Re: [VOTE] Release Apache Tomcat 9.0.38

2020-09-14 Thread Coty Sutherland
On Thu, Sep 10, 2020 at 5:03 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.38 release is now available for voting.
>
> The notable changes compared to the 9.0.37 release are:
>
> - For requests containing the Expect: 100-continue header, optional
>   support has been added to delay sending an intermediate 100 status
>   response until the servlet reads the request body, allowing the
>   servlet the opportunity to respond without asking for the request
>   body. Based on a pull request by malaysf.
>
> - Add support for a read idle timeout and a write idle timeout to the
>   WebSocket session via custom properties in the user properties
>   instance associated with the session. Based on a pull request by
>   sakshamverma.
>
> - Update the packaged version of the Tomcat Native Library to 1.2.25
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.38/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1277/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.38
> 48b6a87171e502cc0becbb4c96e2266de4e805e7
>
> The proposed 9.0.38 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.38
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 10.0.0-M8

2020-09-14 Thread Coty Sutherland
On Wed, Sep 9, 2020 at 10:57 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M8 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The notable changes compared to 10.0.0-M7 are:
>
> - For requests containing the Expect: 100-continue header, optional
>   support has been added to delay sending an intermediate 100 status
>   response until the servlet reads the request body, allowing the
>   servlet the opportunity to respond without asking for the request
>   body. Based on a pull request by malaysf.
>
> - Add support for a read idle timeout and a write idle timeout to the
>   WebSocket session via custom properties in the user properties
>   instance associated with the session. Based on a pull request by
>   sakshamverma.
>
> - Update the packaged version of the Tomcat Native Library to 1.2.25
>
> Along with lots of other bug fixes and improvements.
>
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M8/
> The Maven staging repo is:
>
> https://repository.apache.org/content/repositories/orgapachetomcatrepo-1276/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M8
> b3f5e0d88336d81a61a767fc10ab06930c9587ee
>
> The proposed 10.0.0-M8 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M8
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: security.txt

2020-09-01 Thread Coty Sutherland
On Tue, Sep 1, 2020 at 1:01 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'd like to propose that we publish a security.txt[1] file on our web
> site under /.well-known/security.txt and /security.txt
>
> This file contains information we all already know, but it's in
> obviously "proprietary" locations on our web site and might not easily
> be found by someone who maybe doesn't speak English, etc.
>
> Here's my proposed content:
>
> Contact: secur...@tomcat.apache.org
> Contact:
> https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_
> with_Apache_Tomcat
> Acknowledgments: https://tomcat.apache.org/security.html
> Preferred-Languages: en
> Canonical: https://tomcat.apache.org/.well-known/security.txt
> Hiring: https://tomcat.apache.org/getinvolved.html
>
> If there are no objections, I'll add it to the site repo, soon.
>

+1 :D


> What's the best way to make sure that the same file ends up in
> /.well-known/security.txt and /security.txt? Can git link them
> together or something like that?
>

I'd guess a rewrite rule like Mark suggested.


> - -chris
>
> [1] https://securitytxt.org/
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9OflcACgkQHPApP6U8
> pFhy7g//bvd5hO/QTg+HJyJ1pRY4DCZUtssratL9iwoXNWmRz5toO6XM+Hj3Bh0U
> 4VOV5pMl+dN6DhSvuUSDXumnkF6RFMPYFjs15TvC5BaMbt7jlwfNtez7ByrVimOm
> BX9KLsXHgjE04Z4nnqp0S+bXdig5bBTtDLPH9woQOOJfx+4LFyPPUMBaKVzxIh2h
> 3VAv1vkUCmwfqzY5jJKxERQBzhYwBzuxOe1dL+qtXZGs6R8++OltX5GH1qYks8PR
> 28A8SDp+YWrMEEMkv0vUIle3lmEpzEa3+hujFHhMjxPM3q80d9r1XR7B+T3SodEo
> 1udOfBMRG6MGU9OiFD+s8vYgVt2BBBSCTzoeuNQkkf2kbzpeFYChjv7mM4ghBSyy
> 6y8Cz5O8HHQwroaxrkbhf1iIlNDdV0zQ+vd1C3EmhiZosD/bWhIL9q0RFzkY5QIY
> d4U2AN2Q6r9Wd12jS7ELjKy2q/BshJktEjdHs0HQUvYP26zOK9AVtH/ojFLmfXf8
> E+8TxLX2Wr3e6VyaGOJayeofSeeWEs0a4kxzfTB1ChQ/tG/SBJACCYS12cCq1XIn
> nKzkNm1ftbNDgH2IxSfvAPl1m9SzoSO3RJwibrV1bwstahtbvgALHP5raGzZ8Mxo
> +piQmPr1YKwxcvQWE3X/aZOv2YryjnbXKCdHixieZu+rU4f7j6M=
> =qHDh
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [PROPOSAL] Remove the functional specs from docs webapp

2020-08-12 Thread Coty Sutherland
On Mon, Aug 10, 2020 at 11:46 AM Mark Thomas  wrote:

> Hi all,
>
> I'd like to propose removing all the functional spec pages from the
> documentation web application.
>
> My reasoning for this proposal is, in short, that we aren't using or
> maintaining these pages.
>
> I don't recall any discussion of these docs on the dev list, proposals
> to change them, proposals for additions etc.
>
> There have been changes but going back over the changes from the last 10
> years (and there are very few of them) they each appear to be part of a
> wider global change that is updating something or removing references to
> a feature that has been removed.
>
> Should someone want to revive these pages, or more likely a subset of
> them, they'll always be in the history.
>
> Thoughts?
>

+1 to remove


> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland
Just FYI, I found that if I build when the aqute-bnd and aqute-bndlib
packages are installed from Fedora (version 3.5) then the classes are *not*
included in the jar, but if I remove them and use the aqute-bnd version
that tomcat requires (version 5.1) then they are present.

On Tue, Jul 21, 2020 at 10:26 AM Raymond Auge
 wrote:

> Hey all,
>
> Thanks for looking into this. I made sure using a binary comparison tool
> that the jars did in fact contained the correct bits before and after all
> my changes.
>
> But Mark is correct that some of the previously private packages are
> actually used externally and I had some changes coming to deal with those
> (but presently I'm on vacation so thanks for handling some of those those
> Mark.)
>
> Sincerely,
> - Ray
>
> On Tue, Jul 21, 2020 at 9:51 AM Coty Sutherland 
> wrote:
>
>> 
>>
>> That looks like an issue that will need fixing in Fedora's build system.
>>> Annotation scanning and the multipart upload API will be broken if those
>>> packages are missing.
>>>
>>
>> Hm, OK. I'll look into that and I guess other changes to ensure the
>> Fedora build isn't breaking stuff. I need to figure out why the step is
>> removing the classes and fix that issue since it doesn't seem to affect our
>> binary distro :(
>>
>> Going back to the fix I applied. The JSSE package was being used
>>> externally so that change looks to be OK. The modeler.modules package
>>> was not so I'm currently leaning towards reverting that part of the
>>> change.
>>>
>>> Overall, I don't mind exposing these packages externally if necessary
>>> but I'd prefer not to expose them if we don't have to.
>>>
>>
>> I agree and I'm fine with reverting your fix (I think) and continuing
>> with the patch I've applied in Fedora to keep that working. It's noteworthy
>> to mention again though that Debian had the same issue too, so whatever the
>> issue is that's causing the classes to be removed isn't just a Fedora
>> problem.
>>
>
>
> --
> *Raymond Augé* <http://www.liferay.com/web/raymond.auge/profile>
>  (@rotty3000)
> Senior Software Architect *Liferay, Inc.* <http://www.liferay.com>
>  (@Liferay)
>


Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland


That looks like an issue that will need fixing in Fedora's build system.
> Annotation scanning and the multipart upload API will be broken if those
> packages are missing.
>

Hm, OK. I'll look into that and I guess other changes to ensure the Fedora
build isn't breaking stuff. I need to figure out why the step is removing
the classes and fix that issue since it doesn't seem to affect our binary
distro :(

Going back to the fix I applied. The JSSE package was being used
> externally so that change looks to be OK. The modeler.modules package
> was not so I'm currently leaning towards reverting that part of the change.
>
> Overall, I don't mind exposing these packages externally if necessary
> but I'd prefer not to expose them if we don't have to.
>

I agree and I'm fine with reverting your fix (I think) and continuing with
the patch I've applied in Fedora to keep that working. It's noteworthy to
mention again though that Debian had the same issue too, so whatever the
issue is that's causing the classes to be removed isn't just a Fedora
problem.


Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland
On Tue, Jul 21, 2020 at 9:15 AM Mark Thomas  wrote:

> On 21/07/2020 14:06, Coty Sutherland wrote:
>
> 
>
> > Oh yeah, you're right. They were included in the ASF binaries, but
> > Fedora (and Debian I guess) built their own bits and that's where the
> > classes came up missing. I wasn't able to identify *why* the classes
> > weren't present, only that it was the OSGi step that was removing them.
> > I thought initially that it was because the Fedora version of aqute-bnd
> > in use is 3.5, but I don't see the classes in my local build from the
> > 9.0.37 tag (using bnd 5.1) either.
>
> OK. That means it isn't quite as bad as it could be.
>
> What about the other packages in the original list? Are:
>
> org.apache.tomcat.util.bcel
> org.apache.tomcat.util.http.fileupload.impl
> org.apache.tomcat.util.http.fileupload.util.mime
>
> still present?
>

Nope.


Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland
On Tue, Jul 21, 2020 at 7:52 AM Mark Thomas  wrote:

> On 21/07/2020 12:43, Coty Sutherland wrote:
> > Hi Mark,
> >
> > On Tue, Jul 21, 2020 at 4:48 AM Mark Thomas  > <mailto:ma...@apache.org>> wrote:
> >
> > On 20/07/2020 18:20, Coty Sutherland wrote:
> > > This commit is problematic :( It's broken some projects that
> depend on
> > > Tomcat because now the tomcat-coyote.jar doesn't contain the
> > > org.apache.tomcat.util.net <http://org.apache.tomcat.util.net>.jsse
> or
> > > org.apache.tomcat.util.modeler.modules packages which results in
> > > ClassNotFoundExceptions. I haven't seen any issues with other jars
> > yet.
> > > The removal of those packages from the jar looks intentional, but
> we
> > > aren't providing the classes anywhere else for users to use which
> is
> > > causing problems. Thoughts?
> >
> > Those packages are still present.
> >
> >
> > It seems that removing the packages from the exported packages list
> > actually removed them completely from the tomcat-coyote.jar (I
> > decompiled it to look and they were not present, nor were they included
> > in any other jars).
>
> I've just checked the 9.0.37 binaries and those packages (and the
> classes they contain) are present in tomcat-coyote.jar.
>
> I saw the same when I built 10.0.x locally (before my fix).
>
> From where did you obtain a JAR where those classes were missing?
>

Oh yeah, you're right. They were included in the ASF binaries, but Fedora
(and Debian I guess) built their own bits and that's where the classes came
up missing. I wasn't able to identify *why* the classes weren't present,
only that it was the OSGi step that was removing them. I thought initially
that it was because the Fedora version of aqute-bnd in use is 3.5, but I
don't see the classes in my local build from the 9.0.37 tag (using bnd 5.1)
either.


> > Thanks for looking into it, the fix you did was the same patch that I
> > added yesterday
> > (
> https://src.fedoraproject.org/rpms/tomcat/c/a8c5ea85614dca66b492fe030a7e7cfc10cd52de?branch=master
> )
> > :) I wish I'd proposed it upstream now, I just wasn't sure what the
> > criteria was for not exporting the packages.
> >
> > The packages that were pointed out to me as broken are FreeIPA server
> > (https://bugzilla.redhat.com/show_bug.cgi?id=1857043) and Debian's
> > libtomcat9-java package
> > (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964433), both with
> > different CNFEs.
>
> Tx. I'm curious as whether the root cause was missing classes or missing
> exports - but that depends on figuring out why the classes were missing
> first.
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland
Hi Mark,

On Tue, Jul 21, 2020 at 4:48 AM Mark Thomas  wrote:

> On 20/07/2020 18:20, Coty Sutherland wrote:
> > This commit is problematic :( It's broken some projects that depend on
> > Tomcat because now the tomcat-coyote.jar doesn't contain the
> > org.apache.tomcat.util.net.jsse or
> > org.apache.tomcat.util.modeler.modules packages which results in
> > ClassNotFoundExceptions. I haven't seen any issues with other jars yet.
> > The removal of those packages from the jar looks intentional, but we
> > aren't providing the classes anywhere else for users to use which is
> > causing problems. Thoughts?
>
> Those packages are still present.
>

It seems that removing the packages from the exported packages list
actually removed them completely from the tomcat-coyote.jar (I decompiled
it to look and they were not present, nor were they included in any other
jars).


> Do you mean those packages are no longer listed as exported in the OSGi
> / JPMS meta-data? The following packages are currently listed as private
> (and I assume the JPMS metadata is the same):


> org.apache.tomcat.util.bcel
> org.apache.tomcat.util.http.fileupload.impl
> org.apache.tomcat.util.http.fileupload.util.mime
> org.apache.tomcat.util.modeler.modules
> org.apache.tomcat.util.net.jsse
>
> It should be fairly easy to get that fixed.
>
> Out of curiosity, what projects are broken? I'm surprised that something
> has dependencies that deep into Tomcat's internals. Is this an OSGi
> dependency or JPMS?
>

Thanks for looking into it, the fix you did was the same patch that I added
yesterday (
https://src.fedoraproject.org/rpms/tomcat/c/a8c5ea85614dca66b492fe030a7e7cfc10cd52de?branch=master)
:) I wish I'd proposed it upstream now, I just wasn't sure what the
criteria was for not exporting the packages.

The packages that were pointed out to me as broken are FreeIPA server (
https://bugzilla.redhat.com/show_bug.cgi?id=1857043) and Debian's
libtomcat9-java package (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964433), both with
different CNFEs.


Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-20 Thread Coty Sutherland
This commit is problematic :( It's broken some projects that depend on
Tomcat because now the tomcat-coyote.jar doesn't contain the
org.apache.tomcat.util.net.jsse or org.apache.tomcat.util.modeler.modules
packages which results in ClassNotFoundExceptions. I haven't seen any
issues with other jars yet. The removal of those packages from the jar
looks intentional, but we aren't providing the classes anywhere else for
users to use which is causing problems. Thoughts?

