(tomcat) branch main updated: Attempt to fix unit tests on MacOS

2024-07-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new cd5051cc43 Attempt to fix unit tests on MacOS
cd5051cc43 is described below

commit cd5051cc43e4980e0b5e644cefd56ce090d5c5f1
Author: Mark Thomas 
AuthorDate: Tue Jul 2 08:51:44 2024 +0100

Attempt to fix unit tests on MacOS
---
 java/org/apache/tomcat/util/openssl/openssl_h.java | 18 +++---
 webapps/docs/changelog.xml |  4 
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/openssl/openssl_h.java 
b/java/org/apache/tomcat/util/openssl/openssl_h.java
index a8f5777bdb..d3290392a9 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h.java
@@ -23,6 +23,9 @@ import java.lang.invoke.MethodHandle;
 import java.lang.invoke.MethodHandles;
 import java.util.Arrays;
 import java.util.stream.Collectors;
+
+import org.apache.tomcat.util.compat.JrePlatform;
+
 import java.lang.foreign.*;
 import static java.lang.foreign.ValueLayout.*;
 
@@ -49,9 +52,18 @@ public class openssl_h {
 static final boolean TRACE_DOWNCALLS = 
Boolean.getBoolean("jextract.trace.downcalls");
 static final SymbolLookup SYMBOL_LOOKUP;
 static {
-SYMBOL_LOOKUP = 
SymbolLookup.libraryLookup(System.mapLibraryName("ssl"), LIBRARY_ARENA)
-.or(SymbolLookup.loaderLookup())
-.or(Linker.nativeLinker().defaultLookup());
+if (JrePlatform.IS_MAC_OS) {
+/*
+ * On Mac OS SymbolLookup.libraryLookup() appears to ignore 
java.library.path which means the LibreSSL
+ * library will be found which will then fail. Therefore, skip 
that lookup on Mac OS.
+ */
+System.loadLibrary("ssl");
+SYMBOL_LOOKUP = 
SymbolLookup.loaderLookup().or(Linker.nativeLinker().defaultLookup());
+} else {
+SYMBOL_LOOKUP = 
SymbolLookup.libraryLookup(System.mapLibraryName("ssl"), LIBRARY_ARENA)
+.or(SymbolLookup.loaderLookup())
+.or(Linker.nativeLinker().defaultLookup());
+}
 }
 
 static void traceDowncall(String name, Object... args) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bc414180ed..be4f9bf183 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -161,6 +161,10 @@
 tomcat-coyote-ffm.jar that advertises Java 22 in its
 manifest. (remm)
   
+  
+Fix search for OpenSSL library for FFM on Mac OS so that
+java.library.path is searched. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot failure in on tomcat-11.0.x

2024-07-02 Thread buildbot 
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/1168
Blamelist: Mark Thomas 
Build Text: failed compile (failure)
Status Detected: new failure
Build Source Stamp: [branch main] cd5051cc43e4980e0b5e644cefd56ce090d5c5f1


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  shell_6: 0

  compile: 1

  shell_7: 0

  shell_8: 0

  shell_9: 0

  shell_10: 0

  Rsync docs to nightlies.apache.org: 0

  shell_11: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 2

  shell_12: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Tagging 11.0.x

2024-07-02 Thread Mark Thomas 

Hi all,

The tests currently pass and there are just a couple of PRs still to 
review so, barring any unexpected problems, I should be tagging 11.0.x 
later today.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tagging 11.0.x

2024-07-02 Thread Michael Osipov 
On 2024/07/02 09:17:49 Mark Thomas wrote:
> Hi all,
> 
> The tests currently pass and there are just a couple of PRs still to 
> review so, barring any unexpected problems, I should be tagging 11.0.x 
> later today.

Before going over to tagging, can you assess the following situation: 
https://lists.apache.org/thread/y2r4x1hfdv579z3m0j0y9tn10rrqny5d?
I'd like to know your opinon on this.

Michael

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Reduce default for maxParameterCount

2024-07-02 Thread Mark Thomas 

On 01/07/2024 07:17, Michael Osipov wrote:

On 2024/06/27 17:13:56 Christopher Schultz wrote:

Michael,

On 6/27/24 08:46, Michael Osipov wrote:

On 2023/03/09 14:23:33 Christopher Schultz wrote:

A potential use-case for "large numbers of parameters" might be an
application that uses something like a multi-select list and the number
of choices is stupendously high. As in, when the application was
designed, the designers said "we can use a multi-select list for this
postal-code selector" and then 5-10 years later, someone said "hey let's
dump all postal codes in the entire US into this multi-select" and there
you have thousands of possibilities which the browser will happily
package-off to the server.


FTR, guess what? We have been hit by this.


Nostradamus.


Spot on.
  

We have an HTML form for the user where he sees a diff between a src
and dest. Technical values, can be thousands. The selected value ids
are POSTed. Users have been complaining that they miss data. I took
me some time to remember (actually weeks between report and memory)
that I have replicated  maxParameterCount="1000" to our server.xml
without using FailedRequestFilter. Retrospectively, it should have
gone hand in hand with that filter and not without. Rather fail fast
than suffer data truncation.


I don't think there is really a way for us to push a  into all
web applications.

I mean... there MAY be a way to do it, but it will likely be ugly and we
would also have to "move" it if the application defines filters in a
specific order including the FailedRequestFilter.

