https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
hello messages
87a973b200 is described below
commit 87a973b2005a6828b0777be7d05f51fffc62970f
Author: Mark Thomas
AuthorDate: Fri Nov 3 19:05:43 2023 +
Fix BZ 67938 - Handle large client hello messages
The removed calls to ByteBuffer.clear() have been present since the code
was
hello messages
1fe0def33f is described below
commit 1fe0def33fe3da644f697631f2cc2e7941bba84a
Author: Mark Thomas
AuthorDate: Fri Nov 3 19:05:43 2023 +
Fix BZ 67938 - Handle large client hello messages
The removed calls to ByteBuffer.clear() have been present since the code
was
hello messages
1fa73349d8 is described below
commit 1fa73349d870147c46d1029c589989edf64c58a9
Author: Mark Thomas
AuthorDate: Fri Nov 3 19:05:43 2023 +
Fix BZ 67938 - Handle large client hello messages
The removed calls to ByteBuffer.clear() have been present since the code
was
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7dd70b6c07 Fix BZ 67938 - Handle large client hello
https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
--- Comment #5 from Mark Thomas ---
Many thanks for the clear, reproducible test case. I am able to reproduce this.
I haven't confirmed the analysis but it looks right.
I'm looking at potential fixes now.
--
You are receiving this mail beca
https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
--- Comment #4 from Stephen Higgs ---
Reproducer Steps
This reproducer creates an artificially large ClientHello that causes Tomcat to
respond with an SSL alert on TLS 1.3 session resumption. In this test case, a
certificate
https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
--- Comment #3 from Aaron Ogburn ---
Credit and thanks to Francisco Ferrari and Martin Balao from the OpenJDK
engineering team for their analysis leading to this report.
--
You are receiving this mail because:
You are the assignee for the bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
--- Comment #2 from Aaron Ogburn ---
Source code references pertaining to the above:
[1] -
https://github.com/apache/tomcat/blob/10.1.9/java/org/apache/tomcat/util/net/SecureNioChannel.java#L147
[2] -
https://github.com/apache/tomcat/blob/10.1
https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
--- Comment #1 from Aaron Ogburn ---
A backport (https://bugs.openjdk.org/browse/JDK-8318950) is being pursued to
reduce the message size from a client in such a case on OpenJDK 17. But a
Tomcat level fix may still be required in the end for a
https://bz.apache.org/bugzilla/show_bug.cgi?id=67938
Bug ID: 67938
Summary: Tomcat mishandles large client hello messages
Product: Tomcat 10
Version: 10.1.15
Hardware: PC
OS: Linux
Status: NEW
Severity
On 13/10/2017 16:02, Kapil Kumar wrote:
> Hello everyone,
>
> Hope you find this well.
>
> My name is Kapil Kumar and I joined the mailing list today.
>
> I work as an Oracle DBA professionally and I really appreciate the efforts
> of the apache community.
>
> Mar
Hello everyone,
Hope you find this well.
My name is Kapil Kumar and I joined the mailing list today.
I work as an Oracle DBA professionally and I really appreciate the efforts
of the apache community.
Mark helped me getting subscribed and I am thankful for that but I would
really
Jean-Frederic,
2017-01-09 14:23 GMT+02:00 Josh Soref :
>
>
https://github.com/jsoref/tomcat/commit/7c6bc40ac289ee7e7c9655c69a529f18afb5b92f
Can you take a look at this change? It's about a spelling mistake in your
email address in the KEYS file.
Thanks a lot,
Violeta
>
>
> ---
I can drop that, but please note that the spelling is listed as corrected in
the MIT key server. I really wonder how tomcat managed to corrupt it.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional comma
2017-01-09 14:23 GMT+02:00 Josh Soref :
>
>
https://github.com/jsoref/tomcat/commit/7c6bc40ac289ee7e7c9655c69a529f18afb5b92f
Let's not touch the KEYS file
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>
https://github.com/jsoref/tomcat/commit/7c6bc40ac289ee7e7c9655c69a529f18afb5b92f
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
2017-01-09 11:23 GMT+02:00 Josh Soref :
>
> I can certainly squash. The reason I personally retain splits by
misspelled word is that it's easier to rebase / resolve conflicts when I
can see what word was misspelled.
