(tomcat) branch main updated: Add anchor target ids for configuration attributes.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 9a9099844d Add anchor target ids for configuration attributes. 9a9099844d is described below commit 9a9099844d1a0f0eff265a6ecfeebc00b05c0659 Author: Christopher Schultz AuthorDate: Tue Jun 11 18:21:32 2024 -0400 Add anchor target ids for configuration attributes. --- webapps/docs/tomcat-docs.xsl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl index 54abf79897..69e27742db 100644 --- a/webapps/docs/tomcat-docs.xsl +++ b/webapps/docs/tomcat-docs.xsl @@ -298,7 +298,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Add anchor target ids for configuration attributes.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 3a8f0d1eb6 Add anchor target ids for configuration attributes. 3a8f0d1eb6 is described below commit 3a8f0d1eb6464fa8d626cc72fdec749b6424505f Author: Christopher Schultz AuthorDate: Tue Jun 11 18:21:32 2024 -0400 Add anchor target ids for configuration attributes. --- webapps/docs/tomcat-docs.xsl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl index 722f21c9eb..8654faf304 100644 --- a/webapps/docs/tomcat-docs.xsl +++ b/webapps/docs/tomcat-docs.xsl @@ -298,7 +298,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Add anchor target ids for configuration attributes.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 275732343a Add anchor target ids for configuration attributes. 275732343a is described below commit 275732343aab48a0192eedd0f5d7e2b1a069d9ca Author: Christopher Schultz AuthorDate: Tue Jun 11 18:21:32 2024 -0400 Add anchor target ids for configuration attributes. --- webapps/docs/tomcat-docs.xsl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl index 83d2393730..8010876ba4 100644 --- a/webapps/docs/tomcat-docs.xsl +++ b/webapps/docs/tomcat-docs.xsl @@ -298,7 +298,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new e560e83766 Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733) e560e83766 is described below commit e560e8376652ce5a32f73e0ac1f1dec54e20cbe7 Author: Dimitrios Soumis AuthorDate: Wed Jun 12 00:12:35 2024 +0300 Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733) --- build.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.xml b/build.xml index 96b7301002..f14d52bf93 100644 --- a/build.xml +++ b/build.xml @@ -1547,7 +1547,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new fd6804041c Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733) fd6804041c is described below commit fd6804041ca4621b67f5a1d9decc3148e985ea39 Author: Dimitrios Soumis AuthorDate: Wed Jun 12 00:12:35 2024 +0300 Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733) --- build.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.xml b/build.xml index 7c4cbfaadf..8a833daaa4 100644 --- a/build.xml +++ b/build.xml @@ -1603,7 +1603,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new bd2b0f50c2 Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733) bd2b0f50c2 is described below commit bd2b0f50c2584e01b189ca196a422b8e63b934d9 Author: Dimitrios Soumis AuthorDate: Wed Jun 12 00:12:35 2024 +0300 Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733) --- build.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.xml b/build.xml index 052d6e9afb..eee0507ba1 100644 --- a/build.xml +++ b/build.xml @@ -1598,7 +1598,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tagging June releases
Mark, On 6/10/24 04:06, Mark Thomas wrote: A bunch of minor issues built up in my TODO list while I was at Community over Code and the Tomcat security day. I'd like to clear these before I tag the June releases. +1 In related news, the release ballots for Servlet and Pages have completed successfully. There is some admin that needs to be completed there as well but the key impact for us is that the next Tomcat 11 vote will be for a BETA release rather than an ALPHA release. :party: My current guess is that I'll be in a position to tag 11.0.x towards the end of the week. I'll provide an update if that changes after I have triaged my inbox. Sounds good to me. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)
Michael, On 6/7/24 10:18, Michael Osipov wrote: On 2024/06/07 12:54:44 Christopher Schultz wrote: Michael, On 6/7/24 08:01, Michael Osipov wrote: On 2024/06/07 08:05:34 Mark Thomas wrote: On 06/06/2024 16:30, Christopher Schultz wrote: All, Resurrecting this thread from 2019. I'd like to remove the SSI configuration from conf/web.xml and put it into webapps/docs/ssi-howto.html. Are there any objections? None here. Do we want to go further and consider removing it entirely for Tomcat 12 onwards. Maybe a question for the users list? I need to admit that there are situations where SSI might be prefered over JSP. Example: I needed limited flexibility for some Asciidoctor generated documents dependening whether it is QA or prod. I didn't want to generate multiple sets of documents (reduce complexity). Now some lines of SSI display a proper QA banner. Good enough for the job. Getting JSP or PHP output with Asciidoctor is almost impossible. It's entirely possible to separate SSI into a different project. I didn't do it because it uses helper-classes in Tomcat for certain things. But if SSI is desirable, it can be packaged separately at the cost of some additional support classes/methods being copied outside of Tomcat. I don't want to support it anymore, but it should be easy *for someone else* to extract and bundle separately :) What is the pain having it off by default, but have the necessary classes still provided in the JARs? They do not require any maintenance. They just work, don't they? They do "just work" but it's basically RCE as a feature which is just bad. The idea that Tomcat should be a Java-based replacement for httpd with all its features is never something I liked. CGI, SSI, RewriteValve, etc. are all vestiges of that idea. If you want CGI and SSI and rewrite, then use the right tool for that job which is a reverse-proxying web server. Let Tomcat deal with all the Java-related stuff and shed all that extra cruft. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)
Michael, On 6/7/24 08:01, Michael Osipov wrote: On 2024/06/07 08:05:34 Mark Thomas wrote: On 06/06/2024 16:30, Christopher Schultz wrote: All, Resurrecting this thread from 2019. I'd like to remove the SSI configuration from conf/web.xml and put it into webapps/docs/ssi-howto.html. Are there any objections? None here. Do we want to go further and consider removing it entirely for Tomcat 12 onwards. Maybe a question for the users list? I need to admit that there are situations where SSI might be prefered over JSP. Example: I needed limited flexibility for some Asciidoctor generated documents dependening whether it is QA or prod. I didn't want to generate multiple sets of documents (reduce complexity). Now some lines of SSI display a proper QA banner. Good enough for the job. Getting JSP or PHP output with Asciidoctor is almost impossible. It's entirely possible to separate SSI into a different project. I didn't do it because it uses helper-classes in Tomcat for certain things. But if SSI is desirable, it can be packaged separately at the cost of some additional support classes/methods being copied outside of Tomcat. I don't want to support it anymore, but it should be easy *for someone else* to extract and bundle separately :) -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Remove JSP file from ROOT web application
Konstantin, On 6/6/24 11:26, Konstantin Kolinko wrote: чт, 6 июн. 2024 г. в 17:44, Christopher Schultz : All, I'd like to change the existing webapps/ROOT/index.jsp to index.html and remove the dynamic elements. Currently, the only truly dynamic element in the whole file is this: " Copyright 1999-${year} Apache Software Foundation. All Rights Reserved " I don't see any particular reason that the Copyright information must always show the "current year". We can simply set this to "the current year" during the release process. This will mean that the default application will be completely static. Not much of an upgrade, *but* if a user would prefer to completely remove Jasper, it means that the default home page will be readable. Hi, Chris! +1 ! We missed you this week. Being involved in moderation of one of our mailing lists, I suspect that some amount of spam is caused by our default web page, when it is de-facto used as the front page of a third-party web site. That is, ASF is wrongly interpreted as an owner of that web site. My thoughts were: a) Replace it with a simple static page that just says "It works" or similar. b) Make content dynamic, so that the current content is shown to localhost clients only, and show the "simple" page for anyone else. An example of "a)" is Apache HTTPD: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/docroot/index.html?revision=1200966=markup https://svn.apache.org/viewvc?view=revision=105393 Oct 2004 (19 years, 8 months ago) My preference is for "a)". Maybe move the old shiny "root" page to the examples web application. This is a reasonable idea. I always thought that httpd's "It works!" page was crappy. I like the Tomcat one better. But I'd like to disable everything in the ROOT web application if possible. Having different behavior for local versus remote visits is an interesting idea. I wouldn't want to implement something like that without more support from other committers. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Enable SecureLifecycleListener by default
Coty, On 6/6/24 11:34, Coty Sutherland wrote: On Thu, Jun 6, 2024 at 10:46 AM Christopher Schultz < ch...@christopherschultz.net> wrote: All, I'd like to remove the around the SecureLifecycleListener in conf/server.xml that we bundle with Tomcat distributions. Before I do so, are there any objections to making this change? No objections from me. I might suggest making the default buildDateWarningAgeDays something like 6 months though rather than no default. If we're trying to encourage secure practices warning about older builds should be part of that config change IMO I got some pushback from the folks who have to support Tomcat for decades which is why it's disabled by default. I'll keep pushing :) -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Enable SecureLifecycleListener by default
Konstantin, On 6/6/24 12:01, Konstantin Kolinko wrote: чт, 6 июн. 2024 г. в 17:46, Christopher Schultz : All, I'd like to remove the around the SecureLifecycleListener in conf/server.xml that we bundle with Tomcat distributions. Before I do so, are there any objections to making this change? Its name is "SecurityListener", org.apache.catalina.security.SecurityListener https://tomcat.apache.org/tomcat-11.0-doc/config/listeners.html#Security_Lifecycle_Listener_-_org.apache.catalina.security.SecurityListener Looking at its checks: - "checkedOsUsers": It checks the value of System.getProperty("user.name"); 1. On Windows it is useless. :( What does user.name return when running under Administrator or LocalSystem or whatever? 2. It is possible to run as root to be able to bind to port 80. It is usually done with jsvc (Apache Commons Daemon) and its capability to drop privileges. https://commons.apache.org/proper/commons-daemon/jsvc.html#Downgrading_user https://cwiki.apache.org/confluence/display/TOMCAT/HowTo#HowTo-HowtorunTomcatwithoutrootprivileges? I wonder what the actual value of "user.name" will be in case of "2.". The check is performed at "before init" event, thus earlier than jsvc drops privileges. We can check :) - "minimumUmask" It checks the value of System.getProperty(UMASK_PROPERTY_NAME); UMASK_PROPERTY_NAME = Constants.PACKAGE + ".SecurityListener.UMASK"; 1. On Windows it is useless. +1 and the documentation says it doesn't do any check on Windows. 2. The property is set by a startup script. If it is started in a different way (jsvc / daemon.sh, or directly as a Java application - as done by Eclipse IDE, as an embedded Tomcat), I expect it to break. - "buildDateWarningAgeDays" 1. It is disabled by default. 2. It is checked at start time, but actual servers may run years without a reboot. 3. I wonder how it behaves if Tomcat is embedded in some IOT device. Thus I wonder whether it is worth enabling it. (But if we want to get real feedback, enabling it now for Tomcat 11 is a good starting point.) Yes, this is what I was proposing. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PROPOSAL] Implement additional security checks in SecurityLifecycleListener
All, Tomcat's SecurityLifecycleListener currently checks the current working user's name, the umask and not much else at the moment. I'd like to add "administrator" as another username to look for. (The documentation says that "root" is the only current username checked.) I would also like to add several items from the DISA STIG document found here: https://www.stigviewer.com/stig/apache_tomcat_application_sever_9/2021-12-27/ I haven't decided exactly which items to implement, but I will probably do this as a PR with separate commits for each item. Are there any objections to be starting this work? Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PROPOSAL] Enable SecureLifecycleListener by default
All, I'd like to remove the around the SecureLifecycleListener in conf/server.xml that we bundle with Tomcat distributions. Before I do so, are there any objections to making this change? Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[PROPOSAL] Remove JSP file from ROOT web application
All, I'd like to change the existing webapps/ROOT/index.jsp to index.html and remove the dynamic elements. Currently, the only truly dynamic element in the whole file is this: " Copyright 1999-${year} Apache Software Foundation. All Rights Reserved " I don't see any particular reason that the Copyright information must always show the "current year". We can simply set this to "the current year" during the release process. This will mean that the default application will be completely static. Not much of an upgrade, *but* if a user would prefer to completely remove Jasper, it means that the default home page will be readable. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Remove CGI Servlet
All, Resurrecting this thread from 2019. I will be proceeding with this 4.5-year-old plan to extract the CGI servlet to a separate JAR file to make it easy to "remove" from Tomcat if operators would prefer to do such things. I think I'll also move the configuration from conf/web.xml to webapps/docs/cgi-howto.html while I'm at it so those vestiges are gone. Thanks, -chris On 10/28/19 09:55, Christopher Schultz wrote: All, Note: this was not a vote. There was very little feedback, and responses were mixed. We got exactly one response on the users@ list about real-world usage of CGI, so we cannot draw any conclusions about real-world uses. Otherwise, the consensus seems to be that CGIs should stay a part of the main Tomcat distribution, but that perhaps separating it out into a distinct JAR file and/or separate distribution might be advantageous. It appears that the CGIServlet is completely self-contained. It makes use of the following internal(ish) Tomcat APIs: org.apache.catalina.util.IOTools org.apache.juli.logging.Log org.apache.juli.logging.LogFactory org.apache.tomcat.util.compat.JrePlatform org.apache.tomcat.util.res.StringManager All of these could be replaced if necessary to make a standalone, container-agnostic package. It looks like it would be fairly easy to separate-out the CGIServlet into a separate JAR file packaging if there's utility in that. For example, security-conscious environments may want to remove that JAR file entirely from the Tomcat deployment to be absolutely sure that Runtime.exec() isn't available in the deployed Java code (from the container; yet I realize that SSIServlet/SSIFilter has this, too). I'd like to go ahead and move the CGIServlet from the general catalina.jar file into catalina-cgi.jar. That should only require a small change to the build.xml script. Any objections? -chris On 10/7/19 10:59, Christopher Schultz wrote: All, I recently gave a presentation on locking-down Apache Tomcat[1] and I briefly discussed the "sharp edges" present in Tomcat. Some of them are unnecessarily sharp and may be actually unnecessary. I'm going to make a few proposals to remove functions from Tomcat. Proposal: Remove CGI Servlet Justification: The CGIServlet is another component, like server-side-includes, which is a remote-code execution (RCE) vulnerability as a feature. It is very easy to misconfigure. It is arguably not possible to secure it on Windows[2]. There are better solutions if you want to run Perl, Python, PHP, or whatever on your server in the form of the many fine web-server products out there. -chris [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc at [2] https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/ 23 /everyone-quotes-command-line-arguments-the-wrong-way/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)