The good news is it doesn't do anything weird like trigger
request-parsing or try to do anything with character sets or whatever.

The real question is whether or not this kind of thing should be handled
in a Filter or just handled by Tomcat itself. Why bother waiting for the
application to check: just throw an exception and kill the request
processing.


I have spent the whole Friday to provide data to engineeing that has been 
truncated. It seems that we have upto 3000 form values submitted. I have bumbed 
to 5000 now.

I would really really expect that Tomcat fails hard with 4xx if the input is 
invalid and not issue a simple INFO at the log. The huge problem is that the 
request is seen as 2xx or 3xx in the access log and if you have a lot of 
requests or forms it will be needle in the haystack to identify which is really 
the problem.
Even worse, if this has not been written by you you can play ping pong with the 
software vendor.
Therefore, I'd like all of us (committers) to reconsider this soft non-failing 
approach. It is not helpful. If the client provides garbage it should fail 
immediately.


With Tomcat 11.0.x you will get a hard fail.

Prior to Tomcat 11 our hands are somewhat tied by the Servlet 
specification since getParameter() and friends are documented to not 
throw an exception.


We can't change the default behaviour for Tomcat versions before 11 as 
that runs the risk of breaking existing applications that have been 
designed for the current behaviour.


All we can do is make that hard failure optional and it already is. For 
a (very) long time we have had the FailedRequestFilter for folks that 
wanted a hard failure if there was an issue with parameter parsing.


Changing the default for maxParameterCount from 10,000 to 1,000 doesn't 
change this.


The documentation for maxParameterCount already documents all of this.

I don't see a need for any changes here.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Reduce default for maxParameterCount

2024-07-02 Thread Michael Osipov 
On 2024/07/02 10:33:29 Mark Thomas wrote:
> On 01/07/2024 07:17, Michael Osipov wrote:
> > On 2024/06/27 17:13:56 Christopher Schultz wrote:
> >> Michael,
> >>
> >> On 6/27/24 08:46, Michael Osipov wrote:
> >>> On 2023/03/09 14:23:33 Christopher Schultz wrote:
>  A potential use-case for "large numbers of parameters" might be an
>  application that uses something like a multi-select list and the number
>  of choices is stupendously high. As in, when the application was
>  designed, the designers said "we can use a multi-select list for this
>  postal-code selector" and then 5-10 years later, someone said "hey let's
>  dump all postal codes in the entire US into this multi-select" and there
>  you have thousands of possibilities which the browser will happily
>  package-off to the server.
> >>>
> >>> FTR, guess what? We have been hit by this.
> >>
> >> Nostradamus.
> > 
> > Spot on.
> >   
> >>> We have an HTML form for the user where he sees a diff between a src
> >>> and dest. Technical values, can be thousands. The selected value ids
> >>> are POSTed. Users have been complaining that they miss data. I took
> >>> me some time to remember (actually weeks between report and memory)
> >>> that I have replicated  maxParameterCount="1000" to our server.xml
> >>> without using FailedRequestFilter. Retrospectively, it should have
> >>> gone hand in hand with that filter and not without. Rather fail fast
> >>> than suffer data truncation.
> >>
> >> I don't think there is really a way for us to push a  into all
> >> web applications.
> >>
> >> I mean... there MAY be a way to do it, but it will likely be ugly and we
> >> would also have to "move" it if the application defines filters in a
> >> specific order including the FailedRequestFilter.
> >>
> >> The good news is it doesn't do anything weird like trigger
> >> request-parsing or try to do anything with character sets or whatever.
> >>
> >> The real question is whether or not this kind of thing should be handled
> >> in a Filter or just handled by Tomcat itself. Why bother waiting for the
> >> application to check: just throw an exception and kill the request
> >> processing.
> > 
> > I have spent the whole Friday to provide data to engineeing that has been 
> > truncated. It seems that we have upto 3000 form values submitted. I have 
> > bumbed to 5000 now.
> > 
> > I would really really expect that Tomcat fails hard with 4xx if the input 
> > is invalid and not issue a simple INFO at the log. The huge problem is that 
> > the request is seen as 2xx or 3xx in the access log and if you have a lot 
> > of requests or forms it will be needle in the haystack to identify which is 
> > really the problem.
> > Even worse, if this has not been written by you you can play ping pong with 
> > the software vendor.
> > Therefore, I'd like all of us (committers) to reconsider this soft 
> > non-failing approach. It is not helpful. If the client provides garbage it 
> > should fail immediately.
> 
> With Tomcat 11.0.x you will get a hard fail.
> 
> Prior to Tomcat 11 our hands are somewhat tied by the Servlet 
> specification since getParameter() and friends are documented to not 
> throw an exception.
> 
> We can't change the default behaviour for Tomcat versions before 11 as 
> that runs the risk of breaking existing applications that have been 
> designed for the current behaviour.
> 
> All we can do is make that hard failure optional and it already is. For 
> a (very) long time we have had the FailedRequestFilter for folks that 
> wanted a hard failure if there was an issue with parameter parsing.
> 
> Changing the default for maxParameterCount from 10,000 to 1,000 doesn't 
> change this.
> 
> The documentation for maxParameterCount already documents all of this.
> 
> I don't see a need for any changes here.