On Tue, Jun 23, 2020 at 6:43 AM  wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch 9.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit 393c022c87e5cbebf1b96c3e1e7aa3b2ab4d5b74
> Author: Raymond Augé 
> AuthorDate: Fri Jun 19 09:32:56 2020 -0400
>
> Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating
> a better manifest and make sure the resulting jar contents are correct.
>
> Signed-off-by: Raymond Augé 
> ---
>  build.xml | 17 ++---
>  res/bnd/annotations-api.jar.tmp.bnd   |  2 +-
>  res/bnd/build-defaults.bnd| 15 +++
>  res/bnd/catalina-tribes.jar.tmp.bnd   |  5 -
>  res/bnd/catalina.jar.tmp.bnd  |  5 -
>  res/bnd/el-api.jar.tmp.bnd|  2 +-
>  res/bnd/jasper-el.jar.tmp.bnd |  8 +++-
>  res/bnd/jasper.jar.tmp.bnd|  7 ++-
>  res/bnd/jaspic-api.jar.tmp.bnd|  2 +-
>  res/bnd/jsp-api.jar.tmp.bnd   |  2 +-
>  res/bnd/servlet-api.jar.tmp.bnd   |  2 +-
>  res/bnd/{el-api.jar.tmp.bnd => spec-defaults.bnd} | 11 ++-
>  res/bnd/tomcat-coyote.jar.tmp.bnd |  9 -
>  res/bnd/tomcat-embed-core.jar.tmp.bnd | 15 ++-
>  res/bnd/tomcat-embed-el.jar.tmp.bnd   |  8 +++-
>  res/bnd/tomcat-embed-jasper.jar.tmp.bnd   |  7 ++-
>  res/bnd/tomcat-embed-websocket.jar.tmp.bnd|  7 ++-
>  res/bnd/tomcat-util.jar.tmp.bnd   |  6 +-
>  res/bnd/tomcat-websocket.jar.tmp.bnd  |  7 ++-
>  res/bnd/websocket-api.jar.tmp.bnd |  2 +-
>  webapps/docs/changelog.xml|  5 +
>  21 files changed, 119 insertions(+), 25 deletions(-)
>
> diff --git a/build.xml b/build.xml
> index 1900b78..7dba702 100644
> --- a/build.xml
> +++ b/build.xml
> @@ -3358,9 +3358,20 @@ Read the Building page on the Apache Tomcat
> documentation site for details on ho
>
>
>  
> -
> -  
> -
> +
> +
> + +  basedir="${basedir}"
> +  output="${jarfile}.tmp"
> +>
> +  
> +
> +
> +  
> +  
> +
> +  
> +
>  
>  
>
> diff --git a/res/bnd/annotations-api.jar.tmp.bnd
> b/res/bnd/annotations-api.jar.tmp.bnd
> index 9399b6c..9b2f84e 100644
> --- a/res/bnd/annotations-api.jar.tmp.bnd
> +++ b/res/bnd/annotations-api.jar.tmp.bnd
> @@ -13,7 +13,7 @@
>  # See the License for the specific language governing permissions and
>  # limitations under the License.
>
> --include: build-defaults.bnd
> +-include: build-defaults.bnd, spec-defaults.bnd
>
>  Bundle-Name: tomcat-annotations-api
>  Bundle-SymbolicName: org.apache.tomcat-annotations-api
> diff --git a/res/bnd/build-defaults.bnd b/res/bnd/build-defaults.bnd
> index 06e64c4..cdefb9c 100644
> --- a/res/bnd/build-defaults.bnd
> +++ b/res/bnd/build-defaults.bnd
> @@ -14,3 +14,18 @@
>  # limitations under the License.
>
>  Bundle-Version: ${version_cleanup;${version}}
> +
> +Specification-Title: Apache Tomcat
> +Specification-Version: ${version.major.minor}
> +Specification-Vendor: Apache Software Foundation
> +Implementation-Title: Apache Tomcat
> +Implementation-Version: ${version}
> +Implementation-Vendor: Apache Software Foundation
> +
> +X-Compile-Source-JDK: ${compile.source}
> +X-Compile-Target-JDK: ${compile.target}
> +
> +-includeresource.notice:
> META-INF/NOTICE;literal="${replace;${cat;../META-INF/default.notice};@YEAR
> @;${year}}\n"
> +-includeresource.license: {META-INF/LICENSE=../META-INF/default.license}
> +
> +-noclassforname: true
> \ No newline at end of file
> diff --git a/res/bnd/catalina-tribes.jar.tmp.bnd
> b/res/bnd/catalina-tribes.jar.tmp.bnd
> index 630169d..d6ae14a 100644
> --- a/res/bnd/catalina-tribes.jar.tmp.bnd
> +++ b/res/bnd/catalina-tribes.jar.tmp.bnd
> @@ -28,4 +28,7 @@ Export-Package: \
>  org.apache.catalina.tribes.transport,\
>  org.apache.catalina.tribes.transport.bio,\
>  org.apache.catalina.tribes.transport.nio,\
> -org.apache.catalina.tribes.util
> \ No newline at end of file
> +org.apache.catalina.tribes.util
> +
> +-includepackage: \
> +org.apache.catalina.tribes.membership.cloud
> \ No newline at end of file
> diff --git a/res/bnd/catalina.jar.tmp.bnd 

Re: [VOTE] Release Apache Tomcat 7.0.105

2020-07-07 Thread Coty Sutherland
On Thu, Jul 2, 2020 at 9:08 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.105 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.105/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1275/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.105
> f95f4e146e7eb463abdd8d7e2c47095d50075d97
>
> The proposed 7.0.105 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.105 Stable
>

+1


> Regards,
> Violeta
>


Re: [ANN] New committer: Raymond Augé

2020-07-02 Thread Coty Sutherland
Congrats and welcome!

On Thu, Jul 2, 2020 at 10:40 AM Mark Thomas  wrote:

> On behalf of the Tomcat committers I am pleased to announce that
> Raymond Augé (rotty3000) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.5.57

2020-07-01 Thread Coty Sutherland
On Tue, Jun 30, 2020 at 6:14 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.57 release is now available for voting.
>
> The notable changes compared to the 8.5.56 release are:
>
> - Implement a significant portion of the TLS environment variables
>   for the rewrite valve.
>
> - Reduce memory footprint of closed HTTP/2 streams
>
> - Improve parsing of RFC 2109 cookies
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.57/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1274/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.57
> 9c649984ef92c2534a734c6584220a9a0c0c3462
>
> The proposed 8.5.57 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.57
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 10.0.0-M7

2020-07-01 Thread Coty Sutherland
On Tue, Jun 30, 2020 at 2:16 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M7 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The notable changes compared to 10.0.0-M6 are:
>
> - Implement a significant portion of the TLS environment variables
>   for the rewrite valve.
>
> - Add the Jakarta EE 9 schema.
>
> - Improvements to the creatio of OSGi manifests.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M7/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1272/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M7
> c549413165721180b15f62033c1be6c5970028fd
>
> The proposed 10.0.0-M7 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M7
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.37

2020-07-01 Thread Coty Sutherland
On Tue, Jun 30, 2020 at 4:41 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.37 release is now available for voting.
>
> The notable changes compared to the 9.0.36 release are:
>
> - Implement a significant portion of the TLS environment variables
>   for the rewrite valve.
>
> - Improvements to the creation of OSGi manifests.
>
> - Reduce memory footprint of closed HTTP/2 streams
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.37/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1273/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.37
> bd68c421ea32fea08263db73cd5b987ab606a0bb
>
> The proposed 9.0.37 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.37
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Changing the name of the default branch in our git repos

2020-06-16 Thread Coty Sutherland
On Tue, Jun 16, 2020 at 4:02 AM Mark Thomas  wrote:

> All,
>
> You may have seen the recent discussions both inside and outside the ASF
> about the user of "master" as the name of the default git branch. If you
> haven't, the short version is that the name can be traced back to
> master/slave and its associations with human slavery.
>
> I'd like to propose that the Apache Tomcat project renames the master
> branch in all of the project repositories.
>
> I think there are two front runners for the new name:
>
> - main - this looks to be the name GitHub and a number of OSS projects
>  will be switching to
>
> - trunk - reflects the Subversion heritage of both the project and the
>   ASF
>
> Other options I have seen suggested include "default", "dev", "develop".
> Other suggestions welcome.
>
> Personally, I am leaning towards main as that looks to be the choice of
> the majority and using the majority choice will make it (a little bit)
> easier for new community members to find their way around the project.
>
> In terms of impact, changing the name is going to break stuff. It is
> really creating a new branch and deleting the old one.
>
> Deleting a branch triggers the automatic closure of github PRs against
> that branch. However if we create "$new_branch" we can edit the PRs to
> use "$new_branch" before we delete master. Given the small number of
> open PRs that is easily done.
>
> CI systems will need to be updated (buildbot, gump). That should be
> relatively simple.
>
> Docs will need to be updated (relatively simple).
>
> Committers and contributors will rebase any local branches to $new_branch
>
> Having thought about what is involved, renaming the default branch
> doesn't look as problematic as I thought it might be. This looks like
> something that could be done in around an hour for all our repos.
>
> Thoughts?
>

I'm +1 for main


> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.36

2020-06-04 Thread Coty Sutherland
On Wed, Jun 3, 2020 at 2:06 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.36 release is now available for voting.
>
> The notable changes compared to the 9.0.35 release are:
>
> - Add support for ALPN on recent OpenJDK 8 releases.
>
> - Add support for the CATALINA_OUT_CMD environment variable that defines
>   a command to which captured stdout and stderr will be redirected. For
>   use with, for example, rotatelogs. Patch provided by Harald Dunkel.
>
> - Be more flexible with respect to the ordering of groups, roles and
>   users in the tomcat-users.xml file
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.36/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1270/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.36
> 247c8e5ad08cdcd829a0bfc6374ecb3da0e5838e
>
> The proposed 9.0.36 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.36
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 7.0.104

2020-05-15 Thread Coty Sutherland
On Thu, May 7, 2020 at 4:18 PM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.104 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.104/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1268/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.104
> 28db826c5a92a870a6632d85dae89d4dc3b7af00
>
> The proposed 7.0.104 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.104 Stable
>

+1


> Regards,
> Violeta
>


Re: [tomcat] branch 7.0.x updated: Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file.

2020-05-15 Thread Coty Sutherland
On Fri, May 15, 2020 at 10:20 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'd like to talk about this.
>
> First, this is a patch to Tomcat 7 where a single version number
> (wsdl4j) wasn't updated in all the places it needed to be updated
> (specifically, the Eclipse .classpath file).
>
> Rather than simply updating the version number, I replaced it with a
> replaceable token which always uses the version set in
> build.properties.default.
>
> This means that the version number is set in only one place:
> build.properites(.default)? instead of having to be set in at least 2
> places.
>
> If everyone likes this strategy, I can extend it to the other
> versioned libraries we use, and also push it to the other branches.
>
> WDYT?
>

+1 from me :D


> - -chris
>
> On 5/15/20 10:07, schu...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git
> > repository.
> >
> > schultz pushed a commit to branch 7.0.x in repository
> > https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/7.0.x by this
> > push: new afda9f0  Use parametric replacement to ensure the proper
> > version of wsdl4j is written to Eclipse's .classpath file. afda9f0
> > is described below
> >
> > commit afda9f0d2d2d0bc7b5a870f6df97603354655109 Author: Christopher
> > Schultz  AuthorDate: Fri May 15
> > 10:05:59 2020 -0400
> >
> > Use parametric replacement to ensure the proper version of wsdl4j
> > is written to Eclipse's .classpath file. --- build.xml
> > | 3 ++- res/ide-support/eclipse/eclipse.classpath | 2 +- 2 files
> > changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/build.xml b/build.xml index 866bad3..973646e 100644
> > --- a/build.xml +++ b/build.xml @@ -3297,9 +3297,10 @@
> > skip.installer property in build.properties" />
> > depends="download-compile, extras-webservices-prepare,
> > download-test-compile" description="Prepares the source tree to be
> > built in Eclipse">
> >
> > + > value="${wsdl4j-lib.version}" />   > file="${tomcat.home}/res/ide-support/eclipse/eclipse.project"
> > tofile="${tomcat.home}/.project"/> - > file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> > tofile="${tomcat.home}/.classpath"/> + > file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> > tofile="${tomcat.home}/.classpath" filtering="true" />
> >
> >   > dir="${tomcat.home}/.settings" /> diff --git
> > a/res/ide-support/eclipse/eclipse.classpath
> > b/res/ide-support/eclipse/eclipse.classpath index afd1232..74c174b
> > 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++
> > b/res/ide-support/eclipse/eclipse.classpath @@ -23,7 +23,7 @@
> >  > path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>  > kind="var" path="ANT_HOME/lib/ant.jar"/>  > path="TOMCAT_LIBS_BASE/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar
> "/>
> >
> >
> - - path="TOMCAT_LIBS_BASE/wsdl4j-1.6.2/wsdl4j-1.6.2.jar"/>
> > + > path="TOMCAT_LIBS_BASE/wsdl4j-@wsdl4j-lib.version@/wsdl4j-@wsdl4j-lib.
> version@.jar"/>
> >
> >
> 
> >  > path="TOMCAT_LIBS_BASE/easymock-3.2/easymock-3.2.jar"/>
> >  > path="TOMCAT_LIBS_BASE/hamcrest-1.3/hamcrest-core-1.3.jar"/>
> >
> >
> > -
> >
> >
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6+pRAACgkQHPApP6U8
> pFhX5w/+O0dVTHL5UROhgJzTq74AmBrKHml57IkY1LVN+Wv9sWnw+X1s/QCFzamb
> fVZ+TZV4hg2xIkFDyzUTwCtPULVtqsBZChIyQDzW/rh9ClHKqTsOE2D6qOHMpcwa
> KMlOFb2wb/Z1GuxtHaH8cHZJnVtUjSv0STkKTZhewXGbNkMnXoacXO/1ezaY5vDY
> 5v4O8PRCDiTIXAMfncI1jORwDvbGBMqyQHl++QG6SiY5L5bp0xIyvtf+j/+8g6Ly
> BljCXZQC69ddm3dX5K88gdhsiXphzVZMaeyfGVk3AvCygwy3vAimTsuB8Dho6RUZ
> A+Wm2BmEYUpS3bdhhh8VpsD54rJ0q5L1BFLqrfot4+KLA78VLVWsam3IUqHZqIyu
> jl8TWHGl4NzRdsMFNm5Y4PnfkWBtMWtG7HyVea2uBLKmwFa9UQ3NA+/dwE8EKGAg
> ptz1e2GtgCAwUPWx8d/Z9+4hPOKLBgCuKVpm0YvVedrBCwHZCNKUbJiQspI2lSOF
> X4fqzFT5WrSBXpBOUk3FuwLQraDeXecEfalNVgfaJESeRM/KoohHULSWBLCfFQ2R
> kvueI0Kxi5WXFcdLFp2AvenL4fHPVYyt0MoAZ6gIArCSfvVZKNPFa1saVtr+yoKr
> 94A7aOoVjOLR6DygUNj7UFBlGz/uCbg9MkHxvBAxykH0zZg2oik=
> =VYFy
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 10.0.0-M5

2020-05-06 Thread Coty Sutherland
On Tue, May 5, 2020 at 3:34 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M5 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The major changes compared to 10.0.0-M4 are:
>
> - Remove useAprConnector flag from AprLifecycleListener so that the
>   only way to use the APR connectors is to set the full class name.
>
> - Change default value separator for property replacement to ":-"
>   due to possible conflicts. The syntax is now "${name:-default}".
>
> - Update the packaged version of the Tomcat Native Library to 1.2.24.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M5/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1265/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M5
> b3a208c6d6d01c553178c5e718e750b0eb318151
>
> The proposed 10.0.0-M5 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M5
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.35

2020-05-06 Thread Coty Sutherland
On Tue, May 5, 2020 at 5:41 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.35 release is now available for voting.
>
> The major changes compared to the 9.0.34 release are:
>
> - Improve the handling of requests that use an expectation. Do not
>   disable keep-alive where the response has a non-2xx status code
>   but the request body has been fully read.
>
> - Change default value separator for property replacement to ":-"
>   due to possible conflicts. The syntax is now "${name:-default}".
>
> - Update the packaged version of the Tomcat Native Library to 1.2.24.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.35/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1266/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.35
> fc2c65d390444d75412855ad0de8b878018d02dc
>
> The proposed 9.0.35 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.35
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.5.55

2020-05-06 Thread Coty Sutherland
On Tue, May 5, 2020 at 6:38 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.55 release is now available for voting.
>
> The major changes compared to the 8.5.54 release are:
>
> - Improve the handling of requests that use an expectation. Do not
>   disable keep-alive where the response has a non-2xx status code
>   but the request body has been fully read.
>
> - Change default value separator for property replacement to ":-"
>   due to possible conflicts. The syntax is now "${name:-default}".
>
> - Update the packaged version of the Tomcat Native Library to 1.2.24.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.55/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1267/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.55
> c8a57e4a2db8e5af314bae48123fb5990da5b7a5
>
> The proposed 8.5.55 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.55
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Remove org.apache.catalina.tribes.transport.bio

2020-04-28 Thread Coty Sutherland
On Tue, Apr 28, 2020 at 12:30 PM Rémy Maucherat  wrote:

> Hi,
>
> I'm still looking at things to remove or refactor in 10 following the
> rearchitecting failure for the Connector. One candidate could be the Tribes
> transport, since NIO is the default and BIO is probably never used.
>
> Can it be removed ?
>

+1


> There are a few classes here and there that could go too, for example that
> BufferPool15Impl class. Given the name, I would say it could be merged into
> the superclass.
>

+1 from me :D


> Comments ?
>
> Rémy
>
>


Re: git-fu is (still) weak

2020-04-28 Thread Coty Sutherland
On Tue, Apr 28, 2020 at 10:58 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Coty,
>
> On 4/28/20 10:45, Coty Sutherland wrote:
> >
> >
> > On Tue, Apr 28, 2020 at 10:21 AM Christopher Schultz
> >  > <mailto:ch...@christopherschultz.net>>
> wrote:
> >
> > Rémy,
> >
> > On 4/27/20 18:41, Rémy Maucherat wrote:
> >> On Tue, Apr 28, 2020 at 12:21 AM Christopher Schultz
> >>  >> <mailto:ch...@christopherschultz.net>
> >> <mailto:ch...@christopherschultz.net
> > <mailto:ch...@christopherschultz.net>>> wrote:
> >
> >> All,
> >
> >> I tried again to commit to tc10 branch, got commit id
> >> 8dddc11512fbd3b91ed9d737a42e4b8415458ddf.
> >
> >> Moving to tc9 branch:
> >
> >> $ git cherry-pick -n 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> >> fatal: bad object 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> >
> >> - From tc10:
> >
> >> $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> >> origin  https://github.com/apache/tomcat (push)
> >
> >> - From tc9.0.x:
> >
> >> $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> >> origin  https://github.com/apache/tomcat (push)
> >
> >> My 9.0.x local is all up-to-date with github, and github can see
> >> the commit in tc10.
> >
> >> Other than manually handing the diffs myself, I have no idea
> >> what to do, next. :(
> >
> >
> >>> I tried and it looked "ok" to me.
> >
> > Okay, what did you do? When I try to cherry-pick from 10 -> 9 I
> > still get the "bad object" error.
> >
> > When cherry-picking your commits from 9.0.x -> 8.5.x, I get a
> > merge-conflict (of course) because you have already merged them.
> >
> > Did I do something weird with the first commit?
> >
> > Maybe I don't have my branches in order?
> >
> > - From my tomcat-trunk (10) directory:
> >
> > $ git branch -a 9.0.x * master remotes/origin/7.0.x
> > remotes/origin/8.5.x remotes/origin/9.0.x
> > remotes/origin/BZ-63636/tomcat-8.5.x
> > remotes/origin/BZ-63636/tomcat-9.0.x remotes/origin/BZ-63681/8.5.x
> > remotes/origin/BZ-63681/9.0.x remotes/origin/BZ-63835/8.5.x
> > remotes/origin/BZ-63835/9.0.x remotes/origin/HEAD -> origin/master
> > remotes/origin/master
> >
> > - From my tomcat-9.0.x directory:
> >
> > $ git branch -a * 9.0.x master remotes/origin/9.0.x
> >
> > - From my tomcat-8.5.x directory:
> >
> > $ git branch -a * 8.5.x remotes/origin/7.0.x remotes/origin/8.5.x
> > remotes/origin/9.0.x remotes/origin/BZ-63681/8.5.x
> > remotes/origin/BZ-63681/9.0.x remotes/origin/BZ-63835/9.0.x
> > remotes/origin/HEAD -> origin/master remotes/origin/master
> >
> > My 9.0.x checkout seems "light".
> >
> >
> >> Have you tried a `git fetch origin master` from your 9.0 dir?
> >> That'll update the gitdb with new objects and refs from master,
> >> which should include the one you're trying to pick. That's the
> >> only thing I can think of given that you know your object ID is
> >> correct and present in master on upstream :)
>
> That got 'er goin'!
>

Woo! \o/ I'm glad that worked.


