svn commit: r1804754 - /tomcat/trunk/java/org/apache/coyote/http2/Stream.java
Author: markt Date: Fri Aug 11 07:06:46 2017 New Revision: 1804754 URL: http://svn.apache.org/viewvc?rev=1804754&view=rev Log: Now CVE-2017-7675 is public, make the comment more specific Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1804754&r1=1804753&r2=1804754&view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Fri Aug 11 07:06:46 2017 @@ -313,8 +313,10 @@ class Stream extends AbstractStream impl String query = value.substring(queryStart + 1); coyoteRequest.queryString().setString(query); } -// Bug 61120. Set the URI as bytes rather than String so any path -// parameters are correctly processed +// Bug 61120. Set the URI as bytes rather than String so: +// - any path parameters are correctly processed +// - the normalization security checks are performed that prevent +// directory traversal attacks byte[] uriBytes = uri.getBytes(StandardCharsets.ISO_8859_1); coyoteRequest.requestURI().setBytes(uriBytes, 0, uriBytes.length); break; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1804755 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/coyote/http2/Stream.java
Author: markt Date: Fri Aug 11 07:07:25 2017 New Revision: 1804755 URL: http://svn.apache.org/viewvc?rev=1804755&view=rev Log: Now CVE-2017-7675 is public, make the comment more specific Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Stream.java Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Fri Aug 11 07:07:25 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216 8,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763786,1763798-1
svn commit: r1804756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml
Author: markt Date: Fri Aug 11 07:23:49 2017 New Revision: 1804756 URL: http://svn.apache.org/viewvc?rev=1804756&view=rev Log: Add missing word spotted by Mitre Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1804756&r1=1804755&r2=1804756&view=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Fri Aug 11 07:23:49 2017 @@ -380,9 +380,9 @@ -The CORS Filter did not an HTTP Vary header indicating that the response - varies depending on Origin. This permitted client and server side cache - poisoning in some circumstances. +The CORS Filter did not add an HTTP Vary header indicating that the + response varies depending on Origin. This permitted client and server + side cache poisoning in some circumstances. This was fixed in revision http://svn.apache.org/viewvc?view=rev&rev=1795816";>1795816. Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1804756&r1=1804755&r2=1804756&view=diff == --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Fri Aug 11 07:23:49 2017 @@ -347,9 +347,9 @@ -The CORS Filter did not an HTTP Vary header indicating that the response - varies depending on Origin. This permitted client and server side cache - poisoning in some circumstances. +The CORS Filter did not add an HTTP Vary header indicating that the + response varies depending on Origin. This permitted client and server + side cache poisoning in some circumstances. This was fixed in revision http://svn.apache.org/viewvc?view=rev&rev=1795815";>1795815. @@ -398,9 +398,9 @@ -The CORS Filter did not an HTTP Vary header indicating that the response - varies depending on Origin. This permitted client and server side cache - poisoning in some circumstances. +The CORS Filter did not add an HTTP Vary header indicating that the + response varies depending on Origin. This permitted client and server + side cache poisoning in some circumstances. This was fixed in revision http://svn.apache.org/viewvc?view=rev&rev=1795814";>1795814. Modified: tomcat/site/trunk/docs/security-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1804756&r1=1804755&r2=1804756&view=diff == --- tomcat/site/trunk/docs/security-9.html (original) +++ tomcat/site/trunk/docs/security-9.html Fri Aug 11 07:23:49 2017 @@ -322,9 +322,9 @@ -The CORS Filter did not an HTTP Vary header indicating that the response - varies depending on Origin. This permitted client and server side cache - poisoning in some circumstances. +The CORS Filter did not add an HTTP Vary header indicating that the + response varies depending on Origin. This permitted client and server + side cache poisoning in some circumstances. This was fixed in revision http://svn.apache.org/viewvc?view=rev&rev=1795813";>1795813. Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1804756&r1=1804755&r2=1804756&view=diff == --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Fri Aug 11 07:23:49 2017 @@ -55,9 +55,9 @@ Moderate: Cache Poisoning CVE-2017-7674 -The CORS Filter did not an HTTP Vary header indicating that the response - varies depending on Origin. This permitted client and server side cache - poisoning in some circumstances. +The CORS Filter did not add an HTTP Vary header indicating that the + response varies depending on Origin. This permitted client and server + side cache poisoning in some circumstances. This was fixed in revision 1795816. Modified: tomcat/site/trunk/xdocs/security-8.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1804756&r1=1804755&r2=1804756&view=diff == --- tomcat/site/trunk/xdocs/security-8.xml (original) +++ tomcat/site/trunk/xdocs/security-8.xml Fri Aug 11 07:23:49 2017 @@ -55,9 +55,9 @@ Moderate: Cache Poisoning CVE-2017-7674 -The CORS Filter did not an HTTP Vary head
svn commit: r20928 - /dev/tomcat/tomcat-7/v7.0.80/
Author: violetagg Date: Fri Aug 11 10:03:21 2017 New Revision: 20928 Log: Tomcat 7.0.80 did not pass the vote Removed: dev/tomcat/tomcat-7/v7.0.80/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1804761 - in /tomcat/tc7.0.x/tags/TOMCAT_7_0_81: ./ build.properties.default
Author: violetagg Date: Fri Aug 11 10:10:59 2017 New Revision: 1804761 URL: http://svn.apache.org/viewvc?rev=1804761&view=rev Log: Tag 7.0.81 Added: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ (props changed) - copied from r1804760, tomcat/tc7.0.x/trunk/ Modified: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/build.properties.default Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ -- bugtraq:append = false Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ -- bugtraq:label = Bugzilla ID (optional) Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ -- --- bugtraq:logregex (added) +++ bugtraq:logregex Fri Aug 11 10:10:59 2017 @@ -0,0 +1,2 @@ +(https?\://(bz|issues)\.apache\.org/bugzilla/show_bug.cgi\?id=\d+|BZ\s?\d+) +(\d+) Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ -- bugtraq:message = Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID% Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ -- bugtraq:url = https://bz.apache.org/bugzilla/show_bug.cgi?id=%BUGID% Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ -- --- svn:ignore (added) +++ svn:ignore Fri Aug 11 10:10:59 2017 @@ -0,0 +1,7 @@ +.* +build.properties +logs +nbproject +output +work +*.iml Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ -- --- svn:mergeinfo (added) +++ svn:mergeinfo Fri Aug 11 10:10:59 2017 @@ -0,0 +1,3 @@ +/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,17
svn commit: r20929 [2/2] - in /dev/tomcat/tomcat-7/v7.0.81: ./ bin/ bin/embed/ bin/extras/ src/
Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar.sha1 == --- dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar.sha1 (added) +++ dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar.sha1 Fri Aug 11 11:10:12 2017 @@ -0,0 +1 @@ +a6a5a64f2a58b85033addff6d7d9481c1cdcdec5 *catalina-jmx-remote.jar \ No newline at end of file Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar == Binary file - no diff available. Propchange: dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar -- svn:mime-type = application/octet-stream Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.asc == --- dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.asc (added) +++ dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.asc Fri Aug 11 11:10:12 2017 @@ -0,0 +1,17 @@ +-BEGIN PGP SIGNATURE- +Version: GnuPG v2 + +iQIcBAABCgAGBQJZjYWoAAoJECCLCrHWMBHHSvQP/j7fxixiW5Zd54CK1HaLJ73T +oZ3YNYKVldhmTEXDpJqDY5jEnY3MuETJemtlq78JJ95NWilyaLaGondpWeO+ndKR +33aINWa14dnlZSYWTHLstpNhPdOZgbVNOwFpaeCKtcm/l0SVAYvl9EM8yoT9yu6q +34U456vCcqR+Z9xlOjddN3dxkYwAp5GyPNAIeRCD7olQFH3et7P+Pw08m1pd/RjT +mTngOVtlJ61kbAGuVOCs1f1ZKYAFrXzBcjl2stJW/OWbbLsY/3/uv3cQMsxOCRpi +nB74dun/0v/jh2+t86Hhuegt172lZbt9yyVWd7UATa7a/IzYawyBK53i3pa4e5UL +AqKKasA6XXLMXqtkhLEfORCgPQcbCWmuYy7o6xQ85ZGm77ZvZduaRu4d4zRSyHlt +yqo/svEHI5SDbO0xdzKLiJ0a5Z45ptoBNt3RT1zQDuxtao+Y6FMxCcVdPGlAHjnK +YEBx3DueBDIkR3ZPQBTFet7ope9R6GNYC37GG5y4KYffP1KmgVgM4zIkA5WBuJ3s +od69ahsRAOBdK3YQD0BmgvU3CyMsRvIf+mMmjF2Gz3cV9MPjk2m/+8tXzzE2Vn/7 +Y1aTcKvm4n8ytMFMGeIslYvjB8KuWEgjik7UfPYoKzyrvkKYyTNBUm6khjIg0bOM +6pZYaA760E50QlRWv2hq +=c+od +-END PGP SIGNATURE- Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.md5 == --- dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.md5 (added) +++ dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.md5 Fri Aug 11 11:10:12 2017 @@ -0,0 +1 @@ +046c8bd77699282dce9e5044632c7729 *catalina-ws.jar \ No newline