Re: [VOTE] Release Apache Tomcat 9.0.27
Hi, On Mon, Oct 7, 2019 at 2:51 PM Mark Thomas wrote: > The proposed Apache Tomcat 9.0.27 release is now available for voting. > > The major changes compared to the 9.0.26 release are: > > - Update to Commons Daemon 1.2.2 to pick up the fix for a regression in > Commons Daemon 1.2.0 and 1.2.1 that triggered a crash on startup when > running on a Windows OS that had not been fully updated. > > - Fix some edge cases with NIO2 and TLS that could has a request to > hang. > > - Fix a memory leak introduced by the HTTP/2 timeout refactoring in > 9.0.23 that could occur when HTTP/2 or WebSocket was used. > > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.27/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1233/ > The tag is: > https://github.com/apache/tomcat/tree/9.0.27 > > > The proposed 9.0.27 release is: > [ ] Broken - do not release > [ X ] Stable - go ahead and release as 9.0.27 > Regards, Martin > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 9.0.27
вт, 8 окт. 2019 г. в 21:00, Mark Thomas : > > On 08/10/2019 17:49, Mark Thomas wrote: > > On 07/10/2019 17:40, Igal Sapir wrote: > >> Mark, > >> > >> On 10/7/2019 4:51 AM, Mark Thomas wrote: > >>> The proposed Apache Tomcat 9.0.27 release is now available for voting. > >> > >> I'm getting the failures below [1] for unit tests on Windows 10 with > >> Java 1.8u181. False positives? > > > > Don't know yet. I didn't get the same failures on Windows but I was > > using a different OS and a different JRE. > > > >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt: FAILED > >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-expected:<...3-Header-[:status]-[[304] > >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[etag]-[W/"957-1447269522000"]] > >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[date]-[W...> > >> but was:<...3-Header-[:status]-[[200] > >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[accept-ranges]-[bytes] > >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[etag]-[W/"957-1447269522000"] > > > > This is TestStreamProcessor.testPrepareHeaders() failing for each connector. > > I think the machine you are using for testing has some sort of issue > with its clock. > > The above test will fail like that if the last modified time of the file > being requested is ahead of the current time. I don't see how that can > happen - even if the tests have just been checked out - unless the clock > moves back in time for some reason. The file requested by the test is test/webapp/index.html When a release candidate is being tested a usual approach is to unpack a source archive and test it. Depending on time zone differences between the one who created the archive and the one unpacking it the date of the source file may be in the future (if the archive was created less than 24 hours ago). ;-) > Overall, I'm not concerned about these failures although I am interested > to hear of you find out what is going on. +1 > Mark > Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
org.apache.tomcat.jni.TestSocketServer timeout test failures (was: VOTE 9.0.27)
Hi! Splitting from "VOTE 9.0.27" thread. вт, 8 окт. 2019 г. в 21:00, Mark Thomas : > > On 08/10/2019 17:49, Mark Thomas wrote: > > On 07/10/2019 17:40, Igal Sapir wrote: > > > > > > > >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt: FAILED > >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-Socket.timeoutSet > >> failed (<1s) [999760800] +-[400] > >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-junit.framework.AssertionFailedError: > >> Socket.timeoutSet failed (<1s) [999760800] +-[400] > >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt- at > >> org.apache.tomcat.jni.TestSocketServer.testBlockingReadFromClientWithTimeout(TestSocketServer.java:111) > >> > >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt- > >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-Testcase: testPort > >> took 0.001 sec > > > > That is a false positive. The timing variance is significantly greater > > than the error margin. It looks like we need to adjust that. Interesting > > that the socket waited a little less than a second to timeout. We'd need > > to increase the error margin by 3 orders of magnitude (400ns to 0.4ms) > > for that test to pass. > > > > I'll start looking into these but more eyes are always welcome. Running on Windows 10, AdoptOpenJDK Java 8u222, I also observe this test failing (and saw it for similar runs for older release as well). In my case the numbers are: Testcase: testBlockingReadFromClientWithTimeout took 1,032 sec FAILED Socket.timeoutSet failed (<1s) [998666400] +-[200] junit.framework.AssertionFailedError: Socket.timeoutSet failed (<1s) [998666400] +-[200] at org.apache.tomcat.jni.TestSocketServer.testBlockingReadFromClientWithTimeout(TestSocketServer.java:111) Socket.timeoutSet failed (<1s) [987526600] +-[200] Socket.timeoutSet failed (<1s) [991705200] +-[200] Digging into this, I see that - Socket.timeoutSet is essentially a direct wrapper around apr_socket_timeout_set - Socket.recv is essentially a direct wrapper around apr_socket_recv and those APR methods a wrappers around Windows Socket API (setsockopt for setting timeout, WSARecv for reading) https://svn.apache.org/viewvc/apr/apr/branches/1.6.x/network_io/win32/ https://docs.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-setsockopt https://docs.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsarecv I think that [998666400] for practical purposes is the same as 1s (as far as we are verifying our own API), and we cannot improve how precise is socket timeout handling in Windows. Thus let's increase the error margin. BTW, setsockopt method in Windows accepts a value in milliseconds. I do not know what clock it uses to measure the timeout. In my example of [987526600] the difference from expected value is 14 msecs. It seems similar to the granularity of System.currentTimeMillis(). How about a margin of 100 msec? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868163 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 22:17:30 2019
New Revision: 1868163
URL: http://svn.apache.org/viewvc?rev=1868163&view=rev
Log:
Use number comparison where appropriate.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868163&r1=1868162&r2=1868163&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 22:17:30 2019
@@ -166,14 +166,14 @@ then
fi
if [ -n "$revision" ]
then
-if [ $USE_GIT == 0 ]
+if [ $USE_GIT -eq 0 ]
then
revision="-r $revision"
fi
fi
if [ -n "$trunk" ]
then
-if [ $USE_GIT == 1 ]
+if [ $USE_GIT -eq 1 ]
then
JK_REV=`git ls-remote $REPOS refs/heads/master | awk '{print $1}'`
if [ -z "$JK_REV" ]
@@ -203,7 +203,7 @@ then
fi
elif [ -n "$branch" ]
then
-if [ $USE_GIT == 1 ]
+if [ $USE_GIT -eq 1 ]
then
JK_REV=`git ls-remote $REPOS refs/heads/$branch | awk '{print $1}'`
if [ -z "$JK_REV" ]
@@ -232,7 +232,7 @@ then
echo "Directory '$local_dir' does not exist - Aborting!"
exit 6
fi
-if [ $USE_GIT == 1 ]
+if [ $USE_GIT -eq 1 ]
then
JK_REV=`git --git-dir=$local_dir rev-parse HEAD`
if [ -z "$JK_REV" ]
@@ -254,7 +254,7 @@ then
JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
fi
else
-if [ $USE_GIT == 1 ]
+if [ $USE_GIT -eq 1 ]
then
if [ -n "$tag" ]
then
@@ -316,7 +316,7 @@ rm -rf ${JK_DIST} 2>/dev/null || true
rm -rf ${JK_DIST}.* 2>/dev/null || true
mkdir -p ${JK_DIST}.tmp
-if [ $USE_GIT == 0 ]
+if [ $USE_GIT -eq 0 ]
then
svn export $revision "${JK_REPOS_URL}" ${JK_DIST}.tmp/jk
if [ $? -ne 0 ]
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868162 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 22:16:02 2019
New Revision: 1868162
URL: http://svn.apache.org/viewvc?rev=1868162&view=rev
Log:
Restrict use of explicit revision to trunk, branch
or local directory.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868162&r1=1868161&r2=1868162&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 22:16:02 2019
@@ -50,7 +50,8 @@ usage() {
echo "-f: force, do not validate tag against version"
echo "-h: create text documentation for html"
echo "-t: tag to use if different from version"
-echo "-r: revision or hash to package"
+echo "-r: revision or hash to package, only allowed in"
+echo "combination with '-b BRANCH', '-T' or '-d DIR'"
echo "-b: package from branch BRANCH"
echo "-T: package from trunk/master"
echo "-d: package from local directory"
@@ -77,6 +78,7 @@ copy_files() {
txtgen=n
conflict=0
+rev_allowed=0
while getopts :R:v:t:r:b:d:p:k:o:g:Tfh c
do
case $c in
@@ -91,10 +93,13 @@ do
g) JK_GROUP=$OPTARG;;
b) branch=$OPTARG
conflict=$(($conflict+1));;
+ rev_allowed=1
T) trunk=trunk
conflict=$(($conflict+1));;
+ rev_allowed=1
d) local_dir=$OPTARG
conflict=$(($conflict+1));;
+ rev_allowed=1
f) force='y';;
h) txtgen='y';;
\:)usage
@@ -127,6 +132,16 @@ then
exit 2
fi
+if [ -n "$revision" ]
+then
+if [ $rev_allowed -eq 0 ]
+then
+usage
+echo "Option '-r revision' only allowed in combination with '-b
BRANCH', '-T' or '-d DIR'"
+exit 2
+fi
+fi
+
if [ -n "$local_dir" ]
then
echo "Caution: Packaging from directory!"