> It definitely fetched a bunch of stuff, but no new files, etc.
> (because becasue I was "up-to-date"). How can I be "up-to-date"
> without being "up-to-date"? :(
>

You were doing a `git pull` (derived from your note about being "Already up
to date"), which was only fetching and merging the current branch when you
needed to fetch object/refs from a different branch and then pick one of
those commits from that branch. Since it was only doing the current branch,
you are technically "up to date". If you tried to `git pull origin master`
then that would fetch all the objects/refs from master while also merging
(bring the new files down) which is not what you want :) Using `git fetch`
is the best way to get up to date references without actually updating the
code base you're working with.

HTH


> Maybe now I can go back and merge the original commits from this
> thread from February.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6oRIAACgkQHPApP6U8
> pFhtsA/9HHIvXZSbOsJuiBSkc0mBLonbtnvu5SOGizvcHZwPymfQgv+SC4yxiam+
> oAXEcBOfXnFG+bdBeD80F16xQOXDOT1nd

Re: git-fu is (still) weak

2020-04-28 Thread Coty Sutherland
On Tue, Apr 28, 2020 at 10:21 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Rémy,
>
> On 4/27/20 18:41, Rémy Maucherat wrote:
> > On Tue, Apr 28, 2020 at 12:21 AM Christopher Schultz
> >  > >
> wrote:
> >
> > All,
> >
> > I tried again to commit to tc10 branch, got commit id
> > 8dddc11512fbd3b91ed9d737a42e4b8415458ddf.
> >
> > Moving to tc9 branch:
> >
> > $ git cherry-pick -n 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> > fatal: bad object 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> >
> > - From tc10:
> >
> > $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> > origin  https://github.com/apache/tomcat (push)
> >
> > - From tc9.0.x:
> >
> > $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> > origin  https://github.com/apache/tomcat (push)
> >
> > My 9.0.x local is all up-to-date with github, and github can see
> > the commit in tc10.
> >
> > Other than manually handing the diffs myself, I have no idea what
> > to do, next. :(
> >
> >
> >> I tried and it looked "ok" to me.
>
> Okay, what did you do? When I try to cherry-pick from 10 -> 9 I still
> get the "bad object" error.
>
> When cherry-picking your commits from 9.0.x -> 8.5.x, I get a
> merge-conflict (of course) because you have already merged them.
>
> Did I do something weird with the first commit?
>
> Maybe I don't have my branches in order?
>
> - From my tomcat-trunk (10) directory:
>
> $ git branch -a
>   9.0.x
> * master
>   remotes/origin/7.0.x
>   remotes/origin/8.5.x
>   remotes/origin/9.0.x
>   remotes/origin/BZ-63636/tomcat-8.5.x
>   remotes/origin/BZ-63636/tomcat-9.0.x
>   remotes/origin/BZ-63681/8.5.x
>   remotes/origin/BZ-63681/9.0.x
>   remotes/origin/BZ-63835/8.5.x
>   remotes/origin/BZ-63835/9.0.x
>   remotes/origin/HEAD -> origin/master
>   remotes/origin/master
>
> - From my tomcat-9.0.x directory:
>
> $ git branch -a
> * 9.0.x
>   master
>   remotes/origin/9.0.x
>
> - From my tomcat-8.5.x directory:
>
> $ git branch -a
> * 8.5.x
>   remotes/origin/7.0.x
>   remotes/origin/8.5.x
>   remotes/origin/9.0.x
>   remotes/origin/BZ-63681/8.5.x
>   remotes/origin/BZ-63681/9.0.x
>   remotes/origin/BZ-63835/9.0.x
>   remotes/origin/HEAD -> origin/master
>   remotes/origin/master
>
> My 9.0.x checkout seems "light".
>

Have you tried a `git fetch origin master` from your 9.0 dir? That'll
update the gitdb with new objects and refs from master, which should
include the one you're trying to pick. That's the only thing I can think of
given that you know your object ID is correct and present in master on
upstream :)


> Thanks,
> - -chris
>
> > On 2/24/20 11:33, Christopher Schultz wrote:
> >> All,
> >
> >> I'm trying to cherry-pick a commit. The commit went through
> >> github, merged a PR from a contributor into master. I'm trying
> >> to cherry-pick it back into the 9.0.x branch:
> >
> >> $ git cherry-pick f124a9c7230227d3eaff9d2dc1c52f82ce10e03f
> >> error: commit f124a9c7230227d3eaff9d2dc1c52f82ce10e03f is a merge
> >> but no -m option was given. fatal: cherry-pick failed
> >
> >> ??
> >
> >> My local copy is all up-to-date, no weird local changes or
> >> anything like that. What is a "merge", here? Supplying "-m"
> >> doesn't like the commit id.
> >
> >> Any ideas?
> >
> >> -chris
> >
> >
> >
> - -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >  For additional commands,
> > e-mail: dev-h...@tomcat.apache.org
> > 
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6oO7kACgkQHPApP6U8
> pFgZTg//WzVb7BJyj9EKcwMm/k+tlNyZqGCH8uTMhntjFkUb9aHHLT/9PhMdBizS
> bu4dIB8MtqwxSFv+jrMypccHyRGSx8OFI8Ti0BIC42whhz8AW8BLJ2JSWZrGv+lL
> cHPxoosd/dFA4Ft4Acj8GG2WFeG9IUrf+vBbYC2y3jp8oRIvWFSFZQzG0Slt9Rv4
> J4NUIZHkuGGQP88cey1UOw/09T/4wtTm0mFcmyjnVrXDHjrXG3CkMiwU3fo/FOyj
> GmpYDEZXgVgDtUgLMG3kSynqJ4XUbRCEJJQ2nEpphFRA+qa9julCRU/D+NdLw9Ya
> 7MOWDWFiE7oRsUyU0qgK/GhMw0mQpmXrJuAQLyM2LaaUJ1ZZ5mr/Xqw1cuWJOYCW
> TZqNXhyki8XKJSxkNlBSIMouafeX3prX8A2m8erPy83RJx5d7/T1uZNHO86Vd7Qh
> ijFbAdyuICcZUPjgF/TK3AHQCVZpqQZHd/oyEVpWwdM7okhVVjoMI+WXft16oQO/
> B468o8llMLE7vTAxzB9dCSOw9wpqoaPTtkd9fH20xPGWTWii0Hkk4WrWDwoUtWbO
> xdFgCLQAd2fgVnwuSpOD5c2GeJoKD/Fc4D/JkJo5+bWVKJ7es2kCnT3xBVbDQj0T
> Tx2HJ+B0OmCKP5df6f7SYDVxtVJ15J+BgXK5msJpIZumkassfN0=
> =bp2k
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.34

2020-04-06 Thread Coty Sutherland
On Fri, Apr 3, 2020 at 8:49 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.34 release is now available for voting.
>
> The major changes compared to the 9.0.34 release are:
>
> - Add support for default values when using ${...} property replacement
>   in configuration files. Based on a pull request provided by Bernd
>   Bohmann.
>
> - When configuring an HTTP Connector, warn if the encoding specified for
>   URIEncoding is not a superset of US-ASCII as required by RFC7230.
>
> - Replace the system property
>   org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
>   Connector attribute encodedSolidusHandling that adds an additional
>   option to pass the %2f sequence through to the application without
>   decoding it in addition to rejecting such sequences and decoding such
>   sequences.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.34/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1263/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.34
> 1031a8edb864ac001a8f172161aa8a13b7a4e712
>
> The proposed 9.0.34 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.34
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 10.0.0-M4

2020-04-06 Thread Coty Sutherland
On Fri, Apr 3, 2020 at 7:28 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M4 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The major changes compared to 10.0.0-M3  are:
>
> - Replace configuration via system property with configuration via an
>   attribute on the appropriate element where practical. A large number
>   of system properties have been replaced.
>
> - Add support for default values when using ${...} property replacement
>   in configuration files. Based on a pull request provided by Bernd
>   Bohmann.
>
> - Replace the system property
>   org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
>   Connector attribute encodedSolidusHandling that adds an additional
>   option to pass the %2f sequence through to the application without
>   decoding it in addition to rejecting such sequences and decoding such
>   sequences.
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M4/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1261/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M4
> 772df65db45cfccc2aad33b9b51ef9ab14c19626
>
> The proposed 10.0.0-M4 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M4
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 7.0.103

2020-03-19 Thread Coty Sutherland
On Mon, Mar 16, 2020 at 5:13 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.103 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.103/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1260/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.103
> c4e59ac215eebff2de5fd9d23fb37fe222bc99c5
>
> The proposed 7.0.103 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.103 Stable
>

+1


> Regards,
> Violeta
>


Re: [VOTE] Release Apache Tomcat 10.0.0-M1

2020-02-14 Thread Coty Sutherland
On Fri, Feb 14, 2020 at 9:49 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M1 release is now available for
> voting. This is the first release of 10.0.x and is based on 9.0.31.
>
> The major changes compared to 9.0.31  are:
>
> - Complete the javax to jakarta package rename
>
> - Remove duplication of configuration between HTTP/1.1 and HTTP/2.
>   HTTP/2 will now inherit values from HTTP/1.1.
>
> - Remove deprecated code
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M1/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1249/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M1
> b0b074b683ed2e09ff9e9755825bfce83d303a93
>
> The proposed 10.0.0-M1 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M1
>

+1


>
> I opted to only include alpha here as there are still some potentially
> significant changes on the TOMCAT-NEXT list.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 7.0.100

2020-02-13 Thread Coty Sutherland
On Tue, Feb 11, 2020 at 4:08 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.100 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.100/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1247/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.100
> a1ea109bf367ad32361396348845ffd6e524d115
>
> The proposed 7.0.100 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.100 Stable
>

LGTM


>
> Regards,
> Violeta
>


Re: Numbering schemes for future releases

2020-02-10 Thread Coty Sutherland
On Mon, Feb 10, 2020 at 4:48 AM Mark Thomas  wrote:

> Hi,
>
> I thought it would be useful to re-open the discussion on this. If there
> is a better plan that the one we currently have I'd like to try and find
> it.
>
> I'm happy to hold off on the current 10.0.0.0-M1 release for a few days
> to give us time look for a better numbering scheme and so we have the
> opportunity to pull the 10.0.0.0-M1 release if necessary.
>
> I have tried to express the various options I have seen proposed in a
> similar way so we can compare them. If I have missed one or you think of
> a different one then please post it.
>
> Option A: The current plan:
> Jakarta EE 9:  10.0.0.x
> Jakarta EE 10: 10.0.x   (x>=1)
> Jakarta EE 11: 11.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>
>
> Option B: Continue with existing numbering
> Jakarta EE 9:  10.0.x
> Jakarta EE 10: 11.0.x
> Jakarta EE 11: 12.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>
>
> Option C: No stable Jakarta EE 9 release
> Jakarta EE 9:  10.0.0-Mx
> Jakarta EE 10: 10.0.x
> Jakarta EE 11: 11.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>
>
> Option D:
> Jakarta EE 9:  10.0.x
> Jakarta EE 10: 10.1.x
> Jakarta EE 11: 11.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>

I think I prefer option A, with D as a secondary. Initially I liked C the
best, but given the conversation I agree that it's probably not the best
way forward. Either way we do it is going to be somewhat confusing for
folks I think, at least initially, but the options we have all seem pretty
easy to explain.


>
>
> My own thoughts:
>
> I don't like option B because the off-by-one issue between Jakarta EE
> and Tomcat. It is manageable at the moment but I worry that it will
> cause confusion once we have the 9.y.x branch.
>
> I don't like option C because I think we need a stable, supported,
> passing the TCK Jakarta EE 9 release. Also, Jakarta EE 10 is meant to
> follow shortly after Jakarta EE 9 but what if it doesn't?
>
> For me, the choice is between A and D. If Jakarta EE 10 is very soon
> after Jakarta EE 9 then I think option A is better. However, D isn't
> that far behind and as soon as Jakarta EE 10 doesn't follow shortly
> after Jakarta EE 9 I think D begins to look better. As I think about it,
> the EOL decision we make for Jakarta EE 9 support depends a lot on how
> quickly Jakarta EE 10 follows and I think D gives us more flexibility.
> Finally, D is more consistent with how we have done things in the past
> (4.1.x, 5.5.x, 8.5.x etc)
>
> Thoughts?
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [PROPOSAL] Tomcat 10: change default certificateKeystoreType and truststoreType from JKS to PKCS12

2020-01-29 Thread Coty Sutherland
On Tue, Jan 28, 2020 at 12:07 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> The subject says it all.
>
> Java 9 is changing the default keystore type from JKS to PKCS12 and
> deprecating the use of JKS.
>
> Do we know what version of Java Tomcat 10 will require? I suspect it
> will be Java 9, so it will match.
>
> In any case, PKCS12 is a better format overall and it's very early in
> the Tomcat 10 lifecycle, so I think it's the right time to make this mov
> e.
>
> It looks like there is no default type for the trust store type
> (unless javax.net.ssl.trustStoreType has a default value), so I would
> propose that we also set that default type to PKCS12.
>

+1 :D


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wakwACgkQHPApP6U8
> pFg54hAAvtOwO8sGYHfllwEcQakaacJ6DvTG9YMb+mX3WvZVLPfQAv/Zn5ReV8fu
> 1tOd3Hux1W/CoYKiO4cMKjxn4mwO3/5lukYzNg1KtmsBpnqA15rUsci5VsivXMvR
> ylZkWLxt9TprcVc79cvlUrtj+xYTdiYv7p/YXGSh7JDSeSrqipGItW+QDKIH8kmg
> jNlgj67Gy2gCqGPIu/CZQgDQBn7nSWcaeB1U2WITFAKQhgCv+mCzEm6+oLrHhN9q
> IDBFqD7QlRSDRRAQTBgpnpaj2m/B5dBkXGMGMtRwkzx0IU6jO2nlWUkTmSFYn+js
> CneqphJ7szLj9JdbNUHrtBMxojDeJTejtigCTsnd+1DJEIoYJCOuy1D4e0V9eEiA
> kpaP5gsG6tN7fyk3E1w7xtmEq6dTPcNYv731RDMOC3WIQcBXxOQ5cFKhfxeWZBrZ
> mkdjksDoCizWLcmKA3p4xwNBsvi7qnOReq7TZfL1U/Lp39d/ncSxpTPxucOi5k5T
> PlJncwNsZA1tThfFjMlANXeYAeh74ajdMWAcRoIIzP09wyIQP2/pI6msBsQ6mr1j
> MOOt6b25XO9RgJBn/EYBlVKYjULdDSBd/ojcc92wZONhw8uqt6Ly7Xrj4t3eFQ4e
> EdjKPawmDhyZZ/B9IYC9p7doRuni26eBWx7wGkqQM3TqIn0Rc9k=
> =zoYm
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Tomcat 7.0.x end of life

