tagging http://svn.apache.org/repos/asf/tomcat/native/trunk/
Hi, I think it is time to tag trunk of native to go forward for native What tag should I use? 1.2.0 as it still work with the APR connector? I am planning to drop APR and have an OpenSSL only native in a near future (that might takes times to lack of cycles). Comments on that? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tagging http://svn.apache.org/repos/asf/tomcat/native/trunk/
On 09/09/2015 10:18 AM, Mark Thomas wrote: On 09/09/2015 07:20, jean-frederic clere wrote: Hi, I think it is time to tag trunk of native to go forward for native What tag should I use? 1.2.0 as it still work with the APR connector? 1.2.0 works for me. I don't think we are finished with the API so anything we release needs to come with some sort of health warning (alpha/beta tag and/or something in the release notes) that the API is not stable. Agreed we need to check how java9 will handle APLN and make sure we aren't too incompatible with what we have in tomcat-native. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1700964 - /tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
On 09/03/2015 11:16 AM, jfcl...@apache.org wrote: Author: jfclere Date: Thu Sep 3 09:16:48 2015 New Revision: 1700964 URL: http://svn.apache.org/r1700964 Log: Remove useless code. Well it reset the pos after the put... I will rollback that might be used somewhere no? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat Connectors 1.2.41 released
On 08/17/2015 01:10 PM, Mark Thomas wrote: The Apache Tomcat Project is proud to announce the release of version 1.2.41 of the Apache Tomcat Connectors. This version fixes one security issue (CVE-2014-8111) and a number of bugs found in previous releases. Many thanks for the release and sorry for all the troubles around CVE-2014-8111. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1691565 - in /tomcat/trunk/java/org/apache/tomcat/util/net/openssl: OpenSSLContext.java OpenSSLEngine.java
On 07/17/2015 04:03 PM, r...@apache.org wrote: Find the new better API for ALPN. Should we remove the old one? Basically it should be use only by tomcat. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1690279 - /tomcat/native/trunk/native/src/network.c
On 07/13/2015 07:35 PM, Christopher Schultz wrote:
Jean-Frederic,
On 7/10/15 10:48 AM, jfcl...@apache.org wrote:
Author: jfclere
Date: Fri Jul 10 15:48:01 2015
New Revision: 1690279
URL: http://svn.apache.org/r1690279
Log:
Make sure we don't core the JVM if called wrongly from a destroyed or closed
socket.
Modified:
tomcat/native/trunk/native/src/network.c
Modified: tomcat/native/trunk/native/src/network.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/network.c?rev=1690279r1=1690278r2=1690279view=diff
==
--- tomcat/native/trunk/native/src/network.c (original)
+++ tomcat/native/trunk/native/src/network.c Fri Jul 10 15:48:01 2015
@@ -1152,8 +1152,10 @@ TCN_IMPLEMENT_CALL(jint, Socket, optSet)
if (!s-sock) {
return APR_ENOTSOCK;
}
-else
-return (jint)(*s-net-opt_set)(s-opaque, (apr_int32_t)opt,
(apr_int32_t)on);
+if(!s-net) {
+return -(jint)APR_EINVALSOCK;
+}
+return (jint)(*s-net-opt_set)(s-opaque, (apr_int32_t)opt,
(apr_int32_t)on);
}
TCN_IMPLEMENT_CALL(jint, Socket, optGet)(TCN_STDARGS, jlong sock,
@@ -1163,12 +1165,16 @@ TCN_IMPLEMENT_CALL(jint, Socket, optGet)
apr_int32_t on = 0;
UNREFERENCED(o);
-if (!s-sock)
+if (!s-sock) {
tcn_ThrowAPRException(e, APR_ENOTSOCK);
-else {
-TCN_THROW_IF_ERR((*s-net-opt_get)(s-opaque, (apr_int32_t)opt,
-on), on);
+return APR_ENOTSOCK;
+}
+if(!s-net) {
+tcn_ThrowAPRException(e, APR_EINVALSOCK);
+return -(jint)APR_EINVALSOCK;
}
+TCN_THROW_IF_ERR((*s-net-opt_get)(s-opaque, (apr_int32_t)opt,
+on), on);
cleanup:
return (jint)on;
}
@@ -1181,9 +1187,11 @@ TCN_IMPLEMENT_CALL(jint, Socket, timeout
UNREFERENCED(o);
TCN_ASSERT(s-opaque != NULL);
if (!sock) {
-tcn_ThrowAPRException(e, APR_ENOTSOCK);
return APR_ENOTSOCK;
}
+if(!s-net) {
+return -(jint)APR_EINVALSOCK;
+}
return (jint)(*s-net-timeout_set)(s-opaque, J2T(timeout));
}
@@ -1197,6 +1205,10 @@ TCN_IMPLEMENT_CALL(jlong, Socket, timeou
tcn_ThrowAPRException(e, APR_ENOTSOCK);
return 0;
}
+if(!s-net) {
+tcn_ThrowAPRException(e, APR_EINVALSOCK);
+return -(jint)APR_EINVALSOCK;
+}
TCN_ASSERT(s-opaque != NULL);
TCN_THROW_IF_ERR((*s-net-timeout_get)(s-opaque, timeout), timeout);
It looks like we inconsistently throw an exception and/or return
APR_EINVALSOCK. Should we always do one or the other? (Unfortunately,
tcn_ThrowAPRException always throws a java.lang.Error and not something
more specific. It might be nice to change that to something like
APRException.)
Actually the getters are throwning but the setters aren't that isn't
very clean :-(
The return after the throw makes the compiler happy that is dirty.
Cheers
Jean-Frederic
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Heads up on OpenSSL vulnerability
On 07/07/2015 10:53 AM, Mark Thomas wrote: FYI https://mta.openssl.org/pipermail/openssl-announce/2015-July/37.html We might need to point Windows users to this: http://wiki.apache.org/tomcat/BuildTcNativeWin until we can get an updated build out (assuming the issue affects us). It is looking like I'm not going to be in a position to do the tc-native release quickly if one is required. Should be OK: https://www.openssl.org/news/vulnerabilities.html (Affected 1.0.1o, 1.0.1n) In tc-native log: Use OpenSSL 1.0.1m with Windows binaries. (markt) Safe :D Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tc-native and multiple certificates for a single virtual host
On 06/23/2015 02:11 PM, Konstantin Kolinko wrote: 2015-06-22 9:06 GMT+03:00 jean-frederic clere jfcl...@gmail.com: On 06/19/2015 10:01 PM, Mark Thomas wrote: I'm looking at integrating multiple certificate support with APR/native and the new OpenSSLContext. I have a query about the following method that I hope those that have been working in this area recently will be able to answer. SSLContext.setCertificate(long ctx, String cert, String key, String password, int idx) The idx can either be 0 (RSA) or 1 (DSS). It is tested between 0 and 4. I know the tc-native enforces that idx is 0 or 1. Does it require that idx is 0 for RSA keys and 1 for DSS keys? According the include: +++ #define SSL_AIDX_RSA (0) #define SSL_AIDX_DSA (1) #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +++ As those look like indexes into an array, I wonder why 2 was skipped. Because it used to be SSL_AIDX_MAX :-( Those defines were introduced in r1681509 Note that they were backported to native 1.1.x in r1681515 I will ping Rainer then. Cheers Jean-Frederic How does one specify an ECC key? Using 3 I guess but I don't see a different handling for the different type of key/cert... Basically it looks like the latest call tells which key/cert will be used. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tc-native and multiple certificates for a single virtual host
On 06/19/2015 10:01 PM, Mark Thomas wrote: I'm looking at integrating multiple certificate support with APR/native and the new OpenSSLContext. I have a query about the following method that I hope those that have been working in this area recently will be able to answer. SSLContext.setCertificate(long ctx, String cert, String key, String password, int idx) The idx can either be 0 (RSA) or 1 (DSS). It is tested between 0 and 4. I know the tc-native enforces that idx is 0 or 1. Does it require that idx is 0 for RSA keys and 1 for DSS keys? According the include: +++ #define SSL_AIDX_RSA (0) #define SSL_AIDX_DSA (1) #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +++ How does one specify an ECC key? Using 3 I guess but I don't see a different handling for the different type of key/cert... Basically it looks like the latest call tells which key/cert will be used. Cheers Jean-Frederic Thanks in advance, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GitHub] tomcat-native pull request: Port Netty-tc-native code to tomcat-na...
