Google Git
Sign in
apache / tomcat-native / 1.1.x / . / xdocs / miscellaneous / changelog.xml
blob: 2f9355b010987a86d88310ccbe71c9596a447997 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE document [
<!ENTITY project SYSTEM "project.xml">
]>
<?xml-stylesheet type="application/xslt+xml" href="../style.xsl"?>
<document url="changelog.html">
&project;
<properties>
<author email="jfclere@apache.org">Jean-Frederic Clere</author>
</properties>
<body>
<section name="Preface">
<p>
This is the Changelog for Tomcat Native. This changelog
does not contain all updates and fixes to the Tomcat Native (yet).
It should contain fixes made only after December 19th 2007, when the
new documentation project for Tomcat Native was started.
</p>
</section>
<section name="Changes between 1.1.34 and 1.1.35">
<changelog>
<fix>
<bug>59024</bug>: Native function <code>versionString()</code> and
for OpenSSL 1.1.0 also <code>version()</code> (both in in ssl.c) now
return the OpenSSL run time version, not the compile time version.
(rjung)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.33 and 1.1.34">
<changelog>
<update>
Unconditionally disable export Ciphers. Use the
configure flag --enable-insecure-export-ciphers
for a custom build supporting those insecure ciphers.
(rjung)
</update>
<update>
Improve ephemeral key handling for DH and ECDH.
Parameter strength is by default derived from the
certificate key strength. It can be overwritten
by embedding custom parameters in the certificate
file configured with <code>SSLCertificateFile</code>. (rjung)
</update>
<update>
The APIs SSL.generateRSATempKey() and SSL.loadDSATempKey()
are no longer supported. (rjung)
</update>
<update>
Require minimum version 0.9.8m of OpenSSL. (rjung)
</update>
<fix>
Use APR pool pre-cleanup API if available to reduce
possibility of JVM core on shutdown. (mturk, rjung)
</fix>
<add>
Add feature check for APR pre-cleanup API. (mturk, rjung)
</add>
<fix>
Don't destroy pools explicitly if we are inside an
apr_terminate call. (mturk, rjung)
</fix>
<fix>
Fix a small memory leak if Socket.recv() is used with
big buffers and recv() gets an error. (costin, rjung)
</fix>
<fix>
Pass back error to JVM if a threadsafe poller should be
created but the underlying APR library was build without
thread support. (costin, rjung)
</fix>
<fix>
Fix compilation failures with master branch of OpenSSL. Replace access
to OpenSSL internals by accessor functions. (billbarker, rjung)
</fix>
<fix>
Let OpenSSL master handle thread IDs itself. (billbarker)
</fix>
<update>
Minor rework of "buildconf" script. (rjung)
</update>
<fix>
Fix APR dependency version expression and requirement expression in
RPM spec file. (rjung)
</fix>
<update>
Try to make the changelog.xml served by SVN-HTTP viewable in a browser
by adding a stylesheet reference. (kpreisser, rjung)
</update>
<scode>
Remove code that performs a read after a renegotiation that appears to be
unnecessary with OpenSSL 1.0.2. (billbarker)
</scode>
</changelog>
</section>
<section name="Changes between 1.1.32 and 1.1.33">
<changelog>
<fix>
Fix compilation failures with master branch of OpenSSL. Replace access
to OpenSSL internals by accessor functions. (rjung/kkolinko)
</fix>
<fix>
Fix a zero-boundary-check compiler warning and simplify code in the
process. (rjung)
</fix>
<fix>
Remove superfluous semicolons after close-braces to eliminate compiler
warnings. (schultz)
</fix>
<fix>
<bug>57653</bug>: Fix crash when multiple events for same socket are
returned via separate apr_pollfd_t structures. (markt)
</fix>
<fix>
Enable building with OpenSSL 1.0.2 onwards. (billbarker)
</fix>
<update>
Use OpenSSL 1.0.1m with Windows binaries. (markt)
</update>
</changelog>
</section>
<section name="Changes between 1.1.31 and 1.1.32">
<changelog>
<fix>
<bug>53952</bug>: Add support for TLSv1.2 and TLSv1.1.
Patch provided by Marcel &#352;ebek. (schultz)
</fix>
<fix>
<bug>56844</bug>: Use OpenSSL 1.0.1j with Windows binaries. (markt)
</fix>
<update>
Use APR 1.5.1 with Windows binaries (markt)
</update>
</changelog>
</section>
<section name="Changes between 1.1.30 and 1.1.31">
<changelog>
<fix>
<bug>55938</bug>: Fix "Dereference of null pointer" issues in rarely
used methods in ssl.c. Fix possible memory leak in Socket.sendto().
