Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, This is a pre-upload request to unblock jetty9/9.2.22-1. This update fixes a timing attack in a class checking passwords (no CVE ID has been assigned yet) and removes a broken symlink (#857217). Note that Jetty 9.2.x is in maintenance mode and receives only critical fixes from upstream, that's why I'm suggesting to upload a new version (it mostly consists in the security fix anyway). Thank you, Emmanuel Bourg
diff --git a/VERSION.txt b/VERSION.txt index 5257d881..5ae8c45c 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1,3 +1,10 @@ +jetty-9.2.22.v20170531 - 31 May 2017 + + 920 no main manifest attribute, in jetty-runner-<ver>.jar + + 1108 Please improve logging in SslContextFactory when there are no approved + cipher suites + + 1523 Update ALPN support for Java 8u131 + + 1556 A timing channel in Password.java + jetty-9.2.21.v20170120 - 20 January 2017 + 592 Support no-value Host header in HttpParser + 1229 ClassLoader constraint issue when using NativeWebSocketConfiguration diff --git a/aggregates/jetty-all/pom.xml b/aggregates/jetty-all/pom.xml index 2e21ad21..41b2f86c 100644 --- a/aggregates/jetty-all/pom.xml +++ b/aggregates/jetty-all/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/apache-jsp/pom.xml b/apache-jsp/pom.xml index 41c59d9c..b4114897 100644 --- a/apache-jsp/pom.xml +++ b/apache-jsp/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>apache-jsp</artifactId> diff --git a/apache-jstl/pom.xml b/apache-jstl/pom.xml index 0a4f3463..cc7566a9 100644 --- a/apache-jstl/pom.xml +++ b/apache-jstl/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>apache-jstl</artifactId> diff --git a/debian/changelog b/debian/changelog index 4470c642..46ffe734 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +jetty9 (9.2.22-1) unstable; urgency=medium + + * Team upload. + * New upstream release + * No longer create a link to jetty-overlay-deployer (Closes: #857217) + + -- Emmanuel Bourg <ebo...@apache.org> Sun, 11 Jun 2017 23:23:14 +0200 + jetty9 (9.2.21-1) unstable; urgency=medium * Team upload. diff --git a/debian/jetty9.install b/debian/jetty9.install index ae122cb4..58aa01b3 100644 --- a/debian/jetty9.install +++ b/debian/jetty9.install @@ -6,7 +6,6 @@ jetty-distribution/src/main/resources/etc/* etc/jetty9 jetty-jaas/src/main/config/etc/* etc/jetty9 jetty-jmx/src/main/config/etc/* etc/jetty9 jetty-monitor/src/main/config/etc/* etc/jetty9 -jetty-overlay-deployer/src/main/config/etc/* etc/jetty9 jetty-plus/src/main/config/etc/* etc/jetty9 jetty-proxy/src/main/config/etc/* etc/jetty9 jetty-quickstart/src/main/config/etc/* etc/jetty9 @@ -39,7 +38,6 @@ jetty-jaspi/src/main/config/modules/*.mod usr/share/je jetty-jmx/src/main/config/modules/*.mod usr/share/jetty9/modules jetty-jndi/src/main/config/modules/*.mod usr/share/jetty9/modules jetty-monitor/src/main/config/modules/*.mod usr/share/jetty9/modules -jetty-overlay-deployer/src/main/config/modules/*.mod usr/share/jetty9/modules jetty-plus/src/main/config/modules/*.mod usr/share/jetty9/modules jetty-proxy/src/main/config/modules/*.mod usr/share/jetty9/modules jetty-quickstart/src/main/config/modules/*.mod usr/share/jetty9/modules diff --git a/debian/jetty9.links b/debian/jetty9.links index 0608047b..95e92111 100755 --- a/debian/jetty9.links +++ b/debian/jetty9.links @@ -25,7 +25,6 @@ usr/share/java/jetty9-jaspi.jar usr/share/jetty9/lib/jetty-jaspi usr/share/java/jetty9-jmx.jar usr/share/jetty9/lib/jetty-jmx-${VERSION}.jar usr/share/java/jetty9-jndi.jar usr/share/jetty9/lib/jetty-jndi-${VERSION}.jar usr/share/java/jetty9-monitor.jar usr/share/jetty9/lib/monitor/jetty-monitor-${VERSION}.jar -usr/share/java/jetty9-overlay-deployer.jar usr/share/jetty9/lib/jetty-overlay-deployer-${VERSION}.jar usr/share/java/jetty9-plus.jar usr/share/jetty9/lib/jetty-plus-${VERSION}.jar usr/share/java/jetty9-proxy.jar usr/share/jetty9/lib/jetty-proxy-${VERSION}.jar usr/share/java/jetty9-quickstart.jar usr/share/jetty9/lib/jetty-quickstart-${VERSION}.jar diff --git a/debian/libjetty9-java.poms b/debian/libjetty9-java.poms index 488baacf..8bff1950 100644 --- a/debian/libjetty9-java.poms +++ b/debian/libjetty9-java.poms @@ -38,7 +38,6 @@ jetty-http/pom.xml --java-lib --usj-name=jetty9 jetty-io/pom.xml --java-lib --usj-name=jetty9-io jetty-jaas/pom.xml --java-lib --usj-name=jetty9-jaas jetty-jmx/pom.xml --java-lib --usj-name=jetty9-jmx -jetty-overlay-deployer/pom.xml --java-lib --usj-name=jetty9-overlay-deployer jetty-rewrite/pom.xml --java-lib --usj-name=jetty9-rewrite jetty-security/pom.xml --java-lib --usj-name=jetty9-security jetty-server/pom.xml --java-lib --usj-name=jetty9-server @@ -88,6 +87,7 @@ jetty-jspc-maven-plugin/pom.xml --ignore jetty-jsp/pom.xml --ignore jetty-maven-plugin/pom.xml --ignore jetty-nosql/pom.xml --ignore +jetty-overlay-deployer/pom.xml --ignore jetty-osgi/pom.xml --ignore jetty-rhttp/jetty-rhttp-loadtest/pom.xml --ignore jetty-runner/pom.xml --ignore diff --git a/examples/async-rest/async-rest-jar/pom.xml b/examples/async-rest/async-rest-jar/pom.xml index d33f0620..ff48ab48 100644 --- a/examples/async-rest/async-rest-jar/pom.xml +++ b/examples/async-rest/async-rest-jar/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>example-async-rest</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>org.eclipse.jetty.example-async-rest</groupId> diff --git a/examples/async-rest/async-rest-webapp/pom.xml b/examples/async-rest/async-rest-webapp/pom.xml index 2795c21a..5edaada1 100644 --- a/examples/async-rest/async-rest-webapp/pom.xml +++ b/examples/async-rest/async-rest-webapp/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>example-async-rest</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>org.eclipse.jetty.example-async-rest</groupId> diff --git a/examples/async-rest/pom.xml b/examples/async-rest/pom.xml index ccadaf9a..375b499c 100644 --- a/examples/async-rest/pom.xml +++ b/examples/async-rest/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.examples</groupId> <artifactId>examples-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/examples/embedded/pom.xml b/examples/embedded/pom.xml index 2324e295..550ff351 100644 --- a/examples/embedded/pom.xml +++ b/examples/embedded/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.examples</groupId> <artifactId>examples-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/examples/pom.xml b/examples/pom.xml index 76dbb5b6..97151e50 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <groupId>org.eclipse.jetty.examples</groupId> diff --git a/jetty-alpn/jetty-alpn-client/pom.xml b/jetty-alpn/jetty-alpn-client/pom.xml index 17660a67..5205dffd 100644 --- a/jetty-alpn/jetty-alpn-client/pom.xml +++ b/jetty-alpn/jetty-alpn-client/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-alpn-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-alpn-client</artifactId> diff --git a/jetty-alpn/jetty-alpn-server/pom.xml b/jetty-alpn/jetty-alpn-server/pom.xml index 0d09e00c..cc6cff4a 100644 --- a/jetty-alpn/jetty-alpn-server/pom.xml +++ b/jetty-alpn/jetty-alpn-server/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-alpn-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-alpn-server</artifactId> diff --git a/jetty-alpn/jetty-alpn-server/src/main/config/modules/protonego-impl/alpn-1.8.0_131.mod b/jetty-alpn/jetty-alpn-server/src/main/config/modules/protonego-impl/alpn-1.8.0_131.mod new file mode 100644 index 00000000..fdd38687 --- /dev/null +++ b/jetty-alpn/jetty-alpn-server/src/main/config/modules/protonego-impl/alpn-1.8.0_131.mod @@ -0,0 +1,8 @@ +[name] +protonego-boot + +[files] +http://central.