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63816] java.lang.IllegalStateException: Calling [asyncMustError()] is not valid for a request with Async state [STARTING]
https://bz.apache.org/bugzilla/show_bug.cgi?id=63816 --- Comment #3 from Alex --- I also filed https://bz.apache.org/bugzilla/show_bug.cgi?id=63817 for a similar problem, so may be the fix can be for both together? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868161 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 22:07:14 2019
New Revision: 1868161
URL: http://svn.apache.org/viewvc?rev=1868161&view=rev
Log:
Further syntax fixes.
Tests for svn look good, old functionality should
work again.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868161&r1=1868160&r2=1868161&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 22:07:14 2019
@@ -152,6 +152,7 @@ fi
if [ -n "$revision" ]
then
if [ $USE_GIT == 0 ]
+then
revision="-r $revision"
fi
fi
@@ -240,9 +241,9 @@ then
else
if [ $USE_GIT == 1 ]
then
-if [ -n $tag ]
+if [ -n "$tag" ]
then
-if [ -z $force ]
+if [ -z "$force" ]
then
echo $tag | grep "^$version" > /dev/null 2>&1
if [ "X$tag" != "X$version" ]
@@ -271,9 +272,9 @@ else
JK_DIST=${JK_CVST}-${version}${JK_SUFFIX}-src
else
JK_TAG=`echo $version | sed -e 's#^#JK_#' -e 's#\.#_#g'`
-if [ -n $tag ]
+if [ -n "$tag" ]
then
-if [ -z $force ]
+if [ -z "$force" ]
then
echo $tag | grep "^$JK_TAG" > /dev/null 2>&1
if [ $? -gt 0 ]
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868159 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung Date: Tue Oct 8 21:53:06 2019 New Revision: 1868159 URL: http://svn.apache.org/viewvc?rev=1868159&view=rev Log: Fix new syntax errors in script. Modified: tomcat/jk/trunk/tools/jkrelease.sh Modified: tomcat/jk/trunk/tools/jkrelease.sh URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868159&r1=1868158&r2=1868159&view=diff == --- tomcat/jk/trunk/tools/jkrelease.sh (original) +++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 21:53:06 2019 @@ -105,12 +105,13 @@ do done shift `expr $OPTIND - 1` -if [ "X$repos" -eq "Xgit" ] +if [ "X$repos" == "Xgit" ] then USE_GIT=1 REPOS=$GIT_REPOS JK_REPOS_URL=$REPOS -elif [ "X$repos" -eq "Xsvn" ] +elif [ "X$repos" == "Xsvn" ] +then USE_GIT=0 REPOS=$SVN_REPOS else - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868158 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 21:51:49 2019
New Revision: 1868158
URL: http://svn.apache.org/viewvc?rev=1868158&view=rev
Log:
Add support for using tags, branches, revisions
(hashes) and local directories when using the
script with git.
Still untested.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868158&r1=1868157&r2=1868158&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 21:51:49 2019
@@ -44,16 +44,16 @@ SIGN_OPTS=""
FUNCTIONS ##
usage() {
-echo "Usage:: $0 -R (git|svn) -v VERSION [-f] [-r revision] [-t tag | -b
BRANCH | -T | -d DIR]"
+echo "Usage:: $0 -R (git|svn) -v VERSION [-f] [-r revision_or_hash] [-t
tag | -b BRANCH | -T | -d DIR]"
echo "-R: Use git or svn to check out from repos"
echo "-v: version to package"
echo "-f: force, do not validate tag against version"
echo "-h: create text documentation for html"
-echo "-t: tag to use if different from version (only for svn)"
-echo "-r: revision to package (only for svn)"
-echo "-b: package from branch BRANCH (only for svn)"
-echo "-T: package from trunk (only for svn)"
-echo "-d: package from local directory (only for svn)"
+echo "-t: tag to use if different from version"
+echo "-r: revision or hash to package"
+echo "-b: package from branch BRANCH"
+echo "-T: package from trunk/master"
+echo "-d: package from local directory"
echo "-o: owner used for creating tar archive"
echo "-g: group used for creating tar archive"
echo "-p: GNU PG passphrrase used for signing"
@@ -109,6 +109,7 @@ if [ "X$repos" -eq "Xgit" ]
then
USE_GIT=1
REPOS=$GIT_REPOS
+JK_REPOS_URL=$REPOS
elif [ "X$repos" -eq "Xsvn" ]
USE_GIT=0
REPOS=$SVN_REPOS
@@ -127,11 +128,6 @@ fi
if [ -n "$local_dir" ]
then
-if [ $USE_GIT == 1 ]
-then
-echo "Releasing from a local directory is not yet supported when using
git."
-exit 5
-fi
echo "Caution: Packaging from directory!"
echo "Make sure the directory is committed."
answer="x"
@@ -154,81 +150,125 @@ then
fi
if [ -n "$revision" ]
then
-if [ $USE_GIT == 1 ]
-then
-echo "Using an explicit revision is not yet supported when using git."
-exit 5
+if [ $USE_GIT == 0 ]
+revision="-r $revision"
fi
-revision="-r $revision"
fi
if [ -n "$trunk" ]
then
if [ $USE_GIT == 1 ]
then
-echo "Releasing from trunk is not yet supported when using git."
-exit 5
-fi
-JK_REPOS_URL="${REPOS}/trunk"
-repos_use_url="`svn help info | grep URL`"
-if [ -n "$repos_use_url" ]
-then
- JK_REPOS_INFO_PATH="${JK_REPOS_URL}"
+JK_REV=`git ls-remote $REPOS refs/heads/master | awk '{print $1}'`
+if [ -z "$JK_REV" ]
+then
+ echo "No git hash found via 'git ls-remote $REPOS
refs/heads/master'"
+ exit 3
+fi
+JK_SUFFIX=-${JK_REV}
+JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
else
- JK_REPOS_INFO_PATH=.
-fi
-JK_REV=`svn info $revision $JK_REPOS_INFO_PATH | awk '$1 == "Revision:"
{print $2}'`
-if [ -z "$JK_REV" ]
-then
- echo "No Revision found at '$JK_REPOS_URL'"
- exit 3
+JK_REPOS_URL="${REPOS}/trunk"
+repos_use_url="`svn help info | grep URL`"
+if [ -n "$repos_use_url" ]
+then
+JK_REPOS_INFO_PATH="${JK_REPOS_URL}"
+else
+JK_REPOS_INFO_PATH=.
+fi
+JK_REV=`svn info $revision $JK_REPOS_INFO_PATH | awk '$1 ==
"Revision:" {print $2}'`
+if [ -z "$JK_REV" ]
+then
+ echo "No svn revision found at '$JK_REPOS_URL'"
+ exit 3
+fi
+JK_SUFFIX=-${JK_REV}
+JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
fi
-JK_SUFFIX=-${JK_REV}
-JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
elif [ -n "$branch" ]
then
if [ $USE_GIT == 1 ]
then
-echo "Releasing from a branch is not yet supported when using git."
