Re: [VOTE] Release Apache Tomcat 7.0.54
The proposed 7.0.54 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 7.0.54 Stable Confirmed BZ 56536 ( Classloader issue with HttpSessionBindingListener.valueUnbound, https://issues.apache.org/bugzilla/show_bug.cgi?id=56536 ) is fixed with this release. Thank you Mark :) Do we have an ETA on the stable release? Regards, Maarten van Hulsentop
[VOTE][RESULT] Release Apache Tomcat 8.0.8
Binding: Stable: markt, jfarcand Beta : violetagg, remm, kkolinko Non-binding: Stable: Ognjen Blagojevic This vote therefore passes and Apache Tomcat 8.0.8 will be released as Beta. Thanks to everyone who tested and voted on this RC. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r5401 - /release/tomcat/tomcat-8/v8.0.3/
Author: markt Date: Wed May 21 08:16:36 2014 New Revision: 5401 Log: Clean out old release Removed: release/tomcat/tomcat-8/v8.0.3/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r5402 - /dev/tomcat/tomcat-8/v8.0.8/ /release/tomcat/tomcat-8/v8.0.8/
Author: markt Date: Wed May 21 08:17:27 2014 New Revision: 5402 Log: Release 8.0.8 Added: release/tomcat/tomcat-8/v8.0.8/ - copied from r5366, dev/tomcat/tomcat-8/v8.0.8/ Removed: dev/tomcat/tomcat-8/v8.0.8/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596507 - /tomcat/trunk/webapps/docs/changelog.xml
Author: markt Date: Wed May 21 08:18:25 2014 New Revision: 1596507 URL: http://svn.apache.org/r1596507 Log: Add release date Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1596507r1=1596506r2=1596507view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed May 21 08:18:25 2014 @@ -114,7 +114,7 @@ /changelog /subsection /section -section name=Tomcat 8.0.8 (markt) +section name=Tomcat 8.0.8 (markt) rtext=21 May 2014 subsection name=Catalina changelog fix - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.41
2014-05-19 14:58 GMT+02:00 Mark Thomas ma...@apache.org: The proposed 6.0.41 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 6.0.41 Stable Rémy
Re: [VOTE] Release Apache Tomcat 6.0.41
On 19.5.2014 14:58, Mark Thomas wrote: The proposed 6.0.41 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 6.0.41 Stable Tested .zip distribution on Windows 7 64-bit and Oracle JDK 1.7.0_51: - Tested TLS/SSL connectivity for BIO, NIO and APR connectors. - Crawled all links (except /manager, /host-manager and /examples/async*). No broken links found, except links to JavaDocs. - Smoke tests of BIO, NIO and APR, with and without TLS, all passed. - Tested with several webapps that are in active development. -Ognjen - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.54
2014-05-20 12:04 GMT+02:00 Violeta Georgieva violet...@apache.org: The proposed 7.0.54 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 7.0.54 Stable Rémy
Re: [VOTE] Release Apache Tomcat 6.0.41
On 19/05/14 14:58, Mark Thomas wrote: [X] Stable - go ahead and release as 6.0.41 Stable All my tests are OK. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55915] Add ECDHE support to tcnative-1.dll
https://issues.apache.org/bugzilla/show_bug.cgi?id=55915 Ognjen Blagojevic ognjen.d.blagoje...@gmail.com changed: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #6 from Ognjen Blagojevic ognjen.d.blagoje...@gmail.com --- I also tested 1.1.30 that is released at 10.4.2014, and I am able to use EECDH ciphers now. Thank you. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.54
On 20.5.2014 12:04, Violeta Georgieva wrote: The proposed 7.0.54 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 7.0.54 Stable Tested .zip distribution on Windows 7 64-bit and Oracle JDK 1.7.0_51: - Tested TLS/SSL connectivity for BIO, NIO and APR connectors. - Crawled all links (except /manager, /host-manager and /examples/async*). No broken links found, except links to JavaDocs. - Smoke tests of BIO, NIO and APR, with and without TLS, all passed. - Tested with several webapps that are in active development. -Ognjen - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596541 - /tomcat/trunk/webapps/docs/changelog.xml
Author: kkolinko Date: Wed May 21 11:35:06 2014 New Revision: 1596541 URL: http://svn.apache.org/r1596541 Log: Use ISO 8601 date format, like it was done for earlier versions Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1596541r1=1596540r2=1596541view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed May 21 11:35:06 2014 @@ -114,7 +114,7 @@ /changelog /subsection /section -section name=Tomcat 8.0.8 (markt) rtext=21 May 2014 +section name=Tomcat 8.0.8 (markt) rtext=beta, 2014-05-21 subsection name=Catalina changelog fix - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.54
On 20/05/14 12:04, Violeta Georgieva wrote: [X] Stable - go ahead and release as 7.0.54 Stable My tests are OK. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596546 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java test/javax/servlet/http/TestCookie.java webapps/docs/changelog.xml
Author: markt
Date: Wed May 21 11:58:49 2014
New Revision: 1596546
URL: http://svn.apache.org/r1596546
Log:
Apply patch 01 from jboynes to improve cookie handling.
Allow attribute names as cookie names.
Patch should be safe since it relaxes the current behaviour.
Modified:
tomcat/trunk/java/javax/servlet/http/Cookie.java
tomcat/trunk/test/javax/servlet/http/TestCookie.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1596546r1=1596545r2=1596546view=diff
==
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Wed May 21 11:58:49 2014
@@ -401,16 +401,7 @@ class CookieNameValidator {
if (name == null || name.length() == 0) {
throw new
IllegalArgumentException(lStrings.getString(err.cookie_name_blank));
}
-if (!isToken(name) ||
-name.equalsIgnoreCase(Comment) ||
-name.equalsIgnoreCase(Discard) ||
-name.equalsIgnoreCase(Domain) ||
-name.equalsIgnoreCase(Expires) ||
-name.equalsIgnoreCase(Max-Age) ||
-name.equalsIgnoreCase(Path) ||
-name.equalsIgnoreCase(Secure) ||
-name.equalsIgnoreCase(Version) ||
-name.startsWith($)) {
+if (!isToken(name) || name.startsWith($)) {
String errMsg = lStrings.getString(err.cookie_name_is_token);
throw new IllegalArgumentException(MessageFormat.format(errMsg,
name));
}
Modified: tomcat/trunk/test/javax/servlet/http/TestCookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1596546r1=1596545r2=1596546view=diff
==
--- tomcat/trunk/test/javax/servlet/http/TestCookie.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Wed May 21 11:58:49
2014
@@ -19,7 +19,6 @@ package javax.servlet.http;
import java.util.BitSet;
import org.junit.Assert;
-import org.junit.Ignore;
import org.junit.Test;
/**
@@ -87,59 +86,58 @@ public class TestCookie {
Cookie c = new Cookie($Version, null);
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void tokenVersion() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Version, null);
+Cookie cookie = new Cookie(Version, null);
+Assert.assertEquals(Version, cookie.getName());
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributeVersion() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Comment, null);
+Cookie cookie = new Cookie(Comment, null);
+Assert.assertEquals(Comment, cookie.getName());
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributeDiscard() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Discard, null);
+Cookie cookie = new Cookie(Discard, null);
+Assert.assertEquals(Discard, cookie.getName());
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributeExpires() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Expires, null);
+Cookie cookie = new Cookie(Expires, null);
+Assert.assertEquals(Expires, cookie.getName());
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributeMaxAge() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Max-Age, null);
+Cookie cookie = new Cookie(Max-Age, null);
+Assert.assertEquals(Max-Age, cookie.getName());
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributeDomain() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Domain, null);
+Cookie cookie = new Cookie(Domain, null);
+Assert.assertEquals(Domain, cookie.getName());
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributePath() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Path, null);
+Cookie cookie = new Cookie(Path, null);
+Assert.assertEquals(Path, cookie.getName());
}
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributeSecure() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(Secure, null);
+Cookie cookie = new Cookie(Secure, null);
+Assert.assertEquals(Secure, cookie.getName());
}
-@Ignore(HttpOnly is not checked for)
-@Test(expected = IllegalArgumentException.class)
+@Test
public void attributeHttpOnly() {
-
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=32rev2=33 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ + Of these, patches 01 to 01 have been applied. + There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) * C4 Attribute names are allowed as cookies names - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596551 - in /tomcat/trunk/test/javax/servlet/http: TestCookie.java TestCookieNetscapeValidator.java TestCookieRFC2109Validator.java TestCookieStrict.java
Author: markt
Date: Wed May 21 12:20:23 2014
New Revision: 1596551
URL: http://svn.apache.org/r1596551
Log:
Apply patch 02 from jboynes to improve cookie handling.
