You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Violeta Georgieva <mi...@gmail.com> on 2014/11/03 10:52:01 UTC
[VOTE] Release Apache Tomcat 7.0.57
The proposed Apache Tomcat 7.0.57 release is now available for voting.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.57/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1026/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_57/
The proposed 7.0.57 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 7.0.57 Stable
Regards,
Violeta
Re: [VOTE] Release Apache Tomcat 7.0.57
Posted by Violeta Georgieva <mi...@gmail.com>.
2014-11-03 11:52 GMT+02:00 Violeta Georgieva <mi...@gmail.com>:
>
> The proposed Apache Tomcat 7.0.57 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.57/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1026/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_57/
>
> The proposed 7.0.57 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 7.0.57 Stable
The votes cast were
+1 (binding): markt, rjung, kkolinko, violetagg
No other votes were cast.
With four binding +1 votes this vote passes.
I'll upload the release to the mirrors and announce it once the mirrors are
OK.
Regards,
Violeta
Re: [VOTE] Release Apache Tomcat 7.0.57
Posted by Rainer Jung <ra...@kippdata.de>.
Am 03.11.2014 um 10:52 schrieb Violeta Georgieva:
> The proposed Apache Tomcat 7.0.57 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.57/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1026/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_57/
>
> The proposed 7.0.57 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 7.0.57 Stable
+1 to release.
Details:
- MD5 OK
- signatures OK
- key in KEYS file
- gz and zip for src and bin consistent
- src completely consistent with svn tag
- builds fine
- warning about unchecked calls or conversions in:
- o.a.t.dbcp
- javax/el/ResourceBundleELResolver.java (old)
Not a regression
- build result looks consistent with binaries
- no checkstyle complaints
- no Javadoc warnings
- Unit tests: no errors or failures
- Details of log output see below
- JMX MBean Comparison (relative 7.0.56):
- tldScanTime for examples up from 424 to 609
Not sure whether that's relevant or expected
- OperatingSystem MBean OpenFileDescriptorCount up from 60 to 63
But this value is often changing a little, maybe due to
whether Finalizers have run or not.
- in deploymentDecsriptor for examples ChatServlet url-pattern
changed form /jsp/chat/chat to /servlets/chat/chat
Build and tests were done using Java 1.6.0_45, java.7.home was pointing
to 1.7.0_51. OS was Solaris 10 Sparc, tcnative was 1.1.32 based on APR
1.5.1 and OpenSSL 1.0.1j.
Unit test warnings
==================
92, up from 91 (+1) relative 7.0.56
- 1 message
"org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection
Incorrect connection count, multiple socket.close called on the same
socket." was in 7.0.56 and is no longer in 7.0.57
- new messages are all variations in message count in tribes that occur
every now and then
Old messages (like in 7.0.56):
- tribes: several warnings (51)
- 37
"org.apache.catalina.tribes.group.interceptors.NonBlockingCoordinator.sendElectionMsgToNextInline
Unable to send election message to:"
- 9
"org.apache.catalina.tribes.transport.nio.ParallelNioSender.doLoop
Member send is failing for:"
- 4 "org.apache.catalina.tribes.transport.nio.NioReplicationTask.run
IOException in replication worker, unable to drain channel. Probable
cause: Keep alive socket closed[null]."
- 1
"org.apache.catalina.tribes.transport.nio.ParallelNioSender.doLoop Not
retrying send for:"
- org.apache.catalina.deploy.TestWebXmlOrdering
- BIO, NIO and APR: [main]
org.apache.catalina.deploy.WebXml.orderWebFragments Used a wrong
fragment name z at web.xml absolute-ordering tag!
- org.apache.catalina.deploy.TestWebXml
- BIO, NIO and APR: [main]
org.apache.catalina.deploy.WebXml.setVersion Unknown version string
[0.0]. Default version will be used.?
