Bug report for Tomcat Connectors [2019/12/08]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca|
|47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A|
|47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j|
|48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv|
|49822|New|Enh|2010-08-25|Add hash lb worker method |
|49903|New|Enh|2010-09-09|Make workers file reloadable  |
|52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus|
|54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks |
|56489|New|Enh|2014-05-05|Include a directory for configuration files   |
|56576|New|Enh|2014-05-29|Websocket support |
|57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce|
|57403|New|Enh|2014-12-30|Persist configuration changes made via status work|
|57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook|
|57790|New|Enh|2015-04-03|Check worker names for typos  |
|61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value|
|61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t|
|62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu|
|63214|New|Nor|2019-02-27|Using JkAutoAlias, Filenames with Spaces Cannot be|
|63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff|
+-+---+---+--+--+
| Total   19 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat Native [2019/12/08]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|53940|New|Enh|2012-09-27|Added support for new CRL loading after expiration|
|62626|New|Nor|2018-08-15|Tomcat 9.0.10 APR/Native crashes  |
|62911|New|Enh|2018-11-15|Add support for proxying ocsp  requests via ProxyH|
|63199|Inf|Nor|2019-02-22|sslsocket handshake JVM crash |
|63405|New|Nor|2019-05-06|Tomcat 7.0.91.0 EXCEPTION_ACCESS_VIOLATION - Probl|
|63671|New|Nor|2019-08-19|libtcnative does not compile with OpenSSL < 1.1.0 |
|63701|Inf|Maj|2019-08-27|SSL initialize hangs with OpenSSL 1.1.1   |
+-+---+---+--+--+
| Total7 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Taglibs [2019/12/08]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field   |
|38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)|
|42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements   |
|46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l|
|48333|New|Enh|2009-12-02|TLD generator |
|57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta|
|57684|New|Min|2015-03-10|Version info should be taken from project version |
|59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be|
|59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in|
|61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed  |
+-+---+---+--+--+
| Total   10 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat Modules [2019/12/08]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen|
|51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho|
|51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods   |
|52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o|
|53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe|
|54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int|
|54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang|
|55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ|
|55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di|
|56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p|
|56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio|
|56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr|
|56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =|
|56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue|
|56779|New|Nor|2014-07-28|Allow multiple connection initialization statement|
|56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti|
|56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i|
|56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f|
|56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl|
|56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic|
|56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat|
|57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem|
|57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e|
|58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti|
|59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source  |
|59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect |
|59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec|
|60195|New|Nor|2016-10-02|No javadoc in Maven Central   |
|60522|New|Nor|2016-12-27|An option for setting if the transaction should be|
|60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68  |
|60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe |
|61032|New|Nor|2017-04-24|min pool size is not being respected  |
|61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional |
|61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy|
|61303|New|Enh|2017-07-15|Refactoring of ConnectionPool |
|62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer?   |
|62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources  |
|62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem   |
|63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren|
|63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th|
+-+---+---+--+--+
| Total   40 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat 8 [2019/12/08]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|55243|New|Enh|2013-07-11|Add special search string for nested roles|
|55252|New|Enh|2013-07-12|Separate Ant and command-line wrappers for JspC   |
|55383|New|Enh|2013-08-07|Improve markup and design of Tomcat's HTML pages  |
|9|New|Enh|2013-09-14|UserDatabaseRealm enhacement: may use local JNDI  |
|55675|New|Enh|2013-10-18|Checking and handling invalid configuration option|
|55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp|
|56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia|
|56398|New|Enh|2014-04-11|Support Arquillian-based unit testing |
|56399|New|Enh|2014-04-11|Re-factor request/response recycling so Coyote and|
|56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components|
|56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S|
|56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi|
|56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.|
|56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap|
|56890|Inf|Maj|2014-08-26|getRealPath returns null  |
|56966|New|Enh|2014-09-11|AccessLogValve's elapsed time has 15ms precision o|
|57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or |
|57421|New|Enh|2015-01-07|Farming default directories   |
|57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances|
|57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio|
|57830|New|Enh|2015-04-18|Add support for ProxyProtocol |
|58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir|
|58072|New|Enh|2015-06-23|ECDH curve selection  |
|58577|New|Enh|2015-11-03|JMX Proxy Servlet can't handle overloaded methods |
|58837|New|Enh|2016-01-12|support "X-Content-Security-Policy" a.k.a as "CSP"|
|58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context   |
|59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI|
|59423|New|Enh|2016-05-03|amend "No LoginModules configured for ..." with hi|
|59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo|
|60281|Ver|Nor|2016-10-20|Pathname of uploaded WAR file should not be contai|
|60721|Ver|Nor|2017-02-10|Unable to find key spec if more applications use b|
|60781|New|Nor|2017-02-27|Access Log Valve does not escape the same as mod_l|
|60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego|
|61668|Ver|Min|2017-10-26|Possible NullPointerException in org.apache.coyote|
|61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default |
|61917|New|Enh|2017-12-19|AddDefaultCharsetFilter only supports text/* respo|
|62150|New|Enh|2018-03-01|Behavior of relative paths with RequestDispatcher |
|62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J|
|62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default|
|62912|New|Enh|2018-11-15|Tomcat adds a space character in the Content-Type |
|63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header  |
|63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly |
|63286|New|Enh|2019-03-25|Inconsistencies between AccessLogValve and mod_log|
|63802|Inf|Cri|2019-10-04|epoll spin detection is missing   |
|63815|Inf|Nor|2019-10-08|Expansion of JAVA_OPTS in catalina.sh containing '|
|63966|New|Enh|2019-11-27|Charset of TLS message is hardcoded to ISO-8859-1.|
+-+---+---+--+--+
| Total   46 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: 

Bug report for Tomcat 9 [2019/12/08]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|57505|New|Enh|2015-01-27|Add integration tests for JspC|
|57661|New|Enh|2015-03-04|Delay sending of 100 continue response until appli|
|58242|New|Enh|2015-08-13|Scanning jars in classpath to get annotations in p|
|58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI |
|58548|New|Enh|2015-10-26|support certifcate transparency   |
|58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T|
|59203|New|Enh|2016-03-21|Try to call Thread.interrupt before calling Thread|
|59344|Ver|Enh|2016-04-18|PEM file support for JSSE |
|59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means |
|60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an|
|61971|New|Enh|2018-01-06|documentation for using tomcat with systemd   |
|62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage|
|62072|New|Enh|2018-02-01|Add support for request compression   |
|62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie|
|62405|New|Enh|2018-05-23|Add Rereadable Request Filter |
|62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi|
|62611|New|Enh|2018-08-09|Compress log files after rotation |
|62695|Inf|Nor|2018-09-07|Provide sha512 checksums for Tomcat releases publi|
|62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu|
|62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat|
|62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options|
|62843|New|Enh|2018-10-22|Tomcat Russian localization   |
|62920|New|Enh|2018-11-17|Maven Plugin For Tomcat 9.0.x |
|62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st|
|63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s|
|63049|New|Enh|2018-12-31|Add support in system properties override from com|
|63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp|
|63362|New|Enh|2019-04-18|GlobalRequestProcessor statistics in MBean does no|
|63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization|
|63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti|
|63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat|
|63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg|
|63691|New|Enh|2019-08-24|Add a no-op JarScanner|
|63859|Inf|Reg|2019-10-17|AJP cping/cpong mode failing on Tomcat 9.x|
|63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info|
+-+---+---+--+--+
| Total   35 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Bug report for Tomcat 7 [2019/12/08]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|50944|Ver|Blk|2011-03-18|JSF: java.lang.NullPointerException at com.sun.fac|
|53620|New|Enh|2012-07-30|[juli] delay opening a file until something gets l|
|55104|New|Enh|2013-06-16|Allow passing arguments with spaces to Commons Dae|
|55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star|
|55477|New|Enh|2013-08-23|Add a solution to map an realm name to a security |
|56148|New|Enh|2014-02-17|support (multiple) ocsp stapling  |
|56181|New|Enh|2014-02-23|RemoteIpValve & RemoteIpFilter: HttpServletRequest|
|56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation|
|56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co|
|56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta|
|56787|New|Enh|2014-07-29|Simplified jndi name parsing  |
|57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the|
|57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta|
|57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due|
|57892|New|Enh|2015-05-05|Log once a warning if a symbolic link is ignored (|
|60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli|
|63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active |
+-+---+---+--+--+
| Total   17 bugs   |
+---+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/14: Merge in FileUpload changes to 2317552 (2019-12-06, 2.0-SNAPSHOT)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit be8f0e3a1417cce57d42d9727d4fea4619db6fd9
Author: Mark Thomas 
AuthorDate: Fri Dec 6 15:30:48 2019 +

Merge in FileUpload changes to 2317552 (2019-12-06, 2.0-SNAPSHOT)
---
 java/org/apache/catalina/connector/Request.java|   6 +-
 .../util/http/fileupload/FileItemIterator.java |  49 +-
 .../util/http/fileupload/FileUploadBase.java   | 708 +
 .../util/http/fileupload/MultipartStream.java  |  10 +-
 .../util/http/fileupload/disk/DiskFileItem.java|   3 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java | 339 ++
 .../http/fileupload/impl/FileItemStreamImpl.java   | 222 +++
 .../impl/FileSizeLimitExceededException.java   |  94 +++
 .../fileupload/impl/FileUploadIOException.java |  62 ++
 .../fileupload/impl/IOFileUploadException.java |  61 ++
 .../impl/InvalidContentTypeException.java  |  62 ++
 .../util/http/fileupload/impl/SizeException.java   |  75 +++
 .../impl/SizeLimitExceededException.java   |  43 ++
 webapps/docs/changelog.xml |   4 +
 14 files changed, 1029 insertions(+), 709 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index f916ad7..954c0a2 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -94,10 +94,10 @@ import org.apache.tomcat.util.http.Parameters;
 import org.apache.tomcat.util.http.Parameters.FailReason;
 import org.apache.tomcat.util.http.ServerCookie;
 import org.apache.tomcat.util.http.fileupload.FileItem;
-import org.apache.tomcat.util.http.fileupload.FileUploadBase;
-import 
org.apache.tomcat.util.http.fileupload.FileUploadBase.InvalidContentTypeException;
 import org.apache.tomcat.util.http.fileupload.FileUploadException;
 import org.apache.tomcat.util.http.fileupload.disk.DiskFileItemFactory;
+import org.apache.tomcat.util.http.fileupload.impl.InvalidContentTypeException;
+import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
 import org.apache.tomcat.util.http.mapper.MappingData;
@@ -2996,7 +2996,7 @@ public class Request implements HttpServletRequest {
 } catch (InvalidContentTypeException e) {
 
parameters.setParseFailedReason(FailReason.INVALID_CONTENT_TYPE);
 partsParseException = new ServletException(e);
-} catch (FileUploadBase.SizeException e) {
+} catch (SizeLimitExceededException e) {
 parameters.setParseFailedReason(FailReason.POST_TOO_LARGE);
 checkSwallowInput();
 partsParseException = new IllegalStateException(e);
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java 
b/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java
index 4f331ad..9665312 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java
@@ -17,12 +17,56 @@
 package org.apache.tomcat.util.http.fileupload;
 
 import java.io.IOException;
+import java.util.List;
+
+import 
org.apache.tomcat.util.http.fileupload.impl.FileSizeLimitExceededException;
+import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
 
 /**
  * An iterator, as returned by
  * {@link FileUploadBase#getItemIterator(RequestContext)}.
  */
 public interface FileItemIterator {
+/** Returns the maximum size of a single file. An {@link 
FileSizeLimitExceededException}
+ * will be thrown, if there is an uploaded file, which is exceeding this 
value.
+ * By default, this value will be copied from the {@link 
FileUploadBase#getFileSizeMax()
+ * FileUploadBase} object, however, the user may replace the default value 
with a
+ * request specific value by invoking {@link #setFileSizeMax(long)} on 
this object.
+ * @return The maximum size of a single, uploaded file. The value -1 
indicates "unlimited".
+ */
+public long getFileSizeMax();
+
+/** Sets the maximum size of a single file. An {@link 
FileSizeLimitExceededException}
+ * will be thrown, if there is an uploaded file, which is exceeding this 
value.
+ * By default, this value will be copied from the {@link 
FileUploadBase#getFileSizeMax()
+ * FileUploadBase} object, however, the user may replace the default value 
with a
+ * request specific value by invoking {@link #setFileSizeMax(long)} on 
this object, so
+ * there is no need to configure it here.
+ * Note:Changing this value doesn't affect files, that have 
already been uploaded.
+ * @param pFileSizeMax The 

[tomcat] 13/14: Add an atomic method to rotate session ID and return new value.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c06674e09e9f3f43dc0e5c022dc8c311a4285cfd
Author: Mark Thomas 
AuthorDate: Fri Dec 6 12:13:15 2019 +

Add an atomic method to rotate session ID and return new value.

Use it where possible.
---
 java/org/apache/catalina/connector/Request.java   | 27 +++
 java/org/apache/catalina/session/ManagerBase.java | 15 +++--
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index a0726ee..ab4e5f0 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -74,6 +74,7 @@ import org.apache.catalina.core.ApplicationPart;
 import org.apache.catalina.core.ApplicationSessionCookieConfig;
 import org.apache.catalina.core.AsyncContextImpl;
 import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.catalina.session.ManagerBase;
 import org.apache.catalina.util.ParameterMap;
 import org.apache.catalina.util.RequestUtil;
 import org.apache.catalina.util.StringParser;
@@ -2702,6 +2703,32 @@ public class Request implements HttpServletRequest {
 }
 
 
+public String changeSessionId() {
+
+Session session = this.getSessionInternal(false);
+if (session == null) {
+throw new IllegalStateException(
+sm.getString("coyoteRequest.changeSessionId"));
+}
+
+Manager manager = this.getContext().getManager();
+
+String newSessionId = rotateSessionId(manager, session);
+this.changeSessionId(newSessionId);
+
+return newSessionId;
+}
+
+private String rotateSessionId(Manager manager, Session session) {
+if (manager instanceof ManagerBase) {
+return ((ManagerBase) manager).rotateSessionId(session);
+} else {
+// Best we do with the current interface
+manager.changeSessionId(session);
+return session.getId();
+}
+}
+
 /**
  * @return the session associated with this Request, creating one
  * if necessary and requested.
diff --git a/java/org/apache/catalina/session/ManagerBase.java 
b/java/org/apache/catalina/session/ManagerBase.java
index e4121a6..8022d08 100644
--- a/java/org/apache/catalina/session/ManagerBase.java
+++ b/java/org/apache/catalina/session/ManagerBase.java
@@ -851,9 +851,20 @@ public abstract class ManagerBase extends 
LifecycleMBeanBase implements Manager
 
 @Override
 public void changeSessionId(Session session) {
+rotateSessionId(session);
+}
+
+
+public String rotateSessionId(Session session) {
+String newId = generateSessionId();
+changeSessionId(session, newId);
+return newId;
+}
+
+
+public void changeSessionId(Session session, String newId) {
 String oldId = session.getIdInternal();
-session.setId(generateSessionId(), false);
-String newId = session.getIdInternal();
+session.setId(newId, false);
 container.fireContainerEvent(Context.CHANGE_SESSION_ID_EVENT,
 new String[] {oldId, newId});
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 07/14: Clean-up. No functional change.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit aa6e0f053cd44225bfad5dc555c6e2b276034e2a
Author: Mark Thomas 
AuthorDate: Thu Dec 5 19:59:47 2019 +

Clean-up. No functional change.
---
 .../apache/catalina/authenticator/Constants.java   | 40 ++
 1 file changed, 10 insertions(+), 30 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/Constants.java 
b/java/org/apache/catalina/authenticator/Constants.java
index 48329c5..b8e03cd 100644
--- a/java/org/apache/catalina/authenticator/Constants.java
+++ b/java/org/apache/catalina/authenticator/Constants.java
@@ -14,11 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-
 package org.apache.catalina.authenticator;
 
-
 public class Constants {
 
 public static final String Package = "org.apache.catalina.authenticator";
@@ -61,23 +58,18 @@ public class Constants {
 // SPNEGO authentication constants
 public static final String KRB5_CONF_PROPERTY = "java.security.krb5.conf";
 public static final String DEFAULT_KRB5_CONF = "conf/krb5.ini";
-public static final String JAAS_CONF_PROPERTY =
-"java.security.auth.login.config";
+public static final String JAAS_CONF_PROPERTY = 
"java.security.auth.login.config";
 public static final String DEFAULT_JAAS_CONF = "conf/jaas.conf";
-public static final String DEFAULT_LOGIN_MODULE_NAME =
-"com.sun.security.jgss.krb5.accept";
+public static final String DEFAULT_LOGIN_MODULE_NAME = 
"com.sun.security.jgss.krb5.accept";
 /**
  * @deprecated Unused. Will be removed in Tomcat 9.
  */
 @Deprecated
-public static final String USE_SUBJECT_CREDS_ONLY_PROPERTY =
-"javax.security.auth.useSubjectCredsOnly";
+public static final String USE_SUBJECT_CREDS_ONLY_PROPERTY = 
"javax.security.auth.useSubjectCredsOnly";
 
 // Cookie name for single sign on support
-public static final String SINGLE_SIGN_ON_COOKIE =
-System.getProperty(
-
"org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME",
-"JSESSIONIDSSO");
+public static final String SINGLE_SIGN_ON_COOKIE = System.getProperty(
+
"org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME", 
"JSESSIONIDSSO");
 
 
 // - Request Notes
@@ -86,13 +78,11 @@ public class Constants {
  * The notes key to track the single-sign-on identity with which this
  * request is associated.
  */
-public static final String REQ_SSOID_NOTE =
-"org.apache.catalina.request.SSOID";
+public static final String REQ_SSOID_NOTE = 
"org.apache.catalina.request.SSOID";
 
 
 // -- Session Notes
 
-
 /**
  * If the cache property of our authenticator is set, and
  * the current request is part of a session, authentication information
@@ -100,19 +90,15 @@ public class Constants {
  * Realm.authenticate(), under the following keys:
  */
 
-
 /**
  * The notes key for the password used to authenticate this user.
  */
-public static final String SESS_PASSWORD_NOTE =
-  "org.apache.catalina.session.PASSWORD";
-
+public static final String SESS_PASSWORD_NOTE = 
"org.apache.catalina.session.PASSWORD";
 
 /**
  * The notes key for the username used to authenticate this user.
  */
-public static final String SESS_USERNAME_NOTE =
-  "org.apache.catalina.session.USERNAME";
+public static final String SESS_USERNAME_NOTE = 
"org.apache.catalina.session.USERNAME";
 
 
 /**
@@ -120,20 +106,14 @@ public class Constants {
  * cache required information prior to the completion of authentication.
  */
 
-
 /**
  * The previously authenticated principal (if caching is disabled).
  */
-public static final String FORM_PRINCIPAL_NOTE =
-"org.apache.catalina.authenticator.PRINCIPAL";
-
+public static final String FORM_PRINCIPAL_NOTE = 
"org.apache.catalina.authenticator.PRINCIPAL";
 
 /**
  * The original request information, to which the user will be
  * redirected if authentication succeeds.
  */
-public static final String FORM_REQUEST_NOTE =
-"org.apache.catalina.authenticator.REQUEST";
-
-
+public static final String FORM_REQUEST_NOTE = 
"org.apache.catalina.authenticator.REQUEST";
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 11/14: Harden the FORM authentication process

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit be6b4731c287d1e340f1ecc8d76d3d26e8c2a529
Author: Mark Thomas 
AuthorDate: Thu Dec 5 23:01:42 2019 +

