from:"schultz"


Michael,

On 6/7/24 08:01, Michael Osipov wrote:

On 2024/06/07 08:05:34 Mark Thomas wrote:

On 06/06/2024 16:30, Christopher Schultz wrote:

All,

Resurrecting this thread from 2019.

I'd like to remove the SSI configuration from conf/web.xml and put it
into webapps/docs/ssi-howto.html.

Are there any objections?


None here.

Do we want to go further and consider removing it entirely for Tomcat 12
onwards. Maybe a question for the users list?


I need to admit that there are situations where SSI might be prefered over JSP.
Example: I needed limited flexibility for some Asciidoctor generated documents 
dependening whether it is QA or prod. I didn't want to generate multiple sets 
of documents (reduce complexity). Now some lines of SSI display a proper QA 
banner. Good enough for the job. Getting JSP or PHP output with Asciidoctor is 
almost impossible.


It's entirely possible to separate SSI into a different project. I 
didn't do it because it uses helper-classes in Tomcat for certain things.


But if SSI is desirable, it can be packaged separately at the cost of 
some additional support classes/methods being copied outside of Tomcat.


I don't want to support it anymore, but it should be easy *for someone 
else* to extract and bundle separately :)


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PROPOSAL] Remove JSP file from ROOT web application

Konstantin,

On 6/6/24 11:26, Konstantin Kolinko wrote:

чт, 6 июн. 2024 г. в 17:44, Christopher Schultz :

All,

I'd like to change the existing webapps/ROOT/index.jsp to index.html and
remove the dynamic elements. Currently, the only truly dynamic element
in the whole file is this:

"
Copyright 1999-${year} Apache Software
Foundation. All Rights Reserved
"

I don't see any particular reason that the Copyright information must
always show the "current year". We can simply set this to "the current
year" during the release process.

This will mean that the default application will be completely static.
Not much of an upgrade, *but* if a user would prefer to completely
remove Jasper, it means that the default home page will be readable.

Hi, Chris!

+1 !

We missed you this week.

Being involved in moderation of one of our mailing lists, I suspect that
some amount of spam is caused by our default web page,
when it is de-facto used as the front page of a third-party web site.

That is, ASF is wrongly interpreted as an owner of that web site.

My thoughts were:
a) Replace it with a simple static page that just says "It works" or similar.
b) Make content dynamic, so that the current content is shown to
localhost clients only,
and show the "simple" page for anyone else.

An example of "a)" is Apache HTTPD:

https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/docroot/index.html?revision=1200966=markup
https://svn.apache.org/viewvc?view=revision=105393
Oct 2004 (19 years, 8 months ago)

My preference is for "a)".

Maybe move the old shiny "root" page to the examples web application.

This is a reasonable idea.

I always thought that httpd's "It works!" page was crappy. I like the
Tomcat one better. But I'd like to disable everything in the ROOT web
application if possible.

Having different behavior for local versus remote visits is an
interesting idea. I wouldn't want to implement something like that
without more support from other committers.

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PROPOSAL] Enable SecureLifecycleListener by default


Coty,

On 6/6/24 11:34, Coty Sutherland wrote:

On Thu, Jun 6, 2024 at 10:46 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:


All,

I'd like to remove the  around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.

Before I do so, are there any objections to making this change?



No objections from me. I might suggest making the default
buildDateWarningAgeDays something like 6 months though rather than no
default. If we're trying to encourage secure practices warning about older
builds should be part of that config change IMO


I got some pushback from the folks who have to support Tomcat for 
decades which is why it's disabled by default.


I'll keep pushing :)

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PROPOSAL] Enable SecureLifecycleListener by default


Konstantin,

On 6/6/24 12:01, Konstantin Kolinko wrote:

чт, 6 июн. 2024 г. в 17:46, Christopher Schultz :


All,

I'd like to remove the  around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.

Before I do so, are there any objections to making this change?


Its name is "SecurityListener",
org.apache.catalina.security.SecurityListener

https://tomcat.apache.org/tomcat-11.0-doc/config/listeners.html#Security_Lifecycle_Listener_-_org.apache.catalina.security.SecurityListener

Looking at its checks:

- "checkedOsUsers":
It checks the value of System.getProperty("user.name");

1. On Windows it is useless.


:(

What does user.name return when running under Administrator or 
LocalSystem or whatever?



2. It is possible to run as root to be able to bind to port 80. It is
usually done with jsvc (Apache Commons Daemon) and its capability to
drop privileges.

https://commons.apache.org/proper/commons-daemon/jsvc.html#Downgrading_user
https://cwiki.apache.org/confluence/display/TOMCAT/HowTo#HowTo-HowtorunTomcatwithoutrootprivileges?

I wonder what the actual value of "user.name" will be in case of "2.".
The check is performed at "before init" event, thus earlier than jsvc
drops privileges.


We can check :)


- "minimumUmask"
It checks the value of System.getProperty(UMASK_PROPERTY_NAME);
UMASK_PROPERTY_NAME = Constants.PACKAGE + ".SecurityListener.UMASK";

1. On Windows it is useless.


+1 and the documentation says it doesn't do any check on Windows.


2. The property is set by a startup script. If it is started in a
different way (jsvc / daemon.sh, or directly as a Java application -
as done by Eclipse IDE, as an embedded Tomcat), I expect it to break.

- "buildDateWarningAgeDays"

1. It is disabled by default.
2. It is checked at start time, but actual servers may run years
without a reboot.
3. I wonder how it behaves if Tomcat is embedded in some IOT device.

Thus I wonder whether it is worth enabling it.

(But if we want to get real feedback, enabling it now for Tomcat 11 is
a good starting point.)


Yes, this is what I was proposing.

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[PROPOSAL] Implement additional security checks in SecurityLifecycleListener


All,

Tomcat's SecurityLifecycleListener currently checks the current working 
user's name, the umask and not much else at the moment.


I'd like to add "administrator" as another username to look for. (The 
documentation says that "root" is the only current username checked.)


I would also like to add several items from the DISA STIG document found 
here:

https://www.stigviewer.com/stig/apache_tomcat_application_sever_9/2021-12-27/

I haven't decided exactly which items to implement, but I will probably 
do this as a PR with separate commits for each item.


Are there any objections to be starting this work?

Thanks,
-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[PROPOSAL] Enable SecureLifecycleListener by default


All,

I'd like to remove the  around the SecureLifecycleListener 
in conf/server.xml that we bundle with Tomcat distributions.


Before I do so, are there any objections to making this change?

Thanks,
-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[PROPOSAL] Remove JSP file from ROOT web application


All,

I'd like to change the existing webapps/ROOT/index.jsp to index.html and 
remove the dynamic elements. Currently, the only truly dynamic element 
in the whole file is this:


"
Copyright 1999-${year} Apache Software 
Foundation.  All Rights Reserved

"

I don't see any particular reason that the Copyright information must 
always show the "current year". We can simply set this to "the current 
year" during the release process.


This will mean that the default application will be completely static. 
Not much of an upgrade, *but* if a user would prefer to completely 
remove Jasper, it means that the default home page will be readable.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PROPOSAL] Tomcat 10: Remove CGI Servlet


All,

Resurrecting this thread from 2019.

I will be proceeding with this 4.5-year-old plan to extract the CGI 
servlet to a separate JAR file to make it easy to "remove" from Tomcat 
if operators would prefer to do such things.


I think I'll also move the configuration from conf/web.xml to 
webapps/docs/cgi-howto.html while I'm at it so those vestiges are gone.


Thanks,
-chris

On 10/28/19 09:55, Christopher Schultz wrote:

All,

Note: this was not a vote.

There was very little feedback, and responses were mixed. We got
exactly one response on the users@ list about real-world usage of CGI,
so we cannot draw any conclusions about real-world uses.

Otherwise, the consensus seems to be that CGIs should stay a part of
the main Tomcat distribution, but that perhaps separating it out into
a distinct JAR file and/or separate distribution might be advantageous.

It appears that the CGIServlet is completely self-contained. It makes
use of the following internal(ish) Tomcat APIs:

org.apache.catalina.util.IOTools
org.apache.juli.logging.Log
org.apache.juli.logging.LogFactory
org.apache.tomcat.util.compat.JrePlatform
org.apache.tomcat.util.res.StringManager

All of these could be replaced if necessary to make a standalone,
container-agnostic package.

It looks like it would be fairly easy to separate-out the CGIServlet
into a separate JAR file packaging if there's utility in that. For
example, security-conscious environments may want to remove that JAR
file entirely from the Tomcat deployment to be absolutely sure that
Runtime.exec() isn't available in the deployed Java code (from the
container; yet I realize that SSIServlet/SSIFilter has this, too).

I'd like to go ahead and move the CGIServlet from the general
catalina.jar file into catalina-cgi.jar. That should only require a
small change to the build.xml script.

Any objections?

-chris

On 10/7/19 10:59, Christopher Schultz wrote:

All,



I recently gave a presentation on locking-down Apache Tomcat[1] and
I briefly discussed the "sharp edges" present in Tomcat. Some of
them are unnecessarily sharp and may be actually unnecessary. I'm
going to make a few proposals to remove functions from Tomcat.



Proposal: Remove CGI Servlet



Justification:



The CGIServlet is another component, like server-side-includes,
which is a remote-code execution (RCE) vulnerability as a feature.
It is very easy to misconfigure. It is arguably not possible to
secure it on Windows[2]. There are better solutions if you want to
run Perl, Python, PHP, or whatever on your server in the form of
the many fine web-server products out there.



-chris




[1]
http://tomcat.apache.org/presentations.html#latest-locking-down-tomc



at

[2]
https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/

23


/everyone-quotes-command-line-arguments-the-wrong-way/



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)


All,

Resurrecting this thread from 2019.

I'd like to remove the SSI configuration from conf/web.xml and put it 
into webapps/docs/ssi-howto.html.


Are there any objections?

Thanks,
-chris

On 10/29/19 05:05, Konstantin Kolinko wrote:

пн, 28 окт. 2019 г. в 16:34, Christopher Schultz :


[...]

The stock conf/web.xml contains a sample configuration for the SSI
servlet. We will have to decide what to do with that. I can think of
at least two options:

   a. Remove it from the stock conf/web.xml entirely
   b. Add comments to conf/web.xml indicating that the SSI component is
a separate download

I think I like #2 better.


The correct way to enable this feature is to copy those fragments into
one's own WEB-INF/web.xml.  Uncommenting them in the default web.xml
file will have [un]expected consequences.

Thus I am in favor of moving those configuration fragments to documentation.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Add deprecation metadata to methods moved to Certificate class.

2024-06-05 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new d52f822c29 Add deprecation metadata to methods moved to Certificate 
class.
d52f822c29 is described below

commit d52f822c29b9871f4a08927331d9054c569750ec
Author: Christopher Schultz 
AuthorDate: Wed Jun 5 09:31:23 2024 -0400

Add deprecation metadata to methods moved to Certificate class.
---
 java/org/apache/tomcat/util/net/SSLHostConfig.java | 80 ++
 1 file changed, 80 insertions(+)

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index fcd42b4191..5f177cd64d 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -298,6 +298,11 @@ public class SSLHostConfig implements Serializable {
 // TODO: This certificate setter can be removed once it is no longer
 // necessary to support the old configuration attributes (Tomcat 10?).
 
+/**
+ * @return The default certificate key password.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public String getCertificateKeyPassword() {
 if (defaultCertificate == null) {
 return null;
@@ -307,12 +312,22 @@ public class SSLHostConfig implements Serializable {
 }
 
 
+/**
+ * @param certificateKeyPassword The password for the default 
certificate's key.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public void setCertificateKeyPassword(String certificateKeyPassword) {
 registerDefaultCertificate();
 defaultCertificate.setCertificateKeyPassword(certificateKeyPassword);
 }
 
 
+/**
+ * @return The password for the default certificate's key.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public String getCertificateKeyPasswordFile() {
 if (defaultCertificate == null) {
 return null;
@@ -322,6 +337,11 @@ public class SSLHostConfig implements Serializable {
 }
 
 
+/**
+ * @param certificateKeyPasswordFile The file containing the password for 
the default certificate's key.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public void setCertificateKeyPasswordFile(String 
certificateKeyPasswordFile) {
 registerDefaultCertificate();
 
defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile);
@@ -564,6 +584,11 @@ public class SSLHostConfig implements Serializable {
 // TODO: These certificate setters can be removed once it is no longer
 // necessary to support the old configuration attributes (Tomcat 10?).
 
+/**
+ * @return The key alias for the default certificate key.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public String getCertificateKeyAlias() {
 if (defaultCertificate == null) {
 return null;
@@ -571,12 +596,22 @@ public class SSLHostConfig implements Serializable {
 return defaultCertificate.getCertificateKeyAlias();
 }
 }
+/**
+ * @param certificateKeyAlias The alias of the certificate key.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public void setCertificateKeyAlias(String certificateKeyAlias) {
 registerDefaultCertificate();
 defaultCertificate.setCertificateKeyAlias(certificateKeyAlias);
 }
 
 
+/**
+ * @return The keystore file for the default certificate.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public String getCertificateKeystoreFile() {
 if (defaultCertificate == null) {
 return null;
@@ -584,12 +619,22 @@ public class SSLHostConfig implements Serializable {
 return defaultCertificate.getCertificateKeystoreFile();
 }
 }
+/**
+ * @param certificateKeystoreFile The file containing the certificate 
keystore.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public void setCertificateKeystoreFile(String certificateKeystoreFile) {
 registerDefaultCertificate();
 defaultCertificate.setCertificateKeystoreFile(certificateKeystoreFile);
 }
 
 
+/**
+ * @return The password for the default certificate's keystore.
+ * @deprecated Obtain the prefered Certificate and call this method, there.
+ */
+@Deprecated
 public String getCertificateKeystorePassword() {
 if (defaultCertificate == null) {
 return

(tomcat-native) branch 1.3.x updated: Add changelog

2024-06-02 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 1.3.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.3.x by this push:
 new 2c21cf47d Add changelog
2c21cf47d is described below

commit 2c21cf47deb8a432b0c1e0db7a814d9323478708
Author: Christopher Schultz 
AuthorDate: Sun Jun 2 10:42:42 2024 -0400

Add changelog
---
 xdocs/miscellaneous/changelog.xml | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 4e62e78ac..7b2e74142 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -40,6 +40,13 @@
   until properly addressed with
   https://github.com/openssl/openssl/issues/24416. (michaelo)
 
+
+  Use ERR_error_string_n with a definite buffer length as a named constant.
+  (schultz)
+
+
+  Ensure local reference capacity is available when creating new arrays
+  and Strings. (schultz)
   
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-native) branch main updated: Add changelog

2024-06-02 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
 new 5b97d9232 Add changelog
5b97d9232 is described below

commit 5b97d9232997c6e6adadfe50601b6fa2591ede68
Author: Christopher Schultz 
AuthorDate: Sun Jun 2 10:42:42 2024 -0400

Add changelog
---
 xdocs/miscellaneous/changelog.xml | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 9127260c1..59ec98a58 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -40,6 +40,13 @@
   until properly addressed with
   https://github.com/openssl/openssl/issues/24416. (michaelo)
 
+
+  Use ERR_error_string_n with a definite buffer length as a named constant.
+  (schultz)
+
+
+  Ensure local reference capacity is available when creating new arrays
+  and Strings. (schultz)
   
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-native) branch 1.3.x updated: Use ERR_error_string_n instead of ERR_error_string.

2024-06-02 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 1.3.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.3.x by this push:
 new 827f57853 Use ERR_error_string_n instead of ERR_error_string.
827f57853 is described below

commit 827f578536ea4a6f580fc7b58454c107be38d880
Author: Christopher Schultz 
AuthorDate: Wed May 15 09:14:14 2024 -0400

Use ERR_error_string_n instead of ERR_error_string.

