BUILDING.txt

@@ -44,7 +44,7 @@ source distribution, do the following:
     Note regarding later versions of Java:
 
       As documented elsewhere, one of the components in Apache Tomcat includes
-      a private copy of the Apache Commons DBCP library. The source code
+      a private copy of the Apache Commons DBCP 1.x library. The source code
       for this library is downloaded, processed by the build script
       (renaming the packages) and compiled.
 
@@ -54,7 +54,7 @@ source distribution, do the following:
       implementing this version of specification. Therefore, the build Tomcat
       build process must be executed with a Java 6 JDK.
 
-      See Apache Commons DBCP project web site for more details on
+      See Apache Commons DBCP 1.x project web site for more details on
       available versions of the library and its requirements,
 
         https://commons.apache.org/dbcp/

RELEASE-NOTES

@@ -112,7 +112,7 @@ for use by web applications (by placing them in "lib"):
 * tomcat7-websocket.jar (WebSocket 1.1 implementation)
 * tomcat-api.jar (Interfaces shared by Catalina and Jasper)
 * tomcat-coyote.jar (Tomcat connectors and utility classes)
-* tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP)
+* tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP 1.x)
 * tomcat-jdbc.jar (Tomcat's database connection pooling solution)
 * tomcat-util.jar (Various utilities)
 * websocket-api.jar (WebSocket 1.1 API)

bin/daemon.sh

@@ -260,7 +260,7 @@ case "$1" in
       exit $?
     ;;
     *       )
-      echo "Unknown command: \`$1'"
+      echo "Unknown command: '$1'"
       echo "Usage: $PROGRAM ( commands ... )"
       echo "commands:"
       echo "  run               Start Tomcat without detaching from console"

build.properties.default

@@ -25,7 +25,7 @@
 # ----- Version Control Flags -----
 version.major=7
 version.minor=0
-version.build=90
+version.build=91
 version.patch=0
 version.suffix=
 
@@ -69,8 +69,8 @@ compile.source=1.6
 compile.target=1.6
 compile.debug=true
 
-base-apache.loc.1=https://www.apache.org/dyn/closer.lua?action=download&filename=
-base-apache.loc.2=https://archive.apache.org/dist
+base-apache.loc.1=http://www.apache.org/dyn/closer.lua?action=download&filename=
+base-apache.loc.2=http://archive.apache.org/dist
 base-commons.loc.1=${base-apache.loc.1}/commons
 base-commons.loc.2=${base-apache.loc.2}/commons
 base-tomcat.loc.1=${base-apache.loc.1}/tomcat
@@ -180,7 +180,7 @@ tomcat-native.loc.2=${base-tomcat.loc.2}/tomcat-connectors/native/${tomcat-nativ
 tomcat-native.win.1=${base-tomcat.loc.1}/tomcat-connectors/native/${tomcat-native.version}/binaries/tomcat-native-${tomcat-native.version}-win32-bin.zip
 tomcat-native.win.2=${base-tomcat.loc.2}/tomcat-connectors/native/${tomcat-native.version}/binaries/tomcat-native-${tomcat-native.version}-win32-bin.zip
 
-# ----- Commons DBCP, version 1.1 or later -----
+# ----- Commons DBCP 1.x, version 1.1 or later -----
 commons-dbcp.version=1.4
 commons-dbcp-src.checksum.enabled=true
 commons-dbcp-src.checksum.algorithm=SHA-256
@@ -189,7 +189,7 @@ commons-dbcp.home=${base.path}/commons-dbcp-${commons-dbcp.version}-src
 commons-dbcp-src.loc.1=${base-commons.loc.1}/dbcp/source/commons-dbcp-${commons-dbcp.version}-src.tar.gz
 commons-dbcp-src.loc.2=${base-commons.loc.2}/dbcp/source/commons-dbcp-${commons-dbcp.version}-src.tar.gz
 
