(tomcat) branch 10.1.x updated: Return the full range with weak etags
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new ec569ce020 Return the full range with weak etags
ec569ce020 is described below
commit ec569ce020b830bc6836abbd2875702b0165045f
Author: remm
AuthorDate: Mon Mar 3 12:09:32 2025 +0100
Return the full range with weak etags
---
java/org/apache/catalina/servlets/DefaultServlet.java| 2 +-
.../apache/catalina/servlets/TestDefaultServletRangeRequests.java| 2 +-
webapps/docs/changelog.xml | 5 +++--
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 61191c2b3f..7523158add 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2468,7 +2468,7 @@ public class DefaultServlet extends HttpServlet {
}
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
-if (resourceETag != null && resourceETag.equals(headerValue)) {
+if (!weakETag && resourceETag != null &&
resourceETag.equals(headerValue)) {
return true;
} else {
return false;
diff --git
a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
index 4fb3952531..e59534b5f9 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
@@ -123,7 +123,7 @@ public class TestDefaultServletRangeRequests extends
TomcatBaseTest {
"bytes=0-9", FastHttpDateFormat.formatDate(1000),
Integer.valueOf(200), strLen, "" });
// Valid weak etag
parameterSets.add(new Object[] {
-"bytes=0-9", weakETag, Integer.valueOf(206), "10", "0-9/" +
len });
+"bytes=0-9", weakETag, Integer.valueOf(200), strLen, "" });
// Invalid strong etag
parameterSets.add(new Object[] {
"bytes=0-9", "\"46273648\"", Integer.valueOf(200), strLen, ""
});
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 14f25800f9..b6dbd20b12 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -109,8 +109,9 @@
69602: Fix regression in releases from 12-2024 that were too
-strict and rejected weak etags in the If-Range header.
-(remm)
+strict and rejected weak etags in the If-Range header with
+a 400 response. Instead will consider it as a failed match since strong
+etags are required for If-Range. (remm)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Improve building
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new d5a16025d9 Improve building
d5a16025d9 is described below
commit d5a16025d901114145fcfb44d34682e84f91e5bc
Author: remm
AuthorDate: Mon Mar 3 16:07:05 2025 +0100
Improve building
---
BUILDING.txt | 25 -
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 66f206e8ba..03ea8dbaff 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -341,14 +341,19 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation PATH from the output or by checking "nsis.home" in
-build.properties.default. For example:
-/home/myuser/tomcat-build-libs/nsis-3.10
+the NSIS installation path from the output or by checking "nsis.home" in
+build.properties.default. For example by default:
+nsis.home=${base.path}/nsis-${nsis.version}
-Download the correct sources from the same site and run the
-following command in the extracted source directory:
+Download the corresponding sources from the same site at:
+${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
-scons UNICODE=yes PREFIX=/home/myuser/tomcat-build-libs/nsis-3.10/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=3.10 install-compiler
+Install the scons Python software construction tool.
+
+Run the following command in the extracted NSIS source directory and set
PATH:
+
+scons UNICODE=yes PREFIX=${base.path}/nsis-${nsis.version}/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=${nsis.version} install-compiler
+export PATH=$PATH:${base.path}/nsis-${nsis.version}/Bin
You need to specify the correct value in VERSION (this ends up in the
installer binary
so it needs to match). The PREFIX is not important, but you need to make
sure
@@ -356,9 +361,11 @@ in build.xml and the default property values in
build.properties.default.
the NSIS binary distribution that "ant download-dist" installed. When using
"NSIS_CONFIG_CONST_DATA_PATH=no" the binary is independent of the value of
"PREFIX".
-Use this "makensis" binary by making sure, that it gets found by setting
-an appropriate PATH environment variable. In addition set the ant property
-"nsis.tool" to "makensis" in build.properties.
+Use this "makensis" binary to make sure that it gets found after setting
+the PATH environment variable.
+
+In addition set the ant property "nsis.tool" to "makensis" in
+build.properties.
6. Build the release:
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Improve building
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 39904be26c Improve building
39904be26c is described below
commit 39904be26c4771283867128c11639136b2c67949
Author: remm
AuthorDate: Mon Mar 3 16:07:05 2025 +0100
Improve building
---
BUILDING.txt | 25 -
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 66f206e8ba..03ea8dbaff 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -341,14 +341,19 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation PATH from the output or by checking "nsis.home" in
-build.properties.default. For example:
-/home/myuser/tomcat-build-libs/nsis-3.10
+the NSIS installation path from the output or by checking "nsis.home" in
+build.properties.default. For example by default:
+nsis.home=${base.path}/nsis-${nsis.version}
-Download the correct sources from the same site and run the
-following command in the extracted source directory:
+Download the corresponding sources from the same site at:
+${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
-scons UNICODE=yes PREFIX=/home/myuser/tomcat-build-libs/nsis-3.10/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=3.10 install-compiler
+Install the scons Python software construction tool.
+
+Run the following command in the extracted NSIS source directory and set
PATH:
+
+scons UNICODE=yes PREFIX=${base.path}/nsis-${nsis.version}/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=${nsis.version} install-compiler
+export PATH=$PATH:${base.path}/nsis-${nsis.version}/Bin
You need to specify the correct value in VERSION (this ends up in the
installer binary
so it needs to match). The PREFIX is not important, but you need to make
sure
@@ -356,9 +361,11 @@ in build.xml and the default property values in
build.properties.default.
the NSIS binary distribution that "ant download-dist" installed. When using
"NSIS_CONFIG_CONST_DATA_PATH=no" the binary is independent of the value of
"PREFIX".
-Use this "makensis" binary by making sure, that it gets found by setting
-an appropriate PATH environment variable. In addition set the ant property
-"nsis.tool" to "makensis" in build.properties.
+Use this "makensis" binary to make sure that it gets found after setting
+the PATH environment variable.
+
+In addition set the ant property "nsis.tool" to "makensis" in
+build.properties.
6. Build the release:
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Improve building
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 8a7cfc4eb5 Improve building
8a7cfc4eb5 is described below
commit 8a7cfc4eb510206b1ba41bb3d127e2fd6d26f63c
Author: remm
AuthorDate: Mon Mar 3 16:07:05 2025 +0100
Improve building
---
BUILDING.txt | 25 -
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 66f206e8ba..03ea8dbaff 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -341,14 +341,19 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation PATH from the output or by checking "nsis.home" in
-build.properties.default. For example:
-/home/myuser/tomcat-build-libs/nsis-3.10
+the NSIS installation path from the output or by checking "nsis.home" in
+build.properties.default. For example by default:
+nsis.home=${base.path}/nsis-${nsis.version}
-Download the correct sources from the same site and run the
-following command in the extracted source directory:
+Download the corresponding sources from the same site at:
+${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
-scons UNICODE=yes PREFIX=/home/myuser/tomcat-build-libs/nsis-3.10/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=3.10 install-compiler
+Install the scons Python software construction tool.
+
+Run the following command in the extracted NSIS source directory and set
PATH:
+
+scons UNICODE=yes PREFIX=${base.path}/nsis-${nsis.version}/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=${nsis.version} install-compiler
+export PATH=$PATH:${base.path}/nsis-${nsis.version}/Bin
You need to specify the correct value in VERSION (this ends up in the
installer binary
so it needs to match). The PREFIX is not important, but you need to make
sure
@@ -356,9 +361,11 @@ in build.xml and the default property values in
build.properties.default.
the NSIS binary distribution that "ant download-dist" installed. When using
"NSIS_CONFIG_CONST_DATA_PATH=no" the binary is independent of the value of
"PREFIX".
-Use this "makensis" binary by making sure, that it gets found by setting
-an appropriate PATH environment variable. In addition set the ant property
-"nsis.tool" to "makensis" in build.properties.
+Use this "makensis" binary to make sure that it gets found after setting
+the PATH environment variable.
+
+In addition set the ant property "nsis.tool" to "makensis" in
+build.properties.
6. Build the release:
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.37
On Sat, Mar 1, 2025 at 8:29 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > The proposed Apache Tomcat 10.1.37 release is now available for > voting. > > All committers and PMC members are kindly requested to provide a vote if > possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are > binding. We welcome non-committer votes or comments on release builds. > > The notable changes compared to 10.1.36 are: > > - Improve the checks for exposure to and protection against >CVE-2024-56337 so that reflection is not used unless required. The >checks for whether the file system is case sensitive or not have been >removed. > > - Use Transfer-Encoding for compression rather than Content-Encoding if >the client submits a TE header containing gzip > > - Add makensis as an option for building the Installer for Windows on >non-Windows platforms. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.37/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1535 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.37 > > https://github.com/apache/tomcat/commit/e4338ee7a3e0f22d85f7cb2e04dacee752eaa619 > > Please reply with a +1 for release or +0/-0/-1 with an explanation. > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > +1 Build is reproducible and all tests pass on Fedora 41 with Java 21, tcnative-2.0.8, apr-1.7.4, openssl-3.2.4. However, the RSA key (3262A061C42FC4C7BBB5C25C1CF0293FA53CA458) used to sign the release is still not present in the KEYS file.
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On Mon, Mar 3, 2025 at 1:45 PM Rémy Maucherat wrote: > > On Mon, Mar 3, 2025 at 1:27 PM Mark Thomas wrote: > > > > On 03/03/2025 10:54, Mark Thomas wrote: > > > > > > > > > I don't recall if I tested with wine after the changes were complete. I > > > do recall installing and uninstalling wine multiple times. I'll retest > > > now. > > > > So clearly I didn't test this with Wine. There is no way the current > > build.xml file will work with Wine. > > > > The challenge is that the NSIS build now calls out to Ant to sign the > > uninstaller and the installer during the NSIS build. When that happens > > under Wine, it fails for a couple of reasons: > > - Ant isn't on the path > > - Ant depends on Java and there isn't a Windows JRE on the path > > > > The first point is relatively simple to fix. The second starts to make > > this a bit more complex. > > > > An alternative is that Wine can call out to Linux executables but that > > moves the problem to making sure the NSIS build knows whether it is > > running under Windows or Wine. > > I don't think that will work. The best case I managed is that it did > call my "Linux native" Ant, with a Windows path. Meh. Once you get > into the Wine environment, I would say you are stuck in there. > > > Ideally building Tomcat shouldn't be any more complicated than: > > - Install Java > > - Install Ant > > - git checkout ... > > - ant release > > > > Then again, we do require Wine to be installed to do release builds on > > Linux so there are some additional requirements. > > > > I do like the makensis approach as it is a lot simpler. Wine on Mac has > > proven tricky to get working in the past. I can see ythe followuing options: > > > > 1. Remove Wine support. Have ant build makensis to the correct recipe > > when on Linux. So +1 for 1) since I was able to get it to work and verify 11.0.5. That should mean I can again build the Windows installer properly for 9.0.x. Rémy > Ok. I would like it more if using my platform makensis was possible. I > will be working trying to get a custom makensis this afternoon. > > As it is, Wine suppose is broken, the only way to fix it is to revert > to the way signing was done previously. > > > 2. Add a requirement for a Windows JRE to make a release build and add > > it and Ant to the path when calling the NSIS installer via Wine. > > -1 > No way. > > > 3. Have the NSIS installer call Ant directly on Windows and via Linux > > when running via wine. > > When I run "wine cmd" I get the "Windows" shell, where I can type > commands and see what it is possible to do from there. I think it's > not a good plan. > > > I'm going to start looking at 3 and the building makensis part of 1 and > > see how far I get. > > > > Thoughts? > > Well, the previous way before all of that was working just fine for > me. Other than that, I'll see if I can have 1) work. > > Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Include NSIS src in the distribution download
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7dbed41d83 Include NSIS src in the distribution download
7dbed41d83 is described below
commit 7dbed41d831dccb66218159f696880ee5fcd1748
Author: Mark Thomas
AuthorDate: Mon Mar 3 16:38:17 2025 +
Include NSIS src in the distribution download
---
BUILDING.txt | 9 +
build.properties.default | 24 ++--
build.xml| 40 +---
3 files changed, 52 insertions(+), 21 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 03ea8dbaff..12fcd7b9f1 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -341,12 +341,13 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation path from the output or by checking "nsis.home" in
+the NSIS installation path from the output or by checking "nsis.bin.home"
in
build.properties.default. For example by default:
-nsis.home=${base.path}/nsis-${nsis.version}
+nsis.bin.home=${base.path}/nsis-${nsis.version}
-Download the corresponding sources from the same site at:
-${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
+The corresponding sources will be downloaded to "nsis.src.home" in
+build.properties.default. For example by default:
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
Install the scons Python software construction tool.
