Re: JDK 16 Early Access build 26 is now available

[Martin Grigorov]

Hi Rory,

Apache Tomcat's build and tests pass with JDK 16 b26 on Ubuntu 20.04.1
(x86_64 & aarch64)!

Regards,
Martin

On Fri, Nov 27, 2020 at 1:15 PM Rory O'Donnell 
wrote:

> Hi Mark,
>
> OpenJDK 16 Early Access build 26**is now available at
> http://jdk.java.net/16
>
>   * These early-access , open-source builds are provided under the
>   o GNU General Public License, version 2, with the Classpath
> Exception .
>
>   * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10 [1] *
>
>   * Features [1]: Most recent Integrations:
>   o Integrated JEP 389: Foreign Linker API (Incubator)
>  with this release.
>   + JEP 389 introduces an API that offers statically-typed,
> pure-Java access to native code.
>   + This API, together with the JEP 383
> , will considerably
> simplify the otherwise error-prone process of binding to a
> native library.
>
> **
>
>   * Release Notes [2]
>
>   * Changes in recent builds that maybe of interest:
>   o Build 26
>   + JDK-8202343: *Disable TLS 1.0 and 1.1*
>   + JDK-8251317:**Support for CLDR version 38**
>   + JDK-8212879: Make JVMTI TagMap table concurrent
>   + JDK-8236926: Concurrently uncommit memory in G1
>   + JDK-8243559: Removed Root Certificates with 1024-bit Keys
>   + JDK-8253459: Argument index of zero or unrepresentable by
> int throws IllegalFormatException
>   + JDK-8256643: Terminally deprecate ThreadGroup stop, destroy,
> isDestroyed, setDaemon and isDaemon
>   o Build 25
>   + JDK-8247781: Day period support added to java.time formats
>   + JDK-8202471: (ann) Cannot read type annotations on generic
> receiver type's type variables *[**Reported by ByteBuddy]*
>   + JDK-8255947: [macos] Signed macOS jpackage app doesn't
> filter spurious '-psn' argument *[**Reported by JOSM]*
>   + JDK-8256063: Module::getPackages returns the set of package
> names in this module
>
>   * JDK 16 - topics of interest
>   o Inside Java Episode 7 “The Vector API” with John Rose and Paul
> Sandoz
>   + https://inside.java/2020/11/17/podcast-007/
> 
>   o Biased locking Obsoletion update
>   + https://inside.java/2020/11/17/biased-locking-obsoletion/
> 
>   * Project Loom with Ron Pressler
>   o https://inside.java/2020/11/24/podcast-008/
>   * Update on 64-bit ARM Support for Oracle OpenJDK and Oracle JDK
>   o https://inside.java/2020/11/12/arm-support-update/
> 
>
> Project Lanai Early-Access: EA 7 Build 16-lanai+3-278
>  (2020/11/17)
>
>   * These early-access builds are provided under the GNU General Public
> License, version 2, with the Classpath Exception
> 
>   * These EA builds are produced for the purpose of gathering feedback.
> Use for any other purpose is at your own risk.
>   * Please send feedback via e-mail to lanai-...@openjdk.java.net
> . To send e-mail to this address
> you must first subscribe to the mailing list
> .
>
> The Java Cryptographic Roadmap has been updated [3]:
>
>   * Distrust TLS 1.0 and TLS 1.1 by default
>   o TLS protocol versions 1.0 and 1.1 are no longer considered
> secure and have been superseded by more secure and modern
> versions (TLS 1.2 and 1.3). This change has been integrated with
> JDK 16 Early Access build 26.
>   * Upgrade of default algorithms used to encrypt PKCS12 keystores
>   o The new algorithms are based on AES-256 and SHA-256 and are
> stronger than the old algorithms which were based on RC2,
> DESede, and SHA-1.This change is already included in JDK 16
> Early Access build 23.
>
> RgdsRory
>
> [1] https://openjdk.java.net/projects/jdk/16/
> [2] https://jdk.java.net/16/release-notes
> [3] https://www.java.com/en/jre-jdk-cryptoroadmap.html
>
> --
> Rgds, Rory O'Donnell
> Quality Engineering Manager
> Oracle EMEA, Dublin, Ireland
>
>

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532490661



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {

Review comment:
   While not universal, placing sockets in protected directories is still 
common.
   
   At this stage, until there is a practical way to express permissions as a 
string which can then be placed in the connector element in the config, I think 
this is a good compromise.
   
   I asked the SO community for their thoughts, and this came up: 
https://stackoverflow.com/a/65064406/4598583
   
   I am thinking ahead for any future JEP-380 implementation, which will have 
the same issue.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



--

[GitHub] [tomcat-native] minfrin commented on a change in pull request #8: Expose support for Unix Domain Sockets in APR v1.6 and up.

[GitBox]

minfrin commented on a change in pull request #8:
URL: https://github.com/apache/tomcat-native/pull/8#discussion_r532505101



##
File path: native/src/network.c
##
@@ -316,6 +337,11 @@ TCN_IMPLEMENT_CALL(jint, Socket, bind)(TCN_STDARGS, jlong 
sock,
 TCN_ASSERT(sock != 0);
 TCN_ASSERT(s->sock != NULL);
 rv = (jint)apr_socket_bind(s->sock, a);
+
+apr_pool_cleanup_register(s->pool, (const void *)s,

Review comment:
   It's done.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532520621



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {

Review comment:
   Why not use https://stackoverflow.com/q/26649751/696632 and this 
[idea](https://serverfault.com/a/437128)?





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r53252



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -347,22 +352,27 @@ public String getName() {
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
 name.append('-');
-if (getAddress() != null) {
-name.append(getAddress().getHostAddress());
-name.append('-');
+if (getPath() != null) {
+name.append(getPath().getFileName().toString());

Review comment:
   I think we should use the full path and I will explain why. The name 
contains the addresss where the socket is bound. TCP sockets contains IP and 
port which makes then fully idenfiable. UDS have they full path. I would use 
it, not think about it. Windows uses a special path for UDS.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532523379



##
File path: webapps/docs/config/http.xml
##
@@ -212,7 +212,11 @@
   Where supported, the path to a unix domain socket that this
   Connector will create and await incoming connections.
   The socket is created with world read and write permissions. To protect
-  the socket create the socket in a suitably protected directory.
+  the socket create the socket in a suitably protected directory. Tomcat
+  will automatically remove the socket on server shutdown. If the socket
+  already exists, care must be taken by the administrator to remove the
+  socket after verifying that the socket isn't already being used by an
+  existing tomcat process.

Review comment:
   tomcat => Tomcat





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532523457



##
File path: webapps/docs/config/http.xml
##
@@ -1152,6 +1156,11 @@
   permissions appropriately configured to restrict access as required.
   
 
+  Tomcat will automatically remove the socket on server shutdown. If the
+  socket already exists startup will fail. Care must be taken by the
+  administrator to remove the socket after verifying that the socket isn't
+  already being used by an existing tomcat process.