at end of file Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.sha1 == --- dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.sha1 (added) +++ dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.sha1 Fri Aug 11 11:10:12 2017 @@ -0,0 +1 @@ +d355664bfe828e82b5a41f24a1327b0ef5c01682 *catalina-ws.jar \ No newline at end of file Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar == Binary file - no diff available. Propchange: dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar -- svn:mime-type = application/octet-stream Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.asc == --- dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.asc (added) +++ dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.asc Fri Aug 11 11:10:12 2017 @@ -0,0 +1,17 @@ +-BEGIN PGP SIGNATURE- +Version: GnuPG v2 + +iQIcBAABCgAGBQJZjYWnAAoJECCLCrHWMBHHwgYP+wamXnkQqtqALJp9b+O20lwY +XqFn9A41p9dDOnwwlLgYJSMe7Bytftx98p29RY+vHEHwz2ByAFjb35VvwWkDYtSw +Tj/rQlaDvJOhI8yIS8hWCuKp9KiRevu18RmBMQ2rvYRD+jwRQs41T1LEsxgx8WJf +2OiScUu4imVQWqp9wLcO+hEoBTGjsPhljeSZLsofdDOhAoDEuqhpp3bZc0Jw96u5 +tlAemptb06zO9UTxjjjQZivLl5UjOvbsIyPo8UPD+GCtGsFiIt6yNcgKTCtDsTJ+ +UgIOPXJ/I07dhKNeCdjEQK/4LGyW2zeSwY7p3dvTGd9RRQRr1qzQHFvvyLlw6iRl +b2vqRCr0DRRoJNNM22UzBjZApr5WoYx0EtBFeTeJ0jJBsVJY4FPT+/n3n1+PDPAc +946vPVelX/IocJ3oe1ekwwX/BwvZ03ZjpmvDxixfqCSLyHDTDh9tk1hCZHsUt97V +vahDcZmrv6mvWLn2UgQQB/oiFa3IpjkfEkfUg6HVIbisAwHgRLg5X9tJ78c3xL9Y +d//A+qMibTVi4qp1Nq0vrHcxra+jbfJ18lxgUXDKelrwE4WJG0GuAkKUA5DLf8aL +V8Pn+96LpfWwvBuz9d9fR9LRNvyZQ7sqRBbUX2O12QJeDSPZDDQMiVAcxG6hXvx7 +QwqgbUFUvSpTvYW3c8BO +=mAEU +-END PGP SIGNATURE- Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.md5 == --- dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.md5 (added) +++ dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.md5 Fri Aug 11 11:10:12 2017 @@ -0,0 +1 @@ +e003f9b03b023cdbd63480b6b3a518be *tomcat-juli-adapters.jar \ No newline at end of file Added: dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.sha1 == --- dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapte
svn commit: r20929 [1/2] - in /dev/tomcat/tomcat-7/v7.0.81: ./ bin/ bin/embed/ bin/extras/ src/
Author: violetagg Date: Fri Aug 11 11:10:12 2017 New Revision: 20929 Log: Stage 7.0.81 RC Added: dev/tomcat/tomcat-7/v7.0.81/ dev/tomcat/tomcat-7/v7.0.81/KEYS dev/tomcat/tomcat-7/v7.0.81/README.html dev/tomcat/tomcat-7/v7.0.81/RELEASE-NOTES dev/tomcat/tomcat-7/v7.0.81/bin/ dev/tomcat/tomcat-7/v7.0.81/bin/README.html dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.tar.gz (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.tar.gz.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.tar.gz.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.tar.gz.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.zip (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.zip.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.zip.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-deployer.zip.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-fulldocs.tar.gz (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-fulldocs.tar.gz.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-fulldocs.tar.gz.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-fulldocs.tar.gz.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x64.zip (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x64.zip.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x64.zip.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x64.zip.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x86.zip (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x86.zip.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x86.zip.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81-windows-x86.zip.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.exe (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.exe.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.exe.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.exe.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.tar.gz (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.tar.gz.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.tar.gz.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.tar.gz.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.zip (with props) dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.zip.asc dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.zip.md5 dev/tomcat/tomcat-7/v7.0.81/bin/apache-tomcat-7.0.81.zip.