diff --git a/build.properties.default b/build.properties.default
index 1a47ed9bbf..cf4d5c258e 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -173,17 +173,21 @@
tomcat-native.win.2=${base-tomcat.loc.2}/tomcat-connectors/native/${tomcat-nativ
# - NSIS, version 3.0 or later -
nsis.version=3.10
nsis.checksum.enabled=true
-nsis.checksum.algorithm=MD5|SHA-1
-nsis.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
-nsis.home=${base.path}/nsis-${nsis.version}
-nsis.exe=${nsis.home}/makensis.exe
+nsis.bin.checksum.algorithm=MD5|SHA-1
+nsis.bin.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
+nsis.bin.home=${base.path}/nsis-${nsis.version}
+nsis.exe=${nsis.bin.home}/makensis.exe
nsis.arch.dir=x86-unicode/
-nsis.installoptions.dll=${nsis.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
-nsis.nsexec.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsExec.dll
-nsis.nsisdl.dll=${nsis.home}/Plugins/${nsis.arch.dir}NSISdl.dll
-nsis.system.dll=${nsis.home}/Plugins/${nsis.arch.dir}System.dll
-nsis.nsdialogs.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
-nsis.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.installoptions.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
+nsis.nsexec.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsExec.dll
+nsis.nsisdl.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}NSISdl.dll
+nsis.system.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}System.dll
+nsis.nsdialogs.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
+nsis.bin.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.src.checksum.algorithm=MD5|SHA-1
+nsis.src.checksum.value=dec8094892b881f8bed0a170feee3200|d99f80a197653ad7a623a12f209853d68da1ab84
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
+nsis.src.loc=${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
# - Commons Daemon, version 1.2.0 or later -
commons-daemon.version=1.4.1
diff --git a/build.xml b/build.xml
index 9070db7e00..26120921b2 100644
--- a/build.xml
+++ b/build.xml
@@ -2680,7 +2680,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2688,7 +2688,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2697,7 +2697,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -3612,12 +3612,21 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
-
+
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
@@ -3794,6 +3803,23 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Update baseline to 11.0.5
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new a041d8c766 Update baseline to 11.0.5 a041d8c766 is described below commit a041d8c766f77271e018cbf78f216d385e1665ea Author: Mark Thomas AuthorDate: Mon Mar 3 16:37:32 2025 + Update baseline to 11.0.5 --- webapps/docs/changelog.xml | 73 +- 1 file changed, 1 insertion(+), 72 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index fb18ba781b..6f969f1ed0 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -109,7 +109,7 @@ This release contains all of the changes up to and including those in -Apache Tomcat 11.0.4 plus the additional changes listed below. (markt) +Apache Tomcat 11.0.5 plus the additional changes listed below. (markt) The minimum Java version has been updated to Java 21. (markt) @@ -150,32 +150,6 @@ /. (markt) - -Improve the mechanism for detecting whether a web application has been -deployed to a case sensitive or a case insensitive file system. (markt) - - -Enable the JNDIRealm to validate credentials provided to -HttpServletRequest.login(String username, String password) -when the realm is configured to use GSSAPI authentication. (markt) - - -Add support for logging the connection ID (as returned by -ServletRequest.getServletConnection().getConnectionId()) -with the AccessLogValve and -ExtendedAccessLogValve. Based on pull request 814 -by Dmole. (markt) - - -Avoid scenarios where temporary files used for partial PUT would not -be deleted. (remm) - - -69602: Fix regression in releases from 12-2024 that were too -strict and rejected weak etags in the If-Range header with -a 400 response. Instead will consider it as a failed match since strong -etags are required for If-Range. (remm) - @@ -191,20 +165,6 @@ (remm) - -69575: Avoid using compression if a response is already -compressed using compress, deflate or -zstd. (remm) - - -Use Transfer-Encoding for compression rather than -Content-Encoding if the client submits a TE -header containing gzip. (remm) - - -Fix a race condition in the handling of HTTP/2 stream reset that could -cause unexpected 500 responses. (markt) - @@ -229,11 +189,6 @@ - -69598: Add detection of service account token changes to the -KubernetesMembershipProvider implementation and reload the -token if it changes. Based on a patch by Miroslav Jezbera. (markt) - @@ -247,32 +202,6 @@ Update Derby to 10.17.1.0. (markt) - -Add makensis as an option for building the Installer for -Windows on non-Windows platforms. (rjung) - - -Explicitly set the locale to be used for Javadoc. For official releases, -this locale will be English (US) to support reproducible builds. (schultz) - - -Update Byte Buddy to 1.17.1. (markt) - - -Update Checkstyle to 10.21.3. (markt) - - -Update SpotBugs to 4.9.1. (markt) - - -Update JSign to 7.1. (markt) - - -Improvements to French translations. (remm) - - -Improvements to Japanese translations by tak7iji. (markt) - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Include NSIS src in the distribution download
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 648049771d Include NSIS src in the distribution download
648049771d is described below
commit 648049771db1144035f832bfa1e086d8a9851c82
Author: Mark Thomas
AuthorDate: Mon Mar 3 16:38:17 2025 +
Include NSIS src in the distribution download
---
BUILDING.txt | 9 +
build.properties.default | 24 ++--
build.xml| 40 +---
3 files changed, 52 insertions(+), 21 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 03ea8dbaff..12fcd7b9f1 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -341,12 +341,13 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation path from the output or by checking "nsis.home" in
+the NSIS installation path from the output or by checking "nsis.bin.home"
in
build.properties.default. For example by default:
-nsis.home=${base.path}/nsis-${nsis.version}
+nsis.bin.home=${base.path}/nsis-${nsis.version}
-Download the corresponding sources from the same site at:
-${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
+The corresponding sources will be downloaded to "nsis.src.home" in
+build.properties.default. For example by default:
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
Install the scons Python software construction tool.
diff --git a/build.properties.default b/build.properties.default
index 27d69b0d3e..fa4dacb370 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -193,17 +193,21 @@
tomcat-native.win.2=${base-tomcat.loc.2}/tomcat-connectors/native/${tomcat-nativ
# - NSIS, version 3.0 or later -
nsis.version=3.10
nsis.checksum.enabled=true
-nsis.checksum.algorithm=MD5|SHA-1
-nsis.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
-nsis.home=${base.path}/nsis-${nsis.version}
-nsis.exe=${nsis.home}/makensis.exe
+nsis.bin.checksum.algorithm=MD5|SHA-1
+nsis.bin.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
+nsis.bin.home=${base.path}/nsis-${nsis.version}
+nsis.exe=${nsis.bin.home}/makensis.exe
nsis.arch.dir=x86-unicode/
-nsis.installoptions.dll=${nsis.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
-nsis.nsexec.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsExec.dll
-nsis.nsisdl.dll=${nsis.home}/Plugins/${nsis.arch.dir}NSISdl.dll
-nsis.system.dll=${nsis.home}/Plugins/${nsis.arch.dir}System.dll
-nsis.nsdialogs.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
-nsis.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.installoptions.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
+nsis.nsexec.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsExec.dll
+nsis.nsisdl.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}NSISdl.dll
+nsis.system.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}System.dll
+nsis.nsdialogs.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
+nsis.bin.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.src.checksum.algorithm=MD5|SHA-1
+nsis.src.checksum.value=dec8094892b881f8bed0a170feee3200|d99f80a197653ad7a623a12f209853d68da1ab84
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
+nsis.src.loc=${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
# - Commons Daemon, version 1.2.0 or later -
commons-daemon.version=1.4.1
diff --git a/build.xml b/build.xml
index bea41b5251..10e88c67a5 100644
--- a/build.xml
+++ b/build.xml
@@ -2661,7 +2661,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2669,7 +2669,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2678,7 +2678,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -3653,12 +3653,21 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
-
+
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
@@ -3835,6 +3844,23 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Include NSIS src in the distribution download
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 835dc713cc Include NSIS src in the distribution download
835dc713cc is described below
commit 835dc713cca1e8c801c686e5a8e4733504b8cc43
Author: Mark Thomas
AuthorDate: Mon Mar 3 16:38:17 2025 +
Include NSIS src in the distribution download
---
BUILDING.txt | 9 +
build.properties.default | 24 ++--
build.xml| 40 +---
3 files changed, 52 insertions(+), 21 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index b7773ffc2e..ee915413a4 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -340,12 +340,13 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation path from the output or by checking "nsis.home" in
+the NSIS installation path from the output or by checking "nsis.bin.home"
in
build.properties.default. For example by default:
-nsis.home=${base.path}/nsis-${nsis.version}
+nsis.bin.home=${base.path}/nsis-${nsis.version}
-Download the corresponding sources from the same site at:
-${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
+The corresponding sources will be downloaded to "nsis.src.home" in
+build.properties.default. For example by default:
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
Install the scons Python software construction tool.
diff --git a/build.properties.default b/build.properties.default
index 4fbf719f2a..43899e82f6 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -195,17 +195,21 @@
tomcat-native.win.2=${base-tomcat.loc.2}/tomcat-connectors/native/${tomcat-nativ
# - NSIS, version 3.0 or later -
nsis.version=3.10
nsis.checksum.enabled=true
-nsis.checksum.algorithm=MD5|SHA-1
-nsis.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
-nsis.home=${base.path}/nsis-${nsis.version}
-nsis.exe=${nsis.home}/makensis.exe
+nsis.bin.checksum.algorithm=MD5|SHA-1
+nsis.bin.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
+nsis.bin.home=${base.path}/nsis-${nsis.version}
+nsis.exe=${nsis.bin.home}/makensis.exe
nsis.arch.dir=x86-unicode/
-nsis.installoptions.dll=${nsis.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
-nsis.nsexec.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsExec.dll
-nsis.nsisdl.dll=${nsis.home}/Plugins/${nsis.arch.dir}NSISdl.dll
-nsis.system.dll=${nsis.home}/Plugins/${nsis.arch.dir}System.dll
-nsis.nsdialogs.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
-nsis.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.installoptions.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
+nsis.nsexec.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsExec.dll
+nsis.nsisdl.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}NSISdl.dll
+nsis.system.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}System.dll
+nsis.nsdialogs.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
+nsis.bin.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.src.checksum.algorithm=MD5|SHA-1
+nsis.src.checksum.value=dec8094892b881f8bed0a170feee3200|d99f80a197653ad7a623a12f209853d68da1ab84
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
+nsis.src.loc=${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
# - Commons Daemon, version 1.2.0 or later -
commons-daemon.version=1.4.1
diff --git a/build.xml b/build.xml
index 0709b06829..8ad2b5ac5c 100644
--- a/build.xml
+++ b/build.xml
@@ -2658,7 +2658,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2666,7 +2666,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2675,7 +2675,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -3638,12 +3638,21 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
-
+
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
@@ -3820,6 +3829,23 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Include NSIS src in the distribution download
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new c0d64fbe86 Include NSIS src in the distribution download
c0d64fbe86 is described below
commit c0d64fbe86fe38f67a780bd7c95cfab646c50410
Author: Mark Thomas
AuthorDate: Mon Mar 3 16:38:17 2025 +
Include NSIS src in the distribution download
---
BUILDING.txt | 9 +
build.properties.default | 24 ++--
build.xml| 40 +---
3 files changed, 52 insertions(+), 21 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 03ea8dbaff..12fcd7b9f1 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -341,12 +341,13 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation path from the output or by checking "nsis.home" in
+the NSIS installation path from the output or by checking "nsis.bin.home"
in
build.properties.default. For example by default:
-nsis.home=${base.path}/nsis-${nsis.version}
+nsis.bin.home=${base.path}/nsis-${nsis.version}
-Download the corresponding sources from the same site at:
-${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
+The corresponding sources will be downloaded to "nsis.src.home" in
+build.properties.default. For example by default:
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
Install the scons Python software construction tool.