Review comment:
   Same here





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] martin-g commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

martin-g commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r532527179



##
File path: java/org/apache/catalina/util/TLSUtil.java
##
@@ -38,6 +38,8 @@ public static boolean isTLSRequestAttribute(String name) {
 Globals.KEY_SIZE_ATTR.equals(name)  ||
 Globals.SSL_SESSION_ID_ATTR.equals(name) ||
 Globals.SSL_SESSION_MGR_ATTR.equals(name) ||
-SSLSupport.PROTOCOL_VERSION_KEY.equals(name);
+SSLSupport.PROTOCOL_VERSION_KEY.equals(name) ||
+SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY.equals(name) ||
+SSLSupport.REQUESTED_CIPHERS_KEY.equals(name);

Review comment:
   I think this would look and read nicer if we use `switch (String)`. 
Extra benefit: it will be faster!

##
File path: java/org/apache/tomcat/util/net/SecureNioChannel.java
##
@@ -68,6 +71,8 @@
 protected boolean closed = false;
 protected boolean closing = false;
 
+private Map> additionalTlsAttributes = new HashMap<>();

Review comment:
   `final`

##
File path: java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
##
@@ -193,6 +214,15 @@ public String getSNIValue() {
 }
 
 
+public List getClientRequestedCipherNames() {
+if (result == ExtractorResult.COMPLETE || result == 
ExtractorResult.NOT_PRESENT) {
+return clientRequestedCipherNames;
+} else {
+throw new IllegalStateException();

Review comment:
   Intentionally without a message ?

##
File path: java/org/apache/tomcat/util/net/SecureNio2Channel.java
##
@@ -70,6 +73,8 @@
 protected boolean closed;
 protected boolean closing;
 
+private Map> additionalTlsAttributes = new HashMap<>();

Review comment:
   I see there are some `volatile` member fields in this class.  Should 
`sniComplete` be `volatile` as well ?

##
File path: java/org/apache/tomcat/util/net/SecureNio2Channel.java
##
@@ -70,6 +73,8 @@
 protected boolean closed;
 protected boolean closing;
 
+private Map> additionalTlsAttributes = new HashMap<>();

Review comment:
   could be `final`





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] martin-g commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

martin-g commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532540970



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -177,6 +177,9 @@ private Library(String libraryName)
 /* Is the O_NONBLOCK flag inherited from listening sockets?
  */
 public static boolean APR_O_NONBLOCK_INHERITED  = false;
+/* Support for Unix Domain Sockets.
+ */
+public static boolean APR_HAVE_UNIX   = false;

Review comment:
   `APR_HAVE_UNIX` sound unclear to me. Maybe `APR_HAVE_UNIX_DOMAIN_SOCKET` 
or `APR_HAVE_UDS` ?!

##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {
+getPath().toFile().setReadable(true, false);
+getPath().toFile().setWritable(true, false);
+getPath().toFile().setExecutable(false, false);

Review comment:
   `getPath().toFile()` could be cached in a local variable

##
File path: java/org/apache/tomcat/util/net/AbstractEndpoint.java
##
@@ -568,6 +569,14 @@ public final int getLocalPor

[GitHub] [tomcat] martin-g commented on pull request #381: Create Documentation installing tomcat on ibm cloud

[GitBox]

martin-g commented on pull request #381:
URL: https://github.com/apache/tomcat/pull/381#issuecomment-735749630


   IMO this document should be part of IBM Cloud documentation. We cannot 
maintain it.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Fix BZ 94944 - correct bytesSent when compression is enabled

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 5da6295  Fix BZ 94944 - correct bytesSent when compression is enabled
5da6295 is described below

commit 5da629578186c1d233c943c31dab02b293d25350
Author: Mark Thomas 
AuthorDate: Mon Nov 30 13:08:21 2020 +

Fix BZ 94944 - correct bytesSent when compression is enabled
---
 java/org/apache/coyote/http11/filters/GzipOutputFilter.java | 1 +
 webapps/docs/changelog.xml  | 8 
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/coyote/http11/filters/GzipOutputFilter.java 
b/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
index 18d18a3..9ef4afa 100644
--- a/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
+++ b/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
@@ -67,6 +67,7 @@ public class GzipOutputFilter implements OutputFilter {
 int len = chunk.remaining();
 if (chunk.hasArray()) {
 compressionStream.write(chunk.array(), chunk.arrayOffset() + 
chunk.position(), len);
+chunk.position(chunk.position() + len);
 } else {
 byte[] bytes = new byte[len];
 chunk.put(bytes);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d675f2c..8eb4895 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,14 @@
   
 
   
+  
+
+  
+64944: Ensure that the bytesSent metric is correctly updated
+when compression is enabled. (markt)
+  
+
+  
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Fix BZ 94944 - correct bytesSent when compression is enabled

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 2995fa7  Fix BZ 94944 - correct bytesSent when compression is enabled
2995fa7 is described below

commit 2995fa7d6485e5fe6a654c8d0e1e68d4e2f71b3b
Author: Mark Thomas 
AuthorDate: Mon Nov 30 13:08:21 2020 +

Fix BZ 94944 - correct bytesSent when compression is enabled
---
 java/org/apache/coyote/http11/filters/GzipOutputFilter.java | 1 +
 webapps/docs/changelog.xml  | 8 
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/coyote/http11/filters/GzipOutputFilter.java 
b/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
index 18d18a3..9ef4afa 100644
--- a/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
+++ b/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
@@ -67,6 +67,7 @@ public class GzipOutputFilter implements OutputFilter {
 int len = chunk.remaining();
 if (chunk.hasArray()) {
 compressionStream.write(chunk.array(), chunk.arrayOffset() + 
chunk.position(), len);
+chunk.position(chunk.position() + len);
 } else {
 byte[] bytes = new byte[len];
 chunk.put(bytes);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 746ee3e..8991250 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,14 @@
   
 
   
+  
+
+  
+64944: Ensure that the bytesSent metric is correctly updated
+when compression is enabled. (markt)
+  
+
+  
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix BZ 94944 - correct bytesSent when compression is enabled

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 187c371  Fix BZ 94944 - correct bytesSent when compression is enabled
187c371 is described below

commit 187c3713b8b59abf7a4944a57ac55b0bacef2097
Author: Mark Thomas 
AuthorDate: Mon Nov 30 13:08:21 2020 +

Fix BZ 94944 - correct bytesSent when compression is enabled
---
 java/org/apache/coyote/http11/filters/GzipOutputFilter.java | 1 +
 webapps/docs/changelog.xml  | 8 
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/coyote/http11/filters/GzipOutputFilter.java 
b/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
index 2f34d15..e691795 100644
--- a/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
+++ b/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
@@ -84,6 +84,7 @@ public class GzipOutputFilter implements OutputFilter {
 int len = chunk.remaining();
 if (chunk.hasArray()) {
 compressionStream.write(chunk.array(), chunk.arrayOffset() + 
chunk.position(), len);
+chunk.position(chunk.position() + len);
 } else {
 byte[] bytes = new byte[len];
 chunk.put(bytes);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0ecf177..5915cea 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,14 @@
   
