Re: Broken links on the website

2019-12-17 Thread Igal Sapir 
Scratch that.

I don't know why Google is indexing the wrong page.  The actual Download
page [2] was a bit slow but renders properly.  Sorry about that.

Perhaps we can remove the wrong page or add a meta tag with a canonical tag
[3], e.g.
  https://tomcat.apache.org/download-90.cgi"; />

Igal

[2] https://tomcat.apache.org/download-90.cgi
[3] https://support.google.com/webmasters/answer/139066?hl=en


On Tue, Dec 17, 2019 at 6:18 PM Igal Sapir  wrote:

> Something went wrong on the website.  Specifically, the Download page for
> 9.0 [1] shows attributes that should be evaluated, e.g. [define
> v]9.0.30[end].  That also breaks the download links which do not evaluate
> the version number properly.
>
> I can look into it tomorrow, but if someone more familiar with recent
> changes can fix it that would be great.
>
> Also, migrating the source to Git would be very helpful since if it were
> in Git I could have looked into it now.  SVN is a bit more challenging for
> me ATM.
>
> Thank you,
>
> Igal
>
> [1] https://tomcat.apache.org/download-90
>
>

Broken links on the website

2019-12-17 Thread Igal Sapir 
Something went wrong on the website.  Specifically, the Download page for
9.0 [1] shows attributes that should be evaluated, e.g. [define
v]9.0.30[end].  That also breaks the download links which do not evaluate
the version number properly.

I can look into it tomorrow, but if someone more familiar with recent
changes can fix it that would be great.

Also, migrating the source to Git would be very helpful since if it were in
Git I could have looked into it now.  SVN is a bit more challenging for me
ATM.

Thank you,

Igal

[1] https://tomcat.apache.org/download-90

[Bug 64013] build.xml "release" target fails due to JavaDoc warnings

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64013

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #3 from Mark Thomas  ---
You should be able to do a release build with any supported Java version for
8.5.x now.

And for the record:

9.0.x was OK.

7.0.x is still a work in progress. There are a large number of Javadoc warnings
to resolve is using newer versions of Java.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64013] build.xml "release" target fails due to JavaDoc warnings

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64013

--- Comment #2 from George Stanchev  ---
Yeah I forgot to mention that I used Java 8u232 for the build. The fix is
trivial of course. I added the javadoc elements below and it finished building

   /**
 * @deprecated This will be removed in Tomcat 10. Use
 * {@link #getPrincipal(GSSName, GSSCredential)} instead.
 * @param username The user name
 * @param gssCredential the GSS credential of the principal
 * @return the Principal associated with the given user name.
 */
@Deprecated
protected Principal getPrincipal(String username,
GSSCredential gssCredential) {
Principal p = getPrincipal(username);

if (p instanceof GenericPrincipal) {
((GenericPrincipal) p).setGssCredential(gssCredential);
}

return p;
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Align with 8.5.x/9.0.x Javadoc fixes and formatting

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new ed2626a  Align with 8.5.x/9.0.x Javadoc fixes and formatting
ed2626a is described below

commit ed2626a62e3f5ff025ba7531842dbcfbaf94e2e4
Author: Mark Thomas 
AuthorDate: Tue Dec 17 22:18:35 2019 +

Align with 8.5.x/9.0.x Javadoc fixes and formatting
---
 java/org/apache/catalina/realm/RealmBase.java | 95 ++-
 1 file changed, 50 insertions(+), 45 deletions(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 41eef83..ab89596 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -131,8 +131,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements GSSRealm {
 /**
  * The string manager for this package.
  */
-protected static final StringManager sm =
-StringManager.getManager(Constants.Package);
+protected static final StringManager sm = 
StringManager.getManager(RealmBase.class);
 
 
 /**
@@ -202,9 +201,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements GSSRealm {
  */
 @Override
 public Container getContainer() {
-
-return (container);
-
+return container;
 }
 
 
@@ -224,21 +221,19 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements GSSRealm {
 
 /**
  * Return the all roles mode.
+ * @return A string representation of the current all roles mode
  */
 public String getAllRolesMode() {
-
 return allRolesMode.toString();
-
 }
 
 
 /**
  * Set the all roles mode.
+ * @param allRolesMode A string representation of the new all roles mode
  */
 public void setAllRolesMode(String allRolesMode) {
-
 this.allRolesMode = AllRolesMode.toMode(allRolesMode);
-
 }
 
 /**
@@ -303,11 +298,10 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements GSSRealm {
 
 /**
  * Return the "validate certificate chains" flag.
+ * @return The value of the validate certificate chains flag
  */
 public boolean getValidate() {
-
-return (this.validate);
-
+return validate;
 }
 
 
@@ -335,10 +329,11 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements GSSRealm {
 /**
  * Sets the name of the class that will be used to extract user names
  * from X509 client certificates. The class must implement
- * (@link X509UsernameRetriever}.
+ * X509UsernameRetriever.
  *
  * @param className The name of the class that will be used to extract 
user names
  *  from X509 client certificates.
+ * @see X509UsernameRetriever
  */
 public void setX509UsernameRetrieverClassName(String className) {
 this.x509UsernameRetrieverClassName = className;
@@ -398,6 +393,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements GSSRealm {
  * @param username Username of the Principal to look up
  * @param credentials Password or other credentials to use in
  *  authenticating this username
+ * @return the associated principal, or null if there is none.
  */
 @Override
 public Principal authenticate(String username, String credentials) {
@@ -445,17 +441,22 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements GSSRealm {
 
 
 /**
- * Return the Principal associated with the specified username, which
+ * Try to authenticate with the specified username, which
  * matches the digest calculated using the given parameters using the
- * method described in RFC 2069; otherwise return null.
+ * method described in RFC 2617 (which is a superset of RFC 2069).
  *
  * @param username Username of the Principal to look up
  * @param clientDigest Digest which has been submitted by the client
  * @param nonce Unique (or supposedly unique) token which has been used
  * for this request
+ * @param nc the nonce counter
+ * @param cnonce the client chosen nonce
+ * @param qop the "quality of protection" (nc and 
cnonce
+ *will only be used, if qop is not null).
  * @param realm Realm name
  * @param md5a2 Second MD5 digest used to calculate the digest :
  * MD5(Method + ":" + uri)
+ * @return the associated principal, or null if there is none.
  */
 @Override
 public Principal authenticate(String username, String clientDigest,
@@ -517,7 +518,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements GSSRealm {
 public Principal authenticate(X509Certificate certs[]) {
 
 if ((certs == null) || (certs.length < 1))
-return (null);
+return null;

[tomcat] branch 8.5.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64013 Javadoc Java 8+

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 8afad4d  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64013 
Javadoc Java 8+
8afad4d is described below

commit 8afad4ddac6dc825cde2dc6fa06c41aaee2507d5
Author: Mark Thomas 
AuthorDate: Tue Dec 17 22:17:09 2019 +

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64013 Javadoc Java 8+

Fix Javadoc warnings and formatting changes to align with 9.0.x/7.0.x
---
 java/org/apache/catalina/realm/RealmBase.java | 38 ++-
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 5fd7f18..b1cbfc7 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -149,7 +149,6 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements org.apache
 
 // - Properties
 
-
 /**
  * @return The HTTP status code used when the container needs to issue an
  * HTTP redirect to meet the requirements of a configured transport
@@ -368,6 +367,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements org.apache
 }
 }
 
+
 /**
  * Try to authenticate with the specified username, which
  * matches the digest calculated using the given parameters using the
@@ -1246,7 +1246,12 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements org.apache
 
 
 /**
- * @deprecated This will be removed in Tomcat 10. Use
+ * Get the principal associated with the specified user name.
+ *
+ * @param username The user name
+ * @param gssCredential the GSS credential of the principal
+ * @return the principal associated with the given user name.
+ * @deprecated This will be removed in Tomcat 10 onwards. Use
  * {@link #getPrincipal(GSSName, GSSCredential)} instead.
  */
 @Deprecated
@@ -1561,44 +1566,41 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements org.apache
  */
 public static final AllRolesMode STRICT_AUTH_ONLY_MODE = new 
AllRolesMode("strictAuthOnly");
 
-static AllRolesMode toMode(String name)
-{
+static AllRolesMode toMode(String name) {
 AllRolesMode mode;
-if( name.equalsIgnoreCase(STRICT_MODE.name) )
+if (name.equalsIgnoreCase(STRICT_MODE.name)) {
 mode = STRICT_MODE;
-else if( name.equalsIgnoreCase(AUTH_ONLY_MODE.name) )
+} else if (name.equalsIgnoreCase(AUTH_ONLY_MODE.name)) {
 mode = AUTH_ONLY_MODE;
-else if( name.equalsIgnoreCase(STRICT_AUTH_ONLY_MODE.name) )
+} else if (name.equalsIgnoreCase(STRICT_AUTH_ONLY_MODE.name)) {
 mode = STRICT_AUTH_ONLY_MODE;
-else
+} else {
 throw new IllegalStateException("Unknown mode, must be one of: 
strict, authOnly, strictAuthOnly");
+}
 return mode;
 }
 
