[GitHub] [tomcat] markt-asf closed pull request #343: Ensure ExpressionFactory SPI registration is compatible with javax/jakarta API jar
markt-asf closed pull request #343: URL: https://github.com/apache/tomcat/pull/343 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on pull request #343: Ensure ExpressionFactory SPI registration is compatible with javax/jakarta API jar
markt-asf commented on pull request #343: URL: https://github.com/apache/tomcat/pull/343#issuecomment-679875619 That version of the EL API is broken. It should be using ServiceLoader. This has been fixed in Jakarta EE. It is a general principle that the Tomcat project doesn't implement work-arounds for bugs in other projects except in extreme circumstances. In this instance, a working version of the EL is available from the Tomcat project. This PR will not be merged. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix path validation when docBase="/"
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 14cc26c Fix path validation when docBase="/"
14cc26c is described below
commit 14cc26c247f95a14912268ebc26abe618bd7511c
Author: Mark Thomas
AuthorDate: Tue Aug 25 10:01:50 2020 +0100
Fix path validation when docBase="/"
---
.../org/apache/catalina/webresources/AbstractFileResourceSet.java | 8
webapps/docs/changelog.xml| 5 +
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index b79f88b..c799341 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -212,6 +212,14 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
} catch (IOException e) {
throw new IllegalArgumentException(e);
}
+
+// Need to handle mapping of the file system root as a special case
+if ("/".equals(this.absoluteBase)) {
+this.absoluteBase = "";
+}
+if ("/".equals(this.canonicalBase)) {
+this.canonicalBase = "";
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 987fb3b..9931b8a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -88,6 +88,11 @@
associated code for clarity.
Based on a patch provided by Milo van der Zee. (markt)
+
+Correct the path vaidation to allow the use of the file system root for
+the docBase attribute of a Context. Note that
+such a configuration should be used with caution. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] rmannibucau commented on pull request #343: Ensure ExpressionFactory SPI registration is compatible with javax/jakarta API jar
rmannibucau commented on pull request #343: URL: https://github.com/apache/tomcat/pull/343#issuecomment-679901115 @markt-asf can you point out the fixed release? seems https://mvnrepository.com/artifact/jakarta.el/jakarta.el-api/3.0.3 is affected by that so this is an issue ATM and as soon as you use tomcat embedded or its flavors (spring boot with cxf for ex) it hurts. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix path validation when docBase="/"
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 8b58ab5 Fix path validation when docBase="/"
8b58ab5 is described below
commit 8b58ab5c06dc1ffcfce2b2abf8f592416da455c5
Author: Mark Thomas
AuthorDate: Tue Aug 25 10:01:50 2020 +0100
Fix path validation when docBase="/"
---
.../org/apache/catalina/webresources/AbstractFileResourceSet.java | 8
webapps/docs/changelog.xml| 5 +
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index b79f88b..c799341 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -212,6 +212,14 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
} catch (IOException e) {
throw new IllegalArgumentException(e);
}
+
+// Need to handle mapping of the file system root as a special case
+if ("/".equals(this.absoluteBase)) {
+this.absoluteBase = "";
+}
+if ("/".equals(this.canonicalBase)) {
+this.canonicalBase = "";
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index da9ecf0..ce59fc7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -82,6 +82,11 @@
associated code for clarity.
Based on a patch provided by Milo van der Zee. (markt)
+
+Correct the path vaidation to allow the use of the file system root for
+the docBase attribute of a Context. Note that
+such a configuration should be used with caution. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix path validation when docBase="/"
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 29f259f Fix path validation when docBase="/"
29f259f is described below
commit 29f259f52386ad791f8900dd5278db5473edc876
Author: Mark Thomas
AuthorDate: Tue Aug 25 10:01:50 2020 +0100
Fix path validation when docBase="/"
---
.../org/apache/catalina/webresources/AbstractFileResourceSet.java | 8
webapps/docs/changelog.xml| 5 +
2 files changed, 13 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index b79f88b..c799341 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -212,6 +212,14 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
} catch (IOException e) {
throw new IllegalArgumentException(e);
}
+
+// Need to handle mapping of the file system root as a special case
+if ("/".equals(this.absoluteBase)) {
+this.absoluteBase = "";
+}
+if ("/".equals(this.canonicalBase)) {
+this.canonicalBase = "";
+}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1f09bd7..a5cad12 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -88,6 +88,11 @@
associated code for clarity.
