[Git][java-team/tomcat-native][upstream] New upstream version 1.2.17
Emmanuel Bourg
gitlab at salsa.debian.org
Wed Jun 13 15:42:16 BST 2018
Emmanuel Bourg pushed to branch upstream at Debian Java Maintainers / tomcat-native
Commits:
f6744d26 by Emmanuel Bourg at 2018-06-12T15:09:38+02:00
New upstream version 1.2.17
- - - - -
26 changed files:
- CHANGELOG.txt
- NOTICE
- build.properties.default
- build.xml
- docs/index.html
- docs/miscellaneous/changelog.html
- docs/news/2008.html
- docs/news/2009.html
- docs/news/2010.html
- docs/news/2011.html
- docs/news/2012.html
- docs/news/2013.html
- docs/news/2014.html
- docs/news/2015.html
- docs/news/2016.html
- docs/news/2017.html
- native/include/tcn_version.h
- native/os/win32/libtcnative.rc
- native/src/ssl.c
- native/src/sslcontext.c
- native/src/sslutils.c
- native/tcnative.spec
- xdocs/index.xml
- xdocs/miscellaneous/changelog.xml
- xdocs/news/2017.xml
- xdocs/style.xsl
Changes:
=====================================
CHANGELOG.txt
=====================================
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -2,6 +2,16 @@
This is the Changelog for Tomcat Native 1.2.
+ Changes in 1.2.17
+
+ * Fix: 62094: Certificate verification using CRL with Tomcat APR
+ connector does not work. (jfclere)
+ * Fix: 62122: undefined symbol: SSL_COMP_free_compression_methods.
+ (jfclere)
+ * Fix: 62221: OCSP response processing uses always the first entry in
+ the response. (jfclere)
+ * Fix: Further clean-up in the OCSP extension logic. (jfclere)
+
Changes in 1.2.16
* Fix: Further clean-up in the parsing of the OCSP extension. (markt)
@@ -189,4 +199,4 @@
Please see the 1.1.x changelog.
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
=====================================
NOTICE
=====================================
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache Tomcat Native Library
-Copyright 2002-2017 The Apache Software Foundation
+Copyright 2002-2018 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
=====================================
build.properties.default
=====================================
--- a/build.properties.default
+++ b/build.properties.default
@@ -18,7 +18,7 @@
# ----- Version Control Flags -----
version.major=1
version.minor=2
-version.build=16
+version.build=17
version.patch=0
version.suffix=
=====================================
build.xml
=====================================
--- a/build.xml
+++ b/build.xml
@@ -30,7 +30,7 @@
<property name="project" value="tomcat-native" />
<property name="name" value="Tomcat Native" />
<property name="title" value="Tomcat Native Library"/>
- <property name="year" value="2017" />
+ <property name="year" value="2018" />
<property name="test.runner" value="junit.textui.TestRunner"/>
@@ -174,7 +174,7 @@
packagenames="org.apache.tomcat.*"
windowtitle="${title} (Version ${version})"
doctitle="<h1>${title} (Version ${version})</h1>"
- bottom="Copyright 2002-2017 The Apache Software Foundation.<!--
+ bottom="Copyright 2002-2018 The Apache Software Foundation.<!--
Licensed under the Apache License, Version 2.0 (the 'License');
you may not use this file except in compliance with the License.
=====================================
docs/index.html
=====================================
--- a/docs/index.html
+++ b/docs/index.html
@@ -27,10 +27,10 @@
</div><h3 id="Headlines">Headlines</h3><div class="text">
<ul>
-<li><a href="news/2017.html#20170904">4 September 2017 - <b>TC-Native-1.2.14
+<li><a href="news/2017.html#20171120">20 November 2017 - <b>TC-Native-1.2.16
released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability of
-Tomcat Native 1.2.14 Stable.</p>
+Tomcat Native 1.2.16 Stable.</p>
<p>
The sources and the binaries for selected platforms are available from the
<a href="../download-native.cgi">Download page</a>.