Thanks, I see. As a comprise would a move to WARN log message be accepted? This 
will at least draw people's attention. INFORMATION is just lost with other 
output.

Michael

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Reduce default for maxParameterCount

2024-07-02 Thread Mark Thomas 

On 02/07/2024 12:01, Michael Osipov wrote:

On 2024/07/02 10:33:29 Mark Thomas wrote:

On 01/07/2024 07:17, Michael Osipov wrote:





I would really really expect that Tomcat fails hard with 4xx if the input is 
invalid and not issue a simple INFO at the log. The huge problem is that the 
request is seen as 2xx or 3xx in the access log and if you have a lot of 
requests or forms it will be needle in the haystack to identify which is really 
the problem.
Even worse, if this has not been written by you you can play ping pong with the 
software vendor.
Therefore, I'd like all of us (committers) to reconsider this soft non-failing 
approach. It is not helpful. If the client provides garbage it should fail 
immediately.


With Tomcat 11.0.x you will get a hard fail.

Prior to Tomcat 11 our hands are somewhat tied by the Servlet
specification since getParameter() and friends are documented to not
throw an exception.

We can't change the default behaviour for Tomcat versions before 11 as
that runs the risk of breaking existing applications that have been
designed for the current behaviour.

All we can do is make that hard failure optional and it already is. For
a (very) long time we have had the FailedRequestFilter for folks that
wanted a hard failure if there was an issue with parameter parsing.

Changing the default for maxParameterCount from 10,000 to 1,000 doesn't
change this.

The documentation for maxParameterCount already documents all of this.

I don't see a need for any changes here.


Thanks, I see. As a comprise would a move to WARN log message be accepted? This 
will at least draw people's attention. INFORMATION is just lost with other 
output.


That seems reasonable to me.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Reduce default for maxParameterCount

2024-07-02 Thread Rémy Maucherat 
On Tue, Jul 2, 2024 at 1:05 PM Mark Thomas  wrote:
>
> On 02/07/2024 12:01, Michael Osipov wrote:
> > On 2024/07/02 10:33:29 Mark Thomas wrote:
> >> On 01/07/2024 07:17, Michael Osipov wrote:
>
> 
>
> >>> I would really really expect that Tomcat fails hard with 4xx if the input 
> >>> is invalid and not issue a simple INFO at the log. The huge problem is 
> >>> that the request is seen as 2xx or 3xx in the access log and if you have 
> >>> a lot of requests or forms it will be needle in the haystack to identify 
> >>> which is really the problem.
> >>> Even worse, if this has not been written by you you can play ping pong 
> >>> with the software vendor.
> >>> Therefore, I'd like all of us (committers) to reconsider this soft 
> >>> non-failing approach. It is not helpful. If the client provides garbage 
> >>> it should fail immediately.
> >>
> >> With Tomcat 11.0.x you will get a hard fail.
> >>
> >> Prior to Tomcat 11 our hands are somewhat tied by the Servlet
> >> specification since getParameter() and friends are documented to not
> >> throw an exception.
> >>
> >> We can't change the default behaviour for Tomcat versions before 11 as
> >> that runs the risk of breaking existing applications that have been
> >> designed for the current behaviour.
> >>
> >> All we can do is make that hard failure optional and it already is. For
> >> a (very) long time we have had the FailedRequestFilter for folks that
> >> wanted a hard failure if there was an issue with parameter parsing.
> >>
> >> Changing the default for maxParameterCount from 10,000 to 1,000 doesn't
> >> change this.
> >>
> >> The documentation for maxParameterCount already documents all of this.
> >>
> >> I don't see a need for any changes here.
> >
> > Thanks, I see. As a comprise would a move to WARN log message be accepted? 
> > This will at least draw people's attention. INFORMATION is just lost with 
> > other output.
>
> That seems reasonable to me.

It seems UserDataHelper needs some changes then, careful about last
minute breakage.

Rémy

> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/01: Tag 11.0.0-M22

2024-07-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 11.0.0-M22
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 6c03e2dc6390ccb3dbe714889706fcad2f08f4c5
Author: Mark Thomas 
AuthorDate: Tue Jul 2 12:33:04 2024 +0100

Tag 11.0.0-M22
---
 build.properties.release |  54 +++
 res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes
 res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes
 res/maven/mvn.properties.release |  27 
 webapps/docs/changelog.xml   |   2 +-
 5 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/build.properties.release b/build.properties.release
new file mode 100644
index 00..a2455323ab
--- /dev/null
+++ b/build.properties.release
@@ -0,0 +1,54 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Any unwanted settings may be over-ridden in a build.properties file located
+# in the same directory as this file.
+
+# Set the version-dev to "" (empty string) as this is not a development 
release.
+version.dev=
+
+# Ensure consistent timestamps for reproducible builds.
+ant.tstamp.now.iso=2024-07-02T11:15:47Z
+
+# Enable insertion of detached signatures into the Windows installer.
+do.codesigning=true
+
+# Re-use the same GPG executable.
+gpg.exec=C:/Program Files (x86)/GnuPG/bin/gpg.exe
+
+# Reproducible builds require the use of the build tools defined below. The
+# vendors (where appropriate) and versions must match exactly for a 
reproducible
+# build since this data is embedded in various files, particularly JAR file
+# manifests, as part of the build process.
+#
+# Apache Ant:  Apache Ant(TM) version 1.10.13 compiled on January 4 2023
+#
+# Java Name:   OpenJDK 64-Bit Server VM
+# Java Vendor: Eclipse Adoptium
+# Java Version:22.0.1+8
+
+# The following is provided for information only. Builds will be repeatable
+# whether or not the build environment is consistent with this information.
+#
+# OS:  amd64 Windows Server 2022 10.0
+# File encoding:   UTF-8
+#
+# Release Manager: markt
+release-java-version=22.0.1+8
+release-ant-version=1.10.13
diff --git a/res/install-win/Uninstall.exe.sig 
b/res/install-win/Uninstall.exe.sig
new file mode 100644
index 00..13a4185ba3
Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ
diff --git a/res/install-win/tomcat-installer.exe.sig 
b/res/install-win/tomcat-installer.exe.sig
new file mode 100644
index 00..e898501095
Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ
diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release
new file mode 100644
index 00..c85748a00c
--- /dev/null
+++ b/res/maven/mvn.properties.release
@@ -0,0 +1,27 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Remove "-dev" from the version since this is not a development release.
+maven.asf.release.deploy.version=11.0.0-M22
+
+# Re-use the same GPG executable.
+g