diff --git a/build.properties.default b/build.properties.default
index 800e077cd0..0f732e944c 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -172,17 +172,21 @@
tomcat-native.win.2=${base-tomcat.loc.2}/tomcat-connectors/native/${tomcat-nativ
# - NSIS, version 3.0 or later -
nsis.version=3.10
nsis.checksum.enabled=true
-nsis.checksum.algorithm=MD5|SHA-1
-nsis.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
-nsis.home=${base.path}/nsis-${nsis.version}
-nsis.exe=${nsis.home}/makensis.exe
+nsis.bin.checksum.algorithm=MD5|SHA-1
+nsis.bin.checksum.value=e3e2803a13ead75e4471a51069d04c20|22cf776b463c6c845444328341219167abf399dc
+nsis.bin.home=${base.path}/nsis-${nsis.version}
+nsis.exe=${nsis.bin.home}/makensis.exe
nsis.arch.dir=x86-unicode/
-nsis.installoptions.dll=${nsis.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
-nsis.nsexec.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsExec.dll
-nsis.nsisdl.dll=${nsis.home}/Plugins/${nsis.arch.dir}NSISdl.dll
-nsis.system.dll=${nsis.home}/Plugins/${nsis.arch.dir}System.dll
-nsis.nsdialogs.dll=${nsis.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
-nsis.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.installoptions.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}InstallOptions.dll
+nsis.nsexec.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsExec.dll
+nsis.nsisdl.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}NSISdl.dll
+nsis.system.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}System.dll
+nsis.nsdialogs.dll=${nsis.bin.home}/Plugins/${nsis.arch.dir}nsDialogs.dll
+nsis.bin.loc=${base-sf.loc}/nsis/nsis-${nsis.version}.zip
+nsis.src.checksum.algorithm=MD5|SHA-1
+nsis.src.checksum.value=dec8094892b881f8bed0a170feee3200|d99f80a197653ad7a623a12f209853d68da1ab84
+nsis.src.home=${base.path}/nsis-${nsis.version}-src
+nsis.src.loc=${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
# - Commons Daemon, version 1.2.0 or later -
commons-daemon.version=1.4.1
diff --git a/build.xml b/build.xml
index fafafdc5ba..149ea92e38 100644
--- a/build.xml
+++ b/build.xml
@@ -2633,7 +2633,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2641,7 +2641,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -2650,7 +2650,7 @@ To skip building the Windows installer, set the
skip.installer property in build
-
+
@@ -3565,12 +3565,21 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
-
+
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
@@ -3747,6 +3756,23 @@ Configured for ${release.asfusername} to release Tomcat
${version.major}.${versi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Improve building
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d7ad7cb665 Improve building
d7ad7cb665 is described below
commit d7ad7cb66596db877254803fc52fa3e118094cdb
Author: remm
AuthorDate: Mon Mar 3 16:07:05 2025 +0100
Improve building
---
BUILDING.txt | 25 -
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index add0e98f6c..b7773ffc2e 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -340,14 +340,19 @@ in build.xml and the default property values in
build.properties.default.
in build.properties.default.
Download and extract NSIS for Windows by running "ant download-dist". Note
-the NSIS installation PATH from the output or by checking "nsis.home" in
-build.properties.default. For example:
-/home/myuser/tomcat-build-libs/nsis-3.10
+the NSIS installation path from the output or by checking "nsis.home" in
+build.properties.default. For example by default:
+nsis.home=${base.path}/nsis-${nsis.version}
-Download the correct sources from the same site and run the
-following command in the extracted source directory:
+Download the corresponding sources from the same site at:
+${base-sf.loc}/nsis/nsis-${nsis.version}-src.tar.bz2
-scons UNICODE=yes PREFIX=/home/myuser/tomcat-build-libs/nsis-3.10/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=3.10 install-compiler
+Install the scons Python software construction tool.
+
+Run the following command in the extracted NSIS source directory and set
PATH:
+
+scons UNICODE=yes PREFIX=${base.path}/nsis-${nsis.version}/Bin
SKIPPLUGINS=all SKIPUTILS=all SKIPMISC=all NSIS_CONFIG_CONST_DATA_PATH=no
VERSION=${nsis.version} install-compiler
+export PATH=$PATH:${base.path}/nsis-${nsis.version}/Bin
You need to specify the correct value in VERSION (this ends up in the
installer binary
so it needs to match). The PREFIX is not important, but you need to make
sure
@@ -355,9 +360,11 @@ in build.xml and the default property values in
build.properties.default.
the NSIS binary distribution that "ant download-dist" installed. When using
"NSIS_CONFIG_CONST_DATA_PATH=no" the binary is independent of the value of
"PREFIX".
-Use this "makensis" binary by making sure, that it gets found by setting
-an appropriate PATH environment variable. In addition set the ant property
-"nsis.tool" to "makensis" in build.properties.
+Use this "makensis" binary to make sure that it gets found after setting
+the PATH environment variable.
+
+In addition set the ant property "nsis.tool" to "makensis" in
+build.properties.
6. Build the release:
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.101
On Sun, Mar 2, 2025 at 11:42 AM Rémy Maucherat wrote: > > The proposed Apache Tomcat 9.0.101 release is now available for voting. > > The notable changes compared to 9.0.100 are: > > - Improve the checks for exposure to and protection against >CVE-2024-56337 so that reflection is not used unless required. The >checks for whether the file system is case sensitive or not have been >removed. > > - Use Transfer-Encoding for compression rather than Content-Encoding if >the client submits a TE header containing gzip > > - Add makensis as an option for building the Installer for Windows on >non-Windows platforms. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.101/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1536 > > The tag is: > https://github.com/apache/tomcat/tree/9.0.101 > cf9caee37dd3d2dbb0294983e921c12a318c1f5e > > The proposed 9.0.101 release is: > [X] -1, Broken - do not release > [ ] +1, Stable - go ahead and release as 9.0.101 I am cancelling this release due to the non reproducible installer (which may or may not work properly given the runtime is different). Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: 9.0.101 was not released
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 35f0a4deac 9.0.101 was not released 35f0a4deac is described below commit 35f0a4deacac5e9aa23d806338751f5d9586a3ed Author: remm AuthorDate: Mon Mar 3 16:36:23 2025 +0100 9.0.101 was not released --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 25ae463719..7180e3403c 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -114,7 +114,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PR] Ensure partial put data range not exceed ContentRange declared [tomcat]
Chenjp commented on PR #810: URL: https://github.com/apache/tomcat/pull/810#issuecomment-2694798531 This part is semantically ambiguous, and yet undefined in RFC. We have to make decision when edge case happen: 1. payload length is larger than content-range. (e.g. payload="0123456789", content-range header: bytes 10-14/15) ***candidate actions***: 1.a) action 1: reject request 1.b) action 2: ensure the data boundary of the write is defined by content-range header, discard rest part of payload. e.g. write "01234" from the beginning index 10. // 5 bytes written 1.c) action 3: payload is fully written from the beginning index (start-position) defined in content-range header. e.g. write "0123456789" from the beginning index 10. // 10 bytes written 2. payload length is smaller than content-range. (e.g. payload=01234, content-range header: bytes 10-14/15) ***candidate actions***: 2.a) action 1: reject request 2.b) action 2: ensure the data boundary of the write is defined by content-range header, fill with byte(0) if absent. e.g. write "01234\0\0\0\0\0" from the beginning index 10. // 10 bytes written. 2.c) action 3: payload is fully written from the beginning index (start-position) defined in content-range header. e.g. write "01234" from the beginning index 10. // 5 bytes written @rmaucher which group is better? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On 03/03/2025 15:38, Rémy Maucherat wrote: On Mon, Mar 3, 2025 at 1:45 PM Rémy Maucherat wrote: On Mon, Mar 3, 2025 at 1:27 PM Mark Thomas wrote: On 03/03/2025 10:54, Mark Thomas wrote: I do like the makensis approach as it is a lot simpler. Wine on Mac has proven tricky to get working in the past. I can see ythe followuing options: 1. Remove Wine support. Have ant build makensis to the correct recipe when on Linux. So +1 for 1) since I was able to get it to work and verify 11.0.5. That should mean I can again build the Windows installer properly for 9.0.x. Excellent. Ok. I would like it more if using my platform makensis was possible. That looks to be impossible at the moment. The NSIS installer embeds the installer version in the installer binary so for repeatable builds we need to ensure the same version as used by the Windows binary is used. I will be working trying to get a custom makensis this afternoon. Looks like you got that working. Excellent. As it is, Wine suppose is broken, the only way to fix it is to revert to the way signing was done previously. If we want to support Wine as well as NSIS then I think revert the changes to use call backs to sign the uninstaller and the installer should work. That would mean going back to first building the uninstaller, then the installer. 2. Add a requirement for a Windows JRE to make a release build and add it and Ant to the path when calling the NSIS installer via Wine. -1 No way. Fine by me. I didn't like the option but presented it for completeness. 3. Have the NSIS installer call Ant directly on Windows and via Linux when running via wine. When I run "wine cmd" I get the "Windows" shell, where I can type commands and see what it is possible to do from there. I think it's not a good plan. Having spent a few hours trying to get it to work, I agree with you. I've had zero success. And my sense is that if I did manage to get it to work, debugging faulty configurations would be difficult. I'm going to start looking at 3 and the building makensis part of 1 and see how far I get. Thoughts? Well, the previous way before all of that was working just fine for me. Other than that, I'll see if I can have 1) work. So, I think we have a different set of options now: a) Keep the existing makensis approach and remove Wine support b) Revert the change to using callbacks to sign the uninstaller and installer. Keep the option for makensis or wine. c) Revert all the changes and go back to wine. and a bonus option d) that is an addition to a) or b): d) Try and build a local makensis as part of the build script I'm not sure I see the value in maintaining support for makensis and wine. I'm prepared to be convinced if someone can see a reason. Otherwise I prefer a). I'm happy to try and get d) to work if a) (or b)) is the agreed way forwards. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.37
Dimitris, On 3/3/25 9:57 AM, Dimitris Soumis wrote: On Sat, Mar 1, 2025 at 8:29 AM Christopher Schultz < ch...@christopherschultz.net> wrote: The proposed Apache Tomcat 10.1.37 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.36 are: - Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. - Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip - Add makensis as an option for building the Installer for Windows on non-Windows platforms. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.37/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1535 The tag is: https://github.com/apache/tomcat/tree/10.1.37 https://github.com/apache/tomcat/commit/e4338ee7a3e0f22d85f7cb2e04dacee752eaa619 Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org +1 Build is reproducible and all tests pass on Fedora 41 with Java 21, tcnative-2.0.8, apr-1.7.4, openssl-3.2.4. However, the RSA key (3262A061C42FC4C7BBB5C25C1CF0293FA53CA458) used to sign the release is still not present in the KEYS file. This is what I get during validation of e.g. the .exe artifact: $ gpg --verify --keyring ./apache-keys --no-default-keyring apache-tomcat-10.1.37.exe.asc apache-tomcat-10.1.37.exe gpg: Signature made Sat Mar 1 01:00:52 2025 EST gpg:using RSA key 3262A061C42FC4C7BBB5C25C1CF0293FA53CA458 gpg: Good signature from "Christopher Schultz " [ultimate] gpg: aka "Christopher Schultz " [ultimate] gpg: aka "Christopher Schultz " [ultimate] gpg: aka "Christopher Schultz " [ultimate] $ echo $? 0 The apache-keys file is a proper GPG keyring imported using this command: $ gpg --import --no-default-keyring --primary-keyring ./apache-keys < KEYS The key I use to sign is a subkey of my main key. I believe I've been using the same key to sign releases for a good long time. But I do see that my signature on the Windows .exe binary is not quite right. It fails using osssigncodeusing my usual method :/ -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
