[GitHub] [tomcat] chenyonghui opened a new pull request #468: add test sub targets depend on setup-jacoco

chenyonghui opened a new pull request #468: URL: https://github.com/apache/tomcat/pull/468 if run test-* targets,eg ant test-nio, get errors build.xml:1896: Problem: failed to create task or type antlib:org.jacoco.ant:coverage -- This is an automated message from the Apache Git Servic

[Bug 65848] 3a4c7bf2513a6f3e52d9608f3855d5f8148fef48 introduces regression with cert-based authentication

https://bz.apache.org/bugzilla/show_bug.cgi?id=65848 --- Comment #2 from Michael Osipov --- Yet another problem is that the changelog entry does not really represent the change in behavior. I guess we need to reproduce the same "Compatibility and Stability warning" block as mod_ssl. -- You are

[tomcat] 04/07: Reproducibility for tomcat-jdbc when built as part of Tomcat

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 1c10bf30f622ce77052de1673062b50c81b1f6bf Author: Mark Thomas AuthorDate: Mon Jan 24 18:42:39 2022 + Reproducibili

[tomcat] 07/07: Add entry for move to building with Java 11

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d53cdd2bc4349b9d12832a74c37ab1cffe8fa8a2 Author: Mark Thomas AuthorDate: Wed Jan 26 16:32:22 2022 + Add entry for

[tomcat] 06/07: Silence a dependabot nag (it is a test dependency)

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit eb2b81b3b5e4e8eb101eff9dbe9ea3924f1005c9 Author: Mark Thomas AuthorDate: Wed Jan 26 15:43:53 2022 + Silence a dep

[tomcat] 03/07: Reproducible builds: text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 25b07bd75c932907c8d011dd5afe244a0f8983d2 Author: Mark Thomas AuthorDate: Mon Jan 24 11:13:33 2022 + Reproducible

[tomcat] 02/07: Refactor to avoid reproducibility issues due to zip task ordering

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit a1a805118b4e8dac12c820501be67db7a69c6af5 Author: Mark Thomas AuthorDate: Thu Jan 20 20:00:58 2022 + Refactor to a

[tomcat] 01/07: Reproducible builds: Consistent line endings in text files in JAR manifests

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit a440261817a71cfccb6a914b852f257904df5726 Author: Mark Thomas AuthorDate: Mon Jan 24 10:23:14 2022 + Reproducible

[tomcat] 05/07: Add note about changes for text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit dc9317cfdefbb66a07bec84614a1c7686b53a593 Author: Mark Thomas AuthorDate: Wed Jan 26 15:27:14 2022 + Add note abou

[tomcat] branch 8.5.x updated (078071f -> d53cdd2)

This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 078071f Remove remaining references to compile.source and compile.target new a440261 Reproducible builds: Consi

[Bug 65848] 3a4c7bf2513a6f3e52d9608f3855d5f8148fef48 introduces regression with cert-based authentication

https://bz.apache.org/bugzilla/show_bug.cgi?id=65848 --- Comment #1 from Remy Maucherat --- When the possibility exists, the regular configuration should be used otherwise there will always be problems. The doc there https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslopensslconfcmd also says

[tomcat] 07/08: Add note about changes for text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 6e3d4e0d4d5afd107c03e0adcef4f4e106456fa0 Author: Mark Thomas AuthorDate: Wed Jan 26 15:27:14 2022 + Add note abou

[tomcat] 03/08: Refactor to avoid reproducibility issues due to zip task ordering

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 16c2bf323a29ebdd6d2aad600cd360c3ac6e285b Author: Mark Thomas AuthorDate: Thu Jan 20 20:00:58 2022 + Refactor to a

[tomcat] 01/08: Reproducible builds: Consistent line endings in text files in JAR manifests

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit b428e933959ed6450130d068e9847dd75b2037b9 Author: Mark Thomas AuthorDate: Mon Jan 24 10:23:14 2022 + Reproducible

[tomcat] 05/08: Reproducibility for tomcat-jdbc when built as part of Tomcat

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 7364411aad2c8a5d7733d4e04c1569d20ae2dd95 Author: Mark Thomas AuthorDate: Mon Jan 24 18:42:39 2022 + Reproducibili

[tomcat] 08/08: Silence a dependabot nag (it is a test dependency)

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 518b49b96575baca1301b6440adce482db9458a4 Author: Mark Thomas AuthorDate: Wed Jan 26 15:43:53 2022 + Silence a dep

[tomcat] 04/08: Reproducible builds: text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit a515f3a1ccd874a5d76e484f21bf5682a751dbcd Author: Mark Thomas AuthorDate: Mon Jan 24 11:13:33 2022 + Reproducible

[tomcat] 06/08: Reproducible builds: consistent line endings for graal files

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 2065a1d027959648e3eaa4504a2eec164a7ef7dd Author: Mark Thomas AuthorDate: Mon Jan 24 19:06:09 2022 + Reproducible

[tomcat] 02/08: Reproducible builds. Use the prefiltered files for consistency

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 09d7149e247d833fa32356ee71c77ad5fab3aac7 Author: Mark Thomas AuthorDate: Mon Jan 24 12:15:07 2022 + Reproducible

[tomcat] branch 9.0.x updated (2fcf5ef -> 518b49b)

This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 2fcf5ef Remove remaining references to compile.source and compile.target new b428e93 Reproducible builds: Consi

[tomcat] 08/08: Silence a dependabot nag (it is a test dependency)

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 09b40850d4701bdb2722a4e2b279466f9befda98 Author: Mark Thomas AuthorDate: Wed Jan 26 15:43:53 2022 + Silence a de