2020-01-15 Thread Coty Sutherland
On Tue, Jan 14, 2020 at 3:56 PM Mark Thomas  wrote:

> Hi all,
>
> This has been mentioned several times as we have figured out our
> approach to Jakarta EE 9 and Tomcat 10. I'd like to formally propose
> that we announce end of life for Tomcat 7.0.x as 31 March 2021.
>
> Thoughts?
>

+1


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.5.50

2019-12-09 Thread Coty Sutherland
On Sat, Dec 7, 2019 at 2:54 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.50 release is now available for voting.
>
> The major changes compared to the 8.5.49 release are:
>
> - Correct multiple regressions in the static resource caching related to
>   using URLs provided for cached resources
>
> - Improvements to the Realm interface and implementations
>
> - Bug fixes and improvements to the CORS filter
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.50/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1241/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.50
> c40ede65ea4fb44b1957ec482f28c7afa71f1b50
>
> The proposed 8.5.50 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.50
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.30

2019-12-09 Thread Coty Sutherland
On Sat, Dec 7, 2019 at 12:24 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.30 release is now available for voting.
>
> The major changes compared to the 9.0.29 release are:
>
> - Correct multiple regressions in the static resource caching related to
>   using URLs provided for cached resources
>
> - Improvements to the Realm interface and implementations
>
> - Bug fixes and improvements to the CORS filter
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.30/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1240/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.30
> 4fab4cc012d0c31852e957d198cb0549f3d6074c
>
> The proposed 9.0.30 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.30
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.5.49

2019-11-18 Thread Coty Sutherland
On Sun, Nov 17, 2019 at 2:01 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.49 release is now available for voting.
>
> The major changes compared to the 8.5.47 release are:
>
> - Improvements to Async error handling
>
> - Stricter processing of HTTP headers when looking for specific token
>   values
>
> - Fix various issues that could lead to modification to a JSP not being
>   reflected in the served page
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.49/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1238/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.49
>
> The proposed 8.5.49 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.49
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.29

2019-11-18 Thread Coty Sutherland
On Sat, Nov 16, 2019 at 1:56 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.29 release is now available for voting.
>
> The major changes compared to the 9.0.27 release are:
>
> - Improvements to Async error handling
>
> - Stricter processing of HTTP headers when looking for specific token
>   values
>
> - Fix various issues that could lead to modification to a JSP not being
>   reflected in the served page
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.29/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1236/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.29
>
>
> The proposed 9.0.29 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.29
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.27

2019-10-07 Thread Coty Sutherland
On Mon, Oct 7, 2019 at 7:51 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.27 release is now available for voting.
>
> The major changes compared to the 9.0.26 release are:
>
> - Update to Commons Daemon 1.2.2 to pick up the fix for a regression in
>   Commons Daemon 1.2.0 and 1.2.1 that triggered a crash on startup when
>   running on a Windows OS that had not been fully updated.
>
> - Fix some edge cases with NIO2 and TLS that could has a request to
>   hang.
>
> - Fix a memory leak introduced by the HTTP/2 timeout refactoring in
>   9.0.23 that could occur when HTTP/2 or WebSocket was used.
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.27/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1233/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.27
>
>
> The proposed 9.0.27 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.27
>

+1 LGTM. Tested on Fedora 30 with OpenSSL 1.1.1d and tcnative 1.2.21.


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)

2019-10-07 Thread Coty Sutherland
On Mon, Oct 7, 2019 at 10:46 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I recently gave a presentation on locking-down Apache Tomcat[1] and I
> briefly discussed the "sharp edges" present in Tomcat. Some of them
> are unnecessarily sharp and may be actually unnecessary. I'm going to
> make a few proposals to remove functions from Tomcat.
>
> Proposal: Remove Server-Side Includes
>

+1


>
> Justification:
>
> The SSI module is a remote-code execution (RCE) vulnerability as a
> feature. My sense is that SSI is a little-used feature. A few years
> ago, markt[2] asked if anyone was using SSI. The only replies were
> from other Tomcat devs commenting on what to do with SSI if it's no
> longer in the main Tomcat distribution; there were no community
> members who responded saying that SSI was important to them.
>
> If the packaging of Tomcat could be tweaked a bit to move the SSI
> components into a separate JAR file (e.g. move
> org/apache/catalina/ssi/* to catalina-ssi.jar) and if the SSI
> components don't rely on any Tomcat specific capabilities or
> internals, then the cattalina-ssi.jar file could be used between
> Tomcat versions. For example, a user of Tomcat 10 who still needs SSI
> could get the SSI module from a distribution of Tomcat 8.5.x or 9.x.
>
> - -chris
>
>
> [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc
> at
> [2]
> https://lists.apache.org/thread.html/969a9d1b6e883a4017907c448292880624c
> c85eb22c490b241dc9c88@%3Cusers.tomcat.apache.org%3E
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bT78ACgkQHPApP6U8
> pFj9cQ/+Os1dBaXqqM3taTbqTzzCyLKCMz5q/66QreuH0ZMcqf/QjTGkxhsegelD
> 184cnAni2rWyV015yuqHvM/ZPn5BcH5pV31mEdJyGQiFIjvEfmZs37sGEoSOE584
> jutsktxcla7UEVMPfYU+YiVCapWRjWHNFusP2J/dP+UFYDg/cZJCoYDlMVjpfhmq
> UH6i/Sht3fpMfYYRHdgkP/r2wHLOD+qql/K8RNExhokwDZCiATmKA1uTuUHtQWQu
> rh71myzAqdzsEmLMRSLOnDY17XeG8Pd1W0JmcskdHNkZ/cYECLlMv5iqXLA3FbVM
> sLSd7PLJW1baFi9kqLTP4C44G8+j2tJAgjxkC+9nxFLB7Fy+abyV38Pt77zJ5NXS
> lIceS1jUIn4OBWFrMVnAii3slAl8WI0xknBBtJeObhw1uKtmRMJ2YtcefK89R/FR
> 9ZOAHghcYpkbTE8rO6z7HeyN/M+p972a7Pyr6nOH9XnanYBGuL/eg72/yAZpkofT
> k8AZe9VZ1SOK2TYBmNjHrzQDnodmvgtW3Q0RWY828CrOZ0x9vlQniKc/RWVa0HOR
> nv6l54oGGNoOezNnMKPRgOyUpzCtLCRkxMUVFkJJi2Hetf7QDo43MITgNNIz/VW8
> NEwTPtG/EUE98HQzl4MnV+I7MTBJK8kwwlIKYwtFFTnCy88QmOQ=
> =ap4d
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [PROPOSAL] Tomcat 10: Remove CGI Servlet

2019-10-07 Thread Coty Sutherland
On Mon, Oct 7, 2019 at 11:00 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I recently gave a presentation on locking-down Apache Tomcat[1] and I
> briefly discussed the "sharp edges" present in Tomcat. Some of them
> are unnecessarily sharp and may be actually unnecessary. I'm going to
> make a few proposals to remove functions from Tomcat.
>
> Proposal: Remove CGI Servlet
>

+1


>
> Justification:
>
> The CGIServlet is another component, like server-side-includes, which
> is a remote-code execution (RCE) vulnerability as a feature. It is
> very easy to misconfigure. It is arguably not possible to secure it on
> Windows[2]. There are better solutions if you want to run Perl,
> Python, PHP, or whatever on your server in the form of the many fine
> web-server products out there.
>

I thought this was a really weird feature for Tomcat to provide anyway :)


>
> - -chris
>
>
> [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc
> at
> [2]
> https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23
> /everyone-quotes-command-line-arguments-the-wrong-way/
> 
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bUusACgkQHPApP6U8
> pFhGxw//V8a5sALHVJAGDuhYf3HJs+MyDkHI848BOW8U5JjSOC9erQg84xxOm11q
> ywHqmdJ1HkVCTlN6n+OMne4/DVtAywqetF6hVf3TdGvA/Xp2HGiz4H9FeBgD5oVS
> WgZqrShBk5xneElWkBH69yG7qC2XKhCZNtA8bNqMdUQ+zOW2Gwhk8k35r//jWivX
> ZkXloVRs2aQaArtqwIi0kWWMMbIEL6JJJigAfjfpap8HvTrLL/W5/dTpYUp1Y1Ms
> qGhv0CcbDSFmQqPEnZO0keaUJRi5QXsW7ByMnXjterr1ExEW8ZfHM7ZOAap/7VWz
> O2TFeq59YSG2KOrueDpzZk1u1l0G5vT9ttyoGtGJQlFt6TnxA0+4EouciFoVtPM8
> mrAEHkp9MSHIVGjTj6qanNnEkue3Bnyv5TQq2m5MX6mYCkyGUhZpdaIfK2aw6M2Y
> uJ4h8Qf1hX0s3/nfyF3ERTKnsB2aYcVORjcfLaEajJwbUAXRG4kLKqOszMsLKV3S
> FC/rzp1f7MSKf4nN9WVIQvxUZhxP70SjBSTtRN3UXZvrZvCiq/BaK0/inyYTKOIc
> 1QOjbfoZnI3Kcm8zKKODJRebpsrsF+f7EWwuEg07lAmgAxQGsdciss23rt6OALf0
> Dhr5Lb6mcMktmy4JLIKwbM9Hbk3IslbQlEWQEOSiagzph/ZMVP8=
> =28Zt
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [PROPOSAL] Tomcat 10: Drop APR Connector

2019-10-07 Thread Coty Sutherland
On Mon, Oct 7, 2019 at 10:39 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I recently gave a presentation on locking-down Apache Tomcat[1] and I
> briefly discussed the "sharp edges" present in Tomcat. Some of them
> are unnecessarily sharp and may be actually unnecessary. I'm going to
> make a few proposals to remove functions from Tomcat.
>
> Proposal: Remove APR connector
>

I'm +1 for this


>
> Justification:
>
> The APR connector was once used to provide superior I/O when compared
> to the only other available I/O mechanism available in Java: blocking
> I/O. Specifically, the APR connector allowed Tomcat to wait for
> keepalive requests on a connection to in a non-blocking fashion which
> was not possible with Java BIO-based connectors.
>
> The introduction of NIO into Java back in Java 1.4 (!!) changed
> things, and NIO support was added to Tomcat in 6.0. Now that it has
> had time to mature, the NIO connector is superior to the APR connector
> in several ways:
>
> 1. NIO connector allows non-blocking TLS handshakes
> 2. NIO connector uses less (Tomcat-owned) native code
>
> The first item improves performance and availability and the second
> item improves stability (and thus availability).
>
> The last advantage which (until recently) made the APR connector still
> very useful was the ability to use the OpenSSL cryptographic library
> for all cryptographic operations which is measurably
> higher-performance than those typically provided by the JVM.
>
> This last advantage no longer exists since we have a JSSE provider
> available for OpenSSL using libtcnative.
>
> Notes:
>
> This proposal does not recommend the removal of libtcnative. Only the
> removal of the APR connector, the APR lifecycle listener, and the
> associated native code required to support those components.
>
> - -chris
>
>
> [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc
> at
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bTg8ACgkQHPApP6U8
> pFghUhAAwXEdrarxE5sgqMbZxswlOrRTQSIGZuh2t9KV8pJG+M8NrRbPMZxL3IX/
> UkJA9JGxFGA20D9kn0Xx2eX276tKtW/ZyVhg9vvlKqm8+n+vXLuN/sj15sPw1f64
> rCqj/GA+iMPP1AtBwc3E2bxBUI7WYGjgMutobwWOfHrlrw6/D4aNyO/t8XXlh9UT
> ZcP9Nq0ed4G4I+zx+R//FmEa0Ky2ARUtiyuBhnA+yEFm0XT/iMpgGnl5DHpJ5nOv
> U9YiTOU/bMXP1ABgCYoPgHPnYADKoEepdhD8x7CZTyUpR4vTr7DXxAABvapwynBo
> sPb+CFjlQilS8zxNYbGZbCu/mpux88jKYvOrrf5Jjb8YzxAGmmy00VyzuyzApdLs
> T9eYJazcej8u0he26U+QJi+HCQ+KpdSeMP/kQuw2BorvdD5BkPA22MvqoeIdU1Xs
> IzS6+69/MwjkTSL3YOlxp/E7HuG/gegGYBgVphVVJVAYh5lyBcY9o5diTIwdbejU
> yK+3WBbkK9dp8nM0GmKoaUqhLP/XvACG5FohW6P+EHLTjlCy7dPbr7s409coQb/1
> JQqur4GABbM47MXSDaXHisXLSLY3RpF6Uo0Fb2AC2AuuAihjNpQ0GmeuLHhoPI7W
> CycCLjMqLystoj8pNR1pil1FOgI1zOPilylpMX0mV5VuDhPxuFw=
> =MZ7V
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Tomcat-Native - Time to move to git?

2019-06-17 Thread Coty Sutherland
On Mon, Jun 17, 2019 at 12:56 PM Mark Thomas  wrote:

> Hi,
>
> I'm starting to look at OCSP stapling for our OpenSSL based connectors
> and I suspect a Tomcat Native release will be required. Even if it isn't
> for this, it has been a while since the last Tomcat Native release so I
> expect we'll need to do one fairly soon anyway.
>
> The complication is the svn:external that picks up the
> org.apache.tomcat.jni package from 9.0.x. Now 9.0.x has moved to git,
> this no longer works.
>
> I looked at a workaround using the "GitHub makes itself look like svn"
> but that timed out for the Tomcat repo. I suspect due to size.
>
> I then looked at Git based solutions. sub-modules and sub-trees look to
> be the two options. Of the two, sub-trees looks better:
> - it is more suited to "read-only" importing
> - it doesn't require any additional commands to populate the imported
>   code
>
> However, using sub-trees means moving Tomcat-Native to git. Before I
> start a formal vote to do so, are there any objections?
>
> The process would be:
> - ensure git mirror is up to date
> - break the svn->git mirror
> - start using git
> - update web site etc
> - move svn code to archive
>
> Given how the migration of the main repos went, I'm not expecting any
> major issues.
>

No objections from me :)


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.5.42

2019-06-05 Thread Coty Sutherland
On Tue, Jun 4, 2019 at 5:06 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.42 release is now available for voting.
>
> The major changes compared to the 8.5.41 release are:
>
> - Fix various concurrency and stability issues for HTTP/2.
>
> - Add support for same-site cookie attribute. Patch provided by John
>   Kelly.
>
> - Add an option to sort directory listings provided by the Default
>   Servlet.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.42/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1214/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.42
> 00b711f6af57e043bf4d5d64dbc1617970a54d69
>
>
> The proposed 8.5.42 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.42
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 9.0.21

2019-06-05 Thread Coty Sutherland
On Tue, Jun 4, 2019 at 4:50 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.21 release is now available for voting.
>
> The major changes compared to the 9.0.20 release are:
>
> - Fix various concurrency and stability issues for HTTP/2.
>
> - Add support for same-site cookie attribute. Patch provided by John
>   Kelly.
>
> - Add an option to sort directory listings provided by the Default
>   Servlet.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.21/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1213/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.21
> 5dd82367de857318b8a384c07c4414e5d55cc975
>
> The proposed 9.0.21 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.21
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Are we interested in using any the GitHub features?

2019-05-28 Thread Coty Sutherland
Hi,

Are we interested in utilizing any of the GitHub integration for Travis CI
, Coverity Scan
, LGTM
, etc? We could at least set them up
for testing PRs since we already have the Apache CI system that tests
commits. I see someone opened a PR to add travis.yaml, but then closed it
with no comment some time ago. I'm inquiring because I'm looking for ways
to make the project appear a bit more flashy to attract new contributors :)

You can see all the integrations that GitHub supports in their marketplace,
https://github.com/marketplace.



Thanks,
Coty


Re: Proposal for TLS config sanity check

2019-05-23 Thread Coty Sutherland
On Tue, May 21, 2019 at 5:43 PM Mark Thomas  wrote:

> On 21/05/2019 21:46, Christopher Schultz wrote:
> > All,
> >
> > Looking at the legacy-versus-modern TLS configuration (Connector vs
> > SSLHostConfig), it seems easy for an admin to create a configuration
> > that looks like this (paraphrasing):
> >
> > 
> >>hostname="mysite.com"
> >SSLCertificateFile="keystore.p12" />
> > 
> >
> > Where the expectation is that only TLSv1.2 will be enabled for virsual
> > host mysite.com when in fact only the virtual host named ("_default_")
> > will actually be limited to TLSv1.2 and other hosts will accept
> > connections using a TLS handshake with all default enabled protocols
> > (currently TLSv*).
> >
> > This may be surprising and there is no indication that there is
> > something "wrong" with the configuration. Only a TLS handshake probe
> > such as SSL Labs's testing tool will expose the oversight.
> >
> > I propose the following change to the  and 
> > initialization process:
> >
> > If the  contains any TLS/SSL-related configuration AND at
> > least one  element is configured, refuse to start the
> > connector (with an appropriate error message).
> >
> > This may cause a small number of configurations to fail to start. The
> > "workaround" is to re-evaluate one's configuration to (a) determine if
> > there was a misconfiguration where expectation and reality don't match
> > and (b) move all TLS/SSL-related configuration options from the
> >  to each of the  elements.
> >
> > Any objections?
>

Seems like a good idea to me.