 
   
+  
+
+  
+64944: Ensure that the bytesSent metric is correctly updated
+when compression is enabled. (markt)
+  
+
+  
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532584495



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -177,6 +177,9 @@ private Library(String libraryName)
 /* Is the O_NONBLOCK flag inherited from listening sockets?
  */
 public static boolean APR_O_NONBLOCK_INHERITED  = false;
+/* Support for Unix Domain Sockets.
+ */
+public static boolean APR_HAVE_UNIX   = false;

Review comment:
   I had the same on my mind, but this is the define from APR. It should be 
consistent. Look into the header files.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532584495



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -177,6 +177,9 @@ private Library(String libraryName)
 /* Is the O_NONBLOCK flag inherited from listening sockets?
  */
 public static boolean APR_O_NONBLOCK_INHERITED  = false;
+/* Support for Unix Domain Sockets.
+ */
+public static boolean APR_HAVE_UNIX   = false;

Review comment:
   I had the same on my mind, but this is the define from APR. It should be 
consistent. Look into the header files. It is also called `AF_UNIX` = address 
family Unix domain socket.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64944] Incorrect bytesSent metric when compression is enabled

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=64944

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
Thanks for the report and the analysis.

Fixed in:
- 10.0.x for 10.0.0-M11 onwards
- 9.0.x for 9.0.41 onwards
- 8.5.x for 8.5.61 onwards

7.0.x was not affected.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532587344



##
File path: java/org/apache/tomcat/util/net/AbstractEndpoint.java
##
@@ -568,6 +569,14 @@ public final int getLocalPort() {
 protected abstract InetSocketAddress getLocalAddress() throws IOException;
 
 
+/**
+ * Address for the unix domain socket.
+ */
+private Path path;

Review comment:
   Since TCP sockets use `hostname`, path is fine. Already discussed, it 
should be `address` regardless of the family.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56890] getRealPath returns null

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=56890

Mark Thomas  changed:

   What|Removed |Added

 Status|NEEDINFO|NEW

--- Comment #9 from Mark Thomas  ---
One of the benefits of moving to Eclipse is that is that progress on issues
like this is no longer dependent on a single spec lead who may have other
priorities.

The consensus is that the following will be added for Servlet 5.1 onwards:

The path should begin with a "/" and is interpreted as relative to the current
context root. If the path does not begin with a "/", the container will behave
as if the method was called with "/" appended to the beginning of the provided
path.

I'll update Tomcat to the new behaviour shortly.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] martin-g commented on pull request #382: Add support for unix domain sockets.

[GitBox]

martin-g commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735780186


   By the way, there were talks at dev@ about dropping/deprecating AprProtocol 
and recommending the use of NIO(2). Maybe for 10.1.x, not decided yet.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rmaucher commented on pull request #382: Add support for unix domain sockets.

[GitBox]

rmaucher commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735789759


   That's correct, it was supposed to be dropped already in 10.0 [it will 
happen in 10.1]. Instead, it got some defaults changes so that using it 
requires more deliberate configuration.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (5da6295 -> 37f8bf5)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 5da6295  Fix BZ 94944 - correct bytesSent when compression is enabled
 add 37f8bf5  Fix BZ 56890 - Clarification of 
ServletContext.getRealPath(String)

No new revisions were added by this update.

Summary of changes:
 java/org/apache/catalina/core/ApplicationContext.java | 16 ++--
 webapps/docs/changelog.xml|  8 
 2 files changed, 14 insertions(+), 10 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: JDK 16 Early Access build 26 is now available

[Rémy Maucherat]

On Fri, Nov 27, 2020 at 12:15 PM Rory O'Donnell 
wrote:

> Hi Mark,
>
> OpenJDK 16 Early Access build 26**is now available at
> http://jdk.java.net/16
>
>   * These early-access , open-source builds are provided under the
>   o GNU General Public License, version 2, with the Classpath
> Exception .
>
>   * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10 [1] *
>
>   * Features [1]: Most recent Integrations:
>   o Integrated JEP 389: Foreign Linker API (Incubator)
>  with this release.
>   + JEP 389 introduces an API that offers statically-typed,
> pure-Java access to native code.
>

Nice to see this moving forward.

Rémy


>   + This API, together with the JEP 383
> , will considerably
> simplify the otherwise error-prone process of binding to a
> native library.
>
> **
>
>   * Release Notes [2]
>
>   * Changes in recent builds that maybe of interest:
>   o Build 26
>   + JDK-8202343: *Disable TLS 1.0 and 1.1*
>   + JDK-8251317:**Support for CLDR version 38**
>   + JDK-8212879: Make JVMTI TagMap table concurrent
>   + JDK-8236926: Concurrently uncommit memory in G1
>   + JDK-8243559: Removed Root Certificates with 1024-bit Keys
>   + JDK-8253459: Argument index of zero or unrepresentable by
> int throws IllegalFormatException
>   + JDK-8256643: Terminally deprecate ThreadGroup stop, destroy,
> isDestroyed, setDaemon and isDaemon
>   o Build 25
>   + JDK-8247781: Day period support added to java.time formats
>   + JDK-8202471: (ann) Cannot read type annotations on generic
> receiver type's type variables *[**Reported by ByteBuddy]*
>   + JDK-8255947: [macos] Signed macOS jpackage app doesn't
> filter spurious '-psn' argument *[**Reported by JOSM]*
>   + JDK-8256063: Module::getPackages returns the set of package
> names in this module
>
>   * JDK 16 - topics of interest
>   o Inside Java Episode 7 “The Vector API” with John Rose and Paul
> Sandoz
>   + https://inside.java/2020/11/17/podcast-007/
> 
>   o Biased locking Obsoletion update
>   + https://inside.java/2020/11/17/biased-locking-obsoletion/
> 
>   * Project Loom with Ron Pressler
>   o https://inside.java/2020/11/24/podcast-008/
>   * Update on 64-bit ARM Support for Oracle OpenJDK and Oracle JDK
>   o https://inside.java/2020/11/12/arm-support-update/
> 
>
> Project Lanai Early-Access: EA 7 Build 16-lanai+3-278
>  (2020/11/17)
>
>   * These early-access builds are provided under the GNU General Public
> License, version 2, with the Classpath Exception
> 
>   * These EA builds are produced for the purpose of gathering feedback.
> Use for any other purpose is at your own risk.
>   * Please send feedback via e-mail to lanai-...@openjdk.java.net
> . To send e-mail to this address
> you must first subscribe to the mailing list
> .
>
> The Java Cryptographic Roadmap has been updated [3]:
>
>   * Distrust TLS 1.0 and TLS 1.1 by default
>   o TLS protocol versions 1.0 and 1.1 are no longer considered
> secure and have been superseded by more secure and modern
> versions (TLS 1.2 and 1.3). This change has been integrated with
> JDK 16 Early Access build 26.
>   * Upgrade of default algorithms used to encrypt PKCS12 keystores
>   o The new algorithms are based on AES-256 and SHA-256 and are
> stronger than the old algorithms which were based on RC2,
> DESede, and SHA-1.This change is already included in JDK 16
> Early Access build 23.
>
> RgdsRory
>
> [1] https://openjdk.java.net/projects/jdk/16/
> [2] https://jdk.java.net/16/release-notes
> [3] https://www.java.com/en/jre-jdk-cryptoroadmap.html
>
> --
> Rgds, Rory O'Donnell
> Quality Engineering Manager
> Oracle EMEA, Dublin, Ireland
>
>

