[Bug 65112] Measure my PD | PD Measurement | Pupils Distance | Get PD

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65112

Azat  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED
 OS||All

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65112] New: Measure my PD | PD Measurement | Pupils Distance | Get PD

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65112

Bug ID: 65112
   Summary: Measure my PD | PD Measurement | Pupils Distance | Get
PD
   Product: Tomcat 7
   Version: 7.0.106
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: kerelyn...@gmail.com
  Target Milestone: ---

Have you tried PD measurement before buying eyeglasses online? Know how to
measure Pupillary Distance & get your perfect Pupil to Pupil Distance from
www.pupilsdistance.com . Pupillary distance (PD) is the measurement of the
distance between the centers of your pupils. This number is important when
ordering prescription eyeglasses because it helps to choose the eyeglasses of
best comfort. If your pupils distance does not match with your eyeglass where
the centers of your pupils are, your vision can be affected– Similar to wearing
someone else's eyeglasses. The wrong PD can produce eye strain, fatigue,
headaches and blurry vision. If you have a high prescription and the wrong PD
these symptoms are often much worse. So, get you exact PD before buying eyewear
onli

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Can't save edit to Confluence page

2021-01-28 Thread Mark Thomas 
On 28/01/2021 22:08, Mark Thomas wrote:
> On 28/01/2021 22:04, Christopher Schultz wrote:
>> All,
>>
>> I'm trying to update this page in Confluence:
>>
>> https://cwiki.apache.org/confluence/display/TOMCAT/TomcatCon+2021-02
>>
>> I've added my own name + availability, and some stuff to the table at
>> the bottom. I'm logged-in. Whenever I click "Update" it just says
>> "Unable to communicate with server. Saving is not possible at the moment.".
>>
>> I seem to be able to do other things.
>>
>> The worst part of the process was adding my availability because it's
>> done using able-cell backgrounds which can't really be copy/pasted.
>>
>> When I click "edit", I can see my edits.
>>
>> I just can't save/publish them.
>>
>> Any ideas?
> 
> None. I can see those changes too so they are saved *somewhere* server
> side. It looks like I might be able to save them but I get the same
> error message if I try.

You are not going to believe this. Removing that smiley character fixed
it (thanks Google). I've saved the page. Worth checking all your edits
made it.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Can't save edit to Confluence page

2021-01-28 Thread Mark Thomas 
On 28/01/2021 22:04, Christopher Schultz wrote:
> All,
> 
> I'm trying to update this page in Confluence:
> 
> https://cwiki.apache.org/confluence/display/TOMCAT/TomcatCon+2021-02
> 
> I've added my own name + availability, and some stuff to the table at
> the bottom. I'm logged-in. Whenever I click "Update" it just says
> "Unable to communicate with server. Saving is not possible at the moment.".
> 
> I seem to be able to do other things.
> 
> The worst part of the process was adding my availability because it's
> done using able-cell backgrounds which can't really be copy/pasted.
> 
> When I click "edit", I can see my edits.
> 
> I just can't save/publish them.
> 
> Any ideas?

None. I can see those changes too so they are saved *somewhere* server
side. It looks like I might be able to save them but I get the same
error message if I try.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Can't save edit to Confluence page

2021-01-28 Thread Christopher Schultz 

All,

I'm trying to update this page in Confluence:

https://cwiki.apache.org/confluence/display/TOMCAT/TomcatCon+2021-02

I've added my own name + availability, and some stuff to the table at 
the bottom. I'm logged-in. Whenever I click "Update" it just says 
"Unable to communicate with server. Saving is not possible at the moment.".


I seem to be able to do other things.

The worst part of the process was adding my availability because it's 
done using able-cell backgrounds which can't really be copy/pasted.


When I click "edit", I can see my edits.

I just can't save/publish them.

Any ideas?

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add a new utility method to test if a path is an absolute URI

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 195d073ff8b5d3c463ff4b3f796a0e4b6f1f5292
Author: Mark Thomas 
AuthorDate: Thu Jan 28 17:07:22 2021 +

Add a new utility method to test if a path is an absolute URI
---
 java/org/apache/tomcat/util/buf/UriUtil.java   | 35 ++
 .../tomcat/util/buf/TestUriUtilIsAbsoluteURI.java  | 77 ++
 2 files changed, 112 insertions(+)

diff --git a/java/org/apache/tomcat/util/buf/UriUtil.java 
b/java/org/apache/tomcat/util/buf/UriUtil.java
index f88bc9d..374814b 100644
--- a/java/org/apache/tomcat/util/buf/UriUtil.java
+++ b/java/org/apache/tomcat/util/buf/UriUtil.java
@@ -193,4 +193,39 @@ public final class UriUtil {
 public static String getWarSeparator() {
 return WAR_SEPARATOR;
 }
+
+
+/**
+ * Does the provided path start with file:/ or
+ * protocol://.
+ *
+ * @param path The path to test
+ *
+ * @return {@code} if the supplied path starts with once of the recognised
+ * sequences.
+ */
+public static boolean isAbsoluteURI(String path) {
+// Special case as only a single /
+if (path.startsWith("file:/")) {
+return true;
+}
+
+// Start at the beginning of the path and skip over any valid protocol
+// characters
+int i = 0;
+while (i < path.length() && isSchemeChar(path.charAt(i))) {
+i++;
+}
+// Need at least one protocol character. False positives with Windows
+// drives such as C:/... will be caught by the later test for "://"
+if (i == 0) {
+return false;
+}
+// path starts with something that might be a protocol. Look for a
+// following "://"
+if (i + 2 < path.length() && path.charAt(i++) == ':' && 
path.charAt(i++) == '/' && path.charAt(i) == '/') {
+return true;
+}
+return false;
+}
 }
diff --git a/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java 
b/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java
new file mode 100644
index 000..f1ede74
--- /dev/null
+++ b/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.buf;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+
+
+@RunWith(Parameterized.class)
+public class TestUriUtilIsAbsoluteURI {
+
+@Parameterized.Parameters(name = "{index}: path[{0}], expected[{1}]")
+public static Collection parameters() {
+
+List parameterSets = new ArrayList<>();
+
+parameterSets.add(new Object[] { "", Boolean.FALSE } );
+
+parameterSets.add(new Object[] { "h", Boolean.FALSE } );
+parameterSets.add(new Object[] { "ht", Boolean.FALSE } );
+parameterSets.add(new Object[] { "htt", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http:", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http:/", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http://;, Boolean.TRUE } );
+parameterSets.add(new Object[] { "http://foo;, Boolean.TRUE } );
+
+parameterSets.add(new Object[] { "f", Boolean.FALSE } );
+parameterSets.add(new Object[] { "fi", Boolean.FALSE } );
+parameterSets.add(new Object[] { "fil", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file:", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file:/", Boolean.TRUE } );
+parameterSets.add(new Object[] { "file://", Boolean.TRUE } );
+
+parameterSets.add(new Object[] { "c", Boolean.FALSE } );
+parameterSets.add(new Object[] { "c:", Boolean.FALSE } );
+parameterSets.add(new

[tomcat] 02/02: Fix bug 65106. Don't try to treat absolute URIs as files

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit e8626d73b1df78c236d3e06dc878344c5a5ad73b
Author: remm 
AuthorDate: Thu Jan 28 22:12:01 2021 +0100

Fix bug 65106. Don't try to treat absolute URIs as files

Not that the InvalidPathException catch block was removed as valid
file:/... URIs will now skip the File and class loader block and be
processed just as URIs.
---
 .../apache/tomcat/util/file/ConfigFileLoader.java  | 22 +-
 webapps/docs/changelog.xml |  8 
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/java/org/apache/tomcat/util/file/ConfigFileLoader.java 
b/java/org/apache/tomcat/util/file/ConfigFileLoader.java
index 7cd66ab..54631b2 100644
--- a/java/org/apache/tomcat/util/file/ConfigFileLoader.java
+++ b/java/org/apache/tomcat/util/file/ConfigFileLoader.java
@@ -24,6 +24,7 @@ import java.io.InputStream;
 import java.net.URI;
 import java.net.URL;
 
+import org.apache.tomcat.util.buf.UriUtil;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -69,15 +70,18 @@ public class ConfigFileLoader {
  * provided location
  */
 public static InputStream getInputStream(String location) throws 
IOException {
-// Location was originally always a file before URI support was added 
so
-// try file first.
-
-File f = new File(location);
-if (!f.isAbsolute()) {
-f = new File(CATALINA_BASE_FILE, location);
-}
-if (f.isFile()) {
-return new FileInputStream(f);
+// Originally only File was supported. Class loader and URI were added
+// later. However (see bug 65106) treating some URIs as files can cause
+// problems. Therefore, if path starts with a valid URI scheme then 
skip
+// straight to processing this as a URI.
+if (!UriUtil.isAbsoluteURI(location)) {
+File f = new File(location);
+if (!f.isAbsolute()) {
+f = new File(CATALINA_BASE_FILE, location);
+}
+if (f.isFile()) {
+return new FileInputStream(f);
+}
 }
 
 // File didn't work so try URI.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e6abb85..35e4475 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+65106: Fix the ConfigFileLoader handling of file URIs when
+running under a security manager on some JREs. (markt)
+  
+
+  
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (19f5a7a -> e8626d7)

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 19f5a7a  65111: Free direct buffers
 new 195d073  Add a new utility method to test if a path is an absolute URI
 new e8626d7  Fix bug 65106. Don't try to treat absolute URIs as files

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/tomcat/util/buf/UriUtil.java   | 35 ++
 .../apache/tomcat/util/file/ConfigFileLoader.java  | 22 ---
 .../tomcat/util/buf/TestUriUtilIsAbsoluteURI.java  | 77 ++
 webapps/docs/changelog.xml |  8 +++
 4 files changed, 133 insertions(+), 9 deletions(-)
 create mode 100644 
test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Increment version to 9.0.44 for next dev cycle

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new aeaa868  Increment version to 9.0.44 for next dev cycle
aeaa868 is described below

commit aeaa86806461e7773680825d173e71d9c0593694
Author: Mark Thomas 
AuthorDate: Thu Jan 28 20:52:08 2021 +

Increment version to 9.0.44 for next dev cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index aa5b178..5e89a79 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=9
 version.minor=0
-version.build=43
+version.build=44
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 1157a85..5e534fe 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=9.0.43
+maven.asf.release.deploy.version=9.0.44
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f74008b..e3bad55 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 9.0.43

2021-01-28 Thread Mark Thomas 
The proposed Apache Tomcat 9.0.43 release is now available for voting.

The notable changes compared to the 9.0.41 release are:

- Add support for using Unix domain sockets for NIO when running on
  Java 16 or later.

- Add a new StringInterpreter interface that allows applications to
  provide customised string attribute value to type conversion within
  JSPs. This allows applications to provide a conversion
  implementation that is optimised for the application.

- Add peerAddress to coyote request, which contains the IP address of
  the direct connection peer. If a reverse proxy sits in front of
  Tomcat and the protocol used is AJP or HTTP in combination with the
  RemoteIp(Valve|Filter), the peer address might differ from the
  remoteAddress. The latter then contains the address of the client in
  front of the reverse proxy, not the address of the proxy itself.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.43/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1297/
The tag is:
https://github.com/apache/tomcat/tree/9.0.43
dc8bcd9c0704235319d322ca3d4c32263a054766

The proposed 9.0.43 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.43

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r45632 - in /dev/tomcat/tomcat-9/v9.0.43: ./ bin/ bin/embed/ src/

2021-01-28 Thread markt 
Author: markt
Date: Thu Jan 28 20:42:38 2021
New Revision: 45632

Log:
Upload Apache Tomcat 9.0.43 for voting

Added:
dev/tomcat/tomcat-9/v9.0.43/
dev/tomcat/tomcat-9/v9.0.43/KEYS
dev/tomcat/tomcat-9/v9.0.43/README.html
dev/tomcat/tomcat-9/v9.0.43/RELEASE-NOTES
dev/tomcat/tomcat-9/v9.0.43/bin/
dev/tomcat/tomcat-9/v9.0.43/bin/README.html
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-deployer.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-deployer.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-deployer.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-deployer.zip.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-deployer.zip.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-fulldocs.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-windows-x64.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-windows-x64.zip.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-windows-x64.zip.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-windows-x86.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-windows-x86.zip.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43-windows-x86.zip.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.exe   (with props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.exe.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.exe.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz   (with props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.zip   (with props)
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.zip.asc
dev/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.zip.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/embed/
dev/tomcat/tomcat-9/v9.0.43/bin/embed/apache-tomcat-9.0.43-embed.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.43/bin/embed/apache-tomcat-9.0.43-embed.tar.gz.asc

dev/tomcat/tomcat-9/v9.0.43/bin/embed/apache-tomcat-9.0.43-embed.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.43/bin/embed/apache-tomcat-9.0.43-embed.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.43/bin/embed/apache-tomcat-9.0.43-embed.zip.asc
dev/tomcat/tomcat-9/v9.0.43/bin/embed/apache-tomcat-9.0.43-embed.zip.sha512
dev/tomcat/tomcat-9/v9.0.43/src/
dev/tomcat/tomcat-9/v9.0.43/src/apache-tomcat-9.0.43-src.tar.gz   (with 
props)
dev/tomcat/tomcat-9/v9.0.43/src/apache-tomcat-9.0.43-src.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.43/src/apache-tomcat-9.0.43-src.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.43/src/apache-tomcat-9.0.43-src.zip   (with props)
dev/tomcat/tomcat-9/v9.0.43/src/apache-tomcat-9.0.43-src.zip.asc
dev/tomcat/tomcat-9/v9.0.43/src/apache-tomcat-9.0.43-src.zip.sha512

