diff -Nru httpcomponents-client-4.5.11/debian/changelog httpcomponents-client-4.5.13/debian/changelog --- httpcomponents-client-4.5.11/debian/changelog 2020-01-25 22:44:33.000000000 +0000 +++ httpcomponents-client-4.5.13/debian/changelog 2020-10-09 20:45:42.000000000 +0000 @@ -1,3 +1,20 @@ +httpcomponents-client (4.5.13-1) unstable; urgency=medium + + * Team upload. + * New upstream version 4.5.13. + - Fix CVE-2020-13956: + Incorrect handling of malformed authority component by + URIUtils#extractHost. + * Switch to debhelper-compat = 13. + + -- Markus Koschany Fri, 09 Oct 2020 22:45:42 +0200 + +httpcomponents-client (4.5.12-1) unstable; urgency=medium + + * New upstream release + + -- Emmanuel Bourg Thu, 03 Sep 2020 14:37:38 +0200 + httpcomponents-client (4.5.11-1) unstable; urgency=medium * Team upload. diff -Nru httpcomponents-client-4.5.11/debian/compat httpcomponents-client-4.5.13/debian/compat --- httpcomponents-client-4.5.11/debian/compat 2020-01-25 22:36:11.000000000 +0000 +++ httpcomponents-client-4.5.13/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -11 diff -Nru httpcomponents-client-4.5.11/debian/control httpcomponents-client-4.5.13/debian/control --- httpcomponents-client-4.5.11/debian/control 2020-01-25 22:41:04.000000000 +0000 +++ httpcomponents-client-4.5.13/debian/control 2020-10-09 20:45:42.000000000 +0000 @@ -6,7 +6,7 @@ Jakub Adam , Emmanuel Bourg Build-Depends: - debhelper (>= 11), + debhelper-compat (= 13), default-jdk, javahelper, junit4, diff -Nru httpcomponents-client-4.5.11/fluent-hc/pom.xml httpcomponents-client-4.5.13/fluent-hc/pom.xml --- httpcomponents-client-4.5.11/fluent-hc/pom.xml 2020-01-15 10:26:26.000000000 +0000 +++ httpcomponents-client-4.5.13/fluent-hc/pom.xml 2020-10-03 14:45:08.000000000 +0000 @@ -28,7 +28,7 @@ org.apache.httpcomponents httpcomponents-client - 4.5.11 + 4.5.13 fluent-hc Apache HttpClient Fluent API diff -Nru httpcomponents-client-4.5.11/httpclient/pom.xml httpcomponents-client-4.5.13/httpclient/pom.xml --- httpcomponents-client-4.5.11/httpclient/pom.xml 2020-01-15 10:26:26.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/pom.xml 2020-10-03 14:45:08.000000000 +0000 @@ -28,7 +28,7 @@ org.apache.httpcomponents httpcomponents-client - 4.5.11 + 4.5.13 httpclient Apache HttpClient diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java 2019-08-13 11:41:57.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/client/utils/URIUtils.java 2020-10-03 10:30:11.000000000 +0000 @@ -419,56 +419,43 @@ if (uri == null) { return null; } - HttpHost target = null; if (uri.isAbsolute()) { - int port = uri.getPort(); // may be overridden later - String host = uri.getHost(); - if (host == null) { // normal parse failed; let's do it ourselves + if (uri.getHost() == null) { // normal parse failed; let's do it ourselves // authority does not seem to care about the valid character-set for host names - host = uri.getAuthority(); - if (host != null) { + if (uri.getAuthority() != null) { + String content = uri.getAuthority(); // Strip off any leading user credentials - final int at = host.indexOf('@'); - if (at >= 0) { - if (host.length() > at+1 ) { - host = host.substring(at+1); - } else { - host = null; // @ on its own - } + int at = content.indexOf('@'); + if (at != -1) { + content = content.substring(at + 1); } - // Extract the port suffix, if present - if (host != null) { - final int colon = host.indexOf(':'); - if (colon >= 0) { - final int pos = colon + 1; - int len = 0; - for (int i = pos; i < host.length(); i++) { - if (Character.isDigit(host.charAt(i))) { - len++; - } else { - break; - } - } - if (len > 0) { - try { - port = Integer.parseInt(host.substring(pos, pos + len)); - } catch (final NumberFormatException ex) { - } - } - host = host.substring(0, colon); + final String scheme = uri.getScheme(); + final String hostname; + final int port; + at = content.indexOf(":"); + if (at != -1) { + hostname = content.substring(0, at); + try { + final String portText = content.substring(at + 1); + port = !TextUtils.isEmpty(portText) ? Integer.parseInt(portText) : -1; + } catch (final NumberFormatException ex) { + return null; } + } else { + hostname = content; + port = -1; + } + try { + return new HttpHost(hostname, port, scheme); + } catch (final IllegalArgumentException ex) { + return null; } } - } - final String scheme = uri.getScheme(); - if (!TextUtils.isBlank(host)) { - try { - target = new HttpHost(host, port, scheme); - } catch (final IllegalArgumentException ignore) { - } + } else { + return new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme()); } } - return target; + return null; } /** diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java 2020-01-14 08:30:39.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java 2020-02-29 17:14:31.000000000 +0000 @@ -169,7 +169,7 @@ final SubjectName subjectAlt = subjectAlts.get(i); if (subjectAlt.getType() == SubjectName.DNS) { final String normalizedSubjectAlt = DnsUtils.normalize(subjectAlt.getValue()); - if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher, DomainType.ICANN)) { + if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher)) { return; } } @@ -182,7 +182,7 @@ final PublicSuffixMatcher publicSuffixMatcher) throws SSLException { final String normalizedHost = DnsUtils.normalize(host); final String normalizedCn = DnsUtils.normalize(cn); - if (!matchIdentityStrict(normalizedHost, normalizedCn, publicSuffixMatcher, DomainType.ICANN)) { + if (!matchIdentityStrict(normalizedHost, normalizedCn, publicSuffixMatcher)) { throw new SSLPeerUnverifiedException("Certificate for <" + host + "> doesn't match " + "common name of the certificate subject: " + cn); } diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcher.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcher.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcher.java 2020-01-14 08:30:39.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/conn/util/PublicSuffixMatcher.java 2020-02-29 17:14:31.000000000 +0000 @@ -97,20 +97,15 @@ } } - private static boolean hasEntry(final Map map, final String rule, final DomainType expectedType) { + private static DomainType findEntry(final Map map, final String rule) { if (map == null) { - return false; + return null; } - final DomainType domainType = map.get(rule); - return domainType == null ? false : expectedType == null || domainType.equals(expectedType); - } - - private boolean hasRule(final String rule, final DomainType expectedType) { - return hasEntry(this.rules, rule, expectedType); + return map.get(rule); } - private boolean hasException(final String exception, final DomainType expectedType) { - return hasEntry(this.exceptions, exception, expectedType); + private static boolean match(final DomainType domainType, final DomainType expectedType) { + return domainType != null && (expectedType == null || domainType.equals(expectedType)); } /** @@ -147,10 +142,15 @@ while (segment != null) { // An exception rule takes priority over any other matching rule. final String key = IDN.toUnicode(segment); - if (hasException(key, expectedType)) { + final DomainType exceptionRule = findEntry(exceptions, key); + if (match(exceptionRule, expectedType)) { return segment; } - if (hasRule(key, expectedType)) { + final DomainType domainRule = findEntry(rules, key); + if (match(domainRule, expectedType)) { + if (domainRule == DomainType.PRIVATE) { + return segment; + } return result; } @@ -158,7 +158,11 @@ final String nextSegment = nextdot != -1 ? segment.substring(nextdot + 1) : null; if (nextSegment != null) { - if (hasRule("*." + IDN.toUnicode(nextSegment), expectedType)) { + final DomainType wildcardDomainRule = findEntry(rules, "*." + IDN.toUnicode(nextSegment)); + if (match(wildcardDomainRule, expectedType)) { + if (wildcardDomainRule == DomainType.PRIVATE) { + return segment; + } return result; } } @@ -174,6 +178,7 @@ // If we did have expectations apparently there was no match return null; } + /** * Tests whether the given domain matches any of entry from the public suffix list. */ diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java 2020-09-29 07:40:16.000000000 +0000 @@ -172,7 +172,8 @@ * the 8 byte array the server sent. * @return The type 3 message. * @throws NTLMEngineException - * If {@encrypt(byte[],byte[])} fails. + * If {@link #Type3Message + * (String, String, String, String, byte[], int, String, byte[])} fails. */ static String getType3Message(final String user, final String password, final String host, final String domain, final byte[] nonce, final int type2Flags, final String target, final byte[] targetInformation) @@ -199,7 +200,8 @@ * the 8 byte array the server sent. * @return The type 3 message. * @throws NTLMEngineException - * If {@encrypt(byte[],byte[])} fails. + * If {@link #Type3Message + * (String, String, String, String, byte[], int, String, byte[], Certificate, byte[], byte[])} fails. */ static String getType3Message(final String user, final String password, final String host, final String domain, final byte[] nonce, final int type2Flags, final String target, final byte[] targetInformation, diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/client/DefaultRedirectStrategy.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/client/DefaultRedirectStrategy.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/client/DefaultRedirectStrategy.java 2019-09-04 12:19:41.