NOTICE.txt

 Apache HttpComponents Core
-Copyright 2005-2018 The Apache Software Foundation
+Copyright 2005-2019 The Apache Software Foundation
 
 This product includes software developed at
 The Apache Software Foundation (http://www.apache.org/).

RELEASE_NOTES.txt

+Release 4.4.11
+-------------------
+
+This is a maintenance release that corrects a number of defects in non-blocking SSL session code
+that caused compatibility issues with TLSv1.3 protocol implementation shipped with Java 11.
+
+
+Changelog
+-------------------
+
+* HTTPCORE-564: fixed deadlock in IOSessionImpl caused by concurrent session closure and i/o reactor
+  shutdown.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Bug fix: asynchronous HTTP connections must not suspend output if there is buffered output data.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Bug fix: SSL I/O session to keep input interest if there is buffered application data.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Bug fix: keep SSL i/o session in 'CLOSING' state as long as there is buffered application data.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Bug fix: corrected abnormal termination of pipelined request sequence.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Bug fix: non-blocking SSL session incorrectly stops decrypting incoming data if unwrap operation
+  results in NOT_HANDSHAKING status (back-ported from master).
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Bug fix: corrected handling of NEED_WRAP handshake status during graceful SSL session termination
+  (back-ported from master).
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Bug fix: corrected handling of graceful SSL session termination initiated by the opposite endpoint
+  (back-ported from master).
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* Refactor duplicate messages into a new 0-arg constructor for
+  org.apache.http.ConnectionClosedException.
+  Contributed by Gary Gregory <ggregory at apache.org>
+
+* Fix typos in exception messages.
+  Contributed by Gary Gregory <ggregory at apache.org>
+  
+* HTTPCORE-550: When a ParseException is caught and rethrown as an IOException in
+  org.apache.http.impl.nio.codecs.ChunkDecoder.processFooters(), the IOException does not chain the
+  original ParseException.
+  Contributed by Gary Gregory <ggregory at apache.org>
+
+* HTTPCORE-562: The reason phrase returned by org.apache.hc.core5.http.HttpResponse.getReasonPhrase()
+  may be empty.
+  Contributed by Gary Gregory <ggregory at apache.org>
+
+* Keep the entries in org.apache.hc.core5.http.protocol.UriPatternMatcher#map in insertion order.
+  Contributed by Gary Gregory <ggregory at apache.org>
+
+* Corrected Automatic-Module-Name entries for HttpCore NIO and HttpCore AB
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+
 Release 4.4.10
 -------------------
 

debian/changelog

+httpcomponents-core (4.4.11-1) unstable; urgency=medium
+
+  * New upstream release
+    - Refreshed the patch
+  * Generate Java 7 compatible bytecode
+  * Standards-Version updated to 4.3.0
+
+ -- Emmanuel Bourg <ebourg@apache.org>  Tue, 22 Jan 2019 22:58:13 +0100
+
 httpcomponents-core (4.4.10-1) unstable; urgency=medium
 
   * New upstream release

debian/control

@@ -10,7 +10,7 @@ Build-Depends:
  libmaven-antrun-plugin-java,
  libmaven-bundle-plugin-java,
  maven-debian-helper
-Standards-Version: 4.2.0
+Standards-Version: 4.3.0
 Vcs-Git: https://salsa.debian.org/java-team/httpcomponents-core.git
 Vcs-Browser: https://salsa.debian.org/java-team/httpcomponents-core
 Homepage: http://hc.apache.org/httpcomponents-core-ga/index.html

debian/maven.properties

 maven.test.skip=true
-maven.compiler.source=8
-maven.compiler.target=8
-maven.compiler.release=8
+maven.compiler.source=7
+maven.compiler.target=7
+maven.compiler.release=7

debian/patches/01-generate_osgi_metadata.patch

@@ -8,7 +8,7 @@ Subject: add-maven-bundle-plugin
 
 --- a/httpcore/pom.xml
 +++ b/httpcore/pom.xml
-@@ -101,6 +101,40 @@
+@@ -95,6 +95,40 @@
            </archive>
          </configuration>
        </plugin>