Refactor cookie tests to test each CookieNameValidator directly.
I made a few additional changes.
The patch should be safe since it only impacts the unit tests.
Added:
tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
(with props)
tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
(with props)
Modified:
tomcat/trunk/test/javax/servlet/http/TestCookie.java
tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java
Modified: tomcat/trunk/test/javax/servlet/http/TestCookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1596551r1=1596550r2=1596551view=diff
==
--- tomcat/trunk/test/javax/servlet/http/TestCookie.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Wed May 21 12:20:23
2014
@@ -30,8 +30,6 @@ public class TestCookie {
public static final BitSet SEPARATORS;
public static final BitSet TOKEN; // 1*any CHAR except CTLs or separators
-public static final BitSet NETSCAPE_NAME; // any character except comma,
semicolon and whitespace
-
static {
CHAR = new BitSet(256);
CHAR.set(0, 128);
@@ -49,13 +47,6 @@ public class TestCookie {
TOKEN.or(CHAR); // any CHAR
TOKEN.andNot(CTL); // except CTLs
TOKEN.andNot(SEPARATORS); // or separators
-
-NETSCAPE_NAME = new BitSet(256);
-NETSCAPE_NAME.or(CHAR);
-NETSCAPE_NAME.andNot(CTL);
-NETSCAPE_NAME.clear(';');
-NETSCAPE_NAME.clear(',');
-NETSCAPE_NAME.clear(' ');
}
@Test
@@ -75,10 +66,6 @@ public class TestCookie {
Assert.assertEquals(0, cookie.getVersion());
}
-@Test
-public void actualCharactersAllowedInName() {
-checkCharInName(NETSCAPE_NAME);
-}
@Test(expected = IllegalArgumentException.class)
public void leadingDollar() {
@@ -140,20 +127,27 @@ public class TestCookie {
Assert.assertEquals(HttpOnly, cookie.getName());
}
-public static void checkCharInName(BitSet allowed) {
+@Test
+public void strictNamingImpliesRFC2109() {
+// Not using strict naming here so this should be OK
+@SuppressWarnings(unused)
+Cookie cookie = new Cookie(@Foo, null);
+}
+
+public static void checkCharInName(CookieNameValidator validator, BitSet
allowed) {
for (char ch = 0; ch allowed.size(); ch++) {
-Boolean expected = Boolean.valueOf(allowed.get(ch));
+boolean expected = allowed.get(ch);
String name = X + ch + X;
-Boolean actual;
try {
-@SuppressWarnings(unused)
-Cookie c = new Cookie(name, null);
-actual = Boolean.TRUE;
+validator.validate(name);
+if (!expected) {
+Assert.fail(String.format(Char %d should not be allowed,
Integer.valueOf(ch)));
+}
} catch (IllegalArgumentException e) {
-actual = Boolean.FALSE;
+if (expected) {
+Assert.fail(String.format(Char %d should be allowed,
Integer.valueOf(ch)));
+}
}
-String msg = String.format(Check for char %d in name,
Integer.valueOf(ch));
-Assert.assertEquals(msg, expected, actual);
}
}
}
Added: tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java?rev=1596551view=auto
==
--- tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
(added)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java Wed
May 21 12:20:23 2014
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the License); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.servlet.http;
+
+import java.util.BitSet;
+
+import
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=33rev2=34 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 01 have been applied. + Of these, patches 01 to 02 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596556 - in /tomcat/trunk: res/ide-support/eclipse/ res/ide-support/netbeans/ res/maven/ webapps/docs/
Author: kkolinko
Date: Wed May 21 12:28:12 2014
New Revision: 1596556
URL: http://svn.apache.org/r1596556
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56543
Followup to r1596227
Update POM and IDE files to the new ECJ version
Modified:
tomcat/trunk/res/ide-support/eclipse/eclipse.classpath
tomcat/trunk/res/ide-support/netbeans/nb-tomcat-build.properties
tomcat/trunk/res/ide-support/netbeans/project.xml
tomcat/trunk/res/maven/tomcat-embed-jasper.pom
tomcat/trunk/res/maven/tomcat-jasper.pom
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/res/ide-support/eclipse/eclipse.classpath
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/ide-support/eclipse/eclipse.classpath?rev=1596556r1=1596555r2=1596556view=diff
==
--- tomcat/trunk/res/ide-support/eclipse/eclipse.classpath (original)
+++ tomcat/trunk/res/ide-support/eclipse/eclipse.classpath Wed May 21 12:28:12
2014
@@ -24,7 +24,7 @@
classpathentry kind=var path=ANT_HOME/lib/ant.jar/
classpathentry kind=var
path=TOMCAT_LIBS_BASE/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar/
classpathentry kind=var
path=TOMCAT_LIBS_BASE/wsdl4j-1.6.2/wsdl4j-1.6.2.jar/
-classpathentry kind=var
path=TOMCAT_LIBS_BASE/ecj-P20140317-1600/ecj-P20140317-1600.jar/
+classpathentry kind=var
path=TOMCAT_LIBS_BASE/ecj-4.4RC1/ecj-4.4RC1.jar/
classpathentry kind=var
path=TOMCAT_LIBS_BASE/easymock-3.2/easymock-3.2.jar/
classpathentry kind=output path=.settings/output/
/classpath
Modified: tomcat/trunk/res/ide-support/netbeans/nb-tomcat-build.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/ide-support/netbeans/nb-tomcat-build.properties?rev=1596556r1=1596555r2=1596556view=diff
==
--- tomcat/trunk/res/ide-support/netbeans/nb-tomcat-build.properties (original)
+++ tomcat/trunk/res/ide-support/netbeans/nb-tomcat-build.properties Wed May 21
12:28:12 2014
@@ -37,7 +37,7 @@ nb-test.io-method=org.apache.coyote.http
# it is not possible to retrieve the classpaths from the build to
# use in the NetBeans targets, so they must be explicitly declared
-nb-test.classpath=${test.classes}:${tomcat.build}/webapps/examples/WEB-INF/classes:${base.path}/junit-4.11/junit-4.11.jar:${base.path}/easymock-3.2/easymock-3.2.jar:${base.path}/hamcrest-1.3/hamcrest-core-1.3.jar:${base.path}/ecj-P20140317-1600/ecj-P20140317-1600.jar:${tomcat.classes}
+nb-test.classpath=${test.classes}:${tomcat.build}/webapps/examples/WEB-INF/classes:${base.path}/junit-4.11/junit-4.11.jar:${base.path}/easymock-3.2/easymock-3.2.jar:${base.path}/hamcrest-1.3/hamcrest-core-1.3.jar:${base.path}/ecj-4.4RC1/ecj-4.4RC1.jar:${tomcat.classes}