@@ -79,18 +79,18 @@ list of changes.
Where:<br>
<code>$HOME/APR</code> is something like /usr/bin/apr-1-config or the path where apr is
installed.<br>
- <code>$JAVA_HOME</code> is something /home/jfclere/JAVA/jdk1.5.0_09 path to a JDK
+ <code>$JAVA_HOME</code> is something /home/jfclere/JAVA/jdk1.7.0_80 path to a JDK
installation. Any JDK should work but it is advisable to use the same
JVM version the JVM you use with Tomcat.<br>
<code>$HOME/OPENSSL</code> is the path where OpenSSL is installed.<br>
<code>$CATALINA_HOME</code> is the path where the produced libraries will be
- installed. Something like $HOME/apache-tomcat-6.0.16/<br>
+ installed. Something like $HOME/apache-tomcat-8.0.47/<br>
<br>
The configure is able to guess most of OpenSSL standard installations.
So most of the time the following will be enough:
</p>
<div class="codeBox"><pre><code>./configure --with-apr=/usr/bin/apr-1-config \
- --with-java-home=/home/jfclere/JAVA/jdk1.5.0_09/ \
+ --with-java-home=/home/jfclere/JAVA/jdk1.7.0_80/ \
--with-ssl=yes \
--prefix=$CATALINA_HOME</code></pre></div>
<p>
@@ -180,5 +180,5 @@ INFO: Initializing Coyote HTTP/1.1 on http-8080</code></pre></div>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/miscellaneous/changelog.html
=====================================
--- a/docs/miscellaneous/changelog.html
+++ b/docs/miscellaneous/changelog.html
@@ -3,6 +3,23 @@
<p>
This is the Changelog for Tomcat Native 1.2.
</p>
+</div><h3 id="Changes_in_1.2.17">Changes in 1.2.17</h3><div class="text">
+ <ul class="changelog">
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=62094">62094</a>: Certificate verification using CRL with
+ Tomcat APR connector does not work. (jfclere)
+ </li>
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=62122">62122</a>: undefined symbol: SSL_COMP_free_compression_methods. (jfclere)
+ </li>
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=62221">62221</a>: OCSP response processing uses always the first
+ entry in the response. (jfclere)
+ </li>
+ <li><img alt="Fix: " class="icon" src="../images/fix.gif">
+ Further clean-up in the OCSP extension logic. (jfclere)
+ </li>
+ </ul>
</div><h3 id="Changes_in_1.2.16">Changes in 1.2.16</h3><div class="text">
<ul class="changelog">
<li><img alt="Fix: " class="icon" src="../images/fix.gif">
@@ -326,5 +343,5 @@
<p>Please see the <a href="../../native-1.1-doc/miscellaneous/changelog.html">1.1.x
changelog</a>.</p>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2008.html
=====================================
--- a/docs/news/2008.html
+++ b/docs/news/2008.html
@@ -24,5 +24,5 @@ and some bug fixes.
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2009.html
=====================================
--- a/docs/news/2009.html
+++ b/docs/news/2009.html
@@ -8,5 +8,5 @@ of Tomcat Native 1.1.18. This is a stable release adding some bug fixes.
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2010.html
=====================================
--- a/docs/news/2010.html
+++ b/docs/news/2010.html
@@ -13,5 +13,5 @@ of Tomcat Native 1.1.19. This is a stable release adding some bug fixes.
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2011.html
=====================================
--- a/docs/news/2011.html
+++ b/docs/news/2011.html
@@ -9,5 +9,5 @@ of Tomcat Native 1.1.22. This is a stable release adding some bug fixes.
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2012.html
=====================================
--- a/docs/news/2012.html
+++ b/docs/news/2012.html
@@ -19,5 +19,5 @@ experimental support for OCSP and PKCS12 certificates.
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2013.html
=====================================
--- a/docs/news/2013.html
+++ b/docs/news/2013.html
@@ -22,5 +22,5 @@ of Tomcat Native 1.1.27. This is a bug fixing release.
