[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed

2017-03-01 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community 
integration.
This issue affects 1 projects,
 and has been outstanding for 2 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-test-nio2 :  Tomcat 8.x, a web server implementing the 
Java Servlet 3.1,
...


Full details are available at:

http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 19 mins 46 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Dexecute.test.nio2=true -Dtest.temp=output/test-tmp-NIO2 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dtest.accesslog=true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.6-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170302.jar
 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20170302/bin/openssl
 -Dexecute.test.nio=false 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dexecute.test.apr=false -Dexecute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170302-native-src.tar.gz
 -Dtest.repor
 ts=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170302-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dtest.excludePerformance=true 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-8.0.x/true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja

[Bug 60461] SIGSEGV in SSLSocket.getInfos

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60461

--- Comment #9 from matt...@cacorp.com ---
Created attachment 34790
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34790=edit
8.5.11 Windows Crash Log

This crash still exists in 8.5.11 on Windows. I've uploaded my log.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60798] Nested Jar entry could not be read twice consecutively

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60798

Charles-Edouard Poisnel  changed:

   What|Removed |Added

 CC||charles-edouard.poisnel@kos
   ||mos.fr

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60798] Nested Jar entry could not be read twice consecutively

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60798

--- Comment #1 from Charles-Edouard Poisnel  
---
Note: tomcat-embed-core-8.5.11 is used.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60798] New: Nested Jar entry could not be read twice consecutively

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60798

Bug ID: 60798
   Summary: Nested Jar entry could not be read twice consecutively
   Product: Tomcat 8
   Version: 8.5.11
  Hardware: PC
OS: Linux
Status: NEW
  Severity: regression
  Priority: P2
 Component: Jasper
  Assignee: dev@tomcat.apache.org
  Reporter: charles-edouard.pois...@kosmos.fr
  Target Milestone: 

We are using fat war packaging for one of our webapps. There are JSP tags
(/META-INF/tags/**/*.tag), inside required jars (/WEB-INF/lib/*.jar).

During JSP compilation, when calling a jar entry (a tag inside a nested jar)
this entry is called twice, with same name, but the InputStream is not at same
position.

# Explanation

1. JSP compilation of a JSP: This JSP references tld (in lib-tld.jar), and this
tld uses a tag (standard syntax) :

Ex:

   autocomplete
   /META-INF/tags/autocomplete/autocomplete.tag



2. The tag is loaded one first time, to determine syntax and encoding
(org.apache.jasper.compiler.ParserController#determineSyntaxAndEncoding).

It calls:

org.apache.jasper.compiler.JspUtil#getInputStream ->
jar.getInputStream(jarEntryName);


3. The tag is loaded a second time to parse content, but the return value is an
InputStream at a different position (called by ParseController#doParse)

4. Tag is not properly parsed (no attributes) and JSP does not compile.


# Cause

org.apache.tomcat.util.scan.AbstractInputStreamJar


>private void gotoEntry(String name) throws IOException {
>if (entry != null && name.equals(entry.getName())) {
>return;
>}
>reset();
>JarEntry jarEntry = jarInputStream.getNextJarEntry();
>while (jarEntry != null) {
>if (name.equals(jarEntry.getName())) {
>entry = jarEntry;
>break;
>}
>jarEntry = jarInputStream.getNextJarEntry();
>}
>}

When calling the same entry twice consecutively, entry is not null and
parameter name is same as entry.getName(), it loads the same attribute
jarInputStream
(org.apache.tomcat.util.scan.AbstractInputStreamJar#getInputStream)

I've patched the class AbstractInputStreamJar and removed the first three lines
of gotoEntry (reset unconditionnally), and it solved this problem.

# Workaround

It's not reproducible if the war is unpacked (no problem with JarFileUrlJar)
For information, this behavior does not seem to be reproducible with this
revision: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/scan/JarFileUrlNestedJar.java?view=markup=1742245#l76

Regards,

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-trunk

2017-03-01 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/2139

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1785037
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60597] Add ability to set cipher suites for websocket client connections

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60597

Mark Thomas  changed:

   What|Removed |Added

   Severity|minor   |enhancement

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60750] A response that uses Transfer-Encoding: chunked is missing the last zero-length chunk

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60750

Mark Thomas  changed:

   What|Removed |Added

 Status|REOPENED|NEEDINFO

--- Comment #11 from Mark Thomas  ---
This needs a simple test case (without the 3rd party libraries) to demonstrate
the issue. Without such a test case, the assumption is going to be that it is
not a Tomcat bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60769] Problem with Jsp character encoding configuration

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60769

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED
 OS||All

--- Comment #1 from Mark Thomas  ---
Yes, there was a regression in the refactoring. The detected BOM encoding was
incorrectly taking precedence over the prolog specified encoding (if any).

Thanks for the report and the test case.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1785038 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/jasper/compiler/ test/org/apache/jasper/compiler/ test/org/apache/jasper/servlet/ test/webapp/WEB-INF/ test/webapp/jsp/encoding/ web

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 21:00:02 2017
New Revision: 1785038

URL: http://svn.apache.org/viewvc?rev=1785038=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60769
Fix regression in JSP encoding detection refactoring