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/embed/ dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.tar.gz (with props) dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.tar.gz.asc dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.tar.gz.md5 dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.tar.gz.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.zip (with props) dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.zip.asc dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.zip.md5 dev/tomcat/tomcat-7/v7.0.81/bin/embed/apache-tomcat-7.0.81-embed.zip.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/extras/ dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar (with props) dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar.asc dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar.md5 dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar (with props) dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.asc dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.md5 dev/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-ws.jar.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar (with props) dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.asc dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.md5 dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli-adapters.jar.sha1 dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli.jar (with props) dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli.jar.asc dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli.jar.md5 dev/tomcat/tomcat-7/v7.0.81/bin/extras/tomcat-juli.jar.sha1 dev/tomcat/tomcat-7/v7.0.81/src/ dev/tomcat/tomcat-7/v7.0.81/src/apache-tomcat-7.0.81-src.tar.gz (with props) dev/tomcat/tomcat-7/v7.0.81/src/apache-tomcat-7.0.81-src.tar.gz.asc dev/tomcat/tomcat-7/v7.0.81/src/apache-tomcat-7.0.81-src.tar.gz.md5 dev/tomcat/tomcat-7/v7.0.81/src/apache-tomcat-7.0.81-src.tar.gz.sha1 dev/tomcat/tomcat-7/v7.0.
[VOTE] Release Apache Tomcat 7.0.81
The proposed Apache Tomcat 7.0.81 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.81/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1151/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_81/ The proposed 7.0.81 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 7.0.81 Stable Regards, Violeta
svn commit: r1804776 - in /tomcat/tc7.0.x/trunk: build.properties.default res/maven/mvn.properties.default webapps/docs/changelog.xml
Author: violetagg Date: Fri Aug 11 11:20:08 2017 New Revision: 1804776 URL: http://svn.apache.org/viewvc?rev=1804776&view=rev Log: Increment version for next dev cycle Modified: tomcat/tc7.0.x/trunk/build.properties.default tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/build.properties.default?rev=1804776&r1=1804775&r2=1804776&view=diff == --- tomcat/tc7.0.x/trunk/build.properties.default (original) +++ tomcat/tc7.0.x/trunk/build.properties.default Fri Aug 11 11:20:08 2017 @@ -25,7 +25,7 @@ # - Version Control Flags - version.major=7 version.minor=0 -version.build=81 +version.build=82 version.patch=0 version.suffix=-dev Modified: tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default?rev=1804776&r1=1804775&r2=1804776&view=diff == --- tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default (original) +++ tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default Fri Aug 11 11:20:08 2017 @@ -35,7 +35,7 @@ maven.asf.release.repo.url=https://repos maven.asf.release.repo.repositoryId=apache.releases # Release version info -maven.asf.release.deploy.version=7.0.81 +maven.asf.release.deploy.version=7.0.82 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1804776&r1=1804775&r2=1804776&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Aug 11 11:20:08 2017 @@ -57,6 +57,8 @@ They eventually become mixed with the numbered issues. (I.e., numbered issues do not "pop up" wrt. others). --> + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-7-trunk
The Buildbot has detected a new failure on builder tomcat-7-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/844 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1804776 Blamelist: violetagg BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Server TLS renegotiation issues with tc-native