httpcore-ab/pom.xml

@@ -28,7 +28,7 @@
   <parent>
     <groupId>org.apache.httpcomponents</groupId>
     <artifactId>httpcomponents-core</artifactId>
-    <version>4.4.10</version>
+    <version>4.4.11</version>
   </parent>
   <artifactId>httpcore-ab</artifactId>
   <name>Apache HttpCore Benchmarking Tool</name>
@@ -73,7 +73,7 @@
             <configuration>
               <archive combine.children="append">
                 <manifestEntries>
-                  <Automatic-Module-Name>org.apache.httpcomponents.httpcore-ab</Automatic-Module-Name>
+                  <Automatic-Module-Name>org.apache.httpcomponents.httpcore.ab</Automatic-Module-Name>
                 </manifestEntries>
               </archive>
             </configuration>

httpcore-ab/src/main/java/org/apache/http/benchmark/BenchmarkConnection.java

@@ -48,8 +48,8 @@ class BenchmarkConnection extends DefaultBHttpClientConnection {
     }
 
     @Override
-    protected InputStream createInputStream(final long len, final SessionInputBuffer inbuffer) {
-        return new CountingInputStream(super.createInputStream(len, inbuffer), this.stats);
+    protected InputStream createInputStream(final long len, final SessionInputBuffer inBuffer) {
+        return new CountingInputStream(super.createInputStream(len, inBuffer), this.stats);
     }
 
 }

httpcore-ab/src/main/java/org/apache/http/benchmark/BenchmarkWorker.java

@@ -170,18 +170,18 @@ class BenchmarkWorker implements Runnable {
                     if (charset == null) {
                         charset = HTTP.DEF_CONTENT_CHARSET;
                     }
-                    long contentlen = 0;
-                    final InputStream instream = entity.getContent();
+                    long contentLen = 0;
+                    final InputStream inStream = entity.getContent();
                     int l;
-                    while ((l = instream.read(this.buffer)) != -1) {
-                        contentlen += l;
+                    while ((l = inStream.read(this.buffer)) != -1) {
+                        contentLen += l;
                         if (config.getVerbosity() >= 4) {
                             final String s = new String(this.buffer, 0, l, charset);
                             System.out.print(s);
                         }
                     }
-                    instream.close();
-                    stats.setContentLength(contentlen);
+                    inStream.close();
+                    stats.setContentLength(contentLen);
                 }
 
                 if (config.getVerbosity() >= 4) {

httpcore-ab/src/main/java/org/apache/http/benchmark/CountingInputStream.java

@@ -34,8 +34,8 @@ class CountingInputStream extends FilterInputStream {
 
     private final Stats stats;
 
-    CountingInputStream(final InputStream instream, final Stats stats) {
-        super(instream);
+    CountingInputStream(final InputStream inStream, final Stats stats) {
+        super(inStream);
         this.stats = stats;
     }
 

httpcore-ab/src/main/java/org/apache/http/benchmark/CountingOutputStream.java

@@ -34,8 +34,8 @@ class CountingOutputStream extends FilterOutputStream {
 
     private final Stats stats;
 
-    CountingOutputStream(final OutputStream outstream, final Stats stats) {
-        super(outstream);
+    CountingOutputStream(final OutputStream outStream, final Stats stats) {
+        super(outStream);
         this.stats = stats;
     }
 

httpcore-ab/src/main/java/org/apache/http/benchmark/HttpBenchmark.java

@@ -126,7 +126,7 @@ public class HttpBenchmark {
             String path = url.getPath();
             if (url.getQuery() != null && url.getQuery().length() > 0) {
                 path += "?" + url.getQuery();
-            } else if (path.trim().length() == 0) {
+            } else if (path.trim().isEmpty()) {
                 path = "/";
             }
             request = new BasicHttpRequest(config.getMethod(), path, ver);