(tomcat) tag 11.0.0-M22 created (now 6c03e2dc63)

2024-07-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 11.0.0-M22
in repository https://gitbox.apache.org/repos/asf/tomcat.git


  at 6c03e2dc63 (commit)
This tag includes the following new commits:

 new 6c03e2dc63 Tag 11.0.0-M22

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r70097 - in /dev/tomcat/tomcat-11/v11.0.0-M22: ./ bin/ bin/embed/ src/

2024-07-02 Thread markt 
Author: markt
Date: Tue Jul  2 11:48:12 2024
New Revision: 70097

Log:
Upload 11.0.0-M22 for voting

Added:
dev/tomcat/tomcat-11/v11.0.0-M22/
dev/tomcat/tomcat-11/v11.0.0-M22/KEYS
dev/tomcat/tomcat-11/v11.0.0-M22/README.html
dev/tomcat/tomcat-11/v11.0.0-M22/RELEASE-NOTES
dev/tomcat/tomcat-11/v11.0.0-M22/bin/
dev/tomcat/tomcat-11/v11.0.0-M22/bin/README.html

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-deployer.tar.gz   
(with props)

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-deployer.tar.gz.asc

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-deployer.tar.gz.sha512
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-deployer.zip  
 (with props)

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-deployer.zip.asc

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-deployer.zip.sha512

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-fulldocs.tar.gz   
(with props)

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-fulldocs.tar.gz.asc

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-fulldocs.tar.gz.sha512

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-windows-x64.zip   
(with props)

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-windows-x64.zip.asc

dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22-windows-x64.zip.sha512
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.exe   (with 
props)
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.exe.asc
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.exe.sha512
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.tar.gz   
(with props)
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.tar.gz.asc
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.tar.gz.sha512
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.zip   (with 
props)
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.zip.asc
dev/tomcat/tomcat-11/v11.0.0-M22/bin/apache-tomcat-11.0.0-M22.zip.sha512
dev/tomcat/tomcat-11/v11.0.0-M22/bin/embed/

dev/tomcat/tomcat-11/v11.0.0-M22/bin/embed/apache-tomcat-11.0.0-M22-embed.tar.gz
   (with props)

dev/tomcat/tomcat-11/v11.0.0-M22/bin/embed/apache-tomcat-11.0.0-M22-embed.tar.gz.asc

dev/tomcat/tomcat-11/v11.0.0-M22/bin/embed/apache-tomcat-11.0.0-M22-embed.tar.gz.sha512

dev/tomcat/tomcat-11/v11.0.0-M22/bin/embed/apache-tomcat-11.0.0-M22-embed.zip   
(with props)

dev/tomcat/tomcat-11/v11.0.0-M22/bin/embed/apache-tomcat-11.0.0-M22-embed.zip.asc

dev/tomcat/tomcat-11/v11.0.0-M22/bin/embed/apache-tomcat-11.0.0-M22-embed.zip.sha512
dev/tomcat/tomcat-11/v11.0.0-M22/src/
dev/tomcat/tomcat-11/v11.0.0-M22/src/apache-tomcat-11.0.0-M22-src.tar.gz   
(with props)
dev/tomcat/tomcat-11/v11.0.0-M22/src/apache-tomcat-11.0.0-M22-src.tar.gz.asc

dev/tomcat/tomcat-11/v11.0.0-M22/src/apache-tomcat-11.0.0-M22-src.tar.gz.sha512
dev/tomcat/tomcat-11/v11.0.0-M22/src/apache-tomcat-11.0.0-M22-src.zip   
(with props)
dev/tomcat/tomcat-11/v11.0.0-M22/src/apache-tomcat-11.0.0-M22-src.zip.asc
dev/tomcat/tomcat-11/v11.0.0-M22/src/apache-tomcat-11.0.0-M22-src.zip.sha512

Added: dev/tomcat/tomcat-11/v11.0.0-M22/KEYS
==
--- dev/tomcat/tomcat-11/v11.0.0-M22/KEYS (added)
+++ dev/tomcat/tomcat-11/v11.0.0-M22/KEYS Tue Jul  2 11:48:12 2024
@@ -0,0 +1,573 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Comment: GPGTools - http://gpgtools.org
+
+mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX
+pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t
+6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K
+GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz
+4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M
+UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF
+kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn
+lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi
+GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8
+Xvuk4i5quh3N+2kzKHOOiQCDmN0sz0XjOE+7XBvM1lv

[VOTE] Release Apache Tomcat 11.0.0-M22

2024-07-02 Thread Mark Thomas 

The proposed Apache Tomcat 11.0.0-M22 release is now available for
voting.