# Extra properties used by the Tomcat project additional NetBeans targets.
Modified: tomcat/trunk/res/ide-support/netbeans/project.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/ide-support/netbeans/project.xml?rev=1596556r1=1596555r2=1596556view=diff
==
--- tomcat/trunk/res/ide-support/netbeans/project.xml (original)
+++ tomcat/trunk/res/ide-support/netbeans/project.xml Wed May 21 12:28:12 2014
@@ -178,7 +178,7 @@
--
compilation-unit
package-rootjava/package-root
-classpath
mode=compile${base.path}/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar:${base.path}/wsdl4j-1.6.2/wsdl4j-1.6.2.jar:${base.path}/ecj-P20140317-1600/ecj-P20140317-1600.jar:${ant.includes}//classpath
+classpath
mode=compile${base.path}/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar:${base.path}/wsdl4j-1.6.2/wsdl4j-1.6.2.jar:${base.path}/ecj-4.4RC1/ecj-4.4RC1.jar:${ant.includes}//classpath
source-level1.7/source-level
/compilation-unit
compilation-unit
Modified: tomcat/trunk/res/maven/tomcat-embed-jasper.pom
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/maven/tomcat-embed-jasper.pom?rev=1596556r1=1596555r2=1596556view=diff
==
--- tomcat/trunk/res/maven/tomcat-embed-jasper.pom (original)
+++ tomcat/trunk/res/maven/tomcat-embed-jasper.pom Wed May 21 12:28:12 2014
@@ -45,7 +45,7 @@
dependency
groupIdorg.eclipse.jdt.core.compiler/groupId
artifactIdecj/artifactId
- versionP20140317-1600/version
+ version4.4RC1/version
/dependency
/dependencies
/project
Modified: tomcat/trunk/res/maven/tomcat-jasper.pom
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/maven/tomcat-jasper.pom?rev=1596556r1=1596555r2=1596556view=diff
==
--- tomcat/trunk/res/maven/tomcat-jasper.pom (original)
+++ tomcat/trunk/res/maven/tomcat-jasper.pom Wed May 21 12:28:12 2014
@@ -57,7 +57,7 @@
dependency
[Bug 56543] Jasper fails to compile JSP pages when running with JDK 1.8
https://issues.apache.org/bugzilla/show_bug.cgi?id=56543 --- Comment #6 from Konstantin Kolinko knst.koli...@gmail.com --- (In reply to Mark Thomas from comment #5) I've updated 8.0.x to 4.4RC1 which will be included in 8.0.9 onwards. r1596227 + r1596227 The official release of Eclipse 4.4 is expected in a month - on June 25, 2014 (Luna) [1] [1] http://projects.eclipse.org/releases -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596559 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java test/javax/servlet/http/TestCookie.java test/javax/servlet/http/TestCookieRFC2109Validator.java test/javax/servlet/http/Tes
Author: markt
Date: Wed May 21 12:31:10 2014
New Revision: 1596559
URL: http://svn.apache.org/r1596559
Log:
Apply patch 03 from jboynes to improve cookie handling.
Allow V0 cookies to use names that start with $.
Add a (currently unused) RFC6265 Cookie validator.
Patch should be safe since it relaxes the current behaviour.
Added:
tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java
(with props)
Modified:
tomcat/trunk/java/javax/servlet/http/Cookie.java
tomcat/trunk/test/javax/servlet/http/TestCookie.java
tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1596559r1=1596558r2=1596559view=diff
==
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Wed May 21 12:31:10 2014
@@ -384,7 +384,7 @@ public class Cookie implements Cloneable
class CookieNameValidator {
private static final String LSTRING_FILE =
javax.servlet.http.LocalStrings;
-private static final ResourceBundle lStrings =
ResourceBundle.getBundle(LSTRING_FILE);
+protected static final ResourceBundle lStrings =
ResourceBundle.getBundle(LSTRING_FILE);
protected final BitSet allowed;
@@ -401,7 +401,7 @@ class CookieNameValidator {
if (name == null || name.length() == 0) {
throw new
IllegalArgumentException(lStrings.getString(err.cookie_name_blank));
}
-if (!isToken(name) || name.startsWith($)) {
+if (!isToken(name)) {
String errMsg = lStrings.getString(err.cookie_name_is_token);
throw new IllegalArgumentException(MessageFormat.format(errMsg,
name));
}
@@ -428,10 +428,10 @@ class NetscapeValidator extends CookieNa
}
}
-class RFC2109Validator extends CookieNameValidator {
+class RFC6265Validator extends CookieNameValidator {
private static final String RFC2616_SEPARATORS = ()@,;:\\\/[]?={} \t;
-RFC2109Validator() {
+RFC6265Validator() {
super(RFC2616_SEPARATORS);
// special treatment to allow for FWD_SLASH_IS_SEPARATOR property
@@ -447,3 +447,17 @@ class RFC2109Validator extends CookieNam
}
}
}
+
+class RFC2109Validator extends RFC6265Validator {
+RFC2109Validator() {
+}
+
+@Override
+void validate(String name) {
+super.validate(name);
+if (name.charAt(0) == '$') {
+String errMsg = lStrings.getString(err.cookie_name_is_token);
+throw new IllegalArgumentException(MessageFormat.format(errMsg,
name));
+}
+}
+}
Modified: tomcat/trunk/test/javax/servlet/http/TestCookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1596559r1=1596558r2=1596559view=diff
==
--- tomcat/trunk/test/javax/servlet/http/TestCookie.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Wed May 21 12:31:10
2014
@@ -66,11 +66,11 @@ public class TestCookie {
Assert.assertEquals(0, cookie.getVersion());
}
-
-@Test(expected = IllegalArgumentException.class)
-public void leadingDollar() {
-@SuppressWarnings(unused)
-Cookie c = new Cookie($Version, null);
+@Test()
+public void defaultImpliesNetscape() {
+// $Foo is allowed by Netscape but not by RFC2109
+Cookie cookie = new Cookie($Foo, null);
+Assert.assertEquals($Foo, cookie.getName());
}
@Test
Modified: tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java?rev=1596559r1=1596558r2=1596559view=diff
==
--- tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
(original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java Wed
May 21 12:31:10 2014
@@ -32,4 +32,9 @@ public class TestCookieRFC2109Validator
public void actualCharactersAllowedInName() {
TestCookie.checkCharInName(validator, TestCookie.TOKEN);
}
+
+@Test(expected = IllegalArgumentException.class)
+public void leadingDollar() {
+validator.validate($Version);
+}
}