I am going to merge it today and fix in svn what will be broken after. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GitHub] tomcat-native pull request: Port Netty-tc-native code to tomcat-na...
On 06/18/2015 02:41 PM, Mark Thomas wrote: On 18 June 2015 13:12:52 BST, jean-frederic clere jfcl...@gmail.com wrote: I am going to merge it today and fix in svn what will be broken after. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org +1. This is trunk and I have the builds I need for testing alpn so breaking trunk for a few days should be fine. I am done. Actually netty-tc-native also brings some alpn logic I have kept both that probably needs some cleaning. I have built on F22 and use openssl-1.0.2c and apr-1.3.12 other version might cause problems I will try to test on other platform, is you need one tell me I can start with it. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
removing empty stubs in tc-native trunk
Hi, We have empty stubs in tc-native when openssl isn't detected, are those still needed? With NIO and NIO2 connectors we don't need native when we aren't using SSL. Comments? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: removing empty stubs in tc-native trunk
On 06/15/2015 01:32 PM, Mark Thomas wrote: On 15/06/2015 12:27, jean-frederic clere wrote: Hi, We have empty stubs in tc-native when openssl isn't detected, are those still needed? Yes, if we want to be able to support the APR/native connector without OpenSSL. With NIO and NIO2 connectors we don't need native when we aren't using SSL. Comments? I don't know how useful APR/native is without OpenSSL. I suspect not very. I'm not against dropping the stubs but it probably needs wider consultation that just the dev list. OK I will keep and add missing (if any) in my port. Cheers Jean-Frederic Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
SSLSocket.getALPN()
Hi, We are using SSLSocket.getALPN() but in fact that belongs to SSL according to the C code, should we move that to SSL and use the netty-tc-native code there? SSL.getAlpnSelected() would do the trick, Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: SSLSocket.getALPN()
On 06/15/2015 04:25 PM, Mark Thomas wrote: On 15/06/2015 15:17, jean-frederic clere wrote: Hi, We are using SSLSocket.getALPN() but in fact that belongs to SSL according to the C code, should we move that to SSL and use the netty-tc-native code there? I don't understand. ALPN is negotiated per socket and all the per socket methods are in SSLSocket. What is the justification for moving it? None... I am starting to think that SSL.getAlpnSelected() might not be working the way I though. I will keep both method and leave a note in getAlpnSelected(). Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: porting netty-tcnative to tomcat-native
On 06/15/2015 08:25 AM, Mark Thomas wrote: On 15/06/2015 06:55, jean-frederic clere wrote: Hi, The netty-tcnative is based on the 1.1.x so the porting taking more than excepted. Are you going to be able to commit this in multiple commits or is it going to be one big commit? A big commit it probably more easy, I have a huge diff that I am reviewing, but I will try to cut in piece like ssl.c (and depencencies), sslcontext.c etc (if possible). Picking the netty-tcnative commits one by one would take a lot more time. (And https://github.com/netty/netty-tcnative/commit/c788f64138946f15b8fb8f53d067ccf0fb9699af is a big commit). I would like some comments on the class caching for performances like in ssl.c: +++ TCN_FREE_CSTRING(engine); + +/* Cache the byte[].class for performance reasons */ +clazz = (*e)-FindClass(e, [B); +byteArrayClass = (jclass) (*e)-NewGlobalRef(e, clazz); + +/* Cache the String.class for performance reasons */ +sClazz = (*e)-FindClass(e, java/lang/String); +stringClass = (jclass) (*e)-NewGlobalRef(e, sClazz); + return (jint)APR_SUCCESS; } +++ Should I just put or have a flag in configure for it? I can't see a reason this would need to be optional. Either it helps performance (in which case it should be in) or it is an unnecessary optimisation (in which case it shouldn't be in at all). I took a quick look at ssl.c and I didn't see a lot of lookups for those classes? Does the netty code add some or am I missing something? It seems they are used in etPeerCertChain() and getCiphers() only, if someone uses client certificates than might make sense. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
porting netty-tcnative to tomcat-native
Hi, The netty-tcnative is based on the 1.1.x so the porting taking more than excepted. I would like some comments on the class caching for performances like in ssl.c: +++ TCN_FREE_CSTRING(engine); + +/* Cache the byte[].class for performance reasons */ +clazz = (*e)-FindClass(e, [B); +byteArrayClass = (jclass) (*e)-NewGlobalRef(e, clazz); + +/* Cache the String.class for performance reasons */ +sClazz = (*e)-FindClass(e, java/lang/String); +stringClass = (jclass) (*e)-NewGlobalRef(e, sClazz); + return (jint)APR_SUCCESS; } +++ Should I just put or have a flag in configure for it? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Merging Netty and Twitter fork of tcnative back
On 06/04/2015 03:13 PM, Rainer Jung wrote: I think we can safely drop NPN as it seems to be a dead end The Netty people are using it in SPDY it would be better to keep it if possible. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.44
On 05/08/2015 04:24 PM, jean-frederic clere wrote: [ ] Stable - go ahead and release as 6.0.44 Stable All my tests are OK. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.44
The following votes were cast: +1 (binding) : kkolinko, kfujino, jfclere, remm. +1 (non-binding) : Ognjen Blagojevic Given the votes above, we have enough votes for the release. I intend to go ahead with the release. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for a 6.0.x release
On 05/06/2015 12:37 AM, Mark Thomas wrote: It has been about 6 months since the last release, the changelog is reasonably long so I think it is time for 6.0.44. I am on it Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 6.0.44
The proposed Apache Tomcat 6.0.44 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.44/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1044/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_44/ The proposed 6.0.44 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 6.0.44 Stable Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.43
On 11/14/2014 11:42 AM, Mark Thomas wrote: [X] Stable - go ahead and release as 6.0.43 Stable My tests are passing. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.56
On 09/28/2014 02:34 PM, Violeta Georgieva wrote: [X] Stable - go ahead and release as 7.0.56 Stable My tests against the tag are all passing. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Time for 6.0.42
Hi, I plan to tag a 6.0.42 later today, objections? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for 6.0.42
On 09/30/2014 01:16 PM, jean-frederic clere wrote: Hi, I plan to tag a 6.0.42 later today, objections? Status looks good now I will tag and process to the vote. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 6.0.42