[tomcat] branch 9.0.x updated: Fix BZ 56890 - Clarification of ServletContext.getRealPath(String)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new a48767b  Fix BZ 56890 - Clarification of 
ServletContext.getRealPath(String)
a48767b is described below

commit a48767b4e8c513b819fb5fa13505c15922969813
Author: Mark Thomas 
AuthorDate: Mon Nov 30 13:35:59 2020 +

Fix BZ 56890 - Clarification of ServletContext.getRealPath(String)

https://bz.apache.org/bugzilla/show_bug.cgi?id=56890
If the provided path doesn't start with "/", process the method call as
if "/" was appended to the beginning of the provided path.
---
 java/org/apache/catalina/core/ApplicationContext.java | 16 ++--
 webapps/docs/changelog.xml|  8 
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java 
b/java/org/apache/catalina/core/ApplicationContext.java
index 2bc9a48..697b956 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -526,7 +526,7 @@ public class ApplicationContext implements ServletContext {
 @Override
 public URL getResource(String path) throws MalformedURLException {
 
-String validatedPath = validateResourcePath(path, false);
+String validatedPath = validateResourcePath(path, 
!GET_RESOURCE_REQUIRE_SLASH);
 
 if (validatedPath == null) {
 throw new MalformedURLException(
@@ -545,7 +545,7 @@ public class ApplicationContext implements ServletContext {
 @Override
 public InputStream getResourceAsStream(String path) {
 
-String validatedPath = validateResourcePath(path, false);
+String validatedPath = validateResourcePath(path, 
!GET_RESOURCE_REQUIRE_SLASH);
 
 if (validatedPath == null) {
 return null;
@@ -564,20 +564,16 @@ public class ApplicationContext implements ServletContext 
{
  * Returns null if the input path is not valid or a path that will be
  * acceptable to resources.getResource().
  */
-private String validateResourcePath(String path, boolean allowEmptyPath) {
+private String validateResourcePath(String path, boolean 
addMissingInitialSlash) {
 if (path == null) {
 return null;
 }
 
-if (path.length() == 0 && allowEmptyPath) {
-return path;
-}
-
 if (!path.startsWith("/")) {
-if (GET_RESOURCE_REQUIRE_SLASH) {
-return null;
-} else {
+if (addMissingInitialSlash) {
 return "/" + path;
+} else {
+return null;
 }
 }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8991250..f95de76 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,6 +112,14 @@
 the return value of ServletRequest.getRemoteAddr() rather
 than always returning a value for the proxy. (markt)
   
+  
+56890: Align the behaviour of
+ServletContext.getRealPath(String path) with the recent
+clarification from the Servlet specification project. If the path
+parameter does not start with / then Tomcat processes the
+call as if / is appended to the beginning of the
+provided path. (markt)
+  
   
 64080: Enhance the graceful shutdown feature. Includes a new
 option for StandardService,


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix BZ 56890 - Clarification of ServletContext.getRealPath(String)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new a3ec494  Fix BZ 56890 - Clarification of 
ServletContext.getRealPath(String)
a3ec494 is described below

commit a3ec49490a0b8c6cdee38f66eeca7041d9f57180
Author: Mark Thomas 
AuthorDate: Mon Nov 30 13:35:59 2020 +

Fix BZ 56890 - Clarification of ServletContext.getRealPath(String)

https://bz.apache.org/bugzilla/show_bug.cgi?id=56890
If the provided path doesn't start with "/", process the method call as
if "/" was appended to the beginning of the provided path.
---
 java/org/apache/catalina/core/ApplicationContext.java | 16 ++--
 webapps/docs/changelog.xml|  8 
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java 
b/java/org/apache/catalina/core/ApplicationContext.java
index d109c5a..4511e87 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -526,7 +526,7 @@ public class ApplicationContext implements ServletContext {
 @Override
 public URL getResource(String path) throws MalformedURLException {
 
-String validatedPath = validateResourcePath(path, false);
+String validatedPath = validateResourcePath(path, 
!GET_RESOURCE_REQUIRE_SLASH);
 
 if (validatedPath == null) {
 throw new MalformedURLException(
@@ -545,7 +545,7 @@ public class ApplicationContext implements ServletContext {
 @Override
 public InputStream getResourceAsStream(String path) {
 
-String validatedPath = validateResourcePath(path, false);
+String validatedPath = validateResourcePath(path, 
!GET_RESOURCE_REQUIRE_SLASH);
 
 if (validatedPath == null) {
 return null;
@@ -564,20 +564,16 @@ public class ApplicationContext implements ServletContext 
{
  * Returns null if the input path is not valid or a path that will be
  * acceptable to resources.getResource().
  */
-private String validateResourcePath(String path, boolean allowEmptyPath) {
+private String validateResourcePath(String path, boolean 
addMissingInitialSlash) {
 if (path == null) {
 return null;
 }
 
-if (path.length() == 0 && allowEmptyPath) {
-return path;
-}
-
 if (!path.startsWith("/")) {
-if (GET_RESOURCE_REQUIRE_SLASH) {
-return null;
-} else {
+if (addMissingInitialSlash) {
 return "/" + path;
+} else {
+return null;
 }
 }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5915cea..92bd352 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,14 @@
 than always returning a value for the proxy. (markt)
   
   
+56890: Align the behaviour of
+ServletContext.getRealPath(String path) with the recent
+clarification from the Servlet specification project. If the path
+parameter does not start with / then Tomcat processes the
+call as if / is appended to the beginning of the
+provided path. (markt)
+  
+  
 64921: Ensure that the 
LoadBalancerDrainingValve
 uses the correct setting for the secure attribute for any session
 cookies it creates. Based on a pull request by Andreas Kurth. (markt)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56890] getRealPath returns null

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=56890

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #10 from Mark Thomas  ---
Fixed in:
- 10.0.x for 10.0.0-M11 onwards
- 9.0.x for 9.0.41 onwards
- 8.5.x for 8.5.61 onwards

7.0.x was not affected.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: JDK 16 Early Access build 26 is now available

[Rory O'Donnell]

Thanks for the feedback Martin!

On 30/11/2020 09:37, Martin Grigorov wrote:

Hi Rory,

Apache Tomcat's build and tests pass with JDK 16 b26 on Ubuntu 20.04.1 
(x86_64 & aarch64)!