Am 03.03.25 um 16:54 schrieb Mark Thomas: On 03/03/2025 15:38, Rémy Maucherat wrote: On Mon, Mar 3, 2025 at 1:45 PM Rémy Maucherat wrote: On Mon, Mar 3, 2025 at 1:27 PM Mark Thomas wrote: On 03/03/2025 10:54, Mark Thomas wrote: I do like the makensis approach as it is a lot simpler. Wine on Mac has proven tricky to get working in the past. I can see ythe followuing options: 1. Remove Wine support. Have ant build makensis to the correct recipe when on Linux. So +1 for 1) since I was able to get it to work and verify 11.0.5. That should mean I can again build the Windows installer properly for 9.0.x. Excellent. Ok. I would like it more if using my platform makensis was possible. That looks to be impossible at the moment. The NSIS installer embeds the installer version in the installer binary so for repeatable builds we need to ensure the same version as used by the Windows binary is used. I will be working trying to get a custom makensis this afternoon. Looks like you got that working. Excellent. As it is, Wine suppose is broken, the only way to fix it is to revert to the way signing was done previously. If we want to support Wine as well as NSIS then I think revert the changes to use call backs to sign the uninstaller and the installer should work. That would mean going back to first building the uninstaller, then the installer. 2. Add a requirement for a Windows JRE to make a release build and add it and Ant to the path when calling the NSIS installer via Wine. -1 No way. Fine by me. I didn't like the option but presented it for completeness. 3. Have the NSIS installer call Ant directly on Windows and via Linux when running via wine. When I run "wine cmd" I get the "Windows" shell, where I can type commands and see what it is possible to do from there. I think it's not a good plan. Having spent a few hours trying to get it to work, I agree with you. I've had zero success. And my sense is that if I did manage to get it to work, debugging faulty configurations would be difficult. I'm going to start looking at 3 and the building makensis part of 1 and see how far I get. Thoughts? Well, the previous way before all of that was working just fine for me. Other than that, I'll see if I can have 1) work. So, I think we have a different set of options now: a) Keep the existing makensis approach and remove Wine support b) Revert the change to using callbacks to sign the uninstaller and installer. Keep the option for makensis or wine. The need for the call-backs has arisen from supporting non-Windows, non-wine. Previously we built a temporary installer in form of a Windows exe. Then executed this temporary installer to get the uninstaller and then finally built the installer. The step of executing the temporary installer was only possible on Windows or wine. So IMHO b) means no longer supporting natively build the Windows installer on non-Windows without wine. c) Revert all the changes and go back to wine. I think b) and c) are the same for the reasons given above. and a bonus option d) that is an addition to a) or b): d) Try and build a local makensis as part of the build script I'm not sure I see the value in maintaining support for makensis and wine. I'm prepared to be convinced if someone can see a reason. Otherwise I prefer a). I'm happy to try and get d) to work if a) (or b)) is the agreed way forwards. I prefer a), but I am not an RM. Option d) might work, but some prerequisites are of course needed, like a compiler toolchain supported by the SConstruct and maybe a python and scons installation. I don't think we want to do this from the ant build. Downloading the correct nsis source and running the scons command would be possible and inside the ant build we have all the subtle points, like which version, which prefix in our hands. Best regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.37
On Mon, Mar 3, 2025 at 6:05 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Dimitris, > > On 3/3/25 9:57 AM, Dimitris Soumis wrote: > > On Sat, Mar 1, 2025 at 8:29 AM Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > >> The proposed Apache Tomcat 10.1.37 release is now available for > >> voting. > >> > >> All committers and PMC members are kindly requested to provide a vote if > >> possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are > >> binding. We welcome non-committer votes or comments on release builds. > >> > >> The notable changes compared to 10.1.36 are: > >> > >> - Improve the checks for exposure to and protection against > >> CVE-2024-56337 so that reflection is not used unless required. The > >> checks for whether the file system is case sensitive or not have > been > >> removed. > >> > >> - Use Transfer-Encoding for compression rather than Content-Encoding if > >> the client submits a TE header containing gzip > >> > >> - Add makensis as an option for building the Installer for Windows on > >> non-Windows platforms. > >> > >> For full details, see the change log: > >> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > >> > >> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > >> without changes. Java EE applications designed for Tomcat 9 and earlier > >> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > >> will automatically convert them to Jakarta EE and copy them to the > >> webapps directory. > >> > >> It can be obtained from: > >> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.37/ > >> > >> The Maven staging repo is: > >> https://repository.apache.org/content/repositories/orgapachetomcat-1535 > >> > >> The tag is: > >> https://github.com/apache/tomcat/tree/10.1.37 > >> > >> > https://github.com/apache/tomcat/commit/e4338ee7a3e0f22d85f7cb2e04dacee752eaa619 > >> > >> Please reply with a +1 for release or +0/-0/-1 with an explanation. > >> > >> - > >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: dev-h...@tomcat.apache.org > >> > >> > > +1 Build is reproducible and all tests pass on Fedora 41 with Java 21, > > tcnative-2.0.8, apr-1.7.4, openssl-3.2.4. > > > > However, the RSA key (3262A061C42FC4C7BBB5C25C1CF0293FA53CA458) used to > > sign the release is still not present in the KEYS file. > > This is what I get during validation of e.g. the .exe artifact: > > $ gpg --verify --keyring ./apache-keys --no-default-keyring > apache-tomcat-10.1.37.exe.asc apache-tomcat-10.1.37.exe > gpg: Signature made Sat Mar 1 01:00:52 2025 EST > gpg:using RSA key 3262A061C42FC4C7BBB5C25C1CF0293FA53CA458 > gpg: Good signature from "Christopher Schultz > " [ultimate] > gpg: aka "Christopher Schultz " > [ultimate] > gpg: aka "Christopher Schultz " > [ultimate] > gpg: aka "Christopher Schultz > " [ultimate] > $ echo $? > 0 > > The apache-keys file is a proper GPG keyring imported using this command: > > $ gpg --import --no-default-keyring --primary-keyring ./apache-keys < KEYS > > The key I use to sign is a subkey of my main key. I believe I've been > using the same key to sign releases for a good long time. > > But I do see that my signature on the Windows .exe binary is not quite > right. It fails using osssigncodeusing my usual method :/ > > -chris > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > Hi Chris, I wasn't aware of the subkey concept and I falsely thought (judging by the rest of the releases) that the key signing the release would be the primary one and should be mentioned explicitly in the KEYS file. Thanks for the detailed clarification. Kind regards, Dimitris
Re: (tomcat) branch main updated: 69602: Allow weak etags in If-Range header
On Mon, Mar 3, 2025 at 10:30 AM Mark Thomas wrote:
>
> On 28/02/2025 22:41, r...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > remm pushed a commit to branch main
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/main by this push:
> > new 7f0df68d29 69602: Allow weak etags in If-Range header
> > 7f0df68d29 is described below
> >
> > commit 7f0df68d292bcb576a48b975f169010b911d728c
> > Author: remm
> > AuthorDate: Fri Feb 28 23:40:42 2025 +0100
> >
> > 69602: Allow weak etags in If-Range header
> >
> > Adjust with the specification language, '"' in the first three chars
> > should detect if this should be a date or an etag.
> > Trim first.
> > ---
> > .../apache/catalina/servlets/DefaultServlet.java | 38
> > +-
> > .../servlets/TestDefaultServletRangeRequests.java | 36
> > ++--
> > webapps/docs/changelog.xml | 5 +++
> > 3 files changed, 60 insertions(+), 19 deletions(-)
> >
> > diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
> > b/java/org/apache/catalina/servlets/DefaultServlet.java
> > index 0e4a33e50c..9fb75069f1 100644
> > --- a/java/org/apache/catalina/servlets/DefaultServlet.java
> > +++ b/java/org/apache/catalina/servlets/DefaultServlet.java
> > @@ -2376,40 +2376,46 @@ public class DefaultServlet extends HttpServlet {
> > // If-Range is not present
> > return true;
> > }
> > -String headerValue = headerEnum.nextElement();
> > +String headerValue = headerEnum.nextElement().trim();
> > if (headerEnum.hasMoreElements()) {
> > // Multiple If-Range headers
> > response.sendError(HttpServletResponse.SC_BAD_REQUEST);
> > return false;
> > }
> >
> > -long headerValueTime = -1L;
> > -try {
> > -headerValueTime = request.getDateHeader("If-Range");
> > -} catch (IllegalArgumentException e) {
> > -// Ignore
> > -}
> > -
> > -if (headerValueTime == -1L) {
> > -// Not HTTP-date so this should be a single strong etag
> > -if (headerValue.length() < 2 || headerValue.charAt(0) != '"' ||
> > +if (headerValue.length() > 2 && (headerValue.charAt(0) == '"' ||
> > headerValue.charAt(2) == '"')) {
> > +boolean weakETag = headerValue.startsWith("W/\"");
> > +if ((!weakETag && headerValue.charAt(0) != '"') ||
> > headerValue.charAt(headerValue.length() - 1) != '"' ||
> > -headerValue.indexOf('"', 1) != headerValue.length() -
> > 1) {
> > -// Not a single, strong entity tag
> > +headerValue.indexOf('"', weakETag ? 3 : 1) !=
> > headerValue.length() - 1) {
> > +// Not a single entity tag
> > response.sendError(HttpServletResponse.SC_BAD_REQUEST);
> > return false;
> > }
> > // If the ETag the client gave does not match the entity
> > // etag, then the entire entity is returned.
> > -if (resourceETag != null && resourceETag.startsWith("\"") &&
> > resourceETag.equals(headerValue.trim())) {
> > +if (resourceETag != null && resourceETag.equals(headerValue)) {
>
> This doesn't look right. Weak entity tags should never match for a
> request using If-Range. I think you need "... && !weakETag" in the above
> condition as well.
Given the report in BZ and my reading of the specification, I missed
it. Should I revert it ?
Rémy
> Mark
>
>
>
> > return true;
> > } else {
> > return false;
> > }
> > } else {
> > -// unit of HTTP date is second, ignore millisecond part.
> > -return resourceLastModified >= headerValueTime &&
> > resourceLastModified < headerValueTime + 1000;
> > +long headerValueTime = -1L;
> > +try {
> > +headerValueTime = request.getDateHeader("If-Range");
> > +} catch (IllegalArgumentException e) {
> > +// Ignore
> > +}
> > +if (headerValueTime >= 0) {
> > +// unit of HTTP date is second, ignore millisecond part.
> > +return resourceLastModified >= headerValueTime &&
> > resourceLastModified < headerValueTime + 1000;
> > +} else {
> > +// Not a single entity tag and not a valid date either
> > +response.sendError(HttpServletResponse.SC_BAD_REQUEST);
> > +return false;
> > +}
> > }
> > +
> > }
> >
> > /**
> > diff --git
> > a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
> > b/test/org/apache/catalina/servlet
[Bug 69603] running configure of tomcat-native breaks on openssl(3.4.1) verification
https://bz.apache.org/bugzilla/show_bug.cgi?id=69603 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #5 from Mark Thomas --- Confirmed that Tomcat Native builds successfully with OpenSSL 3.4.1 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Return the full range with weak etags
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7a911e764c Return the full range with weak etags
7a911e764c is described below
commit 7a911e764cb666a94573862f87408179eb797007
Author: remm
AuthorDate: Mon Mar 3 12:09:32 2025 +0100
Return the full range with weak etags
---
java/org/apache/catalina/servlets/DefaultServlet.java| 2 +-
.../apache/catalina/servlets/TestDefaultServletRangeRequests.java| 2 +-
webapps/docs/changelog.xml | 5 +++--
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 9fb75069f1..5ec84477cf 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2394,7 +2394,7 @@ public class DefaultServlet extends HttpServlet {
}
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
-if (resourceETag != null && resourceETag.equals(headerValue)) {
+if (!weakETag && resourceETag != null &&
resourceETag.equals(headerValue)) {
return true;
} else {
return false;
diff --git
a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
index 4fb3952531..e59534b5f9 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
@@ -123,7 +123,7 @@ public class TestDefaultServletRangeRequests extends
TomcatBaseTest {
"bytes=0-9", FastHttpDateFormat.formatDate(1000),
Integer.valueOf(200), strLen, "" });
// Valid weak etag
parameterSets.add(new Object[] {
-"bytes=0-9", weakETag, Integer.valueOf(206), "10", "0-9/" +
len });
+"bytes=0-9", weakETag, Integer.valueOf(200), strLen, "" });
// Invalid strong etag
parameterSets.add(new Object[] {
"bytes=0-9", "\"46273648\"", Integer.valueOf(200), strLen, ""
});
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8b39743e1d..fb18ba781b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -172,8 +172,9 @@
69602: Fix regression in releases from 12-2024 that were too
-strict and rejected weak etags in the If-Range header.