All, Resurrecting this thread from 2019. I'd like to remove the SSI configuration from conf/web.xml and put it into webapps/docs/ssi-howto.html. Are there any objections? Thanks, -chris On 10/29/19 05:05, Konstantin Kolinko wrote: пн, 28 окт. 2019 г. в 16:34, Christopher Schultz : [...] The stock conf/web.xml contains a sample configuration for the SSI servlet. We will have to decide what to do with that. I can think of at least two options: a. Remove it from the stock conf/web.xml entirely b. Add comments to conf/web.xml indicating that the SSI component is a separate download I think I like #2 better. The correct way to enable this feature is to copy those fragments into one's own WEB-INF/web.xml. Uncommenting them in the default web.xml file will have [un]expected consequences. Thus I am in favor of moving those configuration fragments to documentation. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Add deprecation metadata to methods moved to Certificate class.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new d52f822c29 Add deprecation metadata to methods moved to Certificate class. d52f822c29 is described below commit d52f822c29b9871f4a08927331d9054c569750ec Author: Christopher Schultz AuthorDate: Wed Jun 5 09:31:23 2024 -0400 Add deprecation metadata to methods moved to Certificate class. --- java/org/apache/tomcat/util/net/SSLHostConfig.java | 80 ++ 1 file changed, 80 insertions(+) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index fcd42b4191..5f177cd64d 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -298,6 +298,11 @@ public class SSLHostConfig implements Serializable { // TODO: This certificate setter can be removed once it is no longer // necessary to support the old configuration attributes (Tomcat 10?). +/** + * @return The default certificate key password. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public String getCertificateKeyPassword() { if (defaultCertificate == null) { return null; @@ -307,12 +312,22 @@ public class SSLHostConfig implements Serializable { } +/** + * @param certificateKeyPassword The password for the default certificate's key. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public void setCertificateKeyPassword(String certificateKeyPassword) { registerDefaultCertificate(); defaultCertificate.setCertificateKeyPassword(certificateKeyPassword); } +/** + * @return The password for the default certificate's key. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public String getCertificateKeyPasswordFile() { if (defaultCertificate == null) { return null; @@ -322,6 +337,11 @@ public class SSLHostConfig implements Serializable { } +/** + * @param certificateKeyPasswordFile The file containing the password for the default certificate's key. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public void setCertificateKeyPasswordFile(String certificateKeyPasswordFile) { registerDefaultCertificate(); defaultCertificate.setCertificateKeyPasswordFile(certificateKeyPasswordFile); @@ -564,6 +584,11 @@ public class SSLHostConfig implements Serializable { // TODO: These certificate setters can be removed once it is no longer // necessary to support the old configuration attributes (Tomcat 10?). +/** + * @return The key alias for the default certificate key. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public String getCertificateKeyAlias() { if (defaultCertificate == null) { return null; @@ -571,12 +596,22 @@ public class SSLHostConfig implements Serializable { return defaultCertificate.getCertificateKeyAlias(); } } +/** + * @param certificateKeyAlias The alias of the certificate key. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public void setCertificateKeyAlias(String certificateKeyAlias) { registerDefaultCertificate(); defaultCertificate.setCertificateKeyAlias(certificateKeyAlias); } +/** + * @return The keystore file for the default certificate. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public String getCertificateKeystoreFile() { if (defaultCertificate == null) { return null; @@ -584,12 +619,22 @@ public class SSLHostConfig implements Serializable { return defaultCertificate.getCertificateKeystoreFile(); } } +/** + * @param certificateKeystoreFile The file containing the certificate keystore. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public void setCertificateKeystoreFile(String certificateKeystoreFile) { registerDefaultCertificate(); defaultCertificate.setCertificateKeystoreFile(certificateKeystoreFile); } +/** + * @return The password for the default certificate's keystore. + * @deprecated Obtain the prefered Certificate and call this method, there. + */ +@Deprecated public String getCertificateKeystorePassword() { if (defaultCertificate == null) { return
(tomcat-native) branch 1.3.x updated: Add changelog
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.3.x by this push: new 2c21cf47d Add changelog 2c21cf47d is described below commit 2c21cf47deb8a432b0c1e0db7a814d9323478708 Author: Christopher Schultz AuthorDate: Sun Jun 2 10:42:42 2024 -0400 Add changelog --- xdocs/miscellaneous/changelog.xml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 4e62e78ac..7b2e74142 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -40,6 +40,13 @@ until properly addressed with https://github.com/openssl/openssl/issues/24416. (michaelo) + + Use ERR_error_string_n with a definite buffer length as a named constant. + (schultz) + + + Ensure local reference capacity is available when creating new arrays + and Strings. (schultz) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Add changelog
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 5b97d9232 Add changelog 5b97d9232 is described below commit 5b97d9232997c6e6adadfe50601b6fa2591ede68 Author: Christopher Schultz AuthorDate: Sun Jun 2 10:42:42 2024 -0400 Add changelog --- xdocs/miscellaneous/changelog.xml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 9127260c1..59ec98a58 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -40,6 +40,13 @@ until properly addressed with https://github.com/openssl/openssl/issues/24416. (michaelo) + + Use ERR_error_string_n with a definite buffer length as a named constant. + (schultz) + + + Ensure local reference capacity is available when creating new arrays + and Strings. (schultz) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch 1.3.x updated: Use ERR_error_string_n instead of ERR_error_string.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.3.x by this push: new 827f57853 Use ERR_error_string_n instead of ERR_error_string. 827f57853 is described below commit 827f578536ea4a6f580fc7b58454c107be38d880 Author: Christopher Schultz AuthorDate: Wed May 15 09:14:14 2024 -0400 Use ERR_error_string_n instead of ERR_error_string. Use header-defined constant for error message buffer sizes. --- native/include/ssl_private.h | 5 +++ native/src/ssl.c | 8 ++--- native/src/sslconf.c | 16 +- native/src/sslcontext.c | 76 ++-- 4 files changed, 55 insertions(+), 50 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index aab34cc9d..3eefd13ed 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -67,6 +67,11 @@ extern ENGINE *tcn_ssl_engine; #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +/* + * The length of error message strings. MUST BE AT LEAST 256. + */ +#define TCN_OPENSSL_ERROR_STRING_LENGTH 256 + /* * Define the SSL options */ diff --git a/native/src/ssl.c b/native/src/ssl.c index 5ca7c0781..40d9c9380 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -1509,9 +1509,9 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, getPeerCertificate)(TCN_STDARGS, TCN_IMPLEMENT_CALL(jstring, SSL, getErrorString)(TCN_STDARGS, jlong number) { -char buf[256]; +char buf[TCN_OPENSSL_ERROR_STRING_LENGTH]; UNREFERENCED(o); -ERR_error_string(number, buf); +ERR_error_string_n(number, buf, TCN_OPENSSL_ERROR_STRING_LENGTH); return tcn_new_string(e, buf); } @@ -1673,8 +1673,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl, return JNI_FALSE; } if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) { -char err[256]; -ERR_error_string(SSL_ERR_get(), err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err); rv = JNI_FALSE; } diff --git a/native/src/sslconf.c b/native/src/sslconf.c index 6ff028b66..603e84288 100644 --- a/native/src/sslconf.c +++ b/native/src/sslconf.c @@ -96,8 +96,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLConf, make)(TCN_STDARGS, jlong pool, ec = SSL_ERR_get(); if (!cctx || ec != 0) { if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not create SSL_CONF context (%s)", err); } else { tcn_Throw(e, "Could not create SSL_CONF context"); @@ -169,8 +169,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong cctx, value_type = SSL_CONF_cmd_value_type(c->cctx, J2S(cmd)); ec = SSL_ERR_get(); if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not determine SSL_CONF command type for '%s' (%s)", J2S(cmd), err); return 0; } @@ -272,8 +272,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx, ec = SSL_ERR_get(); if (rc <= 0 || ec != 0) { if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value '%s' (%s)", J2S(cmd), buf != NULL ? buf : J2S(value), err); } else { tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value '%s'", J2S(cmd), buf != NULL ? buf : J2S(value)); @@ -304,8 +304,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, finish)(TCN_STDARGS, jlong cctx) ec = SSL_ERR_get(); if (rc <= 0 || ec != 0) { if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not finish SSL_CONF commands (%s)", err); } else { tcn_Throw(e, "Could not finish SSL_CONF commands"); diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 76662cc09..30018ac4c 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -264,8 +264,8 @@ TCN_IMPLEMENT_CALL(jlong, SS
(tomcat-native) branch 1.3.x updated: Ensure local reference capacity is available for array allocations.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.3.x by this push: new b75a3f198 Ensure local reference capacity is available for array allocations. b75a3f198 is described below commit b75a3f1985c6b642556179d01fb1e298d41146fd Author: Christopher Schultz AuthorDate: Thu May 16 09:51:45 2024 -0400 Ensure local reference capacity is available for array allocations. --- native/src/jnilib.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/native/src/jnilib.c b/native/src/jnilib.c index f46774ac2..65f889eca 100644 --- a/native/src/jnilib.c +++ b/native/src/jnilib.c @@ -156,6 +156,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, size_t l) jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len); if (bytes != NULL) { (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data); @@ -165,15 +168,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) jobjectArray tcn_new_arrays(JNIEnv *env, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL); } jstring tcn_new_string(JNIEnv *env, const char *str) { -if (!str) +if (!str) { return NULL; -else +} else { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewStringUTF(env, str); +} } char *tcn_get_string(JNIEnv *env, jstring jstr) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.
Konstantin, On 6/1/24 10:12, Konstantin Kolinko wrote: пт, 31 мая 2024 г. в 20:33, Christopher Schultz : All, I don't think my commit broke the build. Re-winding to fe07505146b7573f36a0d01ba0d2b847af7c9914 shows that the 1.1.x build does not work on my machine. $ sh buildconf --with-apr=apr-1.7.4 (This path is correct) $ cat config.nice #! /bin/sh # # Created by configure "./configure" \ "--with-apr=/usr/local/Cellar/apr/1.7.4/bin/apr-1-config" \ "--with-ssl=/usr/local/Cellar/openssl@1.1/1.1.1w/" \ "$@" $ ./config.nice [... no errors...] $ make clean $ make /bin/sh /usr/local/Cellar/apr/1.7.4/build-1/libtool --silent --mode=compile --tag=CC clang -g -O2 -Wall -DHAVE_CONFIG_H -DDARWIN -DSIGPROCMASK_SETS_THREAD_MASK -g -O2 -DHAVE_OPENSSL -DHAVE_POOL_PRE_CLEANUP -I/Users/christopherschultz/git/tomcat-native/native/include -I/Library/Java/JavaVirtualMachines/temurin-21.jdk/Contents/Home/include -I/Library/Java/JavaVirtualMachines/temurin-21.jdk/Contents/Home/include/darwin -I/usr/local/Cellar/openssl@1.1/1.1.1w//include -I/usr/local/opt/apr/include/apr-1 -o src/ssl.lo -c src/ssl.c && touch src/ssl.lo src/ssl.c:201:7: error: incomplete definition of type 'struct dh_st' dh->p = prime(NULL); ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ [...] The full code in that area is: static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen) { DH *dh = DH_new(); if (!dh) { return NULL; } dh->p = prime(NULL); // Line 201 BN_dec2bn(>g, gen); if (!dh->p || !dh->g) { DH_free(dh); return NULL; } return dh; } Is this just a bad setup on my end? Building the main branch in this environment (but with OpenSSL 3.0) works with some warnings but no errors. Can anyone confirm they can build 1.1.x HEAD? The code in src/ssl.c of Tomcat-Native 1.1.1 cited above is not compatible with "openssl@1.1/1.1.1w". Essentially: - "openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:104:16:" declares an alias: typedef struct dh_st DH; I.e. it declares the name "DH", but the actual definition of "struct dh_st" is elsewhere, not in public include files. (but in some "internal" parts of OpenSSL). Thus the structure can only be used opaquely. The error is that dh->p = prime(NULL); // Line 201 tries to access "p", which is not possible without knowing the internal structure of DH. Note that this is fixed in Tomcat Native 1.3.x: There it calls "DH_set0_pqg()" to set the value of p. Looking at the commit history of OpenSSL 1.1.x, there is the following commit: https://github.com/openssl/openssl/commit/6db7fadf0975c75bfba01dd939063b4bdcb1a0fe "DH: add simple getters for commonly used DH struct members" It is not exactly on topic, but gives references where to look for. Other links: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/ossl_typ.h (declares "typedef struct dh_st DH" https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/dh.h (declares "DH_set0_pqg" and other DH_set / DH_get methods) https://github.com/apache/tomcat-native/blob/1.1.x/native/src/ssl.c#L194 https://github.com/apache/tomcat-native/blob/1.3.x/native/src/ssl.c#L197 (Tomcat Native 1.1 vs 1.3) https://stackoverflow.com/questions/45416806/missing-definitions-in-headerfile-dh-h-openssl-1-1-0f (The same issue encountered by somebody else) Note that the last release of Tomcat Native 1.1.x was 1.1.34 of 2015-12-15 https://tomcat.apache.org/oldnews-2015.html#Tomcat_Native_1.1.34_Released It was built with - APR 1.5.1 - OpenSSL 1.0.1m (as mentioned in VERSIONS file in tomcat-native-1.1.34-win32-bin.zip) Oops. I had meant to patch the 1.3.x branch, but I did not see it in git. I had to specifically check it out to see it. I will remove the patch from 1.1.x which should not be there. I will re-do the patch for 1.3.x. Apologies for the confusion. Thanks, -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.
d declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:867:37: error: incomplete definition of type 'struct bio_st' BIO_JAVA *j = (BIO_JAVA *)bi->ptr; ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:881:7: error: incomplete definition of type 'struct bio_st' bi->shutdown = 1; ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:882:7: error: incomplete definition of type 'struct bio_st' bi->init = 0; ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:883:7: error: incomplete definition of type 'struct bio_st' bi->num = -1; ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:884:7: error: incomplete definition of type 'struct bio_st' bi->ptr = (char *)j; ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:893:11: error: incomplete definition of type 'struct bio_st' if (bi->ptr != NULL) { ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:894:37: error: incomplete definition of type 'struct bio_st' BIO_JAVA *j = (BIO_JAVA *)bi->ptr; ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ src/ssl.c:895:15: error: incomplete definition of type 'struct bio_st' if (bi->init) { ~~^ /usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:79:16: note: forward declaration of 'struct bio_st' typedef struct bio_st BIO; ^ fatal error: too many errors emitted, stopping now [-ferror-limit=] 1 warning and 20 errors generated. make[1]: *** [src/ssl.lo] Error 1 make: *** [all-recursive] Error 1 I get roughly the same behavior when compiling against OpenSSL 3.0 as well. The first error in ssl.c doesn't look like an error to me: src/ssl.c:201:7: error: incomplete definition of type 'struct dh_st' dh->p = prime(NULL); ~~^ The full code in that area is: static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen) { DH *dh = DH_new(); if (!dh) { return NULL; } dh->p = prime(NULL); // Line 201 BN_dec2bn(>g, gen); if (!dh->p || !dh->g) { DH_free(dh); return NULL; } return dh; } Is this just a bad setup on my end? Building the main branch in this environment (but with OpenSSL 3.0) works with some warnings but no errors. Can anyone confirm they can build 1.1.x HEAD? Thanks, -chris On 5/31/24 13:11, schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 1.1.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.1.x by this push: new 0ab6bdd39 Use ERR_error_string_n instead of ERR_error_string. 0ab6bdd39 is described below commit 0ab6bdd3973c702a46a9564266d1f4848bd05b01 Author: Christopher Schultz AuthorDate: Fri May 31 13:10:27 2024 -0400 Use ERR_error_string_n instead of ERR_error_string. Use header-defined constant for error message buffer sizes. --- native/include/ssl_private.h | 5 + native/src/ssl.c | 8 native/src/sslcontext.c | 32 native/src/sslnetwork.c | 4 ++-- 4 files changed, 27 insertions(+), 22 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 68fc8a877..ede9ae94f 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -63,6 +63,11 @@ #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +/* + * The length of error message strings. MUST BE AT LEAST 256. + */ +#define TCN_OPENSSL_ERROR_STRING_LENGTH 256 + /* * Define the SSL options */ diff --git a/native/src/ssl.c b/native/src/ssl.c index d6fdaee55..782de1139 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -806,11 +806,11 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, jint mode) if(1 != (r = (jint)FIPS_mode_set((int)mode))) { /* arrange to get a human-readable error message */ unsigned long err = ERR_get_error(
Re: (tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.