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/8.1.11.v20170118/alpn-boot-8.1.11.v20170118.jar|lib/alpn/alpn-boot-8.1.11.v20170118.jar + +[exec] +-Xbootclasspath/p:lib/alpn/alpn-boot-8.1.11.v20170118.jar diff --git a/jetty-alpn/pom.xml b/jetty-alpn/pom.xml index 98f4a306..806f3e18 100644 --- a/jetty-alpn/pom.xml +++ b/jetty-alpn/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-alpn-parent</artifactId> diff --git a/jetty-annotations/pom.xml b/jetty-annotations/pom.xml index 1ebd0a0f..14cd2462 100644 --- a/jetty-annotations/pom.xml +++ b/jetty-annotations/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-annotations</artifactId> diff --git a/jetty-ant/pom.xml b/jetty-ant/pom.xml index 02ab3c02..b5a2e7b7 100644 --- a/jetty-ant/pom.xml +++ b/jetty-ant/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-ant</artifactId> diff --git a/jetty-cdi/pom.xml b/jetty-cdi/pom.xml index dc901c4d..68860909 100644 --- a/jetty-cdi/pom.xml +++ b/jetty-cdi/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-cdi</artifactId> diff --git a/jetty-client/pom.xml b/jetty-client/pom.xml index ff83b749..29c51580 100644 --- a/jetty-client/pom.xml +++ b/jetty-client/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-continuation/pom.xml b/jetty-continuation/pom.xml index ed6dc25e..fa9076a6 100644 --- a/jetty-continuation/pom.xml +++ b/jetty-continuation/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-continuation</artifactId> diff --git a/jetty-deploy/pom.xml b/jetty-deploy/pom.xml index 61f9da1b..08c9a42b 100644 --- a/jetty-deploy/pom.xml +++ b/jetty-deploy/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-deploy</artifactId> diff --git a/jetty-distribution/pom.xml b/jetty-distribution/pom.xml index 856638ce..fecf0129 100644 --- a/jetty-distribution/pom.xml +++ b/jetty-distribution/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>jetty-distribution</artifactId> <name>Jetty :: Distribution Assemblies</name> diff --git a/jetty-fcgi/fcgi-client/pom.xml b/jetty-fcgi/fcgi-client/pom.xml index 9cefded0..6bded31c 100644 --- a/jetty-fcgi/fcgi-client/pom.xml +++ b/jetty-fcgi/fcgi-client/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.fcgi</groupId> <artifactId>fcgi-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-fcgi/fcgi-server/pom.xml b/jetty-fcgi/fcgi-server/pom.xml index 197c1711..4613e1f7 100644 --- a/jetty-fcgi/fcgi-server/pom.xml +++ b/jetty-fcgi/fcgi-server/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.fcgi</groupId> <artifactId>fcgi-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-fcgi/pom.xml b/jetty-fcgi/pom.xml index 16b12c31..5458ab6b 100644 --- a/jetty-fcgi/pom.xml +++ b/jetty-fcgi/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-http-spi/pom.xml b/jetty-http-spi/pom.xml index c99d390b..0d57284b 100644 --- a/jetty-http-spi/pom.xml +++ b/jetty-http-spi/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-http-spi</artifactId> diff --git a/jetty-http/pom.xml b/jetty-http/pom.xml index 33d76d60..2d18bd23 100644 --- a/jetty-http/pom.xml +++ b/jetty-http/pom.xml @@ -3,7 +3,7 @@ <parent> <artifactId>jetty-project</artifactId> <groupId>org.eclipse.jetty</groupId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-http</artifactId> diff --git a/jetty-io/pom.xml b/jetty-io/pom.xml index 9860982c..0a9fc8c1 100644 --- a/jetty-io/pom.xml +++ b/jetty-io/pom.xml @@ -2,7 +2,7 @@ <parent> <artifactId>jetty-project</artifactId> <groupId>org.eclipse.jetty</groupId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-io</artifactId> diff --git a/jetty-jaas/pom.xml b/jetty-jaas/pom.xml index b2506a2b..8d73be44 100644 --- a/jetty-jaas/pom.xml +++ b/jetty-jaas/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-jaas</artifactId> diff --git a/jetty-jaspi/pom.xml b/jetty-jaspi/pom.xml index 140e2e78..b4668241 100644 --- a/jetty-jaspi/pom.xml +++ b/jetty-jaspi/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-jaspi</artifactId> diff --git a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/DigestAuthModule.java b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/DigestAuthModule.java index afe3bcf1..54ad4f06 100644 --- a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/DigestAuthModule.java +++ b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/DigestAuthModule.java @@ -341,7 +341,7 @@ public class DigestAuthModule extends BaseAuthModule byte[] digest = md.digest(); // check digest - return (TypeUtil.toString(digest, 16).equalsIgnoreCase(response)); + return stringEquals(TypeUtil.toString(digest, 16).toLowerCase(), response == null ? null : response.toLowerCase()); } catch (Exception e) { @@ -356,6 +356,5 @@ public class DigestAuthModule extends BaseAuthModule { return username + "," + response; } - } } diff --git a/jetty-jmx/pom.xml b/jetty-jmx/pom.xml index 8b9b0ffb..2fe3ce66 100644 --- a/jetty-jmx/pom.xml +++ b/jetty-jmx/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-jmx</artifactId> diff --git a/jetty-jndi/pom.xml b/jetty-jndi/pom.xml index 85959b2c..44a9de8b 100644 --- a/jetty-jndi/pom.xml +++ b/jetty-jndi/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-jndi</artifactId> diff --git a/jetty-jsp/pom.xml b/jetty-jsp/pom.xml index 29b2b4fd..9e143323 100644 --- a/jetty-jsp/pom.xml +++ b/jetty-jsp/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-jsp</artifactId> diff --git a/jetty-jspc-maven-plugin/pom.xml b/jetty-jspc-maven-plugin/pom.xml index d8eb5b36..bab283e2 100644 --- a/jetty-jspc-maven-plugin/pom.xml +++ b/jetty-jspc-maven-plugin/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-jspc-maven-plugin</artifactId> diff --git a/jetty-maven-plugin/pom.xml b/jetty-maven-plugin/pom.xml index de7ec779..6f1b5d2e 100644 --- a/jetty-maven-plugin/pom.xml +++ b/jetty-maven-plugin/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-maven-plugin</artifactId> diff --git a/jetty-monitor/pom.xml b/jetty-monitor/pom.xml index cb483675..dc3ff783 100644 --- a/jetty-monitor/pom.xml +++ b/jetty-monitor/pom.xml @@ -19,7 +19,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-monitor</artifactId> diff --git a/jetty-nosql/pom.xml b/jetty-nosql/pom.xml index 6bcca8ef..a809c753 100644 --- a/jetty-nosql/pom.xml +++ b/jetty-nosql/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-nosql</artifactId> diff --git a/jetty-osgi/jetty-osgi-alpn/pom.xml b/jetty-osgi/jetty-osgi-alpn/pom.xml index 9c4e984a..4bdcce33 100644 --- a/jetty-osgi/jetty-osgi-alpn/pom.xml +++ b/jetty-osgi/jetty-osgi-alpn/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-osgi-alpn</artifactId> diff --git a/jetty-osgi/jetty-osgi-boot-jsp/pom.xml b/jetty-osgi/jetty-osgi-boot-jsp/pom.xml index 9e59ebd2..47b812f2 100644 --- a/jetty-osgi/jetty-osgi-boot-jsp/pom.xml +++ b/jetty-osgi/jetty-osgi-boot-jsp/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-osgi-boot-jsp</artifactId> diff --git a/jetty-osgi/jetty-osgi-boot-warurl/pom.xml b/jetty-osgi/jetty-osgi-boot-warurl/pom.xml index 8ac47d42..bb12db98 100644 --- a/jetty-osgi/jetty-osgi-boot-warurl/pom.xml +++ b/jetty-osgi/jetty-osgi-boot-warurl/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-osgi/jetty-osgi-boot/pom.xml b/jetty-osgi/jetty-osgi-boot/pom.xml index 3e94325d..095a16e4 100644 --- a/jetty-osgi/jetty-osgi-boot/pom.xml +++ b/jetty-osgi/jetty-osgi-boot/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-osgi-boot</artifactId> diff --git a/jetty-osgi/jetty-osgi-httpservice/pom.xml b/jetty-osgi/jetty-osgi-httpservice/pom.xml index 3621df5c..fcbfb8ec 100644 --- a/jetty-osgi/jetty-osgi-httpservice/pom.xml +++ b/jetty-osgi/jetty-osgi-httpservice/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-httpservice</artifactId> diff --git a/jetty-osgi/pom.xml b/jetty-osgi/pom.xml index f07fe961..a531cc2d 100644 --- a/jetty-osgi/pom.xml +++ b/jetty-osgi/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> diff --git a/jetty-osgi/test-jetty-osgi-context/pom.xml b/jetty-osgi/test-jetty-osgi-context/pom.xml index 4081de08..653de331 100644 --- a/jetty-osgi/test-jetty-osgi-context/pom.xml +++ b/jetty-osgi/test-jetty-osgi-context/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>test-jetty-osgi-context</artifactId> diff --git a/jetty-osgi/test-jetty-osgi-webapp/pom.xml b/jetty-osgi/test-jetty-osgi-webapp/pom.xml index 15e026b7..fb3f5940 100644 --- a/jetty-osgi/test-jetty-osgi-webapp/pom.xml +++ b/jetty-osgi/test-jetty-osgi-webapp/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-osgi/test-jetty-osgi/pom.xml b/jetty-osgi/test-jetty-osgi/pom.xml index 7176e6b8..18f9f9e2 100644 --- a/jetty-osgi/test-jetty-osgi/pom.xml +++ b/jetty-osgi/test-jetty-osgi/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.osgi</groupId> <artifactId>jetty-osgi-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-plus/pom.xml b/jetty-plus/pom.xml index f6c2e944..f7942345 100644 --- a/jetty-plus/pom.xml +++ b/jetty-plus/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-plus</artifactId> diff --git a/jetty-proxy/pom.xml b/jetty-proxy/pom.xml index 58db25de..0b7d185c 100644 --- a/jetty-proxy/pom.xml +++ b/jetty-proxy/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-proxy</artifactId> diff --git a/jetty-quickstart/pom.xml b/jetty-quickstart/pom.xml index 9b1be14f..9ef040f8 100644 --- a/jetty-quickstart/pom.xml +++ b/jetty-quickstart/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>org.eclipse.jetty</groupId> diff --git a/jetty-rewrite/pom.xml b/jetty-rewrite/pom.xml index e25e674a..5be8747b 100644 --- a/jetty-rewrite/pom.xml +++ b/jetty-rewrite/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-rewrite</artifactId> diff --git a/jetty-runner/pom.xml b/jetty-runner/pom.xml index 598ee585..5bdcc8e9 100644 --- a/jetty-runner/pom.xml +++ b/jetty-runner/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-runner</artifactId> @@ -35,8 +35,7 @@ </executions> </plugin> <plugin> - <groupId>org.apache.maven.plugins - </groupId> + <groupId>org.apache.maven.plugins </groupId> <artifactId>maven-jar-plugin</artifactId> <executions> <execution> @@ -63,6 +62,14 @@ </execution> </executions> </plugin> + <plugin> + <groupId>org.apache.felix</groupId> + <artifactId>maven-bundle-plugin</artifactId> + <extensions>true</extensions> + <configuration> + <skip>true</skip> + </configuration> + </plugin> </plugins> </build> diff --git a/jetty-security/pom.xml b/jetty-security/pom.xml index 3bfb4ceb..fb020af7 100644 --- a/jetty-security/pom.xml +++ b/jetty-security/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-security</artifactId> diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index a982f56a..45055670 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -401,7 +401,7 @@ public class DigestAuthenticator extends LoginAuthenticator byte[] digest = md.digest(); // check digest - return (TypeUtil.toString(digest, 16).equalsIgnoreCase(response)); + return stringEquals(TypeUtil.toString(digest, 16).toLowerCase(), response == null ? null : response.toLowerCase()); } catch (Exception e) { diff --git a/jetty-server/pom.xml b/jetty-server/pom.xml index d019c4ea..984d66c6 100644 --- a/jetty-server/pom.xml +++ b/jetty-server/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-server</artifactId> diff --git a/jetty-servlet/pom.xml b/jetty-servlet/pom.xml index 30288dcd..4b961b95 100644 --- a/jetty-servlet/pom.xml +++ b/jetty-servlet/pom.xml @@ -3,7 +3,7 @@ <parent> <artifactId>jetty-project</artifactId> <groupId>org.eclipse.jetty</groupId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-servlet</artifactId> diff --git a/jetty-servlets/pom.xml b/jetty-servlets/pom.xml index 57eae3ef..f134d1f5 100644 --- a/jetty-servlets/pom.xml +++ b/jetty-servlets/pom.xml @@ -3,7 +3,7 @@ <parent> <artifactId>jetty-project</artifactId> <groupId>org.eclipse.jetty</groupId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-servlets</artifactId> diff --git a/jetty-spdy/pom.xml b/jetty-spdy/pom.xml index 7b2039da..1727f412 100644 --- a/jetty-spdy/pom.xml +++ b/jetty-spdy/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-spdy/spdy-alpn-tests/pom.xml b/jetty-spdy/spdy-alpn-tests/pom.xml index e4d7d397..551cac31 100644 --- a/jetty-spdy/spdy-alpn-tests/pom.xml +++ b/jetty-spdy/spdy-alpn-tests/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-spdy/spdy-client/pom.xml b/jetty-spdy/spdy-client/pom.xml index 032fd2d8..6f3531f4 100644 --- a/jetty-spdy/spdy-client/pom.xml +++ b/jetty-spdy/spdy-client/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-spdy/spdy-core/pom.xml b/jetty-spdy/spdy-core/pom.xml index 557680aa..b7b82cc1 100644 --- a/jetty-spdy/spdy-core/pom.xml +++ b/jetty-spdy/spdy-core/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-spdy/spdy-example-webapp/pom.xml b/jetty-spdy/spdy-example-webapp/pom.xml index 15fdf56b..302e512e 100644 --- a/jetty-spdy/spdy-example-webapp/pom.xml +++ b/jetty-spdy/spdy-example-webapp/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>spdy-example-webapp</artifactId> diff --git a/jetty-spdy/spdy-http-client-transport/pom.xml b/jetty-spdy/spdy-http-client-transport/pom.xml index da4283e3..714020c9 100644 --- a/jetty-spdy/spdy-http-client-transport/pom.xml +++ b/jetty-spdy/spdy-http-client-transport/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-spdy/spdy-http-common/pom.xml b/jetty-spdy/spdy-http-common/pom.xml index 4eccae47..71eedaa2 100644 --- a/jetty-spdy/spdy-http-common/pom.xml +++ b/jetty-spdy/spdy-http-common/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-spdy/spdy-http-server/pom.xml