Added:
tomcat/tc8.5.x/trunk/test/webapp/jsp/encoding/bug60769a.jspx
  - copied unchanged from r1785032, 
tomcat/trunk/test/webapp/jsp/encoding/bug60769a.jspx
tomcat/tc8.5.x/trunk/test/webapp/jsp/encoding/bug60769b.jspx
  - copied unchanged from r1785032, 
tomcat/trunk/test/webapp/jsp/encoding/bug60769b.jspx
Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/jasper/compiler/EncodingDetector.java
tomcat/tc8.5.x/trunk/java/org/apache/jasper/compiler/ParserController.java

tomcat/tc8.5.x/trunk/test/org/apache/jasper/compiler/TestEncodingDetector.java

tomcat/tc8.5.x/trunk/test/org/apache/jasper/servlet/TestJspCServletContext.java
tomcat/tc8.5.x/trunk/test/webapp/WEB-INF/web.xml
tomcat/tc8.5.x/trunk/test/webapp/jsp/encoding/README.txt
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar  1 21:00:02 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
 
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1

svn commit: r1785037 - /tomcat/trunk/test/org/apache/jasper/servlet/TestJspCServletContext.java

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 20:59:20 2017
New Revision: 1785037

URL: http://svn.apache.org/viewvc?rev=1785037=rev
Log:
Update expected value after changes to support other tests

Modified:
tomcat/trunk/test/org/apache/jasper/servlet/TestJspCServletContext.java

Modified: 
tomcat/trunk/test/org/apache/jasper/servlet/TestJspCServletContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/jasper/servlet/TestJspCServletContext.java?rev=1785037=1785036=1785037=diff
==
--- tomcat/trunk/test/org/apache/jasper/servlet/TestJspCServletContext.java 
(original)
+++ tomcat/trunk/test/org/apache/jasper/servlet/TestJspCServletContext.java Wed 
Mar  1 20:59:20 2017
@@ -40,7 +40,7 @@ public class TestJspCServletContext {
 Assert.assertTrue(jspConfigDescriptor.getTaglibs().isEmpty());
 Collection propertyGroups =
 jspConfigDescriptor.getJspPropertyGroups();
-Assert.assertEquals(2, propertyGroups.size());
+Assert.assertEquals(4, propertyGroups.size());
 Iterator groupIterator =
 propertyGroups.iterator();
 JspPropertyGroupDescriptor groupDescriptor;



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-trunk

2017-03-01 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-trunk while building 
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/2138

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1785032
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1785032 - in /tomcat/trunk: java/org/apache/jasper/compiler/ test/org/apache/jasper/compiler/ test/webapp/WEB-INF/ test/webapp/jsp/encoding/ webapps/docs/

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 20:44:22 2017
New Revision: 1785032

URL: http://svn.apache.org/viewvc?rev=1785032=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60769
Fix regression in JSP encoding detection refactoring

Added:
tomcat/trunk/test/webapp/jsp/encoding/bug60769a.jspx
tomcat/trunk/test/webapp/jsp/encoding/bug60769b.jspx
Modified:
tomcat/trunk/java/org/apache/jasper/compiler/EncodingDetector.java
tomcat/trunk/java/org/apache/jasper/compiler/ParserController.java
tomcat/trunk/test/org/apache/jasper/compiler/TestEncodingDetector.java
tomcat/trunk/test/webapp/WEB-INF/web.xml
tomcat/trunk/test/webapp/jsp/encoding/README.txt
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/jasper/compiler/EncodingDetector.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/EncodingDetector.java?rev=1785032=1785031=1785032=diff
==
--- tomcat/trunk/java/org/apache/jasper/compiler/EncodingDetector.java 
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/EncodingDetector.java Wed Mar  
1 20:44:22 2017
@@ -27,6 +27,9 @@ import javax.xml.stream.XMLStreamReader;
 /*
  * The BoM detection is derived from:
  * 
http://svn.us.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/xmlparser/XMLEncodingDetector.java?annotate=1742248
+ *
+ * The prolog is always at least as specific as the BOM therefore any encoding
+ * specified in the prolog should take priority over the BOM.
  */
 class EncodingDetector {
 
@@ -35,7 +38,8 @@ class EncodingDetector {
 XML_INPUT_FACTORY = XMLInputFactory.newFactory();
 }
 
-private final BomResult bomResult;
+private final String encoding;
+private final int skip;
 private final boolean encodingSpecifiedInProlog;
 
 
@@ -50,7 +54,7 @@ class EncodingDetector {
 BufferedInputStream bis = new BufferedInputStream(is, 4);
 bis.mark(4);
 
-bomResult = processBom(bis);
+BomResult bomResult = processBom(bis);
 
 // Reset the stream back to the start to allow the XML prolog detection
 // to work. Skip any BoM we discovered.
@@ -59,17 +63,25 @@ class EncodingDetector {
 is.read();
 }
 
-encodingSpecifiedInProlog = (getPrologEncoding(bis) != null);
+String prologEncoding = getPrologEncoding(bis);
+if (prologEncoding == null) {
+encodingSpecifiedInProlog = false;
+encoding = bomResult.encoding;
+} else {
+encodingSpecifiedInProlog = true;
+encoding = prologEncoding;
+}
+skip = bomResult.skip;
 }
 
 
-String getBomEncoding() {
-return bomResult.encoding;
+String getEncoding() {
+return encoding;
 }
 
 
 int getSkip() {
-return bomResult.skip;
+return skip;
 }
 
 

Modified: tomcat/trunk/java/org/apache/jasper/compiler/ParserController.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/ParserController.java?rev=1785032=1785031=1785032=diff
==
--- tomcat/trunk/java/org/apache/jasper/compiler/ParserController.java 
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/ParserController.java Wed Mar  
1 20:44:22 2017
@@ -321,7 +321,7 @@ class ParserController implements TagCon
 InputStream inStream = JspUtil.getInputStream(absFileName, jar, 
ctxt);
 EncodingDetector encodingDetector = new EncodingDetector(inStream);
 