>
> Typically large projects prefer to have my changes split into a couple of
patc
2017-01-09 10:51 GMT+02:00 Josh Soref :
>
> Hi,
> I have a series of spelling fixes for Apache Tomcat [1].
>
I reviewed these changes. Please see the comments.
When you are ready squash the commits and make PR. I'll commit the changes.
> If someone could suggest a preferred way to receive them, I
Josh,
2017-01-09 11:38 GMT+02:00 Mark Thomas :
>
> On 09/01/2017 09:35, Violeta Georgieva wrote:
> > Mark,
> >
> > 2017-01-09 11:11 GMT+02:00 Mark Thomas :
> >>
> >> On 09/01/2017 08:51, Josh Soref wrote:
> >>> Hi,
> >>> I have a series of spelling fixes for Apache Tomcat [1].
> >>>
> >>> If someo
On 09/01/2017 09:35, Violeta Georgieva wrote:
> Mark,
>
> 2017-01-09 11:11 GMT+02:00 Mark Thomas :
>>
>> On 09/01/2017 08:51, Josh Soref wrote:
>>> Hi,
>>> I have a series of spelling fixes for Apache Tomcat [1].
>>>
>>> If someone could suggest a preferred way to receive them, I'm happy to
>>> sp
Mark,
2017-01-09 11:11 GMT+02:00 Mark Thomas :
>
> On 09/01/2017 08:51, Josh Soref wrote:
> > Hi,
> > I have a series of spelling fixes for Apache Tomcat [1].
> >
> > If someone could suggest a preferred way to receive them, I'm happy to
> > split them up.
>
> Pull request or patch file attached t
I can certainly squash. The reason I personally retain splits by misspelled
word is that it's easier to rebase / resolve conflicts when I can see what
word was misspelled.
Typically large projects prefer to have my changes split into a couple of
patches/PRs instead of as a single commit.
As a
Hi Josh,
2017-01-09 11:11 GMT+02:00 Mark Thomas :
>
> On 09/01/2017 08:51, Josh Soref wrote:
> > Hi,
> > I have a series of spelling fixes for Apache Tomcat [1].
> >
> > If someone could suggest a preferred way to receive them, I'm happy to
> > split them up.
>
> Pull request or patch file attache
On 09/01/2017 08:51, Josh Soref wrote:
> Hi,
> I have a series of spelling fixes for Apache Tomcat [1].
>
> If someone could suggest a preferred way to receive them, I'm happy to
> split them up.
Pull request or patch file attached to a new Bugzilla issue is fine.
Mark
>
> Some changes are mo
Hi,
2017-01-09 10:51 GMT+02:00 Josh Soref :
>
> Hi,
> I have a series of spelling fixes for Apache Tomcat [1].
>
> If someone could suggest a preferred way to receive them, I'm happy to
> split them up.
>
> Some changes are more interesting than others (the change to KEYS is
> interesting).
>
> [1
Hi,
I have a series of spelling fixes for Apache Tomcat [1].
If someone could suggest a preferred way to receive them, I'm happy to
split them up.
Some changes are more interesting than others (the change to KEYS is
interesting).
[1] https://github.com/jsoref/tomcat/commits/spelling
---
Hi
Hello test mail - please ignore
Regards
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Hi
Hello test mail - please ignore
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Hi All,
This mail is just to say Hello to all Tomcat developers and introduce
myself with you all.
I am Pandian passionate on Java and Open source technologies and am willing
to be a part of Dev team to fix bugs and develop features on Tomcat.
Looking forward to work with you all.
--
*Thanks
30 matches
Mail list logo
