svn commit: r1648227 - in /tomcat/jk/trunk/native/common: jk_ajp_common.c jk_ajp_common.h jk_lb_worker.h jk_shm.h jk_status.c

2014-12-28 Thread rjung
Author: rjung
Date: Sun Dec 28 17:12:59 2014
New Revision: 1648227

URL: http://svn.apache.org/r1648227
Log:
Let JK_SHM_STR_SIZ be the full byte size including
terminating 0 byte.

Keep copying and comparing JK_SHM_STR_SIZ bytes.
This is now one more byte, but we assume string
length to be at most JK_SHM_STR_SIZ-1 and we
don't want unexpected string truncation to happen.

Still need to add length checks for the configuration
input parameters.

Modified:
tomcat/jk/trunk/native/common/jk_ajp_common.c
tomcat/jk/trunk/native/common/jk_ajp_common.h
tomcat/jk/trunk/native/common/jk_lb_worker.h
tomcat/jk/trunk/native/common/jk_shm.h
tomcat/jk/trunk/native/common/jk_status.c

Modified: tomcat/jk/trunk/native/common/jk_ajp_common.c
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_ajp_common.c?rev=1648227&r1=1648226&r2=1648227&view=diff
==
--- tomcat/jk/trunk/native/common/jk_ajp_common.c (original)
+++ tomcat/jk/trunk/native/common/jk_ajp_common.c Sun Dec 28 17:12:59 2014
@@ -1099,7 +1099,7 @@ void jk_ajp_pull(ajp_worker_t * aw, int
 {
 int address_change = JK_FALSE;
 int port = 0;
-char host[JK_SHM_STR_SIZ+1];
+char host[JK_SHM_STR_SIZ];
 jk_sockaddr_t inet_addr;
 JK_TRACE_ENTER(l);
 

Modified: tomcat/jk/trunk/native/common/jk_ajp_common.h
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_ajp_common.h?rev=1648227&r1=1648226&r2=1648227&view=diff
==
--- tomcat/jk/trunk/native/common/jk_ajp_common.h (original)
+++ tomcat/jk/trunk/native/common/jk_ajp_common.h Sun Dec 28 17:12:59 2014
@@ -287,7 +287,7 @@ struct ajp_worker
 /* Shared memory worker data */
 jk_shm_ajp_worker_t *s;
 
-char name[JK_SHM_STR_SIZ+1];
+char name[JK_SHM_STR_SIZ];
 /* Sequence counter starting at 0 and increasing
  * every time we change the config
  */
@@ -300,7 +300,7 @@ struct ajp_worker
 
 jk_sockaddr_t worker_inet_addr;/* Contains host and port */
 unsigned connect_retry_attempts;
-char host[JK_SHM_STR_SIZ+1];
+char host[JK_SHM_STR_SIZ];
 int port;
 int addr_sequence;  /* Whether the address is resolved */
 int maintain_time;

Modified: tomcat/jk/trunk/native/common/jk_lb_worker.h
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_lb_worker.h?rev=1648227&r1=1648226&r2=1648227&view=diff
==
--- tomcat/jk/trunk/native/common/jk_lb_worker.h (original)
+++ tomcat/jk/trunk/native/common/jk_lb_worker.h Sun Dec 28 17:12:59 2014
@@ -140,18 +140,18 @@ struct lb_sub_worker
 /* Shared memory worker data */
 jk_shm_lb_sub_worker_t *s;
 
-char name[JK_SHM_STR_SIZ+1];
+char name[JK_SHM_STR_SIZ];
 /* Sequence counter starting at 0 and increasing
  * every time we change the config
  */
 volatile unsigned int sequence;
 
 /* route */
-charroute[JK_SHM_STR_SIZ+1];
+charroute[JK_SHM_STR_SIZ];
 /* worker domain */
-chardomain[JK_SHM_STR_SIZ+1];
+chardomain[JK_SHM_STR_SIZ];
 /* worker redirect route */
-charredirect[JK_SHM_STR_SIZ+1];
+charredirect[JK_SHM_STR_SIZ];
 /* worker distance */
 int distance;
 /* current activation state (config) of the worker */
@@ -171,7 +171,7 @@ struct lb_worker
 /* Shared memory worker data */
 jk_shm_lb_worker_t *s;
 