-# ----- Commons Pool, version 1.1 or later -----
+# ----- Commons Pool 1.x, version 1.1 or later -----
 commons-pool.version=1.5.7
 commons-pool-src.checksum.enabled=true
 commons-pool-src.checksum.algorithm=MD5|SHA-1

build.xml

@@ -845,6 +845,16 @@
       <zipfileset file="${tomcat.manifests}/default.license"
         fullpath="META-INF/LICENSE" />
     </jar>
+    <jar jarfile="${tomcat.build}/lib/tomcat-i18n-ru.jar"
+      manifest="${tomcat.manifests}/default.manifest">
+      <fileset dir="${tomcat.classes}">
+        <include name="**/LocalStrings_ru.properties" />
+      </fileset>
+      <zipfileset file="${tomcat.manifests}/default.notice"
+        fullpath="META-INF/NOTICE" />
+      <zipfileset file="${tomcat.manifests}/default.license"
+        fullpath="META-INF/LICENSE" />
+    </jar>
 
   </target>
 
@@ -1293,7 +1303,6 @@
       <fileset dir="${tomcat.embed}">
         <include name="**" />
         <exclude name="*.asc" />
-        <exclude name="*.sha1" />
         <exclude name="*.sha512" />
         <exclude name="*.zip" />
         <exclude name="*.tar.gz" />
@@ -1310,7 +1319,6 @@
       <tarfileset dir="${tomcat.embed}" prefix="${final.name}-embed">
         <include name="**" />
         <exclude name="*.asc" />
-        <exclude name="*.sha1" />
         <exclude name="*.sha512" />
         <exclude name="*.zip" />
         <exclude name="*.tar.gz" />
@@ -2224,7 +2232,6 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform.
         <include name="*.zip"/>
         <include name="*.tar.gz"/>
         <include name="*.asc"/>
-        <include name="*.sha1"/>
         <include name="*.sha512"/>
       </fileset>
     </copy>
@@ -2576,7 +2583,7 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform.
       filesDir="java"
       filesId="files.jasper-el" />
 
-    <!-- Repackaged DBCP -->
+    <!-- Repackaged DBCP 1.x -->
     <copy file="${tomcat-dbcp-src.jar}" todir="${tomcat.src.jars}" />
     <!-- jdbc-pool JAR File -->
     <copy file="${tomcat-jdbc-src.jar}" todir="${tomcat.src.jars}" />
@@ -2649,7 +2656,7 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform.
       <param name="checksum.value" value="${commons-daemon.bin.checksum.value}"/>
     </antcall>
 
-    <!-- Download src and build Tomcat DBCP bundle -->
+    <!-- Download src and build Tomcat DBCP 1.x bundle -->
     <antcall target="downloadgz-2">
       <param name="sourcefile.1" value="${commons-pool-src.loc.1}"/>
       <param name="sourcefile.2" value="${commons-pool-src.loc.2}"/>
@@ -3186,14 +3193,11 @@ Read the Building page on the Apache Tomcat documentation site for details on ho
     <attribute name="file" />
     <sequential>
       <local name="filename" />
-      <local name="sha1value" />
       <local name="sha512value" />
 
       <basename file="@{file}" property="filename" />
-      <checksum algorithm="SHA-1" file="@{file}" property="sha1value" />
       <checksum algorithm="SHA-512" file="@{file}" property="sha512value" />
 
-      <echo file="@{file}.sha1" message="${sha1value}${md5sum.binary-prefix}${filename}" />
       <echo file="@{file}.sha512" message="${sha512value}${md5sum.binary-prefix}${filename}" />
 
