DO NOT REPLY [Bug 46384] Due to missing synchronization, a member may disappear permanent.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46384 --- Comment #3 from Filip Hanik 2009-04-16 20:58:18 PST --- (In reply to comment #1) > Created an attachment (id=23501) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23501) [details] > Patch to fix this issue > > The attached patch should fix this although I haven't tested it. I don't think that patch will fix it. The key problem here is that if the sender thread gets locked up, it will stop broadcast the member itself, and other nodes will deem it gone. The only solution here is to not lock up the sender thread ever. The same goes for the receiver thread. The code is a bit of a sync spaghetti mess, but Tomcat 6.0 has the fix for this, that will prevent it from locking up these two threads. TC 6 also has secondary verification mechanism, that are unrelated to this. You'd be better off backporting the fix from Tomcat 6 to Tomcat 5 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
RE: compile tomcat on windows environment ?
Now it is OK i have compiled it successfully. what is the next ? -try to solve bugs or to get familiar with some APIs that Tomcat uses? how to know that some bugs is simple? what is the most important API that make me familiar with tomcat? thanks > > Mark Thomas wrote: > > Anas Ahmed wrote: > > > >> hello all, > >> must i have cygwin to compile tomcat on windows environment ?? > >> since i have exception with "ant download" command when download JDT. > >> > > > > Nope. It works for me. > > > > Mark > > > > > > > Anas, it is simply an ant task which works fine in a windows > environment. I would; > > 1) Confirm your ANT_HOME is setup correctly > 2) If you are behind a proxy or firewall > > Ant requires some slight configuration within settings.xml if 2) is the > case. > > RGS > Steve Y _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
Re: Difference b/w org.apache.tomcat.util.modeler.BaseModelMBean and org.apache.catalina.mbeans.ConnectorMBean
Is there no one in the community who has answer to this Question??? On Thu, Apr 16, 2009 at 5:24 PM, Ashish Jain wrote: > Hi dev's, > I am a newbie and recently started looking on to tomcat code. I am trying > to change the maxThreads attribute through Jconsole which seems to be > exposed by BaseModelMBean as well as ConnectorMBean. > Changing the value in one reflects the changes in other as well and vice > versa. My questions are > > Q1. Why do we have two different classes exposing same attribute, in our > case maxThreads? > > Q2. ConnectorMBean seems to be a child class of ClassNameMbean which inturn > is a child of BaseModelMBean. There is a setAttribute method defined in > BaseModelMBean as well as ConnectorMBean. > Why is that?? > > Q3. I also saw org.apache.tomcat.util.net.JIoEndpoint being called in both > the cases. How are we using this class for setting up the variable?? > > Please clarify I have already spent lot of time understanding this but > somehow I am not able to reach to a final conclusion. > > Thanks > Ashish > > >
Re: svn commit: r765764 - /tomcat/tc6.0.x/trunk/STATUS.txt
On Thu, 2009-04-16 at 23:09 +0100, Mark Thomas wrote: > Having now read Roy's comment on 39727 I'm leaning towards reverting > this patch and seeing what is possible following the Transfer-Encoding > route. I'll sleep on it in case a better idea occurs to me and come back > to this tomorrow. If you look at the Coyote code, you can probably guess I originally thought about compression using transfer-encoding (prepareRequest is rather obvious about that), and it did not work. Content-encoding did, though. I don't understand why giving an option to not send an ETag would not also be a solution. At least, if it does not, I do not understand how proxies are not broken. I also think proxies should be smarter, and assume serving of both a compressed and an uncompressed version, obviously using the same ETag (and send the right version depending on whether or not the client has compression). Otherwise, there's no way things can be efficient. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46384] Due to missing synchronization, a member may disappear permanent.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46384 --- Comment #2 from Sebb 2009-04-16 15:55:45 PST --- Might be an idea to make the field "memebrshipMutex" (sic) final, as otherwise the synchronisation is not guaranteed to work. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r765764 - /tomcat/tc6.0.x/trunk/STATUS.txt
r...@apache.org wrote: > + 0: remm (zzz) :) > * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47013 > @@ -258,12 +260,13 @@ >http://svn.apache.org/viewvc?rev=764985&view=rev >http://svn.apache.org/viewvc?rev=764997&view=rev >+1: markt > + -0: remm: Why should this be backported ? >-1: It is trivial so safe to backport, but equally unlikely to cause any issues so no need to backport. I lean towards backporting but I can see why others may disagree. > * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 > @@ -271,4 +274,10 @@ >Based on a patch by Oliver Schoett >http://svn.apache.org/viewvc?rev=765727&view=rev >+1: markt > - -1: > + -1: remm: A hack (from what I read in 39727, the proxy folks say they are > right that two representations of > + one resource should have different ETag; I disagree with that since it > makes ) I agree with the proxy folks in that each variant should have a different ETag from both my reading of the HTTP spec and the fact that caches do break. > + - how would the DefaultServlet match the ETag header sent in If > conditions with this hack ? Now that is a valid point. Since 46538 was raised and I reviewed the comments on 39727, Roy has added comment about on-the-fly encoding that makes a similar point. PUTs are