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/client/DefaultRedirectStrategy.java 2020-03-03 12:38:17.000000000 +0000 @@ -74,6 +74,8 @@ private final Log log = LogFactory.getLog(getClass()); + public static final int SC_PERMANENT_REDIRECT = 308; + /** * @deprecated (4.3) use {@link org.apache.http.client.protocol.HttpClientContext#REDIRECT_LOCATIONS}. */ @@ -120,6 +122,7 @@ return isRedirectable(method) && locationHeader != null; case HttpStatus.SC_MOVED_PERMANENTLY: case HttpStatus.SC_TEMPORARY_REDIRECT: + case SC_PERMANENT_REDIRECT: return isRedirectable(method); case HttpStatus.SC_SEE_OTHER: return true; @@ -225,7 +228,7 @@ return new HttpGet(uri); } else { final int status = response.getStatusLine().getStatusCode(); - return status == HttpStatus.SC_TEMPORARY_REDIRECT + return (status == HttpStatus.SC_TEMPORARY_REDIRECT || status == SC_PERMANENT_REDIRECT) ? RequestBuilder.copy(request).setUri(uri).build() : new HttpGet(uri); } diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/cookie/BasicExpiresHandler.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/cookie/BasicExpiresHandler.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/cookie/BasicExpiresHandler.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/cookie/BasicExpiresHandler.java 2020-09-29 07:40:16.000000000 +0000 @@ -45,11 +45,11 @@ public class BasicExpiresHandler extends AbstractCookieAttributeHandler implements CommonCookieAttributeHandler { /** Valid date patterns */ - private final String[] datepatterns; + private final String[] datePatterns; - public BasicExpiresHandler(final String[] datepatterns) { - Args.notNull(datepatterns, "Array of date patterns"); - this.datepatterns = datepatterns; + public BasicExpiresHandler(final String[] datePatterns) { + Args.notNull(datePatterns, "Array of date patterns"); + this.datePatterns = datePatterns.clone(); } @Override @@ -59,7 +59,7 @@ if (value == null) { throw new MalformedCookieException("Missing value for 'expires' attribute"); } - final Date expiry = DateUtils.parseDate(value, this.datepatterns); + final Date expiry = DateUtils.parseDate(value, this.datePatterns); if (expiry == null) { throw new MalformedCookieException("Invalid 'expires' attribute: " + value); diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/cookie/LaxExpiresHandler.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/cookie/LaxExpiresHandler.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/cookie/LaxExpiresHandler.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/cookie/LaxExpiresHandler.java 2020-04-17 09:17:10.000000000 +0000 @@ -43,6 +43,7 @@ import org.apache.http.cookie.SetCookie; import org.apache.http.message.ParserCursor; import org.apache.http.util.Args; +import org.apache.http.util.TextUtils; /** * @@ -105,6 +106,9 @@ @Override public void parse(final SetCookie cookie, final String value) throws MalformedCookieException { Args.notNull(cookie, "Cookie"); + if (TextUtils.isBlank(value)) { + return; + } final ParserCursor cursor = new ParserCursor(0, value.length()); final StringBuilder content = new StringBuilder(); diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/execchain/RedirectExec.java httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/execchain/RedirectExec.java --- httpcomponents-client-4.5.11/httpclient/src/main/java/org/apache/http/impl/execchain/RedirectExec.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/java/org/apache/http/impl/execchain/RedirectExec.java 2020-03-03 12:38:17.000000000 +0000 @@ -112,7 +112,12 @@ try { if (config.isRedirectsEnabled() && this.redirectStrategy.isRedirected(currentRequest.getOriginal(), response, context)) { - + if (!RequestEntityProxy.isRepeatable(currentRequest)) { + if (log.isDebugEnabled()) { + log.debug("Cannot redirect non-repeatable request"); + } + return response; + } if (redirectCount >= maxRedirects) { throw new RedirectException("Maximum redirects ("+ maxRedirects + ") exceeded"); } diff -Nru httpcomponents-client-4.5.11/httpclient/src/main/resources/mozilla/public-suffix-list.txt httpcomponents-client-4.5.13/httpclient/src/main/resources/mozilla/public-suffix-list.txt --- httpcomponents-client-4.5.11/httpclient/src/main/resources/mozilla/public-suffix-list.txt 2020-01-06 17:36:59.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/main/resources/mozilla/public-suffix-list.txt 2020-10-09 08:23:33.000000000 +0000 @@ -79,7 +79,6 @@ express.aero federation.aero flight.aero -freight.aero fuel.aero gliding.aero government.aero @@ -213,6 +212,7 @@ co.at gv.at or.at +sth.ac.at // au : https://en.wikipedia.org/wiki/.au // http://www.auda.org.au/ @@ -258,7 +258,7 @@ vic.gov.au wa.gov.au // 4LDs -education.tas.edu.au +// education.tas.edu.au - Removed at the request of the Department of Education Tasmania schools.nsw.edu.au // aw : https://en.wikipedia.org/wiki/.aw @@ -456,6 +456,7 @@ am.br anani.br aparecida.br +app.br arq.br art.br ato.br @@ -463,6 +464,7 @@ barueri.br belem.br bhz.br +bib.br bio.br blog.br bmd.br @@ -477,14 +479,19 @@ com.br contagem.br coop.br +coz.br cri.br cuiaba.br curitiba.br def.br +des.br +det.br +dev.br ecn.br eco.br edu.br emp.br +enf.br eng.br esp.br etc.br @@ -500,6 +507,7 @@ foz.br fst.br g12.br +geo.br ggf.br goiania.br gov.br @@ -543,6 +551,7 @@ jus.br leg.br lel.br +log.br londrina.br macapa.br maceio.br @@ -575,6 +584,7 @@ radio.br rec.br recife.br +rep.br ribeirao.br rio.br riobranco.br @@ -585,6 +595,7 @@ santoandre.br saobernardo.br saogonca.br +seg.br sjc.br slg.br slz.br @@ -592,6 +603,7 @@ srv.br taxi.br tc.br +tec.br teo.br the.br tmp.br @@ -719,11 +731,13 @@ *.ck !www.ck -// cl : https://en.wikipedia.org/wiki/.cl +// cl : https://www.nic.cl +// Confirmed by .CL registry cl -gov.cl -gob.cl +aprendemas.cl co.cl +gob.cl +gov.cl mil.cl // cm : https://en.wikipedia.org/wiki/.cm plus bug 981927 @@ -893,16 +907,18 @@ sld.do web.do -// dz : https://en.wikipedia.org/wiki/.dz +// dz : http://www.nic.dz/images/pdf_nic/charte.pdf dz +art.dz +asso.dz com.dz +edu.dz +gov.dz org.dz net.dz -gov.dz -edu.dz -asso.dz pol.dz -art.dz +soc.dz +tm.dz // ec : http://www.nic.ec/reg/paso1.asp // Submitted by registry @@ -982,13 +998,28 @@ // TODO: Check for updates (expected to be phased out around Q1/2009) aland.fi -// fj : https://en.wikipedia.org/wiki/.fj -*.fj +// fj : http://domains.fj/ +// Submitted by registry 2020-02-11 +fj +ac.fj +biz.fj +com.fj +gov.fj +info.fj +mil.fj +name.fj +net.fj +org.fj +pro.fj // fk : https://en.wikipedia.org/wiki/.fk *.fk // fm : https://en.wikipedia.org/wiki/.fm +com.fm +edu.fm +net.fm +org.fm fm // fo : https://en.wikipedia.org/wiki/.fo @@ -1028,6 +1059,8 @@ gb // gd : https://en.wikipedia.org/wiki/.gd +edu.gd +gov.gd gd // ge : http://www.nic.net.ge/policy_en.pdf @@ -3772,7 +3805,7 @@ // li : https://en.wikipedia.org/wiki/.li li -// lk : http://www.nic.lk/seclevpr.html +// lk : https://www.nic.lk/index.php/domain-registration/lk-domain-naming-structure lk gov.lk sch.lk @@ -4666,13 +4699,12 @@ // ccTLD for the Netherlands nl -// no : http://www.norid.no/regelverk/index.en.html -// The Norwegian registry has declined to notify us of updates. The web pages -// referenced below are the official source of the data. There is also an -// announce mailing list: -// https://postlister.uninett.no/sympa/info/norid-diskusjon +// no : https://www.norid.no/en/om-domenenavn/regelverk-for-no/ +// Norid geographical second level domains : https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-b/ +// Norid category second level domains : https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-c/ +// Norid category second-level domains managed by parties other than Norid : https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-d/ no -// Norid generic domains : http://www.norid.no/regelverk/vedlegg-c.en.html +// Norid category second level domains : https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-c/ fhs.no vgs.no fylkesbibl.no @@ -4680,13 +4712,13 @@ museum.no idrett.no priv.no -// Non-Norid generic domains : http://www.norid.no/regelverk/vedlegg-d.en.html +// Norid category second-level domains managed by parties other than Norid : https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-d/ mil.no stat.no dep.no kommune.no herad.no -// no geographical names : http://www.norid.no/regelverk/vedlegg-b.en.html +// Norid geographical second level domains : https://www.norid.no/en/om-domenenavn/regelverk-for-no/vedlegg-b/ // counties aa.no ah.no @@ -6314,7 +6346,6 @@ dn.ua dnepropetrovsk.ua dnipropetrovsk.ua -dominic.ua donetsk.ua dp.ua if.ua @@ -6508,7 +6539,7 @@ k12.or.us k12.pa.us k12.pr.us -k12.ri.us +// k12.ri.us Removed at request of Kim Cournoyer k12.sc.us // k12.sd.us Bug 934131 - Removed at request of James Booze k12.tn.us @@ -6795,8 +6826,13 @@ مصر // xn--e1a4c ("eu", Cyrillic) : EU +// https://eurid.eu ею +// xn--qxa6a ("eu", Greek) : EU +// https://eurid.eu +ευ + // xn--mgbah1a3hjkrd ("Mauritania", Arabic) : MR موريتانيا @@ -6901,11 +6937,11 @@ қаз // xn--fzc2c9e2c ("Lanka", Sinhalese-Sinhala) : LK -// http://nic.lk +// https://nic.lk ලංකා // xn--xkc2al3hye2a ("Ilangai", Tamil) : LK -// http://nic.lk +// https://nic.lk இலங்கை // xn--mgbc0a9azcg ("Morocco/al-Maghrib", Arabic) : MA @@ -7074,7 +7110,7 @@ // newGTLDs -// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2020-01-06T17:33:31Z +// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2020-10-08T17:45:32Z // This list is auto-generated, don't edit it manually. // aaa : 2015-02-26 American Automobile Association, Inc. aaa @@ -7157,9 +7193,6 @@ // aig : 2014-12-18 American International Group, Inc. aig -// aigo : 2015-08-06 aigo Digital Technology Co,Ltd. -aigo - // airbus : 2015-07-30 Airbus S.A.S. airbus @@ -7196,7 +7229,7 @@ // alstom : 2015-07-30 ALSTOM alstom -// amazon : 2019-12-19 Amazon EU S.