Added: dev/tomcat/tomcat-9/v9.0.43/KEYS
==
--- dev/tomcat/tomcat-9/v9.0.43/KEYS (added)
+++ dev/tomcat/tomcat-9/v9.0.43/KEYS Thu Jan 28 20:42:38 2021
@@ -0,0 +1,676 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
+gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
+9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
+nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
+0cq3xEAcwAmYLKQvCtgDV8CYgWKVmPi+49rSuQn7Lo9l02OUbLQgQW5keSBBcm1z
+dHJvbmcgPGFuZHlAdGFnaXNoLmNvbT6JAFgEEBECABgFAjtAWuUICwMJCAcCAQoC
+GQEFGwMACgkQajrT9PIsT+1plgCfXAovWnVL3MjrTfcGlFSKw7GHCSYAoJkz
+x+r2ANe8/0e+u5ZcYtSaSry+uQINBDtAWuUQCAD2Qle3CH8IF3KiutapQvMF6PlT

svn commit: r45631 - /dev/tomcat/tomcat-9/v9.0.42/

2021-01-28 Thread markt 
Author: markt
Date: Thu Jan 28 20:39:30 2021
New Revision: 45631

Log:
Drop 9.0.42 (release cancelled)

Removed:
dev/tomcat/tomcat-9/v9.0.42/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 9.0.43

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 9.0.43
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit dc8bcd9c0704235319d322ca3d4c32263a054766
Author: Mark Thomas 
AuthorDate: Thu Jan 28 20:23:56 2021 +

Tag 9.0.43
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index aa5b178..2a514a8 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=9
 version.minor=0
 version.build=43
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Source control flags -
 git.branch=master
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f74008b..bf0f9a8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 9.0.43 created (now dc8bcd9)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 9.0.43
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at dc8bcd9  (commit)
This tag includes the following new commits:

 new dc8bcd9  Tag 9.0.43

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Increment version to 10.0.3 for next development cycle

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 8e7e1d2  Increment version to 10.0.3 for next development cycle
8e7e1d2 is described below

commit 8e7e1d2359eab1dae0777f34144cec614e0541d1
Author: Mark Thomas 
AuthorDate: Thu Jan 28 19:15:09 2021 +

Increment version to 10.0.3 for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 871698c..7253e7a 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=10
 version.minor=0
-version.build=2
+version.build=3
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 650fcc9..0ccdb5a 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=10.0.2
+maven.asf.release.deploy.version=10.0.3
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 682b932..86123e9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 10.0.2

2021-01-28 Thread Mark Thomas 
The proposed Apache Tomcat 10.0.2 release is now available for
voting.

Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to jakarta.*
Applications that run on Tomcat 9 will not run on Tomcat 10 without changes.

The notable changes compared to 10.0.0 are:

- Add support for using Unix domain sockets for NIO when running on
  Java 16 or later.

- Add a new StringInterpreter interface that allows applications to
  provide customised string attribute value to type conversion within
  JSPs. This allows applications to provide a conversion
  implementation that is optimised for the application.

- Add peerAddress to coyote request, which contains the IP address of
  the direct connection peer. If a reverse proxy sits in front of
  Tomcat and the protocol used is AJP or HTTP in combination with the
  RemoteIp(Valve|Filter), the peer address might differ from the
  remoteAddress. The latter then contains the address of the client in
  front of the reverse proxy, not the address of the proxy itself.

Along with lots of other bug fixes and improvements.


For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.2/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1296
The tag is:
https://github.com/apache/tomcat/tree/10.0.2
228209117457e9b30d96f235c45efac9d4b8d9cb

The proposed 10.0.2 release is:
[ ] Broken - do not release
[ ] Beta   - go ahead and release as 10.0.2 (beta)
[ ] Stable - go ahead and release as 10.0.2 (stable)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r45630 - in /dev/tomcat/tomcat-10/v10.0.2: ./ bin/ bin/embed/ src/

2021-01-28 Thread markt 
Author: markt
Date: Thu Jan 28 19:06:25 2021
New Revision: 45630

Log:
Upload Apache Tomcat 10.0.2 for voting

Added:
dev/tomcat/tomcat-10/v10.0.2/
dev/tomcat/tomcat-10/v10.0.2/KEYS
dev/tomcat/tomcat-10/v10.0.2/README.html
dev/tomcat/tomcat-10/v10.0.2/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.0.2/bin/
dev/tomcat/tomcat-10/v10.0.2/bin/README.html
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-deployer.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-deployer.zip   (with 
props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-deployer.zip.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-fulldocs.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-windows-x64.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-windows-x64.zip.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-windows-x86.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-windows-x86.zip.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.exe   (with props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.exe.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.exe.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.tar.gz   (with props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.zip   (with props)
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.zip.asc
dev/tomcat/tomcat-10/v10.0.2/bin/apache-tomcat-10.0.2.zip.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/embed/
dev/tomcat/tomcat-10/v10.0.2/bin/embed/apache-tomcat-10.0.2-embed.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.2/bin/embed/apache-tomcat-10.0.2-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.0.2/bin/embed/apache-tomcat-10.0.2-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.2/bin/embed/apache-tomcat-10.0.2-embed.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.2/bin/embed/apache-tomcat-10.0.2-embed.zip.asc
dev/tomcat/tomcat-10/v10.0.2/bin/embed/apache-tomcat-10.0.2-embed.zip.sha512
dev/tomcat/tomcat-10/v10.0.2/src/
dev/tomcat/tomcat-10/v10.0.2/src/apache-tomcat-10.0.2-src.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.0.2/src/apache-tomcat-10.0.2-src.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.2/src/apache-tomcat-10.0.2-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.2/src/apache-tomcat-10.0.2-src.zip   (with props)
dev/tomcat/tomcat-10/v10.0.2/src/apache-tomcat-10.0.2-src.zip.asc
dev/tomcat/tomcat-10/v10.0.2/src/apache-tomcat-10.0.2-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.0.2/KEYS
==
--- dev/tomcat/tomcat-10/v10.0.2/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.0.2/KEYS Thu Jan 28 19:06:25 2021
@@ -0,0 +1,676 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
+gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
+9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
+nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
+0cq3xEAcwAmYLKQvCtgDV8CYgWKVmPi+49rSuQn7Lo9l02OUbLQgQW5keSBBcm1z
+dHJvbmcgPGFuZHlAdGFnaXNoLmNvbT6JAFgEEBECABgFAjtAWuUICwMJCAcCAQoC
+GQEFGwMACgkQajrT9PIsT+1plgCfXAovWnVL3MjrTfcGlFSKw7GHCSYAoJkz

svn commit: r45629 - /dev/tomcat/tomcat-10/v10.0.1/

2021-01-28 Thread markt 
Author: markt
Date: Thu Jan 28 19:03:05 2021
New Revision: 45629

Log:
Drop 10.0.1 (release cancelled)

Removed:
dev/tomcat/tomcat-10/v10.0.1/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 10.0.2

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 10.0.2
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 228209117457e9b30d96f235c45efac9d4b8d9cb
Author: Mark Thomas 
AuthorDate: Thu Jan 28 18:47:15 2021 +

Tag 10.0.2
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 871698c..3f4149e 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=10
 version.minor=0
 version.build=2
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Source control flags -
 git.branch=master
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 682b932..f00e1f1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 10.0.2 created (now 2282091)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 10.0.2
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 2282091  (commit)
This tag includes the following new commits:

 new 2282091  Tag 10.0.2

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #11 from Mark Thomas  ---
Fixed in:
- 10.0.x for 10.0.2 onwards
- 9.0.x for 9.0.43 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Add a new utility method to test if a path is an absolute URI

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 97955cd5f3cd771c5c69510206b522f44fac08e5
Author: Mark Thomas 
AuthorDate: Thu Jan 28 17:07:22 2021 +

Add a new utility method to test if a path is an absolute URI
---
 java/org/apache/tomcat/util/buf/UriUtil.java   | 35 ++
 .../tomcat/util/buf/TestUriUtilIsAbsoluteURI.java  | 77 ++
 2 files changed, 112 insertions(+)

diff --git a/java/org/apache/tomcat/util/buf/UriUtil.java 
b/java/org/apache/tomcat/util/buf/UriUtil.java
index f88bc9d..374814b 100644
--- a/java/org/apache/tomcat/util/buf/UriUtil.java
+++ b/java/org/apache/tomcat/util/buf/UriUtil.java
@@ -193,4 +193,39 @@ public final class UriUtil {
 public static String getWarSeparator() {
 return WAR_SEPARATOR;
 }
+
+
+/**
+ * Does the provided path start with file:/ or
+ * protocol://.
+ *
+ * @param path The path to test
+ *
+ * @return {@code} if the supplied path starts with once of the recognised
+ * sequences.
+ */
+public static boolean isAbsoluteURI(String path) {
+// Special case as only a single /
+if (path.startsWith("file:/")) {
+return true;
+}
+
+// Start at the beginning of the path and skip over any valid protocol
+// characters
+int i = 0;
+while (i < path.length() && isSchemeChar(path.charAt(i))) {
+i++;
+}
+// Need at least one protocol character. False positives with Windows
+// drives such as C:/... will be caught by the later test for "://"
+if (i == 0) {
+return false;
+}
+// path starts with something that might be a protocol. Look for a
+// following "://"
+if (i + 2 < path.length() && path.charAt(i++) == ':' && 
path.charAt(i++) == '/' && path.charAt(i) == '/') {
+return true;
+}
+return false;
+}
 }
diff --git a/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java 
b/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java
new file mode 100644
index 000..f1ede74
--- /dev/null
+++ b/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.buf;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+
+
+@RunWith(Parameterized.class)
+public class TestUriUtilIsAbsoluteURI {
+
+@Parameterized.Parameters(name = "{index}: path[{0}], expected[{1}]")
+public static Collection parameters() {
+
+List parameterSets = new ArrayList<>();
+
+parameterSets.add(new Object[] { "", Boolean.FALSE } );
+
+parameterSets.add(new Object[] { "h", Boolean.FALSE } );
+parameterSets.add(new Object[] { "ht", Boolean.FALSE } );
+parameterSets.add(new Object[] { "htt", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http:", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http:/", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http://;, Boolean.TRUE } );
+parameterSets.add(new Object[] { "http://foo;, Boolean.TRUE } );
+
+parameterSets.add(new Object[] { "f", Boolean.FALSE } );
+parameterSets.add(new Object[] { "fi", Boolean.FALSE } );
+parameterSets.add(new Object[] { "fil", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file:", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file:/", Boolean.TRUE } );
+parameterSets.add(new Object[] { "file://", Boolean.TRUE } );
+
+parameterSets.add(new Object[] { "c", Boolean.FALSE } );
+parameterSets.add(new Object[] { "c:", Boolean.FALSE } );
+

[tomcat] 02/02: Fix bug 65106. Don't try to treat absolute URIs as files

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f788d10046e3b6ddd199b2557e6cda38d3f2a7c9
Author: Mark Thomas 
AuthorDate: Thu Jan 28 17:15:40 2021 +

Fix bug 65106. Don't try to treat absolute URIs as files

Note that the InvalidPathException catch block was removed as valid
file:/... URIs will now skip the File and class loader block and be
processed just as URIs.
---
 .../startup/CatalinaBaseConfigurationSource.java   | 83 +++---
 webapps/docs/changelog.xml |  8 +++
 2 files changed, 51 insertions(+), 40 deletions(-)

diff --git 
a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java 
b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
index 90ebed7..f907bde 100644
--- a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
+++ b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
@@ -24,8 +24,8 @@ import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.nio.file.InvalidPathException;
 
+import org.apache.tomcat.util.buf.UriUtil;
 import org.apache.tomcat.util.file.ConfigurationSource;
 import org.apache.tomcat.util.res.StringManager;
 
@@ -77,34 +77,31 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 
 @Override
 public Resource getResource(String name) throws IOException {
-// Location was originally always a file before URI support was added 
so
-// try file first.
-
-File f = new File(name);
-if (!f.isAbsolute()) {
-f = new File(catalinaBaseFile, name);
-}
-if (f.isFile()) {
-FileInputStream fis = new FileInputStream(f);
-return new Resource(fis, f.toURI());
-}
-
-// Try classloader
-InputStream stream = null;
-try {
-stream = getClass().getClassLoader().getResourceAsStream(name);
-if (stream != null) {
-return new Resource(stream, 
getClass().getClassLoader().getResource(name).toURI());
+// Originally only File was supported. Class loader and URI were added
+// later. However (see bug 65106) treating some URIs as files can cause
+// problems. Therefore, if path starts with a valid URI scheme then 
skip
+// straight to processing this as a URI.
+if (!UriUtil.isAbsoluteURI(name)) {
+File f = new File(name);
+if (!f.isAbsolute()) {
+f = new File(catalinaBaseFile, name);
 }
-} catch (InvalidPathException e) {
-// Ignore. Some valid file URIs can trigger this.
-// Stream should be null here but check to be on the safe side.
-if (stream != null) {
+if (f.isFile()) {
+FileInputStream fis = new FileInputStream(f);
+return new Resource(fis, f.toURI());
+}
+
+// Try classloader
+InputStream stream = null;
+try {
+stream = getClass().getClassLoader().getResourceAsStream(name);
+if (stream != null) {
+return new Resource(stream, 
getClass().getClassLoader().getResource(name).toURI());
+}
+} catch (URISyntaxException e) {
 stream.close();
+throw new 
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), 
e);
 }
-} catch (URISyntaxException e) {
-stream.close();
-throw new 
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), 
e);
 }
 