The proposed Apache Tomcat 6.0.42 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.42/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1023/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_42/ The proposed 6.0.42 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 6.0.42 Stable Regards Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.42
On 09/30/2014 10:54 PM, Konstantin Kolinko wrote: 2014-10-01 0:48 GMT+04:00 jean-frederic clere jfcl...@gmail.com: The proposed Apache Tomcat 6.0.42 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.42/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1023/ The above staging repository contains 7.0.56, not 6.0.42. Oops I press send before finishing. https://repository.apache.org/content/repositories/orgapachetomcat-1024/ is the right place. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1628481 - /tomcat/tc6.0.x/trunk/build.properties.default
On 09/30/2014 06:56 PM, Konstantin Kolinko wrote: 2014-09-30 20:16 GMT+04:00 jfcl...@apache.org: Author: jfclere Date: Tue Sep 30 16:16:13 2014 New Revision: 1628481 URL: http://svn.apache.org/r1628481 Log: Ready for 6.0.43 :D Modified: tomcat/tc6.0.x/trunk/build.properties.default Modified: tomcat/tc6.0.x/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/build.properties.default?rev=1628481r1=1628480r2=1628481view=diff == --- tomcat/tc6.0.x/trunk/build.properties.default (original) +++ tomcat/tc6.0.x/trunk/build.properties.default Tue Sep 30 16:16:13 2014 @@ -25,9 +25,9 @@ # - Version Control Flags - version.major=6 version.minor=0 -version.build=42 +version.build=43 version.patch=0 -version.suffix= +version.suffix=-dev This needs bump in res/maven/mvn.properties.default as well. http://svn.apache.org/r1594943 Fixed thanks Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1618650 - in /tomcat/trunk: build.properties.default java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
On 08/18/2014 08:21 PM, Konstantin Kolinko wrote:
2014-08-18 20:14 GMT+04:00 jfcl...@apache.org:
Author: jfclere
Date: Mon Aug 18 16:14:30 2014
New Revision: 1618650
URL: http://svn.apache.org/r1618650
Log:
Allow to use MS Windows keystore.
submitted by ehsavoie (Emmanuel Hugonnet ehugo...@redhat.com).
Modified:
tomcat/trunk/build.properties.default
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
1. Documentation =?,
2. I think this is already configurable by setting keystoreFile= and
truststoreFile= on a Connector.
If someone uses the MS Windows keystore the keystore and the truststore
file(s) needs to be .
Cheers
Jean-Frederic
See
https://issues.apache.org/bugzilla/show_bug.cgi?id=56021
http://svn.apache.org/r1559573
http://svn.apache.org/r1559575
Tomcat 7.0.51 changelog says:
add
bug56021/bug: Make it possible to use the Windows-MY key store with
the BIO and NIO connectors for SSL configuration. It requires a
codekeystoreFile=quot;quot;
keystoreType=quot;Windows-Myquot;/code
to be set on the connector. Based on a patch provided by Asanka.
(markt)
/add
3. In issue 56021 the keystoreType was spelled Windows-My. Why are
you spelling it as Windows-MY?
4. Changelog = ?
5. I reverted the change to build.properties.default
Best regards,
Konstantin Kolinko
Modified: tomcat/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1618650r1=1618649r2=1618650view=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Mon Aug 18 16:14:30 2014
@@ -238,3 +238,4 @@ cobertura.loc=${base-sf.loc}/cobertura/c
# - JVM settings for unit tests
java.net.preferIPv4Stack=false
+test.entry=org.apache.tomcat.util.net.TestSsl
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1618650r1=1618649r2=1618650view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Mon Aug 18 16:14:30 2014
@@ -295,6 +295,8 @@ public class JSSESocketFactory implement
String keystoreFile = endpoint.getKeystoreFile();
if (keystoreFile == null)
keystoreFile = defaultKeystoreFile;
+if(Windows-MY.equals(type))
+keystoreFile = ;
return getStore(type, provider, keystoreFile, pass);
}
@@ -310,6 +312,8 @@ public class JSSESocketFactory implement
if(truststoreFile == null) {
truststoreFile = System.getProperty(javax.net.ssl.trustStore);
}
+if(Windows-ROOT.equals(keystoreType))
+truststoreFile = ;
if(log.isDebugEnabled()) {
log.debug(Truststore = + truststoreFile);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1618650 - in /tomcat/trunk: build.properties.default java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
On 08/19/2014 08:52 AM, Mark Thomas wrote:
On 19/08/2014 07:16, jean-frederic clere wrote:
On 08/18/2014 08:21 PM, Konstantin Kolinko wrote:
2014-08-18 20:14 GMT+04:00 jfcl...@apache.org:
Author: jfclere
Date: Mon Aug 18 16:14:30 2014
New Revision: 1618650
URL: http://svn.apache.org/r1618650
Log:
Allow to use MS Windows keystore.
submitted by ehsavoie (Emmanuel Hugonnet ehugo...@redhat.com).
Modified:
tomcat/trunk/build.properties.default
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
1. Documentation =?,
2. I think this is already configurable by setting keystoreFile= and
truststoreFile= on a Connector.
If someone uses the MS Windows keystore the keystore and the truststore
file(s) needs to be .
That doesn't really answer Konstantin's point 2.
To put it another way, it has been possible to use the MSWindows
keystore since 7.0.51 so the svn log message is not correct.
Do you plan to address the other points Konstantin raised?
I need to prepare some documentation like how to use the MSWindows
keystore with keytool and minimal stuff to use mmc. The idea is to add
it to http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
Cheers
Jean-Frederic
Mark
Cheers
Jean-Frederic
See
https://issues.apache.org/bugzilla/show_bug.cgi?id=56021
http://svn.apache.org/r1559573
http://svn.apache.org/r1559575
Tomcat 7.0.51 changelog says:
add
bug56021/bug: Make it possible to use the Windows-MY key
store with
the BIO and NIO connectors for SSL configuration. It requires a
codekeystoreFile=quot;quot;
keystoreType=quot;Windows-Myquot;/code
to be set on the connector. Based on a patch provided by
Asanka. (markt)
/add
3. In issue 56021 the keystoreType was spelled Windows-My. Why are
you spelling it as Windows-MY?
4. Changelog = ?
5. I reverted the change to build.properties.default
Best regards,
Konstantin Kolinko
Modified: tomcat/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1618650r1=1618649r2=1618650view=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Mon Aug 18 16:14:30 2014
@@ -238,3 +238,4 @@ cobertura.loc=${base-sf.loc}/cobertura/c
# - JVM settings for unit tests
java.net.preferIPv4Stack=false
+test.entry=org.apache.tomcat.util.net.TestSsl
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1618650r1=1618649r2=1618650view=diff
==
---
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Mon Aug 18 16:14:30 2014
@@ -295,6 +295,8 @@ public class JSSESocketFactory implement
String keystoreFile = endpoint.getKeystoreFile();
if (keystoreFile == null)
keystoreFile = defaultKeystoreFile;
+if(Windows-MY.equals(type))
Any reason not to make this a case insensitive comparison?