b/jetty-spdy/spdy-http-server/pom.xml index e670a79b..c9e7e3cf 100644 --- a/jetty-spdy/spdy-http-server/pom.xml +++ b/jetty-spdy/spdy-http-server/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>spdy-http-server</artifactId> diff --git a/jetty-spdy/spdy-server/pom.xml b/jetty-spdy/spdy-server/pom.xml index 621c413b..883ce42d 100644 --- a/jetty-spdy/spdy-server/pom.xml +++ b/jetty-spdy/spdy-server/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.spdy</groupId> <artifactId>spdy-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-spring/pom.xml b/jetty-spring/pom.xml index 2692b4ae..153e5621 100644 --- a/jetty-spring/pom.xml +++ b/jetty-spring/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-spring</artifactId> diff --git a/jetty-start/pom.xml b/jetty-start/pom.xml index f9b54d78..58b13f18 100644 --- a/jetty-start/pom.xml +++ b/jetty-start/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-start</artifactId> diff --git a/jetty-start/src/test/resources/dist-home/modules/protonego-impl/alpn-1.8.0_131.mod b/jetty-start/src/test/resources/dist-home/modules/protonego-impl/alpn-1.8.0_131.mod new file mode 100644 index 00000000..fdd38687 --- /dev/null +++ b/jetty-start/src/test/resources/dist-home/modules/protonego-impl/alpn-1.8.0_131.mod @@ -0,0 +1,8 @@ +[name] +protonego-boot + +[files] +http://central.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/8.1.11.v20170118/alpn-boot-8.1.11.v20170118.jar|lib/alpn/alpn-boot-8.1.11.v20170118.jar + +[exec] +-Xbootclasspath/p:lib/alpn/alpn-boot-8.1.11.v20170118.jar diff --git a/jetty-util-ajax/pom.xml b/jetty-util-ajax/pom.xml index 4719cded..2aade6b4 100644 --- a/jetty-util-ajax/pom.xml +++ b/jetty-util-ajax/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-util-ajax</artifactId> diff --git a/jetty-util/pom.xml b/jetty-util/pom.xml index 2dcf9845..04204e6e 100644 --- a/jetty-util/pom.xml +++ b/jetty-util/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-util</artifactId> diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java b/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java index b68e02cf..c413e799 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java @@ -202,6 +202,11 @@ public class PathResource extends Resource } @Override + public String toString() { + return path.toString(); + } + + @Override public ReadableByteChannel getReadableByteChannel() throws IOException { return FileChannel.open(path,StandardOpenOption.READ); diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java index 54296ecb..ba6c7537 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java @@ -26,7 +26,6 @@ import org.eclipse.jetty.util.TypeUtil; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; -/* ------------------------------------------------------------ */ /** * Credentials. The Credential class represents an abstract mechanism for * checking authentication credentials. A credential instance either represents @@ -39,15 +38,12 @@ import org.eclipse.jetty.util.log.Logger; * This class includes an implementation for unix Crypt an MD5 digest. * * @see Password - * */ public abstract class Credential implements Serializable { - private static final Logger LOG = Log.getLogger(Credential.class); - private static final long serialVersionUID = -7760551052768181572L; + private static final Logger LOG = Log.getLogger(Credential.class); - /* ------------------------------------------------------------ */ /** * Check a credential * @@ -59,7 +55,6 @@ public abstract class Credential implements Serializable */ public abstract boolean check(Object credentials); - /* ------------------------------------------------------------ */ /** * Get a credential from a String. If the credential String starts with a * known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that @@ -76,15 +71,61 @@ public abstract class Credential implements Serializable return new Password(credential); } - /* ------------------------------------------------------------ */ + /** + * <p>Utility method that replaces String.equals() to avoid timing attacks.</p> + * + * @param s1 the first string to compare + * @param s2 the second string to compare + * @return whether the two strings are equal + */ + protected static boolean stringEquals(String s1, String s2) + { + if (s1 == s2) + return true; + if (s1 == null || s2 == null) + return false; + boolean result = true; + int l1 = s1.length(); + int l2 = s2.length(); + if (l1 != l2) + result = false; + int l = Math.min(l1, l2); + for (int i = 0; i < l; ++i) + result &= s1.charAt(i) == s2.charAt(i); + return result; + } + + /** + * <p>Utility method that replaces Arrays.equals() to avoid timing attacks.</p> + * + * @param b1 the first byte array to compare + * @param b2 the second byte array to compare + * @return whether the two byte arrays are equal + */ + protected static boolean byteEquals(byte[] b1, byte[] b2) + { + if (b1 == b2) + return true; + if (b1 == null || b2 == null) + return false; + boolean result = true; + int l1 = b1.length; + int l2 = b2.length; + if (l1 != l2) + result = false; + int l = Math.min(l1, l2); + for (int i = 0; i < l; ++i) + result &= b1[i] == b2[i]; + return result; + } + /** * Unix Crypt Credentials */ public static class Crypt extends Credential { private static final long serialVersionUID = -2027792997664744210L; - - public static final String __TYPE = "CRYPT:"; + private static final String __TYPE = "CRYPT:"; private final String _cooked; @@ -100,58 +141,48 @@ public abstract class Credential implements Serializable credentials=new String((char[])credentials); if (!(credentials instanceof String) && !(credentials instanceof Password)) LOG.warn("Can't check " + credentials.getClass() + " against CRYPT"); - - String passwd = credentials.toString(); - return _cooked.equals(UnixCrypt.crypt(passwd, _cooked)); + return stringEquals(_cooked, UnixCrypt.crypt(credentials.toString(), _cooked)); } public static String crypt(String user, String pw) { - return "CRYPT:" + UnixCrypt.crypt(pw, user); + return __TYPE + UnixCrypt.crypt(pw, user); } } - /* ------------------------------------------------------------ */ /** * MD5 Credentials */ public static class MD5 extends Credential { private static final long serialVersionUID = 5533846540822684240L; - - public static final String __TYPE = "MD5:"; - - public static final Object __md5Lock = new Object(); - + private static final String __TYPE = "MD5:"; + private static final Object __md5Lock = new Object(); private static MessageDigest __md; private final byte[] _digest; - /* ------------------------------------------------------------ */ MD5(String digest) { digest = digest.startsWith(__TYPE) ? digest.substring(__TYPE.length()) : digest; _digest = TypeUtil.parseBytes(digest, 16); } - /* ------------------------------------------------------------ */ public byte[] getDigest() { return _digest; } - /* ------------------------------------------------------------ */ @Override public boolean check(Object credentials) { try { - byte[] digest = null; - if (credentials instanceof char[]) credentials=new String((char[])credentials); if (credentials instanceof Password || credentials instanceof String) { + byte[] digest; synchronized (__md5Lock) { if (__md == null) __md = MessageDigest.getInstance("MD5"); @@ -159,20 +190,12 @@ public abstract class Credential implements Serializable __md.update(credentials.toString().getBytes(StandardCharsets.ISO_8859_1)); digest = __md.digest(); } - if (digest == null || digest.length != _digest.length) return false; - boolean digestMismatch = false; - for (int i = 0; i < digest.length; i++) - digestMismatch |= (digest[i] != _digest[i]); - return !digestMismatch; + return byteEquals(_digest, digest); } else if (credentials instanceof MD5) { MD5 md5 = (MD5)credentials; - if (_digest.length != md5._digest.length) return false; - boolean digestMismatch = false; - for (int i = 0; i < _digest.length; i++) - digestMismatch |= (_digest[i] != md5._digest[i]); - return !digestMismatch; + return byteEquals(_digest, md5._digest); } else if (credentials instanceof Credential) { @@ -193,7 +216,6 @@ public abstract class Credential implements Serializable } } - /* ------------------------------------------------------------ */ public static String digest(String password) { try diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java index 81ff1b92..fe7839bf 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java @@ -20,7 +20,6 @@ package org.eclipse.jetty.util.security; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.util.Arrays; import java.util.Locale; import org.eclipse.jetty.util.log.Log; @@ -96,15 +95,20 @@ public class Password extends Credential @Override public boolean check(Object credentials) { - if (this == credentials) return true; + if (this == credentials) + return true; - if (credentials instanceof Password) return credentials.equals(_pw); + if (credentials instanceof Password) + return credentials.equals(_pw); - if (credentials instanceof String) return credentials.equals(_pw); + if (credentials instanceof String) + return stringEquals(_pw, (String)credentials); - if (credentials instanceof char[]) return Arrays.equals(_pw.toCharArray(), (char[]) credentials); + if (credentials instanceof char[]) + return stringEquals(_pw, new String((char[])credentials)); - if (credentials instanceof Credential) return ((Credential) credentials).check(_pw); + if (credentials instanceof Credential) + return ((Credential)credentials).check(_pw); return false; } @@ -120,14 +124,10 @@ public class Password extends Credential return false; if (o instanceof Password) - { - Password p = (Password) o; - //noinspection StringEquality - return p._pw == _pw || (null != _pw && _pw.equals(p._pw)); - } + return stringEquals(_pw, ((Password)o)._pw); if (o instanceof String) - return o.equals(_pw); + return stringEquals(_pw, (String)o); return false; } @@ -175,7 +175,6 @@ public class Password extends Credential } return buf.toString(); - } /* ------------------------------------------------------------ */ diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index 8420b9fc..9983b5ae 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -35,6 +35,7 @@ import java.security.cert.CollectionCertStoreParameters; import java.security.cert.PKIXBuilderParameters; import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -64,6 +65,8 @@ import javax.net.ssl.X509TrustManager; import org.eclipse.jetty.util.IO; import org.eclipse.jetty.util.component.AbstractLifeCycle; +import org.eclipse.jetty.util.component.ContainerLifeCycle; +import org.eclipse.jetty.util.component.Dumpable; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; import org.eclipse.jetty.util.resource.Resource; @@ -78,7 +81,7 @@ import org.eclipse.jetty.util.security.Password; * creates SSL context based on these parameters to be * used by the SSL connectors. */ -public class SslContextFactory extends AbstractLifeCycle +public class SslContextFactory extends AbstractLifeCycle implements Dumpable { public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager() { @@ -316,6 +319,38 @@ public class SslContextFactory extends AbstractLifeCycle } @Override + public String dump() + { + return ContainerLifeCycle.dump(this); + } + + @Override + public void dump(Appendable out, String indent) throws IOException + { + out.append(String.valueOf(this)).append(" trustAll=").append(Boolean.toString(_trustAll)).append(System.lineSeparator()); + + SSLEngine sslEngine = newSSLEngine(); + + List<Object> selections = new ArrayList<>(); + + // protocols + selections.add(new SslSelectionDump("Protocol", + sslEngine.getSupportedProtocols(), + sslEngine.getEnabledProtocols(), + getExcludeProtocols(), + getIncludeProtocols())); + + // ciphers + selections.add(new SslSelectionDump("Cipher Suite", + sslEngine.getSupportedCipherSuites(), + sslEngine.getEnabledCipherSuites(), + getExcludeCipherSuites(), + getIncludeCipherSuites())); + + ContainerLifeCycle.dump(out, indent, selections); + } + + @Override protected void doStop() throws Exception { _context = null; diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslSelectionDump.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslSelectionDump.java new file mode 100644 index 00000000..4922aef2 --- /dev/null +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslSelectionDump.java @@ -0,0 +1,202 @@ +// +// ======================================================================== +// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.util.ssl; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.eclipse.jetty.util.component.ContainerLifeCycle; +import org.eclipse.jetty.util.component.Dumpable; + +public class SslSelectionDump extends ContainerLifeCycle implements Dumpable +{ + private static class CaptionedList extends ArrayList<String> implements Dumpable + { + private final String caption; + + public CaptionedList(String caption) + { + this.caption = caption; + } + + @Override + public String dump() + { + return ContainerLifeCycle.dump(SslSelectionDump.CaptionedList.this); + } + + @Override + public void dump(Appendable out, String indent) throws IOException + { + out.append(caption); + out.append(" (size=").append(Integer.toString(size())).append(")"); + out.append(System.lineSeparator()); + ContainerLifeCycle.dump(out, indent, this); + } + } + + private final String type; + private SslSelectionDump.CaptionedList enabled = new SslSelectionDump.CaptionedList("Enabled"); + private SslSelectionDump.CaptionedList disabled = new SslSelectionDump.CaptionedList("Disabled"); + + public SslSelectionDump(String type, + String[] supportedByJVM, + String[] enabledByJVM, + String[] excludedByConfig, + String[] includedByConfig) + { + this.type = type; + addBean(enabled); + addBean(disabled); + + List<String> jvmEnabled = Arrays.asList(enabledByJVM); + + List<Pattern> excludedPatterns = toPatternList(excludedByConfig); + List<Pattern> includedPatterns = toPatternList(includedByConfig); + + for(String entry: toSortedList(supportedByJVM)) + { + boolean