à r.l. +// amazon : 2019-12-19 Amazon Registry Services, Inc. amazon // americanexpress : 2015-07-31 American Express Travel Related Services Company, Inc. @@ -7223,7 +7256,7 @@ // android : 2014-08-07 Charleston Road Registry Inc. android -// anquan : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// anquan : 2015-01-08 Beijing Qihu Keji Co., Ltd. anquan // anz : 2015-07-31 Australia and New Zealand Banking Group Limited @@ -7283,7 +7316,7 @@ // audible : 2015-06-25 Amazon Registry Services, Inc. audible -// audio : 2014-03-20 Uniregistry, Corp. +// audio : 2014-03-20 UNR Corp. audio // auspost : 2015-08-13 Australian Postal Corporation @@ -7292,7 +7325,7 @@ // author : 2014-12-18 Amazon Registry Services, Inc. author -// auto : 2014-11-13 Cars Registry Limited +// auto : 2014-11-13 XYZ.COM LLC auto // autos : 2014-01-09 DERAutos, LLC @@ -7376,7 +7409,7 @@ // beats : 2015-05-14 Beats Electronics, LLC beats -// beauty : 2015-12-03 L'Oréal +// beauty : 2015-12-03 XYZ.COM LLC beauty // beer : 2014-01-09 Minds + Machines Group Limited @@ -7421,7 +7454,7 @@ // black : 2014-01-16 Afilias Limited black -// blackfriday : 2014-01-16 Uniregistry, Corp. +// blackfriday : 2014-01-16 UNR Corp. blackfriday // blockbuster : 2015-07-30 Dish DBS Corporation @@ -7568,7 +7601,7 @@ // capitalone : 2015-08-06 Capital One Financial Corporation capitalone -// car : 2015-01-22 Cars Registry Limited +// car : 2015-01-22 XYZ.COM LLC car // caravan : 2013-12-12 Caravan International, Inc. @@ -7586,7 +7619,7 @@ // careers : 2013-10-02 Binky Moon, LLC careers -// cars : 2014-11-13 Cars Registry Limited +// cars : 2014-11-13 XYZ.COM LLC cars // casa : 2013-11-21 Minds + Machines Group Limited @@ -7661,7 +7694,7 @@ // chintai : 2015-06-11 CHINTAI Corporation chintai -// christmas : 2013-11-21 Uniregistry, Corp. +// christmas : 2013-11-21 UNR Corp. christmas // chrome : 2014-07-24 Charleston Road Registry Inc. @@ -7700,7 +7733,7 @@ // cleaning : 2013-12-05 Binky Moon, LLC cleaning -// click : 2014-06-05 Uniregistry, Corp. +// click : 2014-06-05 UNR Corp. click // clinic : 2014-03-20 Binky Moon, LLC @@ -7832,7 +7865,7 @@ // cymru : 2014-05-08 Nominet UK cymru -// cyou : 2015-01-22 Beijing Gamease Age Digital Technology Co., Ltd. +// cyou : 2015-01-22 ShortDot SA cyou // dabur : 2014-02-06 Dabur India Limited @@ -7913,7 +7946,7 @@ // diamonds : 2013-09-22 Binky Moon, LLC diamonds -// diet : 2014-06-26 Uniregistry, Corp. +// diet : 2014-06-26 UNR Corp. diet // digital : 2014-03-06 Binky Moon, LLC @@ -8036,9 +8069,6 @@ // estate : 2013-08-27 Binky Moon, LLC estate -// esurance : 2015-07-23 Esurance Insurance Company -esurance - // etisalat : 2015-09-03 Emirates Telecommunications Corporation (trading as Etisalat) etisalat @@ -8153,7 +8183,7 @@ // fitness : 2014-03-06 Binky Moon, LLC fitness -// flickr : 2015-04-02 Yahoo! Domain Services Inc. +// flickr : 2015-04-02 Flickr, Inc. flickr // flights : 2013-12-05 Binky Moon, LLC @@ -8165,7 +8195,7 @@ // florist : 2013-11-07 Binky Moon, LLC florist -// flowers : 2014-10-09 Uniregistry, Corp. +// flowers : 2014-10-09 UNR Corp. flowers // fly : 2014-05-08 Charleston Road Registry Inc. @@ -8255,7 +8285,7 @@ // gallup : 2015-02-19 Gallup, Inc. gallup -// game : 2015-05-28 Uniregistry, Corp. +// game : 2015-05-28 UNR Corp. game // games : 2015-05-28 Dog Beach, LLC @@ -8393,13 +8423,13 @@ // guide : 2013-09-13 Binky Moon, LLC guide -// guitars : 2013-11-14 Uniregistry, Corp. +// guitars : 2013-11-14 UNR Corp. guitars // guru : 2013-08-27 Binky Moon, LLC guru -// hair : 2015-12-03 L'Oréal +// hair : 2015-12-03 XYZ.COM LLC hair // hamburg : 2014-02-20 Hamburg Top-Level-Domain GmbH @@ -8426,7 +8456,7 @@ // healthcare : 2014-06-12 Binky Moon, LLC healthcare -// help : 2014-06-26 Uniregistry, Corp. +// help : 2014-06-26 UNR Corp. help // helsinki : 2015-02-05 City of Helsinki @@ -8441,7 +8471,7 @@ // hgtv : 2015-07-02 Lifestyle Domain Holdings, Inc. hgtv -// hiphop : 2014-03-06 Uniregistry, Corp. +// hiphop : 2014-03-06 UNR Corp. hiphop // hisamitsu : 2015-07-16 Hisamitsu Pharmaceutical Co.,Inc. @@ -8450,7 +8480,7 @@ // hitachi : 2014-10-31 Hitachi, Ltd. hitachi -// hiv : 2014-03-13 Uniregistry, Corp. +// hiv : 2014-03-13 UNR Corp. hiv // hkt : 2015-05-14 PCCW-HKT DataCom Services Limited @@ -8489,7 +8519,7 @@ // host : 2014-04-17 DotHost Inc. host -// hosting : 2014-05-29 Uniregistry, Corp. +// hosting : 2014-05-29 UNR Corp. hosting // hot : 2015-08-27 Amazon Registry Services, Inc. @@ -8579,9 +8609,6 @@ // insure : 2014-03-20 Binky Moon, LLC insure -// intel : 2015-08-06 Intel Corporation -intel - // international : 2013-11-07 Binky Moon, LLC international @@ -8663,7 +8690,7 @@ // jprs : 2014-09-18 Japan Registry Services Co., Ltd. jprs -// juegos : 2014-03-20 Uniregistry, Corp. +// juegos : 2014-03-20 UNR Corp. juegos // juniper : 2015-07-30 JUNIPER NETWORKS, INC. @@ -8774,7 +8801,7 @@ // lawyer : 2014-03-20 Dog Beach, LLC lawyer -// lds : 2014-03-20 IRI Domain Management, LLC ("Applicant") +// lds : 2014-03-20 IRI Domain Management, LLC lds // lease : 2014-03-06 Binky Moon, LLC @@ -8831,7 +8858,7 @@ // linde : 2014-12-04 Linde Aktiengesellschaft linde -// link : 2013-11-14 Uniregistry, Corp. +// link : 2013-11-14 UNR Corp. link // lipsy : 2015-06-25 Lipsy Ltd @@ -8849,7 +8876,7 @@ // llc : 2017-12-14 Afilias Limited llc -// llp : 2019-08-26 Dot Registry LLC +// llp : 2019-08-26 UNR Corp. llp // loan : 2014-11-20 dot Loan Limited @@ -8867,7 +8894,7 @@ // loft : 2015-07-30 Annco, Inc. loft -// lol : 2015-01-30 Uniregistry, Corp. +// lol : 2015-01-30 UNR Corp. lol // london : 2013-11-14 Dot London Domains Limited @@ -8918,7 +8945,7 @@ // maison : 2013-12-05 Binky Moon, LLC maison -// makeup : 2015-01-15 L'Oréal +// makeup : 2015-01-15 XYZ.COM LLC makeup // man : 2014-12-04 MAN SE @@ -8987,9 +9014,6 @@ // merckmsd : 2016-07-14 MSD Registry Holdings, Inc. merckmsd -// metlife : 2015-05-07 MetLife Services and Solutions, LLC -metlife - // miami : 2013-12-19 Minds + Machines Group Limited miami @@ -9029,7 +9053,7 @@ // moi : 2014-12-18 Amazon Registry Services, Inc. moi -// mom : 2015-04-16 Uniregistry, Corp. +// mom : 2015-04-16 UNR Corp. mom // monash : 2013-09-30 Monash University @@ -9041,7 +9065,7 @@ // monster : 2015-09-11 XYZ.COM LLC monster -// mormon : 2013-12-05 IRI Domain Management, LLC ("Applicant") +// mormon : 2013-12-05 IRI Domain Management, LLC mormon // mortgage : 2014-03-20 Dog Beach, LLC @@ -9077,9 +9101,6 @@ // nab : 2015-08-20 National Australia Bank Limited nab -// nadex : 2014-12-11 Nadex Domains, Inc. -nadex - // nagoya : 2013-10-24 GMO Registry, Inc. nagoya @@ -9107,7 +9128,7 @@ // network : 2013-11-14 Binky Moon, LLC network -// neustar : 2013-12-05 Registry Services, LLC +// neustar : 2013-12-05 NeuStar, Inc. neustar // new : 2014-01-30 Charleston Road Registry Inc. @@ -9161,7 +9182,7 @@ // northwesternmutual : 2015-06-18 Northwestern Mutual Registry, LLC northwesternmutual -// norton : 2014-12-04 Symantec Corporation +// norton : 2014-12-04 NortonLifeLock Inc. norton // now : 2015-06-25 Amazon Registry Services, Inc. @@ -9308,7 +9329,7 @@ // phone : 2016-06-02 Dish DBS Corporation phone -// photo : 2013-11-14 Uniregistry, Corp. +// photo : 2013-11-14 UNR Corp. photo // photography : 2013-09-20 Binky Moon, LLC @@ -9320,7 +9341,7 @@ // physio : 2014-05-01 PhysBiz Pty Ltd physio -// pics : 2013-11-14 Uniregistry, Corp. +// pics : 2013-11-14 UNR Corp. pics // pictet : 2014-06-26 Pictet Europe S.A. @@ -9407,7 +9428,7 @@ // properties : 2013-12-05 Binky Moon, LLC properties -// property : 2014-05-22 Uniregistry, Corp. +// property : 2014-05-22 UNR Corp. property // protection : 2015-04-23 XYZ.COM LLC @@ -9527,9 +9548,6 @@ // ricoh : 2014-11-20 Ricoh Company, Ltd. ricoh -// rightathome : 2015-07-23 Johnson Shareholdings, Inc. -rightathome - // ril : 2015-04-02 Reliance Industries Limited ril @@ -9659,9 +9677,6 @@ // scjohnson : 2015-07-23 Johnson Shareholdings, Inc. scjohnson -// scor : 2014-10-31 SCOR SE -scor - // scot : 2014-01-23 Dot Scot Registry Limited scot @@ -9701,7 +9716,7 @@ // sex : 2014-11-13 ICM Registry SX LLC sex -// sexy : 2013-09-11 Uniregistry, Corp. +// sexy : 2013-09-11 UNR Corp. sexy // sfr : 2015-08-13 Societe Francaise du Radiotelephone - SFR @@ -9734,7 +9749,7 @@ // shopping : 2016-03-31 Binky Moon, LLC shopping -// shouji : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// shouji : 2015-01-08 Beijing Qihu Keji Co., Ltd. shouji // show : 2015-03-05 Binky Moon, LLC @@ -9761,7 +9776,7 @@ // ski : 2015-04-09 Afilias Limited ski -// skin : 2015-01-15 L'Oréal +// skin : 2015-01-15 XYZ.COM LLC skin // sky : 2014-06-19 Sky International AG @@ -9905,9 +9920,6 @@ // sydney : 2014-09-18 State of New South Wales, Department of Premier and Cabinet sydney -// symantec : 2014-12-04 Symantec Corporation -symantec - // systems : 2013-11-07 Binky Moon, LLC systems @@ -9932,7 +9944,7 @@ // tatar : 2014-04-24 Limited Liability Company "Coordination Center of Regional Domain of Tatarstan Republic" tatar -// tattoo : 2013-08-30 Uniregistry, Corp. +// tattoo : 2013-08-30 UNR Corp. tattoo // tax : 2014-03-20 