All, Uh, oh. This may have broken the build. Investigating... -chris On 5/31/24 13:11, schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 1.1.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.1.x by this push: new 0ab6bdd39 Use ERR_error_string_n instead of ERR_error_string. 0ab6bdd39 is described below commit 0ab6bdd3973c702a46a9564266d1f4848bd05b01 Author: Christopher Schultz AuthorDate: Fri May 31 13:10:27 2024 -0400 Use ERR_error_string_n instead of ERR_error_string. Use header-defined constant for error message buffer sizes. --- native/include/ssl_private.h | 5 + native/src/ssl.c | 8 native/src/sslcontext.c | 32 native/src/sslnetwork.c | 4 ++-- 4 files changed, 27 insertions(+), 22 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 68fc8a877..ede9ae94f 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -63,6 +63,11 @@ #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +/* + * The length of error message strings. MUST BE AT LEAST 256. + */ +#define TCN_OPENSSL_ERROR_STRING_LENGTH 256 + /* * Define the SSL options */ diff --git a/native/src/ssl.c b/native/src/ssl.c index d6fdaee55..782de1139 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -806,11 +806,11 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, jint mode) if(1 != (r = (jint)FIPS_mode_set((int)mode))) { /* arrange to get a human-readable error message */ unsigned long err = ERR_get_error(); - char msg[256]; + char msg[TCN_OPENSSL_ERROR_STRING_LENGTH]; /* ERR_load_crypto_strings() already called in initialize() */ - ERR_error_string_n(err, msg, 256); + ERR_error_string_n(err, msg, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_ThrowException(e, msg); } @@ -1105,9 +1105,9 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, loadDSATempKey)(TCN_STDARGS, jint idx, TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS) { -char buf[256]; +char buf[TCN_OPENSSL_ERROR_STRING_LENGTH]; UNREFERENCED(o); -ERR_error_string(ERR_get_error(), buf); +ERR_error_string_n(ERR_get_error(), buf, TCN_OPENSSL_ERROR_STRING_LENGTH); return tcn_new_string(e, buf); } diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index c632fc7cf..e2d341c30 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -136,8 +136,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool, } if (!ctx) { -char err[256]; -ERR_error_string(ERR_get_error(), err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err); goto init_failed; } @@ -327,8 +327,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCipherSuite)(TCN_STDARGS, jlong ctx, #else if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) { #endif -char err[256]; -ERR_error_string(ERR_get_error(), err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err); rv = JNI_FALSE; } @@ -348,7 +348,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx TCN_ALLOC_CSTRING(path); jboolean rv = JNI_FALSE; X509_LOOKUP *lookup; -char err[256]; +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; UNREFERENCED(o); TCN_ASSERT(ctx != 0); @@ -362,7 +362,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx if (J2S(file)) { lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file()); if (lookup == NULL) { -ERR_error_string(ERR_get_error(), err); +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); X509_STORE_free(c->crl); c->crl = NULL; tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err); @@ -373,7 +373,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx if (J2S(path)) { lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir()); if (lookup == NULL) { -ERR_error_string(ERR_get_error(), err); +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); X509_STORE_free(c->crl); c->crl = NULL; tcn_Throw(e, "Lookup failed for path %s (%s)", J2S
(tomcat-native) branch 1.1.x updated: Use ERR_error_string_n instead of ERR_error_string.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 1.1.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.1.x by this push: new 0ab6bdd39 Use ERR_error_string_n instead of ERR_error_string. 0ab6bdd39 is described below commit 0ab6bdd3973c702a46a9564266d1f4848bd05b01 Author: Christopher Schultz AuthorDate: Fri May 31 13:10:27 2024 -0400 Use ERR_error_string_n instead of ERR_error_string. Use header-defined constant for error message buffer sizes. --- native/include/ssl_private.h | 5 + native/src/ssl.c | 8 native/src/sslcontext.c | 32 native/src/sslnetwork.c | 4 ++-- 4 files changed, 27 insertions(+), 22 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 68fc8a877..ede9ae94f 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -63,6 +63,11 @@ #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +/* + * The length of error message strings. MUST BE AT LEAST 256. + */ +#define TCN_OPENSSL_ERROR_STRING_LENGTH 256 + /* * Define the SSL options */ diff --git a/native/src/ssl.c b/native/src/ssl.c index d6fdaee55..782de1139 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -806,11 +806,11 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, jint mode) if(1 != (r = (jint)FIPS_mode_set((int)mode))) { /* arrange to get a human-readable error message */ unsigned long err = ERR_get_error(); - char msg[256]; + char msg[TCN_OPENSSL_ERROR_STRING_LENGTH]; /* ERR_load_crypto_strings() already called in initialize() */ - ERR_error_string_n(err, msg, 256); + ERR_error_string_n(err, msg, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_ThrowException(e, msg); } @@ -1105,9 +1105,9 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, loadDSATempKey)(TCN_STDARGS, jint idx, TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS) { -char buf[256]; +char buf[TCN_OPENSSL_ERROR_STRING_LENGTH]; UNREFERENCED(o); -ERR_error_string(ERR_get_error(), buf); +ERR_error_string_n(ERR_get_error(), buf, TCN_OPENSSL_ERROR_STRING_LENGTH); return tcn_new_string(e, buf); } diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index c632fc7cf..e2d341c30 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -136,8 +136,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool, } if (!ctx) { -char err[256]; -ERR_error_string(ERR_get_error(), err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err); goto init_failed; } @@ -327,8 +327,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCipherSuite)(TCN_STDARGS, jlong ctx, #else if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) { #endif -char err[256]; -ERR_error_string(ERR_get_error(), err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err); rv = JNI_FALSE; } @@ -348,7 +348,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx TCN_ALLOC_CSTRING(path); jboolean rv = JNI_FALSE; X509_LOOKUP *lookup; -char err[256]; +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; UNREFERENCED(o); TCN_ASSERT(ctx != 0); @@ -362,7 +362,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx if (J2S(file)) { lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file()); if (lookup == NULL) { -ERR_error_string(ERR_get_error(), err); +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); X509_STORE_free(c->crl); c->crl = NULL; tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err); @@ -373,7 +373,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx if (J2S(path)) { lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir()); if (lookup == NULL) { -ERR_error_string(ERR_get_error(), err); +ERR_error_string_n(ERR_get_error(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); X509_STORE_free(c->crl); c->crl = NULL; tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err); @@ -426,8 +426,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS, */ if (!SSL_CTX_load_verify_locations(c->ctx,
(tomcat-native) branch 1.1.x updated: Ensure local reference capacity is available for array allocations.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 1.1.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.1.x by this push: new 33b2bc8c1 Ensure local reference capacity is available for array allocations. 33b2bc8c1 is described below commit 33b2bc8c18621351e2d73a70c24196fb83363ee1 Author: Christopher Schultz AuthorDate: Thu May 16 09:51:45 2024 -0400 Ensure local reference capacity is available for array allocations. --- native/src/jnilib.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/native/src/jnilib.c b/native/src/jnilib.c index 320cb210e..3886101ba 100644 --- a/native/src/jnilib.c +++ b/native/src/jnilib.c @@ -134,6 +134,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, size_t l) jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len); if (bytes != NULL) { (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data); @@ -143,15 +146,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) jobjectArray tcn_new_arrays(JNIEnv *env, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL); } jstring tcn_new_string(JNIEnv *env, const char *str) { -if (!str) +if (!str) { return NULL; -else +} else { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewStringUTF(env, str); +} } char *tcn_get_string(JNIEnv *env, jstring jstr) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: ServiceBindingPropertySource
Felix, On 5/22/24 14:11, Felix Schumacher wrote: Am 21.05.24 um 19:50 schrieb Christopher Schultz: All, I've been playing with this PropertySource and I'm wondering if it could be improved a little. First of all, it uses an environment variable SERVICE_BINDING_ROOT which is in line with the service binding standard which is documented https://servicebinding.io/. Environment variables are a little icky in Java, so I'd like to do one or more of the following: 1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT environment variable *or* a system property with an appropriate name such as service.binding.root, with the system property overriding the environment variable. This will allow software to use e.g. catalina.properties to define service.binding.root instead of using an environment variable which may be awkward in certain environments. 2. Have ServiceBindingPropertySource fall-back to system property resolution if no matching file is found. Maybe we should do this with all PropertySource classes provided by Tomcat? 3. If the SERVICE_BINDING_ROOT environment variable is being used, copy its value into a system property. This will allow application software or Tomcat itself to use the file reference as necessary. For example: certificateKeyFile="${service.binding.root}/myapp/cert.key" certificateFile="${service.binding.root}/myapp/cert.crt" ... Without this capability, the application must: Why would you have to do this? Could not you use "${path-to-cert-dir}/cert.key"? Where path-to-cert-dir is some sensible name and the value contains (surprise) the path to the directory in which cert and key are living happily together. You can absolutely use this, but Tomcat doesn't let you use environment variables in ${...} expressions. The ServiceBindingPropertySource only knows about one environment variable: SERVICE_BINDING_ROOT. The application can't use that to specify any paths directly. Instead, you'd have to let SBPS resolve a file for you, then read the "value" of the config attribute from the file, and that value needs to be a path itself. So you have to have a file which contains nothing other than another file path. And it's gotta be fully-qualified. And it can't use replacements such as ${SERVICE_BINDING_ROOT}/myapp/my.key. I'm just trying to remove the middle-man because I see it as needless extra work on the part of the admin /and/ Tomcat plus the downside that everything needs to be fully-qualified which reduces flexibility. Apart from that, as Remy pointed out, kubernetes people have no problem with env variables. So maybe the whole ask here is "copy $SERVICE_BINDING_ROOT to -Dservice.binding.root somewhere". That could be catalina.sh/bat or maybe during ServiceBindingPropertySource initialization, which I think is probably a better place for it. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: ServiceBindingPropertySource
Rémy, On 5/22/24 06:14, Rémy Maucherat wrote: On Wed, May 22, 2024 at 9:06 AM Mark Thomas wrote: On 21/05/2024 18:50, Christopher Schultz wrote: 1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT environment variable *or* a system property with an appropriate name such as service.binding.root, with the system property overriding the environment variable. Seems reasonable to me but keep in mind I've never used this code. I haven't either, it's been contributed. I don't really understand why the change overall, Kube uses the environment and never the system properties. I'd like to use this feature without Kubernetes. 2. Have ServiceBindingPropertySource fall-back to system property resolution if no matching file is found. Maybe we should do this with all PropertySource classes provided by Tomcat? My reading of the docs and the code is that SystemPropertySource is always added already. Yes, SystemPropertySource is added. Does it not work properly ? Sorry, I didn't actually try it. I didn't see anything in the PropertySource code for that... maybe it's part of the Digester configuration. Happy to hear this should be the way things work already. 3. If the SERVICE_BINDING_ROOT environment variable is being used, copy its value into a system property. This will allow application software or Tomcat itself to use the file reference as necessary. For example: Again seems reasonable to me but same caveat as above. The resolution should work as it is already given the javadocs from ServiceBindingPropertySource. At this point it would seem easier to simply add -Dservice.binding.root=${SERVICE_BINDING_ROOT} to the Catalina options. This is absolutely doable at the code of a longer JVM launch command-line. Also, lots of people are using Spring Boot or other embedded launchers where modifying the command-line is either difficult, discouraged, or simple non-standard. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
ServiceBindingPropertySource
All, I've been playing with this PropertySource and I'm wondering if it could be improved a little. First of all, it uses an environment variable SERVICE_BINDING_ROOT which is in line with the service binding standard which is documented https://servicebinding.io/. Environment variables are a little icky in Java, so I'd like to do one or more of the following: 1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT environment variable *or* a system property with an appropriate name such as service.binding.root, with the system property overriding the environment variable. This will allow software to use e.g. catalina.properties to define service.binding.root instead of using an environment variable which may be awkward in certain environments. 2. Have ServiceBindingPropertySource fall-back to system property resolution if no matching file is found. Maybe we should do this with all PropertySource classes provided by Tomcat? 3. If the SERVICE_BINDING_ROOT environment variable is being used, copy its value into a system property. This will allow application software or Tomcat itself to use the file reference as necessary. For example: Without this capability, the application must: The values passed-into the certificateKeyFile must point to files on the disk which themselves point to ANOTHER file. So you need two files where one will do, plus the file-on-the-disk needs to know its own path so it can point to the OTHER file which actually contains the key/cert bytes. Does anyone have any comments on the above? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/02: Add reference to servicebinding.io in javadoc.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit a7d010d1c13ac7d5fb187a3a196a0e9d31836a90 Author: Christopher Schultz AuthorDate: Tue May 21 11:51:36 2024 -0400 Add reference to servicebinding.io in javadoc. --- .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 + 1 file changed, 5 insertions(+) diff --git a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java index 997ce354db..52cc7bde83 100644 --- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java +++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java @@ -30,6 +30,11 @@ import org.apache.tomcat.util.security.PermissionCheck; * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource} * that uses Kubernetes service bindings to resolve expressions. * + * + * The Kubernetes service binding specification can be found at + * https://servicebinding.io/;>https://servicebinding.io/. + * + * * Usage example: * * Configure the certificate with a service binding. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/02: Add note about the automatically-generated nature of the Eclipse .classpath file.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 396d6d708e246f7bd8610985f297e291241a4955 Author: Christopher Schultz AuthorDate: Tue May 21 11:50:11 2024 -0400 Add note about the automatically-generated nature of the Eclipse .classpath file. --- res/ide-support/eclipse/eclipse.classpath | 8 1 file changed, 8 insertions(+) diff --git a/res/ide-support/eclipse/eclipse.classpath b/res/ide-support/eclipse/eclipse.classpath index 881f58847e..b4569e6d7d 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++ b/res/ide-support/eclipse/eclipse.classpath @@ -15,6 +15,14 @@ See the License for the specific language governing permissions and limitations under the License. --> + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated (69372a3149 -> 396d6d708e)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 69372a3149 Code clean-up - formatting. No functional change new a7d010d1c1 Add reference to servicebinding.io in javadoc. new 396d6d708e Add note about the automatically-generated nature of the Eclipse .classpath file. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/tomcat/util/digester/ServiceBindingPropertySource.java | 5 + res/ide-support/eclipse/eclipse.classpath | 8 2 files changed, 13 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated (22a5e178b3 -> 48b5f556da)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 22a5e178b3 Add support for shallow copies when using WebDAV new 754a39c118 Add note about the automatically-generated nature of the Eclipse .classpath file. new 48b5f556da Add reference to servicebinding.io in javadoc. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/tomcat/util/digester/ServiceBindingPropertySource.java | 5 + res/ide-support/eclipse/eclipse.classpath | 8 2 files changed, 13 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/02: Add reference to servicebinding.io in javadoc.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 48b5f556dabd0a19ad00260cb942d433e4a3ffd8 Author: Christopher Schultz AuthorDate: Tue May 21 11:51:36 2024 -0400 Add reference to servicebinding.io in javadoc. --- .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 + 1 file changed, 5 insertions(+) diff --git a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java index 997ce354db..52cc7bde83 100644 --- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java +++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java @@ -30,6 +30,11 @@ import org.apache.tomcat.util.security.PermissionCheck; * A {@link org.apache.tomcat.util.IntrospectionUtils.SecurePropertySource} * that uses Kubernetes service bindings to resolve expressions. * + * + * The Kubernetes service binding specification can be found at + * https://servicebinding.io/;>https://servicebinding.io/. + * + * * Usage example: * * Configure the certificate with a service binding. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/02: Add note about the automatically-generated nature of the Eclipse .classpath file.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 754a39c118212f550883af7731e60cf85645e040 Author: Christopher Schultz AuthorDate: Tue May 21 11:50:11 2024 -0400 Add note about the automatically-generated nature of the Eclipse .classpath file. --- res/ide-support/eclipse/eclipse.classpath | 8 1 file changed, 8 insertions(+) diff --git a/res/ide-support/eclipse/eclipse.classpath b/res/ide-support/eclipse/eclipse.classpath index fcad3f3747..bf895ed1d9 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++ b/res/ide-support/eclipse/eclipse.classpath @@ -15,6 +15,14 @@ See the License for the specific language governing permissions and limitations under the License. --> + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated (4176706761 -> 8fcaf322bb)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 4176706761 Add support for shallow copies when using WebDAV new bdbce128a2 Add note about the automatically-generated nature of the Eclipse .classpath file. new 8fcaf322bb Add reference to servicebinding.io in javadoc. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/tomcat/util/digester/ServiceBindingPropertySource.java | 5 + res/ide-support/eclipse/eclipse.classpath | 8 2 files changed, 13 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/02: Add note about the automatically-generated nature of the Eclipse .classpath file.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit bdbce128a2a7d07fd4ad6058fe330b318f7f3b2a Author: Christopher Schultz AuthorDate: Tue May 21 11:50:11 2024 -0400 Add note about the automatically-generated nature of the Eclipse .classpath file. --- res/ide-support/eclipse/eclipse.classpath | 8 1 file changed, 8 insertions(+) diff --git a/res/ide-support/eclipse/eclipse.classpath b/res/ide-support/eclipse/eclipse.classpath index a98e9c610a..06cb31a56c 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++ b/res/ide-support/eclipse/eclipse.classpath @@ -15,6 +15,14 @@ See the License for the specific language governing permissions and limitations under the License. --> + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/02: Add reference to servicebinding.io in javadoc.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 8fcaf322bb12b6867409fddcdefec2b96ca35655 Author: Christopher Schultz AuthorDate: Tue May 21 11:51:36 2024 -0400 Add reference to servicebinding.io in javadoc. --- .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 5 + 1 file changed, 5 insertions(+) diff --git a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java index bd06630f01..aa1468153f 100644 --- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java +++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java @@ -27,6 +27,11 @@ import org.apache.tomcat.util.IntrospectionUtils; * A {@link org.apache.tomcat.util.IntrospectionUtils.PropertySource} * that uses Kubernetes service bindings to resolve expressions. * + * + * The Kubernetes service binding specification can be found at + * https://servicebinding.io/;>https://servicebinding.io/. + * + * * Usage example: * * Configure the certificate with a service binding. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat-native) branch main updated: Ensure local reference capacity is available for array allocations.