httpcore-nio/pom.xml

@@ -28,7 +28,7 @@
   <parent>
     <groupId>org.apache.httpcomponents</groupId>
     <artifactId>httpcomponents-core</artifactId>
-    <version>4.4.10</version>
+    <version>4.4.11</version>
   </parent>
   <artifactId>httpcore-nio</artifactId>
   <name>Apache HttpCore NIO</name>
@@ -77,7 +77,6 @@
       <plugin>
         <groupId>org.codehaus.mojo</groupId>
         <artifactId>build-helper-maven-plugin</artifactId>
-        <version>1.8</version>
         <executions>
           <execution>
             <id>add-source</id>
@@ -106,7 +105,7 @@
             <configuration>
               <archive combine.children="append">
                 <manifestEntries>
-                  <Automatic-Module-Name>org.apache.httpcomponents.httpcore-nio</Automatic-Module-Name>
+                  <Automatic-Module-Name>org.apache.httpcomponents.httpcore.nio</Automatic-Module-Name>
                 </manifestEntries>
               </archive>
             </configuration>

httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java

@@ -458,9 +458,9 @@ public class NHttpReverseProxy {
         }
 
         public void consumeContent(
-                final ContentDecoder decoder, final IOControl ioctrl) throws IOException {
+                final ContentDecoder decoder, final IOControl ioControl) throws IOException {
             synchronized (this.httpExchange) {
-                this.httpExchange.setClientIOControl(ioctrl);
+                this.httpExchange.setClientIOControl(ioControl);
                 // Receive data from the client
                 final ByteBuffer buf = this.httpExchange.getInBuffer();
                 final int n = decoder.read(buf);
@@ -471,7 +471,7 @@ public class NHttpReverseProxy {
                 // If the buffer is full, suspend client input until there is free
                 // space in the buffer
                 if (!buf.hasRemaining()) {
-                    ioctrl.suspendInput();
+                    ioControl.suspendInput();
                     System.out.println("[client->proxy] " + this.httpExchange.getId() + " suspend client input");
                 }
                 // If there is some content in the input buffer make sure origin
@@ -550,9 +550,9 @@ public class NHttpReverseProxy {
         }
 
         public void produceContent(
-                final ContentEncoder encoder, final IOControl ioctrl) throws IOException {
+                final ContentEncoder encoder, final IOControl ioControl) throws IOException {
             synchronized (this.httpExchange) {
-                this.httpExchange.setOriginIOControl(ioctrl);
+                this.httpExchange.setOriginIOControl(ioControl);
                 // Send data to the origin server
                 final ByteBuffer buf = this.httpExchange.getInBuffer();
                 buf.flip();
@@ -574,7 +574,7 @@ public class NHttpReverseProxy {
                     } else {
                         // Input buffer is empty. Wait until the client fills up
                         // the buffer
-                        ioctrl.suspendOutput();
+                        ioControl.suspendOutput();
                         System.out.println("[proxy->origin] " + this.httpExchange.getId() + " suspend origin output");
                     }
                 }
@@ -627,9 +627,9 @@ public class NHttpReverseProxy {
         }
 
         public void consumeContent(
-                final ContentDecoder decoder, final IOControl ioctrl) throws IOException {
+                final ContentDecoder decoder, final IOControl ioControl) throws IOException {
             synchronized (this.httpExchange) {
-                this.httpExchange.setOriginIOControl(ioctrl);
+                this.httpExchange.setOriginIOControl(ioControl);
                 // Receive data from the origin
                 final ByteBuffer buf = this.httpExchange.getOutBuffer();
                 final int n = decoder.read(buf);
@@ -640,7 +640,7 @@ public class NHttpReverseProxy {
                 // If the buffer is full, suspend origin input until there is free
                 // space in the buffer
                 if (!buf.hasRemaining()) {
-                    ioctrl.suspendInput();
+                    ioControl.suspendInput();
                     System.out.println("[proxy<-origin] " + this.httpExchange.getId() + " suspend origin input");
                 }
                 // If there is some content in the input buffer make sure client
@@ -741,9 +741,9 @@ public class NHttpReverseProxy {
         }
 