-(remm)
+strict and rejected weak etags in the If-Range header with
+a 400 response. Instead will consider it as a failed match since strong
+etags are required for If-Range. (remm)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Return the full range with weak etags
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 0cf2688758 Return the full range with weak etags
0cf2688758 is described below
commit 0cf26887587587081be277f0dfdf7f29cdb23b3a
Author: remm
AuthorDate: Mon Mar 3 12:09:32 2025 +0100
Return the full range with weak etags
---
java/org/apache/catalina/servlets/DefaultServlet.java| 2 +-
.../apache/catalina/servlets/TestDefaultServletRangeRequests.java| 2 +-
webapps/docs/changelog.xml | 5 +++--
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 10ca0cf5dd..8273b475bd 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2409,7 +2409,7 @@ public class DefaultServlet extends HttpServlet {
}
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
-if (resourceETag != null && resourceETag.equals(headerValue)) {
+if (!weakETag && resourceETag != null &&
resourceETag.equals(headerValue)) {
return true;
} else {
return false;
diff --git
a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
index 4fb3952531..e59534b5f9 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
@@ -123,7 +123,7 @@ public class TestDefaultServletRangeRequests extends
TomcatBaseTest {
"bytes=0-9", FastHttpDateFormat.formatDate(1000),
Integer.valueOf(200), strLen, "" });
// Valid weak etag
parameterSets.add(new Object[] {
-"bytes=0-9", weakETag, Integer.valueOf(206), "10", "0-9/" +
len });
+"bytes=0-9", weakETag, Integer.valueOf(200), strLen, "" });
// Invalid strong etag
parameterSets.add(new Object[] {
"bytes=0-9", "\"46273648\"", Integer.valueOf(200), strLen, ""
});
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 02365bfcb9..6ce8b4775c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -109,8 +109,9 @@
69602: Fix regression in releases from 12-2024 that were too
-strict and rejected weak etags in the If-Range header.
-(remm)
+strict and rejected weak etags in the If-Range header with
+a 400 response. Instead will consider it as a failed match since strong
+etags are required for If-Range. (remm)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69602] IF-Range Check for Strong-ETags breaks download of large videos
https://bz.apache.org/bugzilla/show_bug.cgi?id=69602 --- Comment #4 from Mark Thomas --- Note that the client in this case is broken. As per RFC 9110: "A client MUST NOT generate an If-Range header field containing an entity tag that is marked as weak." -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: 69602: Allow weak etags in If-Range header
On 28/02/2025 22:41, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7f0df68d29 69602: Allow weak etags in If-Range header
7f0df68d29 is described below
commit 7f0df68d292bcb576a48b975f169010b911d728c
Author: remm
AuthorDate: Fri Feb 28 23:40:42 2025 +0100
69602: Allow weak etags in If-Range header
Adjust with the specification language, '"' in the first three chars
should detect if this should be a date or an etag.
Trim first.
---
.../apache/catalina/servlets/DefaultServlet.java | 38 +-
.../servlets/TestDefaultServletRangeRequests.java | 36 ++--
webapps/docs/changelog.xml | 5 +++
3 files changed, 60 insertions(+), 19 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 0e4a33e50c..9fb75069f1 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2376,40 +2376,46 @@ public class DefaultServlet extends HttpServlet {
// If-Range is not present
return true;
}
-String headerValue = headerEnum.nextElement();
+String headerValue = headerEnum.nextElement().trim();
if (headerEnum.hasMoreElements()) {
// Multiple If-Range headers
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return false;
}
-long headerValueTime = -1L;
-try {
-headerValueTime = request.getDateHeader("If-Range");
-} catch (IllegalArgumentException e) {
-// Ignore
-}
-
-if (headerValueTime == -1L) {
-// Not HTTP-date so this should be a single strong etag
-if (headerValue.length() < 2 || headerValue.charAt(0) != '"' ||
+if (headerValue.length() > 2 && (headerValue.charAt(0) == '"' ||
headerValue.charAt(2) == '"')) {
+boolean weakETag = headerValue.startsWith("W/\"");
+if ((!weakETag && headerValue.charAt(0) != '"') ||
headerValue.charAt(headerValue.length() - 1) != '"' ||
-headerValue.indexOf('"', 1) != headerValue.length() - 1) {
-// Not a single, strong entity tag
+headerValue.indexOf('"', weakETag ? 3 : 1) !=
headerValue.length() - 1) {
+// Not a single entity tag
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return false;
}
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
-if (resourceETag != null && resourceETag.startsWith("\"") &&
resourceETag.equals(headerValue.trim())) {
+if (resourceETag != null && resourceETag.equals(headerValue)) {
This doesn't look right. Weak entity tags should never match for a
request using If-Range. I think you need "... && !weakETag" in the above
condition as well.
Mark
return true;
} else {
return false;
}
} else {
-// unit of HTTP date is second, ignore millisecond part.
-return resourceLastModified >= headerValueTime &&
resourceLastModified < headerValueTime + 1000;
+long headerValueTime = -1L;
+try {
+headerValueTime = request.getDateHeader("If-Range");
+} catch (IllegalArgumentException e) {
+// Ignore
+}
+if (headerValueTime >= 0) {
+// unit of HTTP date is second, ignore millisecond part.
+return resourceLastModified >= headerValueTime &&
resourceLastModified < headerValueTime + 1000;
+} else {
+// Not a single entity tag and not a valid date either
+response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+return false;
+}
}
+
}
/**
diff --git
a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
index af6031a159..4fb3952531 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
@@ -16,7 +16,10 @@
*/
package org.apache.catalina.servlets;
+import java.io.ByteArrayOutputStream;
import java.io.File;
+import java.io.FileInputStream;
+import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -30,9 +33,12 @@ import org.junit.runne
[Bug 69602] IF-Range Check for Strong-ETags breaks download of large videos
https://bz.apache.org/bugzilla/show_bug.cgi?id=69602 --- Comment #5 from Remy Maucherat --- (In reply to Mark Thomas from comment #4) > Note that the client in this case is broken. As per RFC 9110: > > "A client MUST NOT generate an If-Range header field containing an entity > tag that is marked as weak." I missed this, looking mostly at the grammar for the header (which refers to the usual etag). Although "broken", the client simply uses the etag sent by the server. To avoid it, the client would have to do an extra check for W/. If this is a veto, I will revert the fix and the answer to this BZ will be to configure Tomcat to use strong etags. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On Sun, Mar 2, 2025 at 10:20 PM Rainer Jung wrote: > > Am 02.03.25 um 21:00 schrieb Rémy Maucherat: > > On Sun, Mar 2, 2025 at 5:10 PM Rainer Jung wrote: > >> > >> Hi Rémy, > >> > >> Am 02.03.25 um 11:06 schrieb Rémy Maucherat: > >>> On Thu, Feb 13, 2025 at 6:11 PM wrote: > @@ -163,6 +157,9 @@ Var ServiceInstallLog > InstType Minimum > InstType Full > > + !finalize 'ant -f @BASEDIR@/build.xml jsign-installer' > + !uninstfinalize 'ant -f @BASEDIR@/build.xml > -Dcodesigning.file_to_sign=%1 jsign-uninstaller' > >>> > >>> This fails for me with Can't recognize xxx as an internal or external > >>> command, or batch script. > >>> I tried a few things without much success so far. > >> > >> First the original nsi script should automatically be run by ant through > >> a filter to generate one without @ template strings. Originally the > >> filter replaced version numbers, but in the new build.xml it also > >> replaces BASEDIR. The resulting file would be the one used by makensis. > >> Maybe it makes sense to check, how those lines look like in your > >> environment in the generated file. > >> > >> The other possible problem could be, that ant is not found via PATH. > >> What is "xxx"? just the full "ant -f ...jsign-installer"? With or > >> without replaced BASEDIR? What is your platform? Maybe we would have to > >> change something on Windows? > > > > IMO it simply does not work. If you run on Wine, then you're inside a > > fake Windows env, not the original platform. So if you try to run the > > "ant" command in there, it might simply fail and there's no way at all > > to do it. It does the same for installer and uninstaller, the issue is > > with running command "ant". > > Hmm, I never tried with wine but at least I checked, that the ant > download for Windows contains a binary named "ant", not just "ant.exe". > > But yes, it would mean wine has to find a windows executable ant and > maybe it is also a problem, that the resolved BUILDDIR does not work > under the wine Windows emulation :( Another problem is that it seems makensis does not build the same Windows installer (the .dll runtimes in $PLUGINSDIR are different). > > Was this retested with Wine ? It seems the 10.1 tag is bad too so I'm > > likely not the only one having an issue. > > > > Installing makensis worked (installing it was annoying since the > > Fedora packaging was messy - probably it can be installed without > > distro packaging). So if that's "ok", then you should remove the Wine > > support since there are only 2-3 users for this. > > It seems it has to be installed from source. I had added the info from > Mark, how it was build, to the BUILDING.txt. Using this recipe, I could > recreate the TC 11.0.5 installer on my system. > > For 9.0.101 it didn't work, but I do mot yet know, whether this is true > to "your" makensis not having been build with that recipe, or for > instance because the Windows installer contains some of the Javadoc > pages that my Java/Filesystem always generates different from the ones > others get. But since my generated exe and the one in the release vote > differ by about 140KB in size, I guess it is not only Javadocs > differences, but also makensis binary differences. Yes, ok, I did not use your recipe since I had not seen it. I tried Wine, which failed. I thought this was tested, apparently not. I moved on to makensis after a while. Since Fedora had a package, I simply used that. The package was imperfect (some dependency had to be added manually), but it worked. Guess it does not follow the recipe, so the installer generated is different. The problem is that I do not understand the recipe. Rémy > Best regards, > > Rainer > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On 03/03/2025 09:45, Rémy Maucherat wrote: On Sun, Mar 2, 2025 at 10:20 PM Rainer Jung wrote: Hmm, I never tried with wine but at least I checked, that the ant download for Windows contains a binary named "ant", not just "ant.exe". I don't recall if I tested with wine after the changes were complete. I do recall installing and uninstalling wine multiple times. I'll retest now. Yes, ok, I did not use your recipe since I had not seen it. I tried Wine, which failed. I thought this was tested, apparently not. I moved on to makensis after a while. Since Fedora had a package, I simply used that. The package was imperfect (some dependency had to be added manually), but it worked. Guess it does not follow the recipe, so the installer generated is different. The problem is that I do not understand the recipe. I can try and improve the wording. Can you post the extract of the text you don't understand? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.5
On Fri, Feb 28, 2025 at 6:06 PM Mark Thomas wrote: > > The proposed Apache Tomcat 11.0.5 release is now available for voting. > > The notable changes compared to 11.0.4 include: > > - Improve the checks for exposure to and protection against >CVE-2024-56337 so that reflection is not used unless required. The >checks for whether the file system is case sensitive or not have been >removed. > > - Use Transfer-Encoding for compression rather than Content-Encoding if >the client submits a TE header containing gzip > > - Add makensis as an option for building the Installer for Windows on >non-Windows platforms. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.5/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1534 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.5 > 1ba1f9061e49ce03c77b57beff3d50e5c2c3ee29 > > The proposed 11.0.5 release is: > [ ] -1 Broken - do not release > [X] +1 Stable - go ahead and release as 11.0.5 Unable to reproduce the .exe though. I had to use makensis. Reproducible for the other files. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69602] IF-Range Check for Strong-ETags breaks download of large videos
https://bz.apache.org/bugzilla/show_bug.cgi?id=69602 --- Comment #6 from Mark Thomas --- Not a veto. See dev@ for further thoughts. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: 69602: Allow weak etags in If-Range header
On 03/03/2025 10:03, Rémy Maucherat wrote:
On Mon, Mar 3, 2025 at 10:30 AM Mark Thomas wrote:
On 28/02/2025 22:41, r...@apache.org wrote:
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
-if (resourceETag != null && resourceETag.startsWith("\"") &&
resourceETag.equals(headerValue.trim())) {
+if (resourceETag != null && resourceETag.equals(headerValue)) {
This doesn't look right. Weak entity tags should never match for a
request using If-Range. I think you need "... && !weakETag" in the above
condition as well.