Apache Tomcat 11.0.0-M22 is a milestone release of the 11.0.x branch and 
has been made to provide users with early access to the new features in 
Apache Tomcat 11.0.x so that they may provide feedback. The notable 
changes compared to the previous milestone include:


- Move OpenSSL support using FFM to a separate JAR named
  tomcat-coyote-ffm.jar that advertises Java 22 in its manifest.

- When using include directives in a tag file packaged in a JAR file,
  ensure that the include directives are processed correctly.

-  Expand the implementation of the filter value of the Authenticator
   attribute allowCorsPreflight, so that it applies to all requests that
   match the configured URL patterns for the CORS filter, rather than
   only applying if the CORS filter is mapped to /*


For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory. Applications using deprecated APIs may require 
further changes.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M22/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1499

The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M22
6c03e2dc6390ccb3dbe714889706fcad2f08f4c5

The proposed 11.0.0-M22 release is:
[ ] -1 Broken - do not release
[ ] +1 Beta   - go ahead and release as 11.0.0-M22

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) tag 9.0.91 created (now acef3172d4)

2024-07-02 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a change to tag 9.0.91
in repository https://gitbox.apache.org/repos/asf/tomcat.git


  at acef3172d4 (commit)
This tag includes the following new commits:

 new acef3172d4 Tag 9.0.91

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/01: Tag 9.0.91

2024-07-02 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to tag 9.0.91
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit acef3172d41f18b5272fdf81da88db745669442e
Author: remm 
AuthorDate: Tue Jul 2 14:40:05 2024 +0200

Tag 9.0.91
---
 build.properties.release |  54 +++
 res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes
 res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes
 res/maven/mvn.properties.release |  27 
 webapps/docs/changelog.xml   |   2 +-
 5 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/build.properties.release b/build.properties.release
new file mode 100644
index 00..d362247830
--- /dev/null
+++ b/build.properties.release
@@ -0,0 +1,54 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Any unwanted settings may be over-ridden in a build.properties file located
+# in the same directory as this file.
+
+# Set the version-dev to "" (empty string) as this is not a development 
release.
+version.dev=
+
+# Ensure consistent timestamps for reproducible builds.
+ant.tstamp.now.iso=2024-07-02T12:35:51Z
+
+# Enable insertion of detached signatures into the Windows installer.
+do.codesigning=true
+
+# Re-use the same GPG executable.
+gpg.exec=/usr/bin/gpg
+
+# Reproducible builds require the use of the build tools defined below. The
+# vendors (where appropriate) and versions must match exactly for a 
reproducible
+# build since this data is embedded in various files, particularly JAR file
+# manifests, as part of the build process.
+#
+# Apache Ant:  Apache Ant(TM) version 1.10.14 compiled on August 16 2023
+#
+# Java Name:   OpenJDK 64-Bit Server VM
+# Java Vendor: Eclipse Adoptium
+# Java Version:17.0.11+9
+
+# The following is provided for information only. Builds will be repeatable
+# whether or not the build environment is consistent with this information.
+#
+# OS:  amd64 Linux 6.9.6-200.fc40.x86_64
+# File encoding:   UTF-8
+#
+# Release Manager: remm
+release-java-version=17.0.11+9
+release-ant-version=1.10.14
diff --git a/res/install-win/Uninstall.exe.sig 
b/res/install-win/Uninstall.exe.sig
new file mode 100644
index 00..1e3b5ade79
Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ
diff --git a/res/install-win/tomcat-installer.exe.sig 
b/res/install-win/tomcat-installer.exe.sig
new file mode 100644
index 00..45fc3d178b
Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ
diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release
new file mode 100644
index 00..e55b798002
--- /dev/null
+++ b/res/maven/mvn.properties.release
@@ -0,0 +1,27 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Remove "-dev" from the version since this is not a development release.
+maven.asf.release.deploy.version=9.0.91
+
+# Re-use the same GPG executable.
+gpg.exec=/usr/bin/gpg
+
+# Set the user name

svn commit: r70100 - in /dev/tomcat/tomcat-9/v9.0.91: ./ bin/ bin/embed/ src/

2024-07-02 Thread remm 
Author: remm
Date: Tue Jul  2 12:43:56 2024
New Revision: 70100