Harden the FORM authentication process

When the session ID is configured to change on authentication, track the
expected session ID through the authentication process and ensure that
the expected value is seen at each stage.
---
 .../catalina/authenticator/AuthenticatorBase.java|  6 +-
 .../org/apache/catalina/authenticator/Constants.java |  6 ++
 .../catalina/authenticator/FormAuthenticator.java| 20 +++-
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 6d5232e..52bff92 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -907,7 +907,11 @@ public abstract class AuthenticatorBase extends ValveBase
 // If the principal is null then this is a logout. No need to 
change
 // the session ID. See BZ 59043.
 if (getChangeSessionIdOnAuthentication() && principal != null) {
-changeSessionID(request, session);
+String newSessionId = changeSessionID(request, session);
+// If the current session ID is being tracked, update it.
+if (session.getNote(Constants.SESSION_ID_NOTE) != null) {
+session.setNote(Constants.SESSION_ID_NOTE, newSessionId);
+}
 }
 } else if (alwaysUseSession) {
 session = request.getSessionInternal(true);
diff --git a/java/org/apache/catalina/authenticator/Constants.java 
b/java/org/apache/catalina/authenticator/Constants.java
index e13dc55..3f8fca4 100644
--- a/java/org/apache/catalina/authenticator/Constants.java
+++ b/java/org/apache/catalina/authenticator/Constants.java
@@ -84,6 +84,12 @@ public class Constants {
 // -- Session Notes
 
 /**
+ * The session id used as a CSRF marker when redirecting a user's request.
+ */
+public static final String SESSION_ID_NOTE = 
"org.apache.catalina.authenticator.SESSION_ID";
+
+
+/**
  * If the cache property of our authenticator is set, and
  * the current request is part of a session, authentication information
  * will be cached to avoid the need for repeated calls to
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 1354ce2..1204d4c 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -272,6 +272,14 @@ public class FormAuthenticator
 if (session == null) {
 session = request.getSessionInternal(false);
 }
+if (session != null && getChangeSessionIdOnAuthentication()) {
+// Does session id match?
+String expectedSessionId = (String) 
session.getNote(Constants.SESSION_ID_NOTE);
+if (expectedSessionId == null || 
!expectedSessionId.equals(request.getRequestedSessionId())) {
+session.expire();
+session = null;
+}
+}
 if (session == null) {
 if (containerLog.isDebugEnabled()) {
 containerLog.debug("User took so long to log on the session 
expired");
@@ -395,7 +403,8 @@ public class FormAuthenticator
 if (getChangeSessionIdOnAuthentication()) {
 Session session = request.getSessionInternal(false);
 if (session != null) {
-changeSessionID(request, session);
+String newSessionId = changeSessionID(request, session);
+session.setNote(Constants.SESSION_ID_NOTE, newSessionId);
 }
 }
 
@@ -492,6 +501,14 @@ public class FormAuthenticator
 return false;
 }
 
+// Does session id match?
+if (getChangeSessionIdOnAuthentication()) {
+String expectedSessionId = (String) 
session.getNote(Constants.SESSION_ID_NOTE);
+if (expectedSessionId == null || 
!expectedSessionId.equals(request.getRequestedSessionId())) {
+return false;
+}
+}
+
 // Does the request URI match?
 String decodedRequestURI = request.getDecodedRequestURI();
 if (decodedRequestURI == null) {
@@ -518,6 +535,7 @@ public class FormAuthenticator
 // Retrieve and remove the SavedRequest object from our session
 SavedRequest saved = (SavedRequest) 
session.getNote(Constants.FORM_REQUEST_NOTE);
 

[tomcat] 10/14: Refactor so Principal is never cached in session with cache==false

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit ab72a106fe5d992abddda954e30849d7cf8cc583
Author: Mark Thomas 
AuthorDate: Thu Dec 5 23:25:37 2019 +

Refactor so Principal is never cached in session with cache==false
---
 .../catalina/authenticator/AuthenticatorBase.java  |  5 ++--
 .../apache/catalina/authenticator/Constants.java   |  3 ++
 .../catalina/authenticator/FormAuthenticator.java  | 33 ++
 3 files changed, 15 insertions(+), 26 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 5a00864..6d5232e 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -914,10 +914,11 @@ public abstract class AuthenticatorBase extends ValveBase
 }
 
 // Cache the authentication information in our session, if any
-if (cache) {
-if (session != null) {
+if (session != null) {
+if (cache) {
 session.setAuthType(authType);
 session.setPrincipal(principal);
+} else {
 if (username != null) {
 session.setNote(Constants.SESS_USERNAME_NOTE, username);
 } else {
diff --git a/java/org/apache/catalina/authenticator/Constants.java 
b/java/org/apache/catalina/authenticator/Constants.java
index b8e03cd..e13dc55 100644
--- a/java/org/apache/catalina/authenticator/Constants.java
+++ b/java/org/apache/catalina/authenticator/Constants.java
@@ -108,7 +108,10 @@ public class Constants {
 
 /**
  * The previously authenticated principal (if caching is disabled).
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.
  */
+@Deprecated
 public static final String FORM_PRINCIPAL_NOTE = 
"org.apache.catalina.authenticator.PRINCIPAL";
 
 /**
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 863fd77..1354ce2 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -153,10 +153,6 @@ public class FormAuthenticator
 LoginConfig config)
 throws IOException {
 
-if (checkForCachedAuthentication(request, response, true)) {
-return true;
-}
-
 // References to objects we will need later
 Session session = null;
 Principal principal = null;
@@ -175,9 +171,8 @@ public class FormAuthenticator
 }
 principal = context.getRealm().authenticate(username, 
password);
 if (principal != null) {
-session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
+register(request, response, principal, 
HttpServletRequest.FORM_AUTH, username, password);
 if (!matchRequest(request)) {
-register(request, response, principal, 
HttpServletRequest.FORM_AUTH, username, password);
 return true;
 }
 }
@@ -194,16 +189,6 @@ public class FormAuthenticator
 if (log.isDebugEnabled()) {
 log.debug("Restore request from session '" + 
session.getIdInternal() + "'");
 }
-principal = (Principal) 
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
-register(request, response, principal, 
HttpServletRequest.FORM_AUTH,
- (String) session.getNote(Constants.SESS_USERNAME_NOTE),
- (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
-// If we're caching principals we no longer need the user name
-// and password in the session, so remove them
-if (cache) {
-session.removeNote(Constants.SESS_USERNAME_NOTE);
-session.removeNote(Constants.SESS_PASSWORD_NOTE);
-}
 if (restoreRequest(request, session)) {
 if (log.isDebugEnabled()) {
 log.debug("Proceed to restored request");
@@ -218,6 +203,12 @@ public class FormAuthenticator
 }
 }
 
+// This check has to be after the previous check for a matching request
+// because that matching request may also include a cached Principal.
+if (checkForCachedAuthentication(request, response, true)) {
+return true;
+}
+
 // Acquire references to objects we will need to evaluate
 String contextPath = request.getContextPath();
 String requestURI = request.getDecodedRequestURI();
@@ -302,12 +293,7 @@ public class FormAuthenticator
 return false;
 

[tomcat] 08/14: Clean-up prior to some refactoring.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d2a40f238d0ab6b6e60d643b208812aa6b655ca6
Author: Mark Thomas 
AuthorDate: Thu Dec 5 20:00:02 2019 +

Clean-up prior to some refactoring.
---
 .../catalina/authenticator/FormAuthenticator.java  | 51 --
 1 file changed, 17 insertions(+), 34 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 5b55664..d8551c4 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -168,22 +168,17 @@ public class FormAuthenticator
 if (log.isDebugEnabled()) {
 log.debug("Checking for reauthenticate in session " + session);
 }
-String username =
-(String) session.getNote(Constants.SESS_USERNAME_NOTE);
-String password =
-(String) session.getNote(Constants.SESS_PASSWORD_NOTE);
-if ((username != null) && (password != null)) {
+String username = (String) 
session.getNote(Constants.SESS_USERNAME_NOTE);
+String password = (String) 
session.getNote(Constants.SESS_PASSWORD_NOTE);
+if (username != null && password != null) {
 if (log.isDebugEnabled()) {
 log.debug("Reauthenticating username '" + username + "'");
 }
-principal =
-context.getRealm().authenticate(username, password);
+principal = context.getRealm().authenticate(username, 
password);
 if (principal != null) {
 session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
 if (!matchRequest(request)) {
-register(request, response, principal,
-HttpServletRequest.FORM_AUTH,
-username, password);
+register(request, response, principal, 
HttpServletRequest.FORM_AUTH, username, password);
 return true;
 }
 }
@@ -198,16 +193,13 @@ public class FormAuthenticator
 if (matchRequest(request)) {
 session = request.getSessionInternal(true);
 if (log.isDebugEnabled()) {
-log.debug("Restore request from session '"
-  + session.getIdInternal()
-  + "'");
+log.debug("Restore request from session '" + 
session.getIdInternal() + "'");
 }
-principal = (Principal)
-session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+principal = (Principal) 
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
 register(request, response, principal, 
HttpServletRequest.FORM_AUTH,
  (String) session.getNote(Constants.SESS_USERNAME_NOTE),
  (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
-// If we're caching principals we no longer need the username
+// If we're caching principals we no longer need the user name
 // and password in the session, so remove them
 if (cache) {
 session.removeNote(Constants.SESS_USERNAME_NOTE);
@@ -232,9 +224,7 @@ public class FormAuthenticator
 String requestURI = request.getDecodedRequestURI();
 
 // Is this the action request from the login page?
-boolean loginAction =
-requestURI.startsWith(contextPath) &&
-requestURI.endsWith(Constants.FORM_ACTION);
+boolean loginAction = requestURI.startsWith(contextPath) && 
requestURI.endsWith(Constants.FORM_ACTION);
 
 // No -- Save this request and redirect to the form login page
 if (!loginAction) {
@@ -260,8 +250,7 @@ public class FormAuthenticator
 saveRequest(request, session);
 } catch (IOException ioe) {
 log.debug("Request body too big to save during 
authentication");
-response.sendError(HttpServletResponse.SC_FORBIDDEN,
-sm.getString("authenticator.requestBodyTooBig"));
+response.sendError(HttpServletResponse.SC_FORBIDDEN, 
sm.getString("authenticator.requestBodyTooBig"));
 return false;
 }
 forwardToLoginPage(request, response, config);
@@ -295,12 +284,11 @@ public class FormAuthenticator
 }
 if (session == null) {
 if (containerLog.isDebugEnabled()) {
-containerLog.debug
-("User took so long to log on the session expired");
+containerLog.debug("User took so long to log on the session 
expired");
 }

[tomcat] 14/14: Update changelog

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f47bc323bd62db6cdece75c004d405e00d76a703
Author: Mark Thomas 
AuthorDate: Fri Dec 6 21:14:06 2019 +

Update changelog
---
 webapps/docs/changelog.xml | 5 +
 1 file changed, 5 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ce55169..997d773 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -94,6 +94,11 @@
 and refactor loops in FileStore to use the ForEach style.
 Pull request provided by Govinda Sakhare. (markt)
   
+  
+Refactor FORM authentication to reduce duplicate code and to ensure 
that
+the authenticated Principal is not cached in the session when caching 
is
+disabled. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 05/14: Remove unused code reported by SpotBugs

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit fea244563927c980c4881d8ae1530dc6f825a09f
Author: Mark Thomas 
AuthorDate: Fri Dec 6 16:49:52 2019 +

Remove unused code reported by SpotBugs
---
 .../tomcat/util/http/fileupload/impl/FileItemStreamImpl.java | 9 -
 1 file changed, 9 deletions(-)

diff --git 
a/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java 
b/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
index 29427e6..06bf33e 100644
--- a/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
+++ b/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
@@ -61,11 +61,6 @@ public class FileItemStreamImpl implements FileItemStream {
 private final InputStream stream;
 
 /**
- * Whether the file item was already opened.
- */
-private boolean opened;
-
-/**
  * The headers, if any.
  */
 private FileItemHeaders headers;
@@ -180,10 +175,6 @@ public class FileItemStreamImpl implements FileItemStream {
  */
 @Override
 public InputStream openStream() throws IOException {
-if (opened) {
-throw new IllegalStateException(
-"The stream was already opened.");
-}
 if (((Closeable) stream).isClosed()) {
 throw new FileItemStream.ItemSkippedException();
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated (1d43f40 -> f47bc32)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 1d43f40  BZ 63982: CombinedRealm makes assumptions about principal 
implementation
 new 7f9e8b1  Merge in BCEL changes to ff6941e (2019-12-06, 6.4.2-dev)
 new cefae34  Merge in Codec changes to 9637dd4 (2019-12-06, 1.14-SNAPSHOT)
 new be8f0e3  Merge in FileUpload changes to 2317552 (2019-12-06, 
2.0-SNAPSHOT)
 new 2e4536b  Fix Findbugs warnings
 new fea2445  Remove unused code reported by SpotBugs
 new f4322c6  Fix FileUpload
 new aa6e0f0  Clean-up. No functional change.
 new d2a40f2  Clean-up prior to some refactoring.
 new c31917d  Refactor change of session ID to reduce duplicate code
 new ab72a10  Refactor so Principal is never cached in session with 
cache==false
 new be6b473  Harden the FORM authentication process
 new 11ed237  Align with 8.5.x to aid back-ports
 new c06674e  Add an atomic method to rotate session ID and return new 
value.
 new f47bc32  Update changelog

The 14 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/catalina/Manager.java  |  43 +-
 .../catalina/authenticator/AuthenticatorBase.java  |  36 +-
 .../apache/catalina/authenticator/Constants.java   |  47 +-
 .../catalina/authenticator/FormAuthenticator.java  | 101 ++-
 java/org/apache/catalina/connector/Request.java|  33 +-
 .../catalina/session/LocalStrings.properties   |   1 +
 .../catalina/session/LocalStrings_fr.properties|   1 +
 .../catalina/session/LocalStrings_ja.properties|   1 +
 .../catalina/session/LocalStrings_ko.properties|   1 +
 .../catalina/session/LocalStrings_zh_CN.properties |   1 +
 java/org/apache/catalina/session/ManagerBase.java  | 184 +++---
 java/org/apache/tomcat/util/bcel/Const.java|  14 +-
 .../tomcat/util/bcel/classfile/ConstantClass.java  |   2 +-
 .../tomcat/util/bcel/classfile/ConstantDouble.java |   2 +-
 .../tomcat/util/bcel/classfile/ConstantFloat.java  |   2 +-
 .../util/bcel/classfile/ConstantInteger.java   |   2 +-
 .../tomcat/util/bcel/classfile/ConstantLong.java   |   2 +-
 .../apache/tomcat/util/codec/binary/Base64.java|  28 +-
 .../tomcat/util/codec/binary/BaseNCodec.java   | 112 +++-
 .../util/http/fileupload/FileItemIterator.java |  49 +-
 .../util/http/fileupload/FileUploadBase.java   | 708 +
 .../util/http/fileupload/MultipartStream.java  |  10 +-
 .../util/http/fileupload/disk/DiskFileItem.java|   3 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java | 339 ++
 .../http/fileupload/impl/FileItemStreamImpl.java   | 213 +++
 .../impl/FileSizeLimitExceededException.java   |  94 +++
 .../fileupload/impl/FileUploadIOException.java |  62 ++
 .../fileupload/impl/IOFileUploadException.java |  61 ++
 .../impl/InvalidContentTypeException.java  |  62 ++
 .../util/http/fileupload/impl/SizeException.java   |  75 +++
 .../impl/SizeLimitExceededException.java}  |  37 +-
 .../org/apache/catalina/session/FileStoreTest.java |  12 +-
 webapps/docs/changelog.xml |  17 +
 33 files changed, 1378 insertions(+), 977 deletions(-)
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileSizeLimitExceededException.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileUploadIOException.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/IOFileUploadException.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/InvalidContentTypeException.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
 copy java/org/apache/{naming/ResourceEnvRef.java => 
tomcat/util/http/fileupload/impl/SizeLimitExceededException.java} (53%)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 09/14: Refactor change of session ID to reduce duplicate code

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c31917da2d2338731b7406bb52561c3721816b18
Author: Mark Thomas 
AuthorDate: Thu Dec 5 23:11:03 2019 +

Refactor change of session ID to reduce duplicate code
---
 .../catalina/authenticator/AuthenticatorBase.java  | 29 --
 .../catalina/authenticator/FormAuthenticator.java  |  5 +---
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 6c9e121..5a00864 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -32,7 +32,6 @@ import org.apache.catalina.Container;
 import org.apache.catalina.Context;
 import org.apache.catalina.Globals;
 import org.apache.catalina.LifecycleException;
-import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.Valve;
@@ -907,18 +906,8 @@ public abstract class AuthenticatorBase extends ValveBase
 if (session != null) {
 // If the principal is null then this is a logout. No need to 
change
 // the session ID. See BZ 59043.
-if (changeSessionIdOnAuthentication && principal != null) {
-String oldId = null;
-if (log.isDebugEnabled()) {
-oldId = session.getId();
-}
-Manager manager = request.getContext().getManager();
-manager.changeSessionId(session);
-request.changeSessionId(session.getId());
-if (log.isDebugEnabled()) {
-log.debug(sm.getString("authenticator.changeSessionId",
-oldId, session.getId()));
-}
+if (getChangeSessionIdOnAuthentication() && principal != null) {
+changeSessionID(request, session);
 }
 } else if (alwaysUseSession) {
 session = request.getSessionInternal(true);
@@ -1005,6 +994,20 @@ public abstract class AuthenticatorBase extends ValveBase
 
 }
 
+
+protected String changeSessionID(Request request, Session session) {
+String oldId = null;
+if (log.isDebugEnabled()) {
+oldId = session.getId();
+}
+String newId = request.changeSessionId();
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("authenticator.changeSessionId", oldId, 
newId));
+}
+return newId;
+}
+
+
 @Override
 public void login(String username, String password, Request request) 
throws ServletException {
 Principal principal = doLogin(request, username, password);
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index d8551c4..863fd77 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -28,7 +28,6 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -410,9 +409,7 @@ public class FormAuthenticator
 if (getChangeSessionIdOnAuthentication()) {
 Session session = request.getSessionInternal(false);
 if (session != null) {
-Manager manager = request.getContext().getManager();
-manager.changeSessionId(session);
-request.changeSessionId(session.getId());
+changeSessionID(request, session);
 }
 }
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 06/14: Fix FileUpload

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f4322c63f501bd6cd3ae31ae84309bf561ae9794
Author: Mark Thomas 
AuthorDate: Fri Dec 6 18:59:59 2019 +

Fix FileUpload
---
 java/org/apache/catalina/connector/Request.java | 4 ++--
 java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 954c0a2..a0726ee 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -97,7 +97,7 @@ import org.apache.tomcat.util.http.fileupload.FileItem;
 import org.apache.tomcat.util.http.fileupload.FileUploadException;
 import org.apache.tomcat.util.http.fileupload.disk.DiskFileItemFactory;
 import org.apache.tomcat.util.http.fileupload.impl.InvalidContentTypeException;
-import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
+import org.apache.tomcat.util.http.fileupload.impl.SizeException;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
 import org.apache.tomcat.util.http.mapper.MappingData;
@@ -2996,7 +2996,7 @@ public class Request implements HttpServletRequest {
 } catch (InvalidContentTypeException e) {
 
parameters.setParseFailedReason(FailReason.INVALID_CONTENT_TYPE);
 partsParseException = new ServletException(e);
-} catch (SizeLimitExceededException e) {
+} catch (SizeException e) {
 parameters.setParseFailedReason(FailReason.POST_TOO_LARGE);
 checkSwallowInput();
 partsParseException = new IllegalStateException(e);
diff --git 
a/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java 
b/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
index 4852795..7928f2d 100644
--- a/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
+++ b/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
@@ -22,7 +22,7 @@ import 
org.apache.tomcat.util.http.fileupload.FileUploadException;
  * This exception is thrown, if a requests permitted size
  * is exceeded.
  */
-abstract class SizeException extends FileUploadException {
+public abstract class SizeException extends FileUploadException {
 
 /**
  * Serial version UID, being used, if serialized.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 04/14: Fix Findbugs warnings

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2e4536b0b42db1a1ce84fc507adb4524de93cb11
Author: Mark Thomas 
AuthorDate: Fri Dec 6 16:42:32 2019 +

