From 9f29628f01636abf5a0eaf2a97898267f6b39fa7 Mon Sep 17 00:00:00 2001 From: "Sergey A. Osokin" Date: Mon, 10 Feb 2025 11:15:15 -0500 Subject: java: update third-party components to their recent versions Co-authored-by: Andrew Clayton Signed-off-by: Andrew Clayton --- auto/modules/java | 4 ++-- auto/modules/java_jar.sha512 | 24 ++++++++++++------------ test/unit/applications/lang/java.py | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/auto/modules/java b/auto/modules/java index cd120902..d0fefde7 100644 --- a/auto/modules/java +++ b/auto/modules/java @@ -238,7 +238,7 @@ cat << END > $NXT_JAVA_JARS static const char *nxt_java_system_jars[] = { END -NXT_TOMCAT_VERSION=9.0.98 +NXT_TOMCAT_VERSION=9.0.108 NXT_JAR_VERSION=$NXT_TOMCAT_VERSION @@ -284,7 +284,7 @@ static const char *nxt_java_unit_jars[] = { "$NXT_UNIT_JAR", END -NXT_JAR_VERSION=9.4.56.v20240826 +NXT_JAR_VERSION=9.4.58.v20250814 NXT_JAR_NAMESPACE=org/eclipse/jetty/ NXT_JAR_NAME=jetty-util diff --git a/auto/modules/java_jar.sha512 b/auto/modules/java_jar.sha512 index e902f6b5..1df729b9 100644 --- a/auto/modules/java_jar.sha512 +++ b/auto/modules/java_jar.sha512 @@ -1,14 +1,14 @@ 8ae750523f086c667f1ecb22cdd02037f217b67841757c2545100ec314145268a60cc6f381bde86659fa090f1a05de8f7cf3ebaf13fb4e737fda749a1ce77078 classgraph-4.8.179.jar ab441acf5551a7dc81c353eaccb3b3df9e89a48987294d19e39acdb83a5b640fcdff7414cee29f5b96eaa8826647f1d5323e185018fe33a64c402d69c73c9158 ecj-3.26.0.jar -48d5512d378d58c3df93bbe1c68d5a4b097e2dc7466992393e0731414dc0fe449312e067d0874e503dd27cb9b6a1f2da0d1f1569a7b484c1f12bd533afbe2723 jetty-http-9.4.56.v20240826.jar -dc0d1f05a7f8477e1f7f57adb307224aadcb1e1fed6f7e5df72d9b84437bf75276c3b0f13da9d079c541ad94601bdbd7314c61477b224dbbdc93a6d5b9f98478 jetty-server-9.4.56.v20240826.jar -025751c45cd8a23f1b436eaa1849af2421f78a2a82bc07c4175df8b4ec5dfc15247036194156897aafb8b0ec83406bbaa25e4092fea5ddd3b900da0ffdfaae19 jetty-util-9.4.56.v20240826.jar -356c0668e2c03201c74e82491a1daf5194368dbb3a08c42c49abb9e544e814b5a1aa85465137e8da785120733ed279a297942bebf6ee8453d935648fb02a3893 tomcat-api-9.0.98.jar -43c106be1a497b4641eed28bc5c2c60192a7240f6dd3e55850197969a275d38c9d853646dd3f313af530010b36095f8893289c8ddfed018f2537cd7ddc84be98 tomcat-el-api-9.0.98.jar -570e6e9f4a762cad5b3190886915d93618f7292bfa3ee39abb7b9f0993704a19fbb0fd4a7727995fd7f50edf62f4b6df50d2854a6fa70ac1e8a6650a02445fd2 tomcat-jasper-9.0.98.jar -77f3c0da8ee1af315c59cc1e6566dab7cfbdd928045aa7c921299e72b88004bd6b710f0b62b39c4a3aaa872b965b50d5f4ba43bf98a0cd39d585c6b82edeaf06 tomcat-jasper-el-9.0.98.jar -8d825b69acb8227709cbdea1349faa6115243c5824ff751af3d5c45822dfe371506077669565e7531f278b6752be819e5e54e73284a75208d4f8784706ee6fb7 tomcat-jsp-api-9.0.98.jar -353c858821644f7284bc272d8f23c031199439fea74b8c104bb2d054716f6a87523d4d9d38f86dca5e353b4ddff307d1cdc0d221ddda10e0626b1cf3cbda482b tomcat-juli-9.0.98.jar -5b1a8ca4c4b3782531e154d0519f2e3fa8cdb647848e455d4af446f7fac6555ad0fa76750e0d76b02f4e7bceae147ebc96c9d3f786542defcab2d69e7b419175 tomcat-servlet-api-9.0.98.jar -6a1729a0f251a3cb80cab476686a2c307b5e1d2827d991327f4ce6f69183a6d876cf9a886ab074eddec693fca418158407dac8844781c4667aca5575378574c6 tomcat-util-9.0.98.jar -37dc24785e3c18d527038242056d7481635505c2609ff77ee3b249e88a7c48323f6c99a562391fef2474e6cb896f9445855eed48fc8a8ab89b8704c8ecb4193a tomcat-util-scan-9.0.98.jar +609516a5c3b7fa9e256b768124d3c822f28ce426687a479eb57b0f2f6dc82ee6c3560f8e790394b71feebc409eda78a04d6c03254bb41127506ffcf6b7905a61 jetty-http-9.4.58.v20250814.jar +5f2b1efe5f6279ed9c3a25d8c3a6413b195a6957500752cb7b59fc8e8bc43d01eeb2e97b619bfb74ff5ec96cd8893ba1d9d372f8a226ff197d3b452febafa146 jetty-server-9.4.58.v20250814.jar +c4505826e68be8d8736eba5cd29fd86ada455ee5765f8d46d33085b788eb3295023b167354178441e80c97edde9f988f89bf3959c59ef8aada56e5d863673021 