Use header-defined constant for error message buffer sizes.
---
 native/include/ssl_private.h |  5 +++
 native/src/ssl.c |  8 ++---
 native/src/sslconf.c | 16 +-
 native/src/sslcontext.c  | 76 ++--
 4 files changed, 55 insertions(+), 50 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index aab34cc9d..3eefd13ed 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -67,6 +67,11 @@ extern ENGINE *tcn_ssl_engine;
 #define SSL_AIDX_ECC (3)
 #define SSL_AIDX_MAX (4)
 
+/*
+ * The length of error message strings. MUST BE AT LEAST 256.
+ */
+#define TCN_OPENSSL_ERROR_STRING_LENGTH 256
+
 /*
  * Define the SSL options
  */
diff --git a/native/src/ssl.c b/native/src/ssl.c
index 5ca7c0781..40d9c9380 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -1509,9 +1509,9 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, 
getPeerCertificate)(TCN_STDARGS,
 
 TCN_IMPLEMENT_CALL(jstring, SSL, getErrorString)(TCN_STDARGS, jlong number)
 {
-char buf[256];
+char buf[TCN_OPENSSL_ERROR_STRING_LENGTH];
 UNREFERENCED(o);
-ERR_error_string(number, buf);
+ERR_error_string_n(number, buf, TCN_OPENSSL_ERROR_STRING_LENGTH);
 return tcn_new_string(e, buf);
 }
 
@@ -1673,8 +1673,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, 
setCipherSuites)(TCN_STDARGS, jlong ssl,
 return JNI_FALSE;
 }
 if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {
-char err[256];
-ERR_error_string(SSL_ERR_get(), err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(SSL_ERR_get(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
 rv = JNI_FALSE;
 }
diff --git a/native/src/sslconf.c b/native/src/sslconf.c
index 6ff028b66..603e84288 100644
--- a/native/src/sslconf.c
+++ b/native/src/sslconf.c
@@ -96,8 +96,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLConf, make)(TCN_STDARGS, jlong 
pool,
 ec = SSL_ERR_get();
 if (!cctx || ec != 0) {
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not create SSL_CONF context (%s)", err);
 } else {
 tcn_Throw(e, "Could not create SSL_CONF context");
@@ -169,8 +169,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong 
cctx,
 value_type = SSL_CONF_cmd_value_type(c->cctx, J2S(cmd));
 ec = SSL_ERR_get();
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not determine SSL_CONF command type for '%s' 
(%s)", J2S(cmd), err);
 return 0;
 }
@@ -272,8 +272,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong 
cctx,
 ec = SSL_ERR_get();
 if (rc <= 0 || ec != 0) {
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value 
'%s' (%s)", J2S(cmd), buf != NULL ? buf : J2S(value), err);
 } else {
 tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value 
'%s'", J2S(cmd), buf != NULL ? buf : J2S(value));
@@ -304,8 +304,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, finish)(TCN_STDARGS, 
jlong cctx)
 ec = SSL_ERR_get();
 if (rc <= 0 || ec != 0) {
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not finish SSL_CONF commands (%s)", err);
 } else {
 tcn_Throw(e, "Could not finish SSL_CONF commands");
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index 76662cc09..30018ac4c 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -264,8 +264,8 @@ TCN_IMPLEMENT_CALL(jlong, SS

(tomcat-native) branch 1.3.x updated: Ensure local reference capacity is available for array allocations.

2024-06-02 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 1.3.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.3.x by this push:
 new b75a3f198 Ensure local reference capacity is available for array 
allocations.
b75a3f198 is described below

commit b75a3f1985c6b642556179d01fb1e298d41146fd
Author: Christopher Schultz 
AuthorDate: Thu May 16 09:51:45 2024 -0400

Ensure local reference capacity is available for array allocations.
---
 native/src/jnilib.c | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/native/src/jnilib.c b/native/src/jnilib.c
index f46774ac2..65f889eca 100644
--- a/native/src/jnilib.c
+++ b/native/src/jnilib.c
@@ -156,6 +156,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, 
size_t l)
 
 jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len)
 {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len);
 if (bytes != NULL) {
 (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data);
@@ -165,15 +168,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned 
char *data, size_t len)
 
 jobjectArray tcn_new_arrays(JNIEnv *env, size_t len)
 {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL);
 }
 
 jstring tcn_new_string(JNIEnv *env, const char *str)
 {
-if (!str)
+if (!str) {
 return NULL;
-else
+} else {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 return (*env)->NewStringUTF(env, str);
+}
 }
 
 char *tcn_get_string(JNIEnv *env, jstring jstr)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.

2024-06-01 Thread Christopher Schultz


Konstantin,

On 6/1/24 10:12, Konstantin Kolinko wrote:

пт, 31 мая 2024 г. в 20:33, Christopher Schultz :


All,

I don't think my commit broke the build. Re-winding to
fe07505146b7573f36a0d01ba0d2b847af7c9914 shows that the 1.1.x build does
not work on my machine.

$ sh buildconf --with-apr=apr-1.7.4

(This path is correct)

$ cat config.nice
#! /bin/sh
#
# Created by configure

"./configure" \
"--with-apr=/usr/local/Cellar/apr/1.7.4/bin/apr-1-config" \
"--with-ssl=/usr/local/Cellar/openssl@1.1/1.1.1w/" \
"$@"

$ ./config.nice
[... no errors...]

$ make clean
$ make

/bin/sh /usr/local/Cellar/apr/1.7.4/build-1/libtool --silent
--mode=compile --tag=CC clang -g -O2 -Wall   -DHAVE_CONFIG_H  -DDARWIN
-DSIGPROCMASK_SETS_THREAD_MASK   -g -O2 -DHAVE_OPENSSL
-DHAVE_POOL_PRE_CLEANUP
-I/Users/christopherschultz/git/tomcat-native/native/include
-I/Library/Java/JavaVirtualMachines/temurin-21.jdk/Contents/Home/include
-I/Library/Java/JavaVirtualMachines/temurin-21.jdk/Contents/Home/include/darwin
-I/usr/local/Cellar/openssl@1.1/1.1.1w//include
-I/usr/local/opt/apr/include/apr-1   -o src/ssl.lo -c src/ssl.c && touch
src/ssl.lo
src/ssl.c:201:7: error: incomplete definition of type 'struct dh_st'
  dh->p = prime(NULL);
  ~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:104:16:
note: forward declaration of 'struct dh_st'
typedef struct dh_st DH;
 ^


[...]



The full code in that area is:

static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen)
{
  DH *dh = DH_new();

  if (!dh) {
  return NULL;
  }
  dh->p = prime(NULL); // Line 201
  BN_dec2bn(>g, gen);
  if (!dh->p || !dh->g) {
  DH_free(dh);
  return NULL;
  }
  return dh;
}

Is this just a bad setup on my end?

Building the main branch in this environment (but with OpenSSL 3.0)
works with some warnings but no errors.

Can anyone confirm they can build 1.1.x HEAD?


The code in src/ssl.c of Tomcat-Native 1.1.1 cited above is not
compatible with "openssl@1.1/1.1.1w".

Essentially:
- "openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:104:16:" declares an alias:


typedef struct dh_st DH;


I.e. it declares the name "DH", but the actual definition of "struct
dh_st" is elsewhere, not in public include files. (but in some
"internal" parts of OpenSSL). Thus the structure can only be used
opaquely. The error is that


  dh->p = prime(NULL); // Line 201


tries to access "p", which is not possible without knowing the
internal structure of DH.

Note that this is fixed in Tomcat Native 1.3.x:
There it calls "DH_set0_pqg()" to set the value of p.

Looking at the commit history of OpenSSL 1.1.x, there is the following commit:

https://github.com/openssl/openssl/commit/6db7fadf0975c75bfba01dd939063b4bdcb1a0fe
"DH: add simple getters for commonly used DH struct members"

It is not exactly on topic, but gives references where to look for.

Other links:
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/ossl_typ.h
(declares "typedef struct dh_st DH"
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/dh.h
(declares "DH_set0_pqg" and other DH_set / DH_get methods)

https://github.com/apache/tomcat-native/blob/1.1.x/native/src/ssl.c#L194
https://github.com/apache/tomcat-native/blob/1.3.x/native/src/ssl.c#L197
(Tomcat Native 1.1 vs 1.3)

https://stackoverflow.com/questions/45416806/missing-definitions-in-headerfile-dh-h-openssl-1-1-0f
(The same issue encountered by somebody else)

Note that the last release of Tomcat Native 1.1.x was 1.1.34 of 2015-12-15
https://tomcat.apache.org/oldnews-2015.html#Tomcat_Native_1.1.34_Released

It was built with
- APR 1.5.1
- OpenSSL 1.0.1m
(as mentioned in VERSIONS file in tomcat-native-1.1.34-win32-bin.zip)


Oops. I had meant to patch the 1.3.x branch, but I did not see it in 
git. I had to specifically check it out to see it.


I will remove the patch from 1.1.x which should not be there. I will 
re-do the patch for 1.3.x.


Apologies for the confusion.

Thanks,
-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.

2024-05-31 Thread Christopher Schultz

d declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:867:37: error: incomplete definition of type 'struct bio_st'
BIO_JAVA *j = (BIO_JAVA *)bi->ptr;
  ~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:881:7: error: incomplete definition of type 'struct bio_st'
bi->shutdown = 1;
~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:882:7: error: incomplete definition of type 'struct bio_st'
bi->init = 0;
~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:883:7: error: incomplete definition of type 'struct bio_st'
bi->num  = -1;
~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:884:7: error: incomplete definition of type 'struct bio_st'
bi->ptr  = (char *)j;
~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:893:11: error: incomplete definition of type 'struct bio_st'
if (bi->ptr != NULL) {
~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:894:37: error: incomplete definition of type 'struct bio_st'
BIO_JAVA *j = (BIO_JAVA *)bi->ptr;
  ~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
src/ssl.c:895:15: error: incomplete definition of type 'struct bio_st'
if (bi->init) {
~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: 
note: forward declaration of 'struct bio_st'

typedef struct bio_st BIO;
   ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
1 warning and 20 errors generated.
make[1]: *** [src/ssl.lo] Error 1
make: *** [all-recursive] Error 1

I get roughly the same behavior when compiling against OpenSSL 3.0 as 
well. The first error in ssl.c doesn't look like an error to me:


src/ssl.c:201:7: error: incomplete definition of type 'struct dh_st'
dh->p = prime(NULL);
~~^

The full code in that area is:

static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen)
{
DH *dh = DH_new();

if (!dh) {
return NULL;
}
dh->p = prime(NULL); // Line 201
BN_dec2bn(>g, gen);
if (!dh->p || !dh->g) {
DH_free(dh);
return NULL;
}
return dh;
}

Is this just a bad setup on my end?

Building the main branch in this environment (but with OpenSSL 3.0) 
works with some warnings but no errors.


Can anyone confirm they can build 1.1.x HEAD?

Thanks,
-chris

On 5/31/24 13:11, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 1.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.1.x by this push:
  new 0ab6bdd39 Use ERR_error_string_n instead of ERR_error_string.
0ab6bdd39 is described below

commit 0ab6bdd3973c702a46a9564266d1f4848bd05b01
Author: Christopher Schultz 
AuthorDate: Fri May 31 13:10:27 2024 -0400

 Use ERR_error_string_n instead of ERR_error_string.
 
 Use header-defined constant for error message buffer sizes.

---
  native/include/ssl_private.h |  5 +
  native/src/ssl.c |  8 
  native/src/sslcontext.c  | 32 
  native/src/sslnetwork.c  |  4 ++--
  4 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index 68fc8a877..ede9ae94f 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -63,6 +63,11 @@
  #define SSL_AIDX_ECC (3)
  #define SSL_AIDX_MAX (4)
  
+/*

+ * The length of error message strings. MUST BE AT LEAST 256.
+ */
+#define TCN_OPENSSL_ERROR_STRING_LENGTH 256
+
  /*
   * Define the SSL options
   */
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d6fdaee55..782de1139 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -806,11 +806,11 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, 
jint mode)
  if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
/* arrange to get a human-readable error message */
unsigned long err = ERR_get_error(

Re: (tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.

2024-05-31 Thread Christopher Schultz


All,

Uh, oh. This may have broken the build.

Investigating...

-chris


On 5/31/24 13:11, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 1.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.1.x by this push:
  new 0ab6bdd39 Use ERR_error_string_n instead of ERR_error_string.
0ab6bdd39 is described below

commit 0ab6bdd3973c702a46a9564266d1f4848bd05b01
Author: Christopher Schultz 
AuthorDate: Fri May 31 13:10:27 2024 -0400

 Use ERR_error_string_n instead of ERR_error_string.
 
 Use header-defined constant for error message buffer sizes.

---
  native/include/ssl_private.h |  5 +
  native/src/ssl.c |  8 
  native/src/sslcontext.c  | 32 
  native/src/sslnetwork.c  |  4 ++--
  4 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index 68fc8a877..ede9ae94f 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -63,6 +63,11 @@
  #define SSL_AIDX_ECC (3)
  #define SSL_AIDX_MAX (4)
  
+/*

+ * The length of error message strings. MUST BE AT LEAST 256.
+ */
+#define TCN_OPENSSL_ERROR_STRING_LENGTH 256
+
  /*
   * Define the SSL options
   */
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d6fdaee55..782de1139 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -806,11 +806,11 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, 
jint mode)
  if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
/* arrange to get a human-readable error message */
unsigned long err = ERR_get_error();
-  char msg[256];
+  char msg[TCN_OPENSSL_ERROR_STRING_LENGTH];
  
/* ERR_load_crypto_strings() already called in initialize() */
  
-  ERR_error_string_n(err, msg, 256);

+  ERR_error_string_n(err, msg, TCN_OPENSSL_ERROR_STRING_LENGTH);
  
tcn_ThrowException(e, msg);

  }
@@ -1105,9 +1105,9 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, 
loadDSATempKey)(TCN_STDARGS, jint idx,
  
  TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS)

  {
-char buf[256];
+char buf[TCN_OPENSSL_ERROR_STRING_LENGTH];
  UNREFERENCED(o);
-ERR_error_string(ERR_get_error(), buf);
+ERR_error_string_n(ERR_get_error(), buf, TCN_OPENSSL_ERROR_STRING_LENGTH);
  return tcn_new_string(e, buf);
  }
  
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c

index c632fc7cf..e2d341c30 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -136,8 +136,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, 
jlong pool,
  }
  
  if (!ctx) {

-char err[256];
-ERR_error_string(ERR_get_error(), err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
  tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err);
  goto init_failed;
  }
@@ -327,8 +327,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCipherSuite)(TCN_STDARGS, jlong ctx,
  #else
  if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
  #endif
-char err[256];
-ERR_error_string(ERR_get_error(), err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
  tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
  rv = JNI_FALSE;
  }
@@ -348,7 +348,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCARevocation)(TCN_STDARGS, jlong ctx
  TCN_ALLOC_CSTRING(path);
  jboolean rv = JNI_FALSE;
  X509_LOOKUP *lookup;
-char err[256];
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
  
  UNREFERENCED(o);

  TCN_ASSERT(ctx != 0);
@@ -362,7 +362,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCARevocation)(TCN_STDARGS, jlong ctx
  if (J2S(file)) {
  lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file());
  if (lookup == NULL) {
-ERR_error_string(ERR_get_error(), err);
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
  X509_STORE_free(c->crl);
  c->crl = NULL;
  tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);
@@ -373,7 +373,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCARevocation)(TCN_STDARGS, jlong ctx
  if (J2S(path)) {
  lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
  if (lookup == NULL) {
-ERR_error_string(ERR_get_error(), err);
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
  X509_STORE_free(c->crl);
  c->crl = NULL;
  tcn_Throw(e, "Lookup failed for path %s (%s)", J2S

(tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.

2024-05-31 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 1.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.1.x by this push:
 new 0ab6bdd39 Use ERR_error_string_n instead of ERR_error_string.
0ab6bdd39 is described below

commit 0ab6bdd3973c702a46a9564266d1f4848bd05b01
Author: Christopher Schultz 
AuthorDate: Fri May 31 13:10:27 2024 -0400

Use ERR_error_string_n instead of ERR_error_string.