+keystoreFile = ;
return getStore(type, provider, keystoreFile, pass);
}
@@ -310,6 +312,8 @@ public class JSSESocketFactory implement
if(truststoreFile == null) {
truststoreFile =
System.getProperty(javax.net.ssl.trustStore);
}
+if(Windows-ROOT.equals(keystoreType))
Same here.
+truststoreFile = ;
if(log.isDebugEnabled()) {
log.debug(Truststore = + truststoreFile);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1618872 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
On 08/19/2014 04:25 PM, jfcl...@apache.org wrote:
Author: jfclere
Date: Tue Aug 19 14:25:04 2014
New Revision: 1618872
URL: http://svn.apache.org/r1618872
Log:
Rollback r1618650.
I will come back later with a better commit message and some docs.
Cheers
Jean-Frederic
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1618872r1=1618871r2=1618872view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Tue Aug 19 14:25:04 2014
@@ -295,8 +295,6 @@ public class JSSESocketFactory implement
String keystoreFile = endpoint.getKeystoreFile();
if (keystoreFile == null)
keystoreFile = defaultKeystoreFile;
-if(Windows-MY.equals(type))
-keystoreFile = ;
return getStore(type, provider, keystoreFile, pass);
}
@@ -312,8 +310,6 @@ public class JSSESocketFactory implement
if(truststoreFile == null) {
truststoreFile = System.getProperty(javax.net.ssl.trustStore);
}
-if(Windows-ROOT.equals(keystoreType))
-truststoreFile = ;
if(log.isDebugEnabled()) {
log.debug(Truststore = + truststoreFile);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Safe default SSL ciphers
On 09/07/14 02:22, Konstantin Kolinko wrote:
2014-07-08 23:52 GMT+04:00 Rémy Maucherat r...@apache.org:
Hi,
Using the newly added OpenSSL syntax processor, a safe default cipher suite
can be expressed as (for both native and JSSE):
HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5
This avoids weak ciphers in a neat and portable way, although the best
default is still under investigation.
I plan to change the default for AbstractProcessor.ciphers and
AprEndpoint.SSLCipherSuite to that string.
Do you expect to maintain that string and to change the value between
point releases in the future?
(1.) If not, then it may become obsolete and the situation will not be
much different from what we have now.
(2.) If yes, then do we have enough man power to test and support such changes?
An expected situation is that some clients won't be able to connect to
their servers after such changes.
Do we make a decision of changing the setting by ourselves, or we rely
on some authority? E.g. we may follow [1].
In general, I like the idea.
I think it targets those admins who do not care enough to be able to
configure the values by themselves.
Regarding testing any changes to the value,
https://www.ssllabs.com/ssltest/ server test simulates some known
clients and prints what cipher they would choose with those settings.
E.g. (results for some site)
IE 6 / XP: Protocol or cipher suite mismatch
so those people wouldn't be able to connect.
A good resource:
[1] https://wiki.mozilla.org/Security/Server_Side_TLS
Their current recommendation is
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
Actually people in our security team suggest to remove DES-CBC3-SHA and
document how to add back it for backwards compatibility if needed.
Cheers
Jean-Frederic
So
1) I am OK with the change.
2) I think there must be an explicit warning in documentation that the
default value may change at any time.
3) I think we should rely on some authority like [1] and follow them.
Instead of hard-coding the value in Java code, maybe put it as a
property into catalina.properties file, and reference it as
${propertyname} in server.xml?
We have a nice tool to compare catalina.properties between versions at
http://tomcat.apache.org/migration-8.html#Upgrading_8.0.x
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: security-unsubscr...@tomcat.apache.org
For additional commands, e-mail: security-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 1.1.31
On 03/07/14 00:07, Mark Thomas wrote: [X] Stable, go ahead and release All my tests are OK. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Possible TomEE release news?
On 24/06/14 20:02, David Blevins wrote: Wonder what people's thoughts are about possibly including TomEE releases in the Tomcat news feed on occasion? Having some mention of TomEE on tomcat.apache.org would be nice -- most users still do not know it exists. However, I've never mentioned it as I personally couldn't think of a good way to do that that didn't feel obtrusive or unnatural. This might be more palatable and less permanent. I remember Rémy did this some many years ago for an OpenEJB release once and it really helped. We have a TomEE 1.7.0 release coming out soon we could try it with. Thoughts? +1 Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.41
On 19/05/14 14:58, Mark Thomas wrote: [X] Stable - go ahead and release as 6.0.41 Stable All my tests are OK. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.54
On 20/05/14 12:04, Violeta Georgieva wrote: [X] Stable - go ahead and release as 7.0.54 Stable My tests are OK. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: udp port used by the tribes tests
On 04/30/2014 12:57 AM, Konstantin Kolinko wrote: 2014-04-29 18:57 GMT+04:00 Konstantin Kolinko knst.koli...@gmail.com: 2014-04-29 18:41 GMT+04:00 jean-frederic clere jfcl...@gmail.com: Hi, Does someone know which upd ports are used by the tribes tests? I tried to allow 4000-4005 but that didn't help :-( From old e-mails in my mailbox I think so. (Some test error messages mention port numbers). I have not looked into the code. Maybe try running org.apache.catalina.tribes.TesterMulticast ? It is mentioned in BUILDING.txt Looking at souгce code and searching through log files of a full Tomcat8 tests run with NIO connector, I can say the following. 4000-4005 are TCP ports The only test that has UDP enabled is org.apache.catalina.tribes.group.TestGroupChannelStartStop It uses udpPort = 45543. I was testing tomcat7 I have open 4000-4005 TCP and 45543 UDP that didn't help, I will test Tomcat8 later. Of course removing the firewall helps ;-) Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
udp port used by the tribes tests
Hi, Does someone know which upd ports are used by the tribes tests? I tried to allow 4000-4005 but that didn't help :-( Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: NIO 2 connector
On 03/04/2014 05:16 PM, Rémy Maucherat wrote: Pros: - Significantly faster, although the API looks slower by design Actually I didn't bench it yet but I benched something similar on JBossWeb: it performed faster than APR, the implementation is a bit different in that area so I will retest it when I have cycles. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: NIO 2 connector
