svn commit: r518918 - in /tomcat/connectors/trunk/procrun/bin: amd64/ amd64/tomcat5.exe amd64/tomcat5w.exe ia64/ ia64/tomcat5.exe ia64/tomcat5w.exe tomcat5.exe tomcat5.exe.amd64 tomcat5w.exe tomcat5w.

[mturk]

Author: mturk
Date: Fri Mar 16 03:20:07 2007
New Revision: 518918

URL: http://svn.apache.org/viewvc?view=rev&rev=518918
Log:
Update latest binaries

Added:
tomcat/connectors/trunk/procrun/bin/amd64/
tomcat/connectors/trunk/procrun/bin/amd64/tomcat5.exe   (with props)
tomcat/connectors/trunk/procrun/bin/amd64/tomcat5w.exe   (with props)
tomcat/connectors/trunk/procrun/bin/ia64/
tomcat/connectors/trunk/procrun/bin/ia64/tomcat5.exe   (with props)
tomcat/connectors/trunk/procrun/bin/ia64/tomcat5w.exe   (with props)
Removed:
tomcat/connectors/trunk/procrun/bin/tomcat5.exe.amd64
tomcat/connectors/trunk/procrun/bin/tomcat5w.exe.amd64
Modified:
tomcat/connectors/trunk/procrun/bin/tomcat5.exe
tomcat/connectors/trunk/procrun/bin/tomcat5w.exe

Added: tomcat/connectors/trunk/procrun/bin/amd64/tomcat5.exe
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/procrun/bin/amd64/tomcat5.exe?view=auto&rev=518918
==
Binary file - no diff available.

Propchange: tomcat/connectors/trunk/procrun/bin/amd64/tomcat5.exe
--
svn:mime-type = application/octet-stream

Added: tomcat/connectors/trunk/procrun/bin/amd64/tomcat5w.exe
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/procrun/bin/amd64/tomcat5w.exe?view=auto&rev=518918
==
Binary file - no diff available.

Propchange: tomcat/connectors/trunk/procrun/bin/amd64/tomcat5w.exe
--
svn:mime-type = application/octet-stream

Added: tomcat/connectors/trunk/procrun/bin/ia64/tomcat5.exe
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/procrun/bin/ia64/tomcat5.exe?view=auto&rev=518918
==
Binary file - no diff available.

Propchange: tomcat/connectors/trunk/procrun/bin/ia64/tomcat5.exe
--
svn:mime-type = application/octet-stream

Added: tomcat/connectors/trunk/procrun/bin/ia64/tomcat5w.exe
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/procrun/bin/ia64/tomcat5w.exe?view=auto&rev=518918
==
Binary file - no diff available.

Propchange: tomcat/connectors/trunk/procrun/bin/ia64/tomcat5w.exe
--
svn:mime-type = application/octet-stream

Modified: tomcat/connectors/trunk/procrun/bin/tomcat5.exe
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/procrun/bin/tomcat5.exe?view=diff&rev=518918&r1=518917&r2=518918
==
Binary files - no diff available.

Modified: tomcat/connectors/trunk/procrun/bin/tomcat5w.exe
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/procrun/bin/tomcat5w.exe?view=diff&rev=518918&r1=518917&r2=518918
==
Binary files - no diff available.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r518920 - in /tomcat/tc6.0.x/trunk/res/procrun: amd64/ amd64/tomcat6.exe amd64/tomcat6w.exe ia64/ ia64/tomcat6.exe ia64/tomcat6w.exe tomcat6.exe tomcat6w.exe

[mturk]

Author: mturk
Date: Fri Mar 16 03:22:17 2007
New Revision: 518920

URL: http://svn.apache.org/viewvc?view=rev&rev=518920
Log:
Update latest binaries and add targets for amd64 and ia64 cpus.

Added:
tomcat/tc6.0.x/trunk/res/procrun/amd64/
tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6.exe   (with props)
tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6w.exe   (with props)
tomcat/tc6.0.x/trunk/res/procrun/ia64/
tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6.exe   (with props)
tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6w.exe   (with props)
Modified:
tomcat/tc6.0.x/trunk/res/procrun/tomcat6.exe
tomcat/tc6.0.x/trunk/res/procrun/tomcat6w.exe

Added: tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6.exe
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6.exe?view=auto&rev=518920
==
Binary file - no diff available.