- org.apache.tomcat.util.net.TestCustomSsl
- BIO twice "Exception getting SSL attributes"
in org.apache.coyote.http11.Http11Processor actionInternal
exception is:
javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
- NIO twice "WARNING: Exception re-negotiating SSL connection"
in org.apache.coyote.http11.Http11NioProcessor actionInternal
- org.apache.catalina.startup.TestHostConfigAutomaticDeployment
in org.apache.catalina.startup.HostConfig deployWARs
- BIO, NIO and APR: WARNING: The directory [...] will be ignored
because the WAR [...] takes priority and unpackWARs is false
in org.apache.catalina.startup.HostConfig deployDescriptor
- BIO, NIO and APR: WARNING: A docBase ... inside the host appBase has
been specified, and will be ignored
- StuckThreadDetectionValve in TestStuckThreadDetectionValve(12 messages)
- 3 "org.apache.tomcat.websocket.server.WsServerContainer.destroy Unable
to destroy WebSocket thread group [WebSocketServer-ROOT] as [1] threads
were still running when the web application was stopped. The thread
group will be destroyed once the threads terminate."
- 1 "org.apache.tomcat.websocket.WsRemoteEndpointImplBase startMessage
Flushing batched messages before closing the session failed
in org.apache.tomcat.websocket.TestWebSocketFrameClientSSL"
Unit test SEVERE messages
=========================
548 total (+10).
- tribes down by 3
- WebappClassLoader.clearReferencesThreads up by 13
Most common ones:
Most of the SEVERE messages are of type "Servlet.service() for servlet
... threw exception" (137 times).
Another big block (unchanged):
270 messages in TestHostConfigAutomaticDeployment:
- 78 org.apache.catalina.core.ContainerBase.addChildInternal
ContainerBase.addChild: start:
- 48 org.apache.catalina.startup.HostConfig.deployDescriptor Error
deploying configuration descriptor .../conf/Tomcat/localhost/myapp.xml
- 48 org.apache.catalina.core.StandardContext.resourcesStart Error
starting static Resources
- 18 org.apache.catalina.startup.HostConfig.deployDirectory Error
deploying web application directory .../webapps/myapp
- 18 org.apache.catalina.startup.HostConfig.deployDirectory The web
application with context path [/myapp] was not deployed because it
contained a deployment descriptor
[.../webapps/myapp/META-INF/context.xml] which may include configuration
necessary for the secure deployment of the application but processing of
deployment descriptors is prevented by the deployXML setting of this
host. An appropriate descriptor should be created at
[.../conf/Tomcat/localhost/myapp.xml] to deploy this application.
- 12 org.apache.catalina.startup.HostConfig.deployWAR Error deploying
web application archive .../webapps/myapp.war
- 12 org.apache.catalina.startup.HostConfig.deployWAR The web
application with context path [/myapp] was not deployed because it
contained a deployment descriptor [META-INF/context.xml] which may
include configuration necessary for the secure deployment of the
application but processing of deployment descriptors is prevented by the
deployXML setting of this host. An appropriate descriptor should be
created at [.../conf/Tomcat/localhost/myapp.xml] to deploy this application.
- 9 org.apache.catalina.startup.ContextConfig.beforeStart Exception
fixing docBase for context [/myapp]
- 6 org.apache.catalina.core.StandardContext.listenerStart Error
configuring application listener of class
org.apache.catalina.core.NoSuchListener
- 6 org.apache.catalina.core.StandardContext.listenerStart Skipped
installing application listeners due to previous error(s)
- 6 org.apache.catalina.core.StandardContext.startInternal Error
listenerStart
- 6 org.apache.catalina.core.StandardContext.startInternal Context
[/myapp] startup failed due to previous errors
- 3 org.apache.catalina.startup.ExpandWar.copy Error copying
.../output/test-tmp/external/external.war to /var/tmp/6-myapp.war
30 messages in org.apache.catalina.startup.TestWebRuleSet:
- 27 [main]
org.apache.tomcat.util.digester.Digester.startElement Begin event threw
exception
- 3 [main]
org.apache.tomcat.util.digester.Digester.endElement End event threw
exception
Another big block is 53 messages from the mem leak detection
during context unload.
Remaining ones are 17 different types of messages, in sum 58 occurrences.
