Re: [VOTE] Release Apache Tomcat Native 1.2.17

2018-06-12 Thread Coty Sutherland
On Thu, Jun 7, 2018 at 11:50 AM, jean-frederic clere 
wrote:

> Version 1.2.17 includes the following changes compared to 1.2.16:
>
> - Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3
>
> Various other fixes and improvements. See the changelog for details.
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.17 is
>  [x] Stable, go ahead and release
>  [ ] Broken because of ...
>

+1, works fine for me on Fedora 26 (APR 1.6.3 and OpenSSL 1.1.0h-fips).


>
> Thanks,
>
> Jean-Frederic
>
>
> [1]
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-
> connectors/native/1.2.17/
> [2] https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_
> NATIVE_1_2_17
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat Native 1.2.17

2018-06-12 Thread Emmanuel Bourg
+1

Tested on Debian Sid with OpenJDK 10, OpenSSL 1.1.0h and GCC 7.3

Emmanuel Bourg


Le 07/06/2018 à 17:50, jean-frederic clere a écrit :
> Version 1.2.17 includes the following changes compared to 1.2.16:
> 
> - Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3
> 
> Various other fixes and improvements. See the changelog for details.
> 
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
> 
> The Apache Tomcat Native 1.2.17 is
>  [ ] Stable, go ahead and release
>  [ ] Broken because of ...
> 
> Thanks,
> 
> Jean-Frederic
> 
> 
> [1]
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.17/
> [2] https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_NATIVE_1_2_17
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat Native 1.2.17

2018-06-12 Thread Rainer Jung

Am 07.06.2018 um 17:50 schrieb jean-frederic clere:

Version 1.2.17 includes the following changes compared to 1.2.16:

- Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3

Various other fixes and improvements. See the changelog for details.

The proposed release artefacts can be found at [1],
and the build was done using tag [2].

The Apache Tomcat Native 1.2.17 is
  [X] Stable, go ahead and release
  [ ] Broken because of ...


+1 to release, thanks for RMing.

2 remarks:

- when I extract the zip sources on Unix, I get all dirs and files with 
group write (!) permission. That sounds unsafe. It wasn't like that for 
1.2.16. I don't know on which platform and using which zip impl you 
created them, but many of those would reflect in the zip the permissions 
that the files had on your file system. Group write permissions is 
typically something we should avoid for security reasons.


- OpenSSL used according to VERSIONS file is 1.0.2m. I would suggest 
taking the latest patch level for release builds but did not check the 
changelog and history to see, whether there was a relevant change 
between 1.0.2m and 1.0.2o.


and one old remark:

- it seems to me that on Unix/Linux OCSP support is always active if 
OpenSSL supports it, but on Windows one needs to enable it. See 
"ENABLE_OCSP" in files native/BUILDING and native/NMAKEmakefile. Is that 
still the right thing to do, or should we simply distribute the ocsp 
enabled windows binary and drop the non-ocsp one? I can't judge by 
myself, but currently Windows and Unix/Linux build differ in their defaults.


Now for the test results:

- Tested with APR 1.6.3, OpenSSL 1.0.2o plus patches,
  and unit tests of TC 8.5 head
- Platforms Solaris 10 Sparc, SLES 11 and 12 64 Bit, RHEL 6 and 7 64 Bits
- configure flag "--enable-maintainer-mode"
- make with gcc 8.1.0 on Solaris and platform gcc on Linux
- Using Java version 1.8.0_172 64 Bit
  - Using "-XX:-UseCompressedClassPointers" on 64 Bit Linux
- SHA1 and MD5 OK
- signatures OK
- gz and zip for sources consistent
- source dist consistent with svn tag
- config.guess and config.sub from apr 1.6.3 (copied by buildconf)
  from last year (OK).
- VERSIONS says OpenSSL 1.0.2m and APR 1.6.3
  - more recent OpenSSL 1.0.2o might have been nice
- recreated release with jnirelease script, results are
  consistent with source dist, except for minor expected diffs in
  generated docs
- make succeeds and builds lib
  - no C warnings
- unit test results for TC
  - no failures

Regards,

Rainer

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-06-12 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371

--- Comment #30 from Robert Gacki  ---
Docker Swarm is not the only environment that may experience a regression. I
have a client that has an "acme-xy" TLD for the internal network. We upgraded
our Spring Boot applications to 2.0.2, which ships with Tomcat 5.8.31 and we
were bitten by the same issue.

Whether this is RFC compliant or not, I rather like to see such changes to be
toggled and / or introduced gradually (like a warning first).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org