
 
-/**
+/*
  * lookup doesn't always throw the same exception.
  */
 @Test

Modified: 
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestWarDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestWarDirContext.java?rev=1809286=1809285=1809286=diff
==
--- 
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestWarDirContext.java 
(original)
+++ 
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestWarDirContext.java 
Fri Sep 22 09:26:41 2017
@@ -44,7 +44,7 @@ public class TestWarDirContext extends T
 new JreMemoryLeakPreventionListener());
 }
 
-/**
+/*
  * Check https://jira.springsource.org/browse/SPR-7350 isn't really an 
issue
  */
 @Test
@@ -64,7 +64,7 @@ public class TestWarDirContext extends T
 }
 
 
-/**
+/*
  * Additional test following on from SPR-7350 above to check files that
  * contain JNDI reserved characters can be served when caching is enabled.
  */
@@ -94,7 +94,7 @@ public class TestWarDirContext extends T
 }
 
 
-/**
+/*
  * Additional test following on from SPR-7350 above to check files that
  * contain JNDI reserved characters can be served when caching is disabled.
  */



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61542] Apache Tomcat Remote Code Execution via JSP Upload bypass

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61542

--- Comment #9 from Mark Thomas  ---
Indeed. Lots of folks run Tomcat with WebDAV on internal sites. Hard-coding
readonly to true is simply not an option.

Regarding better documentation, patches welcome.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61542] Apache Tomcat Remote Code Execution via JSP Upload bypass

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61542

--- Comment #8 from Remy Maucherat  ---
(In reply to Peter Stöckli from comment #7)
> Isn't the mere existence of the readonly parameter also part of the problem?
> 
> https://tomcat.apache.org/tomcat-7.0-doc/default-servlet.html
> It is currently documented as "Is this context "read only", so HTTP commands
> like PUT and DELETE are rejected? [true]"
> 
> But it holds more "surprises". IMHO this parameter should NEVER be set to
> false. Maybe it can be removed or the documentation of this parameter can be
> improved?

Have you ever heard of WebDAV ? Obviously if we were writing Tomcat today, we
would never bother implementing it. Also obviously, nobody running a public
server should enable it, secured or not. But it's not going to be removed
either.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809285 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/webresources/AbstractFileResourceSet.java

[markt]

Author: markt
Date: Fri Sep 22 09:10:11 2017
New Revision: 1809285

URL: http://svn.apache.org/viewvc?rev=1809285=rev
Log:
Code clean-up as a result of code reviews
- Minor performance optimisation
- Simplify code
- Additional commentary
- Correctly convert \ to / on platforms that use \ as a separator (e.g. Windows)

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 09:10:11 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 

svn commit: r1809284 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/webresources/DirResourceSet.java test/org/apache/catalina/webresources/AbstractTestResourceSet.java webapps/docs/changelog.

[markt]

Author: markt
Date: Fri Sep 22 09:08:10 2017
New Revision: 1809284

URL: http://svn.apache.org/viewvc?rev=1809284=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
Remainder of fix for CVE-2017-12617
This ensures that a path specified for creation of a file does not end in '/' 
since that is dropped by the File API.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/webresources/DirResourceSet.java

tomcat/tc8.0.x/trunk/test/org/apache/catalina/webresources/AbstractTestResourceSet.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 09:08:10 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 

svn commit: r1809283 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/servlets/DefaultServlet.java java/org/apache/catalina/webresources/AbstractFileResourceSet.java test/org/apache/catalina/we

[markt]

Author: markt
Date: Fri Sep 22 09:06:38 2017
New Revision: 1809283

URL: http://svn.apache.org/viewvc?rev=1809283=rev
Log:
Partial fix for CVE-2017-12617
This moves a check from the Default servlet where it applied to GET, POST, HEAD 
and OPTIONS to the resources implementation where it applies to any method that 
expects the resource to exist (e.g.DELETE)
Still need to address the case where the resource does not exist (e.g. PUT)

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java

tomcat/tc8.0.x/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java

tomcat/tc8.0.x/trunk/test/org/apache/catalina/webresources/AbstractTestResourceSet.java

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 09:06:38 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 

svn commit: r1809275 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/webresources/AbstractFileResourceSet.java

[markt]

Author: markt
Date: Fri Sep 22 08:03:54 2017
New Revision: 1809275

URL: http://svn.apache.org/viewvc?rev=1809275=rev
Log:
Code clean-up as a result of code reviews
- Minor performance optimisation
- Simplify code
- Additional commentary
- Correctly convert \ to / on platforms that use \ as a separator (e.g. Windows)

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 08:03:54 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

[Bug 61542] Apache Tomcat Remote Code Execution via JSP Upload bypass

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61542

--- Comment #7 from Peter Stöckli  ---
Isn't the mere existence of the readonly parameter also part of the problem?

https://tomcat.apache.org/tomcat-7.0-doc/default-servlet.html
It is currently documented as "Is this context "read only", so HTTP commands
like PUT and DELETE are rejected? [true]"

But it holds more "surprises". IMHO this parameter should NEVER be set to
false. Maybe it can be removed or the documentation of this parameter can be
improved?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-8-trunk

[buildbot]

The Buildbot has detected a new failure on builder tomcat-8-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/1127

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1809267
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809274 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/webresources/DirResourceSet.java test/org/apache/catalina/webresources/AbstractTestResourceSet.java webapps/docs/changelog.