Fix Findbugs warnings
---
 test/org/apache/catalina/session/FileStoreTest.java | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/test/org/apache/catalina/session/FileStoreTest.java 
b/test/org/apache/catalina/session/FileStoreTest.java
index e46a308..8ace616 100644
--- a/test/org/apache/catalina/session/FileStoreTest.java
+++ b/test/org/apache/catalina/session/FileStoreTest.java
@@ -60,9 +60,15 @@ public class FileStoreTest {
 @Before
 public void beforeEachTest() throws IOException {
 fileStore.setDirectory(SESS_TEMPPATH);
-dir.mkdir();
-file1.createNewFile();
-file2.createNewFile();
+if (!dir.mkdir()) {
+Assert.fail();
+}
+if (!file1.createNewFile()) {
+Assert.fail();
+}
+if (!file2.createNewFile()) {
+Assert.fail();
+}
 }
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 12/14: Align with 8.5.x to aid back-ports

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 11ed237be6c27e035c00cd38c55e398789f2c7ac
Author: Mark Thomas 
AuthorDate: Sat Dec 7 20:58:03 2019 +

Align with 8.5.x to aid back-ports
---
 java/org/apache/catalina/Manager.java  |  43 +++---
 .../catalina/session/LocalStrings.properties   |   1 +
 .../catalina/session/LocalStrings_fr.properties|   1 +
 .../catalina/session/LocalStrings_ja.properties|   1 +
 .../catalina/session/LocalStrings_ko.properties|   1 +
 .../catalina/session/LocalStrings_zh_CN.properties |   1 +
 java/org/apache/catalina/session/ManagerBase.java  | 169 ++---
 7 files changed, 114 insertions(+), 103 deletions(-)

diff --git a/java/org/apache/catalina/Manager.java 
b/java/org/apache/catalina/Manager.java
index 8322f25..3f02f6e 100644
--- a/java/org/apache/catalina/Manager.java
+++ b/java/org/apache/catalina/Manager.java
@@ -14,15 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-
 package org.apache.catalina;
 
-
 import java.beans.PropertyChangeListener;
 import java.io.IOException;
 
-
 /**
  * A Manager manages the pool of Sessions that are associated with a
  * particular Container.  Different Manager implementations may support
@@ -43,12 +39,12 @@ import java.io.IOException;
  */
 public interface Manager {
 
-
 // - Properties
 
-
 /**
- * Return the Container with which this Manager is associated.
+ * Get the Container with which this Manager is associated.
+ *
+ * @return The associated Container
  */
 public Container getContainer();
 
@@ -71,7 +67,7 @@ public interface Manager {
  * this Manager.
  *
  * @deprecated Ignored. {@link Context#getDistributable()} always takes
- * precedence. Will be removed in Tomcat 9.0.x.
+ * precedence. Will be removed in Tomcat 8.5.x.
  */
 @Deprecated
 public boolean getDistributable();
@@ -85,7 +81,7 @@ public interface Manager {
  * @param distributable The new distributable flag
  *
  * @deprecated Ignored. {@link Context#getDistributable()} always takes
- * precedence. Will be removed in Tomcat 9.0.x.
+ * precedence. Will be removed in Tomcat 8.5.x.
  */
 @Deprecated
 public void setDistributable(boolean distributable);
@@ -104,7 +100,7 @@ public interface Manager {
  * for Sessions created by this Manager.
  *
  * @deprecated Ignored. {@link Context#getSessionTimeout()} always takes
- * precedence. Will be removed in Tomcat 9.0.x.
+ * precedence. Will be removed in Tomcat 8.5.x.
  */
 @Deprecated
 public int getMaxInactiveInterval();
@@ -117,7 +113,7 @@ public interface Manager {
  * @param interval The new default value
  *
  * @deprecated Ignored. {@link Context#getSessionTimeout()} always takes
- * precedence. Will be removed in Tomcat 9.0.x.
+ * precedence. Will be removed in Tomcat 8.5.x.
  */
 @Deprecated
 public void setMaxInactiveInterval(int interval);
@@ -256,9 +252,10 @@ public interface Manager {
  * @return  The current rate (in sessions per minute) of session expiration
  */
 public int getSessionExpireRate();
-// - Public Methods
 
 
+// - Public Methods
+
 /**
  * Add this Session to the set of active Sessions for this Manager.
  *
@@ -288,6 +285,8 @@ public interface Manager {
  * Get a session from the recycled ones or create a new empty one.
  * The PersistentManager manager does not need to create session data
  * because it reads it from the Store.
+ *
+ * @return An empty Session object
  */
 public Session createEmptySession();
 
@@ -305,6 +304,9 @@ public interface Manager {
  *  method of the returned session.
  * @exception IllegalStateException if a new session cannot be
  *  instantiated for any reason
+ *
+ * @return An empty Session object with the given ID or a newly created
+ * session ID if none was specified
  */
 public Session createSession(String sessionId);
 
@@ -319,6 +321,9 @@ public interface Manager {
  *  instantiated for any reason
  * @exception IOException if an input/output error occurs while
  *  processing this request
+ *
+ * @return the request session or {@code null} if a session with the
+ * requested ID could not be found
  */
 public Session findSession(String id) throws IOException;
 
@@ -326,6 +331,8 @@ public interface Manager {
 /**
  * Return the set of active 

[tomcat] 01/14: Merge in BCEL changes to ff6941e (2019-12-06, 6.4.2-dev)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 7f9e8b1aa348f206d390c48bcc700662fe979818
Author: Mark Thomas 
AuthorDate: Fri Dec 6 14:18:15 2019 +

Merge in BCEL changes to ff6941e (2019-12-06, 6.4.2-dev)
---
 java/org/apache/tomcat/util/bcel/Const.java| 14 --
 .../apache/tomcat/util/bcel/classfile/ConstantClass.java   |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantDouble.java  |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantFloat.java   |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantInteger.java |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantLong.java|  2 +-
 webapps/docs/changelog.xml |  4 
 7 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/tomcat/util/bcel/Const.java 
b/java/org/apache/tomcat/util/bcel/Const.java
index 402b304..bfaeb42 100644
--- a/java/org/apache/tomcat/util/bcel/Const.java
+++ b/java/org/apache/tomcat/util/bcel/Const.java
@@ -23,12 +23,14 @@ package org.apache.tomcat.util.bcel;
 public final class Const {
 
 /** One of the access flags for fields, methods, or classes.
- *  @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.5;>
- *  Flag definitions for Fields in the Java Virtual Machine Specification 
(Java SE 8 Edition).
- *  @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.6;>
- *  Flag definitions for Methods in the Java Virtual Machine Specification 
(Java SE 8 Edition).
- *  @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1;>
- *  Flag definitions for Classes in the Java Virtual Machine Specification 
(Java SE 8 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1;>
+ *  Flag definitions for Classes in the Java Virtual Machine Specification 
(Java SE 9 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5;>
+ *  Flag definitions for Fields in the Java Virtual Machine Specification 
(Java SE 9 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6;>
+ *  Flag definitions for Methods in the Java Virtual Machine Specification 
(Java SE 9 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1;>
+ *  Flag definitions for Inner Classes in the Java Virtual Machine 
Specification (Java SE 9 Edition).
  */
 public static final short ACC_FINAL  = 0x0010;
 
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java
index 86e7262..4bce5cc 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java
@@ -48,7 +48,7 @@ public final class ConstantClass extends Constant {
 /**
  * @return Name index in constant pool of class name.
  */
-public final int getNameIndex() {
+public int getNameIndex() {
 return name_index;
 }
 }
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java
index 5ba7fcc..1152dbd 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java
@@ -48,7 +48,7 @@ public final class ConstantDouble extends Constant {
 /**
  * @return data, i.e., 8 bytes.
  */
-public final double getBytes() {
+public double getBytes() {
 return bytes;
 }
 }
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java
index f372bb9..1fd2450 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java
@@ -48,7 +48,7 @@ public final class ConstantFloat extends Constant {
 /**
  * @return data, i.e., 4 bytes.
  */
-public final float getBytes() {
+public float getBytes() {
 return bytes;
 }
 }
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java
index f2c1ba8..0d95983 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java
@@ -48,7 +48,7 @@ public final class ConstantInteger extends Constant {
 /**
  * @return data, i.e., 4 bytes.
  */
-public final int getBytes() {
+public int getBytes() {
 return bytes;
 }
 }
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantLong.java 

[tomcat] 02/14: Merge in Codec changes to 9637dd4 (2019-12-06, 1.14-SNAPSHOT)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit cefae342c15b18868dbbd24a17bb91fe0c37b5db
Author: Mark Thomas 
AuthorDate: Fri Dec 6 14:29:01 2019 +

Merge in Codec changes to 9637dd4 (2019-12-06, 1.14-SNAPSHOT)
---
 .../apache/tomcat/util/codec/binary/Base64.java|  28 --
 .../tomcat/util/codec/binary/BaseNCodec.java   | 112 ++---
 webapps/docs/changelog.xml |   4 +
 3 files changed, 119 insertions(+), 25 deletions(-)

diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java 
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index 3d40748..ce6311c 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -126,6 +126,10 @@ public class Base64 extends BaseNCodec {
  */
 /** Mask used to extract 6 bits, used when encoding */
 private static final int MASK_6BITS = 0x3f;
+/** Mask used to extract 4 bits, used when decoding final trailing 
character. */
+private static final int MASK_4BITS = 0xf;
+/** Mask used to extract 2 bits, used when decoding final trailing 
character. */
+private static final int MASK_2BITS = 0x3;
 
 // The static final fields above are used for the original static byte[] 
methods on Base64.
 // The private member fields below are used with the new streaming 
approach, which requires
@@ -468,12 +472,12 @@ public class Base64 extends BaseNCodec {
 // TODO not currently tested; perhaps it is impossible?
 break;
 case 2 : // 12 bits = 8 + 4
-validateCharacter(4, context);
+validateCharacter(MASK_4BITS, context);
 context.ibitWorkArea = context.ibitWorkArea >> 4; // dump 
the extra 4 bits
 buffer[context.pos++] = (byte) ((context.ibitWorkArea) & 
MASK_8BITS);
 break;
 case 3 : // 18 bits = 8 + 8 + 2
-validateCharacter(2, context);
+validateCharacter(MASK_2BITS, context);
 context.ibitWorkArea = context.ibitWorkArea >> 2; // dump 
2 bits
 buffer[context.pos++] = (byte) ((context.ibitWorkArea >> 
8) & MASK_8BITS);
 buffer[context.pos++] = (byte) ((context.ibitWorkArea) & 
MASK_8BITS);
@@ -789,20 +793,22 @@ public class Base64 extends BaseNCodec {
 
 
 /**
- * 
- * Validates whether the character is possible in the context of the set 
of possible base 64 values.
- * 
+ * Validates whether decoding the final trailing character is possible in 
the context
+ * of the set of possible base 64 values.
+ *
+ * The character is valid if the lower bits within the provided mask 
are zero. This
+ * is used to test the final trailing base-64 digit is zero in the bits 
that will be discarded.
  *
- * @param numBitsToDrop number of least significant bits to check
+ * @param emptyBitsMask The mask of the lower bits that should be empty
  * @param context the context to be used
  *
  * @throws IllegalArgumentException if the bits being checked contain any 
non-zero value
  */
-private long validateCharacter(final int numBitsToDrop, final Context 
context) {
-if ((context.ibitWorkArea & numBitsToDrop) != 0) {
-throw new IllegalArgumentException(
-"Last encoded character (before the paddings if any) is a valid 
base 64 alphabet but not a possible value");
+private static void validateCharacter(final int emptyBitsMask, final 
Context context) {
+if ((context.ibitWorkArea & emptyBitsMask) != 0) {
+throw new IllegalArgumentException(
+"Last encoded character (before the paddings if any) is a 
valid base 64 alphabet but not a possible value. " +
+"Expected the discarded bits to be zero.");
 }
-return context.ibitWorkArea >> numBitsToDrop;
 }
 }
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index ecc761d..0245942 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -143,6 +143,18 @@ public abstract class BaseNCodec implements BinaryEncoder, 
BinaryDecoder {
  */
 private static final int DEFAULT_BUFFER_SIZE = 128;
 
+/**
+ * The maximum size buffer to allocate.
+ *
+ * This is set to the same size used in the JDK {@code 
java.util.ArrayList}:
+ * 
+ * Some VMs reserve some header words in an array.
+ * Attempts to allocate larger arrays may result in
+ * OutOfMemoryError: Requested array size exceeds VM limit.
+ * 
+ */
+private static final int MAX_BUFFER_SIZE = 

Re: [tomcat] branch 8.5.x updated: Git typo

[Mark Thomas]

On 07/12/2019 21:28, ma...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
> 
> markt pushed a commit to branch 8.5.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
> 
> 
> The following commit(s) were added to refs/heads/8.5.x by this push:
>  new 18de249  Git typo
> 18de249 is described below
> 
> commit 18de2497614152d2ac21122e8458a4cdf828d070
> Author: Mark Thomas 
> AuthorDate: Sat Dec 7 21:28:02 2019 +
> 
> Git typo

I may need to stop soon. I meant "Fix typo".

Although if there was a "git typo" command that could be very useful
assuming it fixed typos rather than created them.

Mark


> ---
>  java/org/apache/catalina/connector/Request.java | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/java/org/apache/catalina/connector/Request.java 
> b/java/org/apache/catalina/connector/Request.java
> index 6bd9f21..201af7d 100644
> --- a/java/org/apache/catalina/connector/Request.java
> +++ b/java/org/apache/catalina/connector/Request.java
> @@ -2698,9 +2698,9 @@ public class Request implements 
> org.apache.catalina.servlet4preview.http.HttpSer
>  return newSessionId;
>  }
>  
> -private String rotateSessionId(Manager manager, Session sessiom) {
> +private String rotateSessionId(Manager manager, Session session) {
>  if (manager instanceof ManagerBase) {
> -return ((ManagerBase) manager).rotateSessionId(sessiom);
> +return ((ManagerBase) manager).rotateSessionId(session);
>  } else {
>  String newSessionId = null;
>  // Assume there new Id is a duplicate until we prove it isn't. 
> The
> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Git typo

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 18de249  Git typo
18de249 is described below

commit 18de2497614152d2ac21122e8458a4cdf828d070
Author: Mark Thomas 
AuthorDate: Sat Dec 7 21:28:02 2019 +

Git typo
---
 java/org/apache/catalina/connector/Request.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 6bd9f21..201af7d 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2698,9 +2698,9 @@ public class Request implements 
org.apache.catalina.servlet4preview.http.HttpSer
 return newSessionId;
 }
 
-private String rotateSessionId(Manager manager, Session sessiom) {
+private String rotateSessionId(Manager manager, Session session) {
 if (manager instanceof ManagerBase) {
-return ((ManagerBase) manager).rotateSessionId(sessiom);
+return ((ManagerBase) manager).rotateSessionId(session);
 } else {
 String newSessionId = null;
 // Assume there new Id is a duplicate until we prove it isn't. The


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Remove incorrect Javadoc. Inherit the correct Javadoc.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d39525c2da5bf40a8cad3f79b24b96320757b904
Author: Mark Thomas 
AuthorDate: Sat Dec 7 21:19:46 2019 +

Remove incorrect Javadoc. Inherit the correct Javadoc.
---
 java/org/apache/catalina/connector/Request.java | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index d606c2b..6bd9f21 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2681,13 +2681,6 @@ public class Request implements 
org.apache.catalina.servlet4preview.http.HttpSer
 }
 
 
-/**
- * Changes the session ID of the session associated with this request.
- *
- * @return the old session ID before it was changed
- * @see javax.servlet.http.HttpSessionIdListener
- * @since Servlet 3.1
- */
 @Override
 public String changeSessionId() {
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (e311634 -> d39525c)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from e311634  Increment version for next dev cycle
 new 5f318fc  Align with 9.0.x to aid back-ports
 new d39525c  Remove incorrect Javadoc. Inherit the correct Javadoc.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/catalina/connector/Request.java|  7 --
 .../catalina/session/LocalStrings.properties   |  1 +
 .../catalina/session/LocalStrings_fr.properties|  1 +
 .../catalina/session/LocalStrings_ja.properties|  1 +
 .../catalina/session/LocalStrings_ko.properties|  1 +
 .../catalina/session/LocalStrings_zh_CN.properties |  1 +
 java/org/apache/catalina/session/ManagerBase.java  | 75 +-
 7 files changed, 51 insertions(+), 36 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/02: Align with 9.0.x to aid back-ports

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 5f318fc2175346bc0682aaf2b90d40778d1cd841
Author: Mark Thomas 
AuthorDate: Sat Dec 7 20:57:51 2019 +

Align with 9.0.x to aid back-ports
---
 .../catalina/session/LocalStrings.properties   |  1 +
 .../catalina/session/LocalStrings_fr.properties|  1 +
 .../catalina/session/LocalStrings_ja.properties|  1 +
 .../catalina/session/LocalStrings_ko.properties|  1 +
 .../catalina/session/LocalStrings_zh_CN.properties |  1 +
 java/org/apache/catalina/session/ManagerBase.java  | 75 +-
 6 files changed, 51 insertions(+), 29 deletions(-)

diff --git a/java/org/apache/catalina/session/LocalStrings.properties 
b/java/org/apache/catalina/session/LocalStrings.properties
index ba4d560..51b7a01 100644
--- a/java/org/apache/catalina/session/LocalStrings.properties
+++ b/java/org/apache/catalina/session/LocalStrings.properties
@@ -38,6 +38,7 @@ managerBase.contextNull=The Context must be set to a non-null 
value before the M
 managerBase.createSession.ise=createSession: Too many active sessions
 managerBase.sessionAttributeNameFilter=Skipped session attribute named [{0}] 
because it did not match the name filter [{1}]
 managerBase.sessionAttributeValueClassNameFilter=Skipped session attribute 
named [{0}] because the value type [{1}] did not match the filter [{2}]
+managerBase.sessionNotFound=The session [{0}] was not found
 managerBase.sessionTimeout=Invalid session timeout setting [{0}]
 managerBase.setContextNotNew=It is illegal to call setContext() to change the 
Context associated with a Manager if the Manager is not in the NEW state
 
diff --git a/java/org/apache/catalina/session/LocalStrings_fr.properties 
b/java/org/apache/catalina/session/LocalStrings_fr.properties
index a9b7852..b685fd1 100644
--- a/java/org/apache/catalina/session/LocalStrings_fr.properties
+++ b/java/org/apache/catalina/session/LocalStrings_fr.properties
@@ -38,6 +38,7 @@ managerBase.contextNull=Le contexte (Context) doit être mis à 
une valeur non-n
 managerBase.createSession.ise="createSession": Trop de sessions actives
 managerBase.sessionAttributeNameFilter=L''attribut de session nommé [{0}] sera 
sauté car il ne correspond pas au filtre sur les noms [{1}]
 managerBase.sessionAttributeValueClassNameFilter=L''attribut de session nommé 
[{0}] a été passé parce que le type [{1}] de la valeur ne correspond pas au 
filtre [{2}]
+managerBase.sessionNotFound=La session [{0}] n''a pas été trouvée
 managerBase.sessionTimeout=Réglage du délai d''inactivité (timeout) de session 
invalide [{0}]
 managerBase.setContextNotNew=Il est illégal d'appeler setContext() pour 
changer le contexte associé avec un gestionnaire (Manager) si le genstionnaire 
n'est pas dans l'état nouveau
 
diff --git a/java/org/apache/catalina/session/LocalStrings_ja.properties 
b/java/org/apache/catalina/session/LocalStrings_ja.properties
index 1a38b51..1bd78f5 100644
--- a/java/org/apache/catalina/session/LocalStrings_ja.properties
+++ b/java/org/apache/catalina/session/LocalStrings_ja.properties
@@ -38,6 +38,7 @@ managerBase.contextNull=マネージャーが使う前のコンテキストは n
 managerBase.createSession.ise=createSession: アクティブセッションが多すぎます
 
managerBase.sessionAttributeNameFilter=名前フィルタ[{1}]と一致しなかったため、[{0}]というセッション属性をスキップしました。
 
managerBase.sessionAttributeValueClassNameFilter=値タイプ[{1}]がフィルタ[{2}]と一致しなかったため、[{0}]という名前のセッション属性をスキップしました。
+managerBase.sessionNotFound=セッション [{0}] が見つかりません。
 managerBase.sessionTimeout=無効なセッションタイムアウト設定です [{0}]
 managerBase.setContextNotNew=NEW 状態ではないマネージャーに関連付けられた Context を変更するために 
setContext() を呼び出すことは禁止されています。
 
diff --git a/java/org/apache/catalina/session/LocalStrings_ko.properties 
b/java/org/apache/catalina/session/LocalStrings_ko.properties
index cf4142b..e7fd6d1 100644
--- a/java/org/apache/catalina/session/LocalStrings_ko.properties
+++ b/java/org/apache/catalina/session/LocalStrings_ko.properties
@@ -38,6 +38,7 @@ managerBase.contextNull=매니저가 사용되기 전에, 컨텍스트가 반드
 managerBase.createSession.ise=createSession: 활성화된 세션이 너무 많습니다.
 managerBase.sessionAttributeNameFilter=이름 필터 [{1}]와(과) 부합되지 않기 때문에, [{0}](이)라는 
이름의 세션 속성을 건너뛰었습니다.
 managerBase.sessionAttributeValueClassNameFilter=값의 타입 [{1}]이(가) 필터 [{2}]와(과) 
부합하지 않기 때문에, [{0}](이)라는 이름의 세션 속성을 건너뛰었습니다.
+managerBase.sessionNotFound=세션 [{0}]을(를) 찾을 수 없었습니다.
 managerBase.sessionTimeout=유효하지 않은, 세션 제한 시간 초과 설정입니다: [{0}]
 managerBase.setContextNotNew=만일 매니저가 NEW 상태에 있지 않다면, 매니저와 연관된 컨텍스트를 변경하기 위해 
setContext()를 호출하는 것은 불허됩니다.
 