-sourceEnc = encodingDetector.getBomEncoding();
+sourceEnc = encodingDetector.getEncoding();
 isEncodingSpecifiedInProlog = 
encodingDetector.isEncodingSpecifiedInProlog();
 isBomPresent = (encodingDetector.getSkip() > 0);
 skip = encodingDetector.getSkip();

Modified: tomcat/trunk/test/org/apache/jasper/compiler/TestEncodingDetector.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/jasper/compiler/TestEncodingDetector.java?rev=1785032=1785031=1785032=diff
==
--- tomcat/trunk/test/org/apache/jasper/compiler/TestEncodingDetector.java 
(original)
+++ tomcat/trunk/test/org/apache/jasper/compiler/TestEncodingDetector.java Wed 
Mar  1 20:44:22 2017
@@ -57,6 +57,8 @@ public class TestEncodingDetector extend
 result.add(new Object[] { "bom-utf16le-prolog-utf16be.jspx", 
Integer.valueOf(500), null });
 result.add(new Object[] { "bom-utf16le-prolog-utf16le.jspx", 
Integer.valueOf(200), Boolean.TRUE });
 result.add(new Object[] { "bom-utf16le-prolog-utf8.jspx",
Integer.valueOf(500), null });
+result.add(new Object[] { "bug60769a.jspx",Integer.valueOf(500), 
null });
+result.add(new Object[] { "bug60769b.jspx",Integer.valueOf(200),

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #13 from Markus Malkusch  ---
Then let me add more details to the described case: The intended symetric round
trip behaviour was not given. The Cookie was initially created with the Servlet
API (containing only alphanumeric characters), which sends a Set-Cookie header
without quotes (Set-Cookie: userId=foo;Max-Age=15552000;path=/).

It was the user agent (Dalvik/2.1.0 (Linux; U; Android 5.1; A2 Build/LMY47I))
which then continued to send it back with quotes. I couldn't find anything in
the related RFCs which forbids this, so I assume it's a possible and valid
behaviour.

I think it's wrong in this case to expose those quotes to the application
programmer. It is unexpected and leads to errors in application.

However it is currently a rare case. I observe it once every 5k requests.
Application programmers can easily mitigate the issue themselves, if they only
knew.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |WONTFIX
 Status|REOPENED|RESOLVED

--- Comment #12 from Mark Thomas  ---
This particular behaviour relates to exactly what should be presented to, and
returned from, the Servlet API. The Servlet spec is silent on this issue.

What the Tomcat developers opted for was the general aim of symmetric,
consistent round-trip behaviour. For any valid value it should be possible to
create a Cookie with a given value, add it to the response and then retrieve
the same value from the next request.

For RFC 2109 cookies (anything with an explicit version of 1 or 0)
- unquoted values that require quoting to be valid are automatically quoted and
escaped to make them valid
- any quotes and escaping in received values is retained.

Because of the various edge cases around quoting RFC2109 cookies, keeping the
values as quoted made handling simpler and less likely to do the wrong thing.

The quotes are always removed from received RFC 6265 cookies (anything without
an explicit version of 1 or 0). Tomcat also strips quotes before generating the
Cookie header for RFC 6265 cookies.

Because there is no escaping in RFC 6265 and because quotes are not allowed in
values, removing them was much simpler (and generally is what applications
expect).

There are a lot of edge cases in all of this and no single solution that works
perfectly for everyone. The current behaviour has evolved over a long period of
time to a solution that works for most users, most of the time and
configuration options to cover the majority of edge cases. As such, changes are
unlikely but not impossible (e.b. bug 60627). Ultimately, the last major
refactoring added the CookieProcessor interface which enables any user to
essentially completely customise the cookie handling on a per application
basis.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed

2017-03-01 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-test-nio2 :  Tomcat 8.x, a web server implementing the 
Java Servlet 3.1,
...


Full details are available at:

http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 19 mins 50 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Dexecute.test.nio2=true -Dtest.temp=output/test-tmp-NIO2 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dtest.accesslog=true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.6-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170301.jar
 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20170301/bin/openssl
 -Dexecute.test.nio=false 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dexecute.test.apr=false -Dexecute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170301-native-src.tar.gz
 -Dtest.repor
 ts=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170301-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dtest.excludePerformance=true 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-8.0.x/true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #11 from Markus Malkusch  ---
Yes, I saw that wiki page already and it feels like some hair got lost on
implementing that.

Let me know when you remember the reason and also if you plan to keep it like
that. For me it's not a big deal to remove the quotes in my application. It
happens very rarely, but still I was very surprised when I saw that and I think
it would be better for future developers (or those who didn't notice that yet)
if Tomcat would remove those quotes.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60764] SlowQueryReport causing connection leak

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60764

--- Comment #2 from mark.hou...@sony.com ---
(In reply to Keiichi Fujino from comment #1)
> Hi.
> 
> Does this problem affect only when using SlowQueryReport?
> According to my initial investigation, the same problems seems to be occurred
> even if StatementCache or StatementDecoratorInterceptor is used.

You are right, I just tested using StatementCache and got the same problem.

When I said it only happens with SlowQueryReport, I just meant that it didn't
happen when I don't use SlowQueryReport.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #10 from Mark Thomas  ---
Progress. The quotes are retained and the unit test is removing them before
comparing the actual and expected values. That also looks very deliberate. I
need to remind myself why that is the case.

