[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1010897315


   @michael-o 
   Rebase is done and the enhancement was successfully tested.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated (83bb6fc -> bb74265)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 83bb6fc  Update copyright dates to 2022
 add bb74265  Make test more robust

No new revisions were added by this update.

Summary of changes:
 test/org/apache/coyote/http2/TestHttp2Section_3_5.java | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated: Make test more robust

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new 1bee7a9  Make test more robust
1bee7a9 is described below

commit 1bee7a968bfca47964acdeb3e21db0a5114e14d7
Author: Mark Thomas 
AuthorDate: Wed Jan 12 10:41:51 2022 +

Make test more robust

Failure was observed on Travis CI and could be replicated locally in a
debugger using suitable break points.
---
 test/org/apache/coyote/http2/TestHttp2Section_3_5.java | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java 
b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
index e9a9e0e..f43a7eb 100644
--- a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
+++ b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
@@ -41,7 +41,18 @@ public class TestHttp2Section_3_5 extends Http2TestBase {
 // Send two pings (2*(9+8)=34 bytes) as server looks for entire preface
 // of 24 bytes.
 sendPing();
-sendPing();
+// Depending on timing, this ping may fail after the header has been
+// sent but before the ping body since:
+// 9 (ping 1 header) + 8 (ping 1 body) + 9 (ping 2 header) = 26 which
+// which is enough data for the server to determine that the preface is
+// invalid and close the connection. A subsequent attempt to send ping 
2
+// body will fail.
+try {
+sendPing();
+} catch (IOException e) {
+e.printStackTrace();
+// Ignore
+}
 
 // If the client preface had been valid, this would be an
 // acknowledgement. Of the settings. As the preface was invalid, it

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated (bb74265 -> ede3616)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from bb74265  Make test more robust
 add ede3616  Remove test code

No new revisions were added by this update.

Summary of changes:
 test/org/apache/coyote/http2/TestHttp2Section_3_5.java | 1 -
 1 file changed, 1 deletion(-)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated: Remove test code

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new 4719c4c  Remove test code
4719c4c is described below

commit 4719c4c7489a9a61918a089ca2e607446389bfd9
Author: Mark Thomas 
AuthorDate: Wed Jan 12 10:42:40 2022 +

Remove test code
---
 test/org/apache/coyote/http2/TestHttp2Section_3_5.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java 
b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
index f43a7eb..2e45e3a 100644
--- a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
+++ b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
@@ -50,7 +50,6 @@ public class TestHttp2Section_3_5 extends Http2TestBase {
 try {
 sendPing();
 } catch (IOException e) {
-e.printStackTrace();
 // Ignore
 }
 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Make test more robust

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 724a86e  Make test more robust
724a86e is described below

commit 724a86e01c5bea58ea6e9b5571a6e32b491ae852
Author: Mark Thomas 
AuthorDate: Wed Jan 12 10:41:51 2022 +

Make test more robust

Failure was observed on Travis CI and could be replicated locally in a
debugger using suitable break points.
---
 test/org/apache/coyote/http2/TestHttp2Section_3_5.java | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java 
b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
index e9a9e0e..2e45e3a 100644
--- a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
+++ b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
@@ -41,7 +41,17 @@ public class TestHttp2Section_3_5 extends Http2TestBase {
 // Send two pings (2*(9+8)=34 bytes) as server looks for entire preface
 // of 24 bytes.
 sendPing();
-sendPing();
+// Depending on timing, this ping may fail after the header has been
+// sent but before the ping body since:
+// 9 (ping 1 header) + 8 (ping 1 body) + 9 (ping 2 header) = 26 which
+// which is enough data for the server to determine that the preface is
+// invalid and close the connection. A subsequent attempt to send ping 
2
+// body will fail.
+try {
+sendPing();
+} catch (IOException e) {
+// Ignore
+}
 
 // If the client preface had been valid, this would be an
 // acknowledgement. Of the settings. As the preface was invalid, it

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Make test more robust

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 0adacdd  Make test more robust
0adacdd is described below

commit 0adacdddb74533b86ef912a436d1c3dc5a0a92c2
Author: Mark Thomas 
AuthorDate: Wed Jan 12 10:41:51 2022 +

Make test more robust

Failure was observed on Travis CI and could be replicated locally in a
debugger using suitable break points.
---
 test/org/apache/coyote/http2/TestHttp2Section_3_5.java | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java 
b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
index e9a9e0e..2e45e3a 100644
--- a/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
+++ b/test/org/apache/coyote/http2/TestHttp2Section_3_5.java
@@ -41,7 +41,17 @@ public class TestHttp2Section_3_5 extends Http2TestBase {
 // Send two pings (2*(9+8)=34 bytes) as server looks for entire preface
 // of 24 bytes.
 sendPing();
-sendPing();
+// Depending on timing, this ping may fail after the header has been
+// sent but before the ping body since:
+// 9 (ping 1 header) + 8 (ping 1 body) + 9 (ping 2 header) = 26 which
+// which is enough data for the server to determine that the preface is
+// invalid and close the connection. A subsequent attempt to send ping 
2
+// body will fail.
+try {
+sendPing();
+} catch (IOException e) {
+// Ignore
+}
 
 // If the client preface had been valid, this would be an
 // acknowledgement. Of the settings. As the preface was invalid, it

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Make calculation of session storage location more robust

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 70da1aa  Make calculation of session storage location more robust
70da1aa is described below

commit 70da1aaa51e0f9d088438e9d958812a144e12754
Author: Mark Thomas 
AuthorDate: Wed Jan 12 11:11:29 2022 +

Make calculation of session storage location more robust
---
 java/org/apache/catalina/session/FileStore.java | 5 +++--
 webapps/docs/changelog.xml  | 4 
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/session/FileStore.java 
b/java/org/apache/catalina/session/FileStore.java
index 3d13fde..1aba87e 100644
--- a/java/org/apache/catalina/session/FileStore.java
+++ b/java/org/apache/catalina/session/FileStore.java
@@ -349,13 +349,14 @@ public final class FileStore extends StoreBase {
 
 String filename = id + FILE_EXT;
 File file = new File(storageDir, filename);
+File canonicalFile = file.getCanonicalFile();
 
 // Check the file is within the storage directory
-if 
(!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath()))
 {
+if 
(!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
 log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
 return null;
 }
 
-return file;
+return canonicalFile;
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b6fb171..a2bff80 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,10 @@
 Add recycling check in the input and output stream isReady to try to
 give a more informative ISE when the facade has been recycled. (remm)
   
+  
+Make the calculation of the session storage location more robust when
+using file based persistent storage. (markt)
+  
 
   
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated: Make calculation of session storage location more robust

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new 094800b  Make calculation of session storage location more robust
094800b is described below

commit 094800b12d6c958d7b4540372c5a95698658ada1
Author: Mark Thomas 
AuthorDate: Wed Jan 12 11:11:29 2022 +

Make calculation of session storage location more robust
---
 java/org/apache/catalina/session/FileStore.java | 5 +++--
 webapps/docs/changelog.xml  | 4 
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/session/FileStore.java 
b/java/org/apache/catalina/session/FileStore.java
index 3d13fde..1aba87e 100644
--- a/java/org/apache/catalina/session/FileStore.java
+++ b/java/org/apache/catalina/session/FileStore.java
@@ -349,13 +349,14 @@ public final class FileStore extends StoreBase {
 
 String filename = id + FILE_EXT;
 File file = new File(storageDir, filename);
+File canonicalFile = file.getCanonicalFile();
 
 // Check the file is within the storage directory
-if 
(!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath()))
 {
+if 
(!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
 log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
 return null;
 }
 
-return file;
+return canonicalFile;
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 135a6a6..ab4293b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -115,6 +115,10 @@
 Add recycling check in the input and output stream isReady to try to
 give a more informative ISE when the facade has been recycled. (remm)
   
+  
+Make the calculation of the session storage location more robust when
+using file based persistent storage. (markt)
+  
 
   
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Make calculation of session storage location more robust

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 9794395  Make calculation of session storage location more robust
9794395 is described below

commit 97943959ba721ad5e8e8ba765a68d2b153348530
Author: Mark Thomas 
AuthorDate: Wed Jan 12 11:11:29 2022 +

Make calculation of session storage location more robust
---
 java/org/apache/catalina/session/FileStore.java | 5 +++--
 webapps/docs/changelog.xml  | 4 
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/session/FileStore.java 
b/java/org/apache/catalina/session/FileStore.java
index cac6027..e42a72a 100644
--- a/java/org/apache/catalina/session/FileStore.java
+++ b/java/org/apache/catalina/session/FileStore.java
@@ -349,13 +349,14 @@ public final class FileStore extends StoreBase {
 
 String filename = id + FILE_EXT;
 File file = new File(storageDir, filename);
+File canonicalFile = file.getCanonicalFile();
 
 // Check the file is within the storage directory
-if 
(!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath()))
 {
+if 
(!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
 log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
 return null;
 }
 
-return file;
+return canonicalFile;
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d7ede19..5d2f978 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,10 @@
   
 Remove the deprecated JmxRemoteLifecycleListener. (markt)
   
+  
+Make the calculation of the session storage location more robust when
+using file based persistent storage. (markt)
+  
 
   
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Make calculation of session storage location more robust

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 1385c62  Make calculation of session storage location more robust
1385c62 is described below

commit 1385c624b4a1e994426e810075c850edc38a700e
Author: Mark Thomas 
AuthorDate: Wed Jan 12 11:11:29 2022 +

Make calculation of session storage location more robust
---
 java/org/apache/catalina/session/FileStore.java | 5 +++--
 webapps/docs/changelog.xml  | 4 
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/session/FileStore.java 
b/java/org/apache/catalina/session/FileStore.java
index cac6027..e42a72a 100644
--- a/java/org/apache/catalina/session/FileStore.java
+++ b/java/org/apache/catalina/session/FileStore.java
@@ -349,13 +349,14 @@ public final class FileStore extends StoreBase {
 
 String filename = id + FILE_EXT;
 File file = new File(storageDir, filename);
+File canonicalFile = file.getCanonicalFile();
 
 // Check the file is within the storage directory
-if 
(!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath()))
 {
+if 
(!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
 log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
 return null;
 }
 
-return file;
+return canonicalFile;
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c5576c0..4944f93 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,10 @@
   
 Remove the deprecated JmxRemoteLifecycleListener. (markt)
   
+  
+Make the calculation of the session storage location more robust when
+using file based persistent storage. (markt)
+  
 
   
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


michael-o commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1010938331


   Waiting for @rmaucher answer for my last proposal.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1010954501


   @rmaucher 
   I'm with @michael-o here. Having these extra attributes with the Principal 
is useful per se. Since any Realm can log you on and create a Principal, it 
should not matter, which Realm queries and provides these attributes. The more 
Realms can do so, the better.
   
