You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2014/04/15 09:06:48 UTC
svn commit: r1587456 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko
Date: Tue Apr 15 07:06:47 2014
New Revision: 1587456
URL: http://svn.apache.org/r1587456
Log:
vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1587456&r1=1587455&r2=1587456&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Apr 15 07:06:47 2014
@@ -102,7 +102,13 @@ PATCHES PROPOSED TO BACKPORT:
* Update required tcnative version to 1.1.30
http://people.apache.org/~schultz/patches/tcnative.heartbleed.tomcat6.diff
+1: schultz
- -1:
+ -0: kkolinko:
+ -0 for changing TCN_REQUIRED_PATCH in AprLifecycleListener.java
+ +1 for changing TCN_RECOMMENDED_PV in AprLifecycleListener.java
+ +1 for build.properties.default
+ There is nothing in Tomcat 6 that requires TCNative 1.1.30 APIs.
+ I think that there are TCNative builds on Linux that use safe version
+ of OpenSSL while being an older version of TCNative.
PATCHES/ISSUES THAT ARE STALLED:
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1587456 - /tomcat/tc6.0.x/trunk/STATUS.txt
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-04-15 22:06 GMT+04:00 Christopher Schultz <ch...@christopherschultz.net>:
> Konstantin,
>
> On 4/15/14, 3:06 AM, kkolinko@apache.org wrote:
>> Author: kkolinko
>> Date: Tue Apr 15 07:06:47 2014
>> New Revision: 1587456
>>
>> URL: http://svn.apache.org/r1587456
>> Log:
>> vote
>>
>> Modified:
>> tomcat/tc6.0.x/trunk/STATUS.txt
>>
>> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
>> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1587456&r1=1587455&r2=1587456&view=diff
>> ==============================================================================
>> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
>> +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Apr 15 07:06:47 2014
>> @@ -102,7 +102,13 @@ PATCHES PROPOSED TO BACKPORT:
>> * Update required tcnative version to 1.1.30
>> http://people.apache.org/~schultz/patches/tcnative.heartbleed.tomcat6.diff
>> +1: schultz
>> - -1:
>> + -0: kkolinko:
>> + -0 for changing TCN_REQUIRED_PATCH in AprLifecycleListener.java
>> + +1 for changing TCN_RECOMMENDED_PV in AprLifecycleListener.java
>> + +1 for build.properties.default
>> + There is nothing in Tomcat 6 that requires TCNative 1.1.30 APIs.
>> + I think that there are TCNative builds on Linux that use safe version
>> + of OpenSSL while being an older version of TCNative.
>
> That's a very good point.
>
> What would you think about making the RECOMMENDED version 1.1.30?
That has my +1.
I am OK with changing REQUIRED to be 1.1.30 when the FIPS mode patch
is accepted, as that one requires 1.1.30.
>
> (This is 1/2 of a patch that *will* require 1.1.30. I decided to
> split-out the version requirements due to Heartbleed, but it seems it's
> really not appropriate.)
>
> I can back-out these patches in Tomcat 8 and Tomcat 7 but the same code
> will go right back in with a subsequent patch
> (http://svn.apache.org/viewvc?view=revision&revision=r1587379).
>
> Comments?
>
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1587456 - /tomcat/tc6.0.x/trunk/STATUS.txt
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Konstantin,
On 4/15/14, 3:06 AM, kkolinko@apache.org wrote:
> Author: kkolinko
> Date: Tue Apr 15 07:06:47 2014
> New Revision: 1587456
>
> URL: http://svn.apache.org/r1587456
> Log:
> vote
>
> Modified:
> tomcat/tc6.0.x/trunk/STATUS.txt
>
> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1587456&r1=1587455&r2=1587456&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
> +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Apr 15 07:06:47 2014
> @@ -102,7 +102,13 @@ PATCHES PROPOSED TO BACKPORT:
> * Update required tcnative version to 1.1.30
> http://people.apache.org/~schultz/patches/tcnative.heartbleed.tomcat6.diff
> +1: schultz
> - -1:
> + -0: kkolinko:
> + -0 for changing TCN_REQUIRED_PATCH in AprLifecycleListener.java
> + +1 for changing TCN_RECOMMENDED_PV in AprLifecycleListener.java
> + +1 for build.properties.default
> + There is nothing in Tomcat 6 that requires TCNative 1.1.30 APIs.
> + I think that there are TCNative builds on Linux that use safe version
> + of OpenSSL while being an older version of TCNative.
That's a very good point.
What would you think about making the RECOMMENDED version 1.1.30?
(This is 1/2 of a patch that *will* require 1.1.30. I decided to
split-out the version requirements due to Heartbleed, but it seems it's
really not appropriate.)
I can back-out these patches in Tomcat 8 and Tomcat 7 but the same code
will go right back in with a subsequent patch
(http://svn.apache.org/viewvc?view=revision&revision=r1587379).
Comments?
-chris