Added: tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java?rev=1596559view=auto
==
--- tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java (added)
+++
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=34rev2=35 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 02 have been applied. + Of these, patches 01 to 03 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596564 - /tomcat/trunk/res/findbugs/filter-false-positives.xml
Author: markt Date: Wed May 21 12:50:59 2014 New Revision: 1596564 URL: http://svn.apache.org/r1596564 Log: FindBugs Fix false positive Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1596564r1=1596563r2=1596564view=diff == --- tomcat/trunk/res/findbugs/filter-false-positives.xml (original) +++ tomcat/trunk/res/findbugs/filter-false-positives.xml Wed May 21 12:50:59 2014 @@ -528,7 +528,10 @@ !-- Test code -- Match !-- Code is deliberately unused -- -Class name=javax.servlet.http.TestCookie / +Or + Class name=javax.servlet.http.TestCookie / + Class name=javax.servlet.http.TestCookieStrict / +/Or Bug pattern=DLS_DEAD_LOCAL_STORE/ /Match Match - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56545] Examples app security exceptions
https://issues.apache.org/bugzilla/show_bug.cgi?id=56545 Konstantin Kolinko knst.koli...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #7 from Konstantin Kolinko knst.koli...@gmail.com --- The issue from Comment 0 is reproducible with 7.0.54 release candidate, using JDK 7u55 and the same reproduction recipe. The issue from Comment 2 does not happen. The workaround is as documented above, The workaround for the issue in Comment 0 is to add the following class to the value of classesToInitialize attribute of JreMemoryLeakPreventionListener in server.xml. E.g.: Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener classesToInitialize=org.apache.tomcat.util.http.parser. HttpParser$SkipConstantResult / For a record, in 6.0.41 the issues do not happen. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56545] Examples app security exceptions
https://issues.apache.org/bugzilla/show_bug.cgi?id=56545 Mark Thomas ma...@apache.org changed: What|Removed |Added Component|Examples|Catalina Version|8.0.8 |7.0.54 Product|Tomcat 8|Tomcat 7 Target Milestone||--- -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56551] New: Increase timeouts in CometChat example
https://issues.apache.org/bugzilla/show_bug.cgi?id=56551 Bug ID: 56551 Summary: Increase timeouts in CometChat example Product: Tomcat 8 Version: 8.0.8 Hardware: PC Status: NEW Severity: minor Priority: P2 Component: Examples Assignee: dev@tomcat.apache.org Reporter: knst.koli...@gmail.com From 8.0.8 vote thread: [1] Also I was not able to get any sense from the Comet chat example (http://localhost:8080/examples/servlets/chat/). The connection for the /chat panel (the bottom panel in the frameset) that was supposed to be opened for some time, closed nearly immediately. Thus chat messages could be printed. The browser I was using is Firefox 29.0.1. Connector: NIO. The same example works with NIO connector in 7.0.54. Either something is broken, or just the default timeout is different. In both Tomcat 8 and 7 the documented default when using the NIO connector is soTimeout [2]. In any case, I think for this example it makes sense to try to set a timeout programmatically to be longer than the default one. [1] http://marc.info/?l=tomcat-devm=140053412808060w=2 [2] http://tomcat.apache.org/tomcat-8.0-doc/aio.html#Comet_timeouts -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596574 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java test/javax/servlet/http/TestCookieNetscapeValidator.java webapps/docs/changelog.xml
Author: markt
Date: Wed May 21 13:55:16 2014
New Revision: 1596574
URL: http://svn.apache.org/r1596574
Log:
Apply patch 04 from jboynes to improve cookie handling.
Prevent V0 cookies using '=' in cookie names
I've checked back though the archives and I can find no record of a user asking
for this feature. Also, given the known behaviour of browsers it is unlikely to
have worked any way. On that basis, this should be safe.
Modified:
tomcat/trunk/java/javax/servlet/http/Cookie.java
tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1596574r1=1596573r2=1596574view=diff
==
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Wed May 21 13:55:16 2014
@@ -421,7 +421,10 @@ class CookieNameValidator {
}
class NetscapeValidator extends CookieNameValidator {
-private static final String NETSCAPE_SEPARATORS = ,; ;
+// the Netscape specification describes NAME=VALUE as
+// a sequence of characters excluding semi-colon, comma and white space
+// we also exclude the '=' character that separates NAME from VALUE
+private static final String NETSCAPE_SEPARATORS = ,; + =;
NetscapeValidator() {
super(NETSCAPE_SEPARATORS);
Modified: tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java?rev=1596574r1=1596573r2=1596574view=diff
==
--- tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java
(original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieNetscapeValidator.java Wed
May 21 13:55:16 2014
@@ -30,12 +30,14 @@ public class TestCookieNetscapeValidator
@Test
public void actualCharactersAllowedInName() {
// any character except comma, semicolon and whitespace
+// also disallow '=' as that is interpreted as a delimiter by browsers
BitSet allowed = new BitSet(256);
allowed.or(TestCookie.CHAR);
allowed.andNot(TestCookie.CTL);
allowed.clear(';');
allowed.clear(',');
allowed.clear(' ');
+allowed.clear('=');
TestCookie.checkCharInName(validator, allowed);
}
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1596574r1=1596573r2=1596574view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed May 21 13:55:16 2014
@@ -87,12 +87,19 @@
Relax cookie naming restrictions. Cookie attribute names used in the
codeSet-Cookie/code header may be used unambiguously as cookie
names. The restriction that prevented such usage has been removed.