"Exception" in output of unit tests
===================================
603 times (+14)
- 2 fewer for tribes
- 4 additional frames with "Exception" in stack for
unchanged SSL Exception
- 9 due to new log lines for startUp containing "Exception" if the test
name contains that token
- 3 "org.apache.catalina.connector.TestCoyoteAdapter$AsyncServlet$1.run
Exception caught org.apache.catalina.connector.ClientAbortException:
java.io.IOException ..."
Top exception counts:
75 javax.servlet.ServletException: Opps.
48 times the two lines:
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Tomcat].StandardHost[localhost].StandardContext[/myapp]]
org.apache.catalina.LifecycleException: Failed to start
component
[StandardEngine[Tomcat].StandardHost[localhost].StandardContext[/myapp]]
Caused by: org.apache.catalina.LifecycleException: Error in
resourceStart()
39 java.lang.IllegalArgumentException: Document base
.../output/test-tmp/webapps/myapp does not exist or is not a readable
directory
30 times the three lines:
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component [/myapp]
org.apache.catalina.LifecycleException: Failed to start
component [/myapp]
Caused by: org.apache.catalina.LifecycleException: Failed to
process either the global, per-host or context-specific context.xml file
therefore the [/myapp] Context cannot be started.
12 org.apache.catalina.core.ApplicationContext.log servlet:
java.io.IOException: Invalid chunk header
12 java.io.FileNotFoundException:
.../output/test-tmp/external/external.war (No such file or directory)
9 java.lang.IllegalArgumentException: Invalid or unreadable WAR file
: .../output/test-tmp/external/external.war
9 org.apache.catalina.startup.ContextConfig.beforeStart Exception
fixing docBase for context [/myapp]
9 java.lang.IllegalArgumentException with three messages:
- <ordering> element is limited to NUMBER occurrence
- <name> element is limited to NUMBER occurrence
- <absolute-ordering> element is limited to NUMBER occurrence
9 org.apache.catalina.core.ApplicationContext.log servlet:
java.io.IOException: Invalid end of line sequence (No CR before LF)
The remaining ones have 60 different messages and occur 177 times.
I'm not claiming that any of the SEVERE or Exception messages are
important. The numbers are currently pretty stable.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.57
Posted by Violeta Georgieva <mi...@gmail.com>.
Hi,
2014-11-03 11:52 GMT+02:00 Violeta Georgieva <mi...@gmail.com>:
>
> The proposed Apache Tomcat 7.0.57 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.57/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1026/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_57/
>
> The proposed 7.0.57 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 7.0.57 Stable
Tested Tomcat in OSGi environment - successful.
Basic performance tests - successful.
> Regards,
> Violeta
Re: [VOTE] Release Apache Tomcat 7.0.57
Posted by Mark Thomas <ma...@apache.org>.
On 03/11/2014 09:52, Violeta Georgieva wrote:
> The proposed Apache Tomcat 7.0.57 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.57/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1026/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_57/
>
> The proposed 7.0.57 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 7.0.57 Stable
Servlet, JSP and EL TCKs all pass.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.57
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Konstantin,
On 11/8/14 8:34 PM, Konstantin Kolinko wrote:
> 2014-11-08 20:07 GMT+03:00 Konstantin Kolinko <kn...@gmail.com>:
>> 2014-11-03 12:52 GMT+03:00 Violeta Georgieva <mi...@gmail.com>:
>>> The proposed Apache Tomcat 7.0.57 release is now available for voting.
>>>
>>
>> Testing on Win7 with 32-bit JDKs
>> 1. All tests are passing with JDK 6u45 + 7u72 combo (compiling with
>> 6u45, all tests are run with 7u72) with all BIO, NIO, APR.
>>
>> 2. If I run the tests with JDK 6u45 only, the following tests are
>> consistently failing with BIO and succeeding with NIO and APR:
>>
>> org.apache.tomcat.util.net.TestClientCert
>> org.apache.tomcat.util.net.TestCustomSsl
>> org.apache.tomcat.util.net.TestSsl
>>
>> The failure in all cases is
>> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>>
>>
>> Quick recipe for reproduction is to use the following settings in
>> build.properties:
>> 1) Remove/comment the value for java.7.home if you have set one
>> 2) Set
>> test.name=org/apache/tomcat/util/net/**/Test*.java
>>
>>
>> It is odd that NIO tests do pass.