Log:
Upload 9.0.91 for voting

Added:
dev/tomcat/tomcat-9/v9.0.91/
dev/tomcat/tomcat-9/v9.0.91/KEYS
dev/tomcat/tomcat-9/v9.0.91/README.html
dev/tomcat/tomcat-9/v9.0.91/RELEASE-NOTES
dev/tomcat/tomcat-9/v9.0.91/bin/
dev/tomcat/tomcat-9/v9.0.91/bin/README.html
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-deployer.tar.gz.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-deployer.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-deployer.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-deployer.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-deployer.zip.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-fulldocs.tar.gz.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-windows-x64.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-windows-x64.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-windows-x64.zip.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-windows-x86.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-windows-x86.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91-windows-x86.zip.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.exe   (with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.exe.asc   (with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.exe.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.tar.gz   (with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.tar.gz.asc   (with 
props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.zip   (with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.zip.asc   (with props)
dev/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.zip.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/embed/
dev/tomcat/tomcat-9/v9.0.91/bin/embed/apache-tomcat-9.0.91-embed.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/embed/apache-tomcat-9.0.91-embed.tar.gz.asc 
  (with props)

dev/tomcat/tomcat-9/v9.0.91/bin/embed/apache-tomcat-9.0.91-embed.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.91/bin/embed/apache-tomcat-9.0.91-embed.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/embed/apache-tomcat-9.0.91-embed.zip.asc   
(with props)
dev/tomcat/tomcat-9/v9.0.91/bin/embed/apache-tomcat-9.0.91-embed.zip.sha512
dev/tomcat/tomcat-9/v9.0.91/src/
dev/tomcat/tomcat-9/v9.0.91/src/apache-tomcat-9.0.91-src.tar.gz   (with 
props)
dev/tomcat/tomcat-9/v9.0.91/src/apache-tomcat-9.0.91-src.tar.gz.asc   (with 
props)
dev/tomcat/tomcat-9/v9.0.91/src/apache-tomcat-9.0.91-src.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.91/src/apache-tomcat-9.0.91-src.zip   (with props)
dev/tomcat/tomcat-9/v9.0.91/src/apache-tomcat-9.0.91-src.zip.asc   (with 
props)
dev/tomcat/tomcat-9/v9.0.91/src/apache-tomcat-9.0.91-src.zip.sha512

Added: dev/tomcat/tomcat-9/v9.0.91/KEYS
==
--- dev/tomcat/tomcat-9/v9.0.91/KEYS (added)
+++ dev/tomcat/tomcat-9/v9.0.91/KEYS Tue Jul  2 12:43:56 2024
@@ -0,0 +1,237 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   1024D/33C60243 2004-09-12
+  Key fingerprint = DCFD 35E0 BF8C A734 4752  DE8B 6FB2 1E89 33C6 0243
+uid  Mark E D Thomas 
+uid  Mark E D Thomas 
+uid  Mark E D Thomas 
+sub   2048g/0BECE548 2004-09-12
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: GnuPG v1.4.9 (MingW32)
+
+mQGiBEFEjegRBADocGttfROvtLGrTOW3xRqZHmFWybmEaI6jmnRdN/1gGXmb3wQL
+rHsS3fLFIIOYLPph0Kov9q4qNq36LekShIvjMBDFoj2/wRxaUtFq81asaRZg8Mcw
+4kVeIoe8OIOuWmvYhU8SH2jJNUnVVrpTPAa6QWquTmseNi6UJMjLxuL7DwCg//9u
+k2yj0vk6e4WSO6Fe5+EkQDED/AjQsy0kj9TpNHkKSSUR2evRlWPYA0YtxBSbsgON
+tT0cYipAp5IcYt6Zq5QzHiZreyQXLAjItDS2oGCIXfNbTYJ3kxxJTCU/3wlefV

(tomcat) branch 9.0.x updated: Next is 9.0.92

2024-07-02 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 7d48aa4e0a Next is 9.0.92
7d48aa4e0a is described below

commit 7d48aa4e0a688fee23c5dad735511e7c28b430c1
Author: remm 
AuthorDate: Tue Jul 2 14:46:12 2024 +0200

Next is 9.0.92
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index fb32941684..12cba55824 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -31,7 +31,7 @@
 # - Version Control Flags -
 version.major=9
 version.minor=0
-version.build=91
+version.build=92
 version.patch=0
 version.suffix=
 version.dev=-dev
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index fc02cb105b..19cf9189ae 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=9.0.91
+maven.asf.release.deploy.version=9.0.92
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7886bf7cff..a6efd4bf07 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Attempt to fix unit tests on MacOS

2024-07-02 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new eb03741a0f Attempt to fix unit tests on MacOS
eb03741a0f is described below

commit eb03741a0f6ba3aeb315c6477f41a6a3ce4da15c
Author: Mark Thomas 
AuthorDate: Tue Jul 2 08:51:44 2024 +0100

Attempt to fix unit tests on MacOS
---
 java/org/apache/tomcat/util/openssl/openssl_h.java | 18 +++---
 webapps/docs/changelog.xml |  4 
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/openssl/openssl_h.java 
b/java/org/apache/tomcat/util/openssl/openssl_h.java
index a8f5777bdb..d3290392a9 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h.java
@@ -23,6 +23,9 @@ import java.lang.invoke.MethodHandle;
 import java.lang.invoke.MethodHandles;
 import java.util.Arrays;
 import java.util.stream.Collectors;
+
+import org.apache.tomcat.util.compat.JrePlatform;
+
 import java.lang.foreign.*;
 import static java.lang.foreign.ValueLayout.*;
 