Propchange: tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6.exe
--
svn:mime-type = application/octet-stream

Added: tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6w.exe
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6w.exe?view=auto&rev=518920
==
Binary file - no diff available.

Propchange: tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6w.exe
--
svn:mime-type = application/octet-stream

Added: tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6.exe
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6.exe?view=auto&rev=518920
==
Binary file - no diff available.

Propchange: tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6.exe
--
svn:mime-type = application/octet-stream

Added: tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6w.exe
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6w.exe?view=auto&rev=518920
==
Binary file - no diff available.

Propchange: tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6w.exe
--
svn:mime-type = application/octet-stream

Modified: tomcat/tc6.0.x/trunk/res/procrun/tomcat6.exe
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/tomcat6.exe?view=diff&rev=518920&r1=518919&r2=518920
==
Binary files - no diff available.

Modified: tomcat/tc6.0.x/trunk/res/procrun/tomcat6w.exe
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/tomcat6w.exe?view=diff&rev=518920&r1=518919&r2=518920
==
Binary files - no diff available.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41861] New: - Tomcat Windows installer behaves unexpectedly

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41861

   Summary: Tomcat Windows installer behaves unexpectedly
   Product: Tomcat 6
   Version: unspecified
  Platform: PC
OS/Version: Windows 2000
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


Assume Tomcat 5.5 running on Windows.
Installation done using the Windows installer.
tomcat5w.exe is used to start/stop the service.

Tried to update to 6.0 using Windows installer, again.

The installer fails to see
-   Tomcat is running
-   version 5.5 is still installed.

The installer comes up with a message: Apache Tomcat Setup failed to install
Tomcat6 service. Check your settings and permissions. Ignore and continue anyway
(not recommended)?

This message is not clear.
What action are we to take? Should we continue even though it is not 
recommended?

When continuation is chosen, everything runs to completion where the option “Run
Apache Tomcat” is presented. When this option is taken, the result is:
Application System Error.
The requested service is not available. Unable to open the service ‘Tomcat6’.

It does not help simply to stop the running Tomcat 5.5
One must *uninstall* Tomcat 5.5 (in order to remove the Windows service).

Repeating the installation then succeeds.
The installer, however, should be able to handle this in an "integrated" way.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r518931 - /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

[mturk]

Author: mturk
Date: Fri Mar 16 03:36:14 2007
New Revision: 518931

URL: http://svn.apache.org/viewvc?view=rev&rev=518931
Log:
Update changelog with recent commits.

Modified:
tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=518931&r1=518930&r2=518931
==
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar 16 
03:36:14 2007
@@ -26,6 +26,18 @@
   
   
 
+  
+IIS. Do not forbid access to web-inf or meta-inf if there is
+no mapped worker. This allows to have resource with those names
+that are outside mapped contexts. (mturk)
+  
+  
+Apache. Use process id for creating shared memory name and delete 
shared
+memory and shared memory lock files on exit. (mturk)
+  
+  
+IIS. Fix Keep-Alive regression introduced in 1.2.21. (mturk)
+  
   
   Delete unused check for empty init_map during startup. (rjung)
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41828] - mod_jk file locking (flock) causes kernel panic

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41828


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||FIXED




--- Additional Comments From [EMAIL PROTECTED]  2007-03-16 03:41 ---
Fixed in the SVN.

This is obviously kernel bug, so if it happens that you have such a kernel
you can compile the mod_jk by adding -DJK_SHM_LOCK_REOPEN to CFLAGS.

This will cause the lock file to be reopened inside each child instead
inherited. The bd thing is that it creates lock file with -rw-rw-rw permission,
and that might rise security concerns.

I would suggest that anyone affected patch the kernel.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41855] - Connection leaks problem when browser gets closed while loading a time consuming html page

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41855


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-03-16 07:28 ---
This is a problem with your application, if requests take 10 minutes to complete
redesign your app to dispatch into your own thread pool. There are thousands of
applications that already have solved this problem. Put your thinking cap on,
and maybe you will too.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41864] New: - Wrong link on default home page

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41864

   Summary: Wrong link on default home page
   Product: Tomcat 6
   Version: unspecified
  Platform: Other
OS/Version: other
Status: NEW
  Severity: trivial
  Priority: P2
 Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


There are two copies of default home page (index.html and index.jsp). They
differ. The html version does not contain version number. And they both contain
wrong link to documentation (link in the page body is wrong, link in left column
is correct). Link is /tomcat-docs while documentation is installed with /docs
prefix.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat 6 embedded supported?