The handling of cookies has a long history. A summary of a good chunk of it can
be found at https://wiki.apache.org/tomcat/Cookies

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #9 from Mark Thomas  ---
Definitely not a Spring issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #8 from Markus Malkusch  ---
Also please let me know if you agree that I can finally close the issue on
Spring's side.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #7 from Markus Malkusch  ---
I looked also a bit deeper. Parsing that header enters
org.apache.tomcat.util.http.parser.Cookie.readQuotedString(ByteBuffer), which
if I understand correctly will always return the value including the quotes
(start contains the position with the first quote). And from there on I didn't
find anything which would remove the quotes. It looks almost as this was
intentionally.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #6 from Mark Thomas  ---
Let me take a closer look.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1784991 - in /tomcat/site/trunk: docs/security-6.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-6.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/s

2017-03-01 Thread csutherl 
Author: csutherl
Date: Wed Mar  1 16:56:54 2017
New Revision: 1784991

URL: http://svn.apache.org/viewvc?rev=1784991=rev
Log:
Fixing typo on the security pages.

Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1784991=1784990=1784991=diff
==
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Wed Mar  1 16:56:54 2017
@@ -372,7 +372,7 @@
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor can
-   result in information leakage between requests including, not not 
limited
+   result in information leakage between requests including, but not 
limited
to, session ID and the response body.
 
 

Modified: tomcat/site/trunk/docs/security-7.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1784991=1784990=1784991=diff
==
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Wed Mar  1 16:56:54 2017
@@ -398,7 +398,7 @@
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor can
-   result in information leakage between requests including, not not 
limited
+   result in information leakage between requests including, but not 
limited
to, session ID and the response body.
 
 

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1784991=1784990=1784991=diff
==
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Wed Mar  1 16:56:54 2017
@@ -350,7 +350,7 @@
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor can
-   result in information leakage between requests including, not not 
limited
+   result in information leakage between requests including, but not 
limited
to, session ID and the response body.
 
 
@@ -380,7 +380,7 @@
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor can
-   result in information leakage between requests including, not not 
limited
+   result in information leakage between requests including, but not 
limited
to, session ID and the response body.
 
 

Modified: tomcat/site/trunk/docs/security-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1784991=1784990=1784991=diff
==
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Wed Mar  1 16:56:54 2017
@@ -314,7 +314,7 @@
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor can
-   result in information leakage between requests including, not not 
limited
+   result in information leakage between requests including, but not 
limited
to, session ID and the response body.
 
 

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1784991=1784990=1784991=diff
==
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Mar  1 16:56:54 2017
@@ -63,7 +63,7 @@
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor can
-   result in information leakage between requests including, not not 
limited

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

Markus Malkusch  changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|WORKSFORME  |---

--- Comment #5 from Markus Malkusch  ---
So I debugged the request:
I enter org.apache.catalina.connector.Request.parseCookies()
which goes into
org.apache.tomcat.util.http.Rfc6265CookieProcessor.parseCookieHeader(MimeHeaders,
ServerCookies)
MimeHeaders.toString() shows the cookie from the test case:
=== MimeHeaders ===
cookie = $Version="1"; foo="bar";$Path="/";$Domain="www.example.org"

When Request.parseCookies() is finished I see that
Request.coyoteRequest.serverCookies contains one Cookie with the value "bar"
(including quotes). No Spring involved so far. However I can't exculde if
Spring is configuring something to create this behaviour.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #4 from Markus Malkusch  ---
Actually I also don't think Spring is messing around with Cookie parsing, but
something is. The test cases are fine. I double checked by comparing Tomcat's
log on the receiver side. Tomcat receives the Cookie header as sent by the test
cases. I'll start the debugger and come back when I found the cause.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

--- Comment #3 from Mark Thomas  ---
I tested 9.0.x trunk and 8.5.x trunk. Both worked as expected.

Personally, I'd start with your test case and look at exactly what header
values are being sent. I'd be surprised if Spring Boot is playing a role in
Cookie handling.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1784981 - in /tomcat/tc8.5.x/trunk: ./ test/org/apache/tomcat/util/http/TestCookies.java

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 16:05:07 2017
New Revision: 1784981

URL: http://svn.apache.org/viewvc?rev=1784981=rev
Log:
Add a test case based on the report in bug 60788.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/http/TestCookies.java

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar  1 16:05:07 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
 
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
 
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,1762168,176217

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

Markus Malkusch  changed:

   What|Removed |Added

URL||https://github.com/spring-p
   ||rojects/spring-boot/issues/
   ||8430

--- Comment #2 from Markus Malkusch  ---
Thanks for your effort. I'll then will reopen the ticket on Spring's side as
it's more likely an issue there. In your testcase, did you also use
Tomcat-8.5.11?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60784] HTTP status line tests ignore trailing space after status code in status line (incomplete RFC test)

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60784

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #3 from Mark Thomas  ---
Thanks. Patch applied.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1784969 - in /tomcat/tc7.0.x/trunk: ./ test/org/apache/catalina/connector/TestKeepAliveCount.java test/org/apache/catalina/startup/SimpleHttpClient.java webapps/docs/changelog.xml

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 15:20:31 2017
New Revision: 1784969

URL: http://svn.apache.org/viewvc?rev=1784969=rev
Log:
Update all unit tests that test the HTTP status line to check for the required 
space after the status code.
Patch provided by Michael Osipov.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar  1 15:20:31 2017
@@ -1,3 +1,3 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702
 
742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1
 
726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188

svn commit: r1784966 - in /tomcat/tc8.0.x/trunk: ./ test/org/apache/catalina/connector/TestKeepAliveCount.java test/org/apache/catalina/startup/SimpleHttpClient.java webapps/docs/changelog.xml

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 15:17:30 2017
New Revision: 1784966

URL: http://svn.apache.org/viewvc?rev=1784966=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60784
Update all unit tests that test the HTTP status line to check for the required 
space after the status code.
Patch provided by Michael Osipov.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java
tomcat/tc8.0.x/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar  1 15:17:30 2017
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1784964 - in /tomcat/tc8.5.x/trunk: ./ test/org/apache/catalina/connector/TestKeepAliveCount.java test/org/apache/catalina/startup/SimpleHttpClient.java test/org/apache/coyote/http2/Http2