Given the report in BZ and my reading of the specification, I missed
it. Should I revert it ?
I don't think so. The bug is valid (to a point). A weak etag probably
shouldn't trigger a 400 response and the patch fixes that.
Just returning false from checkIfRange() for a weak entity tag looks to
be sufficient.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69602] IF-Range Check for Strong-ETags breaks download of large videos
https://bz.apache.org/bugzilla/show_bug.cgi?id=69602 --- Comment #7 from Remy Maucherat --- Ok, so there will not be a 400 anymore (a weak etag is not an invalid etag), but If-Range will no longer match when a weak etag is sent (the full resource will be returned). String etags will need to be used. The change will be in 11.0.6, 10.1.38 and 9.0.102. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Return the full range with weak etags
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 847c78a1aa Return the full range with weak etags
847c78a1aa is described below
commit 847c78a1aab12986af96ebce7294c8d2618c36d6
Author: remm
AuthorDate: Mon Mar 3 12:09:32 2025 +0100
Return the full range with weak etags
---
java/org/apache/catalina/servlets/DefaultServlet.java | 2 +-
.../apache/catalina/servlets/TestDefaultServletRangeRequests.java | 2 +-
webapps/docs/changelog.xml| 8
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index da19889906..7fe25f2328 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2532,7 +2532,7 @@ public class DefaultServlet extends HttpServlet {
}
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
-if (resourceETag != null && resourceETag.equals(headerValue)) {
+if (!weakETag && resourceETag != null &&
resourceETag.equals(headerValue)) {
return true;
} else {
return false;
diff --git
a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
index 4fb3952531..e59534b5f9 100644
--- a/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
+++ b/test/org/apache/catalina/servlets/TestDefaultServletRangeRequests.java
@@ -123,7 +123,7 @@ public class TestDefaultServletRangeRequests extends
TomcatBaseTest {
"bytes=0-9", FastHttpDateFormat.formatDate(1000),
Integer.valueOf(200), strLen, "" });
// Valid weak etag
parameterSets.add(new Object[] {
-"bytes=0-9", weakETag, Integer.valueOf(206), "10", "0-9/" +
len });
+"bytes=0-9", weakETag, Integer.valueOf(200), strLen, "" });
// Invalid strong etag
parameterSets.add(new Object[] {
"bytes=0-9", "\"46273648\"", Integer.valueOf(200), strLen, ""
});
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e709c84cfb..25ae463719 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Weak etags in the If-Range header should not match as
+strong etags are required. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On 03/03/2025 10:54, Mark Thomas wrote: I don't recall if I tested with wine after the changes were complete. I do recall installing and uninstalling wine multiple times. I'll retest now. So clearly I didn't test this with Wine. There is no way the current build.xml file will work with Wine. The challenge is that the NSIS build now calls out to Ant to sign the uninstaller and the installer during the NSIS build. When that happens under Wine, it fails for a couple of reasons: - Ant isn't on the path - Ant depends on Java and there isn't a Windows JRE on the path The first point is relatively simple to fix. The second starts to make this a bit more complex. An alternative is that Wine can call out to Linux executables but that moves the problem to making sure the NSIS build knows whether it is running under Windows or Wine. Ideally building Tomcat shouldn't be any more complicated than: - Install Java - Install Ant - git checkout ... - ant release Then again, we do require Wine to be installed to do release builds on Linux so there are some additional requirements. I do like the makensis approach as it is a lot simpler. Wine on Mac has proven tricky to get working in the past. I can see ythe followuing options: 1. Remove Wine support. Have ant build makensis to the correct recipe when on Linux. 2. Add a requirement for a Windows JRE to make a release build and add it and Ant to the path when calling the NSIS installer via Wine. 3. Have the NSIS installer call Ant directly on Windows and via Linux when running via wine. I'm going to start looking at 3 and the building makensis part of 1 and see how far I get. Thoughts? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On Mon, Mar 3, 2025 at 1:27 PM Mark Thomas wrote: > > On 03/03/2025 10:54, Mark Thomas wrote: > > > > > I don't recall if I tested with wine after the changes were complete. I > > do recall installing and uninstalling wine multiple times. I'll retest now. > > So clearly I didn't test this with Wine. There is no way the current > build.xml file will work with Wine. > > The challenge is that the NSIS build now calls out to Ant to sign the > uninstaller and the installer during the NSIS build. When that happens > under Wine, it fails for a couple of reasons: > - Ant isn't on the path > - Ant depends on Java and there isn't a Windows JRE on the path > > The first point is relatively simple to fix. The second starts to make > this a bit more complex. > > An alternative is that Wine can call out to Linux executables but that > moves the problem to making sure the NSIS build knows whether it is > running under Windows or Wine. I don't think that will work. The best case I managed is that it did call my "Linux native" Ant, with a Windows path. Meh. Once you get into the Wine environment, I would say you are stuck in there. > Ideally building Tomcat shouldn't be any more complicated than: > - Install Java > - Install Ant > - git checkout ... > - ant release > > Then again, we do require Wine to be installed to do release builds on > Linux so there are some additional requirements. > > I do like the makensis approach as it is a lot simpler. Wine on Mac has > proven tricky to get working in the past. I can see ythe followuing options: > > 1. Remove Wine support. Have ant build makensis to the correct recipe > when on Linux. Ok. I would like it more if using my platform makensis was possible. I will be working trying to get a custom makensis this afternoon. As it is, Wine suppose is broken, the only way to fix it is to revert to the way signing was done previously. > 2. Add a requirement for a Windows JRE to make a release build and add > it and Ant to the path when calling the NSIS installer via Wine. -1 No way. > 3. Have the NSIS installer call Ant directly on Windows and via Linux > when running via wine. When I run "wine cmd" I get the "Windows" shell, where I can type commands and see what it is possible to do from there. I think it's not a good plan. > I'm going to start looking at 3 and the building makensis part of 1 and > see how far I get. > > Thoughts? Well, the previous way before all of that was working just fine for me. Other than that, I'll see if I can have 1) work. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-9.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/1297 Blamelist: Mark Thomas , Rainer Jung , remm Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 9.0.x] 835dc713cca1e8c801c686e5a8e4733504b8cc43 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/01: Tag 10.1.38
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.38 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit baa2f2a3149533d3fd51748b4bf7d6fb6f7b0ee1 Author: Christopher Schultz AuthorDate: Mon Mar 3 18:17:01 2025 -0500 Tag 10.1.38 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 8257 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 8258 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..1300af530f --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2025-03-03T22:56:52Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:23.0.2+7 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: aarch64 Mac OS X 15.1.1 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=23.0.2+7 +release-ant-version=1.10.15 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..1b9c16ef31 Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..8d41cb4328 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..a6e03e208e --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10.1.38 + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg +
(tomcat) tag 10.1.38 created (now baa2f2a314)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.38 in repository https://gitbox.apache.org/repos/asf/tomcat.git at baa2f2a314 (commit) This tag includes the following new commits: new baa2f2a314 Tag 10.1.38 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Mark 10.1.37 as not released
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 1fe4f0fad2 Mark 10.1.37 as not released 1fe4f0fad2 is described below commit 1fe4f0fad23091b341b3084fda7394bb49892055 Author: Christopher Schultz AuthorDate: Mon Mar 3 18:20:05 2025 -0500 Mark 10.1.37 as not released --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b6dbd20b12..8569412873 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -116,7 +116,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/01: Tag 10.1.38
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.38 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit baa2f2a3149533d3fd51748b4bf7d6fb6f7b0ee1 Author: Christopher Schultz AuthorDate: Mon Mar 3 18:17:01 2025 -0500 Tag 10.1.38 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 8257 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 8258 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..1300af530f --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2025-03-03T22:56:52Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:23.0.2+7 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: aarch64 Mac OS X 15.1.1 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=23.0.2+7 +release-ant-version=1.10.15 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..1b9c16ef31 Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..8d41cb4328 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..a6e03e208e --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10.1.38 + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg +
(tomcat) tag 10.1.38 created (now baa2f2a314)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.38 in repository https://gitbox.apache.org/repos/asf/tomcat.git at baa2f2a314 (commit) This tag includes the following new commits: new baa2f2a314 Tag 10.1.38 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Increment version numbers for next release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 72687b1802 Increment version numbers for next release. 72687b1802 is described below commit 72687b180236d9216b48909c75f8120bff03dc61 Author: Christopher Schultz AuthorDate: Mon Mar 3 18:31:13 2025 -0500 Increment version numbers for next release. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.properties.default b/build.properties.default index fa4dacb370..99fdc84f5d 100644 --- a/build.properties.default +++ b/build.properties.default @@ -29,7 +29,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=38 +version.build=39 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 6a94344b4f..3059df3803 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.38 +maven.asf.release.deploy.version=10.1.39 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
Mark, On 3/3/25 10:54 AM, Mark Thomas wrote: On 03/03/2025 15:38, Rémy Maucherat wrote: On Mon, Mar 3, 2025 at 1:45 PM Rémy Maucherat wrote: On Mon, Mar 3, 2025 at 1:27 PM Mark Thomas wrote: On 03/03/2025 10:54, Mark Thomas wrote: I do like the makensis approach as it is a lot simpler. Wine on Mac has proven tricky to get working in the past. I can see ythe followuing options: 1. Remove Wine support. Have ant build makensis to the correct recipe when on Linux. So +1 for 1) since I was able to get it to work and verify 11.0.5. That should mean I can again build the Windows installer properly for 9.0.x. Excellent. I was able to do the same, and roll a new RC (somewhat obviously, but adding here for completeness). -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
Mark, On 3/3/25 1:08 PM, Mark Thomas wrote: On 03/03/2025 16:08, Rainer Jung wrote: Am 03.03.25 um 16:54 schrieb Mark Thomas: So, I think we have a different set of options now: a) Keep the existing makensis approach and remove Wine support b) Revert the change to using callbacks to sign the uninstaller and installer. Keep the option for makensis or wine. The need for the call-backs has arisen from supporting non-Windows, non- wine. Previously we built a temporary installer in form of a Windows exe. Then executed this temporary installer to get the uninstaller and then finally built the installer. The step of executing the temporary installer was only possible on Windows or wine. So IMHO b) means no longer supporting natively build the Windows installer on non-Windows without wine. c) Revert all the changes and go back to wine. I think b) and c) are the same for the reasons given above. Good point. Both b) & c) need wine. and a bonus option d) that is an addition to a) or b): d) Try and build a local makensis as part of the build script I'm not sure I see the value in maintaining support for makensis and wine. I'm prepared to be convinced if someone can see a reason. Otherwise I prefer a). I'm happy to try and get d) to work if a) (or b)) is the agreed way forwards. I prefer a), but I am not an RM. Option d) might work, but some prerequisites are of course needed, like a compiler toolchain supported by the SConstruct and maybe a python and scons installation. I don't think we want to do this from the ant build. Downloading the correct nsis source and running the scons command would be possible and inside the ant build we have all the subtle points, like which version, which prefix in our hands. I have this working in the Ant build. I could move this to an independent set of targets so folks can build makensis manually or via Ant. What do folks think? How stable is NSIS? I know we've upgraded the version over time... the last upgrade was 2024-04-29, less than a year ago. If/when NSIS 3.11 comes out, I'm very unlikely to notice a small commit that increments that version number and I'll probably use my old makensis local build. Whether we add an ant target to build makensis or not, I think the primary build needs to make sure the build is using the expected version of the tool. I don't mind another target to run periodically, but I'd like ant to tell me I need to do it if it's not going to do it by itself. I'm also planning on removing Wine support unless there are objections. No real objection here. The old release artifacts include information for how to reproduce the build in BUILDING.TXT (though they are a little vague... I may try to improve them), so removing all that stuff from BUILDING.txt and the Release Process wiki would be good. I'm happy to do that work once we have removed Wine support from git. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r75242 - /dev/tomcat/tomcat-10/v10.1.37/