similarly broken. > + - Tomcat does not do random compression, so unless the Connector > configuration changes, there should be no issue, > + so the issue is very rare, but will remove caching, so it has real > consequences (bad) We will see issues where clients access content via a cache and - noCompressionUserAgents includes some but not all clients - some clients (for whatever reason) cannot handle compression > + I would be +0 for Connector configuration to strip the ETag (since it > would be useless, that's the easiest solution), That still leaves us with the original issue as the proxies still won't be able to tell compressed and uncompressed apart. > + -1 for all other options since it has an impact and fixes an edge case Having now read Roy's comment on 39727 I'm leaning towards reverting this patch and seeing what is possible following the Transfer-Encoding route. I'll sleep on it in case a better idea occurs to me and come back to this tomorrow. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46252] Tomcat access log doesn't support Unicode
https://issues.apache.org/bugzilla/show_bug.cgi?id=46252 Mark Thomas changed: What|Removed |Added Severity|normal |enhancement --- Comment #1 from Mark Thomas 2009-04-16 14:38:59 PST --- I am curious as to which elements you are trying to log that require UTF-8. Most will be ISO-8859-1. The only exceptions I can think of are user name and session attribute values. I am concerned that whilst an access log is typically configured at the host level the user name encoding can vary from request to request (if you are using FORM) and session attributes are under no obligation to use a single consistent encoding. Therefore, it would be rather difficult to ensure the correct logging of each of these elements. Given the above I am not in favour of using UTF-8 by default. However, I can see the potential of making the encoding configurable with the default being the current behaviour. Therefore, I am marking this as an enhancement. Patches are always very welcome and if you are interested in writing such a patch and need any assistance feel free to ask on the dev list. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46538] ETag must differ between compressed and uncompressed resource versions
https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 --- Comment #7 from Remy Maucherat 2009-04-16 14:35:15 PST --- Well, that does not sound very smart (and I had read that on the httpd bug, sigh ...). But overall, I do think the patch is bad (see status file). -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765766 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: remm Date: Thu Apr 16 21:27:16 2009 New Revision: 765766 URL: http://svn.apache.org/viewvc?rev=765766&view=rev Log: - Votes part 2. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=765766&r1=765765&r2=765766&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 16 21:27:16 2009 @@ -101,19 +101,19 @@ http://svn.apache.org/viewvc?rev=758365&view=rev Try and support java encoding names when using an xml parser provided via the endorsed mechanism - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46875 http://svn.apache.org/viewvc?rev=758407&view=rev Catch possible ISE as a result of session expiration in comet valve - +1: markt, rjung + +1: markt, rjung, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46822 http://svn.apache.org/viewvc?rev=758616&view=rev Remove unnecessary object creation in StandardContext - +1: markt, rjung + +1: markt, rjung, remm -1: rjung: firePropertyChange() creates a PropertyChangeEvent, which only has object type arguments in the constructor. Brief inspection of the Sun JDK @@ -122,12 +122,13 @@ So in general there will be no object creation safed, although in some cases we use e.g. "new Boolean" instead of Boolean.valueOf(), so there might be some savings. + remm: yes, it's not going to do anything useful ;) * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46915 When resolving ResourceBundle properties, don't claim to have resolved the property unless we really have resolved it. http://svn.apache.org/viewvc?rev=758664&view=rev - +1: markt, rjung + +1: markt, rjung, remm -1: rjung: r758664 (above URL) contains strange whitespace. Seems tabs are mixed with spaces. @@ -136,7 +137,7 @@ Prevent double init() of JSP Patch provided by Chris Halstead http://svn.apache.org/viewvc?view=rev&revision=759074 - +1: markt, rjung + +1: markt, rjung, remm -1: * Fix some failures when testing WebDAV with litmus test suite - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765764 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: remm Date: Thu Apr 16 21:24:19 2009 New Revision: 765764 URL: http://svn.apache.org/viewvc?rev=765764&view=rev Log: - Votes. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=765764&r1=765763&r2=765764&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 16 21:24:19 2009 @@ -141,42 +141,42 @@ * Fix some failures when testing WebDAV with litmus test suite http://svn.apache.org/viewvc?view=rev&revision=761601 - +1: markt + +1: markt, remm -1: * Update native to 1.1.16 http://svn.apache.org/viewvc?view=rev&revision=762868 - +1: markt + +1: markt, remm -1: * Fix .exe and .pdf corruption in -src.tar.gz bundle http://svn.apache.org/viewvc?view=rev&revision=762936 - +1: markt + +1: markt, remm -1: * Enable running of Tomcat directly from build directory on linux http://svn.apache.org/viewvc?view=rev&revision=762937 http://svn.apache.org/viewvc?view=rev&revision=762929 - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46982 Correct report DST offset in access logs http://svn.apache.org/viewvc?rev=763166&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46933 Simplify StringManager using Java 5. Includes test case. Based on a patch by Jens Kapitza http://svn.apache.org/viewvc?rev=763183&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46958 Allow xml manager status to work irrespective of context path http://svn.apache.org/viewvc?rev=763193&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46967 @@ -198,12 +198,13 @@ Patch provided by s...