-exit 5
-fi
-JK_BRANCH=`echo $branch | sed -e 's#/#__#g'`
-JK_REPOS_URL="${REPOS}/branches/$branch"
-JK_REV=`svn info $revision ${JK_REPOS_URL} | awk '$1 == "Revision:" {print
$2}'`
-if [ -z "$JK_REV" ]
-then
- echo "No Revision found at '$JK_REPOS_URL'"
- exit 3
+JK_REV=`git ls-remote $REPOS refs/heads/$branch | awk '{print $1}'`
+if [ -z "$JK_REV" ]
+then
+ echo "No git hash found via 'git ls-remote $REPOS
refs/heads/$branch'"
+ exit 3
+fi
[Bug 63816] java.lang.IllegalStateException: Calling [asyncMustError()] is not valid for a request with Async state [STARTING]
https://bz.apache.org/bugzilla/show_bug.cgi?id=63816 --- Comment #2 from Mark Thomas --- I've been able to create a test case for this. This is one of those areas of the Servlet spec that could benefit from some clarification. There is this text in the spec: The application is responsible to handle concurrent access to the request and response objects if the async task is executing before the container-initiated dispatch that called startAsync has returned to the container. Does this mean that the dispatching servlet should exit to service() method immediately after calling startAsync(). I'd argue that that is good practice implied by the above quote but not required. Does this mean that the async thread should take steps not to use the request and response objects until it knows the service() method has returned? That is certainly the safest interpretation of "handle concurrent access" but it isn't the only one. Tomcat already handles the case where complete() or dispatch() are called on the async thread before the service() method exists. We "just" need to handle the error case in the same way. It looks like this ASCII art is going to need to be updated: https://github.com/apache/tomcat/blob/master/java/org/apache/coyote/AsyncStateMachine.java#L78 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63815] Expansion of JAVA_OPTS in catalina.sh containing '*' stops startup on linux
https://bz.apache.org/bugzilla/show_bug.cgi?id=63815 --- Comment #2 from Konstantin Kolinko --- What exact change are you asking for? Please note that on the last step (when invoking a java executable) the JAVA_OPTS must produce several separate command line arguments: java expects that each -D is passed as a separate command-line argument. As such, JAVA_OPTS cannot be quoted there. I have not tested, but I think that you should have used the quotes around the whole -D argument: JAVA_OPTS="\"-Dfoo.cronExpression=0 0 0/12 * * ?\"" -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch BZ-63681/8.5.x created (now 6be96eb)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch BZ-63681/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 6be96eb Frist draft This branch includes the following new commits: new 6be96eb Frist draft The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: Frist draft
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch BZ-63681/8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6be96ebba4e7056d5c9621bada2c496f8c0a82d0
Author: Michael Osipov
AuthorDate: Wed Aug 21 23:23:19 2019 +0200
Frist draft
changelog.xml pending
---
java/org/apache/catalina/Realm.java | 13 +
java/org/apache/catalina/realm/CombinedRealm.java | 34
java/org/apache/catalina/realm/LockOutRealm.java | 12
java/org/apache/catalina/realm/RealmBase.java | 67 +++
4 files changed, 116 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/Realm.java
b/java/org/apache/catalina/Realm.java
index a6360cc..412e845 100644
--- a/java/org/apache/catalina/Realm.java
+++ b/java/org/apache/catalina/Realm.java
@@ -25,6 +25,8 @@ import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
/**
* A Realm is a read-only facade for an underlying security realm
@@ -135,6 +137,17 @@ public interface Realm {
/**
+ * Try to authenticate using a {@link GSSName}
+ *
+ * @param gssName The {@link GSSName} of the principal to look up
+ * @param gssCredential The {@link GSSCredential} of the principal, may be
+ * {@code null}
+ * @return the associated principal, or {@code null} if there is none
+ */
+public Principal authenticate(GSSName gssName, GSSCredential
gssCredential);
+
+
+/**
* Try to authenticate using {@link X509Certificate}s
*
* @param certs Array of client certificates, with the first one in
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java
b/java/org/apache/catalina/realm/CombinedRealm.java
index 59511fa..5645457 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -32,6 +32,7 @@ import org.apache.catalina.Realm;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
@@ -393,6 +394,39 @@ public class CombinedRealm extends RealmBase {
return null;
}
+/**
+ * {@inheritDoc}
+ */
+@Override
+public Principal authenticate(GSSName gssName, GSSCredential
gssCredentail) {
+Principal authenticatedUser = null;
+
+String username = String.valueOf(gssName);
+
+for (Realm realm : realms) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authStart",
+username, realm.getClass().getName()));
+}
+
+authenticatedUser = realm.authenticate(gssName, gssCredentail);
+
+if (authenticatedUser == null) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authFail",
+username, realm.getClass().getName()));
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authSuccess",
+username, realm.getClass().getName()));
+}
+break;
+}
+}
+return authenticatedUser;
+}
+
@Override
@Deprecated
protected String getName() {
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java
b/java/org/apache/catalina/realm/LockOutRealm.java
index b2dc29e..46e6a97 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -27,6 +27,7 @@ import org.apache.catalina.LifecycleException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
@@ -205,6 +206,17 @@ public class LockOutRealm extends CombinedRealm {
return null;
}
+/**
+ * {@inheritDoc}
+ */
+@Override
+public Principal authenticate(GSSName gssName, GSSCredential
gssCredential) {
+String username = String.valueOf(gssName);
+
+Principal authenticatedUser = super.authenticate(gssName,
gssCredential);
+return filterLockedAccounts(username, authenticatedUser);
+}
+
/*
* Filters authenticated principals to ensure that null is
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index d321c56..f300810 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -499,16 +499
[tomcat] branch BZ-63681/8.5.x deleted (was 6be96eb)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch BZ-63681/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. was 6be96eb Frist draft This change permanently discards the following revisions: discard 6be96eb Frist draft - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63816] java.lang.IllegalStateException: Calling [asyncMustError()] is not valid for a request with Async state [STARTING]
https://bz.apache.org/bugzilla/show_bug.cgi?id=63816 --- Comment #1 from Mark Thomas --- Please provide the full stack trace and as much detail as you can on the conditions that trigger the error. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.47
On 08/10/2019 17:19, Igal Sapir wrote: > On 10/7/2019 6:58 AM, Mark Thomas wrote: >> The proposed Apache Tomcat 8.5.47 release is now available for voting. >> >> The major changes compared to the 8.5.46 release are: > > I'm getting similar test failures as I did for 9.0.27 on that same > Windows machine: These also look like timing issues. I see TestAsyncContextImpl test failures like this fairly frequently on VMs. The other failures look to be the same as the 9.0.x tests. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.27
On 08/10/2019 17:49, Mark Thomas wrote: > On 07/10/2019 17:40, Igal Sapir wrote: >> Mark, >> >> On 10/7/2019 4:51 AM, Mark Thomas wrote: >>> The proposed Apache Tomcat 9.0.27 release is now available for voting. >> >> I'm getting the failures below [1] for unit tests on Windows 10 with >> Java 1.8u181. False positives? > > Don't know yet. I didn't get the same failures on Windows but I was > using a different OS and a different JRE. > >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt: FAILED >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-expected:<...3-Header-[:status]-[[304] >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[etag]-[W/"957-1447269522000"]] >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[date]-[W...> >> but was:<...3-Header-[:status]-[[200] >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[accept-ranges]-[bytes] >> TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[etag]-[W/"957-1447269522000"] > > This is TestStreamProcessor.testPrepareHeaders() failing for each connector. I think the machine you are using for testing has some sort of issue with its clock. The above test will fail like that if the last modified time of the file being requested is ahead of the current time. I don't see how that can happen - even if the tests have just been checked out - unless the clock moves back in time for some reason. Overall, I'm not concerned about these failures although I am interested to hear of you find out what is going on. Mark > > > >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt: FAILED >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-Socket.timeoutSet >> failed (<1s) [999760800] +-[400] >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-junit.framework.AssertionFailedError: >> Socket.timeoutSet failed (<1s) [999760800] +-[400] >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt- at >> org.apache.tomcat.jni.TestSocketServer.testBlockingReadFromClientWithTimeout(TestSocketServer.java:111) >> >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt- >> TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-Testcase: testPort >> took 0.001 sec > > That is a false positive. The timing variance is significantly greater > than the error margin. It looks like we need to adjust that. Interesting > that the socket waited a little less than a second to timeout. We'd need > to increase the error margin by 3 orders of magnitude (400ns to 0.4ms) > for that test to pass. > > I'll start looking into these but more eyes are always welcome. > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63817] New: Calling [asyncComplete()] is not valid for a request with Async state [MUST_ERROR]
https://bz.apache.org/bugzilla/show_bug.cgi?id=63817 Bug ID: 63817 Summary: Calling [asyncComplete()] is not valid for a request with Async state [MUST_ERROR] Product: Tomcat 9 Version: 9.0.22 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: a701...@gmail.com Target Milestone: - asyncComplete() is called in the "finally" section on both success and failure of the background request processing. Sometimes when there is an IO error on the background thread I get the following error: java.lang.IllegalStateException: Calling [asyncComplete()] is not valid for a request with Async state [MUST_ERROR] java.lang.IllegalStateException: Calling [asyncComplete()] is not valid for a request with Async state [MUST_ERROR] at org.apache.coyote.AsyncStateMachine.doComplete(AsyncStateMachine.java:332) at org.apache.coyote.AsyncStateMachine.asyncComplete(AsyncStateMachine.java:316) at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:496) at org.apache.coyote.Request.action(Request.java:430) at org.apache.catalina.core.AsyncContextImpl.complete(AsyncContextImpl.java:92) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63815] Expansion of JAVA_OPTS in catalina.sh containing '*' stops startup on linux
https://bz.apache.org/bugzilla/show_bug.cgi?id=63815 --- Comment #1 from Mark Thomas --- I'm wondering how important it is to remove newlines backwards compatibility. might it be sufficient to document the change in behaviour? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63816] New: java.lang.IllegalStateException: Calling [asyncMustError()] is not valid for a request with Async state [STARTING]