Michael, On 5/20/24 06:37, Michael Osipov wrote: On 2024/05/17 14:37:32 Christopher Schultz wrote: Michael, On 5/16/24 10:39, Michael Osipov wrote: Not for 1.3.x? Good question. I wasn't sure how much energy we are expecting to put into tcnative 1.3.x. I have no problem back-porting this if its what the team wants. I expect 1.3.x to live as long as Tomcat 9.x will live. So it should be on par sans the APR stuff, of course. Everything else will cause us pain. Fair enough. I'll back-port, or approximate it if a direct back-port is not really possible. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat-native) branch main updated: Ensure local reference capacity is available for array allocations.
Michael, On 5/16/24 10:39, Michael Osipov wrote: Not for 1.3.x? Good question. I wasn't sure how much energy we are expecting to put into tcnative 1.3.x. I have no problem back-porting this if its what the team wants. -chris On 2024/05/16 13:52:45 schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new e49f0fe5c Ensure local reference capacity is available for array allocations. e49f0fe5c is described below commit e49f0fe5c26612df01c636e7019cd70d78948976 Author: Christopher Schultz AuthorDate: Thu May 16 09:51:45 2024 -0400 Ensure local reference capacity is available for array allocations. --- native/src/jnilib.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/native/src/jnilib.c b/native/src/jnilib.c index 342df3b9c..836502c52 100644 --- a/native/src/jnilib.c +++ b/native/src/jnilib.c @@ -133,6 +133,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, size_t l) jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len); if (bytes != NULL) { (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data); @@ -142,15 +145,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) jobjectArray tcn_new_arrays(JNIEnv *env, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL); } jstring tcn_new_string(JNIEnv *env, const char *str) { -if (!str) +if (!str) { return NULL; -else +} else { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewStringUTF(env, str); +} } char *tcn_get_string(JNIEnv *env, jstring jstr) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Ensure local reference capacity is available for array allocations.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new e49f0fe5c Ensure local reference capacity is available for array allocations. e49f0fe5c is described below commit e49f0fe5c26612df01c636e7019cd70d78948976 Author: Christopher Schultz AuthorDate: Thu May 16 09:51:45 2024 -0400 Ensure local reference capacity is available for array allocations. --- native/src/jnilib.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/native/src/jnilib.c b/native/src/jnilib.c index 342df3b9c..836502c52 100644 --- a/native/src/jnilib.c +++ b/native/src/jnilib.c @@ -133,6 +133,9 @@ jstring tcn_new_stringn(JNIEnv *env, const char *str, size_t l) jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} jbyteArray bytes = (*env)->NewByteArray(env, (jsize)len); if (bytes != NULL) { (*env)->SetByteArrayRegion(env, bytes, 0, (jint)len, (jbyte *)data); @@ -142,15 +145,22 @@ jbyteArray tcn_new_arrayb(JNIEnv *env, const unsigned char *data, size_t len) jobjectArray tcn_new_arrays(JNIEnv *env, size_t len) { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewObjectArray(env, (jsize)len, jString_class, NULL); } jstring tcn_new_string(JNIEnv *env, const char *str) { -if (!str) +if (!str) { return NULL; -else +} else { +if ((*env)->EnsureLocalCapacity(env, 1) < 0) { +return NULL; /* out of memory error */ +} return (*env)->NewStringUTF(env, str); +} } char *tcn_get_string(JNIEnv *env, jstring jstr) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tcnative] jnilib.c: tcn_new_array* do not call EnsureLocalCapacity
Mark, On 5/15/24 15:49, Mark Thomas wrote: On 15/05/2024 13:53, Christopher Schultz wrote: All, We have a few functions in jnilib.c that create new local references e.g. tcn_new_stringn and most of them call EnsureLocalCapacity to make sure the thread doesn't run out of local references. I'm fairly sure that calling New*Array will fail if such references cannot be created, but the other methods make this protected call beforehand and I feel like we should be consistent. Any objections to me adding calls to EnsureLocalCapacity in tcn_new_array* functions? +1 to be being consistent. Ack. No strong view on whether that means adding them where they are missing or just removing the ones we currently have. The Internets seem to say that running out of local references is entirely possible even with today's monstrous JVMs. I think it's worth adding the calls. They are probably very cheap, anyway, like checking to see if a stack pointer has collided with something else. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tcnative] Should we make DEBUG builds available for Windows?
Mark, On 5/15/24 15:58, Mark Thomas wrote: On 15/05/2024 14:12, Christopher Schultz wrote: IIRC, building a debug version just involves adding something obvious like /DEBUG to the compiler and/or linker and/or NOT stripping-out the debug symbols after the build is complete. Would this represent a burden on the release manager to produce both kinds of builds for an official release? The make file already includes a DEBUG target. We'd just need to confirm it meet our requirements. Running an additional build isn't too burdensome. If you want OpenSSL and APR compiled in debug mode too then that could me a little more work. Yeah, I think we would want that, which means we need two complete builds from start to finish. I don't know how the Windows compiler and linker work very well. On Linux, it's common to strip debug symbols at the very end. Can we build everything with debug info and then produce two final libraries: one including those symbols and one with them stripped-out? In my dissassembly and investigation into that error message, the function doesn't look like it's from tcnative but actually one of the statically-linked objects bundled with it. On other hand, the likelihood of the bug being in tcnative is very high compared to APR or OpenSSL, so having only the debug symbols from tcnative itself would be better than nothing. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Use ERR_error_string_n instead of ERR_error_string.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 4eaa5c93c Use ERR_error_string_n instead of ERR_error_string. 4eaa5c93c is described below commit 4eaa5c93c632f1ea80e889b5458d5b95f57b59a2 Author: Christopher Schultz AuthorDate: Wed May 15 09:14:14 2024 -0400 Use ERR_error_string_n instead of ERR_error_string. Use header-defined constant for error message buffer sizes. --- native/include/ssl_private.h | 5 +++ native/src/ssl.c | 8 ++--- native/src/sslconf.c | 16 +- native/src/sslcontext.c | 76 ++-- 4 files changed, 55 insertions(+), 50 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 6c5c9d297..96e21275c 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -67,6 +67,11 @@ extern ENGINE *tcn_ssl_engine; #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +/* + * The length of error message strings. MUST BE AT LEAST 256. + */ +#define TCN_OPENSSL_ERROR_STRING_LENGTH 256 + /* * Define the SSL options */ diff --git a/native/src/ssl.c b/native/src/ssl.c index 7624a4e67..838300c53 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -1114,9 +1114,9 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, getPeerCertificate)(TCN_STDARGS, TCN_IMPLEMENT_CALL(jstring, SSL, getErrorString)(TCN_STDARGS, jlong number) { -char buf[256]; +char buf[TCN_OPENSSL_ERROR_STRING_LENGTH]; UNREFERENCED(o); -ERR_error_string(number, buf); +ERR_error_string_n(number, buf, TCN_OPENSSL_ERROR_STRING_LENGTH); return tcn_new_string(e, buf); } @@ -1278,8 +1278,8 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl, return JNI_FALSE; } if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) { -char err[256]; -ERR_error_string(SSL_ERR_get(), err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err); rv = JNI_FALSE; } diff --git a/native/src/sslconf.c b/native/src/sslconf.c index e5b18a7ce..02c3513b1 100644 --- a/native/src/sslconf.c +++ b/native/src/sslconf.c @@ -94,8 +94,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLConf, make)(TCN_STDARGS, jlong pool, ec = SSL_ERR_get(); if (!cctx || ec != 0) { if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not create SSL_CONF context (%s)", err); } else { tcn_Throw(e, "Could not create SSL_CONF context"); @@ -167,8 +167,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, check)(TCN_STDARGS, jlong cctx, value_type = SSL_CONF_cmd_value_type(c->cctx, J2S(cmd)); ec = SSL_ERR_get(); if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not determine SSL_CONF command type for '%s' (%s)", J2S(cmd), err); return 0; } @@ -270,8 +270,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)(TCN_STDARGS, jlong cctx, ec = SSL_ERR_get(); if (rc <= 0 || ec != 0) { if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value '%s' (%s)", J2S(cmd), buf != NULL ? buf : J2S(value), err); } else { tcn_Throw(e, "Could not apply SSL_CONF command '%s' with value '%s'", J2S(cmd), buf != NULL ? buf : J2S(value)); @@ -302,8 +302,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, finish)(TCN_STDARGS, jlong cctx) ec = SSL_ERR_get(); if (rc <= 0 || ec != 0) { if (ec != 0) { -char err[256]; -ERR_error_string(ec, err); +char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; +ERR_error_string_n(ec, err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Could not finish SSL_CONF commands (%s)", err); } else { tcn_Throw(e, "Could not finish SSL_CONF commands"); diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 0855822e5..a7951f53f 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -263,8 +263,8 @@ TCN_IMPLEMENT_CALL(jlong, SS
Re: [tcnative] switch from using ERR_error_string to ERR_error_string_n
Rémy, On 5/15/24 09:12, Rémy Maucherat wrote: On Tue, May 14, 2024 at 11:15 PM Christopher Schultz wrote: All, I'd like to basically globally-search-and-replace ERR_error_string for ERR_error_string_n and use a #define constant for both the initialization of all char err[256]; and similar strings and use that same constant for all calls to ERR_error_string_n.. Any objections? There should really be no effective change, except: 1. We can raise that error message length constant and have it affect the whole library if we choose. 2. We will be using a length-aware string-manipulation call which is better than using one that assumes that the buffer is at least 256 bytes long. +1 This gives me something to do since I thought this was 128 (this probably came from the tomcat-native code somewhere initially), so I have a problem with the FFM code which I will fix at the same time. It seems 128 is already enough in practice. I already have a patch ready to go. I was just waiting on some feedback before pushing. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tcnative] Should we make DEBUG builds available for Windows?