Use header-defined constant for error message buffer sizes.
---
 native/include/ssl_private.h |  5 +
 native/src/ssl.c |  8 
 native/src/sslcontext.c  | 32 
 native/src/sslnetwork.c  |  4 ++--
 4 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index 68fc8a877..ede9ae94f 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -63,6 +63,11 @@
 #define SSL_AIDX_ECC (3)
 #define SSL_AIDX_MAX (4)
 
+/*
+ * The length of error message strings. MUST BE AT LEAST 256.
+ */
+#define TCN_OPENSSL_ERROR_STRING_LENGTH 256
+
 /*
  * Define the SSL options
  */
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d6fdaee55..782de1139 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -806,11 +806,11 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, 
jint mode)
 if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
   /* arrange to get a human-readable error message */
   unsigned long err = ERR_get_error();
-  char msg[256];
+  char msg[TCN_OPENSSL_ERROR_STRING_LENGTH];
 
   /* ERR_load_crypto_strings() already called in initialize() */
 
-  ERR_error_string_n(err, msg, 256);
+  ERR_error_string_n(err, msg, TCN_OPENSSL_ERROR_STRING_LENGTH);
 
   tcn_ThrowException(e, msg);
 }
@@ -1105,9 +1105,9 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, 
loadDSATempKey)(TCN_STDARGS, jint idx,
 
 TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS)
 {
-char buf[256];
+char buf[TCN_OPENSSL_ERROR_STRING_LENGTH];
 UNREFERENCED(o);
-ERR_error_string(ERR_get_error(), buf);
+ERR_error_string_n(ERR_get_error(), buf, TCN_OPENSSL_ERROR_STRING_LENGTH);
 return tcn_new_string(e, buf);
 }
 
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index c632fc7cf..e2d341c30 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -136,8 +136,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, 
jlong pool,
 }
 
 if (!ctx) {
-char err[256];
-ERR_error_string(ERR_get_error(), err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err);
 goto init_failed;
 }
@@ -327,8 +327,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCipherSuite)(TCN_STDARGS, jlong ctx,
 #else
 if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
 #endif
-char err[256];
-ERR_error_string(ERR_get_error(), err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
 rv = JNI_FALSE;
 }
@@ -348,7 +348,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCARevocation)(TCN_STDARGS, jlong ctx
 TCN_ALLOC_CSTRING(path);
 jboolean rv = JNI_FALSE;
 X509_LOOKUP *lookup;
-char err[256];
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
 
 UNREFERENCED(o);
 TCN_ASSERT(ctx != 0);
@@ -362,7 +362,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCARevocation)(TCN_STDARGS, jlong ctx
 if (J2S(file)) {
 lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file());
 if (lookup == NULL) {
-ERR_error_string(ERR_get_error(), err);
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
 X509_STORE_free(c->crl);
 c->crl = NULL;
 tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);
@@ -373,7 +373,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCARevocation)(TCN_STDARGS, jlong ctx
 if (J2S(path)) {
 lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
 if (lookup == NULL) {
-ERR_error_string(ERR_get_error(), err);
+ERR_error_string_n(ERR_get_error(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
 X509_STORE_free(c->crl);
 c->crl = NULL;
 tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);
@@ -426,8 +426,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCACertificate)(TCN_STDARGS,
  */
 if (!SSL_CTX_load_verify_locations(c->ctx,

(tomcat-native) branch 1.1.x updated: Ensure local reference capacity is available for array allocations.

2024-05-31 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 1.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.1.x by this push:
 new 33b2bc8c1 Ensure local reference capacity is available for array 
allocations.
33b2bc8c1 is described below

commit 33b2bc8c18621351e2d73a70c24196fb83363ee1
Author: Christopher Schultz 
AuthorDate: Thu May 16 09:51:45 2024 -0400

Ensure local reference capacity is available for array allocations.
---
 native/src/jnilib.c | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/native/src/jnilib.c b/native/src/jnilib.c
index 320cb210e..3886101ba 100644
--- a/native/src/jnilib.c
+++ b/native/src/jnilib.c
@@ -134,6 +134,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, 
size_t l)
 
 jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len)
 {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len);
 if (bytes != NULL) {
 (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data);
@@ -143,15 +146,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned 
char *data, size_t len)
 
 jobjectArray tcn_new_arrays(JNIEnv *env, size_t len)
 {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL);
 }
 
 jstring tcn_new_string(JNIEnv *env, const char *str)
 {
-if (!str)
+if (!str) {
 return NULL;
-else
+} else {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 return (*env)->NewStringUTF(env, str);
+}
 }
 
 char *tcn_get_string(JNIEnv *env, jstring jstr)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: ServiceBindingPropertySource

2024-05-27 Thread Christopher Schultz


Felix,

On 5/22/24 14:11, Felix Schumacher wrote:


Am 21.05.24 um 19:50 schrieb Christopher Schultz:

All,

I've been playing with this PropertySource and I'm wondering if it 
could be improved a little.


First of all, it uses an environment variable SERVICE_BINDING_ROOT 
which is in line with the service binding standard which is documented 
https://servicebinding.io/. Environment variables are a little icky in 
Java, so I'd like to do one or more of the following:


1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT 
environment variable *or* a system property with an appropriate name 
such as service.binding.root, with the system property overriding the 
environment variable.


This will allow software to use e.g. catalina.properties to define 
service.binding.root instead of using an environment variable which 
may be awkward in certain environments.


2. Have ServiceBindingPropertySource fall-back to system property 
resolution if no matching file is found. Maybe we should do this with 
all PropertySource classes provided by Tomcat?


3. If the SERVICE_BINDING_ROOT environment variable is being used, 
copy its value into a system property. This will allow application 
software or Tomcat itself to use the file reference as necessary. For 
example:



  certificateKeyFile="${service.binding.root}/myapp/cert.key"

certificateFile="${service.binding.root}/myapp/cert.crt"
    ...
  


Without this capability, the application must:


  

Why would you have to do this? Could not you use 
"${path-to-cert-dir}/cert.key"? Where path-to-cert-dir is some sensible 
name and the value contains (surprise) the path to the directory in 
which cert and key are living happily together.


You can absolutely use this, but Tomcat doesn't let you use environment 
variables in ${...} expressions. The ServiceBindingPropertySource only 
knows about one environment variable: SERVICE_BINDING_ROOT. The 
application can't use that to specify any paths directly. Instead, you'd 
have to let SBPS resolve a file for you, then read the "value" of the 
config attribute from the file, and that value needs to be a path 
itself. So you have to have a file which contains nothing other than 
another file path. And it's gotta be fully-qualified. And it can't use 
replacements such as ${SERVICE_BINDING_ROOT}/myapp/my.key.


I'm just trying to remove the middle-man because I see it as needless 
extra work on the part of the admin /and/ Tomcat plus the downside that 
everything needs to be fully-qualified which reduces flexibility.


Apart from that, as Remy pointed out, kubernetes people have no problem 
with env variables.



So maybe the whole ask here is "copy $SERVICE_BINDING_ROOT to 
-Dservice.binding.root somewhere". That could be catalina.sh/bat or 
maybe during ServiceBindingPropertySource initialization, which I think 
is probably a better place for it.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: ServiceBindingPropertySource

2024-05-27 Thread Christopher Schultz


Rémy,

On 5/22/24 06:14, Rémy Maucherat wrote:

On Wed, May 22, 2024 at 9:06 AM Mark Thomas  wrote:


On 21/05/2024 18:50, Christopher Schultz wrote:




1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT
environment variable *or* a system property with an appropriate name
such as service.binding.root, with the system property overriding the
environment variable.


Seems reasonable to me but keep in mind I've never used this code.


I haven't either, it's been contributed.

I don't really understand why the change overall, Kube uses the
environment and never the system properties.


I'd like to use this feature without Kubernetes.


2. Have ServiceBindingPropertySource fall-back to system property
resolution if no matching file is found. Maybe we should do this with
all PropertySource classes provided by Tomcat?


My reading of the docs and the code is that SystemPropertySource is
always added already.


Yes, SystemPropertySource is added. Does it not work properly ?


Sorry, I didn't actually try it. I didn't see anything in the 
PropertySource code for that... maybe it's part of the Digester 
configuration. Happy to hear this should be the way things work already.



3. If the SERVICE_BINDING_ROOT environment variable is being used, copy
its value into a system property. This will allow application software
or Tomcat itself to use the file reference as necessary. For example:


Again seems reasonable to me but same caveat as above.


The resolution should work as it is already given the javadocs from
ServiceBindingPropertySource.
At this point it would seem easier to simply add
-Dservice.binding.root=${SERVICE_BINDING_ROOT} to the Catalina
options.


This is absolutely doable at the code of a longer JVM launch 
command-line. Also, lots of people are using Spring Boot or other 
embedded launchers where modifying the command-line is either difficult, 
discouraged, or simple non-standard.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

ServiceBindingPropertySource

2024-05-21 Thread Christopher Schultz


All,

I've been playing with this PropertySource and I'm wondering if it could 
be improved a little.


First of all, it uses an environment variable SERVICE_BINDING_ROOT which 
is in line with the service binding standard which is documented 
https://servicebinding.io/. Environment variables are a little icky in 
Java, so I'd like to do one or more of the following:


1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT 
environment variable *or* a system property with an appropriate name 
such as service.binding.root, with the system property overriding the 
environment variable.


This will allow software to use e.g. catalina.properties to define 
service.binding.root instead of using an environment variable which may 
be awkward in certain environments.


2. Have ServiceBindingPropertySource fall-back to system property 
resolution if no matching file is found. Maybe we should do this with 
all PropertySource classes provided by Tomcat?


3. If the SERVICE_BINDING_ROOT environment variable is being used, copy 
its value into a system property. This will allow application software 
or Tomcat itself to use the file reference as necessary. For example:



  


Without this capability, the application must:


  

The values passed-into the certificateKeyFile must point to files on the 
disk which themselves point to ANOTHER file. So you need two files where 
one will do, plus the file-on-the-disk needs to know its own path so it 
can point to the OTHER file which actually contains the key/cert bytes.


Does anyone have any comments on the above?

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: Add reference to servicebinding.io in javadoc.

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a7d010d1c13ac7d5fb187a3a196a0e9d31836a90
Author: Christopher Schultz 
AuthorDate: Tue May 21 11:51:36 2024 -0400

Add reference to servicebinding.io in javadoc.
---
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 +
 1 file changed, 5 insertions(+)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index 997ce354db..52cc7bde83 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -30,6 +30,11 @@ import org.apache.tomcat.util.security.PermissionCheck;
  * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
  * that uses Kubernetes service bindings to resolve expressions.
  *
+ * 
+ *   The Kubernetes service binding specification can be found at
+ *   https://servicebinding.io/;>https://servicebinding.io/.
+ * 
+ *
  * Usage example:
  *
  * Configure the certificate with a service binding.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 02/02: Add note about the automatically-generated nature of the Eclipse .classpath file.

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 396d6d708e246f7bd8610985f297e291241a4955
Author: Christopher Schultz 
AuthorDate: Tue May 21 11:50:11 2024 -0400

Add note about the automatically-generated nature of the Eclipse .classpath 
file.
---
 res/ide-support/eclipse/eclipse.classpath | 8 
 1 file changed, 8 insertions(+)

diff --git a/res/ide-support/eclipse/eclipse.classpath 
b/res/ide-support/eclipse/eclipse.classpath
index 881f58847e..b4569e6d7d 100644
--- a/res/ide-support/eclipse/eclipse.classpath
+++ b/res/ide-support/eclipse/eclipse.classpath
@@ -15,6 +15,14 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
+
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated (69372a3149 -> 396d6d708e)

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 69372a3149 Code clean-up - formatting. No functional change
 new a7d010d1c1 Add reference to servicebinding.io in javadoc.
 new 396d6d708e Add note about the automatically-generated nature of the 
Eclipse .classpath file.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java | 5 +
 res/ide-support/eclipse/eclipse.classpath | 8 
 2 files changed, 13 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated (22a5e178b3 -> 48b5f556da)

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 22a5e178b3 Add support for shallow copies when using WebDAV
 new 754a39c118 Add note about the automatically-generated nature of the 
Eclipse .classpath file.
 new 48b5f556da Add reference to servicebinding.io in javadoc.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java | 5 +
 res/ide-support/eclipse/eclipse.classpath | 8 
 2 files changed, 13 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 02/02: Add reference to servicebinding.io in javadoc.

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 48b5f556dabd0a19ad00260cb942d433e4a3ffd8
Author: Christopher Schultz 
AuthorDate: Tue May 21 11:51:36 2024 -0400

Add reference to servicebinding.io in javadoc.
---
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 +
 1 file changed, 5 insertions(+)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index 997ce354db..52cc7bde83 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -30,6 +30,11 @@ import org.apache.tomcat.util.security.PermissionCheck;
  * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource}
  * that uses Kubernetes service bindings to resolve expressions.
  *
+ * 
+ *   The Kubernetes service binding specification can be found at
+ *   https://servicebinding.io/;>https://servicebinding.io/.
+ * 
+ *
  * Usage example:
  *
  * Configure the certificate with a service binding.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: Add note about the automatically-generated nature of the Eclipse .classpath file.

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 754a39c118212f550883af7731e60cf85645e040
Author: Christopher Schultz 
AuthorDate: Tue May 21 11:50:11 2024 -0400

Add note about the automatically-generated nature of the Eclipse .classpath 
file.
---
 res/ide-support/eclipse/eclipse.classpath | 8 
 1 file changed, 8 insertions(+)

diff --git a/res/ide-support/eclipse/eclipse.classpath 
b/res/ide-support/eclipse/eclipse.classpath
index fcad3f3747..bf895ed1d9 100644
--- a/res/ide-support/eclipse/eclipse.classpath
+++ b/res/ide-support/eclipse/eclipse.classpath
@@ -15,6 +15,14 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
+
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated (4176706761 -> 8fcaf322bb)

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 4176706761 Add support for shallow copies when using WebDAV
 new bdbce128a2 Add note about the automatically-generated nature of the 
Eclipse .classpath file.
 new 8fcaf322bb Add reference to servicebinding.io in javadoc.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java | 5 +
 res/ide-support/eclipse/eclipse.classpath | 8 
 2 files changed, 13 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: Add note about the automatically-generated nature of the Eclipse .classpath file.

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit bdbce128a2a7d07fd4ad6058fe330b318f7f3b2a
Author: Christopher Schultz 
AuthorDate: Tue May 21 11:50:11 2024 -0400

Add note about the automatically-generated nature of the Eclipse .classpath 
file.
---
 res/ide-support/eclipse/eclipse.classpath | 8 
 1 file changed, 8 insertions(+)

diff --git a/res/ide-support/eclipse/eclipse.classpath 
b/res/ide-support/eclipse/eclipse.classpath
index a98e9c610a..06cb31a56c 100644
--- a/res/ide-support/eclipse/eclipse.classpath
+++ b/res/ide-support/eclipse/eclipse.classpath
@@ -15,6 +15,14 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
+
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 02/02: Add reference to servicebinding.io in javadoc.

2024-05-21 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 8fcaf322bb12b6867409fddcdefec2b96ca35655
Author: Christopher Schultz 
AuthorDate: Tue May 21 11:51:36 2024 -0400

Add reference to servicebinding.io in javadoc.
---
 .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 +
 1 file changed, 5 insertions(+)

diff --git 
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java 
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index bd06630f01..aa1468153f 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -27,6 +27,11 @@ import org.apache.tomcat.util.IntrospectionUtils;
  * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource}
  * that uses Kubernetes service bindings to resolve expressions.
  *
+ * 
+ *   The Kubernetes service binding specification can be found at
+ *   https://servicebinding.io/;>https://servicebinding.io/.
+ * 
+ *
  * Usage example:
  *
  * Configure the certificate with a service binding.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat-native) branch main updated: Ensure local reference capacity is available for array allocations.

2024-05-20 Thread Christopher Schultz


Michael,

On 5/20/24 06:37, Michael Osipov wrote:

On 2024/05/17 14:37:32 Christopher Schultz wrote:

Michael,

On 5/16/24 10:39, Michael Osipov wrote:

Not for 1.3.x?