On 03/04/2014 07:26 PM, Mark Thomas wrote: Can you wait until we split 8.0.x from trunk or did you want to get this into 8.0.x? I would like to see it in 8.0.x so we can have it in the talk Chris and I present at the ApacheCon. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Connectors 1.2.38
On 02/26/2014 09:45 AM, Mladen Turk wrote: Hi, Apache Tomcat Connectors 1.2.38 release candidate is ready for vote at [1]. This version fixes few bugs found in released version 1.2.37 and adds some new features like IPV6 support. The VOTE will remain open for at least 48 hours. The Apache Tomcat Connectors 1.2.38 is [ ] Stable, go ahead and release [ ] Broken because of ... With httpd-2.2.21 on fedora20: +++ /home/jfclere/APACHE-2.2.21/build/libtool --silent --mode=compile gcc -I/home/jfclere/APACHE-2.2.21/include -DHAVE_CONFIG_H -ansi -pedantic -Wno-long-long -Wall -pthread -DHAVE_APR -I/home/jfclere/APACHE-2.2.21/include -I/home/jfclere/APACHE-2.2.21/include -DHAVE_CONFIG_H -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -c jk_lb_worker.c -o jk_lb_worker.lo jk_lb_worker.c: In function ‘get_sessionid’: jk_lb_worker.c:516:5: error: expected expression before ‘/’ token // set session_path ^ jk_lb_worker.c:519:5: error: expected expression before ‘/’ token // set session_cookie ^ make[1]: *** [jk_lb_worker.lo] Error 1 +++ Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: JK support for IPV6
On 09/04/2013 09:31 AM, Mladen Turk wrote: Next, do we need something for java side? Are the java connectors capable of listening to IPV6 addresses? According to the tests I did months ago they did work. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Need a tc-native 1.1.28 release
On 08/27/2013 10:00 AM, Mark Thomas wrote: On 27/08/2013 04:07, Violeta Georgieva wrote: 2013/8/23 Mark Thomas wrote: Tomcat 8 needs tc-native with the fix for non-blocking IO [1]. Any takers for rolling the release? Mark, Do we need this for Tomcat 7 as well? Yes. It affects the JSR-356 WebSocket implementation. Mladen or I should be able to do that next week. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Back-porting JSR-356 Progress update
On 08/19/2013 03:22 PM, Mark Thomas wrote: I plan to commit what I have so far once I am happy that the unit tests still work. Cool Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 6.0.37 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 6.0.37 stable. Apache Tomcat 6.0.37 is primarily a security and bug fix release. All users of older versions of the Tomcat 6.0 family should upgrade to 6.0.37. Note that is version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for different CPU architectures. Apache Tomcat 6.0 includes new features over Apache Tomcat 5.5, including support for the new Servlet 2.5 and JSP 2.1 specifications, a refactored clustering implementation, advanced IO features, and improvements in memory usage. Please refer to the change log for the list of changes: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-60.cgi Migration guide from Apache Tomcat 5.5.x: http://tomcat.apache.org/migration.html Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 6.0.37 released
On 05/06/2013 02:33 PM, Konstantin Kolinko wrote: Do not forget to send this to announce@tomcat.a.o and announce@a.o as well. You need to send those using your @apache.org address, instead of this gmail one. I did that from people.apache.org some it doesn't work :-( Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 6.0.37 released
On 05/06/2013 04:54 PM, Konstantin Kolinko wrote: 2013/5/6 jean-frederic clere jfcl...@gmail.com: On 05/06/2013 02:33 PM, Konstantin Kolinko wrote: Do not forget to send this to announce@tomcat.a.o and announce@a.o as well. You need to send those using your @apache.org address, instead of this gmail one. I did that from people.apache.org some it doesn't work :-( It worked for announce@a.o. I just received it, it has Message-ID: 20130506105608.ga13...@minotaur.apache.org Maybe it was in some moderation queue. I do not know about announce@tomcat.a.o one. I am not subscribed there and it is not in the archives yet. That is probably the same of the announce@tomcat.a.o (I mail there just a while ago). Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1905 - in /release/tomcat/tomcat-6: ./ v6.0.37/ v6.0.37/bin/ v6.0.37/bin/extras/ v6.0.37/src/
On 05/03/2013 11:10 AM, Mark Thomas wrote: On 03/05/2013 10:08, jfcl...@apache.org wrote: Author: jfclere Date: Fri May 3 09:08:37 2013 New Revision: 1905 Log: Tomcat release 6.0.36 s/36/37/ Oops I have fixed the svn log. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release build 6.0.37
On 04/29/2013 10:50 PM, Rainer Jung wrote: Problem 3: version.build is 0 instead of 37 in build.properties.default (src and bin). Not nice but probably not a showstopper. Maybe something for the release howto. the version is version=6.0.37 overwrites it I think. I missed the line... version.patch=37 ... should the line above. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release build 6.0.37
On 04/29/2013 01:04 PM, Konstantin Kolinko wrote: 2013/4/29 jean-frederic clere jfcl...@gmail.com: The candidates binaries are available here: http://people.apache.org/~jfclere/tomcat-6/v6.0.37/ Can you prepare and stage Maven artifacts as well? the artifacts should be in the staging repos (it looks OK in nexus). Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for 6.0.37?
On 04/25/2013 02:49 PM, Mark Thomas wrote: On 25/04/2013 10:33, jean-frederic clere wrote: Hi, I think it is time for a 6.0.37, comments? Sure. Haven't looked at the status file for a while so I probably have some voting to do. I have done the same. I now commit the accepted patches, OK? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for 6.0.37?
On 04/27/2013 03:09 PM, Henri Gomez wrote: Jean-Frederic, did there is a list of changes in 6.0.37 ? What do you mean? - The STATUS.txt still contains a bunch of patches that needs review. - webapps/docs/changelog.xml should contain the list of changes. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: ECJ update in Tomcat 6 (was Re: svn commit: r1476598)
On 04/27/2013 05:28 PM, Konstantin Kolinko wrote: 2013/4/27 jfcl...@apache.org: Author: jfclere Date: Sat Apr 27 15:01:03 2013 New Revision: 1476598 URL: http://svn.apache.org/r1476598 Log: more votes. Modified: tomcat/tc6.0.x/trunk/STATUS.txt * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54615 Update to Eclipse JDT Compiler 4.2.2 http://people.apache.org/~kkolinko/patches/2013-03-26_tc6_eclipse422.patch +1: kkolinko, rjung - -1: + -1: jfclere: I am ~OK to add the method to allow to compile but not to + change the major version of ecj What are your technical reasons? The problem is changing the major number of a dependency, I am afraid that brings a lot of trouble for us: we rebuild everything from their sources. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Time for 6.0.37?