All, A recent thread was posted with a tcnative crash with not much in the way of useful information in the error: https://lists.apache.org/thread/m1dbj3w1x1oqftqsbj7jbnvkm2073x1o The error details were: " # EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x0001800ccd10, pid=1244, tid=0x0ab0 # # JRE version: OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) (8.0_322-b06) (build 1.8.0_322-b06) # Java VM: OpenJDK 64-Bit Server VM (25.322-b06 mixed mode windows-amd64 compressed oops) # Problematic frame: # C [tcnative-1.dll+0xccd10] # # Core dump written. Default location: D:\Program Files\apache-tomcat\bin\hs_err_pid1244.mdmp " So, not super helpful unless you happen to have a debugger handy. If we had a debug build available for users, we should be able to get better information coming back from that failure, possibly a complete native back-trace. IIRC, building a debug version just involves adding something obvious like /DEBUG to the compiler and/or linker and/or NOT stripping-out the debug symbols after the build is complete. Would this represent a burden on the release manager to produce both kinds of builds for an official release? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tcnative] jnilib.c: tcn_new_array* do not call EnsureLocalCapacity
All, We have a few functions in jnilib.c that create new local references e.g. tcn_new_stringn and most of them call EnsureLocalCapacity to make sure the thread doesn't run out of local references. I'm fairly sure that calling New*Array will fail if such references cannot be created, but the other methods make this protected call beforehand and I feel like we should be consistent. Any objections to me adding calls to EnsureLocalCapacity in tcn_new_array* functions? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tcnative] switch from using ERR_error_string to ERR_error_string_n
Michael, On 5/15/24 05:14, Michael Osipov wrote: On 2024/05/14 21:15:03 Christopher Schultz wrote: All, I'd like to basically globally-search-and-replace ERR_error_string for ERR_error_string_n and use a #define constant for both the initialization of all char err[256]; and similar strings and use that same constant for all calls to ERR_error_string_n.. Any objections? There should really be no effective change, except: 1. We can raise that error message length constant and have it affect the whole library if we choose. 2. We will be using a length-aware string-manipulation call which is better than using one that assumes that the buffer is at least 256 bytes long. Sounds reasonable to have one unified spot. Though I wonder how to better address this with BZ 67609 I think this is unrelated at this point. We still probably need to improve the error-reporting situation overall; the buffer-size is just a detail. and if resizing/realloc would be required?! In every case I changed in the code, nothing is on the heap. Every case is something like this: void foo(...) { char err[256]; ... ERR_error_string(SSL_ERR_get(), err); ... } or if(some_error_condition) { char err[256]; ERR_error_string(SSL_ERR_get(), err); tcn_throw(...); } So re-allocations aren't (currently) on the menu. If we at some point decide to implement more "fully-featured" error reporting/handling, perhaps that will become an issue. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tcnative] switch from using ERR_error_string to ERR_error_string_n
All, I'd like to basically globally-search-and-replace ERR_error_string for ERR_error_string_n and use a #define constant for both the initialization of all char err[256]; and similar strings and use that same constant for all calls to ERR_error_string_n.. Any objections? There should really be no effective change, except: 1. We can raise that error message length constant and have it affect the whole library if we choose. 2. We will be using a length-aware string-manipulation call which is better than using one that assumes that the buffer is at least 256 bytes long. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1917707 - /tomcat/site/trunk/docs/.well-known/security.txt
Author: schultz Date: Mon May 13 18:43:52 2024 New Revision: 1917707 URL: http://svn.apache.org/viewvc?rev=1917707=rev Log: Update security.txt with a current expiration date. Modified: tomcat/site/trunk/docs/.well-known/security.txt Modified: tomcat/site/trunk/docs/.well-known/security.txt URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/.well-known/security.txt?rev=1917707=1917706=1917707=diff == --- tomcat/site/trunk/docs/.well-known/security.txt (original) +++ tomcat/site/trunk/docs/.well-known/security.txt Mon May 13 18:43:52 2024 @@ -3,25 +3,24 @@ Hash: SHA256 Contact: secur...@tomcat.apache.org Contact: https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat -Expires: 2024-01-01T00:00:00 +Expires: 2025-01-01T00:00:00 Acknowledgments: https://tomcat.apache.org/security.html Preferred-Languages: en Canonical: https://tomcat.apache.org/.well-known/security.txt Hiring: https://tomcat.apache.org/getinvolved.html - -BEGIN PGP SIGNATURE- -iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmSR274ACgkQHPApP6U8 -pFiP0RAAx1Ln6cugta2HcnMUTzMYpqb0Mdg4e2tcvQT5J4LFrgP5mMvSJKg3GQKG -mtQ+FBNanf865rhI8Y604vS/2sYrjkh8UYeosg/Yot0UiGxhWzmgeIoXbGB3EuAc -Awuzvr/+s/0KBXXb9ihkyYXqKEoUxtM6QCRlthJS2UkZkrrEjEEhwax0R+2qXCkp -iivjPpyb+XNPTh7Rg8t/fT2vCfHHL4KOvq8DL+p3O+x4MW4bP2fsie4P5SOr7LDg -0zsGZ234UXdStRMqjCU74/5LuswEP3TPJrobeD9yjrljwXGW8gX5DVsl2EXpRgpa -BycUpLvQ9/7RVSXIRabI6vKD0zYljarl8Uryrm/CEOO2stUG7ENBAZVDbg1nCC5p -UMRfX3a+Nigp2UVneUNpepP1vO2ltb6P+dP9T7bISRbomqjSdK+Kjc7clAUOzLH3 -0FX2DqIGViEKaRBBP+0qGYJus8hPt0c37/Sf96/4cdQUOokcDe1sMNbsS2VrNKbx -QPZusS4eFn3JzXbHoqqgs4cGoBKsWhh8Jd9w/F5HYm+0C2Rk9l89uNyknoFbAmME -jpyu1VnYr9zTkusJ+iX2cc0Ttfw7XLLowWCSYzWNvM5FBnf+tyg0qQaD4qF9mk8K -WzchMJGzV0O1hhqanXqA3jUvXtRh5stG88xt+lmrsX2URdPYs80= -=iJYn +iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmZCXykACgkQHPApP6U8 +pFgAaA//cthJsdc3L6wiMpb2+4/RcbGh3SD2oIpO07pGP93JTjG07r1ow7a5fIiY +c3+coNKgKXePZ+vz+/BHOJKpNWXERMetVvdkdMEPIUk4RX0pTqDfrzLXss59rUfg +SJ2j/xelJXUpxBgIqp+Wl+pAj/qj69aF1JWGwZfndYx8ikIes9wkompB0apRPzcV +YwwodI+OIfTZrGd8Z3kGhBBphjgAqrLyT7lR9xg3HOjjoXYJi/PlCamEW8flO84J +Sp5vACx2tOEy6oEwZMQot+ZlueTsYE7ywq39Jcsxt6bhXJYZyJHAtJ4xUJbfcps+ +kFWc84FekrDZqRYnQjw3DbLmp+DwHUHnrcVsChL8+I1M9ZVvQ7HqsDHRj4TgpPQ5 ++hTaV+Qd65f/D6HjoMIxxD3XJQeNkqLveklLGJWd35xgJdXHqvMq3iJ5eBmbnGGh +YWP2E8BI6g0jwQN+g4Tn9dIaNpsiXtIdleBNTSp05gMkeD/ebQ5GeIVNQ7bSjEFD +qmDpnYcgF5tAQbvN1mIDqlY2DQ+vPLL7xLcjZ/2P8Ko++0VAFd3mgT0GXIHnU7wT +TSPCUZdfvPkerSEFFy6qqSyR9KPbW0S0IVR32/UMAA3VukHZZPLYeoGkQ5sKixOB +QWV/e8jo6FhMrRjDUVT6FMDf5w4XvgcWyHsIzGnyhT/ChoJCHfY= +=kk3u -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1917706 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Mon May 13 18:34:01 2024 New Revision: 1917706 URL: http://svn.apache.org/viewvc?rev=1917706=rev Log: Update web site to announce 10.1.24. [This commit notification would consist of 103 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r69134 - /release/tomcat/tomcat-10/v10.1.23/
Author: schultz Date: Mon May 13 18:33:31 2024 New Revision: 69134 Log: Drop old release artifacts Removed: release/tomcat/tomcat-10/v10.1.23/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Increment version numbers for next release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 707ed8d69d Increment version numbers for next release. 707ed8d69d is described below commit 707ed8d69dff5c531c2ff3b9bfb1644b287de7de Author: Christopher Schultz AuthorDate: Mon May 13 14:26:14 2024 -0400 Increment version numbers for next release. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 5 - 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 48f2b60e88..8bb2fa9084 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=24 +version.build=25 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index d5a2848510..f02194e401 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.24 +maven.asf.release.deploy.version=10.1.25 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 96cae84eb1..f1c4b1a0b4 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,10 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r69132 - /dev/tomcat/tomcat-10/v10.1.24/ /release/tomcat/tomcat-10/v10.1.24/
Author: schultz Date: Mon May 13 18:15:10 2024 New Revision: 69132 Log: Promote 10.1.24 to released Added: release/tomcat/tomcat-10/v10.1.24/ - copied from r69131, dev/tomcat/tomcat-10/v10.1.24/ Removed: dev/tomcat/tomcat-10/v10.1.24/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.24
All, The following votes were cast: +1: schultz, remm, markt, rjung Non-binding: +1: rmannibucau There were no other votes, therefore the vote passes. Thanks to everyone who contributed toward this release. Thanks, -chris The proposed Apache Tomcat 10.1.24 release is now available for voting. The notable changes compared to 10.1.23 are: - Correct error handling for asynchronous requests - Refactor HTTP header parsing to use common parsing code and fix non-blocking reads of chunked request bodies including trailer fields - WebDAV locking handling fixes For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.24/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1494 The tag is: https://github.com/apache/tomcat/tree/10.1.24 https://github.com/apache/tomcat/commit/f2a274bc00cf73670a614999561c69a391b5e35f Please reply with a +1 for release or -0/-1 with an explanation. The proposed 10.1.24 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.24 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.24
Mark, On 5/10/24 06:26, Mark Thomas wrote: On 10/05/2024 11:22, Romain Manni-Bucau wrote: Hi Christopher, Is it possible to close the staging repo please (I get a 404)? There is a typo in the VOTE email. The correct staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1495 Thanks for replying about this. Apologies for the typo :/ -chris Le ven. 10 mai 2024 à 10:00, Mark Thomas a écrit : On 09/05/2024 19:12, Christopher Schultz wrote: The proposed 10.1.24 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 10.1.24 Tests pass on Linux, Windows, MacOS (Intel) and MacOS (M1). Build is cross platform reproducible (Linux / Windows). Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.24
All, On 5/9/24 14:12, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.24 release is now available for voting. The notable changes compared to 10.1.23 are: - Correct error handling for asynchronous requests - Refactor HTTP header parsing to use common parsing code and fix non-blocking reads of chunked request bodies including trailer fields - WebDAV locking handling fixes For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.24/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1494 The tag is: https://github.com/apache/tomcat/tree/10.1.24 https://github.com/apache/tomcat/commit/f2a274bc00cf73670a614999561c69a391b5e35f Please reply with a +1 for release or -0/-1 with an explanation. The proposed 10.1.24 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.24 +1 for stable release The build is 100% reproducible on MacOS x86-64. Unit tests pass on MacOS aarch64 and x86-84. Details: * Environment * Java (build):openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Java (test): openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 * OS: Darwin 23.4.0 arm64 * cc: Apple clang version 15.0.0 (clang-1500.3.9.4) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-10.1.24.zip * Valid GPG signature for apache-tomcat-10.1.24.zip * Valid SHA-512 signature for apache-tomcat-10.1.24.tar.gz * Valid GPG signature for apache-tomcat-10.1.24.tar.gz * Valid SHA-512 signature for apache-tomcat-10.1.24.exe * Valid GPG signature for apache-tomcat-10.1.24.exe * Valid SHA512 signature for apache-tomcat-10.1.24-src.zip * Valid GPG signature for apache-tomcat-10.1.24-src.zip * Valid SHA512 signature for apache-tomcat-10.1.24-src.tar.gz * Valid GPG signature for apache-tomcat-10.1.24-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 10.1.24
The proposed Apache Tomcat 10.1.24 release is now available for voting. The notable changes compared to 10.1.23 are: - Correct error handling for asynchronous requests - Refactor HTTP header parsing to use common parsing code and fix non-blocking reads of chunked request bodies including trailer fields - WebDAV locking handling fixes For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.24/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1494 The tag is: https://github.com/apache/tomcat/tree/10.1.24 https://github.com/apache/tomcat/commit/f2a274bc00cf73670a614999561c69a391b5e35f Please reply with a +1 for release or -0/-1 with an explanation. The proposed 10.1.24 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.24 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r69067 - in /dev/tomcat/tomcat-10/v10.1.24: ./ bin/ bin/embed/ src/
Author: schultz Date: Thu May 9 17:49:05 2024 New Revision: 69067 Log: Upload v10.1.24 for voting Added: dev/tomcat/tomcat-10/v10.1.24/ dev/tomcat/tomcat-10/v10.1.24/KEYS dev/tomcat/tomcat-10/v10.1.24/README.html dev/tomcat/tomcat-10/v10.1.24/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.24/bin/ dev/tomcat/tomcat-10/v10.1.24/bin/README.html dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.exe (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.exe.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.exe.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.tar.gz.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.zip (with props) dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.zip.asc dev/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.zip.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/embed/ dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.zip.asc dev/tomcat/tomcat-10/v10.1.24/bin/embed/apache-tomcat-10.1.24-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.24/src/ dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.zip (with props) dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.zip.asc dev/tomcat/tomcat-10/v10.1.24/src/apache-tomcat-10.1.24-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.24/KEYS == --- dev/tomcat/tomcat-10/v10.1.24/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.24/KEYS Thu May 9 17:49:05 2024 @@ -0,0 +1,562 @@ +This file contains the PGP keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8 +Xvu
(tomcat) 01/01: Tag 10.1.24
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.24 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit f2a274bc00cf73670a614999561c69a391b5e35f Author: ChristopherSchultz AuthorDate: Thu May 9 13:46:36 2024 -0400 Tag 10.1.24 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..79b435f490 --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2024-05-09T17:41:23Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/opt/homebrew/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:22.0.1+8 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: aarch64 Mac OS X 14.4.1 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=22.0.1+8 +release-ant-version=1.10.14 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..fe7f8ba63f Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..5ad2e10b63 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..7524ed8db0 --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10
(tomcat) tag 10.1.24 created (now f2a274bc00)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.24 in repository https://gitbox.apache.org/repos/asf/tomcat.git at f2a274bc00 (commit) This tag includes the following new commits: new f2a274bc00 Tag 10.1.24 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Passing down arbitrary auth attributes down to Realm#authenticate()
Michael, On 5/8/24 03:01, Michael Osipov wrote: On 2024/05/07 21:10:33 Christopher Schultz wrote: Michael, On 5/7/24 14:06, Michael Osipov wrote: Folks, I am working on a custom Authenticator and Realm where I need to pass down a custom value to Realm#authenticate(), more specially a value obtained from javax.security.auth.Subject#getPrivateCredentials(). Currently, there is no such facility in the interface. Any idea how to pass this down w/o touching the interface and w/o thread-local values? The only thing I can think of is a custom realm interface, but that means every realm needs to implement it... This is the entire reason that the securityfilter[1] project exists. It's quite old but gets around this kind of thing with... a custom interface. We use it at $work because we want to be able to get IP addresses to log logins and login failures. Tomcat's Realm-related interfaces have always been too restrictive for me, but I'm not entirely sure how to get around them. I had a conversation with markt years ago at an ApacheCon event where I asked about strategies to help out with this sort of thing, and his relatively quick answer without thinking about it too much was to suggest that (a) anything new and major should probably go into the JASPIC/Jakarta Authentication component and (b) JASPIC/Jakarta Authentication might already be able to do what I wanted. I didn't follow-up at the time, so I can't validate whether he was right about (b) or whether (a) would have been particularly easy/hard. Chris, that SF project seems quite abandoned :-( It's more like "in the attic". It does what it needs to do and has been doing it for years. No need to mess around with it. I took once a brief look at JASPIC. I must say it may be the solution to my problem, but currently I am not capable of rewriting the entire code base for it. I Still prefer CMS over "custom" because it gives me subjective better integration. That's fair. I've never dug far enough into JASPIC / Jakarta Authentication to even know how to implement "standard" Tomcat Authenticator / Realm with a simple RDBMS-based user db. So it's possible it's an afternoon of work to re-build what I need on top of JASPIC (as a Provider) or maybe it's weeks which isn't worth it to me. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Passing down arbitrary auth attributes down to Realm#authenticate()