-private AllRolesMode(String name)
-{
+private AllRolesMode(String name) {
 this.name = name;
 }
 
 @Override
-public boolean equals(Object o)
-{
+public boolean equals(Object o) {
 boolean equals = false;
-if( o instanceof AllRolesMode )
-{
+if (o instanceof AllRolesMode) {
 AllRolesMode mode = (AllRolesMode) o;
 equals = name.equals(mode.name);
 }
 return equals;
 }
+
 @Override
-public int hashCode()
-{
+public int hashCode() {
 return name.hashCode();
 }
+
 @Override
-public String toString()
-{
+public String toString() {
 return name;
 }
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Trivial line spacing changes to align with 8.5.x / 7.0.x

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new c175df1  Trivial line spacing changes to align with 8.5.x / 7.0.x
c175df1 is described below

commit c175df1b1d141d5e160d6be535074fe822d12308
Author: Mark Thomas 
AuthorDate: Tue Dec 17 22:15:14 2019 +

Trivial line spacing changes to align with 8.5.x / 7.0.x
---
 java/org/apache/catalina/realm/RealmBase.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 8c3df99..62f5b8e 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -16,7 +16,6 @@
  */
 package org.apache.catalina.realm;
 
-
 import java.beans.PropertyChangeListener;
 import java.beans.PropertyChangeSupport;
 import java.io.IOException;
@@ -149,7 +148,6 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 
 // - Properties
 
-
 /**
  * @return The HTTP status code used when the container needs to issue an
  * HTTP redirect to meet the requirements of a configured transport
@@ -368,6 +366,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 }
 }
 
+
 /**
  * Try to authenticate with the specified username, which
  * matches the digest calculated using the given parameters using the


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch master updated: Refactor JMX remote RMI registry creation

2019-12-17 Thread Rémy Maucherat 
On Tue, Dec 17, 2019 at 10:10 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Rémy,
>
> On 11/14/19 07:39, r...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git
> > repository.
> >
> > remm pushed a commit to branch master in repository
> > https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this
> > push: new 1fc9f58  Refactor JMX remote RMI registry creation
> > 1fc9f58 is described below
> >
> > commit 1fc9f589dbdd8295cf313b2667ab041c425f99c3 Author: remm
> >  AuthorDate: Thu Nov 14 13:39:31 2019 +0100
> >
> > Refactor JMX remote RMI registry creation
>
> I think modern JVMs do everything the JmxRemoteLifecycleListener has
> been doing for us for a while. Maybe it's time to remove it?
>
> It's version-dependent (and everyone I know is still stuck on 1.8 or
> lower), but perhaps we should just get rid of all this cruft and
> replace it with JVM-supported configuration, at least in newer
> versions of Tomcat.
>
>   -Dcom.sun.management.jmxremote.port
>   -Dcom.sun.management.jmxremote.rmi.port
>
> Source:
> https://docs.oracle.com/javase/9/management/monitoring-and-management-us
> ing-jmx-technology.htm#JSMGM-GUID-F08985BB-629A-4FBF-A0CB-8762DF7590E0
> 
>
> If that anchor doesn't work after a while, or for other versions of
> Java, it's the section titled "Remote Monitoring and Management".
>
> This handles the ports. If you need to use a hostname other than
> 127.0.0.1 or whatever "localhost" ends up being on the server (say,
> because you are connecting through an encrypted tunnel), then you can se
> t:
>
>   -Djava.rmi.server.hostname
>
> This basically re-writes the hostname put into the RMI stubs sent to
> the JMX client. Note that whatever you use is JVM-wide and so it must
> make sense to both clients operating on the server AND on the
> remote-client (which may be tricky).
>

The main usefulness of the listener was to configure the bind address, so
it seems it would be covered. The SSL configuration could be nicer too, to
some extent.


>
> This is one of many reasons I always recommend against using JMX
> directly for monitoring. It's much, much easier to use the
> JMXProxyServlet to traverse firewalls, etc. It's nice to see that JVMs
> are now supporting real authentication systems (e.g. LADP,
> client-TLS-cert, etc.) but it's a little too late for that IMHO.
>

Well, you have jolokia for you then ;)

Rémy


>
> You can also set the binding interface with:
>
>   -Dcom.sun.management.jmxremote.host
>
> That should accept anything you can give to
> InetAddress.getByName()[1]. This isn't documented anywhere in the
> "Monitoring and Management Using JMX Technology" page for some reason,
> but it's there in the code.
>
> Note that:
>
>   -Dcom.sun.management.jmxremote
>
> ... is no longer necessary
>
> (Note that I haven't actually tried any of this myself yet.)
>
> Am I correct that modern JVMs no longer require the
> JmxRemoteLivecycleListener?
>
> - -chris
>
> [1] I had a bear of a time finding this:
> https://bugs.openjdk.java.net/browse/JDK-6425769
>
> http://mail.openjdk.java.net/pipermail/hotspot-dev/2015-November/020717.
> html
> 
>
> > --- .../mbeans/JmxRemoteLifecycleListener.java | 65
> > -- webapps/docs/changelog.xml
> > |  7 +++ 2 files changed, 56 insertions(+), 16 deletions(-)
> >
> > diff --git
> > a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
> > b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
> > index 3e472d0..77a785d 100644 ---
> > a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
> > +++
> > b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
> > @@ -25,10 +25,11 @@ import java.net.MalformedURLException; import
> > java.net.ServerSocket; import java.net.Socket; import
> > java.net.UnknownHostException; +import java.rmi.AccessException;
> > import java.rmi.AlreadyBoundException; +import
> > java.rmi.NotBoundException; +import java.rmi.Remote; import
> > java.rmi.RemoteException; -import
> > java.rmi.registry.LocateRegistry; -import
> > java.rmi.registry.Registry; import
> > java.rmi.server.RMIClientSocketFactory; import
> > java.rmi.server.RMIServerSocketFactory; import java.util.HashMap;
> > @@ -417,18 +418,6 @@ public class JmxRemoteLifecycleListener
> > extends SSLHostConfig implements Lifecyc RMIClientSocketFactory
> > registryCsf, RMIServerSocketFactory registrySsf,
> > RMIClientSocketFactory serverCsf, RMIServerSocketFactory serverSsf)
> > {
> >
> > -// Create the RMI registry -Registry registry; -
> > try { -registry = LocateRegistry.createRegistry( -
> > theRmiRegist

[Bug 64013] build.xml "release" target fails due to JavaDoc warnings

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64013

Mark Thomas  changed:

   What|Removed |Added

 OS||All

--- Comment #1 from Mark Thomas  ---
We'll get this fixed (we're aiming to get the release builds working with all
Java versions from the minimum required for each Tomcat version to whatever the
latest is - 14 early access as I write this).

Just for the record, the Tomcat 8.5.x releases are built with Java 7 which is
less strict which is why this wasn't spotted during the release.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64013] New: build.xml "release" target fails due to JavaDoc warnings

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64013

Bug ID: 64013
   Summary: build.xml "release" target fails due to JavaDoc
warnings
   Product: Tomcat 8
   Version: 8.5.50
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Packaging
  Assignee: dev@tomcat.apache.org
  Reporter: stanc...@hotmail.com
  Target Milestone: 

Trying to build TC 8.5.50 from source using "release" ant target fails with due
to JavaDoc warnings on src\java\org\apache\catalina\realm\RealmBase.java:

  [javadoc] Loading source files for package org.apache.tomcat.jdbc.pool...
  [javadoc] Loading source files for package
org.apache.tomcat.jdbc.pool.interceptor...
  [javadoc] Loading source files for package org.apache.tomcat.jdbc.pool.jmx...
  [javadoc] Constructing Javadoc information...
  [javadoc] Standard Doclet version 1.8.0_232
  [javadoc] Building tree for all the packages and classes...
  [javadoc] D:\work\My
Projects\java\Tomcat\8.5.50-src\output\dist\src\java\org\apache\catalina\realm\RealmBase.java:1253:
warning: no @param for username
  [javadoc] protected Principal getPrincipal(String username,
  [javadoc] ^
  [javadoc] D:\work\My
Projects\java\Tomcat\8.5.50-src\output\dist\src\java\org\apache\catalina\realm\RealmBase.java:1253:
warning: no @param for gssCredential
  [javadoc] protected Principal getPrincipal(String username,
  [javadoc] ^
  [javadoc] D:\work\My
Projects\java\Tomcat\8.5.50-src\output\dist\src\java\org\apache\catalina\realm\RealmBase.java:1253:
warning: no @return
  [javadoc] protected Principal getPrincipal(String username,
  [javadoc] ^
  [javadoc] Building index for all the packages and classes...
  [javadoc] Building index for all classes...
  [javadoc] Generating D:\work\My
Projects\java\Tomcat\8.5.50-src\output\dist\webapps\docs\api\help-doc.html...
  [javadoc] 3 warnings

BUILD FAILED
D:\work\My Projects\java\Tomcat\8.5.50-src\build.xml:2010: Javadoc issued
warnings.