Hi, I think it is time for a 6.0.37, comments? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
On 01/31/2013 12:57 AM, Ron Monzillo wrote: Tomcat Experts, The Servlet Profile of JSR 196 defines the use of the JASPIC SPI in support of the portable integration of new and/or custom authentication mechanisms in compatible Servlet containers. You probably should ask that to the TomEE user list. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Proposal] Resurrecting storeconfig
On 02/01/2013 09:47 PM, Remy Maucherat wrote: On Fri, 2012-12-14 at 17:26 +, Mark Thomas wrote: One issue I'm wondering about is the build system. After all that time, I've starting using Maven instead of Ant (unbelievable, I know ...), and while I am fine continuing using existing Ant build systems, I find adding ones to newer components quite useless. It shouldn't be too hard to add another JAR to the existing Ant build. Once the code is in place, I'm happy to take a look. I have ported it to trunk, where it builds as lib/catalina-storeconfig.jar. Should I commit it ? Yes please. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat Native 1.1.26
Version 1.1.26 is bug fixing release. The proposed release artefacts can be found at [1], and the build was done using tag [2]. The VOTE will remain open for at least 48 hours. The Apache Tomcat Native 1.1.26 is [ ] Stable, go ahead and release [ ] Broken because of ... [1] http://people.apache.org/~jfclere/native/1.1.26 [2] https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_NATIVE_1_1_26 Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 1.1.25
On 01/24/2013 01:50 AM, Konstantin Kolinko wrote: 2013/1/23 jean-frederic clere jfcl...@gmail.com: Version 1.1.25 is bug fixing release. The proposed release artefacts can be found at [1], and the build was done using tag [2]. The VOTE will remain open for at least 48 hours. The Apache Tomcat Native 1.1.25 is [ ] Stable, go ahead and release [x] Broken because of ... 1. dev flags were not removed before tagging. For reference, how such change would look: http://svn.apache.org/viewvc?diff_format=lview=revisionrevision=1348811 As of now, in /tags/TOMCAT_NATIVE_1_1_25/native/include/tcn_version.h there is #define TCN_IS_DEV_VERSION 1 Oops that is bad. 2. Windows binaries do include 32-bit and x64 versions, but there is no i64 version of the DLL. I do not know whether there is real demand for supporting Itanium CPUs, but as of now a release build of Tomcat needs i64 version of the DLL. If there is no i64 version, someone would have to change the windows installer script, build.xml and readme files in Tomcat 6 7. I am not sure I am able to build i64 binaries. 2.2. Minor notes: - What are those oscp-win32 binaries? - There are no *.md5 files for Windows binaries. - It is a bit odd that the file is named win32, while 64-bit versions are also in it. They have OSCP support and they were in the 1.1.24. 3. If this release were rerolled, it would be nice to include http://svn.apache.org/viewvc?rev=1437082view=rev Sure Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat Native 1.1.25
Version 1.1.25 is bug fixing release. The proposed release artefacts can be found at [1], and the build was done using tag [2]. The VOTE will remain open for at least 48 hours. The Apache Tomcat Native 1.1.25 is [ ] Stable, go ahead and release [ ] Broken because of ... [1] http://people.apache.org/~jfclere/native/1.1.25 [2] https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_NATIVE_1_1_25 Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1433976 - in /tomcat/trunk/java/org/apache: coyote/ajp/AjpAprProtocol.java coyote/http11/Http11AprProtocol.java tomcat/util/net/AprEndpoint.java tomcat/util/net/res/LocalStrings.prope
On 01/16/2013 04:53 PM, Remy Maucherat wrote: On Wed, 2013-01-16 at 15:14 +, ma...@apache.org wrote: This is untested (I don't have an OSX build of the native lib handy right now). I'll test later today. I'm not sure native on OS X is 100% stable, for whatever reason (due to apparent concurrency issues with the poller once read + write polling is used). It could depend on the APR / Tomcat Native version used and be fixed now, I plan to test later too, with apr 1.4.6, openssl 1.0.1c and tc-native-1.1.x. Cheers Jean-Frederic but certainly there were issues on OS X that didn't occur on Linux (or Windows, ...) at the time. I didn't test or investigate myself, so I don't know more than that, good luck with the testing. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for tcnative 1.1.25?
On 12/21/2012 09:54 PM, Christopher Schultz wrote: All, There is a particular fix in tcnative-trunk ant the 1.1.x branch to the ssl.c::hasOp function that I'd like to get out there in the wild: there are now two Tomcat enhancements (one committed, one not yet committed) that rely upon it: https://issues.apache.org/bugzilla/show_bug.cgi?id=53481 https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 Once another version of tcnative 1.1.x is released, Tomcat can truly support these SSL-related features. Would anyone (Mladen?) be willing to roll another release in the near future? I could do it if you want. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1414562 - /tomcat/native/branches/1.1.x/native/src/poll.c
On 11/28/2012 08:28 AM, mt...@apache.org wrote: Author: mturk Date: Wed Nov 28 07:28:20 2012 New Revision: 1414562 URL: http://svn.apache.org/viewvc?rev=1414562view=rev Log: Fix typo in --enable-maintainer-mode The comment doesn't fit the commit ;-) Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 6.0.36 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 6.0.36 stable. Apache Tomcat 6.0.36 is primarily a security and bug fix release. All users of older versions of the Tomcat 6.0 family should upgrade to 6.0.36. Note that is version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for different CPU architectures. Apache Tomcat 6.0 includes new features over Apache Tomcat 5.5, including support for the new Servlet 2.5 and JSP 2.1 specifications, a refactored clustering implementation, advanced IO features, and improvements in memory usage. Please refer to the change log for the list of changes: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-60.cgi Migration guide from Apache Tomcat 5.5.x: http://tomcat.apache.org/migration.html Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release build 6.0.36
Ok 4 +1: so I will process with release today. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release build 6.0.36
On 10/17/2012 06:53 PM, Olivier Lamy wrote: do you plan to release maven artifacts too ? They are in staging if you want to check. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release build 6.0.36
On 10/17/2012 06:53 PM, Olivier Lamy wrote: do you plan to release maven artifacts too ? Usually I do that after the vote. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release build 6.0.36
The candidates binaries are available here: http://people.apache.org/~jfclere/tomcat-6/v6.0.36/ According to the release process, the 6.0.36 build corresponding to the tag TOMCAT_6_0_36 is: [ ] Broken [ ] Alpha [ ] Beta [ ] Stable Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
tagging 6.0.36 tomorrow morning
Hi, I have done all tests I plan to tag tomorrow morning (my morning). Comments? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for 6.0.36?