The issues were identified with clang-analyzer. (kkolinko)
</fix>
<fix>
<bug>56396</bug>: Do not create RSA keys shorter the 1024 bits
if inside FIPS mode. (mturk)
</fix>
<fix>
<bug>56423</bug>: Implement stubs for methods fipsModeGet, fipsModeSet
when library is compiled without OpenSSL. (kkolinko)
</fix>
<fix>
<bug>56596</bug>: Use OpenSSL 1.0.1h with Windows binaries. (markt)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.29 and 1.1.30">
<changelog>
<fix>
<bug>56363</bug>: Use OpenSSL 1.0.1g with Windows binaries. (mturk)
</fix>
<fix>
<bug>55915</bug>: Apply Mike Noordermeer's patch for ECDHE support. (mturk)
</fix>
<fix>
<bug>55663</bug>: Minor correction to the wording of the NOTICE file
to align it with the <a
href="http://www.apache.org/legal/src-headers.html#notice">requirements
for NOTICE files</a>. (kkolinko)
</fix>
<fix>
<bug>56027</bug>: Partial fix includes new <code>fipsModeGet</code>
function to get the current state of OpenSSL FIPS mode.
</fix>
</changelog>
</section>
<section name="Changes between 1.1.28 and 1.1.29">
<changelog>
<fix>
Change return code when removing a socket from a poller, that was
actually not in the poller from APR_SUCCESS to APR_NOTFOUND. (rjung)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.27 and 1.1.28">
<changelog>
<update>
Java classes in package org.apache.tomcat.jni are now taken
from Tomcat trunk using svn:externals. (rjung)
</update>
<update>
Minimum supported APR version is now again 1.2.1. Version 1.3.0
of APR improves performance. (rjung)
</update>
<fix>
<bug>29422</bug>: Fixed double-free in <code>ssl_ocsp_request</code>.
Patch provided by Aristotelis. (schultz)
</fix>
<fix>
<bug>51655</bug>: Added a decent description of what tcnative actually is.
(schultz)
</fix>
<fix>
<bug>51813</bug>: Add NULL-checking for <code>s-&gt;net</code> to
avoid SIGSEGV in situations where it appears a socket has been recycled.
(schultz)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.26 and 1.1.27">
<changelog>
<fix>
<bug>54513</bug>: Fix regression in pollset return value. (mturk)
</fix>
<fix>
Switch CPU information on Solaris from milliseconds to
microseconds. Make consistent with OS.java and Linux impl. (rjung)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.25 and 1.1.26 (not released)">
<changelog>
<fix>
<bug>54468</bug>: Fix FIPS mode for listeners when using OpenSSL 1.0.1c
and later; resolves 'Low level API call to digest MD5 forbidden in FIPS
mode!' errors. (wrowe)
</fix>
<update>
Add clearOptions function to allow access to OpenSSL's
SSL_CTX_clear_options function. (schultz)
</update>
</changelog>
</section>
<section name="Changes between 1.1.24 and 1.1.25 (not released)">
<changelog>
<update>
Minimum supported APR version is now 1.3.0. (mturk)
</update>
<fix>
<bug>52856</bug>: Fix high CPU usage when client changes IP address or
has high latency. (mturk)
</fix>
<update>
Add CPU information to OS info for Linux.
This was already available under Windows and Solaris. (rjung)
</update>
<fix>
<bug>53969</bug>: ssl.c::hasOp could only check for
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. Now it can check
for any SSL_OP_* available at compile-time. (schultz)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.23 and 1.1.24">
<changelog>
<update>
Add support for per-socket timeouts inside poller. (markt, mturk)
</update>
</changelog>
</section>
<section name="Changes between 1.1.22 and 1.1.23">
<changelog>
<update>
<bug>45392</bug>: Add support for OCSP verification. Based upon a patch
from Aristotelis. (mturk)
</update>
<fix>
<bug>52119</bug>: Autodetect Diablo JDK on FreeBSD and Java7+. Based upon a patch
from Michael Osipov. (mturk)
</fix>
<fix>
<bug>52717</bug>: Set scope_id for IPv6 addresses if provided. (mturk)
</fix>
<update>
<bug>50570</bug>: Allow explicit use of FIPS mode in APR lifecycle
listener (native support only in this update; Java support to follow).
Based upon a patch from Chris Beckey. (schultz)
</update>
</changelog>
</section>
<section name="Changes between 1.1.21 and 1.1.22">
<changelog>
<fix>
Arrange release packaging script. (jfclere).
</fix>
<fix>
Fix typos in the changelog. (markt).