https://bz.apache.org/bugzilla/show_bug.cgi?id=63816 Bug ID: 63816 Summary: java.lang.IllegalStateException: Calling [asyncMustError()] is not valid for a request with Async state [STARTING] Product: Tomcat 9 Version: 9.0.22 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: a701...@gmail.com Target Milestone: - After starting async processing request.startAsync() for the request a background thread invokes the response write functions. Sometimes when IO errors happen I get the exception below. java.lang.IllegalStateException: Calling [asyncMustError()] is not valid for a request with Async state [STARTING] java.lang.IllegalStateException: Calling [asyncMustError()] is not valid for a request with Async state [STARTING] at org.apache.coyote.AsyncStateMachine.asyncMustError(AsyncStateMachine.java:421) at org.apache.coyote.AbstractProcessor.setErrorState(AbstractProcessor.java:118) at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:424) at org.apache.coyote.Response.action(Response.java:211) at org.apache.coyote.http11.Http11OutputBuffer$SocketOutputBuffer.doWrite(Http11OutputBuffer.java:546) at org.apache.coyote.http11.filters.ChunkedOutputFilter.doWrite(ChunkedOutputFilter.java:112) at org.apache.coyote.http11.Http11OutputBuffer.doWrite(Http11OutputBuffer.java:190) at org.apache.coyote.Response.doWrite(Response.java:599) at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:329) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.27
On 07/10/2019 17:40, Igal Sapir wrote: > Mark, > > On 10/7/2019 4:51 AM, Mark Thomas wrote: >> The proposed Apache Tomcat 9.0.27 release is now available for voting. > > I'm getting the failures below [1] for unit tests on Windows 10 with > Java 1.8u181. False positives? Don't know yet. I didn't get the same failures on Windows but I was using a different OS and a different JRE. > TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt: FAILED > TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-expected:<...3-Header-[:status]-[[304] > TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[etag]-[W/"957-1447269522000"]] > TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[date]-[W...> > but was:<...3-Header-[:status]-[[200] > TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[accept-ranges]-[bytes] > TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt-3-Header-[etag]-[W/"957-1447269522000"] This is TestStreamProcessor.testPrepareHeaders() failing for each connector. > TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt: FAILED > TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-Socket.timeoutSet > failed (<1s) [999760800] +-[400] > TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-junit.framework.AssertionFailedError: > Socket.timeoutSet failed (<1s) [999760800] +-[400] > TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt- at > org.apache.tomcat.jni.TestSocketServer.testBlockingReadFromClientWithTimeout(TestSocketServer.java:111) > > TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt- > TEST-org.apache.tomcat.jni.TestSocketServer.NIO2.txt-Testcase: testPort > took 0.001 sec That is a false positive. The timing variance is significantly greater than the error margin. It looks like we need to adjust that. Interesting that the socket waited a little less than a second to timeout. We'd need to increase the error margin by 3 orders of magnitude (400ns to 0.4ms) for that test to pass. I'll start looking into these but more eyes are always welcome. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.47
On 10/7/2019 6:58 AM, Mark Thomas wrote: The proposed Apache Tomcat 8.5.47 release is now available for voting. The major changes compared to the 8.5.46 release are: I'm getting similar test failures as I did for 9.0.27 on that same Windows machine: > grep -A 5 FAILED output/build/logs/*.txt output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt: FAILED output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-Uri: /stage1, Status: 500, Time: 2248 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-junit.framework.AssertionFailedError: Uri: /stage1, Status: 500, Time: 2248 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:92) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.doTestDispatchError(TestAsyncContextImpl.java:1015) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.testDispatchErrorWithThreadMultiple(TestAsyncContextImpl.java:921) -- output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt: FAILED output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-Uri: /stage1, Status: 500, Time: 4018 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-junit.framework.AssertionFailedError: Uri: /stage1, Status: 500, Time: 4018 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:92) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.doTestDispatchError(TestAsyncContextImpl.java:1015) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.testDispatchErrorMultiple(TestAsyncContextImpl.java:906) -- output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt: FAILED output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-Uri: /stage1, Status: 500, Time: 2182 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-junit.framework.AssertionFailedError: Uri: /stage1, Status: 500, Time: 2182 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:92) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.doTestDispatchError(TestAsyncContextImpl.java:1015) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.testDispatchErrorDoubleThenComplete(TestAsyncContextImpl.java:931) -- output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt: FAILED output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-Uri: /stage1, Status: 500, Time: 2512 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-junit.framework.AssertionFailedError: Uri: /stage1, Status: 500, Time: 2512 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:92) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.doTestDispatchError(TestAsyncContextImpl.java:1015) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.testDispatchErrorSingle(TestAsyncContextImpl.java:896) -- output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt: FAILED output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-Uri: /stage1, Status: 500, Time: 1843 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt-junit.framework.AssertionFailedError: Uri: /stage1, Status: 500, Time: 1843 duration is not < 1600 output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:92) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.TestAsyncContextImpl.doTestDispatchError(TestAsyncContextImpl.java:1015) output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.APR.txt- at org.apache.catalina.core.Te
[tomcat] branch master updated: Avoid possible Windows path issues
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new ad3de0b Avoid possible Windows path issues
ad3de0b is described below
commit ad3de0b5ac786214a6c272b65ed4af419a735042
Author: remm
AuthorDate: Tue Oct 8 18:13:11 2019 +0200
Avoid possible Windows path issues
Bad paths for URIs can cause exceptions on Windows due to its path
separator, so wrap using the usual IOException.
---
.../apache/catalina/startup/CatalinaBaseConfigurationSource.java | 7 ++-
webapps/docs/changelog.xml| 8
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git
a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
index 51b3b85..134b6a4 100644
--- a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
+++ b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
@@ -103,7 +103,12 @@ public class CatalinaBaseConfigurationSource implements
ConfigurationSource {
}
// Then try URI.
-URI uri = getURI(name);
+URI uri = null;
+try {
+uri = getURI(name);
+} catch (IllegalArgumentException e) {
+throw new
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name),
e);
+}
// Obtain the input stream we need
try {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a5c88f1..2fb65e2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,14 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Bad paths for URIs can cause exceptions on Windows due to its
+path separator, so wrap using an IOException. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Update URL for code signing service.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new aba8fd8 Update URL for code signing service.
aba8fd8 is described below
commit aba8fd82dacb1f2267b493b3cce17dd6e18d9649
Author: Mark Thomas
AuthorDate: Tue Oct 8 15:07:14 2019 +0100
Update URL for code signing service.
---
java/org/apache/tomcat/buildutil/SignCode.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/buildutil/SignCode.java
b/java/org/apache/tomcat/buildutil/SignCode.java
index a1d1955..dfe7fdb 100644
--- a/java/org/apache/tomcat/buildutil/SignCode.java
+++ b/java/org/apache/tomcat/buildutil/SignCode.java
@@ -51,7 +51,11 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
- * Ant task that submits a file to the Symantec code-signing service.
+ * Ant task that submits a file to the Digicert (formally Symantec)
code-signing
+ * service. The service is defined by the published
+ * https://api.ws.digicert.com/webtrust/SigningService?wsdl";>WSDL.
+ * Note that while the service has migrated to a Digicert domain, the namespace
+ * continues to use a Symantec domain.
*/
public class SignCode extends Task {
@@ -64,7 +68,7 @@ public class SignCode extends Task {
static {
try {
SIGNING_SERVICE_URL = new URL(
-
"https://api-appsec-cws.ws.symantec.com/webtrust/SigningService";);
+
"https://api-appsec.pki.digicert.com/webtrust/SigningService";);
} catch (MalformedURLException e) {
throw new IllegalArgumentException(e);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Update URL for code signing service.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4a9f854 Update URL for code signing service.
4a9f854 is described below
commit 4a9f854a67bc5cece8fa83278ac5449c4b1f54d9
Author: Mark Thomas
AuthorDate: Tue Oct 8 15:07:14 2019 +0100
Update URL for code signing service.
---
java/org/apache/tomcat/buildutil/SignCode.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/buildutil/SignCode.java
b/java/org/apache/tomcat/buildutil/SignCode.java
index 3f0c50f..e6b6008 100644
--- a/java/org/apache/tomcat/buildutil/SignCode.java
+++ b/java/org/apache/tomcat/buildutil/SignCode.java
@@ -51,7 +51,11 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
- * Ant task that submits a file to the Symantec code-signing service.
+ * Ant task that submits a file to the Digicert (formally Symantec)
code-signing
+ * service. The service is defined by the published
+ * https://api.ws.digicert.com/webtrust/SigningService?wsdl";>WSDL.
+ * Note that while the service has migrated to a Digicert domain, the namespace
+ * continues to use a Symantec domain.
*/
public class SignCode extends Task {
@@ -64,7 +68,7 @@ public class SignCode extends Task {
static {
try {
SIGNING_SERVICE_URL = new URL(
-
"https://api-appsec-cws.ws.symantec.com/webtrust/SigningService";);
+
"https://api-appsec.pki.digicert.com/webtrust/SigningService";);
} catch (MalformedURLException e) {
throw new IllegalArgumentException(e);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Update URL for code signing service.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new eb1eb55 Update URL for code signing service.
eb1eb55 is described below
commit eb1eb55f1c2f6ec4a63755844f80874a229f2395
Author: Mark Thomas
AuthorDate: Tue Oct 8 15:07:14 2019 +0100
Update URL for code signing service.
---
java/org/apache/tomcat/buildutil/SignCode.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/buildutil/SignCode.java
b/java/org/apache/tomcat/buildutil/SignCode.java
index 3f0c50f..e6b6008 100644
--- a/java/org/apache/tomcat/buildutil/SignCode.java
+++ b/java/org/apache/tomcat/buildutil/SignCode.java
@@ -51,7 +51,11 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
- * Ant task that submits a file to the Symantec code-signing service.
+ * Ant task that submits a file to the Digicert (formally Symantec)
code-signing
+ * service. The service is defined by the published
+ * https://api.ws.digicert.com/webtrust/SigningService?wsdl";>WSDL.
+ * Note that while the service has migrated to a Digicert domain, the namespace
+ * continues to use a Symantec domain.