Binky Moon, LLC @@ -10049,7 +10061,7 @@ // training : 2013-11-07 Binky Moon, LLC training -// travel : Dog Beach, LLC +// travel : 2015-10-09 Dog Beach, LLC travel // travelchannel : 2015-07-02 Lifestyle Domain Holdings, Inc. @@ -10061,7 +10073,7 @@ // travelersinsurance : 2015-03-26 Travelers TLD, LLC travelersinsurance -// trust : 2014-10-16 NCC Group Inc. +// trust : 2014-10-16 NCC Group Domain Services, Inc. trust // trv : 2015-03-26 Travelers TLD, LLC @@ -10157,9 +10169,6 @@ // vision : 2013-12-05 Binky Moon, LLC vision -// vistaprint : 2014-09-18 Vistaprint Limited -vistaprint - // viva : 2014-11-07 Saudi Telecom Company viva @@ -10229,9 +10238,6 @@ // website : 2014-04-03 DotWebsite Inc. website -// wed : 2013-10-01 Atgron, Inc. -wed - // wedding : 2014-04-24 Minds + Machines Group Limited wedding @@ -10301,7 +10307,7 @@ // xfinity : 2015-07-09 Comcast IP Holdings I, LLC xfinity -// xihuan : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// xihuan : 2015-01-08 Beijing Qihu Keji Co., Ltd. xihuan // xin : 2014-12-11 Elegant Leader Limited @@ -10337,7 +10343,7 @@ // xn--45q11c : 2013-11-21 Zodiac Gemini Ltd 八卦 -// xn--4gbrim : 2013-10-04 Suhub Electronic Establishment +// xn--4gbrim : 2013-10-04 Fans TLD Limited موقع // xn--55qw42g : 2013-11-08 China Organizational Name Administration Center @@ -10397,7 +10403,7 @@ // xn--cck2b3b : 2015-02-26 Amazon Registry Services, Inc. ストア -// xn--cckwcxetd : 2019-12-19 Amazon EU S.à r.l. +// xn--cckwcxetd : 2019-12-19 Amazon Registry Services, Inc. アマゾン // xn--cg4bki : 2013-09-27 SAMSUNG SDS CO., LTD @@ -10421,9 +10427,6 @@ // xn--efvy88h : 2014-08-22 Guangzhou YU Wei Information Technology Co., Ltd. 新闻 -// xn--estv75g : 2015-02-19 Industrial and Commercial Bank of China Limited -工行 - // xn--fct429k : 2015-04-09 Amazon Registry Services, Inc. 家電 @@ -10445,7 +10448,7 @@ // xn--fzys8d69uvgm : 2015-05-14 PCCW Enterprises Limited 電訊盈科 -// xn--g2xx48c : 2015-01-30 Minds + Machines Group Limited +// xn--g2xx48c : 2015-01-30 Nawang Heli(Xiamen) Network Service Co., LTD. 购物 // xn--gckr3f0f : 2015-02-26 Amazon Registry Services, Inc. @@ -10469,7 +10472,7 @@ // xn--j1aef : 2015-01-15 VeriSign Sarl ком -// xn--jlq480n2rg : 2019-12-19 Amazon EU S.à r.l. +// xn--jlq480n2rg : 2019-12-19 Amazon Registry Services, Inc. 亚马逊 // xn--jlq61u9w7b : 2015-01-08 Nokia Corporation @@ -10481,9 +10484,6 @@ // xn--kcrx77d1x4a : 2014-11-07 Koninklijke Philips N.V. 飞利浦 -// xn--kpu716f : 2014-12-22 Richemont DNS Inc. -手表 - // xn--kput3i : 2014-02-13 Beijing RITT-Net Technology Development Co., Ltd 手机 @@ -10532,15 +10532,12 @@ // xn--nyqy26a : 2014-11-07 Stable Tone Limited 健康 -// xn--otu796d : 2017-08-06 Internet DotTrademark Organisation Limited +// xn--otu796d : 2017-08-06 Jiang Yu Liang Cai Technology Company Limited 招聘 // xn--p1acf : 2013-12-12 Rusnames Limited рус -// xn--pbt977c : 2014-12-22 Richemont DNS Inc. -珠宝 - // xn--pssy2u : 2015-01-15 VeriSign Sarl 大拿 @@ -10625,7 +10622,7 @@ // youtube : 2014-05-01 Charleston Road Registry Inc. youtube -// yun : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// yun : 2015-01-08 Beijing Qihu Keji Co., Ltd. yun // zappos : 2015-06-25 Amazon Registry Services, Inc. @@ -10657,6 +10654,9 @@ inf.ua ltd.ua +// 611coin : https://611project.org/ +611.to + // Adobe : https://www.adobe.com/ // Submitted by Ian Boston adobeaemcloud.com @@ -10676,6 +10676,16 @@ *.compute.estate *.alces.network +// all-inkl.com : https://all-inkl.com +// Submitted by Werner Kaltofen +kasserver.com + +// Algorithmia, Inc. : algorithmia.com +// Submitted by Eli Perelman +*.algorithmia.com +!teams.algorithmia.com +!test.algorithmia.com + // Altervista: https://www.altervista.org // Submitted by Carlo Cannas altervista.org @@ -10840,8 +10850,11 @@ balena-devices.com // Banzai Cloud -// Submitted by Gabor Kozma +// Submitted by Janos Matyas +*.banzai.cloud app.banzaicloud.io +*.backyards.banzaicloud.io + // BetaInABox // Submitted by Adrian @@ -10895,33 +10908,36 @@ // CentralNic : http://www.centralnic.com/names/domains // Submitted by registry ae.org -ar.com br.com cn.com com.de com.se de.com eu.com -gb.com gb.net -hu.com hu.net jp.net jpn.com -kr.com mex.com -no.com -qc.com ru.com sa.com se.net uk.com uk.net us.com -uy.com za.bz za.com +// No longer operated by CentralNic, these entries should be adopted and/or removed by current operators +// Submitted by Gavin Brown +ar.com +gb.com +hu.com +kr.com +no.com +qc.com +uy.com + // Africa.com Web Solutions Ltd : https://registry.africa.com // Submitted by Gavin Brown africa.com @@ -10933,6 +10949,7 @@ // Radix FZC : http://domains.in.net // Submitted by Gavin Brown in.net +web.in // US REGISTRY LLC : http://us.org // Submitted by Gavin Brown @@ -10942,6 +10959,21 @@ // Submitted by Gavin Brown co.com +// Roar Domains LLC : https://roar.basketball/ +// Submitted by Gavin Brown +aus.basketball +nz.basketball + +// BRS Media : https://brsmedia.com/ +// Submitted by Gavin Brown +radio.am +radio.fm + +// Globe Hosting SRL : https://www.globehosting.com/ +// Submitted by Gavin Brown +co.ro +shop.ro + // c.la : http://www.c.la/ c.la @@ -10954,8 +10986,9 @@ xenapponazure.com // Civilized Discourse Construction Kit, Inc. : https://www.discourse.org/ -// Submitted by Rishabh Nambiar +// Submitted by Rishabh Nambiar & Michael Brown discourse.group +discourse.team // ClearVox : http://www.clearvox.nl/ // Submitted by Leon Rowland @@ -10970,6 +11003,10 @@ *.lcl.dev *.stg.dev +// Clic2000 : https://clic2000.fr +// Submitted by Mathilde Blanchemanche +clic2000.net + // Cloud66 : https://www.cloud66.com/ // Submitted by Khash Sajadi c66.me @@ -10994,7 +11031,8 @@ cloudera.site // Cloudflare, Inc. : https://www.cloudflare.com/ -// Submitted by Jake Riesterer +// Submitted by Cloudflare Team +pages.dev trycloudflare.com workers.dev @@ -11085,6 +11123,10 @@ // Submitted by Jonathan Rudenberg cupcake.is +// Curv UG : https://curv-labs.de/ +// Submitted by Marvin Wiesner +curv.dev + // Customer OCI - Oracle Dyn https://cloud.oracle.com/home https://dyn.com/dns/ // Submitted by Gregory Drake // Note: This is intended to also include customer-oci.com due to wildcards implicitly including the current label @@ -11098,6 +11140,12 @@ cyon.link cyon.site +// Danger Science Group: https://dangerscience.com/ +// Submitted by Skylar MacDonald +fnwk.site +folionetwork.site +platform0.app + // Daplie, Inc : https://daplie.com // Submitted by AJ ONeal daplie.me @@ -11120,6 +11168,10 @@ reg.dk store.dk +// dappnode.io : https://dappnode.io/ +// Submitted by Abel Boldu / DAppNode Team +dyndns.dappnode.io + // dapps.earth : https://dapps.earth/ // Submitted by Daniil Burdakov *.dapps.earth @@ -11141,6 +11193,10 @@ // Submitted by Peter Thomassen dedyn.io +// DNS Africa Ltd https://dns.business +// Submitted by Calvin Browne +jozi.biz + // DNShome : https://www.dnshome.de/ // Submitted by Norbert Auler dnshome.de @@ -11171,6 +11227,13 @@ // Submitted by Richard Harper duckdns.org +// Bip : https://bip.sh +// Submitted by Joel Kennedy +bip.sh + +// bitbridge.net : Submitted by Craig Welch, abeliidev@gmail.com +bitbridge.net + // dy.fi : http://dy.fi/ // Submitted by Heikki Hannikainen dy.fi @@ -11519,6 +11582,10 @@ onred.one staging.onred.one +// One.com: https://www.one.com/ +// Submitted by Jacob Bunk Nielsen +service.one + // Enonic : http://enonic.com/ // Submitted by Erik Kaareng-Sunde enonic.io @@ -11602,6 +11669,10 @@ mymailer.com.tw url.tw +// Fabrica Technologies, Inc. : https://www.fabrica.dev/ +// Submitted by Eric Jiang +onfabrica.com + // Facebook, Inc. // Submitted by Peter Ruibal apps.fbsbx.com @@ -11685,6 +11756,7 @@ // Fancy Bits, LLC : http://getchannels.com // Submitted by Aman Gupta channelsdvr.net +u.channelsdvr.net // Fastly Inc. : http://www.fastly.com/ // Submitted by Fastly Security @@ -11701,8 +11773,11 @@ // FASTVPS EESTI OU : https://fastvps.ru/ // Submitted by Likhachev Vasiliy -fastpanel.direct fastvps-server.com +fastvps.host +myfast.host +fastvps.site +myfast.space // Featherhead : https://featherhead.xyz/ // Submitted by Simon Menke @@ -11716,6 +11791,13 @@ app.os.fedoraproject.org app.os.stg.fedoraproject.org +// FearWorks Media Ltd. : https://fearworksmedia.co.uk +// submitted by Keith Fairley +conn.uk +copro.uk +couk.me +ukco.me + // Fermax : https://fermax.com/ // submitted by Koen Van Isterdael mydobiss.com @@ -11734,9 +11816,14 @@ // Submitted by Chris Raynor firebaseapp.com +// fly.io: https://fly.io +// Submitted by Kurt Mackey +fly.dev +edgeapp.net +shw.io + // Flynn : https://flynn.io // Submitted by Jonathan Rudenberg -flynnhub.com flynnhosting.net // Frederik Braun https://frederik-braun.com @@ -11756,6 +11843,10 @@ // Submitted by Daniel Stone freedesktop.org +// FunkFeuer - Verein zur Förderung freier Netze : https://www.funkfeuer.at +// Submitted by Daniel A. Maierhofer +wien.funkfeuer.at + // Futureweb OG : http://www.futureweb.at // Submitted by Andreas Schnederle-Wagner *.futurecms.at @@ -11779,6 +11870,7 @@ // Gentlent, Inc. : https://www.gentlent.com // Submitted by Tom Klein gentapps.com +gentlentapis.com lab.ms // GitHub, Inc. @@ -11790,6 +11882,11 @@ // Submitted by Alex Hanselka gitlab.io +// Gitplac.si - https://gitplac.si +// Submitted by Aljaž Starc +gitapp.si +gitpage.si + // Glitch, Inc : https://glitch.com // Submitted by Mads Hartmann glitch.me @@ -11803,6 +11900,10 @@ cloudapps.digital london.cloudapps.digital +// GOV.UK Pay : https://www.payments.service.gov.uk/ +// Submitted by Richard Baker +pymnt.uk + // UKHomeOffice : https://www.gov.uk/government/organisations/home-office // Submitted by Jon Shanks homeoffice.gov.uk @@ -11810,7 +11911,6 @@ // GlobeHosting, Inc. // Submitted by Zoltan Egresi ro.im -shop.ro // GoIP DNS Services : http://www.goip.de // Submitted by Christian Poulter @@ -11824,6 +11924,17 @@ *.0emm.com appspot.com *.r.appspot.com +codespot.com +googleapis.com +googlecode.com +pagespeedmobilizer.com +publishproxy.com +withgoogle.com +withyoutube.com +cloudfunctions.net +cloud.goog +translate.goog + blogspot.ae blogspot.al blogspot.am @@ -11898,15 +12009,10 @@ blogspot.tw blogspot.ug blogspot.vn -cloudfunctions.net -cloud.goog -codespot.com -googleapis.com -googlecode.com -pagespeedmobilizer.com -publishproxy.com -withgoogle.com -withyoutube.com + +// Aaron Marais' Gitlab pages: https://lab.aaronleem.co.za +// Submitted by Aaron Marais +graphox.us // Group 53, LLC : https://www.group53.com // Submitted by Tyler Todd @@ -11965,6 +12071,9 @@ ng.school sch.so +// HostyHosting (hostyhosting.com) +hostyhosting.io + // Häkkinen.fi // Submitted by Eero Häkkinen häkkinen.fi @@ -12033,13 +12142,22 @@ // Submitted by Wolfgang Schwarz pixolino.com +// Internet-Pro, LLP: https://netangels.ru/ +// Submited by Vasiliy Sheredeko +na4u.ru + +// iopsys software solutions AB : https://iopsys.eu/ +// Submitted by Roman Azarenko +iopsys.se + // IPiFony Systems, Inc. : https://www.ipifony.com/ // Submitted by Matthew Hardeman ipifony.net // IServ GmbH : https://iserv.eu -// Submitted by Kim-Alexander Brodowski +// Submitted by Kim-Alexander Brodowski mein-iserv.de +schulserver.de test-iserv.de iserv.dev @@ -12047,6 +12165,95 @@ // Submitted by Yuji Minagawa iobb.net +//Jelastic, Inc. : https://jelastic.com/ +// Submited by Ihor Kolodyuk +mel.cloudlets.com.au +cloud.interhostsolutions.be +users.scale.virtualcloud.com.br +mycloud.by +alp1.ae.flow.ch +appengine.flow.ch +es-1.axarnet.cloud +diadem.cloud +vip.jelastic.cloud +jele.cloud +it1.eur.aruba.jenv-aruba.cloud +it1.jenv-aruba.cloud +it1-eur.jenv-arubabiz.cloud +primetel.cloud +uk.primetel.cloud +ca.reclaim.cloud +uk.reclaim.cloud +us.reclaim.cloud +ch.trendhosting.cloud +de.trendhosting.cloud +jele.club +clicketcloud.com +ams.cloudswitches.com +au.cloudswitches.com +sg.cloudswitches.com +dopaas.com +elastyco.com +nv.elastyco.com +hidora.com +paas.hosted-by-previder.com +rag-cloud.hosteur.com +rag-cloud-ch.hosteur.com +jcloud.ik-server.com +jcloud-ver-jpc.ik-server.com +demo.jelastic.com +kilatiron.com +paas.massivegrid.com +jed.wafaicloud.com +lon.wafaicloud.com +ryd.wafaicloud.com +j.scaleforce.com.cy +jelastic.dogado.eu +paas.leviracloud.eu +fi.cloudplatform.fi +demo.datacenter.fi +paas.datacenter.fi +jele.host +mircloud.host +jele.io +ocs.opusinteractive.io +cloud.unispace.io +cloud-de.unispace.io +cloud-fr1.unispace.io +jc.neen.it +cloud.jelastic.open.tim.it +jcloud.kz +upaas.kazteleport.kz +jl.serv.net.mx +cloudjiffy.net +fra1-de.cloudjiffy.net +west1-us.cloudjiffy.net +ams1.jls.docktera.net +jls-sto1.elastx.net +jls-sto2.elastx.net +jls-sto3.elastx.net +fr-1.paas.massivegrid.net +lon-1.paas.massivegrid.net +lon-2.paas.massivegrid.net +ny-1.paas.massivegrid.net +ny-2.paas.massivegrid.net +sg-1.paas.massivegrid.net +jelastic.saveincloud.net +nordeste-idc.saveincloud.net +j.scaleforce.net +jelastic.tsukaeru.net +atl.jelastic.vps-host.net +njs.jelastic.vps-host.net +unicloud.pl +mircloud.ru +jelastic.regruhosting.ru +enscaled.sg +jele.site +jelastic.team +j.layershift.co.uk +phx.enscaled.us +mircloud.us + // Jino : https://www.jino.ru // Submitted by Sergey Ulyashin myjino.ru @@ -12132,12 +12339,17 @@ // Linode : https://linode.com // Submitted by members.linode.com -nodebalancer.linode.com +*.nodebalancer.linode.com +*.linodeobjects.com // LiquidNet Ltd : http://www.liquidnetlimited.com/ // Submitted by Victor Velchev we.bs +// localzone.xyz +// Submitted by Kenny Niehage +localzone.xyz + // Log'in Line : https://www.loginline.com/ // Submitted by Rémi Mach loginline.app @@ -12201,6 +12413,15 @@ // Submitted by Ilya Zaretskiy hb.cldmail.ru +// mcpe.me : https://mcpe.me +// Submitted by Noa Heyl +mcpe.me + +// McHost : https://mchost.ru +// Submitted by Evgeniy Subbotin +mcdir.ru +vps.mcdir.ru + // Memset hosting : https://www.memset.com // Submitted by Tom Whitwell miniserver.com @@ -12208,7 +12429,7 @@ // MetaCentrum, CESNET z.s.p.o. : https://www.metacentrum.cz/en/ // Submitted by Zdeněk Šustr -cloud.metacentrum.cz +*.cloud.metacentrum.cz custom.metacentrum.cz // MetaCentrum, CESNET z.s.p.o. : https://www.metacentrum.cz/en/ @@ -12225,12 +12446,20 @@ co.pl // Microsoft Corporation : http://microsoft.com -// Submitted by Justin Luk -azurecontainer.io +// Submitted by Mostafa Elzeiny +*.azurecontainer.io azurewebsites.net azure-mobile.net cloudapp.net +// minion.systems : http://minion.systems +// Submitted by Robert Böttinger +csx.cc + +// MobileEducation, LLC : https://joinforte.com +// Submitted by Grayson Martin +forte.id + // Mozilla Corporation : https://mozilla.com // Submitted by Ben Francis mozilla-iot.org @@ -12245,6 +12474,19 @@ org.ru pp.ru +// Mythic Beasts : https://www.mythic-beasts.com +// Submitted by Paul Cammish +hostedpi.com +customer.mythic-beasts.com +lynx.mythic-beasts.com +ocelot.mythic-beasts.com +onza.mythic-beasts.com +sphinx.mythic-beasts.com +vs.mythic-beasts.com +x.mythic-beasts.com +yali.mythic-beasts.com +cust.retrosnub.co.uk + // Nabu Casa : https://www.nabucasa.com // Submitted by Paulus Schoutsen ui.nabu.casa @@ -12271,8 +12513,7 @@ // Netlify : https://www.netlify.com // Submitted by Jessica Parsons -bitballoon.com -netlify.com +netlify.app // Neustar Inc. // Submitted by Trung Tran @@ -12429,12 +12670,13 @@ nyc.mn // NymNom : https://nymnom.com/ -// Submitted by Dave McCormack +// Submitted by NymNom nom.ae nom.af nom.ai nom.al nym.by +nom.bz nym.bz nom.cl nym.ec @@ -12456,6 +12698,7 @@ nym.li nym.lt nym.lu +nom.lv nym.me nom.mk nym.mn @@ -12488,14 +12731,26 @@ // Submitted by Andrew Sampson cya.gg +// OMG.LOL : +// Submitted by Adam Newbold +omg.lol + // Omnibond Systems, LLC. : https://www.omnibond.com // Submitted by Cole Estep cloudycluster.net +// OmniWe Limited: https://omniwe.com +// Submitted by Vicary Archangel +omniwe.site + // One Fold Media : http://www.onefoldmedia.com/ // Submitted by Eddie Jones nid.io +// Open Social : https://www.getopensocial.com/ +// Submitted by Alexander Varwijk +opensocial.site + // OpenCraft GmbH : http://opencraft.com/ // Submitted by Sven Marnach opencraft.hosting @@ -12517,6 +12772,10 @@ ownprovider.com own.pm +// OwO : https://whats-th.is/ +// Submitted by Dean Sheather +*.owo.codes + // OX : http://www.ox.rs // Submitted by Adam Grand ox.rs @@ -12533,6 +12792,17 @@ // Submitted by Jason Kriss pagefrontapp.com +// PageXL : https://pagexl.com +// Submitted by Yann Guichard +pagexl.com + +// pcarrier.ca Software Inc: https://pcarrier.ca/ +// Submitted by Pierre Carrier +bar0.net +bar1.net +bar2.net +rdv.to + // .pl domains (grandfathered) art.pl gliwice.pl @@ -12560,9 +12830,24 @@ // Platform.sh : https://platform.sh // Submitted by Nikola Kotur -*.platform.sh +bc.platform.sh +ent.platform.sh +eu.platform.sh +us.platform.sh *.platformsh.site +// Platter: https://platter.dev +// Submitted by Patrick Flor +platter-app.com +platter-app.dev +platterp.us + +// Plesk : https://www.plesk.com/ +// Submitted by Anton Akhtyamov +pdns.page +plesk.page +pleskns.com + // Port53 : https://port53.io/ // Submitted by Maximilian Schieder dyn53.io @@ -12604,6 +12889,10 @@ // Submitted by Xavier De Cock qualifioapp.com +// QuickBackend: https://www.quickbackend.com +// Submitted by Dani Biro +qbuser.com + // Redstar Consultants : https://www.redstarconsultants.com/ // Submitted by Jons Slemmer instantcloud.cn @@ -12641,6 +12930,10 @@ rackmaze.com rackmaze.net +// Rakuten Games, Inc : https://dev.viberplay.io +// Submitted by Joshua Zhang +g.vbrplsbx.io + // Rancher Labs, Inc : https://rancher.com // Submitted by Vincent Fiduccia *.on-k3s.io @@ -12718,6 +13011,14 @@ myfirewall.org spdns.org +// Seidat : https://www.seidat.com +// Submitted by Artem Kondratev +seidat.net + +// Senseering GmbH : https://www.senseering.de +// Submitted by Felix Mönckemeyer +senseering.net + // Service Online LLC : http://drs.ua/ // Submitted by Serhii Bulakh biz.ua @@ -12736,6 +13037,10 @@ // Submitted by Craig McMahon shopitsite.com +// shopware AG : https://shopware.com +// Submitted by Jens Küper +shopware.store + // Siemens Mobility GmbH // Submitted by Oliver Graebner mo-siemens.io @@ -12758,6 +13063,10 @@ alpha.bounty-full.com beta.bounty-full.com +// Small Technology Foundation : https://small-tech.org +// Submitted by Aral Balkan +small-web.org + // Stackhero : https://www.stackhero.io // Submitted by Adrien Gillon stackhero-network.com @@ -12768,6 +13077,10 @@ dev.static.land sites.static.land +// Sony Interactive Entertainment LLC : https://sie.com/ +// Submitted by David Coles +playstation-cloud.com + // SourceLair PC : https://www.sourcelair.com // Submitted by Antonis Kalipetis apps.lair.io @@ -12866,11 +13179,14 @@ cust.disrec.thingdust.io cust.prod.thingdust.io cust.testing.thingdust.io +*.firenet.ch +*.svc.firenet.ch // Tlon.io : https://tlon.io // Submitted by Mark Staarink arvo.network azimuth.network +tlon.network // TownNews.com : http://www.townnews.com // Submitted by Dustin Ward @@ -12942,6 +13258,11 @@ virtualuser.de virtual-user.de +// urown.net : https://urown.net +// Submitted by Hostmaster +urown.cloud +dnsupdate.info + // .US // Submitted by Ed Moore lib.de.us @@ -12950,6 +13271,12 @@ // Submitted by Danko Aleksejevs 2038.io +// Vercel, Inc : https://vercel.com/ +// Submitted by Connor Davis +vercel.app +vercel.dev +now.sh + // Viprinet Europe GmbH : http://www.viprinet.com // Submitted by Simon Kissel router.management @@ -12962,6 +13289,49 @@ // Submitted by Nathan van Bakel voorloper.cloud +// Voxel.sh DNS : https://voxel.sh/dns/ +// Submitted by Mia Rehlinger +neko.am +nyaa.am +be.ax +cat.ax +es.ax +eu.ax +gg.ax +mc.ax +us.ax +xy.ax +nl.ci +xx.gl +app.gp +blog.gt +de.gt +to.gt +be.gy +cc.hn +blog.kg +io.kg +jp.kg +tv.kg +uk.kg +us.kg +de.ls +at.md +de.md +jp.md +to.md +uwu.nu +indie.porn +vxl.sh +ch.tc +me.tc +we.tc +nyan.to +at.vg +blog.vu +dev.vu +me.vu + // V.UA Domain Administrator : https://domain.v.ua/ // Submitted by Serhii Rostilo v.ua @@ -12970,6 +13340,15 @@ // Submitted by Masayuki Note wafflecell.com +// WapBlog.ID : https://www.wapblog.id +// Submitted by Fajar Sodik +idnblogger.com +indowapblog.com +bloghp.id +wblog.id +wbq.me +fastblog.net + // WebHare bv: https://www.webhare.com/ // Submitted by Arnold Hendriks *.webhare.dev @@ -12984,9 +13363,32 @@ // Submitted by Jung Jin remotewd.com +// WIARD Enterprises : https://wiardweb.com +// Submitted by Kidd Hustle +pages.wiardweb.com + // Wikimedia Labs : https://wikitech.wikimedia.org -// Submitted by Yuvi Panda +// Submitted by Arturo Borrero Gonzalez wmflabs.org +toolforge.org +wmcloud.org + +// WISP : https://wisp.gg +// Submitted by Stepan Fedotov +panel.gg +daemon.panel.gg + +// WoltLab GmbH : https://www.woltlab.com +// Submitted by Tim Düsterhus +myforum.community +community-pro.de +diskussionsbereich.de +community-pro.net +meinforum.net + +// www.com.vc : http://www.com.vc +// Submitted by Li Hui +cn.vu // XenonCloud GbR: https://xenoncloud.net // Submitted by Julian Uphoff @@ -13038,10 +13440,6 @@ za.net za.org -// Zeit, Inc. : https://zeit.domains/ -// Submitted by Olli Vanhoja -now.sh - // Zine EOOD : https://zine.bg/ // Submitted by Martin Angelov bss.design @@ -13050,7 +13448,28 @@ // Submitted by Emil Stahl basicserver.io virtualserver.io -site.builder.nu enterprisecloud.nu +// Mintere : https://mintere.com/ +// Submitted by Ben Aubin +mintere.site + +// Cityhost LLC : https://cityhost.ua +// Submitted by Maksym Rivtin +cx.ua + +// WP Engine : https://wpengine.com/ +// Submitted by Michael Smith +// Submitted by Brandon DuRette +wpenginepowered.com +js.wpenginepowered.com + +// Impertrix Solutions : +// Submitted by Zhixiang Zhao +impertrixcdn.com +impertrix.com + +// GignoSystemJapan: http://gsj.bz +// Submitted by GignoSystemJapan +gsj.bz // ===END PRIVATE DOMAINS=== diff -Nru httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java --- httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java 2019-08-13 11:42:22.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/client/utils/TestURIUtils.java 2020-10-03 10:30:11.000000000 +0000 @@ -273,14 +273,16 @@ Assert.assertEquals(new HttpHost("localhost",8080), URIUtils.extractHost(new URI("http://localhost:8080/;sessionid=stuff/abcd"))); - Assert.assertEquals(new HttpHost("localhost",8080), + Assert.assertEquals(null, URIUtils.extractHost(new URI("http://localhost:8080;sessionid=stuff/abcd"))); - Assert.assertEquals(new HttpHost("localhost",-1), + Assert.assertEquals(null, URIUtils.extractHost(new URI("http://localhost:;sessionid=stuff/abcd"))); Assert.assertEquals(null, URIUtils.extractHost(new URI("http://:80/robots.txt"))); Assert.assertEquals(null, URIUtils.extractHost(new URI("http://some%20domain:80/robots.txt"))); + Assert.assertEquals(null, + URIUtils.extractHost(new URI("http://blah@goggle.com:80@google.com/"))); } @Test diff -Nru httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java --- httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java 2020-01-10 13:51:57.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java 2020-09-29 07:22:51.000000000 +0000 @@ -35,6 +35,7 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Arrays; +import java.util.Collections; import java.util.List; import javax.net.ssl.SSLException; @@ -375,6 +376,7 @@ Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN)); Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN)); } + @Test // Check compressed IPv6 hostname matching public void testHTTPCLIENT_1316() throws Exception{ final String host1 = "2001:0db8:aaaa:bbbb:cccc:0:0:0001"; @@ -417,4 +419,28 @@ } } + @Test + public void testMatchDNSName() throws Exception { + DefaultHostnameVerifier.matchDNSName( + "host.domain.com", + Collections.singletonList(SubjectName.DNS("*.domain.com")), + publicSuffixMatcher); + DefaultHostnameVerifier.matchDNSName( + "host.xx", + Collections.singletonList(SubjectName.DNS("*.xx")), + publicSuffixMatcher); + DefaultHostnameVerifier.matchDNSName( + "host.appspot.com", + Collections.singletonList(SubjectName.DNS("*.appspot.com")), + publicSuffixMatcher); + DefaultHostnameVerifier.matchDNSName( + "demo-s3-bucket.s3.eu-central-1.amazonaws.com", + Collections.singletonList(SubjectName.DNS("*.s3.eu-central-1.amazonaws.com")), + publicSuffixMatcher); + DefaultHostnameVerifier.matchDNSName( + "hostname-workspace-1.local", + Collections.singletonList(SubjectName.DNS("hostname-workspace-1.local")), + publicSuffixMatcher); + } + } diff -Nru httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/conn/util/TestPublicSuffixMatcher.java httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/conn/util/TestPublicSuffixMatcher.java --- httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/conn/util/TestPublicSuffixMatcher.java 2019-12-05 08:45:35.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/conn/util/TestPublicSuffixMatcher.java 2020-02-29 17:14:31.000000000 +0000 @@ -57,11 +57,11 @@ @Test public void testGetDomainRootAnyType() { // Private - Assert.assertEquals("example.xx", matcher.getDomainRoot("example.XX")); - Assert.assertEquals("example.xx", matcher.getDomainRoot("www.example.XX")); - Assert.assertEquals("example.xx", matcher.getDomainRoot("www.blah.blah.example.XX")); + Assert.assertEquals("xx", matcher.getDomainRoot("example.XX")); + Assert.assertEquals("xx", matcher.getDomainRoot("www.example.XX")); + Assert.assertEquals("xx", matcher.getDomainRoot("www.blah.blah.example.XX")); + Assert.assertEquals("appspot.com", matcher.getDomainRoot("example.appspot.com")); // Too short - Assert.assertEquals(null, matcher.getDomainRoot("xx")); Assert.assertEquals(null, matcher.getDomainRoot("jp")); Assert.assertEquals(null, matcher.getDomainRoot("ac.jp")); Assert.assertEquals(null, matcher.getDomainRoot("any.tokyo.jp")); @@ -79,11 +79,11 @@ @Test public void testGetDomainRootOnlyPRIVATE() { // Private - Assert.assertEquals("example.xx", matcher.getDomainRoot("example.XX", DomainType.PRIVATE)); - Assert.assertEquals("example.xx", matcher.getDomainRoot("www.example.XX", DomainType.PRIVATE)); - Assert.assertEquals("example.xx", matcher.getDomainRoot("www.blah.blah.example.XX", DomainType.PRIVATE)); + Assert.assertEquals("xx", matcher.getDomainRoot("example.XX", DomainType.PRIVATE)); + Assert.assertEquals("xx", matcher.getDomainRoot("www.example.XX", DomainType.PRIVATE)); + Assert.assertEquals("xx", matcher.getDomainRoot("www.blah.blah.example.XX", DomainType.PRIVATE)); + Assert.assertEquals("appspot.com", matcher.getDomainRoot("example.appspot.com")); // Too short - Assert.assertEquals(null, matcher.getDomainRoot("xx", DomainType.PRIVATE)); Assert.assertEquals(null, matcher.getDomainRoot("jp", DomainType.PRIVATE)); Assert.assertEquals(null, matcher.getDomainRoot("ac.jp", DomainType.PRIVATE)); Assert.assertEquals(null, matcher.getDomainRoot("any.tokyo.jp", DomainType.PRIVATE)); @@ -128,6 +128,8 @@ Assert.assertTrue(matcher.matches(".any.tokyo.jp")); // exception Assert.assertFalse(matcher.matches(".metro.tokyo.jp")); + Assert.assertFalse(matcher.matches(".xx")); + Assert.assertFalse(matcher.matches(".appspot.com")); } @Test diff -Nru httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/impl/client/integration/TestRedirects.java httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/impl/client/integration/TestRedirects.java --- httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/impl/client/integration/TestRedirects.