Total time: 2 minutes 10 seconds

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64005] NullPointerException in Tomcat 8.5.50 from java.util.zip.ZipFile.getEntry

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64005

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #7 from Mark Thomas  ---
Fixed in:
- master for 9.0.31 onwards
- 8.5.x for 8.5.51 onwards

7.0.x was not affected.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64005 avoid NPE

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 60ee3d6  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64005 
avoid NPE
60ee3d6 is described below

commit 60ee3d6e923aa60d622be550858ce4ceb136de24
Author: Mark Thomas 
AuthorDate: Tue Dec 17 21:51:08 2019 +

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64005 avoid NPE

Avoid the NPE when working with the URL for the root of a packed WAR
---
 java/org/apache/catalina/webresources/CachedResource.java | 10 ++
 webapps/docs/changelog.xml|  5 +
 2 files changed, 15 insertions(+)

diff --git a/java/org/apache/catalina/webresources/CachedResource.java 
b/java/org/apache/catalina/webresources/CachedResource.java
index 58247a8..712a463 100644
--- a/java/org/apache/catalina/webresources/CachedResource.java
+++ b/java/org/apache/catalina/webresources/CachedResource.java
@@ -26,6 +26,7 @@ import java.net.URLConnection;
 import java.net.URLStreamHandler;
 import java.security.Permission;
 import java.security.cert.Certificate;
+import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
 import java.util.jar.Manifest;
 
@@ -557,5 +558,14 @@ public class CachedResource implements WebResource {
 public JarFile getJarFile() throws IOException {
 return ((JarURLConnection) 
resourceURL.openConnection()).getJarFile();
 }
+
+@Override
+public JarEntry getJarEntry() throws IOException {
+if (getEntryName() == null) {
+return null;
+} else {
+return super.getJarEntry();
+}
+}
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ca53ee8..b9e116e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -69,6 +69,11 @@
 config. (isapir/markt)
   
   
+64005: Correct a regression in the static resource caching
+changes introduced in 8.5.28. Avoid a NullPointerException
+when working with the URL provided for the root of a packed WAR. 
(markt)
+  
+  
 64008: Clarify/expand the Javadoc for the
 Tomcat#addWebapp() and related methods. (markt)
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64005 avoid NPE

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 2f51425  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64005 
avoid NPE
2f51425 is described below

commit 2f514255fc0032786de3a12fb3656c76c9c7e457
Author: Mark Thomas 
AuthorDate: Tue Dec 17 21:51:08 2019 +

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64005 avoid NPE

Avoid the NPE when working with the URL for the root of a packed WAR
---
 java/org/apache/catalina/webresources/CachedResource.java | 10 ++
 webapps/docs/changelog.xml|  5 +
 2 files changed, 15 insertions(+)

diff --git a/java/org/apache/catalina/webresources/CachedResource.java 
b/java/org/apache/catalina/webresources/CachedResource.java
index 58247a8..712a463 100644
--- a/java/org/apache/catalina/webresources/CachedResource.java
+++ b/java/org/apache/catalina/webresources/CachedResource.java
@@ -26,6 +26,7 @@ import java.net.URLConnection;
 import java.net.URLStreamHandler;
 import java.security.Permission;
 import java.security.cert.Certificate;
+import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
 import java.util.jar.Manifest;
 
@@ -557,5 +558,14 @@ public class CachedResource implements WebResource {
 public JarFile getJarFile() throws IOException {
 return ((JarURLConnection) 
resourceURL.openConnection()).getJarFile();
 }
+
+@Override
+public JarEntry getJarEntry() throws IOException {
+if (getEntryName() == null) {
+return null;
+} else {
+return super.getJarEntry();
+}
+}
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 242a34c..f69a971 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -56,6 +56,11 @@
 in JNDIRealm. (remm)
   
   
+64005: Correct a regression in the static resource caching
+changes introduced in 9.0.28. Avoid a NullPointerException
+when working with the URL provided for the root of a packed WAR. 
(markt)
+  
+  
 64006: Provide default configuration source based on the
 current directory if none has been set, for full compatibility with
 existing code. (remm)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch master updated: Refactor JMX remote RMI registry creation

2019-12-17 Thread Mark Thomas 
On 17/12/2019 21:10, Christopher Schultz wrote:
> Rémy,
> 
> On 11/14/19 07:39, r...@apache.org wrote:
>> This is an automated email from the ASF dual-hosted git
>> repository.
> 
>> remm pushed a commit to branch master in repository
>> https://gitbox.apache.org/repos/asf/tomcat.git
> 
> 
>> The following commit(s) were added to refs/heads/master by this
>> push: new 1fc9f58  Refactor JMX remote RMI registry creation 
>> 1fc9f58 is described below
> 
>> commit 1fc9f589dbdd8295cf313b2667ab041c425f99c3 Author: remm
>>  AuthorDate: Thu Nov 14 13:39:31 2019 +0100
> 
>> Refactor JMX remote RMI registry creation
> 
> I think modern JVMs do everything the JmxRemoteLifecycleListener has
> been doing for us for a while. Maybe it's time to remove it?

Pressing the delete key is my favourite form of refactoring ;) so +1

This looks like another entry for the TOMCAT-NEXT.txt file to me.
Something along the lines of:
 - remove it in 10
 - deprecate in Tomcat < 10
 - rewrite the JMX docs to reference the JVM provided features in all
   versions

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64005] NullPointerException in Tomcat 8.5.50 from java.util.zip.ZipFile.getEntry

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64005

Mark Thomas  changed:

   What|Removed |Added

 Status|NEEDINFO|NEW

--- Comment #6 from Mark Thomas  ---
I can reproduce this will the following test.jsp in a packed WAR file:

===start===
<%= ((java.net.JarURLConnection)
application.getResource("/").openConnection()).getJarEntry() %>
===end===

It is almost certainly related to the changes made to URLs for cached
resources.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch master updated: Refactor JMX remote RMI registry creation

2019-12-17 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Rémy,

On 11/14/19 07:39, r...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
> 
> remm pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
> 
> 
> The following commit(s) were added to refs/heads/master by this
> push: new 1fc9f58  Refactor JMX remote RMI registry creation 
> 1fc9f58 is described below
> 
> commit 1fc9f589dbdd8295cf313b2667ab041c425f99c3 Author: remm
>  AuthorDate: Thu Nov 14 13:39:31 2019 +0100
> 
> Refactor JMX remote RMI registry creation

I think modern JVMs do everything the JmxRemoteLifecycleListener has
been doing for us for a while. Maybe it's time to remove it?

It's version-dependent (and everyone I know is still stuck on 1.8 or
lower), but perhaps we should just get rid of all this cruft and
replace it with JVM-supported configuration, at least in newer
versions of Tomcat.

  -Dcom.sun.management.jmxremote.port
  -Dcom.sun.management.jmxremote.rmi.port

Source:
https://docs.oracle.com/javase/9/management/monitoring-and-management-us
ing-jmx-technology.htm#JSMGM-GUID-F08985BB-629A-4FBF-A0CB-8762DF7590E0

If that anchor doesn't work after a while, or for other versions of
Java, it's the section titled "Remote Monitoring and Management".

This handles the ports. If you need to use a hostname other than
127.0.0.1 or whatever "localhost" ends up being on the server (say,
because you are connecting through an encrypted tunnel), then you can se
t:

  -Djava.rmi.server.hostname

This basically re-writes the hostname put into the RMI stubs sent to
the JMX client. Note that whatever you use is JVM-wide and so it must
make sense to both clients operating on the server AND on the
remote-client (which may be tricky).

This is one of many reasons I always recommend against using JMX
directly for monitoring. It's much, much easier to use the
JMXProxyServlet to traverse firewalls, etc. It's nice to see that JVMs
are now supporting real authentication systems (e.g. LADP,
client-TLS-cert, etc.) but it's a little too late for that IMHO.

You can also set the binding interface with:

  -Dcom.sun.management.jmxremote.host

That should accept anything you can give to
InetAddress.getByName()[1]. This isn't documented anywhere in the
"Monitoring and Management Using JMX Technology" page for some reason,
but it's there in the code.

Note that:

  -Dcom.sun.management.jmxremote

... is no longer necessary

(Note that I haven't actually tried any of this myself yet.)

Am I correct that modern JVMs no longer require the
JmxRemoteLivecycleListener?