 // Then try URI.
@@ -126,22 +123,28 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 
 @Override
 public URI getURI(String name) {
-File f = new File(name);
-if (!f.isAbsolute()) {
-f = new File(catalinaBaseFile, name);
-}
-if (f.isFile()) {
-return f.toURI();
-}
+// Originally only File was supported. Class loader and URI were added
+// later. However (see bug 65106) treating some URIs as files can cause
+// problems. Therefore, if path starts with a valid URI scheme then 
skip
+// straight to processing this as a URI.
+if (!UriUtil.isAbsoluteURI(name)) {
+File f = new File(name);
+if (!f.isAbsolute()) {
+f = new File(catalinaBaseFile, name);
+}
+if (f.isFile()) {
+return f.toURI();
+}
 
-// Try classloader
-try {
-URL resource = getClass().getClassLoader().getResource(name);
-if (resource != null) {
-return

[tomcat] branch 9.0.x updated (42636a9 -> f788d10)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 42636a9  Refactor getResource() to avoid calling tests twice
 new 97955cd  Add a new utility method to test if a path is an absolute URI
 new f788d10  Fix bug 65106. Don't try to treat absolute URIs as files

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../startup/CatalinaBaseConfigurationSource.java   | 83 +++---
 java/org/apache/tomcat/util/buf/UriUtil.java   | 35 +
 .../tomcat/util/buf/TestUriUtilIsAbsoluteURI.java  | 77 
 webapps/docs/changelog.xml |  8 +++
 4 files changed, 163 insertions(+), 40 deletions(-)
 create mode 100644 
test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-85-trunk

2021-01-28 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-85-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-85-trunk/builds/2604

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' 
triggered this build
Build Source Stamp: [branch 8.5.x] 19f5a7a33697fc11ac3b4979d190b79f53fc69df
Blamelist: remm 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Fix bug 65106. Don't try to treat absolute URIs as files

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit dd6094b88a722880766bf0afadac93238a82fd56
Author: Mark Thomas 
AuthorDate: Thu Jan 28 17:15:40 2021 +

Fix bug 65106. Don't try to treat absolute URIs as files

Not that the InvalidPathException catch block was removed as valid
file:/... URIs will now skip the File and class loader block and be
processed just as URIs.
---
 .../startup/CatalinaBaseConfigurationSource.java   | 83 +++---
 webapps/docs/changelog.xml |  8 +++
 2 files changed, 51 insertions(+), 40 deletions(-)

diff --git 
a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java 
b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
index 90ebed7..f907bde 100644
--- a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
+++ b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
@@ -24,8 +24,8 @@ import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.nio.file.InvalidPathException;
 
+import org.apache.tomcat.util.buf.UriUtil;
 import org.apache.tomcat.util.file.ConfigurationSource;
 import org.apache.tomcat.util.res.StringManager;
 
@@ -77,34 +77,31 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 
 @Override
 public Resource getResource(String name) throws IOException {
-// Location was originally always a file before URI support was added 
so
-// try file first.
-
-File f = new File(name);
-if (!f.isAbsolute()) {
-f = new File(catalinaBaseFile, name);
-}
-if (f.isFile()) {
-FileInputStream fis = new FileInputStream(f);
-return new Resource(fis, f.toURI());
-}
-
-// Try classloader
-InputStream stream = null;
-try {
-stream = getClass().getClassLoader().getResourceAsStream(name);
-if (stream != null) {
-return new Resource(stream, 
getClass().getClassLoader().getResource(name).toURI());
+// Originally only File was supported. Class loader and URI were added
+// later. However (see bug 65106) treating some URIs as files can cause
+// problems. Therefore, if path starts with a valid URI scheme then 
skip
+// straight to processing this as a URI.
+if (!UriUtil.isAbsoluteURI(name)) {
+File f = new File(name);
+if (!f.isAbsolute()) {
+f = new File(catalinaBaseFile, name);
 }
-} catch (InvalidPathException e) {
-// Ignore. Some valid file URIs can trigger this.
-// Stream should be null here but check to be on the safe side.
-if (stream != null) {
+if (f.isFile()) {
+FileInputStream fis = new FileInputStream(f);
+return new Resource(fis, f.toURI());
+}
+
+// Try classloader
+InputStream stream = null;
+try {
+stream = getClass().getClassLoader().getResourceAsStream(name);
+if (stream != null) {
+return new Resource(stream, 
getClass().getClassLoader().getResource(name).toURI());
+}
+} catch (URISyntaxException e) {
 stream.close();
+throw new 
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), 
e);
 }
-} catch (URISyntaxException e) {
-stream.close();
-throw new 
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), 
e);
 }
 
 // Then try URI.
@@ -126,22 +123,28 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 
 @Override
 public URI getURI(String name) {
-File f = new File(name);
-if (!f.isAbsolute()) {
-f = new File(catalinaBaseFile, name);
-}
-if (f.isFile()) {
-return f.toURI();
-}
+// Originally only File was supported. Class loader and URI were added
+// later. However (see bug 65106) treating some URIs as files can cause
+// problems. Therefore, if path starts with a valid URI scheme then 
skip
+// straight to processing this as a URI.
+if (!UriUtil.isAbsoluteURI(name)) {
+File f = new File(name);
+if (!f.isAbsolute()) {
+f = new File(catalinaBaseFile, name);
+}
+if (f.isFile()) {
+return f.toURI();
+}
 
-// Try classloader
-try {
-URL resource = getClass().getClassLoader().getResource(name);
-if (resource != null) {
-return

[tomcat] 01/02: Add a new utility method to test if a path is an absolute URI

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit ee7335a353e4cdf06b02452cfb5e04a01ef98d82
Author: Mark Thomas 
AuthorDate: Thu Jan 28 17:07:22 2021 +

Add a new utility method to test if a path is an absolute URI
---
 java/org/apache/tomcat/util/buf/UriUtil.java   | 35 ++
 .../tomcat/util/buf/TestUriUtilIsAbsoluteURI.java  | 77 ++
 2 files changed, 112 insertions(+)

diff --git a/java/org/apache/tomcat/util/buf/UriUtil.java 
b/java/org/apache/tomcat/util/buf/UriUtil.java
index f88bc9d..374814b 100644
--- a/java/org/apache/tomcat/util/buf/UriUtil.java
+++ b/java/org/apache/tomcat/util/buf/UriUtil.java
@@ -193,4 +193,39 @@ public final class UriUtil {
 public static String getWarSeparator() {
 return WAR_SEPARATOR;
 }
+
+
+/**
+ * Does the provided path start with file:/ or
+ * protocol://.
+ *
+ * @param path The path to test
+ *
+ * @return {@code} if the supplied path starts with once of the recognised
+ * sequences.
+ */
+public static boolean isAbsoluteURI(String path) {
+// Special case as only a single /
+if (path.startsWith("file:/")) {
+return true;
+}
+
+// Start at the beginning of the path and skip over any valid protocol
+// characters
+int i = 0;
+while (i < path.length() && isSchemeChar(path.charAt(i))) {
+i++;
+}
+// Need at least one protocol character. False positives with Windows
+// drives such as C:/... will be caught by the later test for "://"
+if (i == 0) {
+return false;
+}
+// path starts with something that might be a protocol. Look for a
+// following "://"
+if (i + 2 < path.length() && path.charAt(i++) == ':' && 
path.charAt(i++) == '/' && path.charAt(i) == '/') {
+return true;
+}
+return false;
+}
 }
diff --git a/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java 
b/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java
new file mode 100644
index 000..f1ede74
--- /dev/null
+++ b/test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.buf;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+
+
+@RunWith(Parameterized.class)
+public class TestUriUtilIsAbsoluteURI {
+
+@Parameterized.Parameters(name = "{index}: path[{0}], expected[{1}]")
+public static Collection parameters() {
+
+List parameterSets = new ArrayList<>();
+
+parameterSets.add(new Object[] { "", Boolean.FALSE } );
+
+parameterSets.add(new Object[] { "h", Boolean.FALSE } );
+parameterSets.add(new Object[] { "ht", Boolean.FALSE } );
+parameterSets.add(new Object[] { "htt", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http:", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http:/", Boolean.FALSE } );
+parameterSets.add(new Object[] { "http://;, Boolean.TRUE } );
+parameterSets.add(new Object[] { "http://foo;, Boolean.TRUE } );
+
+parameterSets.add(new Object[] { "f", Boolean.FALSE } );
+parameterSets.add(new Object[] { "fi", Boolean.FALSE } );
+parameterSets.add(new Object[] { "fil", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file:", Boolean.FALSE } );
+parameterSets.add(new Object[] { "file:/", Boolean.TRUE } );
+parameterSets.add(new Object[] { "file://", Boolean.TRUE } );
+
+parameterSets.add(new Object[] { "c", Boolean.FALSE } );
+parameterSets.add(new Object[] { "c:", Boolean.FALSE } );
+

[tomcat] branch master updated (43581c6 -> dd6094b)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 43581c6  Refactor getResource() to avoid calling tests twice
 new ee7335a  Add a new utility method to test if a path is an absolute URI
 new dd6094b  Fix bug 65106. Don't try to treat absolute URIs as files

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../startup/CatalinaBaseConfigurationSource.java   | 83 +++---
 java/org/apache/tomcat/util/buf/UriUtil.java   | 35 +
 .../tomcat/util/buf/TestUriUtilIsAbsoluteURI.java  | 77 
 webapps/docs/changelog.xml |  8 +++
 4 files changed, 163 insertions(+), 40 deletions(-)
 create mode 100644 
test/org/apache/tomcat/util/buf/TestUriUtilIsAbsoluteURI.java


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 60362] Missing reason phrase in response

2021-01-28 Thread Mark Thomas 
On 28/01/2021 16:54, bugzi...@apache.org wrote:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60362
> 
> --- Comment #83 from Suzon Ali  ---

Yet another idiot who fails to realise that all the links from Bugzilla
are "no follow".

I'll get this vandalism cleaned up.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60362] Missing reason phrase in response

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362

--- Comment #83 from Suzon Ali  ---
https://allnewjobcircular.com/hsc-bm-computer-office-application-assignment/;>HSC
BM Computer Office Application Assignment along with the more relative term
is for everyone is that of https://allnewjobcircular.com/hsc-bm-assignment-english-answer/;>HSC BM
English Assignment Answer is very helpful for vocational students. The most
important will be this https://allnewjobcircular.com/hsc-bm-bangla-assignment-answer/;>HSC BM
Bangla Assignment Answer in accordance to your demand. Students also search
for the https://allnewjobcircular.com/hsc-bm-business-mathematics-and-statistics-assignment/;>HSC
BM Business Mathematics and Statistics Assignment.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60362] Missing reason phrase in response

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362

--- Comment #82 from Suzon Ali  ---
The  https://allnewjobcircular.com/ssc-syllabus-pdf/;>SSC Syllabus
2021 is available now for everyone. https://allnewjobcircular.com/hsc-syllabus-pdf/;>HSC Syllabus 2021
can make a good help for every student. Also get https://allnewjobcircular.com/web-based-result/;>Web Based Result for
now with the most relative https://allnewjobcircular.com/ssc-short-syllabus-pdf/;>SSC Short Syllabus
2021.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60362] Missing reason phrase in response

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362

--- Comment #81 from Suzon Ali  ---
I am very much delighted with your information. You can get the same on me here
as you can see now at https://resultofficial.com/;>Result Official
can be the most demanded in the world with accurate information. The hope and
now would also be inspiring for everyone if they want to get thehttps://allnewjobcircular.com/nu-notice/;>NU Notice 2020. So get https://allnewjobcircular.com/www-educationboardresults-gov-bd/;>www.educationboardresults.gov.bd
result. . So get  https://allnewjobcircular.com/22k-gold-price-in-bangladesh/;>Gold Price
in Bangladesh.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60362] Missing reason phrase in response

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362

--- Comment #80 from Suzon Ali  ---
Thanks for your information about https://allnewjobcircular.com/hsc-result/;>HSC Result 2020 now. Then
https://allnewjobcircular.com/hsc-auto-pass-result/;>HSC Auto Pass
Result 2020 can be the most demanded in Bangladesh with no information.
However they want to know about https://allnewjobcircular.com/hsc-result-published-date/;>HSC Result
2021. The following will be of great importance as this is https://allnewjobcircular.com/hsc-board-result/;>HSC Board Result
2020 for best option.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #10 from Remy Maucherat  ---
(In reply to Mark Thomas from comment #9)
> The best I can up with is if path starts with "file:/" or "://"
> the code jumps directly to the URI handling. I'll work on a patch. I'm
> wondering how far to go optimizing the code. I'm thinking not far.