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/impl/client/integration/TestRedirects.java 2020-03-03 12:38:17.000000000 +0000 @@ -26,11 +26,13 @@ */ package org.apache.http.impl.client.integration; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.URI; import java.util.Arrays; import java.util.List; +import org.apache.http.Consts; import org.apache.http.Header; import org.apache.http.HttpException; import org.apache.http.HttpHost; @@ -49,14 +51,18 @@ import org.apache.http.client.protocol.HttpClientContext; import org.apache.http.client.utils.URIUtils; import org.apache.http.cookie.SM; +import org.apache.http.entity.InputStreamEntity; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.BasicCookieStore; +import org.apache.http.impl.client.LaxRedirectStrategy; import org.apache.http.impl.cookie.BasicClientCookie; +import org.apache.http.localserver.EchoHandler; import org.apache.http.localserver.LocalServerTestBase; import org.apache.http.message.BasicHeader; import org.apache.http.protocol.HTTP; import org.apache.http.protocol.HttpContext; import org.apache.http.protocol.HttpCoreContext; +import org.apache.http.protocol.HttpExpectationVerifier; import org.apache.http.protocol.HttpRequestHandler; import org.apache.http.protocol.UriHttpRequestHandlerMapper; import org.apache.http.util.EntityUtils; @@ -105,6 +111,37 @@ } + private static class RedirectExpectationVerifier implements HttpExpectationVerifier { + + private final int statuscode; + + public RedirectExpectationVerifier(final int statuscode) { + super(); + this.statuscode = statuscode > 0 ? statuscode : HttpStatus.SC_MOVED_TEMPORARILY; + } + + public RedirectExpectationVerifier() { + this(-1); + } + + @Override + public void verify( + final HttpRequest request, final HttpResponse response, final HttpContext context) throws HttpException { + final HttpInetConnection conn = (HttpInetConnection) context.getAttribute(HttpCoreContext.HTTP_CONNECTION); + final int port = conn.getLocalPort(); + final String uri = request.getRequestLine().getUri(); + if (uri.equals("/oldlocation/")) { + response.setStatusCode(this.statuscode); + response.addHeader(new BasicHeader("Location", + "http://localhost:" + port + "/newlocation/")); + response.addHeader(new BasicHeader("Connection", "close")); + } else { + response.setStatusCode(HttpStatus.SC_CONTINUE); + } + } + + } + private static class CircularRedirectService implements HttpRequestHandler { public CircularRedirectService() { @@ -587,6 +624,133 @@ } @Test + public void testPostRedirectMovedPermatently() throws Exception { + this.serverBootstrap.registerHandler("*", new BasicRedirectService(HttpStatus.SC_MOVED_PERMANENTLY)); + + final HttpHost target = start(); + + final HttpClientContext context = HttpClientContext.create(); + + final HttpPost httppost = new HttpPost("/oldlocation/"); + httppost.setEntity(new StringEntity("stuff")); + + final HttpResponse response = this.httpclient.execute(target, httppost, context); + EntityUtils.consume(response.getEntity()); + Assert.assertEquals(HttpStatus.SC_MOVED_PERMANENTLY, response.getStatusLine().getStatusCode()); + } + + @Test + public void testPostRedirectMovedPermatentlyLaxStrategy() throws Exception { + this.serverBootstrap.registerHandler("*", new BasicRedirectService(HttpStatus.SC_MOVED_PERMANENTLY)); + this.clientBuilder.setRedirectStrategy(LaxRedirectStrategy.INSTANCE); + + final HttpHost target = start(); + + final HttpClientContext context = HttpClientContext.create(); + + final HttpPost httppost = new HttpPost("/oldlocation/"); + httppost.setEntity(new StringEntity("stuff")); + + final HttpResponse response = this.httpclient.execute(target, httppost, context); + EntityUtils.consume(response.getEntity()); + + final HttpRequest reqWrapper = context.getRequest(); + + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); + Assert.assertEquals("/newlocation/", reqWrapper.getRequestLine().getUri()); + Assert.assertEquals("GET", reqWrapper.getRequestLine().getMethod()); + } + + @Test + public void testPostTemporaryRedirectLaxStrategy() throws Exception { + this.serverBootstrap.registerHandler("*", new BasicRedirectService(HttpStatus.SC_TEMPORARY_REDIRECT)); + this.clientBuilder.setRedirectStrategy(LaxRedirectStrategy.INSTANCE); + + final HttpHost target = start(); + + final HttpClientContext context = HttpClientContext.create(); + + final HttpPost httppost = new HttpPost("/oldlocation/"); + httppost.setEntity(new StringEntity("stuff")); + + final HttpResponse response = this.httpclient.execute(target, httppost, context); + EntityUtils.consume(response.getEntity()); + + final HttpRequest reqWrapper = context.getRequest(); + + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); + Assert.assertEquals("/newlocation/", reqWrapper.getRequestLine().getUri()); + Assert.assertEquals("POST", reqWrapper.getRequestLine().getMethod()); + } + + @Test + public void testNonRepeatablePostTemporaryRedirectLaxStrategy() throws Exception { + this.serverBootstrap.registerHandler("*", new BasicRedirectService(HttpStatus.SC_TEMPORARY_REDIRECT)); + this.clientBuilder.setRedirectStrategy(LaxRedirectStrategy.INSTANCE); + + final HttpHost target = start(); + + final HttpClientContext context = HttpClientContext.create(); + + final HttpPost httppost = new HttpPost("/oldlocation/"); + final byte[] content = "stuff".getBytes(Consts.ASCII); + httppost.setEntity(new InputStreamEntity(new ByteArrayInputStream(content), content.length)); + + final HttpResponse response = this.httpclient.execute(target, httppost, context); + EntityUtils.consume(response.getEntity()); + Assert.assertEquals(HttpStatus.SC_TEMPORARY_REDIRECT, response.getStatusLine().getStatusCode()); + } + + @Test + public void testNonRepeatablePostTemporaryWithExpectContinueRedirectLaxStrategy() throws Exception { + this.serverBootstrap.registerHandler("*", new BasicRedirectService(HttpStatus.SC_TEMPORARY_REDIRECT)); + this.clientBuilder.setRedirectStrategy(LaxRedirectStrategy.INSTANCE); + + final HttpHost target = start(); + + final HttpClientContext context = HttpClientContext.create(); + context.setRequestConfig(RequestConfig.custom() + .setExpectContinueEnabled(true) + .build()); + + final HttpPost httppost = new HttpPost("/oldlocation/"); + final byte[] content = "stuff".getBytes(Consts.ASCII); + httppost.setEntity(new InputStreamEntity(new ByteArrayInputStream(content), content.length)); + + final HttpResponse response = this.httpclient.execute(target, httppost, context); + EntityUtils.consume(response.getEntity()); + Assert.assertEquals(HttpStatus.SC_TEMPORARY_REDIRECT, response.getStatusLine().getStatusCode()); + } + + @Test + public void testNonRepeatablePostTemporaryWithExpectContinueExpectVerifierRedirectLaxStrategy() throws Exception { + this.serverBootstrap.registerHandler("*", new EchoHandler()); + this.serverBootstrap.setExpectationVerifier(new RedirectExpectationVerifier(HttpStatus.SC_TEMPORARY_REDIRECT)); + + this.clientBuilder.setRedirectStrategy(LaxRedirectStrategy.INSTANCE); + + final HttpHost target = start(); + + final HttpClientContext context = HttpClientContext.create(); + context.setRequestConfig(RequestConfig.custom() + .setExpectContinueEnabled(true) + .build()); + + final HttpPost httppost = new HttpPost("/oldlocation/"); + final byte[] content = "stuff".getBytes(Consts.ASCII); + httppost.setEntity(new InputStreamEntity(new ByteArrayInputStream(content), content.length)); + + final HttpResponse response = this.httpclient.execute(target, httppost, context); + EntityUtils.consume(response.getEntity()); + + final HttpRequest reqWrapper = context.getRequest(); + + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); + Assert.assertEquals("/newlocation/", reqWrapper.getRequestLine().getUri()); + Assert.assertEquals("POST", reqWrapper.getRequestLine().getMethod()); + } + + @Test public void testRelativeRedirect() throws Exception { this.serverBootstrap.registerHandler("*", new RelativeRedirectService()); diff -Nru httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/impl/client/TestDefaultRedirectStrategy.java httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/impl/client/TestDefaultRedirectStrategy.java --- httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/impl/client/TestDefaultRedirectStrategy.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/impl/client/TestDefaultRedirectStrategy.java 2020-03-03 12:38:17.000000000 +0000 @@ -113,6 +113,18 @@ } @Test + public void testIsRedirectedPermanentRedirect() throws Exception { + final DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); + final HttpClientContext context = HttpClientContext.create(); + final HttpGet httpget = new HttpGet("http://localhost/"); + final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, + DefaultRedirectStrategy.SC_PERMANENT_REDIRECT, "Redirect"); + Assert.assertTrue(redirectStrategy.isRedirected(httpget, response, context)); + final HttpPost httppost = new HttpPost("http://localhost/"); + Assert.assertFalse(redirectStrategy.isRedirected(httppost, response, context)); + } + + @Test public void testIsRedirectedSeeOther() throws Exception { final DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); final HttpClientContext context = HttpClientContext.create(); @@ -372,6 +384,27 @@ response.addHeader("Location", "http://localhost/stuff"); final HttpContext context1 = new BasicHttpContext(); final HttpUriRequest redirect1 = redirectStrategy.getRedirect( + new HttpTrace("http://localhost/"), response, context1); + Assert.assertEquals("TRACE", redirect1.getMethod()); + final HttpContext context2 = new BasicHttpContext(); + final HttpPost httppost = new HttpPost("http://localhost/"); + final HttpEntity entity = new BasicHttpEntity(); + httppost.setEntity(entity); + final HttpUriRequest redirect2 = redirectStrategy.getRedirect( + httppost, response, context2); + Assert.assertEquals("POST", redirect2.getMethod()); + Assert.assertTrue(redirect2 instanceof HttpEntityEnclosingRequest); + Assert.assertSame(entity, ((HttpEntityEnclosingRequest) redirect2).getEntity()); + } + + @Test + public void testGetRedirectRequestForPermanentRedirect() throws Exception { + final DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); + final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, + DefaultRedirectStrategy.SC_PERMANENT_REDIRECT, "Permanent Redirect"); + response.addHeader("Location", "http://localhost/stuff"); + final HttpContext context1 = new BasicHttpContext(); + final HttpUriRequest redirect1 = redirectStrategy.getRedirect( new HttpTrace("http://localhost/"), response, context1); Assert.assertEquals("TRACE", redirect1.getMethod()); final HttpContext context2 = new BasicHttpContext(); diff -Nru httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/impl/cookie/TestLaxCookieAttribHandlers.java httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/impl/cookie/TestLaxCookieAttribHandlers.java --- httpcomponents-client-4.5.11/httpclient/src/test/java/org/apache/http/impl/cookie/TestLaxCookieAttribHandlers.