*/
public class SignCode extends Task {
@@ -64,7 +68,7 @@ public class SignCode extends Task {
static {
try {
SIGNING_SERVICE_URL = new URL(
-
"https://api-appsec-cws.ws.symantec.com/webtrust/SigningService";);
+
"https://api-appsec.pki.digicert.com/webtrust/SigningService";);
} catch (MalformedURLException e) {
throw new IllegalArgumentException(e);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: 63814: Do not set server socket timeout with negative values in NIO
On Tue, Oct 8, 2019 at 3:35 PM Mark Thomas wrote:
> On 08/10/2019 12:31, r...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > remm pushed a commit to branch 7.0.x
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/7.0.x by this push:
> > new 0a18642 63814: Do not set server socket timeout with negative
> values in NIO
> > 0a18642 is described below
> >
> > commit 0a18642108a637b9800042f4202d284da93a9682
> > Author: remm
> > AuthorDate: Tue Oct 8 13:31:30 2019 +0200
> >
> > 63814: Do not set server socket timeout with negative values in NIO
> > ---
> > java/org/apache/tomcat/util/net/NioEndpoint.java | 4 +++-
> > webapps/docs/changelog.xml | 8
> > 2 files changed, 11 insertions(+), 1 deletion(-)
> >
> > diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java
> b/java/org/apache/tomcat/util/net/NioEndpoint.java
> > index 2f25ee4..33a7d18 100644
> > --- a/java/org/apache/tomcat/util/net/NioEndpoint.java
> > +++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
> > @@ -474,7 +474,9 @@ public class NioEndpoint extends
> AbstractEndpoint {
> > InetSocketAddress addr = (getAddress()!=null?new
> InetSocketAddress(getAddress(),getPort()):new InetSocketAddress(getPort()));
> > serverSock.socket().bind(addr,getBacklog());
> > serverSock.configureBlocking(true); //mimic APR behavior
> > -
> serverSock.socket().setSoTimeout(getSocketProperties().getSoTimeout());
> > +if (getSocketProperties().getSoTimeout() > 0) {
> > +
> serverSock.socket().setSoTimeout(getSocketProperties().getSoTimeout());
> > +}
>
> Shouldn't this be >= 0 to allow for infinite timeouts?
>
Yes since this is not NIO2.
Rémy
[tomcat] branch 7.0.x updated: Fix issue spotted by Mark, 0 can be passed along as well for infinite
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new f140942 Fix issue spotted by Mark, 0 can be passed along as well for
infinite
f140942 is described below
commit f140942d89ee7d9e52c4e273298a1852b8c3f020
Author: remm
AuthorDate: Tue Oct 8 16:09:08 2019 +0200
Fix issue spotted by Mark, 0 can be passed along as well for infinite
---
java/org/apache/tomcat/util/net/NioEndpoint.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java
b/java/org/apache/tomcat/util/net/NioEndpoint.java
index 33a7d18..eeeb6b8 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -474,7 +474,7 @@ public class NioEndpoint extends
AbstractEndpoint {
InetSocketAddress addr = (getAddress()!=null?new
InetSocketAddress(getAddress(),getPort()):new InetSocketAddress(getPort()));
serverSock.socket().bind(addr,getBacklog());
serverSock.configureBlocking(true); //mimic APR behavior
-if (getSocketProperties().getSoTimeout() > 0) {
+if (getSocketProperties().getSoTimeout() >= 0) {
serverSock.socket().setSoTimeout(getSocketProperties().getSoTimeout());
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: 63814: Do not set server socket timeout with negative values in NIO
On 08/10/2019 12:31, r...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> remm pushed a commit to branch 7.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/7.0.x by this push:
> new 0a18642 63814: Do not set server socket timeout with negative
> values in NIO
> 0a18642 is described below
>
> commit 0a18642108a637b9800042f4202d284da93a9682
> Author: remm
> AuthorDate: Tue Oct 8 13:31:30 2019 +0200
>
> 63814: Do not set server socket timeout with negative values in NIO
> ---
> java/org/apache/tomcat/util/net/NioEndpoint.java | 4 +++-
> webapps/docs/changelog.xml | 8
> 2 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java
> b/java/org/apache/tomcat/util/net/NioEndpoint.java
> index 2f25ee4..33a7d18 100644
> --- a/java/org/apache/tomcat/util/net/NioEndpoint.java
> +++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
> @@ -474,7 +474,9 @@ public class NioEndpoint extends
> AbstractEndpoint {
> InetSocketAddress addr = (getAddress()!=null?new
> InetSocketAddress(getAddress(),getPort()):new InetSocketAddress(getPort()));
> serverSock.socket().bind(addr,getBacklog());
> serverSock.configureBlocking(true); //mimic APR behavior
> -
> serverSock.socket().setSoTimeout(getSocketProperties().getSoTimeout());
> +if (getSocketProperties().getSoTimeout() > 0) {
> +
> serverSock.socket().setSoTimeout(getSocketProperties().getSoTimeout());
> +}
Shouldn't this be >= 0 to allow for infinite timeouts?
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Migrating Tomcat Connectors to Git
On 08/10/2019 13:32, Rainer Jung wrote: > Am 08.10.2019 um 13:39 schrieb Rainer Jung: >> Am 08.10.2019 um 13:09 schrieb Mark Thomas: >>> Hi all, >>> >>> Tomcat Connectors (mod_jk, isapi_redirect) are currently in svn. There >>> hasn't been much activity on these over the last year or so so there has >>> been no reason to migrate the project to Git. >>> >>> I've recently fixed a mod_jk bug and I have a patch ready to fix a >>> second. These seems like a good time to migrate Tomcat Connectors to >>> git. Therefore, I intend to start this today. >> >> OK for me. >> >> You are probably already aware of the fact, that tools/jkrelease.sh >> has some svn foo in it. To make migration easier, we could comment out >> the features to release from trunk (dev tarball), a branch (also dev >> tarball) or a local directory and for now just keep the part using a >> tag. That makes adjusting the script much easier, especially due to a >> simplification I just committed. > > I have committed a first attempt at making the release skript svn plus > git compatible. We can siplify back, once the switch to git is final. > > When using it with git, there is no support yet for releasing from a > branch, from a (non-verion) tag, from trunk or from a local checkout. I > think these are a not immediately critical. Thanks for this. Tomcat Native has similar code. We can probably use that as a basis for a solution those additional features. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Migrating Tomcat Connectors to Git
Am 08.10.2019 um 13:39 schrieb Rainer Jung: Am 08.10.2019 um 13:09 schrieb Mark Thomas: Hi all, Tomcat Connectors (mod_jk, isapi_redirect) are currently in svn. There hasn't been much activity on these over the last year or so so there has been no reason to migrate the project to Git. I've recently fixed a mod_jk bug and I have a patch ready to fix a second. These seems like a good time to migrate Tomcat Connectors to git. Therefore, I intend to start this today. OK for me. You are probably already aware of the fact, that tools/jkrelease.sh has some svn foo in it. To make migration easier, we could comment out the features to release from trunk (dev tarball), a branch (also dev tarball) or a local directory and for now just keep the part using a tag. That makes adjusting the script much easier, especially due to a simplification I just committed. I have committed a first attempt at making the release skript svn plus git compatible. We can siplify back, once the switch to git is final. When using it with git, there is no support yet for releasing from a branch, from a (non-verion) tag, from trunk or from a local checkout. I think these are a not immediately critical. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868135 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 12:30:18 2019
New Revision: 1868135
URL: http://svn.apache.org/viewvc?rev=1868135&view=rev
Log:
Simplify and try to guess future JK git repos URL.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868135&r1=1868134&r2=1868135&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 12:30:18 2019
@@ -26,9 +26,8 @@
# gpg
# And any one of: w3m, elinks, links (links2)
-SVN_REPOS_ROOT="http://svn.apache.org/repos/asf";
-GIT_REPOS_ROOT="https://gitbox.apache.org/repos/asf";
-REPOS_PROJ="tomcat/jk"
+SVN_REPOS="http://svn.apache.org/repos/asf/tomcat/jk";
+GIT_REPOS="https://gitbox.apache.org/repos/asf/tomcat-jk.git";
JK_CVST="tomcat-connectors"
JK_OWNER="root"
JK_GROUP="bin"
@@ -109,10 +108,10 @@ shift `expr $OPTIND - 1`
if [ "X$repos" -eq "Xgit" ]
then
USE_GIT=1
-REPOS_ROOT=$GIT_REPOS_ROOT
+REPOS=$GIT_REPOS
elif [ "X$repos" -eq "Xsvn" ]
USE_GIT=0
-REPOS_ROOT=$SVN_REPOS_ROOT
+REPOS=$SVN_REPOS
else
usage
echo "Option '-R git' or '-R svn' must be set."
@@ -169,7 +168,7 @@ then
echo "Releasing from trunk is not yet supported when using git."
exit 5
fi
-JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/trunk"
+JK_REPOS_URL="${REPOS}/trunk"
repos_use_url="`svn help info | grep URL`"
if [ -n "$repos_use_url" ]
then
@@ -193,7 +192,7 @@ then
exit 5
fi
JK_BRANCH=`echo $branch | sed -e 's#/#__#g'`
-JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/branches/$branch"
+JK_REPOS_URL="${REPOS}/branches/$branch"
JK_REV=`svn info $revision ${JK_REPOS_URL} | awk '$1 == "Revision:" {print
$2}'`
if [ -z "$JK_REV" ]
then
@@ -226,7 +225,7 @@ else
echo "Releasing with an explicit tag is not yet supported when
using git."
exit 5
fi
-JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}"
+JK_REPOS_URL="${REPOS}"
JK_DIST=${JK_CVST}-${JK_VER}-src
else
JK_VER=$version
@@ -245,7 +244,7 @@ else
fi
JK_TAG=$tag
fi
-JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/tags/${JK_TAG}"
+JK_REPOS_URL="${REPOS}/tags/${JK_TAG}"
JK_DIST=${JK_CVST}-${JK_VER}-src
fi
fi
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868134 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 12:20:45 2019
New Revision: 1868134
URL: http://svn.apache.org/viewvc?rev=1868134&view=rev
Log:
Add "-R git" and "-R svn" to mod_jk release skript.