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 15:15:41 2017
New Revision: 1784964

URL: http://svn.apache.org/viewvc?rev=1784964=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60784
Update all unit tests that test the HTTP status line to check for the required 
space after the status code.
Patch provided by Michael Osipov.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java
tomcat/tc8.5.x/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java
tomcat/tc8.5.x/trunk/test/org/apache/coyote/http2/Http2TestBase.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar  1 15:15:41 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
 
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
 
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,1762168,176217

svn commit: r1784963 - in /tomcat/trunk: test/org/apache/catalina/connector/TestKeepAliveCount.java test/org/apache/catalina/startup/SimpleHttpClient.java test/org/apache/coyote/http2/Http2TestBase.ja

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 15:12:38 2017
New Revision: 1784963

URL: http://svn.apache.org/viewvc?rev=1784963=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60784
Update all unit tests that test the HTTP status line to check for the required 
space after the status code.
Patch provided by Michael Osipov.

Modified:
tomcat/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java
tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java
tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java?rev=1784963=1784962=1784963=diff
==
--- tomcat/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java 
(original)
+++ tomcat/trunk/test/org/apache/catalina/connector/TestKeepAliveCount.java Wed 
Mar  1 15:12:38 2017
@@ -109,7 +109,7 @@ public class TestKeepAliveCount extends
 
 for (int i=0; i<5; i++) {
 processRequest(false); // blocks until response has been read
-assertTrue(getResponseLine()!=null && 
getResponseLine().trim().startsWith("HTTP/1.1 200"));
+assertTrue(getResponseLine()!=null && 
getResponseLine().startsWith("HTTP/1.1 200 "));
 }
 boolean passed = (this.readLine()==null);
 // Close the connection

Modified: tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java?rev=1784963=1784962=1784963=diff
==
--- tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java 
(original)
+++ tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java Wed Mar 
 1 15:12:38 2017
@@ -46,18 +46,18 @@ public abstract class SimpleHttpClient {
 public static final String LF = "\n";
 public static final String CRLF = CR + LF;
 
-public static final String INFO_100 = "HTTP/1.1 100";
-public static final String OK_200 = "HTTP/1.1 200";
-public static final String REDIRECT_302 = "HTTP/1.1 302";
-public static final String REDIRECT_303 = "HTTP/1.1 303";
-public static final String FAIL_400 = "HTTP/1.1 400";
-public static final String FAIL_404 = "HTTP/1.1 404";
-public static final String TIMEOUT_408 = "HTTP/1.1 408";
-public static final String FAIL_413 = "HTTP/1.1 413";
-public static final String FAIL_417 = "HTTP/1.1 417";
+public static final String INFO_100 = "HTTP/1.1 100 ";
+public static final String OK_200 = "HTTP/1.1 200 ";
+public static final String REDIRECT_302 = "HTTP/1.1 302 ";
+public static final String REDIRECT_303 = "HTTP/1.1 303 ";
+public static final String FAIL_400 = "HTTP/1.1 400 ";
+public static final String FAIL_404 = "HTTP/1.1 404 ";
+public static final String TIMEOUT_408 = "HTTP/1.1 408 ";
+public static final String FAIL_413 = "HTTP/1.1 413 ";
+public static final String FAIL_417 = "HTTP/1.1 417 ";
 public static final String FAIL_50X = "HTTP/1.1 50";
-public static final String FAIL_500 = "HTTP/1.1 500";
-public static final String FAIL_501 = "HTTP/1.1 501";
+public static final String FAIL_500 = "HTTP/1.1 500 ";
+public static final String FAIL_501 = "HTTP/1.1 501 ";
 
 private static final String CONTENT_LENGTH_HEADER_PREFIX =
 "Content-Length: ";

Modified: tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java?rev=1784963=1784962=1784963=diff
==
--- tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java Wed Mar  1 
15:12:38 2017
@@ -545,7 +545,7 @@ public abstract class Http2TestBase exte
 if (responseHeaders.length < 3) {
 return false;
 }
-if (!responseHeaders[0].startsWith("HTTP/1.1 101")) {
+if (!responseHeaders[0].startsWith("HTTP/1.1 101 ")) {
 return false;
 }
 
@@ -617,7 +617,7 @@ public abstract class Http2TestBase exte
 
 void parseHttp11Response() throws IOException {
 String[] responseHeaders = readHttpResponseHeaders();
-Assert.assertTrue(responseHeaders[0], 
responseHeaders[0].startsWith("HTTP/1.1 200"));
+Assert.assertTrue(responseHeaders[0], 
responseHeaders[0].startsWith("HTTP/1.1 200 "));
 
 // Find the content length (chunked responses not handled)
 for (int i = 1; i < responseHeaders.length; i++) {

Modified:

[Bug 60784] HTTP status line tests ignore trailing space after status code in status line (incomplete RFC test)

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60784

--- Comment #2 from Michael Osipov <1983-01...@gmx.net> ---
(In reply to Mark Thomas from comment #1)
> The tests in question aren't (explicitly) testing the format of the status
> line. They are testing that the correct status code is returned.
> 
> I don't see any harm in expanding the tests to check for the space. I'll
> apply the patch shortly.

