Re: [PR] Bump org.mockito:mockito-junit-jupiter from 5.11.0 to 5.12.0 [directory-scimple]
bdemers merged PR #580: URL: https://github.com/apache/directory-scimple/pull/580 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.mockito:mockito-core from 5.11.0 to 5.12.0 [directory-scimple]
bdemers merged PR #579: URL: https://github.com/apache/directory-scimple/pull/579 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.17.1 [directory-scimple]
bdemers merged PR #581: URL: https://github.com/apache/directory-scimple/pull/581 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump com.google.guava:guava from 33.1.0-android to 33.2.0-android [directory-scimple]
bdemers merged PR #583: URL: https://github.com/apache/directory-scimple/pull/583 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump com.gradle:develocity-maven-extension from 1.21.1 to 1.21.4 [directory-scimple]
bdemers merged PR #585: URL: https://github.com/apache/directory-scimple/pull/585 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump version.quarkus from 3.9.5 to 3.10.0 [directory-scimple]
bdemers merged PR #577: URL: https://github.com/apache/directory-scimple/pull/577 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Resolved] (DIRAPI-402) unhandled exception (ArrayIndexOutOfBoundsException) in LDAP URL parser
[
https://issues.apache.org/jira/browse/DIRAPI-402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lécharny resolved DIRAPI-402.
--
Resolution: Fixed
Patch pushed.
> unhandled exception (ArrayIndexOutOfBoundsException) in LDAP URL parser
> ---
>
> Key: DIRAPI-402
> URL: https://issues.apache.org/jira/browse/DIRAPI-402
> Project: Directory Client API
> Issue Type: Bug
>Affects Versions: 2.1.6
>Reporter: Andrey Slepykh
>Priority: Major
> Fix For: 2.1.7
>
> Attachments: ReproducerIndexOutOfRange.java
>
>
> Hi, we have found another unhandled exception
> (ArrayIndexOutOfBoundsException) in LDAP URL parser version 2.1.6.
> Steps to reproduce:
> 1. Download Apache Directory LDAP API v2.1.6:
> {code:java}
> wget wget
> https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz
> tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz{code}
> 2. Compile the project (we used jdk-11 and mvn-3.9.6):
> {code:java}
> cd directory-ldap-api-2.1.6
> mvn clean package{code}
> 3. Get the reproducer:
> {code:java}
> mkdir fuzz && cd fuzz
> mv /ReproducerIndexOutOfRange.java .{code}
> 4. Compile the reproducer
> {code:java}
> javac -cp ../ldap/model/target/classes/ ./ReproducerIndexOutOfRange.java{code}
> 5. Reproduce the exception:
> {code:java}
> java -cp
> ../ldap/model/target/classes/:../../jazzer/jazzer_standalone.jar:.:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../i18n/target/classes/:../integ-osgi/target/dependency/org.apache.servicemix.bundles.antlr-2.7.7_5.jar
> ReproducerIndexOutOfRange{code}
>
> Found by Linux Verification Center (portal.linuxtesting.ru) with jazzer.
> Author L.Reviakin (l.revia...@fobos-nt.ru)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-402) unhandled exception (ArrayIndexOutOfBoundsException) in LDAP URL parser
[
https://issues.apache.org/jira/browse/DIRAPI-402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850043#comment-17850043
]
Emmanuel Lécharny commented on DIRAPI-402:
--
Yes, another missing boundary check before parsing the optional host :/
Fixing it right away.
> unhandled exception (ArrayIndexOutOfBoundsException) in LDAP URL parser
> ---
>
> Key: DIRAPI-402
> URL: https://issues.apache.org/jira/browse/DIRAPI-402
> Project: Directory Client API
> Issue Type: Bug
>Affects Versions: 2.1.6
>Reporter: Andrey Slepykh
>Priority: Major
> Attachments: ReproducerIndexOutOfRange.java
>
>
> Hi, we have found another unhandled exception
> (ArrayIndexOutOfBoundsException) in LDAP URL parser version 2.1.6.