With git only releasing a version is currently
supported.
Not tested.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868134&r1=1868133&r2=1868134&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 12:20:45 2019
@@ -19,14 +19,15 @@
# Make sure to set your path so that we can find
# the following binaries:
# cd, mkdir, cp, rm, find
-# svn
+# svn or git
# ant
# libtoolize, aclocal, autoheader, automake, autoconf
# tar, zip, gzip
# gpg
# And any one of: w3m, elinks, links (links2)
-REPOS_ROOT="http://svn.apache.org/repos/asf";
+SVN_REPOS_ROOT="http://svn.apache.org/repos/asf";
+GIT_REPOS_ROOT="https://gitbox.apache.org/repos/asf";
REPOS_PROJ="tomcat/jk"
JK_CVST="tomcat-connectors"
JK_OWNER="root"
@@ -44,15 +45,16 @@ SIGN_OPTS=""
FUNCTIONS ##
usage() {
-echo "Usage:: $0 -v VERSION [-f] [-r revision] [-t tag | -b BRANCH | -T |
-d DIR]"
+echo "Usage:: $0 -R (git|svn) -v VERSION [-f] [-r revision] [-t tag | -b
BRANCH | -T | -d DIR]"
+echo "-R: Use git or svn to check out from repos"
echo "-v: version to package"
echo "-f: force, do not validate tag against version"
echo "-h: create text documentation for html"
-echo "-t: tag to use if different from version"
-echo "-r: revision to package"
-echo "-b: package from branch BRANCH"
-echo "-T: package from trunk"
-echo "-d: package from local directory"
+echo "-t: tag to use if different from version (only for svn)"
+echo "-r: revision to package (only for svn)"
+echo "-b: package from branch BRANCH (only for svn)"
+echo "-T: package from trunk (only for svn)"
+echo "-d: package from local directory (only for svn)"
echo "-o: owner used for creating tar archive"
echo "-g: group used for creating tar archive"
echo "-p: GNU PG passphrrase used for signing"
@@ -76,9 +78,10 @@ copy_files() {
txtgen=n
conflict=0
-while getopts :v:t:r:b:d:p:k:o:g:Tfh c
+while getopts :R:v:t:r:b:d:p:k:o:g:Tfh c
do
case $c in
+R) repos=$OPTARG;;
v) version=$OPTARG;;
t) tag=$OPTARG
conflict=$(($conflict+1));;
@@ -103,6 +106,19 @@ do
done
shift `expr $OPTIND - 1`
+if [ "X$repos" -eq "Xgit" ]
+then
+USE_GIT=1
+REPOS_ROOT=$GIT_REPOS_ROOT
+elif [ "X$repos" -eq "Xsvn" ]
+USE_GIT=0
+REPOS_ROOT=$SVN_REPOS_ROOT
+else
+usage
+echo "Option '-R git' or '-R svn' must be set."
+exit 2
+fi
+
if [ $conflict -gt 1 ]
then
usage
@@ -112,6 +128,11 @@ fi
if [ -n "$local_dir" ]
then
+if [ $USE_GIT == 1 ]
+then
+echo "Releasing from a local directory is not yet supported when using
git."
+exit 5
+fi
echo "Caution: Packaging from directory!"
echo "Make sure the directory is committed."
answer="x"
@@ -134,10 +155,20 @@ then
fi
if [ -n "$revision" ]
then
+if [ $USE_GIT == 1 ]
+then
+echo "Using an explicit revision is not yet supported when using git."
+exit 5
+fi
revision="-r $revision"
fi
if [ -n "$trunk" ]
then
+if [ $USE_GIT == 1 ]
+then
+echo "Releasing from trunk is not yet supported when using git."
+exit 5
+fi
JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/trunk"
repos_use_url="`svn help info | grep URL`"
if [ -n "$repos_use_url" ]
@@ -156,6 +187,11 @@ then
JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
elif [ -n "$branch" ]
then
+if [ $USE_GIT == 1 ]
+then
+echo "Releasing from a branch is not yet supported when using git."
+exit 5
+fi
JK_BRANCH=`echo $branch | sed -e 's#/#__#g'`
JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/branches/$branch"
JK_REV=`svn info $revision ${JK_REPOS_URL} | awk '$1 == "Revision:" {print
$2}'`
@@ -168,6 +204,11 @@ then
JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
elif [ -n "$local_dir" ]
then
+if [ $USE_GIT == 1 ]
+then
+echo "Releasing from a local directory is not yet supported when using
git."
+exit 5
+fi
JK_REPOS_URL="$local_dir"
JK_REV=`svn info $revision ${JK_REPOS_URL} | awk '$1 == "Revision:" {print
$2}'`
if [ -z "$JK_REV" ]
@@ -178,24 +219,35 @@ then
JK_SUFFIX=-local-`date +%Y%m%d%H%M%S`-${JK_REV}
JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
else
-JK_VER=$version
-JK_TAG=`echo $version | sed -e 's#^#JK_#' -e 's#\.#_#g'`
-
[Bug 63815] New: Expansion of JAVA_OPTS in catalina.sh containing '*' stops startup on linux
https://bz.apache.org/bugzilla/show_bug.cgi?id=63815 Bug ID: 63815 Summary: Expansion of JAVA_OPTS in catalina.sh containing '*' stops startup on linux Product: Tomcat 8 Version: 8.5.x-trunk Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: mrog...@zaizi.com Target Milestone: On Linux, the catalina.sh does not correctly quote use of $JAVA_OPTS so if you specify an option containing a bash shell special character, in particular '*' then tomcat fails to start. For example set JAVA_OPTS="-Dfoo.cronExpression=\"0 0 0/12 * * ?\"" And then try to start tomcat, it will fail with a non zero exit code. Part of the fix is to stop the expansion by simply put the use of JAVA_OPTS in double quotes. i.e. "$JAVA_OPTS" An additional complication is that the unquoted expression strips newline characters so for backwards compatibility its also necessary to strip newline characters. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63808] the fact that JkMount makes other directives ineffective is undocumented
https://bz.apache.org/bugzilla/show_bug.cgi?id=63808 Mark Thomas changed: What|Removed |Added Severity|normal |enhancement Component|mod_jk |Documentation --- Comment #8 from Mark Thomas --- (In reply to Arpad Magosanyi from comment #7) > Well, the fact that other directives are ineffective when we use JkMount in > a Location could be the way it is intended to work, The above statement is not correct. The presence of JkMount has no impact on how the other directives are processed. > but I believe I am not > the only one expecting that once I write down a directive I either get a > prominent warning, or the directive actually works. This is not the case, > hence I consider this as a bug. Again, there is no bug here. Your expectation for how works is incorrect. As per the Location docs, the "*" wildcard does NOT include the "/" character (whereas it does for JkMount). > I propose to update the documentation of the JkMount directive to provide a > warning about that. That would have saved some 10 hours of work for me, and > most probably will save hundreds of hours for a set of other users. A good > return for that 5 minutes of work. What update do you propose to the documentation? Note that the JkMount documentation already includes a warning that using it within a Location block is typically not the correct thing to do (because of the different ways Location and JkMount perform URL mapping). I'm switching this to an enhancement request for the docs. > And anyway, this will be less effort than always reclose this issue and > answer my concerns :) That could easily be read as a threat to make a nuisance of yourself by continually re-opening this issue if you disagree with the resolution. The Tomcat community will not tolerate such behaviour and will disable any Bugzilla account responsible for such behaviour. > And thank you for your help in the mailing list, and this excellent piece of > code! You're welcome for the help but I can't claim the credit for the code. Other community members before me put in the work to create and develop mod_jk. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868132 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 11:47:32 2019
New Revision: 1868132
URL: http://svn.apache.org/viewvc?rev=1868132&view=rev
Log:
Don't roll ".git" (just in case e do a full checkout).
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868132&r1=1868131&r2=1868132&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 11:47:32 2019
@@ -234,6 +234,7 @@ rm -f ${targetdir}/native/LICENSE
find ${JK_DIST} -name .cvsignore -exec rm -rf \{\} \;
find ${JK_DIST} -name CVS -exec rm -rf \{\} \;
find ${JK_DIST} -name .svn -exec rm -rf \{\} \;
+find ${JK_DIST} -name .git -exec rm -rf \{\} \;
cd ${JK_DIST}/native
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868131 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 11:45:48 2019
New Revision: 1868131
URL: http://svn.apache.org/viewvc?rev=1868131&view=rev
Log:
Make variable names more agnostic about our
code repos technology.
No functional change, still only works for svn.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868131&r1=1868130&r2=1868131&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 11:45:48 2019
@@ -26,8 +26,8 @@
# gpg
# And any one of: w3m, elinks, links (links2)
-SVNROOT="http://svn.apache.org/repos/asf";
-SVNPROJ="tomcat/jk"
+REPOS_ROOT="http://svn.apache.org/repos/asf";
+REPOS_PROJ="tomcat/jk"
JK_CVST="tomcat-connectors"
JK_OWNER="root"
JK_GROUP="bin"
@@ -138,18 +138,18 @@ then
fi
if [ -n "$trunk" ]
then
-JK_SVN_URL="${SVNROOT}/${SVNPROJ}/trunk"
-svn_url_info="`svn help info | grep URL`"
-if [ -n "$svn_url_info" ]
+JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/trunk"
+repos_use_url="`svn help info | grep URL`"
+if [ -n "$repos_use_url" ]
then
- JK_SVN_INFO="${JK_SVN_URL}"
+ JK_REPOS_INFO_PATH="${JK_REPOS_URL}"
else
- JK_SVN_INFO=.