   You want to avoid changing the other Realms except JNDIRealm? Why? What's 
wrong with my code? Focusing on DataSourceRealm you're saying 
   
   > ... it only seems to be adding a lot of code which will have lower 
performance.
   
   It does not only add a lot of code. It actually works as it should. I've 
only added the code required to actually query these attributes in a safe way.
   
   Also, it does not really lower performance. If there are no attributes 
defined, it only takes two extra method calls with a total of two `null` 
checks, except for the first login attempt in the Realm's lifetime. For the 
_normal case_ that is not really a performance killer, is it?
   
   If there are attributes defined, there is one extra SQL query executed for 
the _normal case_ (plus one extra SQL query executed for the first login 
attempt in the Realm's lifetime). Of course, that takes some time. However, if 
the Realm didn't perform that query, the application will have to do that after 
login, which in turn will take the same time or even more, since the 
application must use another JDBC connection from the pool. After all, I don't 
see an effective performance problem with the DataSourceRealm code here. If you 
do, could you please explain in more detail?
   
   You where saying
   
   > adding the feature to the other realms is pointless with a fixed list of 
attribute.
   
   Yes, that may be right. However, even that fixed list of attributes gives 
the application the opportunity to obtain the User's fullName property (if 
defined), which otherwise was just not accessible. Actually, the user's full 
name (aka display name) is one of the most important attributes users may want, 
as it is much more end-user friendly than a cryptic logon name. Now, with 
support for arbitrary attributes, the feature is even more useful.
   
   I personally do not need these attributes with the UserDatabaseRealm, since 
we actually do not use tomcat-users.xml in any setup. However, since that is 
Tomcat's default Realm, I believe it should support these attributes as well. 
E. g. I've extended example application at `/examples/jsp/security/protected` 
to list additional user attributes from the Principal. I guess it would be just 
nice, if people can test these without configuring another Realm first.
   
   Nevertheless, doing this in steps is an option. How to proceed? Are you able 
to merge the PR partially?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


rmaucher commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1010970627


   I will oppose changes to the MemoryRealm and the UserDatabase realm, and I 
will ignore this topic for the two other realms (so I will not veto it either).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


rmaucher commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1010987799


   @michael-o It should be easy to merge only the files you want to merge, all 
the realms are independent.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011006425


   @michael-o files to skip:
   
   ```
   java/org/apache/catalina/User.java
   java/org/apache/catalina/realm/MemoryRealm.java
   java/org/apache/catalina/realm/MemoryRuleSet.java
   java/org/apache/catalina/realm/UserDatabaseRealm.java
   java/org/apache/catalina/users/AbstractUser.java
   java/org/apache/catalina/users/MemoryUser.java
   java/org/apache/catalina/users/MemoryUserDatabase.java
   test/org/apache/catalina/users/MemoryUserDatabaseTests.java
   ```
   
   Also, remove attribute `userAttributes` from MemoryRealm and 
UserDatabaseRealm in file
   `java/org/apache/catalina/realm/mbeans-descriptors.xml`
   
   Adjust change log entry (remove MemoryRealm and UserDatabaseRealm) in file
   `webapps/docs/changelog.xml`
   
   Remove description of config option `userAttributes` from MemoryRealm and 
UserDatabaseRealm in file
   `webapps/docs/config/realm.xml`
   
   Adjust new text (remove references to the now unsupported Realms) in file
   `webapps/docs/realm-howto.xml`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


michael-o commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011022441


   @cklein05 I know, it is quite some work, but can we stick to my proposal 
here:
   https://github.com/apache/tomcat/pull/428#issuecomment-1008027903?
   
   This will break up this PR in at least three making it much easier to come 
an agreement.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011029311


   @michael-o
   Yes, we could. What exactly do you mean with _RealmBase groundwork_? There 
is not much in RealmBase. It's only the `parseUserAttributes` and 
`validateUserAttributes` methods, the latter only used by JDBCRealm (as well as 
the now unsupported ones). JNDIRealm uses it's own validate method. For 
example, in which PR do you expect method  `validateUserAttributes`? IMO, this 
should come with the DataSourceRealm stuff, right?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Unit tests hanging on Windows

2022-01-12 Thread Mark Thomas 
I'm trying to run the unit tests before I tag and they are consistently 
hanging on Windows. Anyone else seen this recently?


Just starting to dig into the root cause. No data yet.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


michael-o commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011036905


   @cklein05 Let's start with the principals (interfaces) first.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011048516


   @michael-o You mean the `TomcatPrincipal` interface and the 
`GenericPrincipal` class? Or really only the interfaces? `TomcatPrincipal` is 
the only interface changed by this enhancement. But after changing only that 
interface, the project will no longer build :-p


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Reduce default timeouts for test client from infinite to 5 seconds.

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new bcdb7d0  Reduce default timeouts for test client from infinite to 5 
seconds.
bcdb7d0 is described below

commit bcdb7d020fbeb114cccb8fff09ba8b9ec854e4a7
Author: Mark Thomas 
AuthorDate: Wed Jan 12 13:57:33 2022 +

Reduce default timeouts for test client from infinite to 5 seconds.
---
 test/org/apache/catalina/startup/SimpleHttpClient.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/startup/SimpleHttpClient.java 
b/test/org/apache/catalina/startup/SimpleHttpClient.java
index 2282823..d6514b1 100644
--- a/test/org/apache/catalina/startup/SimpleHttpClient.java
+++ b/test/org/apache/catalina/startup/SimpleHttpClient.java
@@ -206,7 +206,7 @@ public abstract class SimpleHttpClient {
 reader = new BufferedReader(r);
 }
 public void connect() throws UnknownHostException, IOException {
-connect(0,0);
+connect(5000, 5000);
 }
 
 protected OutputStream createOutputStream(Socket socket) throws 
IOException {

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Unit tests hanging on Windows

2022-01-12 Thread Mark Thomas 

On 12/01/2022 13:11, Mark Thomas wrote:
I'm trying to run the unit tests before I tag and they are consistently 
hanging on Windows. Anyone else seen this recently?


Just starting to dig into the root cause. No data yet.


A little progress.

Infinite client timeouts were the cause of the hang. I now have a 
handful of test failures to investigate.


(Linux and Mac OS test runs both completed without errors although it is 
worth noting that only Windows is a virtual environment)


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011124889


   [That's](https://github.com/cklein05/tomcat/tree/user-attributes-principal) 
what you meant? Did not yet create a PR in your repo.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011126834


   @michael-o
   [That's](https://github.com/cklein05/tomcat/tree/user-attributes-principal) 
what you meant? Did not yet create a PR in your repo.
   
   https://github.com/cklein05/tomcat/tree/user-attributes-principal


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


michael-o commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011131637


   > @michael-o 
[That's](https://github.com/cklein05/tomcat/tree/user-attributes-principal) 
what you meant? Did not yet create a PR in your repo.
   > 
   > https://github.com/cklein05/tomcat/tree/user-attributes-principal
   
   Yes, that is what I have expected because with this change you are already 
able to solve your problem within your realm or modifying Tomcat provided 
realms.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011133201


   So, lets move to a ne PR


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 opened a new pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 opened a new pull request #463:
URL: https://github.com/apache/tomcat/pull/463


   Add support for additional user attributes to the `TomcatPrincipal` 
interface and the `GenericPrincipal` class.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 edited a comment on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 edited a comment on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011133201


   So, lets move to new PR https://github.com/apache/tomcat/pull/463


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated (bcdb7d0 -> ddb789e)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from bcdb7d0  Reduce default timeouts for test client from infinite to 5 
seconds.
 add ddb789e  Fix tests failing on Windows Server 2022

No new revisions were added by this update.

Summary of changes:
 test/org/apache/coyote/http11/upgrade/TestUpgrade.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #428: Enhancement: Additional user attributes queried by (some) realms

2022-01-12 Thread GitBox 


cklein05 commented on pull request #428:
URL: https://github.com/apache/tomcat/pull/428#issuecomment-1011154379


   @michael-o So, lets move to new PR https://github.com/apache/tomcat/pull/463


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


michael-o commented on a change in pull request #463:
URL: https://github.com/apache/tomcat/pull/463#discussion_r783189035



##
File path: java/org/apache/catalina/realm/GenericPrincipal.java
##
@@ -171,6 +176,7 @@ public GenericPrincipal(String name, List roles,
 }
 this.loginContext = loginContext;
 this.gssCredential = gssCredential;
+this.attributes = attributes;

Review comment:
   Should we wrap with an unmodifiable map or do we expect the caller to do 
this?

##
File path: java/org/apache/catalina/TomcatPrincipal.java
##
@@ -47,4 +48,37 @@
  *   exception to LoginContext
  */
 void logout() throws Exception;
+
+/**
+ * Returns the value of the named attribute as an Object, or
+ * null if no attribute of the given name exists, or if
+ * null has been specified as the attribute's name.
+ * 
+ * Only the servlet container may set attributes to make available custom
+ * information about a Principal or the user it represents. For example, 
some of

Review comment:
   I think the For example is not ncessary, since we don't want to incline 
to any actual implementation.