[tomcat] 07/08: Add note about changes for text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 71c744121b7b69e4a5a5ed43ce814f520b844633 Author: Mark Thomas AuthorDate: Wed Jan 26 15:27:14 2022 + Add note abo

[tomcat] 05/08: Reproducibility for tomcat-jdbc when built as part of Tomcat

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 70e68982ec38814d484339012507393000939fbe Author: Mark Thomas AuthorDate: Mon Jan 24 18:42:39 2022 + Reproducibil

[tomcat] 06/08: Reproducible builds: consistent line endings for graal files

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 69163197d8aca7f48052c90ebfcb78289784882e Author: Mark Thomas AuthorDate: Mon Jan 24 19:06:09 2022 + Reproducible

[tomcat] 02/08: Reproducible builds. Use the prefiltered files for consistency

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 3cf06a09978a8e309693337126bc43dcb18a9581 Author: Mark Thomas AuthorDate: Mon Jan 24 12:15:07 2022 + Reproducible

[tomcat] 03/08: Refactor to avoid reproducibility issues due to zip task ordering

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 2f9fecae9711bd392b380d941a7909662866ed15 Author: Mark Thomas AuthorDate: Thu Jan 20 20:00:58 2022 + Refactor to

[tomcat] 04/08: Reproducible builds: text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit bd4f992b490832a4b0c22598a24aad011d14c2f8 Author: Mark Thomas AuthorDate: Mon Jan 24 11:13:33 2022 + Reproducible

[tomcat] 01/08: Reproducible builds: Consistent line endings in text files in JAR manifests

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit e5244a6143d79ae4718fcd1b780b9079d1f90add Author: Mark Thomas AuthorDate: Mon Jan 24 10:23:14 2022 + Reproducible

[tomcat] branch 10.0.x updated (bab6bf8 -> 09b4085)

This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from bab6bf8 Remove remaining references to compile.source and compile.target new e5244a6 Reproducible builds: Cons

[tomcat] branch main updated: Silence a dependabot nag (it is a test dependency)

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new a05603d Silence a dependabot nag (it is a test depen

[tomcat] 05/07: Reproducibility for tomcat-jdbc when built as part of Tomcat

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit dd712d21c5908ea82f34577f9315906616deb553 Author: Mark Thomas AuthorDate: Mon Jan 24 18:42:39 2022 + Reproducibilit

[tomcat] 06/07: Reproducible builds: consistent line endings for graal files

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit fd935d4195744cfe712ab3d179b581c775332d7a Author: Mark Thomas AuthorDate: Mon Jan 24 19:06:09 2022 + Reproducible b

[tomcat] 07/07: Add note about changes for text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 841b4b94955877ef8abba1c88d0f5e174a37f603 Author: Mark Thomas AuthorDate: Wed Jan 26 15:27:14 2022 + Add note about

[tomcat] 04/07: Reproducible builds: text files in JARs

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 925527b436586477d9231172dc6542b21b8dd537 Author: Mark Thomas AuthorDate: Mon Jan 24 11:13:33 2022 + Reproducible b

[tomcat] 01/07: Reproducible builds: Consistent line endings in text files in JAR manifests

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit fc7c4136c9bd74825993c8b8536d7a6305977292 Author: Mark Thomas AuthorDate: Mon Jan 24 10:23:14 2022 + Reproducible b

[tomcat] 02/07: Reproducible builds. Use the prefiltered files for consistency

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 66198545717ed07f3638a6f50f6f4f08bbfc40d1 Author: Mark Thomas AuthorDate: Mon Jan 24 12:15:07 2022 + Reproducible b

[tomcat] 03/07: Refactor to avoid reproducibility issues due to zip task ordering

This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit bb1c10107f7013d17ba217800b9faba19bfaffb4 Author: Mark Thomas AuthorDate: Thu Jan 20 20:00:58 2022 + Refactor to av

[tomcat] branch main updated (52f627e -> 841b4b9)

This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 52f627e Update version numbers new fc7c413 Reproducible builds: Consistent line endings in text files in JAR man

Re: Reproducible builds update

Hey Mark, bnd is in ramp down phase targetting a release in Feb so if you do find an issue soon-ish we can work to get it in the release. Ray On Wed, Jan 26, 2022 at 4:05 AM Mark Thomas wrote: > I have made some progress on this over the last few days. The current > status is: > > - Builds are

[Bug 65848] New: 3a4c7bf2513a6f3e52d9608f3855d5f8148fef48 introduces regression with cert-based authentication

https://bz.apache.org/bugzilla/show_bug.cgi?id=65848 Bug ID: 65848 Summary: 3a4c7bf2513a6f3e52d9608f3855d5f8148fef48 introduces regression with cert-based authentication Product: Tomcat 8 Version: 8.5.75 Hardware: All

[tomcat] branch main updated: Update version numbers

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 52f627e Update version numbers 52f627e is described b

[SECURITY] CVE-2022-23181 Apache Tomcat Local Privilege Escalation

CVE-2022-23181 Apache Tomcat Local Privilege Escalation Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M8 Apache Tomcat 10.0.0-M5 to 10.0.14 Apache Tomcat 9.0.35 to 9.0.56 Apache Tomcat 8.5.55 to 8.5.73 Description: The fix for bug CVE

svn commit: r1897496 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml

Author: markt Date: Wed Jan 26 11:10:26 2022 New Revision: 1897496 URL: http://svn.apache.org/viewvc?rev=1897496&view=rev Log: Publish details of CVE-2022-23181 Modified: tomcat/site/trunk/docs/security-10.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.h

Re: Reproducible builds update

I have made some progress on this over the last few days. The current status is: - Builds are reproducible (excluding signing of Windows binaries) when using the same OS / Java / Ant combination. - JSign gives us what we need to handling the signing of the Windows binaries. "Just" need to i