[jgenender]

Hi,

Will Tomcat 6 offer an embedded version as was similarly offered in 5.5?

Thanks,

Jeff
-- 
View this message in context: 
http://www.nabble.com/Tomcat-6-embedded-supported--tf3414963.html#a9516108
Sent from the Tomcat - Dev mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r519009 - /tomcat/connectors/branches/tc4.1.x/

[fhanik]

Author: fhanik
Date: Fri Mar 16 08:31:02 2007
New Revision: 519009

URL: http://svn.apache.org/viewvc?view=rev&rev=519009
Log:
Creating a 4.1.x branch for connectors, we have 4.1.x branches for the other 
trees, so this will make life easier to work with the 4.1 stuff

Added:
tomcat/connectors/branches/tc4.1.x/
  - copied from r437491, tomcat/connectors/trunk/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41855] - Connection leaks problem when browser gets closed while loading a time consuming html page

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41855





--- Additional Comments From [EMAIL PROTECTED]  2007-03-16 09:11 ---
(please excuse the previous inappropriate insult; the privileged majesties of
the kingdom are, unlike the rest of us, under a lot of stress and pressure, and
lack time to compose and post better insults).

All that to say, your servlet must do 2 things: perform the main work and
monitor the connection. This is not the responsibility of the container.
Actually the container cannot figure out (not without NIO* at least) that the
servlet/socket output was abandoned/closed without attempting to write to it,
which would corrupt the response stream content.

If your response content can support comment-like data, for example for html
comment, or some #ping text, or whatever appropriate to the ongoing protocol,
than your servlet could write periodically such comment to check the client
connection viability. But such background test, while the main task is still
running, requires another thread unless you main task is asynchronous. Depending
in the security manager in place, you might not have the right to spawn threads
in the servlet container.

*NIO: the servletoutputstream isn't a selectable channel, tomcat container would
have to perform such monitoring and expose the socket output state in the
servlet api, which isn't about to happen soon...


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r519036 - in /tomcat/connectors/branches/tc4.1.x: coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java util/java/org/apache/tomcat/util/buf/UDecoder.java

[fhanik]

Author: fhanik
Date: Fri Mar 16 09:15:45 2007
New Revision: 519036

URL: http://svn.apache.org/viewvc?view=rev&rev=519036
Log:
Add some options for handling URL chars, backport from TC 6.0.x


Modified:

tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java

tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java

Modified: 
tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java?view=diff&rev=519036&r1=519035&r2=519036
==
--- 
tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
 (original)
+++ 
tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
 Fri Mar 16 09:15:45 2007
@@ -50,7 +50,8 @@
 final class CoyoteAdapter
 implements Adapter {
 
-
+protected static final boolean ALLOW_BACKSLASH = 
+
Boolean.valueOf(System.getProperty("org.apache.coyote.tomcat4.CoyoteAdapter.ALLOW_BACKSLASH",
 "false")).booleanValue();
 // -- Constants
 
 
@@ -439,8 +440,12 @@
 return "/";
 
 // Normalize the slashes and add leading slash if necessary
-if (normalized.indexOf('\\') >= 0)
-normalized = normalized.replace('\\', '/');
+if (normalized.indexOf('\\') >= 0) {
+if ( ALLOW_BACKSLASH )
+normalized = normalized.replace('\\', '/');
+else 
+return null;
+}
 if (!normalized.startsWith("/"))
 normalized = "/" + normalized;
 
@@ -563,8 +568,12 @@
 // Replace '\' with '/'
 // Check for null byte
 for (pos = start; pos < end; pos++) {
-if (b[pos] == (byte) '\\')
-b[pos] = (byte) '/';
+if (b[pos] == (byte) '\\') {
+if (ALLOW_BACKSLASH)
+b[pos] = (byte) '/';
+else 
+return false;
+}
 if (b[pos] == (byte) 0)
 return false;
 }