Good question. I wasn't sure how much energy we are expecting to put
into tcnative 1.3.x.

I have no problem back-porting this if its what the team wants.


I expect 1.3.x to live as long as Tomcat 9.x will live. So it should be on par 
sans the APR stuff, of course. Everything else will cause us pain.


Fair enough. I'll back-port, or approximate it if a direct back-port is 
not really possible.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat-native) branch main updated: Ensure local reference capacity is available for array allocations.

2024-05-17 Thread Christopher Schultz


Michael,

On 5/16/24 10:39, Michael Osipov wrote:

Not for 1.3.x?


Good question. I wasn't sure how much energy we are expecting to put 
into tcnative 1.3.x.


I have no problem back-porting this if its what the team wants.

-chris


On 2024/05/16 13:52:45 schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
  new e49f0fe5c Ensure local reference capacity is available for array 
allocations.
e49f0fe5c is described below

commit e49f0fe5c26612df01c636e7019cd70d78948976
Author: Christopher Schultz 
AuthorDate: Thu May 16 09:51:45 2024 -0400

 Ensure local reference capacity is available for array allocations.
---
  native/src/jnilib.c | 14 --
  1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/native/src/jnilib.c b/native/src/jnilib.c
index 342df3b9c..836502c52 100644
--- a/native/src/jnilib.c
+++ b/native/src/jnilib.c
@@ -133,6 +133,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, 
size_t l)
  
  jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len)

  {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
  jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len);
  if (bytes != NULL) {
  (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data);
@@ -142,15 +145,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned 
char *data, size_t len)
  
  jobjectArray tcn_new_arrays(JNIEnv *env, size_t len)

  {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
  return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL);
  }
  
  jstring tcn_new_string(JNIEnv *env, const char *str)

  {
-if (!str)
+if (!str) {
  return NULL;
-else
+} else {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
  return (*env)->NewStringUTF(env, str);
+}
  }
  
  char *tcn_get_string(JNIEnv *env, jstring jstr)



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-native) branch main updated: Ensure local reference capacity is available for array allocations.

2024-05-16 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
 new e49f0fe5c Ensure local reference capacity is available for array 
allocations.
e49f0fe5c is described below

commit e49f0fe5c26612df01c636e7019cd70d78948976
Author: Christopher Schultz 
AuthorDate: Thu May 16 09:51:45 2024 -0400

Ensure local reference capacity is available for array allocations.
---
 native/src/jnilib.c | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/native/src/jnilib.c b/native/src/jnilib.c
index 342df3b9c..836502c52 100644
--- a/native/src/jnilib.c
+++ b/native/src/jnilib.c
@@ -133,6 +133,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, 
size_t l)
 
 jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len)
 {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len);
 if (bytes != NULL) {
 (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data);
@@ -142,15 +145,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned 
char *data, size_t len)
 
 jobjectArray tcn_new_arrays(JNIEnv *env, size_t len)
 {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL);
 }
 
 jstring tcn_new_string(JNIEnv *env, const char *str)
 {
-if (!str)
+if (!str) {
 return NULL;
-else
+} else {
+if ((*env)->EnsureLocalCapacity(env, 1) < 0) {
+return NULL; /* out of memory error */
+}
 return (*env)->NewStringUTF(env, str);
+}
 }
 
 char *tcn_get_string(JNIEnv *env, jstring jstr)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tcnative] jnilib.c: tcn_new_array* do not call EnsureLocalCapacity

2024-05-16 Thread Christopher Schultz


Mark,

On 5/15/24 15:49, Mark Thomas wrote:

On 15/05/2024 13:53, Christopher Schultz wrote:

All,

We have a few functions in jnilib.c that create new local references 
e.g. tcn_new_stringn and most of them call EnsureLocalCapacity to make 
sure the thread doesn't run out of local references.


I'm fairly sure that calling New*Array will fail if such references 
cannot be created, but the other methods make this protected call 
beforehand and I feel like we should be consistent.


Any objections to me adding calls to EnsureLocalCapacity in 
tcn_new_array* functions?


+1 to be being consistent.


Ack.

No strong view on whether that means adding them where they are missing 
or just removing the ones we currently have.


The Internets seem to say that running out of local references is 
entirely possible even with today's monstrous JVMs. I think it's worth 
adding the calls. They are probably very cheap, anyway, like checking to 
see if a stack pointer has collided with something else.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tcnative] Should we make DEBUG builds available for Windows?

2024-05-16 Thread Christopher Schultz


Mark,

On 5/15/24 15:58, Mark Thomas wrote:

On 15/05/2024 14:12, Christopher Schultz wrote:

IIRC, building a debug version just involves adding something obvious 
like /DEBUG to the compiler and/or linker and/or NOT stripping-out the 
debug symbols after the build is complete.


Would this represent a burden on the release manager to produce both 
kinds of builds for an official release?


The make file already includes a DEBUG target. We'd just need to confirm 
it meet our requirements. Running an additional build isn't too 
burdensome. If you want OpenSSL and APR compiled in debug mode too then 
that could me a little more work.


Yeah, I think we would want that, which means we need two complete 
builds from start to finish. I don't know how the Windows compiler and 
linker work very well. On Linux, it's common to strip debug symbols at 
the very end. Can we build everything with debug info and then produce 
two final libraries: one including those symbols and one with them 
stripped-out?


In my dissassembly and investigation into that error message, the 
function doesn't look like it's from tcnative but actually one of the 
statically-linked objects bundled with it. On other hand, the likelihood 
of the bug being in tcnative is very high compared to APR or OpenSSL, so 
having only the debug symbols from tcnative itself would be better than 
nothing.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat-native) branch main updated: Use ERR_error_string_n instead of ERR_error_string.

2024-05-15 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
 new 4eaa5c93c Use ERR_error_string_n instead of ERR_error_string.
4eaa5c93c is described below

commit 4eaa5c93c632f1ea80e889b5458d5b95f57b59a2
Author: Christopher Schultz 
AuthorDate: Wed May 15 09:14:14 2024 -0400

Use ERR_error_string_n instead of ERR_error_string.

Use header-defined constant for error message buffer sizes.
---
 native/include/ssl_private.h |  5 +++
 native/src/ssl.c |  8 ++---
 native/src/sslconf.c | 16 +-
 native/src/sslcontext.c  | 76 ++--
 4 files changed, 55 insertions(+), 50 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index 6c5c9d297..96e21275c 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -67,6 +67,11 @@ extern ENGINE *tcn_ssl_engine;
 #define SSL_AIDX_ECC (3)
 #define SSL_AIDX_MAX (4)
 
+/*
+ * The length of error message strings. MUST BE AT LEAST 256.
+ */
+#define TCN_OPENSSL_ERROR_STRING_LENGTH 256
+
 /*
  * Define the SSL options
  */
diff --git a/native/src/ssl.c b/native/src/ssl.c
index 7624a4e67..838300c53 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -1114,9 +1114,9 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, 
getPeerCertificate)(TCN_STDARGS,
 
 TCN_IMPLEMENT_CALL(jstring, SSL, getErrorString)(TCN_STDARGS, jlong number)
 {
-char buf[256];
+char buf[TCN_OPENSSL_ERROR_STRING_LENGTH];
 UNREFERENCED(o);
-ERR_error_string(number, buf);
+ERR_error_string_n(number, buf, TCN_OPENSSL_ERROR_STRING_LENGTH);
 return tcn_new_string(e, buf);
 }
 
@@ -1278,8 +1278,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, 
setCipherSuites)(TCN_STDARGS, jlong ssl,
 return JNI_FALSE;
 }
 if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {
-char err[256];
-ERR_error_string(SSL_ERR_get(), err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(SSL_ERR_get(), err, 
TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
 rv = JNI_FALSE;
 }
diff --git a/native/src/sslconf.c b/native/src/sslconf.c
index e5b18a7ce..02c3513b1 100644
--- a/native/src/sslconf.c
+++ b/native/src/sslconf.c
@@ -94,8 +94,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLConf, make)(TCN_STDARGS, jlong 
pool,
 ec = SSL_ERR_get();
 if (!cctx || ec != 0) {
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not create SSL_CONF context (%s)", err);
 } else {
 tcn_Throw(e, "Could not create SSL_CONF context");
@@ -167,8 +167,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong 
cctx,
 value_type = SSL_CONF_cmd_value_type(c->cctx, J2S(cmd));
 ec = SSL_ERR_get();
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not determine SSL_CONF command type for '%s' 
(%s)", J2S(cmd), err);
 return 0;
 }
@@ -270,8 +270,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong 
cctx,
 ec = SSL_ERR_get();
 if (rc <= 0 || ec != 0) {
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value 
'%s' (%s)", J2S(cmd), buf != NULL ? buf : J2S(value), err);
 } else {
 tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value 
'%s'", J2S(cmd), buf != NULL ? buf : J2S(value));
@@ -302,8 +302,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, finish)(TCN_STDARGS, 
jlong cctx)
 ec = SSL_ERR_get();
 if (rc <= 0 || ec != 0) {
 if (ec != 0) {
-char err[256];
-ERR_error_string(ec, err);
+char err[TCN_OPENSSL_ERROR_STRING_LENGTH];
+ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH);
 tcn_Throw(e, "Could not finish SSL_CONF commands (%s)", err);
 } else {
 tcn_Throw(e, "Could not finish SSL_CONF commands");
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index 0855822e5..a7951f53f 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -263,8 +263,8 @@ TCN_IMPLEMENT_CALL(jlong, SS

Re: [tcnative] switch from using ERR_error_string to ERR_error_string_n


Rémy,

On 5/15/24 09:12, Rémy Maucherat wrote:

On Tue, May 14, 2024 at 11:15 PM Christopher Schultz
 wrote:


All,

I'd like to basically globally-search-and-replace ERR_error_string for
ERR_error_string_n and use a #define constant for both the
initialization of all

 char err[256];

and similar strings and use that same constant for all calls to
ERR_error_string_n..

Any objections?

There should really be no effective change, except:

1. We can raise that error message length constant and have it affect
the whole library if we choose.

2. We will be using a length-aware string-manipulation call which is
better than using one that assumes that the buffer is at least 256 bytes
long.


+1

This gives me something to do since I thought this was 128 (this
probably came from the tomcat-native code somewhere initially), so I
have a problem with the FFM code which I will fix at the same time. It
seems 128 is already enough in practice.


I already have a patch ready to go. I was just waiting on some feedback 
before pushing.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tcnative] Should we make DEBUG builds available for Windows?


All,

A recent thread was posted with a tcnative crash with not much in the 
way of useful information in the error:


https://lists.apache.org/thread/m1dbj3w1x1oqftqsbj7jbnvkm2073x1o

The error details were:

"
#  EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x0001800ccd10, 
pid=1244, tid=0x0ab0

#
# JRE version: OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) 
(8.0_322-b06) (build 1.8.0_322-b06)
# Java VM: OpenJDK 64-Bit Server VM (25.322-b06 mixed mode windows-amd64 
compressed oops)

# Problematic frame:
# C  [tcnative-1.dll+0xccd10]
#
# Core dump written. Default location: D:\Program 
Files\apache-tomcat\bin\hs_err_pid1244.mdmp

"

So, not super helpful unless you happen to have a debugger handy.

If we had a debug build available for users, we should be able to get 
better information coming back from that failure, possibly a complete 
native back-trace.


IIRC, building a debug version just involves adding something obvious 
like /DEBUG to the compiler and/or linker and/or NOT stripping-out the 
debug symbols after the build is complete.


Would this represent a burden on the release manager to produce both 
kinds of builds for an official release?


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tcnative] jnilib.c: tcn_new_array* do not call EnsureLocalCapacity


All,

We have a few functions in jnilib.c that create new local references 
e.g. tcn_new_stringn and most of them call EnsureLocalCapacity to make 
sure the thread doesn't run out of local references.


I'm fairly sure that calling New*Array will fail if such references 
cannot be created, but the other methods make this protected call 
beforehand and I feel like we should be consistent.


Any objections to me adding calls to EnsureLocalCapacity in 
tcn_new_array* functions?


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tcnative] switch from using ERR_error_string to ERR_error_string_n


Michael,

On 5/15/24 05:14, Michael Osipov wrote:

On 2024/05/14 21:15:03 Christopher Schultz wrote:

All,

I'd like to basically globally-search-and-replace ERR_error_string for
ERR_error_string_n and use a #define constant for both the
initialization of all

 char err[256];

and similar strings and use that same constant for all calls to
ERR_error_string_n..

Any objections?

There should really be no effective change, except:

1. We can raise that error message length constant and have it affect
the whole library if we choose.

2. We will be using a length-aware string-manipulation call which is
better than using one that assumes that the buffer is at least 256 bytes
long.


Sounds reasonable to have one unified spot. Though I wonder how to better 
address this with BZ 67609


I think this is unrelated at this point. We still probably need to 
improve the error-reporting situation overall; the buffer-size is just a 
detail.



and if resizing/realloc would be required?!


In every case I changed in the code, nothing is on the heap. Every case 
is something like this:


void foo(...) {

  char err[256];

  ...
  ERR_error_string(SSL_ERR_get(), err);
  ...
}

or

if(some_error_condition) {
  char err[256];
  ERR_error_string(SSL_ERR_get(), err);
  tcn_throw(...);
}

So re-allocations aren't (currently) on the menu.

If we at some point decide to implement more "fully-featured" error 
reporting/handling, perhaps that will become an issue.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tcnative] switch from using ERR_error_string to ERR_error_string_n

2024-05-14 Thread Christopher Schultz


All,

I'd like to basically globally-search-and-replace ERR_error_string for 
ERR_error_string_n and use a #define constant for both the 
initialization of all


   char err[256];

and similar strings and use that same constant for all calls to 
ERR_error_string_n..


Any objections?

There should really be no effective change, except:

1. We can raise that error message length constant and have it affect 
the whole library if we choose.


2. We will be using a length-aware string-manipulation call which is 
better than using one that assumes that the buffer is at least 256 bytes 
long.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917707 - /tomcat/site/trunk/docs/.well-known/security.txt

2024-05-13 Thread schultz

Author: schultz
Date: Mon May 13 18:43:52 2024
New Revision: 1917707

URL: http://svn.apache.org/viewvc?rev=1917707=rev
Log:
Update security.txt with a current expiration date.