-char name[JK_SHM_STR_SIZ+1];
+char name[JK_SHM_STR_SIZ];
 /* Sequence counter starting at 0 and increasing
  * every time we change the config
  */
@@ -197,11 +197,11 @@ struct lb_worker
 unsigned int max_packet_size;
 unsigned int next_offset;
 /* Session cookie */
-char session_cookie[JK_SHM_STR_SIZ+1];
+char session_cookie[JK_SHM_STR_SIZ];
 /* Session path */
-char session_path[JK_SHM_STR_SIZ+1];
+char session_path[JK_SHM_STR_SIZ];
 int  set_session_cookie;
-char session_cookie_path[JK_SHM_STR_SIZ+1];
+char session_cookie_path[JK_SHM_STR_SIZ];
 };
 typedef struct lb_worker lb_worker_t;
 

Modified: tomcat/jk/trunk/native/common/jk_shm.h
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_shm.h?rev=1648227&r1=1648226&r2=1648227&view=diff
==
--- tomcat/jk/trunk/native/common/jk_shm.h (original)
+++ tomcat/jk/trunk/native/common/jk_shm.h Sun Dec 28 17:12:59 2014
@@ -42,7 +42,7 @@ extern "C"
 
 #define JK_SHM_MAJOR'1'
 #define JK_SHM_MINOR'3'
-#define JK_SHM_STR_SIZ  (JK_ALIGN(JK_MAX_NAME_LEN + 1, 8) - 1)
+#define JK_SHM_STR_SIZ  (JK_ALIGN(JK_MAX_NAME_LEN + 1, 8))
 #define JK_SHM_MAGIC'!', 'J', 'K', 'S', 'H', 'M', JK_SHM_MAJOR, 
JK_SHM_MINOR
 #define JK_SHM_

Re: svn commit: r1647530 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11AprProtocol.java java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/LocalStrings.properti

2014-12-28 Thread Christopher Schultz
Mark,

On 12/23/14 5:09 AM, ma...@apache.org wrote:
> Author: markt
> Date: Tue Dec 23 10:09:03 2014
> New Revision: 1647530
> 
> URL: http://svn.apache.org/r1647530
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57391
> Allow TLS Session Tickets to be disabled.
> Patch provided by Josiah Purtlebaugh.
> 
> Modified:
> tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
> tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
> tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
> tomcat/trunk/webapps/docs/config/http.xml
> 
> Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1647530&r1=1647529&r2=1647530&view=diff
> ==
> --- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java 
> (original)
> +++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Tue Dec 
> 23 10:09:03 2014
> @@ -183,6 +183,13 @@ public class Http11AprProtocol extends A
>  public boolean getSSLDisableCompression() { return 
> ((AprEndpoint)getEndpoint()).getSSLDisableCompression(); }
>  public void setSSLDisableCompression(boolean disable) { 
> ((AprEndpoint)getEndpoint()).setSSLDisableCompression(disable); }
>  
> +/**
> + * Disable TLS Session Tickets (RFC 4507).
> + */
> +public boolean getSSLDisableSessionTickets() { return 
> ((AprEndpoint)getEndpoint()).getSSLDisableSessionTickets(); }
> +public void setSSLDisableSessionTickets(boolean enable) { 
> ((AprEndpoint)getEndpoint()).setSSLDisableSessionTickets(enable); }
> +
> +
>  // - JMX related 
> methods
>  
>  @Override
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1647530&r1=1647529&r2=1647530&view=diff
> ==
> --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Tue Dec 23 
> 10:09:03 2014
> @@ -271,6 +271,12 @@ public class AprEndpoint extends Abstrac
>  public String getSSLCARevocationFile() { return SSLCARevocationFile; }
>  public void setSSLCARevocationFile(String SSLCARevocationFile) { 
> this.SSLCARevocationFile = SSLCARevocationFile; }
>  
> +/**
> + * SSL disable TLS Session Tickets (RFC 4507).
> + */
> +protected boolean SSLDisableSessionTickets = false;
> +public boolean getSSLDisableSessionTickets() { return 
> SSLDisableSessionTickets; }
> +public void setSSLDisableSessionTickets(boolean 
> SSLDisableSessionTickets) { this.SSLDisableSessionTickets = 
> SSLDisableSessionTickets; }
>  
>  /**
>   * SSL verify client.
> @@ -575,6 +581,24 @@ public class AprEndpoint extends Abstrac
>SSL.versionString()));
>  }
>  }
> +
> +// Disable TLS Session Tickets (RFC4507) to protect perfect 
> forward secrecy
> +if (SSLDisableSessionTickets) {
> +boolean disableSessionTicketsSupported = false;
> +try {
> +disableSessionTicketsSupported = 
> SSL.hasOp(SSL.SSL_OP_NO_TICKET);
> +if (disableSessionTicketsSupported)
> +SSLContext.setOptions(sslContext, 
> SSL.SSL_OP_NO_TICKET);