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2014.html
=====================================
--- a/docs/news/2014.html
+++ b/docs/news/2014.html
@@ -19,5 +19,5 @@
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2015.html
=====================================
--- a/docs/news/2015.html
+++ b/docs/news/2015.html
@@ -26,5 +26,5 @@
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2016.html
=====================================
--- a/docs/news/2016.html
+++ b/docs/news/2016.html
@@ -39,5 +39,5 @@
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
docs/news/2017.html
=====================================
--- a/docs/news/2017.html
+++ b/docs/news/2017.html
@@ -1,5 +1,12 @@
<!DOCTYPE html SYSTEM "about:legacy-compat">
<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><link href="../images/docs-stylesheet.css" rel="stylesheet" type="text/css"><link href="../images/style.css" rel="stylesheet" type="text/css"><title>The Apache Tomcat Native - News - 2017 News and Status</title></head><body><div id="wrapper"><header><div id="header"><div><div><div class="logo noPrint"><a href="http://tomcat.apache.org/"><img alt="Tomcat Home" src="../images/tomcat.png"></a></div><div style="height: 1px;"></div><div class="asfLogo noPrint"><a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a></div><h1>The Apache Tomcat Native - News</h1><div style="height: 1px;"></div><div style="clear: left;"></div></div></div></div></header><div id="middle"><div><div id="mainLeft" class="noprint"><div><nav><div><h2><strong>Links</strong></h2><ul><li><a href="../index.html">Docs Home</a></li></ul></div><div><h2><strong>Miscellaneous Documentation</strong></h2><ul><li><a href="../miscellaneous/changelog.html">Changelog</a></li></ul></div><div><h2><strong>News</strong></h2><ul><li><a href="../news/2017.html">2017</a></li><li><a href="../news/2016.html">2016</a></li><li><a href="../news/2015.html">2015</a></li><li><a href="../news/2014.html">2014</a></li><li><a href="../news/2013.html">2013</a></li><li><a href="../news/2012.html">2012</a></li><li><a href="../news/2011.html">2011</a></li><li><a href="../news/2010.html">2010</a></li><li><a href="../news/2009.html">2009</a></li><li><a href="../news/2008.html">2008</a></li></ul></div></nav></div></div><div id="mainRight"><div id="content"><h2>2017 News and Status</h2><h3 id="2017_News_&_Status">2017 News & Status</h3><div class="text">
+ <div class="subsection"><h4 id="20171120">20 Nov 2017 - TC-Native-1.2.16 released</h4><div class="text">
+ <p>The Apache Tomcat team is proud to announce the immediate availability of
+ Tomcat Native 1.2.16. This is a bugfix release that also updates the
+ dependencies for the Windows binaries and includes Windows binaries built with
+ OpenSSL 1.0.2m and APR 1.6.3.
+ </p>
+ </div></div>
<div class="subsection"><h4 id="20170904">4 Sep 2017 - TC-Native-1.2.14 released</h4><div class="text">
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Native 1.2.14. This is a bugfix release that also updates the
@@ -15,5 +22,5 @@
</p>
</div></div>
</div></div></div></div></div><footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer></div></body></html>
\ No newline at end of file
=====================================
native/include/tcn_version.h
=====================================
--- a/native/include/tcn_version.h
+++ b/native/include/tcn_version.h
@@ -63,7 +63,7 @@ extern "C" {
#define TCN_MINOR_VERSION 2
/** patch level */
-#define TCN_PATCH_VERSION 16
+#define TCN_PATCH_VERSION 17
/**
* This symbol is defined for internal, "development" copies of TCN. This
=====================================
native/os/win32/libtcnative.rc
=====================================
--- a/native/os/win32/libtcnative.rc
+++ b/native/os/win32/libtcnative.rc
@@ -20,7 +20,7 @@ LANGUAGE 0x9,0x1
"See the License for the specific language governing " \
"permissions and limitations under the License."