Based on a patch provided by Milo van der Zee. (markt)
+
+Correct the path vaidation to allow the use of the file system root for
+the docBase attribute of a Context. Note that
+such a configuration should be used with caution. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 1.2.25
On Fri, Aug 21, 2020 at 9:22 PM Mark Thomas wrote: > Version 1.2.25 includes the following changes compared to 1.2.24 > > - Improvements to LibreSSL support > > - Improvements to HP_UX support > > Various other fixes and improvements. See the changelog for details. > > The proposed release artefacts can be found at [1], > and the build was done using tag [2]. > > The Apache Tomcat Native 1.2.25 release is > [ X ] Stable, go ahead and release > [ ] Broken because of ... > Everything works fine in my daily builds on x86_64 and aarch64! Just one minor issue/question: $ ls -la /home/ubuntu/git/apache/tomcat-native-build/lib total 3.4M -rw-r--r-- 1 ubuntu ubuntu 2.2M Aug 25 02:30 libtcnative-1.a -rwxr-xr-x 1 ubuntu ubuntu 1.1K Aug 25 02:30 libtcnative-1.la* lrwxrwxrwx 1 ubuntu ubuntu 23 Aug 25 02:30 libtcnative-1.so -> libtcnative-1.so.0.2.26* lrwxrwxrwx 1 ubuntu ubuntu 23 Aug 25 02:30 libtcnative-1.so.0 -> libtcnative-1.so.0.2.26* -rwxr-xr-x 1 ubuntu ubuntu 1.3M Aug 25 02:30 libtcnative-1.so.0.2.26* Why .so.0.2.26 ? Shouldn't it be 1.2.26 ? > Thanks, > > Mark > > > [1] > > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.25 > [2] > > https://gitbox.apache.org/repos/asf?p=tomcat-native.git;a=commit;h=a94590ec2a5e40b168a9494144125a52f41ed0b2 > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
[GitHub] [tomcat] martin-g opened a new pull request #344: Minor performance improvements
martin-g opened a new pull request #344: URL: https://github.com/apache/tomcat/pull/344 I've noticed few small improvements to Tomcat code while profiling it with Java Flight Recorder and Yourkit. Each improvement is a separate commit with an explanation of the change. This PR is just for discussion and will be marked as a draft PR so it won't be merged. If the separate commits are approved I will push them directly to the active branches. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] martin-g commented on a change in pull request #332: Support sending the 100 continue response when the servlet reads the …
martin-g commented on a change in pull request #332:
URL: https://github.com/apache/tomcat/pull/332#discussion_r476411776
##
File path: test/org/apache/catalina/core/TestStandardContextValve.java
##
@@ -182,4 +186,123 @@ public void requestDestroyed(ServletRequestEvent sre) {
}
}
+
+@Test
+public void test100ContinueDefaultPolicy() throws Exception {
+// the default policy is IMMEDIATELY
+// This test verifies that we get proper 100 Continue responses
+// when the continueHandlingResponsePolicy property is not set
+test100Continue(ContinueHandlingResponsePolicy.IMMEDIATELY);
+}
+
+@Test
+public void test100ContinueSentImmediately() throws Exception {
+final Tomcat tomcat = getTomcatInstance();
+
+final Connector connector = tomcat.getConnector();
+connector.setProperty("continueHandlingResponsePolicy", "immediately");
+
+test100Continue(ContinueHandlingResponsePolicy.IMMEDIATELY);
+}
+
+@Test
+public void test100ContinueSentOnRequestContentRead() throws Exception {
+final Tomcat tomcat = getTomcatInstance();
+
+final Connector connector = tomcat.getConnector();
+final String policyString =
ContinueHandlingResponsePolicy.ON_REQUEST_BODY_READ.toString()
+.toLowerCase(Locale.ENGLISH);
+connector.setProperty("continueHandlingResponsePolicy", policyString);
+
+test100Continue(ContinueHandlingResponsePolicy.ON_REQUEST_BODY_READ);
+}
+
+public void test100Continue(ContinueHandlingResponsePolicy expectedPolicy)
throws Exception {
+final Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+final Context ctx = tomcat.addContext("", null);
+
+// configure the servlet to wait 1 second before reading the request
body
+Tomcat.addServlet(ctx, "echo", new DelayingEchoBodyServlet(1000));
+ctx.addServletMappingDecoded("/echo", "echo");
+
+tomcat.start();
+
+final ExpectationClient client = new ExpectationClient();
+
+client.setPort(tomcat.getConnector().getLocalPort());
+// Expected content doesn't end with a CR-LF so if it isn't chunked
make
+// sure the content length is used as reading it line-by-line will fail
+// since there is no "line".
+client.setUseContentLength(true);
+
+client.connect();
+
+// time how long it takes to send the request headers and get the
+// 100 continue response
+final long startTime = System.currentTimeMillis();
+client.doRequestHeaders();
+final long endTime = System.currentTimeMillis();
+
+final long duration = endTime - startTime;
+
+if(expectedPolicy == ContinueHandlingResponsePolicy.IMMEDIATELY) {
+// the 100 response should be received immediately while
+// the servlet will wait 1 second before responding. 500 ms
+// should be enough time to allow for any slowness that may
+// occur but still differentiate from the 1 second or more
+// expected delay by the ON_REQUEST_BODY_READ policy.
+Assert.assertTrue(duration < 500);
Review comment:
This check may fail on some busy CI server.
Is there a more stable way to make this check ?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63982] CombinedRealm makes assumptions about principal implementation
https://bz.apache.org/bugzilla/show_bug.cgi?id=63982 --- Comment #8 from Ole Ostergaard --- I'm hit by the upcoming removal of Realm#getRoles(). I was using the Realm#getRoles() to get the Roles of a Principal. Is there an alternate way to perform this action, in regard of the upcoming removal of the function in Realm? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63982] CombinedRealm makes assumptions about principal implementation
https://bz.apache.org/bugzilla/show_bug.cgi?id=63982 --- Comment #9 from Michael Osipov --- (In reply to Ole Ostergaard from comment #8) > I'm hit by the upcoming removal of Realm#getRoles(). I was using the > Realm#getRoles() to get the Roles of a Principal. Is there an alternate way > to perform this action, in regard of the upcoming removal of the function in > Realm? Do what I do cast Principal object to your principal implementation and invoke your #getRoles() there: http://tomcatspnegoad.sourceforge.net/xref/net/sf/michaelo/tomcat/realm/ActiveDirectoryPrincipal.html#L134 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on a change in pull request #344: Minor performance improvements
markt-asf commented on a change in pull request #344:
URL: https://github.com/apache/tomcat/pull/344#discussion_r476515349
##
File path: java/org/apache/catalina/connector/CoyoteAdapter.java
##
@@ -1144,6 +1144,12 @@ public static boolean normalize(MessageBytes uriMB,
boolean allowBackslash) {
int pos = 0;
int index = 0;
+
+// The URL must start with '/' (or '\' that will be replaced soon)
+if (b[start] != (byte) '/' && b[start] != (byte) '\\') {
Review comment:
I find this slightly harder to follow than the original but I can see
the potential benefit so no objection.