jetty-util-9.4.58.v20250814.jar +65cfee9beb10eb9831af55f039d8084dcd500a9718f4c753acf99fb52d4ab8b1bd70c8a6807a4cae7096466ea344c79d366c4b115d8b1e641bc6c86e49e2c8c3 tomcat-api-9.0.108.jar +772f68efbd68d010eb72d043c115364d65083c9a95887df79bf26feed6aa332348424ec3fbab9155dab508c11a40a31f1d1aea1205d04a180b0619497628ed32 tomcat-el-api-9.0.108.jar +fee3afbb966efdbe49347f1942a3ba5aa275e7193de6a14a0355f49a8138b255f4123189435613976e18c55cb37f4f53e5bc8dd1b9cc178551b4fb0978e545a4 tomcat-jasper-9.0.108.jar +93c6ac9876599a1a7c7dfc09458edcc109de0748db77514b765132814d80621a4bca431378acc916306e928119cea1157288ff81f8d88fd1661366aded8213b2 tomcat-jasper-el-9.0.108.jar +c3bef13c90043fa179c3b7ab599c7ab227e5bf28132f314049222096a1af80b34fc28737f40973c0dc4f10f5899da524fefafc5a97981b0f18e87062a5041766 tomcat-jsp-api-9.0.108.jar +3ea930f5da6f2e4ba90208ef4cede22decf737aad252f9c74dcf4ffaa7351ab52e153b31f41fe64fc0c7a1bae626e1e1da2de679975583740975cce4391c67d9 tomcat-juli-9.0.108.jar +a1e93a66ffe517baa37878d085b18537c18284c8ddf3872d9b4c2ef0d6579c68f0eac57d5d15303cde485b3286bafd20e1b03136e9c86712002a31edd6081052 tomcat-servlet-api-9.0.108.jar +cfcabcd79c56f33415b8f4095ac894c0dfa5f392fd272e2e66d61d67051b1eac026740dd21657179a651fa0eeb2f39351781771b0e38799ab1fdf277ebda9883 tomcat-util-9.0.108.jar +0cd88e452ead14c89cd9c70b965795f5793355bc61a0cbf58355585afedcc8a24cb62968da757e253ef1b119021a543aea0058cf9fd5ab152bc185e338c3d15f tomcat-util-scan-9.0.108.jar diff --git a/test/unit/applications/lang/java.py b/test/unit/applications/lang/java.py index 2416278b..a141b6de 100644 --- a/test/unit/applications/lang/java.py +++ b/test/unit/applications/lang/java.py @@ -53,7 +53,7 @@ class ApplicationJava(ApplicationProto): os.makedirs(classes_path) classpath = ( - f'{option.current_dir}/build/tomcat-servlet-api-9.0.98.jar' + f'{option.current_dir}/build/tomcat-servlet-api-9.0.108.jar' ) ws_jars = glob.glob( -- cgit From 6482e46a6b35214967095169842e1d5403a01d4d Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Mon, 11 Aug 2025 19:08:07 +0100 Subject: http: compression: Set the temporary file name in n_h_c_c_s_r() When creating a new nxt_file_t structure in nxt_http_comp_compress_static_response() for the temporary compressed file be sure to set the *name* member. We don't generally need it, but I failed to notice that when calling nxt_file_close() if the close(2) fails then we log an error message containing the file name, which at best would have just printed junk. So set the file name for this particular error case... This issue was reported by coverity. Signed-off-by: Andrew Clayton --- src/nxt_http_compression.c | 20 ++++++++++---------- src/nxt_http_compression.h | 4 ++-- src/nxt_http_static.c | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/nxt_http_compression.c b/src/nxt_http_compression.c index 28e53a9d..4f4eec1a 100644 --- a/src/nxt_http_compression.c +++ b/src/nxt_http_compression.c @@ -232,14 +232,12 @@ nxt_http_comp_compress_app_response(nxt_task_t *task, nxt_http_request_t *r, nxt_int_t -nxt_http_comp_compress_static_response(nxt_task_t *task, nxt_file_t **f, - nxt_file_info_t *fi, - size_t static_buf_len, - size_t *out_total) +nxt_http_comp_compress_static_response(nxt_task_t *task, nxt_http_request_t *r, + nxt_file_t **f, nxt_file_info_t *fi, + size_t static_buf_len, size_t *out_total) { - char tmp_path[NXT_MAX_PATH_LEN]; size_t in_size, out_size, rest; - u_char *p; + char *tmp_path, *p; uint8_t *in, *out; nxt_int_t ret; nxt_file_t tfile; @@ -249,13 +247,14 @@ nxt_http_comp_compress_static_response(nxt_task_t *task, nxt_file_t **f, *out_total = 0; - if (nxt_slow_path(strlen(rt->tmp) + 1 + strlen(template) + 1 - > NXT_MAX_PATH_LEN)) - { + tmp_path = nxt_mp_nget(r->mem_pool, + strlen(rt->tmp) + 1 + strlen(template) + 1); + if (nxt_slow_path(tmp_path == NULL)) { return NXT_ERROR; } - p = nxt_cpymem(tmp_path, rt->tmp, strlen(rt->tmp)); + p = tmp_path; + p = nxt_cpymem(p, rt->tmp, strlen(rt->tmp)); *p++ = '/'; p = nxt_cpymem(p, template, strlen(template)); *p = '\0'; @@ -266,6 +265,7 @@ nxt_http_comp_compress_static_response(nxt_task_t *task, nxt_file_t **f, return NXT_ERROR; } unlink(tmp_path); + tfile.name = (nxt_file_name_t *)tmp_path; in_size = nxt_file_size(fi); out_size = nxt_http_comp_bound(in_size); diff --git a/src/nxt_http_compression.h b/src/nxt_http_compression.h index f178e984..99af8a66 100644 --- a/src/nxt_http_compression.h +++ b/src/nxt_http_compression.h @@ -93,8 +93,8 @@ extern const nxt_http_comp_operations_t nxt_http_comp_brotli_ops; extern nxt_int_t nxt_http_comp_compress_app_response(nxt_task_t *task, nxt_http_request_t *r, nxt_buf_t **b); extern nxt_int_t nxt_http_comp_compress_static_response(nxt_task_t *task, - nxt_file_t **f, nxt_file_info_t *fi, size_t static_buf_len, - size_t *out_total); + nxt_http_request_t *r, nxt_file_t **f, nxt_file_info_t *fi, + size_t static_buf_len, size_t *out_total); extern bool nxt_http_comp_wants_compression(void); extern bool nxt_http_comp_compressor_is_valid(const nxt_str_t *token); extern nxt_int_t nxt_http_comp_check_compression(nxt_task_t *task, diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index 78b1f150..8436b417 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -593,7 +593,7 @@ nxt_http_static_send(nxt_task_t *task, nxt_http_request_t *r, nxt_int_t ret; ret = nxt_http_comp_compress_static_response( - task, &f, &fi, + task, r, &f, &fi, NXT_HTTP_STATIC_BUF_SIZE, &out_total); if (ret == NXT_ERROR) { -- cgit From 5e97e44df4bf80ee6914c3fe42c57d6c674c3279 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Mon, 11 Aug 2025 22:26:31 +0100 Subject: http: compression: Add a missed nxt_http_comp_compress() return check In nxt_http_comp_compress_static_response() we should check the return value of the call to nxt_http_comp_compress() in case of error. Signed-off-by: Andrew Clayton --- src/nxt_http_compression.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/nxt_http_compression.c b/src/nxt_http_compression.c index 4f4eec1a..f9a94d05 100644 --- a/src/nxt_http_compression.c +++ b/src/nxt_http_compression.c @@ -305,6 +305,12 @@ nxt_http_comp_compress_static_response(nxt_task_t *task, nxt_http_request_t *r, cbytes = nxt_http_comp_compress(out + *out_total, out_size - *out_total, in + in_size - rest, n, last); + if (cbytes == -1) { + nxt_file_close(task, &tfile); + nxt_mem_munmap(in, in_size); + nxt_mem_munmap(out, out_size); + return NXT_ERROR; + } *out_total += cbytes; rest -= n; -- cgit From 1701935ea4a55f3ce4b5da5db866fc1b11558e0c Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Tue, 12 Aug 2025 22:48:32 +0100 Subject: Don't leak file descriptor in nxt_main_port_access_log_handler() After opening a file and setting file.fd we _may_ call nxt_port_socket_write(). If so then the file is eventually closed via something like nxt_port_socket_write() nxt_port_socket_write2() nxt_port_write_handler() nxt_port_msg_close_fd() nxt_port_close_fds() Alternatively we may just return from the function and never close(2) file.fd. In which case we should call nxt_file_close(). This was reported by coverity. Signed-off-by: Andrew Clayton --- src/nxt_main_process.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c index e942c1a8..25798ea0 100644 --- a/src/nxt_main_process.c +++ b/src/nxt_main_process.c @@ -1730,5 +1730,8 @@ nxt_main_port_access_log_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) if (nxt_fast_path(port != NULL)) { (void) nxt_port_socket_write(task, port, type, file.fd, msg->port_msg.stream, 0, NULL); + + } else { + nxt_file_close(task, &file); } } -- cgit