@@ -49,9 +52,18 @@ public class openssl_h {
 static final boolean TRACE_DOWNCALLS = 
Boolean.getBoolean("jextract.trace.downcalls");
 static final SymbolLookup SYMBOL_LOOKUP;
 static {
-SYMBOL_LOOKUP = 
SymbolLookup.libraryLookup(System.mapLibraryName("ssl"), LIBRARY_ARENA)
-.or(SymbolLookup.loaderLookup())
-.or(Linker.nativeLinker().defaultLookup());
+if (JrePlatform.IS_MAC_OS) {
+/*
+ * On Mac OS SymbolLookup.libraryLookup() appears to ignore 
java.library.path which means the LibreSSL
+ * library will be found which will then fail. Therefore, skip 
that lookup on Mac OS.
+ */
+System.loadLibrary("ssl");
+SYMBOL_LOOKUP = 
SymbolLookup.loaderLookup().or(Linker.nativeLinker().defaultLookup());
+} else {
+SYMBOL_LOOKUP = 
SymbolLookup.libraryLookup(System.mapLibraryName("ssl"), LIBRARY_ARENA)
+.or(SymbolLookup.loaderLookup())
+.or(Linker.nativeLinker().defaultLookup());
+}
 }
 
 static void traceDowncall(String name, Object... args) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b8c76e257e..60aaa9187a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -153,6 +153,10 @@
 tomcat-coyote-ffm.jar that advertises Java 22 in its
 manifest. (remm)
   
+  
+Fix search for OpenSSL library for FFM on Mac OS so that
+java.library.path is searched. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Attempt to fix unit tests on MacOS

2024-07-02 Thread Rémy Maucherat 
On Tue, Jul 2, 2024 at 9:52 AM  wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
>  new cd5051cc43 Attempt to fix unit tests on MacOS
> cd5051cc43 is described below
>
> commit cd5051cc43e4980e0b5e644cefd56ce090d5c5f1
> Author: Mark Thomas 
> AuthorDate: Tue Jul 2 08:51:44 2024 +0100
>
> Attempt to fix unit tests on MacOS

Adding support for LibreSSL might not be impossible. I'll have a look.
Their philosophy is bad for FFM however since they basically replace
API calls with macros, because they (think they) can.

Rémy

> ---
>  java/org/apache/tomcat/util/openssl/openssl_h.java | 18 +++---
>  webapps/docs/changelog.xml |  4 
>  2 files changed, 19 insertions(+), 3 deletions(-)
>
> diff --git a/java/org/apache/tomcat/util/openssl/openssl_h.java 
> b/java/org/apache/tomcat/util/openssl/openssl_h.java
> index a8f5777bdb..d3290392a9 100644
> --- a/java/org/apache/tomcat/util/openssl/openssl_h.java
> +++ b/java/org/apache/tomcat/util/openssl/openssl_h.java
> @@ -23,6 +23,9 @@ import java.lang.invoke.MethodHandle;
>  import java.lang.invoke.MethodHandles;
>  import java.util.Arrays;
>  import java.util.stream.Collectors;
> +
> +import org.apache.tomcat.util.compat.JrePlatform;
> +
>  import java.lang.foreign.*;
>  import static java.lang.foreign.ValueLayout.*;
>
> @@ -49,9 +52,18 @@ public class openssl_h {
>  static final boolean TRACE_DOWNCALLS = 
> Boolean.getBoolean("jextract.trace.downcalls");
>  static final SymbolLookup SYMBOL_LOOKUP;
>  static {
> -SYMBOL_LOOKUP = 
> SymbolLookup.libraryLookup(System.mapLibraryName("ssl"), LIBRARY_ARENA)
> -.or(SymbolLookup.loaderLookup())
> -.or(Linker.nativeLinker().defaultLookup());
> +if (JrePlatform.IS_MAC_OS) {
> +/*
> + * On Mac OS SymbolLookup.libraryLookup() appears to ignore 
> java.library.path which means the LibreSSL
> + * library will be found which will then fail. Therefore, skip 
> that lookup on Mac OS.
> + */
> +System.loadLibrary("ssl");
> +SYMBOL_LOOKUP = 
> SymbolLookup.loaderLookup().or(Linker.nativeLinker().defaultLookup());
> +} else {
> +SYMBOL_LOOKUP = 
> SymbolLookup.libraryLookup(System.mapLibraryName("ssl"), LIBRARY_ARENA)
> +.or(SymbolLookup.loaderLookup())
> +.or(Linker.nativeLinker().defaultLookup());
> +}
>  }
>
>  static void traceDowncall(String name, Object... args) {
> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
> index bc414180ed..be4f9bf183 100644
> --- a/webapps/docs/changelog.xml
> +++ b/webapps/docs/changelog.xml
> @@ -161,6 +161,10 @@
>  tomcat-coyote-ffm.jar that advertises Java 22 in its
>  manifest. (remm)
>
> +  
> +Fix search for OpenSSL library for FFM on Mac OS so that
> +java.library.path is searched. (markt)
> +  
>  
>
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 9.0.91

2024-07-02 Thread Rémy Maucherat 
The proposed Apache Tomcat 9.0.91 release is now available for voting.

The notable changes compared to 9.0.90 are:

- When using include directives in a tag file packaged in a JAR file,
   ensure that the include directives are processed correctly.