isPresent = true; + + StringBuilder s = new StringBuilder(); + s.append(entry); + if (!jvmEnabled.contains(entry)) + { + if (isPresent) + { + s.append(" -"); + isPresent = false; + } + s.append(" JreDisabled:java.security"); + } + + for (Pattern pattern : excludedPatterns) + { + Matcher m = pattern.matcher(entry); + if (m.matches()) + { + if (isPresent) + { + s.append(" -"); + isPresent = false; + } + else + { + s.append(","); + } + s.append(" ConfigExcluded:'").append(pattern.pattern()).append('\''); + } + } + + if (!includedPatterns.isEmpty()) + { + boolean isIncluded = false; + for (Pattern pattern : includedPatterns) + { + Matcher m = pattern.matcher(entry); + if (m.matches()) + { + isIncluded = true; + break; + } + } + + if (!isIncluded) + { + if (isPresent) + { + s.append(" -"); + isPresent = false; + } + else + { + s.append(","); + } + s.append(" ConfigIncluded:NotSpecified"); + } + } + + if (isPresent) + { + enabled.add(s.toString()); + } + else + { + disabled.add(s.toString()); + } + } + } + + private List<String> toSortedList(String[] strings) + { + List<String> sorted = new ArrayList<>(); + for (String entry : strings) + { + sorted.add(entry); + } + + Collections.sort(sorted, new Comparator<String>() + { + @Override + public int compare(String o1, String o2) + { + return o1.compareTo(o2); + } + }); + + return sorted; + } + + private static List<Pattern> toPatternList(String[] configs) + { + // Arrays.stream(configs) + // .map((entry) -> Pattern.compile(entry)) + // .collect(Collectors.toList()); + List<Pattern> ret = new ArrayList<>(); + for (String entry : configs) + { + ret.add(Pattern.compile(entry)); + } + return ret; + } + + @Override + public String dump() + { + return ContainerLifeCycle.dump(this); + } + + @Override + public void dump(Appendable out, String indent) throws IOException + { + dumpBeans(out, indent); + } + + @Override + protected void dumpThis(Appendable out) throws IOException + { + out.append(type).append(" Selections").append(System.lineSeparator()); + } +} diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java index d6a2e993..a594429f 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java @@ -18,6 +18,7 @@ package org.eclipse.jetty.util.ssl; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThan; import static org.hamcrest.Matchers.is; @@ -32,19 +33,20 @@ import java.security.KeyStore; import javax.net.ssl.SSLEngine; import org.eclipse.jetty.toolchain.test.JDK; -import org.eclipse.jetty.toolchain.test.OS; import org.eclipse.jetty.util.component.AbstractLifeCycle; -import org.eclipse.jetty.util.log.Log; -import org.eclipse.jetty.util.log.StdErrLog; +import org.eclipse.jetty.util.log.StacklessLogging; import org.eclipse.jetty.util.resource.Resource; -import org.junit.Assert; import org.junit.Assume; import org.junit.Before; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; public class SslContextFactoryTest { + @Rule + public ExpectedException expectedException = ExpectedException.none(); private SslContextFactory cf; @@ -55,9 +57,19 @@ public class SslContextFactoryTest } @Test + public void testSLOTH() throws Exception + { + cf.setKeyStorePassword("storepwd"); + cf.setKeyManagerPassword("keypwd"); + + cf.start(); + + cf.dump(System.out, ""); + } + + @Test public void testNoTsFileKs() throws Exception { - String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore"; cf.setKeyStorePassword("storepwd"); cf.setKeyManagerPassword("keypwd"); @@ -130,7 +142,6 @@ public class SslContextFactoryTest @Test public void testResourceTsResourceKsWrongPW() throws Exception { - SslContextFactory.LOG.info("EXPECT SslContextFactory@????????(null,null): java.security.UnrecoverableKeyException: Cannot recover key..."); Resource keystoreResource = Resource.newSystemResource("keystore"); Resource truststoreResource = Resource.newSystemResource("keystore"); @@ -140,21 +151,16 @@ public class SslContextFactoryTest cf.setKeyManagerPassword("wrong_keypwd"); cf.setTrustStorePassword("storepwd"); - try + try (StacklessLogging ignored = new StacklessLogging(AbstractLifeCycle.class)) { - ((StdErrLog)Log.getLogger(AbstractLifeCycle.class)).setHideStacks(true); + expectedException.expect(java.security.UnrecoverableKeyException.class); cf.start(); - Assert.fail(); - } - catch(java.security.UnrecoverableKeyException e) - { } } @Test public void testResourceTsWrongPWResourceKs() throws Exception { - SslContextFactory.LOG.info("EXPECT SslContextFactory@????????(null,null): java.io.IOException: Keystore was tampered with ..."); Resource keystoreResource = Resource.newSystemResource("keystore"); Resource truststoreResource = Resource.newSystemResource("keystore"); @@ -164,35 +170,23 @@ public class SslContextFactoryTest cf.setKeyManagerPassword("keypwd"); cf.setTrustStorePassword("wrong_storepwd"); - try + try (StacklessLogging ignored = new StacklessLogging(AbstractLifeCycle.class)) { - ((StdErrLog)Log.getLogger(AbstractLifeCycle.class)).setHideStacks(true); + expectedException.expect(IOException.class); + expectedException.expectMessage(containsString("Keystore was tampered with, or password was incorrect")); cf.start(); - Assert.fail(); - } - catch(IOException e) - { } } @Test public void testNoKeyConfig() throws Exception { - try + try (StacklessLogging ignored = new StacklessLogging(AbstractLifeCycle.class)) { - SslContextFactory.LOG.info("EXPECT SslContextFactory@????????(null,/foo): java.lang.IllegalStateException: SSL doesn't have a valid keystore..."); - ((StdErrLog)Log.getLogger(AbstractLifeCycle.class)).setHideStacks(true); cf.setTrustStorePath("/foo"); + expectedException.expect(IllegalStateException.class); + expectedException.expectMessage(containsString("SSL doesn't have a valid keystore")); cf.start(); - Assert.fail(); - } - catch (IllegalStateException e) - { - - } - catch (Exception e) - { - Assert.fail("Unexpected exception"); } } @@ -211,40 +205,15 @@ public class SslContextFactoryTest @Test public void testSetIncludeCipherSuitesRegex() throws Exception { - // Test does not work on JDK 8+ (RC4 is disabled) + cf.setIncludeCipherSuites(".*ECDHE.*",".*WIBBLE.*"); Assume.assumeFalse(JDK.IS_8); - cf.setIncludeCipherSuites(".*RC4.