##
File path: java/org/apache/catalina/realm/GenericPrincipal.java
##
@@ -283,10 +294,16 @@ public boolean hasRole(String role) {
 @Override
 public String toString() {
 StringBuilder sb = new StringBuilder("GenericPrincipal[");
+boolean first = true;
 sb.append(this.name);
 sb.append('(');
 for (String role : roles) {
-sb.append(role).append(',');
+if (first) {
+first = false;
+} else {
+sb.append(',');
+}
+sb.append(role);

Review comment:
   While this is correct, it should be in separate PR.

##
File path: java/org/apache/catalina/TomcatPrincipal.java
##
@@ -47,4 +48,37 @@
  *   exception to LoginContext
  */
 void logout() throws Exception;
+
+/**
+ * Returns the value of the named attribute as an Object, or
+ * null if no attribute of the given name exists, or if
+ * null has been specified as the attribute's name.
+ * 
+ * Only the servlet container may set attributes to make available custom
+ * information about a Principal or the user it represents. For example, 
some of
+ * the Realm implementations can be configured to additionally query user
+ * attributes from the user database, which then are provided 
through the
+ * Principal's attributes map.
+ * 
+ * Attribute names and naming conventions are maintained by the Tomcat
+ * components that contribute to this map, like some of the Realm
+ * implementations.

Review comment:
   Are those really maintained? I thought the dev/admin requests the realm 
to load attribute values. So the attribute names are not necessarily mandated?!




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on a change in pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 commented on a change in pull request #463:
URL: https://github.com/apache/tomcat/pull/463#discussion_r783200198



##
File path: java/org/apache/catalina/realm/GenericPrincipal.java
##
@@ -283,10 +294,16 @@ public boolean hasRole(String role) {
 @Override
 public String toString() {
 StringBuilder sb = new StringBuilder("GenericPrincipal[");
+boolean first = true;
 sb.append(this.name);
 sb.append('(');
 for (String role : roles) {
-sb.append(role).append(',');
+if (first) {
+first = false;
+} else {
+sb.append(',');
+}
+sb.append(role);

Review comment:
   Will remove change.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on a change in pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 commented on a change in pull request #463:
URL: https://github.com/apache/tomcat/pull/463#discussion_r783204725



##
File path: java/org/apache/catalina/realm/GenericPrincipal.java
##
@@ -171,6 +176,7 @@ public GenericPrincipal(String name, List roles,
 }
 this.loginContext = loginContext;
 this.gssCredential = gssCredential;
+this.attributes = attributes;

Review comment:
   AFAIK we agreed on not using an unmodifiable map, since there is no 
write access to this map. However, we could, of course, if you like so. Maybe 
it's worth checking if it's already an instance of 
`java.util.Collections.UnmodifiableMap` first. If not, we could wrap it.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Unit tests hanging on Windows

2022-01-12 Thread Mark Thomas 

On 12/01/2022 14:38, Mark Thomas wrote:

On 12/01/2022 13:11, Mark Thomas wrote:
I'm trying to run the unit tests before I tag and they are 
consistently hanging on Windows. Anyone else seen this recently?


Just starting to dig into the root cause. No data yet.


A little progress.

Infinite client timeouts were the cause of the hang. I now have a 
handful of test failures to investigate.


(Linux and Mac OS test runs both completed without errors although it is 
worth noting that only Windows is a virtual environment)


All fixed.

A couple of tests failing as they were taking too long (possible 
concurrency was too high).


A couple of failures when a difference behaviour was seen for socket 
close in Windows server 2022.


Tag will follow shortly.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on a change in pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 commented on a change in pull request #463:
URL: https://github.com/apache/tomcat/pull/463#discussion_r783207980



##
File path: java/org/apache/catalina/TomcatPrincipal.java
##
@@ -47,4 +48,37 @@
  *   exception to LoginContext
  */
 void logout() throws Exception;
+
+/**
+ * Returns the value of the named attribute as an Object, or
+ * null if no attribute of the given name exists, or if
+ * null has been specified as the attribute's name.
+ * 
+ * Only the servlet container may set attributes to make available custom
+ * information about a Principal or the user it represents. For example, 
some of
+ * the Realm implementations can be configured to additionally query user
+ * attributes from the user database, which then are provided 
through the
+ * Principal's attributes map.
+ * 
+ * Attribute names and naming conventions are maintained by the Tomcat
+ * components that contribute to this map, like some of the Realm
+ * implementations.

Review comment:
   Don't know whether it's really the exact word. However, every attribute 
provider (aka Realm) can use it's own naming schema and conventions. Some may 
use prefixes (user.displayName) others may not, who knows. We make no rules or 
assumptions here but only refer to the each attribute provider's documentation.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on a change in pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 commented on a change in pull request #463:
URL: https://github.com/apache/tomcat/pull/463#discussion_r783208291



##
File path: java/org/apache/catalina/TomcatPrincipal.java
##
@@ -47,4 +48,37 @@
  *   exception to LoginContext
  */
 void logout() throws Exception;
+
+/**
+ * Returns the value of the named attribute as an Object, or
+ * null if no attribute of the given name exists, or if
+ * null has been specified as the attribute's name.
+ * 
+ * Only the servlet container may set attributes to make available custom
+ * information about a Principal or the user it represents. For example, 
some of

Review comment:
   Will remove that.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on a change in pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 commented on a change in pull request #463:
URL: https://github.com/apache/tomcat/pull/463#discussion_r783215387



##
File path: java/org/apache/catalina/realm/GenericPrincipal.java
##
@@ -171,6 +176,7 @@ public GenericPrincipal(String name, List roles,
 }
 this.loginContext = loginContext;
 this.gssCredential = gssCredential;
+this.attributes = attributes;

Review comment:
   Class `java.util.Collections.UnmodifiableMap` is private, so we cannot 
check instance.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Update (currently unused) reproducible buidl timestamp

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new bfa944b  Update (currently unused) reproducible buidl timestamp
bfa944b is described below

commit bfa944b35922a8adedfa3cadbf9c125cbf4e38f7
Author: Mark Thomas 
AuthorDate: Wed Jan 12 16:04:39 2022 +

Update (currently unused) reproducible buidl timestamp
---
 build.properties.default | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 33890c7..ab9c093 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -38,8 +38,8 @@ version.suffix=-M9-dev
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
 # Note: The value is in seconds (unlike milliseconds used by 
System.currentTimeMillis()).
-#2021-12-02T10:10:00Z
-#ant.tstamp.now=1638439200
+#2022-01-12T06:00:00Z
+#ant.tstamp.now=1642003200
 
 # - Source control flags -
 git.branch=main

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 10.1.0-M9 created (now 02d546b)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 10.1.0-M9
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 02d546b  (commit)
This tag includes the following new commits:

 new 02d546b  Tag 10.1.0-M9

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 10.1.0-M9

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 10.1.0-M9
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 02d546ba3c553c74ff1a99ecc166a6ff9c501ba8
Author: Mark Thomas 
AuthorDate: Wed Jan 12 16:07:16 2022 +

Tag 10.1.0-M9
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index ab9c093..2278dd7 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -33,7 +33,7 @@ version.major=10
 version.minor=1
 version.build=0
 version.patch=0
-version.suffix=-M9-dev
+version.suffix=-M9
 
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a2bff80..0e2358e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated (094800b -> d67104f)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 094800b  Make calculation of session storage location more robust
 new 0256b1d  Reduce default timeouts for test client from infinite to 5 
seconds.
 new 42e78d2  Fix tests failing on Windows Server 2022
 new d67104f  Update (currently unused) reproducible build timestamp

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 build.properties.default   | 4 ++--
 test/org/apache/catalina/startup/SimpleHttpClient.java | 2 +-
 test/org/apache/coyote/http11/upgrade/TestUpgrade.java | 9 -
 3 files changed, 11 insertions(+), 4 deletions(-)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Reduce default timeouts for test client from infinite to 5 seconds.

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0256b1d0592314d2ecadec4f0edabecef4c4b787
Author: Mark Thomas 
AuthorDate: Wed Jan 12 13:57:33 2022 +

Reduce default timeouts for test client from infinite to 5 seconds.
---
 test/org/apache/catalina/startup/SimpleHttpClient.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/startup/SimpleHttpClient.java 
b/test/org/apache/catalina/startup/SimpleHttpClient.java
index b0ba161..c5d4843 100644
--- a/test/org/apache/catalina/startup/SimpleHttpClient.java
+++ b/test/org/apache/catalina/startup/SimpleHttpClient.java
@@ -199,7 +199,7 @@ public abstract class SimpleHttpClient {
 reader = new BufferedReader(r);
 }
 public void connect() throws UnknownHostException, IOException {
-connect(0,0);
+connect(5000, 5000);
 }
 
 protected OutputStream createOutputStream(Socket socket) throws 
IOException {

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: Update (currently unused) reproducible build timestamp

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d67104f4d3389dfe01f11f9a23555dd8363ef29b
Author: Mark Thomas 
AuthorDate: Wed Jan 12 16:04:39 2022 +

Update (currently unused) reproducible build timestamp
---
 build.properties.default | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 109263d..7b060d2 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -38,8 +38,8 @@ version.suffix=-dev
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
 # Note: The value is in seconds (unlike milliseconds used by 
System.currentTimeMillis()).
-#2021-09-28T12:09:00Z
-#ant.tstamp.now=1632819600
+#2022-01-12T06:00:00Z
+#ant.tstamp.now=1642003200
 
 # - Source control flags -
 git.branch=10.0.x

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Fix tests failing on Windows Server 2022

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 42e78d2c6f9e0ebe8217ef28af8b53c046dd41c5
Author: Mark Thomas 
AuthorDate: Wed Jan 12 15:14:27 2022 +