Ok. Yes, I don't think it needs to be super fast since this is for loading
configuration resources.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Refactor getResource() to avoid calling tests twice

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 42636a9  Refactor getResource() to avoid calling tests twice
42636a9 is described below

commit 42636a99d96a51ce02818660c412dfa4f8c6f7d1
Author: Mark Thomas 
AuthorDate: Thu Jan 28 15:55:08 2021 +

Refactor getResource() to avoid calling tests twice

If the path passed to getResource() was a URI it was checked to see if
it was a file or a classloader resource twice. Once in getResource() and
once in getURI().
---
 .../apache/catalina/startup/CatalinaBaseConfigurationSource.java   | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git 
a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java 
b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
index 51615bb..90ebed7 100644
--- a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
+++ b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
@@ -110,7 +110,7 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 // Then try URI.
 URI uri = null;
 try {
-uri = getURI(name);
+uri = getURIInternal(name);
 } catch (IllegalArgumentException e) {
 throw new 
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), 
e);
 }
@@ -144,6 +144,10 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 // Ignore
 }
 
+return getURIInternal(name);
+}
+
+private URI getURIInternal(String name) {
 // Then try URI.
 // Using resolve() enables the code to handle relative paths that did
 // not point to a file
@@ -155,5 +159,4 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 }
 return uri;
 }
-
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Refactor getResource() to avoid calling tests twice

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 43581c6  Refactor getResource() to avoid calling tests twice
43581c6 is described below

commit 43581c6908745c7d4cfa232ac45e22c37009e0d2
Author: Mark Thomas 
AuthorDate: Thu Jan 28 15:55:08 2021 +

Refactor getResource() to avoid calling tests twice

If the path passed to getResource() was a URI it was checked to see if
it was a file or a classloader resource twice. Once in getResource() and
once in getURI().
---
 .../apache/catalina/startup/CatalinaBaseConfigurationSource.java   | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git 
a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java 
b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
index 51615bb..90ebed7 100644
--- a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
+++ b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
@@ -110,7 +110,7 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 // Then try URI.
 URI uri = null;
 try {
-uri = getURI(name);
+uri = getURIInternal(name);
 } catch (IllegalArgumentException e) {
 throw new 
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name), 
e);
 }
@@ -144,6 +144,10 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 // Ignore
 }
 
+return getURIInternal(name);
+}
+
+private URI getURIInternal(String name) {
 // Then try URI.
 // Using resolve() enables the code to handle relative paths that did
 // not point to a file
@@ -155,5 +159,4 @@ public class CatalinaBaseConfigurationSource implements 
ConfigurationSource {
 }
 return uri;
 }
-
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #9 from Mark Thomas  ---
The best I can up with is if path starts with "file:/" or "://" the
code jumps directly to the URI handling. I'll work on a patch. I'm wondering
how far to go optimizing the code. I'm thinking not far.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-9-trunk

2021-01-28 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-9-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-9-trunk/builds/628

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9-commit' 
triggered this build
Build Source Stamp: [branch 9.0.x] 252b862d1236a050c393b3fc2cc2097dc3a6138d
Blamelist: Mark Thomas ,remm 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: 65111: Free direct buffers

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 19f5a7a  65111: Free direct buffers
19f5a7a is described below

commit 19f5a7a33697fc11ac3b4979d190b79f53fc69df
Author: remm 
AuthorDate: Thu Jan 28 15:57:16 2021 +0100

65111: Free direct buffers

Unlike for NIO and NIO2, the SocketBufferHandler free method was never
called for the APR connector.
---
 java/org/apache/tomcat/util/net/AprEndpoint.java | 1 +
 webapps/docs/changelog.xml   | 4 
 2 files changed, 5 insertions(+)

diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java 
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index b0aacf5..14a2ed5 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -2317,6 +2317,7 @@ public class AprEndpoint extends AbstractEndpoint 
implements SNICallBack {
 return;
 }
 closed = true;
+socketBufferHandler.free();
 if (sslOutputBuffer != null) {
 ByteBufferUtils.cleanDirectBuffer(sslOutputBuffer);
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 61bab54..e6abb85 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -110,6 +110,10 @@
 Ensure that SNI provided host names are matched to SSL virtual host
 configurations in a case insensitive manner. (markt)
   
+  
+65111: Free direct memory buffers in the APR connector.
+(remm)
+  
 
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #8 from Mark Thomas  ---
Hmm. Thinking...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: 8.5.62 was not released

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new d7543ac  8.5.62 was not released
d7543ac is described below

commit d7543acd017c227feb84c57a28568ffc3e2d1428
Author: Mark Thomas 
AuthorDate: Thu Jan 28 15:05:56 2021 +

8.5.62 was not released
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 367222d..61bab54 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,7 +113,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: 9.0.42 was not released

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new c26e1fb  9.0.42 was not released
c26e1fb is described below

commit c26e1fb454d9cf6d8f2973670f362024783e2314
Author: Mark Thomas 
AuthorDate: Thu Jan 28 15:05:09 2021 +

9.0.42 was not released
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b9bb70f..f964834 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,7 +117,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #7 from Remy Maucherat  ---
(In reply to Mark Thomas from comment #5)
> Rémy, what if we added a
> 
> if ("name.startsWith("file:/") {
> 
> }
> block around the File and classloader case? Essentially short circuit to URI
> in that case for getResource() and getURI(). Does that help?

I think that would work for the reporter but still fail for other URLs. This
security check is annoying ...
Maybe detect a URL scheme, like if there's ':' in the path and no '/' before it
?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (c204060 -> 719d428)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from c204060  65111: Free direct buffers
 add 719d428  10.0.1 was not released

No new revisions were added by this update.

Summary of changes:
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65111] Possible memory leak in AprEndpoint - socketBufferHandler is not cleared

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65111

Remy Maucherat  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #1 from Remy Maucherat  ---
I think this looks like a problem. The fix will be 10.0.2, 9.0.43 and 8.5.63.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-trunk

2021-01-28 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/5658

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch master] 86856951e3f95d429a887c72b2d31384eacfea67
Blamelist: Mark Thomas ,remm 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: 65111: Free direct buffers

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new e497dbc  65111: Free direct buffers
e497dbc is described below

commit e497dbc65af28ed9178a650c60eb139623750344
Author: remm 
AuthorDate: Thu Jan 28 15:53:05 2021 +0100

65111: Free direct buffers

Unlike for NIO and NIO2, the SocketBufferHandler free method was never
called for the APR connector.
---
 java/org/apache/tomcat/util/net/AprEndpoint.java | 1 +
 webapps/docs/changelog.xml   | 4 
 2 files changed, 5 insertions(+)

diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java 
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 4ba3420..cb67e07 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -2231,6 +2231,7 @@ public class AprEndpoint extends 
AbstractEndpoint implements SNICallB
 log.debug("Calling [" + getEndpoint() + "].closeSocket([" + 
this + "])");
 }
 getEndpoint().connections.remove(getSocket());
+socketBufferHandler.free();
 socketBufferHandler = SocketBufferHandler.EMPTY;
 nonBlockingWriteBuffer.clear();
 if (sslOutputBuffer != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 84a997e..b9bb70f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -110,6 +110,10 @@
 Ensure that SNI provided host names are matched to SSL virtual host
 configurations in a case insensitive manner. (markt)
   
+  
+65111: Free direct memory buffers in the APR connector.
+(remm)
+  
 
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #6 from Mark Thomas  ---
That should be:

if (*!*name...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #5 from Mark Thomas  ---
Rémy, what if we added a

if ("name.startsWith("file:/") {

}
block around the File and classloader case? Essentially short circuit to URI in
that case for getResource() and getURI(). Does that help?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (8685695 -> c204060)

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 8685695  Correct a regression in the fix for BZ 64110
 add c204060  65111: Free direct buffers

No new revisions were added by this update.

Summary of changes:
 java/org/apache/tomcat/util/net/AprEndpoint.java | 1 +
 webapps/docs/changelog.xml   | 4 
 2 files changed, 5 insertions(+)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65111] Possible memory leak in AprEndpoint - socketBufferHandler is not cleared

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65111

Roman  changed:

   What|Removed |Added

 OS||All
  Component|Connectors  |Util

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64771] Windows CPU processor always running by a thread reading request body from https connection

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64771

Mark Thomas  changed:

   What|Removed |Added

 Status|REOPENED|NEEDINFO

--- Comment #12 from Mark Thomas  ---
Rémy has added the defensive code.

I'm moving this to NEEDINFO while the Spring team continue to investigate.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Correct a regression in the fix for BZ 64110

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 4794347  Correct a regression in the fix for BZ 64110
4794347 is described below

commit 47943476385b002f410f1ca0c6924e30750682c7
Author: Mark Thomas 
AuthorDate: Thu Jan 28 14:01:35 2021 +

Correct a regression in the fix for BZ 64110

Larger TLS grease values triggered an overflow when being converted to a
String value for logging / reporting purposes. This broke the TLS
handshake which in turn broke the TLS connection.
---
 java/org/apache/tomcat/util/buf/HexUtils.java | 4 ++--
 test/org/apache/tomcat/util/buf/TestHexUtils.java | 5 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/HexUtils.java 
b/java/org/apache/tomcat/util/buf/HexUtils.java
index fffa5f9..379217f 100644
--- a/java/org/apache/tomcat/util/buf/HexUtils.java
+++ b/java/org/apache/tomcat/util/buf/HexUtils.java
@@ -79,8 +79,8 @@ public final class HexUtils {
 // 2 bytes / 4 hex digits
 StringBuilder sb = new StringBuilder(4);
 
-sb.append(hex[(c & 0xf000) >> 4]);
-sb.append(hex[(c & 0x0f00)]);
+sb.append(hex[(c & 0xf000) >> 12]);
+sb.append(hex[(c & 0x0f00) >> 8]);
 
 sb.append(hex[(c & 0xf0) >> 4]);
 sb.append(hex[(c & 0x0f)]);
diff --git a/test/org/apache/tomcat/util/buf/TestHexUtils.java 
b/test/org/apache/tomcat/util/buf/TestHexUtils.java
index 5b78416..0dd3608 100644
--- a/test/org/apache/tomcat/util/buf/TestHexUtils.java
+++ b/test/org/apache/tomcat/util/buf/TestHexUtils.java
@@ -68,4 +68,9 @@ public class TestHexUtils {
 // Odd number of hex characters
 HexUtils.fromHexString("aaa");
 }
+
+@Test
+public void testToHex01() {
+Assert.assertEquals("fedc", HexUtils.toHexString((char) 0xfedc));
+}
 }
\ No newline at end of file


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Correct a regression in the fix for BZ 64110

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 252b862  Correct a regression in the fix for BZ 64110
252b862 is described below

commit 252b862d1236a050c393b3fc2cc2097dc3a6138d
Author: Mark Thomas 
AuthorDate: Thu Jan 28 14:01:35 2021 +

Correct a regression in the fix for BZ 64110

Larger TLS grease values triggered an overflow when being converted to a
String value for logging / reporting purposes. This broke the TLS
handshake which in turn broke the TLS connection.
---
 java/org/apache/tomcat/util/buf/HexUtils.java | 4 ++--
 test/org/apache/tomcat/util/buf/TestHexUtils.java | 5 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/HexUtils.java 
b/java/org/apache/tomcat/util/buf/HexUtils.java
index c7bada8..e4aafdf 100644
--- a/java/org/apache/tomcat/util/buf/HexUtils.java
+++ b/java/org/apache/tomcat/util/buf/HexUtils.java
@@ -78,8 +78,8 @@ public final class HexUtils {
 // 2 bytes / 4 hex digits
 StringBuilder sb = new StringBuilder(4);
 
-sb.append(hex[(c & 0xf000) >> 4]);
-sb.append(hex[(c & 0x0f00)]);
+sb.append(hex[(c & 0xf000) >> 12]);
+sb.append(hex[(c & 0x0f00) >> 8]);
 
 sb.append(hex[(c & 0xf0) >> 4]);
 sb.append(hex[(c & 0x0f)]);
diff --git a/test/org/apache/tomcat/util/buf/TestHexUtils.java 
b/test/org/apache/tomcat/util/buf/TestHexUtils.java
index 5b78416..0dd3608 100644
--- a/test/org/apache/tomcat/util/buf/TestHexUtils.java
+++ b/test/org/apache/tomcat/util/buf/TestHexUtils.java
@@ -68,4 +68,9 @@ public class TestHexUtils {
 // Odd number of hex characters
 HexUtils.fromHexString("aaa");
 }
+
+@Test
+public void testToHex01() {
+Assert.assertEquals("fedc", HexUtils.toHexString((char) 0xfedc));
+}
 }
\ No newline at end of file


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Correct a regression in the fix for BZ 64110

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 8685695  Correct a regression in the fix for BZ 64110
8685695 is described below

commit 86856951e3f95d429a887c72b2d31384eacfea67
Author: Mark Thomas 
AuthorDate: Thu Jan 28 14:01:35 2021 +

Correct a regression in the fix for BZ 64110

Larger TLS grease values triggered an overflow when being converted to a
String value for logging / reporting purposes. This broke the TLS
handshake which in turn broke the TLS connection.
---
 java/org/apache/tomcat/util/buf/HexUtils.java | 4 ++--
 test/org/apache/tomcat/util/buf/TestHexUtils.java | 5 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/HexUtils.java 
b/java/org/apache/tomcat/util/buf/HexUtils.java
index c7bada8..e4aafdf 100644
--- a/java/org/apache/tomcat/util/buf/HexUtils.java
+++ b/java/org/apache/tomcat/util/buf/HexUtils.java
@@ -78,8 +78,8 @@ public final class HexUtils {
 // 2 bytes / 4 hex digits
 StringBuilder sb = new StringBuilder(4);
 
-sb.append(hex[(c & 0xf000) >> 4]);
-sb.append(hex[(c & 0x0f00)]);
+sb.append(hex[(c & 0xf000) >> 12]);
+sb.append(hex[(c & 0x0f00) >> 8]);
 
 sb.append(hex[(c & 0xf0) >> 4]);
 sb.append(hex[(c & 0x0f)]);
diff --git a/test/org/apache/tomcat/util/buf/TestHexUtils.java 
b/test/org/apache/tomcat/util/buf/TestHexUtils.java
index 5b78416..0dd3608 100644
--- a/test/org/apache/tomcat/util/buf/TestHexUtils.java
+++ b/test/org/apache/tomcat/util/buf/TestHexUtils.java
@@ -68,4 +68,9 @@ public class TestHexUtils {
 // Odd number of hex characters
 HexUtils.fromHexString("aaa");
 }
+
+@Test
+public void testToHex01() {
+Assert.assertEquals("fedc", HexUtils.toHexString((char) 0xfedc));
+}
 }
\ No newline at end of file


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][CANCELLED] Release Apache Tomcat 9.0.42

2021-01-28 Thread Mark Thomas 
This VOTE is cancelled due a to regression in the fix for BZ 64110 that
broke TLS in some scenarios.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.42

2021-01-28 Thread Mark Thomas 
On 27/01/2021 17:40, Mark Thomas wrote:

> The proposed 9.0.42 release is:
> [X] Broken - do not release
> [ ] Stable - go ahead and release as 9.0.42

There is a regression in the fix for BZ 64110 that breaks TLS in some
scenarios.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][CANCELLED] Release Apache Tomcat 8.5.62