>
> None.
>
> Given that the old style configuration is due to be removed in Tomcat
> 10, now is probably a good time to start doing this. I'd add logging a
> warning if the deprecated config style is used.
>

+1


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [tomcat] branch master updated: Use https instead of http

2019-05-21 Thread Coty Sutherland
On Tue, May 21, 2019 at 8:10 AM Mark Thomas  wrote:

> On 21/05/2019 13:08, Mark Thomas wrote:
> > On 21/05/2019 13:02, csuth...@apache.org wrote:
> >> This is an automated email from the ASF dual-hosted git repository.
> >>
> >> csutherl pushed a commit to branch master
> >> in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >>
> >>
> >> The following commit(s) were added to refs/heads/master by this push:
> >>  new beb2dca  Use https instead of http
> >> beb2dca is described below
> >>
> >> commit beb2dca83bb4084432fd3b44e06973730ad4dc7d
> >> Author: Coty Sutherland 
> >> AuthorDate: Tue May 21 08:01:53 2019 -0400
> >>
> >> Use https instead of http
> >
> > -1. Please revert this. It will break the build if a mirror is selected
> > that does not support http. It is also unnecessary. Any file downloaded
>
> s/does not support http/does not support https/
>

Ack. I checked the URL before pushing and noted that the mirrors I hit
redirected to http, but I didn't happen to get one that didn't support it
(and it didn't cross my mind). Reverted.


>
> Mark
>
> > over http is also checked against the known hash.
> >
> > Check the history of that file for more details.
> >
> > Mark
> >
> >
> >
> >> ---
> >>  build.properties.default | 10 +-
> >>  build.xml|  2 +-
> >>  2 files changed, 6 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/build.properties.default b/build.properties.default
> >> index 1bacc19..cc217b6 100644
> >> --- a/build.properties.default
> >> +++ b/build.properties.default
> >> @@ -90,7 +90,7 @@ compile.debug=true
> >>  # Do not pass -deprecation (-Xlint:deprecation) flag to javac
> >>  compile.deprecation=false
> >>
> >> -base-apache.loc.1=
> http://www.apache.org/dyn/closer.lua?action=download=
> >> +base-apache.loc.1=
> https://www.apache.org/dyn/closer.lua?action=download=
> >>  base-apache.loc.2=https://archive.apache.org/dist
> >>  base-commons.loc.1=${base-apache.loc.1}/commons
> >>  base-commons.loc.2=${base-apache.loc.2}/commons
> >> @@ -126,8 +126,8 @@
> wsdl4j-lib.loc=${base-maven.loc}/wsdl4j/wsdl4j/${wsdl4j-lib.version}/wsdl4j-${ws
> >>  # See https://wiki.apache.org/tomcat/JDTCoreBatchCompiler before
> updating
> >>  #
> >>  # Checksum is from "SHA512 Checksums for 4.10" link at
> >> -#
> http://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/
> >> -#
> http://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/checksum/eclipse-4.10-SUMSSHA512
> >> +#
> https://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/
> >> +#
> https://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/checksum/eclipse-4.10-SUMSSHA512
> >>  #
> >>  jdt.version=4.10
> >>  jdt.release=R-4.10-201812060815
> >> @@ -137,8 +137,8 @@
> jdt.checksum.value=6528d1933d752f909e61456f1a3cbb3ae3999d263701a459e6f4fc33f97f7
> >>  jdt.home=${base.path}/ecj-${jdt.version}
> >>  jdt.jar=${jdt.home}/ecj-${jdt.version}.jar
> >>  # The download will be moved to the archive area eventually. We are
> taking care of that in advance.
> >> -jdt.loc.1=
> http://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >> -jdt.loc.2=
> http://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >> +jdt.loc.1=
> https://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >> +jdt.loc.2=
> https://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >>
> >>  # - Tomcat native library -
> >>  tomcat-native.version=1.2.21
> >> diff --git a/build.xml b/build.xml
> >> index 6e91e91..4d76077 100644
> >> --- a/build.xml
> >> +++ b/build.xml
> >> @@ -1971,7 +1971,7 @@ Apache Tomcat ${version} native binaries for
> Win64 AMD64/EMT64 platform.
> >>
> >>
> >>
> >> -  http://docs.oracle.com/javase/8/docs/api/"/>
> >> +  https://docs.oracle.com/javase/8/docs/api/"/>
> >>https://commons.apache.org/proper/commons-io/javadocs/api-release/"/>
> >>https://javaee.github.io/javaee-spec/javadocs/"/>
> >>
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: dev-h...@tomcat.apache.org
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: The migration guide configuration file difference feature is broken

2019-05-08 Thread Coty Sutherland
On Wed, May 8, 2019 at 11:17 AM Mark Thomas  wrote:

> On 08/05/2019 15:35, Coty Sutherland wrote:
> > Hi,
> >
> > Someone on freenode (CiscoEagle) pointed out to me that the migration
> > guide's file comparison feature doesn't work :( Looking at the "configure
> > file differences" section on the 9.0 migration guide (
> >
> http://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_configuration_file_differences
> ),
> > if you click the "view differences" button you get taken to the gitbox
> web
> > UI, but it returns a 403. Does anyone have any idea how to fix it? I
> looked
> > to see if there was an alternative method to get the diff in the web UI
> but
> > I don't see one that allows you to compare files across tags.
>
> The feature has been (hopefully)  temporarily disabled by infra due to
> abuse. If there was a way of doing this in GitHub, we could use that.
> I've tried, and failed, to find one.
>

Ah, OK. I tried to find a quick way to do it on GitHub but all I can find
is comparing all files in a tag, like
https://github.com/apache/tomcat/compare/9.0.1...9.0.17. It's really easy
to do in the git CLI, but I don't see an easy way in the web UI.


>
> > Additionally the 8.0.x configuration file differences section is
> completely
> > broken (returns a 404) because it tries to use the svn repo for
> comparison,
> > which no longer exists. Example:
> >
> http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/conf/catalina.policy?diff_format=h=1830460=1834688
>
> That page shouldn't be publicly linked any more but we can fix it to
> point to the new svn location.
>

OK. I can adjust it if you tell me where the new location is :)


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


The migration guide configuration file difference feature is broken

2019-05-08 Thread Coty Sutherland
Hi,

Someone on freenode (CiscoEagle) pointed out to me that the migration
guide's file comparison feature doesn't work :( Looking at the "configure
file differences" section on the 9.0 migration guide (
http://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_configuration_file_differences),
if you click the "view differences" button you get taken to the gitbox web
UI, but it returns a 403. Does anyone have any idea how to fix it? I looked
to see if there was an alternative method to get the diff in the web UI but
I don't see one that allows you to compare files across tags.

Additionally the 8.0.x configuration file differences section is completely
broken (returns a 404) because it tries to use the svn repo for comparison,
which no longer exists. Example:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/conf/catalina.policy?diff_format=h=1830460=1834688



Thanks,
Coty


Re: Finally getting around to switching to Git

2019-04-26 Thread Coty Sutherland
On Fri, Apr 26, 2019 at 3:13 AM Mark Thomas  wrote:

> On 25/04/2019 20:07, Christopher Schultz wrote:
> > On 4/25/19 14:03, Igal Sapir wrote:
>
> 
>
> >> In some projects it's easy to maintain a single repository and
> >> switch between branches, but I find the differences between 7.0.x
> >> and master to be so major that I chose to follow Mark's method and
> >> keep separate local copies where the IDE settings do not get
> >> mangled up each time I switch branches.
> >
> > Sounds good. What is Mark's Method™? Is it documented anywhere?
>
> Overly complicated ;) - and not yet.
>
> I'm currently using one checkout per major version because Eclipse can't
> handle Git worktrees. I think I'd prefer a single checkout with
> worktrees but until I can try it I don't know. I did try switching to
> IntelliJ as it can handle Git worktrees but the pain of switching IDEs
> was greater than the minor annoyance of multiple checkouts so I quickyl
> returned to Eclipse.
>
> I do have a GitHub fork that I intend to use for large patches that need
> review. I don't use it much.
>
> I'm still getting used to my local setup and tweaking the configuration
> here and there so it does what I want by default when I pull / push etc.
>
> I'd suggest sharing Git experiences is a topic of conversation at the
> Hackathon.
>

+1, except I won't be there :( Is that something we can have someone take
notes on and send to the dev list after?


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Finally getting around to switching to Git

2019-04-25 Thread Coty Sutherland
On Thu, Apr 25, 2019 at 2:06 PM Igal Sapir  wrote:

> On 4/25/2019 10:56 AM, Coty Sutherland wrote:
> > On Thu, Apr 25, 2019 at 1:32 PM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA256
> >>
> >> Igal,
> >>
> >> On 4/23/19 12:52, Igal Sapir wrote:
> >>> Another thing that I have changed in my workflow based on Mark's
> >>> past suggestion, is that I keep a local repo for each major branch
> >>> now.
> >> Okay, I have done the following:
> >>
> >> 1. Fork tomcat master to my own GitHub account
> >> 2. git clone URL
> >> 3. edit/add/commit/push
> >> 4. Create a PR
> >>
> >> I'm sure I can import the PR into tomcat-master. No problem.
> >>
> >> Now, when attempting to keep my fork current, I've always done
> >> something like:
> >>
> >> git remote add upstream master-url
> >> git checkout master
> >> git fetch upstream
> >>
> >> And I'm all up-to-date.
> >>
> >> When I did that, I ended up bringing-down the 7.0.x and 8.5.x branches
> >> as well. How can I limit the upstream to just the master?
> >>
> > You can set the branch for your remote to master (or do it when you
> clone)
> > which should ignore other branches:
> > git remote set-branches upstream master
> >
> > Then optionally configure --no-tags in your git config (or use --no-tags
> > each time you git-fetch):
> > git config --add remote.upstream.tagOpt --no-tags
> >
> > Then try fetching to verify it worked:
> > git fetch upstream [--dry-run]
> >
> >
> >> Or does my fork have to have everything, but I have to checkout a
> >> single branch? If so, I'm not sure how to do that.
> >>
> > It doesn't, but by default a `git fetch` pulls down all new work that
> > exists on the remote, but not your local clone.
>
> I am sure that Coty knows git better than I do, so if he says that it
> doesn't then I stand corrected.
>

I don't know about that :) If you do a regular `git clone apache/tomcat` it
will pull the master branch and then references/histories for all remote
branches which for tomcat is about a 100M .git directory. If you clone a
single branch with no references such as `git clone apache/tomcat -b master
--single-branch` then you get just the references/history for the master
branch which results in about a 70M .git directory.

Note: the sytnax above is because I alias hub (https://hub.github.com/) to
`git` :) Check it out if you'd like to stop visiting the GitHub web UI for
opening PRs, etc.


> Igal
>
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Finally getting around to switching to Git

2019-04-25 Thread Coty Sutherland
On Thu, Apr 25, 2019 at 1:32 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Igal,
>
> On 4/23/19 12:52, Igal Sapir wrote:
> > Another thing that I have changed in my workflow based on Mark's
> > past suggestion, is that I keep a local repo for each major branch
> > now.
>
> Okay, I have done the following:
>
> 1. Fork tomcat master to my own GitHub account
> 2. git clone URL
> 3. edit/add/commit/push
> 4. Create a PR
>
> I'm sure I can import the PR into tomcat-master. No problem.
>
> Now, when attempting to keep my fork current, I've always done
> something like:
>
> git remote add upstream master-url
> git checkout master
> git fetch upstream
>
> And I'm all up-to-date.
>
> When I did that, I ended up bringing-down the 7.0.x and 8.5.x branches
> as well. How can I limit the upstream to just the master?
>

You can set the branch for your remote to master (or do it when you clone)
which should ignore other branches:
git remote set-branches upstream master

Then optionally configure --no-tags in your git config (or use --no-tags
each time you git-fetch):
git config --add remote.upstream.tagOpt --no-tags

Then try fetching to verify it worked:
git fetch upstream [--dry-run]


>
> Or does my fork have to have everything, but I have to checkout a
> single branch? If so, I'm not sure how to do that.
>

It doesn't, but by default a `git fetch` pulls down all new work that
exists on the remote, but not your local clone.


>
> I'm just *sure* I'm gonna love git once I get this all figured out.
> All the cool kids seem to love it, so it must be better, right?
>

:D


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzB7zMACgkQHPApP6U8
> pFh2vA/9EnR8sJPLuF1pD31HECEckVVXnF0AlU2XzTjiPsWwDP+Z+jJAh5Q8KUG6
> zwdM17VuN3Yr3e6p55DGjD4EEn1OV2hxw1Ao/TnEJXHsDrt9Hhm9j0T4ddJRCPBk
> RSP2/by6pBneYr8jPnT0G9D2M+CZUI/cXIj4ntZ9w8+2lIOayR/B0H8Gfc077k+y
> hXza7mnxtm4W+mNfMz176Z19hn9culA6/Z9p/4ZqFAGwVnkItNvPKuJi+syfR9La
> LtJ3WY2Ut3g4KzL5D9YIrTzNf3rRKQLe8qgErUc18uhxOD8Ax5QG7x3VkXBlG8s1
> YFFvwVKmVNlG8pldle3eyBg/xE6IfxD5IYjWWPeScrpwSCnSSN2E77HyOqG1FlSl
> /F5x4b1Qo8lVUuD5jgYaUQOxHuwFmuM6jyHknJfzrHB3feLjwEYxMgTfDNJoPSd/
> 70Czh7at8HxYb5S9wQHWK4oZVSEpNoWENK0BnP2qyGbZ99kfIG1bo/Iev3P9etxx
> hWp1edDxb3msATQL3eyFCUhHis1T9nnVKK19y8XoPt0PqrmLUhc/Vm+RyGFxJLeS
> +xSU4v2GXsG07eQnK4jqLPUVV87PqFPKP+DHoFzE7rm8KYYtbgLtkmfhqKtvZnj7
> KZfqqYHViQzm6lP8CgWtPsOkbYh5xvkVZly2PiPPVC9v47Gp36U=
> =+ROt
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Finally getting around to switching to Git

2019-04-23 Thread Coty Sutherland
On Tue, Apr 23, 2019 at 10:33 AM Rémy Maucherat  wrote:

> On Tue, Apr 23, 2019 at 4:29 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Rémy,
> >
> > On 4/23/19 10:07, Rémy Maucherat wrote:
> > > On Tue, Apr 23, 2019 at 3:54 PM Christopher Schultz <
> > > ch...@christopherschultz.net> wrote:
> > >
> > > All,
> > >
> > > I haven't updated my local working copies of Tomcat source since
> > > the move to Git. I'm going to do that, now, and I'm looking for
> > > advice.
> > >
> > > Specifically, which repo is "better" -- gitbox or GitHub? I'm
> > > guessing the its all go to the same place eventually. Should
> > > committers use gitbox for direct-commits? If I use GitHub, will my
> > > commits require some other review? Do I have to link my GitHub
> > > account with my ASF LDAP id? Is one of them reliably faster?
> > >
> > >
> > >> I use github personally. No commit review is required (but for
> > >> example I used a PR for larger NIO changes, although in the end I
> > >> didn't really get any feedback).
> >
> > So did you fork the Tomcat project and you commit to your fork with
> > PRs usually? Or just for some stuff?
> >
>
> I did fork and I use it to do big stuff [this way I can accidentally trash
> the repo without too many problems too ;) ]. For small stuff I simply use
> the main repo instead.
>

+1. Since I'm not as experienced as others, I sometimes create a PR for
things I'm unsure about to be reviewed before pushing to master also :)


>
> Rémy
>
>
> >
> > - -chris
> > -BEGIN PGP SIGNATURE-
> > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> >
> > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly/IV0ACgkQHPApP6U8
> > pFgUFRAAmQLAO8Tn2eKDkcru+PptsybUG1aNYDpRAmAyARAZuu6m50E8HkS0urZ9
> > ZlYI4WN9SN6TZuoimnhJp8GzEmoX3nKkhMuGqvxsKLvM+QG7iEkfN1/hisf2/8im
> > C7exCA43U5TImja6Z+TaXZIV1ZFdoN5dbSzHdj+nACU0gctpjE+jurZ16unRdNCZ
> > ZlNZwJen2wKCDwmk9dedAHrVuK7mGgoNkkxj/gqeBimuVeqKSwt/85wGDG/tkqRv
> > 8JVe1OhiP/48t1T5P2cMURSUjRYsLeyqRNPjHzU+Bgi1eK/mvACqzDvRNnixU8l/
> > ZjhZGksqBTIBkDEY7C39JM0tDqjW5/N4CBovWBsM4ONAkSGiqzSKuUCn9hEGqBkq
> > t3RsWg6LJ3GfT40F3xXHhE2Z/txW5wZ6qrB9vozbbPHExCPAsRCbgQ3WfW8DxxT/
> > Wt7f+mdjGGYCmkiVsWG7+MimK1po14ANkBnE+Ylo9zd2GH6W29AC4aDOOuROOq2S
> > DLFhAlw9WxaioqtRE6mhDdadzAV0HfEnRDouZb9Ma6M7DfXoFE1BuQ7cQQeF8ItZ
> > FZ1VyiV5WOFu7+SHtePx+R6nFfsBpLNFoIEdisMn0WbTiGgoQGyJDlxazAQnuCFx
> > tKIsIDSDOOPbW8XL2bT96GpELAXFjcoOvchUh1dvblcM0Ir4DYM=
> > =i8Yc
> > -END PGP SIGNATURE-
> >
>


Re: SSLv2Hello "Protocol" Support

2019-04-17 Thread Coty Sutherland
On Wed, Apr 17, 2019 at 2:18 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Coty,
>
> On 4/16/19 07:28, Coty Sutherland wrote:
> > Hi,
> >
> > It appears that the IBM JDK (version 8) has dropped support for
> > SSLv2Hello so when you startup tomcat with the IBM JDK you get a
> > warning saying that the protocol is being skipped. OpenJDK seems to
> > have dropped it in version 12 or 13 (I haven't tested, just noticed
> > a user list thread about it) so I guess we should look at dropping
> > support for SSLv2Hello whenever Tomcat's minimum JDK is one of
> > those versions? Is there a document somewhere I can add this too so
> > it doesn't get forgotten?
>
> How many / how often are these error messages generated? Just when the
> server starts? Or with every connection?
>

Yeah, just the Connector startup warning.