On 09/08/17 15:51, Mark Thomas wrote: > I'll take a look at this. I think the hint about the statistics hack > will help me get further than I have so far. Whether it is far enough, > we'll see. As it happened, the statistics weren't the fix I needed but they got me looking in the right direction where I found SSL_renegotiate_pending() - thanks for the hint. I have attached my proposed patch for review. It seems to be moving back towards an a previous approach. The commit history suggests this approach should not be necessary. I have tested both 7.0.x and 9.0.x and both versions need the additional reads. I'm not 100% sure what is going on. If there aren't any objections, I plan to apply this patch roll 1.2.13 in time for it to be included in the September round of Tomcat releases. Mark Index: native/src/sslnetwork.c === --- native/src/sslnetwork.c (revision 180) +++ native/src/sslnetwork.c (working copy) @@ -365,7 +365,7 @@ * Check for failed client authentication */ if (con->ctx->verify_mode != SSL_VERIFY_NONE && - (vr = SSL_get_verify_result(con->ssl)) != X509_V_OK) { +(vr = SSL_get_verify_result(con->ssl)) != X509_V_OK) { if (SSL_VERIFY_ERROR_IS_OPTIONAL(vr) && con->ctx->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA) { @@ -622,8 +622,9 @@ { tcn_socket_t *s = J2P(sock, tcn_socket_t *); tcn_ssl_conn_t *con; -int retVal; +int retVal, error; char peekbuf[1]; +apr_interval_time_t timeout; UNREFERENCED_STDARGS; TCN_ASSERT(sock != 0); @@ -633,28 +634,59 @@ * handshake to proceed. */ con->reneg_state = RENEG_ALLOW; + +// Schedule a renegotiation request retVal = SSL_renegotiate(con->ssl); if (retVal <= 0) return APR_EGENERAL; -retVal = SSL_do_handshake(con->ssl); -if (retVal <= 0) -return APR_EGENERAL; -if (!SSL_is_init_finished(con->ssl)) { -return APR_EGENERAL; -} - -/* Need to trigger renegotiation handshake by reading. +/* Need to trigger the renegotiation handshake by reading. * Peeking 0 bytes actually works. * See: http://marc.info/?t=14549335922&r=1&w=2 + * + * This will normally return SSL_ERROR_WANT_READ whether the renegotiation + * has been completed or not. Afterwards, need to determine if I/O needs to + * be triggered or not. */ -SSL_peek(con->ssl, peekbuf, 0); +retVal = SSL_peek(con->ssl, peekbuf, 0); +if (retVal < 1) { +error = SSL_get_error(con->ssl, retVal); +} -con->reneg_state = RENEG_REJECT; +apr_socket_timeout_get(con->sock, &timeout); +// If the renegotiation is still pending, then I/O needs to be triggered +while (SSL_renegotiate_pending(con->ssl)) { + if (error == SSL_ERROR_WANT_READ) { + retVal = wait_for_io_or_timeout(con, error, timeout); + /* + * Since this is blocking I/O, anything other than APR_SUCCESS is an + * error. + */ + if (retVal != APR_SUCCESS) { +printf("ERROR\n"); +con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN; +return retVal; + } + } else { + // SSL_ERROR_WANT_READ is expected. Anything else is an error. + return APR_EGENERAL; + } -if (!SSL_is_init_finished(con->ssl)) { -return APR_EGENERAL; + // Re-try SSL_peek after I/O + retVal = SSL_peek(con->ssl, peekbuf, 0); + if (retVal < 1) { + error = SSL_get_error(con->ssl, retVal); + } else { + /* + * Reset error to handle case where SSL_Peek returns 0 but + * SSL_renegotiate_pending returns true. This will trigger an error + * to be returned. + */ + error = 0; + } } + +con->reneg_state = RENEG_REJECT; return APR_SUCCESS; } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1804813 - in /tomcat/trunk: java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java webapps/docs/changel
Author: remm Date: Fri Aug 11 16:01:41 2017 New Revision: 1804813 URL: http://svn.apache.org/viewvc?rev=1804813&view=rev Log: Fix possible race condition when using an upgraded connection and setting the IO listeners, it now uses the same processing as non upgraded connections. Modified: tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java?rev=1804813&r1=1804812&r2=1804813&view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java Fri Aug 11 16:01:41 2017 @@ -101,6 +101,8 @@ public class UpgradeServletInputStream e throw new IllegalStateException(sm.getString("upgrade.sis.read.closed")); } +this.listener = listener; + // Container is responsible for first call to onDataAvailable(). if (ContainerThreadMarker.isContainerThread()) { processor.addDispatch(DispatchType.NON_BLOCKING_READ); @@ -108,7 +110,6 @@ public class UpgradeServletInputStream e socketWrapper.registerReadInterest(); } -this.listener = listener; // Switching to non-blocking. Don't know if data is available. ready = null; } Modified: tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java?rev=1804813&r1=1804812&r2=1804813&view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java Fri Aug 11 16:01:41 2017 @@ -112,6 +112,7 @@ public class UpgradeServletOutputStream if (closed) { throw new IllegalStateException(sm.getString("upgrade.sos.write.closed")); } +this.listener = listener; // Container