##
File path: java/org/apache/tomcat/util/threads/TaskQueue.java
##
@@ -109,18 +110,22 @@ public Runnable take() throws InterruptedException {
@Override
public int remainingCapacity() {
-if (forcedRemainingCapacity != null) {
+if (forcedRemainingCapacity > DEFAULT_FORCED_REMAINING_CAPACITY) {
// ThreadPoolExecutor.setCorePoolSize checks that
// remainingCapacity==0 to allow to interrupt idle threads
// I don't see why, but this hack allows to conform to this
// "requirement"
-return forcedRemainingCapacity.intValue();
+return forcedRemainingCapacity;
}
return super.remainingCapacity();
}
-public void setForcedRemainingCapacity(Integer forcedRemainingCapacity) {
+public void setForcedRemainingCapacity(int forcedRemainingCapacity) {
this.forcedRemainingCapacity = forcedRemainingCapacity;
Review comment:
Technically this is a change in a public API but it looks sufficiently
low level / part of Tomcat's internals that I'm OK with the change.
##
File path: java/org/apache/tomcat/util/threads/StopPooledThreadException.java
##
@@ -26,6 +26,6 @@
private static final long serialVersionUID = 1L;
public StopPooledThreadException(String msg) {
-super(msg);
+super(msg, null, false, false);
}
Review comment:
This does mean that the stack trace in the debug log is lost but I don't
think it tells us anything useful (it looks like it will be (nearly?) always
the same). I'm happy with this change.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Update BCEL to 6.5.0 - code clean-up only
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new f76278a Update BCEL to 6.5.0 - code clean-up only
f76278a is described below
commit f76278ae2e601f574ffa49d0298882e8d101aa38
Author: Mark Thomas
AuthorDate: Tue Aug 25 16:45:20 2020 +0100
Update BCEL to 6.5.0 - code clean-up only
---
MERGE.txt | 4 +--
java/org/apache/tomcat/util/bcel/Const.java| 40 +++---
.../bcel/classfile/AnnotationElementValue.java | 2 +-
.../util/bcel/classfile/AnnotationEntry.java | 16 -
.../tomcat/util/bcel/classfile/Annotations.java| 12 +++
.../util/bcel/classfile/ArrayElementValue.java | 14
.../tomcat/util/bcel/classfile/ClassParser.java| 40 +++---
.../tomcat/util/bcel/classfile/ConstantClass.java | 6 ++--
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +-
.../tomcat/util/bcel/classfile/ElementValue.java | 2 +-
.../util/bcel/classfile/EnumElementValue.java | 2 +-
.../tomcat/util/bcel/classfile/JavaClass.java | 38 ++--
.../util/bcel/classfile/SimpleElementValue.java| 2 +-
.../apache/tomcat/util/bcel/classfile/Utility.java | 6 ++--
java/org/apache/tomcat/util/bcel/package.html | 2 +-
webapps/docs/changelog.xml | 4 +++
16 files changed, 106 insertions(+), 102 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 5551fb2..d63a3ca 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -35,8 +35,8 @@ BCEL
Sub-tree:
src/main/java/org/apache/bcel
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
-ff6941e4491c68f6eaf270ff03c1bc1e554c7b42 (2019-12-06)
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
+rel/commons-bcel-6.5.0
Codec
-
diff --git a/java/org/apache/tomcat/util/bcel/Const.java
b/java/org/apache/tomcat/util/bcel/Const.java
index bfaeb42..ad19386 100644
--- a/java/org/apache/tomcat/util/bcel/Const.java
+++ b/java/org/apache/tomcat/util/bcel/Const.java
@@ -23,13 +23,13 @@ package org.apache.tomcat.util.bcel;
public final class Const {
/** One of the access flags for fields, methods, or classes.
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
* Flag definitions for Classes in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
* Flag definitions for Fields in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
* Flag definitions for Methods in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
* Flag definitions for Inner Classes in the Java Virtual Machine
Specification (Java SE 9 Edition).