[markt]

Author: markt
Date: Fri Sep 22 07:54:31 2017
New Revision: 1809274

URL: http://svn.apache.org/viewvc?rev=1809274=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
Remainder of fix for CVE-2017-12617
This ensures that a path specified for creation of a file does not end in '/' 
since that is dropped by the File API.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/DirResourceSet.java

tomcat/tc8.5.x/trunk/test/org/apache/catalina/webresources/AbstractTestResourceSet.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 07:54:31 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1809272 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/servlets/DefaultServlet.java java/org/apache/catalina/webresources/AbstractFileResourceSet.java test/org/apache/catalina/we

[markt]

Author: markt
Date: Fri Sep 22 07:50:26 2017
New Revision: 1809272

URL: http://svn.apache.org/viewvc?rev=1809272=rev
Log:
Partial fix for CVE-2017-12617
This moves a check from the Default servlet where it applied to GET, POST, HEAD 
and OPTIONS to the resources implementation where it applies to any method that 
expects the resource to exist (e.g.DELETE)
Still need to address the case where the resource does not exist (e.g. PUT)

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java

tomcat/tc8.5.x/trunk/test/org/apache/catalina/webresources/AbstractTestResourceSet.java

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 07:50:26 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

buildbot failure in on tomcat-trunk

[buildbot]

The Buildbot has detected a new failure on builder tomcat-trunk while building 
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/2711

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1809265
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61545] ProxyConnection.invoke() does not handle javax.sql.PooledConnection method calls

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61545

--- Comment #2 from Nils Winkler  ---
Thanks for the quick fix! Happy to help!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61545] ProxyConnection.invoke() does not handle javax.sql.PooledConnection method calls

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61545

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
Thanks for the report, detailed explanation and fix.

Fixed in:
- trunk for 9.0.0 onwards
- 8.5.x for 8.5.22 onwards
- 8.0.x for 8.0.47 onwards
- 7.0.x for 7.0.82 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809268 - in /tomcat/tc7.0.x/trunk: ./ modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 07:23:18 2017
New Revision: 1809268

URL: http://svn.apache.org/viewvc?rev=1809268=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61545
Correctly handle invocations of methods defined in the PooledConnection 
interface when using pooled XA connections.
Patch provided by Nils Winkler.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 07:23:18 2017
@@ -1,3 +1,3 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988
 
,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702
 
739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1
 
725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,1802814,180361
 8,1806107,1806733,1807082-1807083,1808707,1808884

svn commit: r1809267 - in /tomcat/tc8.0.x/trunk: ./ modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 07:22:12 2017
New Revision: 1809267

URL: http://svn.apache.org/viewvc?rev=1809267=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61545
Correctly handle invocations of methods defined in the PooledConnection 
interface when using pooled XA connections.
Patch provided by Nils Winkler.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 07:22:12 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 

svn commit: r1809266 - in /tomcat/tc8.5.x/trunk: ./ modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 07:20:39 2017
New Revision: 1809266

URL: http://svn.apache.org/viewvc?rev=1809266=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61545
Correctly handle invocations of methods defined in the PooledConnection 
interface when using pooled XA connections.
Patch provided by Nils Winkler.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 07:20:39 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1809265 - in /tomcat/trunk: modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 07:20:04 2017
New Revision: 1809265

URL: http://svn.apache.org/viewvc?rev=1809265=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61545
Correctly handle invocations of methods defined in the PooledConnection 
interface when using pooled XA connections.
Patch provided by Nils Winkler.

Modified:

tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java?rev=1809265=1809264=1809265=diff
==
--- 
tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
 (original)
+++ 
tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
 Fri Sep 22 07:20:04 2017
@@ -103,7 +103,7 @@ public class ProxyConnection extends Jdb
 return this.toString();
 } else if (compare(GETCONNECTION_VAL,method) && connection!=null) {
 return connection.getConnection();
-} else if (method.getDeclaringClass().equals(XAConnection.class)) {
+} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class)) {
 try {
 return method.invoke(connection.getXAConnection(),args);
 }catch (Throwable t) {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1809265=1809264=1809265=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Sep 22 07:20:04 2017
@@ -97,6 +97,15 @@
   
 
   
+  
+
+  
+61545: Correctly handle invocations of methods defined in 
the
+PooledConnection interface when using pooled XA
+connections. Patch provided by Nils Winkler. (markt)
+  
+
+  
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61557] KeyStoreException make Tomcat could not startup successfully

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61557

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|REOPENED|RESOLVED

--- Comment #5 from Mark Thomas  ---
Thanks for testing and confirming the fix.