@a.o http://svn.apache.org/viewvc?rev=763298&view=rev +1: markt + 0: remm (zzz) -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46991 Update counters before request is re-cycled http://svn.apache.org/viewvc?rev=763302&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46509 @@ -216,13 +217,14 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46562 Close the reader in the SSI servlet when we are done http://svn.apache.org/viewvc?rev=763599&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46909 Only include ';' in type attribute if there is a parameter http://svn.apache.org/viewvc?rev=763611&view=rev +1: markt + 0: remm (zzz) -1: * https://issues.apache.org/bugzilla/show_bug.cgi?id=46984 @@ -235,14 +237,14 @@ ArrayIndexOutOfBoundsException when using org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true Patch provided by Konstantin Kolinko - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42579 Handle both relative and absolute search results Patch provided by Brandon DuRette http://svn.apache.org/viewvc?rev=763706&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42390 @@ -250,7 +252,7 @@ "AT_BEGIN" scope Patch provided by Konstantin Kolinko http://svn.apache.org/viewvc?rev=763717&view=rev - +1: markt + +1: markt, remm (risky ...) -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47013 @@ -258,12 +260,13 @@ http://svn.apache.org/viewvc?rev=764985&view=rev http://svn.apache.org/viewvc?rev=764997&view=rev +1: markt + -0: remm: Why should this be backported ? -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37929 Invalidated session causes pageContext methods to fail http://svn.apache.org/viewvc?rev=765662&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 @@ -271,4 +274,10 @@ Based on a patch by Oliver Schoett http://svn.apache.org/viewvc?rev=765727&view=rev +1: markt - -1: + -1: remm: A hack (from what I read in 39727, the proxy folks say they are right that two representations of + one resource should have different ETag; I disagree with that since it makes ) + - how would the DefaultServlet match the ETag header sent in If conditions with this hack ? + - Tomcat does not do random compression, so unless the Connector configuration changes, there should be no issue, + so the issue is very rare, but will remove caching, so it has real consequences (bad) + I would be +0 for Connector configuration to strip the ETag (since it would be useless, that's the easiest solution), + -1 for all other options since it has an impact and fixes an edge case -
DO NOT REPLY [Bug 46538] ETag must differ between compressed and uncompressed resource versions
https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 --- Comment #6 from Mark Thomas 2009-04-16 14:16:56 PST --- The I suggest you read section 14.19 of RFC 2616 that makes it quite clear ETags are per variant not per resource. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46538] ETag must differ between compressed and uncompressed resource versions
https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 --- Comment #5 from Remy Maucherat 2009-04-16 13:57:58 PST --- I disagree with this. Regardless on what happens with the transport, the entity does not change once it is decoded. -1 for this "fix". -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765758 - /tomcat/current/tc5.5.x/STATUS.txt
Author: markt Date: Thu Apr 16 20:51:08 2009 New Revision: 765758 URL: http://svn.apache.org/viewvc?rev=765758&view=rev Log: Propose fix for 46384 Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=765758&r1=765757&r2=765758&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Thu Apr 16 20:51:08 2009 @@ -266,3 +266,10 @@ Align mbean with implementation +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46384 + Use sync when adding and removing members + Note: Untested + https://issues.apache.org/bugzilla/attachment.cgi?id=23501 + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46384] Due to missing synchronization, a member may disappear permanent.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46384 --- Comment #1 from Mark Thomas 2009-04-16 13:49:55 PST --- Created an attachment (id=23501) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23501) Patch to fix this issue The attached patch should fix this although I haven't tested it. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 47032] /status/all fails if using PersistentManager
https://issues.apache.org/bugzilla/show_bug.cgi?id=47032 --- Comment #1 from Mark Thomas 2009-04-16 13:09:00 PST --- I have proposed the same fix for 5.5.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765740 - /tomcat/current/tc5.5.x/STATUS.txt
Author: markt Date: Thu Apr 16 20:08:48 2009 New Revision: 765740 URL: http://svn.apache.org/viewvc?rev=765740&view=rev Log: Propose fix for 47032 Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=765740&r1=765739&r2=765740&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Thu Apr 16 20:08:48 2009 @@ -260,3 +260,9 @@ http://svn.apache.org/viewvc?view=rev&revision=762868 +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47032 + http://svn.apache.org/viewvc?rev=751295&view=rev + Align mbean with implementation + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46950] SSL renegotiation does not occur when resource with CLIENT-CERT auth is requested
https://issues.apache.org/bugzilla/show_bug.cgi?id=46950 --- Comment #7 from Mark Thomas 2009-04-16 12:37:33 PST --- This is going to require a change to the APR/native connector. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46538] ETag must differ between compressed and uncompressed resource versions