       <antcall target="sign" >

conf/catalina.properties

@@ -91,28 +91,87 @@ shared.loader=
 # - Common non-Tomcat JARs
 # - Test JARs (JUnit, Cobertura and dependencies)
 tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
-bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
-annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
-catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
-jasper.jar,jasper-el.jar,ecj-*.jar,\
-tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
-tomcat-jni.jar,tomcat-spdy.jar,\
-tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
-tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
+annotations-api.jar,\
+ant-junit*.jar,\
+ant-launcher.jar,\
+ant.jar,\
+asm-*.jar,\
+aspectj*.jar,\
+bootstrap.jar,\
+catalina-ant.jar,\
+catalina-ha.jar,\
+catalina-jmx-remote.jar,\
+catalina-tribes.jar,\
+catalina-ws.jar,\
+catalina.jar,\
+cobertura-*.jar,\
+commons-beanutils*.jar,\
+commons-codec*.jar,\
+commons-collections*.jar,\
+commons-daemon.jar,\
+commons-dbcp*.jar,\
+commons-digester*.jar,\
+commons-fileupload*.jar,\
+commons-httpclient*.jar,\
+commons-io*.jar,\
+commons-lang*.jar,\
+commons-logging*.jar,\
+commons-math*.jar,\
+commons-pool*.jar,\
+dom4j-*.jar,\
+ecj-*.jar,\
+el-api.jar,\
+geronimo-spec-jaxrpc*.jar,\
+h2*.jar,\
+hamcrest-*.jar,\
+hibernate*.jar,\
+httpclient*.jar,\
+icu4j-*.jar,\
+jasper-el.jar,\
+jasper.jar,\
+jaxb-*.jar,\
+jaxen-*.jar,\
+jdom-*.jar,\
+jetty-*.jar,\
+jmx-tools.jar,\
+jmx.jar,\
+jsp-api.jar,\
+jstl.jar,\
+jta*.jar,\
+junit-*.jar,\
+junit.jar,\
+log4j-1*.jar,\
+log4j*.jar,\
+mail*.jar,\
+org.hamcrest.*.jar,\
+oraclepki.jar,\
+oro-*.jar,\
+servlet-api-*.jar,\
+servlet-api.jar,\
+slf4j*.jar,\
+taglibs-standard-spec-*.jar,\
+tagsoup-*.jar,\
+tomcat-api.jar,\
+tomcat-coyote.jar,\
+tomcat-dbcp.jar,\
+tomcat-i18n-en.jar,\
+tomcat-i18n-es.jar,\
+tomcat-i18n-fr.jar,\
+tomcat-i18n-ja.jar,\
+tomcat-i18n-ru.jar,\
 tomcat-jdbc.jar,\
+tomcat-jni.jar,\
+tomcat-juli-adapters.jar,\
+tomcat-juli.jar,\
+tomcat-spdy.jar,\
+tomcat-util.jar,\
 tools.jar,\
-commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
-commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
-commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
-commons-math*.jar,commons-pool*.jar,\
-jstl.jar,taglibs-standard-spec-*.jar,\
-geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
-ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
-jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
-xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
-junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
-cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
-jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
+websocket-api.jar,\
+wsdl4j*.jar,\
+xercesImpl.jar,\
+xml-apis.jar,\
+xmlParserAPIs-*.jar,\
+xmlParserAPIs.jar,\
 xom-*.jar
 
 # Additional JARs (over and above the default JARs listed above) to skip when

debian/changelog

+tomcat7 (7.0.56-3+really7.0.91-1) jessie-security; urgency=high
+
+  * Non-maintainer upload by the LTS team.
+  * Fix CVE-2018-11784:
+    Sergey Bobrov discovered that when the default servlet returned a redirect
+    to a directory (e.g. redirecting to /foo/ when the user requested /foo) a
+    specially crafted URL could be used to cause the redirect to be generated
+    to any URI of the attackers choice.
+
+ -- Markus Koschany <apo@debian.org>  Sun, 14 Oct 2018 20:04:48 +0200
+
 tomcat7 (7.0.56-3+really7.0.90-1) jessie-security; urgency=high
 
   * Non-maintainer upload by the LTS team.

debian/patches/0017-use-jdbc-pool-default.patch

@@ -8,8 +8,6 @@ Subject: 0017-use-jdbc-pool-default
  webapps/docs/jndi-resources-howto.xml         | 2 +-
  3 files changed, 3 insertions(+), 3 deletions(-)
 
-diff --git a/java/org/apache/naming/factory/Constants.java b/java/org/apache/naming/factory/Constants.java
-index bdfa627..7bbdbc1 100644
 --- a/java/org/apache/naming/factory/Constants.java
 +++ b/java/org/apache/naming/factory/Constants.java
 @@ -38,7 +38,7 @@ public final class Constants {
@@ -21,8 +19,6 @@ index bdfa627..7bbdbc1 100644
  
      public static final String OPENEJB_EJB_FACTORY = Package + ".OpenEjbFactory";
  
-diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
-index dcc0a48..9fe0ad0 100644
 --- a/webapps/docs/config/systemprops.xml
 +++ b/webapps/docs/config/systemprops.xml
 @@ -645,7 +645,7 @@
@@ -32,10 +28,8 @@ index dcc0a48..9fe0ad0 100644
 -      <code>org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory</code> is used
 +      <code>org.apache.tomcat.jdbc.pool.DataSourceFactory</code> is used
        which is a package renamed (to avoid conflicts) copy of
-       <a href="https://commons.apache.org/dbcp">Apache Commons DBCP</a>.</p>
+       <a href="https://commons.apache.org/dbcp">Apache Commons DBCP 1.x</a>.</p>
      </property>
-diff --git a/webapps/docs/jndi-resources-howto.xml b/webapps/docs/jndi-resources-howto.xml
-index a2bca20..ea3f706 100644
 --- a/webapps/docs/jndi-resources-howto.xml
 +++ b/webapps/docs/jndi-resources-howto.xml
 @@ -760,7 +760,7 @@ conn.close();]]></source>

debian/patches/series

@@ -17,3 +17,4 @@
 0026-add-asm-to-test-classpath.patch
 0027-TestFileHandlerNonRotatable.patch
 0017-use-jdbc-pool-default.patch
+tomcat-7.0.91-build-failure.patch

debian/patches/tomcat-7.0.91-build-failure.patch

+From: Markus Koschany <apo@debian.org>
+Date: Sun, 14 Oct 2018 20:19:56 +0200
+Subject: tomcat 7.0.91 build failure
+
+Fix build failure due to missing zip end tag.
+---
+ build.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/build.xml b/build.xml
+index 8506531..251fd73 100644
+--- a/build.xml
++++ b/build.xml
+@@ -843,7 +843,7 @@
+         fullpath="META-INF/NOTICE" />
+       <zipfileset file="${tomcat.manifests}/default.license"
+         fullpath="META-INF/LICENSE" />
+-    </jar>
++    </zip>
+     <jar jarfile="${tomcat.build}/lib/tomcat-i18n-ru.jar"
+       manifest="${tomcat.manifests}/default.manifest">
+       <fileset dir="${tomcat.classes}">
+@@ -853,7 +853,7 @@
+         fullpath="META-INF/NOTICE" />
+       <zipfileset file="${tomcat.manifests}/default.license"
+         fullpath="META-INF/LICENSE" />
+-    </zip>
++    </jar>
+ 
+   </target>
+ 

debian/rules

@@ -42,7 +42,7 @@ ANT_ARGS := -Dcompile.debug=true \
 	-Deasymock.jar=/usr/share/java/easymock.jar \
 	-Dcglib.jar=/usr/share/java/cglib3.jar \
 	-Dobjenesis.jar=/usr/share/java/objenesis.jar \
-	-Dversion="7.0.90" \
+	-Dversion="7.0.91" \
     -Dversion.major="$(T_VER_MAJOR)" \
     -Dversion.minor="$(T_VER_MINOR)" \
     -Dversion.build="$(T_VER_BUILD)" \

java/javax/servlet/resources/XMLSchema.dtd

@@ -33,7 +33,7 @@
      are defined in XML Schema: Part 2: Datatypes -->
 <!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
 
-<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+<!ENTITY % p 'xs:'> <!-- can be overridden in the internal subset of a
                          schema document to establish a different
                          namespace prefix -->
 <!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
@@ -170,7 +170,7 @@
           %complexTypeAttrs;>
 
 <!-- particleAndAttrs is shorthand for a root type -->
-<!-- mixed is disallowed if simpleContent, overriden if complexContent
+<!-- mixed is disallowed if simpleContent, overridden if complexContent
      has one too. -->
 
 <!-- If anyAttribute appears in one or more referenced attributeGroups

java/javax/servlet/resources/j2ee_web_services_client_1_1.xsd

@@ -188,7 +188,7 @@
           <xsd:documentation>
 
             The service-qname element declares the specific WSDL service
-            element that is being refered to.  It is not specified if no
+            element that is being referred to.  It is not specified if no
             wsdl-file is declared.
 