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/test/java/org/apache/http/impl/cookie/TestLaxCookieAttribHandlers.java 2020-04-17 09:15:58.000000000 +0000 @@ -115,6 +115,14 @@ Assert.assertEquals(0, c.get(Calendar.MILLISECOND)); } + @Test + public void testParseExpiryInvalidTime0() throws Exception { + final BasicClientCookie cookie = new BasicClientCookie("name", "value"); + final CookieAttributeHandler h = new LaxExpiresHandler(); + h.parse(cookie, null); + Assert.assertNull(cookie.getExpiryDate()); + } + @Test(expected = MalformedCookieException.class) public void testParseExpiryInvalidTime1() throws Exception { final BasicClientCookie cookie = new BasicClientCookie("name", "value"); diff -Nru httpcomponents-client-4.5.11/httpclient/src/test/resources/suffixlistmatcher.txt httpcomponents-client-4.5.13/httpclient/src/test/resources/suffixlistmatcher.txt --- httpcomponents-client-4.5.11/httpclient/src/test/resources/suffixlistmatcher.txt 2019-12-05 08:45:35.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient/src/test/resources/suffixlistmatcher.txt 2020-02-29 17:14:31.000000000 +0000 @@ -26,6 +26,8 @@ // ===BEGIN PRIVATE DOMAINS=== xx lan +appspot.com +s3.eu-central-1.amazonaws.com // ===END PRIVATE DOMAINS=== // ===BEGIN ICANN DOMAINS=== diff -Nru httpcomponents-client-4.5.11/httpclient-cache/pom.xml httpcomponents-client-4.5.13/httpclient-cache/pom.xml --- httpcomponents-client-4.5.11/httpclient-cache/pom.xml 2020-01-15 10:26:26.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient-cache/pom.xml 2020-10-03 14:45:08.000000000 +0000 @@ -28,7 +28,7 @@ org.apache.httpcomponents httpcomponents-client - 4.5.11 + 4.5.13 httpclient-cache Apache HttpClient Cache diff -Nru httpcomponents-client-4.5.11/httpclient-cache/src/main/java/org/apache/http/impl/client/cache/CacheEntryUpdater.java httpcomponents-client-4.5.13/httpclient-cache/src/main/java/org/apache/http/impl/client/cache/CacheEntryUpdater.java --- httpcomponents-client-4.5.11/httpclient-cache/src/main/java/org/apache/http/impl/client/cache/CacheEntryUpdater.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient-cache/src/main/java/org/apache/http/impl/client/cache/CacheEntryUpdater.java 2020-10-03 10:30:11.000000000 +0000 @@ -111,8 +111,9 @@ // Remove cache headers that match response for (final HeaderIterator it = response.headerIterator(); it.hasNext(); ) { final Header responseHeader = it.nextHeader(); - // Since we do not expect a content in a 304 response, should retain the original Content-Encoding header - if (HTTP.CONTENT_ENCODING.equals(responseHeader.getName())) { + // Since we do not expect a content in a 304 response, should retain the original Content-Encoding and Content-Length header + if (HTTP.CONTENT_ENCODING.equals(responseHeader.getName()) + || HTTP.CONTENT_LEN.equals(responseHeader.getName())) { continue; } final Header[] matchingHeaders = headerGroup.getHeaders(responseHeader.getName()); @@ -133,8 +134,9 @@ } for (final HeaderIterator it = response.headerIterator(); it.hasNext(); ) { final Header responseHeader = it.nextHeader(); - // Since we do not expect a content in a 304 response, should avoid updating Content-Encoding header - if (HTTP.CONTENT_ENCODING.equals(responseHeader.getName())) { + // Since we do not expect a content in a 304 response, should avoid updating Content-Encoding and Content-Length header + if (HTTP.CONTENT_ENCODING.equals(responseHeader.getName()) + || HTTP.CONTENT_LEN.equals(responseHeader.getName())) { continue; } headerGroup.addHeader(responseHeader); diff -Nru httpcomponents-client-4.5.11/httpclient-cache/src/test/java/org/apache/http/impl/client/cache/TestCacheEntryUpdater.java httpcomponents-client-4.5.13/httpclient-cache/src/test/java/org/apache/http/impl/client/cache/TestCacheEntryUpdater.java --- httpcomponents-client-4.5.11/httpclient-cache/src/test/java/org/apache/http/impl/client/cache/TestCacheEntryUpdater.java 2019-06-27 09:04:15.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient-cache/src/test/java/org/apache/http/impl/client/cache/TestCacheEntryUpdater.java 2020-10-03 10:30:11.000000000 +0000 @@ -260,6 +260,27 @@ headersNotContain(updatedHeaders, "Content-Encoding", "gzip"); } + @Test + public void testContentLengthIsNotAddedWhenTransferEncodingIsPresent() throws IOException { + final Header[] headers = { + new BasicHeader("Date", DateUtils.formatDate(requestDate)), + new BasicHeader("ETag", "\"etag\""), + new BasicHeader("Transfer-Encoding", "chunked")}; + + entry = HttpTestUtils.makeCacheEntry(headers); + response.setHeaders(new Header[]{ + new BasicHeader("Last-Modified", DateUtils.formatDate(responseDate)), + new BasicHeader("Cache-Control", "public"), + new BasicHeader("Content-Length", "0")}); + + final HttpCacheEntry updatedEntry = impl.updateCacheEntry(null, entry, + new Date(), new Date(), response); + + final Header[] updatedHeaders = updatedEntry.getAllHeaders(); + headersContain(updatedHeaders, "Transfer-Encoding", "chunked"); + headersNotContain(updatedHeaders, "Content-Length", "0"); + } + private void headersContain(final Header[] headers, final String name, final String value) { for (final Header header : headers) { if (header.getName().equals(name)) { diff -Nru httpcomponents-client-4.5.11/httpclient-osgi/pom.xml httpcomponents-client-4.5.13/httpclient-osgi/pom.xml --- httpcomponents-client-4.5.11/httpclient-osgi/pom.xml 2020-01-15 10:26:26.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient-osgi/pom.xml 2020-10-03 14:45:08.000000000 +0000 @@ -28,7 +28,7 @@ org.apache.httpcomponents httpcomponents-client - 4.5.11 + 4.5.13 httpclient-osgi Apache HttpClient OSGi bundle diff -Nru httpcomponents-client-4.5.11/httpclient-win/pom.xml httpcomponents-client-4.5.13/httpclient-win/pom.xml --- httpcomponents-client-4.5.11/httpclient-win/pom.xml 2020-01-15 10:26:26.000000000 +0000 +++ httpcomponents-client-4.5.13/httpclient-win/pom.xml 2020-10-03 14:45:08.000000000 +0000 @@ -28,7 +28,7 @@ org.apache.httpcomponents httpcomponents-client - 4.5.11 + 4.5.13 httpclient-win Apache HttpClient Windows features diff -Nru httpcomponents-client-4.5.11/httpmime/pom.xml httpcomponents-client-4.5.13/httpmime/pom.xml --- httpcomponents-client-4.5.11/httpmime/pom.xml 2020-01-15 10:26:26.000000000 +0000 +++ httpcomponents-client-4.5.13/httpmime/pom.xml 2020-10-03 14:45:08.000000000 +0000 @@ -28,7 +28,7 @@ org.apache.httpcomponents httpcomponents-client - 4.5.11 + 4.5.13 httpmime Apache HttpClient Mime diff -Nru httpcomponents-client-4.5.11/pom.xml httpcomponents-client-4.5.13/pom.xml --- httpcomponents-client-4.5.11/pom.xml 2020-01-15 10:26:26.000000000 +0000 +++ httpcomponents-client-4.5.13/pom.xml 2020-10-03 14:45:08.000000000 +0000 @@ -32,7 +32,7 @@ 4.0.0 httpcomponents-client Apache HttpComponents Client - 4.5.11 + 4.5.13 Apache HttpComponents Client is a library of components for building client side HTTP services http://hc.apache.org/httpcomponents-client-ga/ 1999 @@ -60,7 +60,7 @@ scm:git:https://git-wip-us.apache.org/repos/asf/httpcomponents-client.git scm:git:https://git-wip-us.apache.org/repos/asf/httpcomponents-client.git https://github.com/apache/httpcomponents-client/tree/${project.scm.tag} - 4.5.11 + 4.5.13 diff -Nru httpcomponents-client-4.5.11/RELEASE_NOTES.txt httpcomponents-client-4.5.13/RELEASE_NOTES.txt --- httpcomponents-client-4.5.11/RELEASE_NOTES.txt 2020-01-15 10:17:08.000000000 +0000 +++ httpcomponents-client-4.5.13/RELEASE_NOTES.txt 2020-10-03 10:30:59.000000000 +0000 @@ -1,3 +1,49 @@ +Release 4.5.13 +------------------- + +This is a maintenance release that fixes incorrect handling of malformed authority component +in request URIs. + + +Changelog: +------------------- + +* Incorrect handling of malformed authority component by URIUtils#extractHost. + Contributed by Oleg Kalnichevski + +* Avoid updating Content-Length header in a 304 response. + Contributed by Dirk Henselin + +* Bug fix: BasicExpiresHandler is annotated as immutable but is not (#239) + Contributed by Gary Gregory + +* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler (#222). + Contributed by heejeongkim + + +Release 4.5.12 +------------------- + +This is a maintenance release that fixes a regression introduced by the previous release +that caused rejection of certificates with non-standard domains. + +Changelog: +------------------- + +* HTTPCLIENT-2053: Add SC_PERMANENT_REDIRECT (308) to DefaultRedirectStrategy + Contributed by Michael Osipov + +* HTTPCLIENT-2052: Fixed redirection of entity enclosing requests with non-repeatable entities + Contributed by Oleg Kalnichevski + +* HTTPCLIENT-2047: Fixed regression in DefaultHostnameVerifier causing rejection of certificates + with non-standard domains. + Contributed by Oleg Kalnichevski + +* Bug fix: Fixed handling of private domains by PublicSuffixMatcher + Contributed by Oleg Kalnichevski + + Release 4.5.11 -------------------