Fixed in
- trunk for 9.0.0 onwards
- 8.5.x for 8.5.22 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1809264 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/jsse/JSSEUtil.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 07:10:46 2017
New Revision: 1809264

URL: http://svn.apache.org/viewvc?rev=1809264=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61557
Correct a further regression in the fix to enable the use of Java key stores 
that contain multiple keys that do not all have the same password. The 
regression broke support for some FIPS compliant key stores.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 22 07:10:46 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747
 
536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1
 
756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
 

svn commit: r1809263 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/JSSEUtil.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Fri Sep 22 07:09:59 2017
New Revision: 1809263

URL: http://svn.apache.org/viewvc?rev=1809263=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61557
Correct a further regression in the fix to enable the use of Java key stores 
that contain multiple keys that do not all have the same password. The 
regression broke support for some FIPS compliant key stores.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1809263=1809262=1809263=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Fri Sep 22 
07:09:59 2017
@@ -241,7 +241,13 @@ public class JSSEUtil extends SSLUtilBas
 Key k = ks.getKey(keyAlias, keyPassArray);
 if (k != null && "PKCS#8".equalsIgnoreCase(k.getFormat())) {
 // Switch to in-memory key store
-ksUsed = KeyStore.getInstance("JKS");
+String provider = certificate.getCertificateKeystoreProvider();
+if (provider == null) {
+ksUsed = 
KeyStore.getInstance(certificate.getCertificateKeystoreType());
+} else {
+ksUsed = 
KeyStore.getInstance(certificate.getCertificateKeystoreType(),
+provider);
+}
 ksUsed.load(null,  null);
 ksUsed.setKeyEntry(keyAlias, k, keyPassArray, 
ks.getCertificateChain(keyAlias));
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1809263=1809262=1809263=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Sep 22 07:09:59 2017
@@ -89,6 +89,12 @@
   
 Add a way to set the property source in embedded mode. (remm)
   
+  
+61557: Correct a further regression in the fix to enable the
+use of Java key stores that contain multiple keys that do not all have
+the same password. The regression broke support for some FIPS compliant
+key stores. (markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1809248 - /tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java

[Mark Thomas]

On 22/09/17 01:29, kkoli...@apache.org wrote:
> Author: kkolinko
> Date: Fri Sep 22 00:29:54 2017
> New Revision: 1809248
> 
> URL: http://svn.apache.org/viewvc?rev=1809248=rev
> Log:
> Remove condition that is always false, thanks to 
> "canPath.startsWith(canonicalBase)" check a few lines earlier.

Thanks for catching this.

I've been trying to think if there are any circumstances under which the

absoluteBase.length() > absPath.length()

test could fail. I can't think of any but I'm not confident enough of
that at this point to remove the check.

Mark


> 
> Modified:
> 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
> 
> Modified: 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java?rev=1809248=1809247=1809248=diff
> ==
> --- 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
>  (original)
> +++ 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
>  Fri Sep 22 00:29:54 2017
> @@ -93,11 +93,10 @@ public abstract class AbstractFileResour
>  // the request processing) but might be possible for some access via 
> the
>  // Servlet API (RequestDispatcher, HTTP/2 push etc.) therefore these
>  // checks are retained as an additional safety measure
> -// absoluteBase has been normalized so absPath needs to normalized as
> +// absoluteBase has been normalized so absPath needs to be 
> normalized as
>  // well.
>  String absPath = normalize(file.getAbsolutePath());
> -if (absoluteBase.length() > absPath.length() ||
> -canonicalBase.length() > canPath.length()) {
> +if (absoluteBase.length() > absPath.length()) {
>  return null;
>  }
>  
> 
> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61557] KeyStoreException make Tomcat could not startup successfully

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61557

--- Comment #4 from Jerry  ---
(In reply to Mark Thomas from comment #3)
> Created attachment 35359 [details]
> Proposed patch for 9.0.x
> 
> Does this patch fix the issue? It is for 9.0.x but should apply to 8.5.x as
> well.

I pull 8.5 source code in local and apply the same patch. And it solved the
issue!
The tomcat could startup successfully. 

[Log]
Sep 22, 2017 10:13:57 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["https-jsse-nio-8443"]
Sep 22, 2017 10:13:58 AM org.apache.tomcat.util.net.SSLUtilBase getEnabled
WARNING: Some of the specified [protocols] are not supported by the SSL engine
and have been skipped: [[SSLv2Hello]]
Sep 22, 2017 10:13:58 AM org.apache.tomcat.util.net.NioSelectorPool
getSharedSelector
INFO: Using a shared selector for servlet write/read
Sep 22, 2017 10:13:58 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-nio-8009"]
Sep 22, 2017 10:13:58 AM org.apache.tomcat.util.net.NioSelectorPool
getSharedSelector
INFO: Using a shared selector for servlet write/read
Sep 22, 2017 10:13:58 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3715 ms
Sep 22, 2017 10:13:58 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service [Catalina]
Sep 22, 2017 10:13:58 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/8.5.22-dev

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org