https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 --- Comment #4 from Mark Thomas 2009-04-16 12:34:10 PST --- Thanks for the patch. I have applied a modified version of it to trunk that also extended it to the NIO and APR connectors. The extended patch has been proposed for 6.0.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765728 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Thu Apr 16 19:33:24 2009 New Revision: 765728 URL: http://svn.apache.org/viewvc?rev=765728&view=rev Log: propose fix for 46538 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=765728&r1=765727&r2=765728&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 16 19:33:24 2009 @@ -260,8 +260,15 @@ +1: markt -1: - * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37929 +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37929 Invalidated session causes pageContext methods to fail http://svn.apache.org/viewvc?rev=765662&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 + ETag must vary between compressed and uncompressed versions. + Based on a patch by Oliver Schoett + http://svn.apache.org/viewvc?rev=765727&view=rev + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765727 - in /tomcat/trunk/java/org/apache/coyote/http11: Constants.java Http11AprProcessor.java Http11NioProcessor.java Http11Processor.java
Author: markt Date: Thu Apr 16 19:31:57 2009 New Revision: 765727 URL: http://svn.apache.org/viewvc?rev=765727&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46538 ETag must vary between compressed and uncompressed versions. Based on a patch by Oliver Schoett Modified: tomcat/trunk/java/org/apache/coyote/http11/Constants.java tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Modified: tomcat/trunk/java/org/apache/coyote/http11/Constants.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Constants.java?rev=765727&r1=765726&r2=765727&view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Constants.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Constants.java Thu Apr 16 19:31:57 2009 @@ -148,7 +148,10 @@ ByteChunk.convertToBytes("400"); public static final byte[] _404_BYTES = ByteChunk.convertToBytes("404"); - +public static final String VARY = "Vary"; +public static final String VARY_UNSPECIFIED = "*"; +public static final String ACCEPT_ENCODING = "Accept-Encoding"; +public static final String ETAG = "ETag"; /** * Identity filters (input and output). Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=765727&r1=765726&r2=765727&view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Thu Apr 16 19:31:57 2009 @@ -1486,16 +1486,9 @@ /** - * Check for compression + * Check if browser allows compression */ -private boolean isCompressable() { - -// Nope Compression could works in HTTP 1.0 also -// cf: mod_deflate - -// Compression only since HTTP 1.1 -// if (! http11) -//return false; +private boolean isCompressableBrowser() { // Check if browser support gzip encoding MessageBytes acceptEncodingMB = @@ -1505,15 +1498,7 @@ || (acceptEncodingMB.indexOf("gzip") == -1)) return false; -// Check if content is not allready gzipped -MessageBytes contentEncodingMB = -response.getMimeHeaders().getValue("Content-Encoding"); - -if ((contentEncodingMB != null) -&& (contentEncodingMB.indexOf("gzip") != -1)) -return false; - -// If force mode, allways compress (test purposes only) +// If force mode, always compress (test purposes only) if (compressionLevel == 2) return true; @@ -1530,8 +1515,23 @@ return false; } } +return true; +} + +/* + * Check if response allows compression + */ +private boolean isCompressableResponse() { + +// Check if content is not already gzipped +MessageBytes contentEncodingMB = +response.getMimeHeaders().getValue("Content-Encoding"); -// Check if suffisant len to trig the compression +if ((contentEncodingMB != null) +&& (contentEncodingMB.indexOf("gzip") != -1)) +return false; + +// Check if sufficient length to trigger the compression long contentLength = response.getContentLengthLong(); if ((contentLength == -1) || (contentLength > compressionMinSize)) { @@ -1598,18 +1598,35 @@ ((Long) request.getAttribute("org.apache.tomcat.sendfile.end")).longValue(); } } - + +MimeHeaders headers = response.getMimeHeaders(); + // Check for compression boolean useCompression = false; if (entityBody && (compressionLevel > 0) && (sendfileData == null)) { -useCompression = isCompressable(); +if (isCompressableResponse()) { +// Always send the Vary header when response could be compressed +MessageBytes varyHeader = headers.getValue(Constants.VARY); +if (varyHeader == null) { +headers.addValue(Constants.VARY).setString( +Constants.ACCEPT_ENCODING); +} else { +if (varyHeader.indexOf(Constants.ACCEPT_ENCODING) == -1 && +!varyHeader.equals(Constants.VARY_UNSPECIFIED)) { +varyHeader.setString(varyHeader.toString() + "," + +Constants.ACCEPT_ENCODING); +} +} +}
svn commit: r765695 - in /tomcat/trunk/java/org/apache/coyote/http11: Http11NioProcessor.java Http11NioProtocol.java
Author: markt Date: Thu Apr 16 17:28:48 2009 New Revision: 765695 URL: http://svn.apache.org/viewvc?rev=765695&view=rev Log: Drop unused fields Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=765695&r1=765694&r2=765695&view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Thu Apr 16 17:28:48 2009 @@ -84,7 +84,7 @@ // --- Constructors -public Http11NioProcessor(int rxBufSize, int txBufSize, int maxHttpHeaderSize, NioEndpoint endpoint) { +public Http11NioProcessor(int maxHttpHeaderSize, NioEndpoint endpoint) { this.endpoint = endpoint; Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?rev=765695&r1=765694&r2=765695&view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Thu Apr 16 17:28:48 2009 @@ -794,8 +794,6 @@ public Http11NioProcessor createProcessor() { Http11NioProcessor processor = new Http11NioProcessor( - 0, - 0, proto.maxHttpHeaderSize, proto.ep); processor.setAdapter(proto.adapter); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765667 - /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