diff --git a/java/org/apache/catalina/session/LocalStrings_zh_CN.properties 
b/java/org/apache/catalina/session/LocalStrings_zh_CN.properties
index 050bdef..2249786 100644
--- a/java/org/apache/catalina/session/LocalStrings_zh_CN.properties
+++ b/java/org/apache/catalina/session/LocalStrings_zh_CN.properties
@@ -27,6 +27,7 @@ fileStore.deleteSessionFailed=无法删除不再需要的文件[{0}]
 
 

[tomcat] branch master updated: Remove incorrect Javadoc. Inherit the correct Javadoc.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 3078e98  Remove incorrect Javadoc. Inherit the correct Javadoc.
3078e98 is described below

commit 3078e98db8f8e8ffa8c8eca50c866fa4ac6f7768
Author: Mark Thomas 
AuthorDate: Sat Dec 7 21:19:46 2019 +

Remove incorrect Javadoc. Inherit the correct Javadoc.
---
 java/org/apache/catalina/connector/Request.java | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 8608276..841049a 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2658,13 +2658,6 @@ public class Request implements HttpServletRequest {
 }
 
 
-/**
- * Changes the session ID of the session associated with this request.
- *
- * @return the old session ID before it was changed
- * @see javax.servlet.http.HttpSessionIdListener
- * @since Servlet 3.1
- */
 @Override
 public String changeSessionId() {
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Increment version for next dev cycle

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new e311634  Increment version for next dev cycle
e311634 is described below

commit e3116347220e1fb235476aa2d3800f6a7950554e
Author: Mark Thomas 
AuthorDate: Sat Dec 7 19:50:20 2019 +

Increment version for next dev cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index e9f541f..2a442a6 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=8
 version.minor=5
-version.build=50
+version.build=51
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 0fb6490..7a32c72 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=8.5.50
+maven.asf.release.deploy.version=8.5.51
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e674046..29a5ada 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -44,7 +44,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 8.5.50

[Mark Thomas]

The proposed Apache Tomcat 8.5.50 release is now available for voting.

The major changes compared to the 8.5.49 release are:

- Correct multiple regressions in the static resource caching related to
  using URLs provided for cached resources

- Improvements to the Realm interface and implementations

- Bug fixes and improvements to the CORS filter

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.50/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1241/

The tag is:
https://github.com/apache/tomcat/tree/8.5.50
c40ede65ea4fb44b1957ec482f28c7afa71f1b50

The proposed 8.5.50 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.50

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Nexus: Staging Completed

[Nexus Repository Manager]

Message from: https://repository.apache.orgDeployer properties:"userAgent" = "maven-artifact/2.2.1 (Java 1.7.0_80; Windows 8.1 6.3)""userId" = "markt""ip" = "86.135.90.74"Details:The following artifacts have been staged/org/apache/tomcat/tomcat-i18n-de/8.5.50/tomcat-i18n-de-8.5.50.jar(SHA1: 232f8e6734938fa75ae8ea106c44e8ffb5ee7040)/org/apache/tomcat/tomcat-i18n-de/8.5.50/tomcat-i18n-de-8.5.50.pom.asc(SHA1: 88fa91ea0c92e9e55beebb2b914db214c1716067)/org/apache/tomcat/tomcat-i18n-de/8.5.50/tomcat-i18n-de-8.5.50.pom(SHA1: f152a05210217d785f14562c8082e77ba2e32ff7)/org/apache/tomcat/tomcat-i18n-de/8.5.50/tomcat-i18n-de-8.5.50.jar.asc(SHA1: 816a679e7b57c8b24ceba4073a643a306e2ad72e)/org/apache/tomcat/tomcat-jni/8.5.50/tomcat-jni-8.5.50-sources.jar(SHA1: cfb9f0dffdd870ecbbb409bd1c5cf89f65bb973e)/org/apache/tomcat/tomcat-jni/8.5.50/tomcat-jni-8.5.50-sources.jar.asc(SHA1: 24e5a1f48e36233e27d5f14cdf47ce114a028dc5)/org/apache/tomcat/tomcat-jni/8.5.50/tomcat-jni-8.5.50.jar(SHA1: 17bddac2932be375c40287e5b6e6096eeeac6b2c)/org/apache/tomcat/tomcat-jni/8.5.50/tomcat-jni-8.5.50.pom(SHA1: 9a77bb7c7f1b5a15cc86f7b0f91f991044af5918)/org/apache/tomcat/tomcat-jni/8.5.50/tomcat-jni-8.5.50.jar.asc(SHA1: 2e0d66b8e6ef9e378717f3852b25cf68f1570404)/org/apache/tomcat/tomcat-jni/8.5.50/tomcat-jni-8.5.50.pom.asc(SHA1: e4b10bca6d6f8536ed102f6dfdfb8988b29eaef3)/org/apache/tomcat/tomcat-juli/8.5.50/tomcat-juli-8.5.50.pom.asc(SHA1: f919a95a0cb36d503d32aea50bd3a77085009197)/org/apache/tomcat/tomcat-juli/8.5.50/tomcat-juli-8.5.50.jar(SHA1: f1f597cdc482b2a9ebe57f72818b6d3a4c896a86)/org/apache/tomcat/tomcat-juli/8.5.50/tomcat-juli-8.5.50.jar.asc(SHA1: d5145c4dd8d5382d64f7a8c34e659f703e6fa8d3)/org/apache/tomcat/tomcat-juli/8.5.50/tomcat-juli-8.5.50-sources.jar(SHA1: 77261c2c841504a51c1185ee15a6a10c2a409294)/org/apache/tomcat/tomcat-juli/8.5.50/tomcat-juli-8.5.50-sources.jar.asc(SHA1: 62c63c9f002a95a152c98529625ed89d1c3078c6)/org/apache/tomcat/tomcat-juli/8.5.50/tomcat-juli-8.5.50.pom(SHA1: 890196451156043aa45af8c03524343e8757071a)/org/apache/tomcat/tomcat-util/8.5.50/tomcat-util-8.5.50.pom.asc(SHA1: b398124dd6e7d2385e74ca1a95a2add025885846)/org/apache/tomcat/tomcat-util/8.5.50/tomcat-util-8.5.50.jar.asc(SHA1: 44532aced5fa0e7a4fc88000256d29574baca4da)/org/apache/tomcat/tomcat-util/8.5.50/tomcat-util-8.5.50.pom(SHA1: 2c5f7def71521d6e814b68252bad4fc04e574d95)/org/apache/tomcat/tomcat-util/8.5.50/tomcat-util-8.5.50-sources.jar.asc(SHA1: d8d30fca27d8338e7e59af15d1fbd7b2d4996c36)/org/apache/tomcat/tomcat-util/8.5.50/tomcat-util-8.5.50.jar(SHA1: 346837755c216a451eb537a46f093085b1f096a4)/org/apache/tomcat/tomcat-util/8.5.50/tomcat-util-8.5.50-sources.jar(SHA1: e2f80ad0f47abbd23f449698bf71018dbe43b024)/org/apache/tomcat/tomcat-catalina/8.5.50/tomcat-catalina-8.5.50.jar(SHA1: 38813557dd956a304de491fca17aafc2cc63e38a)/org/apache/tomcat/tomcat-catalina/8.5.50/tomcat-catalina-8.5.50.jar.asc(SHA1: 92a6526ad436d72c57ee7217bb5e45dee0c2270f)/org/apache/tomcat/tomcat-catalina/8.5.50/tomcat-catalina-8.5.50-sources.jar.asc(SHA1: d154b0029f1203f3ba9a716a0e780a98cb3d1af9)/org/apache/tomcat/tomcat-catalina/8.5.50/tomcat-catalina-8.5.50.pom(SHA1: 7a028ca4c70f0e46a44c06e22ed24a00c41f6d85)/org/apache/tomcat/tomcat-catalina/8.5.50/tomcat-catalina-8.5.50-sources.jar(SHA1: 25baa4236e6d799f96296486257632b8090f5382)/org/apache/tomcat/tomcat-catalina/8.5.50/tomcat-catalina-8.5.50.pom.asc(SHA1: fffe7e0ab740bed34f0fad13f08448dbfaf9c5be)/org/apache/tomcat/tomcat-catalina-ws/8.5.50/tomcat-catalina-ws-8.5.50.jar.asc(SHA1: 9e3e0dc0b2bdf3c3a534220e5ea59b9576bf3b18)/org/apache/tomcat/tomcat-catalina-ws/8.5.50/tomcat-catalina-ws-8.5.50-sources.jar.asc(SHA1: 293f2bfffcdbd6c4ea6adb0a0635383a74faba35)/org/apache/tomcat/tomcat-catalina-ws/8.5.50/tomcat-catalina-ws-8.5.50-sources.jar(SHA1: 0d1fe11f2d9a2a25a4222a7d875968b6fe4a0123)/org/apache/tomcat/tomcat-catalina-ws/8.5.50/tomcat-catalina-ws-8.5.50.pom(SHA1: 54f34ad5896ba63b6c2a0b9ecd911a31ce9a49b3)/org/apache/tomcat/tomcat-catalina-ws/8.5.50/tomcat-catalina-ws-8.5.50.pom.asc(SHA1: 078ade6d699fb9addae76ab96ad9cbed263e1221)/org/apache/tomcat/tomcat-catalina-ws/8.5.50/tomcat-catalina-ws-8.5.50.jar(SHA1: 3d552ec29837def4a365df34c8539c589790eec4)/org/apache/tomcat/tomcat-i18n-fr/8.5.50/tomcat-i18n-fr-8.5.50.pom.asc(SHA1: 8eb280ea6187ab0a0be122966f8ef336baae349a)/org/apache/tomcat/tomcat-i18n-fr/8.5.50/tomcat-i18n-fr-8.5.50.jar.asc(SHA1: 56b0185b924a2d2fa153e07fa0ea8ed999cf0676)/org/apache/tomcat/tomcat-i18n-fr/8.5.50/tomcat-i18n-fr-8.5.50.pom(SHA1: 06b56c29b3136b8077512479b1fb31c5fb5bc988)/org/apache/tomcat/tomcat-i18n-fr/8.5.50/tomcat-i18n-fr-8.5.50.jar(SHA1: 348fbe82250ba9b6b1881c848c242fca0f09a1c4)/org/apache/tomcat/tomcat-jdbc/8.5.50/tomcat-jdbc-8.5.50-sources.jar(SHA1: 574533466c5ff83df0ffe46029ebd47d66c2161e)/org/apache/tomcat/tomcat-jdbc/8.5.50/tomcat-jdbc-8.5.50-sources.jar.asc(SHA1: 5ec9df917d03719ab661e6e7ca0dcd9b0a353439)/org/apache/tomcat/tomcat-jdbc/8.5.50/tomcat-jdbc-8.5.50.jar(SHA1: 

svn commit: r37134 [2/2] - in /dev/tomcat/tomcat-8/v8.5.50: ./ bin/ bin/embed/ bin/extras/ src/

[markt]

Added: dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.asc
==
--- dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.asc Sat Dec  7 
19:42:01 2019
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl3r/aQACgkQEMAcWi9g
+WefFqw//aI2/YkspUlq8/OOC00kDO9+fuUnuZde6X+nyna2PC6+er494m5TXHTQi
+dABh2CiCOfVHkAdmHgzK5hftggaHFZSIrYqchZL7vfM4uCL7WdqRc4q/wkAQNkbG
+txsvatJAavQVllbVVOSCuiCXpGbE4CJnqXyPUkvFDaPG71GdT4Ys7OnnJXYYmYQx
+fHt5h5hbeafMstdRjPe2KRcVIml0t3QpVXgG6cI0NMAAnHyqBpvEfj1AZfsj3hPk
+aUXNuabVLSbbD/8Lh6e7n/2rumQsk7k+Wu2tD5k0du9/uZOyehDmPrzVFUlBNmw3
+ZZ0g/ZjxtX/83awTOhhAqYk4HU3MyeKardswNSwH1WPPNHtnTlK6aHPOSFUWcSaN
+X1k4vgw/6JizEnh6fgrzhrTsUOWLUDaSYmWx2ViqvxoElEOxHylvBosoasjDxUI3
+swkOJQcd1DpOo+KYwYV6useyEWMGw2/XXodRaV8jL5/RmVlCtS/ABKgbq82cJbOT
+ufl6LmYunpIFBqQ4VB2Go3hIrWDJ+ESjR387vvw85w9V2WdCdenUSM5NPaiMUs6b
+KZeMlX6u4p7wlPivtiOs5FtcOrtlMy1D+IBsZgO+msWNQhIZh8DqLPEjmThh+BzD
+C9LTd4up5XIAQVws0e8XX5/KKSSumIyQoHPwY6dcTDRz7Xpaabs=
+=GLOD
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.sha512
==
--- dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.sha512 (added)
+++ dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.sha512 Sat Dec 
 7 19:42:01 2019
@@ -0,0 +1 @@
+48debfb4b53c14ce4a6014551ca6397837587a89ba040ffc97030f196bc84c3271063363347e6860577d98d03af029cd660c15d17f40c33d2e651cd197c3ef20
 *apache-tomcat-8.5.50-src.zip
\ No newline at end of file



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r37134 [1/2] - in /dev/tomcat/tomcat-8/v8.5.50: ./ bin/ bin/embed/ bin/extras/ src/

[markt]

Author: markt
Date: Sat Dec  7 19:42:01 2019
New Revision: 37134

Log:
Upload 8.5.50 for voting

Added:
dev/tomcat/tomcat-8/v8.5.50/
dev/tomcat/tomcat-8/v8.5.50/KEYS
dev/tomcat/tomcat-8/v8.5.50/README.html
dev/tomcat/tomcat-8/v8.5.50/RELEASE-NOTES
dev/tomcat/tomcat-8/v8.5.50/bin/
dev/tomcat/tomcat-8/v8.5.50/bin/README.html
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-deployer.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-deployer.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-deployer.zip   (with 
props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-deployer.zip.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-deployer.zip.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-fulldocs.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-windows-x64.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-windows-x64.zip.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-windows-x64.zip.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-windows-x86.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-windows-x86.zip.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50-windows-x86.zip.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.exe   (with props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.exe.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.exe.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.tar.gz   (with props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.zip   (with props)
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.zip.asc
dev/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.zip.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/embed/
dev/tomcat/tomcat-8/v8.5.50/bin/embed/apache-tomcat-8.5.50-embed.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.50/bin/embed/apache-tomcat-8.5.50-embed.tar.gz.asc

dev/tomcat/tomcat-8/v8.5.50/bin/embed/apache-tomcat-8.5.50-embed.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/embed/apache-tomcat-8.5.50-embed.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.50/bin/embed/apache-tomcat-8.5.50-embed.zip.asc
dev/tomcat/tomcat-8/v8.5.50/bin/embed/apache-tomcat-8.5.50-embed.zip.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/extras/
dev/tomcat/tomcat-8/v8.5.50/bin/extras/catalina-jmx-remote.jar   (with 
props)
dev/tomcat/tomcat-8/v8.5.50/bin/extras/catalina-jmx-remote.jar.asc
dev/tomcat/tomcat-8/v8.5.50/bin/extras/catalina-jmx-remote.jar.sha512
dev/tomcat/tomcat-8/v8.5.50/bin/extras/catalina-ws.jar   (with props)
dev/tomcat/tomcat-8/v8.5.50/bin/extras/catalina-ws.jar.asc
dev/tomcat/tomcat-8/v8.5.50/bin/extras/catalina-ws.jar.sha512
dev/tomcat/tomcat-8/v8.5.50/src/
dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.tar.gz   (with 
props)
dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip   (with props)
dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.asc
dev/tomcat/tomcat-8/v8.5.50/src/apache-tomcat-8.5.50-src.zip.sha512

Added: dev/tomcat/tomcat-8/v8.5.50/KEYS
==
--- dev/tomcat/tomcat-8/v8.5.50/KEYS (added)
+++ dev/tomcat/tomcat-8/v8.5.50/KEYS Sat Dec  7 19:42:01 2019
@@ -0,0 +1,676 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz

svn commit: r37133 - /release/tomcat/tomcat-8/v8.5.47/

[markt]

Author: markt
Date: Sat Dec  7 19:38:50 2019
New Revision: 37133

Log:
Drop 8.5.47 from mirrors

Removed:
release/tomcat/tomcat-8/v8.5.47/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 8.5.50 created (now c40ede6)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 8.5.50
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at c40ede6  (commit)
This tag includes the following new commits:

 new c40ede6  Tag 8.5.50

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 8.5.50

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 8.5.50
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c40ede65ea4fb44b1957ec482f28c7afa71f1b50
Author: Mark Thomas 
AuthorDate: Sat Dec 7 18:41:21 2019 +

Tag 8.5.50
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index e9f541f..4f3761f 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=8
 version.minor=5
 version.build=50
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Source control flags -
 git.branch=8.5.x
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e674046..0811e98 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -44,7 +44,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Increment version read for next development cycle

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new d3cdd10  Increment version read for next development cycle
d3cdd10 is described below

commit d3cdd10a7411f074e01447ea588e9b78a1011fb3
Author: Mark Thomas 
AuthorDate: Sat Dec 7 18:39:40 2019 +

Increment version read for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 3d0dc4b..ffe38de 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=9
 version.minor=0
-version.build=30
+version.build=31
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 249073e..a258b78 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=9.0.30
+maven.asf.release.deploy.version=9.0.31
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6d904d4..f9eaaeb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -44,7 +44,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Add missing word.

[schultz]

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 7443451  Add missing word.
7443451 is described below

commit 7443451878d1812cc40c6626efaf2789b9c222f1
Author: Christopher Schultz 
AuthorDate: Sat Dec 7 13:11:15 2019 -0500

Add missing word.
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 288e459..e674046 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -284,7 +284,7 @@
   
   
 Update the Servlet 4 preview API to reflect changes made to the API in
-the final release. Note that this preview API has deprecated for over a
+the final release. Note that this preview API has been deprecated for 
over a
 year and may be removed as soon as the next 8.5.x release. (markt)
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix typo

[schultz]

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 76d4c97  Fix typo
76d4c97 is described below

commit 76d4c97bca041c176608e7b4f9cf45944781bb74
Author: Christopher Schultz 
AuthorDate: Sat Dec 7 13:07:28 2019 -0500

Fix typo
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1a56bd0..288e459 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -263,7 +263,7 @@
 being constructed as expected. (markt)
   
   
-Make a best efforts attempt to clean-up if a request fails during
+Make a best effort attempt to clean-up if a request fails during
 processing due to an OutOfMemoryException. (markt)
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix typo

[schultz]

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new e0dfcea  Fix typo
e0dfcea is described below

commit e0dfcea444fb0e6096654fa626c90948d50e3728
Author: Christopher Schultz 
AuthorDate: Sat Dec 7 13:04:09 2019 -0500

Fix typo
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5c9cda8..1a56bd0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -447,7 +447,7 @@
 
   
 63781: When performing various checks related to the
-visibility of classes, fields an methods in the EL implementation, also
+visibility of classes, fields and methods in the EL implementation, 
also
 check that the containing module has been exported. (markt)
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 9.0.30

[Mark Thomas]

The proposed Apache Tomcat 9.0.30 release is now available for voting.