-(jboynes/markt)
+(jboynes/markt)
/fix
fix
Further relax cookie naming restrictions. Version 0 (a.k.a Netscape
format) cookies may now use names that start with the code$/code
-character. (jboynes/markt)
+character. (jboynes/markt)
+ /fix
+ fix
+Restrict cookie naming so that the code=/code character is no
longer
+permitted in a version 0 (a.k.a. Netscape format) cookie name. While
+Tomcat allowed this, browsers always truncated the name at the
+code=/code character leading to a mis-match between the cookie the
+server set and the cookie returned by the browser. (jboynes/markt)
/fix
/changelog
/subsection
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=35rev2=36 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 03 have been applied. + Of these, patches 01 to 04 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.54
2014-05-20 14:04 GMT+04:00 Violeta Georgieva violet...@apache.org: The proposed Apache Tomcat 7.0.54 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.54/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1015/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_54/ The proposed 7.0.54 release is: [ ] Broken - do not release [x] Stable - go ahead and release as 7.0.54 Stable Testsuite - OK. (BIO, NIO, APR) with JDK 6u45 and with JDK 7u55 32-bit on Windows 7. Smoke testing - OK. The form authentication example fails when running with Security Manager enabled if it is the first example that you are accessing. Details: https://issues.apache.org/bugzilla/show_bug.cgi?id=56545#c7 Whether you see this issue depends on what pages are accessed, and there is a workaround available. So I think it is not a show stopper. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.54
On 20/05/2014 11:04, Violeta Georgieva wrote: The proposed Apache Tomcat 7.0.54 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.54/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1015/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_54/ The proposed 7.0.54 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 7.0.54 Stable EL spec passes JSP spec passes with the BIO, NIO and APR/native (1.1.30) HTTP connector Servlet spec passes with - BIO, NIO and APR/native (1.1.30) HTTP connector - BIO, NIO and APR/native (1.1.30) HTTP connector + mod_proxy_http - BIO, NIO and APR/native (1.1.30) AJP connector + mod_jk - BIO, NIO and APR/native (1.1.30) AJP connector + mod_proxy_ajp All tested on 64-bit linux Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596618 - /tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Author: markt
Date: Wed May 21 16:54:34 2014
New Revision: 1596618
URL: http://svn.apache.org/r1596618
Log:
Apply patch 05 from jboynes to improve cookie handling.
Simplify logic for detecting cookie upgrades.
I made a few additional changes.
- s/isnt/isNot/ in method names
- whitespace clean-up
- correct some comments
The patch should be safe since the logic is unchanged.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1596618r1=1596617r2=1596618view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed May
21 16:54:34 2014
@@ -75,12 +75,8 @@ public class SetCookieSupport {
int newVersion = cookie.getVersion();
// If it is v0, check if we need to switch
-if (newVersion == 0
-(!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0
- isHttpToken(value) ||
- CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0
- isV0Token(value))) {
-// HTTP token in value - need to use v1
+if (newVersion == 0 needsQuotes(value)) {
+// non-HTTP token in value - need to use v1
newVersion = 1;
}
@@ -89,21 +85,13 @@ public class SetCookieSupport {
newVersion = 1;
}
-if (newVersion == 0
-(!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0
- isHttpToken(path) ||
- CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0
- isV0Token(path))) {
-// HTTP token in path - need to use v1
+if (newVersion == 0 needsQuotes(path)) {
+// non-HTTP token in path - need to use v1
newVersion = 1;
}
-if (newVersion == 0
-(!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0
- isHttpToken(domain) ||
- CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0
- isV0Token(domain))) {
-// HTTP token in domain - need to use v1
+if (newVersion == 0 needsQuotes(domain)) {
+// non-HTTP token in domain - need to use v1
newVersion = 1;
}
@@ -116,14 +104,14 @@ public class SetCookieSupport {
buf.append (; Version=1);
// Comment=comment
-if ( comment!=null ) {
+if (comment != null) {
buf.append (; Comment=);
maybeQuote(buf, comment);
}
}
// Add domain information, if present
-if (domain!=null) {
+if (domain != null) {
buf.append(; Domain=);
maybeQuote(buf, domain);
}
@@ -170,22 +158,14 @@ public class SetCookieSupport {
return buf.toString();
}
-/**
- * Quotes values if required.
- * @param buf
- * @param value
- */
-private static void maybeQuote (StringBuffer buf, String value) {
-if (value==null || value.length()==0) {
+private static void maybeQuote(StringBuffer buf, String value) {
+if (value == null || value.length() == 0) {
buf.append(\\);
} else if (alreadyQuoted(value)) {
buf.append('');
buf.append(escapeDoubleQuotes(value,1,value.length()-1));
buf.append('');
-} else if (isHttpToken(value)
-!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
-isV0Token(value)
-CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
+} else if (needsQuotes(value)) {
buf.append('');
buf.append(escapeDoubleQuotes(value,0,value.length()));
buf.append('');
@@ -208,7 +188,7 @@ public class SetCookieSupport {
return s;
}
-StringBuffer b = new StringBuffer();
+StringBuilder b = new StringBuilder();
for (int i = beginIndex; i endIndex; i++) {
char c = s.charAt(i);
if (c == '\\' ) {
@@ -228,8 +208,16 @@ public class SetCookieSupport {
return b.toString();
}
-private static boolean isV0Token(String value) {
-if( value==null) {
+private static boolean needsQuotes(String value) {
+if (CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
+return isNotV0Token(value);
+} else {
+return isNotHttpToken(value);
+}
+}
+
+private static boolean isNotV0Token(String value) {
+if (value==null) {
return false;
}
@@ -251,8 +239,8 @@ public class SetCookieSupport {
return false;
}
-private static boolean isHttpToken(String value) {
-if(
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=36rev2=37 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 04 have been applied. + Of these, patches 01 to 05 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596623 - /tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Author: markt
Date: Wed May 21 17:03:54 2014
New Revision: 1596623
URL: http://svn.apache.org/r1596623
Log:
Apply patch 06 from jboynes to improve cookie handling.
Remove duplicate code.
The patch should be safe since the logic is unchanged.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1596623r1=1596622r2=1596623view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed May
21 17:03:54 2014
@@ -209,37 +209,6 @@ public class SetCookieSupport {
}
private static boolean needsQuotes(String value) {
-if (CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
-return isNotV0Token(value);
-} else {
-return isNotHttpToken(value);
-}
-}
-
-private static boolean isNotV0Token(String value) {
-if (value==null) {
-return false;
-}
-
-int i = 0;
-int len = value.length();
-
-if (alreadyQuoted(value)) {
-i++;
-len--;
-}
-
-for (; i len; i++) {
-char c = value.charAt(i);
-
-if (CookieSupport.isV0Separator(c)) {
-return true;
-}
-}
-return false;
-}
-
-private static boolean isNotHttpToken(String value) {
if (value == null) {
return false;
}
@@ -255,13 +224,20 @@ public class SetCookieSupport {
for (; i len; i++) {
char c = value.charAt(i);
-if (CookieSupport.isHttpSeparator(c)) {
-return true;
+if (CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
+if (CookieSupport.isV0Separator(c)) {
+return true;
+}
+} else {
+if (CookieSupport.isHttpSeparator(c)) {
+return true;
+}
}
}
return false;
}
+
private static boolean alreadyQuoted (String value) {
return value.length() = 2
value.charAt(0) == '\'
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=37rev2=38 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 05 have been applied. + Of these, patches 01 to 06 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596626 - /tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Author: markt
Date: Wed May 21 17:13:28 2014
New Revision: 1596626
URL: http://svn.apache.org/r1596626
Log:
Apply patch 07 from jboynes to improve cookie handling.