-#define TCN_VERSION "1.2.16"
+#define TCN_VERSION "1.2.17"
1000 ICON "apache.ico"
1001 DIALOGEX 0, 0, 252, 51
@@ -36,8 +36,8 @@ BEGIN
END
1 VERSIONINFO
- FILEVERSION 1,2,16,0
- PRODUCTVERSION 1,2,16,0
+ FILEVERSION 1,2,17,0
+ PRODUCTVERSION 1,2,17,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
=====================================
native/src/ssl.c
=====================================
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -364,8 +364,10 @@ static apr_status_t ssl_init_cleanup(void *data)
ENGINE_cleanup();
#endif
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+#ifndef OPENSSL_NO_COMP
SSL_COMP_free_compression_methods();
#endif
+#endif
CRYPTO_cleanup_all_ex_data();
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state(NULL);
=====================================
native/src/sslcontext.c
=====================================
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -565,11 +565,12 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx
UNREFERENCED(o);
TCN_ASSERT(ctx != 0);
- if (J2S(file) == NULL && J2S(path) == NULL)
+ if (J2S(file) == NULL && J2S(path) == NULL) {
return JNI_FALSE;
+ }
if (!c->crl) {
- if ((c->crl = X509_STORE_new()) == NULL)
+ if ((c->crl = SSL_CTX_get_cert_store(c->ctx)) == NULL)
goto cleanup;
}
if (J2S(file)) {
@@ -581,7 +582,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx
tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);
goto cleanup;
}
- X509_LOOKUP_load_file(lookup, J2S(file), X509_FILETYPE_PEM);
+ if (!X509_LOOKUP_load_file(lookup, J2S(file), X509_FILETYPE_PEM)) {
+ ERR_error_string(SSL_ERR_get(), err);
+ X509_STORE_free(c->crl);
+ c->crl = NULL;
+ tcn_Throw(e, "Load failed for file %s (%s)", J2S(file), err);
+ goto cleanup;
+ }
}
if (J2S(path)) {
lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
@@ -592,8 +599,15 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx
tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);
goto cleanup;
}
- X509_LOOKUP_add_dir(lookup, J2S(path), X509_FILETYPE_PEM);
+ if (!X509_LOOKUP_add_dir(lookup, J2S(path), X509_FILETYPE_PEM)) {
+ ERR_error_string(SSL_ERR_get(), err);
+ X509_STORE_free(c->crl);
+ c->crl = NULL;
+ tcn_Throw(e, "Load failed for path %s (%s)", J2S(file), err);
+ goto cleanup;
+ }
}
+ X509_STORE_set_flags(c->store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
rv = JNI_TRUE;
cleanup:
TCN_FREE_CSTRING(file);
=====================================
native/src/sslutils.c
=====================================
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -35,7 +35,7 @@ extern int WIN32_SSL_password_prompt(tcn_pass_cb_t *data);
#define ASN1_OID 0x06
#define ASN1_STRING 0x86
static int ssl_verify_OCSP(int ok, X509_STORE_CTX *ctx);
-static int ssl_ocsp_request(X509 *cert, X509 *issuer);
+static int ssl_ocsp_request(X509 *cert, X509 *issuer, X509_STORE_CTX *ctx);
#endif
/* _________________________________________________________________
@@ -519,21 +519,21 @@ static int ssl_verify_OCSP(int ok, X509_STORE_CTX *ctx)
}
/* if we can't get the issuer, we cannot perform OCSP verification */
- if (X509_STORE_CTX_get1_issuer(&issuer, ctx, cert) == 1 ) {
- r = ssl_ocsp_request(cert, issuer);
- if (r == OCSP_STATUS_REVOKED) {
+ issuer = X509_STORE_CTX_get0_current_issuer(ctx);
+ if (issuer != NULL) {
+ r = ssl_ocsp_request(cert, issuer, ctx);
+ switch (r) {
+ case OCSP_STATUS_OK:
+ X509_STORE_CTX_set_error(ctx, X509_V_OK);
+ break;
+ case OCSP_STATUS_REVOKED:
/* we set the error if we know that it is revoked */
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
+ break;
+ case OCSP_STATUS_UNKNOWN:
+ /* ssl_ocsp_request() sets the error correctly already. */
+ break;
}
- else {
- /* else we return unknown */
- r = OCSP_STATUS_UNKNOWN;
- }
- X509_free(issuer); /* It appears that we should free issuer since
- * X509_STORE_CTX_get1_issuer() calls X509_OBJECT_up_ref_count()
- * on the issuer object (unline X509_STORE_CTX_get_current_cert()
- * that just returns the pointer
- */
}
return r;
}
@@ -1009,11 +1009,12 @@ end:
/* Process the OCSP_RESPONSE and returns the corresponding
answert according to the status.