The major changes compared to the 9.0.29 release are:

- Correct multiple regressions in the static resource caching related to
  using URLs provided for cached resources

- Improvements to the Realm interface and implementations

- Bug fixes and improvements to the CORS filter

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.30/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1240/
The tag is:
https://github.com/apache/tomcat/tree/9.0.30
4fab4cc012d0c31852e957d198cb0549f3d6074c

The proposed 9.0.30 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.30

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r37132 - /release/tomcat/tomcat-9/v9.0.27/

[markt]

Author: markt
Date: Sat Dec  7 17:16:10 2019
New Revision: 37132

Log:
Drop 9.0.27 from mirrors

Removed:
release/tomcat/tomcat-9/v9.0.27/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r37131 - in /dev/tomcat/tomcat-9/v9.0.30: ./ bin/ bin/embed/ src/

[markt]

Author: markt
Date: Sat Dec  7 17:16:02 2019
New Revision: 37131

Log:
Upload 9.0.30 for voting

Added:
dev/tomcat/tomcat-9/v9.0.30/
dev/tomcat/tomcat-9/v9.0.30/KEYS
dev/tomcat/tomcat-9/v9.0.30/README.html
dev/tomcat/tomcat-9/v9.0.30/RELEASE-NOTES
dev/tomcat/tomcat-9/v9.0.30/bin/
dev/tomcat/tomcat-9/v9.0.30/bin/README.html
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-deployer.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-deployer.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-deployer.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-deployer.zip.asc
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-deployer.zip.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-fulldocs.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-windows-x64.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-windows-x64.zip.asc
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-windows-x64.zip.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-windows-x86.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-windows-x86.zip.asc
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30-windows-x86.zip.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.exe   (with props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.exe.asc
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.exe.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.tar.gz   (with props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.zip   (with props)
dev/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.zip.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/embed/
dev/tomcat/tomcat-9/v9.0.30/bin/embed/apache-tomcat-9.0.30-embed.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.30/bin/embed/apache-tomcat-9.0.30-embed.tar.gz.asc

dev/tomcat/tomcat-9/v9.0.30/bin/embed/apache-tomcat-9.0.30-embed.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.30/bin/embed/apache-tomcat-9.0.30-embed.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.30/bin/embed/apache-tomcat-9.0.30-embed.zip.asc
dev/tomcat/tomcat-9/v9.0.30/bin/embed/apache-tomcat-9.0.30-embed.zip.sha512
dev/tomcat/tomcat-9/v9.0.30/src/
dev/tomcat/tomcat-9/v9.0.30/src/apache-tomcat-9.0.30-src.tar.gz   (with 
props)
dev/tomcat/tomcat-9/v9.0.30/src/apache-tomcat-9.0.30-src.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.30/src/apache-tomcat-9.0.30-src.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.30/src/apache-tomcat-9.0.30-src.zip   (with props)
dev/tomcat/tomcat-9/v9.0.30/src/apache-tomcat-9.0.30-src.zip.asc
dev/tomcat/tomcat-9/v9.0.30/src/apache-tomcat-9.0.30-src.zip.sha512

Added: dev/tomcat/tomcat-9/v9.0.30/KEYS
==
--- dev/tomcat/tomcat-9/v9.0.30/KEYS (added)
+++ dev/tomcat/tomcat-9/v9.0.30/KEYS Sat Dec  7 17:16:02 2019
@@ -0,0 +1,676 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
+gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
+9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
+nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
+0cq3xEAcwAmYLKQvCtgDV8CYgWKVmPi+49rSuQn7Lo9l02OUbLQgQW5keSBBcm1z
+dHJvbmcgPGFuZHlAdGFnaXNoLmNvbT6JAFgEEBECABgFAjtAWuUICwMJCAcCAQoC
+GQEFGwMACgkQajrT9PIsT+1plgCfXAovWnVL3MjrTfcGlFSKw7GHCSYAoJkz
+x+r2ANe8/0e+u5ZcYtSaSry+uQINBDtAWuUQCAD2Qle3CH8IF3KiutapQvMF6PlT
+ETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZ
+X9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56N

[tomcat] 13/18: Refactor so Principal is never cached in session with cache==false

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit e19a202ee43b6e2a538be5515ae0ab32d8ef112c
Author: Mark Thomas 
AuthorDate: Thu Dec 5 23:25:37 2019 +

Refactor so Principal is never cached in session with cache==false
---
 .../catalina/authenticator/AuthenticatorBase.java  |  5 ++--
 .../apache/catalina/authenticator/Constants.java   |  3 ++
 .../catalina/authenticator/FormAuthenticator.java  | 33 ++
 3 files changed, 15 insertions(+), 26 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 56e8a04..cec4baa 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -1135,10 +1135,11 @@ public abstract class AuthenticatorBase extends 
ValveBase
 }
 
 // Cache the authentication information in our session, if any
-if (cache) {
-if (session != null) {
+if (session != null) {
+if (cache) {
 session.setAuthType(authType);
 session.setPrincipal(principal);
+} else {
 if (username != null) {
 session.setNote(Constants.SESS_USERNAME_NOTE, username);
 } else {
diff --git a/java/org/apache/catalina/authenticator/Constants.java 
b/java/org/apache/catalina/authenticator/Constants.java
index d5126cc..f257b4f 100644
--- a/java/org/apache/catalina/authenticator/Constants.java
+++ b/java/org/apache/catalina/authenticator/Constants.java
@@ -82,7 +82,10 @@ public class Constants {
 
 /**
  * The previously authenticated principal (if caching is disabled).
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.
  */
+@Deprecated
 public static final String FORM_PRINCIPAL_NOTE = 
"org.apache.catalina.authenticator.PRINCIPAL";
 
 /**
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 9d5e3f8..f326f77 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -132,10 +132,6 @@ public class FormAuthenticator
 protected boolean doAuthenticate(Request request, HttpServletResponse 
response)
 throws IOException {
 
-if (checkForCachedAuthentication(request, response, true)) {
-return true;
-}
-
 // References to objects we will need later
 Session session = null;
 Principal principal = null;
@@ -154,9 +150,8 @@ public class FormAuthenticator
 }
 principal = context.getRealm().authenticate(username, 
password);
 if (principal != null) {
-session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
+register(request, response, principal, 
HttpServletRequest.FORM_AUTH, username, password);
 if (!matchRequest(request)) {
-register(request, response, principal, 
HttpServletRequest.FORM_AUTH, username, password);
 return true;
 }
 }
@@ -173,16 +168,6 @@ public class FormAuthenticator
 if (log.isDebugEnabled()) {
 log.debug("Restore request from session '" + 
session.getIdInternal() + "'");
 }
-principal = (Principal) 
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
-register(request, response, principal, 
HttpServletRequest.FORM_AUTH,
- (String) session.getNote(Constants.SESS_USERNAME_NOTE),
- (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
-// If we're caching principals we no longer need the user name
-// and password in the session, so remove them
-if (cache) {
-session.removeNote(Constants.SESS_USERNAME_NOTE);
-session.removeNote(Constants.SESS_PASSWORD_NOTE);
-}
 if (restoreRequest(request, session)) {
 if (log.isDebugEnabled()) {
 log.debug("Proceed to restored request");
@@ -197,6 +182,12 @@ public class FormAuthenticator
 }
 }
 
+// This check has to be after the previous check for a matching request
+// because that matching request may also include a cached Principal.
+if (checkForCachedAuthentication(request, response, true)) {
+return true;
+}
+
 // Acquire references to objects we will need to evaluate
 String contextPath = request.getContextPath();
 String requestURI = request.getDecodedRequestURI();
@@ -283,12 +274,7 @@ public class 

[tomcat] 15/18: Add an atomic method to rotate session ID and return new value. Use it.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 6dcf03e3784f3d7f0c82e8cd3531cf772ae48a37
Author: Mark Thomas 
AuthorDate: Fri Dec 6 12:13:15 2019 +

Add an atomic method to rotate session ID and return new value. Use it.
---
 java/org/apache/catalina/Manager.java | 33 +++
 java/org/apache/catalina/connector/Request.java   |  3 +--
 java/org/apache/catalina/session/ManagerBase.java |  7 +
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/Manager.java 
b/java/org/apache/catalina/Manager.java
index 4c8275f..0fe745b 100644
--- a/java/org/apache/catalina/Manager.java
+++ b/java/org/apache/catalina/Manager.java
@@ -215,11 +215,44 @@ public interface Manager {
  * session ID.
  *
  * @param session   The session to change the session ID for
+ *
+ * @deprecated Use {@link #rotateSessionId(Session)}.
+ * Will be removed in Tomcat 10
  */
+@Deprecated
 public void changeSessionId(Session session);
 
 
 /**
+ * Change the session ID of the current session to a new randomly generated
+ * session ID.
+ *
+ * @param session   The session to change the session ID for
+ *
+ * @return  The new session ID
+ */
+public default String rotateSessionId(Session session) {
+String newSessionId = null;
+// Assume there new Id is a duplicate until we prove it isn't. The
+// chances of a duplicate are extremely low but the current ManagerBase
+// code protects against duplicates so this default method does too.
+boolean duplicate = true;
+do {
+newSessionId = getSessionIdGenerator().generateSessionId();
+try {
+if (findSession(newSessionId) == null) {
+duplicate = false;
+}
+} catch (IOException ioe) {
+// Swallow. An IOE means the ID was known so continue looping
+}
+} while (duplicate);
+changeSessionId(session, newSessionId);
+return newSessionId;
+}
+
+
+/**
  * Change the session ID of the current session to a specified session ID.
  *
  * @param session   The session to change the session ID for
diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index bb4039d..954aa3e 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2697,9 +2697,8 @@ public class Request implements 
org.apache.catalina.servlet4preview.http.HttpSer
 }
 
 Manager manager = this.getContext().getManager();
-manager.changeSessionId(session);
 
-String newSessionId = session.getId();
+String newSessionId = manager.rotateSessionId(session);
 this.changeSessionId(newSessionId);
 
 return newSessionId;
diff --git a/java/org/apache/catalina/session/ManagerBase.java 
b/java/org/apache/catalina/session/ManagerBase.java
index cccda39..894256d 100644
--- a/java/org/apache/catalina/session/ManagerBase.java
+++ b/java/org/apache/catalina/session/ManagerBase.java
@@ -723,8 +723,15 @@ public abstract class ManagerBase extends 
LifecycleMBeanBase implements Manager
 
 @Override
 public void changeSessionId(Session session) {
+rotateSessionId(session);
+}
+
+
+@Override
+public String rotateSessionId(Session session) {
 String newId = generateSessionId();
 changeSessionId(session, newId, true, true);
+return newId;
 }
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 09/18: Fix codec

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b8d9fbc7eb1ebbfd27616c8fa477f2c08862e6de
Author: Mark Thomas 
AuthorDate: Fri Dec 6 19:00:06 2019 +

Fix codec
---
 .../catalina/authenticator/TestBasicAuthParser.java   | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/test/org/apache/catalina/authenticator/TestBasicAuthParser.java 
b/test/org/apache/catalina/authenticator/TestBasicAuthParser.java
index cc480ff..9f918d2 100644
--- a/test/org/apache/catalina/authenticator/TestBasicAuthParser.java
+++ b/test/org/apache/catalina/authenticator/TestBasicAuthParser.java
@@ -362,26 +362,23 @@ public class TestBasicAuthParser {
 /*
  * invalid base64 string tests
  *
- * Refer to RFC2045 section 6.8.
+ * Refer to
+ *  - RFC 7617 (Basic Auth)
+ *  - RFC 4648 (base 64)
  */
 
 /*
- * non-trailing "=" should trigger premature termination of the
- * decoder, returning a truncated string that will eventually
- * result in an authentication Assert.failure.
+ * non-trailing "=" is illegal and will be rejected by the parser
  */
-@Test
+@Test(expected = IllegalArgumentException.class)
 public void testBadBase64InlineEquals() throws Exception {
 final String BASE64_CRIB = "dXNlcmlkOnNlY3J=dAo=";
-final String TRUNCATED_PWD = "secr";
 final BasicAuthHeader AUTH_HEADER =
 new BasicAuthHeader(NICE_METHOD, BASE64_CRIB);
+@SuppressWarnings("unused") // Exception will be thrown.
 BasicAuthenticator.BasicCredentials credentials =
 new BasicAuthenticator.BasicCredentials(
 AUTH_HEADER.getHeader(), StandardCharsets.UTF_8, true);
-Assert.assertEquals(USER_NAME, credentials.getUsername());
-Assert.assertNotSame(PASSWORD, credentials.getPassword());
-Assert.assertEquals(TRUNCATED_PWD, credentials.getPassword());
 }
 
 /*


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/18: Merge in FileUpload changes to 2317552 (2019-12-06, 2.0-SNAPSHOT)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 218ea934fc71a0948c1b2e313e9cf20dede2cc23
Author: Mark Thomas 
AuthorDate: Fri Dec 6 15:30:48 2019 +

Merge in FileUpload changes to 2317552 (2019-12-06, 2.0-SNAPSHOT)
---
 MERGE.txt  |   2 +-
 java/org/apache/catalina/connector/Request.java|   6 +-
 .../util/http/fileupload/FileItemIterator.java |  49 +-
 .../util/http/fileupload/FileUploadBase.java   | 702 +
 .../util/http/fileupload/MultipartStream.java  |  10 +-
 .../util/http/fileupload/disk/DiskFileItem.java|   3 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java | 339 ++
 .../http/fileupload/impl/FileItemStreamImpl.java   | 222 +++
 .../impl/FileSizeLimitExceededException.java   |  94 +++
 .../fileupload/impl/FileUploadIOException.java |  63 ++
 .../fileupload/impl/IOFileUploadException.java |  62 ++
 .../impl/InvalidContentTypeException.java  |  62 ++
 .../util/http/fileupload/impl/SizeException.java   |  75 +++
 .../impl/SizeLimitExceededException.java   |  43 ++
 webapps/docs/changelog.xml |   4 +
 15 files changed, 1032 insertions(+), 704 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index b4bd507..893ac89 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -51,7 +51,7 @@ FileUpload
 Sub-tree:
 src/main/java/org/apache/commons/fileupload2
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
-9958ea2426ec5682a7c929a13372c04426ee3818 (2019-08-01)
+2317552993fd5180a84083d599b8cbdb05a07bab (2019-12-06)
 
 Note: Tomcat's copy of fileupload also includes classes copied manually from
   Commons IO.
diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index d4b11d5..5d719c1 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -105,10 +105,10 @@ import org.apache.tomcat.util.http.Parameters.FailReason;
 import org.apache.tomcat.util.http.ServerCookie;
 import org.apache.tomcat.util.http.ServerCookies;
 import org.apache.tomcat.util.http.fileupload.FileItem;
-import org.apache.tomcat.util.http.fileupload.FileUploadBase;
-import 
org.apache.tomcat.util.http.fileupload.FileUploadBase.InvalidContentTypeException;
 import org.apache.tomcat.util.http.fileupload.FileUploadException;
 import org.apache.tomcat.util.http.fileupload.disk.DiskFileItemFactory;
+import org.apache.tomcat.util.http.fileupload.impl.InvalidContentTypeException;
+import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
 import org.apache.tomcat.util.http.parser.AcceptLanguage;
@@ -2928,7 +2928,7 @@ public class Request implements 
org.apache.catalina.servlet4preview.http.HttpSer
 } catch (InvalidContentTypeException e) {
 
parameters.setParseFailedReason(FailReason.INVALID_CONTENT_TYPE);
 partsParseException = new ServletException(e);
-} catch (FileUploadBase.SizeException e) {
+} catch (SizeLimitExceededException e) {
 parameters.setParseFailedReason(FailReason.POST_TOO_LARGE);
 checkSwallowInput();
 partsParseException = new IllegalStateException(e);
diff --git a/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java 
b/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java
index 4f331ad..9665312 100644
--- a/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java
+++ b/java/org/apache/tomcat/util/http/fileupload/FileItemIterator.java
@@ -17,12 +17,56 @@
 package org.apache.tomcat.util.http.fileupload;
 
 import java.io.IOException;
+import java.util.List;
+
+import 
org.apache.tomcat.util.http.fileupload.impl.FileSizeLimitExceededException;
+import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
 
 /**
  * An iterator, as returned by
  * {@link FileUploadBase#getItemIterator(RequestContext)}.
  */
 public interface FileItemIterator {
+/** Returns the maximum size of a single file. An {@link 
FileSizeLimitExceededException}
+ * will be thrown, if there is an uploaded file, which is exceeding this 
value.
+ * By default, this value will be copied from the {@link 
FileUploadBase#getFileSizeMax()
+ * FileUploadBase} object, however, the user may replace the default value 
with a
+ * request specific value by invoking {@link #setFileSizeMax(long)} on 
this object.
+ * @return The maximum size of a single, uploaded file. The value -1 
indicates "unlimited".
+ */
+public long getFileSizeMax();
+
+/** Sets the maximum size of a single file. An {@link 

[tomcat] 10/18: Clean-up. No functional change.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 17ffce9c91f76d08ea63c8aae19e654c5014cdb5
Author: Mark Thomas 
AuthorDate: Thu Dec 5 19:59:47 2019 +

Clean-up. No functional change.
---
 .../apache/catalina/authenticator/Constants.java   | 44 ++
 1 file changed, 11 insertions(+), 33 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/Constants.java 
b/java/org/apache/catalina/authenticator/Constants.java
index 5e75c2c..d5126cc 100644
--- a/java/org/apache/catalina/authenticator/Constants.java
+++ b/java/org/apache/catalina/authenticator/Constants.java
@@ -14,11 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-
 package org.apache.catalina.authenticator;
 
-
 public class Constants {
 // Authentication methods for login configuration
 // Servlet spec schemes are defined in HttpServletRequest
@@ -33,23 +30,18 @@ public class Constants {
 // SPNEGO authentication constants
 public static final String KRB5_CONF_PROPERTY = "java.security.krb5.conf";
 public static final String DEFAULT_KRB5_CONF = "conf/krb5.ini";
-public static final String JAAS_CONF_PROPERTY =
-"java.security.auth.login.config";
+public static final String JAAS_CONF_PROPERTY = 
"java.security.auth.login.config";
 public static final String DEFAULT_JAAS_CONF = "conf/jaas.conf";
-public static final String DEFAULT_LOGIN_MODULE_NAME =
-"com.sun.security.jgss.krb5.accept";
+public static final String DEFAULT_LOGIN_MODULE_NAME = 
"com.sun.security.jgss.krb5.accept";
 /**
  * @deprecated Unused. Will be removed in Tomcat 9.
  */
 @Deprecated
-public static final String USE_SUBJECT_CREDS_ONLY_PROPERTY =
-"javax.security.auth.useSubjectCredsOnly";
+public static final String USE_SUBJECT_CREDS_ONLY_PROPERTY = 
"javax.security.auth.useSubjectCredsOnly";
 
 // Cookie name for single sign on support
-public static final String SINGLE_SIGN_ON_COOKIE =
-System.getProperty(
-
"org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME",
-"JSESSIONIDSSO");
+public static final String SINGLE_SIGN_ON_COOKIE = System.getProperty(
+
"org.apache.catalina.authenticator.Constants.SSO_SESSION_COOKIE_NAME", 
"JSESSIONIDSSO");
 
 
 // - Request Notes
@@ -58,17 +50,13 @@ public class Constants {
  * The notes key to track the single-sign-on identity with which this
  * request is associated.
  */
-public static final String REQ_SSOID_NOTE =
-"org.apache.catalina.request.SSOID";
+public static final String REQ_SSOID_NOTE = 
"org.apache.catalina.request.SSOID";
 
