Am 23.05.25 um 19:23 schrieb Mark Thomas:
The key differences of version 2.0.9 compared to 2.0.8 are:
- Update Windows build to use Visual Studio 2022
- The windows binaries in this release have been built with OpenSSL
3.5.0 and APR 1.7.6
The 2.0.x branch is primarily intended for use with Tomcat 10.1.x
onwards but can be used with earlier versions as long as the APR/native
connector is not used.
The proposed release artifacts can be found at [1],
and the build was done using tag [2].
The pdb files are a lot larger than previously. I'm not sure if this is
a bug or an expected consequence of the change in build process.
The Apache Tomcat Native 2.0.9 release is
[X] Stable, go ahead and release
[ ] Broken because of ...
+1 for release
- checked artefacts for completeness
- checked artefact gpg signatures and sha512 hashes
- compared source tarballs against git sources
- checked OpenSSL version in Windows binaries
- checked some consistencies against own jnirelease.sh results
- Build it against OpenSSL 3.5.0, 3.4.1, 3.2.4 and 3.0.16, each on
Platforms Solaris 10 Sparc, SLES 11, 12 and 15 and RHEL 6, 7, 8 and 9
(Linux on x86_64). APR was 1.7.6 which on non-Windows is mostly
identical to 1.7.5.
OK, but expected OpenSSL 3 deprecation warnings
- Tested via TC unit tests with tcnative/OpenSSL but only the SSL/TLS
related tests on the above platforms plus Solaris 11 Sparc using TC
11.0.7, 10.1.41 and 9.0.105 with latest patch levels of JDK 8, 11, 17,
21, 24, 25 from Adoptium Temurin, Amazon Corretto, Azul Zulu, Oracle,
RedHat and OpenJDK where applicable.
No new failures or increased level of failures.
One thing I noticed: the sources are packed with broad group permissions
(write allowed) for the included files. That is normal eg. on a Linux
system with USERGROUPS_ENAB. Each user gets as his default group one
with the same name as the user (eg. mark:mark). And then the broader
permissions make sense. But when extracting such a tarball or zip on a
system with a wider group, the permissions are a bit dangerous. So I
would prefer to distribute artefacts packed without group write
permissions for the files contained in the archive. IMHO this is not a
show-stopper.
We might also invest a bit of time to get rid of the OpenSSL 3
deprecation warnings by using the newer APIs.
Thanks a bunch for RM!
Best Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