Michael, On 5/7/24 14:06, Michael Osipov wrote: Folks, I am working on a custom Authenticator and Realm where I need to pass down a custom value to Realm#authenticate(), more specially a value obtained from javax.security.auth.Subject#getPrivateCredentials(). Currently, there is no such facility in the interface. Any idea how to pass this down w/o touching the interface and w/o thread-local values? The only thing I can think of is a custom realm interface, but that means every realm needs to implement it... This is the entire reason that the securityfilter[1] project exists. It's quite old but gets around this kind of thing with... a custom interface. We use it at $work because we want to be able to get IP addresses to log logins and login failures. Tomcat's Realm-related interfaces have always been too restrictive for me, but I'm not entirely sure how to get around them. I had a conversation with markt years ago at an ApacheCon event where I asked about strategies to help out with this sort of thing, and his relatively quick answer without thinking about it too much was to suggest that (a) anything new and major should probably go into the JASPIC/Jakarta Authentication component and (b) JASPIC/Jakarta Authentication might already be able to do what I wanted. I didn't follow-up at the time, so I can't validate whether he was right about (b) or whether (a) would have been particularly easy/hard. -chris [1] https://securityfilter.sourceforge.net/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Refactor storage of trailer fields to use MimeHeaders
Mark, On 4/24/24 14:47, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new f087decbc9 Refactor storage of trailer fields to use MimeHeaders f087decbc9 is described below commit f087decbc938eff084b7be92298457736fe783c2 Author: Mark Thomas AuthorDate: Wed Apr 24 19:47:33 2024 +0100 Refactor storage of trailer fields to use MimeHeaders --- java/org/apache/catalina/connector/Request.java | 4 ++-- java/org/apache/coyote/Request.java | 15 +-- .../coyote/http11/filters/ChunkedInputFilter.java | 6 +++--- java/org/apache/coyote/http2/Stream.java | 2 +- java/org/apache/tomcat/util/buf/StringUtils.java | 5 + java/org/apache/tomcat/util/http/MimeHeaders.java | 19 +++ webapps/docs/changelog.xml| 8 7 files changed, 51 insertions(+), 8 deletions(-) diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java index 390ca9daa1..6bf0f0a940 100644 --- a/java/org/apache/catalina/connector/Request.java +++ b/java/org/apache/catalina/connector/Request.java @@ -1763,8 +1763,8 @@ public class Request implements HttpServletRequest { if (!isTrailerFieldsReady()) { throw new IllegalStateException(sm.getString("coyoteRequest.trailersNotReady")); } -Map result = new HashMap<>(coyoteRequest.getTrailerFields()); -return result; +// No need for a defensive copy since a new Map is returned for every call. +return coyoteRequest.getTrailerFields(); } diff --git a/java/org/apache/coyote/Request.java b/java/org/apache/coyote/Request.java index 680aec6a7b..bf948b09a6 100644 --- a/java/org/apache/coyote/Request.java +++ b/java/org/apache/coyote/Request.java @@ -110,7 +110,7 @@ public final class Request { private final MessageBytes localAddrMB = MessageBytes.newInstance(); private final MimeHeaders headers = new MimeHeaders(); -private final Map trailerFields = new HashMap<>(); +private final MimeHeaders trailerFields = new MimeHeaders(); /** * Path parameters @@ -293,6 +293,11 @@ public final class Request { public Map getTrailerFields() { +return trailerFields.toMap(); +} Should getTrailerFields call getMimeTrailerFields instead of using this.trailerFields directly? I'm not sure how much we really care about subclasses... -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Add support for timescales with time-taken access log token. (#721)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new a7e9d7da69 Add support for timescales with time-taken access log token. (#721) a7e9d7da69 is described below commit a7e9d7da695f0f0de8d4a5494e1dc655f20cf62f Author: Christopher Schultz AuthorDate: Fri Apr 26 13:17:57 2024 -0400 Add support for timescales with time-taken access log token. (#721) Add support for timescales with time-taken access log token. Add support for nanosecond and fractional-second timescales. --- .../catalina/valves/AbstractAccessLogValve.java| 32 +++--- .../catalina/valves/ExtendedAccessLogValve.java| 14 +- webapps/docs/changelog.xml | 5 webapps/docs/config/valve.xml | 9 -- 4 files changed, 52 insertions(+), 8 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 5c4e67dde6..286647cfed 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1316,6 +1316,19 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); } }, +SECONDS_FRACTIONAL { +@Override +public void append(CharArrayWriter buf, long time) { +time = time / 100; // Convert to millis +buf.append(Long.toString(time / 1000)); +buf.append('.'); +int remains = (int) (time % 1000); +buf.append(Long.toString(remains / 100)); +remains = remains % 100; +buf.append(Long.toString(remains / 10)); +buf.append(Long.toString(remains % 10)); +} +}, MILLISECONDS { @Override public void append(CharArrayWriter buf, long time) { @@ -1327,6 +1340,12 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access public void append(CharArrayWriter buf, long time) { buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); } +}, +NANOSECONDS { +@Override +public void append(CharArrayWriter buf, long time) { +buf.append(Long.toString(time)); +} }; /** @@ -1337,10 +1356,11 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access */ public abstract void append(CharArrayWriter buf, long time); } + private final Style style; /** - * Create a new ElapsedTimeElement that will log the time in the specified style. + * Creates a new ElapsedTimeElement that will log the time in the specified style. * * @param style The elapsed-time style to use. */ @@ -1760,10 +1780,14 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access return new DateAndTimeElement(name); case 'T': // ms for milliseconds, us for microseconds, and s for seconds -if ("ms".equals(name)) { -return new ElapsedTimeElement(false, true); +if ("ns".equals(name)) { +return new ElapsedTimeElement(ElapsedTimeElement.Style.NANOSECONDS); } else if ("us".equals(name)) { -return new ElapsedTimeElement(true, false); +return new ElapsedTimeElement(ElapsedTimeElement.Style.MICROSECONDS); +} else if ("ms".equals(name)) { +return new ElapsedTimeElement(ElapsedTimeElement.Style.MILLISECONDS); +} else if ("fracsec".equals(name)) { +return new ElapsedTimeElement(ElapsedTimeElement.Style.SECONDS_FRACTIONAL); } else { return new ElapsedTimeElement(false, false); } diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java index c75e41dc01..8b9c9f090c 100644 --- a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java +++ b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java @@ -535,7 +535,19 @@ public class ExtendedAccessLogValve extends AccessLogValve { if (tokenizer.hasSubToken()) { String nextToken = tokeniz
Re: Refactoring heads up
Mark, On 4/26/24 13:17, Mark Thomas wrote: On 24/04/2024 17:52, Mark Thomas wrote: My plan is to commit these changes to 11.0.x with the low risk parts (e.g. new methods) back-ported. Then, once we can see what is left, we can decide how quickly/slowly we want to back-port the complete fix to 10.1.x and 9.0.x (the issue was reported against 10.1.x). All is looking good so far. The complete refactoring has been applied to 11.0.x 10.1.x and 9.0.x have the new header parser and are using it for the ChunkedInputFilter. The question is how long do we want to wait before back-porting the standard HTTP header parsing? Essentially this means back-porting this commit: https://github.com/apache/tomcat/commit/e5acf2cf0f745350c85d81532826d92b1882469a Thoughts? I'm thinking wait at least one release cycle before back-porting just in case of regressions given that this affects every request. +1 for waiting until next cycle to back-port. I don't think we have to wait any longer than that. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Unit tests using tcnative/panama [Was: [Bug 68910] Improve LibreSSL version check in tcnative.m4]
On 4/18/24 06:05, Rainer Jung wrote: Am 18.04.24 um 09:08 schrieb bugzi...@apache.org: https://bz.apache.org/bugzilla/show_bug.cgi?id=68910 --- Comment #3 from Michael Osipov --- (In reply to Christopher Schultz from comment #1) (In reply to Michael Osipov from comment #0) since we also do support LibreSSL [...] Note: Support for LibreSSL is more of an aspiration and less of a requirement. We don't technically advertise support for LibreSSL, but I would like to be able to support it. FYI. Just ran 10.1.x with LibreSSL 3.5.2: [concat] TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt [concat] TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt [concat] TEST-org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt [concat] TEST-org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt [concat] TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.NIO.txt [concat] TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.NIO2.txt The rest is passing. These are failing for renegotiation or protocol mismatch. That looks very promising. Probably not relevant for this specific topic but maybe of general interest: For other reasons I tried to identify, which unit tests actually load and execute with tcnative and/or panama, and those are very few. Most tests do not use these. Apart from the ones you mentioned as failing: org.apache.catalina.valves.rewrite.TestResolverSSL org.apache.tomcat.util.net.TestClientCert org.apache.tomcat.util.net.TestCustomSslTrustManager org.apache.tomcat.util.net.openssl.TestOpenSSLConf the only other tests I found using tcnative and/or openssl connectors are: org.apache.coyote.http2.TestLargeUpload org.apache.tomcat.util.net.TestClientCertTls13 org.apache.tomcat.util.net.TestSSLHostConfigCompat org.apache.tomcat.util.net.TestSSLHostConfigIntegration org.apache.tomcat.util.net.TestSsl org.apache.tomcat.websocket.TestWebSocketFrameClientSSL org.apache.tomcat.websocket.TestWsWebSocketContainerSSL So almost all of the tests actually using a connector to run servlets etc. only use plain http connectors (or fixed JSSE, but I think such do not exist). A few more might only use the commandline openssl binary. Those are not included in the above lists. I was thinking about this the other day as well, since there are tcnative+APR-based tests in Tomcat 9 which are executed separately from NIO and NIO2. I wasn't ever sure if/how the native library was being loaded. I wonder if on test-start (for those tests which actually use the connector), we could advertise which strategy is actually being used at runtime? I'm aware that FFM isn't supported pre-10.1.23 and that the APR connector has been removed in 10.1 but when running 10.1/11 tests it would be nice to know that the tests are failing because some specific test isn't working via e.g. FFM rather than the native library just didn't load properly and therefore ALL tests are failing. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 10.1.x updated: Fix disastrous cookie-logging patch.
Mark, Thanks for back-porting this. I thought I had already done so. -chris On 4/26/24 12:58, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 783815fd94 Fix disastrous cookie-logging patch. 783815fd94 is described below commit 783815fd940a4ac2f6d7df7bd056e071f54d7de6 Author: Christopher Schultz AuthorDate: Fri Apr 19 10:16:36 2024 -0400 Fix disastrous cookie-logging patch. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 03acb492fa..5c4e67dde6 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1515,17 +1515,19 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access if (cookies != null) { for (Cookie cookie : cookies) { if (cookieNameToLog.equals(cookie.getName())) { +if (value == null) { +value = new StringBuilder(); +} if (first) { first = false; } else { value.append(','); } -value = new StringBuilder(); value.append(cookie.getValue()); } } } -if (value.length() == 0) { +if (value == null) { buf.append('-'); } else { escapeAndAppend(value.toString(), buf); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Fix disastrous cookie-logging patch.
Chuck, On 4/19/24 10:48, Chuck Caldarale wrote: On Apr 19, 2024, at 09:18, Christopher Schultz wrote: Hopefully this patch has the intended effect. ;) I’m not convinced this change will have any measurable performance improvement. The JVM C2 compiler is pretty good with escape analysis, so an unused StringBuilder object may not even get allocated. It should get allocated, since the constructor needs to be called. But it may be allocated in a cheap memory region and immediately become speedily-collected garbage. Also, there’s now an added comparison for each iteration of the cookies loop, plus the additional code for an object allocation. This enlarges the body of the loop, putting more pressure on the microcode cache in the CPU, possibly making each iteration take longer. That's a fair criticism. Are there any practical examples that show a performance benefit or GC reduction? None. I made this change merely based upon code inspection. Since this code executes for every single request, I guessed without evidence that reduction of memory-churn would be beneficial. -chris On 4/19/24 10:17, schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new cbefe8624e Fix disastrous cookie-logging patch. cbefe8624e is described below commit cbefe8624ee5d6255955134d08498f9926295126 Author: Christopher Schultz AuthorDate: Fri Apr 19 10:16:36 2024 -0400 Fix disastrous cookie-logging patch. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 0576b83442..dd29a5ec37 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1513,17 +1513,19 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access if (cookies != null) { for (Cookie cookie : cookies) { if (cookieNameToLog.equals(cookie.getName())) { +if (value == null) { +value = new StringBuilder(); +} if (first) { first = false; } else { value.append(','); } -value = new StringBuilder(); value.append(cookie.getValue()); } } } -if (value.length() == 0) { +if (value == null) { buf.append('-'); } else { escapeAndAppend(value.toString(), buf); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Add support for timescales with time-taken access log token. (#721)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new e9046d96a6 Add support for timescales with time-taken access log token. (#721) e9046d96a6 is described below commit e9046d96a6fd3b23b9b3288154f4bb7ea2f7f2cd Author: Christopher Schultz AuthorDate: Fri Apr 26 13:17:57 2024 -0400 Add support for timescales with time-taken access log token. (#721) Add support for timescales with time-taken access log token. Add support for nanosecond and fractional-second timescales. --- .../catalina/valves/AbstractAccessLogValve.java| 32 +++--- .../catalina/valves/ExtendedAccessLogValve.java| 14 +- webapps/docs/changelog.xml | 5 webapps/docs/config/valve.xml | 9 -- 4 files changed, 52 insertions(+), 8 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index dd29a5ec37..2628c654e2 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1314,6 +1314,19 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); } }, +SECONDS_FRACTIONAL { +@Override +public void append(CharArrayWriter buf, long time) { +time = time / 100; // Convert to millis +buf.append(Long.toString(time / 1000)); +buf.append('.'); +int remains = (int) (time % 1000); +buf.append(Long.toString(remains / 100)); +remains = remains % 100; +buf.append(Long.toString(remains / 10)); +buf.append(Long.toString(remains % 10)); +} +}, MILLISECONDS { @Override public void append(CharArrayWriter buf, long time) { @@ -1325,6 +1338,12 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access public void append(CharArrayWriter buf, long time) { buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); } +}, +NANOSECONDS { +@Override +public void append(CharArrayWriter buf, long time) { +buf.append(Long.toString(time)); +} }; /** @@ -1335,10 +1354,11 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access */ public abstract void append(CharArrayWriter buf, long time); } + private final Style style; /** - * Create a new ElapsedTimeElement that will log the time in the specified style. + * Creates a new ElapsedTimeElement that will log the time in the specified style. * * @param style The elapsed-time style to use. */ @@ -1758,10 +1778,14 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access return new DateAndTimeElement(name); case 'T': // ms for milliseconds, us for microseconds, and s for seconds -if ("ms".equals(name)) { -return new ElapsedTimeElement(false, true); +if ("ns".equals(name)) { +return new ElapsedTimeElement(ElapsedTimeElement.Style.NANOSECONDS); } else if ("us".equals(name)) { -return new ElapsedTimeElement(true, false); +return new ElapsedTimeElement(ElapsedTimeElement.Style.MICROSECONDS); +} else if ("ms".equals(name)) { +return new ElapsedTimeElement(ElapsedTimeElement.Style.MILLISECONDS); +} else if ("fracsec".equals(name)) { +return new ElapsedTimeElement(ElapsedTimeElement.Style.SECONDS_FRACTIONAL); } else { return new ElapsedTimeElement(false, false); } diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java index f7368b9523..6f5fbe6c6e 100644 --- a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java +++ b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java @@ -541,7 +541,19 @@ public class ExtendedAccessLogValve extends AccessLogValve { if (tokenizer.hasSubToken()) { String nextToken = tokeniz
(tomcat) branch 10.1.x updated: Add release date
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 0262b2abdc Add release date 0262b2abdc is described below commit 0262b2abdca6622318eb8dfb8f1f5f807ee6e7fb Author: Christopher Schultz AuthorDate: Tue Apr 23 16:44:27 2024 -0400 Add release date --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 20ee6a0cbc..82142794da 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -162,7 +162,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r68733 - in /release/tomcat/tomcat-10: v10.1.19/ v10.1.20/
Author: schultz Date: Tue Apr 23 20:40:16 2024 New Revision: 68733 Log: Drop old release artifacts Removed: release/tomcat/tomcat-10/v10.1.19/ release/tomcat/tomcat-10/v10.1.20/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1917292 - /tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html