> Steps to reproduce:
> 1. Download Apache Directory LDAP API v2.1.6:
> {code:java}
> wget wget
> https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz
> tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz{code}
> 2. Compile the project (we used jdk-11 and mvn-3.9.6):
> {code:java}
> cd directory-ldap-api-2.1.6
> mvn clean package{code}
> 3. Get the reproducer:
> {code:java}
> mkdir fuzz && cd fuzz
> mv /ReproducerIndexOutOfRange.java .{code}
> 4. Compile the reproducer
> {code:java}
> javac -cp ../ldap/model/target/classes/ ./ReproducerIndexOutOfRange.java{code}
> 5. Reproduce the exception:
> {code:java}
> java -cp
> ../ldap/model/target/classes/:../../jazzer/jazzer_standalone.jar:.:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../i18n/target/classes/:../integ-osgi/target/dependency/org.apache.servicemix.bundles.antlr-2.7.7_5.jar
> ReproducerIndexOutOfRange{code}
>
> Found by Linux Verification Center (portal.linuxtesting.ru) with jazzer.
> Author L.Reviakin (l.revia...@fobos-nt.ru)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Updated] (DIRAPI-402) unhandled exception (ArrayIndexOutOfBoundsException) in LDAP URL parser
[
https://issues.apache.org/jira/browse/DIRAPI-402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lécharny updated DIRAPI-402:
-
Fix Version/s: 2.1.7
> unhandled exception (ArrayIndexOutOfBoundsException) in LDAP URL parser
> ---
>
> Key: DIRAPI-402
> URL: https://issues.apache.org/jira/browse/DIRAPI-402
> Project: Directory Client API
> Issue Type: Bug
>Affects Versions: 2.1.6
>Reporter: Andrey Slepykh
>Priority: Major
> Fix For: 2.1.7
>
> Attachments: ReproducerIndexOutOfRange.java
>
>
> Hi, we have found another unhandled exception
> (ArrayIndexOutOfBoundsException) in LDAP URL parser version 2.1.6.
> Steps to reproduce:
> 1. Download Apache Directory LDAP API v2.1.6:
> {code:java}
> wget wget
> https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz
> tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz{code}
> 2. Compile the project (we used jdk-11 and mvn-3.9.6):
> {code:java}
> cd directory-ldap-api-2.1.6
> mvn clean package{code}
> 3. Get the reproducer:
> {code:java}
> mkdir fuzz && cd fuzz
> mv /ReproducerIndexOutOfRange.java .{code}
> 4. Compile the reproducer
> {code:java}
> javac -cp ../ldap/model/target/classes/ ./ReproducerIndexOutOfRange.java{code}
> 5. Reproduce the exception:
> {code:java}
> java -cp
> ../ldap/model/target/classes/:../../jazzer/jazzer_standalone.jar:.:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../i18n/target/classes/:../integ-osgi/target/dependency/org.apache.servicemix.bundles.antlr-2.7.7_5.jar
> ReproducerIndexOutOfRange{code}
>
> Found by Linux Verification Center (portal.linuxtesting.ru) with jazzer.
> Author L.Reviakin (l.revia...@fobos-nt.ru)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Created] (DIRAPI-402) unhandled exception (ArrayIndexOutOfBoundsException) in LDAP URL parser
Andrey Slepykh created DIRAPI-402:
-
Summary: unhandled exception (ArrayIndexOutOfBoundsException) in
LDAP URL parser
Key: DIRAPI-402
URL: https://issues.apache.org/jira/browse/DIRAPI-402
Project: Directory Client API
Issue Type: Bug
Affects Versions: 2.1.6
Reporter: Andrey Slepykh
Attachments: ReproducerIndexOutOfRange.java
Hi, we have found another unhandled exception (ArrayIndexOutOfBoundsException)
in LDAP URL parser version 2.1.6.
Steps to reproduce:
1. Download Apache Directory LDAP API v2.1.6:
{code:java}
wget wget
https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz
tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz{code}
2. Compile the project (we used jdk-11 and mvn-3.9.6):
{code:java}
cd directory-ldap-api-2.1.6
mvn clean package{code}
3. Get the reproducer:
{code:java}
mkdir fuzz && cd fuzz
mv /ReproducerIndexOutOfRange.java .{code}
4. Compile the reproducer
{code:java}
javac -cp ../ldap/model/target/classes/ ./ReproducerIndexOutOfRange.java{code}
5. Reproduce the exception:
{code:java}
java -cp
../ldap/model/target/classes/:../../jazzer/jazzer_standalone.jar:.:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../i18n/target/classes/:../integ-osgi/target/dependency/org.apache.servicemix.bundles.antlr-2.7.7_5.jar
ReproducerIndexOutOfRange{code}
Found by Linux Verification Center (portal.linuxtesting.ru) with jazzer.