Modified:
tomcat/site/trunk/docs/.well-known/security.txt

Modified: tomcat/site/trunk/docs/.well-known/security.txt
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.well-known/security.txt?rev=1917707=1917706=1917707=diff
==
--- tomcat/site/trunk/docs/.well-known/security.txt (original)
+++ tomcat/site/trunk/docs/.well-known/security.txt Mon May 13 18:43:52 2024
@@ -3,25 +3,24 @@ Hash: SHA256
 
 Contact: secur...@tomcat.apache.org
 Contact: 
https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat
-Expires: 2024-01-01T00:00:00
+Expires: 2025-01-01T00:00:00
 Acknowledgments: https://tomcat.apache.org/security.html
 Preferred-Languages: en
 Canonical: https://tomcat.apache.org/.well-known/security.txt
 Hiring: https://tomcat.apache.org/getinvolved.html
-
 -BEGIN PGP SIGNATURE-
 
-iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmSR274ACgkQHPApP6U8
-pFiP0RAAx1Ln6cugta2HcnMUTzMYpqb0Mdg4e2tcvQT5J4LFrgP5mMvSJKg3GQKG
-mtQ+FBNanf865rhI8Y604vS/2sYrjkh8UYeosg/Yot0UiGxhWzmgeIoXbGB3EuAc
-Awuzvr/+s/0KBXXb9ihkyYXqKEoUxtM6QCRlthJS2UkZkrrEjEEhwax0R+2qXCkp
-iivjPpyb+XNPTh7Rg8t/fT2vCfHHL4KOvq8DL+p3O+x4MW4bP2fsie4P5SOr7LDg
-0zsGZ234UXdStRMqjCU74/5LuswEP3TPJrobeD9yjrljwXGW8gX5DVsl2EXpRgpa
-BycUpLvQ9/7RVSXIRabI6vKD0zYljarl8Uryrm/CEOO2stUG7ENBAZVDbg1nCC5p
-UMRfX3a+Nigp2UVneUNpepP1vO2ltb6P+dP9T7bISRbomqjSdK+Kjc7clAUOzLH3
-0FX2DqIGViEKaRBBP+0qGYJus8hPt0c37/Sf96/4cdQUOokcDe1sMNbsS2VrNKbx
-QPZusS4eFn3JzXbHoqqgs4cGoBKsWhh8Jd9w/F5HYm+0C2Rk9l89uNyknoFbAmME
-jpyu1VnYr9zTkusJ+iX2cc0Ttfw7XLLowWCSYzWNvM5FBnf+tyg0qQaD4qF9mk8K
-WzchMJGzV0O1hhqanXqA3jUvXtRh5stG88xt+lmrsX2URdPYs80=
-=iJYn
+iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmZCXykACgkQHPApP6U8
+pFgAaA//cthJsdc3L6wiMpb2+4/RcbGh3SD2oIpO07pGP93JTjG07r1ow7a5fIiY
+c3+coNKgKXePZ+vz+/BHOJKpNWXERMetVvdkdMEPIUk4RX0pTqDfrzLXss59rUfg
+SJ2j/xelJXUpxBgIqp+Wl+pAj/qj69aF1JWGwZfndYx8ikIes9wkompB0apRPzcV
+YwwodI+OIfTZrGd8Z3kGhBBphjgAqrLyT7lR9xg3HOjjoXYJi/PlCamEW8flO84J
+Sp5vACx2tOEy6oEwZMQot+ZlueTsYE7ywq39Jcsxt6bhXJYZyJHAtJ4xUJbfcps+
+kFWc84FekrDZqRYnQjw3DbLmp+DwHUHnrcVsChL8+I1M9ZVvQ7HqsDHRj4TgpPQ5
++hTaV+Qd65f/D6HjoMIxxD3XJQeNkqLveklLGJWd35xgJdXHqvMq3iJ5eBmbnGGh
+YWP2E8BI6g0jwQN+g4Tn9dIaNpsiXtIdleBNTSp05gMkeD/ebQ5GeIVNQ7bSjEFD
+qmDpnYcgF5tAQbvN1mIDqlY2DQ+vPLL7xLcjZ/2P8Ko++0VAFd3mgT0GXIHnU7wT
+TSPCUZdfvPkerSEFFy6qqSyR9KPbW0S0IVR32/UMAA3VukHZZPLYeoGkQ5sKixOB
+QWV/e8jo6FhMrRjDUVT6FMDf5w4XvgcWyHsIzGnyhT/ChoJCHfY=
+=kk3u
 -END PGP SIGNATURE-



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917706 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa

2024-05-13 Thread schultz

Author: schultz
Date: Mon May 13 18:34:01 2024
New Revision: 1917706

URL: http://svn.apache.org/viewvc?rev=1917706=rev
Log:
Update web site to announce 10.1.24.


[This commit notification would consist of 103 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r69134 - /release/tomcat/tomcat-10/v10.1.23/

2024-05-13 Thread schultz

Author: schultz
Date: Mon May 13 18:33:31 2024
New Revision: 69134

Log:
Drop old release artifacts

Removed:
release/tomcat/tomcat-10/v10.1.23/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Increment version numbers for next release.

2024-05-13 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 707ed8d69d Increment version numbers for next release.
707ed8d69d is described below

commit 707ed8d69dff5c531c2ff3b9bfb1644b287de7de
Author: Christopher Schultz 
AuthorDate: Mon May 13 14:26:14 2024 -0400

Increment version numbers for next release.
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 5 -
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 48f2b60e88..8bb2fa9084 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -31,7 +31,7 @@
 # - Version Control Flags -
 version.major=10
 version.minor=1
-version.build=24
+version.build=25
 version.patch=0
 version.suffix=
 version.dev=-dev
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index d5a2848510..f02194e401 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=10.1.24
+maven.asf.release.deploy.version=10.1.25
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 96cae84eb1..f1c4b1a0b4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,10 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r69132 - /dev/tomcat/tomcat-10/v10.1.24/ /release/tomcat/tomcat-10/v10.1.24/

2024-05-13 Thread schultz

Author: schultz
Date: Mon May 13 18:15:10 2024
New Revision: 69132

Log:
Promote 10.1.24 to released

Added:
release/tomcat/tomcat-10/v10.1.24/
  - copied from r69131, dev/tomcat/tomcat-10/v10.1.24/
Removed:
dev/tomcat/tomcat-10/v10.1.24/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 10.1.24

2024-05-13 Thread Christopher Schultz


All,

The following votes were cast:

+1: schultz, remm, markt, rjung

Non-binding:

+1: rmannibucau

There were no other votes, therefore the vote passes.

Thanks to everyone who contributed toward this release.

Thanks,
-chris


The proposed Apache Tomcat 10.1.24 release is now available for
voting.

The notable changes compared to 10.1.23 are:

- Correct error handling for asynchronous requests

- Refactor HTTP header parsing to use common parsing code and fix
  non-blocking reads of chunked request bodies including trailer fields

- WebDAV locking handling fixes

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be placed 
in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically 
convert them to Jakarta EE and copy them to the webapps directory.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.24/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1494

The tag is:
https://github.com/apache/tomcat/tree/10.1.24
https://github.com/apache/tomcat/commit/f2a274bc00cf73670a614999561c69a391b5e35f

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.24 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.24



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.24

2024-05-10 Thread Christopher Schultz


Mark,

On 5/10/24 06:26, Mark Thomas wrote:

On 10/05/2024 11:22, Romain Manni-Bucau wrote:

Hi Christopher,

Is it possible to close the staging repo please (I get a 404)?


There is a typo in the VOTE email. The correct staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1495


Thanks for replying about this. Apologies for the typo :/

-chris


Le ven. 10 mai 2024 à 10:00, Mark Thomas  a écrit :


On 09/05/2024 19:12, Christopher Schultz wrote:


The proposed 10.1.24 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.1.24


Tests pass on Linux, Windows, MacOS (Intel) and MacOS (M1).

Build is cross platform reproducible (Linux / Windows).

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org






-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.24

2024-05-09 Thread Christopher Schultz


All,

On 5/9/24 14:12, Christopher Schultz wrote:

The proposed Apache Tomcat 10.1.24 release is now available for
voting.

The notable changes compared to 10.1.23 are:

- Correct error handling for asynchronous requests

- Refactor HTTP header parsing to use common parsing code and fix
   non-blocking reads of chunked request bodies including trailer fields

- WebDAV locking handling fixes

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.24/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1494

The tag is:
https://github.com/apache/tomcat/tree/10.1.24
https://github.com/apache/tomcat/commit/f2a274bc00cf73670a614999561c69a391b5e35f

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.24 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.24


+1 for stable release

The build is 100% reproducible on MacOS x86-64.

Unit tests pass on MacOS aarch64 and x86-84.

Details:

* Environment
*  Java (build):openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime 
Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM 
Temurin-22.0.1+8 (build 22.0.1+8, mixed mode)
*  Java (test): openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime 
Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM 
Temurin-22.0.1+8 (build 22.0.1+8, mixed mode)
*  Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 
2023

*  OS:  Darwin 23.4.0 arm64
*  cc:  Apple clang version 15.0.0 (clang-1500.3.9.4)
*  make:GNU Make 3.81
*  OpenSSL: OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 
Nov 2023)

*  APR: 1.7.4
*
* Valid SHA-512 signature for apache-tomcat-10.1.24.zip
* Valid GPG signature for apache-tomcat-10.1.24.zip
* Valid SHA-512 signature for apache-tomcat-10.1.24.tar.gz
* Valid GPG signature for apache-tomcat-10.1.24.tar.gz
* Valid SHA-512 signature for apache-tomcat-10.1.24.exe
* Valid GPG signature for apache-tomcat-10.1.24.exe
* Valid SHA512 signature for apache-tomcat-10.1.24-src.zip
* Valid GPG signature for apache-tomcat-10.1.24-src.zip
* Valid SHA512 signature for apache-tomcat-10.1.24-src.tar.gz
* Valid GPG signature for apache-tomcat-10.1.24-src.tar.gz
*
* Binary Zip and tarball: Same
* Source Zip and tarball: Same
*
* Building dependencies returned: 0
* tcnative builds cleanly
* Tomcat builds cleanly
* Junit Tests: PASSED

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 10.1.24

2024-05-09 Thread Christopher Schultz


The proposed Apache Tomcat 10.1.24 release is now available for
voting.

The notable changes compared to 10.1.23 are:

- Correct error handling for asynchronous requests

- Refactor HTTP header parsing to use common parsing code and fix
  non-blocking reads of chunked request bodies including trailer fields

- WebDAV locking handling fixes

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.24/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1494

The tag is:
https://github.com/apache/tomcat/tree/10.1.24
https://github.com/apache/tomcat/commit/f2a274bc00cf73670a614999561c69a391b5e35f

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.24 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.24

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r69067 - in /dev/tomcat/tomcat-10/v10.1.24: ./ bin/ bin/embed/ src/

2024-05-09 Thread schultz

Author: schultz
Date: Thu May  9 17:49:05 2024
New Revision: 69067

Log:
Upload v10.1.24 for voting

Added:
dev/tomcat/tomcat-10/v10.1.24/
dev/tomcat/tomcat-10/v10.1.24/KEYS
dev/tomcat/tomcat-10/v10.1.24/README.html
dev/tomcat/tomcat-10/v10.1.24/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.1.24/bin/
dev/tomcat/tomcat-10/v10.1.24/bin/README.html
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.zip.asc
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-fulldocs.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x64.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x64.zip.asc

dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x86.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x86.zip.asc

dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.exe   (with props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.exe.asc
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.exe.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.zip   (with props)
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.zip.asc
dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.zip.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/embed/
dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.tar.gz  
 (with props)

dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.zip.asc

dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.zip.sha512
dev/tomcat/tomcat-10/v10.1.24/src/
dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.zip   (with 
props)
dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.zip.asc
dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.1.24/KEYS
==
--- dev/tomcat/tomcat-10/v10.1.24/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.1.24/KEYS Thu May  9 17:49:05 2024
@@ -0,0 +1,562 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Comment: GPGTools - http://gpgtools.org
+
+mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX
+pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t
+6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K
+GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz
+4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M
+UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF
+kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn
+lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi
+GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8
+Xvu

(tomcat) 01/01: Tag 10.1.24

2024-05-09 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to tag 10.1.24
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f2a274bc00cf73670a614999561c69a391b5e35f
Author: ChristopherSchultz 
AuthorDate: Thu May 9 13:46:36 2024 -0400

Tag 10.1.24
---
 build.properties.release |  54 +++
 res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes
 res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes
 res/maven/mvn.properties.release |  27 
 webapps/docs/changelog.xml   |   2 +-
 5 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/build.properties.release b/build.properties.release
new file mode 100644
index 00..79b435f490
--- /dev/null
+++ b/build.properties.release
@@ -0,0 +1,54 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Any unwanted settings may be over-ridden in a build.properties file located
+# in the same directory as this file.
+
+# Set the version-dev to "" (empty string) as this is not a development 
release.
+version.dev=
+
+# Ensure consistent timestamps for reproducible builds.
+ant.tstamp.now.iso=2024-05-09T17:41:23Z
+
+# Enable insertion of detached signatures into the Windows installer.
+do.codesigning=true
+
+# Re-use the same GPG executable.
+gpg.exec=/opt/homebrew/bin/gpg
+
+# Reproducible builds require the use of the build tools defined below. The
+# vendors (where appropriate) and versions must match exactly for a 
reproducible
+# build since this data is embedded in various files, particularly JAR file
+# manifests, as part of the build process.
+#
+# Apache Ant:  Apache Ant(TM) version 1.10.14 compiled on August 16 2023
+#
+# Java Name:   OpenJDK 64-Bit Server VM
+# Java Vendor: Eclipse Adoptium
+# Java Version:22.0.1+8
+
+# The following is provided for information only. Builds will be repeatable
+# whether or not the build environment is consistent with this information.
+#
+# OS:  aarch64 Mac OS X 14.4.1
+# File encoding:   UTF-8
+#
+# Release Manager: schultz
+release-java-version=22.0.1+8
+release-ant-version=1.10.14
diff --git a/res/install-win/Uninstall.exe.sig 
b/res/install-win/Uninstall.exe.sig
new file mode 100644
index 00..fe7f8ba63f
Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ
diff --git a/res/install-win/tomcat-installer.exe.sig 
b/res/install-win/tomcat-installer.exe.sig
new file mode 100644
index 00..5ad2e10b63
Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ
diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release
new file mode 100644
index 00..7524ed8db0
--- /dev/null
+++ b/res/maven/mvn.properties.release
@@ -0,0 +1,27 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Remove "-dev" from the version since this is not a development release.
+maven.asf.release.deploy.version=10

(tomcat) tag 10.1.24 created (now f2a274bc00)

2024-05-09 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 10.1.24
in repository https://gitbox.apache.org/repos/asf/tomcat.git


  at f2a274bc00 (commit)
This tag includes the following new commits:

 new f2a274bc00 Tag 10.1.24

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Passing down arbitrary auth attributes down to Realm#authenticate()

2024-05-08 Thread Christopher Schultz


Michael,

On 5/8/24 03:01, Michael Osipov wrote:

On 2024/05/07 21:10:33 Christopher Schultz wrote:

Michael,

On 5/7/24 14:06, Michael Osipov wrote:

Folks,

I am working on a custom Authenticator and Realm where I need to pass
down a custom value to Realm#authenticate(), more specially a value
obtained from javax.security.auth.Subject#getPrivateCredentials().
Currently, there is no such facility in the interface. Any idea how to
pass this down w/o touching the interface and w/o thread-local values?
The only thing I can think of is a custom realm interface, but that
means every realm needs to implement it...


This is the entire reason that the securityfilter[1] project exists.
It's quite old but gets around this kind of thing with... a custom
interface. We use it at $work because we want to be able to get IP
addresses to log logins and login failures.

Tomcat's Realm-related interfaces have always been too restrictive for
me, but I'm not entirely sure how to get around them.

I had a conversation with markt years ago at an ApacheCon event where I
asked about strategies to help out with this sort of thing, and his
relatively quick answer without thinking about it too much was to
suggest that (a) anything new and major should probably go into the
JASPIC/Jakarta Authentication component and (b) JASPIC/Jakarta
Authentication might already be able to do what I wanted.

I didn't follow-up at the time, so I can't validate whether he was right
about (b) or whether (a) would have been particularly easy/hard.


Chris,

that SF project seems quite abandoned :-(


It's more like "in the attic". It does what it needs to do and has been 
doing it for years. No need to mess around with it.



I took once a brief look at JASPIC. I must say it may be the solution
to my problem, but currently I am not capable of rewriting the entire
code base for it. I Still prefer CMS over "custom" because it gives me
subjective better integration.

That's fair.

I've never dug far enough into JASPIC / Jakarta Authentication to even 
know how to implement "standard" Tomcat Authenticator / Realm with a 
simple RDBMS-based user db. So it's possible it's an afternoon of work 
to re-build what I need on top of JASPIC (as a Provider) or maybe it's 
weeks which isn't worth it to me.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Passing down arbitrary auth attributes down to Realm#authenticate()

2024-05-07 Thread Christopher Schultz


Michael,

On 5/7/24 14:06, Michael Osipov wrote:

Folks,

I am working on a custom Authenticator and Realm where I need to pass 
down a custom value to Realm#authenticate(), more specially a value 
obtained from javax.security.auth.Subject#getPrivateCredentials(). 
Currently, there is no such facility in the interface. Any idea how to 
pass this down w/o touching the interface and w/o thread-local values? 
The only thing I can think of is a custom realm interface, but that 
means every realm needs to implement it...


This is the entire reason that the securityfilter[1] project exists. 
It's quite old but gets around this kind of thing with... a custom 
interface. We use it at $work because we want to be able to get IP 
addresses to log logins and login failures.