2021-01-28 Thread Mark Thomas 
This VOTE is cancelled due a to regression in the fix for BZ 64110 that
broke TLS in some scenarios.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.62

2021-01-28 Thread Mark Thomas 
On 27/01/2021 19:25, Mark Thomas wrote:
> On 27/01/2021 19:25, Mark Thomas wrote:
> 
>> The proposed 8.5.62 release is:
>> [X] Broken - do not release
>> [ ] Stable - go ahead and release as 8.5.62

Sorry all. I am changing my vote to broken and will be cancelling this
vote due to a regression I've just discovered in the fix for BZ 64110.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][CANCELLED] Release Apache Tomcat 10.0.1

2021-01-28 Thread Mark Thomas 
This VOTE is cancelled due a to regression in the fix for BZ 64110 that
broke TLS in some scenarios.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.0.1

2021-01-28 Thread Mark Thomas 
On 27/01/2021 16:30, Mark Thomas wrote:
> On 27/01/2021 15:08, Mark Thomas wrote:
> 
>> The proposed 10.0.1 release is:
>> [X] Broken - do not release
>> [ ] Beta   - go ahead and release as 10.0.1 (beta)
>> [ ] Stable - go ahead and release as 10.0.1 (stable)

Sorry all. I am changing my vote to broken and will be cancelling this
vote due to a regression I've just discovered in the fix for BZ 64110.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-85-trunk

2021-01-28 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-85-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-85-trunk/builds/2602

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' 
triggered this build
Build Source Stamp: [branch 8.5.x] 3e6b56133b95b6923460432cdccd26134bc67f0c
Blamelist: Mark Thomas ,remm 

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65111] New: Possible memory leak in AprEndpoint - socketBufferHandler is not cleared

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65111

Bug ID: 65111
   Summary: Possible memory leak in AprEndpoint -
socketBufferHandler is not cleared
   Product: Tomcat 9
   Version: 9.0.x
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: roman.vid...@gmail.com
  Target Milestone: -

In my application, the capacity of used memory by direct buffer pools is
increasing over time, after some research I found that in AprEndpoint in method
doClose "socketBufferHandler" is not executing "free()" method call, and the
link is just set to "EMPTY":
> socketBufferHandler = SocketBufferHandler.EMPTY;

Because of this allocated native memory is not released.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #4 from Jiri Novak  ---
Caused by: java.io.IOException: Failed to load keystore type [JKS] with path
[file:/C:/tmp/120/key.jks] due to [access denied ("java.io.FilePermission"
"C:\tmp\120\a\catalina\file:\C:\tmp\120\key.jks" "read")]
at
org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:227)


I have not found any way how to write such path to policy file so
SecurityManager can accept it.

permission java.io.FilePermission "file:${catalina.base}", "read";
permission java.io.FilePermission "${catalina.base}", "read";
permission java.io.FilePermission "file:${catalina.base}/", "read";
permission java.io.FilePermission "${catalina.base}/", "read";
permission java.io.FilePermission "file:${catalina.base}/-", "read";
permission java.io.FilePermission "${catalina.base}/-", "read";
permission java.io.FilePermission "file:${catalina.base}/*", "read";
permission java.io.FilePermission "${catalina.base}/*", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina/", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina/-", "read";
permission java.io.FilePermission "C:/tmp/120/a/catalina/*", "read";
permission java.io.FilePermission
"C:/tmp/120/a/catalina/file:/C:/tmp/120/key.jks", "read";
permission java.io.FilePermission
"C:/tmp/120/a/catalina/file://C:/tmp/120/key.jks", "read";
permission java.io.FilePermission
"C:/tmp/120/a/catalina/file:///C:/tmp/120/key.jks", "read";
permission java.io.FilePermission
"C:\\tmp\\120\\a\\catalina\\file:\\C:\\tmp\\120\\key.jks", "read";

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-9-trunk

2021-01-28 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-9-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-9-trunk/builds/627

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9-commit' 
triggered this build
Build Source Stamp: [branch 9.0.x] 48f2d41c931a0684aa169e8c6f727f55298244bd
Blamelist: Mark Thomas 

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65106] ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

2021-01-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

--- Comment #3 from Remy Maucherat  ---
I am inching towards a WONTFIX, since the only real solution is to use URLs
only. It would mean absolute file paths won't work, I believe, and this is not
possible. The rest would be fine.

I don't understand why "And it is impossible to create such a policy for
SecurityManager", can you explain a bit more ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix NPE

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 3e6b561  Fix NPE
3e6b561 is described below

commit 3e6b56133b95b6923460432cdccd26134bc67f0c
Author: remm 
AuthorDate: Thu Jan 28 13:14:14 2021 +0100

Fix NPE
---
 java/org/apache/tomcat/jni/SSLContext.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/jni/SSLContext.java 
b/java/org/apache/tomcat/jni/SSLContext.java
index 8c2f9b9..1810571 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -419,7 +419,8 @@ public final class SSLContext {
 }
 // Can't be sure OpenSSL is going to provide the SNI value in lower 
case
 // so convert it before looking up the SSLContext
-return 
sniCallBack.getSslContext(sniHostName.toLowerCase(Locale.ENGLISH));
+String hostName = (sniHostName == null) ? null : 
sniHostName.toLowerCase(Locale.ENGLISH);
+return sniCallBack.getSslContext(hostName);
 }
 
 /**


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Fix NPE

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new f84ad5d  Fix NPE
f84ad5d is described below

commit f84ad5d64e34eec5b26e243a73b4e3faa735130e
Author: remm 
AuthorDate: Thu Jan 28 13:14:14 2021 +0100

Fix NPE
---
 java/org/apache/tomcat/jni/SSLContext.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/jni/SSLContext.java 
b/java/org/apache/tomcat/jni/SSLContext.java
index 8c2f9b9..1810571 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -419,7 +419,8 @@ public final class SSLContext {
 }
 // Can't be sure OpenSSL is going to provide the SNI value in lower 
case
 // so convert it before looking up the SSLContext
-return 
sniCallBack.getSslContext(sniHostName.toLowerCase(Locale.ENGLISH));
+String hostName = (sniHostName == null) ? null : 
sniHostName.toLowerCase(Locale.ENGLISH);
+return sniCallBack.getSslContext(hostName);
 }
 
 /**


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (35addca -> 83dedac)

2021-01-28 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 35addca  Make the calls to remove/reload the SSLHostConfig case 
insensitive
 add 83dedac  Fix NPE

No new revisions were added by this update.

Summary of changes:
 java/org/apache/tomcat/jni/SSLContext.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-trunk

2021-01-28 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-trunk while building 
tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/5657

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch master] 35addcab7fe1b487626b5d5e9e74b04e65f2ceae
Blamelist: Mark Thomas 

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Correct backport

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c866b6e220b9d192ac791dce2d2595142d24d3dd
Author: Mark Thomas 
AuthorDate: Thu Jan 28 11:15:07 2021 +

Correct backport
---
 webapps/docs/changelog.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6e9ee77..367222d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   
@@ -113,7 +113,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Increment version number of 8.5.63 for next development cycle

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 271ac22c1fed41c5c642087146d4ac0705537376
Author: Mark Thomas 
AuthorDate: Thu Jan 28 11:16:02 2021 +

Increment version number of 8.5.63 for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 283d43a..da90ce6 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=8
 version.minor=5
-version.build=62
+version.build=63
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index a8de9ef..e311d84 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=8.5.62
+maven.asf.release.deploy.version=8.5.63
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (bbed3ec -> 271ac22)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from bbed3ec  Make the calls to remove/reload the SSLHostConfig case 
insensitive
 new c866b6e  Correct backport
 new 271ac22  Increment version number of 8.5.63 for next development cycle

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.108

2021-01-28 Thread Martin Grigorov 
On Thu, Jan 28, 2021 at 11:49 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.108 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.108/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1295/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.108
> b57a2ea4466a2d4ea03a0f90e3f0d6c485b3cfea
>
> The proposed 7.0.108 release is:
> [ ] Broken - do not release
> [ X ] Stable - go ahead and release as 7.0.108 Stable
>

Regards,
Martin


>
> Regards,
> Violeta
>

[tomcat] 03/05: Ensure the name of the default SSLHostConfig is always lower case

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 14edcf8621a22d883caa77ecf089aa29ba506b08
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:58:43 2021 +

Ensure the name of the default SSLHostConfig is always lower case

This is the third part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 7 ++-
 java/org/apache/tomcat/util/net/SSLHostConfig.java| 3 +++
 webapps/docs/config/http.xml  | 3 ++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 2b47dee..89a134e 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -26,6 +26,7 @@ import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -204,11 +205,15 @@ public abstract class AbstractEndpoint {
 // - 
Properties
 
 private String defaultSSLHostConfigName = 
SSLHostConfig.DEFAULT_SSL_HOST_NAME;
+/**
+ * @return The host name for the default SSL configuration for this 
endpoint
+ * - always in lower case.
+ */
 public String getDefaultSSLHostConfigName() {
 return defaultSSLHostConfigName;
 }
 public void setDefaultSSLHostConfigName(String defaultSSLHostConfigName) {
-this.defaultSSLHostConfigName = defaultSSLHostConfigName;
+this.defaultSSLHostConfigName = 
defaultSSLHostConfigName.toLowerCase(Locale.ENGLISH);
 }
 
 
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 4e72bb3..56d7b6a 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -52,6 +52,9 @@ public class SSLHostConfig implements Serializable {
 
 private static final String DEFAULT_CIPHERS = 
"HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
 
+// Must be lower case. SSL host names are always stored using lower case as
+// they are case insensitive but are used by case sensitive code such as
+// keys in Maps.
 protected static final String DEFAULT_SSL_HOST_NAME = "_default_";
 protected static final Set SSL_PROTO_ALL_SET = new HashSet<>();
 
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 26439b5..5239a36 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -106,7 +106,8 @@
   connections) if the client connection does not provide SNI or if the SNI
   is provided but does not match any configured
   SSLHostConfig. If not specified the default value of
-  _default_ will be used.
+  _default_ will be used. Provided values are always converted
+  to lower case.
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/05: Ensure the extracted SNI host name is always lower case

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 1b08a3db6294575ddbf16df8dd5ba296f4656449
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:50:22 2021 +

Ensure the extracted SNI host name is always lower case

This is the second part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java 
b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
index 54ea3f0..28d3358 100644
--- a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
+++ b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
@@ -22,6 +22,7 @@ import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
@@ -196,6 +197,10 @@ public class TLSClientHelloExtractor {
 }
 
 
+/**
+ * @return The SNI value provided by the client converted to lower case if
+ * not already lower case.
+ */
 public String getSNIValue() {
 if (result == ExtractorResult.COMPLETE) {
 return sniValue;
@@ -399,7 +404,7 @@ public class TLSClientHelloExtractor {
 char serverNameSize = bb.getChar();
 byte[] serverNameBytes = new byte[serverNameSize];
 bb.get(serverNameBytes);
-return new String(serverNameBytes, StandardCharsets.UTF_8);
+return new String(serverNameBytes, 
StandardCharsets.UTF_8).toLowerCase(Locale.ENGLISH);
 }
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 05/05: Make the calls to remove/reload the SSLHostConfig case insensitive

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit bbed3ec1e901ed0edcc6bf075d756cde764263a3
Author: Mark Thomas 
AuthorDate: Thu Jan 28 10:34:07 2021 +

Make the calls to remove/reload the SSLHostConfig case insensitive

The is the fifth and final part of the fix to make mapping of SNI values
to SSL virtual hosts case insensitive.
While not strictly related to SNI processing, a review of all of the
uses of sslHostConfigs identified these additional locations where the
host name may be provided in mixed case.
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 17 +
 webapps/docs/changelog.xml| 10 ++
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 7f414b5..b950909 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -290,12 +290,15 @@ public abstract class AbstractEndpoint {
 if (hostName == null) {
 return null;
 }
-// Host names are case insensitive
-if (hostName.equalsIgnoreCase(getDefaultSSLHostConfigName())) {
+// Host names are case insensitive but stored/processed in lower case
+// internally because they are used as keys in a ConcurrentMap where
+// keys are compared in a case sensitive manner.
+String hostNameLower = hostName.toLowerCase(Locale.ENGLISH);
+if (hostNameLower.equals(getDefaultSSLHostConfigName())) {
 throw new IllegalArgumentException(
 sm.getString("endpoint.removeDefaultSslHostConfig", 
hostName));
 }
-SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostName);
+SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostNameLower);
 unregisterJmx(sslHostConfig);
 return sslHostConfig;
 }
@@ -308,7 +311,13 @@ public abstract class AbstractEndpoint {
  * reloaded. This must match a current SSL host
  */
 public void reloadSslHostConfig(String hostName) {
-SSLHostConfig sslHostConfig = sslHostConfigs.get(hostName);
+// Host names are case insensitive but stored/processed in lower case
+// internally because they are used as keys in a ConcurrentMap where
+// keys are compared in a case sensitive manner.
+// This method can be called via various paths so convert the supplied
+// host name to lower case here to ensure the conversion occurs 
whatever
+// the call path.
+SSLHostConfig sslHostConfig = 
sslHostConfigs.get(hostName.toLowerCase(Locale.ENGLISH));
 if (sslHostConfig == null) {
 throw new IllegalArgumentException(
 sm.getString("endpoint.unknownSslHostName", hostName));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9be25cb..6e9ee77 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,16 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+Ensure that SNI provided host names are matched to SSL virtual host
+configurations in a case insensitive manner. (markt)
+  
+
+  
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 04/05: Ensure SSLHostConfig lookups for SNI from OpenSSL are case insensitive

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4a51d6362fe1ca168e9b886be4eda5e3efffa68b
Author: Mark Thomas 
AuthorDate: Thu Jan 28 10:16:00 2021 +

Ensure SSLHostConfig lookups for SNI from OpenSSL are case insensitive

This is the fourth part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/jni/SSLContext.java|  8 ++--
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 13 -
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/jni/SSLContext.java 
b/java/org/apache/tomcat/jni/SSLContext.java
index e0759b3..8c2f9b9 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -17,6 +17,7 @@
 
 package org.apache.tomcat.jni;
 
+import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -416,7 +417,9 @@ public final class SSLContext {
 if (sniCallBack == null) {
 return 0;
 }
-return sniCallBack.getSslContext(sniHostName);
+// Can't be sure OpenSSL is going to provide the SNI value in lower 
case
+// so convert it before looking up the SSLContext
+return 
sniCallBack.getSslContext(sniHostName.toLowerCase(Locale.ENGLISH));
 }
 
 /**
@@ -470,7 +473,8 @@ public final class SSLContext {
  * This callback is made during the TLS handshake when the client uses
  * the SNI extension to request a specific TLS host.
  *
- * @param sniHostName The host name requested by the client
+ * @param sniHostName The host name requested by the client - must be 
in
+ *lower case
  *
  * @return The Java representation of the pointer to the OpenSSL
  * SSLContext to use for the given host or zero if no 
SSLContext
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 89a134e..7f414b5 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -367,7 +367,18 @@ public abstract class AbstractEndpoint {
 }
 
 
-
+/**
+ * Look up the SSLHostConfig for the given host name. Lookup order is:
+ * 
+ * exact match
+ * wild card match
+ * default SSLHostConfig
+ * 
+ *
+ * @param sniHostName   Host name - must be in lower case
+ *
+ * @return The SSLHostConfig for the given host name.
+ */
 protected SSLHostConfig getSSLHostConfig(String sniHostName) {
 SSLHostConfig result = null;
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/05: Ensure the hostName field of SSLHostConfig is always lower case.