+ JK_REPOS_INFO_PATH=.
fi
-JK_REV=`svn info $revision $JK_SVN_INFO | awk '$1 == "Revision:" {print
$2}'`
+JK_REV=`svn info $revision $JK_REPOS_INFO_PATH | awk '$1 == "Revision:"
{print $2}'`
if [ -z "$JK_REV" ]
then
- echo "No Revision found at '$JK_SVN_URL'"
+ echo "No Revision found at '$JK_REPOS_URL'"
exit 3
fi
JK_SUFFIX=-${JK_REV}
@@ -157,22 +157,22 @@ then
elif [ -n "$branch" ]
then
JK_BRANCH=`echo $branch | sed -e 's#/#__#g'`
-JK_SVN_URL="${SVNROOT}/${SVNPROJ}/branches/$branch"
-JK_REV=`svn info $revision ${JK_SVN_URL} | awk '$1 == "Revision:" {print
$2}'`
+JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/branches/$branch"
+JK_REV=`svn info $revision ${JK_REPOS_URL} | awk '$1 == "Revision:" {print
$2}'`
if [ -z "$JK_REV" ]
then
- echo "No Revision found at '$JK_SVN_URL'"
+ echo "No Revision found at '$JK_REPOS_URL'"
exit 3
fi
JK_SUFFIX=-${JK_BRANCH}-${JK_REV}
JK_DIST=${JK_CVST}-${version}-dev${JK_SUFFIX}-src
elif [ -n "$local_dir" ]
then
-JK_SVN_URL="$local_dir"
-JK_REV=`svn info $revision ${JK_SVN_URL} | awk '$1 == "Revision:" {print
$2}'`
+JK_REPOS_URL="$local_dir"
+JK_REV=`svn info $revision ${JK_REPOS_URL} | awk '$1 == "Revision:" {print
$2}'`
if [ -z "$JK_REV" ]
then
- echo "No Revision found at '$JK_SVN_URL'"
+ echo "No Revision found at '$JK_REPOS_URL'"
exit 3
fi
JK_SUFFIX=-local-`date +%Y%m%d%H%M%S`-${JK_REV}
@@ -194,11 +194,11 @@ else
fi
JK_TAG=$tag
fi
-JK_SVN_URL="${SVNROOT}/${SVNPROJ}/tags/${JK_TAG}"
+JK_REPOS_URL="${REPOS_ROOT}/${REPOS_PROJ}/tags/${JK_TAG}"
JK_DIST=${JK_CVST}-${JK_VER}-src
fi
-echo "Using subversion URL: $JK_SVN_URL"
+echo "Using checkout URL: $JK_REPOS_URL"
echo "Rolling into file $JK_DIST.*"
sleep 2
@@ -208,7 +208,7 @@ rm -rf ${JK_DIST} 2>/dev/null || true
rm -rf ${JK_DIST}.* 2>/dev/null || true
mkdir -p ${JK_DIST}.tmp
-svn export $revision "${JK_SVN_URL}" ${JK_DIST}.tmp/jk
+svn export $revision "${JK_REPOS_URL}" ${JK_DIST}.tmp/jk
if [ $? -ne 0 ]; then
echo "svn export failed"
exit 1
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Migrating Tomcat Connectors to Git
Am 08.10.2019 um 13:09 schrieb Mark Thomas: Hi all, Tomcat Connectors (mod_jk, isapi_redirect) are currently in svn. There hasn't been much activity on these over the last year or so so there has been no reason to migrate the project to Git. I've recently fixed a mod_jk bug and I have a patch ready to fix a second. These seems like a good time to migrate Tomcat Connectors to git. Therefore, I intend to start this today. OK for me. You are probably already aware of the fact, that tools/jkrelease.sh has some svn foo in it. To make migration easier, we could comment out the features to release from trunk (dev tarball), a branch (also dev tarball) or a local directory and for now just keep the part using a tag. That makes adjusting the script much easier, especially due to a simplification I just committed. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63814] Socket timeout -1 no longer allowed since Java 13, leading to IllegalArgumentException and unit test hang for TestAbstractAjpProcessor
https://bz.apache.org/bugzilla/show_bug.cgi?id=63814 Remy Maucherat changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Remy Maucherat --- The fix will be in 7.0.98. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868130 - /tomcat/jk/trunk/tools/jkrelease.sh
Author: rjung
Date: Tue Oct 8 11:35:32 2019
New Revision: 1868130
URL: http://svn.apache.org/viewvc?rev=1868130&view=rev
Log:
Remove unused svn revision retrieval when releasing
from a tag.
Modified:
tomcat/jk/trunk/tools/jkrelease.sh
Modified: tomcat/jk/trunk/tools/jkrelease.sh
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/tools/jkrelease.sh?rev=1868130&r1=1868129&r2=1868130&view=diff
==
--- tomcat/jk/trunk/tools/jkrelease.sh (original)
+++ tomcat/jk/trunk/tools/jkrelease.sh Tue Oct 8 11:35:32 2019
@@ -195,8 +195,6 @@ else
JK_TAG=$tag
fi
JK_SVN_URL="${SVNROOT}/${SVNPROJ}/tags/${JK_TAG}"
-JK_REV=`svn info $revision ${JK_SVN_URL} | awk '$1 == "Revision:" {print
$2}'`
-JK_SUFFIX=" ($JK_REV)"
JK_DIST=${JK_CVST}-${JK_VER}-src
fi
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: 63814: Do not set server socket timeout with negative values in NIO
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 0a18642 63814: Do not set server socket timeout with negative values
in NIO
0a18642 is described below
commit 0a18642108a637b9800042f4202d284da93a9682
Author: remm
AuthorDate: Tue Oct 8 13:31:30 2019 +0200
63814: Do not set server socket timeout with negative values in NIO
---
java/org/apache/tomcat/util/net/NioEndpoint.java | 4 +++-
webapps/docs/changelog.xml | 8
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java
b/java/org/apache/tomcat/util/net/NioEndpoint.java
index 2f25ee4..33a7d18 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -474,7 +474,9 @@ public class NioEndpoint extends
AbstractEndpoint {
InetSocketAddress addr = (getAddress()!=null?new
InetSocketAddress(getAddress(),getPort()):new InetSocketAddress(getPort()));
serverSock.socket().bind(addr,getBacklog());
serverSock.configureBlocking(true); //mimic APR behavior
-serverSock.socket().setSoTimeout(getSocketProperties().getSoTimeout());
+if (getSocketProperties().getSoTimeout() > 0) {
+
serverSock.socket().setSoTimeout(getSocketProperties().getSoTimeout());
+}
// Initialize thread count defaults for acceptor, poller
if (acceptorThreadCount == 0) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 21b38f2..44c1aad 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -60,6 +60,14 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+63814: Do not set server socket timeout with negative
+values in NIO. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63808] the fact that JkMount makes other directives ineffective is undocumented
https://bz.apache.org/bugzilla/show_bug.cgi?id=63808 Arpad Magosanyi changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- --- Comment #7 from Arpad Magosanyi --- Well, the fact that other directives are ineffective when we use JkMount in a Location could be the way it is intended to work, but I believe I am not the only one expecting that once I write down a directive I either get a prominent warning, or the directive actually works. This is not the case, hence I consider this as a bug. I propose to update the documentation of the JkMount directive to provide a warning about that. That would have saved some 10 hours of work for me, and most probably will save hundreds of hours for a set of other users. A good return for that 5 minutes of work. And anyway, this will be less effort than always reclose this issue and answer my concerns :) And thank you for your help in the mailing list, and this excellent piece of code! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63814] Socket timeout -1 no longer allowed since Java 13, leading to IllegalArgumentException and unit test hang for TestAbstractAjpProcessor
https://bz.apache.org/bugzilla/show_bug.cgi?id=63814 Remy Maucherat changed: What|Removed |Added OS||All --- Comment #1 from Remy Maucherat --- The javadoc already said the value must be > 0 and it's handled in 8.5 and 9. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63814] New: Socket timeout -1 no longer allowed since Java 13, leading to IllegalArgumentException and unit test hang for TestAbstractAjpProcessor
https://bz.apache.org/bugzilla/show_bug.cgi?id=63814 Bug ID: 63814 Summary: Socket timeout -1 no longer allowed since Java 13, leading to IllegalArgumentException and unit test hang for TestAbstractAjpProcessor Product: Tomcat 7 Version: trunk Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: rainer.j...@kippdata.de Target Milestone: --- I observed the same hang on three different Linux systems when using OpenJDK 13 (GA, Build 33). The hang is always in TestAbstractAjpProcessor for NIO in test testKeepAlive. The hanging JVM process only shows the AJP client (stacks from 7.0.96, but problem still in 7.0.97): "main" #1 prio=5 os_prio=0 cpu=1497.40ms elapsed=18779.47s tid=0x7ff040017800 nid=0x7ea3 runnable [0x7ff046b74000] java.lang.Thread.State: RUNNABLE at sun.nio.ch.SocketDispatcher.read0(java.base@13-ea/Native Method) at sun.nio.ch.SocketDispatcher.read(java.base@13-ea/SocketDispatcher.java:47) at sun.nio.ch.NioSocketImpl.tryRead(java.base@13-ea/NioSocketImpl.java:262) at sun.nio.ch.NioSocketImpl.implRead(java.base@13-ea/NioSocketImpl.java:313) at sun.nio.ch.NioSocketImpl.read(java.base@13-ea/NioSocketImpl.java:351) at sun.nio.ch.NioSocketImpl$1.read(java.base@13-ea/NioSocketImpl.java:802) at java.net.Socket$SocketInputStream.read(java.base@13-ea/Socket.java:919) at org.apache.coyote.ajp.SimpleAjpClient.read(SimpleAjpClient.java:390) at org.apache.coyote.ajp.SimpleAjpClient.readMessage(SimpleAjpClient.java:365) at org.apache.coyote.ajp.SimpleAjpClient.cping(SimpleAjpClient.java:350) at org.apache.coyote.ajp.TestAbstractAjpProcessor.testKeepAlive(TestAbstractAjpProcessor.java:526) ... but the log indicates a problem: INFO: Starting test case [testKeepAlive] Jul 26, 2019 5:20:37 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["ajp-nio-127.0.0.1-auto-6"] Jul 26, 2019 5:20:37 PM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler ["ajp-nio-127.0.0.1-auto-6-34726"] java.lang.IllegalArgumentException: timeout < 0 at java.base/sun.nio.ch.ServerSocketAdaptor.setSoTimeout(ServerSocketAdaptor.java:153) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:477) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:728) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:452) at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:560) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:840) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:135) at org.apache.catalina.startup.Tomcat.start(Tomcat.java:449) at org.apache.catalina.startup.TomcatBaseTest$TomcatWithFastSessionIDs.start(TomcatBaseTest.java:808) at org.apache.coyote.ajp.TestAbstractAjpProcessor.testKeepAlive(TestAbstractAjpProcessor.java:513) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:567) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55) at org.junit.rules.RunRules.evaluate(RunRules.java:20) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit
Migrating Tomcat Connectors to Git
Hi all, Tomcat Connectors (mod_jk, isapi_redirect) are currently in svn. There hasn't been much activity on these over the last year or so so there has been no reason to migrate the project to Git. I've recently fixed a mod_jk bug and I have a patch ready to fix a second. These seems like a good time to migrate Tomcat Connectors to git. Therefore, I intend to start this today. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1868127 - /tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
Author: markt Date: Tue Oct 8 11:03:48 2019 New Revision: 1868127 URL: http://svn.apache.org/viewvc?rev=1868127&view=rev Log: Update changelog Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1868127&r1=1868126&r2=1868127&view=diff == --- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Tue Oct 8 11:03:48 2019 @@ -44,11 +44,11 @@ -Extend trace level logging of method entry/exit to aid debugging of -request mapping issues. (markt) +Apache: Extend trace level logging of method entry/exit to aid debugging +of request mapping issues. (markt) -Fix a bug in the normalization checks that prevented file based +Apache: Fix a bug in the normalization checks that prevented file based requests, such as SSI file includes, from being processed. (markt) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63214] Using JkAutoAlias, Filenames with Spaces Cannot be found
https://bz.apache.org/bugzilla/show_bug.cgi?id=63214 --- Comment #3 from Mark Thomas --- Thanks for the review. I'll proceed on that basis. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63808] the fact that JkMount makes other directives ineffective is undocumented
https://bz.apache.org/bugzilla/show_bug.cgi?id=63808 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |INVALID --- Comment #6 from Mark Thomas --- (In reply to Arpad Magosanyi from comment #3) > How it is not a bug when a piece of software does not work as documented? This is not a bug because the software is working as documented. This is not a bug because the root cause configuration error. The short version is that doesn't do what you think it does. I'll add the full explanation to the users list thread: https://tomcat.markmail.org/thread/iax6picwsjlhbohd -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63214] Using JkAutoAlias, Filenames with Spaces Cannot be found
https://bz.apache.org/bugzilla/show_bug.cgi?id=63214 --- Comment #2 from Rainer Jung --- The use of ap_os_escape_path() goes back to the original implementation of the JkAutoAlias feature for httpd 1.3.x. svn logs do not give any idication why it was used. Currently in the 2.0 code, IMHO the resulting string is always used in the context of file system operations (either apr_stat or r->filename). So I don't see a reason why it should be percent encoded. On the contrary, there should be many cases where this makes it fail. I couldn't find other older bug reports, but it might be due to the fact, that context names rarely contain special characters which would have been ecoded by ap_os_escape_path(). A space is probably the most common case. I am +1 for the suggested patch. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Drop APR Connector
Am 07.10.2019 um 16:39 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I recently gave a presentation on locking-down Apache Tomcat[1] and I briefly discussed the "sharp edges" present in Tomcat. Some of them are unnecessarily sharp and may be actually unnecessary. I'm going to make a few proposals to remove functions from Tomcat. Proposal: Remove APR connector +1 and +1 to the additional comments by Mark and Remy Justification: The APR connector was once used to provide superior I/O when compared to the only other available I/O mechanism available in Java: blocking I/O. Specifically, the APR connector allowed Tomcat to wait for keepalive requests on a connection to in a non-blocking fashion which was not possible with Java BIO-based connectors. The introduction of NIO into Java back in Java 1.4 (!!) changed things, and NIO support was added to Tomcat in 6.0. Now that it has had time to mature, the NIO connector is superior to the APR connector in several ways: 1. NIO connector allows non-blocking TLS handshakes 2. NIO connector uses less (Tomcat-owned) native code The first item improves performance and availability and the second item improves stability (and thus availability). The last advantage which (until recently) made the APR connector still very useful was the ability to use the OpenSSL cryptographic library for all cryptographic operations which is measurably higher-performance than those typically provided by the JVM. This last advantage no longer exists since we have a JSSE provider available for OpenSSL using libtcnative. Notes: This proposal does not recommend the removal of libtcnative. Only the removal of the APR connector, the APR lifecycle listener, and the associated native code required to support those components. - -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Remove CGI Servlet
Am 07.10.2019 um 18:37 schrieb Igal Sapir: On 10/7/2019 8:14 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 10/7/19 11:10, Mark Thomas wrote: All, I recently gave a presentation on locking-down Apache Tomcat[1] and I briefly discussed the "sharp edges" present in Tomcat. Some of them are unnecessarily sharp and may be actually unnecessary. I'm going to make a few proposals to remove functions from Tomcat. Proposal: Remove CGI Servlet -1. Not a veto, just a -1. Fair enough. I didn't think I'd get 100% agreement. If anyone feels like this is is something worth keeping around, I'm happy to let the proposal drop. Is it possible to extract these removals (including the other proposals in this question) to an external repo in case someone wants to add them manually to his/her own deployment? That way if anyone depends on any of the removed items they can still add them. +1 it would be great if that would be feasible. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)
Am 07.10.2019 um 20:01 schrieb Rémy Maucherat: On Mon, Oct 7, 2019 at 4:46 PM Christopher Schultz mailto:ch...@christopherschultz.net>> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I recently gave a presentation on locking-down Apache Tomcat[1] and I briefly discussed the "sharp edges" present in Tomcat. Some of them are unnecessarily sharp and may be actually unnecessary. I'm going to make a few proposals to remove functions from Tomcat. Proposal: Remove Server-Side Includes +1 Justification: The SSI module is a remote-code execution (RCE) vulnerability as a feature. My sense is that SSI is a little-used feature. A few years ago, markt[2] asked if anyone was using SSI. The only replies were from other Tomcat devs commenting on what to do with SSI if it's no longer in the main Tomcat distribution; there were no community members who responded saying that SSI was important to them. If the packaging of Tomcat could be tweaked a bit to move the SSI components into a separate JAR file (e.g. move org/apache/catalina/ssi/* to catalina-ssi.jar) and if the SSI components don't rely on any Tomcat specific capabilities or internals, then the cattalina-ssi.jar file could be used between Tomcat versions. For example, a user of Tomcat 10 who still needs SSI could get the SSI module from a distribution of Tomcat 8.5.x or 9.x. Yes, basically I think we should remove both CGI and SSI, *but* actually keep them in a separate JAR. For CGI this is harder as it is directly in the servlets package, so it would have to be moved to servlets.cgi for Tomcat 10. +1 Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63808] the fact that JkMount makes other directives ineffective is undocumented
https://bz.apache.org/bugzilla/show_bug.cgi?id=63808 Arpad Magosanyi changed: What|Removed |Added Summary|user and certificate info |the fact that JkMount makes |is not passed to tomcat |other directives ||ineffective is undocumented -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63808] user and certificate info is not passed to tomcat
https://bz.apache.org/bugzilla/show_bug.cgi?id=63808 --- Comment #5 from Arpad Magosanyi --- Upps, tested the nonredundant version, but forget to update it here. JkMount worker1 DirectoryIndex off RewriteEngine Off AuthType openid-connect AllowOverride None LogLevel debug Require valid-user SSLOptions +StdEnvVars SSLOptions +ExportCertData SSLVerifyClient require -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