Author: rjung Date: Thu Apr 16 15:34:20 2009 New Revision: 765667 URL: http://svn.apache.org/viewvc?rev=765667&view=rev Log: Add all disclosed CVEs for mod_jk to changelog. Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?rev=765667&r1=765666&r2=765667&view=diff == --- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Thu Apr 16 15:34:20 2009 @@ -246,7 +246,9 @@ connection timeout but higher operational timeouts. (mturk) -AJP13: Always send initial POST packet even if the client +AJP13: +[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519";>CVE-2008-5519] +Always send initial POST packet even if the client disconnected after sending request but before providing POST data. In that case or in case the client broke the connection in a middle of read send an zero size packet @@ -806,6 +808,9 @@ + [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450";>CVE-2007-0450] + and + [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860";>CVE-2007-1860]: Change the default value of JkOptions to ForwardURICompatUnparsed. The old default value was ForwardURICompat. This should make URL interpretation between Apache httpd and @@ -936,8 +941,8 @@ -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>CVE-2007-0774 -: A denial of service and critical remote code execution vulnerability. +[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>CVE-2007-0774]: +A denial of service and critical remote code execution vulnerability. Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes. Reported by ZDI (www.zerodayintiative.com). Please note this issue only affected versions 1.2.19 and 1.2.20 of the @@ -1511,7 +1516,9 @@ snprintf functions. (mturk) - 38859: Protect mod_jk against buggy or malicious + 38859: + [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7197";>CVE-2006-7197] + Protect mod_jk against buggy or malicious AJP servers in the backend. Patch provided by Ruediger Pluem. (mturk) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 37929] invalidated session causes pageContext methods to fail
https://issues.apache.org/bugzilla/show_bug.cgi?id=37929 --- Comment #8 from Mark Thomas 2009-04-16 08:22:44 PST --- Thanks for the report and the research. This has been fixed in trunk and proposed for 6.0.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765664 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Thu Apr 16 15:22:41 2009 New Revision: 765664 URL: http://svn.apache.org/viewvc?rev=765664&view=rev Log: Propose fix for 37929 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=765664&r1=765663&r2=765664&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 16 15:22:41 2009 @@ -259,3 +259,9 @@ http://svn.apache.org/viewvc?rev=764997&view=rev +1: markt -1: + + * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37929 + Invalidated session causes pageContext methods to fail + http://svn.apache.org/viewvc?rev=765662&view=rev + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46907] Jasper with log4j in web-app classpath and debug level enabled prevents reading HTTP POST stream from JSP
https://issues.apache.org/bugzilla/show_bug.cgi?id=46907 --- Comment #9 from Mark Thomas 2009-04-16 08:21:16 PST --- It will depend what the patch looks like. Create a patch and one of us will take a look. If the patch is OK, we'll propose it for 5.5.x. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46907] Jasper with log4j in web-app classpath and debug level enabled prevents reading HTTP POST stream from JSP
https://issues.apache.org/bugzilla/show_bug.cgi?id=46907 --- Comment #8 from Kirk True 2009-04-16 08:18:00 PST --- I was able to reproduce this with 5.5.26 (the OP's stated version) and 5.5.27 (the current latest 5.5.x version). However, versions 6.0.0-alpha through to 6.0.18 (the current latest 6.0.x version) as well as the trunk do not exhibit this behavior. So a question for the Tomcat developers, do we want to fix this for 5.5.x or do we instead suggest the user upgrade? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765662 - /tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
Author: markt Date: Thu Apr 16 15:16:43 2009 New Revision: 765662 URL: http://svn.apache.org/viewvc?rev=765662&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37929 by restoring r357410 that was lost in r379417 Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=765662&r1=765661&r2=765662&view=diff == --- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original) +++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr 16 15:16:43 2009 @@ -423,8 +423,13 @@ return REQUEST_SCOPE; if (session != null) { - if (session.getAttribute(name) != null) - return SESSION_SCOPE; + try { + if (session.getAttribute(name) != null) + return SESSION_SCOPE; + } catch(IllegalStateException ise) { + // Session has been invalidated. + // Ignore and fall through to application scope. + } } if (context.getAttribute(name) != null) @@ -467,7 +472,12 @@ return o; if (session != null) { - o = session.getAttribute(name); + try { + o = session.getAttribute(name); + } catch(IllegalStateException ise) { + // Session has been invalidated. + // Ignore and fall through to application scope. + } if (o != null) return o; } @@ -531,17 +541,17 @@ } private void doRemoveAttribute(String name) { - try { - removeAttribute(name, PAGE_SCOPE); - removeAttribute(name, REQUEST_SCOPE); - if (session != null) { - removeAttribute(name, SESSION_SCOPE); - } - removeAttribute(name, APPLICATION_SCOPE); - } catch (Exception ex) { - // we remove as much as we can, and - // simply ignore possible exceptions - } + removeAttribute(name, PAGE_SCOPE); + removeAttribute(name, REQUEST_SCOPE); + if( session != null ) { + try { + removeAttribute(name, SESSION_SCOPE); + } catch(IllegalStateException ise) { + // Session has been invalidated. + // Ignore and fall throw to application scope. + } + } + removeAttribute(name, APPLICATION_SCOPE); } public JspWriter getOut() { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765658 - in /tomcat/trunk/java: javax/servlet/jsp/el/ELException.java org/apache/jasper/runtime/PageContextImpl.java