>> For APR most of those tests are skipped, so no much wonder.
>
> The tests pass if I add the following line to TestCustomSsl.java and
> TesterSupport.java.:
>
> [[[
> connector.setProperty("sslEnabledProtocols", "TLSv1,TLSv1.1,SSLv2Hello");
> ]]]
>
> Patch that I used:
> https://people.apache.org/~kkolinko/patches/2014-11-09_tc7_Java6_SSLHello.patch
>
> If I remove "SSLv2Hello" from the above value the tests with BIO fail.
> Why the tests pass with NIO connector is a mystery for me.
I agree that BIO failing while NIO works is odd, but I wonder if the
problem here is with the unit tests: the client is probably using the
default SSL procotols which includes both SSLv3 and SSLv2Hello, probably
using SSLv2Hello even if the protocol is higher (e.g. SSLv3, etc.).
Without SSLv2Hello enabled on the server at all, the client cannot
handshake because I think JSSE always uses SSLv2Hello if it's enabled on
the client.
Quick fix would be to change the unit tests, but the unit tests do
expose a problem likely to be found in the wild: clients who use
SSLv2Hello even if they only will use TLS for actual communication.
http://stackoverflow.com/questions/26488667/tomcat-7-getting-sslv2hello-is-disabled-error-when-trying-to-make-client-server
> I feared that NIO would have SSLv3 enabled by default, but I verified
> that SSLv3 is disabled
>
> a) OpenSSL cannot connect with SSLv3 protocol. I used the followin command:
>
> openssl s_client -connect localhost:8443 -ssl3 -msg
>
> WhenIf I explicitly enable "SSLv3" with sslEnabledProtocols attribute,
> then OpenSSL can connect with SSLv3.
>
> Connector configuration:
> <Connector
> port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> address="127.0.0.1"
> sslProtocol="tls"
> keystoreFile="${catalina.base}/conf/localhost.jks"
> truststoreFile="${catalina.base}/conf/ca.jks"
> secure="true"
> SSLEnabled="true"
> />
>
> The localhost.jks and ca.jks files were copied to conf directory from
> /test/org/apache/tomcat/util/net\/
>
> b) If I add the following line to logging.properties,
> [[[
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.level = FINE
> ]]]
> then I see log messages that SSLv2Hello and SSLv3 were disabled when
> running the tests.
>
> FINE: The SSL protocol [SSLv2Hello] which is enabled by default in
> this JRE was excluded from the defaults used by Tomcat
> FINE: The SSL protocol [SSLv3] which is enabled by default in this JRE
> was excluded from the defaults used by Tomcat
> (...)
> FINE: Specified SSL protocols that are supported and enableable are :
> [TLSv1, SSLv2Hello]
> FINE: Some specified SSL protocols are not supported by the SSL engine
> : [TLSv1.1]
>
>
> Smoke testing is OK.
>
> I think we are OK to release this.
>
> The test has to be patched to enable SSLv2Hello. (As an alternative
> solution, maybe there a way to disable SSLv2Hello at the client side
> of the connection ?)
If using HttpsURLConnection, then the system property
"-Dhttp.protocols=TLSv1,TLSv1.1,TLSv1.2" will make the client work.
I think if clients in the wild start failing without SSLv2Hello enabled
on the server, the admin can either explicitly enable SSLv2Hello on the
server, or instruct their clients to stop using it.
For Java clients using HttpsURLConnection (which will be the
less-sophisticated clients), using the above system property can fix
things up. Anyone using anything more complex is likely to have the
ability to tweak the protocols used by the client and so neither case
should represent a huge barrier for users.
-chris
Re: [VOTE] Release Apache Tomcat 7.0.57
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-11-08 20:07 GMT+03:00 Konstantin Kolinko <kn...@gmail.com>:
> 2014-11-03 12:52 GMT+03:00 Violeta Georgieva <mi...@gmail.com>:
>> The proposed Apache Tomcat 7.0.57 release is now available for voting.