Modified: 
tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java?view=diff&rev=519036&r1=519035&r2=519036
==
--- 
tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
 (original)
+++ 
tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
 Fri Mar 16 09:15:45 2007
@@ -28,7 +28,9 @@
  *  @author Costin Manolache
  */
 public final class UDecoder {
-
+protected static final boolean ALLOW_ENCODED_SLASH = 
+
Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH",
 "false")).booleanValue();
+
 private static org.apache.commons.logging.Log log=
 org.apache.commons.logging.LogFactory.getLog(UDecoder.class );
 
@@ -65,6 +67,8 @@
// idx will be the smallest positive inxes ( first % or + )
if( idx2 >= 0 && idx2 < idx ) idx=idx2;
if( idx < 0 ) idx=idx2;
+
+boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
 
for( int j=idx; j= 0 && idx2 < idx ) idx=idx2; 
if( idx < 0 ) idx=idx2;
+
+boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
 
for( int j=idx; j

svn commit: r519053 - /tomcat/connectors/branches/tc5.0.x/util/java/org/apache/tomcat/util/buf/UDecoder.java

[fhanik]

Author: fhanik
Date: Fri Mar 16 09:37:37 2007
New Revision: 519053

URL: http://svn.apache.org/viewvc?view=rev&rev=519053
Log:
Add some options for handling URL chars, backport from TC 6.0.x

Modified:

tomcat/connectors/branches/tc5.0.x/util/java/org/apache/tomcat/util/buf/UDecoder.java

Modified: 
tomcat/connectors/branches/tc5.0.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/tc5.0.x/util/java/org/apache/tomcat/util/buf/UDecoder.java?view=diff&rev=519053&r1=519052&r2=519053
==
--- 
tomcat/connectors/branches/tc5.0.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
 (original)
+++ 
tomcat/connectors/branches/tc5.0.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
 Fri Mar 16 09:37:37 2007
@@ -28,6 +28,8 @@
  *  @author Costin Manolache
  */
 public final class UDecoder {
+protected static final boolean ALLOW_ENCODED_SLASH = 
+
Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH",
 "false")).booleanValue();
 
 public UDecoder() 
 {
@@ -62,6 +64,8 @@
// idx will be the smallest positive inxes ( first % or + )
if( idx2 >= 0 && idx2 < idx ) idx=idx2;
if( idx < 0 ) idx=idx2;
+
+boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
 
for( int j=idx; j= 0 && idx2 < idx ) idx=idx2; 
if( idx < 0 ) idx=idx2;
 
-   for( int j=idx; j

svn commit: r519054 - /tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java

[fhanik]

Author: fhanik
Date: Fri Mar 16 09:37:49 2007
New Revision: 519054

URL: http://svn.apache.org/viewvc?view=rev&rev=519054
Log:
Add some options for handling URL chars, backport from TC 6.0.x

Modified:

tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java

Modified: 
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java?view=diff&rev=519054&r1=519053&r2=519054
==
--- 
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java
 (original)
+++ 
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java
 Fri Mar 16 09:37:49 2007
@@ -53,6 +53,9 @@
 implements Adapter 
  {
 private static Log log = LogFactory.getLog(CoyoteAdapter.class);
+
+protected static final boolean ALLOW_BACKSLASH = 
+
Boolean.valueOf(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH",
 "false")).booleanValue();
 
 // -- Constants
 
@@ -232,7 +235,7 @@
 req.getURLDecoder().convert(decodedURI, false);
 } catch (IOException ioe) {
 res.setStatus(400);
-res.setMessage("Invalid URI");
+res.setMessage("Invalid URI: "+ioe.getMessage());
 throw ioe;
 }
 // Normalization
@@ -473,8 +476,14 @@
 // Replace '\' with '/'
 // Check for null byte
 for (pos = start; pos < end; pos++) {
-if (b[pos] == (byte) '\\')
-b[pos] = (byte) '/';
+if (b[pos] == (byte) '\\') {
+if (ALLOW_BACKSLASH) {
+b[pos] = (byte) '/';
+} else {
+return false;
+}
+   }
+
 if (b[pos] == (byte) 0)
 return false;
 }



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41538] - Unable to run Tomcat as a Windows service under JDK 1.6

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41538





--- Additional Comments From [EMAIL PROTECTED]  2007-03-16 09:38 ---
Hi,

In my case I had uninstalled JDK 1.5 and installed JDK 1.6

For me the Tomcat service would not start even after copying the msvcr71.dll in
the system folder and checking JAVA_HOME and PATH variable.