-  Expand the implementation of the filter value of the Authenticator
attribute allowCorsPreflight, so that it applies to all requests that
match the configured URL patterns for the CORS filter, rather than
only applying if the CORS filter is mapped to /*

- Add test-only build target to allow running only the testsuite, supporting
   Java versions down to the minimum supported to run Tomcat

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.91/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1500

The tag is:
https://github.com/apache/tomcat/tree/9.0.91
acef3172d41f18b5272fdf81da88db745669442e

The proposed 9.0.91 release is:
[ ] -1, Broken - do not release
[ ] +1, Stable - go ahead and release as 9.0.91

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 11.0.0-M22

2024-07-02 Thread Dimitris Soumis 
+1 Build is reproducible and all tests pass on Fedora 40 with Java 22,
tcnative-2.0.7, apr-1.7.4, openssl-3.0.13.

On Tue, Jul 2, 2024 at 3:11 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 11.0.0-M22 release is now available for
> voting.
>
> Apache Tomcat 11.0.0-M22 is a milestone release of the 11.0.x branch and
> has been made to provide users with early access to the new features in
> Apache Tomcat 11.0.x so that they may provide feedback. The notable
> changes compared to the previous milestone include:
>
> - Move OpenSSL support using FFM to a separate JAR named
>tomcat-coyote-ffm.jar that advertises Java 22 in its manifest.
>
> - When using include directives in a tag file packaged in a JAR file,
>ensure that the include directives are processed correctly.
>
> -  Expand the implementation of the filter value of the Authenticator
> attribute allowCorsPreflight, so that it applies to all requests that
> match the configured URL patterns for the CORS filter, rather than
> only applying if the CORS filter is mapped to /*
>
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory. Applications using deprecated APIs may require
> further changes.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M22/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1499
>
> The tag is:
> https://github.com/apache/tomcat/tree/11.0.0-M22
> 6c03e2dc6390ccb3dbe714889706fcad2f08f4c5
>
> The proposed 11.0.0-M22 release is:
> [ ] -1 Broken - do not release
> [X] +1 Beta   - go ahead and release as 11.0.0-M22
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

(tomcat) branch main updated: Update version for next development cycle

2024-07-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 4fb0054f30 Update version for next development cycle
4fb0054f30 is described below

commit 4fb0054f30a06b318399410353932eb134a927a8
Author: Mark Thomas 
AuthorDate: Tue Jul 2 14:01:43 2024 +0100

Update version for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index e4929239c4..4303369704 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -33,7 +33,7 @@ version.major=11
 version.minor=0
 version.build=0
 version.patch=0
-version.suffix=-M22
+version.suffix=-M23
 version.dev=-dev
 
 # - Build tools -
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index aa6d02e282..f53ce46908 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=11.0.0-M22
+maven.asf.release.deploy.version=11.0.0-M23
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index be4f9bf183..7f3c512cf1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Reduce default for maxParameterCount

2024-07-02 Thread Michael Osipov 
On 2024/07/02 11:06:55 Rémy Maucherat wrote:
> On Tue, Jul 2, 2024 at 1:05 PM Mark Thomas  wrote:
> >
> > On 02/07/2024 12:01, Michael Osipov wrote:
> > > On 2024/07/02 10:33:29 Mark Thomas wrote:
> > >> On 01/07/2024 07:17, Michael Osipov wrote:
> >
> > 
> >
> > >>> I would really really expect that Tomcat fails hard with 4xx if the 
> > >>> input is invalid and not issue a simple INFO at the log. The huge 
> > >>> problem is that the request is seen as 2xx or 3xx in the access log and 
> > >>> if you have a lot of requests or forms it will be needle in the 
> > >>> haystack to identify which is really the problem.
> > >>> Even worse, if this has not been written by you you can play ping pong 
> > >>> with the software vendor.
> > >>> Therefore, I'd like all of us (committers) to reconsider this soft 
> > >>> non-failing approach. It is not helpful. If the client provides garbage 
> > >>> it should fail immediately.
> > >>
> > >> With Tomcat 11.0.x you will get a hard fail.
> > >>
> > >> Prior to Tomcat 11 our hands are somewhat tied by the Servlet
> > >> specification since getParameter() and friends are documented to not
> > >> throw an exception.
> > >>
> > >> We can't change the default behaviour for Tomcat versions before 11 as
> > >> that runs the risk of breaking existing applications that have been
> > >> designed for the current behaviour.
> > >>
> > >> All we can do is make that hard failure optional and it already is. For
> > >> a (very) long time we have had the FailedRequestFilter for folks that
> > >> wanted a hard failure if there was an issue with parameter parsing.
> > >>
> > >> Changing the default for maxParameterCount from 10,000 to 1,000 doesn't
> > >> change this.
> > >>
> > >> The documentation for maxParameterCount already documents all of this.
> > >>
> > >> I don't see a need for any changes here.
> > >
> > > Thanks, I see. As a comprise would a move to WARN log message be 
> > > accepted? This will at least draw people's attention. INFORMATION is just 
> > > lost with other output.
> >
> > That seems reasonable to me.
> 
> It seems UserDataHelper needs some changes then, careful about last
> minute breakage.

I won't oppose, August release would be just fine.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Buildbot success in on tomcat-11.0.x

2024-07-02 Thread buildbot 
Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/1169
Blamelist: Mark Thomas 
Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch main] 4fb0054f30a06b318399410353932eb134a927a8


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  shell_6: 0

  compile: 1

  shell_7: 0

  shell_8: 0

  shell_9: 0

  shell_10: 0

  Rsync docs to nightlies.apache.org: 0

  shell_11: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_12: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org