I think if the user requests disabled session tickets and the SSL
library doesn't "have" that option-code, we should fail, here, instead
of silently ignoring the request. I believe this is justified based upon
the security implications of the setting.

-chris

> +} catch (UnsatisfiedLinkError e) {
> +// Ignore
> +}
> +
> +if (!disableSessionTicketsSupported) {
> +// OpenSSL is too old to support TLS Session Tickets.
> +
> log.warn(sm.getString("endpoint.warn.noDisableSessionTickets",
> +  SSL.versionString()));
> +}
> +}
>  
>  // List the ciphers that the client is permitted to negotiate
>  SSLContext.setCipherSuite(sslContext, SSLCipherSuite);
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1647530&r1=1647529&r2=1647530&view=diff
> ==
> --- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties 
> (original)
> +++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalSt

[GUMP@vmgump]: Project tomcat-native-make (in module tomcat-native) failed

2014-12-28 Thread Bill Barker
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-native-make has an issue affecting its community integration.
This issue affects 4 projects,
 and has been outstanding for 40 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-native-make :  Tomcat native library using Apache Portable Runtime
- tomcat-native-make-install :  Tomcat native library using Apache Portable 
Runtime
- tomcat-tc8.0.x-test-apr :  Tomcat 8.x, a web server implementing the Java 
Servlet 3.1,
...
- tomcat-trunk-test-apr :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-native/tomcat-native-make/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -INFO- Failed with reason build failed



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-native/tomcat-native-make/gump_work/build_tomcat-native_tomcat-native-make.html
Work Name: build_tomcat-native_tomcat-native-make (Type: Build)
Work ended in a state of : Failed
Elapsed: 10 secs
Command Line: make 
[Working Directory: /srv/gump/public/workspace/tomcat-native/native]
-
make[1]: Entering directory `/srv/gump/public/workspace/tomcat-native/native'
/bin/bash /srv/gump/public/workspace/apr-1/dest-20141229/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL   
-I/srv/gump/public/workspace/tomcat-native/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl/dest-20141229/include  
-I/srv/gump/public/workspace/apr-1/dest-20141229/include/apr-1   -o 
src/address.lo -c src/address.c && touch src/address.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20141229/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL   
-I/srv/gump/public/workspace/tomcat-native/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl/dest-20141229/include  
-I/srv/gump/public/workspace/apr-1/dest-20141229/include/apr-1   -o src/bb.lo 
-c src/bb.c && touch src/bb.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20141229/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL   
-I/srv/gump/public/workspace/tomcat-native/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl/dest-20141229/include  
-I/srv/gump/public/workspace/apr-1/dest-20141229/include/apr-1   -o src/dir.lo 
-c src/dir.c && touch src/dir.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20141229/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL   
-I/srv/gump/public/workspace/tomcat-native/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl/dest-20141229/include  
-I/srv/gump/public/workspace/apr-1/dest-20141229/include/apr-1   -o 
src/error.lo -c src/error.c && touch src/error.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20141229/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL   
-I/srv/gump/public/workspace/tomcat-native/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl/dest-20141229/include  
-I/srv/gump/public/workspace/apr-1/dest-20141229/include/apr-1   -o src/file.lo 
-c src/file.c && touch src/file.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20141229/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL   
-I/srv/gump/public/workspace/tomcat-native/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl/dest-20141229/include  
-I/srv/gump/public/workspace/apr-1/dest-20141229/include/apr-1   -o src/info.lo 
-c src/info.c && touch src/info.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20141229/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL   
-I/srv/gump/public/workspace/tomca