-
-public static final String REQ_JASPIC_SUBJECT_NOTE =
-"org.apache.catalina.authenticator.jaspic.SUBJECT";
+public static final String REQ_JASPIC_SUBJECT_NOTE = 
"org.apache.catalina.authenticator.jaspic.SUBJECT";
 
 
 // -- Session Notes
 
-
 /**
  * If the cache property of our authenticator is set, and
  * the current request is part of a session, authentication information
@@ -76,19 +64,15 @@ public class Constants {
  * Realm.authenticate(), under the following keys:
  */
 
-
 /**
  * The notes key for the password used to authenticate this user.
  */
-public static final String SESS_PASSWORD_NOTE =
-  "org.apache.catalina.session.PASSWORD";
-
+public static final String SESS_PASSWORD_NOTE = 
"org.apache.catalina.session.PASSWORD";
 
 /**
  * The notes key for the username used to authenticate this user.
  */
-public static final String SESS_USERNAME_NOTE =
-  "org.apache.catalina.session.USERNAME";
+public static final String SESS_USERNAME_NOTE = 
"org.apache.catalina.session.USERNAME";
 
 
 /**
@@ -96,20 +80,14 @@ public class Constants {
  * cache required information prior to the completion of authentication.
  */
 
-
 /**
  * The previously authenticated principal (if caching is disabled).
  */
-public static final String FORM_PRINCIPAL_NOTE =
-"org.apache.catalina.authenticator.PRINCIPAL";
-
+public static final String FORM_PRINCIPAL_NOTE = 
"org.apache.catalina.authenticator.PRINCIPAL";
 
 /**
  * The original request information, to which the user will be
  * redirected if authentication succeeds.
  */
-public static final String FORM_REQUEST_NOTE =
-"org.apache.catalina.authenticator.REQUEST";
-
-
+public static final String FORM_REQUEST_NOTE = 
"org.apache.catalina.authenticator.REQUEST";
 }


-
To unsubscribe, 

[tomcat] 16/18: Update changelog

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 98c7c55d03fb24c42d07d3afde59a19fd3438a5c
Author: Mark Thomas 
AuthorDate: Fri Dec 6 21:14:06 2019 +

Update changelog
---
 webapps/docs/changelog.xml | 5 +
 1 file changed, 5 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 87e9e84..5c9cda8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,6 +103,11 @@
 and refactor loops in FileStore to use the ForEach style.
 Pull request provided by Govinda Sakhare. (markt)
   
+  
+Refactor FORM authentication to reduce duplicate code and to ensure 
that
+the authenticated Principal is not cached in the session when caching 
is
+disabled. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 18/18: Refactor wait to make test failure due to timing issues less likely

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 1f9d3e6500fb8543493f20c958dc59cbb3415dfa
Author: god 
AuthorDate: Sat Dec 7 13:27:54 2019 +

Refactor wait to make test failure due to timing issues less likely
---
 test/org/apache/tomcat/util/net/TestSsl.java | 29 +---
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/TestSsl.java 
b/test/org/apache/tomcat/util/net/TestSsl.java
index 8e815f2..b777f2c 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -136,28 +136,17 @@ public class TestSsl extends TomcatBaseTest {
 
 socket.startHandshake();
 
-// One request should be sufficient
-int requestCount = 0;
-int listenerComplete = 0;
-try {
-while (requestCount < 10) {
-requestCount++;
-doRequest(os, r);
-Assert.assertTrue("Checking no client issuer has been 
requested",
-TesterSupport.getLastClientAuthRequestedIssuerCount() 
== 0);
-if (listener.isComplete() && listenerComplete == 0) {
-listenerComplete = requestCount;
-}
-}
-} catch (AssertionError | IOException e) {
-String message = "Failed on request number " + requestCount
-+ " after startHandshake(). " + e.getMessage();
-log.error(message, e);
-Assert.fail(message);
+doRequest(os, r);
+// Handshake complete appears to be called asynchronously
+int wait = 0;
+while (wait < 5000 && !listener.isComplete()) {
+wait += 50;
+Thread.sleep(50);
 }
-
+Assert.assertTrue("Checking no client issuer has been requested",
+TesterSupport.getLastClientAuthRequestedIssuerCount() == 0);
 Assert.assertTrue(listener.isComplete());
-System.out.println("Renegotiation completed after " + listenerComplete 
+ " requests");
+System.out.println("Renegotiation completed after " + wait + " ms");
 }
 
 private void doRequest(OutputStream os, Reader r) throws IOException {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 14/18: Harden the FORM authentication process

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit e8ae801192b3b07afdffeb0c653eb2abe4808e9e
Author: Mark Thomas 
AuthorDate: Thu Dec 5 23:01:42 2019 +

Harden the FORM authentication process

When the session ID is configured to change on authentication, track the
expected session ID through the authentication process and ensure that
the expected value is seen at each stage.
---
 .../catalina/authenticator/AuthenticatorBase.java|  6 +-
 .../org/apache/catalina/authenticator/Constants.java |  6 ++
 .../catalina/authenticator/FormAuthenticator.java| 20 +++-
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index cec4baa..f35fbd6 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -1128,7 +1128,11 @@ public abstract class AuthenticatorBase extends ValveBase
 // If the principal is null then this is a logout. No need to 
change
 // the session ID. See BZ 59043.
 if (getChangeSessionIdOnAuthentication() && principal != null) {
-changeSessionID(request, session);
+String newSessionId = changeSessionID(request, session);
+// If the current session ID is being tracked, update it.
+if (session.getNote(Constants.SESSION_ID_NOTE) != null) {
+session.setNote(Constants.SESSION_ID_NOTE, newSessionId);
+}
 }
 } else if (alwaysUseSession) {
 session = request.getSessionInternal(true);
diff --git a/java/org/apache/catalina/authenticator/Constants.java 
b/java/org/apache/catalina/authenticator/Constants.java
index f257b4f..66f2a49 100644
--- a/java/org/apache/catalina/authenticator/Constants.java
+++ b/java/org/apache/catalina/authenticator/Constants.java
@@ -58,6 +58,12 @@ public class Constants {
 // -- Session Notes
 
 /**
+ * The session id used as a CSRF marker when redirecting a user's request.
+ */
+public static final String SESSION_ID_NOTE = 
"org.apache.catalina.authenticator.SESSION_ID";
+
+
+/**
  * If the cache property of our authenticator is set, and
  * the current request is part of a session, authentication information
  * will be cached to avoid the need for repeated calls to
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index f326f77..e9b9839 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -253,6 +253,14 @@ public class FormAuthenticator
 if (session == null) {
 session = request.getSessionInternal(false);
 }
+if (session != null && getChangeSessionIdOnAuthentication()) {
+// Does session id match?
+String expectedSessionId = (String) 
session.getNote(Constants.SESSION_ID_NOTE);
+if (expectedSessionId == null || 
!expectedSessionId.equals(request.getRequestedSessionId())) {
+session.expire();
+session = null;
+}
+}
 if (session == null) {
 if (containerLog.isDebugEnabled()) {
 containerLog.debug("User took so long to log on the session 
expired");
@@ -382,7 +390,8 @@ public class FormAuthenticator
 if (getChangeSessionIdOnAuthentication()) {
 Session session = request.getSessionInternal(false);
 if (session != null) {
-changeSessionID(request, session);
+String newSessionId = changeSessionID(request, session);
+session.setNote(Constants.SESSION_ID_NOTE, newSessionId);
 }
 }
 
@@ -479,6 +488,14 @@ public class FormAuthenticator
 return false;
 }
 
+// Does session id match?
+if (getChangeSessionIdOnAuthentication()) {
+String expectedSessionId = (String) 
session.getNote(Constants.SESSION_ID_NOTE);
+if (expectedSessionId == null || 
!expectedSessionId.equals(request.getRequestedSessionId())) {
+return false;
+}
+}
+
 // Does the request URI match?
 String decodedRequestURI = request.getDecodedRequestURI();
 if (decodedRequestURI == null) {
@@ -505,6 +522,7 @@ public class FormAuthenticator
 // Retrieve and remove the SavedRequest object from our session
 SavedRequest saved = (SavedRequest) 
session.getNote(Constants.FORM_REQUEST_NOTE);
 

[tomcat] 06/18: Fix Findbugs warnings

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b9469e8ec5fe04ae251f379bfd1638a7e0fe27f1
Author: Mark Thomas 
AuthorDate: Fri Dec 6 16:42:32 2019 +

Fix Findbugs warnings
---
 test/org/apache/catalina/session/FileStoreTest.java | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/test/org/apache/catalina/session/FileStoreTest.java 
b/test/org/apache/catalina/session/FileStoreTest.java
index f2555de..c827562 100644
--- a/test/org/apache/catalina/session/FileStoreTest.java
+++ b/test/org/apache/catalina/session/FileStoreTest.java
@@ -60,9 +60,15 @@ public class FileStoreTest {
 @Before
 public void beforeEachTest() throws IOException {
 fileStore.setDirectory(SESS_TEMPPATH);
-dir.mkdir();
-file1.createNewFile();
-file2.createNewFile();
+if (!dir.mkdir()) {
+Assert.fail();
+}
+if (!file1.createNewFile()) {
+Assert.fail();
+}
+if (!file2.createNewFile()) {
+Assert.fail();
+}
 }
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 07/18: Remove unused code reported by SpotBugs

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b167af1b37c655e5c1287e26375b3fd85caaff0a
Author: Mark Thomas 
AuthorDate: Fri Dec 6 16:49:52 2019 +

Remove unused code reported by SpotBugs
---
 .../tomcat/util/http/fileupload/impl/FileItemStreamImpl.java | 9 -
 1 file changed, 9 deletions(-)

diff --git 
a/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java 
b/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
index 29427e6..06bf33e 100644
--- a/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
+++ b/java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
@@ -61,11 +61,6 @@ public class FileItemStreamImpl implements FileItemStream {
 private final InputStream stream;
 
 /**
- * Whether the file item was already opened.
- */
-private boolean opened;
-
-/**
  * The headers, if any.
  */
 private FileItemHeaders headers;
@@ -180,10 +175,6 @@ public class FileItemStreamImpl implements FileItemStream {
  */
 @Override
 public InputStream openStream() throws IOException {
-if (opened) {
-throw new IllegalStateException(
-"The stream was already opened.");
-}
 if (((Closeable) stream).isClosed()) {
 throw new FileItemStream.ItemSkippedException();
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 05/18: Merge in DBCP 2 changes 2 a363390 (2019-12-06, 2.7.1-SNAPSHOT)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 1706b31a01befb73553d2ae29240ff70c76b3f0c
Author: Mark Thomas 
AuthorDate: Fri Dec 6 16:34:07 2019 +

Merge in DBCP 2 changes 2 a363390 (2019-12-06, 2.7.1-SNAPSHOT)
---
 MERGE.txt  |  2 +-
 .../apache/tomcat/dbcp/dbcp2/AbandonedTrace.java   | 92 +++---
 webapps/docs/changelog.xml |  4 +
 3 files changed, 51 insertions(+), 47 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 7daec6d..5551fb2 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -69,4 +69,4 @@ Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
-4813b7f5456c1f4fecc4f701ac731a71f57db249 (2019-08-09)
+a363906bf7a039f79c07fa3c68b082a69ae035d7 (2019-12-06)
diff --git a/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java 
b/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java
index 3969480..671e3e6 100644
--- a/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java
+++ b/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java
@@ -58,45 +58,6 @@ public class AbandonedTrace implements TrackedUse {
 }
 
 /**
- * Initializes abandoned tracing for this object.
- *
- * @param parent
- *AbandonedTrace parent object.
- */
-private void init(final AbandonedTrace parent) {
-if (parent != null) {
-parent.addTrace(this);
-}
-}
-
-/**
- * Gets the last time this object was used in milliseconds.
- *
- * @return long time in milliseconds.
- */
-@Override
-public long getLastUsed() {
-return lastUsedMillis;
-}
-
-/**
- * Sets the time this object was last used to the current time in 
milliseconds.
- */
-protected void setLastUsed() {
-lastUsedMillis = System.currentTimeMillis();
-}
-
-/**
- * Sets the time in milliseconds this object was last used.
- *
- * @param lastUsedMillis
- *time in milliseconds.
- */
-protected void setLastUsed(final long lastUsedMillis) {
-this.lastUsedMillis = lastUsedMillis;
-}
-
-/**
  * Adds an object to the list of objects being traced.
  *
  * @param trace
@@ -119,6 +80,16 @@ public class AbandonedTrace implements TrackedUse {
 }
 
 /**
+ * Gets the last time this object was used in milliseconds.
+ *
+ * @return long time in milliseconds.
+ */
+@Override
+public long getLastUsed() {
+return lastUsedMillis;
+}
+
+/**
  * Gets a list of objects being traced by this object.
  *
  * @return List of objects.
@@ -145,6 +116,30 @@ public class AbandonedTrace implements TrackedUse {
 }
 
 /**
+ * Initializes abandoned tracing for this object.
+ *
+ * @param parent
+ *AbandonedTrace parent object.
+ */
+private void init(final AbandonedTrace parent) {
+if (parent != null) {
+parent.addTrace(this);
+}
+}
+
+/**
+ * Removes this object the source object is tracing.
+ *
+ * @param source The object tracing
+ * @since 2.7.0
+ */
+protected void removeThisTrace(final Object source) {
+if (source instanceof AbandonedTrace) {
+AbandonedTrace.class.cast(source).removeTrace(this);
+}
+}
+
+/**
  * Removes a child object this object is tracing.
  *
  * @param trace
@@ -167,14 +162,19 @@ public class AbandonedTrace implements TrackedUse {
 }
 
 /**
- * Removes this object the source object is tracing.
+ * Sets the time this object was last used to the current time in 
milliseconds.
+ */
+protected void setLastUsed() {
+lastUsedMillis = System.currentTimeMillis();
+}
+
+/**
+ * Sets the time in milliseconds this object was last used.
  *
- * @param source The object tracing
- * @since 2.7.0
+ * @param lastUsedMillis
+ *time in milliseconds.
  */
-protected void removeThisTrace(final Object source) {
-if (source instanceof AbandonedTrace) {
-AbandonedTrace.class.cast(source).removeTrace(this);
-}
+protected void setLastUsed(final long lastUsedMillis) {
+this.lastUsedMillis = lastUsedMillis;
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 86adeab..87e9e84 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -217,6 +217,10 @@
 Update the internal fork of Apache Commons Pool 2 to 6092f92 
(2019-12-06,
 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
   
+  
+Update the internal fork of Apache Commons DBCP 2 to a36390 
(2019-12-06,
+2.7.1-SNAPSHOT). 

[tomcat] 08/18: Fix FileUpload

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 1a5e42b14ee53981a5a2552c75a6299dfc9603fd
Author: Mark Thomas 
AuthorDate: Fri Dec 6 18:59:59 2019 +

Fix FileUpload
---
 java/org/apache/catalina/connector/Request.java | 4 ++--
 java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 5d719c1..bb4039d 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -108,7 +108,7 @@ import org.apache.tomcat.util.http.fileupload.FileItem;
 import org.apache.tomcat.util.http.fileupload.FileUploadException;
 import org.apache.tomcat.util.http.fileupload.disk.DiskFileItemFactory;
 import org.apache.tomcat.util.http.fileupload.impl.InvalidContentTypeException;
-import org.apache.tomcat.util.http.fileupload.impl.SizeLimitExceededException;
+import org.apache.tomcat.util.http.fileupload.impl.SizeException;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
 import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
 import org.apache.tomcat.util.http.parser.AcceptLanguage;
@@ -2928,7 +2928,7 @@ public class Request implements 
org.apache.catalina.servlet4preview.http.HttpSer
 } catch (InvalidContentTypeException e) {
 
parameters.setParseFailedReason(FailReason.INVALID_CONTENT_TYPE);
 partsParseException = new ServletException(e);
-} catch (SizeLimitExceededException e) {
+} catch (SizeException e) {
 parameters.setParseFailedReason(FailReason.POST_TOO_LARGE);
 checkSwallowInput();
 partsParseException = new IllegalStateException(e);
diff --git 
a/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java 
b/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
index 4852795..7928f2d 100644
--- a/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
+++ b/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
@@ -22,7 +22,7 @@ import 
org.apache.tomcat.util.http.fileupload.FileUploadException;
  * This exception is thrown, if a requests permitted size
  * is exceeded.
  */
-abstract class SizeException extends FileUploadException {
+public abstract class SizeException extends FileUploadException {
 
 /**
  * Serial version UID, being used, if serialized.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 17/18: Fix back-port of atomic session ID rotation. Replace default method.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d9a1db799cc30d5bce796e3836bbd837531ce79e
Author: Mark Thomas 
AuthorDate: Fri Dec 6 22:10:29 2019 +

Fix back-port of atomic session ID rotation. Replace default method.
---
 java/org/apache/catalina/Manager.java | 33 ---
 java/org/apache/catalina/connector/Request.java   | 27 ++-
 java/org/apache/catalina/session/ManagerBase.java |  1 -
 3 files changed, 26 insertions(+), 35 deletions(-)

diff --git a/java/org/apache/catalina/Manager.java 
b/java/org/apache/catalina/Manager.java
index 0fe745b..4c8275f 100644
--- a/java/org/apache/catalina/Manager.java
+++ b/java/org/apache/catalina/Manager.java
@@ -215,44 +215,11 @@ public interface Manager {
  * session ID.
  *
  * @param session   The session to change the session ID for
- *
- * @deprecated Use {@link #rotateSessionId(Session)}.
- * Will be removed in Tomcat 10
  */
-@Deprecated
 public void changeSessionId(Session session);
 
 
 /**
- * Change the session ID of the current session to a new randomly generated
- * session ID.
- *
- * @param session   The session to change the session ID for
- *
- * @return  The new session ID
- */
-public default String rotateSessionId(Session session) {
-String newSessionId = null;
-// Assume there new Id is a duplicate until we prove it isn't. The
-// chances of a duplicate are extremely low but the current ManagerBase
-// code protects against duplicates so this default method does too.
-boolean duplicate = true;
-do {
-newSessionId = getSessionIdGenerator().generateSessionId();
-try {
-if (findSession(newSessionId) == null) {
-duplicate = false;
-}
-} catch (IOException ioe) {
-// Swallow. An IOE means the ID was known so continue looping
-}
-} while (duplicate);
-changeSessionId(session, newSessionId);
-return newSessionId;
-}
-
-
-/**
  * Change the session ID of the current session to a specified session ID.
  *
  * @param session   The session to change the session ID for
diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index 954aa3e..d606c2b 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -83,6 +83,7 @@ import org.apache.catalina.core.AsyncContextImpl;
 import org.apache.catalina.mapper.MappingData;
 import org.apache.catalina.servlet4preview.http.HttpServletMapping;
 import org.apache.catalina.servlet4preview.http.PushBuilder;
+import org.apache.catalina.session.ManagerBase;
 import org.apache.catalina.util.ParameterMap;
 import org.apache.catalina.util.TLSUtil;
 import org.apache.catalina.util.URLEncoder;
@@ -2698,12 +2699,36 @@ public class Request implements 
org.apache.catalina.servlet4preview.http.HttpSer
 
 Manager manager = this.getContext().getManager();
 
-String newSessionId = manager.rotateSessionId(session);
+String newSessionId = rotateSessionId(manager, session);
 this.changeSessionId(newSessionId);
 
 return newSessionId;
 }
 
+private String rotateSessionId(Manager manager, Session sessiom) {
+if (manager instanceof ManagerBase) {
+return ((ManagerBase) manager).rotateSessionId(sessiom);
+} else {
+String newSessionId = null;
+// Assume there new Id is a duplicate until we prove it isn't. The
+// chances of a duplicate are extremely low but the current 
ManagerBase
+// code protects against duplicates so this method does too.
+boolean duplicate = true;
+do {
+newSessionId = 
manager.getSessionIdGenerator().generateSessionId();
+try {
+if (manager.findSession(newSessionId) == null) {
+duplicate = false;
+}
+} catch (IOException ioe) {
+// Swallow. An IOE means the ID was known so continue 
looping
+}
+} while (duplicate);
+manager.changeSessionId(session, newSessionId);
+return newSessionId;
+}
+}
+
 /**
  * @return the session associated with this Request, creating one
  * if necessary and requested.
diff --git a/java/org/apache/catalina/session/ManagerBase.java 
b/java/org/apache/catalina/session/ManagerBase.java
index 894256d..74843d0 100644
--- a/java/org/apache/catalina/session/ManagerBase.java
+++ b/java/org/apache/catalina/session/ManagerBase.java
@@ -727,7 +727,6 @@ public abstract class 