Simplify code that detects if we need to upgrade a cookie from V0 to V1
The patch should be safe since the logic is unchanged.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1596626r1=1596625r2=1596626view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed May
21 17:13:28 2014
@@ -48,14 +48,6 @@ public class SetCookieSupport {
}
public static String generateHeader(Cookie cookie) {
-
-StringBuffer buf = new StringBuffer(); // can't use StringBuilder due
to DateFormat
-
-// Servlet implementation checks name
-buf.append(cookie.getName());
-buf.append(=);
-// Servlet implementation does not check anything else
-
/*
* The spec allows some latitude on when to send the version attribute
* with a Set-Cookie header. To be nice to clients, we'll make sure the
@@ -65,41 +57,31 @@ public class SetCookieSupport {
* Note that by checking for tokens we will also throw an exception if
a
* control character is encountered.
*/
-
+int version = cookie.getVersion();
String value = cookie.getValue();
String path = cookie.getPath();
String domain = cookie.getDomain();
String comment = cookie.getComment();
-// Start by using the version we were asked for
-int newVersion = cookie.getVersion();
-
-// If it is v0, check if we need to switch
-if (newVersion == 0 needsQuotes(value)) {
-// non-HTTP token in value - need to use v1
-newVersion = 1;
-}
-
-if (newVersion == 0 comment != null) {
-// Using a comment makes it a v1 cookie
- newVersion = 1;
+if (version == 0) {
+// Check for the things that require a v1 cookie
+if (needsQuotes(value) || comment != null || needsQuotes(path) ||
needsQuotes(domain)) {
+version = 1;
+}
}
-if (newVersion == 0 needsQuotes(path)) {
-// non-HTTP token in path - need to use v1
-newVersion = 1;
-}
+// Now build the cookie header
+StringBuffer buf = new StringBuffer(); // can't use StringBuilder due
to DateFormat
-if (newVersion == 0 needsQuotes(domain)) {
-// non-HTTP token in domain - need to use v1
-newVersion = 1;
-}
+// Just use the name supplied in the Cookie
+buf.append(cookie.getName());
+buf.append(=);
-// Now build the cookie header
// Value
maybeQuote(buf, value);
+
// Add version 1 specific information
-if (newVersion == 1) {
+if (version == 1) {
// Version=1 ... required
buf.append (; Version=1);
@@ -119,13 +101,13 @@ public class SetCookieSupport {
// Max-Age=secs ... or use old Expires format
int maxAge = cookie.getMaxAge();
if (maxAge = 0) {
-if (newVersion 0) {
+if (version 0) {
buf.append (; Max-Age=);
buf.append (maxAge);
}
// IE6, IE7 and possibly other browsers don't understand Max-Age.
// They do understand Expires, even with V1 cookies!
-if (newVersion == 0 || CookieSupport.ALWAYS_ADD_EXPIRES) {
+if (version == 0 || CookieSupport.ALWAYS_ADD_EXPIRES) {
// Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
buf.append (; Expires=);
// To expire immediately we need to set the time in past
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=38rev2=39 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 06 have been applied. + Of these, patches 01 to 07 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596651 - in /tomcat/trunk/java/org/apache/tomcat/util/http: CookieSupport.java SetCookieSupport.java
Author: markt
Date: Wed May 21 18:54:28 2014
New Revision: 1596651
URL: http://svn.apache.org/r1596651
Log:
Apply patch 08 from jboynes to improve cookie handling.
Encapsulate use of ALWAYS_ADD_EXPIRES as it only applies to Set-Cookie
generation.
The patch should be safe since the logic is unchanged.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1596651r1=1596650r2=1596651view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Wed May 21
18:54:28 2014
@@ -44,13 +44,6 @@ public final class CookieSupport {
public static final boolean ALLOW_HTTP_SEPARATORS_IN_V0;
/**
- * If set to false, we don't use the IE6/7 Max-Age/Expires work around.
- * Default is usually true. If STRICT_SERVLET_COMPLIANCE==true then default
- * is false. Explicitly setting always takes priority.
- */
-public static final boolean ALWAYS_ADD_EXPIRES;
-
-/**
* If set to true, the code//code character will be treated as a
* separator. Default is usually false. If STRICT_SERVLET_COMPLIANCE==true
* then default is true. Explicitly setting always takes priority.
@@ -97,15 +90,6 @@ public final class CookieSupport {
org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0,
false)).booleanValue();
-String alwaysAddExpires = System.getProperty(
-org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES);
-if (alwaysAddExpires == null) {
-ALWAYS_ADD_EXPIRES = !STRICT_SERVLET_COMPLIANCE;
-} else {
-ALWAYS_ADD_EXPIRES =
-Boolean.valueOf(alwaysAddExpires).booleanValue();
-}
-
String preserveCookieHeader = System.getProperty(
org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER);
if (preserveCookieHeader == null) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1596651r1=1596650r2=1596651view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed May
21 18:54:28 2014
@@ -29,6 +29,22 @@ import javax.servlet.http.Cookie;
* Support class for generating Set-Cookie header values.
*/
public class SetCookieSupport {
+/**
+ * If set to false, we don't use the IE6/7 Max-Age/Expires work around.
+ * Default is usually true. If STRICT_SERVLET_COMPLIANCE==true then default
+ * is false. Explicitly setting always takes priority.
+ */
+private static final boolean ALWAYS_ADD_EXPIRES;
+static {
+String alwaysAddExpires =
+
System.getProperty(org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES);
+if (alwaysAddExpires != null) {
+ALWAYS_ADD_EXPIRES =
Boolean.valueOf(alwaysAddExpires).booleanValue();
+} else {
+ALWAYS_ADD_EXPIRES =
!Boolean.getBoolean(org.apache.catalina.STRICT_SERVLET_COMPLIANCE);
+}
+}
+
// Other fields
private static final String OLD_COOKIE_PATTERN = EEE, dd-MMM-
HH:mm:ss z;
private static final ThreadLocalDateFormat OLD_COOKIE_FORMAT =
@@ -107,7 +123,7 @@ public class SetCookieSupport {
}
// IE6, IE7 and possibly other browsers don't understand Max-Age.
// They do understand Expires, even with V1 cookies!
-if (version == 0 || CookieSupport.ALWAYS_ADD_EXPIRES) {
+if (version == 0 || ALWAYS_ADD_EXPIRES) {
// Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
buf.append (; Expires=);
// To expire immediately we need to set the time in past
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Trivial Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=39rev2=40 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 07 have been applied. + Of these, patches 01 to 08 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596656 - /tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
Author: markt
Date: Wed May 21 19:22:48 2014
New Revision: 1596656
URL: http://svn.apache.org/r1596656
Log:
Apply patch 09 from jboynes to improve cookie handling.