           </xsd:documentation>

java/org/apache/catalina/Globals.java

@@ -146,9 +146,13 @@ public final class Globals {
      * We do this because of the pathInfo mangling happening when using
      * the CGIServlet in conjunction with the SSI servlet. (value stored
      * as an object of type String)
+     *
+     * @deprecated Unused. This is no longer used as the CGIO servlet now has
+     *             generic handling for when it is used as an include.
+     *             This will be removed in Tomcat 10
      */
-     public static final String SSI_FLAG_ATTR =
-         "org.apache.catalina.ssi.SSIServlet";
+    @Deprecated
+    public static final String SSI_FLAG_ATTR = "org.apache.catalina.ssi.SSIServlet";
 
 
     /**

java/org/apache/catalina/connector/Request.java

@@ -1399,6 +1399,25 @@ implements HttpServletRequest {
             return (context.getServletContext().getRequestDispatcher(path));
         }
 
+        /*
+         * Relative to what, exactly?
+         *
+         * From the Servlet 4.0 Javadoc:
+         * - The pathname specified may be relative, although it cannot extend
+         *   outside the current servlet context.
+         * - If it is relative, it must be relative against the current servlet
+         *
+         * From Section 9.1 of the spec:
+         * - The servlet container uses information in the request object to
+         *   transform the given relative path against the current servlet to a
+         *   complete path.
+         *
+         * It is undefined whether the requestURI is used or whether servletPath
+         * and pathInfo are used. Given that the RequestURI includes the
+         * contextPath (and extracting that is messy) , using the servletPath and
+         * pathInfo looks to be the more reasonable choice.
+         */
+
         // Convert a request-relative path to a context-relative one
         String servletPath = (String) getAttribute(
                 RequestDispatcher.INCLUDE_SERVLET_PATH);
@@ -3264,11 +3283,6 @@ implements HttpServletRequest {
                 return;
             }
 
-            if( !getConnector().isParseBodyMethod(getMethod()) ) {
-                success = true;
-                return;
-            }
-
             String contentType = getContentType();
             if (contentType == null) {
                 contentType = "";
@@ -3286,6 +3300,11 @@ implements HttpServletRequest {
                 return;
             }
 
+            if( !getConnector().isParseBodyMethod(getMethod()) ) {
+                success = true;
+                return;
+            }
+
             if (!("application/x-www-form-urlencoded".equals(contentType))) {
                 success = true;
                 return;

java/org/apache/catalina/core/ApplicationContext.java

@@ -18,12 +18,10 @@ package org.apache.catalina.core;
 
 import java.io.File;
 import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
 import java.lang.reflect.InvocationTargetException;
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URL;
-import java.net.URLDecoder;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.EnumSet;
@@ -79,6 +77,7 @@ import org.apache.naming.resources.Resource;
 import org.apache.tomcat.util.ExceptionUtils;
 import org.apache.tomcat.util.buf.CharChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.buf.UDecoder;
 import org.apache.tomcat.util.http.RequestUtil;
 import org.apache.tomcat.util.http.mapper.MappingData;
 import org.apache.tomcat.util.res.StringManager;
@@ -473,9 +472,8 @@ public class ApplicationContext implements ServletContext {
                     sm.getString("applicationContext.requestDispatcher.iae", path));
         }
 
-        // Need to separate the query string and the uri. This is required for
-        // the ApplicationDispatcher constructor. Mapping also requires the uri
-        // without the query string.
+        // Same processing order as InputBuffer / CoyoteAdapter
+        // First remove query string
         String uri;
         String queryString;
         int pos = path.indexOf('?');
@@ -487,24 +485,24 @@ public class ApplicationContext implements ServletContext {
             queryString = null;
         }
 
-        String normalizedPath = RequestUtil.normalize(uri);
-        if (normalizedPath == null) {
+        // Remove path parameters
+        String uriNoParams = stripPathParams(uri);
+
+        // Then normalize
+        String normalizedUri = RequestUtil.normalize(uriNoParams);
+        if (normalizedUri == null) {
             return (null);
         }
 