Regards,
Martin

On Fri, Nov 27, 2020 at 1:15 PM Rory O'Donnell 
mailto:rory.odonn...@oracle.com>> wrote:


Hi Mark,

OpenJDK 16 Early Access build 26**is now available at
http://jdk.java.net/16



  * These early-access , open-source builds are provided under the
      o GNU General Public License, version 2, with the Classpath
        Exception >.

  * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10 [1] *

  * Features [1]: Most recent Integrations:
      o Integrated JEP 389: Foreign Linker API (Incubator)
        > with this release.
          + JEP 389 introduces an API that offers statically-typed,
            pure-Java access to native code.
          + This API, together with the JEP 383
            >, will considerably
            simplify the otherwise error-prone process of binding to a
            native library.

**

  * Release Notes [2]

  * Changes in recent builds that maybe of interest:
      o Build 26
          + JDK-8202343: *Disable TLS 1.0 and 1.1*
          + JDK-8251317:**Support for CLDR version 38**
          + JDK-8212879: Make JVMTI TagMap table concurrent
          + JDK-8236926: Concurrently uncommit memory in G1
          + JDK-8243559: Removed Root Certificates with 1024-bit Keys
          + JDK-8253459: Argument index of zero or unrepresentable by
            int throws IllegalFormatException
          + JDK-8256643: Terminally deprecate ThreadGroup stop,
destroy,
            isDestroyed, setDaemon and isDaemon
      o Build 25
          + JDK-8247781: Day period support added to java.time formats
          + JDK-8202471: (ann) Cannot read type annotations on generic
            receiver type's type variables *[**Reported by ByteBuddy]*
          + JDK-8255947: [macos] Signed macOS jpackage app doesn't
            filter spurious '-psn' argument *[**Reported by JOSM]*
          + JDK-8256063: Module::getPackages returns the set of
package
            names in this module

  * JDK 16 - topics of interest
      o Inside Java Episode 7 “The Vector API” with John Rose and Paul
        Sandoz
          + https://inside.java/2020/11/17/podcast-007/


            >
      o Biased locking Obsoletion update
          +
https://inside.java/2020/11/17/biased-locking-obsoletion/


           
>
  * Project Loom with Ron Pressler
      o https://inside.java/2020/11/24/podcast-008/


  * Update on 64-bit ARM Support for Oracle OpenJDK and Oracle JDK
      o https://inside.java/2020/11/12/arm-support-update/


        >

Project Lanai Early-Access: EA 7 Build 16-lanai+3-278
>
(2020/11/17)

  * These early-access builds are provided under the GNU General
Public
    License, version 2, with the Classp

Re: JDK 16 Early Access build 26 is now available

[Mark Thomas]

Hi Rory,

I have been (slowly) working my way through the currently open issues
and I found time time today to investigate this one:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63802

That led me to this OpenJDK bug:
https://bugs.openjdk.java.net/browse/JDK-8238279

I have spent some time looking at this and I can confirm that the
OpenJDK bug is present in the latest OpenJDK 8.

The issue looks to have been forgotten about. Is there anything you can
do to get the right people to have a look at it? There is a simple to
use reproduction case provided and if the bugs triggers it has very
serious consequences for Tomcat.

It would be really good to get a fix for this in Java 8.

Thanks,

Mark


On 30/11/2020 14:02, Rory O'Donnell wrote:
> Thanks for the feedback Martin!
> 
> On 30/11/2020 09:37, Martin Grigorov wrote:
>> Hi Rory,
>>
>> Apache Tomcat's build and tests pass with JDK 16 b26 on Ubuntu 20.04.1
>> (x86_64 & aarch64)!
>>
>> Regards,
>> Martin
>>
>> On Fri, Nov 27, 2020 at 1:15 PM Rory O'Donnell
>> mailto:rory.odonn...@oracle.com>> wrote:
>>
>>     Hi Mark,
>>
>>     OpenJDK 16 Early Access build 26**is now available at
>>     http://jdk.java.net/16
>>    
>> 
>>
>>
>>       * These early-access , open-source builds are provided under the
>>           o GNU General Public License, version 2, with the Classpath
>>             Exception >     >.
>>
>>       * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10 [1] *
>>
>>       * Features [1]: Most recent Integrations:
>>           o Integrated JEP 389: Foreign Linker API (Incubator)
>>             >     > with this release.
>>               + JEP 389 introduces an API that offers statically-typed,
>>                 pure-Java access to native code.
>>               + This API, together with the JEP 383
>>                 >     >, will considerably
>>                 simplify the otherwise error-prone process of binding
>> to a
>>                 native library.
>>
>>     **
>>
>>       * Release Notes [2]
>>
>>       * Changes in recent builds that maybe of interest:
>>           o Build 26
>>               + JDK-8202343: *Disable TLS 1.0 and 1.1*
>>               + JDK-8251317:**Support for CLDR version 38**
>>               + JDK-8212879: Make JVMTI TagMap table concurrent
>>               + JDK-8236926: Concurrently uncommit memory in G1
>>               + JDK-8243559: Removed Root Certificates with 1024-bit Keys
>>               + JDK-8253459: Argument index of zero or unrepresentable by
>>                 int throws IllegalFormatException
>>               + JDK-8256643: Terminally deprecate ThreadGroup stop,
>>     destroy,
>>                 isDestroyed, setDaemon and isDaemon
>>           o Build 25
>>               + JDK-8247781: Day period support added to java.time
>> formats
>>               + JDK-8202471: (ann) Cannot read type annotations on
>> generic
>>                 receiver type's type variables *[**Reported by
>> ByteBuddy]*
>>               + JDK-8255947: [macos] Signed macOS jpackage app doesn't
>>                 filter spurious '-psn' argument *[**Reported by JOSM]*
>>               + JDK-8256063: Module::getPackages returns the set of
>>     package
>>                 names in this module
>>
>>       * JDK 16 - topics of interest
>>           o Inside Java Episode 7 “The Vector API” with John Rose and
>> Paul
>>             Sandoz
>>               + https://inside.java/2020/11/17/podcast-007/
>>    
>> 
>>
>>                 >    
>> >
>>
>>           o Biased locking Obsoletion update
>>               +
>>     https://inside.java/2020/11/17/biased-locking-obsoletion/
>>    
>> 
>>
>>                
>>     >    
>> >
>>
>>       * Project Loom with Ron Pressler
>>           o https://inside.java/2020/11/24/podcast-008/
>>    
>> 

[Bug 63802] epoll spin detection is missing

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=63802

Mark Thomas  changed:

   What|Removed |Added

 Status|NEEDINFO|NEW

--- Comment #4 from Mark Thomas  ---
The associated JRE bug is https://bugs.openjdk.java.net/browse/JDK-8238279

I have confirmed that the reproducer provided with that bug
(https://github.com/cedric780/EPollArrayWrapper-bug) still triggers with the
latest Java 8 from Adopt OpenJDK.