That's true, but some other tests do include the space character. This simply
cleans up the remaining tests and adds the extra check for free. It is rather
trivial.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1784959 - /tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java

2017-03-01 Thread Coty Sutherland 
On Wed, Mar 1, 2017 at 9:55 AM, Mark Thomas  wrote:
> On 01/03/17 14:54, csuth...@apache.org wrote:
>> Author: csutherl
>> Date: Wed Mar  1 14:54:38 2017
>> New Revision: 1784959
>>
>> URL: http://svn.apache.org/viewvc?rev=1784959=rev
>> Log:
>> Follow up to r1784807.
>> Removing PushToken class reference as it was deleted by r1784807.
>
> Nice catch.
>
> Thanks.

No problem :)

> Mark
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1784959 - /tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java

2017-03-01 Thread Mark Thomas 
On 01/03/17 14:54, csuth...@apache.org wrote:
> Author: csutherl
> Date: Wed Mar  1 14:54:38 2017
> New Revision: 1784959
> 
> URL: http://svn.apache.org/viewvc?rev=1784959=rev
> Log:
> Follow up to r1784807.
> Removing PushToken class reference as it was deleted by r1784807.

Nice catch.

Thanks.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1784959 - /tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java

2017-03-01 Thread csutherl 
Author: csutherl
Date: Wed Mar  1 14:54:38 2017
New Revision: 1784959

URL: http://svn.apache.org/viewvc?rev=1784959=rev
Log:
Follow up to r1784807.
Removing PushToken class reference as it was deleted by r1784807.

Modified:

tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1784959=1784958=1784959=diff
==
--- 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java 
(original)
+++ 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java 
Wed Mar  1 14:54:38 2017
@@ -166,7 +166,6 @@ public final class SecurityClassLoad {
 private static final void loadCoyotePackage(ClassLoader loader)
 throws Exception {
 final String basePackage = "org.apache.coyote.";
-loader.loadClass(basePackage + "PushToken");
 loader.loadClass(basePackage + "http11.Constants");
 // Make sure system property is read at this point
 Class clazz = loader.loadClass(basePackage + "Constants");



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60784] HTTP status line tests ignore trailing space after status code in status line (incomplete RFC test)

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60784

--- Comment #1 from Mark Thomas  ---
The tests in question aren't (explicitly) testing the format of the status
line. They are testing that the correct status code is returned.

I don't see any harm in expanding the tests to check for the space. I'll apply
the patch shortly.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60788

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |WORKSFORME
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
I've converted the provided cookie header into a Tomcat test case and the value
is returned unquoted with both the Rfc6265CookieProcessor and the
LegacyCookieProcessor.

There is variation for the path and the domain. They are returned unquoted with
the Legacy processor but quoted with the RFC6265 processor.

It looks like there is something odd going on with your SSCCE.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1784956 - /tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 14:49:59 2017
New Revision: 1784956

URL: http://svn.apache.org/viewvc?rev=1784956=rev
Log:
Add a test case based on the report in bug 60788.

Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1784956=1784955=1784956=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Wed Mar  1 
14:49:59 2017
@@ -470,6 +470,33 @@ public class TestCookies {
 test(true, "$Version=1;x\tx=yyy,foo=bar;a=b", FOO, A);
 }
 
+@Test
+public void testBug60788Rfc6265() {
+doTestBug60788(true);
+}
+
+@Test
+public void testBug60788Rfc2109() {
+doTestBug60788(false);
+}
+
+private void doTestBug60788(boolean useRfc6265) {
+Cookie expected = new Cookie("userId", "foo");
+expected.setVersion(1);
+if (useRfc6265) {
+expected.setDomain("\"www.example.org\"");
+expected.setPath("\"/\"");
+} else {
+// The legacy processor removes the quotes for domain and path
+expected.setDomain("www.example.org");
+expected.setPath("/");
+}
+
+test(useRfc6265, "$Version=\"1\"; 
userId=\"foo\";$Path=\"/\";$Domain=\"www.example.org\"",
+expected);
+}
+
+
 private void test(boolean useRfc6265, String header, Cookie... expected) {
 MimeHeaders mimeHeaders = new MimeHeaders();
 ServerCookies serverCookies = new ServerCookies(4);



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Default character encoding to be UTF-8 for 9.0.x

2017-03-01 Thread Enrico Olivelli 
My two cents...
It would be great! The backport to 8.5 too

I always need to add some filter or some lines of code to every servlet.

Enrico

Il mer 1 mar 2017, 14:31 Mark Thomas  ha scritto:

> Servlet 4.0 adds the ability to set a default request character encoding
> and a default response character encoding in web.xml and
> programmatically. The spec allows containers to specify their own
> defaults via vendor specific config. We can do this via conf/web.xml.
>
> Therefore, I would like to propose we configure, via conf/web.xml, UTF-8
> as the default request and default response character encoding.
>
> Thoughts, comments and/or objections?
>
> Mark
>
> P.S. Because of the way this is implemented, we could do something
> similar with 8.5.x as well via conf/context.xml
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
> --


-- Enrico Olivelli

[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-test-nio2 (in module tomcat-8.0.x) failed

2017-03-01 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community 
integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-test-nio2 :  Tomcat 8.x, a web server implementing the 
Java Servlet 3.1,
...