Tomcat's Realm-related interfaces have always been too restrictive for 
me, but I'm not entirely sure how to get around them.


I had a conversation with markt years ago at an ApacheCon event where I 
asked about strategies to help out with this sort of thing, and his 
relatively quick answer without thinking about it too much was to 
suggest that (a) anything new and major should probably go into the 
JASPIC/Jakarta Authentication component and (b) JASPIC/Jakarta 
Authentication might already be able to do what I wanted.


I didn't follow-up at the time, so I can't validate whether he was right 
about (b) or whether (a) would have been particularly easy/hard.


-chris

[1] https://securityfilter.sourceforge.net/

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Refactor storage of trailer fields to use MimeHeaders

2024-04-29 Thread Christopher Schultz


Mark,

On 4/24/24 14:47, ma...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new f087decbc9 Refactor storage of trailer fields to use MimeHeaders
f087decbc9 is described below

commit f087decbc938eff084b7be92298457736fe783c2
Author: Mark Thomas 
AuthorDate: Wed Apr 24 19:47:33 2024 +0100

 Refactor storage of trailer fields to use MimeHeaders
---
  java/org/apache/catalina/connector/Request.java   |  4 ++--
  java/org/apache/coyote/Request.java   | 15 +--
  .../coyote/http11/filters/ChunkedInputFilter.java |  6 +++---
  java/org/apache/coyote/http2/Stream.java  |  2 +-
  java/org/apache/tomcat/util/buf/StringUtils.java  |  5 +
  java/org/apache/tomcat/util/http/MimeHeaders.java | 19 +++
  webapps/docs/changelog.xml|  8 
  7 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 390ca9daa1..6bf0f0a940 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -1763,8 +1763,8 @@ public class Request implements HttpServletRequest {
  if (!isTrailerFieldsReady()) {
  throw new 
IllegalStateException(sm.getString("coyoteRequest.trailersNotReady"));
  }
-Map result = new 
HashMap<>(coyoteRequest.getTrailerFields());
-return result;
+// No need for a defensive copy since a new Map is returned for every 
call.
+return coyoteRequest.getTrailerFields();
  }
  
  
diff --git a/java/org/apache/coyote/Request.java b/java/org/apache/coyote/Request.java

index 680aec6a7b..bf948b09a6 100644
--- a/java/org/apache/coyote/Request.java
+++ b/java/org/apache/coyote/Request.java
@@ -110,7 +110,7 @@ public final class Request {
  private final MessageBytes localAddrMB = MessageBytes.newInstance();
  
  private final MimeHeaders headers = new MimeHeaders();

-private final Map trailerFields = new HashMap<>();
+private final MimeHeaders trailerFields = new MimeHeaders();
  
  /**

   * Path parameters
@@ -293,6 +293,11 @@ public final class Request {
  
  
  public Map getTrailerFields() {

+return trailerFields.toMap();
+}


Should getTrailerFields call getMimeTrailerFields instead of using 
this.trailerFields directly? I'm not sure how much we really care about 
subclasses...


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Add support for timescales with time-taken access log token. (#721)

2024-04-26 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new a7e9d7da69 Add support for timescales with time-taken access log 
token. (#721)
a7e9d7da69 is described below

commit a7e9d7da695f0f0de8d4a5494e1dc655f20cf62f
Author: Christopher Schultz 
AuthorDate: Fri Apr 26 13:17:57 2024 -0400

Add support for timescales with time-taken access log token. (#721)

Add support for timescales with time-taken access log token.

Add support for nanosecond and fractional-second timescales.
---
 .../catalina/valves/AbstractAccessLogValve.java| 32 +++---
 .../catalina/valves/ExtendedAccessLogValve.java| 14 +-
 webapps/docs/changelog.xml |  5 
 webapps/docs/config/valve.xml  |  9 --
 4 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 5c4e67dde6..286647cfed 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1316,6 +1316,19 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));
 }
 },
+SECONDS_FRACTIONAL {
+@Override
+public void append(CharArrayWriter buf, long time) {
+time = time / 100; // Convert to millis
+buf.append(Long.toString(time / 1000));
+buf.append('.');
+int remains = (int) (time % 1000);
+buf.append(Long.toString(remains / 100));
+remains = remains % 100;
+buf.append(Long.toString(remains / 10));
+buf.append(Long.toString(remains % 10));
+}
+},
 MILLISECONDS {
 @Override
 public void append(CharArrayWriter buf, long time) {
@@ -1327,6 +1340,12 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 public void append(CharArrayWriter buf, long time) {
 
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));
 }
+},
+NANOSECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+buf.append(Long.toString(time));
+}
 };
 
 /**
@@ -1337,10 +1356,11 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  */
 public abstract void append(CharArrayWriter buf, long time);
 }
+
 private final Style style;
 
 /**
- * Create a new ElapsedTimeElement that will log the time in the 
specified style.
+ * Creates a new ElapsedTimeElement that will log the time in the 
specified style.
  *
  * @param style The elapsed-time style to use.
  */
@@ -1760,10 +1780,14 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 return new DateAndTimeElement(name);
 case 'T':
 // ms for milliseconds, us for microseconds, and s for seconds
-if ("ms".equals(name)) {
-return new ElapsedTimeElement(false, true);
+if ("ns".equals(name)) {
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.NANOSECONDS);
 } else if ("us".equals(name)) {
-return new ElapsedTimeElement(true, false);
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.MICROSECONDS);
+} else if ("ms".equals(name)) {
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.MILLISECONDS);
+} else if ("fracsec".equals(name)) {
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.SECONDS_FRACTIONAL);
 } else {
 return new ElapsedTimeElement(false, false);
 }
diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java 
b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
index c75e41dc01..8b9c9f090c 100644
--- a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
+++ b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
@@ -535,7 +535,19 @@ public class ExtendedAccessLogValve extends AccessLogValve 
{
 if (tokenizer.hasSubToken()) {
 String nextToken = tokeniz

Re: Refactoring heads up


Mark,

On 4/26/24 13:17, Mark Thomas wrote:

On 24/04/2024 17:52, Mark Thomas wrote:



My plan is to commit these changes to 11.0.x with the low risk parts 
(e.g. new methods) back-ported. Then, once we can see what is left, we 
can decide how quickly/slowly we want to back-port the complete fix to 
10.1.x and 9.0.x (the issue was reported against 10.1.x).


All is looking good so far.

The complete refactoring has been applied to 11.0.x

10.1.x and 9.0.x have the new header parser and are using it for the 
ChunkedInputFilter.


The question is how long do we want to wait before back-porting the 
standard HTTP header parsing? Essentially this means back-porting this 
commit:


https://github.com/apache/tomcat/commit/e5acf2cf0f745350c85d81532826d92b1882469a

Thoughts?

I'm thinking wait at least one release cycle before back-porting just in 
case of regressions given that this affects every request.


+1 for waiting until next cycle to back-port.

I don't think we have to wait any longer than that.

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Unit tests using tcnative/panama [Was: [Bug 68910] Improve LibreSSL version check in tcnative.m4]





On 4/18/24 06:05, Rainer Jung wrote:

Am 18.04.24 um 09:08 schrieb bugzi...@apache.org:

https://bz.apache.org/bugzilla/show_bug.cgi?id=68910

--- Comment #3 from Michael Osipov  ---
(In reply to Christopher Schultz from comment #1)

(In reply to Michael Osipov from comment #0)

since we also do support LibreSSL [...]


Note: Support for LibreSSL is more of an aspiration and less of a
requirement. We don't technically advertise support for LibreSSL, but I
would like to be able to support it.


FYI. Just ran 10.1.x with LibreSSL 3.5.2:
    [concat] 
TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
    [concat] 
TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt

    [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt
    [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt
    [concat] 
TEST-org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt
    [concat] 
TEST-org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt
    [concat] 
TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.NIO.txt
    [concat] 
TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.NIO2.txt


The rest is passing. These are failing for renegotiation or protocol 
mismatch.

That looks very promising.


Probably not relevant for this specific topic but maybe of general 
interest:


For other reasons I tried to identify, which unit tests actually load 
and execute with tcnative and/or panama, and those are very few. Most 
tests do not use these. Apart from the ones you mentioned as failing:


org.apache.catalina.valves.rewrite.TestResolverSSL
org.apache.tomcat.util.net.TestClientCert
org.apache.tomcat.util.net.TestCustomSslTrustManager
org.apache.tomcat.util.net.openssl.TestOpenSSLConf

the only other tests I found using tcnative and/or openssl connectors are:

org.apache.coyote.http2.TestLargeUpload
org.apache.tomcat.util.net.TestClientCertTls13
org.apache.tomcat.util.net.TestSSLHostConfigCompat
org.apache.tomcat.util.net.TestSSLHostConfigIntegration
org.apache.tomcat.util.net.TestSsl
org.apache.tomcat.websocket.TestWebSocketFrameClientSSL
org.apache.tomcat.websocket.TestWsWebSocketContainerSSL

So almost all of the tests actually using a connector to run servlets 
etc. only use plain http connectors (or fixed JSSE, but I think such do 
not exist).


A few more might only use the commandline openssl binary. Those are not 
included in the above lists.


I was thinking about this the other day as well, since there are 
tcnative+APR-based tests in Tomcat 9 which are executed separately from 
NIO and NIO2. I wasn't ever sure if/how the native library was being 
loaded. I wonder if on test-start (for those tests which actually use 
the connector), we could advertise which strategy is actually being used 
at runtime? I'm aware that FFM isn't supported pre-10.1.23 and that the 
APR connector has been removed in 10.1 but when running 10.1/11 tests it 
would be nice to know that the tests are failing because some specific 
test isn't working via e.g. FFM rather than the native library just 
didn't load properly and therefore ALL tests are failing.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch 10.1.x updated: Fix disastrous cookie-logging patch.


Mark,

Thanks for back-porting this. I thought I had already done so.

-chris

On 4/26/24 12:58, ma...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
  new 783815fd94 Fix disastrous cookie-logging patch.
783815fd94 is described below

commit 783815fd940a4ac2f6d7df7bd056e071f54d7de6
Author: Christopher Schultz 
AuthorDate: Fri Apr 19 10:16:36 2024 -0400

 Fix disastrous cookie-logging patch.
---
  java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 03acb492fa..5c4e67dde6 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1515,17 +1515,19 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  if (cookies != null) {
  for (Cookie cookie : cookies) {
  if (cookieNameToLog.equals(cookie.getName())) {
+if (value == null) {
+value = new StringBuilder();
+}
  if (first) {
  first = false;
  } else {
  value.append(',');
  }
-value = new StringBuilder();
  value.append(cookie.getValue());
  }
  }
  }
-if (value.length() == 0) {
+if (value == null) {
  buf.append('-');
  } else {
  escapeAndAppend(value.toString(), buf);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Fix disastrous cookie-logging patch.


Chuck,

On 4/19/24 10:48, Chuck Caldarale wrote:

On Apr 19, 2024, at 09:18, Christopher Schultz  
wrote:

Hopefully this patch has the intended effect. ;)



I’m not convinced this change will have any measurable performance
improvement. The JVM C2 compiler is pretty good with escape analysis,
so an unused StringBuilder object may not even get allocated.
It should get allocated, since the constructor needs to be called. But 
it may be allocated in a cheap memory region and immediately become 
speedily-collected garbage.



Also, there’s now an added comparison for each iteration of the
cookies loop, plus the additional code for an object allocation. This
enlarges the body of the loop, putting more pressure on the microcode
cache in the CPU, possibly making each iteration take longer.

That's a fair criticism.


Are there any practical examples that show a performance benefit or GC 
reduction?


None.

I made this change merely based upon code inspection. Since this code 
executes for every single request, I guessed without evidence that 
reduction of memory-churn would be beneficial.


-chris


On 4/19/24 10:17, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
  new cbefe8624e Fix disastrous cookie-logging patch.
cbefe8624e is described below
commit cbefe8624ee5d6255955134d08498f9926295126
Author: Christopher Schultz 
AuthorDate: Fri Apr 19 10:16:36 2024 -0400
 Fix disastrous cookie-logging patch.
---
  java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 0576b83442..dd29a5ec37 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1513,17 +1513,19 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  if (cookies != null) {
  for (Cookie cookie : cookies) {
  if (cookieNameToLog.equals(cookie.getName())) {
+if (value == null) {
+value = new StringBuilder();
+}
  if (first) {
  first = false;
  } else {
  value.append(',');
  }
-value = new StringBuilder();
  value.append(cookie.getValue());
  }
  }
  }
-if (value.length() == 0) {
+if (value == null) {
  buf.append('-');
  } else {
  escapeAndAppend(value.toString(), buf);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Add support for timescales with time-taken access log token. (#721)

2024-04-26 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new e9046d96a6 Add support for timescales with time-taken access log 
token. (#721)
e9046d96a6 is described below

commit e9046d96a6fd3b23b9b3288154f4bb7ea2f7f2cd
Author: Christopher Schultz 
AuthorDate: Fri Apr 26 13:17:57 2024 -0400

Add support for timescales with time-taken access log token. (#721)

Add support for timescales with time-taken access log token.

Add support for nanosecond and fractional-second timescales.
---
 .../catalina/valves/AbstractAccessLogValve.java| 32 +++---
 .../catalina/valves/ExtendedAccessLogValve.java| 14 +-
 webapps/docs/changelog.xml |  5 
 webapps/docs/config/valve.xml  |  9 --
 4 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index dd29a5ec37..2628c654e2 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1314,6 +1314,19 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));
 }
 },
+SECONDS_FRACTIONAL {
+@Override
+public void append(CharArrayWriter buf, long time) {
+time = time / 100; // Convert to millis
+buf.append(Long.toString(time / 1000));
+buf.append('.');
+int remains = (int) (time % 1000);
+buf.append(Long.toString(remains / 100));
+remains = remains % 100;
+buf.append(Long.toString(remains / 10));
+buf.append(Long.toString(remains % 10));
+}
+},
 MILLISECONDS {
 @Override
 public void append(CharArrayWriter buf, long time) {
@@ -1325,6 +1338,12 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 public void append(CharArrayWriter buf, long time) {
 
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));
 }
+},
+NANOSECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+buf.append(Long.toString(time));
+}
 };
 
 /**
@@ -1335,10 +1354,11 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  */
 public abstract void append(CharArrayWriter buf, long time);
 }
+
 private final Style style;
 
 /**
- * Create a new ElapsedTimeElement that will log the time in the 
specified style.
+ * Creates a new ElapsedTimeElement that will log the time in the 
specified style.
  *
  * @param style The elapsed-time style to use.
  */
@@ -1758,10 +1778,14 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 return new DateAndTimeElement(name);
 case 'T':
 // ms for milliseconds, us for microseconds, and s for seconds
-if ("ms".equals(name)) {
-return new ElapsedTimeElement(false, true);
+if ("ns".equals(name)) {
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.NANOSECONDS);
 } else if ("us".equals(name)) {
-return new ElapsedTimeElement(true, false);
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.MICROSECONDS);
+} else if ("ms".equals(name)) {
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.MILLISECONDS);
+} else if ("fracsec".equals(name)) {
+return new 
ElapsedTimeElement(ElapsedTimeElement.Style.SECONDS_FRACTIONAL);
 } else {
 return new ElapsedTimeElement(false, false);
 }
diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java 
b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
index f7368b9523..6f5fbe6c6e 100644
--- a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
+++ b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
@@ -541,7 +541,19 @@ public class ExtendedAccessLogValve extends AccessLogValve 
{
 if (tokenizer.hasSubToken()) {
 String nextToken = tokeniz

(tomcat) branch 10.1.x updated: Add release date

2024-04-23 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 0262b2abdc Add release date
0262b2abdc is described below

commit 0262b2abdca6622318eb8dfb8f1f5f807ee6e7fb
Author: Christopher Schultz 
AuthorDate: Tue Apr 23 16:44:27 2024 -0400

Add release date
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 20ee6a0cbc..82142794da 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -162,7 +162,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68733 - in /release/tomcat/tomcat-10: v10.1.19/ v10.1.20/

2024-04-23 Thread schultz

Author: schultz
Date: Tue Apr 23 20:40:16 2024
New Revision: 68733

Log:
Drop old release artifacts

Removed:
release/tomcat/tomcat-10/v10.1.19/
release/tomcat/tomcat-10/v10.1.20/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917292 - /tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html

2024-04-23 Thread schultz

Author: schultz
Date: Tue Apr 23 20:37:56 2024
New Revision: 1917292

URL: http://svn.apache.org/viewvc?rev=1917292=rev
Log:
Update release date for Tomcat 8.5.100.