I think this is enough evidence to implement a work-around in Tomcat.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64943] [Patch] Add support for Unix Domain Sockets to org.apache.coyote.http11.Http11AprProtocol

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=64943

Mark Thomas  changed:

   What|Removed |Added

   Severity|normal  |enhancement

--- Comment #2 from Mark Thomas  ---
Moving to enhancement

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532665610



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {

Review comment:
   > Why not use https://stackoverflow.com/q/26649751/696632 and this 
[idea](https://serverfault.com/a/437128)?
   
   It's because this is unix specific. Java lets us set posix permissions, but 
then this doesn't work on Windows.
   
   I originally considered a pathPermissions parameter with the value set using 
the fromString() method as per here, but rejected it due to the cross platform 
nature of tomcat. What do you think?
   
   
https://docs.oracle.com/javase/7/docs/api/java/nio/file/attribute/PosixFilePermissions.html#fromString(java.lang.String)





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@inf

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532667538



##
File path: webapps/docs/config/http.xml
##
@@ -212,7 +212,11 @@
   Where supported, the path to a unix domain socket that this
   Connector will create and await incoming connections.
   The socket is created with world read and write permissions. To protect
-  the socket create the socket in a suitably protected directory.
+  the socket create the socket in a suitably protected directory. Tomcat
+  will automatically remove the socket on server shutdown. If the socket
+  already exists, care must be taken by the administrator to remove the
+  socket after verifying that the socket isn't already being used by an
+  existing tomcat process.

Review comment:
   Fixed.

##
File path: webapps/docs/config/http.xml
##
@@ -1152,6 +1156,11 @@
   permissions appropriately configured to restrict access as required.
   
 
+  Tomcat will automatically remove the socket on server shutdown. If the
+  socket already exists startup will fail. Care must be taken by the
+  administrator to remove the socket after verifying that the socket isn't
+  already being used by an existing tomcat process.

Review comment:
   Fixed.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532669016



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -177,6 +177,9 @@ private Library(String libraryName)
 /* Is the O_NONBLOCK flag inherited from listening sockets?
  */
 public static boolean APR_O_NONBLOCK_INHERITED  = false;
+/* Support for Unix Domain Sockets.
+ */
+public static boolean APR_HAVE_UNIX   = false;

Review comment:
   Over at APR we call it APR_UNIX, it would be better to be consistent 
with this:
   
   https://github.com/apache/apr/blob/trunk/include/apr_network_io.h#L168
   





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63802] epoll spin detection is missing

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=63802

--- Comment #5 from Remy Maucherat  ---
Ok, so there's a reproducer for this now. It's supposedly fixed in Java 11.
Personally, given the ugliness of the workaround, the rarity of the issue and
the fact that there's a fix, I would rather not do anything.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532674722



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -244,6 +247,7 @@ public static synchronized boolean initialize(String 
libraryName) throws Excepti
 APR_CHARSET_EBCDIC  = has(18);
 APR_TCP_NODELAY_INHERITED = has(19);
 APR_O_NONBLOCK_INHERITED  = has(20);
+APR_HAVE_UNIX = has(22);

Review comment:
   I had this idea in my head that 21 had been used in an earlier version 
and removed. Can't find it now, let me change it.
   
   Changed.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532677929



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {
+getPath().toFile().setReadable(true, false);
+getPath().toFile().setWritable(true, false);
+getPath().toFile().setExecutable(false, false);

Review comment:
   Fixed.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532682814



##
File path: java/org/apache/tomcat/util/net/AbstractEndpoint.java
##
@@ -568,6 +569,14 @@ public final int getLocalPort() {
 protected abstract InetSocketAddress getLocalAddress() throws IOException;
 
 
+/**
+ * Address for the unix domain socket.
+ */
+private Path path;

Review comment:
   The underlying API uses "path" as the reference to file that will become 
the socket:
   
   https://linux.die.net/man/7/unix
   
   ```
   #define UNIX_PATH_MAX108
   
   struct sockaddr_un {
   sa_family_t sun_family;   /* AF_UNIX */
   charsun_path[UNIX_PATH_MAX];  /* pathname */
   };
   ```
   
   Naming it something else introduces new/inconsistent terminology.
   





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735859022


   > That's correct, it was supposed to be dropped already in 10.0 [it will 
happen in 10.1]. Instead, it got some defaults changes so that using it 
requires more deliberate configuration.
   
   At this stage JEP-380 is too far away for practical use, so having a library 
able to make native calls gives tomcat a significant edge.
   
   The ability to use normal PEM files in the SSL configuration is also a 
significant benefit.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735864234


   > 
   > 
   > > That's correct, it was supposed to be dropped already in 10.0 [it will 
happen in 10.1]. Instead, it got some defaults changes so that using it 
requires more deliberate configuration.
   > 
   > At this stage JEP-380 is too far away for practical use, so having a 
library able to make native calls gives tomcat a significant edge.
   > 
   > The ability to use normal PEM files in the SSL configuration is also a 
significant benefit.
   
   I absolutely agree. This is so simple with APR/OpenSSL.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532692219



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {

Review comment:
   > 
   > 
   > > Why not use https://stackoverflow.com/q/26649751/696632 and this 
[idea](https://serverfault.com/a/437128)?
   > 
   > It's because this is unix specific. Java lets us set posix permissions, 
but then this doesn't work on Windows.
   > 
   > I originally considered a pathPermissions parameter with the value set 
using the fromString() method as per here, but rejected it due to the cross 
platform nature of tomcat. What do you think?
   > 
   > 
https://docs.oracle.com/javase/7/docs/api/java/nio/file/attribute/PosixFilePermissions.html#fromString(java.lang.String)
   
   I'd be OK with having settings for POSIX and Windows. It is a Unix 
technology after all.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and 

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532692425



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -247,7 +247,7 @@ public static synchronized boolean initialize(String 
libraryName) throws Excepti
 APR_CHARSET_EBCDIC  = has(18);
 APR_TCP_NODELAY_INHERITED = has(19);
 APR_O_NONBLOCK_INHERITED  = has(20);
-APR_HAVE_UNIX = has(22);
+APR_HAVE_UNIX = has(21);

Review comment:
   Is this 21 reflected in native code?





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532695851



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -247,7 +247,7 @@ public static synchronized boolean initialize(String 
libraryName) throws Excepti
 APR_CHARSET_EBCDIC  = has(18);
 APR_TCP_NODELAY_INHERITED = has(19);
 APR_O_NONBLOCK_INHERITED  = has(20);
-APR_HAVE_UNIX = has(22);
+APR_HAVE_UNIX = has(21);

Review comment:
   ...and that would be where the 21 comes from:
   
   ```
   case 21:
   #if defined(APR_POLLSET_WAKEABLE)
   rv = JNI_TRUE;
   #endif
   break;
   ```
   
   Let me revert.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532706511



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {

Review comment:
   Currently there is no neat way (that I can find) to express Windows 
permissions in a string that can be assigned to a parameter in the connector.
   