Fix tests failing on Windows Server 2022
---
 test/org/apache/coyote/http11/upgrade/TestUpgrade.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/coyote/http11/upgrade/TestUpgrade.java 
b/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
index 13eb551..24dc129 100644
--- a/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
+++ b/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
@@ -26,6 +26,7 @@ import java.io.PrintWriter;
 import java.io.Reader;
 import java.io.Writer;
 import java.net.Socket;
+import java.net.SocketException;
 import java.nio.charset.StandardCharsets;
 
 import javax.net.SocketFactory;
@@ -108,7 +109,13 @@ public class TestUpgrade extends TomcatBaseTest {
 UpgradeConnection conn = doUpgrade(upgradeHandlerClass);
 
 Reader r = conn.getReader();
-int c = r.read();
+int c;
+try {
+c = r.read();
+} catch (SocketException se) {
+// Some platforms will throw an exception rather than returning -1
+c = -1;
+}
 
 Assert.assertEquals(-1, c);
 }

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r52043 - in /dev/tomcat/tomcat-10/v10.1.0-M9: ./ bin/ bin/embed/ src/

2022-01-12 Thread markt 
Author: markt
Date: Wed Jan 12 17:17:02 2022
New Revision: 52043

Log:
Upload 10.1.0-M9 for voting

Added:
dev/tomcat/tomcat-10/v10.1.0-M9/
dev/tomcat/tomcat-10/v10.1.0-M9/KEYS
dev/tomcat/tomcat-10/v10.1.0-M9/README.html
dev/tomcat/tomcat-10/v10.1.0-M9/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.1.0-M9/bin/
dev/tomcat/tomcat-10/v10.1.0-M9/bin/README.html
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-deployer.tar.gz 
  (with props)

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-deployer.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-deployer.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-deployer.zip.asc

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-fulldocs.tar.gz 
  (with props)

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-fulldocs.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-windows-x64.zip 
  (with props)

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-windows-x64.zip.asc

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-windows-x86.zip 
  (with props)

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-windows-x86.zip.asc

dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.exe   (with 
props)
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.exe.asc
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.exe.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.zip   (with 
props)
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.zip.asc
dev/tomcat/tomcat-10/v10.1.0-M9/bin/apache-tomcat-10.1.0-M9.zip.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/embed/

dev/tomcat/tomcat-10/v10.1.0-M9/bin/embed/apache-tomcat-10.1.0-M9-embed.tar.gz  
 (with props)

dev/tomcat/tomcat-10/v10.1.0-M9/bin/embed/apache-tomcat-10.1.0-M9-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.0-M9/bin/embed/apache-tomcat-10.1.0-M9-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/bin/embed/apache-tomcat-10.1.0-M9-embed.zip 
  (with props)

dev/tomcat/tomcat-10/v10.1.0-M9/bin/embed/apache-tomcat-10.1.0-M9-embed.zip.asc

dev/tomcat/tomcat-10/v10.1.0-M9/bin/embed/apache-tomcat-10.1.0-M9-embed.zip.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/src/
dev/tomcat/tomcat-10/v10.1.0-M9/src/apache-tomcat-10.1.0-M9-src.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.0-M9/src/apache-tomcat-10.1.0-M9-src.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.0-M9/src/apache-tomcat-10.1.0-M9-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.0-M9/src/apache-tomcat-10.1.0-M9-src.zip   (with 
props)
dev/tomcat/tomcat-10/v10.1.0-M9/src/apache-tomcat-10.1.0-M9-src.zip.asc
dev/tomcat/tomcat-10/v10.1.0-M9/src/apache-tomcat-10.1.0-M9-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.1.0-M9/KEYS
==
--- dev/tomcat/tomcat-10/v10.1.0-M9/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.1.0-M9/KEYS Wed Jan 12 17:17:02 2022
@@ -0,0 +1,453 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Comment: GPGTools - http://gpgtools.org
+
+mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX
+pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t
+6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K
+GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz
+4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M
+UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF
+kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8v

[tomcat] branch main updated: Increment version for next development cycle

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 13370ee  Increment version for next development cycle
13370ee is described below

commit 13370ee7f2bc287ac37a93adeb10d7b7399b4019
Author: Mark Thomas 
AuthorDate: Wed Jan 12 17:17:03 2022 +

Increment version for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index ab9c093..f264553 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -33,7 +33,7 @@ version.major=10
 version.minor=1
 version.build=0
 version.patch=0
-version.suffix=-M9-dev
+version.suffix=-M10-dev
 
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index b318e5b..6f3c999 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=10.1.0-M9
+maven.asf.release.deploy.version=10.1.0-M10
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a2bff80..cbca052 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Building all releases with Java 11

2022-01-12 Thread Christopher Schultz 

Mark,

On 1/10/22 11:46, Mark Thomas wrote:

I thought it would be a good idea to start a new thread for this.

The previous discussion started here:
https://markmail.org/message/e7rsryympb2cephp

I've done some testing with Tomcat 8.5.x

For the Java 7 to Java 8 transition, the problematic code is 
ConcurrentHashMap.keySet()


To test things I introduced a change to ApplicationContext that would 
trigger this issue on web application stop.


Compile with Java 8, run with Java 7 and the logs fill with the expected 
stack traces on shutdown.


Compile with Java 11 + release=7 and a slightly tweaked build.xml), run 
with Java 7 - everything works.


Therefore, this basic testing confirms that release=7 does what we 
expected it to.


A slight complication is that release=... only works with the public 
API. That means we would need to remove the JmxLifecycleListener since 
that uses classes in sun.rmi.*. This has been deprecated since December 
2019 with a warning it may be removed after 2020-12-31.


So, as a first step, I intend to completely remove the 
JMXLifecycleListener.


Are all those various system properties available in recent releases of 
Java 7? I wouldn't want to trap users of Tomcat 8.5 on Java 7 into a 
situation where they cannot upgrade to Tomcat 8.5.latest because they 
still need the capability to control the JMX ports.


I then want to do a little more testing to see if we can build with Java 
7 or Java 11. However, my concern with that approach is that we'll also 
be able to build with Java 8 - the results of which would be problematic.


To Remy's point, it would be useful to still be able to run the unit 
tests with Java 8. Assuming we can disable building with Java 8, maybe 
we need a special flag that enables building and testing with Java 8 but 
has a name like:

do-not-use-for-release-builds-enable-java-8


It's also possible to have an ant target which doesn't show up in 
-projecthelp.


I don't think we'll get this all sorted for this release round. We 
should be able to remove the JmxLifecycleListener though.


It's been documented to be removed for a long time, but I'd like to know 
if we are "stranding" any users by removing it.


-chris


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65779] Introduce CATALINA_BASE_DATA

2022-01-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65779

Christopher Schultz  changed:

   What|Removed |Added

 Status|NEW |NEEDINFO

--- Comment #3 from Christopher Schultz  ---
Sorry, this is *not* clear. You have now mentioned both CATALINA_BASE_DATA and
CATALINA_BASE_CACHE.

What is the purpose of each?

You are demonstrating how you are using them. What we need to understand is
*why* you are using them in that way.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 10.1.0-M9

2022-01-12 Thread Mark Thomas 

The proposed Apache Tomcat 10.1.0-M9 release is now available for
voting.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


The notable changes compared to 10.1.0-M8 are:

- Add recycling check in the input and output stream isReady to try to
  give a more informative ISE when the facade has been recycled.

- Implement support for HTTP/1.1 upgrade when the request includes a
  body. The maximum permitted size of the body is controlled by
  maxSavePostSize.

- Improve handling of various cases where one request/response
  processing thread attempts to manage the asynchronous IO for a
  different request/rsponse

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat-10.1.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M9/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1346

The tag is:
https://github.com/apache/tomcat/tree/10.1.0-M9
02d546ba3c553c74ff1a99ecc166a6ff9c501ba8


The proposed 10.1.0-M9 release is:
[ ] Broken - do not release
[ ] Alpha - go ahead and release as 10.1.0-M9 (alpha)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Sensitive session cookies on error are exposed by the parser

2022-01-12 Thread Christopher Schultz 

Joscha,

On 1/11/22 09:50, Joscha Cepok wrote:
But there is maybe another approach, during my research I encountered 
most time one of two cases:


timestamp; key1=value1; key2=value2;... OR key1=value1; 
key2=value2;...;timestamp


I didn't take a deeper look, why browsers add the timestamp to the 
cookie header


I've never seen this before. Perhaps you have a plugin that's adding that?

so ignoring the timestamp and log it once seems fine for 
me. But in case of multiple broken cookies, maybe all malformed content 
of the header should be logged on INFO and not just once?


-1

This makes it trivial for an attacker to fill your disk with INFO logs 
by repeatedly providing malformed headers.


I usually 
don't like approaches, which distinguish between expected malformed 
content and unexpected malformed content, but on the other hand, if 
malformed content appears way too often it might be worth to have that 
information.


Malformed content is always malformed. The only reason it's being logged 
in this situation is because Cookie headers are used for authentication 
and if they are broken they can cause applications (or servers) to 
appear to be broken when it's really the cookie. It's really a way for 
Tomcat to prove to admins that Tomcat isn't at fault.


Regarding my reported possible CVE, that behavior wouldn't have any 
impact, since the key-value pair of the cookies was always valid. The 
most common and probably only issue was a stand-alone timestamp in the 
cookie header, lead the parser to print the entire header.


Note that a user would have to attack themselves. It's not really 
feasible to convince another user to break their own HTTP headers.


Or if there is an insider who has access to the logs but not the 
application, they can maybe steal cookies and use them to masquerade as 
the affected user.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Building all releases with Java 11

2022-01-12 Thread Mark Thomas 

On 11/01/2022 10:34, Michael Osipov wrote:

Am 2022-01-10 um 17:46 schrieb Mark Thomas:

[...]