*"); cf.start(); SSLEngine sslEngine = cf.newSSLEngine(); String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites(); - assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(0)); + assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1)); for (String enabledCipherSuite : enabledCipherSuites) - assertThat("CipherSuite contains RC4", enabledCipherSuite.contains("RC4"), is(true)); - } - - @Test - public void testSetIncludeCipherSuitesPreservesOrder() - { - String[] supportedCipherSuites = new String[]{"cipher4", "cipher2", "cipher1", "cipher3"}; - String[] includeCipherSuites = {"cipher1", "cipher3", "cipher4"}; - - cf.setIncludeCipherSuites(includeCipherSuites); - String[] selectedCipherSuites = cf.selectCipherSuites(null, supportedCipherSuites); - - assertSelectedMatchesIncluded(includeCipherSuites, selectedCipherSuites); - } - - @Test - public void testSetIncludeProtocolsPreservesOrder() - { - String[] supportedProtocol = new String[]{"cipher4", "cipher2", "cipher1", "cipher3"}; - String[] includeProtocol = {"cipher1", "cipher3", "cipher4"}; - - cf.setIncludeProtocols(includeProtocol); - String[] selectedProtocol = cf.selectProtocols(null, supportedProtocol); - - assertSelectedMatchesIncluded(includeProtocol, selectedProtocol); + assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), equalTo(true)); } @Test @@ -255,12 +224,4 @@ public class SslContextFactoryTest assertNotNull(cf.getExcludeCipherSuites()); assertNotNull(cf.getIncludeCipherSuites()); } - - private void assertSelectedMatchesIncluded(String[] includeStrings, String[] selectedStrings) - { - assertThat(includeStrings.length + " strings are selected", selectedStrings.length, is(includeStrings.length)); - assertThat("order from includeStrings is preserved", selectedStrings[0], equalTo(includeStrings[0])); - assertThat("order from includeStrings is preserved", selectedStrings[1], equalTo(includeStrings[1])); - assertThat("order from includeStrings is preserved", selectedStrings[2], equalTo(includeStrings[2])); - } } diff --git a/jetty-webapp/pom.xml b/jetty-webapp/pom.xml index 3914d24d..a76862a7 100644 --- a/jetty-webapp/pom.xml +++ b/jetty-webapp/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-webapp</artifactId> diff --git a/jetty-websocket/javax-websocket-client-impl/pom.xml b/jetty-websocket/javax-websocket-client-impl/pom.xml index c88c059d..28f88e1f 100644 --- a/jetty-websocket/javax-websocket-client-impl/pom.xml +++ b/jetty-websocket/javax-websocket-client-impl/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.websocket</groupId> <artifactId>websocket-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-websocket/javax-websocket-server-impl/pom.xml b/jetty-websocket/javax-websocket-server-impl/pom.xml index 121dddf0..96560d58 100644 --- a/jetty-websocket/javax-websocket-server-impl/pom.xml +++ b/jetty-websocket/javax-websocket-server-impl/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.websocket</groupId> <artifactId>websocket-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-websocket/pom.xml b/jetty-websocket/pom.xml index 86d3abe7..35fce3fd 100644 --- a/jetty-websocket/pom.xml +++ b/jetty-websocket/pom.xml @@ -3,7 +3,7 @@ <parent> <artifactId>jetty-project</artifactId> <groupId>org.eclipse.jetty</groupId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-websocket/websocket-api/pom.xml b/jetty-websocket/websocket-api/pom.xml index 4cd09858..2e7d698b 100644 --- a/jetty-websocket/websocket-api/pom.xml +++ b/jetty-websocket/websocket-api/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.websocket</groupId> <artifactId>websocket-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-websocket/websocket-client/pom.xml b/jetty-websocket/websocket-client/pom.xml index a3135f22..e6d61394 100644 --- a/jetty-websocket/websocket-client/pom.xml +++ b/jetty-websocket/websocket-client/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.websocket</groupId> <artifactId>websocket-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-websocket/websocket-common/pom.xml b/jetty-websocket/websocket-common/pom.xml index a615001c..989c6bfc 100644 --- a/jetty-websocket/websocket-common/pom.xml +++ b/jetty-websocket/websocket-common/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.websocket</groupId> <artifactId>websocket-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-websocket/websocket-server/pom.xml b/jetty-websocket/websocket-server/pom.xml index af2eec38..7be7c89e 100644 --- a/jetty-websocket/websocket-server/pom.xml +++ b/jetty-websocket/websocket-server/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.websocket</groupId> <artifactId>websocket-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-websocket/websocket-servlet/pom.xml b/jetty-websocket/websocket-servlet/pom.xml index 118326a0..0f37ef90 100644 --- a/jetty-websocket/websocket-servlet/pom.xml +++ b/jetty-websocket/websocket-servlet/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.websocket</groupId> <artifactId>websocket-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/jetty-xml/pom.xml b/jetty-xml/pom.xml index ae8d8bf5..3621d493 100644 --- a/jetty-xml/pom.xml +++ b/jetty-xml/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jetty-xml</artifactId> diff --git a/pom.xml b/pom.xml index eea7a19e..b1b33af4 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ <version>23</version> </parent> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <name>Jetty :: Project</name> <url>http://www.eclipse.org/jetty</url> <packaging>pom</packaging> @@ -1353,5 +1353,17 @@ <alpn.version>8.1.11.v20170118</alpn.version> </properties> </profile> + <profile> + <id>8u131</id> + <activation> + <property> + <name>java.version</name> + <value>1.8.0_131</value> + </property> + </activation> + <properties> + <alpn.version>8.1.11.v20170118</alpn.version> + </properties> + </profile> </profiles> </project> diff --git a/tests/pom.xml b/tests/pom.xml index 581f4151..150aaeb3 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <groupId>org.eclipse.jetty.tests</groupId> diff --git a/tests/test-continuation/pom.xml b/tests/test-continuation/pom.xml index 80008049..5b35952f 100644 --- a/tests/test-continuation/pom.xml +++ b/tests/test-continuation/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>tests-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/tests/test-integration/pom.xml b/tests/test-integration/pom.xml index e6189272..c469c229 100644 --- a/tests/test-integration/pom.xml +++ b/tests/test-integration/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>tests-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>test-integration</artifactId> diff --git a/tests/test-jmx/jmx-webapp-it/pom.xml b/tests/test-jmx/jmx-webapp-it/pom.xml index b6892275..ffa342b2 100644 --- a/tests/test-jmx/jmx-webapp-it/pom.xml +++ b/tests/test-jmx/jmx-webapp-it/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-jmx-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>jmx-webapp-it</artifactId> diff --git a/tests/test-jmx/jmx-webapp/pom.xml b/tests/test-jmx/jmx-webapp/pom.xml index 13307fd3..bddd3c79 100644 --- a/tests/test-jmx/jmx-webapp/pom.xml +++ b/tests/test-jmx/jmx-webapp/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-jmx-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>jmx-webapp</artifactId> <packaging>war</packaging> diff --git a/tests/test-jmx/pom.xml b/tests/test-jmx/pom.xml index 3ff69551..271e75d1 100644 --- a/tests/test-jmx/pom.xml +++ b/tests/test-jmx/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>tests-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>test-jmx-parent</artifactId> diff --git a/tests/test-loginservice/pom.xml b/tests/test-loginservice/pom.xml index fd395745..4aaf978a 100644 --- a/tests/test-loginservice/pom.xml +++ b/tests/test-loginservice/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>tests-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-loginservice</artifactId> <name>Jetty