Author L.Reviakin (l.revia...@fobos-nt.ru)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[PR] Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 [directory-kerby]
dependabot[bot] opened a new pull request, #385: URL: https://github.com/apache/directory-kerby/pull/385 Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.25.3 to 3.26.0. Release notes Sourced from https://github.com/assertj/assertj/releases;>org.assertj:assertj-core's releases. v.3.26.0 :boom: Breaking Changes Core Delegate OptionalDouble value comparison to Double.compare in hasValue assertion https://redirect.github.com/assertj/assertj/issues/3411;>#3411 This fixes the comparison of NaN values which wasn't working the way the hasValue Javadoc describes. The previous behavior can be obtained with getAsDouble: assertThat(OptionalDouble.of(Double.NaN).getAsDouble()).isSameAs(Double.NaN); :no_entry_sign: Deprecated Core Deprecate ObjectAssertFactory in favor of Assertions.assertThat(Object) Deprecate AssertionErrorFactory in favor of AssertionErrorCreator Deprecate catchThrowableOfType(ThrowingCallable, Class) in favor of catchThrowableOfType(Class, ThrowingCallable) https://redirect.github.com/assertj/assertj/issues/2823;>#2823 Deprecate assertThat(Iterable, AssertFactory), assertThat(Iterable, Class) and their respective then variants https://redirect.github.com/assertj/assertj/issues/3453;>#3453 :sparkles: New Features Core Support multiple AfterAssertionErrorCollected callbacks https://redirect.github.com/assertj/assertj/issues/3313;>#3313 Add InstanceOfAssertFactory for Set instances https://redirect.github.com/assertj/assertj/issues/3325;>#3325 Add doesNotContainKey and doesNotContainKeys to Guava Multimap assertions https://redirect.github.com/assertj/assertj/issues/3334;>#3334 Add assertions for JDK YearMonth type https://redirect.github.com/assertj/assertj/issues/3142;>#3142 Add TemporalAssert type https://redirect.github.com/assertj/assertj/issues/3404;>#3404 Add ignoringFieldsOfTypesMatchingRegexes https://redirect.github.com/assertj/assertj/issues/3369;>#3369 Add fail(Throwable) and fail() variants https://redirect.github.com/assertj/assertj/issues/3204;>#3204 Add isPrivate to Class assertions Add doesNot[Start/End]WithWhitespace methods to CharSequence assertions https://redirect.github.com/assertj/assertj/issues/3441;>#3441 Add createAssert(ValueProvider) to AssertFactory https://redirect.github.com/assertj/assertj/issues/3377;>#3377 Add values() navigation method to AbstractMapAssert https://redirect.github.com/assertj/assertj/issues/3297;>#3297 Add bytes()/bytes(Charset)/bytes(String) navigation methods to AbstractStringAssert https://redirect.github.com/assertj/assertj/issues/3232;>#3232 Add doesNotThrowAnyExceptionExcept to AbstractThrowableAssert https://redirect.github.com/assertj/assertj/issues/3261;>#3261 Add hasPermittedSubclasses to Class assertions https://redirect.github.com/assertj/assertj/issues/3316;>#3316 Add isUnmodifiable to Iterator assertions https://redirect.github.com/assertj/assertj/issues/3477;>#3477 :bug: Bug Fixes Core ... (truncated) Commits https://github.com/assertj/assertj/commit/b7aae0383d4a06b9f7e3ee82aa94039e4ce49711;>b7aae03 [maven-release-plugin] prepare release assertj-build-3.26.0 https://github.com/assertj/assertj/commit/be4cf7cea4d703a76107217afc2083dbe015b7a4;>be4cf7c Add isUnmodifiable to Iterator assertions (https://redirect.github.com/assertj/assertj/issues/3477;>#3477) https://github.com/assertj/assertj/commit/6e760db4f2288f9de0f88a874273bdcfda072cb4;>6e760db chore(deps-dev): bump org.springframework:spring-core from 5.3.35 to 5.3.36 (... https://github.com/assertj/assertj/commit/29d2bbeb5c5ba640ce73f63f717719044a5efeff;>29d2bbe chore(deps): bump