Modified:
tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html

Modified: tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html?rev=1917292=1917291=1917292=diff
==
--- tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html (original)
+++ tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html Tue Apr 23 20:37:56 
2024
@@ -1,7 +1,7 @@
 
 Apache Tomcat 8 (8.5.100) - 
Changeloghttps://tomcat.apache.org/;>https://www.apache.org/; target="_blank">Apache Tomcat 8
 Version 8.5.100,
-Mar 19 2024LinksDocs Homehttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ;>FAQUser
 Guide1) Introduction2) Setup3) First 
webapp4) Deployer5) Manager6) Host Manager7) Realms and AAA8) Security Manager9) JNDI Resources10) JDBC DataSources
 11) Classloading12) JSPs13) 
SSL/TLS14) SSI15) CGI16) Proxy 
Support17) MBeans 
Descriptors18) Default 
Servlet19) Clustering20) Load Balancer21) Connectors22) 
Monitoring and Management23) 
Logging24) APR/Native25) Virtual Hosting26) Advanced IO27) 
Additional Components28) Maveni
 zed29) Security 
Considerations30) Windows 
Service31) Windows 
Authentication32) Tomcat's JDBC 
Pool33) WebSocket34) 
RewriteReferenceRelease NotesConfigurationTomcat JavadocsServlet 3.1 JavadocsJSP 2.3 JavadocsEL 3.0 JavadocsWebSocket 1.1 JavadocsJASPIC 1.1 JavadocsCommon Annotations 1.2 JavadocsJK 1.2 
DocumentationApache Tomcat 
DevelopmentBuildingChangeloghttps://cwiki.apache.org/confluence/display/TOMCAT/Tomcat+Versions;>StatusDevelopersArchitectureTribesChangelog Tomcat 8.5.100 (schultz)
+Mar 19 2024LinksDocs Homehttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ;>FAQUser
 Guide1) Introduction2) Setup3) First 
webapp4) Deployer5) Manager6) Host Manager7) Realms and AAA8) Security Manager9) JNDI Resources10) JDBC DataSources
 11) Classloading12) JSPs13) 
SSL/TLS14) SSI15) CGI16) Proxy 
Support17) MBeans 
Descriptors18) Default 
Servlet19) Clustering20) Load Balancer21) Connectors22) 
Monitoring and Management23) 
Logging24) APR/Native25) Virtual Hosting26) Advanced IO27) 
Additional Components28) Maveni
 zed29) Security 
Considerations30) Windows 
Service31) Windows 
Authentication32) Tomcat's JDBC 
Pool33) WebSocket34) 
RewriteReferenceRelease NotesConfigurationTomcat JavadocsServlet 3.1 JavadocsJSP 2.3 JavadocsEL 3.0 JavadocsWebSocket 1.1 JavadocsJASPIC 1.1 JavadocsCommon Annotations 1.2 JavadocsJK 1.2 
DocumentationApache Tomcat 
DevelopmentBuildingChangeloghttps://cwiki.apache.org/confluence/display/TOMCAT/Tomcat+Versions;>StatusDevelopersArchitectureTribesChangelog2024-03-25 Tomcat 8.5.100 (schultz)
   Catalina
 
   
@@ -12683,4 +12683,4 @@
 Apache Tomcat, Tomcat, Apache, the Apache Tomcat logo and the Apache logo
 are either registered trademarks or trademarks of the Apache Software
 Foundation.
-
\ No newline at end of file
+



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1917291 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa

2024-04-23 Thread schultz

Author: schultz
Date: Tue Apr 23 20:35:05 2024
New Revision: 1917291

URL: http://svn.apache.org/viewvc?rev=1917291=rev
Log:
Update website to announce the release of Apache Tomcat 10.1.23.


[This commit notification would consist of 468 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r68732 - /dev/tomcat/tomcat-10/v10.1.23/ /release/tomcat/tomcat-10/v10.1.23/

2024-04-23 Thread schultz

Author: schultz
Date: Tue Apr 23 20:26:28 2024
New Revision: 68732

Log:
Promote v10.1.23 to released.

Added:
release/tomcat/tomcat-10/v10.1.23/
  - copied from r68731, dev/tomcat/tomcat-10/v10.1.23/
Removed:
dev/tomcat/tomcat-10/v10.1.23/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 10.1.23

2024-04-23 Thread Christopher Schultz


All,

The following votes were cast:

Binding:
+1: schultz, remm, markt, rjung, jfclere

Non-binding:
+1: Dimitris Soumis

There were no other votes, therefore the vote passed.

I will begin the release process shortly. Thanks to everyone who 
contributed toward this release.


-chris


The proposed Apache Tomcat 10.1.23 release is now available for
voting. Apache Tomcat 10.1.21 was canceled due to a release-build mistake and 
Apache Tomcat 10.1.22 was cancelled due to an option in startup scripts which 
would have caused Java 11 environments to fail to start.

The notable changes compared to 10.1.20 are:

- Improve locking strategies in Catalina core

- Update Basic authentication to implement the requirements of RFC 7617

- Updates to Apache Commons dependencies

- Add OpenSSL support when FFM is available

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be placed 
in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically 
convert them to Jakarta EE and copy them to the webapps directory.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1492

The tag is:
https://github.com/apache/tomcat/tree/10.1.23
https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.23 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.23



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.23

2024-04-23 Thread Christopher Schultz


Jean-Frederic,

On 4/23/24 08:27, jean-frederic clere wrote:

On 4/23/24 09:47, Mark Thomas wrote:

On 23/04/2024 06:35, jean-frederic clere wrote:

On 4/17/24 12:00, Mark Thomas wrote:

Build is reproducible.


My tests here complain about examples, did I miss something.


No idea. You'd need to do a diff to see what didn't match and that 
will (hopefully) point you towards the root cause.


The class files are different... Investigating.


I'm holding the VOTE-RESULT email just in case you find something truly 
weird.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.23

2024-04-23 Thread Christopher Schultz


Jean-Frederic,

On 4/23/24 08:27, jean-frederic clere wrote:

On 4/23/24 09:47, Mark Thomas wrote:

On 23/04/2024 06:35, jean-frederic clere wrote:

On 4/17/24 12:00, Mark Thomas wrote:

Build is reproducible.


My tests here complain about examples, did I miss something.


No idea. You'd need to do a diff to see what didn't match and that 
will (hopefully) point you towards the root cause.


The class files are different... Investigating.


Try using "ant verify-release". It will give you suggestions for 
investigating anything that doesn't match.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Fix disastrous cookie-logging patch.


All,

Hopefully this patch has the intended effect. ;)

-chris

On 4/19/24 10:17, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new cbefe8624e Fix disastrous cookie-logging patch.
cbefe8624e is described below

commit cbefe8624ee5d6255955134d08498f9926295126
Author: Christopher Schultz 
AuthorDate: Fri Apr 19 10:16:36 2024 -0400

 Fix disastrous cookie-logging patch.
---
  java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 0576b83442..dd29a5ec37 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1513,17 +1513,19 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  if (cookies != null) {
  for (Cookie cookie : cookies) {
  if (cookieNameToLog.equals(cookie.getName())) {
+if (value == null) {
+value = new StringBuilder();
+}
  if (first) {
  first = false;
  } else {
  value.append(',');
  }
-value = new StringBuilder();
  value.append(cookie.getValue());
  }
  }
  }
-if (value.length() == 0) {
+if (value == null) {
  buf.append('-');
  } else {
  escapeAndAppend(value.toString(), buf);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Fix disastrous cookie-logging patch.

2024-04-19 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new cbefe8624e Fix disastrous cookie-logging patch.
cbefe8624e is described below

commit cbefe8624ee5d6255955134d08498f9926295126
Author: Christopher Schultz 
AuthorDate: Fri Apr 19 10:16:36 2024 -0400

Fix disastrous cookie-logging patch.
---
 java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 0576b83442..dd29a5ec37 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1513,17 +1513,19 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 if (cookies != null) {
 for (Cookie cookie : cookies) {
 if (cookieNameToLog.equals(cookie.getName())) {
+if (value == null) {
+value = new StringBuilder();
+}
 if (first) {
 first = false;
 } else {
 value.append(',');
 }
-value = new StringBuilder();
 value.append(cookie.getValue());
 }
 }
 }
-if (value.length() == 0) {
+if (value == null) {
 buf.append('-');
 } else {
 escapeAndAppend(value.toString(), buf);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.


Mark,

On 4/18/24 11:12, Mark Thomas wrote:

On 18/04/2024 14:31, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 23facd507d Don't create a StringBuilder object until we know 
we have at least one Cookie value to log.

23facd507d is described below

commit 23facd507db72d583ed89a13f20ab1cb766f0221
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 09:30:50 2024 -0400

 Don't create a StringBuilder object until we know we have at 
least one Cookie value to log.


-1. veto. Please fix/revert ASAP.

Note: This veto applies to this commit and the back-ports.

This creates multiple paths where a NPE is possible.


OMG what the heck happened to this patch? Grr. I saw this while working 
on the timestamp-style stuff and decided to separate it out into a 
separate commit and but did I get it wrong. It NPEs on /every/ path :(


Sorry for such a low-quality commit.

I'm going to try a "correct" commit on top of it and would appreciate a 
review. If it still looks like a no-go, I'll revert the whole thing.


This does not work if there are multiple cookies with the same name that 
need to be logged.

ACK

Thanks,
-chris


---
  java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++-
  webapps/docs/changelog.xml  | 4 
  2 files changed, 6 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java

index 5502d1c183..e13bb9e5ac 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1479,7 +1479,7 @@ public abstract class AbstractAccessLogValve 
extends ValveBase implements Access

  @Override
  public void addElement(CharArrayWriter buf, Date date, 
Request request, Response response, long time) {

-    StringBuilder value = new StringBuilder();
+    StringBuilder value = null;
  boolean first = true;
  Cookie[] cookies = request.getCookies();
  if (cookies != null) {
@@ -1490,6 +1490,7 @@ public abstract class AbstractAccessLogValve 
extends ValveBase implements Access

  } else {
  value.append(',');
  }
+    value = new StringBuilder();
  value.append(cookie.getValue());
  }
  }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8ef77e52aa..f6c6c62962 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,10 @@
  including the removal of the trimCredentials 
setting which

  is now hard-coded to false. (markt)
    
+  
+    Small performance optimization when logging cookies with no 
values.

+    (schultz)
+  
  
    
    


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.


Mark,

On 4/19/24 08:38, Mark Thomas wrote:
Ping. Just making sure this veto hasn't been lost in the recent flurry 
of commits.


ACK

I'll revert and re-evaluate.

Thanks,
-chris


On 18/04/2024 16:12, Mark Thomas wrote:

On 18/04/2024 14:31, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 23facd507d Don't create a StringBuilder object until we 
know we have at least one Cookie value to log.

23facd507d is described below

commit 23facd507db72d583ed89a13f20ab1cb766f0221
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 09:30:50 2024 -0400

 Don't create a StringBuilder object until we know we have at 
least one Cookie value to log.


-1. veto. Please fix/revert ASAP.

Note: This veto applies to this commit and the back-ports.

This creates multiple paths where a NPE is possible.

This does not work if there are multiple cookies with the same name 
that need to be logged.


Mark



---
  java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++-
  webapps/docs/changelog.xml  | 4 
  2 files changed, 6 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java

index 5502d1c183..e13bb9e5ac 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1479,7 +1479,7 @@ public abstract class AbstractAccessLogValve 
extends ValveBase implements Access

  @Override
  public void addElement(CharArrayWriter buf, Date date, 
Request request, Response response, long time) {

-    StringBuilder value = new StringBuilder();
+    StringBuilder value = null;
  boolean first = true;
  Cookie[] cookies = request.getCookies();
  if (cookies != null) {
@@ -1490,6 +1490,7 @@ public abstract class AbstractAccessLogValve 
extends ValveBase implements Access

  } else {
  value.append(',');
  }
+    value = new StringBuilder();
  value.append(cookie.getValue());
  }
  }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8ef77e52aa..f6c6c62962 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,10 @@
  including the removal of the trimCredentials 
setting which

  is now hard-coded to false. (markt)
    
+  
+    Small performance optimization when logging cookies with no 
values.

+    (schultz)
+  
  
    
    


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) 02/02: Re-factor ElapsedTimeElement to use a customizable Style


Mark,

On 4/19/24 08:31, Mark Thomas wrote:

On 19/04/2024 13:12, schu...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d3482c35bf144cc891dfa325b2f2f50460708c23
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 10:22:16 2024 -0400

 Re-factor ElapsedTimeElement to use a customizable Style


How is this customizable?

This seems to add complexity to somewhere we probably want to keep 
things simple.


It was preparation for this PR:

https://github.com/apache/tomcat/pull/721

The use of two-booleans means that we could support only 4 possible 
formats where one of them didn't make any sense (i.e. microseconds=true 
&& milliseconds == true).


-chris


---
  .../catalina/valves/AbstractAccessLogValve.java    | 52 
+-

  webapps/docs/changelog.xml |  4 ++
  2 files changed, 44 insertions(+), 12 deletions(-)

diff --git 
a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java

index e13bb9e5ac..0576b83442 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1307,8 +1307,44 @@ public abstract class AbstractAccessLogValve 
extends ValveBase implements Access

   * write time taken to process the request - %D, %T
   */
  protected static class ElapsedTimeElement implements 
AccessLogElement {

-    private final boolean micros;
-    private final boolean millis;
+    enum Style {
+    SECONDS {
+    @Override
+    public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));

+    }
+    },
+    MILLISECONDS {
+    @Override
+    public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time)));

+    }
+    },
+    MICROSECONDS {
+    @Override
+    public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));

+    }
+    };
+
+    /**
+ * Append the time to the buffer in the appropriate format.
+ *
+ * @param buf The buffer to append to.
+ * @param time The time to log in nanoseconds.
+ */
+    public abstract void append(CharArrayWriter buf, long time);
+    }
+    private final Style style;
+
+    /**
+ * Create a new ElapsedTimeElement that will log the time in 
the specified style.