Author: markt Date: Thu Apr 16 14:57:40 2009 New Revision: 765658 URL: http://svn.apache.org/viewvc?rev=765658&view=rev Log: Clean up some deprecated code Modified: tomcat/trunk/java/javax/servlet/jsp/el/ELException.java tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Modified: tomcat/trunk/java/javax/servlet/jsp/el/ELException.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/jsp/el/ELException.java?rev=765658&r1=765657&r2=765658&view=diff == --- tomcat/trunk/java/javax/servlet/jsp/el/ELException.java (original) +++ tomcat/trunk/java/javax/servlet/jsp/el/ELException.java Thu Apr 16 14:57:40 2009 @@ -25,13 +25,7 @@ * @deprecated */ public class ELException extends Exception { -// - -// Member variables -// - -private Throwable mRootCause; - -// - /** * Creates an ELException with no detail message. **/ @@ -39,7 +33,6 @@ super(); } -// - /** * Creates an ELException with the provided detail message. * @@ -50,7 +43,6 @@ super(pMessage); } -// - /** * Creates an ELException with the given root cause. * @@ -58,8 +50,7 @@ *the originating cause of this exception **/ public ELException(Throwable pRootCause) { -super(pRootCause.getLocalizedMessage()); -mRootCause = pRootCause; +super(pRootCause); } // - @@ -72,8 +63,7 @@ *the originating cause of this exception **/ public ELException(String pMessage, Throwable pRootCause) { -super(pMessage); -mRootCause = pRootCause; +super(pMessage, pRootCause); } // - @@ -83,6 +73,6 @@ * @return the root cause of this exception */ public Throwable getRootCause() { -return mRootCause; +return getCause(); } } Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=765658&r1=765657&r2=765658&view=diff == --- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original) +++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr 16 14:57:40 2009 @@ -845,9 +845,9 @@ Throwable rootCause = null; if (t instanceof JspException) { - rootCause = ((JspException) t).getRootCause(); + rootCause = ((JspException) t).getCause(); } else if (t instanceof ELException) { - rootCause = ((ELException) t).getRootCause(); + rootCause = ((ELException) t).getCause(); } if (rootCause != null) { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765655 - /tomcat/trunk/java/javax/servlet/jsp/el/ELException.java
Author: markt Date: Thu Apr 16 14:52:07 2009 New Revision: 765655 URL: http://svn.apache.org/viewvc?rev=765655&view=rev Log: Fix formatting before I make some other changes Modified: tomcat/trunk/java/javax/servlet/jsp/el/ELException.java Modified: tomcat/trunk/java/javax/servlet/jsp/el/ELException.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/jsp/el/ELException.java?rev=765655&r1=765654&r2=765655&view=diff == --- tomcat/trunk/java/javax/servlet/jsp/el/ELException.java (original) +++ tomcat/trunk/java/javax/servlet/jsp/el/ELException.java Thu Apr 16 14:52:07 2009 @@ -1,93 +1,88 @@ /* -* Licensed to the Apache Software Foundation (ASF) under one or more -* contributor license agreements. See the NOTICE file distributed with -* this work for additional information regarding copyright ownership. -* The ASF licenses this file to You under the Apache License, Version 2.0 -* (the "License"); you may not use this file except in compliance with -* the License. You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package javax.servlet.jsp.el; - /** - * Represents any of the exception conditions that arise during the - * operation evaluation of the evaluator. - * + * Represents any of the exception conditions that arise during the operation + * evaluation of the evaluator. + * * @since 2.0 * @deprecated */ -public class ELException - extends Exception -{ - //- - // Member variables - //- - - private Throwable mRootCause; - - //- - /** - * Creates an ELException with no detail message. - **/ - public ELException () - { -super (); - } - - //- - /** - * Creates an ELException with the provided detail message. - * - * @param pMessage the detail message - **/ - public ELException (String pMessage) - { -super (pMessage); - } - - //- - /** - * Creates an ELException with the given root cause. - * - * @param pRootCause the originating cause of this exception - **/ - public ELException (Throwable pRootCause) - { -super( pRootCause.getLocalizedMessage() ); -mRootCause = pRootCause; - } - - //- - /** - * Creates an ELException with the given detail message and root cause. - * - * @param pMessage the detail message - * @param pRootCause the originating cause of this exception - **/ - public ELException (String pMessage, - Throwable pRootCause) - { -super (pMessage); -mRootCause = pRootCause; - } - - //- - /** - * Returns the root cause. - * - * @return the root cause of this exception - */ - public Throwable getRootCause () - { -return mRootCause; - } +public class ELException extends Exception { +// - +// Member variables +// - + +private Throwable mRootCause; + +// - +/** + * Creates an ELException with no detail message. + **/ +public ELException() { +super(); +} + +// - +/** + * Creates an ELException with the provided detail message. + * + * @param pMessage + *the detail message + **/ +public ELException(String pMessage) { +super(pMessage); +} + +// - +/** + * Creates an ELException with the given root cause. + * + * @param pRootCause + *the originating cause of t
Re: Any way to fix bug 46950 without a change to tcnative?