         public void produceContent(
-                final ContentEncoder encoder, final IOControl ioctrl) throws IOException {
+                final ContentEncoder encoder, final IOControl ioControl) throws IOException {
             synchronized (this.httpExchange) {
-                this.httpExchange.setClientIOControl(ioctrl);
+                this.httpExchange.setClientIOControl(ioControl);
                 // Send data to the client
                 final ByteBuffer buf = this.httpExchange.getOutBuffer();
                 buf.flip();
@@ -765,7 +765,7 @@ public class NHttpReverseProxy {
                     } else {
                         // Input buffer is empty. Wait until the origin fills up
                         // the buffer
-                        ioctrl.suspendOutput();
+                        ioControl.suspendOutput();
                         System.out.println("[client<-proxy] " + this.httpExchange.getId() + " suspend client output");
                     }
                 }
@@ -871,10 +871,10 @@ public class NHttpReverseProxy {
     static class ProxyConnPool extends BasicNIOConnPool {
 
         public ProxyConnPool(
-                final ConnectingIOReactor ioreactor,
+                final ConnectingIOReactor ioReactor,
                 final NIOConnFactory<HttpHost, NHttpClientConnection> connFactory,
                 final int connectTimeout) {
-            super(ioreactor, connFactory, connectTimeout);
+            super(ioReactor, connFactory, connectTimeout);
         }
 
         @Override

httpcore-nio/src/main/java-deprecated/org/apache/http/impl/nio/reactor/SSLIOSessionHandlerAdaptor.java

@@ -56,8 +56,8 @@ class SSLIOSessionHandlerAdaptor implements org.apache.http.nio.reactor.ssl.SSLS
     }
 
     @Override
-    public void verify(final IOSession iosession, final SSLSession sslsession) throws SSLException {
-        this.handler.verify(iosession.getRemoteAddress(), sslsession);
+    public void verify(final IOSession ioSession, final SSLSession sslsession) throws SSLException {
+        this.handler.verify(ioSession.getRemoteAddress(), sslsession);
     }
 
     public void setParams(final HttpParams params) {

httpcore-nio/src/main/java-deprecated/org/apache/http/impl/nio/reactor/SSLSetupHandler.java

@@ -64,11 +64,11 @@ public interface SSLSetupHandler {
      * For instance this would be the right place to enforce SSL cipher
      * strength, validate certificate chain and do hostname checks.
      *
-     * @param iosession the underlying IOSession for the SSL connection.
+     * @param ioSession the underlying IOSession for the SSL connection.
      * @param sslsession newly created SSL session.
      * @throws SSLException if case of SSL protocol error.
      */
-    void verify(IOSession iosession, SSLSession sslsession)
+    void verify(IOSession ioSession, SSLSession sslsession)
         throws SSLException;
 
 }

httpcore-nio/src/main/java-deprecated/org/apache/http/impl/nio/reactor/SSLSetupHandlerAdaptor.java

@@ -56,8 +56,8 @@ class SSLSetupHandlerAdaptor implements org.apache.http.nio.reactor.ssl.SSLSetup
     }
 
     @Override
-    public void verify(final IOSession iosession, final SSLSession sslsession) throws SSLException {
-        this.handler.verify(iosession, sslsession);
+    public void verify(final IOSession ioSession, final SSLSession sslsession) throws SSLException {
+        this.handler.verify(ioSession, sslsession);
     }
 
     public void setParams(final HttpParams params) {

httpcore-nio/src/main/java-deprecated/org/apache/http/impl/nio/ssl/SSLClientIOEventDispatch.java

