[tomcat] branch 8.5.x updated: Code clean-up. No functional change.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 85c4f5f5e3 Code clean-up. No functional change. 85c4f5f5e3 is described below commit 85c4f5f5e3d1fb14eb2f3ba6740ec38f2e6aa88d Author: Mark Thomas AuthorDate: Mon Jun 19 18:43:30 2023 +0100 Code clean-up. No functional change. Align with 9.0.x/10.1.x/11.0.x --- .../catalina/core/ApplicationContextFacade.java| 1 - .../catalina/core/ApplicationHttpRequest.java | 21 + java/org/apache/catalina/core/ContainerBase.java | 14 +++--- .../core/JreMemoryLeakPreventionListener.java | 2 + .../apache/catalina/core/LocalStrings.properties | 9 .../catalina/core/LocalStrings_fr.properties | 9 .../catalina/core/LocalStrings_ja.properties | 9 .../catalina/core/LocalStrings_ko.properties | 9 java/org/apache/catalina/core/StandardContext.java | 50 +++--- java/org/apache/catalina/core/StandardEngine.java | 6 +-- java/org/apache/catalina/core/StandardServer.java | 13 +++--- java/org/apache/catalina/core/StandardWrapper.java | 1 - 12 files changed, 67 insertions(+), 77 deletions(-) diff --git a/java/org/apache/catalina/core/ApplicationContextFacade.java b/java/org/apache/catalina/core/ApplicationContextFacade.java index cde889a013..aa28ddac97 100644 --- a/java/org/apache/catalina/core/ApplicationContextFacade.java +++ b/java/org/apache/catalina/core/ApplicationContextFacade.java @@ -71,7 +71,6 @@ public class ApplicationContextFacade implements ServletContext { // --- Constructors - /** * Construct a new instance of this class, associated with the specified Context instance. * diff --git a/java/org/apache/catalina/core/ApplicationHttpRequest.java b/java/org/apache/catalina/core/ApplicationHttpRequest.java index 20c0bd74b9..c7f61d816b 100644 --- a/java/org/apache/catalina/core/ApplicationHttpRequest.java +++ b/java/org/apache/catalina/core/ApplicationHttpRequest.java @@ -43,6 +43,7 @@ import org.apache.catalina.Manager; import org.apache.catalina.Session; import org.apache.catalina.connector.RequestFacade; import org.apache.catalina.util.ParameterMap; +import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.URLEncoder; import org.apache.tomcat.util.buf.B2CConverter; import org.apache.tomcat.util.buf.MessageBytes; @@ -469,25 +470,7 @@ class ApplicationHttpRequest extends HttpServletRequestWrapper { */ @Override public StringBuffer getRequestURL() { - -StringBuffer url = new StringBuffer(); -String scheme = getScheme(); -int port = getServerPort(); -if (port < 0) { -port = 80; // Work around java.net.URL bug -} - -url.append(scheme); -url.append("://"); -url.append(getServerName()); -if ((scheme.equals("http") && (port != 80)) || (scheme.equals("https") && (port != 443))) { -url.append(':'); -url.append(port); -} -url.append(getRequestURI()); - -return (url); - +return RequestUtil.getRequestURL(this); } diff --git a/java/org/apache/catalina/core/ContainerBase.java b/java/org/apache/catalina/core/ContainerBase.java index da690e37cd..610baf054c 100644 --- a/java/org/apache/catalina/core/ContainerBase.java +++ b/java/org/apache/catalina/core/ContainerBase.java @@ -148,7 +148,6 @@ public abstract class ContainerBase extends LifecycleMBeanBase implements Contai // - Instance Variables - /** * The child Containers belonging to this Container, keyed by name. */ @@ -430,7 +429,7 @@ public abstract class ContainerBase extends LifecycleMBeanBase implements Contai this.cluster = cluster; // Stop the old component if necessary -if (getState().isAvailable() && (oldCluster != null) && (oldCluster instanceof Lifecycle)) { +if (getState().isAvailable() && (oldCluster instanceof Lifecycle)) { try { ((Lifecycle) oldCluster).stop(); } catch (LifecycleException e) { @@ -443,7 +442,7 @@ public abstract class ContainerBase extends LifecycleMBeanBase implements Contai cluster.setContainer(this); } -if (getState().isAvailable() && (cluster != null) && (cluster instanceof Lifecycle)) { +if (getState().isAvailable() && (cluster instanceof Lifecycle)) { try { ((Lifecycle) cluster).start(); } catch (LifecycleException e) { @@ -633,7 +632,7 @@ public abstract class ContainerBase extends LifecycleMBeanBase implements Contai
[Bug 66658] New: Reference GitHub Actions and Docker Images by SHA
https://bz.apache.org/bugzilla/show_bug.cgi?id=66658 Bug ID: 66658 Summary: Reference GitHub Actions and Docker Images by SHA Product: Tomcat 11 Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Packaging Assignee: dev@tomcat.apache.org Reporter: diogote...