Code cleanup.
I did not remove the final markers from the static methods as I see no need to
remove them and good reasons to keep them.
The patch should be safe since the logic is unchanged.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1596656r1=1596655r2=1596656view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Wed May 21
19:22:48 2014
@@ -131,11 +131,11 @@ public final class CookieSupport {
V0_SEPARATOR_FLAGS[i] = false;
HTTP_SEPARATOR_FLAGS[i] = false;
}
-for (int i = 0; i V0_SEPARATORS.length; i++) {
-V0_SEPARATOR_FLAGS[V0_SEPARATORS[i]] = true;
+for (char V0_SEPARATOR : V0_SEPARATORS) {
+V0_SEPARATOR_FLAGS[V0_SEPARATOR] = true;
}
-for (int i = 0; i HTTP_SEPARATORS.length; i++) {
-HTTP_SEPARATOR_FLAGS[HTTP_SEPARATORS[i]] = true;
+for (char HTTP_SEPARATOR : HTTP_SEPARATORS) {
+HTTP_SEPARATOR_FLAGS[HTTP_SEPARATOR] = true;
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Trivial Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=40rev2=41 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 08 have been applied. + Of these, patches 01 to 09 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596657 - /tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Author: markt
Date: Wed May 21 19:35:19 2014
New Revision: 1596657
URL: http://svn.apache.org/r1596657
Log:
Apply patch 10 from jboynes to improve cookie handling.
Separate the code that determines whether a value should be quoted in
Set-Cookie from the checks that are performed when parsing a Cookie header sent
by a client.
I also did a small amount of clean up.
The patch should be safe since the logic is unchanged.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1596657r1=1596656r2=1596657view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed May
21 19:35:19 2014
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.http;
import java.text.DateFormat;
import java.text.FieldPosition;
import java.text.SimpleDateFormat;
+import java.util.BitSet;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
@@ -36,8 +37,8 @@ public class SetCookieSupport {
*/
private static final boolean ALWAYS_ADD_EXPIRES;
static {
-String alwaysAddExpires =
-
System.getProperty(org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES);
+String alwaysAddExpires = System.getProperty(
+org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES);
if (alwaysAddExpires != null) {
ALWAYS_ADD_EXPIRES =
Boolean.valueOf(alwaysAddExpires).booleanValue();
} else {
@@ -45,6 +46,50 @@ public class SetCookieSupport {
}
}
+private static final BitSet ALLOWED_WITHOUT_QUOTES;
+static {
+boolean allowSeparatorsInV0 =
+
Boolean.getBoolean(org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0);
+String separators;
+if (allowSeparatorsInV0) {
+// comma, semi-colon and space as defined by netscape
+separators = ,; ;
+} else {
+// separators as defined by RFC2616
+separators = ()@,;:\\\/[]?={} \t;
+}
+
+// all CHARs except CTLs or separators are allowed without quoting
+ALLOWED_WITHOUT_QUOTES = new BitSet(128);
+ALLOWED_WITHOUT_QUOTES.set(0x20, 0x7f);
+for (char ch : separators.toCharArray()) {
+ALLOWED_WITHOUT_QUOTES.clear(ch);
+}
+
+/**
+ * Some browsers (e.g. IE6 and IE7) do not handle quoted Path values
even
+ * when Version is set to 1. To allow for this, we support a property
+ * FWD_SLASH_IS_SEPARATOR which, when false, means a '/' character
will not
+ * be treated as a separator, potentially avoiding quoting and the
ensuing
+ * side effect of having the cookie upgraded to version 1.
+ *
+ * For now, we apply this rule globally rather than just to the Path
attribute.
+ */
+if (!allowSeparatorsInV0) {
+boolean allowSlash;
+String prop = System.getProperty(
+
org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR);
+if (prop != null) {
+allowSlash = !Boolean.parseBoolean(prop);
+} else {
+allowSlash =
!Boolean.getBoolean(org.apache.catalina.STRICT_SERVLET_COMPLIANCE);
+}
+if (allowSlash) {
+ALLOWED_WITHOUT_QUOTES.set('/');
+}
+}
+}
+
// Other fields
private static final String OLD_COOKIE_PATTERN = EEE, dd-MMM-
HH:mm:ss z;
private static final ThreadLocalDateFormat OLD_COOKIE_FORMAT =
@@ -221,15 +266,11 @@ public class SetCookieSupport {
for (; i len; i++) {
char c = value.charAt(i);
-
-if (CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
-if (CookieSupport.isV0Separator(c)) {
-return true;
-}
-} else {
-if (CookieSupport.isHttpSeparator(c)) {
-return true;
-}
+if ((c 0x20 c != '\t') || c = 0x7f) {
+throw new IllegalArgumentException(Control character in
cookie value or attribute.);
+}
+if (!ALLOWED_WITHOUT_QUOTES.get(c)) {
+return true;
}
}
return false;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=41rev2=42 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 09 have been applied. + Of these, patches 01 to 10 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596660 - /tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Author: markt
Date: Wed May 21 19:45:46 2014
New Revision: 1596660
URL: http://svn.apache.org/r1596660
Log:
Apply patch 11 from jboynes to improve cookie handling.
Eliminate an unneeded StringBuilder.
I also added to TODO marker.
The patch should be safe since the logic is unchanged.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1596660r1=1596659r2=1596660view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed May
21 19:45:46 2014
@@ -206,32 +206,24 @@ public class SetCookieSupport {
buf.append(\\);
} else if (alreadyQuoted(value)) {
buf.append('');
-buf.append(escapeDoubleQuotes(value,1,value.length()-1));
+escapeDoubleQuotes(buf, value,1,value.length()-1);
buf.append('');
} else if (needsQuotes(value)) {
buf.append('');
-buf.append(escapeDoubleQuotes(value,0,value.length()));
+escapeDoubleQuotes(buf, value,0,value.length());
buf.append('');
} else {
buf.append(value);
}
}
-/**
- * Escapes any double quotes in the given string.