On Thu, 2009-04-16 at 11:38 +0100, Mark Thomas wrote: > Thanks for the confirmation. The request is already read and buffered. > We 'just' need to renegotiation to require an SSL cert. > > I'll try and take a look at this but I'll probably need some help with > the C code. First step will be to get tcnative building and I haven't > looked at that since I moved to 64-bit Windows. > > All good fun :) About the "eat the bytes" part, the code is the same between java.io and APR. See the ACTION_REQ_SSL_CERTIFICATE action and the use of the buffered filter. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Difference b/w org.apache.tomcat.util.modeler.BaseModelMBean and org.apache.catalina.mbeans.ConnectorMBean
Hi dev's, I am a newbie and recently started looking on to tomcat code. I am trying to change the maxThreads attribute through Jconsole which seems to be exposed by BaseModelMBean as well as ConnectorMBean. Changing the value in one reflects the changes in other as well and vice versa. My questions are Q1. Why do we have two different classes exposing same attribute, in our case maxThreads? Q2. ConnectorMBean seems to be a child class of ClassNameMbean which inturn is a child of BaseModelMBean. There is a setAttribute method defined in BaseModelMBean as well as ConnectorMBean. Why is that?? Q3. I also saw org.apache.tomcat.util.net.JIoEndpoint being called in both the cases. How are we using this class for setting up the variable?? Please clarify I have already spent lot of time understanding this but somehow I am not able to reach to a final conclusion. Thanks Ashish
Re: Any way to fix bug 46950 without a change to tcnative?
William A. Rowe, Jr. wrote: > William A. Rowe, Jr. wrote: >> Mark Thomas wrote: >>> Folks, >>> >>> I have been looking at bug 46950 [1]. Everything is fine with the BIO >>> connector but with APR the renegotiation fails to trigger a request for >>> the user's certificate. I assume that this is because the socket is >>> still associated with an SSLContext where the SSLVerifyClient is >>> something other than "require". >>> >>> I can't see any obvious ways to fix this without either modifying the >>> native code or adding a new method to the native interface. Can anyone >>> see differently? Any pointers to a pure Java solution would be great. >> I'd expect this to be solved in tcnative, at least exposing the correct >> hooks. It's non-trivial, you might have a look at how mod_ssl handles >> renegotiation. > > I meant to add... > > tcnative or otherwise, it's critical to exhaust the client's transmission > prior to initiating the renegotiation sequence. Often this means slurping > the entire contents of the POST body prior to negotiating the client cert. Thanks for the confirmation. The request is already read and buffered. We 'just' need to renegotiation to require an SSL cert. I'll try and take a look at this but I'll probably need some help with the C code. First step will be to get tcnative building and I haven't looked at that since I moved to 64-bit Windows. All good fun :) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765561 - /tomcat/current/tc5.5.x/STATUS.txt
Author: markt Date: Thu Apr 16 10:33:00 2009 New Revision: 765561 URL: http://svn.apache.org/viewvc?rev=765561&view=rev Log: Split patches as requested by jfclere jfclere: I took the liberty of changing your -1 to +1 for the port less httpOnly as per your comment. Obviously, feel free to revert this if I misunderstood your will or intentions. Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=765561&r1=765560&r2=765561&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Thu Apr 16 10:33:00 2009 @@ -164,10 +164,16 @@ -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46597 - Port all cookie changes from 6.0.x - https://issues.apache.org/bugzilla/attachment.cgi?id=23421 + Port all cookie changes (less httpOnly) from 6.0.x + https://issues.apache.org/bugzilla/attachment.cgi?id=23498 + +1: markt, jfclere + -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44382 + Port httpOnly support from 6.0.x + https://issues.apache.org/bugzilla/attachment.cgi?id=23497 +1: markt - -1: jfclere (I would like to vote +1 if but the HttpOnly is a new feature). + -1: * Fix locking in cluster/tcp/FastAsyncSocketSender: Locking in DataSender and the sub class FastAsyncSocketSender - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46597] Not all cookie changes in 6.0.x branch have been ported to 5.5.x
https://issues.apache.org/bugzilla/show_bug.cgi?id=46597 Mark Thomas changed: What|Removed |Added Attachment #23421|0 |1 is obsolete|| --- Comment #6 from Mark Thomas 2009-04-16 03:24:24 PST --- Created an attachment (id=23498) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23498) New patch without httpOnly support As requested, a new patch minus httponly support is attached -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 44382] Need to add support for HTTPOnly session cookie parameter
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382 Mark Thomas changed: What|Removed |Added Attachment #21736|0 |1 is obsolete|| Attachment #21737|0 |1 is obsolete|| Attachment #21741|0 |1 is obsolete|| Attachment #21742|0 |1 is obsolete|| --- Comment #19 from Mark Thomas 2009-04-16 03:23:37 PST --- Created an attachment (id=23497) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23497) Port of httpOnly to 5.5.x Note that the implementation was subsequently changed to do the configuration on the Context element rather than the Manager. I have also attached a port of the Tomcat 6.0.x implementation to Tomcat 5.5.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765558 - /tomcat/trunk/java/org/apache/catalina/startup/Embedded.java