@google.com Target Milestone: --- Hi! I'm Diogo and I work on Google's Open Source Security Team([GOSST](https://github.com/diogoteles08#about-gosst-ghost)) in cooperation with the Open Source Security Foundation ([OpenSSF](https://openssf.org/)). My core job is to suggest and implement security changes on widely used open source projects I'm here to ask if you are interested in a PR to hash pin the Actions you call in your GitHub Workflows, and the docker images you use on your docker files. This is the only way to guarantee that you're using an immutable version of the code, which might protect you from tags being moved to malicious or buggy commits. The changes would be similar to those: For the docker files, `From busybox:glibc` would become `From busybox:glibc@sha256:2a6835efa6f7ba15d30e1118e72e9ba180e4ae8253bfe80e97628df85f3aad8f` For the GitHub Actions, `- uses: actions/setup-java@v3` would become `- uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0` It would make it a bit more difficult to manually update the versions, but Dependabot is able to do it automatically -- and it also makes sure to keep the human-readable version as a comment . Do you already have Dependabot enabled? I've found this [dependabot PR](https://github.com/apache/tomcat/pull/603), but haven't found the dependabot.yml file, so I couldn't tell. Both changes are recommended by security tools like [Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies). The GitHub Actions change are also recommended by [GitHub itself](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions), and you can read about a practical impact of the Docker image change on this [blogpost](https://rockbag.medium.com/why-you-should-pin-your-docker-images-with-sha-instead-of-tags-fd132443b8a6). Thanks! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on pull request #628: Change style
markt-asf commented on PR #628: URL: https://github.com/apache/tomcat/pull/628#issuecomment-1597337218 Please provide an updated screenshot showing the results of all your changes as there have been additional changes since the PR was opened. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat 11, Java 21 and Windows 32-bit support
On 16/06/2023 21:42, Mark Thomas wrote: There are lots of interesting things about those numbers but in terms of 32-bit Windows support there still looks to be a demand for it all the way up to Tomcat 10. If we were to drop it for one we might as well drop it for all but I think there is enough demand to keep producing the 32-bit binaries for now. We don't know if there is a real demand for 32-bit binaries or if this simply reflects random clicks on the download page. The 32-bit zip is listed before the 64-bit one, this might inflate the numbers. Running Tomcat on Windows with less than 4GB RAM doesn't make much sense nowadays in my opinion. If someone really has a memory constrained server he would run Linux and not Windows. I'm +1 for releasing Tomcat 11 with 64-bit binaries only, but I wouldn't wait until 2025 to drop the 32-bit distribution for the previous releases. If nobody complains about the lack of 32-bit support in Tomcat 11 by the end of 2023, I would suggest dropping the 32-bit binary distribution for Tomcat 10 as well. Emmanuel Bourg - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat-native] branch main updated: native: Fix the build with rlibtool
On 18/06/2023 13:45, Rainer Jung wrote: Am 06.06.23 um 12:57 schrieb Mark Thomas: On 05/06/2023 21:20, Rainer Jung wrote: Something is wrong with our regeneration of configure in the release process, at least for the 2.x branch (main). The configure script contains "LT_INIT" verbatim instead of LT_INIT being replaced by its script implementation. I can't actually say what is wrong :( If I run "autoreconf --force --install" on my system LT_INIT gets resolved but configure also get much bigger (more than double the size). Let me know if you have no good idea and I should investigate deeper. Sorry, no idea here. I tested the PR to the extent I check I could still build with the PR applied but went no deeper. Linux build systems are mostly a mystery to me. I hope I fixed it today without breaking other stuff. I tested with generating a release tarball from the main branch and the tarball deltas to 2.0.4 looked reasonable. Also the Makefile generated by configure looks consistent. As always things ight vary a bit depending on the system used for releases. Builds looks OK to me here. Thanks. Mark Best regards, Rainer Am 31.10.22 um 21:02 schrieb ma...@apache.org: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 54dccd3a4 native: Fix the build with rlibtool new 4f7fb7f44 Merge pull request #14 from orbea/slibtool 54dccd3a4 is described below commit 54dccd3a4dc01801d9311b3160808305ec9fc2cf Author: orbea AuthorDate: Thu Jul 21 17:59:14 2022 -0700 native: Fix the build with rlibtool When building tomcat-native with slibtool using the rlibtool symlink the build will fail. This is because rlibtool requires the generated libtool script to determine if the build is shared, static or both. Gentoo bug: https://bugs.gentoo.org/778914 --- native/configure.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/native/configure.in b/native/configure.in index 567894b10..e082ae6d2 100644 --- a/native/configure.in +++ b/native/configure.in @@ -50,6 +50,9 @@ AC_SUBST(TCN_CONFIG_LOCATION) AC_CANONICAL_TARGET AC_PROG_INSTALL +dnl Generate the libtool script which is needed for rlibtool +LT_INIT + dnl dnl compute the top directory of the build dnl note: this is needed for LIBTOOL and exporting the bundled Expat - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org