+        // Mapping is against the normalized uri
+
         if (getContext().getDispatchersUseEncodedPaths()) {
             // Decode
-            String decodedPath;
-            try {
-                decodedPath = URLDecoder.decode(normalizedPath, "UTF-8");
-            } catch (UnsupportedEncodingException e) {
-                // Impossible
-                return null;
-            }
+            String decodedUri = UDecoder.URLDecode(normalizedUri);
 
             // Security check to catch attempts to encode /../ sequences
-            normalizedPath = RequestUtil.normalize(decodedPath);
-            if (!decodedPath.equals(normalizedPath)) {
+            normalizedUri = RequestUtil.normalize(decodedUri);
+            if (!decodedUri.equals(normalizedUri)) {
                 getContext().getLogger().warn(
                         sm.getString("applicationContext.illegalDispatchPath", path),
                         new IllegalArgumentException());
@@ -521,7 +519,7 @@ public class ApplicationContext implements ServletContext {
             uri = URLEncoder.DEFAULT.encode(getContextPath() + uri, "UTF-8");
         }
 
-        pos = normalizedPath.length();
+        pos = normalizedUri.length();
 
         // Use the thread local URI and mapping data
         DispatchData dd = dispatchData.get();
@@ -536,46 +534,63 @@ public class ApplicationContext implements ServletContext {
         // Use the thread local mapping data
         MappingData mappingData = dd.mappingData;
 
+        try {
             // Map the URI
             CharChunk uriCC = uriMB.getCharChunk();
             try {
-            uriCC.append(context.getPath(), 0, context.getPath().length());
-            /*
-             * Ignore any trailing path params (separated by ';') for mapping
-             * purposes
-             */
-            int semicolon = normalizedPath.indexOf(';');
-            if (pos >= 0 && semicolon > pos) {
-                semicolon = -1;
-            }
-            uriCC.append(normalizedPath, 0, semicolon > 0 ? semicolon : pos);
+                uriCC.append(context.getPath());
+                uriCC.append(normalizedUri);
                 context.getMapper().map(uriMB, mappingData);
                 if (mappingData.wrapper == null) {
-                return (null);
-            }
-            /*
-             * Append any trailing path params (separated by ';') that were
-             * ignored for mapping purposes, so that they're reflected in the
-             * RequestDispatcher's requestURI
-             */
-            if (semicolon > 0) {
-                uriCC.append(normalizedPath, semicolon, pos - semicolon);
+                    return null;
                 }
             } catch (Exception e) {
                 // Should never happen
                 log(sm.getString("applicationContext.mapping.error"), e);
-            return (null);
+                return null;
             }
 
             Wrapper wrapper = (Wrapper) mappingData.wrapper;
             String wrapperPath = mappingData.wrapperPath.toString();
             String pathInfo = mappingData.pathInfo.toString();
 
-        mappingData.recycle();
-
             // Construct a RequestDispatcher to process this request
             return new ApplicationDispatcher(wrapper, uri, wrapperPath, pathInfo,
                     queryString, null);
+        } finally {
+            // Recycle thread local data at the end of the request so references
+            // are not held to a completed request as there is potential for
+            // that to trigger a memory leak if a context is unloaded.
+            mappingData.recycle();
+        }
+    }
+
+
+    // Package private to facilitate testing
+    static String stripPathParams(String input) {
+        // Shortcut
+        if (input.indexOf(';') < 0) {
+            return input;
+        }
+
+        StringBuilder sb = new StringBuilder(input.length());
+        int pos = 0;
+        int limit = input.length();
+        while (pos < limit) {
+            int nextSemiColon = input.indexOf(';', pos);
+            if (nextSemiColon < 0) {
+                nextSemiColon = limit;
+            }
+            sb.append(input.substring(pos, nextSemiColon));
+            int followingSlash = input.indexOf('/', nextSemiColon);
+            if (followingSlash < 0) {
+                pos = limit;
+            } else {
+                pos = followingSlash;
+            }
+        }
+
+        return sb.toString();
     }
 
 

java/org/apache/catalina/core/ContainerBase.java

@@ -66,6 +66,7 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.naming.resources.ProxyDirContext;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.MultiThrowable;
 import org.apache.tomcat.util.res.StringManager;
 