*/
-static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp)
+static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp, X509 *cert, X509 *issuer)
{
int r, o = V_OCSP_CERTSTATUS_UNKNOWN, i;
OCSP_BASICRESP *bs;
OCSP_SINGLERESP *ss;
+ OCSP_CERTID *certid;
r = OCSP_response_status(ocsp_resp);
@@ -1023,7 +1024,13 @@ static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp)
}
bs = OCSP_response_get1_basic(ocsp_resp);
- ss = OCSP_resp_get0(bs,0); /* we know we have only 1 request */
+ certid = OCSP_cert_to_id(NULL, cert, issuer);
+ if (certid == NULL) {
+ OCSP_RESPONSE_free(ocsp_resp);
+ return OCSP_STATUS_UNKNOWN;
+ }
+ ss = OCSP_resp_get0(bs, OCSP_resp_find(bs, certid, -1)); /* find by serial number and get the matching response */
+
i = OCSP_single_get0_status(ss, NULL, NULL, NULL, NULL);
if (i == V_OCSP_CERTSTATUS_GOOD)
@@ -1034,11 +1041,12 @@ static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp)
o = OCSP_STATUS_UNKNOWN;
/* we clean up */
+ OCSP_CERTID_free(certid);
OCSP_RESPONSE_free(ocsp_resp);
return o;
}
-static int ssl_ocsp_request(X509 *cert, X509 *issuer)
+static int ssl_ocsp_request(X509 *cert, X509 *issuer, X509_STORE_CTX *ctx)
{
char **ocsp_urls = NULL;
int nid;
@@ -1061,13 +1069,20 @@ static int ssl_ocsp_request(X509 *cert, X509 *issuer)
the ocsp status. Otherwise, return OCSP_STATUS_UNKNOWN */
if (ocsp_urls != NULL) {
OCSP_RESPONSE *resp;
+ int rv = OCSP_STATUS_UNKNOWN;
/* for the time being just check for the fist response .. a better
approach is to iterate for all the possible ocsp urls */
resp = get_ocsp_response(cert, issuer, ocsp_urls[0]);
+ if (resp != NULL) {
+ rv = process_ocsp_response(resp, cert, issuer);
+ } else {
+ /* correct error code for application errors? */
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
+ }
if (resp != NULL) {
apr_pool_destroy(p);
- return process_ocsp_response(resp);
+ return rv;
}
}
apr_pool_destroy(p);
=====================================
native/tcnative.spec
=====================================
--- a/native/tcnative.spec
+++ b/native/tcnative.spec
@@ -21,7 +21,7 @@
Summary: Tomcat Native Java library
Name: tcnative
-Version: 1.2.16
+Version: 1.2.17
Release: 1
License: Apache Software License
Group: System Environment/Libraries
=====================================
xdocs/index.xml
=====================================
--- a/xdocs/index.xml
+++ b/xdocs/index.xml
@@ -59,10 +59,10 @@
<section name="Headlines">
<ul>
-<li><a href="news/2017.html#20170904">4 September 2017 - <b>TC-Native-1.2.14
+<li><a href="news/2017.html#20171120">20 November 2017 - <b>TC-Native-1.2.16
released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability of
-Tomcat Native 1.2.14 Stable.</p>
+Tomcat Native 1.2.16 Stable.</p>
<p>
The sources and the binaries for selected platforms are available from the
<a href="../download-native.cgi">Download page</a>.