@@ -113,20 +113,20 @@ public class SSLClientIOEventDispatch extends DefaultClientIOEventDispatch {
         return new SSLIOSession(session, sslContext, sslHandler);
     }
 
-    protected NHttpClientIOTarget createSSLConnection(final SSLIOSession ssliosession) {
-        return super.createConnection(ssliosession);
+    protected NHttpClientIOTarget createSSLConnection(final SSLIOSession sslioSession) {
+        return super.createConnection(sslioSession);
     }
 
     @Override
     protected NHttpClientIOTarget createConnection(final IOSession session) {
-        final SSLIOSession ssliosession = createSSLIOSession(session, this.sslContext, this.sslHandler);
-        session.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
-        final NHttpClientIOTarget conn = createSSLConnection(ssliosession);
+        final SSLIOSession sslioSession = createSSLIOSession(session, this.sslContext, this.sslHandler);
+        session.setAttribute(SSLIOSession.SESSION_KEY, sslioSession);
+        final NHttpClientIOTarget conn = createSSLConnection(sslioSession);
         try {
-            ssliosession.initialize();
+            sslioSession.initialize();
         } catch (final SSLException ex) {
             this.handler.exception(conn, ex);
-            ssliosession.shutdown();
+            sslioSession.shutdown();
         }
         return conn;
     }

httpcore-nio/src/main/java-deprecated/org/apache/http/impl/nio/ssl/SSLServerIOEventDispatch.java

@@ -113,20 +113,20 @@ public class SSLServerIOEventDispatch extends DefaultServerIOEventDispatch {
         return new SSLIOSession(session, sslContext, sslHandler);
     }
 
-    protected NHttpServerIOTarget createSSLConnection(final SSLIOSession ssliosession) {
-        return super.createConnection(ssliosession);
+    protected NHttpServerIOTarget createSSLConnection(final SSLIOSession sslioSession) {
+        return super.createConnection(sslioSession);
     }
 
     @Override
     protected NHttpServerIOTarget createConnection(final IOSession session) {
-        final SSLIOSession ssliosession = createSSLIOSession(session, this.sslContext, this.sslHandler);
-        session.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
-        final NHttpServerIOTarget conn = createSSLConnection(ssliosession);
+        final SSLIOSession sslioSession = createSSLIOSession(session, this.sslContext, this.sslHandler);
+        session.setAttribute(SSLIOSession.SESSION_KEY, sslioSession);
+        final NHttpServerIOTarget conn = createSSLConnection(sslioSession);
         try {
-            ssliosession.initialize();
+            sslioSession.initialize();
         } catch (final SSLException ex) {
             this.handler.exception(conn, ex);
-            ssliosession.shutdown();
+            sslioSession.shutdown();
         }
         return conn;
     }

httpcore-nio/src/main/java-deprecated/org/apache/http/nio/entity/BufferingNHttpEntity.java

@@ -72,7 +72,7 @@ public class BufferingNHttpEntity extends HttpEntityWrapper implements
     @Override
     public void consumeContent(
             final ContentDecoder decoder,
-            final IOControl ioctrl) throws IOException {
+            final IOControl ioControl) throws IOException {
         this.buffer.consumeContent(decoder);
         if (decoder.isCompleted()) {
             this.finished = true;
@@ -109,14 +109,14 @@ public class BufferingNHttpEntity extends HttpEntityWrapper implements
     }
 
     @Override
-    public void writeTo(final OutputStream outstream) throws IOException {
-        Args.notNull(outstream, "Output stream");
-        final InputStream instream = getContent();
+    public void writeTo(final OutputStream outStream) throws IOException {
+        Args.notNull(outStream, "Output stream");
+        final InputStream inStream = getContent();
         final byte[] buff = new byte[BUFFER_SIZE];
         int l;
         // consume until EOF
-        while ((l = instream.read(buff)) != -1) {
-            outstream.write(buff, 0, l);
+        while ((l = inStream.read(buff)) != -1) {
+            outStream.write(buff, 0, l);
         }
     }