is responsible for first call to onWritePossible(). synchronized (registeredLock) { registered = true; @@ -123,7 +124,6 @@ public class UpgradeServletOutputStream } } -this.listener = listener; } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1804813&r1=1804812&r2=1804813&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Fri Aug 11 16:01:41 2017 @@ -72,6 +72,10 @@ Prevent exceptions being thrown during normal shutdown of NIO connections. This enables TLS connections to close cleanly. (markt) + +Fix possible race condition when setting IO listeners on an upgraded +connection. (remm) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1804814 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java webapps/d
Author: remm Date: Fri Aug 11 16:04:50 2017 New Revision: 1804814 URL: http://svn.apache.org/viewvc?rev=1804814&view=rev Log: Fix possible race condition when using an upgraded connection and setting the IO listeners, it now uses the same processing as non upgraded connections. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java tomcat/tc8.5.x/trunk/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Fri Aug 11 16:04:50 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216 8,1762172,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,176
svn commit: r1804815 - in /tomcat/tc8.0.x/trunk: java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java webapps/docs/changelog.xml
Author: remm Date: Fri Aug 11 16:10:32 2017 New Revision: 1804815 URL: http://svn.apache.org/viewvc?rev=1804815&view=rev Log: Fix possible race condition when using an upgraded connection and setting the IO listeners, it now uses the same processing as non upgraded connections. Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java?rev=1804815&r1=1804814&r2=1804815&view=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java Fri Aug 11 16:10:32 2017 @@ -100,14 +100,14 @@ public abstract class AbstractServletOut throw new IllegalArgumentException( sm.getString("upgrade.sos.writeListener.set")); } +this.listener = listener; +this.applicationLoader = Thread.currentThread().getContextClassLoader(); // Container is responsible for first call to onWritePossible() but only // need to do this if setting the listener for the first time. synchronized (fireListenerLock) { fireListener = true; } socketWrapper.addDispatch(DispatchType.NON_BLOCKING_WRITE); -this.listener = listener; -this.applicationLoader = Thread.currentThread().getContextClassLoader(); } Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1804815&r1=1804814&r2=1804815&view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Fri Aug 11 16:10:32 2017 @@ -45,6 +45,14 @@ issues do not "pop up" wrt. others). --> + + + +Fix possible race condition when setting IO listeners on an upgraded +connection. (remm) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Server TLS renegotiation issues with tc-native
2017-08-11 18:20 GMT+03:00 Mark Thomas : > On 09/08/17 15:51, Mark Thomas wrote: > >> I'll take a look at this. I think the hint about the statistics hack >> will help me get further than I have so far. Whether it is far enough, >> we'll see. > > As it happened, the statistics weren't the fix I needed but they got me > looking in the right direction where I found SSL_renegotiate_pending() - > thanks for the hint. > > I have attached my proposed patch for review. 1. Sanity check: You need to explicitly initialize new local variable "error = 0". Current code initializes it only when "if (retVal < 1)" and subsequent if (error == SSL_ERROR_WANT_READ) reads an uninitialized value. Local variables need explicit initialization in C (they do not default to 0). https://stackoverflow.com/questions/14049777/why-are-global-variables-always-initialized-to-0-but-not-local-variables 2. Many new lines have tab characters and some have trailing whitespace. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1804856 - /tomcat/trunk/test/org/apache/tomcat/util/net/ca.jks
Author: rjung Date: Fri Aug 11 21:25:37 2017 New Revision: 1804856 URL: http://svn.apache.org/viewvc?rev=1804856&view=rev Log: Change alias name from "mykey" to "ca". Command used was: keytool -changealias -alias mykey -destalias ca \ -keystore ca.jks Modified: tomcat/trunk/test/org/apache/tomcat/util/net/ca.jks Modified: tomcat/trunk/test/org/apache/tomcat/util/net/ca.jks URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/ca.jks?rev=1804856&r1=1804855&r2=1804856&view=diff == Binary files - no diff available. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org