On 10/10/2012 05:04 PM, Mark Thomas wrote: It has been just over 10 months since the last 6.0.x release. The change log is looking pretty lengthy. I think we need a release. Jean-Frederic? Someone else? I think I can do that next week. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Apache Tomcat Maven Plugin 2.0
On 09/10/2012 02:47 PM, Olivier Lamy wrote: Hi, I'd like to release Apache Tomcat Maven Plugin 2.0. We fixed 41 issues (see details http://s.apache.org/TOMCAT-MVN-2.0 ). Staging Maven repository: https://repository.apache.org/content/repositories/orgapachetomcat-045/ Sources release (as we distribute artifacts tru sync with Maven central) sources are distributed separately: https://dist.apache.org/repos/dist/dev/tomcat/maven-plugin/v2.0/ Site documentation: http://tomcat.apache.org/maven-plugin-2.0 (wait sync) Vote open for 72H [+1] Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 1.1.24
On 06/11/2012 02:54 PM, Mladen Turk wrote: [X] Stable, go ahead and release My hudson/jenkins tests are all OK. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: have Re: MaxQueueSize for Executor and Tomcat 6
On 04/11/2012 09:36 AM, Plüm, Rüdiger, Vodafone Group wrote: Ping? Some sponsor for the tc6.0 status file for the below? Won't break an application using their own executor that implements the StandardExecutor? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: have Re: MaxQueueSize for Executor and Tomcat 6
On 04/11/2012 01:34 PM, Plüm, Rüdiger, Vodafone Group wrote: -Original Message- From: jean-frederic clere [mailto:jfcl...@gmail.com] Sent: Mittwoch, 11. April 2012 12:56 To: dev@tomcat.apache.org Subject: Re: have Re: MaxQueueSize for Executor and Tomcat 6 On 04/11/2012 09:36 AM, Plüm, Rüdiger, Vodafone Group wrote: Ping? Some sponsor for the tc6.0 status file for the below? Won't break an application using their own executor that implements the StandardExecutor? You mean because of the changed Executor interface? Yep. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [JK] Shared memory design problems
What about a look on file that contains the id? It gets created and lock by the first worker that needs the shared memory and writes the id inside and unlock the file? Other workers will just read the id in the file. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 1.1.23
On 02/28/2012 03:39 PM, Mladen Turk wrote: [+1] Released Tested on Fedora16 compiled on Solaris/HPUX/RHEL4/5. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1294214 - /tomcat/native/branches/1.1.x/native/src/ssl.c
On 02/27/2012 05:49 PM, mt...@apache.org wrote: Author: mturk Date: Mon Feb 27 16:49:54 2012 New Revision: 1294214 URL: http://svn.apache.org/viewvc?rev=1294214view=rev Log: This should enable pcks12 support It does ;-) Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat-native patch for NPN support
On 02/01/2012 09:59 PM, Costin Manolache wrote: Hi, I have a patch to the jni library, I uploaded it to github for easy commenting: https://github.com/costinm/tomcat-native/commit/5e7d4b45bfa542e4b099bfdc2bda423b9a6cc85d Please let me know if it looks ok - I included a 'cmake' build, which can generate a libtcnative.so with no external dependencies - NPN requires the latest openssl1.0.1beta2, it may be trickier to install with the normal platform dependencies. ( only tested cmake on linux64 - when new ssl gets included in more platforms it won't be needed.) Probably you should go ahead and commit it and arrange the configure to require the new version of openssl. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Apache Tomcat Maven plugin 2.0-beta-1
On 01/26/2012 07:05 PM, Olivier Lamy wrote: Hi, I'd like to release the Apache Tomcat Maven plugin 2.0-beta-1. +1 Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: WebSocket progress report
On 01/25/2012 02:00 PM, Mark Thomas wrote: On 25/01/2012 08:11, Mladen Turk wrote: On 01/24/2012 10:15 PM, Mark Thomas wrote: I have made some further headway with this and the latest patch is on people.a.o [1]. How that relates to Servlet spec 3.1? TBD :) Even if it would not make it into servlet 3.1 it is a _very_ feature to have. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Nexus release problem
On 01/16/2012 12:45 PM, Mark Thomas wrote: On 16/01/2012 11:42, sebb wrote: On 16 January 2012 09:43, Mark Thomasma...@apache.org wrote: It appears there is a problem with the Nexus release process. Prior to the switch to Nexus, the Maven metedata contained all previous releases [1]. Post the switch to Nexus, none of the previous releases appear in the metadata [2]. The switch to Nexus has, therefore, introduced the very bug to the Tomcat 7.0.x series that the switch to Nexus was meant to avoid [3]. Given that we go have the prior metadata, how do we get Nexus to use it? AIUI, Nexus is supposed to maintain the metadata, so I would raise a JIRA INFRA bug against Nexus to get this resolved. We'll see what happens when a release is promoted. That when Nexus updates the information. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Tomcat 5.5.35 Build
On 01/06/2012 09:19 PM, Jim Jagielski wrote: [X] Stable My tests are passing. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1226975 - /tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
On 01/03/2012 11:51 PM, ma...@apache.org wrote: Correct error in r1666072 Hm sure? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Publishing process for JARs for Maven Central
On 12/21/2011 07:16 PM, Mark Thomas wrote: There hasn't been any activity on this thread for a little while. I don't recall any significant arguments one way or the other for using Nexus or scp+rsync. Since Jean-Frederic has switched all the Maven artifact release scripts to use Nexus, I intend to do the following: - See what happens when I try and do the next Tomcat 7 release using Nexus - Fix anything that doesn't work Don't hesitate to ping me on that. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Move to Maven? (WAS: Re: Publishing process for JARs for Maven Central)
On 12/20/2011 08:58 AM, David Jencks wrote: did this work and suggested tomcat look at it several years ago, and don't remember all the details, some other people have been maintaining it recently. IIRC the maven projects generate pretty much the same jars as the ant build, possibly plus one more to get around the circular dependencies among the jars. I think it is fixed in trunk. So to generate a maven multimodule project to build the jars, 20 min to configure the script that builds the project, then you have a mavenized tomcat project checked in that builds pretty much the same jars as the ant build. I don't really know what else the ant build generates. Hm that means that we should be able to switch to maven in a day or 2, I will try that next week then ;-) Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Move to Maven? (WAS: Re: Publishing process for JARs for Maven Central)
On 12/20/2011 09:17 AM, Antonio Petrelli wrote: 2011/12/19 Mladen Turkmt...@apache.org On 12/19/2011 07:04 PM, Henri Gomez wrote: Exactly. Since any change would require a learning curve and it seems we don't have that many (read none) maven experts in the house, Gradle could be equally considered, given that it seems more advanced in customization. I know well Maven but Olivier (Lamy) is a Maven expert, so there is friend in the business. And there is a full Maven PMC not too far ready to provide advices and help. Not counting Tomcat consumers ASF projects like OpenEJB. All I have seen so far is talk and talk and more talk. There is trunk, branches, sandbox, so anyone is free to make a proposal and if things work, I'll be the first one supporting it. I already forked my own repository from GitHub. I hope to start it after the holidays. Please publish the url... I can fork it and play there too. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for 5.5.35?
On 12/20/2011 11:03 AM, Jim Jagielski wrote: On Dec 20, 2011, at 2:42 AM, jean-frederic clere wrote: On 12/19/2011 10:49 PM, Mark Thomas wrote: All, I know the 5.5.x change log is short but [1] is one of those annoying (for me any way) bugs it would be nice to get in a fixed release. Jim: Any chance of a 5.5.x tag later this week? I won't suggest this coming weekend ;) +1 for middle of next week. Fine w/ me... if you have cycle you can do it before no? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Move to Maven? (WAS: Re: Publishing process for JARs for Maven Central)
On 12/19/2011 07:47 PM, David Jencks wrote: Are you reading the thread? I mentioned dec 17 that geronimo has been maintaining a script for 2+ years that pulls tomcat source out of tomcat svn and puts it in an appropriately structured maven mutli-project build and we've been re-releasing quite a few tomcat versions using this technique. Not sure how this is talk. I've experienced enough hostility over the years from the tomcat community (not necessarily any currently active members) that I'm reluctant to spend more time on this. So starting with what is in the geronimo repo, how much work would it to have a mavenized Tomcat? As I have said before in previous iterations of this topic, IMO many of the advantages of maven are not for direct development of the project itself (although they certainly exist) but in encouraging interactions with other projects and communities. You won't be able to detect these without actually using maven. We already publish artifacs, do you need more of them? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for 5.5.35?