+ *
+ * @param style The elapsed-time style to use.
+ */
+    public ElapsedTimeElement(Style style) {
+    this.style = style;
+    }
  /**
   * @param micros true, write time in 
microseconds - %D
@@ -1316,20 +1352,12 @@ public abstract class AbstractAccessLogValve 
extends ValveBase implements Access

   *   time in seconds - %T
   */
  public ElapsedTimeElement(boolean micros, boolean millis) {
-    this.micros = micros;
-    this.millis = millis;
+    this(micros ? Style.MICROSECONDS : millis ? 
Style.MILLISECONDS : Style.SECONDS);

  }
  @Override
  public void addElement(CharArrayWriter buf, Date date, 
Request request, Response response, long time) {

-    if (micros) {
-
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));

-    } else if (millis) {
-
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time)));

-    } else {
-    // second
-
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));

-    }
+    style.append(buf, time);
  }
  }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bda2e5d98c..f6eacba634 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,6 +133,10 @@
  dispatch is now performed rather than completing the request 
using the

  error page mechanism. (markt)
    
+  
+    Re-factor ElapsedTimeElement in AbstractAccessLogValve to use 
a customizable

+    style. (schultz)
+  
  
    
    


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.ap

(tomcat) 02/02: Re-factor ElapsedTimeElement to use a customizable Style

2024-04-19 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 1448eccfd86ef6385e0af629c138ab28405ed6c2
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 10:22:16 2024 -0400

Re-factor ElapsedTimeElement to use a customizable Style
---
 .../catalina/valves/AbstractAccessLogValve.java| 52 +-
 webapps/docs/changelog.xml |  4 ++
 2 files changed, 44 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index df942110ab..03acb492fa 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1309,8 +1309,44 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  * write time taken to process the request - %D, %T
  */
 protected static class ElapsedTimeElement implements AccessLogElement {
-private final boolean micros;
-private final boolean millis;
+enum Style {
+SECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));
+}
+},
+MILLISECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time)));
+}
+},
+MICROSECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));
+}
+};
+
+/**
+ * Append the time to the buffer in the appropriate format.
+ *
+ * @param buf The buffer to append to.
+ * @param time The time to log in nanoseconds.
+ */
+public abstract void append(CharArrayWriter buf, long time);
+}
+private final Style style;
+
+/**
+ * Create a new ElapsedTimeElement that will log the time in the 
specified style.
+ *
+ * @param style The elapsed-time style to use.
+ */
+public ElapsedTimeElement(Style style) {
+this.style = style;
+}
 
 /**
  * @param micros true, write time in microseconds - %D
@@ -1318,20 +1354,12 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  *   time in seconds - %T
  */
 public ElapsedTimeElement(boolean micros, boolean millis) {
-this.micros = micros;
-this.millis = millis;
+this(micros ? Style.MICROSECONDS : millis ? Style.MILLISECONDS : 
Style.SECONDS);
 }
 
 @Override
 public void addElement(CharArrayWriter buf, Date date, Request 
request, Response response, long time) {
-if (micros) {
-buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));
-} else if (millis) {
-buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time)));
-} else {
-// second
-
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));
-}
+style.append(buf, time);
 }
 }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e724ed92a6..3a295c0937 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -135,6 +135,10 @@
 dispatch is now performed rather than completing the request using the
 error page mechanism. (markt)
   
+  
+Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a 
customizable
+style. (schultz)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: Clarify that time-taken is now in seconds and not fractional-seconds.

2024-04-19 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 89433ad101747669eb34d3e30f26caf4e8d59232
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 09:38:23 2024 -0400

Clarify that time-taken is now in seconds and not fractional-seconds.
---
 webapps/docs/config/valve.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml
index ceb4a84218..800da1b323 100644
--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -465,7 +465,7 @@
 s-ip - Local IP address
 sc-status - HTTP status code of the response
 time - Time the request was served in HH:mm:ss format for 
GMT
-time-taken - Time (in seconds as floating point) taken to serve 
the request
+time-taken - Time (in seconds) taken to serve the request
 x-threadname - Current request thread name (can compare later 
with stacktraces)
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated (1ffc62afa7 -> 1448eccfd8)

2024-04-19 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 1ffc62afa7 Add openssl ffm testing
 new 89433ad101 Clarify that time-taken is now in seconds and not 
fractional-seconds.
 new 1448eccfd8 Re-factor ElapsedTimeElement to use a customizable Style

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../catalina/valves/AbstractAccessLogValve.java| 52 +-
 webapps/docs/changelog.xml |  4 ++
 webapps/docs/config/valve.xml  |  2 +-
 3 files changed, 45 insertions(+), 13 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/02: Clarify that time-taken is now in seconds and not fractional-seconds.

2024-04-19 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit cbc2b3500fc4051d6a94530c50d451cf0c79e54d
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 09:38:23 2024 -0400

Clarify that time-taken is now in seconds and not fractional-seconds.
---
 webapps/docs/config/valve.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml
index ce63a66764..9e5fb8d20d 100644
--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -465,7 +465,7 @@
 s-ip - Local IP address
 sc-status - HTTP status code of the response
 time - Time the request was served in HH:mm:ss format for 
GMT
-time-taken - Time (in seconds as floating point) taken to serve 
the request
+time-taken - Time (in seconds) taken to serve the request
 x-threadname - Current request thread name (can compare later 
with stacktraces)
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 02/02: Re-factor ElapsedTimeElement to use a customizable Style

2024-04-19 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d3482c35bf144cc891dfa325b2f2f50460708c23
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 10:22:16 2024 -0400

Re-factor ElapsedTimeElement to use a customizable Style
---
 .../catalina/valves/AbstractAccessLogValve.java| 52 +-
 webapps/docs/changelog.xml |  4 ++
 2 files changed, 44 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index e13bb9e5ac..0576b83442 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1307,8 +1307,44 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  * write time taken to process the request - %D, %T
  */
 protected static class ElapsedTimeElement implements AccessLogElement {
-private final boolean micros;
-private final boolean millis;
+enum Style {
+SECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));
+}
+},
+MILLISECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time)));
+}
+},
+MICROSECONDS {
+@Override
+public void append(CharArrayWriter buf, long time) {
+
buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));
+}
+};
+
+/**
+ * Append the time to the buffer in the appropriate format.
+ *
+ * @param buf The buffer to append to.
+ * @param time The time to log in nanoseconds.
+ */
+public abstract void append(CharArrayWriter buf, long time);
+}
+private final Style style;
+
+/**
+ * Create a new ElapsedTimeElement that will log the time in the 
specified style.
+ *
+ * @param style The elapsed-time style to use.
+ */
+public ElapsedTimeElement(Style style) {
+this.style = style;
+}
 
 /**
  * @param micros true, write time in microseconds - %D
@@ -1316,20 +1352,12 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
  *   time in seconds - %T
  */
 public ElapsedTimeElement(boolean micros, boolean millis) {
-this.micros = micros;
-this.millis = millis;
+this(micros ? Style.MICROSECONDS : millis ? Style.MILLISECONDS : 
Style.SECONDS);
 }
 
 @Override
 public void addElement(CharArrayWriter buf, Date date, Request 
request, Response response, long time) {
-if (micros) {
-buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time)));
-} else if (millis) {
-buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time)));
-} else {
-// second
-
buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time)));
-}
+style.append(buf, time);
 }
 }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bda2e5d98c..f6eacba634 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,6 +133,10 @@
 dispatch is now performed rather than completing the request using the
 error page mechanism. (markt)
   
+  
+Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a 
customizable
+style. (schultz)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated (899e06a7ba -> d3482c35bf)

2024-04-19 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 899e06a7ba Merge branch 'main' of https://github.com/apache/tomcat
 new cbc2b3500f Clarify that time-taken is now in seconds and not 
fractional-seconds.
 new d3482c35bf Re-factor ElapsedTimeElement to use a customizable Style

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../catalina/valves/AbstractAccessLogValve.java| 52 +-
 webapps/docs/changelog.xml |  4 ++
 webapps/docs/config/valve.xml  |  2 +-
 3 files changed, 45 insertions(+), 13 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.

2024-04-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 4f109c8699 Don't create a StringBuilder object until we know we have 
at least one Cookie value to log.
4f109c8699 is described below

commit 4f109c86994df4aa54ba31df424c4202a62ed367
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 09:30:50 2024 -0400

Don't create a StringBuilder object until we know we have at least one 
Cookie value to log.
---
 java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++-
 webapps/docs/changelog.xml  | 4 
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 0287eab383..7a9c83d849 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1483,7 +1483,7 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 
 @Override
 public void addElement(CharArrayWriter buf, Date date, Request 
request, Response response, long time) {
-StringBuilder value = new StringBuilder();
+StringBuilder value = null;
 boolean first = true;
 Cookie[] cookies = request.getCookies();
 if (cookies != null) {
@@ -1494,6 +1494,7 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 } else {
 value.append(',');
 }
+value = new StringBuilder();
 value.append(cookie.getValue());
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index de4e1b77a2..325138 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,10 @@
 trimCredentials setting will be removed in Tomcat 11.
 (markt)
   
+  
+Small performance optimization when logging cookies with no values.
+(schultz)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.

2024-04-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new e2de58c702 Don't create a StringBuilder object until we know we have 
at least one Cookie value to log.
e2de58c702 is described below

commit e2de58c70266bb99557f318e86bf846b01cc13e9
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 09:30:50 2024 -0400

Don't create a StringBuilder object until we know we have at least one 
Cookie value to log.
---
 java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++-
 webapps/docs/changelog.xml  | 4 
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index b1d77e974b..df942110ab 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1481,7 +1481,7 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 
 @Override
 public void addElement(CharArrayWriter buf, Date date, Request 
request, Response response, long time) {
-StringBuilder value = new StringBuilder();
+StringBuilder value = null;
 boolean first = true;
 Cookie[] cookies = request.getCookies();
 if (cookies != null) {
@@ -1492,6 +1492,7 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 } else {
 value.append(',');
 }
+value = new StringBuilder();
 value.append(cookie.getValue());
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ff466e8bdd..ffd50ade32 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,10 @@
 trimCredentials setting will be removed in Tomcat 11.
 (markt)
   
+  
+Small performance optimization when logging cookies with no values.
+(schultz)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.

2024-04-18 Thread schultz

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 23facd507d Don't create a StringBuilder object until we know we have 
at least one Cookie value to log.
23facd507d is described below

commit 23facd507db72d583ed89a13f20ab1cb766f0221
Author: Christopher Schultz 
AuthorDate: Thu Apr 18 09:30:50 2024 -0400

Don't create a StringBuilder object until we know we have at least one 
Cookie value to log.
---
 java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++-
 webapps/docs/changelog.xml  | 4 
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java 
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 5502d1c183..e13bb9e5ac 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1479,7 +1479,7 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 
 @Override
 public void addElement(CharArrayWriter buf, Date date, Request 
request, Response response, long time) {
-StringBuilder value = new StringBuilder();
+StringBuilder value = null;
 boolean first = true;
 Cookie[] cookies = request.getCookies();
 if (cookies != null) {
@@ -1490,6 +1490,7 @@ public abstract class AbstractAccessLogValve extends 
ValveBase implements Access
 } else {
 value.append(',');
 }
+value = new StringBuilder();
 value.append(cookie.getValue());
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8ef77e52aa..f6c6c62962 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,10 @@
 including the removal of the trimCredentials setting which
 is now hard-coded to false. (markt)
   
+  
+Small performance optimization when logging cookies with no values.
+(schultz)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Some remarks on panama libssl loading

2024-04-18 Thread Christopher Schultz


Michael,

On 4/17/24 16:46, Michael Osipov wrote:

On 2024/04/17 14:21:06 Rainer Jung wrote:

Am 17.04.24 um 15:34 schrieb Michael Osipov:

Rainer, I do not fully understand the problem here. We use libtool to solve 
exactly this problem with versioned SONAMEs. It will create symlinks to the 
SONAME.
Do you expect anyone even with dlopen() to load libfoo.o.{SOVERSION} unless it 
is strictly needed?

E.g.:
lrwxr-xr-x  1 root  wheel26 2024-03-22 10:20 /usr/lib/libcrypto.so@ -> 
../../lib/libcrypto.so.111
lrwxr-xr-x  1 root  wheel   13 2024-03-22 10:20 /usr/lib/libssl.so@ -> 
libssl.so.111
-r--r--r--  1 root  wheel   608008 2024-03-22 10:20 /usr/lib/libssl.so.111
and so on...


Yes, I expect that! anyone is the JVM :(

The problem is, that the Java API does not care about these well thought
native traditions. You can not open libssl.so.3 using
System.loadlibrary(String name), because whatever you give it as "name"
parameter it will always try to open libname.so. It always prepends
"lib" to name and always suffixes it with plain ".so".

Yes, it might exist as the first in your list of symlinks, but on most
linux distributions this link is not installed by default, because it is
only needed when doing compilations. So it is only installed when you
install development packages for libs.


Ah, now I see your problem, but it looks like a downstream problem of your 
distro of choice, no? I wonder how you compile then custom software if .so 
isn't present and the linker cannot find it with -L? What if you install the 
devel package to have .so link?


That works, but doesn't seem to be a reasonable requirement if you just 
want to install Ubuntu and Tomcat and run a server.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.23


Rémy,

On 4/16/24 14:34, Rémy Maucherat wrote:

On Tue, Apr 16, 2024 at 3:11 PM Christopher Schultz
 wrote:


The proposed Apache Tomcat 10.1.23 release is now available for
voting. Apache Tomcat 10.1.21 was canceled due to a release-build
mistake and Apache Tomcat 10.1.22 was cancelled due to an option in
startup scripts which would have caused Java 11 environments to fail to
start.

The notable changes compared to 10.1.20 are:

- Improve locking strategies in Catalina core

- Update Basic authentication to implement the requirements of RFC 7617

- Updates to Apache Commons dependencies

- Add OpenSSL support when FFM is available

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1492

The tag is:
https://github.com/apache/tomcat/tree/10.1.23
https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.23 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.1.23


+1
Sorry again for the trouble ...


It's no trouble.

When I was still doing Tomcat 8.5 it would have been worse. I managed to 
get things such that the final digit of both releases was the same and 
it was hard to mess them up. Burning .21 and .22 would have thrown that 
out of wack and I probably would have been doing wrong-tags or 
wrong-emails or whatever.


So don't worry about it :)

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.23


All,

On 4/16/24 09:11, Christopher Schultz wrote:

The proposed Apache Tomcat 10.1.23 release is now available for
voting. Apache Tomcat 10.1.21 was canceled due to a release-build 
mistake and Apache Tomcat 10.1.22 was cancelled due to an option in 
startup scripts which would have caused Java 11 environments to fail to 
start.


The notable changes compared to 10.1.20 are:

- Improve locking strategies in Catalina core

- Update Basic authentication to implement the requirements of RFC 7617

- Updates to Apache Commons dependencies

- Add OpenSSL support when FFM is available

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1492

The tag is:
https://github.com/apache/tomcat/tree/10.1.23
https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.23 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.23


+1 for stable release

Unit tests pass on MacOS aarch64.

Details:

* Environment
*  Java (build):openjdk version "22" 2024-03-19 OpenJDK Runtime 
Environment Temurin-22+36 (build 22+36) OpenJDK 64-Bit Server VM 
Temurin-22+36 (build 22+36, mixed mode)
*  Java (test): openjdk version "22" 2024-03-19 OpenJDK Runtime 
Environment Temurin-22+36 (build 22+36) OpenJDK 64-Bit Server VM 
Temurin-22+36 (build 22+36, mixed mode)
*  Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 
2023

*  OS:  Darwin 23.4.0 arm64
*  cc:  Apple clang version 15.0.0 (clang-1500.3.9.4)
*  make:GNU Make 3.81
*  OpenSSL: OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 
Nov 2023)

*  APR: 1.7.4
*
* Valid SHA-512 signature for apache-tomcat-10.1.23.zip
* Valid GPG signature for apache-tomcat-10.1.23.zip
* Valid SHA-512 signature for apache-tomcat-10.1.23.tar.gz
* Valid GPG signature for apache-tomcat-10.1.23.tar.gz
* Valid SHA-512 signature for apache-tomcat-10.1.23.exe
* Valid GPG signature for apache-tomcat-10.1.23.exe
* Valid SHA512 signature for apache-tomcat-10.1.23-src.zip
* Valid GPG signature for apache-tomcat-10.1.23-src.zip
* Valid SHA512 signature for apache-tomcat-10.1.23-src.tar.gz
* Valid GPG signature for apache-tomcat-10.1.23-src.tar.gz
*
* Binary Zip and tarball: Same
* Source Zip and tarball: Same
*
* Building dependencies returned: 0
* tcnative builds cleanly
* Tomcat builds cleanly
* Junit Tests: PASSED

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 10.1.23


The proposed Apache Tomcat 10.1.23 release is now available for
voting. Apache Tomcat 10.1.21 was canceled due to a release-build 
mistake and Apache Tomcat 10.1.22 was cancelled due to an option in 
startup scripts which would have caused Java 11 environments to fail to 
start.


The notable changes compared to 10.1.20 are:

- Improve locking strategies in Catalina core

- Update Basic authentication to implement the requirements of RFC 7617

- Updates to Apache Commons dependencies

- Add OpenSSL support when FFM is available

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1492

The tag is:
https://github.com/apache/tomcat/tree/10.1.23
https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49

Please reply with a +1 for release or -0/-1 with an explanation.

The proposed 10.1.23 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.23

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Base64 and BASIC authentication