byte-buddy.version from 1.14.15 to 1.14.16 (https://redirect.github.com/assertj/assertj/issues/3487;>#3487) https://github.com/assertj/assertj/commit/97b642a0b462fe0ad25255800f9531eaa44c4c15;>97b642a Rebuild default date formats used to parse string as dates when the default t... https://github.com/assertj/assertj/commit/9eeb352e1188b8398a952fc9819a5173d44f8fe0;>9eeb352 Refactor tests covering date string conversion https://github.com/assertj/assertj/commit/9707d51dae690505f6bd25102a6dd3f70800923d;>9707d51 chore(deps): bump kotlin.version from 1.9.24 to 2.0.0 (https://redirect.github.com/assertj/assertj/issues/3484;>#3484) https://github.com/assertj/assertj/commit/6bab51761c59a25ec933baad919236d3f45bea6d;>6bab517 chore(deps-dev): bump org.hibernate.orm:hibernate-core from 6.5.1.Final to 6 https://github.com/assertj/assertj/commit/5f70fec3ec07e19b032aeb821710f08e1de326c1;>5f70fec Reduce Qodana verbosity in PRs https://github.com/assertj/assertj/commit/99f2991a15323a3e4afe009d62aac43cca589067;>99f2991 Fix Instant conversion with Date assertions (https://redirect.github.com/assertj/assertj/issues/3467;>#3467) Additional commits
[PR] Bump com.alibaba:druid from 1.2.22 to 1.2.23 [directory-kerby]
dependabot[bot] opened a new pull request, #384: URL: https://github.com/apache/directory-kerby/pull/384 Bumps [com.alibaba:druid](https://github.com/alibaba/druid) from 1.2.22 to 1.2.23. Release notes Sourced from https://github.com/alibaba/druid/releases;>com.alibaba:druid's releases. druid 1.2.23发布 这是主要增强优化了SQL语句解析的版本,大家按需升级。 Issues 优化SpringBoot3动态数据源场景的适配 https://redirect.github.com/alibaba/druid/issues/5798;>#5798 优化SQLBinaryOpExpr等表达式的括号解析和SQL生成逻辑 https://redirect.github.com/alibaba/druid/issues/5855;>#5855 优化中括号解析逻辑 https://redirect.github.com/alibaba/druid/issues/5914;>#5914 针对gaussdb,Goldendb等数据库增加初步的自动适配逻辑 https://redirect.github.com/alibaba/druid/issues/5828;>#5828 https://redirect.github.com/alibaba/druid/issues/5848;>#5848 废除导致hive低版本jdbc不兼容的Checker https://redirect.github.com/alibaba/druid/issues/5878;>#5878 增强postgresql,mysql等类型sql语句解析 https://redirect.github.com/alibaba/druid/issues/5881;>#5881 https://redirect.github.com/alibaba/druid/issues/5879;>#5879 https://redirect.github.com/alibaba/druid/issues/5795;>#5795 https://redirect.github.com/alibaba/druid/issues/5885;>#5885 其它若干解析SQL的优化。主要根据Issue反馈和PR反馈,持续进行优化。 相关连接 druid下载 https://repo1.maven.org/maven2/com/alibaba/druid/1.2.23/;>https://repo1.maven.org/maven2/com/alibaba/druid/1.2.23/ druid-spring-booter下载 https://repo1.maven.org/maven2/com/alibaba/druid-spring-boot-starter/1.2.23/;>https://repo1.maven.org/maven2/com/alibaba/druid-spring-boot-starter/1.2.23/ 文档 https://github.com/alibaba/druid/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98;>https://github.com/alibaba/druid/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/druid/tree/1.2.23;>https://github.com/alibaba/druid/tree/1.2.23 内置监控演示 http://120.26.192.168/druid/;>http://120.26.192.168/druid/ SpringBoot 3.x对应starter为: https://repo1.maven.org/maven2/com/alibaba/druid-spring-boot-3-starter/1.2.23/;>https://repo1.maven.org/maven2/com/alibaba/druid-spring-boot-3-starter/1.2.23/ Commits https://github.com/alibaba/druid/commit/988c4c6c5ed94aeb9d46eef727a92a6b7caf47b4;>988c4c6 1.2.23 release https://github.com/alibaba/druid/commit/822141b932c8c401b8fdd39d8feea82a884f34ff;>822141b fix SQLParserUtils#splitAndRemoveComment https://github.com/alibaba/druid/commit/9b45ad168bd416b06b94d155ae2aeeb533f7c005;>9b45ad1 Fix typo in WallVisitorUtils https://github.com/alibaba/druid/commit/a8d20a204aef87749314a6e25681c91ad73835dc;>a8d20a2 修复listagg wthin group语句转换错误的问题 https://github.com/alibaba/druid/commit/a340e0b800c3877a95a63428f14a53c5fe5469c1;>a340e0b Update DruidDataSource.java