@@ -114,19 +114,19 @@ list of changes.
Where:<br/>
<code>$HOME/APR</code> is something like /usr/bin/apr-1-config or the path where apr is
installed.<br/>
- <code>$JAVA_HOME</code> is something /home/jfclere/JAVA/jdk1.5.0_09 path to a JDK
+ <code>$JAVA_HOME</code> is something /home/jfclere/JAVA/jdk1.7.0_80 path to a JDK
installation. Any JDK should work but it is advisable to use the same
JVM version the JVM you use with Tomcat.<br/>
<code>$HOME/OPENSSL</code> is the path where OpenSSL is installed.<br/>
<code>$CATALINA_HOME</code> is the path where the produced libraries will be
- installed. Something like $HOME/apache-tomcat-6.0.16/<br/>
+ installed. Something like $HOME/apache-tomcat-8.0.47/<br/>
<br/>
The configure is able to guess most of OpenSSL standard installations.
So most of the time the following will be enough:
</p>
<source
>./configure --with-apr=/usr/bin/apr-1-config \
- --with-java-home=/home/jfclere/JAVA/jdk1.5.0_09/ \
+ --with-java-home=/home/jfclere/JAVA/jdk1.7.0_80/ \
--with-ssl=yes \
--prefix=$CATALINA_HOME</source>
<p>
=====================================
xdocs/miscellaneous/changelog.xml
=====================================
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -34,6 +34,24 @@
This is the Changelog for Tomcat Native 1.2.
</p>
</section>
+<section name="Changes in 1.2.17">
+ <changelog>
+ <fix>
+ <bug>62094</bug>: Certificate verification using CRL with
+ Tomcat APR connector does not work. (jfclere)
+ </fix>
+ <fix>
+ <bug>62122</bug>: undefined symbol: SSL_COMP_free_compression_methods. (jfclere)
+ </fix>
+ <fix>
+ <bug>62221</bug>: OCSP response processing uses always the first
+ entry in the response. (jfclere)
+ </fix>
+ <fix>
+ Further clean-up in the OCSP extension logic. (jfclere)
+ </fix>
+ </changelog>
+</section>
<section name="Changes in 1.2.16">
<changelog>
<fix>
=====================================
xdocs/news/2017.xml
=====================================
--- a/xdocs/news/2017.xml
+++ b/xdocs/news/2017.xml
@@ -29,6 +29,13 @@
<body>
<section name="2017 News & Status">
+ <subsection anchor="20171120" name="20 Nov 2017 - TC-Native-1.2.16 released">
+ <p>The Apache Tomcat team is proud to announce the immediate availability of
+ Tomcat Native 1.2.16. This is a bugfix release that also updates the
+ dependencies for the Windows binaries and includes Windows binaries built with
+ OpenSSL 1.0.2m and APR 1.6.3.
+ </p>
+ </subsection>
<subsection anchor="20170904" name="4 Sep 2017 - TC-Native-1.2.14 released">
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Native 1.2.14. This is a bugfix release that also updates the
=====================================
xdocs/style.xsl
=====================================
--- a/xdocs/style.xsl
+++ b/xdocs/style.xsl
@@ -125,7 +125,7 @@
<!-- Footer -->
<footer><div id="footer">
- Copyright © 2008-2017, The Apache Software Foundation
+ Copyright © 2008-2018, The Apache Software Foundation
</div></footer>
</div>
</body>
View it on GitLab: https://salsa.debian.org/java-team/tomcat-native/commit/f6744d26c4ead405a343d45b2fcd06381e84e86d
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat-native/commit/f6744d26c4ead405a343d45b2fcd06381e84e86d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20180613/37307398/attachment.html>
More information about the pkg-java-commits
mailing list