- *
- * @param s the input string
- * @param beginIndex start index inclusive
- * @param endIndex exclusive
- * @return The (possibly) escaped string
- */
-private static String escapeDoubleQuotes(String s, int beginIndex, int
endIndex) {
-
-if (s == null || s.length() == 0 || s.indexOf('') == -1) {
-return s;
+private static void escapeDoubleQuotes(StringBuffer b, String s, int
beginIndex, int endIndex) {
+// TODO: bug55975: this checks for '' but not for '\' which also
needs escaping
+if (s.indexOf('') == -1) {
+b.append(s);
+return;
}
-StringBuilder b = new StringBuilder();
for (int i = beginIndex; i endIndex; i++) {
char c = s.charAt(i);
if (c == '\\' ) {
@@ -247,8 +239,6 @@ public class SetCookieSupport {
b.append(c);
}
}
-
-return b.toString();
}
private static boolean needsQuotes(String value) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of Cookies by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on Tomcat Wiki for change notification. The Cookies page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diffrev1=42rev2=43 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 10 have been applied. + Of these, patches 01 to 11 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1596664 - /tomcat/site/trunk/docs/ci.html
Author: slaurent Date: Wed May 21 19:52:19 2014 New Revision: 1596664 URL: http://svn.apache.org/r1596664 Log: reverted fixed URLs to documentation snapshots because they are actually correct. There's a misconfig in the buildbot Modified: tomcat/site/trunk/docs/ci.html Modified: tomcat/site/trunk/docs/ci.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/ci.html?rev=1596664r1=1596663r2=1596664view=diff == --- tomcat/site/trunk/docs/ci.html (original) +++ tomcat/site/trunk/docs/ci.html Wed May 21 19:52:19 2014 @@ -263,14 +263,14 @@ prepared and published by ASF Buildbot, ul li -a href=http://ci.apache.org/projects/tomcat/tomcat8/index.html; rel=nofollowTomcat trunk/a (8.0.x)/li +a href=http://ci.apache.org/projects/tomcat/tomcat8/docs/index.html; rel=nofollowTomcat trunk/a (8.0.x)/li li -a href=http://ci.apache.org/projects/tomcat/tomcat7/index.html; rel=nofollowTomcat 7.0.x/a +a href=http://ci.apache.org/projects/tomcat/tomcat7/docs/index.html; rel=nofollowTomcat 7.0.x/a /li li -a href=http://ci.apache.org/projects/tomcat/tomcat6/index.html; rel=nofollowTomcat 6.0.x/a +a href=http://ci.apache.org/projects/tomcat/tomcat6/docs/index.html; rel=nofollowTomcat 6.0.x/a /li /ul - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1596415 - /tomcat/site/trunk/docs/ci.html
ok, I reverted (r1596664). Sorry, I had not checked the README, everything was explained... who can fix the buildbot config now ? Sylvain On 21 mai 2014, at 00:18, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-05-21 1:41 GMT+04:00 Sylvain Laurent slaur...@apache.org: so, I just have to fix /xdocs/ci.xml ? and the buildbot generates ci.html and commits it ? 1. No. The tomcat.apache.org web site is authored in XML (just like Tomcat documentation). See README.txt and build.xml in the root directory of /site. It is odd that you edited and committed generated HTML file only. 2. The old links were correct. The buildbot is misconfigured and publishes generated documentation snapshots, junit logs and coverage reports into a wrong place (all in the same directory instead of subdirectories). On 20 mai 2014, at 23:14, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-05-21 0:58 GMT+04:00 slaur...@apache.org: Author: slaurent Date: Tue May 20 20:58:55 2014 New Revision: 1596415 URL: http://svn.apache.org/r1596415 Log: fixed URLs to documentation snapshots -1. 1. This shall be fixed not here, but in Buildbot configuration. 2. It writes documentation and coverage (and logs) into the same place. Whether you are seeing docs or coverage depends on whether a build is running in this very moment. 3. ci.html only? (Without xml) Modified: tomcat/site/trunk/docs/ci.html Modified: tomcat/site/trunk/docs/ci.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/ci.html?rev=1596415r1=1596414r2=1596415view=diff - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.54
2014-05-20 13:04 GMT+03:00 Violeta Georgieva violet...@apache.org: The proposed Apache Tomcat 7.0.54 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.54/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1015/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_54/ The proposed 7.0.54 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 7.0.54 Stable Tested Tomcat in OSGi environment - successful. Basic performance tests - successful. Regards Violeta
Re: buildbot failure in ASF Buildbot on tomcat-trunk
There was still a test failure with the TestStuckThreadDetectionValve in build 99. But I really don't understand the failure, there's no error in the logs : Here is the extract from http://ci.apache.org/builders/tomcat-trunk/builds/99/steps/compile_1/logs/stdio [junit] Running org.apache.catalina.valves.TestStuckThreadDetectionValve [junit] 21-May-2014 17:47:58.088 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler [#34;http-nio-127.0.0.1-auto-1#34;] [junit] 21-May-2014 17:47:58.115 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Tomcat [junit] 21-May-2014 17:47:58.115 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.9-dev [junit] 21-May-2014 17:47:58.607 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [#34;http-nio-127.0.0.1-auto-1-43485#34;] [junit] 21-May-2014 17:48:02.602 WARNING [ContainerBackgroundProcessor[StandardEngine[Tomcat].StandardHost[localhost].StandardContext[]]] org.apache.catalina.valves.StuckThreadDetectionValve.notifyStuckThreadDetected Thread #34;http-nio-127.0.0.1-auto-1-exec-1#34; (id=19) has been active for 2,918 milliseconds (since 5/21/14 5:47 PM) to serve the same request for http://localhost:43485/myservlet and may be stuck (configured threshold for this StuckThreadDetectionValve is 2 seconds). There is/are 1 thread(s) in total that are monitored by this Valve and may be stuck. [junit] java.lang.Throwable [junit] at java.lang.Thread.sleep(Native Method) [junit] at org.apache.catalina.valves.TestStuckThreadDetectionValve$StuckingServlet.doGet(TestStuckThreadDetectionValve.java:153) [junit] at javax.servlet.http.HttpServlet.service(HttpServlet.java:618) [junit] at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [junit] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [junit] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [junit] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [junit] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [junit] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) [junit] at org.apache.catalina.valves.StuckThreadDetectionValve.invoke(StuckThreadDetectionValve.java:208) [junit] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136) [junit] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:78) [junit] at org.ap/spanspan class=stdoutache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [junit] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:526) [junit] at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1033) [junit] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:652) [junit] at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) [junit] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1565) [junit] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1522) [junit] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [junit] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [junit] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [junit] at java.lang.Thread.run(Thread.java:722) [junit] [junit] 21-May-2014 17:48:05.789 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler [#34;http-nio-127.0.0.1-auto-1-43485#34;] [junit] 21-May-2014 17:48:05.790 INFO [main] org.apache.catalina.core.StandardService.stopInternal Stopping service Tomcat [junit] 21-May-2014 17:48:05.807 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler [#34;http-nio-127.0.0.1-auto-1-43485#34;] [junit] 21-May-2014 17:48:05.809 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler [#34;http-nio-127.0.0.1-auto-1-43485#34;] [junit] 21-May-2014 17:48:05.832 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler [#34;http-nio-127.0.0.1-auto-2#34;] [junit] 21-May-2014 17:48:05.864 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Tomcat [junit] 21-May-2014 17:48:05.865 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.9-dev [junit] 21-May-2014
Re: [VOTE] Release Apache Tomcat 7.0.54
+1 On 20 May 2014 20:04, Violeta Georgieva violet...@apache.org wrote: The proposed Apache Tomcat 7.0.54 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.54/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1015/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_54/ The proposed 7.0.54 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 7.0.54 Stable Regards Violeta -- Olivier Lamy Ecetera: http://ecetera.com.au http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/101 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/trunk] 1596660 Blamelist: markt Build succeeded! sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