Author: schultz Date: Mon Mar 3 23:18:07 2025 New Revision: 75242 Log: Drop failed release artifacts Removed: dev/tomcat/tomcat-10/v10.1.37/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) tag 10.1.38 deleted (was baa2f2a314)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.38 in repository https://gitbox.apache.org/repos/asf/tomcat.git *** WARNING: tag 10.1.38 was deleted! *** was baa2f2a314 Tag 10.1.38 This change permanently discards the following revisions: discard baa2f2a314 Tag 10.1.38 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r75243 - in /dev/tomcat/tomcat-10/v10.1.38: ./ bin/ bin/embed/ src/
Author: schultz Date: Mon Mar 3 23:23:12 2025 New Revision: 75243 Log: Upload v10.1.38 for voting Added: dev/tomcat/tomcat-10/v10.1.38/ dev/tomcat/tomcat-10/v10.1.38/KEYS dev/tomcat/tomcat-10/v10.1.38/README.html dev/tomcat/tomcat-10/v10.1.38/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.38/bin/ dev/tomcat/tomcat-10/v10.1.38/bin/README.html dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.exe (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.exe.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.exe.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.tar.gz.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.zip (with props) dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.zip.asc dev/tomcat/tomcat-10/v10.1.38/bin/apache-tomcat-10.1.38.zip.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/embed/ dev/tomcat/tomcat-10/v10.1.38/bin/embed/apache-tomcat-10.1.38-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.38/bin/embed/apache-tomcat-10.1.38-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.38/bin/embed/apache-tomcat-10.1.38-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.38/bin/embed/apache-tomcat-10.1.38-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.38/bin/embed/apache-tomcat-10.1.38-embed.zip.asc dev/tomcat/tomcat-10/v10.1.38/bin/embed/apache-tomcat-10.1.38-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.38/src/ dev/tomcat/tomcat-10/v10.1.38/src/apache-tomcat-10.1.38-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.38/src/apache-tomcat-10.1.38-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.38/src/apache-tomcat-10.1.38-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.38/src/apache-tomcat-10.1.38-src.zip (with props) dev/tomcat/tomcat-10/v10.1.38/src/apache-tomcat-10.1.38-src.zip.asc dev/tomcat/tomcat-10/v10.1.38/src/apache-tomcat-10.1.38-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.38/KEYS == --- dev/tomcat/tomcat-10/v10.1.38/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.38/KEYS Mon Mar 3 23:23:12 2025 @@ -0,0 +1,562 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8 +Xvuk4i5quh3N+2kzKHOOiQCDmN0sz0Xj
[VOTE] Release Apache Tomcat 10.1.38
The proposed Apache Tomcat 10.1.38 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. Note that 10.1.37 was not released due to a packaging error. The notable changes compared to 10.1.36 are: - Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. - Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip. - Add makensis as an option for building the Installer for Windows on non-Windows platforms. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.38/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1538 The tag is: https://github.com/apache/tomcat/tree/10.1.38 https://github.com/apache/tomcat/commit/baa2f2a3149533d3fd51748b4bf7d6fb6f7b0ee1 Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
Mark, On 3/3/25 7:27 AM, Mark Thomas wrote: On 03/03/2025 10:54, Mark Thomas wrote: I don't recall if I tested with wine after the changes were complete. I do recall installing and uninstalling wine multiple times. I'll retest now. So clearly I didn't test this with Wine. There is no way the current build.xml file will work with Wine. The challenge is that the NSIS build now calls out to Ant to sign the uninstaller and the installer during the NSIS build. When that happens under Wine, it fails for a couple of reasons: - Ant isn't on the path - Ant depends on Java and there isn't a Windows JRE on the path The first point is relatively simple to fix. The second starts to make this a bit more complex. An alternative is that Wine can call out to Linux executables but that moves the problem to making sure the NSIS build knows whether it is running under Windows or Wine. Ideally building Tomcat shouldn't be any more complicated than: - Install Java - Install Ant - git checkout ... - ant release Then again, we do require Wine to be installed to do release builds on Linux so there are some additional requirements. I do like the makensis approach as it is a lot simpler. Wine on Mac has proven tricky to get working in the past. In my case, Wine was super simple. I literally just did "brew install wine" (or similar package name) and everything worked. For makensis, I have to install scons, download the nsis source, build the binary and make sure it's installed in the right place, then make sure my custom-built makensis is on the path. brew install Wine puts wine in my path. So it's marginally more complicated to actually build makensis, but makensis itself is "lighter" than Wine, so I get it. > I can see the following options:> 1. Remove Wine support. Have ant build makensis to the correct recipe when on Linux. Building nsis might be tricky, especially if we need to request scons and cc to be installed. This includes not only release managers, but anyone who wants to test build reproducibility. 2. Add a requirement for a Windows JRE to make a release build and add it and Ant to the path when calling the NSIS installer via Wine. Oof, no thanks. I'd rather have Wine than install another JRE just for this. Especially one built for another OS. 3. Have the NSIS installer call Ant directly on Windows and via Linux when running via wine. I'm not sure why this isn't already happening. Is it really just a PATH issue? I'm going to start looking at 3 and the building makensis part of 1 and see how far I get. Thoughts? I'm okay with whatever works best for the largest number of people. If Rainer wants to be able to test repro builds and isn't willing to install Wine (which is reasonable), then supporting makensis is a good solution. If that means everyone moving to makensis then so be it. I've always hated the build process for httpd. This feels like we are moving in that direction, where the build environment is so onerous that only the project authors are ever really able to build it. What do you think the chances are that Emmanuel wants to write another indispensable Java-native utility for us? ;) -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
Rémy, On 3/3/25 7:45 AM, Rémy Maucherat wrote: On Mon, Mar 3, 2025 at 1:27 PM Mark Thomas wrote: On 03/03/2025 10:54, Mark Thomas wrote: I don't recall if I tested with wine after the changes were complete. I do recall installing and uninstalling wine multiple times. I'll retest now. So clearly I didn't test this with Wine. There is no way the current build.xml file will work with Wine. The challenge is that the NSIS build now calls out to Ant to sign the uninstaller and the installer during the NSIS build. When that happens under Wine, it fails for a couple of reasons: - Ant isn't on the path - Ant depends on Java and there isn't a Windows JRE on the path The first point is relatively simple to fix. The second starts to make this a bit more complex. An alternative is that Wine can call out to Linux executables but that moves the problem to making sure the NSIS build knows whether it is running under Windows or Wine. I don't think that will work. The best case I managed is that it did call my "Linux native" Ant, with a Windows path. Meh. Once you get into the Wine environment, I would say you are stuck in there. Ideally building Tomcat shouldn't be any more complicated than: - Install Java - Install Ant - git checkout ... - ant release Then again, we do require Wine to be installed to do release builds on Linux so there are some additional requirements. I do like the makensis approach as it is a lot simpler. Wine on Mac has proven tricky to get working in the past. I can see ythe followuing options: 1. Remove Wine support. Have ant build makensis to the correct recipe when on Linux. Ok. I would like it more if using my platform makensis was possible. +1 Is this the kind of thing we could somehow move upstream? I seem to recall that the build option we needed to use was just enabling Unicode support. Do I remember that correctly? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On Mon, Mar 3, 2025 at 8:16 PM Mark Thomas wrote: > On 03/03/2025 16:08, Rainer Jung wrote: > > Am 03.03.25 um 16:54 schrieb Mark Thomas: > > > > >> So, I think we have a different set of options now: > >> > >> a) Keep the existing makensis approach and remove Wine support > >> > >> b) Revert the change to using callbacks to sign the uninstaller and > >> installer. Keep the option for makensis or wine. > > > > The need for the call-backs has arisen from supporting non-Windows, non- > > wine. Previously we built a temporary installer in form of a Windows > > exe. Then executed this temporary installer to get the uninstaller and > > then finally built the installer. The step of executing the temporary > > installer was only possible on Windows or wine. So IMHO b) means no > > longer supporting natively build the Windows installer on non-Windows > > without wine. > > > >> c) Revert all the changes and go back to wine. > > > > I think b) and c) are the same for the reasons given above. > > Good point. Both b) & c) need wine. > > >> and a bonus option d) that is an addition to a) or b): > >> > >> d) Try and build a local makensis as part of the build script > >> > >> > >> I'm not sure I see the value in maintaining support for makensis and > >> wine. I'm prepared to be convinced if someone can see a reason. > >> Otherwise I prefer a). I'm happy to try and get d) to work if a) (or > >> b)) is the agreed way forwards. > > > > I prefer a), but I am not an RM. Option d) might work, but some > > prerequisites are of course needed, like a compiler toolchain supported > > by the SConstruct and maybe a python and scons installation. I don't > > think we want to do this from the ant build. Downloading the correct > > nsis source and running the scons command would be possible and inside > > the ant build we have all the subtle points, like which version, which > > prefix in our hands. > > I have this working in the Ant build. I could move this to an > independent set of targets so folks can build makensis manually or via > Ant. What do folks think? > +1 on a), by solely running the scons command (without defining a cross-compiler) in nsis source downloaded in the ant build. IMHO building a local makensis (option d) ) doesn't add any clear benefits. +0.5 on having the option of using a manually built makensis. Although this would benefit cases of users having and using a preinstalled version of nsis, could raise some confusions when trying to verify the reproduced build since it will differ from the released one. > I plan to do so some more work on this tomorrow to clean it up before > committing the changes. > > I'm also planning on removing Wine support unless there are objections. > > Mark > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
[VOTE][CANCELED] Release Apache Tomcat 10.1.37
All, I'm canceling the VOTE for 10.1.37 because the Windows installer and uninstaller are not properly signed. I will re-roll the release once I have corrected that. Thanks, -chris On 3/1/25 1:20 AM, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.37 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.36 are: - Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. - Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip - Add makensis as an option for building the Installer for Windows on non-Windows platforms. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.37/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1535 The tag is: https://github.com/apache/tomcat/tree/10.1.37 https://github.com/apache/tomcat/commit/ e4338ee7a3e0f22d85f7cb2e04dacee752eaa619 Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: WS
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1cf337d8b3 WS
1cf337d8b3 is described below
commit 1cf337d8b334bb050eb036d34ca0b1bfc941aba7
Author: remm
AuthorDate: Mon Mar 3 20:35:32 2025 +0100
WS
---
BUILDING.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 12fcd7b9f1..a840ddfaf8 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -345,7 +345,7 @@ in build.xml and the default property values in
build.properties.default.
build.properties.default. For example by default:
nsis.bin.home=${base.path}/nsis-${nsis.version}
-The corresponding sources will be downloaded to "nsis.src.home" in
+The corresponding sources will be downloaded to "nsis.src.home" in
build.properties.default. For example by default:
nsis.src.home=${base.path}/nsis-${nsis.version}-src
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: WS
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 263a4a16e9 WS
263a4a16e9 is described below
commit 263a4a16e9fabb1e705589e97c9b11adfb4375d2
Author: remm
AuthorDate: Mon Mar 3 20:35:32 2025 +0100
WS
---
BUILDING.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index ee915413a4..74c1b94d83 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -344,7 +344,7 @@ in build.xml and the default property values in
build.properties.default.