- -chris

[1] I had a bear of a time finding this:
https://bugs.openjdk.java.net/browse/JDK-6425769

http://mail.openjdk.java.net/pipermail/hotspot-dev/2015-November/020717.
html

> --- .../mbeans/JmxRemoteLifecycleListener.java | 65
> -- webapps/docs/changelog.xml
> |  7 +++ 2 files changed, 56 insertions(+), 16 deletions(-)
> 
> diff --git
> a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
> b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 
> index 3e472d0..77a785d 100644 ---
> a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 
> +++
> b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 
> @@ -25,10 +25,11 @@ import java.net.MalformedURLException; import
> java.net.ServerSocket; import java.net.Socket; import
> java.net.UnknownHostException; +import java.rmi.AccessException; 
> import java.rmi.AlreadyBoundException; +import
> java.rmi.NotBoundException; +import java.rmi.Remote; import
> java.rmi.RemoteException; -import
> java.rmi.registry.LocateRegistry; -import
> java.rmi.registry.Registry; import
> java.rmi.server.RMIClientSocketFactory; import
> java.rmi.server.RMIServerSocketFactory; import java.util.HashMap; 
> @@ -417,18 +418,6 @@ public class JmxRemoteLifecycleListener
> extends SSLHostConfig implements Lifecyc RMIClientSocketFactory
> registryCsf, RMIServerSocketFactory registrySsf, 
> RMIClientSocketFactory serverCsf, RMIServerSocketFactory serverSsf)
> {
> 
> -// Create the RMI registry -Registry registry; -
> try { -registry = LocateRegistry.createRegistry( -
> theRmiRegistryPort, registryCsf, registrySsf); -} catch
> (RemoteException e) { -log.error(sm.getString( -
> "jmxRemoteLifecycleListener.createRegistryFailed", -
> serverName, Integer.toString(theRmiRegistryPort)), e); -
> return null; -} - if (bindAddress == null) { bindAddress =
> "localhost"; } @@ -449,11 +438,20 @@ public class
> JmxRemoteLifecycleListener extends SSLHostConfig implements
> Lifecyc cs = new RMIConnectorServer(serviceUrl, theEnv, server, 
> ManagementFactory.getPlatformMBeanServer()); cs.start(); -
> registry.bind("jmxrmi", server.toStub()); +Remote
> jmxServer = server.toStub(); +// Create the RMI
> registry +try { +new
> JmxRegistry(th

[tomcat] branch master updated: Trivial code formatting

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 65bf0db  Trivial code formatting
65bf0db is described below

commit 65bf0dba83cde35bdf39629c300d5a113bcca5dd
Author: Mark Thomas 
AuthorDate: Tue Dec 17 20:33:39 2019 +

Trivial code formatting
---
 java/org/apache/catalina/startup/Tomcat.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/startup/Tomcat.java 
b/java/org/apache/catalina/startup/Tomcat.java
index 3fc878f..43693a0 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -748,8 +748,9 @@ public class Tomcat {
 ctx.setPath(contextPath);
 ctx.setDocBase(docBase);
 
-if (addDefaultWebXmlToWebapp)
+if (addDefaultWebXmlToWebapp) {
 ctx.addLifecycleListener(getDefaultWebXmlListener());
+}
 
 ctx.setConfigFile(getWebappConfigFile(docBase, contextPath));
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 0350885  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008
0350885 is described below

commit 0350885f9f800f9fb17223a50b9f7e92ba228d7a
Author: Mark Thomas 
AuthorDate: Tue Dec 17 20:45:55 2019 +

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

Improve Javadocs for addWebapp. Also back-port BZ 62755.
---
 java/org/apache/catalina/startup/Tomcat.java | 137 ---
 webapps/docs/changelog.xml   |  11 +++
 2 files changed, 113 insertions(+), 35 deletions(-)

diff --git a/java/org/apache/catalina/startup/Tomcat.java 
b/java/org/apache/catalina/startup/Tomcat.java
index ea2db1c..9a5a8d6 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -110,12 +110,17 @@ import org.apache.tomcat.util.res.StringManager;
  * this class.
  *
  * 
- * This class provides a set of convenience methods for configuring webapp
- * contexts, all overloads of the method addWebapp. These methods
- * create a webapp context, configure it, and then add it to a {@link Host}.
- * They do not use a global default web.xml; rather, they add a lifecycle
- * listener that adds the standard DefaultServlet, JSP processing, and welcome
- * files.
+ * This class provides a set of convenience methods for configuring web
+ * application contexts; all overloads of the method addWebapp().
+ * These methods are equivalent to adding a web application to the Host's
+ * appBase (normally the webapps directory). These methods create a Context,
+ * configure it with the equivalent of the defaults provided by
+ * conf/web.xml (see {@link #initWebappDefaults(String)} for
+ * details) and add the Context to a Host. These methods do not use a global
+ * default web.xml; rather, they add a {@link LifecycleListener} to configure
+ * the defaults. Any WEB-INF/web.xml and META-INF/context.xml packaged with the
+ * application will be processed normally. Normal web fragment and
+ * {@link javax.servlet.ServletContainerInitializer} processing will be 
applied.
  *
  * 
  * In complex cases, you may prefer to use the ordinary Tomcat API to create
@@ -187,6 +192,8 @@ public class Tomcat {
 private final Map userPrincipals =
 new HashMap();
 
+private boolean addDefaultWebXmlToWebapp = true;
+
 public Tomcat() {
 ExceptionUtils.preload();
 }
@@ -229,17 +236,22 @@ public class Tomcat {
 hostname = s;
 }
 
+
 /**
- * This is equivalent to adding a web application to Tomcat's webapps
- * directory. The equivalent of the default web.xml will be applied  to the
- * web application and any WEB-INF/web.xml and META-INF/context.xml 
packaged
- * with the application will be processed normally. Normal web fragment and
- * {@link javax.servlet.ServletContainerInitializer} processing will be
- * applied.
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDefaultWebXmlToWebapp(boolean)} with {@code false}. Any
+ * WEB-INF/web.xml and META-INF/context.xml
+ * packaged with the application will always be processed and normal web
+ * fragment and {@link javax.servlet.ServletContainerInitializer} 
processing
+ * will always be applied.
  *
  * @param contextPath The context mapping to use, "" for root context.
- * @param docBase Base directory for the context, for static files.
- *  Must exist, relative to the server home
+ * @param docBase Base directory for the context, for static files. 
Must
+ *exist, relative to the server home
+ *
  * @return the deployed context
  */
 public Context addWebapp(String contextPath, String docBase) {
@@ -505,7 +517,7 @@ public class Tomcat {
 }
 
 // --- Extra customization ---
-// You can tune individual tomcat objects, using internal APIs
+// You can tune individual Tomcat objects, using internal APIs
 
 /**
  * Get the default http connector. You can set more
@@ -663,19 +675,30 @@ public class Tomcat {
 return ctx;
 }
 
+
 /**
- * @param host The host in which the context will be deployed
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDe

[Bug 64008] Tomcat ignores default web.xml and falls back to hard-coded defaults

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #5 from Mark Thomas  ---
Javadoc updated in:
- master for 9.0.31 onwards
- 8.5.x for 8.5.51 onwards
- 7.0.x for 7.0.100 onwards

I also back-ported the enhancement in 62755 to 8.5.x and 7.0.x.

With the current API in 8.5.x, if you don't want the JSP servlet then one
option is to use addContext() and configure everything manually. Further help
and advice is available via the users mailing list if required.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 9babe92  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008
9babe92 is described below

commit 9babe9200a131f145c3016604e1eb9e5ad4958a0
Author: Mark Thomas 
AuthorDate: Tue Dec 17 20:43:46 2019 +

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

Improve Javadocs for addWebapp. Also back-port BZ 62755.
---
 java/org/apache/catalina/startup/Tomcat.java | 136 ---
 webapps/docs/changelog.xml   |  11 +++
 2 files changed, 113 insertions(+), 34 deletions(-)

diff --git a/java/org/apache/catalina/startup/Tomcat.java 
b/java/org/apache/catalina/startup/Tomcat.java
index 5faac9d..fd2b223 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -111,12 +111,17 @@ import org.apache.tomcat.util.res.StringManager;
  * this class.
  *
  * 
- * This class provides a set of convenience methods for configuring webapp
- * contexts, all overloads of the method addWebapp. These methods
- * create a webapp context, configure it, and then add it to a {@link Host}.
- * They do not use a global default web.xml; rather, they add a lifecycle
- * listener that adds the standard DefaultServlet, JSP processing, and welcome
- * files.
+ * This class provides a set of convenience methods for configuring web
+ * application contexts; all overloads of the method addWebapp().
+ * These methods are equivalent to adding a web application to the Host's
+ * appBase (normally the webapps directory). These methods create a Context,
+ * configure it with the equivalent of the defaults provided by
+ * conf/web.xml (see {@link #initWebappDefaults(String)} for
+ * details) and add the Context to a Host. These methods do not use a global
+ * default web.xml; rather, they add a {@link LifecycleListener} to configure
+ * the defaults. Any WEB-INF/web.xml and META-INF/context.xml packaged with the
+ * application will be processed normally. Normal web fragment and
+ * {@link javax.servlet.ServletContainerInitializer} processing will be 
applied.
  *
  * 
  * In complex cases, you may prefer to use the ordinary Tomcat API to create
@@ -166,6 +171,8 @@ public class Tomcat {
 private final Map> userRoles = new HashMap<>();
 private final Map userPrincipals = new HashMap<>();
 
+private boolean addDefaultWebXmlToWebapp = true;
+
 public Tomcat() {
 ExceptionUtils.preload();
 }
@@ -210,17 +217,22 @@ public class Tomcat {
 hostname = s;
 }
 