   The java implementation to set ACLs on Windows is the following:
   
   
https://docs.oracle.com/javase/7/docs/api/java/nio/file/attribute/AclFileAttributeView.html
   
   On Windows there is a concept of permissions for the "owner", (not useful 
for a unix domain socket) and for "everyone" (useful if placed in a protected 
path), but there is no such thing as a primary group.
   
   In short, the problem I'm trying to solve is this:
   
   ```
   
   ```
   





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries a

[GitHub] [tomcat] rmaucher commented on pull request #382: Add support for unix domain sockets.

[GitBox]

rmaucher commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735880429


   > > > That's correct, it was supposed to be dropped already in 10.0 [it will 
happen in 10.1]. Instead, it got some defaults changes so that using it 
requires more deliberate configuration.
   > > 
   > > 
   > > At this stage JEP-380 is too far away for practical use, so having a 
library able to make native calls gives tomcat a significant edge.
   > > The ability to use normal PEM files in the SSL configuration is also a 
significant benefit.
   > 
   > I absolutely agree. This is so simple with APR/OpenSSL.
   
   Nobody has cared about UDS for the past 15 years. And PEM files are 
supported for JSSE and JSSE/OpenSSL. So I don't understand what the problem is.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532716306



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {

Review comment:
   I know, and I don't expect one, but I don't see a problem to have 
`pathPermissions` for POSIX only for now.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735887225


   > 
   > 
   > > > > That's correct, it was supposed to be dropped already in 10.0 [it 
will happen in 10.1]. Instead, it got some defaults changes so that using it 
requires more deliberate configuration.
   > > > 
   > > > 
   > > > At this stage JEP-380 is too far away for practical use, so having a 
library able to make native calls gives tomcat a significant edge.
   > > > The ability to use normal PEM files in the SSL configuration is also a 
significant benefit.
   > > 
   > > 
   > > I absolutely agree. This is so simple with APR/OpenSSL.
   > 
   > Nobody has cared about UDS for the past 15 years. And PEM files are 
supported for JSSE and JSSE/OpenSSL. So I don't understand what the problem is.
   
   Just because you never cared doesn't mean someone else does not. UDS is a 
fine thing on Unix. And for PEM files, they are supported because Tomcat 
supports it, not SunJSSE or OpenJSSE.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-735896671


   > Nobody has cared about UDS for the past 15 years. And PEM files are 
supported for JSSE and JSSE/OpenSSL. So I don't understand what the problem is.
   
   While you may not have cared, 389ds LDAP does UDS, all the milters and the 
various in postfix do UDS, as well as most web applications based on FastCGI, 
as does Windows 10 and Windows Server 2019.
   
   As explained already, the problem is getting access to the filesystem 
permission model.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532732287



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -247,7 +247,7 @@ public static synchronized boolean initialize(String 
libraryName) throws Excepti
 APR_CHARSET_EBCDIC  = has(18);
 APR_TCP_NODELAY_INHERITED = has(19);
 APR_O_NONBLOCK_INHERITED  = has(20);
-APR_HAVE_UNIX = has(22);
+APR_HAVE_UNIX = has(21);

Review comment:
   Done.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: JDK 16 Early Access build 26 is now available

[Rory O'Donnell]

Hi Marc,

Let me see what we can do.

Rgds,Rory

On 30/11/2020 14:47, Mark Thomas wrote:

Hi Rory,

I have been (slowly) working my way through the currently open issues
and I found time time today to investigate this one:
https://urldefense.com/v3/__https://bz.apache.org/bugzilla/show_bug.cgi?id=63802__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2ME3DDHE2Y$

That led me to this OpenJDK bug:
https://bugs.openjdk.java.net/browse/JDK-8238279

I have spent some time looking at this and I can confirm that the
OpenJDK bug is present in the latest OpenJDK 8.

The issue looks to have been forgotten about. Is there anything you can
do to get the right people to have a look at it? There is a simple to
use reproduction case provided and if the bugs triggers it has very
serious consequences for Tomcat.

It would be really good to get a fix for this in Java 8.

Thanks,

Mark


On 30/11/2020 14:02, Rory O'Donnell wrote:

Thanks for the feedback Martin!

On 30/11/2020 09:37, Martin Grigorov wrote:

Hi Rory,

Apache Tomcat's build and tests pass with JDK 16 b26 on Ubuntu 20.04.1
(x86_64 & aarch64)!

Regards,
Martin

On Fri, Nov 27, 2020 at 1:15 PM Rory O'Donnell
mailto:rory.odonn...@oracle.com>> wrote:

     Hi Mark,

     OpenJDK 16 Early Access build 26**is now available at
     
https://urldefense.com/v3/__http://jdk.java.net/16__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEZ3Rcy6Y$





       * These early-access , open-source builds are provided under the
           o GNU General Public License, version 2, with the Classpath
             Exception >.

       * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10 [1] *

       * Features [1]: Most recent Integrations:
           o Integrated JEP 389: Foreign Linker API (Incubator)
             > with this release.
               + JEP 389 introduces an API that offers statically-typed,
                 pure-Java access to native code.
               + This API, together with the JEP 383
                 >, will considerably
                 simplify the otherwise error-prone process of binding
to a
                 native library.

     **

       * Release Notes [2]

       * Changes in recent builds that maybe of interest:
           o Build 26
               + JDK-8202343: *Disable TLS 1.0 and 1.1*
               + JDK-8251317:**Support for CLDR version 38**
               + JDK-8212879: Make JVMTI TagMap table concurrent
               + JDK-8236926: Concurrently uncommit memory in G1
               + JDK-8243559: Removed Root Certificates with 1024-bit Keys
               + JDK-8253459: Argument index of zero or unrepresentable by
                 int throws IllegalFormatException
               + JDK-8256643: Terminally deprecate ThreadGroup stop,
     destroy,
                 isDestroyed, setDaemon and isDaemon
           o Build 25
               + JDK-8247781: Day period support added to java.time
formats
               + JDK-8202471: (ann) Cannot read type annotations on
generic
                 receiver type's type variables *[**Reported by
ByteBuddy]*
               + JDK-8255947: [macos] Signed macOS jpackage app doesn't
                 filter spurious '-psn' argument *[**Reported by JOSM]*
               + JDK-8256063: Module::getPackages returns the set of
     package
                 names in this module

       * JDK 16 - topics of interest
           o Inside Java Episode 7 “The Vector API” with John Rose and
Paul
             Sandoz
               + 
https://urldefense.com/v3/__https://inside.java/2020/11/17/podcast-007/__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEtW5xauw$




                 
>


           o Biased locking Obsoletion update
               +
     
https://urldefense.com/v3/__https://inside.java/2020/11/17/biased-locking-obsoletion/__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEBDg8oxo$

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532815444



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -347,22 +352,27 @@ public String getName() {
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
 name.append('-');
-if (getAddress() != null) {
-name.append(getAddress().getHostAddress());
-name.append('-');
+if (getPath() != null) {
+name.append(getPath().getFileName().toString());

Review comment:
   Agreed - fixed.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532818744



##
File path: java/org/apache/tomcat/jni/Library.java
##
@@ -244,6 +247,7 @@ public static synchronized boolean initialize(String 
libraryName) throws Excepti
 APR_CHARSET_EBCDIC  = has(18);
 APR_TCP_NODELAY_INHERITED = has(19);
 APR_O_NONBLOCK_INHERITED  = has(20);
+APR_HAVE_UNIX = has(22);

Review comment:
   Reverted back, 21 is used by APR_POLLSET_WAKEABLE.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532841983



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -351,12 +351,15 @@ public String getName() {
 
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
-name.append('-');
 if (getPath() != null) {
-name.append(getPath().getFileName().toString());
+for (Path path: getPath()) {

Review comment:
   Any reason not to use the path as-is? Will this name be used as file 
name?