Full details are available at:

http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-8.0.x/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-8.0.x/tomcat-tc8.0.x-test-nio2/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 20 mins 9 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dbase.path=/srv/gump/public/workspace/tomcat-8.0.x/tomcat-build-libs 
-Dexecute.test.nio2=true -Dtest.temp=output/test-tmp-NIO2 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dtest.accesslog=true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.6-SNAPSHOT.jar
 -Dexamples.sources.skip=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20170301.jar
 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-1.0.2/dest-20170301/bin/openssl
 -Dexecute.test.nio=false 
-Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dexecute.test.apr=false -Dexecute.test.bio=false 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170301-native-src.tar.gz
 -Dtest.repor
 ts=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20170301-native-src.tar.gz
 -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true -Dtest.excludePerformance=true 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-8.0.x/true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-8.0.x/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-8.0.x/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-8.0.x

svn commit: r1784933 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html xdocs/security-7.xml xdocs/security-8.xml

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 13:48:39 2017
New Revision: 1784933

URL: http://svn.apache.org/viewvc?rev=1784933=rev
Log:
Add info on CVE-2017-6056 to the not a vulnerability in Tomcat section

Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml

Modified: tomcat/site/trunk/docs/security-7.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1784933=1784932=1784933=diff
==
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Wed Mar  1 13:48:39 2017
@@ -2250,6 +2250,46 @@
   
 
 
+Important: Denial of Service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6056; 
rel="nofollow">CVE-2017-6056
+
+
+
+In February 2015 a single user reported high CPU usage (https://bz.apache.org/bugzilla/show_bug.cgi?id=57544;>57544)
+   which was traced to a tight loop. However, it was not clear how the
+   conditions necessary to enter the loop were being created. There was no
+   evidence that indicated that the loop was user triggerable. The only
+   potential paths identified by code inspection depended on application
+   bugs (retaining references to request objects and accessing after the
+   request had completed).
+
+
+It was (and still is) believed that an application bug was the most
+   likely root cause. Therefore, https://bz.apache.org/bugzilla/show_bug.cgi?id=57544;>57544 was not 
treated as a DoS
+   vulnerability.
+
+
+In November 2016, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816; 
rel="nofollow">CVE-2016-6816 was announced. When downstream
+   distributions, notably Debian, back-ported the fix for
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816; 
rel="nofollow">CVE-2016-6816 they inadvertently make it trivial for users to
+   trigger the tight loop from https://bz.apache.org/bugzilla/show_bug.cgi?id=57544;>57544. This 
made a DoS attack
+   trivial to mount and resulted in multiple reports of problems including
+   https://bz.apache.org/bugzilla/show_bug.cgi?id=60578;>60578 and https://bz.apache.org/bugzilla/show_bug.cgi?id=60581;>60581.
+
+
+Tomcat releases from the Apache Software Foundation were not affected as
+   the ASF did not release any versions that contained the fix for
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816; 
rel="nofollow">CVE-2016-6816 but not the fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=57544;>57544.
+
+
+This issue was first announced on 13 February 2017.
+
+
+Affects: Debian, Ubuntu and potentially other downstream
+   distributions.
+
+
+
 Low: Denial Of Service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5568; 
rel="nofollow">CVE-2012-5568
 

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1784933=1784932=1784933=diff
==
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Wed Mar  1 13:48:39 2017
@@ -1378,6 +1378,46 @@
 
 
 
+Important: Denial of Service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6056; 
rel="nofollow">CVE-2017-6056
+
+
+
+In February 2015 a single user reported high CPU usage (https://bz.apache.org/bugzilla/show_bug.cgi?id=57544;>57544)
+   which was traced to a tight loop. However, it was not clear how the
+   conditions necessary to enter the loop were being created. There was no
+   evidence that indicated that the loop was user triggerable. The only
+   potential paths identified by code inspection depended on application
+   bugs (retaining references to request objects and accessing after the
+   request had completed).
+
+
+It was (and still is) believed that an application bug was the most
+   likely root cause. Therefore, https://bz.apache.org/bugzilla/show_bug.cgi?id=57544;>57544 was not 
treated as a DoS
+   vulnerability.
+
+
+In November 2016, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816; 
rel="nofollow">CVE-2016-6816 was announced. When downstream
+   distributions, notably Debian, back-ported the fix for
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816; 
rel="nofollow">CVE-2016-6816 they inadvertently make it trivial for users to
+   trigger the tight loop from https://bz.apache.org/bugzilla/show_bug.cgi?id=57544;>57544. This 
made a DoS attack
+   trivial to mount and resulted in multiple reports of problems including
+   https://bz.apache.org/bugzilla/show_bug.cgi?id=60578;>60578 and https://bz.apache.org/bugzilla/show_bug.cgi?id=60581;>60581.
+
+
+Tomcat releases

Default character encoding to be UTF-8 for 9.0.x

2017-03-01 Thread Mark Thomas 
Servlet 4.0 adds the ability to set a default request character encoding
and a default response character encoding in web.xml and
programmatically. The spec allows containers to specify their own
defaults via vendor specific config. We can do this via conf/web.xml.

Therefore, I would like to propose we configure, via conf/web.xml, UTF-8
as the default request and default response character encoding.

Thoughts, comments and/or objections?

Mark

P.S. Because of the way this is implemented, we could do something
similar with 8.5.x as well via conf/context.xml


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1784929 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/ java/org/apache/catalina/connector/ java/org/apache/catalina/core/ java/org/apache/catalina/servlet4preview/ java/org/apac

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 13:23:36 2017
New Revision: 1784929

URL: http://svn.apache.org/viewvc?rev=1784929=rev
Log:
Servlet 4.0
New methods on the ServletContext to enable the default request and response 
character encodings to be set per web application.
Deployment descriptor changes not back-ported since that would require shipping 
the draft Servlet 4 schemas in the Servlet 3.1 implementation.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/Context.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Request.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Response.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/ApplicationContext.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardContext.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/servlet4preview/ServletContext.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/startup/FailedContext.java
tomcat/tc8.5.x/trunk/java/org/apache/coyote/Request.java
tomcat/tc8.5.x/trunk/java/org/apache/coyote/Response.java
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/unittest/TesterContext.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar  1 13:23:36 2017
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
 
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1

svn commit: r1784926 - in /tomcat/trunk: java/javax/servlet/ java/javax/servlet/resources/ java/org/apache/catalina/ java/org/apache/catalina/connector/ java/org/apache/catalina/core/ java/org/apache/

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 13:10:42 2017
New Revision: 1784926

URL: http://svn.apache.org/viewvc?rev=1784926=rev
Log:
Servlet 4.0
New elements for the deployment descriptor and new methods on the 
ServletContext to enable the default request and response character encodings 
to be set per web application.