*/
public static final short ACC_FINAL = 0x0010;
@@ -48,91 +48,91 @@ public final class Const {
/**
* Marks a constant pool entry as type UTF-8.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Utf8 = 1;
/**
* Marks a constant pool entry as type Integer.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Integer= 3;
/**
* Marks a constant pool entry as type Float.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Float = 4;
/**
* Marks a constant pool entry as type Long.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.5";>
+ * @see https://docs.oracl
[tomcat] branch 9.0.x updated: Update BCEL to 6.5.0 - code clean-up only
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 1f2ce94 Update BCEL to 6.5.0 - code clean-up only
1f2ce94 is described below
commit 1f2ce94f96a5cbdf55743dadd5788951f3c701ca
Author: Mark Thomas
AuthorDate: Tue Aug 25 16:45:20 2020 +0100
Update BCEL to 6.5.0 - code clean-up only
---
MERGE.txt | 4 +--
java/org/apache/tomcat/util/bcel/Const.java| 40 +++---
.../bcel/classfile/AnnotationElementValue.java | 2 +-
.../util/bcel/classfile/AnnotationEntry.java | 16 -
.../tomcat/util/bcel/classfile/Annotations.java| 12 +++
.../util/bcel/classfile/ArrayElementValue.java | 14
.../tomcat/util/bcel/classfile/ClassParser.java| 40 +++---
.../tomcat/util/bcel/classfile/ConstantClass.java | 6 ++--
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +-
.../tomcat/util/bcel/classfile/ElementValue.java | 2 +-
.../util/bcel/classfile/EnumElementValue.java | 2 +-
.../tomcat/util/bcel/classfile/JavaClass.java | 38 ++--
.../util/bcel/classfile/SimpleElementValue.java| 2 +-
.../apache/tomcat/util/bcel/classfile/Utility.java | 6 ++--
java/org/apache/tomcat/util/bcel/package.html | 2 +-
webapps/docs/changelog.xml | 4 +++
16 files changed, 106 insertions(+), 102 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 5551fb2..d63a3ca 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -35,8 +35,8 @@ BCEL
Sub-tree:
src/main/java/org/apache/bcel
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
-ff6941e4491c68f6eaf270ff03c1bc1e554c7b42 (2019-12-06)
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
+rel/commons-bcel-6.5.0
Codec
-
diff --git a/java/org/apache/tomcat/util/bcel/Const.java
b/java/org/apache/tomcat/util/bcel/Const.java
index bfaeb42..ad19386 100644
--- a/java/org/apache/tomcat/util/bcel/Const.java
+++ b/java/org/apache/tomcat/util/bcel/Const.java
@@ -23,13 +23,13 @@ package org.apache.tomcat.util.bcel;
public final class Const {
/** One of the access flags for fields, methods, or classes.
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
* Flag definitions for Classes in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
* Flag definitions for Fields in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
* Flag definitions for Methods in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
* Flag definitions for Inner Classes in the Java Virtual Machine
Specification (Java SE 9 Edition).
*/
public static final short ACC_FINAL = 0x0010;
@@ -48,91 +48,91 @@ public final class Const {
/**
* Marks a constant pool entry as type UTF-8.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Utf8 = 1;
/**
* Marks a constant pool entry as type Integer.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Integer= 3;
/**
* Marks a constant pool entry as type Float.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Float = 4;
/**
* Marks a constant pool entry as type Long.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.5";>
+ * @see https://docs.oracle.
[tomcat] branch 8.5.x updated: Update BCEL to 6.5.0 - code clean-up only
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4605360 Update BCEL to 6.5.0 - code clean-up only
4605360 is described below
commit 4605360b195c77f4e60d47e9cd0244fd5cde08a1
Author: Mark Thomas
AuthorDate: Tue Aug 25 16:45:20 2020 +0100
Update BCEL to 6.5.0 - code clean-up only
---
MERGE.txt | 4 +--
java/org/apache/tomcat/util/bcel/Const.java| 40 +++---
.../bcel/classfile/AnnotationElementValue.java | 2 +-
.../util/bcel/classfile/AnnotationEntry.java | 16 -
.../tomcat/util/bcel/classfile/Annotations.java| 12 +++
.../util/bcel/classfile/ArrayElementValue.java | 14
.../tomcat/util/bcel/classfile/ClassParser.java| 40 +++---
.../tomcat/util/bcel/classfile/ConstantClass.java | 6 ++--
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +-
.../tomcat/util/bcel/classfile/ElementValue.java | 2 +-
.../util/bcel/classfile/EnumElementValue.java | 2 +-
.../tomcat/util/bcel/classfile/JavaClass.java | 38 ++--
.../util/bcel/classfile/SimpleElementValue.java| 2 +-
.../apache/tomcat/util/bcel/classfile/Utility.java | 6 ++--
java/org/apache/tomcat/util/bcel/package.html | 2 +-
webapps/docs/changelog.xml | 4 +++
16 files changed, 106 insertions(+), 102 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index 5551fb2..d63a3ca 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -35,8 +35,8 @@ BCEL
Sub-tree:
src/main/java/org/apache/bcel
-The SHA1 ID for the most recent commit to be merged to Tomcat is:
-ff6941e4491c68f6eaf270ff03c1bc1e554c7b42 (2019-12-06)
+The SHA1 ID / tag for the most recent commit to be merged to Tomcat is:
+rel/commons-bcel-6.5.0
Codec
-
diff --git a/java/org/apache/tomcat/util/bcel/Const.java
b/java/org/apache/tomcat/util/bcel/Const.java
index bfaeb42..ad19386 100644
--- a/java/org/apache/tomcat/util/bcel/Const.java
+++ b/java/org/apache/tomcat/util/bcel/Const.java
@@ -23,13 +23,13 @@ package org.apache.tomcat.util.bcel;
public final class Const {
/** One of the access flags for fields, methods, or classes.
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
* Flag definitions for Classes in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
* Flag definitions for Fields in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
* Flag definitions for Methods in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
* Flag definitions for Inner Classes in the Java Virtual Machine
Specification (Java SE 9 Edition).
*/
public static final short ACC_FINAL = 0x0010;
@@ -48,91 +48,91 @@ public final class Const {
/**
* Marks a constant pool entry as type UTF-8.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Utf8 = 1;
/**
* Marks a constant pool entry as type Integer.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Integer= 3;
/**
* Marks a constant pool entry as type Float.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Float = 4;
/**
* Marks a constant pool entry as type Long.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.5";>
+ * @see https://docs.oracle.