>
> If you get a warning on startup, I'd say that's not a big deal. It
> would be a much bigger deal to kill a user's server for clients who
> must use SSLv2Hello handshakes (which are hopefully dwindling to zero
> ... about 5 years ago).
>
> I think handling questions about how to get rid of a warning would be
> better than handling questions about how to get servers back up and
> running.
>

:) True. I just wanted to point out that it was still lingering and mark it
for removal at some point since the JDKs are dropping support too.


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3bgQACgkQHPApP6U8
> pFhXMA/+IKU/gdhks6BJgGpM5CuPIqEFHOYqzomDnmGEcg9q51pLVGiy5Md58fLV
> 8vIyZpDftg04tt65S1DKWNY7mNg3LzegAEW0JyElXGSwMd9SQx38yFNlddqAlzCe
> Swjt1bFu7frCvaDE40BCsz7Enw0CdRTEm6daSyZI93CeLm0jKDn7cigGhPQr36jV
> 5oXmtvnC8hpes3ELsfh//WC4u2QCqZ76uCeVkbKXACDJI5nIjcoVofL/kotPWUcC
> /W2lNjxwJ5ACWM3yMUoAy12MpXv19nHZT5k+cbxgZJyKe47LBD2c6B5HbkYzHGac
> wNbuv/vjACDa48DhTSR6BtYlJexWooPmwvZoLJKilIx+UlQveg+cIg1LLkr/g1iZ
> 3ftBCxZK9g27s5CnD+VlB2CG4lZ+nSFFU3OUfOEVwgbkVhch6rJqWRTCgBpKC0jH
> LwB6bKz66vPe3uRqJ7JLBTYJn9UenvxUeASkRQmISa43jn/S60STTfDGeMTmopsU
> BsyLP3HZY3ktzdKOWhncMAzXq5vWVUMm6tw0/GAvOGhNTnGAcb7iwR8/RUfXTpLR
> D8yb01h4/bDgDLXdc0ZDV1uNJ6XKVoDdP52doHaiC/bEv9ElZkDiYB7MepiplVO0
> Ti52xTsebV6MPPW8ZP2HBN6bBT3ndm8uXItTCuiGw72apmdQdPQ=
> =PtbL
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: SSLv2Hello "Protocol" Support

2019-04-17 Thread Coty Sutherland
If we haven't tried to remove it in 5 years it might be worth another look
:)

On Wed, Apr 17, 2019 at 3:49 AM jean-frederic clere 
wrote:

> On 16/04/2019 13:28, Coty Sutherland wrote:
> > Hi,
> >
> > It appears that the IBM JDK (version 8) has dropped support for
> SSLv2Hello
> > so when you startup tomcat with the IBM JDK you get a warning saying that
> > the protocol is being skipped. OpenJDK seems to have dropped it in
> version
> > 12 or 13 (I haven't tested, just noticed a user list thread about it) so
> I
> > guess we should look at dropping support for SSLv2Hello whenever Tomcat's
> > minimum JDK is one of those versions? Is there a document somewhere I can
> > add this too so it doesn't get forgotten?
> >
> >
> >
> > Thanks,
> > Coty
> >
>
> See
>
> https://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
> basically java5/6 clients need SSLv2Hello.
>
> I remember removing SSLv2Hello broke tests in 2004 and we had to put
> SSLv2Hello back...
>
> --
> Cheers
>
> Jean-Frederic
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


SSLv2Hello "Protocol" Support

2019-04-16 Thread Coty Sutherland
Hi,

It appears that the IBM JDK (version 8) has dropped support for SSLv2Hello
so when you startup tomcat with the IBM JDK you get a warning saying that
the protocol is being skipped. OpenJDK seems to have dropped it in version
12 or 13 (I haven't tested, just noticed a user list thread about it) so I
guess we should look at dropping support for SSLv2Hello whenever Tomcat's
minimum JDK is one of those versions? Is there a document somewhere I can
add this too so it doesn't get forgotten?



Thanks,
Coty


Re: [VOTE] Release Apache Tomcat 9.0.19

2019-04-12 Thread Coty Sutherland
On Fri, Apr 12, 2019 at 10:48 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.19 release is now available for voting.
> 9.0.19 corrects a regression and a number of packaging errors in 9.0.18.
>
> The major changes compared to the 9.0.17 release are:
>
> - Fix for CVE-2019-0232 a RCE vulnerability on Windows
>
> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
>   now supported if used with a ECJ version with support for those  Java
>   versions
>
> - Various NIO2 stability improvements
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.19/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1210/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.19
> 854f4dcf435a6d335576aa22402e2871c66f4fd9
>
> The proposed 9.0.19 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.19
>

+1


>
>
> Due to the security fix contained in this release, the voting period may
> be shortened once sufficient votes are cast to enable a faster release.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: svn commit: r33591 - in /dev/tomcat/tomcat-9/v9.0.19: ./ bin/ bin/embed/ src/

2019-04-12 Thread Coty Sutherland
On Fri, Apr 12, 2019 at 11:29 AM Coty Sutherland 
wrote:

> Are these svn commits intentional? I thought the svn repo was read-only
> now.
>

Disregard that :)


>
> On Fri, Apr 12, 2019 at 10:47 AM  wrote:
>
>> Author: markt
>> Date: Fri Apr 12 14:47:16 2019
>> New Revision: 33591
>>
>> Log:
>> Upload 9.0.19 for voting
>>
>> Added:
>> dev/tomcat/tomcat-9/v9.0.19/
>> dev/tomcat/tomcat-9/v9.0.19/KEYS
>> dev/tomcat/tomcat-9/v9.0.19/README.html
>> dev/tomcat/tomcat-9/v9.0.19/RELEASE-NOTES
>> dev/tomcat/tomcat-9/v9.0.19/bin/
>> dev/tomcat/tomcat-9/v9.0.19/bin/README.html
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip
>>  (with props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.asc
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.asc
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.asc
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/src/
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz
>>  (with props)
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.asc
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.asc
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.sha512
>>
>> Added: dev/tomcat/tomcat-9/v9.0.19/KEYS
>>
>> ==
>> --- dev/tomcat/tomcat-9/v9.0.19/KEYS (added)
>> +++ dev/tomcat/tomcat-9/v9.0.19/KEYS Fri Apr 12 14:47:16 2019
>> @@ -0,0 +1,676 @@
>> +This file contains the PGP keys of various Apache developers.
>> +Please don't use them for email unless you have to. Their main
>> +purpose is code signing.
>> +
>> +Apache users: pgp < KEYS
>> +Apache developers:
>> +(pgpk -ll  && pgpk -xa ) >> this file.
>> +  or
>> +(gpg --fingerprint --list-sigs 
>> + && gpg --armor --export ) >> this file.
>> +
>> +Apache developers: please ensure that your key is also available via the
>> +PGP keyservers 

Re: svn commit: r33591 - in /dev/tomcat/tomcat-9/v9.0.19: ./ bin/ bin/embed/ src/

2019-04-12 Thread Coty Sutherland
Are these svn commits intentional? I thought the svn repo was read-only now.

On Fri, Apr 12, 2019 at 10:47 AM  wrote:

> Author: markt
> Date: Fri Apr 12 14:47:16 2019
> New Revision: 33591
>
> Log:
> Upload 9.0.19 for voting
>
> Added:
> dev/tomcat/tomcat-9/v9.0.19/
> dev/tomcat/tomcat-9/v9.0.19/KEYS
> dev/tomcat/tomcat-9/v9.0.19/README.html
> dev/tomcat/tomcat-9/v9.0.19/RELEASE-NOTES
> dev/tomcat/tomcat-9/v9.0.19/bin/
> dev/tomcat/tomcat-9/v9.0.19/bin/README.html
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip
>  (with props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe   (with props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.asc
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz   (with
> props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.asc
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip   (with props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.asc
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/src/
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz
>  (with props)
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.asc
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip   (with
> props)
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.asc
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.sha512
>
> Added: dev/tomcat/tomcat-9/v9.0.19/KEYS
>
> ==
> --- dev/tomcat/tomcat-9/v9.0.19/KEYS (added)
> +++ dev/tomcat/tomcat-9/v9.0.19/KEYS Fri Apr 12 14:47:16 2019
> @@ -0,0 +1,676 @@
> +This file contains the PGP keys of various Apache developers.
> +Please don't use them for email unless you have to. Their main
> +purpose is code signing.
> +
> +Apache users: pgp < KEYS
> +Apache developers:
> +(pgpk -ll  && pgpk -xa ) >> this file.
> +  or
> +(gpg --fingerprint --list-sigs 
> + && gpg --armor --export ) >> this file.
> +
> +Apache developers: please ensure that your key is also available via the
> +PGP keyservers (such as pgpkeys.mit.edu).
> +
> +
> +Type Bits/KeyIDDate   User ID
> +pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
> +
> +-BEGIN PGP PUBLIC KEY BLOCK-
> +Version: PGPfreeware 7.0.3 for non-commercial use 
> +
> +mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
> +gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
> +I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
> +bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
> +B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
> +gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
> +9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
> +nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
> 

Re: [VOTE] Release Apache Tomcat 9.0.18

2019-04-11 Thread Coty Sutherland
On Wed, Apr 10, 2019 at 9:44 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.18 release is now available for voting.
>
> The major changes compared to the 9.0.17 release are:
>
> - Fix for CVE-2019-0232 a RCE vulnerability on Windows
>
> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
>   now supported if used with a ECJ version with support for those  Java
>   versions
>
> - Various NIO2 stability improvements
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.18/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1207/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.18
> 0862607e5da91a7c476a6350288d8d8a9380f556
>
> The proposed 9.0.18 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.18
>

+1


>
>
> Due to the security fix contained in this release, the voting period may
> be shortened once sufficient votes are cast to enable a faster release.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.5.40

2019-04-11 Thread Coty Sutherland
On Wed, Apr 10, 2019 at 10:58 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.40 release is now available for voting.
>
> The major changes compared to the 8.5.39 release are:
>
> - Fix for CVE-2019-0232 a RCE vulnerability on Windows
>
> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
>   now supported if used with a ECJ version with support for those  Java
>   versions
>
> - Various NIO2 stability improvements
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.40/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1208/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.40
> 5ec070352b283535946327b44228b610a27a76c5
>
>
> The proposed 8.5.40 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.40
>

+1


>
>
> Due to the security fix contained in this release, the voting period may
> be shortened once sufficient votes are cast to enable a faster release.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


commons-daemon packaging question

2019-04-05 Thread Coty Sutherland
Hi,

I'm looking into commons-daemon in Tomcat and it appears that the Windows
executables (prunsrv and prunmgr) don't require the commons-daemon.jar to
run Tomcat like the *nix binary (jsvc) does. Can someone confirm that (I
tested it and it seems to work fine without the jar)? If it's unused I can
remove it to clean up the packaging a bit.



Thanks,
Coty


Re: GitHub Issues / GitHub PRs / Bugzilla

2019-03-14 Thread Coty Sutherland
On Thu, Mar 14, 2019 at 11:14 AM Coty Sutherland 
wrote:

> On Thu, Mar 14, 2019 at 8:39 AM Mark Thomas  wrote:
>
>> It is early days but my impression is that the move to git has triggered
>> an increase in conversations that end up split between a GitHub PR and
>> Bugzilla.
>>
>> Personally, I'm not finding it unmanageable at this point but it does
>> feel a little disorganized.
>>
>
> +1, I was just thinking about this earlier while trying to follow some
> conversations.
>
>
>>
>> I'm wondering if we need clearer guidelines about what to discuss where
>> or do we need something else? What about a bigger change such as moving
>> issue tracking to GitHub? Would that be beneficial?
>>
>
> I agree that we should probably outline the best way to carry on
> conversations now that we have the possibility of dev/user list, BZ, and
> PRs; I'm not sure what exactly that would look like though. Is there a way
> to push links from PR comments into BZ (that's how GitHub does it with PRs
> and issues IIRC) to retain the conversation flow? Moving to GitHub's issue
> tracker is an interesting solution. I think that the issue tracker is
> robust enough that we wouldn't have any issues moving over, but is that OK
> in the eyes of the ASF Infra team? How would we be archiving those
> conversations (assuming that we need to)?
>

Apache CloudStack instructs people to use Jira (which mostly has GSoC
issues), but also has several issues reported on the GitHub issue tracker;
there doesn't seem to be any integration between the two. They use a nice
template for issues on GitHub too.


>
>
>>
>> What do others think?
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
>>


Re: GitHub Issues / GitHub PRs / Bugzilla

2019-03-14 Thread Coty Sutherland
On Thu, Mar 14, 2019 at 8:39 AM Mark Thomas  wrote:

> It is early days but my impression is that the move to git has triggered
> an increase in conversations that end up split between a GitHub PR and
> Bugzilla.
>
> Personally, I'm not finding it unmanageable at this point but it does
> feel a little disorganized.
>

+1, I was just thinking about this earlier while trying to follow some
conversations.


>
> I'm wondering if we need clearer guidelines about what to discuss where
> or do we need something else? What about a bigger change such as moving
> issue tracking to GitHub? Would that be beneficial?
>

I agree that we should probably outline the best way to carry on
conversations now that we have the possibility of dev/user list, BZ, and
PRs; I'm not sure what exactly that would look like though. Is there a way
to push links from PR comments into BZ (that's how GitHub does it with PRs
and issues IIRC) to retain the conversation flow? Moving to GitHub's issue
tracker is an interesting solution. I think that the issue tracker is
robust enough that we wouldn't have any issues moving over, but is that OK
in the eyes of the ASF Infra team? How would we be archiving those
conversations (assuming that we need to)?


>
> What do others think?
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Git Migration: What is the svn:eol-style equilvalent?

2019-03-05 Thread Coty Sutherland
Hi,

I updated the BUILDING and CONTRIBUTING documents so that GitHub users no
longer see instructions for SVN after our migration, however I had a few
questions. Does anyone know of a git equivalent to svn:eol-style that we
should be using? It is mentioned in the "git-svn quirks" section of
https://wiki.apache.org/general/GitAtApache, but before trying it I wanted
to get some feedback from everyone.

Secondly, the SVN references in MERGE.txt should be cleaned up at this
point, right? Is the git section still up to date (I see it was updated
last on Jan 29, so probably)?



Thanks!
Coty


Re: Git migration read for testing

2019-03-01 Thread Coty Sutherland
The email notifications work for when we push commits to the repository,
but it looks like we're missing emails when PRs are opened.