+
 /**
- * This is equivalent to adding a web application to Tomcat's webapps
- * directory. The equivalent of the default web.xml will be applied  to the
- * web application and any WEB-INF/web.xml and META-INF/context.xml 
packaged
- * with the application will be processed normally. Normal web fragment and
- * {@link javax.servlet.ServletContainerInitializer} processing will be
- * applied.
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDefaultWebXmlToWebapp(boolean)} with {@code false}. Any
+ * WEB-INF/web.xml and META-INF/context.xml
+ * packaged with the application will always be processed and normal web
+ * fragment and {@link javax.servlet.ServletContainerInitializer} 
processing
+ * will always be applied.
  *
  * @param contextPath The context mapping to use, "" for root context.
- * @param docBase Base directory for the context, for static files.
- *  Must exist, relative to the server home
+ * @param docBase Base directory for the context, for static files. 
Must
+ *exist, relative to the server home
+ *
  * @return the deployed context
  */
 public Context addWebapp(String contextPath, String docBase) {
@@ -476,7 +488,7 @@ public class Tomcat {
 }
 
 // --- Extra customization ---
-// You can tune individual tomcat objects, using internal APIs
+// You can tune individual Tomcat objects, using internal APIs
 
 /**
  * Get the default http connector. You can set more
@@ -643,13 +655,24 @@ public class Tomcat {
 return ctx;
 }
 
+
 /**
- * @param host The host in which the context will be deployed
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be

Re: Proposed plan for Tomcat 10

2019-12-17 Thread Rémy Maucherat 
On Tue, Dec 17, 2019 at 7:12 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>
> On 12/16/19 11:45, Rémy Maucherat wrote:
> > On Mon, Dec 16, 2019 at 5:38 PM Mark Thomas  > > wrote:
> >
> > On 16/12/2019 15:37, Rémy Maucherat wrote:
> >
> > 
> >
> >> Do you plan to create the 9.10 branch at the same time ? If you
> >> don't create it immediately to keep it in sync with 10, it would
> >> need to be recreated later using a jakarta->javax rename.
> >
> > I was planning on creating it later and using Git to revert the
> > javax -> jakarta commits as I thought that would be less work.
> >
> >
> > Works for me.
> >
> >
> >
> >> I was thinking about that tool and the possibilities, but not
> >> sure
> > about
> >> the location. There's always the "modules" ...
> >
> > I thought about that. It just seems a bit more stand-alone that a
> > module. There is also the possibility that it could expand to cover
> > the full range of javax -> jakarta conversions rather than
> > (currently) just the specs Tomcat implements.
> >
> >
> > Ok, other projects could need the tool, such as TomEE and
> > Meecrowave (with more specs needed) but I have no idea what their
> > plan is. I did a sweep to find any discussions here and elsewhere
> > but there's almost nothing right now.
>
> How about end-users? I could imagine this tool being useful to migrate
> an *application* from Tomcat [789].x to Tomcat 10 (or 9.10).
>

To add to Mark's post, for example, TomEE users have EE apps that use javax
APIs, same problem as for a Tomcat user but they're using a lot more APIs.
At the moment we don't know what solution they plan to provide, I guess
they're not in a hurry to migrate to EE 9 ;)

Rémy


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl35Go8ACgkQHPApP6U8
> pFjdgw/9GcVlZ2Yd7yGMXj7x4QGjNIUy5ACBEzx1ZX3pqFd+9thI+jQu1MmMi9ED
> Im4JDBxsA8VEtj1igepp/luCyjFNfDrTeAoTnNL8oniEpxoTPQFyFxrA8SRPbT6v
> xSsvFcqI7iVDhzHR0ULqhQS0aYovoxruNAzXSk332rgDEVPBMxQScw/Lm6usL45K
> OJvDZQAK10tNLcfLHdxpDH/40xvhHGbwL9RbDIKBAetJt2ngjUaD+uODUyniIqr+
> mUpb7u+usybYfPG/WHySKcJxRvStGhQVrMAVIlYulVpV3NqZ0Dj5d4RdnCLUEdq8
> gYe+5/tKbPU6OtmBG6fXDRzfp0amGoMTquvnOezV1y3oKty0ohhLBz3o9pxde0P7
> 1OvxaQFnijUa7Py0iPyaNYexuzwhPKo8+eWavc0GQnugzEUUSxyOsWA0E9jxUWK5
> kBioT4b3yRQ3cDB/xXdMxzndBtBFcY328NndDt9YkqmI6+VgiuDds8Q8vw/O7zGO
> dvgHbT9B3Kbv/Pkjkulufis6mZGlQI0YmF+2IIvIXp4L/44auY10MxfW1EW5DD0n
> Evc6BkawGbkZBWjxlNIIf2+rfwCX/jKhhsq6K2sXcgVcvV1Lgtgtpvd3Ars/SUI8
> c63oiDmY0Y/xB5PPK4DIkZoyMjdi6JjWcyTMt5lcbe/COzM74Iw=
> =wLjV
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Proposed plan for Tomcat 10

2019-12-17 Thread Mark Thomas 
On 17/12/2019 18:12, Christopher Schultz wrote:



> How about end-users? I could imagine this tool being useful to migrate
> an *application* from Tomcat [789].x to Tomcat 10 (or 9.10).

I'm expecting end-users to be the primary users of this tool. A little
further down the road I can see us asking users to test it out and
report failures they discover so we can refine it.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Proposed plan for Tomcat 10

2019-12-17 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 12/16/19 11:45, Rémy Maucherat wrote:
> On Mon, Dec 16, 2019 at 5:38 PM Mark Thomas  > wrote:
> 
> On 16/12/2019 15:37, Rémy Maucherat wrote:
> 
> 
> 
>> Do you plan to create the 9.10 branch at the same time ? If you
>> don't create it immediately to keep it in sync with 10, it would
>> need to be recreated later using a jakarta->javax rename.
> 
> I was planning on creating it later and using Git to revert the
> javax -> jakarta commits as I thought that would be less work.
> 
> 
> Works for me.
> 
> 
> 
>> I was thinking about that tool and the possibilities, but not
>> sure
> about
>> the location. There's always the "modules" ...
> 
> I thought about that. It just seems a bit more stand-alone that a 
> module. There is also the possibility that it could expand to cover
> the full range of javax -> jakarta conversions rather than
> (currently) just the specs Tomcat implements.
> 
> 
> Ok, other projects could need the tool, such as TomEE and
> Meecrowave (with more specs needed) but I have no idea what their
> plan is. I did a sweep to find any discussions here and elsewhere
> but there's almost nothing right now.

How about end-users? I could imagine this tool being useful to migrate
an *application* from Tomcat [789].x to Tomcat 10 (or 9.10).

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl35Go8ACgkQHPApP6U8
pFjdgw/9GcVlZ2Yd7yGMXj7x4QGjNIUy5ACBEzx1ZX3pqFd+9thI+jQu1MmMi9ED
Im4JDBxsA8VEtj1igepp/luCyjFNfDrTeAoTnNL8oniEpxoTPQFyFxrA8SRPbT6v
xSsvFcqI7iVDhzHR0ULqhQS0aYovoxruNAzXSk332rgDEVPBMxQScw/Lm6usL45K
OJvDZQAK10tNLcfLHdxpDH/40xvhHGbwL9RbDIKBAetJt2ngjUaD+uODUyniIqr+
mUpb7u+usybYfPG/WHySKcJxRvStGhQVrMAVIlYulVpV3NqZ0Dj5d4RdnCLUEdq8
gYe+5/tKbPU6OtmBG6fXDRzfp0amGoMTquvnOezV1y3oKty0ohhLBz3o9pxde0P7
1OvxaQFnijUa7Py0iPyaNYexuzwhPKo8+eWavc0GQnugzEUUSxyOsWA0E9jxUWK5
kBioT4b3yRQ3cDB/xXdMxzndBtBFcY328NndDt9YkqmI6+VgiuDds8Q8vw/O7zGO
dvgHbT9B3Kbv/Pkjkulufis6mZGlQI0YmF+2IIvIXp4L/44auY10MxfW1EW5DD0n
Evc6BkawGbkZBWjxlNIIf2+rfwCX/jKhhsq6K2sXcgVcvV1Lgtgtpvd3Ars/SUI8
c63oiDmY0Y/xB5PPK4DIkZoyMjdi6JjWcyTMt5lcbe/COzM74Iw=
=wLjV
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64011] JNDIRealm no longer authenticates to LDAP

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011

--- Comment #2 from Mike Lothian  ---
I got the info from here:

https://tomcat.apache.org/tomcat-8.5-doc/config/realm.html

spnegoDelegationQop This attribute should be a comma-separated list of values
selected from auth-conf, auth-int and auth

Removing useDelegatedCredential="true" also doesn't work with 8.5.50 but does
with 8.5.49

Which debug options should be switched on?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64007] a deadlock with Poller run and cancelledKey

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64007

--- Comment #3 from Remy Maucherat  ---
Ok, so then cancelledKey should cancel the key first, and this would resolve
the "problem" as the channel close locks everything before cancelling that key
itself. This is what was done like that in 8.5 but this didn't look important.