On 12/19/2011 10:49 PM, Mark Thomas wrote: All, I know the 5.5.x change log is short but [1] is one of those annoying (for me any way) bugs it would be nice to get in a fixed release. Jim: Any chance of a 5.5.x tag later this week? I won't suggest this coming weekend ;) +1 for middle of next week. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Publishing process for JARs for Maven Central
On 12/17/2011 07:55 PM, Mark Thomas wrote: Personally, I am of the view If it ain't broke, don't fix it. If there was something we would gain by switching to Maven then I'd be interested but given we have an established build process with Ant that a number of committers are familiar with and that I'm not aware of any benefits of moving to Maven then I don't see any compelling reason to switch. Using Maven would allow us to remove build.properties.default and download task that information would go in pom.xml. We can cut Tomcat in module more easily. The other thing is that Maven seems a more active project that Ant so we new feature easy and most IDE allow to import Maven project in IDE workspace. The problem of Maven is that we have to change the structure of our repository I think that the only problem. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1215557 - in /tomcat/tc6.0.x/trunk/res/maven: README.txt mvn-pub.xml mvn.properties.default
On 12/17/2011 11:05 PM, Konstantin Kolinko wrote:
2011/12/17jfcl...@apache.org:
Author: jfclere
Date: Sat Dec 17 19:02:31 2011
New Revision: 1215557
URL: http://svn.apache.org/viewvc?rev=1215557view=rev
Log:
Fix the deploy-release task.
Once done you should have an entry in
https://repository.apache.org/index.html#stagingRepositories
Check it and click Close.
Once the release is voted just click Release.
If any wrong just click Drop.
Added:
tomcat/tc6.0.x/trunk/res/maven/README.txt
Modified:
tomcat/tc6.0.x/trunk/res/maven/mvn-pub.xml
tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default
Added: tomcat/tc6.0.x/trunk/res/maven/README.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/maven/README.txt?rev=1215557view=auto
==
--- tomcat/tc6.0.x/trunk/res/maven/README.txt (added)
+++ tomcat/tc6.0.x/trunk/res/maven/README.txt Sat Dec 17 19:02:31 2011
@@ -0,0 +1,6 @@
+To release do the following:
+1 - copy mvn.properties.default to mvn.propertie and adjust it.
+2 - ant -f mvn-pub.xml deploy-release
+that step creates a staging in
https://repository.apache.org/index.html#stagingRepositories
+3 - test it and do the vote process
+4 - in https://repository.apache.org/index.html#stagingRepositories close it
and then promote it.
Note that
1) there is also a big comment at the top of mvn-pub.xml.
I have arranged it.
2) ASL header is needed? Nobody checks it in 6.0 but in thunk
checkstyle would complain on such a file, I think.
Fixed.
Modified: tomcat/tc6.0.x/trunk/res/maven/mvn-pub.xml
(...)
Looks good.
--- tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default (original)
+++ tomcat/tc6.0.x/trunk/res/maven/mvn.properties.default Sat Dec 17 19:02:31
2011
@@ -23,6 +23,8 @@
tomcat.version=6.0.20
Can update the above sometime :)
#Maven properties
+maven.username=!-- YOUR APACHE LDAP USERNAME --
+maven.password=!-- YOUR APACHE LDAP PASSWORD --
Regarding plaintext passwords in config files:
There is simple workaround: useinput Ant task.
1. Remove maven.password from maven.properties.default
2. Add
input addproperty=maven.password message=Your LDAP password for
${maven.user} /
Probably that goes into init-maven so that it executes only once.
As docs say
[[[
Since Apache Ant 1.6,input will not prompt for input if a property
should be set by the task that has already been set in the project
(and the task wouldn't have any effect).
]]]
I will for trunk to do it ;-)
Cheers
Jean-Frederic
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Move to Nexus with no community discussion. WTF?
On 12/16/2011 11:02 PM, Mark Thomas wrote: The good news is that Jean-Frederic has indicated via private e-mail that he will be fixing the build scripts to use Nexus tomorrow. I would like to see him confirm that on this list but I have no reason to doubt his word. A quick read of [2] suggests that it should be do-able in that timeframe. I am working on it. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Publishing process for JARs for Maven Central
On 12/17/2011 07:27 PM, Mark Thomas wrote: Jean-Frederic, what was your motivation for moving Tomcat to Nexus? 1 - The good thing in Nexus is that we can check the result of our deploy-release and drop is we screw it (multi upload can fail and we don't know when the mirroring stars). 2 - Users using maven can test easy the jar in staging Nexus repository. 3 - I was looking to fix BZ 52124 a clean way. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Move to Nexus with no community discussion. WTF?
On 12/16/2011 04:20 PM, Mark Thomas wrote: It appears that Maven artefact publishing has been moved from people.a.o (that all the release scripts are written to use) to using Nexus. See [1] I have a number of issues with this: 1. There was zero discussion of this on the dev list. 2. Maven publishing for snapshots, release candidates and releases is now broken as the release scripts have not been updated as it appears is required. [2] Jean-Frederic, please explain ASAP what on earth is going on here. Decisions such as this must happen on list *before* they are actioned. I understood it only affects the release process... If that is wrong that I screwed it, Sorry Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 6.0.35 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 6.0.35 stable. Apache Tomcat 6.0.35 is primarily a security and bug fix release. All users of older versions of the Tomcat 6.0 family should upgrade to 6.0.35. Note that is version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for different CPU architectures. Apache Tomcat 6.0 includes new features over Apache Tomcat 5.5, including support for the new Servlet 2.5 and JSP 2.1 specifications, a refactored clustering implementation, advanced IO features, and improvements in memory usage. Please refer to the change log for the list of changes: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-60.cgi Migration guide from Apache Tomcat 5.5.x: http://tomcat.apache.org/migration.html Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release build 6.0.35
I will process with the release tomorrow. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release build 6.0.35
The candidates binaries are available here: http://people.apache.org/~jfclere/tomcat-6/v6.0.35/ According to the release process, the 6.0.35 build corresponding to the tag TOMCAT_6_0_35 is: [ ] Broken [ ] Alpha [ ] Beta [ ] Stable Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tagging 6.0.34 tomorrow?
On 11/22/2011 05:08 PM, Forrest Xia wrote: On Tue, Nov 22, 2011 at 4:39 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2011/11/22 Forrest Xiaforres...@gmail.com: Any update on 6.0.34 vote? Geronimo would like to have it in the coming 2.1.8 release. 6.0.34 is broken. Thank you for update, so broken for what reason? Can you share here? Timing for 6.0.35 is yet to be decided. There is 7.0.23 vote right now. I noticed 7.0.23 is voting, then, when 6.0.35 could be out? one week or two weeks? I will tag after 7.0.23 is announced so except a release next week. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
tagging 6.0.34 tomorrow?
Hi, I plan to prepare the 6.0.34 tomorrow, any important commits to wait for? Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: ApacheMeetupsNa11 tomcat one?
On 10/21/2011 05:30 PM, Christopher Schultz wrote: All, On 10/20/2011 4:32 PM, Christopher Schultz wrote: I'm arriving at 12:47 local time on Tuesday and I've got nothing to do until the next morning besides check-into the hotel. If anyone is interested in getting together for some drinks or exploring the city (I've never been to Vancouver) on Thursday s/Thursday/Tuesday/ Sorry for the confusion. Ok it is scheduled for Thursday, See http://wiki.apache.org/apachecon/ApacheMeetupsNa11 I have already added the ones part of the mail thread. Please register at https://docs.google.com/spreadsheet/viewform?hl=en_USformkey=dEJLcHk3c1ZrRm8tWUNYeXZZckN0Vnc6MA#gid=0 Cheers Jean-Frederic -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