Is this because of EJC going Java 11?


No.


Has anyone reached out to them?


No. Having read the thread I don't think anything we could say would 
cause them to reverse their decision.



Why 11?


Because that is the version we use for 10.1.x. We could use any Java 
version >=11 that supports release=7.


I assume that 8 will outlive 11 for some time. Java 8 still 
seems like a good baseline.


8 doesn't work for Tomcat 8.x. Tomcat 8.x needs to be built against the 
Java 7 API. Java 8 can't do that. Java 9+ can. Since we need Java 11 for 
Tomcat 10.1.x, that seemed like the natural choice.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65779] Introduce CATALINA_BASE_DATA

2022-01-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65779

--- Comment #4 from Gael Lalire  ---
I think there is no point to show generated data to the tomcat user.
The conf directory is what is shown to the user. There is conf he can modified
and webapp where he can copy his WARs. 

If you show the generated data, the user will be able to modify it,
accidentally or not.
This is why I think generated data should be in another directory.

Freedesktop
(https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html)
proposes a way to separate conf from data from state from cache. There are
advantages to that, you can share the conf when your session is roaming between
PCs. You can automatically delete cache file which are too old on reboot.

conf : XDG_CONFIG_HOME/vestige/app/ -> map to CATALINA_BASE
data : XDG_DATA_HOME/vestige/app/ -> map to
CATALINA_BASE_DATA
cache : XDG_CACHE_HOME/vestige/app/ -> map to
CATALINA_BASE_CACHE

Logs could also be generated in data instead of cache, in this case we don't
need a CATALINA_BASE_CACHE. But I think logs should be automatically zipped and
deleted so a cache directory is more appropriate.

According to Freedesktop XDG_STATE_HOME is the right place for logs. You can
also introduce CATALINA_BASE_LOGS instead of CATALINA_BASE_CACHE, I will map it
to state or cache.

Not sure my answer is the *why* you expected. Why I want these variables : to
be able to separate conf from generated files from logs.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Building all releases with Java 11

2022-01-12 Thread Mark Thomas 

On 12/01/2022 17:29, Christopher Schultz wrote:

On 1/10/22 11:46, Mark Thomas wrote:




So, as a first step, I intend to completely remove the 
JMXLifecycleListener.


Are all those various system properties available in recent releases of 
Java 7? I wouldn't want to trap users of Tomcat 8.5 on Java 7 into a 
situation where they cannot upgrade to Tomcat 8.5.latest because they 
still need the capability to control the JMX ports.


Define recent :)

If you define recent as "the thing you get when you pay Oracle $$$" or 
"the thing you get when you build from the project source" then yes.


If you define recent as "the last free version you could get back in 
April 2015" then mostly. The com.sun.management.jmxremote.host property 
is not supported but all the others are.




I don't think we'll get this all sorted for this release round. We 
should be able to remove the JmxLifecycleListener though.


It's been documented to be removed for a long time, but I'd like to know 
if we are "stranding" any users by removing it.


Anyone still running Tomcat 8.5.x on Java 7 should be doing so on a 
supported JRE which means they'll have access to all those properties.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated (1385c62 -> 974b78d)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 1385c62  Make calculation of session storage location more robust
 new 7146b0a  Reduce default timeouts for test client from infinite to 5 
seconds.
 new 70fa3d3  Fix tests failing on Windows Server 2022
 new 974b78d  Update (currently unused) reproducible build timestamp

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 build.properties.default   | 4 ++--
 test/org/apache/catalina/startup/SimpleHttpClient.java | 2 +-
 test/org/apache/coyote/http11/upgrade/TestUpgrade.java | 9 -
 3 files changed, 11 insertions(+), 4 deletions(-)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Reduce default timeouts for test client from infinite to 5 seconds.

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 7146b0aca22b5c65d1ae62c092e65ff74c69bbf3
Author: Mark Thomas 
AuthorDate: Wed Jan 12 13:57:33 2022 +

Reduce default timeouts for test client from infinite to 5 seconds.
---
 test/org/apache/catalina/startup/SimpleHttpClient.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/startup/SimpleHttpClient.java 
b/test/org/apache/catalina/startup/SimpleHttpClient.java
index b0ba161..c5d4843 100644
--- a/test/org/apache/catalina/startup/SimpleHttpClient.java
+++ b/test/org/apache/catalina/startup/SimpleHttpClient.java
@@ -199,7 +199,7 @@ public abstract class SimpleHttpClient {
 reader = new BufferedReader(r);
 }
 public void connect() throws UnknownHostException, IOException {
-connect(0,0);
+connect(5000, 5000);
 }
 
 protected OutputStream createOutputStream(Socket socket) throws 
IOException {

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Fix tests failing on Windows Server 2022

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 70fa3d3cf524a069299cf3070a27c496d3e836f3
Author: Mark Thomas 
AuthorDate: Wed Jan 12 15:14:27 2022 +

Fix tests failing on Windows Server 2022
---
 test/org/apache/coyote/http11/upgrade/TestUpgrade.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/coyote/http11/upgrade/TestUpgrade.java 
b/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
index 2d99506..b9b1719 100644
--- a/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
+++ b/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
@@ -26,6 +26,7 @@ import java.io.PrintWriter;
 import java.io.Reader;
 import java.io.Writer;
 import java.net.Socket;
+import java.net.SocketException;
 import java.nio.charset.StandardCharsets;
 
 import javax.net.SocketFactory;
@@ -107,7 +108,13 @@ public class TestUpgrade extends TomcatBaseTest {
 UpgradeConnection conn = doUpgrade(upgradeHandlerClass);
 
 Reader r = conn.getReader();
-int c = r.read();
+int c;
+try {
+c = r.read();
+} catch (SocketException se) {
+// Some platforms will throw an exception rather than returning -1
+c = -1;
+}
 
 Assert.assertEquals(-1, c);
 }

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: Update (currently unused) reproducible build timestamp

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 974b78d29ccb7610fe0d6b5c36541da2242f8614
Author: Mark Thomas 
AuthorDate: Wed Jan 12 16:04:39 2022 +

Update (currently unused) reproducible build timestamp
---
 build.properties.default | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 5229029..4a9d713 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -38,8 +38,8 @@ version.suffix=-dev
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
 # Note: The value is in seconds (unlike milliseconds used by 
System.currentTimeMillis()).
-#2021-12-02T10:10:00Z
-#ant.tstamp.now=1638439200
+#2022-01-12T06:00:00Z
+#ant.tstamp.now=1642003200
 
 # - Source control flags -
 git.branch=9.0.x

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 10.0.15 created (now 3265e95)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 10.0.15
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 3265e95  (commit)
This tag includes the following new commits:

 new 3265e95  Tag 10.0.15

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 10.0.15

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 10.0.15
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 3265e95e46f9d03589e3ac9a2385ba70e5efd621
Author: Mark Thomas 
AuthorDate: Wed Jan 12 19:13:54 2022 +

Tag 10.0.15
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 7b060d2..3410db9 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -33,7 +33,7 @@ version.major=10
 version.minor=0
 version.build=15
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ab4293b..6188ec7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Building all releases with Java 11

2022-01-12 Thread Rémy Maucherat 
On Wed, Jan 12, 2022 at 7:00 PM Mark Thomas  wrote:
>
> On 11/01/2022 10:34, Michael Osipov wrote:
> > Am 2022-01-10 um 17:46 schrieb Mark Thomas:
> >> [...]
> >
> > Is this because of EJC going Java 11?
>
> No.
>
> > Has anyone reached out to them?
>
> No. Having read the thread I don't think anything we could say would
> cause them to reverse their decision.
>
> > Why 11?
>
> Because that is the version we use for 10.1.x. We could use any Java
> version >=11 that supports release=7.
>
> > I assume that 8 will outlive 11 for some time. Java 8 still
> > seems like a good baseline.
>
> 8 doesn't work for Tomcat 8.x. Tomcat 8.x needs to be built against the
> Java 7 API. Java 8 can't do that. Java 9+ can. Since we need Java 11 for
> Tomcat 10.1.x, that seemed like the natural choice.

So +1, this is definitely worth trying.

Rémy

> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r52046 - in /dev/tomcat/tomcat-10/v10.0.15: ./ bin/ bin/embed/ src/

2022-01-12 Thread markt 
Author: markt
Date: Wed Jan 12 19:27:40 2022
New Revision: 52046

Log:
Upload 10.0.15 for voting

Added:
dev/tomcat/tomcat-10/v10.0.15/
dev/tomcat/tomcat-10/v10.0.15/KEYS
dev/tomcat/tomcat-10/v10.0.15/README.html
dev/tomcat/tomcat-10/v10.0.15/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.0.15/bin/
dev/tomcat/tomcat-10/v10.0.15/bin/README.html
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-deployer.tar.gz.asc

dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-deployer.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-deployer.zip.asc
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-fulldocs.tar.gz.asc

dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-windows-x64.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-windows-x64.zip.asc

dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-windows-x86.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-windows-x86.zip.asc

dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.exe   (with props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.exe.asc
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.exe.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.zip   (with props)
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.zip.asc
dev/tomcat/tomcat-10/v10.0.15/bin/apache-tomcat-10.0.15.zip.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/embed/
dev/tomcat/tomcat-10/v10.0.15/bin/embed/apache-tomcat-10.0.15-embed.tar.gz  
 (with props)

dev/tomcat/tomcat-10/v10.0.15/bin/embed/apache-tomcat-10.0.15-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.0.15/bin/embed/apache-tomcat-10.0.15-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.15/bin/embed/apache-tomcat-10.0.15-embed.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.15/bin/embed/apache-tomcat-10.0.15-embed.zip.asc

dev/tomcat/tomcat-10/v10.0.15/bin/embed/apache-tomcat-10.0.15-embed.zip.sha512
dev/tomcat/tomcat-10/v10.0.15/src/
dev/tomcat/tomcat-10/v10.0.15/src/apache-tomcat-10.0.15-src.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.0.15/src/apache-tomcat-10.0.15-src.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.15/src/apache-tomcat-10.0.15-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.15/src/apache-tomcat-10.0.15-src.zip   (with 
props)
dev/tomcat/tomcat-10/v10.0.15/src/apache-tomcat-10.0.15-src.zip.asc
dev/tomcat/tomcat-10/v10.0.15/src/apache-tomcat-10.0.15-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.0.15/KEYS
==
--- dev/tomcat/tomcat-10/v10.0.15/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.0.15/KEYS Wed Jan 12 19:27:40 2022
@@ -0,0 +1,453 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Comment: GPGTools - http://gpgtools.org
+
+mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX
+pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t
+6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K
+GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz
+4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M
+UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF
+kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn
+lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi
+GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8
+Xvuk4i5quh3N+2kzKHOOiQCDmN0sz0XjOE+

[VOTE] Release Apache Tomcat 10.0.15

2022-01-12 Thread Mark Thomas 

The proposed Apache Tomcat 10.0.15 release is now available for
voting.

Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to jakarta.*

Applications that run on Tomcat 9 will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be 
placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory


The notable changes compared to 10.0.14 are:

- Add recycling check in the input and output stream isReady to try to
  give a more informative ISE when the facade has been recycled.

- Implement support for HTTP/1.1 upgrade when the request includes a
  body. The maximum permitted size of the body is controlled by
  maxSavePostSize.

- Improve handling of various cases where one request/response
  processing thread attempts to manage the asynchronous IO for a
  different request/rsponse

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.15/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1347

The tag is:
https://github.com/apache/tomcat/tree/10.0.15
3265e95e46f9d03589e3ac9a2385ba70e5efd621

The proposed 10.0.15 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.0.15 (stable)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated: Increment version for next development cycle

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new 08ff835  Increment version for next development cycle
08ff835 is described below

commit 08ff835e5b4805eb70da636688d23118803e66e8
Author: Mark Thomas 
AuthorDate: Wed Jan 12 19:39:06 2022 +

Increment version for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 7b060d2..0110edb 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -31,7 +31,7 @@
 # - Version Control Flags -
 version.major=10
 version.minor=0
-version.build=15
+version.build=16
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 1029990..df8c8f3 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=10.0.15
+maven.asf.release.deploy.version=10.0.16
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ab4293b..05f7e01 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 9.0.57

2022-01-12 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to tag 9.0.57
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit eb57341d04ac6f770c50d9cee70e6e13b96cd8af
Author: remm 
AuthorDate: Wed Jan 12 20:51:59 2022 +0100

Tag 9.0.57
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 4a9d713..cfba156 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -33,7 +33,7 @@ version.major=9
 version.minor=0
 version.build=57
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4944f93..51c90a8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 9.0.57 created (now eb57341)

2022-01-12 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a change to tag 9.0.57
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at eb57341  (commit)
This tag includes the following new commits:

 new eb57341  Tag 9.0.57

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Increment version

2022-01-12 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 4a5e16d  Increment version
4a5e16d is described below

commit 4a5e16d8b3ab112594caffc62ba6fd18ec5fba0e
Author: remm 
AuthorDate: Wed Jan 12 20:54:08 2022 +0100

Increment version
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 4a9d713..4d579b9 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -31,7 +31,7 @@
 # - Version Control Flags -
 version.major=9
 version.minor=0
-version.build=57
+version.build=58
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 48d4c1c..7e16c53 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=9.0.57
+maven.asf.release.deploy.version=9.0.58
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4944f93..ee09f37 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Building all releases with Java 11

2022-01-12 Thread Christopher Schultz 

Mark,

On 1/12/22 13:36, Mark Thomas wrote:

On 12/01/2022 17:29, Christopher Schultz wrote:

On 1/10/22 11:46, Mark Thomas wrote:




So, as a first step, I intend to completely remove the 
JMXLifecycleListener.


Are all those various system properties available in recent releases 
of Java 7? I wouldn't want to trap users of Tomcat 8.5 on Java 7 into 
a situation where they cannot upgrade to Tomcat 8.5.latest because 
they still need the capability to control the JMX ports.


Define recent :)

If you define recent as "the thing you get when you pay Oracle $$$" or 
"the thing you get when you build from the project source" then yes.


If you define recent as "the last free version you could get back in 
April 2015" then mostly. The com.sun.management.jmxremote.host property 
is not supported but all the others are.




I don't think we'll get this all sorted for this release round. We 
should be able to remove the JmxLifecycleListener though.


It's been documented to be removed for a long time, but I'd like to 
know if we are "stranding" any users by removing it.


Anyone still running Tomcat 8.5.x on Java 7 should be doing so on a 
supported JRE which means they'll have access to all those properties.


Okay, thanks for that data point.

There needs to be a big warning about it in the changelog, migration 
guide, etc.


Actually... how about we just gut the class and replace it with a bunch 
of log.info statements saying "This class does nothing". I would be very 
surprised to have a Tomcat upgrade cause my existing (working) 
configuration to suddenly no longer allow Tomcat to start.


Fortunately, it's not in the default configuration so it would only 
affect people who really need it. Maybe those INFO logs could spit-out 
the system properties they need to use and even check their Java version 
to tell them if their JVM is compatible with those properties.


I know, I'm making more work for you if you are going to do it. I 
wouldn't mind doing the work as long as I know which versions apply, etc.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r52047 - in /dev/tomcat/tomcat-9/v9.0.57: ./ bin/ bin/embed/ src/

2022-01-12 Thread remm 
Author: remm
Date: Wed Jan 12 20:04:46 2022
New Revision: 52047

Log:
Upload 9.0.57 for voting

Added:
dev/tomcat/tomcat-9/v9.0.57/
dev/tomcat/tomcat-9/v9.0.57/KEYS
dev/tomcat/tomcat-9/v9.0.57/README.html
dev/tomcat/tomcat-9/v9.0.57/RELEASE-NOTES
dev/tomcat/tomcat-9/v9.0.57/bin/
dev/tomcat/tomcat-9/v9.0.57/bin/README.html
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-deployer.tar.gz.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-deployer.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-deployer.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-deployer.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-deployer.zip.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-fulldocs.tar.gz.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-windows-x64.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-windows-x64.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-windows-x64.zip.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-windows-x86.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-windows-x86.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57-windows-x86.zip.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.exe   (with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.exe.asc   (with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.exe.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.tar.gz   (with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.tar.gz.asc   (with 
props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.zip   (with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.zip.asc   (with props)
dev/tomcat/tomcat-9/v9.0.57/bin/apache-tomcat-9.0.57.zip.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/embed/
dev/tomcat/tomcat-9/v9.0.57/bin/embed/apache-tomcat-9.0.57-embed.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/embed/apache-tomcat-9.0.57-embed.tar.gz.asc 
  (with props)

dev/tomcat/tomcat-9/v9.0.57/bin/embed/apache-tomcat-9.0.57-embed.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.57/bin/embed/apache-tomcat-9.0.57-embed.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/embed/apache-tomcat-9.0.57-embed.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.57/bin/embed/apache-tomcat-9.0.57-embed.zip.sha512
dev/tomcat/tomcat-9/v9.0.57/src/
dev/tomcat/tomcat-9/v9.0.57/src/apache-tomcat-9.0.57-src.tar.gz   (with 
props)
dev/tomcat/tomcat-9/v9.0.57/src/apache-tomcat-9.0.57-src.tar.gz.asc   (with 
props)
dev/tomcat/tomcat-9/v9.0.57/src/apache-tomcat-9.0.57-src.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.57/src/apache-tomcat-9.0.57-src.zip   (with props)
dev/tomcat/tomcat-9/v9.0.57/src/apache-tomcat-9.0.57-src.zip.asc   (with 
props)
dev/tomcat/tomcat-9/v9.0.57/src/apache-tomcat-9.0.57-src.zip.sha512

Added: dev/tomcat/tomcat-9/v9.0.57/KEYS
==
--- dev/tomcat/tomcat-9/v9.0.57/KEYS (added)
+++ dev/tomcat/tomcat-9/v9.0.57/KEYS Wed Jan 12 20:04:46 2022
@@ -0,0 +1,237 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   1024D/33C60243 2004-09-12
+  Key fingerprint = DCFD 35E0 BF8C A734 4752  DE8B 6FB2 1E89 33C6 0243
+uid  Mark E D Thomas 
+uid  Mark E D Thomas 
+uid  Mark E D Thomas 
+sub   2048g/0BECE548 2004-09-12
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: GnuPG v1.4.9 (MingW32)
+
+mQGiBEFEjegRBADocGttfROvtLGrTOW3xRqZHmFWybmEaI6jmnRdN/1gGXmb3wQL
+rHsS3fLFIIOYLPph0Kov9q4qNq36LekShIvjMBDFoj2/wRxaUtFq81asaRZg8Mcw
+4kVeIoe8OIOuWmvYhU8SH2jJNUnVVrpTPAa6QWquTmseNi6UJMjLxuL7DwCg//9u
+k2yj0vk6e4WSO6Fe5+EkQDED/AjQsy0kj9TpNHkKSSUR2evRlWPYA0YtxBSbsgON
+tT0cYipAp5IcYt6Zq5QzHiZreyQXLAjItDS2oGCIXfNbTYJ3kxxJTCU/3wlefV

Re: Building all releases with Java 11

2022-01-12 Thread Mark Thomas 

On 12/01/2022 19:59, Christopher Schultz wrote:

Mark,

On 1/12/22 13:36, Mark Thomas wrote:

On 12/01/2022 17:29, Christopher Schultz wrote:

On 1/10/22 11:46, Mark Thomas wrote:




So, as a first step, I intend to completely remove the 
JMXLifecycleListener.