https://github.com/alibaba/druid/commit/8a1e75f899bce2f427f52841f2950d1a842b4ff4;>8a1e75f 国产数据库GoldenDB驱动类名支持创建ExceptionSorter https://github.com/alibaba/druid/commit/a89d5bd6fc6d4e58dea8c690cd3d48cf6010664f;>a89d5bd Add tests https://github.com/alibaba/druid/commit/e1047e9ecfadc8ad2aad5b2f2b6e9be958f941e4;>e1047e9 Remove duplicate condition check https://github.com/alibaba/druid/commit/b0b12fd741a97c747792be3fb9b6c327d9d61678;>b0b12fd Add constructors for SQLParameter https://github.com/alibaba/druid/commit/ae415397bd9c19cb502cfaaf026299de07c143d7;>ae41539 Reuse setter method in SQLExprStatement constructor Additional commits viewable in https://github.com/alibaba/druid/compare/1.2.22...1.2.23;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to
Re: [PR] Bump ossf/scorecard-action from 2.3.1 to 2.3.3 [directory-ldap-api]
coheigea merged PR #94: URL: https://github.com/apache/directory-ldap-api/pull/94 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump actions/checkout from 4.1.4 to 4.1.6 [directory-ldap-api]
coheigea merged PR #96: URL: https://github.com/apache/directory-ldap-api/pull/96 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump github/codeql-action from 2.13.4 to 3.25.6 [directory-ldap-api]
coheigea merged PR #97: URL: https://github.com/apache/directory-ldap-api/pull/97 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump github/codeql-action from 3.25.5 to 3.25.6 [directory-kerby]
coheigea merged PR #382: URL: https://github.com/apache/directory-kerby/pull/382 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.gaul:modernizer-maven-plugin from 2.7.0 to 2.9.0 [directory-kerby]
coheigea merged PR #380: URL: https://github.com/apache/directory-kerby/pull/380 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.3.0 [directory-kerby]
coheigea merged PR #381: URL: https://github.com/apache/directory-kerby/pull/381 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: [PR] Bump org.jboss.xnio:xnio-api from 3.8.14.Final to 3.8.15.Final [directory-kerby]
coheigea merged PR #383: URL: https://github.com/apache/directory-kerby/pull/383 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Resolved] (DIRAPI-400) Hang in LDAP URL parser
[
https://issues.apache.org/jira/browse/DIRAPI-400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lécharny resolved DIRAPI-400.
--
Fix Version/s: 2.1.7
Resolution: Fixed
Fixed and test added.
Thanks for the report!
> Hang in LDAP URL parser
> ---
>
> Key: DIRAPI-400
> URL: https://issues.apache.org/jira/browse/DIRAPI-400
> Project: Directory Client API
> Issue Type: Bug
>Affects Versions: 2.1.6
>Reporter: Andrey Slepykh
>Priority: Major
> Fix For: 2.1.7
>
> Attachments: Reproducer.java
>
>
> Hello, we have found a problem in LDAP URL parser in version 2.1.6 while
> fuzzing. The problem is that LDAP parser can not properly handle specially
> crafted inputs and just hangs.
> {{Steps to reproduce:}}
> ~1. Download Apache Directory LDAP API v2.1.6:~
> ^wget wget
> [https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz]^
> ^tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz^
> {{2. Compile the project (we used jdk-11 and mvn-3.9.6):}}
> {{^cd directory-ldap-api-2.1.6^}}
> {{^mvn clean package^}}
> {{3. Get the reproducer:}}
> {{^mkdir fuzz && cd fuzz^}}
> {{^mv /Reproducer.java .^}}
> {{4. Compile the reproducer:}}
> {{^javac -cp ../ldap/model/target/classes/ ./Reproducer.java^}}
> {{5. Reproduce the hang:}}
> {{^java -cp
> ../ldap/model/target/classes/:.:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.26.jar:../i18n/target/classes/
> Reproducer^}}
> We decided to fuzz this function, because it is used in Apache Directory
> Server
> Found by Linux Verification Center (portal.linuxtesting.ru) with Jazzer.