On Wed, Feb 27, 2019 at 9:03 AM Rémy Maucherat  wrote:

> On Wed, Feb 27, 2019 at 11:09 AM Mark Thomas  wrote:
>
> > On 27/02/2019 09:44, Rémy Maucherat wrote:
> > > On Tue, Feb 26, 2019 at 1:33 PM Mark Thomas  wrote:
> > >
> > >> All,
> > >>
> > >> https://github.com/apache/tomcat
> > >
> > >
> > > Trying my test commit, I can't push to the github repo. I probably
> missed
> > > something obvious.
> >
> > You need to make sure you have three green ticks here:
> > https://gitbox.apache.org/setup/
> >
> > If you haven't linked your ASF and GitHub accounts or setup MFA then it
> > can take an hour or so after you make those changes for write access to
> > be enabled (various systems need to sync in the background).
> >
>
> I had forgotten about this as the Tomcat repo commit info was already
> linked to my account. Thanks for the help !
>
> Rémy
>
>
> >
> > Mark
> >
> >
> > >
> > > Rémy
> > >
> > >
> > >>
> > >>
> > >> is now ready for testing.
> > >>
> > >> It should contain:
> > >> branches
> > >> - master (9.0.x)
> > >> - 8.5.x
> > >> - 7.0.x
> > >>
> > >> Tags:
> > >> - one for each 7.0.x, 8.5.x and 9.0.x release
> > >>
> > >> Tags have all been renamed to follow a a.b.c-MODIFIERn format for
> > >> version number where modifier is RC or M.
> > >>
> > >> The repository is probably read/write for all committers now but
> please
> > >> refrain from making any changes until we confirm that all is well.
> > >>
> > >> If you have some time available now, please test this new repository
> and
> > >> report and questions or concerns to this thread.
> > >>
> > >> Assuming no issues are discovered, I'd like to formally move over to
> git
> > >> later today.
> > >>
> > >> Mark
> > >>
> > >> -
> > >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > >> For additional commands, e-mail: dev-h...@tomcat.apache.org
> > >>
> > >>
> > >
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> >
>


Re: New git based merging workflow?

2019-02-28 Thread Coty Sutherland
On Thu, Feb 28, 2019 at 6:10 AM Emmanuel Bourg  wrote:

> Le 28/02/2019 à 11:47, Rainer Jung a écrit :
> > Thanks a bunch. Looks like what I was searching for, will try it.
> >
> > Rainer
>
> You could play with a single repository too:
>

+1, that's what I do.


>
>   # Initial setup
>   cd ~/repos
>   git clone g...@github.com:apache/tomcat.git
>
>   # Commit...
>   cd ~/repos/tomcat
>   # edit files
>   git commit -a -m "Some message"
>   git push
>
>   # ...and backport
>   git checkout 8.5.x
>   git cherry-pick 
>   git push origin 8.5.x
>
>   git checkout master
>

Sometimes I also create a local branch to do the work in so that I don't
have to worry about putting everything in one commit from the start. After
I'm done with the bug/feature, then I squash that whole local branch into
one commit and merge it into master (or whatever branch). From there you
can cherry-pick that single commit to wherever it's needed.


>
> Emmanuel Bourg
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Migrate to git

2019-02-21 Thread Coty Sutherland
On Thu, Feb 21, 2019 at 11:13 AM Mark Thomas  wrote:

> This is a VOTE to migrate the primary source code repository for Apache
> Tomcat 9.0.x, 8.5.x and 7.0.x from svn to git.
>
> The migration will be performed as per:
> https://cwiki.apache.org/confluence/display/TOMCAT/Git+migration
>
> with the following changes:
> - 8.0.x will not be migrated
> - the tag name format will be changed from "TOMCAT_9_0_5" to "9.0.5"
> - the branches will be named master, 8.5.x and 7.0.x
>
> The proposed date (subject to Infra agreement) for the migration is 26
> Feb 2018.
>
> The migration process will be:
> - Make svn read only for trunk, 8.5.x and 7.0.x
> - Turn off the svn->git replication for trunk, 8.5.x and 7.0.x
> - Make git://git.apache.org/tomcat.git read/write for me only
> - Perform the migration as set out in the wiki with the modifications
>   described above
> - Check the migration
> - Make git://git.apache.org/tomcat.git read/write for all committers
>   (Note: This automatically makes https://github.com/apache/tomcat
>read/write as well)
>
> The critical work is done at this point. The following tasks are more
> clean-up and may end up being spread over several days.
>
> - Confirm there are no open PRs for https://github.com/apache/tomcat85
>   and then delete it and git://git.apache.org/tomcat85.git
> - Confirm there are no open PRs for https://github.com/apache/tomcat70
>   and then delete it and git://git.apache.org/tomcat70.git
> - Update the CI systems to pull the source from git
> - Create /source.html and replace /svn.html with a redirect to
>   /source.html
> - Update migration guide to pull diffs from gitweb
> - Update Tomcat Native to pull in source from git hash
> - Fix anything else we have forgotten about.
>
> If anything goes wrong and we can't fix is easily, the fallback is to
> make svn read-write and go back to using svn while we clean up the git
> side of things, figure out what went wrong and come up with a better
> migration plan.
>
> [x] +1 Go ahead with the migration
>

+1


> [ ] -1 Postpone the migration because...
>
> The vote will be open for at least 72 hours.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: tomcat-native include directory name

2019-01-10 Thread Coty Sutherland
On Tue, Jan 8, 2019 at 7:06 PM Mark Thomas  wrote:

> On 08/01/2019 19:53, Coty Sutherland wrote:
> > On Sun, Dec 23, 2018 at 4:57 AM Mark Thomas  wrote:
> >
> >> On 20/12/2018 19:51, Coty Sutherland wrote:
> >>> Hi all,
> >>>
> >>> Is there some reason why we use apr-${TCNATIVE_MAJOR_VERSION} as the
> >>> include directory instead of tomcat-native? I just pushed
> >>> http://svn.apache.org/r1849428 so that make now copies the header
> files
> >>> into _includedir, and noticed that the directory is named 'apr' rather
> >> than
> >>> 'tomcat-native'.
> >>
> >> If I had to guess, I'd say because the original file was copied from APR
> >> and that part was never changed.
> >>
> >
> > Should fixing that be considered a breaking change and therefore trigger
> a
> > minor update instead of a revision? Or can I just change it and move on
> > with life? :)
>
> What could break if you changed this? Isn't it a build time thing rather
> than a run time thing?
>

You're right. I was thinking of this with my package maintainer hat on,
however after checking the package it doesn't depend on that directory
specifically so I think I'm free to correct it.


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: tomcat-native include directory name

2019-01-08 Thread Coty Sutherland
On Sun, Dec 23, 2018 at 4:57 AM Mark Thomas  wrote:

> On 20/12/2018 19:51, Coty Sutherland wrote:
> > Hi all,
> >
> > Is there some reason why we use apr-${TCNATIVE_MAJOR_VERSION} as the
> > include directory instead of tomcat-native? I just pushed
> > http://svn.apache.org/r1849428 so that make now copies the header files
> > into _includedir, and noticed that the directory is named 'apr' rather
> than
> > 'tomcat-native'.
>
> If I had to guess, I'd say because the original file was copied from APR
> and that part was never changed.
>

Should fixing that be considered a breaking change and therefore trigger a
minor update instead of a revision? Or can I just change it and move on
with life? :)


>
> Mark
>
>
> >
> > $ grep includedir native/config.layout
> > includedir:${prefix}/include/apr-${TCNATIVE_MAJOR_VERSION}
> > includedir:${prefix}/include/apr-${TCNATIVE_MAJOR_VERSION}
> > includedir:${prefix}/include
> > includedir:${prefix}/include+
> > includedir:
> > /System/Library/Frameworks/apr.framework/Versions/2.0/Headers
> > includedir:${prefix}/include+
> > includedir:${prefix}/include/apr
> > includedir:${prefix}/include
> > includedir:${prefix}/include
> > includedir:${prefix}/include/apr
> > includedir:${exec_prefix}/include/apr
> > includedir:${exec_prefix}/include
> > includedir:${exec_prefix}/lib/apr/include
> > includedir:${exec_prefix}/include/apr-${TCNATIVE_MAJOR_VERSION}
> >
> >
> >
> > Thanks,
> > Coty
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


tomcat-native include directory name

2018-12-20 Thread Coty Sutherland
Hi all,

Is there some reason why we use apr-${TCNATIVE_MAJOR_VERSION} as the
include directory instead of tomcat-native? I just pushed
http://svn.apache.org/r1849428 so that make now copies the header files
into _includedir, and noticed that the directory is named 'apr' rather than
'tomcat-native'.

$ grep includedir native/config.layout
includedir:${prefix}/include/apr-${TCNATIVE_MAJOR_VERSION}
includedir:${prefix}/include/apr-${TCNATIVE_MAJOR_VERSION}
includedir:${prefix}/include
includedir:${prefix}/include+
includedir:
/System/Library/Frameworks/apr.framework/Versions/2.0/Headers
includedir:${prefix}/include+
includedir:${prefix}/include/apr
includedir:${prefix}/include
includedir:${prefix}/include
includedir:${prefix}/include/apr
includedir:${exec_prefix}/include/apr
includedir:${exec_prefix}/include
includedir:${exec_prefix}/lib/apr/include
includedir:${exec_prefix}/include/apr-${TCNATIVE_MAJOR_VERSION}



Thanks,
Coty


Re: [ANN] New committer: Woonsan Ko

2018-12-20 Thread Coty Sutherland
Congratulations and Welcome Woonsan!

On Wed, Dec 19, 2018 at 9:08 PM Keiichi Fujino  wrote:

> Congratulations!
> Welcome Woonsan!
>
> 2018年12月19日(水) 18:56 Mark Thomas :
>
> > On behalf of the Tomcat committers I am pleased to announce that
> > Woonsan Ko (woonsan) has been voted in as a new Tomcat committer.
> >
> > Please join me in welcoming him.
> >
> > Kind regards,
> >
> > Mark
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> >
>
> --
> Keiichi.Fujino
>


Re: svn commit: r1849118 [1/9] - in /tomcat/site/trunk/docs/connectors-doc: ./ ajp/ ajp/printer/ common_howto/ common_howto/printer/ miscellaneous/ miscellaneous/printer/ news/ news/printer/ printer/

2018-12-17 Thread Coty Sutherland
On Mon, Dec 17, 2018, 18:21 Mark Thomas  +1
>
> Very nice.


Thanks! I'm glad I was about to sort out the link problem. Apparently it
was broken before I touched it :) There is a bunch of other little stuff to
fix and some doc updates so I'll be pushing more things as I have time.


> Mark
>
>
> On 17/12/2018 19:15, Rainer Jung wrote:
> > Looks great, thanks!
>

I'm happy to help!

>
> > Regards,
> >
> > Rainer
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Deploying JK Site Docs

2018-12-14 Thread Coty Sutherland
Thanks!

On Fri, Dec 14, 2018 at 12:22 PM Mark Thomas  wrote:

> On 14/12/2018 17:16, Coty Sutherland wrote:
> > Hi,
> >
> > I made a bunch of changes to the JK site yesterday so that it uses the
> > updated Tomcat site's stylesheets to unify the UI between the two project
> > sites.
>
> A very welcome change.
>

I noticed it was older and thought it would be pretty quick/easy to
update...I proved myself wrong on that one :)


>
> > Unfortunately, I can't figure out how to deploy it. The
> > HOWTO-RELEASE.txt doc says to copy the build/docs output
> > to people.apache.org:/x1/www/tomcat.apache.org/connectors-doc, but that
> > doesn't seem to exist anymore? Can anyone help me deploy these changes?
> Or
> > should I revert them and leave it be haha
>
> That is VERY out of date.
>

Should that text file be removed? I haven't tried any of the other stuff,
but the docs in JK are way outdated in a lot of places (i.e. refs to httpd
1.3 and Windows 98).


>
> Try these instructions:
> https://svn.apache.org/viewvc/tomcat/site/trunk/README.txt?view=markup


That worked. After pushing I notice that I broke the links in the navbar,
so fixing that now.


>
>
> Ping the list if you have more questions.
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Deploying JK Site Docs

2018-12-14 Thread Coty Sutherland
Hi,

I made a bunch of changes to the JK site yesterday so that it uses the
updated Tomcat site's stylesheets to unify the UI between the two project
sites. Unfortunately, I can't figure out how to deploy it. The
HOWTO-RELEASE.txt doc says to copy the build/docs output
to people.apache.org:/x1/www/tomcat.apache.org/connectors-doc, but that
doesn't seem to exist anymore? Can anyone help me deploy these changes? Or
should I revert them and leave it be haha



Thanks,
Coty


Re: [VOTE] Release Apache Tomcat 9.0.14

2018-12-11 Thread Coty Sutherland
On Thu, Dec 6, 2018 at 4:37 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.14 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - Significant expansion of localisation support with the addition of
>   Brazilian Portuguese, Korean and Chinese (simplified) as well as
>   the expansion of coverage for existing languages
>
> - Refactor back ground processing and various independent thread pools
>   to use a common executor
>
> - Update the packaged version of the Tomcat Native Library to 1.2.19 to
>   pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL
>   1.1.1a.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.14/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1199/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_14/
>
> The proposed 9.0.14 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.14
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat Native 1.2.19

2018-12-04 Thread Coty Sutherland
On Fri, Nov 30, 2018 at 3:00 PM Mark Thomas  wrote:

> Version 1.2.19 includes the following changes compared to 1.2.18:
>
> - Windows binaries built with OpenSSL 1.0.2q and APR 1.6.5
> - Windows binaries built with OpenSSL 1.1.1a and APR 1.6.5
> - Fixed memory leak associated with OCSP
> - Fix an error that prevented the use of TLS 1.0 and 1.1 if 1.3 was
>   available
>
> Various other fixes and improvements. See the changelog for details.
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.19 release is
>  [x] Stable, go ahead and release
>  [ ] Broken because of ...
>

+1


>
> Thanks,
>
> Mark
>
>
> [1]
>
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.19/
> [2]
> https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_NATIVE_1_2_19
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 7.0.92

2018-11-14 Thread Coty Sutherland
On Fri, Nov 9, 2018 at 6:34 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.92 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.92/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1198/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_92/
>
> The proposed 7.0.92 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.92 Stable
>

+1, LGTM :)


>
> Regards,
> Violeta
>


Re: [VOTE] Release Apache Tomcat 9.0.13

2018-11-05 Thread Coty Sutherland
On Fri, Nov 2, 2018 at 12:11 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.13
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: "Embedded" improvements

2018-10-24 Thread Coty Sutherland
I had a trivial comment that I put on the GitHub commit :) Otherwise that
looks OK to me.

On Wed, Oct 24, 2018 at 5:55 AM Rémy Maucherat  wrote:

> Hi,
>
> I'm starting to review embedded. Maybe I won't make many changes in the end
> and won't need a separate API.
>
> However, I have another post 9.0.13 refactoring with a redoing of
> ConfigFileLoader and various places which try to load the configuration
> from seemingly random locations (the winner is "server-embed.xml", which
> IMO everyone forgot about aeons ago). So this redoes it with a pluggable
> API as ConfigFileLoader was not. Minor additional work is needed to use it
> in more places, since all configuration/resource loading from conf would
> need to go through it (ideally) (and except logging, since it's obviously
> pluggable enough).
>
>
> https://github.com/rmaucher/tomcat/commit/c386eb2fc3b2f42b3a307cbc2d0ab1a72581f56a
>
> Comments ?
>
> Rémy
>


Re: [VOTE] Release Apache Tomcat Native 1.2.18

2018-10-18 Thread Coty Sutherland
On Wed, Oct 17, 2018 at 6:19 PM Mark Thomas  wrote:

> Version 1.2.18 includes the following changes compared to 1.2.17:
>
> - Windows binaries built with OpenSSL 1.0.2p and APR 1.6.5
> - Windows binaries built with OpenSSL 1.1.1 and APR 1.6.5
> - TLSv1.3 support when built with OpenSSL 1.1.1
>
> Various other fixes and improvements. See the changelog for details.
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.18 is
>  [x] Stable, go ahead and release
>  [ ] Broken because of ...
>

+1, tested with openssl-1.1.0i-fips and apr-1.6.3 on fc28.


>
> Thanks,
>
> Mark
>
>
> [1]
>
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.18/
> [2]
> https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_NATIVE_1_2_18
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.5.34

2018-09-10 Thread Coty Sutherland
On Tue, Sep 4, 2018 at 6:52 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.34 release is now available for voting.
>
> The major changes compared to the 8.5.33 release are:
>
> - Fix multiple issues associated with using the asynchronous Servlet
>   API in combination with HTTP/2
>
> - Add recursion to rewrite substitution parsing
>
> - Expand the information in the documentation web application
>   regarding the use of CATALINA_HOME and CATALINA_BASE.
>   Patch provided by Marek Czernek.
>
>
> Along with lots of other bug fixes and improvements.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.34/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1194/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_34/
>
> The proposed 8.5.34 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.34
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Feature Request: Add a YUM Package for Tomcat

2018-07-11 Thread Coty Sutherland
Hi,

On Tue, Jul 10, 2018 at 7:52 PM Michel Feinstein 
wrote:

>  Hi developers, I just want  to post here a feature request.
>
> There are several tutorials online on how to get Tomcat (any version)
> running on a server. They will be mostly about using "wget" to download the
> binaries and adding SystemV or systemd init files.
>
> Those are fine, they work, but it makes harder to update Tomcat and a YUM
> package is just a lot easier to manage, install, update, etc.
>
> I am using AWS EC2 with an Amazon Linux AMI 2, so a systemd Linux
> distribution that supports YUM and there isn't a YUM package for Tomcat 9
> (at least not one that I can find anywhere).
>

This isn't something that the ASF Tomcat community would provide because
those things are distribution specific. I'm not sure if everyone's thoughts
on that has changed, but in the past we haven't done that. Given that
you're using AMI, there should already be a tomcat package available there.
Do you not see any, or is the one available not Tomcat 9? If you can find
the AMI provided one and it isn't the Tomcat version that you want I'd
suggest opening a bug with them to have it updated.