Are all those various system properties available in recent releases 
of Java 7? I wouldn't want to trap users of Tomcat 8.5 on Java 7 into 
a situation where they cannot upgrade to Tomcat 8.5.latest because 
they still need the capability to control the JMX ports.


Define recent :)

If you define recent as "the thing you get when you pay Oracle $$$" or 
"the thing you get when you build from the project source" then yes.


If you define recent as "the last free version you could get back in 
April 2015" then mostly. The com.sun.management.jmxremote.host 
property is not supported but all the others are.




I don't think we'll get this all sorted for this release round. We 
should be able to remove the JmxLifecycleListener though.


It's been documented to be removed for a long time, but I'd like to 
know if we are "stranding" any users by removing it.


Anyone still running Tomcat 8.5.x on Java 7 should be doing so on a 
supported JRE which means they'll have access to all those properties.


Okay, thanks for that data point.

There needs to be a big warning about it in the changelog, migration 
guide, etc.


It is in the change log. I can add it to the migration guide.

Actually... how about we just gut the class and replace it with a bunch 
of log.info statements saying "This class does nothing". I would be very 
surprised to have a Tomcat upgrade cause my existing (working) 
configuration to suddenly no longer allow Tomcat to start.


Fortunately, it's not in the default configuration so it would only 
affect people who really need it. Maybe those INFO logs could spit-out 
the system properties they need to use and even check their Java version 
to tell them if their JVM is compatible with those properties.


I know, I'm making more work for you if you are going to do it. I 
wouldn't mind doing the work as long as I know which versions apply, etc.


No objections if you want to do that for 8.5.x and 9.0.x.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 8.5.74 created (now 2ea5055)

2022-01-12 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 8.5.74
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 2ea5055  (commit)
This tag includes the following new commits:

 new 2ea5055  Tag 8.5.74

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 8.5.74

2022-01-12 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to tag 8.5.74
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 2ea50557ae05ccfca7f521ab328c238237aec8b1
Author: schultz 
AuthorDate: Wed Jan 12 12:59:34 2022 -0800

Tag 8.5.74
---
 build.properties.default   | 8 
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 490483d..e971e71 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -31,15 +31,15 @@
 # - Version Control Flags -
 version.major=8
 version.minor=5
-version.build=72
+version.build=74
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
 # Note: The value is in seconds (unlike milliseconds used by 
System.currentTimeMillis()).
-#2021-06-08T12:00:00Z
-#ant.tstamp.now=1623153600
+#2022-01-12 17:49:25 UTC
+ant.tstamp.now=1642009765
 
 # - Source control flags -
 git.branch=8.5.x
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5d2f978..c32279c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (9794395 -> 09db648)

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 9794395  Make calculation of session storage location more robust
 new 0cdfed9  Reduce default timeouts for test client from infinite to 5 
seconds.
 new a804626  Fix tests failing on Windows Server 2022
 new 09db648  Update (currently unused) reproducible build timestamp

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 build.properties.default   | 4 ++--
 test/org/apache/catalina/startup/SimpleHttpClient.java | 2 +-
 test/org/apache/coyote/http11/upgrade/TestUpgrade.java | 9 -
 3 files changed, 11 insertions(+), 4 deletions(-)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Reduce default timeouts for test client from infinite to 5 seconds.

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0cdfed957e0ce6aa5e6706174ead7aaaeddbea83
Author: Mark Thomas 
AuthorDate: Wed Jan 12 13:57:33 2022 +

Reduce default timeouts for test client from infinite to 5 seconds.
---
 test/org/apache/catalina/startup/SimpleHttpClient.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/startup/SimpleHttpClient.java 
b/test/org/apache/catalina/startup/SimpleHttpClient.java
index cddd2e7..885fddd 100644
--- a/test/org/apache/catalina/startup/SimpleHttpClient.java
+++ b/test/org/apache/catalina/startup/SimpleHttpClient.java
@@ -199,7 +199,7 @@ public abstract class SimpleHttpClient {
 reader = new BufferedReader(r);
 }
 public void connect() throws UnknownHostException, IOException {
-connect(0,0);
+connect(5000, 5000);
 }
 
 protected OutputStream createOutputStream(Socket socket) throws 
IOException {

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Fix tests failing on Windows Server 2022

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a8046266aaa6c92c38242a74b00cfd7795c1bff3
Author: Mark Thomas 
AuthorDate: Wed Jan 12 15:14:27 2022 +

Fix tests failing on Windows Server 2022
---
 test/org/apache/coyote/http11/upgrade/TestUpgrade.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/coyote/http11/upgrade/TestUpgrade.java 
b/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
index 2d99506..b9b1719 100644
--- a/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
+++ b/test/org/apache/coyote/http11/upgrade/TestUpgrade.java
@@ -26,6 +26,7 @@ import java.io.PrintWriter;
 import java.io.Reader;
 import java.io.Writer;
 import java.net.Socket;
+import java.net.SocketException;
 import java.nio.charset.StandardCharsets;
 
 import javax.net.SocketFactory;
@@ -107,7 +108,13 @@ public class TestUpgrade extends TomcatBaseTest {
 UpgradeConnection conn = doUpgrade(upgradeHandlerClass);
 
 Reader r = conn.getReader();
-int c = r.read();
+int c;
+try {
+c = r.read();
+} catch (SocketException se) {
+// Some platforms will throw an exception rather than returning -1
+c = -1;
+}
 
 Assert.assertEquals(-1, c);
 }

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: Update (currently unused) reproducible build timestamp

2022-01-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 09db648ff9e721c924d639ecfd8bfe5631e1b797
Author: Mark Thomas 
AuthorDate: Wed Jan 12 16:04:39 2022 +

Update (currently unused) reproducible build timestamp
---
 build.properties.default | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 490483d..ab0e0c2 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -38,8 +38,8 @@ version.suffix=-dev
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
 # Note: The value is in seconds (unlike milliseconds used by 
System.currentTimeMillis()).
-#2021-06-08T12:00:00Z
-#ant.tstamp.now=1623153600
+#2022-01-12T06:00:00Z
+#ant.tstamp.now=1642003200
 
 # - Source control flags -
 git.branch=8.5.x

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 9.0.57

2022-01-12 Thread Rémy Maucherat 
The proposed Apache Tomcat 9.0.57 release is now available for voting.

The notable changes compared to 9.0.57 are:

- Add recycling check in the input and output stream isReady to try to
   give a more informative ISE when the facade has been recycled.

- Implement support for HTTP/1.1 upgrade when the request includes a
   body. The maximum permitted size of the body is controlled by
   maxSavePostSize.

- Improve handling of various cases where one request/response
   processing thread attempts to manage the asynchronous IO for a
   different request/response.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.57/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1348
The tag is:
https://github.com/apache/tomcat/tree/9.0.57
eb57341d04ac6f770c50d9cee70e6e13b96cd8af

The proposed 9.0.57 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.57 (stable)

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r52051 [2/2] - in /dev/tomcat/tomcat-8/v8.5.74: ./ bin/ bin/embed/ bin/extras/ src/

2022-01-12 Thread schultz 
Added: dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.asc
==
--- dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.asc Thu Jan 
13 01:22:17 2022
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmHffM4ACgkQHPApP6U8
+pFiN5w/+Oe4WLpMJgP7QfQV57PntKNt95NlNfztjMOKZXLlh4G8Nzyu/ZVQS/m69
+MpjN6tB0MnwYKP1SuU5HrWTUWS4grIcQrm5K9we+yAKRYFPyrUF1OdxE8OGPXQ00
+pG2O+u1uIxj0I9vJk3pZ0duhj1Hz4ukpFB7a+1NkQOXlv59Zq+e6EKpawUL1W2J0
+P6UhVdM3+p/UvI0yKbl0w6HaD1/su+Auj6GdCAj1puAn47dQVEZh30WYzd2aKQu2
+bHgSqZFDTxQQh962d4vHrZigxMtYCpCdkGxdE29dKgu/1LY+E3ByFGZ2DKwjN+GP
+2jexEl7uDD4B3b9/M2F+e1fII8iHUBnp1AcqLwEgbhuq7QBCphJYmqkpwq4IL/dd
+3sZy/Tz7QcQ2FaDHxA5rpDwr6Qo5zkoTMInLTjL1hTne0+vnsdUPXcSWsQhifGfw
+S4Vwx0ZlL+zMuEte/NMB8i3OXm9az1uzBlDz6/NlX6x9tBD6GInOBtYkjXCUU8uV
+0zLEWV7NlrkCOUoW5NcqajLPIEicKopxVksMdxtFa5+vSbqbpB/bNdAgL0A9Fbuv
+YjsRZSLU+y2QxFtrBAh0AiK7YEX0cW6f30WjPwft2qlJcBOgC4Sg+PiRNV3mfQdD
+u3OmDbiJe1prCtYWr4KoGnhNHHEx13kqNgpP+L9dQukTv50BHSY=
+=4vxx
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.sha512
==
--- dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.sha512 
(added)
+++ dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.sha512 Thu 
Jan 13 01:22:17 2022
@@ -0,0 +1 @@
+486516f58bde9b3098ebfe28d49091acecfeb4e193759d6a68b9c037e2daa8221acdec1b68d4d3d258bc0025045a42b1abc21e0cb852296c1db5360f38275f8d
 *catalina-jmx-remote.jar
\ No newline at end of file

Added: dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar
==
Binary file - no diff available.