 
@@ -1235,31 +1236,35 @@ public abstract class ContainerBase extends LifecycleMBeanBase
             results.add(startStopExecutor.submit(new StartChild(children[i])));
         }
 
-        boolean fail = false;
+        MultiThrowable multiThrowable = null;
+
         for (Future<Void> result : results) {
             try {
                 result.get();
-            } catch (Exception e) {
+            } catch (Throwable e) {
                 log.error(sm.getString("containerBase.threadedStartFailed"), e);
-                fail = true;
+                if (multiThrowable == null) {
+                    multiThrowable = new MultiThrowable();
+                }
+                multiThrowable.add(e);
             }
 
         }
-        if (fail) {
-            throw new LifecycleException(
-                    sm.getString("containerBase.threadedStartFailed"));
+        if (multiThrowable != null) {
+            throw new LifecycleException(sm.getString("containerBase.threadedStartFailed"),
+                    multiThrowable.getThrowable());
         }
 
         // Start the Valves in our pipeline (including the basic), if any
-        if (pipeline instanceof Lifecycle)
+        if (pipeline instanceof Lifecycle) {
             ((Lifecycle) pipeline).start();
+        }
 
 
         setState(LifecycleState.STARTING);
 
         // Start our thread
         threadStart();
-
     }
 
 

java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java

@@ -246,6 +246,21 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener {
         // Initialise these classes when Tomcat starts
         if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
 
+            /*
+             * First call to this loads all drivers visible to the current class
+             * loader and its parents.
+             *
+             * Note: This is called before the context class loader is changed
+             *       because we want any drivers located in CATALINA_HOME/lib
+             *       and/or CATALINA_HOME/lib to be visible to DriverManager.
+             *       Users wishing to avoid having JDBC drivers loaded by this
+             *       class loader should add the JDBC driver(s) to the class
+             *       path so they are loaded by the system class loader.
+             */
+            if (driverManagerProtection) {
+                DriverManager.getDrivers();
+            }
+
             ClassLoader loader = Thread.currentThread().getContextClassLoader();
 
             try
@@ -255,14 +270,6 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener {
                 Thread.currentThread().setContextClassLoader(
                         ClassLoader.getSystemClassLoader());
 
-                /*
-                 * First call to this loads all drivers in the current class
-                 * loader
-                 */
-                if (driverManagerProtection) {
-                    DriverManager.getDrivers();
-                }
-
                 /*
                  * Several components end up calling:
                  * sun.awt.AppContext.getAppContext()

java/org/apache/catalina/deploy/LocalStrings.properties

@@ -15,8 +15,6 @@
 
 filterDef.invalidFilterName=Invalid <filter-name> [{0}] in filter definition.
 
-resourceBase.lookupNotJava=Lookup-name values must explicitly reference the java: namespace but [{0}] does not
-
 servletDef.invalidServletName=Invalid <servlet-name> [{0}] in servlet definition.
 
 webXml.duplicateEnvEntry=Duplicate env-entry name [{0}]

java/org/apache/catalina/deploy/ResourceBase.java

@@ -22,8 +22,6 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 
-import org.apache.tomcat.util.res.StringManager;
-
 /**
  * Representation of an Context element
  *
@@ -33,9 +31,6 @@ public class ResourceBase implements Serializable, Injectable {
 
     private static final long serialVersionUID = 1L;
 
-    private static final StringManager sm = StringManager.getManager(ResourceBase.class);
-
-
     // ------------------------------------------------------------- Properties
 
     /**
@@ -89,15 +84,10 @@ public class ResourceBase implements Serializable, Injectable {
     }
 
     public void setLookupName(String lookupName) {
-        // EE.5.3.3: Must explicitly use java: namespace
         if (lookupName == null || lookupName.length() == 0) {
             this.lookupName = null;
             return;
         }
-        if (!lookupName.startsWith("java:")) {
-            throw new IllegalArgumentException(
-                    sm.getString("resourceBase.lookupNotJava", lookupName));
-        }
         this.lookupName = lookupName;
     }