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f3faa70cf0098fcabda6e2ce1074c128b9b7f491
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:29:01 2021 +

Ensure the hostName field of SSLHostConfig is always lower case.

This is the first part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
DNS names are case insensitive and while some browsers appear to always
convert provided host names to lower case, I have found no requirement
for this in the RFCs.
The overall plan is to always store and process host names in lower
case. This is because they are used as keys in a ConcurrentMap and keys
are compared in a case sensitive manner.
Using CaseInsensitiveKeyMap was rejected as a solution as that as it is
not thread safe.
---
 java/org/apache/catalina/manager/ManagerServlet.java | 2 ++
 java/org/apache/tomcat/util/net/SSLHostConfig.java   | 7 ++-
 webapps/docs/config/http.xml | 3 ++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/manager/ManagerServlet.java 
b/java/org/apache/catalina/manager/ManagerServlet.java
index ee4247d..d5b3723 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -572,6 +572,8 @@ public class ManagerServlet extends HttpServlet implements 
ContainerServlet {
 } else {
 SSLHostConfig[] sslHostConfigs = 
http11Protoocol.findSslHostConfigs();
 for (SSLHostConfig sslHostConfig : sslHostConfigs) {
+// tlsHostName is as provided by the user so use a 
case insensitive
+// comparison as host names are case insensitive.
 if 
(sslHostConfig.getHostName().equalsIgnoreCase(tlsHostName)) {
 found = true;
 
http11Protoocol.reloadSslHostConfig(tlsHostName);
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 744ce9b..4e72bb3 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -25,6 +25,7 @@ import java.security.UnrecoverableKeyException;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Set;
 
 import javax.management.ObjectName;
@@ -436,10 +437,14 @@ public class SSLHostConfig implements Serializable {
 
 
 public void setHostName(String hostName) {
-this.hostName = hostName;
+this.hostName = hostName.toLowerCase(Locale.ENGLISH);
 }
 
 
+/**
+ * @return The host name associated with this SSL configuration - always in
+ * lower case.
+ */
 public String getHostName() {
 return hostName;
 }
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 9d66d5d..26439b5 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1330,7 +1330,8 @@
   The name of the SSL Host. This should either be the fully qualified
   domain name (e.g. tomcat.apache.org) or a wild card domain
   name (e.g. *.apache.org). If not specified, the default 
value
-  of _default_ will be used.
+  of _default_ will be used. Provided values are always
+  converted to lower case.
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (8ae8626 -> bbed3ec)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 8ae8626  Fix typo
 new f3faa70  Ensure the hostName field of SSLHostConfig is always lower 
case.
 new 1b08a3d  Ensure the extracted SNI host name is always lower case
 new 14edcf8  Ensure the name of the default SSLHostConfig is always lower 
case
 new 4a51d63  Ensure SSLHostConfig lookups for SNI from OpenSSL are case 
insensitive
 new bbed3ec  Make the calls to remove/reload the SSLHostConfig case 
insensitive

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/manager/ManagerServlet.java|  2 ++
 java/org/apache/tomcat/jni/SSLContext.java |  8 +++--
 .../apache/tomcat/util/net/AbstractEndpoint.java   | 37 ++
 java/org/apache/tomcat/util/net/SSLHostConfig.java | 10 +-
 .../tomcat/util/net/TLSClientHelloExtractor.java   |  7 +++-
 webapps/docs/changelog.xml | 10 ++
 webapps/docs/config/http.xml   |  6 ++--
 7 files changed, 68 insertions(+), 12 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 05/05: Make the calls to remove/reload the SSLHostConfig case insensitive

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 48f2d41c931a0684aa169e8c6f727f55298244bd
Author: Mark Thomas 
AuthorDate: Thu Jan 28 10:34:07 2021 +

Make the calls to remove/reload the SSLHostConfig case insensitive

The is the fifth and final part of the fix to make mapping of SNI values
to SSL virtual hosts case insensitive.
While not strictly related to SNI processing, a review of all of the
uses of sslHostConfigs identified these additional locations where the
host name may be provided in mixed case.
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 17 +
 webapps/docs/changelog.xml|  8 
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 504074f..a0f9719 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -309,12 +309,15 @@ public abstract class AbstractEndpoint {
 if (hostName == null) {
 return null;
 }
-// Host names are case insensitive
-if (hostName.equalsIgnoreCase(getDefaultSSLHostConfigName())) {
+// Host names are case insensitive but stored/processed in lower case
+// internally because they are used as keys in a ConcurrentMap where
+// keys are compared in a case sensitive manner.
+String hostNameLower = hostName.toLowerCase(Locale.ENGLISH);
+if (hostNameLower.equals(getDefaultSSLHostConfigName())) {
 throw new IllegalArgumentException(
 sm.getString("endpoint.removeDefaultSslHostConfig", 
hostName));
 }
-SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostName);
+SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostNameLower);
 unregisterJmx(sslHostConfig);
 return sslHostConfig;
 }
@@ -327,7 +330,13 @@ public abstract class AbstractEndpoint {
  * reloaded. This must match a current SSL host
  */
 public void reloadSslHostConfig(String hostName) {
-SSLHostConfig sslHostConfig = sslHostConfigs.get(hostName);
+// Host names are case insensitive but stored/processed in lower case
+// internally because they are used as keys in a ConcurrentMap where
+// keys are compared in a case sensitive manner.
+// This method can be called via various paths so convert the supplied
+// host name to lower case here to ensure the conversion occurs 
whatever
+// the call path.
+SSLHostConfig sslHostConfig = 
sslHostConfigs.get(hostName.toLowerCase(Locale.ENGLISH));
 if (sslHostConfig == null) {
 throw new IllegalArgumentException(
 sm.getString("endpoint.unknownSslHostName", hostName));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 80c7d51..84a997e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+Ensure that SNI provided host names are matched to SSL virtual host
+configurations in a case insensitive manner. (markt)
+  
+
+  
 
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/05: Ensure the extracted SNI host name is always lower case

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit bedc995cb347a1f5fc60bc524c819ce36e58b972
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:50:22 2021 +

Ensure the extracted SNI host name is always lower case

This is the second part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java 
b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
index 54ea3f0..28d3358 100644
--- a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
+++ b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
@@ -22,6 +22,7 @@ import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
@@ -196,6 +197,10 @@ public class TLSClientHelloExtractor {
 }
 
 
+/**
+ * @return The SNI value provided by the client converted to lower case if
+ * not already lower case.
+ */
 public String getSNIValue() {
 if (result == ExtractorResult.COMPLETE) {
 return sniValue;
@@ -399,7 +404,7 @@ public class TLSClientHelloExtractor {
 char serverNameSize = bb.getChar();
 byte[] serverNameBytes = new byte[serverNameSize];
 bb.get(serverNameBytes);
-return new String(serverNameBytes, StandardCharsets.UTF_8);
+return new String(serverNameBytes, 
StandardCharsets.UTF_8).toLowerCase(Locale.ENGLISH);
 }
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/05: Ensure the hostName field of SSLHostConfig is always lower case.

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4b3d6bdc241e7c4f478e20936db96ebb071ab438
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:29:01 2021 +

Ensure the hostName field of SSLHostConfig is always lower case.

This is the first part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
DNS names are case insensitive and while some browsers appear to always
convert provided host names to lower case, I have found no requirement
for this in the RFCs.
The overall plan is to always store and process host names in lower
case. This is because they are used as keys in a ConcurrentMap and keys
are compared in a case sensitive manner.
Using CaseInsensitiveKeyMap was rejected as a solution as that as it is
not thread safe.
---
 java/org/apache/catalina/manager/ManagerServlet.java | 2 ++
 java/org/apache/tomcat/util/net/SSLHostConfig.java   | 7 ++-
 webapps/docs/config/http.xml | 3 ++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/manager/ManagerServlet.java 
b/java/org/apache/catalina/manager/ManagerServlet.java
index 2be40ea..6b742fa 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -579,6 +579,8 @@ public class ManagerServlet extends HttpServlet implements 
ContainerServlet {
 } else {
 SSLHostConfig[] sslHostConfigs = 
http11Protoocol.findSslHostConfigs();
 for (SSLHostConfig sslHostConfig : sslHostConfigs) {
+// tlsHostName is as provided by the user so use a 
case insensitive
+// comparison as host names are case insensitive.
 if 
(sslHostConfig.getHostName().equalsIgnoreCase(tlsHostName)) {
 found = true;
 
http11Protoocol.reloadSslHostConfig(tlsHostName);
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index e9c9322..0cebd12 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -25,6 +25,7 @@ import java.security.UnrecoverableKeyException;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Set;
 
 import javax.management.ObjectName;
@@ -425,10 +426,14 @@ public class SSLHostConfig implements Serializable {
 
 
 public void setHostName(String hostName) {
-this.hostName = hostName;
+this.hostName = hostName.toLowerCase(Locale.ENGLISH);
 }
 
 
+/**
+ * @return The host name associated with this SSL configuration - always in
+ * lower case.
+ */
 public String getHostName() {
 return hostName;
 }
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 5c539a9..2469863 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1341,7 +1341,8 @@
   The name of the SSL Host. This should either be the fully qualified
   domain name (e.g. tomcat.apache.org) or a wild card domain
   name (e.g. *.apache.org). If not specified, the default 
value
-  of _default_ will be used.
+  of _default_ will be used. Provided values are always
+  converted to lower case.
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/05: Ensure the name of the default SSLHostConfig is always lower case

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4e83411ad822abf8adb0c1e3717a4ca74264523b
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:58:43 2021 +

Ensure the name of the default SSLHostConfig is always lower case

This is the third part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 7 ++-
 java/org/apache/tomcat/util/net/SSLHostConfig.java| 3 +++
 webapps/docs/config/http.xml  | 3 ++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 2c455c3..1583faf 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -27,6 +27,7 @@ import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
@@ -223,11 +224,15 @@ public abstract class AbstractEndpoint {
 // - 
Properties
 
 private String defaultSSLHostConfigName = 
SSLHostConfig.DEFAULT_SSL_HOST_NAME;
+/**
+ * @return The host name for the default SSL configuration for this 
endpoint
+ * - always in lower case.
+ */
 public String getDefaultSSLHostConfigName() {
 return defaultSSLHostConfigName;
 }
 public void setDefaultSSLHostConfigName(String defaultSSLHostConfigName) {
-this.defaultSSLHostConfigName = defaultSSLHostConfigName;
+this.defaultSSLHostConfigName = 
defaultSSLHostConfigName.toLowerCase(Locale.ENGLISH);
 }
 
 
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 0cebd12..2fed68e 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -49,6 +49,9 @@ public class SSLHostConfig implements Serializable {
 private static final Log log = LogFactory.getLog(SSLHostConfig.class);
 private static final StringManager sm = 
StringManager.getManager(SSLHostConfig.class);
 
+// Must be lower case. SSL host names are always stored using lower case as
+// they are case insensitive but are used by case sensitive code such as
+// keys in Maps.
 protected static final String DEFAULT_SSL_HOST_NAME = "_default_";
 protected static final Set SSL_PROTO_ALL_SET = new HashSet<>();
 
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 2469863..ee684eb 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -106,7 +106,8 @@
   connections) if the client connection does not provide SNI or if the SNI
   is provided but does not match any configured
   SSLHostConfig. If not specified the default value of
-  _default_ will be used.
+  _default_ will be used. Provided values are always converted
+  to lower case.
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 04/05: Ensure SSLHostConfig lookups for SNI from OpenSSL are case insensitive

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 86a6a143e776e2fd03898ba7cdd348d346b726ae
Author: Mark Thomas 
AuthorDate: Thu Jan 28 10:16:00 2021 +

Ensure SSLHostConfig lookups for SNI from OpenSSL are case insensitive

This is the fourth part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/jni/SSLContext.java|  8 ++--
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 13 -
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/jni/SSLContext.java 
b/java/org/apache/tomcat/jni/SSLContext.java
index e0759b3..8c2f9b9 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -17,6 +17,7 @@
 
 package org.apache.tomcat.jni;
 