</fix>
</changelog>
</section>
<section name="Changes between 1.1.20 and 1.1.21 (not released)">
<changelog>
<fix>
<bug>50394</bug>: InternalAprInputBuffer.fill() doesn't deal correctly with EOF. (jfclere)
</fix>
<fix>
Support arbitrary protocol combinations of SSLv2, SSLv3 and TLSv1. (rjung)
</fix>
<fix>
<bug>51437</bug>: Try loading certificate in DER format if PEM was invalid. (mturk)
</fix>
<fix>
<bug>49557</bug>: index error in the loop to get the env info in the proc.create function. (kkolinko, jfclere)
</fix>
<fix>
<bug>49851</bug>: JNI Registry.deleteKey and Registry.deleteValue corrupt Windows registry. (jfclere)
</fix>
<fix>
<bug>48253</bug>: adding dynamic locking callbacks for openssl engines. (jfclere)
</fix>
<update>
Make the non blocking write really no blocking. (jfclere)
</update>
<update>
Add support for unsafe legacy renegotiation. (mturk)
</update>
</changelog>
</section>
<section name="Changes between 1.1.19 and 1.1.20">
<changelog>
<fix>
<bug>48584</bug>: Prevent crashing JVM on shutdown. (mturk)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.18 and 1.1.19">
<changelog>
<fix>
Update windows resource files to correct version. (mturk)
</fix>
<fix>
<bug>48129</bug>: Fix build with OpenSSL 1.0.0-beta3.
Patch provided by Tomas Mraz. (mturk, rjung)
</fix>
<update>
Add detection of the Mac OS X JVM. (rjung)
</update>
</changelog>
</section>
<section name="Changes between 1.1.17 and 1.1.18">
<changelog>
<fix>
Fix CVE-2009-3555 SSL-Man-In-The-Middle attack. (mturk)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.16 and 1.1.17">
<changelog>
<update>
Arrange build after svn reorganisation (rjung)
</update>
<fix>
<bug>47852</bug>: Fix some Javadoc errors. Patch provided by Sebb. (rjung)
</fix>
<fix>
<bug>46950</bug>: Fix SSL renegotiation in combination with client
certificates. The complete solution also needs a fix in Tomcat's Java code. (markt)
</fix>
<fix>
Align method names and signatures of native C code and java code. (markt, rjung)
</fix>
<fix>
<bug>42728</bug>: Remove memory leak. (markt)
</fix>
<fix>
<bug>46457</bug>: Fix use of multicast. (markt)
</fix>
<fix>
Fix API name for recvfrom (mturk)
</fix>
<fix>
Allow building against APR 1.3 (mturk)
</fix>
<fix>
Improve fix for <bug>43327</bug> with better handling for IPv6
addresses (markt)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.15 and 1.1.16">
<changelog>
<fix>
Fix API name for recvfrom (mturk)
</fix>
<fix>
Allow building against APR 1.3 (mturk)
</fix>
<fix>
Improve fix for <bug>43327</bug> with better handling for IPv6
addresses (markt)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.14 and 1.1.15">
<changelog>
<fix>
<bug>43327</bug>: Socket bind fail because mixing IPv4/IPv6 (markt, jfclere)
</fix>
<fix>
<bug>44864</bug>: Use additional check for SSL verify like
with mod_ssl for SSLVerifyClient=optionalNoCA. (mturk)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.13 and 1.1.14">
<changelog>
<fix>
<bug>45071</bug>: Reset ttl when Poll.pool remove is false.
Additional patch was provided by Alex Barclay. (mturk)
</fix>
<fix>
Fix optGet that was always throwing exceptions. (jfclere)
</fix>
<fix>
Fix optSet don't throw exception as JAVA prototype doesn't. (jfclere)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.12 and 1.1.13">
<changelog>
<fix>
IFS problem in native/build/tcnative.m4 (rjung)
</fix>
<fix>
Wrong gcc link flag in native/build/tcnative.m4 (rjung)
</fix>
</changelog>
</section>
<section name="Changes between 1.1.11 and 1.1.12">
<changelog>
<update>
Add support of J9VM based JVM. (jfclere)
</update>
<update>
Arrange licence in source files. (markt)
</update>
<update>
Add two new 'immediate' methods for sending the data.
It is the responsibility of the Java callee to deal with
the returned values and retry if the error was non-fatal. (mturk)
</update>
<fix>
Arrange the check of openssl version. It was failing on Linux. (jfclere)
</fix>
<fix>
Prevent returning APR_SUCCESS when there is something wrong in ssl layer. (jfclere)
</fix>
<fix>
<bug>44087</bug>: Fix it. (jfclere)
</fix>
</changelog>
</section>
</body>
</document>