[tomcat] branch 7.0.x updated: Update BCEL to 6.5.0 - code clean-up only
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 67eba90 Update BCEL to 6.5.0 - code clean-up only
67eba90 is described below
commit 67eba9039a926dd8b106e2dc7972d8dead288edf
Author: Mark Thomas
AuthorDate: Tue Aug 25 16:45:20 2020 +0100
Update BCEL to 6.5.0 - code clean-up only
---
java/org/apache/tomcat/util/bcel/Const.java| 40 +++---
.../bcel/classfile/AnnotationElementValue.java | 2 +-
.../util/bcel/classfile/AnnotationEntry.java | 16 -
.../tomcat/util/bcel/classfile/Annotations.java| 12 +++
.../util/bcel/classfile/ArrayElementValue.java | 20 +--
.../tomcat/util/bcel/classfile/ClassParser.java| 40 +++---
.../tomcat/util/bcel/classfile/ConstantClass.java | 6 ++--
.../tomcat/util/bcel/classfile/ConstantPool.java | 18 +-
.../tomcat/util/bcel/classfile/ElementValue.java | 2 +-
.../util/bcel/classfile/EnumElementValue.java | 2 +-
.../tomcat/util/bcel/classfile/JavaClass.java | 38 ++--
.../util/bcel/classfile/SimpleElementValue.java| 2 +-
.../apache/tomcat/util/bcel/classfile/Utility.java | 6 ++--
java/org/apache/tomcat/util/bcel/package.html | 2 +-
webapps/docs/changelog.xml | 4 +++
15 files changed, 107 insertions(+), 103 deletions(-)
diff --git a/java/org/apache/tomcat/util/bcel/Const.java
b/java/org/apache/tomcat/util/bcel/Const.java
index bfaeb42..ad19386 100644
--- a/java/org/apache/tomcat/util/bcel/Const.java
+++ b/java/org/apache/tomcat/util/bcel/Const.java
@@ -23,13 +23,13 @@ package org.apache.tomcat.util.bcel;
public final class Const {
/** One of the access flags for fields, methods, or classes.
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.1-200-E.1";>
* Flag definitions for Classes in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.5";>
* Flag definitions for Fields in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.6";>
* Flag definitions for Methods in the Java Virtual Machine Specification
(Java SE 9 Edition).
- * @see http://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se9/html/jvms-4.html#jvms-4.7.6-300-D.1-D.1";>
* Flag definitions for Inner Classes in the Java Virtual Machine
Specification (Java SE 9 Edition).
*/
public static final short ACC_FINAL = 0x0010;
@@ -48,91 +48,91 @@ public final class Const {
/**
* Marks a constant pool entry as type UTF-8.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.7";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Utf8 = 1;
/**
* Marks a constant pool entry as type Integer.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Integer= 3;
/**
* Marks a constant pool entry as type Float.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.4";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Float = 4;
/**
* Marks a constant pool entry as type Long.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.5";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.5";>
* The Constant Pool in The Java Virtual Machine Specification
*/
public static final byte CONSTANT_Long = 5;
/**
* Marks a constant pool entry as type Double.
- * @see http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.5";>
+ * @see https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.4.5";>
* The Constant
Fwd: Security concern about Tomcat's default value for HSTS MaxAge
Per: https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Header_Security_Filter and https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_Security_Filter they both say: hstsMaxAgeSeconds - The max age value that should be used in the HSTS header. Negative values will be treated as zero. If not specified, the default value of 0 will be used. So, if a Tomcat user (like I did at first), configures hstsEnabled=true, the HSTS response header is set by Tomcat, but with a max age of zero (since that is the default). However, per the HSTS RFC: https://tools.ietf.org/html/rfc6797#section-6.1.1 it says: NOTE: A max-age value of zero (i.e., "max-age=0") signals the UA to cease regarding the host as a Known HSTS Host, including the includeSubDomains directive (if asserted for that HSTS Host). I noticed this problem when I first enabled HSTS on my Tomcat dev instance, and then passively scanned my web app with OWASP ZAP ( https://owasp.org/www-project-zap/). ZAP, correctly I believe, pointed out that enabling HSTS with a MaxAge of zero is effectively a no-op. (i.e., does nothing). If I'm correct, then I think having a default of zero is dangerous and should instead default to something useful and effective. Such as one year (in seconds) which is what many developers set/configure this value. Otherwise, I think turning HSTS ON in Tomcat might be giving people a false sense of security because it really doesn't doing anything unless you also set MaxAge (which to me isn't intuitive that you should have to do that). Do you agree with me that this is a problem that should be fixed? -Dave
[tomcat] branch master updated: Update Commons Codec to latest
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new edf149b Update Commons Codec to latest
edf149b is described below
commit edf149b938c867e50dc9a7e0df5d6ade312ca84e
Author: Mark Thomas
AuthorDate: Tue Aug 25 19:15:06 2020 +0100
Update Commons Codec to latest
---
MERGE.txt |2 +-
.../apache/tomcat/util/codec/binary/Base64.java| 1013 ++--
.../tomcat/util/codec/binary/BaseNCodec.java | 453 -
.../tomcat/util/codec/binary/StringUtils.java | 42 +-
webapps/docs/changelog.xml |4 +
5 files changed, 767 insertions(+), 747 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index d63a3ca..fd084e5 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -43,7 +43,7 @@ Codec
Sub-tree:
src/main/java/org/apache/commons/codec
The SHA1 ID for the most recent commit to be merged to Tomcat is:
-9637dd44fa0e2d5a6ddb45791e3cd78298842d95 (2019-12-06)
+53c93d0ffccb65d182306c74d1230ce814889dc1 (2020-08-18)
Note: Only classes required for Base64 encoding/decoding. The rest are removed.
FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index 72cfd54..2b5c7d4 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -61,17 +61,6 @@ public class Base64 extends BaseNCodec {
private static final int BYTES_PER_ENCODED_BLOCK = 4;
/**
- * Chunk separator per RFC 2045 section 2.1.
- *
- *
- * N.B. The next major release may break compatibility and make this field
private.
- *
- *
- * @see http://www.ietf.org/rfc/rfc2045.txt";>RFC 2045 section
2.1
- */
-static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
-
-/**
* This array is a lookup table that translates 6-bit positive integer
index values into their "Base64 Alphabet"
* equivalents as specified in Table 1 of RFC 2045.
*
@@ -149,367 +138,211 @@ public class Base64 extends BaseNCodec {
// some state be preserved between calls of encode() and decode().
/**
- * Encode table to use: either STANDARD or URL_SAFE. Note: the
DECODE_TABLE above remains static because it is able
- * to decode both STANDARD and URL_SAFE streams, but the encodeTable must
be a member variable so we can switch
- * between the two modes.
+ * Decodes Base64 data into octets.
+ *
+ * Note: this method seamlessly handles data encoded in URL-safe or
normal mode.
+ *
+ *
+ * @param base64Data
+ *Byte array containing Base64 data
+ * @return Array containing decoded data.
*/
-private final byte[] encodeTable;
-
-// Only one decode table currently; keep for consistency with Base32 code
-private final byte[] decodeTable;
+public static byte[] decodeBase64(final byte[] base64Data) {
+return decodeBase64(base64Data, 0, base64Data.length);
+}
-/**
- * Line separator for encoding. Not used when decoding. Only used if
lineLength > 0.
- */
-private final byte[] lineSeparator;
+public static byte[] decodeBase64(
+final byte[] base64Data, final int off, final int len) {
+return new Base64().decode(base64Data, off, len);
+}
/**
- * Convenience variable to help us determine when our buffer is going to
run out of room and needs resizing.
- * decodeSize = 3 + lineSeparator.length;
+ * Decodes a Base64 String into octets.
+ *
+ * Note: this method seamlessly handles data encoded in URL-safe or
normal mode.
+ *
+ *
+ * @param base64String
+ *String containing Base64 data
+ * @return Array containing decoded data.
+ * @since 1.4
*/
-private final int decodeSize;
+public static byte[] decodeBase64(final String base64String) {
+return new Base64().decode(base64String);
+}
-/**
- * Convenience variable to help us determine when our buffer is going to
run out of room and needs resizing.
- * encodeSize = 4 + lineSeparator.length;
- */
-private final int encodeSize;
+public static byte[] decodeBase64URLSafe(final String base64String) {
+return new Base64(true).decode(base64String);
+}
+// Implementation of integer encoding used for crypto
/**
- * Creates a Base64 codec used for decoding (all modes) and encoding in
URL-unsafe mode.
- *
- * When encoding the line length is 0 (no chunking), and the encoding
table is STANDARD_ENCODE_TABLE.
- *
+ * Decodes a byte64-encoded integer according to crypto standards such as
W3C's XML-Signature.
*
- *
- * When decoding all variants are supported
[tomcat] branch 9.0.x updated: Update Commons Codec to latest
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new aa6bfae Update Commons Codec to latest
aa6bfae is described below
commit aa6bfaee9917fd1082a0c28b8fb023e5c00175fa
Author: Mark Thomas
AuthorDate: Tue Aug 25 19:15:06 2020 +0100
Update Commons Codec to latest
---
MERGE.txt |2 +-
.../apache/tomcat/util/codec/binary/Base64.java| 1013 ++--
.../tomcat/util/codec/binary/BaseNCodec.java | 453 -
.../tomcat/util/codec/binary/StringUtils.java | 42 +-
webapps/docs/changelog.xml |4 +
5 files changed, 767 insertions(+), 747 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index d63a3ca..fd084e5 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -43,7 +43,7 @@ Codec
Sub-tree:
src/main/java/org/apache/commons/codec
The SHA1 ID for the most recent commit to be merged to Tomcat is:
-9637dd44fa0e2d5a6ddb45791e3cd78298842d95 (2019-12-06)
+53c93d0ffccb65d182306c74d1230ce814889dc1 (2020-08-18)
Note: Only classes required for Base64 encoding/decoding. The rest are removed.
FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index 72cfd54..2b5c7d4 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -61,17 +61,6 @@ public class Base64 extends BaseNCodec {
private static final int BYTES_PER_ENCODED_BLOCK = 4;
/**
- * Chunk separator per RFC 2045 section 2.1.
- *
- *
- * N.B. The next major release may break compatibility and make this field
private.
- *
- *
- * @see http://www.ietf.org/rfc/rfc2045.txt";>RFC 2045 section
2.1
- */
-static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
-
-/**
* This array is a lookup table that translates 6-bit positive integer
index values into their "Base64 Alphabet"
* equivalents as specified in Table 1 of RFC 2045.
*
@@ -149,367 +138,211 @@ public class Base64 extends BaseNCodec {
// some state be preserved between calls of encode() and decode().
/**
- * Encode table to use: either STANDARD or URL_SAFE. Note: the
DECODE_TABLE above remains static because it is able
- * to decode both STANDARD and URL_SAFE streams, but the encodeTable must
be a member variable so we can switch
- * between the two modes.
