Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?
ср, 9 окт. 2019 г. в 00:06, : > > How do we get access to the dev list for information around release > candidates, etc.? In the same way as for the current (users) mailing list that you are writing to: either subscribe or read past messages in an archive. http://tomcat.apache.org/lists.html And do not forget to follow the rules. They are the same as for the users list: http://tomcat.apache.org/lists.html#tomcat-users 6. Top-posting is bad. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?
How do we get access to the dev list for information around release candidates, etc.? Dream * Excel * Explore * Inspire Jon McAlexander Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Konstantin Kolinko Sent: Tuesday, October 8, 2019 5:26 AM To: Tomcat Users List Subject: Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ? вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo : > > Hello, > > I am using a 3rd party valve for OpenId Connect authentication that > stop working upgrading from tomcat 8.5.24 to 8.5.46 > > I managed to isolate the issue behing this and it is caused by a > change in org.apache.tomcat.util.codec.binary.Base64 > > It can be reproduce with a simple test case > > @Test > public void decodeBase64Test() { > String str = > "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRF > ZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXc > yeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4 > ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbu > uGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q"; > > assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBas > e64(str), java.util.Base64.getUrlDecoder().decode(str)); > } > > This test is ok with 8.5.24 but fails with 8.5.46. Are there any known > issues with Base64 utility ? Please test with 8.5.47 release candidate that is currently being voted (see e-mails on the dev@ list for links). There have been changes in the decoding code between 8.5.46 and .47. c8fcc65e74d43b8201a50a30f88836264e565f79 709b45b42020d6cbc59940ab04380f5b0134b946 (on 17 and 18 of September) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?
On 08/10/2019 11:26, Konstantin Kolinko wrote: > вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo : >> >> Hello, >> >> I am using a 3rd party valve for OpenId Connect authentication that stop >> working upgrading from tomcat 8.5.24 to 8.5.46 >> >> I managed to isolate the issue behing this and it is caused by a change >> in org.apache.tomcat.util.codec.binary.Base64 >> >> It can be reproduce with a simple test case >> >> @Test >> public void decodeBase64Test() { >> String str = >> "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRFZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXcyeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbuuGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q"; >> >> assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBase64(str), >> java.util.Base64.getUrlDecoder().decode(str)); >> } >> >> This test is ok with 8.5.24 but fails with 8.5.46. Are there any known >> issues with Base64 utility ? > > Please test with 8.5.47 release candidate that is currently being > voted (see e-mails on the dev@ list for links). > > There have been changes in the decoding code between 8.5.46 and .47. > > c8fcc65e74d43b8201a50a30f88836264e565f79 > 709b45b42020d6cbc59940ab04380f5b0134b946 > (on 17 and 18 of September) And you probably want org.apache.tomcat.util.codec.binary.Base64.decodeBase64URLSafe(String) The short(ish) version is: - Commons CODEC fixed a bug to handle incomplete encodings at the end of the input (CODEC-134) - That triggered a failure in one of Tomcat's unit tests - Fixing the particular failure meant removing the "seamless" decoding of both standard and URL-safe Base64 with the same code - We (OK, I) incorrectly thought Tomcat didn't need the URL-safe decoding so it was removed - this triggered the issue you describe above - Testing of the HTTP/2 showed we did need it so it was restored but separate methods were provided for standard and URL-safe decoding HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?
вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo : > > Hello, > > I am using a 3rd party valve for OpenId Connect authentication that stop > working upgrading from tomcat 8.5.24 to 8.5.46 > > I managed to isolate the issue behing this and it is caused by a change > in org.apache.tomcat.util.codec.binary.Base64 > > It can be reproduce with a simple test case > > @Test > public void decodeBase64Test() { > String str = > "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRFZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXcyeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbuuGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q"; > > assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBase64(str), > java.util.Base64.getUrlDecoder().decode(str)); > } > > This test is ok with 8.5.24 but fails with 8.5.46. Are there any known > issues with Base64 utility ? Please test with 8.5.47 release candidate that is currently being voted (see e-mails on the dev@ list for links). There have been changes in the decoding code between 8.5.46 and .47. c8fcc65e74d43b8201a50a30f88836264e565f79 709b45b42020d6cbc59940ab04380f5b0134b946 (on 17 and 18 of September) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org