> Author L.Reviakin (l.revia...@fobos-nt.ru)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-400) Hang in LDAP URL parser
[
https://issues.apache.org/jira/browse/DIRAPI-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849937#comment-17849937
]
Emmanuel Lécharny commented on DIRAPI-400:
--
Ok, got an infinite loop because a boundary check is missing in many parts of
the code...
Just added them, running the tests.
Good catch!
> Hang in LDAP URL parser
> ---
>
> Key: DIRAPI-400
> URL: https://issues.apache.org/jira/browse/DIRAPI-400
> Project: Directory Client API
> Issue Type: Bug
>Affects Versions: 2.1.6
>Reporter: Andrey Slepykh
>Priority: Major
> Attachments: Reproducer.java
>
>
> Hello, we have found a problem in LDAP URL parser in version 2.1.6 while
> fuzzing. The problem is that LDAP parser can not properly handle specially
> crafted inputs and just hangs.
> {{Steps to reproduce:}}
> ~1. Download Apache Directory LDAP API v2.1.6:~
> ^wget wget
> [https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz]^
> ^tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz^
> {{2. Compile the project (we used jdk-11 and mvn-3.9.6):}}
> {{^cd directory-ldap-api-2.1.6^}}
> {{^mvn clean package^}}
> {{3. Get the reproducer:}}
> {{^mkdir fuzz && cd fuzz^}}
> {{^mv /Reproducer.java .^}}
> {{4. Compile the reproducer:}}
> {{^javac -cp ../ldap/model/target/classes/ ./Reproducer.java^}}
> {{5. Reproduce the hang:}}
> {{^java -cp
> ../ldap/model/target/classes/:.:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.26.jar:../i18n/target/classes/
> Reproducer^}}
> We decided to fuzz this function, because it is used in Apache Directory
> Server
> Found by Linux Verification Center (portal.linuxtesting.ru) with Jazzer.
> Author L.Reviakin (l.revia...@fobos-nt.ru)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-400) Hang in LDAP URL parser
[
https://issues.apache.org/jira/browse/DIRAPI-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849934#comment-17849934
]
Andrey Slepykh commented on DIRAPI-400:
---
My bad
I accidentally sent you a normal version of the testcase. Please replace input
string in Reproducer.java with this: "ldap://[1:2:ldap:///o; and try again.
That should result in a hang.
> Hang in LDAP URL parser
> ---
>
> Key: DIRAPI-400
> URL: https://issues.apache.org/jira/browse/DIRAPI-400
> Project: Directory Client API
> Issue Type: Bug
>Affects Versions: 2.1.6
>Reporter: Andrey Slepykh
>Priority: Major
> Attachments: Reproducer.java
>
>
> Hello, we have found a problem in LDAP URL parser in version 2.1.6 while
> fuzzing. The problem is that LDAP parser can not properly handle specially
> crafted inputs and just hangs.
> {{Steps to reproduce:}}
> ~1. Download Apache Directory LDAP API v2.1.6:~
> ^wget wget
> [https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.6.tar.gz]^
> ^tar xf 2.1.6.tar.gz && rm 2.1.6.tar.gz^
> {{2. Compile the project (we used jdk-11 and mvn-3.9.6):}}
> {{^cd directory-ldap-api-2.1.6^}}
> {{^mvn clean package^}}
> {{3. Get the reproducer:}}
> {{^mkdir fuzz && cd fuzz^}}
> {{^mv /Reproducer.java .^}}
> {{4. Compile the reproducer:}}
> {{^javac -cp ../ldap/model/target/classes/ ./Reproducer.java^}}
> {{5. Reproduce the hang:}}
> {{^java -cp
> ../ldap/model/target/classes/:.:../util/target/classes/:../integ-osgi/target/dependency/slf4j-api-1.7.26.jar:../i18n/target/classes/
> Reproducer^}}
> We decided to fuzz this function, because it is used in Apache Directory
> Server
> Found by Linux Verification Center (portal.linuxtesting.ru) with Jazzer.
> Author L.Reviakin (l.revia...@fobos-nt.ru)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
