Re: svn commit: r892991 - in /tomcat/tc6.0.x/trunk: STATUS.txt build.properties.default webapps/docs/changelog.xml
On 12/21/2009 11:43 PM, Rainer Jung wrote: On 21.12.2009 22:36, jfcl...@apache.org wrote: Author: jfclere Date: Mon Dec 21 21:36:07 2009 New Revision: 892991 URL: http://svn.apache.org/viewvc?rev=892991view=rev Log: Only update the build file that doesn't change the minimum tcnative version required in the source. The minimum version is in java/org/apache/catalina/core/AprLifecycleListener.java Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/build.properties.default tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=892991r1=892990r2=892991view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Dec 21 21:36:07 2009 @@ -33,11 +33,11 @@ /properties body -section name=Tomcat 6.0.21 (remm) +section name=Tomcat 6.0.21 (jfclere) subsection name=Catalina changelog update - Update required version for native to 1.1.17. (rjung) + Update required version for native to 1.1.18. (rjung, kkolinko) /update fix Fix issues with expression language when running under a Just in case we find something reaqlly broken, I'd say this changelog item should be reverted to it's 1.1.17 state. We use 1.1.18 only for our own builds, like the bundles tcnative on windows, bot we do *not* require it for Tomcat itself - which this changelog is for. So 1.1.18 used for the windows binary could go into a release notes file. 1.1.17 is vulnerable to CVE-2009-3555, 1.1.18 prevents it at least for the client initiated renegotiations. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r892991 - in /tomcat/tc6.0.x/trunk: STATUS.txt build.properties.default webapps/docs/changelog.xml
On 22/12/2009 09:32, jean-frederic clere wrote: On 12/21/2009 11:43 PM, Rainer Jung wrote: On 21.12.2009 22:36, jfcl...@apache.org wrote: Author: jfclere Date: Mon Dec 21 21:36:07 2009 New Revision: 892991 URL: http://svn.apache.org/viewvc?rev=892991view=rev Log: Only update the build file that doesn't change the minimum tcnative version required in the source. The minimum version is in java/org/apache/catalina/core/AprLifecycleListener.java Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/build.properties.default tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=892991r1=892990r2=892991view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Dec 21 21:36:07 2009 @@ -33,11 +33,11 @@ /properties body -section name=Tomcat 6.0.21 (remm) +section name=Tomcat 6.0.21 (jfclere) subsection name=Catalina changelog update - Update required version for native to 1.1.17. (rjung) + Update required version for native to 1.1.18. (rjung, kkolinko) /update fix Fix issues with expression language when running under a Just in case we find something reaqlly broken, I'd say this changelog item should be reverted to it's 1.1.17 state. We use 1.1.18 only for our own builds, like the bundles tcnative on windows, bot we do *not* require it for Tomcat itself - which this changelog is for. So 1.1.18 used for the windows binary could go into a release notes file. 1.1.17 is vulnerable to CVE-2009-3555, 1.1.18 prevents it at least for the client initiated renegotiations. The issue isn't which version we ship (I agree we should ship 1.1.18) but which version we *require* as the minimum. This tests in the code look for a minimum of 1.1.17 (and I think it should stay like this) and the changelog should reflect this. Two entries would probably make this clearer. E.g.: - Update minimum required version for native to 1.1.17. - Update bundled version of native to 1.1.18. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r892991 - in /tomcat/tc6.0.x/trunk: STATUS.txt build.properties.default webapps/docs/changelog.xml
Author: jfclere Date: Mon Dec 21 21:36:07 2009 New Revision: 892991 URL: http://svn.apache.org/viewvc?rev=892991view=rev Log: Only update the build file that doesn't change the minimum tcnative version required in the source. The minimum version is in java/org/apache/catalina/core/AprLifecycleListener.java Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/build.properties.default tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=892991r1=892990r2=892991view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Dec 21 21:36:07 2009 @@ -294,14 +294,3 @@ rjung: I added the second commit after Mark proposed and votes. It is a comment typo change only. Will need more time to vote on the whole proposal though. - -* Update to Tomcat-Native 1.1.18 - http://people.apache.org/~kkolinko/patches/2009-12-21_tomcat-native_1.1.18.patch - Note: as of now, the windows binaries at - http://archive.apache.org/dist/tomcat/tomcat-connectors/native/1.1.18/binaries/ - are not yet available, so this patch is untested and it has not been - applied to trunk yet. - +1: kkolinko, rjung, jfclere - -1: - rjung: it seems binaries are there now. You only want to update the build file, - not the minimum tcnative version required in the source, right? Modified: tomcat/tc6.0.x/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/build.properties.default?rev=892991r1=892990r2=892991view=diff == --- tomcat/tc6.0.x/trunk/build.properties.default (original) +++ tomcat/tc6.0.x/trunk/build.properties.default Mon Dec 21 21:36:07 2009 @@ -62,10 +62,10 @@ jdt.loc=http://archive.eclipse.org/eclipse/downloads/drops/R-3.3.1-200709211145/eclipse-JDT-3.3.1.zip # - Tomcat native library - -tomcat-native.version=1.1.16 +tomcat-native.version=1.1.18 tomcat-native.home=${base.path}/tomcat-native-${tomcat-native.version} tomcat-native.tar.gz=${tomcat-native.home}/tomcat-native.tar.gz -tomcat-native.loc=${base-tomcat.loc}/tomcat-connectors/native/tomcat-native-${tomcat-native.version}-src.tar.gz +tomcat-native.loc=${base-tomcat.loc}/tomcat-connectors/native/${tomcat-native.version}/source/tomcat-native-${tomcat-native.version}-src.tar.gz tomcat-native.dll=${base-tomcat.loc}/tomcat-connectors/native/${tomcat-native.version}/binaries # - Commons DBCP, version 1.1 or later - Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=892991r1=892990r2=892991view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Dec 21 21:36:07 2009 @@ -33,11 +33,11 @@ /properties body -section name=Tomcat 6.0.21 (remm) +section name=Tomcat 6.0.21 (jfclere) subsection name=Catalina changelog update -Update required version for native to 1.1.17. (rjung) +Update required version for native to 1.1.18. (rjung, kkolinko) /update fix Fix issues with expression language when running under a - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org