Author: schultz Date: Tue Apr 23 20:37:56 2024 New Revision: 1917292 URL: http://svn.apache.org/viewvc?rev=1917292=rev Log: Update release date for Tomcat 8.5.100. Modified: tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html Modified: tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html?rev=1917292=1917291=1917292=diff == --- tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html (original) +++ tomcat/site/trunk/docs/tomcat-8.5-doc/changelog.html Tue Apr 23 20:37:56 2024 @@ -1,7 +1,7 @@ Apache Tomcat 8 (8.5.100) - Changeloghttps://tomcat.apache.org/;>https://www.apache.org/; target="_blank">Apache Tomcat 8 Version 8.5.100, -Mar 19 2024LinksDocs Homehttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ;>FAQUser Guide1) Introduction2) Setup3) First webapp4) Deployer5) Manager6) Host Manager7) Realms and AAA8) Security Manager9) JNDI Resources10) JDBC DataSources 11) Classloading12) JSPs13) SSL/TLS14) SSI15) CGI16) Proxy Support17) MBeans Descriptors18) Default Servlet19) Clustering20) Load Balancer21) Connectors22) Monitoring and Management23) Logging24) APR/Native25) Virtual Hosting26) Advanced IO27) Additional Components28) Maveni zed29) Security Considerations30) Windows Service31) Windows Authentication32) Tomcat's JDBC Pool33) WebSocket34) RewriteReferenceRelease NotesConfigurationTomcat JavadocsServlet 3.1 JavadocsJSP 2.3 JavadocsEL 3.0 JavadocsWebSocket 1.1 JavadocsJASPIC 1.1 JavadocsCommon Annotations 1.2 JavadocsJK 1.2 DocumentationApache Tomcat DevelopmentBuildingChangeloghttps://cwiki.apache.org/confluence/display/TOMCAT/Tomcat+Versions;>StatusDevelopersArchitectureTribesChangelog Tomcat 8.5.100 (schultz) +Mar 19 2024LinksDocs Homehttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ;>FAQUser Guide1) Introduction2) Setup3) First webapp4) Deployer5) Manager6) Host Manager7) Realms and AAA8) Security Manager9) JNDI Resources10) JDBC DataSources 11) Classloading12) JSPs13) SSL/TLS14) SSI15) CGI16) Proxy Support17) MBeans Descriptors18) Default Servlet19) Clustering20) Load Balancer21) Connectors22) Monitoring and Management23) Logging24) APR/Native25) Virtual Hosting26) Advanced IO27) Additional Components28) Maveni zed29) Security Considerations30) Windows Service31) Windows Authentication32) Tomcat's JDBC Pool33) WebSocket34) RewriteReferenceRelease NotesConfigurationTomcat JavadocsServlet 3.1 JavadocsJSP 2.3 JavadocsEL 3.0 JavadocsWebSocket 1.1 JavadocsJASPIC 1.1 JavadocsCommon Annotations 1.2 JavadocsJK 1.2 DocumentationApache Tomcat DevelopmentBuildingChangeloghttps://cwiki.apache.org/confluence/display/TOMCAT/Tomcat+Versions;>StatusDevelopersArchitectureTribesChangelog2024-03-25 Tomcat 8.5.100 (schultz) Catalina @@ -12683,4 +12683,4 @@ Apache Tomcat, Tomcat, Apache, the Apache Tomcat logo and the Apache logo are either registered trademarks or trademarks of the Apache Software Foundation. - \ No newline at end of file + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1917291 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Tue Apr 23 20:35:05 2024 New Revision: 1917291 URL: http://svn.apache.org/viewvc?rev=1917291=rev Log: Update website to announce the release of Apache Tomcat 10.1.23. [This commit notification would consist of 468 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r68732 - /dev/tomcat/tomcat-10/v10.1.23/ /release/tomcat/tomcat-10/v10.1.23/
Author: schultz Date: Tue Apr 23 20:26:28 2024 New Revision: 68732 Log: Promote v10.1.23 to released. Added: release/tomcat/tomcat-10/v10.1.23/ - copied from r68731, dev/tomcat/tomcat-10/v10.1.23/ Removed: dev/tomcat/tomcat-10/v10.1.23/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.23
All, The following votes were cast: Binding: +1: schultz, remm, markt, rjung, jfclere Non-binding: +1: Dimitris Soumis There were no other votes, therefore the vote passed. I will begin the release process shortly. Thanks to everyone who contributed toward this release. -chris The proposed Apache Tomcat 10.1.23 release is now available for voting. Apache Tomcat 10.1.21 was canceled due to a release-build mistake and Apache Tomcat 10.1.22 was cancelled due to an option in startup scripts which would have caused Java 11 environments to fail to start. The notable changes compared to 10.1.20 are: - Improve locking strategies in Catalina core - Update Basic authentication to implement the requirements of RFC 7617 - Updates to Apache Commons dependencies - Add OpenSSL support when FFM is available For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1492 The tag is: https://github.com/apache/tomcat/tree/10.1.23 https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49 Please reply with a +1 for release or -0/-1 with an explanation. The proposed 10.1.23 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.23 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.23
Jean-Frederic, On 4/23/24 08:27, jean-frederic clere wrote: On 4/23/24 09:47, Mark Thomas wrote: On 23/04/2024 06:35, jean-frederic clere wrote: On 4/17/24 12:00, Mark Thomas wrote: Build is reproducible. My tests here complain about examples, did I miss something. No idea. You'd need to do a diff to see what didn't match and that will (hopefully) point you towards the root cause. The class files are different... Investigating. I'm holding the VOTE-RESULT email just in case you find something truly weird. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.23
Jean-Frederic, On 4/23/24 08:27, jean-frederic clere wrote: On 4/23/24 09:47, Mark Thomas wrote: On 23/04/2024 06:35, jean-frederic clere wrote: On 4/17/24 12:00, Mark Thomas wrote: Build is reproducible. My tests here complain about examples, did I miss something. No idea. You'd need to do a diff to see what didn't match and that will (hopefully) point you towards the root cause. The class files are different... Investigating. Try using "ant verify-release". It will give you suggestions for investigating anything that doesn't match. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Fix disastrous cookie-logging patch.
All, Hopefully this patch has the intended effect. ;) -chris On 4/19/24 10:17, schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new cbefe8624e Fix disastrous cookie-logging patch. cbefe8624e is described below commit cbefe8624ee5d6255955134d08498f9926295126 Author: Christopher Schultz AuthorDate: Fri Apr 19 10:16:36 2024 -0400 Fix disastrous cookie-logging patch. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 0576b83442..dd29a5ec37 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1513,17 +1513,19 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access if (cookies != null) { for (Cookie cookie : cookies) { if (cookieNameToLog.equals(cookie.getName())) { +if (value == null) { +value = new StringBuilder(); +} if (first) { first = false; } else { value.append(','); } -value = new StringBuilder(); value.append(cookie.getValue()); } } } -if (value.length() == 0) { +if (value == null) { buf.append('-'); } else { escapeAndAppend(value.toString(), buf); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Fix disastrous cookie-logging patch.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new cbefe8624e Fix disastrous cookie-logging patch. cbefe8624e is described below commit cbefe8624ee5d6255955134d08498f9926295126 Author: Christopher Schultz AuthorDate: Fri Apr 19 10:16:36 2024 -0400 Fix disastrous cookie-logging patch. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 0576b83442..dd29a5ec37 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1513,17 +1513,19 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access if (cookies != null) { for (Cookie cookie : cookies) { if (cookieNameToLog.equals(cookie.getName())) { +if (value == null) { +value = new StringBuilder(); +} if (first) { first = false; } else { value.append(','); } -value = new StringBuilder(); value.append(cookie.getValue()); } } } -if (value.length() == 0) { +if (value == null) { buf.append('-'); } else { escapeAndAppend(value.toString(), buf); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.
Mark, On 4/18/24 11:12, Mark Thomas wrote: On 18/04/2024 14:31, schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 23facd507d Don't create a StringBuilder object until we know we have at least one Cookie value to log. 23facd507d is described below commit 23facd507db72d583ed89a13f20ab1cb766f0221 Author: Christopher Schultz AuthorDate: Thu Apr 18 09:30:50 2024 -0400 Don't create a StringBuilder object until we know we have at least one Cookie value to log. -1. veto. Please fix/revert ASAP. Note: This veto applies to this commit and the back-ports. This creates multiple paths where a NPE is possible. OMG what the heck happened to this patch? Grr. I saw this while working on the timestamp-style stuff and decided to separate it out into a separate commit and but did I get it wrong. It NPEs on /every/ path :( Sorry for such a low-quality commit. I'm going to try a "correct" commit on top of it and would appreciate a review. If it still looks like a no-go, I'll revert the whole thing. This does not work if there are multiple cookies with the same name that need to be logged. ACK Thanks, -chris --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++- webapps/docs/changelog.xml | 4 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 5502d1c183..e13bb9e5ac 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1479,7 +1479,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { - StringBuilder value = new StringBuilder(); + StringBuilder value = null; boolean first = true; Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -1490,6 +1490,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access } else { value.append(','); } + value = new StringBuilder(); value.append(cookie.getValue()); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 8ef77e52aa..f6c6c62962 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -123,6 +123,10 @@ including the removal of the trimCredentials setting which is now hard-coded to false. (markt) + + Small performance optimization when logging cookies with no values. + (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.
Mark, On 4/19/24 08:38, Mark Thomas wrote: Ping. Just making sure this veto hasn't been lost in the recent flurry of commits. ACK I'll revert and re-evaluate. Thanks, -chris On 18/04/2024 16:12, Mark Thomas wrote: On 18/04/2024 14:31, schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 23facd507d Don't create a StringBuilder object until we know we have at least one Cookie value to log. 23facd507d is described below commit 23facd507db72d583ed89a13f20ab1cb766f0221 Author: Christopher Schultz AuthorDate: Thu Apr 18 09:30:50 2024 -0400 Don't create a StringBuilder object until we know we have at least one Cookie value to log. -1. veto. Please fix/revert ASAP. Note: This veto applies to this commit and the back-ports. This creates multiple paths where a NPE is possible. This does not work if there are multiple cookies with the same name that need to be logged. Mark --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++- webapps/docs/changelog.xml | 4 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 5502d1c183..e13bb9e5ac 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1479,7 +1479,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { - StringBuilder value = new StringBuilder(); + StringBuilder value = null; boolean first = true; Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -1490,6 +1490,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access } else { value.append(','); } + value = new StringBuilder(); value.append(cookie.getValue()); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 8ef77e52aa..f6c6c62962 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -123,6 +123,10 @@ including the removal of the trimCredentials setting which is now hard-coded to false. (markt) + + Small performance optimization when logging cookies with no values. + (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) 02/02: Re-factor ElapsedTimeElement to use a customizable Style
Mark, On 4/19/24 08:31, Mark Thomas wrote: On 19/04/2024 13:12, schu...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d3482c35bf144cc891dfa325b2f2f50460708c23 Author: Christopher Schultz AuthorDate: Thu Apr 18 10:22:16 2024 -0400 Re-factor ElapsedTimeElement to use a customizable Style How is this customizable? This seems to add complexity to somewhere we probably want to keep things simple. It was preparation for this PR: https://github.com/apache/tomcat/pull/721 The use of two-booleans means that we could support only 4 possible formats where one of them didn't make any sense (i.e. microseconds=true && milliseconds == true). -chris --- .../catalina/valves/AbstractAccessLogValve.java | 52 +- webapps/docs/changelog.xml | 4 ++ 2 files changed, 44 insertions(+), 12 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index e13bb9e5ac..0576b83442 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1307,8 +1307,44 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access * write time taken to process the request - %D, %T */ protected static class ElapsedTimeElement implements AccessLogElement { - private final boolean micros; - private final boolean millis; + enum Style { + SECONDS { + @Override + public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); + } + }, + MILLISECONDS { + @Override + public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time))); + } + }, + MICROSECONDS { + @Override + public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); + } + }; + + /** + * Append the time to the buffer in the appropriate format. + * + * @param buf The buffer to append to. + * @param time The time to log in nanoseconds. + */ + public abstract void append(CharArrayWriter buf, long time); + } + private final Style style; + + /** + * Create a new ElapsedTimeElement that will log the time in the specified style. + * + * @param style The elapsed-time style to use. + */ + public ElapsedTimeElement(Style style) { + this.style = style; + } /** * @param micros true, write time in microseconds - %D @@ -1316,20 +1352,12 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access * time in seconds - %T */ public ElapsedTimeElement(boolean micros, boolean millis) { - this.micros = micros; - this.millis = millis; + this(micros ? Style.MICROSECONDS : millis ? Style.MILLISECONDS : Style.SECONDS); } @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { - if (micros) { - buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); - } else if (millis) { - buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time))); - } else { - // second - buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); - } + style.append(buf, time); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bda2e5d98c..f6eacba634 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -133,6 +133,10 @@ dispatch is now performed rather than completing the request using the error page mechanism. (markt) + + Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a customizable + style. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.ap
(tomcat) 02/02: Re-factor ElapsedTimeElement to use a customizable Style
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 1448eccfd86ef6385e0af629c138ab28405ed6c2 Author: Christopher Schultz AuthorDate: Thu Apr 18 10:22:16 2024 -0400 Re-factor ElapsedTimeElement to use a customizable Style --- .../catalina/valves/AbstractAccessLogValve.java| 52 +- webapps/docs/changelog.xml | 4 ++ 2 files changed, 44 insertions(+), 12 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index df942110ab..03acb492fa 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1309,8 +1309,44 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access * write time taken to process the request - %D, %T */ protected static class ElapsedTimeElement implements AccessLogElement { -private final boolean micros; -private final boolean millis; +enum Style { +SECONDS { +@Override +public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); +} +}, +MILLISECONDS { +@Override +public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time))); +} +}, +MICROSECONDS { +@Override +public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); +} +}; + +/** + * Append the time to the buffer in the appropriate format. + * + * @param buf The buffer to append to. + * @param time The time to log in nanoseconds. + */ +public abstract void append(CharArrayWriter buf, long time); +} +private final Style style; + +/** + * Create a new ElapsedTimeElement that will log the time in the specified style. + * + * @param style The elapsed-time style to use. + */ +public ElapsedTimeElement(Style style) { +this.style = style; +} /** * @param micros true, write time in microseconds - %D @@ -1318,20 +1354,12 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access * time in seconds - %T */ public ElapsedTimeElement(boolean micros, boolean millis) { -this.micros = micros; -this.millis = millis; +this(micros ? Style.MICROSECONDS : millis ? Style.MILLISECONDS : Style.SECONDS); } @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { -if (micros) { -buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); -} else if (millis) { -buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time))); -} else { -// second - buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); -} +style.append(buf, time); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index e724ed92a6..3a295c0937 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -135,6 +135,10 @@ dispatch is now performed rather than completing the request using the error page mechanism. (markt) + +Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a customizable +style. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/02: Clarify that time-taken is now in seconds and not fractional-seconds.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 89433ad101747669eb34d3e30f26caf4e8d59232 Author: Christopher Schultz AuthorDate: Thu Apr 18 09:38:23 2024 -0400 Clarify that time-taken is now in seconds and not fractional-seconds. --- webapps/docs/config/valve.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml index ceb4a84218..800da1b323 100644 --- a/webapps/docs/config/valve.xml +++ b/webapps/docs/config/valve.xml @@ -465,7 +465,7 @@ s-ip - Local IP address sc-status - HTTP status code of the response time - Time the request was served in HH:mm:ss format for GMT -time-taken - Time (in seconds as floating point) taken to serve the request +time-taken - Time (in seconds) taken to serve the request x-threadname - Current request thread name (can compare later with stacktraces) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated (1ffc62afa7 -> 1448eccfd8)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from 1ffc62afa7 Add openssl ffm testing new 89433ad101 Clarify that time-taken is now in seconds and not fractional-seconds. new 1448eccfd8 Re-factor ElapsedTimeElement to use a customizable Style The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../catalina/valves/AbstractAccessLogValve.java| 52 +- webapps/docs/changelog.xml | 4 ++ webapps/docs/config/valve.xml | 2 +- 3 files changed, 45 insertions(+), 13 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/02: Clarify that time-taken is now in seconds and not fractional-seconds.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit cbc2b3500fc4051d6a94530c50d451cf0c79e54d Author: Christopher Schultz AuthorDate: Thu Apr 18 09:38:23 2024 -0400 Clarify that time-taken is now in seconds and not fractional-seconds. --- webapps/docs/config/valve.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml index ce63a66764..9e5fb8d20d 100644 --- a/webapps/docs/config/valve.xml +++ b/webapps/docs/config/valve.xml @@ -465,7 +465,7 @@ s-ip - Local IP address sc-status - HTTP status code of the response time - Time the request was served in HH:mm:ss format for GMT -time-taken - Time (in seconds as floating point) taken to serve the request +time-taken - Time (in seconds) taken to serve the request x-threadname - Current request thread name (can compare later with stacktraces) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/02: Re-factor ElapsedTimeElement to use a customizable Style