Can you test it or give me your opinion on it ?
https://github.com/apache/tomcat/commit/9b1a8b67bffe462fc745b19e15ed59c37e2e1dcf

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64011] JNDIRealm no longer authenticates to LDAP

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64011] JNDIRealm no longer authenticates to LDAP

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011

Michael Osipov  changed:

   What|Removed |Added

 OS||All

--- Comment #1 from Michael Osipov  ---
The error is pretty obvious, the credentials aren't delegated but you have set
useDelegatedCredential="true". Moreover, spnegoDelegationQop="auth" is invalid.
According to the RFC 4752 it must be either auth-int or auth-conf. Can you
enable debug logging? I want to see it from here:
https://github.com/apache/tomcat/blob/8.5.x/java/org/apache/catalina/realm/RealmBase.java#L474-L509

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: 64007: Cancel selection key before wrapper close

2019-12-17 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 9b1a8b6  64007: Cancel selection key before wrapper close
9b1a8b6 is described below

commit 9b1a8b67bffe462fc745b19e15ed59c37e2e1dcf
Author: remm 
AuthorDate: Tue Dec 17 15:12:39 2019 +0100

64007: Cancel selection key before wrapper close

Due to NIO intricacies, this could cause a deadlock. At least that's
what the traces in the BZ seem to show, when the wrapper close would
sync on a lot of objects and then attempt to cancel a key, which would
lock the poller which routinely does the same sync internally to
manipulate keys. Canceling the key first without sync as it was done in
8.5 should work.
---
 java/org/apache/tomcat/util/net/NioEndpoint.java | 14 ++
 webapps/docs/changelog.xml   |  4 
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java 
b/java/org/apache/tomcat/util/net/NioEndpoint.java
index 67f02a7..9a70075 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -666,25 +666,23 @@ public class NioEndpoint extends 
AbstractJsseEndpoint
 
 public void cancelledKey(SelectionKey sk, 
SocketWrapperBase socketWrapper) {
 try {
-if (socketWrapper != null) {
-socketWrapper.close();
-}
+// If is important to cancel the key first, otherwise a 
deadlock may occur between the
+// poller select and the socket channel close which would 
cancel the key
 if (sk != null) {
 sk.attach(null);
 if (sk.isValid()) {
 sk.cancel();
 }
-// The SocketChannel is also available via the 
SelectionKey. If
-// it hasn't been closed in the block above, close it now.
-if (sk.channel().isOpen()) {
-sk.channel().close();
-}
 }
 } catch (Throwable e) {
 ExceptionUtils.handleThrowable(e);
 if (log.isDebugEnabled()) {
 log.error(sm.getString("endpoint.debug.channelCloseFail"), 
e);
 }
+} finally {
+if (socketWrapper != null) {
+socketWrapper.close();
+}
 }
 }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ceea555..242a34c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -81,6 +81,10 @@
 via the new SSLHostConfig and
 SSLHostConfigCertificate elements. (markt)
   
+  
+64007: Cancel selection key in poller before wrapper close 
to
+avoid possible deadlock. (remm)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64011] New: JNDIRealm no longer authenticates to LDAP

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64011

Bug ID: 64011
   Summary: JNDIRealm no longer authenticates to LDAP
   Product: Tomcat 8
   Version: 8.5.50
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: m...@fireburn.co.uk
  Target Milestone: 

This works in 8.5.49 and stops working in 8.5.50

jaas.conf:

ORDS {
   com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
principal="HTTP/compu...@realm.com"
useKeyTab=true
keyTab="krb5.keytab"
storeKey=true;
};

ords.xml:



  
 ldap://ldap1:3268";
   alternateURL="ldap://ldap2:3268";
   userSearch="(sAMAccountName={0})"
   userBase="DC=realm,DC=com"
   userSubtree="true"
   roleSearch="(member={0})"
   roleBase="DC=realm,DC=com"
   roleName="CN"
   roleSubtree="true"
   allRolesMode="authOnly"
   spnegoDelegationQop="auth"
   stripRealmForGss="true"
   authentication="none"
   referrals="ignore"
   useDelegatedCredential="true"
 />


This now gives the following error:

17-Dec-2019 13:16:30.754 SEVERE [https-jsse-nio-10843-exec-3]
org.apache.catalina.realm.JNDIRealm.getPrincipal Exception performing
authentication
javax.naming.NamingException: [LDAP: error code 1 - 04DC: LdapErr:
DSID-0C090A4C, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v3839 ]; remaining name
'DC=realm,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1693)
at
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1528)
at
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1456)
at
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2354)
at
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2280)
at
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2260)
at
org.apache.catalina.realm.RealmBase.getPrincipal(RealmBase.java:1283)
at
org.apache.catalina.realm.RealmBase.authenticate(RealmBase.java:501)
at
org.apache.catalina.authenticator.SpnegoAuthenticator$AuthenticateAction.run(SpnegoAuthenticator.java:344)
at
org.apache.catalina.authenticator.SpnegoAuthenticator$AuthenticateAction.run(SpnegoAuthenticator.java:329)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at
org.apache.catalina.authenticator.SpnegoAuthenticator.doAuthenticate(SpnegoAuthenticator.java:243)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:633)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

[Bug 64007] a deadlock with Poller run and cancelledKey

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64007

--- Comment #2 from echo  ---
but, in my opinion. just the NioEndpoint$Poller.cancelledKey and
NioEndpoint$Poller.run may cause the deadlock.  Poller.run finally call
AbstractSelector.cancel and Poller.cancelledKey finally call
AbstractSelector.deregister. The two method all need the conditions keyLock and
cancelledKeys.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add a few things to the Tomcat 10 list since it is approaching fast

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 20f18f991ecc675abad83494fda94bae30cc8f9a
Author: Mark Thomas 
AuthorDate: Mon Dec 16 20:55:03 2019 +

Add a few things to the Tomcat 10 list since it is approaching fast
---
 TOMCAT-NEXT.txt | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/TOMCAT-NEXT.txt b/TOMCAT-NEXT.txt
index 9400227..4bf4b5f 100644
--- a/TOMCAT-NEXT.txt
+++ b/TOMCAT-NEXT.txt
@@ -59,5 +59,8 @@ New items for 10.0.x onwards:
 
 10. BZ 63286. Make behaviour of %D and %T consistent with httpd.
 
-11. Refactor DefaultServlet to use Ranges in parseRanges()
+11. Refactor DefaultServlet to use Ranges in parseRanges().
 
+12. Consider disabling the AJP connector by default.
+
+13. Remove GenericPrincipal.getPassword().
\ No newline at end of file


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 84b9d1a7d516027e6734a0277fc567cf61f57e72
Author: Mark Thomas 
AuthorDate: Tue Dec 17 11:20:53 2019 +

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

Be more explicit about the expected behaviour of addWebapp rather than
relying on cross-references.
---
 java/org/apache/catalina/startup/Tomcat.java | 104 +++
 webapps/docs/changelog.xml   |   4 ++
 2 files changed, 78 insertions(+), 30 deletions(-)

diff --git a/java/org/apache/catalina/startup/Tomcat.java 
b/java/org/apache/catalina/startup/Tomcat.java
index 7230d1e..3fc878f 100644
--- a/java/org/apache/catalina/startup/Tomcat.java
+++ b/java/org/apache/catalina/startup/Tomcat.java
@@ -117,12 +117,17 @@ import org.apache.tomcat.util.res.StringManager;
  * this class.
  *
  * 
- * This class provides a set of convenience methods for configuring webapp
- * contexts, all overloads of the method addWebapp. These methods
- * create a webapp context, configure it, and then add it to a {@link Host}.
- * They do not use a global default web.xml; rather, they add a lifecycle
- * listener that adds the standard DefaultServlet, JSP processing, and welcome
- * files.
+ * This class provides a set of convenience methods for configuring web
+ * application contexts; all overloads of the method addWebapp().
+ * These methods are equivalent to adding a web application to the Host's
+ * appBase (normally the webapps directory). These methods create a Context,
+ * configure it with the equivalent of the defaults provided by
+ * conf/web.xml (see {@link #initWebappDefaults(String)} for
+ * details) and add the Context to a Host. These methods do not use a global
+ * default web.xml; rather, they add a {@link LifecycleListener} to configure
+ * the defaults. Any WEB-INF/web.xml and META-INF/context.xml packaged with the
+ * application will be processed normally. Normal web fragment and
+ * {@link javax.servlet.ServletContainerInitializer} processing will be 
applied.
  *
  * 
  * In complex cases, you may prefer to use the ordinary Tomcat API to create
@@ -221,17 +226,22 @@ public class Tomcat {
 hostname = s;
 }
 
+
 /**
- * This is equivalent to adding a web application to Tomcat's webapps
- * directory. The equivalent of the default web.xml will be applied  to the
- * web application and any WEB-INF/web.xml and META-INF/context.xml 
packaged
- * with the application will be processed normally. Normal web fragment and
- * {@link javax.servlet.ServletContainerInitializer} processing will be
- * applied.
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDefaultWebXmlToWebapp(boolean)} with {@code false}. Any
+ * WEB-INF/web.xml and META-INF/context.xml
+ * packaged with the application will always be processed and normal web
+ * fragment and {@link javax.servlet.ServletContainerInitializer} 
processing
+ * will always be applied.
  *
  * @param contextPath The context mapping to use, "" for root context.
- * @param docBase Base directory for the context, for static files.
- *  Must exist, relative to the server home
+ * @param docBase Base directory for the context, for static files. 
Must
+ *exist, relative to the server home
+ *
  * @return the deployed context
  */
 public Context addWebapp(String contextPath, String docBase) {
@@ -674,13 +684,24 @@ public class Tomcat {
 return ctx;
 }
 