Author: markt Date: Thu Apr 16 10:08:39 2009 New Revision: 765558 URL: http://svn.apache.org/viewvc?rev=765558&view=rev Log: Remove unnecessary tests Modified: tomcat/trunk/java/org/apache/catalina/startup/Embedded.java Modified: tomcat/trunk/java/org/apache/catalina/startup/Embedded.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/Embedded.java?rev=765558&r1=765557&r2=765558&view=diff == --- tomcat/trunk/java/org/apache/catalina/startup/Embedded.java (original) +++ tomcat/trunk/java/org/apache/catalina/startup/Embedded.java Thu Apr 16 10:08:39 2009 @@ -828,8 +828,7 @@ // Start our defined Connectors second for (int i = 0; i < connectors.length; i++) { connectors[i].initialize(); -if (connectors[i] instanceof Lifecycle) -((Lifecycle) connectors[i]).start(); +((Lifecycle) connectors[i]).start(); } } @@ -857,8 +856,7 @@ // Stop our defined Connectors first for (int i = 0; i < connectors.length; i++) { -if (connectors[i] instanceof Lifecycle) -((Lifecycle) connectors[i]).stop(); +((Lifecycle) connectors[i]).stop(); } // Stop our defined Engines second - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765555 - /tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java
Author: markt Date: Thu Apr 16 10:07:07 2009 New Revision: 76 URL: http://svn.apache.org/viewvc?rev=76&view=rev Log: Remove unused method that introduced an additional parameter that was then ignored. Modified: tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java Modified: tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java?rev=76&r1=765554&r2=76&view=diff == --- tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java (original) +++ tomcat/trunk/java/org/apache/catalina/startup/ClassLoaderFactory.java Thu Apr 16 10:07:07 2009 @@ -79,34 +79,6 @@ File packed[], ClassLoader parent) throws Exception { -return createClassLoader(unpacked, packed, null, parent); -} - - -/** - * Create and return a new class loader, based on the configuration - * defaults and the specified directory paths: - * - * @param unpacked Array of pathnames to unpacked directories that should - * be added to the repositories of the class loader, or null - * for no unpacked directories to be considered - * @param packed Array of pathnames to directories containing JAR files - * that should be added to the repositories of the class loader, - * or null for no directories of JAR files to be considered - * @param urls Array of URLs to remote repositories, designing either JAR - * resources or uncompressed directories that should be added to - * the repositories of the class loader, or null for no - * directories of JAR files to be considered - * @param parent Parent class loader for the new class loader, or - * null for the system class loader. - * - * @exception Exception if an error occurs constructing the class loader - */ -public static ClassLoader createClassLoader(File unpacked[], -File packed[], -URL urls[], -ClassLoader parent) -throws Exception { if (log.isDebugEnabled()) log.debug("Creating new class loader"); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=45255 Richard Neish changed: What|Removed |Added CC||richa...@richardneish.org -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46597] Not all cookie changes in 6.0.x branch have been ported to 5.5.x
https://issues.apache.org/bugzilla/show_bug.cgi?id=46597 --- Comment #5 from jfclere 2009-04-16 02:40:48 PST --- I think the HttpOnly in the patch is a new feature it should go in another error report. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r765533 - /tomcat/current/tc5.5.x/STATUS.txt
Author: jfclere Date: Thu Apr 16 09:17:58 2009 New Revision: 765533 URL: http://svn.apache.org/viewvc?rev=765533&view=rev Log: Remove mine and vote Mark one. Well I don't want the HttpOnly in the same patch because that is a new feature. Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=765533&r1=765532&r2=765533&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Thu Apr 16 09:17:58 2009 @@ -167,7 +167,7 @@ Port all cookie changes from 6.0.x https://issues.apache.org/bugzilla/attachment.cgi?id=23421 +1: markt - -1: + -1: jfclere (I would like to vote +1 if but the HttpOnly is a new feature). * Fix locking in cluster/tcp/FastAsyncSocketSender: Locking in DataSender and the sub class FastAsyncSocketSender @@ -254,20 +254,3 @@ http://svn.apache.org/viewvc?view=rev&revision=762868 +1: markt -1: - -* Fix typo in connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java -+++ -@@ -340,7 +340,7 @@ - throw new IllegalArgumentException("Control character in cookie -value, consider BASE64 encoding your value"); - else if (alreadyQuoted(value)) { - buf.append('"'); --buf.append(escapeDoubleQuotes(value,1,value.length()-1)); buf.append('"'); -+buf.append(escapeDoubleQuotes(value,1,value.length()-1)); - buf.append('"'); - } else if (version==0 && !isToken(value)) { - buf.append('"'); -+++ - +1: jfclere - -1: markt - This is already included in the port of all 6.0.x cookie changes above - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Need Support
Hemant Garg - Futech wrote: > Then how it is possible can you please tell me? This thread belongs on the users list, not on the dev list. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
RE: Need Support
Then how it is possible can you please tell me? -Original Message- From: sura [mailto:suranjit...@yahoo.com] Sent: Thursday, April 16, 2009 10:41 AM To: Tomcat Developers List Subject: Re: Need Support Directly You can't http://www.theserverside.net/news/thread.tss?thread_id=34139 From: Hemant Garg - Futech To: "dev@tomcat.apache.org" Sent: Thursday, April 16, 2009 12:34:07 PM Subject: Need Support Dear Sir, Can be use Apache tomcat to deploy .NET application? Thanks Hemant Garg Private & confidential. This communication, and the information contained herein is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please delete this message immediately and please note that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone or by return email immediately. The views and opinions expressed above are the views of the individual sender, and are not necessarily those of Noor Islamic Bank PJSC. Private & confidential. This communication, and the information contained herein is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please delete this message immediately and please note that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone or by return email immediately. The views and opinions expressed above are the views of the individual sender, and are not necessarily those of Noor Islamic Bank PJSC. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org