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d3482c35bf144cc891dfa325b2f2f50460708c23 Author: Christopher Schultz AuthorDate: Thu Apr 18 10:22:16 2024 -0400 Re-factor ElapsedTimeElement to use a customizable Style --- .../catalina/valves/AbstractAccessLogValve.java| 52 +- webapps/docs/changelog.xml | 4 ++ 2 files changed, 44 insertions(+), 12 deletions(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index e13bb9e5ac..0576b83442 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1307,8 +1307,44 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access * write time taken to process the request - %D, %T */ protected static class ElapsedTimeElement implements AccessLogElement { -private final boolean micros; -private final boolean millis; +enum Style { +SECONDS { +@Override +public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); +} +}, +MILLISECONDS { +@Override +public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time))); +} +}, +MICROSECONDS { +@Override +public void append(CharArrayWriter buf, long time) { + buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); +} +}; + +/** + * Append the time to the buffer in the appropriate format. + * + * @param buf The buffer to append to. + * @param time The time to log in nanoseconds. + */ +public abstract void append(CharArrayWriter buf, long time); +} +private final Style style; + +/** + * Create a new ElapsedTimeElement that will log the time in the specified style. + * + * @param style The elapsed-time style to use. + */ +public ElapsedTimeElement(Style style) { +this.style = style; +} /** * @param micros true, write time in microseconds - %D @@ -1316,20 +1352,12 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access * time in seconds - %T */ public ElapsedTimeElement(boolean micros, boolean millis) { -this.micros = micros; -this.millis = millis; +this(micros ? Style.MICROSECONDS : millis ? Style.MILLISECONDS : Style.SECONDS); } @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { -if (micros) { -buf.append(Long.toString(TimeUnit.NANOSECONDS.toMicros(time))); -} else if (millis) { -buf.append(Long.toString(TimeUnit.NANOSECONDS.toMillis(time))); -} else { -// second - buf.append(Long.toString(TimeUnit.NANOSECONDS.toSeconds(time))); -} +style.append(buf, time); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bda2e5d98c..f6eacba634 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -133,6 +133,10 @@ dispatch is now performed rather than completing the request using the error page mechanism. (markt) + +Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a customizable +style. (schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated (899e06a7ba -> d3482c35bf)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from 899e06a7ba Merge branch 'main' of https://github.com/apache/tomcat new cbc2b3500f Clarify that time-taken is now in seconds and not fractional-seconds. new d3482c35bf Re-factor ElapsedTimeElement to use a customizable Style The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../catalina/valves/AbstractAccessLogValve.java| 52 +- webapps/docs/changelog.xml | 4 ++ webapps/docs/config/valve.xml | 2 +- 3 files changed, 45 insertions(+), 13 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 4f109c8699 Don't create a StringBuilder object until we know we have at least one Cookie value to log. 4f109c8699 is described below commit 4f109c86994df4aa54ba31df424c4202a62ed367 Author: Christopher Schultz AuthorDate: Thu Apr 18 09:30:50 2024 -0400 Don't create a StringBuilder object until we know we have at least one Cookie value to log. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++- webapps/docs/changelog.xml | 4 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 0287eab383..7a9c83d849 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1483,7 +1483,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { -StringBuilder value = new StringBuilder(); +StringBuilder value = null; boolean first = true; Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -1494,6 +1494,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access } else { value.append(','); } +value = new StringBuilder(); value.append(cookie.getValue()); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index de4e1b77a2..325138 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -125,6 +125,10 @@ trimCredentials setting will be removed in Tomcat 11. (markt) + +Small performance optimization when logging cookies with no values. +(schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new e2de58c702 Don't create a StringBuilder object until we know we have at least one Cookie value to log. e2de58c702 is described below commit e2de58c70266bb99557f318e86bf846b01cc13e9 Author: Christopher Schultz AuthorDate: Thu Apr 18 09:30:50 2024 -0400 Don't create a StringBuilder object until we know we have at least one Cookie value to log. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++- webapps/docs/changelog.xml | 4 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index b1d77e974b..df942110ab 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1481,7 +1481,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { -StringBuilder value = new StringBuilder(); +StringBuilder value = null; boolean first = true; Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -1492,6 +1492,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access } else { value.append(','); } +value = new StringBuilder(); value.append(cookie.getValue()); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index ff466e8bdd..ffd50ade32 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -125,6 +125,10 @@ trimCredentials setting will be removed in Tomcat 11. (markt) + +Small performance optimization when logging cookies with no values. +(schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Don't create a StringBuilder object until we know we have at least one Cookie value to log.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 23facd507d Don't create a StringBuilder object until we know we have at least one Cookie value to log. 23facd507d is described below commit 23facd507db72d583ed89a13f20ab1cb766f0221 Author: Christopher Schultz AuthorDate: Thu Apr 18 09:30:50 2024 -0400 Don't create a StringBuilder object until we know we have at least one Cookie value to log. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 3 ++- webapps/docs/changelog.xml | 4 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index 5502d1c183..e13bb9e5ac 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -1479,7 +1479,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { -StringBuilder value = new StringBuilder(); +StringBuilder value = null; boolean first = true; Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -1490,6 +1490,7 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access } else { value.append(','); } +value = new StringBuilder(); value.append(cookie.getValue()); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 8ef77e52aa..f6c6c62962 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -123,6 +123,10 @@ including the removal of the trimCredentials setting which is now hard-coded to false. (markt) + +Small performance optimization when logging cookies with no values. +(schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Some remarks on panama libssl loading
Michael, On 4/17/24 16:46, Michael Osipov wrote: On 2024/04/17 14:21:06 Rainer Jung wrote: Am 17.04.24 um 15:34 schrieb Michael Osipov: Rainer, I do not fully understand the problem here. We use libtool to solve exactly this problem with versioned SONAMEs. It will create symlinks to the SONAME. Do you expect anyone even with dlopen() to load libfoo.o.{SOVERSION} unless it is strictly needed? E.g.: lrwxr-xr-x 1 root wheel26 2024-03-22 10:20 /usr/lib/libcrypto.so@ -> ../../lib/libcrypto.so.111 lrwxr-xr-x 1 root wheel 13 2024-03-22 10:20 /usr/lib/libssl.so@ -> libssl.so.111 -r--r--r-- 1 root wheel 608008 2024-03-22 10:20 /usr/lib/libssl.so.111 and so on... Yes, I expect that! anyone is the JVM :( The problem is, that the Java API does not care about these well thought native traditions. You can not open libssl.so.3 using System.loadlibrary(String name), because whatever you give it as "name" parameter it will always try to open libname.so. It always prepends "lib" to name and always suffixes it with plain ".so". Yes, it might exist as the first in your list of symlinks, but on most linux distributions this link is not installed by default, because it is only needed when doing compilations. So it is only installed when you install development packages for libs. Ah, now I see your problem, but it looks like a downstream problem of your distro of choice, no? I wonder how you compile then custom software if .so isn't present and the linker cannot find it with -L? What if you install the devel package to have .so link? That works, but doesn't seem to be a reasonable requirement if you just want to install Ubuntu and Tomcat and run a server. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.23
Rémy, On 4/16/24 14:34, Rémy Maucherat wrote: On Tue, Apr 16, 2024 at 3:11 PM Christopher Schultz wrote: The proposed Apache Tomcat 10.1.23 release is now available for voting. Apache Tomcat 10.1.21 was canceled due to a release-build mistake and Apache Tomcat 10.1.22 was cancelled due to an option in startup scripts which would have caused Java 11 environments to fail to start. The notable changes compared to 10.1.20 are: - Improve locking strategies in Catalina core - Update Basic authentication to implement the requirements of RFC 7617 - Updates to Apache Commons dependencies - Add OpenSSL support when FFM is available For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1492 The tag is: https://github.com/apache/tomcat/tree/10.1.23 https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49 Please reply with a +1 for release or -0/-1 with an explanation. The proposed 10.1.23 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 10.1.23 +1 Sorry again for the trouble ... It's no trouble. When I was still doing Tomcat 8.5 it would have been worse. I managed to get things such that the final digit of both releases was the same and it was hard to mess them up. Burning .21 and .22 would have thrown that out of wack and I probably would have been doing wrong-tags or wrong-emails or whatever. So don't worry about it :) -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.23
All, On 4/16/24 09:11, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.23 release is now available for voting. Apache Tomcat 10.1.21 was canceled due to a release-build mistake and Apache Tomcat 10.1.22 was cancelled due to an option in startup scripts which would have caused Java 11 environments to fail to start. The notable changes compared to 10.1.20 are: - Improve locking strategies in Catalina core - Update Basic authentication to implement the requirements of RFC 7617 - Updates to Apache Commons dependencies - Add OpenSSL support when FFM is available For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1492 The tag is: https://github.com/apache/tomcat/tree/10.1.23 https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49 Please reply with a +1 for release or -0/-1 with an explanation. The proposed 10.1.23 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.23 +1 for stable release Unit tests pass on MacOS aarch64. Details: * Environment * Java (build):openjdk version "22" 2024-03-19 OpenJDK Runtime Environment Temurin-22+36 (build 22+36) OpenJDK 64-Bit Server VM Temurin-22+36 (build 22+36, mixed mode) * Java (test): openjdk version "22" 2024-03-19 OpenJDK Runtime Environment Temurin-22+36 (build 22+36) OpenJDK 64-Bit Server VM Temurin-22+36 (build 22+36, mixed mode) * Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 * OS: Darwin 23.4.0 arm64 * cc: Apple clang version 15.0.0 (clang-1500.3.9.4) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-10.1.23.zip * Valid GPG signature for apache-tomcat-10.1.23.zip * Valid SHA-512 signature for apache-tomcat-10.1.23.tar.gz * Valid GPG signature for apache-tomcat-10.1.23.tar.gz * Valid SHA-512 signature for apache-tomcat-10.1.23.exe * Valid GPG signature for apache-tomcat-10.1.23.exe * Valid SHA512 signature for apache-tomcat-10.1.23-src.zip * Valid GPG signature for apache-tomcat-10.1.23-src.zip * Valid SHA512 signature for apache-tomcat-10.1.23-src.tar.gz * Valid GPG signature for apache-tomcat-10.1.23-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 10.1.23
The proposed Apache Tomcat 10.1.23 release is now available for voting. Apache Tomcat 10.1.21 was canceled due to a release-build mistake and Apache Tomcat 10.1.22 was cancelled due to an option in startup scripts which would have caused Java 11 environments to fail to start. The notable changes compared to 10.1.20 are: - Improve locking strategies in Catalina core - Update Basic authentication to implement the requirements of RFC 7617 - Updates to Apache Commons dependencies - Add OpenSSL support when FFM is available For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.23/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1492 The tag is: https://github.com/apache/tomcat/tree/10.1.23 https://github.com/apache/tomcat/commit/9062d27dc5122e8241ea62a4c4312af0dc71da49 Please reply with a +1 for release or -0/-1 with an explanation. The proposed 10.1.23 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.23 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Base64 and BASIC authentication
Mark, On 4/16/24 03:18, Mark Thomas wrote: TL;DR - we need to tighten up parsing of BASIC authentication headers. When I switched out Tomcat's Base64 handling for the built-in JRE handling, I noticed that BASIC authentication was using a very relaxed version of the Base64 decoder. That seemed odd, so I replaced it with the standard Base64 decoder. That broke a bunch of tests so I switched to the MIME decoder (the most relaxed) which fixed most - but not all - of the issues. Then I started look at what the tests were testing and the relevant RFCs. The current RFC for HTTP BASIC authentication is RFC 7617. This in turn references numerous other RFCs, most notably RFC 7235 (HTTP Authentication) and RFC 4648 (Base64). Taken together these require that the format of the Authorization header is: - The token "Basic" - Exactly 1 space - The base64 encoding of username:password Tomcat's current implementation is based on RFC 2617 and allows the following: - white space around the base64 Meh. This doesn't seem too impactful. If any part of the credential needs to contain whitespace, that whitespace will be base64 encoded and therefore not-whitespace in the header value. - allows embedded line breaks in the base64 Ew. -1 please - missing padding This seems okay to me. JWT as a very modern example of base64-encoded data in HTTP allows missing padding just to save 1-3 bytes even though the JWTs themselves are monstrous. - illegal characters in the base64 (ignored) - illegal characters in the base64 padding (ignored) These these should probably no longer be ignored. - excessive padding Weird. I wonder if that was intentional. - whitespace around the decoded password Full -1 from me. Whitespace should be allowed as part of a username or password and trimming it is inappropriate. I don't see any of the above causing issues apart from the last one which prevents the use of passwords with leading or trailing whitespace. This is mostly of a cleaning up exercise so the switch to Java's base64 decoder is simpler. Before I merge the change to use the JRE's Base64 encoder, I intend to tighten up the parsing of Basic authentication headers. I intend to do this for all currently supported versions. Any objections? None here. Do the relevant RFCs say anything about the missing padding? If Java allows us to accept pad-less values, I would allow that to continue. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated: Set final release date.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 8ff7e6fc86 Set final release date. 8ff7e6fc86 is described below commit 8ff7e6fc86af3c3e82f318e7f62dc9ae41984be9 Author: Christopher Schultz AuthorDate: Tue Apr 16 08:45:20 2024 -0400 Set final release date. --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 1317ec9d3c..2093bfe034 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,7 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r68575 - in /dev/tomcat/tomcat-10/v10.1.23: ./ bin/ bin/embed/ src/
Author: schultz Date: Tue Apr 16 12:26:24 2024 New Revision: 68575 Log: Upload v10.1.23 for voting Added: dev/tomcat/tomcat-10/v10.1.23/ dev/tomcat/tomcat-10/v10.1.23/KEYS dev/tomcat/tomcat-10/v10.1.23/README.html dev/tomcat/tomcat-10/v10.1.23/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.23/bin/ dev/tomcat/tomcat-10/v10.1.23/bin/README.html dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.exe (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.exe.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.exe.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.tar.gz.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.zip (with props) dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.zip.asc dev/tomcat/tomcat-10/v10.1.23/bin/apache-tomcat-10.1.23.zip.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/embed/ dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.zip.asc dev/tomcat/tomcat-10/v10.1.23/bin/embed/apache-tomcat-10.1.23-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.23/src/ dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.zip (with props) dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.zip.asc dev/tomcat/tomcat-10/v10.1.23/src/apache-tomcat-10.1.23-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.23/KEYS == --- dev/tomcat/tomcat-10/v10.1.23/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.23/KEYS Tue Apr 16 12:26:24 2024 @@ -0,0 +1,562 @@ +This file contains the PGP keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8 +Xvu