build.properties.default. For example by default:
nsis.bin.home=${base.path}/nsis-${nsis.version}
-The corresponding sources will be downloaded to "nsis.src.home" in
+The corresponding sources will be downloaded to "nsis.src.home" in
build.properties.default. For example by default:
nsis.src.home=${base.path}/nsis-${nsis.version}-src
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: WS
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new a07b9b2293 WS
a07b9b2293 is described below
commit a07b9b2293afa01e102ff4c66c3f96cfa04f7fc3
Author: remm
AuthorDate: Mon Mar 3 20:35:32 2025 +0100
WS
---
BUILDING.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 12fcd7b9f1..a840ddfaf8 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -345,7 +345,7 @@ in build.xml and the default property values in
build.properties.default.
build.properties.default. For example by default:
nsis.bin.home=${base.path}/nsis-${nsis.version}
-The corresponding sources will be downloaded to "nsis.src.home" in
+The corresponding sources will be downloaded to "nsis.src.home" in
build.properties.default. For example by default:
nsis.src.home=${base.path}/nsis-${nsis.version}-src
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: WS
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new cce66532fc WS
cce66532fc is described below
commit cce66532fcd60666f87f58cffdf1b1bf92e05db5
Author: remm
AuthorDate: Mon Mar 3 20:35:32 2025 +0100
WS
---
BUILDING.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 12fcd7b9f1..a840ddfaf8 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -345,7 +345,7 @@ in build.xml and the default property values in
build.properties.default.
build.properties.default. For example by default:
nsis.bin.home=${base.path}/nsis-${nsis.version}
-The corresponding sources will be downloaded to "nsis.src.home" in
+The corresponding sources will be downloaded to "nsis.src.home" in
build.properties.default. For example by default:
nsis.src.home=${base.path}/nsis-${nsis.version}-src
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) tag 9.0.102 created (now 2a8337689e)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to tag 9.0.102 in repository https://gitbox.apache.org/repos/asf/tomcat.git at 2a8337689e (commit) This tag includes the following new commits: new 2a8337689e Tag 9.0.102 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/01: Tag 9.0.102
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to tag 9.0.102 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 2a8337689eedee1f2edf15a17cedbf8b2f27b47e Author: remm AuthorDate: Mon Mar 3 20:43:15 2025 +0100 Tag 9.0.102 --- build.properties.release | 56 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 8257 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 8257 bytes res/maven/mvn.properties.release | 27 +++ webapps/docs/changelog.xml | 2 +- 5 files changed, 84 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..4fed08fb17 --- /dev/null +++ b/build.properties.release @@ -0,0 +1,56 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2025-03-03T19:33:14Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:17.0.14+7 +# +# Javac with FFM version: javac 23.0.2 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: amd64 Linux 6.13.5-200.fc41.x86_64 +# File encoding: UTF-8 +# +# Release Manager: remm +release-java-version=17.0.14+7 +release-ant-version=1.10.15 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..44c451060c Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..48a09cc27f Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..f4fb0a5ddd --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=9.0.102 + +# Re-use the same GPG executable. +g
svn commit: r75239 - in /dev/tomcat/tomcat-9/v9.0.102: ./ bin/ bin/embed/ src/
Author: remm Date: Mon Mar 3 19:48:11 2025 New Revision: 75239 Log: Upload 9.0.102 for voting Added: dev/tomcat/tomcat-9/v9.0.102/ dev/tomcat/tomcat-9/v9.0.102/KEYS dev/tomcat/tomcat-9/v9.0.102/README.html dev/tomcat/tomcat-9/v9.0.102/RELEASE-NOTES dev/tomcat/tomcat-9/v9.0.102/bin/ dev/tomcat/tomcat-9/v9.0.102/bin/README.html dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-deployer.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-deployer.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-deployer.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-deployer.zip (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-deployer.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-deployer.zip.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-fulldocs.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-fulldocs.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-windows-x64.zip (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-windows-x64.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-windows-x64.zip.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-windows-x86.zip (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-windows-x86.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102-windows-x86.zip.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.exe (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.exe.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.exe.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.zip (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/apache-tomcat-9.0.102.zip.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/embed/ dev/tomcat/tomcat-9/v9.0.102/bin/embed/apache-tomcat-9.0.102-embed.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.102/bin/embed/apache-tomcat-9.0.102-embed.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/embed/apache-tomcat-9.0.102-embed.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.102/bin/embed/apache-tomcat-9.0.102-embed.zip (with props) dev/tomcat/tomcat-9/v9.0.102/bin/embed/apache-tomcat-9.0.102-embed.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.102/bin/embed/apache-tomcat-9.0.102-embed.zip.sha512 dev/tomcat/tomcat-9/v9.0.102/src/ dev/tomcat/tomcat-9/v9.0.102/src/apache-tomcat-9.0.102-src.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.102/src/apache-tomcat-9.0.102-src.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.102/src/apache-tomcat-9.0.102-src.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.102/src/apache-tomcat-9.0.102-src.zip (with props) dev/tomcat/tomcat-9/v9.0.102/src/apache-tomcat-9.0.102-src.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.102/src/apache-tomcat-9.0.102-src.zip.sha512 Added: dev/tomcat/tomcat-9/v9.0.102/KEYS == --- dev/tomcat/tomcat-9/v9.0.102/KEYS (added) +++ dev/tomcat/tomcat-9/v9.0.102/KEYS Mon Mar 3 19:48:11 2025 @@ -0,0 +1,237 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 1024D/33C60243 2004-09-12 + Key fingerprint = DCFD 35E0 BF8C A734 4752 DE8B 6FB2 1E89 33C6 0243 +uid Mark E D Thomas +uid Mark E D Thomas +uid Mark E D Thomas +sub 2048g/0BECE548 2004-09-12 + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Version: GnuPG v1.4.9 (MingW32) + +mQGiBEFEjegRBADocGttfROvtLGrTOW3xRqZHmFWybmEaI6jmnRdN/1gGXmb3wQL +rHsS3fLFIIOYLPph0Kov9q4qNq36LekShIvjMBDFoj2/wRxaUtFq81asaRZg8Mcw +4kVeIoe8OIOuWmvYhU8SH2jJNUnVVrpTPAa6QWquTmseNi6UJMjLxuL7DwCg//9u +k2yj0vk6e4WSO6Fe5+EkQDED/AjQsy0kj9T
svn commit: r75238 - /dev/tomcat/tomcat-9/v9.0.101/
Author: remm Date: Mon Mar 3 19:47:30 2025 New Revision: 75238 Log: Drop 9.0.101 Removed: dev/tomcat/tomcat-9/v9.0.101/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 9.0.102
The proposed Apache Tomcat 9.0.102 release is now available for voting. The notable changes compared to 9.0.100 are: - Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. - Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip - Add makensis as an option for building the Installer for Windows on non-Windows platforms. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.102/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1537 The tag is: https://github.com/apache/tomcat/tree/9.0.102 2a8337689eedee1f2edf15a17cedbf8b2f27b47e The proposed 9.0.102 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.102 Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Next is 9.0.103
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 3849ade911 Next is 9.0.103 3849ade911 is described below commit 3849ade9119e9f2799633783ac844e04ba75a24d Author: remm AuthorDate: Mon Mar 3 20:53:40 2025 +0100 Next is 9.0.103 --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 43899e82f6..49c1e3ade9 100644 --- a/build.properties.default +++ b/build.properties.default @@ -29,7 +29,7 @@ # - Version Control Flags - version.major=9 version.minor=0 -version.build=102 +version.build=103 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 1a2a639804..18b4810398 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=9.0.102 +maven.asf.release.deploy.version=9.0.103 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 7180e3403c..80e28605c3 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.5
Mark, Thanks for RMing. On 2/28/25 12:06 PM, Mark Thomas wrote: The proposed Apache Tomcat 11.0.5 release is now available for voting. The notable changes compared to 11.0.4 include: - Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. - Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip - Add makensis as an option for building the Installer for Windows on non-Windows platforms. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.5/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1534 The tag is: https://github.com/apache/tomcat/tree/11.0.5 1ba1f9061e49ce03c77b57beff3d50e5c2c3ee29 The proposed 11.0.5 release is: [ ] -1 Broken - do not release [ ] +1 Stable - go ahead and release as 11.0.5 +1 for stable release. Build is 100% reproducible on MacOS aarch64 and the unit tests pass. Details: * Environment * Java (build):openjdk version "23.0.2" 2025-01-21 OpenJDK Runtime Environment Temurin-23.0.2+7 (build 23.0.2+7) OpenJDK 64-Bit Server VM Temurin-23.0.2+7 (build 23.0.2+7, mixed mode, sharing) * Java (test): openjdk version "23.0.2" 2025-01-21 OpenJDK Runtime Environment Temurin-23.0.2+7 (build 23.0.2+7) OpenJDK 64-Bit Server VM Temurin-23.0.2+7 (build 23.0.2+7, mixed mode, sharing) * Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 * OS: Darwin 24.1.0 arm64 * cc: Apple clang version 16.0.0 (clang-1600.0.26.4) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024) * APR: 1.7.5 * * Valid SHA-512 signature for apache-tomcat-11.0.5.zip * Valid GPG signature for apache-tomcat-11.0.5.zip * Valid SHA-512 signature for apache-tomcat-11.0.5.tar.gz * Valid GPG signature for apache-tomcat-11.0.5.tar.gz * Valid SHA-512 signature for apache-tomcat-11.0.5.exe * Valid GPG signature for apache-tomcat-11.0.5.exe * Valid Windows Digital Signature for apache-tomcat-11.0.5.exe * Valid SHA512 signature for apache-tomcat-11.0.5-src.zip * Valid GPG signature for apache-tomcat-11.0.5-src.zip * Valid SHA512 signature for apache-tomcat-11.0.5-src.tar.gz * Valid GPG signature for apache-tomcat-11.0.5-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * Tomcat builds cleanly * tcnative builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On 03/03/2025 23:43, Christopher Schultz wrote: On 3/3/25 7:45 AM, Rémy Maucherat wrote: Ok. I would like it more if using my platform makensis was possible. +1 Is this the kind of thing we could somehow move upstream? I seem to recall that the build option we needed to use was just enabling Unicode support. Do I remember that correctly? This issue (for us) is that the installer built by NSIS includes the version number of the tool used to build it. So that needs to be "3.10" for us at the moment rather than the, for example, "v3.09-4" I get if I use the platform version. For repeatable builds we need makensis on Linux to have the same version number is it does in the Windows tool. We should be able to add a check for that. Further, "normal" builds should be able to proceed (with a warning) if the check fails but "release" builds should fail. I'm going to spend some time working on the build script. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 9.0.x updated: Add makensis as an option for building the Windows installer
On 03/03/2025 16:08, Rainer Jung wrote: Am 03.03.25 um 16:54 schrieb Mark Thomas: So, I think we have a different set of options now: a) Keep the existing makensis approach and remove Wine support b) Revert the change to using callbacks to sign the uninstaller and installer. Keep the option for makensis or wine. The need for the call-backs has arisen from supporting non-Windows, non- wine. Previously we built a temporary installer in form of a Windows exe. Then executed this temporary installer to get the uninstaller and then finally built the installer. The step of executing the temporary installer was only possible on Windows or wine. So IMHO b) means no longer supporting natively build the Windows installer on non-Windows without wine. c) Revert all the changes and go back to wine. I think b) and c) are the same for the reasons given above. Good point. Both b) & c) need wine. and a bonus option d) that is an addition to a) or b): d) Try and build a local makensis as part of the build script I'm not sure I see the value in maintaining support for makensis and wine. I'm prepared to be convinced if someone can see a reason. Otherwise I prefer a). I'm happy to try and get d) to work if a) (or b)) is the agreed way forwards. I prefer a), but I am not an RM. Option d) might work, but some prerequisites are of course needed, like a compiler toolchain supported by the SConstruct and maybe a python and scons installation. I don't think we want to do this from the ant build. Downloading the correct nsis source and running the scons command would be possible and inside the ant build we have all the subtle points, like which version, which prefix in our hands. I have this working in the Ant build. I could move this to an independent set of targets so folks can build makensis manually or via Ant. What do folks think? I plan to do so some more work on this tomorrow to clean it up before committing the changes. I'm also planning on removing Wine support unless there are objections. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