Propchange: dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar
--
svn:mime-type = application/octet-stream

Added: dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.asc
==
--- dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.asc Thu Jan 13 
01:22:17 2022
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmHffM0ACgkQHPApP6U8
+pFjw2BAAwewW/v0IuitRIBuM5DDyQ4poZFm1NRW5WUlUNZ9hgvBLW/xPo9mttA3y
+0qggFahv3VD6EEL02vnYtPNU/VK/s2cDWv4fC6OJftNAVet6emBxObt927OwF1az
+EeRCbA3bh3EDQgSc90U7pcU/D9dnOTx502aWNYED5LXsxwitojDgU0rcH4akCeKX
+EQjkIY5FEFGK8gPYA7LgI7UcOrx+clHTxCbTpyPdA/PF/9NL/4SKfEKcepS7EP38
+u6doE5lVnq6QmkhpPXZJZDTPRfifqQDfIbHqsg5PA8u8qPwrlPVOtLqCLqKpZLPd
+Wb4AqSXjTiRVU3zsOVwdjLSCuLE7svTKuMYTZZSkqIJEOByIdv3LAwHBX3Z7Yb8y
+OkEBzQZ3DJc4V7fkazMjdlW/7mUbYFYpv3T8jxccu/34T3RbbzyUr0N+X1GJVGo8
+WOWBlALc+Lhwj/Q5f7v2abcQCM1WbOcbaRA5roIlI0aIpz3c9jruWjlBXmqzJGkv
+qx83OVkmmsH19tr3yETbwwxU/H1AfImMMpvk6luUDsj3FQoD8yiO27PcaVc9Ph+B
+oW22npdFPuT5k+/0fPd1Fd/g7csIihf67VfsYBLvdC4ogbRdF6WDJ44LqD8oL/Dj
+eqkN5oRuYo6o6NsGFrXxzAv7ruiqItHEcttdPIWyaN+yju3jsuI=
+=XknN
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.sha512
==
--- dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.sha512 (added)
+++ dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.sha512 Thu Jan 13 
01:22:17 2022
@@ -0,0 +1 @@
+ef917666af73844a47ce9d83d58748bbb3000b0ee735f360ef48525f198ff2802d5275b7ff44b535c79e7a5e26e14c57464c4dd8ad8b6613ffa1559bdee654e7
 *catalina-ws.jar
\ No newline at end of file

Added: dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz
==
Binary file - no diff available.

Propchange: dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz
--
svn:mime-type = application/octet-stream

Added: dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz.asc
==
--- dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz.asc Thu Jan 
13 01:22:17 2022
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmHffdsACgkQHPApP6U8
+pFgHhw//SOBYRKEzHDMKYSMRC1lRyA/6Hi/83TM2IAN96bdCAbgaqPcVbi4wJU4s
+E5GKoEIDZ1cLwQsC085XofBSMdxxwIilV72nE4rxqJza9KZfDbdWBTs52sOfFoAY
+HO9zbk2yFe+Fl97J7pqV7+twkyxV5LX7PJEPl9ZQq4Ro3VdFNf8QXpKHd+0OEzXR
+kOpsOA3u+JTCufoEFaapYgYId31fK9/5aGc7Ukf3LZh0Zaue/kuR7JeuWGVqOLJs
+UevAgzi/5zsd0CJBUhFDNT5al6UZHM6ngbj5O6ghIC902Re3pGz4PbXLpCrWz8kh
+jRn3SjdRIayAympOO7tNfELbyA2lHoavgMLMKUM79T2Q28vpLYmUm3zS5

svn commit: r52051 [1/2] - in /dev/tomcat/tomcat-8/v8.5.74: ./ bin/ bin/embed/ bin/extras/ src/

2022-01-12 Thread schultz 
Author: schultz
Date: Thu Jan 13 01:22:17 2022
New Revision: 52051

Log:
Upload v8.5.74 for voting

Added:
dev/tomcat/tomcat-8/v8.5.74/
dev/tomcat/tomcat-8/v8.5.74/KEYS
dev/tomcat/tomcat-8/v8.5.74/README.html
dev/tomcat/tomcat-8/v8.5.74/RELEASE-NOTES
dev/tomcat/tomcat-8/v8.5.74/bin/
dev/tomcat/tomcat-8/v8.5.74/bin/README.html
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-deployer.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-deployer.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-deployer.zip   (with 
props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-deployer.zip.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-deployer.zip.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-fulldocs.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-windows-x64.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-windows-x64.zip.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-windows-x64.zip.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-windows-x86.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-windows-x86.zip.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74-windows-x86.zip.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.exe   (with props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.exe.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.exe.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.tar.gz   (with props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.zip   (with props)
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.zip.asc
dev/tomcat/tomcat-8/v8.5.74/bin/apache-tomcat-8.5.74.zip.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/embed/
dev/tomcat/tomcat-8/v8.5.74/bin/embed/apache-tomcat-8.5.74-embed.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.74/bin/embed/apache-tomcat-8.5.74-embed.tar.gz.asc

dev/tomcat/tomcat-8/v8.5.74/bin/embed/apache-tomcat-8.5.74-embed.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/embed/apache-tomcat-8.5.74-embed.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.74/bin/embed/apache-tomcat-8.5.74-embed.zip.asc
dev/tomcat/tomcat-8/v8.5.74/bin/embed/apache-tomcat-8.5.74-embed.zip.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/extras/
dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar   (with 
props)
dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.asc
dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-jmx-remote.jar.sha512
dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar   (with props)
dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.asc
dev/tomcat/tomcat-8/v8.5.74/bin/extras/catalina-ws.jar.sha512
dev/tomcat/tomcat-8/v8.5.74/src/
dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz   (with 
props)
dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.zip   (with props)
dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.zip.asc
dev/tomcat/tomcat-8/v8.5.74/src/apache-tomcat-8.5.74-src.zip.sha512

Added: dev/tomcat/tomcat-8/v8.5.74/KEYS
==
--- dev/tomcat/tomcat-8/v8.5.74/KEYS (added)
+++ dev/tomcat/tomcat-8/v8.5.74/KEYS Thu Jan 13 01:22:17 2022
@@ -0,0 +1,785 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
+gNftTbKx/MVS7cQU0II8BKo2

Weak digital signature on tomcatX.exe

2022-01-12 Thread Christopher Schultz 

All,

Having just done the release build for Tomcat 8.5, I was checking to 
ensure that the various digital signatures were done properly on the 
.exe files we produce as a part of that build.


I happened to check tomcat8.exe and it's got a sha1 signature instead of 
a sha512 signature like the other .exe files we sign.


Is that intentional?

Those files appear to come from the commons-daemon project, and aren't 
signed as a part of the release process. The signature on tomcat8.exe 
for example (which is really prunsrc.exe) is ‎Monday, ‎January ‎18, 
‎2021 7:49:06 AM.


Should we ask the commons-daemon project to roll a new release with 
modern signatures on their .exe files? Or should we authenticate the 
existing signature and replace it with a new sha512 one? Or should we 
just ignore the discrepancy?


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 commented on pull request #463:
URL: https://github.com/apache/tomcat/pull/463#issuecomment-1011828970


   > Is this save to be backported to previous Tomcat versions?
   
   It should be. I do not see any reasons why this cannot be backported.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] cklein05 commented on a change in pull request #463: Add support for additional user attributes to TomcatPrincipal

2022-01-12 Thread GitBox 


cklein05 commented on a change in pull request #463:
URL: https://github.com/apache/tomcat/pull/463#discussion_r783661408



##
File path: java/org/apache/catalina/TomcatPrincipal.java
##
@@ -47,4 +48,37 @@
  *   exception to LoginContext
  */
 void logout() throws Exception;
+
+/**
+ * Returns the value of the named attribute as an Object, or
+ * null if no attribute of the given name exists, or if
+ * null has been specified as the attribute's name.
+ * 
+ * Only the servlet container may set attributes to make available custom
+ * information about a Principal or the user it represents. For example, 
some of
+ * the Realm implementations can be configured to additionally query user
+ * attributes from the user database, which then are provided 
through the
+ * Principal's attributes map.
+ * 
+ * Attribute names and naming conventions are maintained by the Tomcat
+ * components that contribute to this map, like some of the Realm
+ * implementations.

Review comment:
   In other words, when querying an attribute named "displayName", a Realm 
could add this under a key like "realm.displayName" or "user.displayName". For 
that, the (maybe custom) Realm may have a config option `userAttributePrefix` 
or this could even be hard-coded.
   
   Such prefixes might make sense, if, in the future, for example, several 
components could contribute to the Principal's attributes (like the 
Authenticator or a new component `SocialUserDataProvider` querying user 
information from Facebook etc.).




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Weak digital signature on tomcatX.exe

2022-01-12 Thread Mark Thomas 

On 13/01/2022 01:35, Christopher Schultz wrote:

All,

Having just done the release build for Tomcat 8.5, I was checking to 
ensure that the various digital signatures were done properly on the 
.exe files we produce as a part of that build.


I happened to check tomcat8.exe and it's got a sha1 signature instead of 
a sha512 signature like the other .exe files we sign.


Is that intentional?


Sort of.

Up until early 2021 the ASF used a code signing server originally 
written by Symantec that was subsequently sold to DigiCert. That service 
was limited to using SHA-1 for Windows signing.


In late 2020 the ASF started to migrate to a new code signing service 
written by DigiCert. This allowed use of better hashes for Windows 
signing. Tomcat was the first project to migrate in January 2021. We 
first switched to SHA-256 and moved to SHA-512 a few days later.


The Commons Daemon release happened while Tomcat was migrating and 
before Commons was set up in the new tool.


Those files appear to come from the commons-daemon project, and aren't 
signed as a part of the release process. The signature on tomcat8.exe 
for example (which is really prunsrc.exe) is ‎Monday, ‎January ‎18, 
‎2021 7:49:06 AM.


Should we ask the commons-daemon project to roll a new release with 
modern signatures on their .exe files? Or should we authenticate the 
existing signature and replace it with a new sha512 one? Or should we 
just ignore the discrepancy?


That would be me that would do that.

There are a few open issues but they are generally of the "it crashes" 
nature with little detail on how to reproduce. The change log has a few 
 minor fixes and improvements. Given it is a year since the last 
release I'll look at getting a 1.2.5 release out. We can pick that up 
once available.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org