+ * Decodes Base64 data into octets.
+ *
+ * Note: this method seamlessly handles data encoded in URL-safe or
normal mode.
+ *
+ *
+ * @param base64Data
+ *Byte array containing Base64 data
+ * @return Array containing decoded data.
*/
-private final byte[] encodeTable;
-
-// Only one decode table currently; keep for consistency with Base32 code
-private final byte[] decodeTable;
+public static byte[] decodeBase64(final byte[] base64Data) {
+return decodeBase64(base64Data, 0, base64Data.length);
+}
-/**
- * Line separator for encoding. Not used when decoding. Only used if
lineLength > 0.
- */
-private final byte[] lineSeparator;
+public static byte[] decodeBase64(
+final byte[] base64Data, final int off, final int len) {
+return new Base64().decode(base64Data, off, len);
+}
/**
- * Convenience variable to help us determine when our buffer is going to
run out of room and needs resizing.
- * decodeSize = 3 + lineSeparator.length;
+ * Decodes a Base64 String into octets.
+ *
+ * Note: this method seamlessly handles data encoded in URL-safe or
normal mode.
+ *
+ *
+ * @param base64String
+ *String containing Base64 data
+ * @return Array containing decoded data.
+ * @since 1.4
*/
-private final int decodeSize;
+public static byte[] decodeBase64(final String base64String) {
+return new Base64().decode(base64String);
+}
-/**
- * Convenience variable to help us determine when our buffer is going to
run out of room and needs resizing.
- * encodeSize = 4 + lineSeparator.length;
- */
-private final int encodeSize;
+public static byte[] decodeBase64URLSafe(final String base64String) {
+return new Base64(true).decode(base64String);
+}
+// Implementation of integer encoding used for crypto
/**
- * Creates a Base64 codec used for decoding (all modes) and encoding in
URL-unsafe mode.
- *
- * When encoding the line length is 0 (no chunking), and the encoding
table is STANDARD_ENCODE_TABLE.
- *
+ * Decodes a byte64-encoded integer according to crypto standards such as
W3C's XML-Signature.
*
- *
- * When decoding all variants are supported.
[tomcat] branch 8.5.x updated: Update Commons Codec to latest
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 34e7e21 Update Commons Codec to latest
34e7e21 is described below
commit 34e7e2162925aa1f948135ed044dc799947772a9
Author: Mark Thomas
AuthorDate: Tue Aug 25 19:15:06 2020 +0100
Update Commons Codec to latest
---
MERGE.txt |2 +-
.../apache/tomcat/util/codec/binary/Base64.java| 1013 ++--
.../tomcat/util/codec/binary/BaseNCodec.java | 523 +-
.../tomcat/util/codec/binary/StringUtils.java | 42 +-
webapps/docs/changelog.xml |4 +
5 files changed, 802 insertions(+), 782 deletions(-)
diff --git a/MERGE.txt b/MERGE.txt
index d63a3ca..fd084e5 100644
--- a/MERGE.txt
+++ b/MERGE.txt
@@ -43,7 +43,7 @@ Codec
Sub-tree:
src/main/java/org/apache/commons/codec
The SHA1 ID for the most recent commit to be merged to Tomcat is:
-9637dd44fa0e2d5a6ddb45791e3cd78298842d95 (2019-12-06)
+53c93d0ffccb65d182306c74d1230ce814889dc1 (2020-08-18)
Note: Only classes required for Base64 encoding/decoding. The rest are removed.
FileUpload
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index 72cfd54..2b5c7d4 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -61,17 +61,6 @@ public class Base64 extends BaseNCodec {
private static final int BYTES_PER_ENCODED_BLOCK = 4;
/**
- * Chunk separator per RFC 2045 section 2.1.
- *
- *
- * N.B. The next major release may break compatibility and make this field
private.
- *
- *
- * @see http://www.ietf.org/rfc/rfc2045.txt";>RFC 2045 section
2.1
- */
-static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
-
-/**
* This array is a lookup table that translates 6-bit positive integer
index values into their "Base64 Alphabet"
* equivalents as specified in Table 1 of RFC 2045.
*
@@ -149,367 +138,211 @@ public class Base64 extends BaseNCodec {
// some state be preserved between calls of encode() and decode().
/**
- * Encode table to use: either STANDARD or URL_SAFE. Note: the
DECODE_TABLE above remains static because it is able
- * to decode both STANDARD and URL_SAFE streams, but the encodeTable must
be a member variable so we can switch
- * between the two modes.
+ * Decodes Base64 data into octets.
+ *
+ * Note: this method seamlessly handles data encoded in URL-safe or
normal mode.
+ *
+ *
+ * @param base64Data
+ *Byte array containing Base64 data
+ * @return Array containing decoded data.
*/
-private final byte[] encodeTable;
-
-// Only one decode table currently; keep for consistency with Base32 code
-private final byte[] decodeTable;
+public static byte[] decodeBase64(final byte[] base64Data) {
+return decodeBase64(base64Data, 0, base64Data.length);
+}
-/**
- * Line separator for encoding. Not used when decoding. Only used if
lineLength > 0.
- */
-private final byte[] lineSeparator;
+public static byte[] decodeBase64(
+final byte[] base64Data, final int off, final int len) {
+return new Base64().decode(base64Data, off, len);
+}
/**
- * Convenience variable to help us determine when our buffer is going to
run out of room and needs resizing.