Modified:
tomcat/trunk/java/javax/servlet/ServletContext.java
tomcat/trunk/java/javax/servlet/ServletRequest.java
tomcat/trunk/java/javax/servlet/ServletResponse.java
tomcat/trunk/java/javax/servlet/resources/web-app_4_0.xsd
tomcat/trunk/java/org/apache/catalina/Context.java
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catalina/connector/Response.java
tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
tomcat/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java
tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
tomcat/trunk/java/org/apache/catalina/startup/FailedContext.java
tomcat/trunk/java/org/apache/coyote/Request.java
tomcat/trunk/java/org/apache/coyote/Response.java
tomcat/trunk/java/org/apache/jasper/servlet/JspCServletContext.java
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/WebRuleSet.java
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/WebXml.java
tomcat/trunk/test/org/apache/tomcat/unittest/TesterContext.java
tomcat/trunk/test/org/apache/tomcat/unittest/TesterServletContext.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/javax/servlet/ServletContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/ServletContext.java?rev=1784926=1784925=1784926=diff
==
--- tomcat/trunk/java/javax/servlet/ServletContext.java (original)
+++ tomcat/trunk/java/javax/servlet/ServletContext.java Wed Mar  1 13:10:42 2017
@@ -1013,4 +1013,82 @@ public interface ServletContext {
  * @since Servlet 4.0
  */
 public void setSessionTimeout(int sessionTimeout);
+
+/**
+ * Get the default character encoding for reading request bodies.
+ *
+ * @return The character encoding name or {@code null} if no default has
+ * been specified
+ *
+ * @throws UnsupportedOperationExceptionIf called from a
+ *{@link 
ServletContextListener#contextInitialized(ServletContextEvent)}
+ *method of a {@link ServletContextListener} that was not defined in a
+ *web.xml file, a web-fragment.xml file nor annotated with
+ *{@link javax.servlet.annotation.WebListener}. For example, a
+ *{@link ServletContextListener} defined in a TLD would not be able to
+ *use this method.
+ *
+ * @since Servlet 4.0
+ */
+public String getRequestCharacterEncoding();
+
+/**
+ * Set the default character encoding to use for reading request bodies.
+ * Calling this method will over-ride any value set in the deployment
+ * descriptor.
+ *
+ * @param encoding The name of the character encoding to use
+ *
+ * @throws UnsupportedOperationExceptionIf called from a
+ *{@link 
ServletContextListener#contextInitialized(ServletContextEvent)}
+ *method of a {@link ServletContextListener} that was not defined in a
+ *web.xml file, a web-fragment.xml file nor annotated with
+ *{@link javax.servlet.annotation.WebListener}. For example, a
+ *{@link ServletContextListener} defined in a TLD would not be able to
+ *use this method.
+ * @throws IllegalStateException If the ServletContext has already been
+ * initialised
+ *
+ * @since Servlet 4.0
+ */
+public void setRequestCharacterEncoding(String encoding);
+
+/**
+ * Get the default character encoding for writing response bodies.
+ *
+ * @return The character encoding name or {@code null} if no default has
+ * been specified
+ *
+ * @throws UnsupportedOperationExceptionIf called from a
+ *{@link 
ServletContextListener#contextInitialized(ServletContextEvent)}
+ *method of a {@link ServletContextListener} that was not defined in a
+ *web.xml file, a web-fragment.xml file nor annotated with
+ *{@link javax.servlet.annotation.WebListener}. For example, a
+ *{@link ServletContextListener} defined in a TLD would not be able to
+ *use this method.
+ *
+ * @since Servlet 4.0
+ */
+public String getResponseCharacterEncoding();
+
+/**
+ * Set the default character encoding to use for writing response bodies.
+ * Calling this method will over-ride any value set in the deployment
+ * descriptor.
+ *
+ * @param encoding The name of the character

svn commit: r1784911 - /tomcat/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java

2017-03-01 Thread markt 
Author: markt
Date: Wed Mar  1 11:08:26 2017
New Revision: 1784911

URL: http://svn.apache.org/viewvc?rev=1784911=rev
Log:
Fix copy/paste error

Modified:
tomcat/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java

Modified: 
tomcat/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java?rev=1784911=1784910=1784911=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationContextFacade.java 
Wed Mar  1 11:08:26 2017
@@ -794,7 +794,7 @@ public class ApplicationContextFacade im
 @Override
 public void setSessionTimeout(int sessionTimeout) {
 if (SecurityUtil.isPackageProtectionEnabled()) {
-doPrivileged("getSessionTimeout", new Object[] { 
Integer.valueOf(sessionTimeout) });
+doPrivileged("setSessionTimeout", new Object[] { 
Integer.valueOf(sessionTimeout) });
 } else  {
 context.setSessionTimeout(sessionTimeout);
 }



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60764] SlowQueryReport causing connection leak

2017-03-01 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60764

Keiichi Fujino  changed:

   What|Removed |Added

 OS||All

--- Comment #1 from Keiichi Fujino  ---
Hi.

Does this problem affect only when using SlowQueryReport?
According to my initial investigation, the same problems seems to be occurred
even if StatementCache or StatementDecoratorInterceptor is used.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org