+import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -416,7 +417,9 @@ public final class SSLContext {
 if (sniCallBack == null) {
 return 0;
 }
-return sniCallBack.getSslContext(sniHostName);
+// Can't be sure OpenSSL is going to provide the SNI value in lower 
case
+// so convert it before looking up the SSLContext
+return 
sniCallBack.getSslContext(sniHostName.toLowerCase(Locale.ENGLISH));
 }
 
 /**
@@ -470,7 +473,8 @@ public final class SSLContext {
  * This callback is made during the TLS handshake when the client uses
  * the SNI extension to request a specific TLS host.
  *
- * @param sniHostName The host name requested by the client
+ * @param sniHostName The host name requested by the client - must be 
in
+ *lower case
  *
  * @return The Java representation of the pointer to the OpenSSL
  * SSLContext to use for the given host or zero if no 
SSLContext
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 1583faf..504074f 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -386,7 +386,18 @@ public abstract class AbstractEndpoint {
 }
 
 
-
+/**
+ * Look up the SSLHostConfig for the given host name. Lookup order is:
+ * 
+ * exact match
+ * wild card match
+ * default SSLHostConfig
+ * 
+ *
+ * @param sniHostName   Host name - must be in lower case
+ *
+ * @return The SSLHostConfig for the given host name.
+ */
 protected SSLHostConfig getSSLHostConfig(String sniHostName) {
 SSLHostConfig result = null;
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated (4f1dc5a -> 48f2d41)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 4f1dc5a  Increment version to 9.0.43 for next development cycle
 new 4b3d6bd  Ensure the hostName field of SSLHostConfig is always lower 
case.
 new bedc995  Ensure the extracted SNI host name is always lower case
 new 4e83411  Ensure the name of the default SSLHostConfig is always lower 
case
 new 86a6a14  Ensure SSLHostConfig lookups for SNI from OpenSSL are case 
insensitive
 new 48f2d41  Make the calls to remove/reload the SSLHostConfig case 
insensitive

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/manager/ManagerServlet.java|  2 ++
 java/org/apache/tomcat/jni/SSLContext.java |  8 +++--
 .../apache/tomcat/util/net/AbstractEndpoint.java   | 37 ++
 java/org/apache/tomcat/util/net/SSLHostConfig.java | 10 +-
 .../tomcat/util/net/TLSClientHelloExtractor.java   |  7 +++-
 webapps/docs/changelog.xml |  8 +
 webapps/docs/config/http.xml   |  6 ++--
 7 files changed, 66 insertions(+), 12 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 05/05: Make the calls to remove/reload the SSLHostConfig case insensitive

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 35addcab7fe1b487626b5d5e9e74b04e65f2ceae
Author: Mark Thomas 
AuthorDate: Thu Jan 28 10:34:07 2021 +

Make the calls to remove/reload the SSLHostConfig case insensitive

The is the fifth and final part of the fix to make mapping of SNI values
to SSL virtual hosts case insensitive.
While not strictly related to SNI processing, a review of all of the
uses of sslHostConfigs identified these additional locations where the
host name may be provided in mixed case.
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 17 +
 webapps/docs/changelog.xml|  8 
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 5707645..62f8045 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -298,12 +298,15 @@ public abstract class AbstractEndpoint {
 if (hostName == null) {
 return null;
 }
-// Host names are case insensitive
-if (hostName.equalsIgnoreCase(getDefaultSSLHostConfigName())) {
+// Host names are case insensitive but stored/processed in lower case
+// internally because they are used as keys in a ConcurrentMap where
+// keys are compared in a case sensitive manner.
+String hostNameLower = hostName.toLowerCase(Locale.ENGLISH);
+if (hostNameLower.equals(getDefaultSSLHostConfigName())) {
 throw new IllegalArgumentException(
 sm.getString("endpoint.removeDefaultSslHostConfig", 
hostName));
 }
-SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostName);
+SSLHostConfig sslHostConfig = sslHostConfigs.remove(hostNameLower);
 unregisterJmx(sslHostConfig);
 return sslHostConfig;
 }
@@ -316,7 +319,13 @@ public abstract class AbstractEndpoint {
  * reloaded. This must match a current SSL host
  */
 public void reloadSslHostConfig(String hostName) {
-SSLHostConfig sslHostConfig = sslHostConfigs.get(hostName);
+// Host names are case insensitive but stored/processed in lower case
+// internally because they are used as keys in a ConcurrentMap where
+// keys are compared in a case sensitive manner.
+// This method can be called via various paths so convert the supplied
+// host name to lower case here to ensure the conversion occurs 
whatever
+// the call path.
+SSLHostConfig sslHostConfig = 
sslHostConfigs.get(hostName.toLowerCase(Locale.ENGLISH));
 if (sslHostConfig == null) {
 throw new IllegalArgumentException(
 sm.getString("endpoint.unknownSslHostName", hostName));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 26850c2..d92f253 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+Ensure that SNI provided host names are matched to SSL virtual host
+configurations in a case insensitive manner. (markt)
+  
+
+  
 
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/05: Ensure the extracted SNI host name is always lower case

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 547a8d69fbfb3323a408e47464d98e42542a3d02
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:50:22 2021 +

Ensure the extracted SNI host name is always lower case

This is the second part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java 
b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
index 54ea3f0..28d3358 100644
--- a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
+++ b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
@@ -22,6 +22,7 @@ import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
@@ -196,6 +197,10 @@ public class TLSClientHelloExtractor {
 }
 
 
+/**
+ * @return The SNI value provided by the client converted to lower case if
+ * not already lower case.
+ */
 public String getSNIValue() {
 if (result == ExtractorResult.COMPLETE) {
 return sniValue;
@@ -399,7 +404,7 @@ public class TLSClientHelloExtractor {
 char serverNameSize = bb.getChar();
 byte[] serverNameBytes = new byte[serverNameSize];
 bb.get(serverNameBytes);
-return new String(serverNameBytes, StandardCharsets.UTF_8);
+return new String(serverNameBytes, 
StandardCharsets.UTF_8).toLowerCase(Locale.ENGLISH);
 }
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/05: Ensure the hostName field of SSLHostConfig is always lower case.

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c56c139e69215ce76fa18b67d75353f1edc64617
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:29:01 2021 +

Ensure the hostName field of SSLHostConfig is always lower case.

This is the first part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
DNS names are case insensitive and while some browsers appear to always
convert provided host names to lower case, I have found no requirement
for this in the RFCs.
The overall plan is to always store and process host names in lower
case. This is because they are used as keys in a ConcurrentMap and keys
are compared in a case sensitive manner.
Using CaseInsensitiveKeyMap was rejected as a solution as that as it is
not thread safe.
---
 java/org/apache/catalina/manager/ManagerServlet.java | 2 ++
 java/org/apache/tomcat/util/net/SSLHostConfig.java   | 7 ++-
 webapps/docs/config/http.xml | 3 ++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/manager/ManagerServlet.java 
b/java/org/apache/catalina/manager/ManagerServlet.java
index 392fadc..52002d7 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -580,6 +580,8 @@ public class ManagerServlet extends HttpServlet implements 
ContainerServlet {
 } else {
 SSLHostConfig[] sslHostConfigs = 
http11Protoocol.findSslHostConfigs();
 for (SSLHostConfig sslHostConfig : sslHostConfigs) {
+// tlsHostName is as provided by the user so use a 
case insensitive
+// comparison as host names are case insensitive.
 if 
(sslHostConfig.getHostName().equalsIgnoreCase(tlsHostName)) {
 found = true;
 
http11Protoocol.reloadSslHostConfig(tlsHostName);
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 734b213..8ab6b63 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -25,6 +25,7 @@ import java.security.UnrecoverableKeyException;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Set;
 
 import javax.management.ObjectName;
@@ -409,10 +410,14 @@ public class SSLHostConfig implements Serializable {
 
 
 public void setHostName(String hostName) {
-this.hostName = hostName;
+this.hostName = hostName.toLowerCase(Locale.ENGLISH);
 }
 
 
+/**
+ * @return The host name associated with this SSL configuration - always in
+ * lower case.
+ */
 public String getHostName() {
 return hostName;
 }
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 32c300b..8d77679 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1306,7 +1306,8 @@
   The name of the SSL Host. This should either be the fully qualified
   domain name (e.g. tomcat.apache.org) or a wild card domain
   name (e.g. *.apache.org). If not specified, the default 
value
-  of _default_ will be used.
+  of _default_ will be used. Provided values are always
+  converted to lower case.
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 04/05: Ensure SSLHostConfig lookups for SNI from OpenSSL are case insensitive

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit bc0376ba9f8224083407e3895aec4879a76fa7fb
Author: Mark Thomas 
AuthorDate: Thu Jan 28 10:16:00 2021 +

Ensure SSLHostConfig lookups for SNI from OpenSSL are case insensitive

This is the fourth part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/jni/SSLContext.java|  8 ++--
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 13 -
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/jni/SSLContext.java 
b/java/org/apache/tomcat/jni/SSLContext.java
index e0759b3..8c2f9b9 100644
--- a/java/org/apache/tomcat/jni/SSLContext.java
+++ b/java/org/apache/tomcat/jni/SSLContext.java
@@ -17,6 +17,7 @@
 
 package org.apache.tomcat.jni;
 
+import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -416,7 +417,9 @@ public final class SSLContext {
 if (sniCallBack == null) {
 return 0;
 }
-return sniCallBack.getSslContext(sniHostName);
+// Can't be sure OpenSSL is going to provide the SNI value in lower 
case
+// so convert it before looking up the SSLContext
+return 
sniCallBack.getSslContext(sniHostName.toLowerCase(Locale.ENGLISH));
 }
 
 /**
@@ -470,7 +473,8 @@ public final class SSLContext {
  * This callback is made during the TLS handshake when the client uses
  * the SNI extension to request a specific TLS host.
  *
- * @param sniHostName The host name requested by the client
+ * @param sniHostName The host name requested by the client - must be 
in
+ *lower case
  *
  * @return The Java representation of the pointer to the OpenSSL
  * SSLContext to use for the given host or zero if no 
SSLContext
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 868c8b6..5707645 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -375,7 +375,18 @@ public abstract class AbstractEndpoint {
 }
 
 
-
+/**
+ * Look up the SSLHostConfig for the given host name. Lookup order is:
+ * 
+ * exact match
+ * wild card match
+ * default SSLHostConfig
+ * 
+ *
+ * @param sniHostName   Host name - must be in lower case
+ *
+ * @return The SSLHostConfig for the given host name.
+ */
 protected SSLHostConfig getSSLHostConfig(String sniHostName) {
 SSLHostConfig result = null;
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/05: Ensure the name of the default SSLHostConfig is always lower case

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit e041171e1afc141aa93cf5c49e2b7a1890c63e50
Author: Mark Thomas 
AuthorDate: Thu Jan 28 09:58:43 2021 +

Ensure the name of the default SSLHostConfig is always lower case

This is the third part of the fix to make mapping of SNI values to SSL
virtual hosts case insensitive.
---
 java/org/apache/tomcat/util/net/AbstractEndpoint.java | 7 ++-
 java/org/apache/tomcat/util/net/SSLHostConfig.java| 3 +++
 webapps/docs/config/http.xml  | 3 ++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java 
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 83b9715..868c8b6 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -27,6 +27,7 @@ import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
@@ -212,11 +213,15 @@ public abstract class AbstractEndpoint {
 // - 
Properties
 
 private String defaultSSLHostConfigName = 
SSLHostConfig.DEFAULT_SSL_HOST_NAME;
+/**
+ * @return The host name for the default SSL configuration for this 
endpoint
+ * - always in lower case.
+ */
 public String getDefaultSSLHostConfigName() {
 return defaultSSLHostConfigName;
 }
 public void setDefaultSSLHostConfigName(String defaultSSLHostConfigName) {
-this.defaultSSLHostConfigName = defaultSSLHostConfigName;
+this.defaultSSLHostConfigName = 
defaultSSLHostConfigName.toLowerCase(Locale.ENGLISH);
 }
 
 
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 8ab6b63..2c1c0c3 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -49,6 +49,9 @@ public class SSLHostConfig implements Serializable {
 private static final Log log = LogFactory.getLog(SSLHostConfig.class);
 private static final StringManager sm = 
StringManager.getManager(SSLHostConfig.class);
 
+// Must be lower case. SSL host names are always stored using lower case as
+// they are case insensitive but are used by case sensitive code such as
+// keys in Maps.
 protected static final String DEFAULT_SSL_HOST_NAME = "_default_";
 protected static final Set SSL_PROTO_ALL_SET = new HashSet<>();
 
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 8d77679..4f2d17b 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -115,7 +115,8 @@
   connections) if the client connection does not provide SNI or if the SNI
   is provided but does not match any configured
   SSLHostConfig. If not specified the default value of
-  _default_ will be used.
+  _default_ will be used. Provided values are always converted
+  to lower case.
 