- * decodeSize = 3 + lineSeparator.length;
+ * Decodes a Base64 String into octets.
+ *
+ * Note: this method seamlessly handles data encoded in URL-safe or
normal mode.
+ *
+ *
+ * @param base64String
+ *String containing Base64 data
+ * @return Array containing decoded data.
+ * @since 1.4
*/
-private final int decodeSize;
+public static byte[] decodeBase64(final String base64String) {
+return new Base64().decode(base64String);
+}
-/**
- * Convenience variable to help us determine when our buffer is going to
run out of room and needs resizing.
- * encodeSize = 4 + lineSeparator.length;
- */
-private final int encodeSize;
+public static byte[] decodeBase64URLSafe(final String base64String) {
+return new Base64(true).decode(base64String);
+}
+// Implementation of integer encoding used for crypto
/**
- * Creates a Base64 codec used for decoding (all modes) and encoding in
URL-unsafe mode.
- *
- * When encoding the line length is 0 (no chunking), and the encoding
table is STANDARD_ENCODE_TABLE.
- *
+ * Decodes a byte64-encoded integer according to crypto standards such as
W3C's XML-Signature.
*
- *
- * When decoding all variants are supported.
[tomcat] branch 7.0.x updated: Update Commons Codec to latest
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new df20351 Update Commons Codec to latest
df20351 is described below
commit df20351955650581c8ddd852a27fbba62cbdaa60
Author: Mark Thomas
AuthorDate: Tue Aug 25 19:57:05 2020 +0100
Update Commons Codec to latest
---
.../apache/tomcat/util/codec/binary/Base64.java| 1031 ++--
.../tomcat/util/codec/binary/BaseNCodec.java | 546 ++-
.../util/codec/binary/LocalStrings.properties | 19 +
.../util/codec/binary/LocalStrings_fr.properties | 19 +
.../util/codec/binary/LocalStrings_ja.properties | 19 +
.../util/codec/binary/LocalStrings_ko.properties | 19 +
.../codec/binary/LocalStrings_zh_CN.properties | 19 +
.../tomcat/util/codec/binary/StringUtils.java | 28 +-
webapps/docs/changelog.xml |4 +
9 files changed, 924 insertions(+), 780 deletions(-)
diff --git a/java/org/apache/tomcat/util/codec/binary/Base64.java
b/java/org/apache/tomcat/util/codec/binary/Base64.java
index 0543826..581d7ea 100644
--- a/java/org/apache/tomcat/util/codec/binary/Base64.java
+++ b/java/org/apache/tomcat/util/codec/binary/Base64.java
@@ -35,7 +35,7 @@ import java.math.BigInteger;
* Line separator: Default is CRLF ("\r\n")
*
*
- * The URL-safe parameter is only applied to encode operations. Decoding only
handles standard mode.
+ * The URL-safe parameter is only applied to encode operations. Decoding
seamlessly handles both modes.
*
*
* Since this class operates directly on byte streams, and not character
streams, it is hard-coded to only
@@ -61,17 +61,6 @@ public class Base64 extends BaseNCodec {
private static final int BYTES_PER_ENCODED_BLOCK = 4;
/**
- * Chunk separator per RFC 2045 section 2.1.
- *
- *
- * N.B. The next major release may break compatibility and make this field
private.
- *
- *
- * @see http://www.ietf.org/rfc/rfc2045.txt";>RFC 2045 section
2.1
- */
-static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
-
-/**
* This array is a lookup table that translates 6-bit positive integer
index values into their "Base64 Alphabet"
* equivalents as specified in Table 1 of RFC 2045.
*
@@ -104,12 +93,13 @@ public class Base64 extends BaseNCodec {
* in Table 1 of RFC 2045) into their 6-bit positive integer equivalents.
Characters that are not in the Base64
* alphabet but fall within the bounds of the array are translated to -1.
*
- * Note: The seamless decoding of URL safe values has been disabled
because Tomcat doesn't use it.
+ * Note: '+' and '-' both decode to 62. '/' and '_' both decode to 63.
This means decoder seamlessly handles both
+ * URL_SAFE and STANDARD base64. (The encoder, on the other hand, needs to
know ahead of time what to emit).
*
* Thanks to "commons" project in ws.apache.org for this code.
* https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
*/
-private static final byte[] DECODE_TABLE = {
+private static final byte[] STANDARD_DECODE_TABLE = {
// 0 1 2 3 4 5 6 7 8 9 A B C D E F
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, //
00-0f
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, //
10-1f
@@ -121,6 +111,18 @@ public class Base64 extends BaseNCodec {
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 //
70-7a p-z
};
+private static final byte[] URL_SAFE_DECODE_TABLE = {
+// 0 1 2 3 4 5 6 7 8 9 A B C D E F
+-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, // 00-0f
+-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, // 10-1f
+-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1,
-1, // 20-2f -
+52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1,
-1, // 30-3f 0-9
+-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
14, // 40-4f A-O
+15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1,
63, // 50-5f P-Z _
+-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39,
40, // 60-6f a-o
+41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
// 70-7a p-z
+};
+
/**
* Base64 uses 6-bit fields.
*/
@@ -136,356 +138,203 @@ public class Base64 extends BaseNCodec {
// some state be preserved between calls of encode() and decode().
/**
- * Encode table to use: either STANDARD or URL_SAFE. Note: the
DECODE_TABLE above remains static because it is able
- * to decode both STANDARD and U
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5377 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] edf149b938c867e50dc9a7e0df5d6ade312ca84e Blamelist: Mark Thomas BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