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532862975



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -351,12 +351,15 @@ public String getName() {
 
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
-name.append('-');
 if (getPath() != null) {
-name.append(getPath().getFileName().toString());
+for (Path path: getPath()) {

Review comment:
   This is the name of the connector, for example:
   
   ```
   30-Nov-2020 20:33:08.007 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8080"]
   30-Nov-2020 20:33:08.015 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-apr-tmp-protected-tomcat.socket"]
   ```
   
   The name "http-apr-/tmp/protected/tomcat.socket" seems ugly to me.
   





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532875949



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -351,12 +351,15 @@ public String getName() {
 
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
-name.append('-');
 if (getPath() != null) {
-name.append(getPath().getFileName().toString());
+for (Path path: getPath()) {

Review comment:
   While it seems ugly, it makes it perfectly clear that it is a path on 
the local filesystem, doesn't it?





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63802] epoll spin detection is missing

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=63802

--- Comment #6 from Mark Thomas  ---
I ran 10 tests with Java 11 and didn't see the issue. The developer of the
reproducer also confirmed the issue is fixed in Java 11.

I'm happy to implement a work-around but I'd be equally happy with closing this
as WONTFIX and pointing folks that are experiencing this issue to Java 11
and/or the Java 8 bug.

Given your preference for WONTFIX are there any objections to taking that
approach?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532903806



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -351,12 +351,15 @@ public String getName() {
 
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
-name.append('-');
 if (getPath() != null) {
-name.append(getPath().getFileName().toString());
+for (Path path: getPath()) {

Review comment:
   I've updated it, now looks like this:
   
   ```
   30-Nov-2020 23:05:45.172 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8080"]
   30-Nov-2020 23:05:45.180 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-apr-/tmp/protected/tomcat.socket"]
   ```
   
   Is this all ok?
   





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532913829



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -351,12 +351,15 @@ public String getName() {
 
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
-name.append('-');
 if (getPath() != null) {
-name.append(getPath().getFileName().toString());
+for (Path path: getPath()) {

Review comment:
   Absolutely, it is now crystal clear that that is a domain socket.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532981406



##
File path: java/org/apache/coyote/AbstractProtocol.java
##
@@ -351,12 +351,15 @@ public String getName() {
 
 private String getNameInternal() {
 StringBuilder name = new StringBuilder(getNamePrefix());
-name.append('-');
 if (getPath() != null) {
-name.append(getPath().getFileName().toString());
+for (Path path: getPath()) {

Review comment:
   Path used as is.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

[GitBox]

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r532990550



##
File path: java/org/apache/tomcat/util/net/AprEndpoint.java
##
@@ -292,52 +295,79 @@ public void bind() throws Exception {
 
 // Create the pool for the server socket
 serverSockPool = Pool.create(rootPool);
+
 // Create the APR address that will be bound
-String addressStr = null;
-if (getAddress() != null) {
-addressStr = getAddress().getHostAddress();
-}
-int family = Socket.APR_INET;
-if (Library.APR_HAVE_IPV6) {
-if (addressStr == null) {
-if (!OS.IS_BSD) {
+if (getPath() != null) {
+if (Library.APR_HAVE_UNIX) {
+hostname = getPath().toString();
+family = Socket.APR_UNIX;
+}
+else {
+throw new 
Exception(sm.getString("endpoint.init.unixnotavail"));
+}
+}
+else {
+
+if (getAddress() != null) {
+hostname = getAddress().getHostAddress();
+}
+family = Socket.APR_INET;
+if (Library.APR_HAVE_IPV6) {
+if (hostname == null) {
+if (!OS.IS_BSD) {
+family = Socket.APR_UNSPEC;
+}
+} else if (hostname.indexOf(':') >= 0) {
 family = Socket.APR_UNSPEC;
 }
-} else if (addressStr.indexOf(':') >= 0) {
-family = Socket.APR_UNSPEC;
 }
- }
+}
+
+long sockAddress = Address.info(hostname, family, getPortWithOffset(), 
0, rootPool);
 
-long inetAddress = Address.info(addressStr, family, 
getPortWithOffset(), 0, rootPool);
 // Create the APR server socket
-serverSock = Socket.create(Address.getInfo(inetAddress).family,
+if (family == Socket.APR_UNIX) {
+serverSock = Socket.create(family, Socket.SOCK_STREAM, 0, 
rootPool);
+}
+else {
+serverSock = Socket.create(Address.getInfo(sockAddress).family,
 Socket.SOCK_STREAM,
 Socket.APR_PROTO_TCP, rootPool);
-if (OS.IS_UNIX) {
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
-}
-if (Library.APR_HAVE_IPV6) {
-if (getIpv6v6only()) {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
-} else {
-Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+if (OS.IS_UNIX) {
+Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+}
+if (Library.APR_HAVE_IPV6) {
+if (getIpv6v6only()) {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 1);
+} else {
+Socket.optSet(serverSock, Socket.APR_IPV6_V6ONLY, 0);
+}
 }
+// Deal with the firewalls that tend to drop the inactive sockets
+Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
 }
-// Deal with the firewalls that tend to drop the inactive sockets
-Socket.optSet(serverSock, Socket.APR_SO_KEEPALIVE, 1);
+
 // Bind the server socket
-int ret = Socket.bind(serverSock, inetAddress);
+int ret = Socket.bind(serverSock, sockAddress);
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.bind", "" + ret, 
Error.strerror(ret)));
 }
+
 // Start listening on the server socket
 ret = Socket.listen(serverSock, getAcceptCount());
 if (ret != 0) {
 throw new Exception(sm.getString("endpoint.init.listen", "" + ret, 
Error.strerror(ret)));
 }
-if (OS.IS_WIN32 || OS.IS_WIN64) {
-// On Windows set the reuseaddr flag after the bind/listen
-Socket.optSet(serverSock, Socket.APR_SO_REUSEADDR, 1);
+
+if (family == Socket.APR_UNIX) {

Review comment:
   Done - pathPermissions added and documented.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] martin-g commented on pull request #382: Add support for unix domain sockets.

[GitBox]

martin-g commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-736282608


   Even if the Tomcat dev team decides to drop support for the APR connector I 
don't see a problem the code to be extracted to a new project and be supported 
by the community.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org