[tomcat] branch 8.5.x updated (98fd719 -> 1f9d3e6)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 98fd719  BZ 63982: CombinedRealm makes assumptions about principal 
implementation
 new 5d4e832  Merge in BCEL changes to ff6941e (2019-12-06, 6.4.2-dev)
 new 99382b7  Merge in Codec changes to 9637dd4 (2019-12-06, 1.14-SNAPSHOT)
 new 218ea93  Merge in FileUpload changes to 2317552 (2019-12-06, 
2.0-SNAPSHOT)
 new a3fd9ee  Merge in Pool 2 changes to 6092f92 (2019-12-06, 
2.8.0-SNAPSHOT)
 new 1706b31  Merge in DBCP 2 changes 2 a363390 (2019-12-06, 2.7.1-SNAPSHOT)
 new b9469e8  Fix Findbugs warnings
 new b167af1  Remove unused code reported by SpotBugs
 new 1a5e42b  Fix FileUpload
 new b8d9fbc  Fix codec
 new 17ffce9  Clean-up. No functional change.
 new 38ec82c  Clean-up prior to some refactoring.
 new 0fded7d  Refactor change of session ID to reduce duplicate code
 new e19a202  Refactor so Principal is never cached in session with 
cache==false
 new e8ae801  Harden the FORM authentication process
 new 6dcf03e  Add an atomic method to rotate session ID and return new 
value. Use it.
 new 98c7c55  Update changelog
 new d9a1db7  Fix back-port of atomic session ID rotation. Replace default 
method.
 new 1f9d3e6  Refactor wait to make test failure due to timing issues less 
likely

The 18 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 MERGE.txt  |   20 +-
 .../catalina/authenticator/AuthenticatorBase.java  |   36 +-
 .../apache/catalina/authenticator/Constants.java   |   51 +-
 .../catalina/authenticator/FormAuthenticator.java  |  107 +-
 java/org/apache/catalina/connector/Request.java|   34 +-
 java/org/apache/catalina/session/ManagerBase.java  |6 +
 .../apache/tomcat/dbcp/dbcp2/AbandonedTrace.java   |   92 +-
 .../dbcp/pool2/BaseKeyedPooledObjectFactory.java   |2 +
 .../apache/tomcat/dbcp/pool2/BaseObjectPool.java   |   18 +
 .../apache/tomcat/dbcp/pool2/KeyedObjectPool.java  |  211 ++--
 java/org/apache/tomcat/dbcp/pool2/ObjectPool.java  |  134 ++-
 java/org/apache/tomcat/dbcp/pool2/PoolUtils.java   | 1270 ++--
 .../org/apache/tomcat/dbcp/pool2/PooledObject.java |3 +-
 .../dbcp/pool2/impl/DefaultEvictionPolicy.java |2 +
 .../tomcat/dbcp/pool2/impl/EvictionConfig.java |1 +
 .../dbcp/pool2/impl/GenericKeyedObjectPool.java|   78 +-
 .../tomcat/dbcp/pool2/impl/GenericObjectPool.java  |   46 +-
 .../pool2/impl/InterruptibleReentrantLock.java |1 +
 .../dbcp/pool2/impl/LinkedBlockingDeque.java   |4 +
 .../dbcp/pool2/impl/SoftReferenceObjectPool.java   |3 +
 java/org/apache/tomcat/util/bcel/Const.java|   14 +-
 .../tomcat/util/bcel/classfile/ConstantClass.java  |2 +-
 .../tomcat/util/bcel/classfile/ConstantDouble.java |2 +-
 .../tomcat/util/bcel/classfile/ConstantFloat.java  |2 +-
 .../util/bcel/classfile/ConstantInteger.java   |2 +-
 .../tomcat/util/bcel/classfile/ConstantLong.java   |2 +-
 .../apache/tomcat/util/codec/binary/Base64.java|   28 +-
 .../tomcat/util/codec/binary/BaseNCodec.java   |  100 +-
 .../util/http/fileupload/FileItemIterator.java |   49 +-
 .../util/http/fileupload/FileUploadBase.java   |  702 +--
 .../util/http/fileupload/MultipartStream.java  |   10 +-
 .../util/http/fileupload/disk/DiskFileItem.java|3 +-
 .../http/fileupload/impl/FileItemIteratorImpl.java |  339 ++
 .../http/fileupload/impl/FileItemStreamImpl.java   |  213 
 .../impl/FileSizeLimitExceededException.java   |   94 ++
 .../fileupload/impl/FileUploadIOException.java |   63 +
 .../fileupload/impl/IOFileUploadException.java |   62 +
 .../impl/InvalidContentTypeException.java  |   62 +
 .../util/http/fileupload/impl/SizeException.java   |   75 ++
 .../SizeLimitExceededException.java}   |   25 +-
 .../authenticator/TestBasicAuthParser.java |   15 +-
 .../org/apache/catalina/session/FileStoreTest.java |   12 +-
 test/org/apache/tomcat/util/net/TestSsl.java   |   29 +-
 webapps/docs/changelog.xml |   25 +
 44 files changed, 1738 insertions(+), 2311 deletions(-)
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileItemStreamImpl.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileSizeLimitExceededException.java
 create mode 100644 
java/org/apache/tomcat/util/http/fileupload/impl/FileUploadIOException.java
 create mode 100644 

[tomcat] 12/18: Refactor change of session ID to reduce duplicate code

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0fded7df4bcc345b0063993650a0dfcbf8cbb04a
Author: Mark Thomas 
AuthorDate: Thu Dec 5 23:11:03 2019 +

Refactor change of session ID to reduce duplicate code
---
 .../catalina/authenticator/AuthenticatorBase.java  | 29 --
 .../catalina/authenticator/FormAuthenticator.java  |  5 +---
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 2b5a502..56e8a04 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -46,7 +46,6 @@ import org.apache.catalina.Container;
 import org.apache.catalina.Context;
 import org.apache.catalina.Globals;
 import org.apache.catalina.LifecycleException;
-import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.TomcatPrincipal;
@@ -1128,18 +1127,8 @@ public abstract class AuthenticatorBase extends ValveBase
 if (session != null) {
 // If the principal is null then this is a logout. No need to 
change
 // the session ID. See BZ 59043.
-if (changeSessionIdOnAuthentication && principal != null) {
-String oldId = null;
-if (log.isDebugEnabled()) {
-oldId = session.getId();
-}
-Manager manager = request.getContext().getManager();
-manager.changeSessionId(session);
-request.changeSessionId(session.getId());
-if (log.isDebugEnabled()) {
-log.debug(sm.getString("authenticator.changeSessionId",
-oldId, session.getId()));
-}
+if (getChangeSessionIdOnAuthentication() && principal != null) {
+changeSessionID(request, session);
 }
 } else if (alwaysUseSession) {
 session = request.getSessionInternal(true);
@@ -1226,6 +1215,20 @@ public abstract class AuthenticatorBase extends ValveBase
 
 }
 
+
+protected String changeSessionID(Request request, Session session) {
+String oldId = null;
+if (log.isDebugEnabled()) {
+oldId = session.getId();
+}
+String newId = request.changeSessionId();
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("authenticator.changeSessionId", oldId, 
newId));
+}
+return newId;
+}
+
+
 @Override
 public void login(String username, String password, Request request) 
throws ServletException {
 Principal principal = doLogin(request, username, password);
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 8f4268b..9d5e3f8 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -28,7 +28,6 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -397,9 +396,7 @@ public class FormAuthenticator
 if (getChangeSessionIdOnAuthentication()) {
 Session session = request.getSessionInternal(false);
 if (session != null) {
-Manager manager = request.getContext().getManager();
-manager.changeSessionId(session);
-request.changeSessionId(session.getId());
+changeSessionID(request, session);
 }
 }
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/18: Merge in Codec changes to 9637dd4 (2019-12-06, 1.14-SNAPSHOT)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 99382b7cb94b539ca4b22f43cd1b638dc0241215
Author: Mark Thomas 
AuthorDate: Fri Dec 6 14:29:01 2019 +

Merge in Codec changes to 9637dd4 (2019-12-06, 1.14-SNAPSHOT)
---
 MERGE.txt  |   2 +-
 .../apache/tomcat/util/codec/binary/Base64.java|  28 +++---
 .../tomcat/util/codec/binary/BaseNCodec.java   | 100 +
 webapps/docs/changelog.xml |   4 +
 4 files changed, 107 insertions(+), 27 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index f4fb1f8..b4bd507 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -43,7 +43,7 @@ Codec
 Sub-tree:
 src/main/java/org/apache/commons/codec
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
-3ebef4ad92e31697fb52ca7cc71904c68654c2c8 (2019-08-01)
+9637dd44fa0e2d5a6ddb45791e3cd78298842d95 (2019-12-06)
 Note: Only classes required for Base64 encoding/decoding. The rest are removed.
 
 FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java 
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index da1487f..ab89854 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -139,6 +139,10 @@ public class Base64 extends BaseNCodec {
  */
 /** Mask used to extract 6 bits, used when encoding */
 private static final int MASK_6BITS = 0x3f;
+/** Mask used to extract 4 bits, used when decoding final trailing 
character. */
+private static final int MASK_4BITS = 0xf;
+/** Mask used to extract 2 bits, used when decoding final trailing 
character. */
+private static final int MASK_2BITS = 0x3;
 
 // The static final fields above are used for the original static byte[] 
methods on Base64.
 // The private member fields below are used with the new streaming 
approach, which requires
@@ -483,12 +487,12 @@ public class Base64 extends BaseNCodec {
 // TODO not currently tested; perhaps it is impossible?
 break;
 case 2 : // 12 bits = 8 + 4
-validateCharacter(4, context);
+validateCharacter(MASK_4BITS, context);
 context.ibitWorkArea = context.ibitWorkArea >> 4; // dump 
the extra 4 bits
 buffer[context.pos++] = (byte) ((context.ibitWorkArea) & 
MASK_8BITS);
 break;
 case 3 : // 18 bits = 8 + 8 + 2
-validateCharacter(2, context);
+validateCharacter(MASK_2BITS, context);
 context.ibitWorkArea = context.ibitWorkArea >> 2; // dump 
2 bits
 buffer[context.pos++] = (byte) ((context.ibitWorkArea >> 
8) & MASK_8BITS);
 buffer[context.pos++] = (byte) ((context.ibitWorkArea) & 
MASK_8BITS);
@@ -792,20 +796,22 @@ public class Base64 extends BaseNCodec {
 
 
 /**
- * 
- * Validates whether the character is possible in the context of the set 
of possible base 64 values.
- * 
+ * Validates whether decoding the final trailing character is possible in 
the context
+ * of the set of possible base 64 values.
+ *
+ * The character is valid if the lower bits within the provided mask 
are zero. This
+ * is used to test the final trailing base-64 digit is zero in the bits 
that will be discarded.
  *
- * @param numBitsToDrop number of least significant bits to check
+ * @param emptyBitsMask The mask of the lower bits that should be empty
  * @param context the context to be used
  *
  * @throws IllegalArgumentException if the bits being checked contain any 
non-zero value
  */
-private long validateCharacter(final int numBitsToDrop, final Context 
context) {
-if ((context.ibitWorkArea & numBitsToDrop) != 0) {
-throw new IllegalArgumentException(
-"Last encoded character (before the paddings if any) is a valid 
base 64 alphabet but not a possible value");
+private static void validateCharacter(final int emptyBitsMask, final 
Context context) {
+if ((context.ibitWorkArea & emptyBitsMask) != 0) {
+throw new IllegalArgumentException(
+"Last encoded character (before the paddings if any) is a 
valid base 64 alphabet but not a possible value. " +
+"Expected the discarded bits to be zero.");
 }
-return context.ibitWorkArea >> numBitsToDrop;
 }
 }
diff --git a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 
b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
index 4dbe84a..0e2d1ad 100644
--- a/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
+++ b/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
@@ -141,6 +141,18 @@ public abstract class BaseNCodec 

[tomcat] 11/18: Clean-up prior to some refactoring.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 38ec82c0435f87e3daffa408305cc70e84333fba
Author: Mark Thomas 
AuthorDate: Thu Dec 5 20:00:02 2019 +

Clean-up prior to some refactoring.
---
 .../catalina/authenticator/FormAuthenticator.java  | 57 --
 1 file changed, 19 insertions(+), 38 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 1b54ddd..8f4268b 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -147,22 +147,17 @@ public class FormAuthenticator
 if (log.isDebugEnabled()) {
 log.debug("Checking for reauthenticate in session " + session);
 }
-String username =
-(String) session.getNote(Constants.SESS_USERNAME_NOTE);
-String password =
-(String) session.getNote(Constants.SESS_PASSWORD_NOTE);
-if ((username != null) && (password != null)) {
+String username = (String) 
session.getNote(Constants.SESS_USERNAME_NOTE);
+String password = (String) 
session.getNote(Constants.SESS_PASSWORD_NOTE);
+if (username != null && password != null) {
 if (log.isDebugEnabled()) {
 log.debug("Reauthenticating username '" + username + "'");
 }
-principal =
-context.getRealm().authenticate(username, password);
+principal = context.getRealm().authenticate(username, 
password);
 if (principal != null) {
 session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
 if (!matchRequest(request)) {
-register(request, response, principal,
-HttpServletRequest.FORM_AUTH,
-username, password);
+register(request, response, principal, 
HttpServletRequest.FORM_AUTH, username, password);
 return true;
 }
 }
@@ -177,16 +172,13 @@ public class FormAuthenticator
 if (matchRequest(request)) {
 session = request.getSessionInternal(true);
 if (log.isDebugEnabled()) {
-log.debug("Restore request from session '"
-  + session.getIdInternal()
-  + "'");
+log.debug("Restore request from session '" + 
session.getIdInternal() + "'");
 }
-principal = (Principal)
-session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+principal = (Principal) 
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
 register(request, response, principal, 
HttpServletRequest.FORM_AUTH,
  (String) session.getNote(Constants.SESS_USERNAME_NOTE),
  (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
-// If we're caching principals we no longer need the username
+// If we're caching principals we no longer need the user name
 // and password in the session, so remove them
 if (cache) {
 session.removeNote(Constants.SESS_USERNAME_NOTE);
@@ -211,9 +203,7 @@ public class FormAuthenticator
 String requestURI = request.getDecodedRequestURI();
 
 // Is this the action request from the login page?
-boolean loginAction =
-requestURI.startsWith(contextPath) &&
-requestURI.endsWith(Constants.FORM_ACTION);
+boolean loginAction = requestURI.startsWith(contextPath) && 
requestURI.endsWith(Constants.FORM_ACTION);
 
 LoginConfig config = context.getLoginConfig();
 
@@ -241,8 +231,7 @@ public class FormAuthenticator
 saveRequest(request, session);
 } catch (IOException ioe) {
 log.debug("Request body too big to save during 
authentication");
-response.sendError(HttpServletResponse.SC_FORBIDDEN,
-sm.getString("authenticator.requestBodyTooBig"));
+response.sendError(HttpServletResponse.SC_FORBIDDEN, 
sm.getString("authenticator.requestBodyTooBig"));
 return false;
 }
 forwardToLoginPage(request, response, config);
@@ -276,12 +265,11 @@ public class FormAuthenticator
 }
 if (session == null) {
 if (containerLog.isDebugEnabled()) {
-containerLog.debug
-("User took so long to log on the session expired");
+containerLog.debug("User took so long to log on the session 
expired");
 }
 if (landingPage == null) {
-  

[tomcat] 04/18: Merge in Pool 2 changes to 6092f92 (2019-12-06, 2.8.0-SNAPSHOT)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a3fd9eee952b99974b23f0b328f5fb3f25f79c5e
Author: Mark Thomas 
AuthorDate: Fri Dec 6 15:43:08 2019 +

Merge in Pool 2 changes to 6092f92 (2019-12-06, 2.8.0-SNAPSHOT)
---
 MERGE.txt  |   12 +-
 .../dbcp/pool2/BaseKeyedPooledObjectFactory.java   |2 +
 .../apache/tomcat/dbcp/pool2/BaseObjectPool.java   |   18 +
 .../apache/tomcat/dbcp/pool2/KeyedObjectPool.java  |  211 ++--
 java/org/apache/tomcat/dbcp/pool2/ObjectPool.java  |  134 ++-
 java/org/apache/tomcat/dbcp/pool2/PoolUtils.java   | 1270 ++--
 .../org/apache/tomcat/dbcp/pool2/PooledObject.java |3 +-
 .../dbcp/pool2/impl/DefaultEvictionPolicy.java |2 +
 .../tomcat/dbcp/pool2/impl/EvictionConfig.java |1 +
 .../dbcp/pool2/impl/GenericKeyedObjectPool.java|   78 +-
 .../tomcat/dbcp/pool2/impl/GenericObjectPool.java  |   46 +-
 .../pool2/impl/InterruptibleReentrantLock.java |1 +
 .../dbcp/pool2/impl/LinkedBlockingDeque.java   |4 +
 .../dbcp/pool2/impl/SoftReferenceObjectPool.java   |3 +
 webapps/docs/changelog.xml |4 +
 15 files changed, 421 insertions(+), 1368 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 893ac89..7daec6d 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -58,15 +58,15 @@ Note: Tomcat's copy of fileupload also includes classes 
copied manually from
 
 DBCP
 
+Pool2
+Sub-tree
+src/main/java/org/apache/commons/pool2
+The SHA1 ID for the most recent commit to be merged to Tomcat is:
+6092f924b36061353ff92b18c88400ab3bc05327 (2019-12-06)
+
 DBCP2
 Sub-tree
 src/main/java/org/apache/commons/dbcp2
 src/main/resources/org/apache/commons/dbcp2
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
 4813b7f5456c1f4fecc4f701ac731a71f57db249 (2019-08-09)
-
-Pool2
-Sub-tree
-src/main/java/org/apache/commons/pool2
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
-796e32d53cc0d870ba0db3a7faf4c5b24ff76f3f (2019-08-01)
diff --git 
a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
index 3dd7429..dfbc5a9 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseKeyedPooledObjectFactory.java
@@ -21,7 +21,9 @@ package org.apache.tomcat.dbcp.pool2;
  * 
  * All operations defined here are essentially no-op's.
  * 
+ * 
  * This class is immutable, and therefore thread-safe.
+ * 
  *
  * @see KeyedPooledObjectFactory
  *
diff --git a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java 
b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
index 29f189a..96d3c00 100644
--- a/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
+++ b/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
@@ -22,6 +22,7 @@ package org.apache.tomcat.dbcp.pool2;
  * indicating it is unsupported or throw {@link UnsupportedOperationException}.
  * 
  * This class is intended to be thread-safe.
+ * 
  *
  * @param  Type of element pooled in this pool.
  *
@@ -82,6 +83,23 @@ public abstract class BaseObjectPool extends BaseObject 
implements ObjectPool
 }
 
 /**
+ * Calls {@link ObjectPool#addObject()} count
+ * number of times.
+ *
+ * @param count
+ *the number of idle objects to add.
+ * @throws Exception
+ * when {@link ObjectPool#addObject()} fails.
+ * @since 2.8.0
+ */
+@Override
+public void addObjects(final int count) throws Exception {
+for (int i = 0; i < count; i++) {
+addObject();
+}
+}
+
+/**
  * {@inheritDoc}
  * 
  * This affects the behavior of isClosed and
diff --git a/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java 
b/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java
index 4df37d8..df325ed 100644
--- a/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java
+++ b/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java
@@ -17,6 +17,7 @@
 package org.apache.tomcat.dbcp.pool2;
 
 import java.io.Closeable;
+import java.util.Collection;
 import java.util.NoSuchElementException;
 