>
> I am not an experienced Linux user, so I don't know much about the
> difficulties of YUM packaging or setting up an external YUM repository
> (outside from the AWS managed one I mean), but I think the effort of adding
> such a product into the Tomcat development process will be very much
> welcome.
>

It's actually quite easy to do because Tomcat only has a few dependencies.
I maintain Tomcat for Fedora/RHEL so I'd be happy to talk more about it :)


>
> Thank you!
>


Re: [VOTE] Release Apache Tomcat 8.0.53

2018-07-02 Thread Coty Sutherland
On Fri, Jun 29, 2018 at 12:42 PM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 8.0.53 release is now available for voting.
>
> NOTE: This is the last release!
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.53/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1189/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_53/
>
> The proposed 8.0.53 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.0.53
>

+1, LGTM


>
> Regards,
> Violeta
>


Re: Release schedule for tomcat 7

2018-06-18 Thread Coty Sutherland
Please don't email individual committers; always use the list in case that
person is unavailable.

On Mon, Jun 18, 2018 at 12:30 AM, Silambarasan Madhappan <
silambarasan0...@gmail.com> wrote:

>  Hi Team,
>
> What will be the release schedule for Tomcat 7.0.89 ?
>

Releases generally happen once a month. The last Tomcat 7 release was
mid-May, so there _should_ be one soon.

>
> Are there any CVE's be fixed in Tomcat 7.0.89 versions apart from "
> CVE-2018-8014  >"
> ?
>

No, see https://tomcat.apache.org/security-7.html#Fixed_in_
Apache_Tomcat_7.0.89 for a comprehensive list of what was fixed in 7.0.89
(other versions are included on that page also).


>
> Thanks,
> Silambarasan M
>


Re: [VOTE] Release Apache Tomcat Native 1.2.17

2018-06-12 Thread Coty Sutherland
On Thu, Jun 7, 2018 at 11:50 AM, jean-frederic clere 
wrote:

> Version 1.2.17 includes the following changes compared to 1.2.16:
>
> - Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3
>
> Various other fixes and improvements. See the changelog for details.
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.17 is
>  [x] Stable, go ahead and release
>  [ ] Broken because of ...
>

+1, works fine for me on Fedora 26 (APR 1.6.3 and OpenSSL 1.1.0h-fips).


>
> Thanks,
>
> Jean-Frederic
>
>
> [1]
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-
> connectors/native/1.2.17/
> [2] https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_
> NATIVE_1_2_17
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [Git migration] Old git repositories

2018-05-22 Thread Coty Sutherland
On Mon, May 21, 2018 at 3:57 PM, Mark Thomas  wrote:

> On 04/05/18 10:22, Konstantin Kolinko wrote:
> > 2018-04-30 23:48 GMT+03:00 Mark Thomas :
> >> The current plan is to merge all of the existing branches into a single
> >> Git repo. This will be mirrored at GitHub under apache/tomcat. This is
> >> currently used for the svn mirror for trunk only.
> >>
> >> This raises the question what to do with:
> >> apache/tomcat7
> >> apache/tomcat8
> >> apache/tomcat85
> >>
> >> I think there are two options:
> >>
> >> 1. Retain them but make them read-only
> >>
> >> 2. Delete them
> >>
> >> Suggestions for other options welcome.
> >>
> >> I'm actually leaning towards deleting them. [...]
> >
> > Option 3. Keep repository, but replace it with some README.md
> > with an instruction on where to look for the code.
> >
> >
> > A problem that I just stumbled upon:
> > See comment #17 in
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=43925
> >
> > That comment moved discussion from Bugzilla into PR in tomcat70.
> > If tomcat70 git repository is deleted, that PR and discussion in it
> > will be lost.
>
> The discussion should have been copied to the dev@ list. Maybe that
> isn't setup properly.
>
> There are only a very small number if issues like this. We can always
> manually copy content to the mailing list and/or Bugzilla to keep a copy.
>
> Given the general preference for deleting them, my proposal is a
> combination of all of the above which is.
>
> Make them read only. Review to ensure we have everything. Copy across
> anything we haven't got on list or in Bugzilla to the list/Bugzilla as
> appropriate. Then delete them.
>
> Thoughts?
>

+1, sounds good to me.


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: [VOTE] Release Apache Tomcat 8.0.52

2018-05-07 Thread Coty Sutherland
On Sat, Apr 28, 2018 at 1:22 PM, Violeta Georgieva  wrote:
> The proposed Apache Tomcat 8.0.52 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.52/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1182/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_52/
>
> The proposed 8.0.52 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.0.52

+1

>
> Regards,
> Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [Git migration] Old git repositories

2018-04-30 Thread Coty Sutherland
On Mon, Apr 30, 2018, 16:48 Mark Thomas  wrote:

> The current plan is to merge all of the existing branches into a single
> Git repo. This will be mirrored at GitHub under apache/tomcat. This is
> currently used for the svn mirror for trunk only.
>
> This raises the question what to do with:
> apache/tomcat7
> apache/tomcat8
> apache/tomcat85
>
> I think there are two options:
>
> 1. Retain them but make them read-only
>
> 2. Delete them
>
> Suggestions for other options welcome.
>
> I'm actually leaning towards deleting them. My reasoning is that we
> deleted apache/tomcat55 and apache/tomcat6 when those releases reached
> EOL and no-one complained. As far as I recall, no-one even mentioned the
> deletions on list. Therefore, I'd be happy to delete those mirrors just
> as soon as apache/tomcat was up and running.
>

I don't see a reason for keeping them so I'm +1 for deleting them.


> Mark
>
> P.S. Don't forget that apache/tomcat will become writeable as part of
> the migration and will sync with gitbox.apache.org in a dual master
> configuration
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


Re: Tomcat 9 Support Java Version clarification

2018-04-25 Thread Coty Sutherland
On Wed, Apr 25, 2018 at 2:14 PM, Mark Thomas <ma...@apache.org> wrote:
> On 25/04/18 18:07, Coty Sutherland wrote:
>> Hi all,
>>
>> There was a problem discovered on Ubuntu where they're building Tomcat
>> 9 with Java 9, but users are using it with Java 8. That is causing
>> issues because of changes made in Java 9. One of the Ubuntu folks is
>> poking around with a patch and has some details about the issue here
>> https://pastebin.com/EnVh7K8v. We will probably open a bugzilla to see
>> if anyone is open to addressing them in tomcat,
>
> I'm not in favour of that patch.

Given the amount of changes I'm not either, I mentioned it because I
told the person working on it I would just in case someone was
interested. I think the responsibility of maintaining those sorts of
problems should fall on that on the distro's maintainer. Fedora is
fine for me (I build with Java 8), but apparently Ubuntu is building
with Java 10 and will switch to 11 at some point, which is causing the
problem.

>
>> but while thinking
>> about the problem I noted that our supported java versions table on
>> http://tomcat.apache.org/whichversion.html doesn't explicitly say that
>> by 'supported' we mean the tomcat binary we provide will run on that
>> java version. I don't think that we claim that you can build with any
>> version and run on any version anywhere, right?
>
> Correct.

Thanks for confirming.

> BUILDING.txt states that Tomcat 9 should be built with Java 8.
>
>> Is anyone opposed to
>> adding a statement to that effect on the page?
>
> I think something along those lines would be fine. Something to the
> effect of if you build from source with a higher version of Java than
> the minimum then it might not work on Java versions below the version
> you build with. But worded more clearly.

OK, I'll look at adding some verbiage around that.

>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Tomcat 9 Support Java Version clarification

2018-04-25 Thread Coty Sutherland
Hi all,

There was a problem discovered on Ubuntu where they're building Tomcat
9 with Java 9, but users are using it with Java 8. That is causing
issues because of changes made in Java 9. One of the Ubuntu folks is
poking around with a patch and has some details about the issue here
https://pastebin.com/EnVh7K8v. We will probably open a bugzilla to see
if anyone is open to addressing them in tomcat, but while thinking
about the problem I noted that our supported java versions table on
http://tomcat.apache.org/whichversion.html doesn't explicitly say that
by 'supported' we mean the tomcat binary we provide will run on that
java version. I don't think that we claim that you can build with any
version and run on any version anywhere, right? Is anyone opposed to
adding a statement to that effect on the page?



Thanks,
Coty

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 9.0.7

2018-04-04 Thread Coty Sutherland
On Tue, Apr 3, 2018 at 4:25 PM, Mark Thomas  wrote:
> The proposed Apache Tomcat 9.0.7 release is now available for voting.
>
> The major changes compared to the 9.0.6 release are:
>
> - Add support for the maxDays attribute to the AccessLogValve and
>   ExtendedAccessLogValve. This allows the maximum number of days for
>   which rotated access logs should be retained before deletion to be
>   defined.
>
> - Avoid infinite recursion, when trying to validate a session while
>   loading it with PersistentManager.
>
> - Correct two protocol errors with HTTP/2 PUSH_PROMISE frames.
>
> - The OpenSSL engine SSL session will now ignore invalid accesses.
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.7/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1176/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_7/
>
> The proposed 9.0.7 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.7

+1

> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Request for comment on BZ 59750 (authentication listener)

2018-03-29 Thread Coty Sutherland
On Thu, Mar 29, 2018 at 11:41 AM, Rémy Maucherat  wrote:
> On Thu, Mar 29, 2018 at 3:48 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> All,
>>
>> For reference: https://bz.apache.org/bugzilla/show_bug.cgi?id=59750
>>
>> I've got a proposal (in patch form) attached to that BZ issue.
>>
>> Ralf's enhancement request is fairly terse, but this is something I'd
>> like to have as well.
>>
>> The requirement is to be able to log failed authentication attempts. As
>> it stands, using container-managed authentication does not allow this
>> (as far as I can tell).
>>
>> My proposal is essentially a new listener interface that authenticator
>> classes will invoke (if registered) when an authentication event occurs
>> (success or failure). The Request object and username are currently
>> arguments to the two methods on the interface.
>>
>> You can read the entire current path without even scrolling your screen.
>>
>> Before attempting to publish a more complete patch, I wanted to know if
>> there was any appetite for this kind of thing, or any objections.
>>
>
> Ok with the idea, but the patch is indeed very incomplete.

+1, I like the idea too.

>
> Rémy
>
>>
>> Thanks,
>> -chris
>>
>>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Tomcat init script does not test correctly for /etc/rc.d/init.d/functions

2018-03-26 Thread Coty Sutherland
Hello,

On Mon, Mar 26, 2018 at 9:13 AM, Casper Pedersen
 wrote:
> Hi,
>
> The init.d start up script which is being distributed by many, is having the 
> following test:
>
> # Source function library.
> if [ -x /etc/rc.d/init.d/functions ]; then
> . /etc/rc.d/init.d/functions
> fi
>
> That will not work correctly on RHEL as on RHEL this file is read only (not 
> executable).

This list (dev@tomcat) isn't the best place to get help with distro
specific tomcat packages as the tomcat community is upstream from
those distributions. For future reference, please file a bug in the
tracker used by the offending distribution. More to the problem, which
distributions are you referring to? The only place sysv is still used
is in rhel-6, which now uses /lib/lsb/init-functions.

> Was also discussed here: 
> https://roosbertl.blogspot.com/2011/12/tomcat7-on-centos7-right-way.html?showComment=1366685221068#c9019320598583823471
>  
> 

That article is from 2011, and (after a quick glance) provides
instructions on how to create your own init script :)

>
> The file might have been executable in earlier version but with RHEL 6 and 7 
> this is no longer the case.
>
>
> Thank you,
>
> Casper

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [Git migration] Commit message format

2018-03-21 Thread Coty Sutherland
On Tue, Mar 20, 2018 at 4:07 PM, Mark Thomas  wrote:
> On 21/02/18 16:48, Mark Thomas wrote:
>> On 21/02/18 16:10, Rainer Jung wrote:
>>> Am 21.02.2018 um 16:53 schrieb Mark Thomas:
 The next issue on the list is the format of commit messages.

 The commit messages we are seeing for the tomcat-training repository
 have the same format as the commit message for the main tomcat repo will
 have.

 Does anyone have any concerns regarding the format?
>>>
>>> Would we be able to determine the branch from the subject line, e.g.
>>> would it be part of what is written between the square brackets? I
>>> personally find it very convenient to be able to easily filter commit
>>> mails by branch.
>>
>> Where there are new files described in subsequent commits, those commits
>> don't have a branch in the subject. You can see how this works in
>> practice on comm...@infra.apache.org
>
> Coming back to this.
>
> Having seen some of the messages for the tomcat-training repo what are
> people's thoughts?

I have a couple small things.

1) The third block's formatting looks weird on my end. Example:

"The following commit(s) were added to refs/heads/master by this push:
 new b13e925  First draft of logging module
b13e925 is described below"

I'm not sure the first few lines are necessary (the automated message
bit and repository link), so they could be removed/cleaned up.

2) Can we add a link to the commit somehow so that it closer resembles
the svn commit emails?

Other than those things, I think it's OK.

>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: TomcatCon Training: Tomcat for Administrators

2018-02-19 Thread Coty Sutherland
Do we plan on doing any audio or video to go along with the slides for
these? We could add them to the youtube channel for those that can't
attend the live training.

On Mon, Feb 19, 2018 at 9:50 AM, Mark Thomas  wrote:
> All,
>
> The Apache Tomcat PMC is delighted to announce that the registration for
> the training course "Tomcat for Administrators" is now open.
>
> This one-day training course will take place in central Manchester, UK
> on Tuesday April 10, 2018.
>
> Full details, including the schedule is available on the website:
> http://tomcat.apache.org/conference.html
>
> Registration is via EventBrite:
> https://www.eventbrite.com/e/tomcatcon-training-tomcat-for-administrators-tickets-43039556472?aff=lists
>
> We hope to see you there.
>
> Mark
> on behalf of the Apache Tomcat PMC
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 8.0.50

2018-02-12 Thread Coty Sutherland
On Wed, Feb 7, 2018 at 3:56 PM, Violeta Georgieva  wrote:
> The proposed Apache Tomcat 8.0.50 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.50/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1173/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_50/
>
> The proposed 8.0.50 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.0.50

+1

> Regards,
> Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 7.0.85

2018-02-12 Thread Coty Sutherland
On Wed, Feb 7, 2018 at 2:42 PM, Violeta Georgieva  wrote:
> The proposed Apache Tomcat 7.0.85 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.85/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1172/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_85/
>
> The proposed 7.0.85 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.85 Stable

+1

> Regards,
> Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 9.0.5

2018-02-09 Thread Coty Sutherland
On Tue, Feb 6, 2018 at 5:08 PM, Mark Thomas  wrote:
> The proposed Apache Tomcat 9.0.5 release is now available for voting.
>
> The major changes compared to the 9.0.4 release are:
>
> - Refactor error handling to enable errors that occur before processing
>   is passed to the application to be handled by the application provided
>   error handling and/or the container provided error handling
>   (ErrorReportValve) as appropriate.
>
> - Enable strict validation of the provided host name and port for all
>   connectors. Requests with invalid host names and/or ports will be
>   rejected with a 400 response.
>
> - Enhance the JMX support for jdbc-pool in order to expose
>   PooledConnection and JdbcInterceptors.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.5/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1170/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_5/
>
> The proposed 9.0.5 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.5

+1

> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: [VOTE] Release Apache Tomcat 8.5.28

2018-02-09 Thread Coty Sutherland
On Tue, Feb 6, 2018 at 6:33 PM, Mark Thomas  wrote:
> The proposed Apache Tomcat 8.5.28 release is now available for voting.
>
> The major changes compared to the 8.5.27 release are:
>
> - Fix truncated request input streams when using NIO2 with TLS.
>
> - Improved error handling and reporting for TLS configuration.
>
> - Enhance the JMX support for jdbc-pool in order to expose
>   PooledConnection and JdbcInterceptors.
>
> Along with lots of other bug fixes and improvements.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.28/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1171/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_28/
>
> The proposed 8.5.28 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.28

+1

> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



  1   2   3   >