+
 /**
- * @param host The host in which the context will be deployed
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDefaultWebXmlToWebapp(boolean)} with {@code false}. Any
+ * WEB-INF/web.xml and META-INF/context.xml
+ * packaged with the application will always be processed and normal web
+ * fragment and {@link javax.servlet.ServletContainerInitializer} 
processing
+ * will always be applied.
+ *
+ * @param hostThe host in which the context will be deployed
  * @param contextPath The context mapping to use, "" for root context.
- * @param docBase Base directory for the context, for static files.
- *  Must exist, relative to the server home
+ * @param docBase Base directory for the context, for static files. 
M

[tomcat] branch master updated (8eced7a -> 84b9d1a)

2019-12-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 8eced7a  Remove useless lock
 new 20f18f9  Add a few things to the Tomcat 10 list since it is 
approaching fast
 new 84b9d1a  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 TOMCAT-NEXT.txt  |   5 +-
 java/org/apache/catalina/startup/Tomcat.java | 104 +++
 webapps/docs/changelog.xml   |   4 ++
 3 files changed, 82 insertions(+), 31 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64008] Tomcat ignores default web.xml and falls back to hard-coded defaults

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

--- Comment #4 from emergency.sho...@gmail.com ---
(In reply to Mark Thomas from comment #2)
> The class level Javadoc does document that the various addWebapp methods
> configure the Default Servlet, JSP servlet etc. The LifecycleListener in
> #addWebapp(Host, String, String, LifecycleListener) is intended for
> additional configuration rather than as a complete replacement.
> 
> I'll go through the Javadoc and try and make this clearer.

Is there a documented way to safely deploy a web app in embedded Tomcat without
having the JspServlet added?

I've tried to override classes, but a mixture of static and private methods
prevented me from getting a clean implementation.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64009] Embedded Tomcat has insecure default by activating JspServlet without opt-in

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64009

--- Comment #3 from Remy Maucherat  ---
Please use the appropriate mailing list for discussion: security for security
related discussions, user for details and investigation on how to use Tomcat.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64008] Tomcat ignores default web.xml and falls back to hard-coded defaults

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

--- Comment #3 from emergency.sho...@gmail.com ---
https://bz.apache.org/bugzilla/show_bug.cgi?id=62755 seems to be a related
issue.

It seems that the provided fix did not make it into the Tomcat codebase.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64007] a deadlock with Poller run and cancelledKey

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64007

Remy Maucherat  changed:

   What|Removed |Added

 Status|NEW |NEEDINFO

--- Comment #1 from Remy Maucherat  ---
NIO deadlocks internally in your trace while trying to close multiple
independent channels.

Some of the structures that might help the deadlock, in particular the
BlockPoller, are no longer used in trunk.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64009] Embedded Tomcat has insecure default by activating JspServlet without opt-in

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64009

--- Comment #2 from emergency.sho...@gmail.com ---
I don't think that this is a duplicate of 64008.

This issue is about insecure defaults. 64008 is about how difficult (if not
impossible) it is to prevent from having these insecure defaults applied.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64008] Tomcat ignores default web.xml and falls back to hard-coded defaults

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

--- Comment #2 from Mark Thomas  ---
The class level Javadoc does document that the various addWebapp methods
configure the Default Servlet, JSP servlet etc. The LifecycleListener in
#addWebapp(Host, String, String, LifecycleListener) is intended for additional
configuration rather than as a complete replacement.

I'll go through the Javadoc and try and make this clearer.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64008] Tomcat ignores default web.xml and falls back to hard-coded defaults

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

--- Comment #1 from Remy Maucherat  ---
*** Bug 64009 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64009] Embedded Tomcat has insecure default by activating JspServlet without opt-in

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64009

Remy Maucherat  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #1 from Remy Maucherat  ---


*** This bug has been marked as a duplicate of bug 64008 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64009] New: Embedded Tomcat has insecure default by activating JspServlet without opt-in

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64009

Bug ID: 64009
   Summary: Embedded Tomcat has insecure default by activating
JspServlet without opt-in
   Product: Tomcat 8
   Version: 8.5.50
  Hardware: PC
OS: Windows NT
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: emergency.sho...@gmail.com
  Target Milestone: 

By default, and under certain circumstances (see
https://bz.apache.org/bugzilla/show_bug.cgi?id=64008), embedded Tomcat
automatically adds the JspServlet and servlet mappings for it to web apps.

>From a security point of view this behaviour leads to an increased
vulnerability surface without user opt-in. It should therefore probably be
avoided.

Currently we are using a patched version of embedded Tomcat that does not
inject the JspServlet programmatically, but this does not seem to be a good
long-term perspective.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64008] New: Tomcat ignores default web.xml and falls back to hard-coded defaults

2019-12-17 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64008

Bug ID: 64008
   Summary: Tomcat ignores default web.xml and falls back to
hard-coded defaults
   Product: Tomcat 8
   Version: 8.5.50
  Hardware: PC
OS: Windows NT
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: emergency.sho...@gmail.com
  Target Milestone: 

We use embedded Tomcat and deploy a web app programatically using the
addWebapp(Host, String, String, LifecycleListener) method.

The LifecycleListener is a ContextConfig that has a default web.xml configured
that should prevent the JSPServlet from being loaded.

Other than expected, it turns out that addWebapp actively ignores the
configured default web.xml and Tomcat instead loads statically hard-coded
default configuration that includes the JSPServlet and servlet mappings for it.

This behaviour led to a remote code execution vulnerability in one of our
products.


The code below shows how Tomcat is initialized.


final Tomcat tomcat;
// ...
final ContextConfig contextConfig = new ContextConfig();

contextConfig.setDefaultWebXml(getDefaultWebXml());

final Context ctx = tomcat.addWebapp
  (host, getContextPath(), getDocBaseDir(), (LifecycleListener)contextConfig);

// ...
tomcat.start();

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Remove useless lock

2019-12-17 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 8eced7a  Remove useless lock
8eced7a is described below

commit 8eced7a0a195bfb0f886c7f322369d50c09ad425
Author: remm 
AuthorDate: Tue Dec 17 10:36:11 2019 +0100

Remove useless lock

This will not cause any problem, but looking at the traces in 64007 the
extra locking is not necessary since it is guarded by the atomic boolean
and nothing else syncs on U.
---
 java/org/apache/tomcat/util/net/AprEndpoint.java  |  8 +++-
 java/org/apache/tomcat/util/net/Nio2Endpoint.java | 14 ++
 java/org/apache/tomcat/util/net/NioEndpoint.java  | 14 ++
 3 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java 
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index ebfd51b..b8b71e3 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -2240,12 +2240,10 @@ public class AprEndpoint extends 
AbstractEndpoint implements SNICallB
 getEndpoint().connections.remove(getSocket());
 socketBufferHandler = SocketBufferHandler.EMPTY;
 nonBlockingWriteBuffer.clear();
-synchronized (closed) {
-if (sslOutputBuffer != null) {
-ByteBufferUtils.cleanDirectBuffer(sslOutputBuffer);
-}
-((AprEndpoint) 
getEndpoint()).getPoller().close(getSocket().longValue());
+if (sslOutputBuffer != null) {
+ByteBufferUtils.cleanDirectBuffer(sslOutputBuffer);
 }
+((AprEndpoint) 
getEndpoint()).getPoller().close(getSocket().longValue());
 }
 
 
diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java 
b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
index ff5303b..adafdad 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
@@ -926,14 +926,12 @@ public class Nio2Endpoint extends 
AbstractJsseEndpoint
 }
 try {
 getEndpoint().connections.remove(getSocket().getIOChannel());
-synchronized (getSocket()) {
-if (getSocket().isOpen()) {
-getSocket().close(true);
-}
-if (getEndpoint().running && !getEndpoint().paused) {
-if (nioChannels == null || 
!nioChannels.push(getSocket())) {
-getSocket().free();
-}
+if (getSocket().isOpen()) {
+getSocket().close(true);
+}
+if (getEndpoint().running && !getEndpoint().paused) {
+if (nioChannels == null || !nioChannels.push(getSocket())) 
{
+getSocket().free();
 }
 }
 } catch (Throwable e) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Update Tomcat 7.0.99 release date

2019-12-17 Thread violetagg 
This is an automated email from the ASF dual-hosted git repository.

violetagg pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 37c548f  Update Tomcat 7.0.99 release date
37c548f is described below

commit 37c548fa950986da924c087076950240875fb805
Author: Violeta Georgieva 
AuthorDate: Tue Dec 17 10:30:15 2019 +0200

Update Tomcat 7.0.99 release date
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9d241f3..03cead9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -69,7 +69,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r37259 - /dev/tomcat/tomcat-7/v7.0.99/ /release/tomcat/tomcat-7/v7.0.99/

2019-12-17 Thread violetagg 
Author: violetagg
Date: Tue Dec 17 08:24:05 2019
New Revision: 37259