 /**
@@ -66,6 +67,60 @@ import java.util.NoSuchElementException;
  * @since 2.0
  */
 public interface KeyedObjectPool extends Closeable {
+
+/**
+ * Create an object using the {@link KeyedPooledObjectFactory factory} or
+ * other implementation dependent mechanism, passivate it, and then place 
it
+ * in the idle object pool. addObject is useful for
+ * "pre-loading" a pool with idle objects (Optional operation).
+ *
+ * @param key the key a new instance should be added to
+ *
+ * @throws Exception
+ *  when {@link KeyedPooledObjectFactory#makeObject} fails.
+ * @throws IllegalStateException
+ *

[tomcat] 01/18: Merge in BCEL changes to ff6941e (2019-12-06, 6.4.2-dev)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 5d4e832d916bd0e53fca7f2b9036936875bf0427
Author: Mark Thomas 
AuthorDate: Fri Dec 6 14:18:15 2019 +

Merge in BCEL changes to ff6941e (2019-12-06, 6.4.2-dev)
---
 MERGE.txt  |  2 +-
 java/org/apache/tomcat/util/bcel/Const.java| 14 --
 .../apache/tomcat/util/bcel/classfile/ConstantClass.java   |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantDouble.java  |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantFloat.java   |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantInteger.java |  2 +-
 .../apache/tomcat/util/bcel/classfile/ConstantLong.java|  2 +-
 webapps/docs/changelog.xml |  4 
 8 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/MERGE.txt b/MERGE.txt
index 18da378..f4fb1f8 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -36,7 +36,7 @@ BCEL
 Sub-tree:
 src/main/java/org/apache/bcel
 The SHA1 ID for the most recent commit to be merged to Tomcat is:
-4b760bb53b57b704006a0a33f7ec187b7e7f5ebc (2019-08-01)
+ff6941e4491c68f6eaf270ff03c1bc1e554c7b42 (2019-12-06)
 
 Codec
 -
diff --git a/java/org/apache/tomcat/util/bcel/Const.java 
b/java/org/apache/tomcat/util/bcel/Const.java
index 402b304..bfaeb42 100644
--- a/java/org/apache/tomcat/util/bcel/Const.java
+++ b/java/org/apache/tomcat/util/bcel/Const.java
@@ -23,12 +23,14 @@ package org.apache.tomcat.util.bcel;
 public final class Const {
 
 /** One of the access flags for fields, methods, or classes.
- *  @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.5;>
- *  Flag definitions for Fields in the Java Virtual Machine Specification 
(Java SE 8 Edition).
- *  @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.6;>
- *  Flag definitions for Methods in the Java Virtual Machine Specification 
(Java SE 8 Edition).
- *  @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1;>
- *  Flag definitions for Classes in the Java Virtual Machine Specification 
(Java SE 8 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1;>
+ *  Flag definitions for Classes in the Java Virtual Machine Specification 
(Java SE 9 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5;>
+ *  Flag definitions for Fields in the Java Virtual Machine Specification 
(Java SE 9 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6;>
+ *  Flag definitions for Methods in the Java Virtual Machine Specification 
(Java SE 9 Edition).
+ *  @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1;>
+ *  Flag definitions for Inner Classes in the Java Virtual Machine 
Specification (Java SE 9 Edition).
  */
 public static final short ACC_FINAL  = 0x0010;
 
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java
index 86e7262..4bce5cc 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java
@@ -48,7 +48,7 @@ public final class ConstantClass extends Constant {
 /**
  * @return Name index in constant pool of class name.
  */
-public final int getNameIndex() {
+public int getNameIndex() {
 return name_index;
 }
 }
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java
index 5ba7fcc..1152dbd 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java
@@ -48,7 +48,7 @@ public final class ConstantDouble extends Constant {
 /**
  * @return data, i.e., 8 bytes.
  */
-public final double getBytes() {
+public double getBytes() {
 return bytes;
 }
 }
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java
index f372bb9..1fd2450 100644
--- a/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java
+++ b/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java
@@ -48,7 +48,7 @@ public final class ConstantFloat extends Constant {
 /**
  * @return data, i.e., 4 bytes.
  */
-public final float getBytes() {
+public float getBytes() {
 return bytes;
 }
 }
diff --git a/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java 
b/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java
index f2c1ba8..0d95983 100644
--- 

Nexus: Staging Completed

[Nexus Repository Manager]

Message from: https://repository.apache.orgDeployer properties:"userAgent" = "maven-artifact/2.2.1 (Java 1.8.0_232; Windows 10 10.0)""userId" = "markt""ip" = "86.135.90.74"Details:The following artifacts have been staged/org/apache/tomcat/tomcat-i18n-de/9.0.30/tomcat-i18n-de-9.0.30.jar(SHA1: fc89215ea3f0b412b0fc4982a5f444dc69dbd3f3)/org/apache/tomcat/tomcat-i18n-de/9.0.30/tomcat-i18n-de-9.0.30.pom.asc(SHA1: 6c793fd31fabc9138ed296600ba41fc087223a73)/org/apache/tomcat/tomcat-i18n-de/9.0.30/tomcat-i18n-de-9.0.30.pom(SHA1: dbe1ad106860650ed977eba9d1afaa612ef0967c)/org/apache/tomcat/tomcat-i18n-de/9.0.30/tomcat-i18n-de-9.0.30.jar.asc(SHA1: ff3ce825ce19165dd20db0ec64585883f834b4d6)/org/apache/tomcat/tomcat-jni/9.0.30/tomcat-jni-9.0.30-sources.jar.asc(SHA1: 55468044f26056b6c66f77b18f12b52095beb41b)/org/apache/tomcat/tomcat-jni/9.0.30/tomcat-jni-9.0.30.jar(SHA1: c015c83f7da889de545d563921a6a64a6b1847cc)/org/apache/tomcat/tomcat-jni/9.0.30/tomcat-jni-9.0.30-sources.jar(SHA1: 565cb2a6a5cdbd0d21c597871feb205dc774f638)/org/apache/tomcat/tomcat-jni/9.0.30/tomcat-jni-9.0.30.pom.asc(SHA1: 10133aac0171273bf165c7bbb5f296ca3ec15015)/org/apache/tomcat/tomcat-jni/9.0.30/tomcat-jni-9.0.30.jar.asc(SHA1: 6e40501f7ead1e817e1cfd9aa0fff610529d78d6)/org/apache/tomcat/tomcat-jni/9.0.30/tomcat-jni-9.0.30.pom(SHA1: 4bd9faa8f438d308e9ed0e3bffa962d5e96a6187)/org/apache/tomcat/tomcat-juli/9.0.30/tomcat-juli-9.0.30.jar(SHA1: 39770fd157770e125adbc81dde2057e8602b8e7a)/org/apache/tomcat/tomcat-juli/9.0.30/tomcat-juli-9.0.30-sources.jar.asc(SHA1: a49501f769c5db9d5984230e5e4469a60f2a34cf)/org/apache/tomcat/tomcat-juli/9.0.30/tomcat-juli-9.0.30.jar.asc(SHA1: 81eaaf311e0144294d21bfe2851461645faa05ef)/org/apache/tomcat/tomcat-juli/9.0.30/tomcat-juli-9.0.30-sources.jar(SHA1: 9a1fcb6789f650d2e4c84549d5116a6644d1c868)/org/apache/tomcat/tomcat-juli/9.0.30/tomcat-juli-9.0.30.pom.asc(SHA1: 4ced464c7dd62dfb027a808b9c066c66d15811c5)/org/apache/tomcat/tomcat-juli/9.0.30/tomcat-juli-9.0.30.pom(SHA1: f654efc81d0674f5600e580d1ec0eed707dc249d)/org/apache/tomcat/tomcat-util/9.0.30/tomcat-util-9.0.30-sources.jar(SHA1: 50fd06d48bb4c3daf69ea68b733a128b5f722809)/org/apache/tomcat/tomcat-util/9.0.30/tomcat-util-9.0.30-sources.jar.asc(SHA1: ad916d6c5813528764914db4d47df8f486062178)/org/apache/tomcat/tomcat-util/9.0.30/tomcat-util-9.0.30.pom.asc(SHA1: 7e665a64dcc4399a48cd1d0c02c7ba0ba2b85ac7)/org/apache/tomcat/tomcat-util/9.0.30/tomcat-util-9.0.30.jar.asc(SHA1: 8effb6b9cd01c65fe138a1be010c555f44f33c21)/org/apache/tomcat/tomcat-util/9.0.30/tomcat-util-9.0.30.jar(SHA1: aadf8dc5954a74db6d4d9b1fa718a8fc2f9ee707)/org/apache/tomcat/tomcat-util/9.0.30/tomcat-util-9.0.30.pom(SHA1: 8b9def85fb74389564021bf8320b475a40e3ad7b)/org/apache/tomcat/tomcat-catalina/9.0.30/tomcat-catalina-9.0.30-sources.jar.asc(SHA1: ea631dd622c0c761e3fff44816cbf22fce846dca)/org/apache/tomcat/tomcat-catalina/9.0.30/tomcat-catalina-9.0.30-sources.jar(SHA1: 168d21ee10866082288fd5440045838b36d7418f)/org/apache/tomcat/tomcat-catalina/9.0.30/tomcat-catalina-9.0.30.jar.asc(SHA1: 8c341dfd64d0bf0c8db3617c9c388610b5db2f14)/org/apache/tomcat/tomcat-catalina/9.0.30/tomcat-catalina-9.0.30.pom.asc(SHA1: b94d87421b5f5666a1156d4940ec41f661178bdb)/org/apache/tomcat/tomcat-catalina/9.0.30/tomcat-catalina-9.0.30.jar(SHA1: 7c3992fe7153e85b468d683cde41b06f2f312a57)/org/apache/tomcat/tomcat-catalina/9.0.30/tomcat-catalina-9.0.30.pom(SHA1: 9c4dc84ff8f68ae44998d6dead07963014c03006)/org/apache/tomcat/tomcat-i18n-fr/9.0.30/tomcat-i18n-fr-9.0.30.pom.asc(SHA1: ee370308ba77748ea8fca38271d688ebed7399bd)/org/apache/tomcat/tomcat-i18n-fr/9.0.30/tomcat-i18n-fr-9.0.30.jar(SHA1: 584a9b6c1c234aa5cfc1fd1f2f50ea96dbd9b4be)/org/apache/tomcat/tomcat-i18n-fr/9.0.30/tomcat-i18n-fr-9.0.30.pom(SHA1: 02dce3af57dde60828e30024c0ca8190d4fd1931)/org/apache/tomcat/tomcat-i18n-fr/9.0.30/tomcat-i18n-fr-9.0.30.jar.asc(SHA1: 2bf7650600af2ae56bce7947e1442486fc4d24b8)/org/apache/tomcat/tomcat-i18n-cs/9.0.30/tomcat-i18n-cs-9.0.30.jar(SHA1: c72fc73b49e86f67542700b635a5d56a90bfa4f9)/org/apache/tomcat/tomcat-i18n-cs/9.0.30/tomcat-i18n-cs-9.0.30.pom(SHA1: 0eadd2853600f95894d03d4ec311880f210f8d3b)/org/apache/tomcat/tomcat-i18n-cs/9.0.30/tomcat-i18n-cs-9.0.30.jar.asc(SHA1: a0e5aef41ce3107a0704bdcc0acb371152e2b7a9)/org/apache/tomcat/tomcat-i18n-cs/9.0.30/tomcat-i18n-cs-9.0.30.pom.asc(SHA1: e936533813016128f92259edf8f79c54ee22a52b)/org/apache/tomcat/tomcat-jdbc/9.0.30/tomcat-jdbc-9.0.30.jar.asc(SHA1: ccf51409732432973dc0f7d9b5ddaa110eab8b3f)/org/apache/tomcat/tomcat-jdbc/9.0.30/tomcat-jdbc-9.0.30.jar(SHA1: 7d5b1052b70b74eb9776cf552b512714aedffdbd)/org/apache/tomcat/tomcat-jdbc/9.0.30/tomcat-jdbc-9.0.30.pom.asc(SHA1: a0dc4696751b27cdc6ae24cab32e0dd300358430)/org/apache/tomcat/tomcat-jdbc/9.0.30/tomcat-jdbc-9.0.30-sources.jar.asc(SHA1: 13f932ede455ea53673e82fd69eb2b30128ed638)/org/apache/tomcat/tomcat-jdbc/9.0.30/tomcat-jdbc-9.0.30-sources.jar(SHA1: 16f2c7fe51e60fb04905600adff17764290dcd27)/org/apache/tomcat/tomcat-jdbc/9.0.30/tomcat-jdbc-9.0.30.pom(SHA1: 

[tomcat] 01/01: Tag 9.0.30

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 9.0.30
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4fab4cc012d0c31852e957d198cb0549f3d6074c
Author: Mark Thomas 
AuthorDate: Sat Dec 7 16:11:24 2019 +

Tag 9.0.30
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 3d0dc4b..a72e7c8 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=9
 version.minor=0
 version.build=30
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Source control flags -
 git.branch=master
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6d904d4..d31c45f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -44,7 +44,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 9.0.30 created (now 4fab4cc)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 9.0.30
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 4fab4cc  (commit)
This tag includes the following new commits:

 new 4fab4cc  Tag 9.0.30

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Tab police.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new d957ec4  Tab police.
d957ec4 is described below

commit d957ec4d67544087ed8fa7b94ee6731ce453a51c
Author: Mark Thomas 
AuthorDate: Sat Dec 7 15:39:14 2019 +

Tab police.

Sorry still getting new development VM set up correctly
---
 test/org/apache/tomcat/util/net/TestSsl.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/TestSsl.java 
b/test/org/apache/tomcat/util/net/TestSsl.java
index 7a2ee32..b777f2c 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -140,8 +140,8 @@ public class TestSsl extends TomcatBaseTest {
 // Handshake complete appears to be called asynchronously
 int wait = 0;
 while (wait < 5000 && !listener.isComplete()) {
-   wait += 50;
-   Thread.sleep(50);
+wait += 50;
+Thread.sleep(50);
 }
 Assert.assertTrue("Checking no client issuer has been requested",
 TesterSupport.getLastClientAuthRequestedIssuerCount() == 0);


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Refactor wait to make test failure due to timing issues less likely

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new d397523  Refactor wait to make test failure due to timing issues less 
likely
d397523 is described below

commit d397523b1397a642729ed541332b58c3afc13e96
Author: god 
AuthorDate: Sat Dec 7 13:27:54 2019 +

Refactor wait to make test failure due to timing issues less likely
---
 test/org/apache/tomcat/util/net/TestSsl.java | 29 +---
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/TestSsl.java 
b/test/org/apache/tomcat/util/net/TestSsl.java
index 8e815f2..7a2ee32 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -136,28 +136,17 @@ public class TestSsl extends TomcatBaseTest {
 
 socket.startHandshake();
 
-// One request should be sufficient
-int requestCount = 0;
-int listenerComplete = 0;
-try {
-while (requestCount < 10) {
-requestCount++;
-doRequest(os, r);
-Assert.assertTrue("Checking no client issuer has been 
requested",
-TesterSupport.getLastClientAuthRequestedIssuerCount() 
== 0);
-if (listener.isComplete() && listenerComplete == 0) {
-listenerComplete = requestCount;
-}
-}
-} catch (AssertionError | IOException e) {
-String message = "Failed on request number " + requestCount
-+ " after startHandshake(). " + e.getMessage();
-log.error(message, e);
-Assert.fail(message);
+doRequest(os, r);
+// Handshake complete appears to be called asynchronously
+int wait = 0;
+while (wait < 5000 && !listener.isComplete()) {
+   wait += 50;
+   Thread.sleep(50);
 }
-
+Assert.assertTrue("Checking no client issuer has been requested",
+TesterSupport.getLastClientAuthRequestedIssuerCount() == 0);
 Assert.assertTrue(listener.isComplete());
-System.out.println("Renegotiation completed after " + listenerComplete 
+ " requests");
+System.out.println("Renegotiation completed after " + wait + " ms");
 }
 
 private void doRequest(OutputStream os, Reader r) throws IOException {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63992] org.glassfish.jersey.server.ServerRuntime$Responder.writeResponse Error on Tomcat 9.0.26

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=63992

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #1 from Mark Thomas  ---
That is an application stack trace so, irrespective of whether the application
works, this looks like an application problem.

Bugzilla is not a support forum. The users mailing list is the place to seek
help.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56021] SSL connector using windows-my keystore

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=56021

Mark Thomas  changed:

   What|Removed |Added

 Resolution|INFORMATIONPROVIDED |FIXED

--- Comment #9 from Mark Thomas  ---
Bugzilla is not a support forum. Please use the users mailing list.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Fix line endings

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new cb32f09  Fix line endings
cb32f09 is described below

commit cb32f099de164f131b6a9e0caee9ac9ecca1be7c
Author: Mark Thomas 
AuthorDate: Sat Dec 7 08:24:36 2019 +

Fix line endings
---
 .../http/fileupload/impl/FileItemIteratorImpl.java | 676 ++---
 .../http/fileupload/impl/FileItemStreamImpl.java   | 424 ++---
 .../impl/FileSizeLimitExceededException.java   | 186 +++---
 .../fileupload/impl/FileUploadIOException.java | 124 ++--
 .../fileupload/impl/IOFileUploadException.java | 122 ++--
 .../impl/InvalidContentTypeException.java  | 122 ++--
 .../util/http/fileupload/impl/SizeException.java   | 148 ++---
 .../impl/SizeLimitExceededException.java   |  84 +--
 8 files changed, 943 insertions(+), 943 deletions(-)

diff --git 
a/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java 
b/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java
index bef13aa..098e089 100644
--- a/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java
+++ b/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java
@@ -1,339 +1,339 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.tomcat.util.http.fileupload.impl;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Locale;
-import java.util.NoSuchElementException;
-
-import org.apache.tomcat.util.http.fileupload.FileItem;
-import org.apache.tomcat.util.http.fileupload.FileItemHeaders;
-import org.apache.tomcat.util.http.fileupload.FileItemIterator;
-import org.apache.tomcat.util.http.fileupload.FileItemStream;
-import org.apache.tomcat.util.http.fileupload.FileUploadBase;
-import org.apache.tomcat.util.http.fileupload.FileUploadException;
-import org.apache.tomcat.util.http.fileupload.IOUtils;
-import org.apache.tomcat.util.http.fileupload.MultipartStream;
-import org.apache.tomcat.util.http.fileupload.ProgressListener;
-import org.apache.tomcat.util.http.fileupload.RequestContext;
-import org.apache.tomcat.util.http.fileupload.UploadContext;
-import org.apache.tomcat.util.http.fileupload.util.LimitedInputStream;
-
-/**
- * The iterator, which is returned by
- * {@link FileUploadBase#getItemIterator(RequestContext)}.
- */
-public class FileItemIteratorImpl implements FileItemIterator {
-private final FileUploadBase fileUploadBase;
-private final RequestContext ctx;
-private long sizeMax, fileSizeMax;
-
-
-@Override
-public long getSizeMax() {
-return sizeMax;
-}
-
-@Override
-public void setSizeMax(long sizeMax) {
-this.sizeMax = sizeMax;
-}
-
-@Override
-public long getFileSizeMax() {
-return fileSizeMax;
-}
-
-@Override
-public void setFileSizeMax(long fileSizeMax) {
-this.fileSizeMax = fileSizeMax;
-}
-
-/**
- * The multi part stream to process.
- */
-private MultipartStream multiPartStream;
-
-/**
- * The notifier, which used for triggering the
- * {@link ProgressListener}.
- */
-private MultipartStream.ProgressNotifier progressNotifier;
-
-/**
- * The boundary, which separates the various parts.
- */
-private byte[] multiPartBoundary;
-
-/**
- * The item, which we currently process.
- */
-private FileItemStreamImpl currentItem;
-
-/**
- * The current items field name.
- */
-private String currentFieldName;
-
-/**
- * Whether we are currently skipping the preamble.
- */
-private boolean skipPreamble;
-
-/**
- * Whether the current item may still be read.
- */
-private boolean itemValid;
-
-/**
- * Whether we have seen the end of the file.
- */
-private boolean eof;
-
-/**
- * Creates a new instance.
- *
- * @param pFileUploadBase Upload instance
- * @param pRequestContext The request context.
- * @throws