Tests :: Login Service</name> diff --git a/tests/test-quickstart/pom.xml b/tests/test-quickstart/pom.xml index 87a3b4f7..0a39d4e6 100644 --- a/tests/test-quickstart/pom.xml +++ b/tests/test-quickstart/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>tests-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/tests/test-sessions/pom.xml b/tests/test-sessions/pom.xml index 2ee451de..7e15021d 100644 --- a/tests/test-sessions/pom.xml +++ b/tests/test-sessions/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>tests-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-sessions-parent</artifactId> <name>Jetty Tests :: Sessions :: Parent</name> diff --git a/tests/test-sessions/test-hash-sessions/pom.xml b/tests/test-sessions/test-hash-sessions/pom.xml index 1dd868e7..75005a0a 100644 --- a/tests/test-sessions/test-hash-sessions/pom.xml +++ b/tests/test-sessions/test-hash-sessions/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-sessions-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-hash-sessions</artifactId> <name>Jetty Tests :: Sessions :: Hash</name> diff --git a/tests/test-sessions/test-jdbc-sessions/pom.xml b/tests/test-sessions/test-jdbc-sessions/pom.xml index b44f8a0e..d43a2170 100644 --- a/tests/test-sessions/test-jdbc-sessions/pom.xml +++ b/tests/test-sessions/test-jdbc-sessions/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-sessions-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-jdbc-sessions</artifactId> <name>Jetty Tests :: Sessions :: JDBC</name> diff --git a/tests/test-sessions/test-mongodb-sessions/pom.xml b/tests/test-sessions/test-mongodb-sessions/pom.xml index a74d93da..362730c6 100644 --- a/tests/test-sessions/test-mongodb-sessions/pom.xml +++ b/tests/test-sessions/test-mongodb-sessions/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-sessions-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-mongodb-sessions</artifactId> <name>Jetty Tests :: Sessions :: Mongo</name> diff --git a/tests/test-sessions/test-sessions-common/pom.xml b/tests/test-sessions/test-sessions-common/pom.xml index 87eb7404..dab6fa1d 100644 --- a/tests/test-sessions/test-sessions-common/pom.xml +++ b/tests/test-sessions/test-sessions-common/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-sessions-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-sessions-common</artifactId> <name>Jetty Tests :: Sessions :: Common</name> diff --git a/tests/test-webapps/pom.xml b/tests/test-webapps/pom.xml index 7adeb2d1..443c93cb 100644 --- a/tests/test-webapps/pom.xml +++ b/tests/test-webapps/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>tests-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <artifactId>test-webapps-parent</artifactId> diff --git a/tests/test-webapps/test-jaas-webapp/pom.xml b/tests/test-webapps/test-jaas-webapp/pom.xml index 51e3e231..385606da 100644 --- a/tests/test-webapps/test-jaas-webapp/pom.xml +++ b/tests/test-webapps/test-jaas-webapp/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-webapps-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-jaas-webapp</artifactId> <name>Jetty Tests :: WebApp :: JAAS</name> diff --git a/tests/test-webapps/test-jetty-webapp/pom.xml b/tests/test-webapps/test-jetty-webapp/pom.xml index b82aa9c6..5253af6e 100644 --- a/tests/test-webapps/test-jetty-webapp/pom.xml +++ b/tests/test-webapps/test-jetty-webapp/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-webapps-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/tests/test-webapps/test-jndi-webapp/pom.xml b/tests/test-webapps/test-jndi-webapp/pom.xml index 8de0a29f..41810cb9 100644 --- a/tests/test-webapps/test-jndi-webapp/pom.xml +++ b/tests/test-webapps/test-jndi-webapp/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-webapps-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-jndi-webapp</artifactId> <name>Jetty Tests :: WebApp :: JNDI</name> diff --git a/tests/test-webapps/test-mock-resources/pom.xml b/tests/test-webapps/test-mock-resources/pom.xml index 4133f4e2..a3acb35b 100644 --- a/tests/test-webapps/test-mock-resources/pom.xml +++ b/tests/test-webapps/test-mock-resources/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-webapps-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <name>Jetty Tests :: WebApp :: Mock Resources</name> <artifactId>test-mock-resources</artifactId> diff --git a/tests/test-webapps/test-proxy-webapp/pom.xml b/tests/test-webapps/test-proxy-webapp/pom.xml index 6bfc0a0e..dd19b466 100644 --- a/tests/test-webapps/test-proxy-webapp/pom.xml +++ b/tests/test-webapps/test-proxy-webapp/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-webapps-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/tests/test-webapps/test-servlet-spec/pom.xml b/tests/test-webapps/test-servlet-spec/pom.xml index c133f1d5..dee1904f 100644 --- a/tests/test-webapps/test-servlet-spec/pom.xml +++ b/tests/test-webapps/test-servlet-spec/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-webapps-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-servlet-spec-parent</artifactId> <name>Jetty Tests :: Spec Test WebApp :: Parent</name> diff --git a/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml b/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml index d837efc8..78db79e9 100644 --- a/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml +++ b/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-servlet-spec-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-container-initializer</artifactId> <packaging>jar</packaging> diff --git a/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml b/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml index 3bc7ab3f..2911c900 100644 --- a/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml +++ b/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-servlet-spec-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <name>Jetty Tests :: Webapps :: Spec Webapp</name> <artifactId>test-spec-webapp</artifactId> diff --git a/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml b/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml index 85b4eeea..9028fa15 100644 --- a/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml +++ b/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-servlet-spec-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <name>Jetty Tests :: WebApp :: Servlet Spec :: Fragment Jar</name> <groupId>org.eclipse.jetty.tests</groupId> diff --git a/tests/test-webapps/test-webapp-rfc2616/pom.xml b/tests/test-webapps/test-webapp-rfc2616/pom.xml index 8d4c8109..1068220a 100644 --- a/tests/test-webapps/test-webapp-rfc2616/pom.xml +++ b/tests/test-webapps/test-webapp-rfc2616/pom.xml @@ -21,7 +21,7 @@ <parent> <groupId>org.eclipse.jetty.tests</groupId> <artifactId>test-webapps-parent</artifactId> - <version>9.2.21.v20170120</version> + <version>9.2.22.v20170531</version> </parent> <artifactId>test-webapp-rfc2616</artifactId> <name>Jetty Tests :: WebApp :: RFC2616</name>