From dev-return-194523-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Sat Nov 3 17:54:24 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 22B2A18066B for ; Sat, 3 Nov 2018 17:54:23 +0100 (CET) Received: (qmail 59988 invoked by uid 500); 3 Nov 2018 16:54:23 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 59977 invoked by uid 99); 3 Nov 2018 16:54:23 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 03 Nov 2018 16:54:23 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 95FD6C21D5 for ; Sat, 3 Nov 2018 16:54:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.49 X-Spam-Level: ** X-Spam-Status: No, score=2.49 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=lucee-org.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id qyXKbov_7h9U for ; Sat, 3 Nov 2018 16:54:19 +0000 (UTC) Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com [209.85.208.179]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id DC5075F41C for ; Sat, 3 Nov 2018 16:54:18 +0000 (UTC) Received: by mail-lj1-f179.google.com with SMTP id s15-v6so4406486lji.3 for ; Sat, 03 Nov 2018 09:54:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lucee-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=PWWCSnh0QuRuhv+U/XVSsRh4HFJ6/Y9sh0fBHdMCPso=; b=yb1KbIjN05zKXy7inuq8gQur8PkbJD3ZoaVI2QoJK0Y6th4qrPugrc7yi1BYj+/P06 mbr9X6W/Za29MChbjRKlQAtr06JW1W8kSRKwYQ42E/5dvzkc7Z3cYZHb6X+eaGqwiPOg aaA32b+am44ZoF381b7adqMXi88Ow3MPXIFHMR/8nLX2q24riUKEWmy9tKvKq3rOkbiS NA2/dzV+yhzLTaGq3b5B8rU/PSmRSJU1QQ5EBFvae6pdkrqr/PzeTvYDw7eKE80DC228 MH8aLfrF5GRf4liEBlUfuhU2yXIZvIkw+bg6YOWqGCh9tOTUoG9WvbIZISy7z0xmW7JZ lkfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=PWWCSnh0QuRuhv+U/XVSsRh4HFJ6/Y9sh0fBHdMCPso=; b=dvzYsz4wekMRTLdibyNaE5X40OGj/nNoCII0WAg4bCIGGydVS7mhM71dp+n8DKYFAs +xKuGzqA6CDVhtyCFJ39f19vVp651z1AkDPlVq9uSWrI0yd2cNYTtSP5+8DC61ZwsVs2 wJOAv426xAIk/Z8Rhi2qOqqUmMkX45SN46GhHDRCX/Xvtwk2GNWSkkv+smpIgEAKzf08 kAzDx1Z/j5djgVT6zTZEF2R4SGg2QkRQiCkuPUFAu0ZMKcMsbOm3G1jjRQLC3AuJKnxa RlfiXgtnebE+2KyhMrzwchPGH7T5Vt95hR/UffNeVsQHR7dS01dUL3KRqKwNxw6iFqmU pH9g== X-Gm-Message-State: AGRZ1gIUMaox2rzlAQk4wuIZDGKLlCunOyQnyeu/Mw/wXn5OY/ji1GyP 23MT8MI8pX0ijPaEYbym/cNtXBbrBEucuFstSqqKwBJ6 X-Google-Smtp-Source: AJdET5ejb+goO45Q8NCTv6S5RwefSEge/6oUiRzjvI2KL/Pv41s9clRjudQ/ZoQ0wwtWMTwSzZtR6QRuRs8m2bOAaIo= X-Received: by 2002:a2e:2416:: with SMTP id k22-v6mr4888573ljk.80.1541264057439; Sat, 03 Nov 2018 09:54:17 -0700 (PDT) MIME-Version: 1.0 References: <80f36bcf-58dd-ada7-4c10-5023e54ada58@apache.org> <23333679-d0c9-fcbe-19de-9160dbf4538a@apache.org> In-Reply-To: From: Igal Sapir Date: Sat, 3 Nov 2018 09:54:05 -0700 Message-ID: Subject: Re: [VOTE] Release Apache Tomcat 9.0.13 To: Tomcat-Dev Content-Type: multipart/alternative; boundary="000000000000a62ca40579c580e7" --000000000000a62ca40579c580e7 Content-Type: text/plain; charset="UTF-8" On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas wrote: > On 03/11/2018 16:20, Igal Sapir wrote: > > On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas wrote: > > > >> On 02/11/2018 22:39, Igal Sapir wrote: > >> > >> > >> > >>> I am getting the same test case failures as before, so it doesn't look > >> like > >>> a regression to me: > >>> [concat] Testsuites with failed tests: > >>> [concat] > >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1] > >>> [concat] > >>> > >> > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt > >>> [2] > >>> > >>> (details below) > >>> > >>> > >>>> The proposed 9.0.13 release is: > >>>> [ ] Broken - do not release > >>>> [X] Stable - go ahead and release as 9.0.13 > >>>> > >>>> > >>> Assuming that my assessment of the failures is correct, my non-binding > >> vote > >>> is Stable. Tested on Fedora 28 with OpenSSL 1.1.0i-fips. > >> > >> Which JDK are you using? It looks like an IBM one. It has been a while > >> since I tested things with an IBM JDK so some updates might be required. > >> > > > > I am pretty sure that I've never installed the IBM JDK on any machine. > > This one IIRC is from Oracle: > > > > $ javac -version > > javac 1.8.0_181 > > $ java -version > > java version "1.8.0_181" > > Java(TM) SE Runtime Environment (build 1.8.0_181-b13) > > Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) > > > > I will upgrade to u191 from Oracle and then test again. > > > > > >> A FIPS enabled OpenSSL might also cause some failures as it might > >> disable some ciphers. > >> > > > > I am guessing by the version name of OpenSSL that FIPS is enabled: > > > > $ openssl version > > OpenSSL 1.1.0i-fips 14 Aug 2018 > > That is very odd as the only OpenSSL branch that is FIPS certified is > 1.0.2. > > > $ uname -a > > Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018 > > x86_64 x86_64 x86_64 GNU/Linux > > > > Should I make a mental note that these are false positives or should we > > pursue it further and update the test cases to remove ciphers that should > > not be used? > > They look like false positives at this point. > Is it possible to mark some test cases as "Warnings" rather than "Errors"? So that if they fail they will not fail the whole test? > Now is probably a good time to complete the planned expansion of unit > tests on Gump for Tomcat Native so we have coverage of all the OpenSSL > versions. > I'd be happy to help if given some guidance Best, Igal --000000000000a62ca40579c580e7--