Log:
Release Tomcat 7.0.99

Added:
release/tomcat/tomcat-7/v7.0.99/
  - copied from r37258, dev/tomcat/tomcat-7/v7.0.99/
Removed:
dev/tomcat/tomcat-7/v7.0.99/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Nexus: Promotion Completed

2019-12-17 Thread Nexus Repository Manager 
Message from: https://repository.apache.orgDeployer properties:"userAgent" = "maven-artifact/2.2.1 (Java 1.7.0_80; Windows 8.1 6.3)""userId" = "violetagg""ip" = "78.83.99.114"Details:The following artifacts have been promoted to the "Releases" [id=releases] repository/org/apache/tomcat/tomcat-i18n-de/7.0.99/tomcat-i18n-de-7.0.99.pom.asc(SHA1: 356d8db6908d4a78047b486a921783137b17370f)/org/apache/tomcat/tomcat-i18n-de/7.0.99/tomcat-i18n-de-7.0.99.pom(SHA1: d9ede3171cf9b530234b460db542273a5d0dc6cf)/org/apache/tomcat/tomcat-i18n-de/7.0.99/tomcat-i18n-de-7.0.99.jar.asc(SHA1: f7b188c9f9677cc2fb2cb3c157c667687ca92d0b)/org/apache/tomcat/tomcat-i18n-de/7.0.99/tomcat-i18n-de-7.0.99.jar(SHA1: fc839a837b52a37991c937a07e0518c93f9c0a49)/org/apache/tomcat/tomcat-juli/7.0.99/tomcat-juli-7.0.99.pom.asc(SHA1: 09c46b29481db90a3bc891836e16de4e0167d175)/org/apache/tomcat/tomcat-juli/7.0.99/tomcat-juli-7.0.99.pom(SHA1: b558a9eef5fa2d8c634e596f099ff34144b5faa6)/org/apache/tomcat/tomcat-juli/7.0.99/tomcat-juli-7.0.99-sources.jar(SHA1: bc41b699360527430aa37f6ea94c0d09d6bd0f91)/org/apache/tomcat/tomcat-juli/7.0.99/tomcat-juli-7.0.99.jar(SHA1: 81bd4a9518b85f620fa6eec916c346a2f8548590)/org/apache/tomcat/tomcat-juli/7.0.99/tomcat-juli-7.0.99-sources.jar.asc(SHA1: 16e09e7d63cc6a8bcb393ad87755c860c241fe02)/org/apache/tomcat/tomcat-juli/7.0.99/tomcat-juli-7.0.99.jar.asc(SHA1: 14f34fb59ab206d93e8261ae0688956bf8230e97)/org/apache/tomcat/tomcat-util/7.0.99/tomcat-util-7.0.99-sources.jar(SHA1: 9a6b81b4ee0832f0796f7ea7b840e9fbed30a5ce)/org/apache/tomcat/tomcat-util/7.0.99/tomcat-util-7.0.99-sources.jar.asc(SHA1: 770236ee279aedd8abf3021fd1bc94970e8d6e83)/org/apache/tomcat/tomcat-util/7.0.99/tomcat-util-7.0.99.pom.asc(SHA1: 953395b24d37019ad2b88cd449db8086e6df1023)/org/apache/tomcat/tomcat-util/7.0.99/tomcat-util-7.0.99.jar(SHA1: 56972e80c573123d22a541d26c9a57af227dcc95)/org/apache/tomcat/tomcat-util/7.0.99/tomcat-util-7.0.99.jar.asc(SHA1: 5ab7c297d243563922175fb9f86251e2663da096)/org/apache/tomcat/tomcat-util/7.0.99/tomcat-util-7.0.99.pom(SHA1: 02ef6d8df957780026f9bf86cca337284d1dc4e4)/org/apache/tomcat/tomcat-catalina/7.0.99/tomcat-catalina-7.0.99-sources.jar.asc(SHA1: e56d537c17e5fe934bce9175076cfc484168bcc1)/org/apache/tomcat/tomcat-catalina/7.0.99/tomcat-catalina-7.0.99.pom(SHA1: da0a077ba7de4cbeed563e6c9fc08168e4511d31)/org/apache/tomcat/tomcat-catalina/7.0.99/tomcat-catalina-7.0.99-sources.jar(SHA1: 72b013da77ab338720651153013019c849752aad)/org/apache/tomcat/tomcat-catalina/7.0.99/tomcat-catalina-7.0.99.pom.asc(SHA1: 57515d45df66ad9aaf067e8dfdca9ef1e5b33b9a)/org/apache/tomcat/tomcat-catalina/7.0.99/tomcat-catalina-7.0.99.jar.asc(SHA1: a8e5d4be981ec512327ad55922d59d3856780107)/org/apache/tomcat/tomcat-catalina/7.0.99/tomcat-catalina-7.0.99.jar(SHA1: 66772aea8ca047c576451d039e93b154aeefbd07)/org/apache/tomcat/tomcat-catalina-ws/7.0.99/tomcat-catalina-ws-7.0.99.jar.asc(SHA1: ce7c77bc8214fccb35425050b45bf76d946400e4)/org/apache/tomcat/tomcat-catalina-ws/7.0.99/tomcat-catalina-ws-7.0.99.jar(SHA1: 0825de6bcf42abba7d0e36f7766429fd6e3e6148)/org/apache/tomcat/tomcat-catalina-ws/7.0.99/tomcat-catalina-ws-7.0.99.pom(SHA1: a4339661e3fae97b546c168a7471ecf2e0dcaaef)/org/apache/tomcat/tomcat-catalina-ws/7.0.99/tomcat-catalina-ws-7.0.99.pom.asc(SHA1: f63656a1ca26e0ad22528301bdd5819f13d41bbd)/org/apache/tomcat/tomcat-catalina-ws/7.0.99/tomcat-catalina-ws-7.0.99-sources.jar(SHA1: 4076b807e94cdfb5a24acd4c7dc0c54b0cde7628)/org/apache/tomcat/tomcat-catalina-ws/7.0.99/tomcat-catalina-ws-7.0.99-sources.jar.asc(SHA1: 4985816e2945c5c5056e9314cb2dd4931ed42e82)/org/apache/tomcat/tomcat-i18n-fr/7.0.99/tomcat-i18n-fr-7.0.99.jar.asc(SHA1: df58fc40d344ed799b1877689c3bea3b02e32335)/org/apache/tomcat/tomcat-i18n-fr/7.0.99/tomcat-i18n-fr-7.0.99.pom.asc(SHA1: 168d1ece9cc6ec9f66bf00b1133edfcb3f63c94a)/org/apache/tomcat/tomcat-i18n-fr/7.0.99/tomcat-i18n-fr-7.0.99.pom(SHA1: b7b97366f900485fb9b28b6493059877e4eb8af4)/org/apache/tomcat/tomcat-i18n-fr/7.0.99/tomcat-i18n-fr-7.0.99.jar(SHA1: 264b623b35a383f13ee4958eda524a962db931a5)/org/apache/tomcat/tomcat-jdbc/7.0.99/tomcat-jdbc-7.0.99-sources.jar.asc(SHA1: 5aa0b4fa23ff4f8efbc9b472539b9130c1e60d08)/org/apache/tomcat/tomcat-jdbc/7.0.99/tomcat-jdbc-7.0.99.pom(SHA1: 16624b46e44ef556defb707e97d7f08b4a372fe1)/org/apache/tomcat/tomcat-jdbc/7.0.99/tomcat-jdbc-7.0.99.pom.asc(SHA1: 66f58b399608c5b5f85ea00a85e230db3ffbf6b5)/org/apache/tomcat/tomcat-jdbc/7.0.99/tomcat-jdbc-7.0.99-sources.jar(SHA1: d74ec3110c226b8f2bded55ec8a0d573c6d88639)/org/apache/tomcat/tomcat-jdbc/7.0.99/tomcat-jdbc-7.0.99.jar(SHA1: e326eec474b5ccc7f8ea461077edf3c803e91a04)/org/apache/tomcat/tomcat-jdbc/7.0.99/tomcat-jdbc-7.0.99.jar.asc(SHA1: dbdca4f6b439cee5d33b18acd73aa43d8522d322)/org/apache/tomcat/embed/tomcat-embed-logging-log4j/7.0.99/tomcat-embed-logging-log4j-7.0.99-sources.jar.asc(SHA1: e8cd1bf4cd8a095f0d674e1265d5e1d427fc661b)/org/apache/tomcat/embed/tomcat-embed-logging-log4j/7.0.99/tomcat-embed-logging-log4j-7.0.99-sources.jar(SHA1: 55a0a489a6643dc6d4b46878

Re: [RESULT][VOTE] Release Apache Tomcat 7.0.99

2019-12-17 Thread Violeta Georgieva 
На ср, 11.12.2019 г. в 15:51 Violeta Georgieva 
написа:
>
> The proposed Apache Tomcat 7.0.99 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.99/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1242/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.99
> a94a0258f36d064aa032608a9e99c62018f22d94
>
> The proposed 7.0.99 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 7.0.99 Stable


+1 (binding):remm, kkolinko, violetagg

+1 (non-binding): Jonathan Gallimore,

No other voters were cast.

The vote has passed.

I'll do the release shortly and announce it once the mirrors catch up.

Regards,
Violeta