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (6a5bce0 -> 35addca)

2021-01-28 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 6a5bce0  Increment version to 10.0.2 for next development cycle
 new c56c139  Ensure the hostName field of SSLHostConfig is always lower 
case.
 new 547a8d6  Ensure the extracted SNI host name is always lower case
 new e041171  Ensure the name of the default SSLHostConfig is always lower 
case
 new bc0376b  Ensure SSLHostConfig lookups for SNI from OpenSSL are case 
insensitive
 new 35addca  Make the calls to remove/reload the SSLHostConfig case 
insensitive

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/manager/ManagerServlet.java|  2 ++
 java/org/apache/tomcat/jni/SSLContext.java |  8 +++--
 .../apache/tomcat/util/net/AbstractEndpoint.java   | 37 ++
 java/org/apache/tomcat/util/net/SSLHostConfig.java | 10 +-
 .../tomcat/util/net/TLSClientHelloExtractor.java   |  7 +++-
 webapps/docs/changelog.xml |  8 +
 webapps/docs/config/http.xml   |  6 ++--
 7 files changed, 66 insertions(+), 12 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Increment version number for next development cycle

2021-01-28 Thread violetagg 
This is an automated email from the ASF dual-hosted git repository.

violetagg pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 4abf2a1  Increment version number for next development cycle
4abf2a1 is described below

commit 4abf2a1fec1e888713998e88d6b8dfcb3f7674fe
Author: Violeta Georgieva [VMware] 
AuthorDate: Thu Jan 28 11:54:56 2021 +0200

Increment version number for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index d86148a..eb2cfe4 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=7
 version.minor=0
-version.build=108
+version.build=109
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 6eda85f..f703d03 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=7.0.108
+maven.asf.release.deploy.version=7.0.109
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3fbdb74..6c87635 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,7 +118,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 7.0.108

2021-01-28 Thread Violeta Georgieva 
The proposed Apache Tomcat 7.0.108 release is now available for voting.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.108/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1295/
The git tag is:
https://github.com/apache/tomcat/tree/7.0.108
b57a2ea4466a2d4ea03a0f90e3f0d6c485b3cfea

The proposed 7.0.108 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 7.0.108 Stable

Regards,
Violeta

svn commit: r45619 [2/2] - in /dev/tomcat/tomcat-7/v7.0.108: ./ bin/ bin/embed/ bin/extras/ src/

2021-01-28 Thread violetagg 
Added: dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli-adapters.jar.sha512
==
--- dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli-adapters.jar.sha512 
(added)
+++ dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli-adapters.jar.sha512 Thu 
Jan 28 09:39:16 2021
@@ -0,0 +1 @@
+7d49be8d703aef703a5e73e857ff3424c3b0c241e9da67fc14f5ea779de6dc18b45eca9c92e74c5410c69e28c27b04ec0e9d3c3c4d992a6656b2be4e0e7e31ed
 *tomcat-juli-adapters.jar
\ No newline at end of file

Added: dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar
==
Binary file - no diff available.

Propchange: dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar
--
svn:mime-type = application/octet-stream

Added: dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.asc
==
--- dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.asc (added)
+++ dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.asc Thu Jan 28 
09:39:16 2021
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEcT2oi+UJEVNf5xb1IIsKsdYwEccFAmASgFsACgkQIIsKsdYw
+EcfthxAAuG2ojuWK3jcG7hZ/zJCakCtLlZWUxzkLLCT9g6+FGpjLyN9N1URhx6EG
+w875UGgixQs1Xfg+Riuw4J1aTmwMesNFLEaMkgdvntbSEM0UKTTDDP+xHs2N5mH9
+C5zY/cD2kOQhNcsGMLdWRoKq4KeP+7YiItsMl8EuKE9xlJJGmVNZA/F5s+0eiyF3
+mSzSztRUVi80ArVV7Hr4rDblH5+/sjtYq9dG+XMgH/1esfOZ2LYLNnmBt3nw0S2W
+MMqi1bC87DEaCm8sWXugsW6kzUiVvrzMtSGBrEnNA85x3GeCx8cQxckYsRRVmwZS
+NqY4ovlqDZuBNeOQ/NgeW6Fj1MIhH5NymTDSqsKty7QZhr3T5l4tF1UHFGBfsqL5
+3R7/8HNG6KuNldxwEbPHVxULi2+XVxvb2AECNy4aGZIhIZIkyDI0jjE1KBfcMC1S
+eRGUL/pUtxe0KTCm9nUpQhoZtQAyjiUzwhnj0RNLmKwujSKBe2qm+RR+oQmgbwRz
+39aFc2pQfNV0T+EMYGJRuqUaf/6/XMqjofp3MRIQN4hXflZcmDhrS+ZrExwWUkFd
+3I2ZVo2z6pfb0yvuTwq8ARNYJAHtDqiu7nLYvR+tCR64D57xLiLY3bLMZc4u3XuB
+6W0V5e/414UGOv23Mh2g5teHZwaCwltGX3+SSPWpkKP4sEvubUI=
+=XbqH
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.sha512
==
--- dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.sha512 (added)
+++ dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.sha512 Thu Jan 28 
09:39:16 2021
@@ -0,0 +1 @@
+480cd010d6d1c52917fd665fbe50750d74e4636154ea65b80ce73994c6154b9ff115d575b78a004954b11f37fbac775a8404c05a3dfbc92129c6f5981281d42f
 *tomcat-juli.jar
\ No newline at end of file

Added: dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz
==
Binary file - no diff available.

Propchange: dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz
--
svn:mime-type = application/octet-stream

Added: dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.asc
==
--- dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.asc 
(added)
+++ dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.asc Thu 
Jan 28 09:39:16 2021
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEcT2oi+UJEVNf5xb1IIsKsdYwEccFAmASgfcACgkQIIsKsdYw
+Ece5aQ/+PDT87+HkepcB0c/bXpUHeir9x0LD2Olp6B77aq7Nr2RBMM5/5XzmrBbh
+RhtP2z7zNT+xZ/P2zoY7RjxjXhsmwGI4FFnME3Tq6ibNX4jAfMiPSutN5mURVDG0
+dDnt3PmIaS/5qrb7Ic+DIZA+YaeqKYA+szOdqlROVwOQS+tnywMei7rYYUhXU+yX
+4IKCM0o1IjsdEHCInerJthR3KG0zjdBx00v9rFp7ZwNHVbM7pCJFCpScF9O634B+
+m8RYlWxJqZe87dTCSMD/CSP4gYOzGtKk+2PalOHnQ4GE9CjvnzoKe52SRzHVA/eq
+eFXs9vBiK8aOg8LcwmEoQWicNjPMZ4ihn3DkEpSrdMcYSPbAgBACT+ogE9gVT4r+
+B9sNqpLY4ZpjzjZQSw5QBqT3U5nDp69v3qTh+mHqoXf8ghsEEapWvHlLJCbjqNGq
+ch0+3bfLti6aScEUoGhTszBQbrN2s3qFaOmDGwVYM/1Hcf/EfJkq7CvD4OZORNH0
+7aCTAe3swumgq76PmzB93XkgjL2KUxZWUlhhzdYkJWMiKnj9Fr3PPkHIqfjGaMec
+Pvg1xTkBo0I0RkEdOAgUOyfQMSzSJR2rvpvRWkdV1mo3k2taUYl+tawl759HUQxc
+cLC4AEYpmoh+7ZAH6NxV8nvmkfmgO8Q7SeMQQ9XQ4aVBPvwz5PQ=
+=v0QK
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.sha512
==
--- dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.sha512 
(added)
+++ dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.sha512 
Thu Jan 28 09:39:16 2021
@@ -0,0 +1 @@
+bdd957ca5b3b7dd152efa6406dbb6397ed62661ec44c83b6a8f6e9e3c33362c51ff5e0451a57d6aa3874cd745811f2afe78d08825ddaba8e29cb38ef922c48e2
 *apache-tomcat-7.0.108-src.tar.gz
\ No newline at end of file

Added: dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.zip
==
Binary file - no diff available.

Propchange:

svn commit: r45619 [1/2] - in /dev/tomcat/tomcat-7/v7.0.108: ./ bin/ bin/embed/ bin/extras/ src/

2021-01-28 Thread violetagg 
Author: violetagg
Date: Thu Jan 28 09:39:16 2021
New Revision: 45619

Log:
Stage Tomcat 7.0.108

Added:
dev/tomcat/tomcat-7/v7.0.108/
dev/tomcat/tomcat-7/v7.0.108/KEYS
dev/tomcat/tomcat-7/v7.0.108/README.html
dev/tomcat/tomcat-7/v7.0.108/RELEASE-NOTES
dev/tomcat/tomcat-7/v7.0.108/bin/
dev/tomcat/tomcat-7/v7.0.108/bin/README.html
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-deployer.tar.gz.asc

dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-deployer.tar.gz.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-deployer.zip   (with 
props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-deployer.zip.asc
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-deployer.zip.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-fulldocs.tar.gz.asc

dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-windows-x64.zip   
(with props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-windows-x64.zip.asc

dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-windows-x64.zip.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-windows-x86.zip   
(with props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-windows-x86.zip.asc

dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108-windows-x86.zip.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.exe   (with props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.exe.asc
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.exe.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.tar.gz   (with props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.tar.gz.asc
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.tar.gz.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.zip   (with props)
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.zip.asc
dev/tomcat/tomcat-7/v7.0.108/bin/apache-tomcat-7.0.108.zip.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/embed/
dev/tomcat/tomcat-7/v7.0.108/bin/embed/apache-tomcat-7.0.108-embed.tar.gz   
(with props)

dev/tomcat/tomcat-7/v7.0.108/bin/embed/apache-tomcat-7.0.108-embed.tar.gz.asc

dev/tomcat/tomcat-7/v7.0.108/bin/embed/apache-tomcat-7.0.108-embed.tar.gz.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/embed/apache-tomcat-7.0.108-embed.zip   
(with props)
dev/tomcat/tomcat-7/v7.0.108/bin/embed/apache-tomcat-7.0.108-embed.zip.asc

dev/tomcat/tomcat-7/v7.0.108/bin/embed/apache-tomcat-7.0.108-embed.zip.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/extras/
dev/tomcat/tomcat-7/v7.0.108/bin/extras/catalina-jmx-remote.jar   (with 
props)
dev/tomcat/tomcat-7/v7.0.108/bin/extras/catalina-jmx-remote.jar.asc
dev/tomcat/tomcat-7/v7.0.108/bin/extras/catalina-jmx-remote.jar.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/extras/catalina-ws.jar   (with props)
dev/tomcat/tomcat-7/v7.0.108/bin/extras/catalina-ws.jar.asc
dev/tomcat/tomcat-7/v7.0.108/bin/extras/catalina-ws.jar.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli-adapters.jar   (with 
props)
dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli-adapters.jar.asc
dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli-adapters.jar.sha512
dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar   (with props)
dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.asc
dev/tomcat/tomcat-7/v7.0.108/bin/extras/tomcat-juli.jar.sha512
dev/tomcat/tomcat-7/v7.0.108/src/
dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz   (with 
props)
dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.asc
dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.tar.gz.sha512
dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.zip   (with 
props)
dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.zip.asc
dev/tomcat/tomcat-7/v7.0.108/src/apache-tomcat-7.0.108-src.zip.sha512

Added: dev/tomcat/tomcat-7/v7.0.108/KEYS
==
--- dev/tomcat/tomcat-7/v7.0.108/KEYS (added)
+++ dev/tomcat/tomcat-7/v7.0.108/KEYS Thu Jan 28 09:39:16 2021
@@ -0,0 +1,650 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate

[tomcat] 01/01: Tag 7.0.108

2021-01-28 Thread violetagg 
This is an automated email from the ASF dual-hosted git repository.

violetagg pushed a commit to tag 7.0.108
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b57a2ea4466a2d4ea03a0f90e3f0d6c485b3cfea
Author: Violeta Georgieva 
AuthorDate: Thu Jan 28 00:41:17 2021 -0800

Tag 7.0.108
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index d86148a..d4c8934 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=7
 version.minor=0
 version.build=108
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Source control flags -
 git.branch=7.0.x
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3fbdb74..611c358 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,7 +118,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 7.0.108 created (now b57a2ea)

2021-01-28 Thread violetagg 
This is an automated email from the ASF dual-hosted git repository.

violetagg pushed a change to tag 7.0.108
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at b57a2ea  (commit)
This tag includes the following new commits:

 new b57a2ea  Tag 7.0.108

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.62

2021-01-28 Thread Rémy Maucherat 
On Wed, Jan 27, 2021 at 8:25 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.62 release is now available for voting.
>
> The notable changes compared to the 8.5.61 release are:
>
> - Add a new StringInterpreter interface that allows applications to
>   provide customised string attribute value to type conversion within
>   JSPs. This allows applications to provide a conversion
>   implementation that is optimised for the application.
>
> - Add peerAddress to coyote request, which contains the IP address of
>   the direct connection peer. If a reverse proxy sits in front of
>   Tomcat and the protocol used is AJP or HTTP in combination with the
>   RemoteIp(Valve|Filter), the peer address might differ from the
>   remoteAddress. The latter then contains the address of the client in
>   front of the reverse proxy, not the address of the proxy itself.
>
> - Escape elements in the access log that need to be escaped for the
>   access log to be parsed unambiguously.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.62/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1294/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.62
> 0c41d44e32bc4479f0de02e6eb29bb703549a05c
>
> The proposed 8.5.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.62
>

Rémy

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.42

2021-01-28 Thread Rémy Maucherat 
On Wed, Jan 27, 2021 at 6:40 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.42 release is now available for voting.
>
> The notable changes compared to the 9.0.41 release are:
>
> - Add support for using Unix domain sockets for NIO when running on
>   Java 16 or later.
>
> - Add a new StringInterpreter interface that allows applications to
>   provide customised string attribute value to type conversion within
>   JSPs. This allows applications to provide a conversion
>   implementation that is optimised for the application.
>
> - Add peerAddress to coyote request, which contains the IP address of
>   the direct connection peer. If a reverse proxy sits in front of
>   Tomcat and the protocol used is AJP or HTTP in combination with the
>   RemoteIp(Valve|Filter), the peer address might differ from the
>   remoteAddress. The latter then contains the address of the client in
>   front of the reverse proxy, not the address of the proxy itself.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.42/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1293/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.42
> 868b50e7af1dd6c3489ba0fda86dfc1ff1b8c8cb
>
> The proposed 9.0.42 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.42
>
> Rémy

  1   2   >