>>
>
> Testing on Win7 with 32-bit JDKs
> 1. All tests are passing with JDK 6u45 + 7u72 combo (compiling with
> 6u45, all tests are run with 7u72) with all BIO, NIO, APR.
>
> 2. If I run the tests with JDK 6u45 only, the following tests are
> consistently failing with BIO and succeeding with NIO and APR:
>
> org.apache.tomcat.util.net.TestClientCert
> org.apache.tomcat.util.net.TestCustomSsl
> org.apache.tomcat.util.net.TestSsl
>
> The failure in all cases is
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>
>
> Quick recipe for reproduction is to use the following settings in
> build.properties:
> 1) Remove/comment the value for java.7.home if you have set one
> 2) Set
> test.name=org/apache/tomcat/util/net/**/Test*.java
>
>
> It is odd that NIO tests do pass.
> For APR most of those tests are skipped, so no much wonder.
The tests pass if I add the following line to TestCustomSsl.java and
TesterSupport.java.:
[[[
connector.setProperty("sslEnabledProtocols", "TLSv1,TLSv1.1,SSLv2Hello");
]]]
Patch that I used:
https://people.apache.org/~kkolinko/patches/2014-11-09_tc7_Java6_SSLHello.patch
If I remove "SSLv2Hello" from the above value the tests with BIO fail.
Why the tests pass with NIO connector is a mystery for me.
I feared that NIO would have SSLv3 enabled by default, but I verified
that SSLv3 is disabled
a) OpenSSL cannot connect with SSLv3 protocol. I used the followin command:
openssl s_client -connect localhost:8443 -ssl3 -msg
WhenIf I explicitly enable "SSLv3" with sslEnabledProtocols attribute,
then OpenSSL can connect with SSLv3.
Connector configuration:
<Connector
port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
address="127.0.0.1"
sslProtocol="tls"
keystoreFile="${catalina.base}/conf/localhost.jks"
truststoreFile="${catalina.base}/conf/ca.jks"
secure="true"
SSLEnabled="true"
/>
The localhost.jks and ca.jks files were copied to conf directory from
/test/org/apache/tomcat/util/net\/
b) If I add the following line to logging.properties,
[[[
org.apache.tomcat.util.net.jsse.JSSESocketFactory.level = FINE
]]]
then I see log messages that SSLv2Hello and SSLv3 were disabled when
running the tests.
FINE: The SSL protocol [SSLv2Hello] which is enabled by default in
this JRE was excluded from the defaults used by Tomcat
FINE: The SSL protocol [SSLv3] which is enabled by default in this JRE
was excluded from the defaults used by Tomcat
(...)
FINE: Specified SSL protocols that are supported and enableable are :
[TLSv1, SSLv2Hello]
FINE: Some specified SSL protocols are not supported by the SSL engine
: [TLSv1.1]
Smoke testing is OK.
I think we are OK to release this.
The test has to be patched to enable SSLv2Hello. (As an alternative
solution, maybe there a way to disable SSLv2Hello at the client side
of the connection ?)
My vote:
[X] Stable - go ahead and release as 7.0.57 Stable
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.57
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-11-03 12:52 GMT+03:00 Violeta Georgieva <mi...@gmail.com>:
> The proposed Apache Tomcat 7.0.57 release is now available for voting.
>
Testing on Win7 with 32-bit JDKs
1. All tests are passing with JDK 6u45 + 7u72 combo (compiling with
6u45, all tests are run with 7u72) with all BIO, NIO, APR.
2. If I run the tests with JDK 6u45 only, the following tests are
consistently failing with BIO and succeeding with NIO and APR:
org.apache.tomcat.util.net.TestClientCert
org.apache.tomcat.util.net.TestCustomSsl
org.apache.tomcat.util.net.TestSsl
The failure in all cases is
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Quick recipe for reproduction is to use the following settings in
build.properties:
1) Remove/comment the value for java.7.home if you have set one
2) Set
test.name=org/apache/tomcat/util/net/**/Test*.java
It is odd that NIO tests do pass.
For APR most of those tests are skipped, so no much wonder.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org