For me the solution was to change tomcat properties (Start->Programs->Apache
Tomcat->Configure Tomcat

And point the JVM and Classpath to the new JDK folders.

Hope this helps.

Marco Wayop




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41855] - Connection leaks problem when browser gets closed while loading a time consuming html page

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41855





--- Additional Comments From [EMAIL PROTECTED]  2007-03-16 09:57 ---
ok, I ran off to the king and asked him for some time, he devoted two whole
seconds and said:

"oh, for heavens sake, just use google." 

This has nothing to do with NIO, just spawn of a thread to do the job, then send
a response with a refresh header, the browser will open a new connection/request
to check if the result is complete, if it isn't send another refresh header, if
it is, send the results. you don't need to execute the 10min task on the servlet
worker thread.

look for long running
http://simple.souther.us/not-so-simple.html

Also, the another dude on the throne decided to throw in another tip
"Turn off keep alives otherwise you are still hogging the worker thread during
your refresh period"

now for more support, this is not the place, The Tomcat User List is filled with
brilliant and nice people willing help.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 37668] - antiResourceLocking stops JSP reloading

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37668





--- Additional Comments From [EMAIL PROTECTED]  2007-03-16 11:43 ---
Is there any workaround? Thanks

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41868] New: - Not able to start the Tomcat 6.0.10 in WinXP as a Service with JRE 1.6.0

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41868

   Summary: Not able to start the Tomcat 6.0.10 in WinXP as a
Service with JRE 1.6.0
   Product: Tomcat 6
   Version: unspecified
  Platform: Other
OS/Version: Windows XP
Status: NEW
  Keywords: APIBug
  Severity: major
  Priority: P2
 Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


My System:

- Fresh installed WinXP-Pro SP2
- JDK 1.6.0 with JRE 1.6.0 under %program files%/Java/...
- Tomcat 6.0.10 windows installer .exe

I manually set the JAVA_HOME Path to the JRE

I've installed the Tomcat with option "service startup". The JRE was found by
the installer. After that i tried to start the Tomcat, but it hang. In the logs
this happen:

[2007-03-16 19:47:15] [info] Running Service...
[2007-03-16 19:47:15] [info] Starting service...
[2007-03-16 19:47:15] [174  javajni.c] [error] Das angegebene Modul wurde nicht
gefunden.
[2007-03-16 19:47:15] [947  prunsrv.c] [error] Failed creating java
C:\Programme\Java\jre1.6.0\bin\client\jvm.dll
[2007-03-16 19:47:15] [1202 prunsrv.c] [error] ServiceStart returned 1
[2007-03-16 19:47:15] [info] Run service finished.
[2007-03-16 19:47:15] [info] Procrun finished.

With Sysinternal Tool FileMon i found, that the file msvcr71.dll located in the
java/jre1.6.0/bin directory have to be copied to the java/jre1.6.0/bin/client
directory. And the Tomcat starts immediately.

Hope u fix it...

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r519111 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/Http11NioProtocol.java java/org/apache/tomcat/util/net/NioEndpoint.java webapps/docs/config/http.xml

[fhanik]

Author: fhanik
Date: Fri Mar 16 12:48:21 2007
New Revision: 519111

URL: http://svn.apache.org/viewvc?view=rev&rev=519111
Log:
Being able to balance thread priorities for all kinds of threads

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?view=diff&rev=519111&r1=519110&r2=519111
==
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java 
Fri Mar 16 12:48:21 2007
@@ -274,11 +274,30 @@
   ep.setThreadPriority(threadPriority);
   setAttribute("threadPriority", "" + threadPriority);
 }
+
+public void setAcceptorThreadPriority(int threadPriority) {
+  ep.setAcceptorThreadPriority(threadPriority);
+  setAttribute("acceptorThreadPriority", "" + threadPriority);
+}
+
+public void setPollerThreadPriority(int threadPriority) {
+  ep.setPollerThreadPriority(threadPriority);
+  setAttribute("pollerThreadPriority", "" + threadPriority);
+}
 
 public int getThreadPriority() {
   return ep.getThreadPriority();
 }
 
+public int getAcceptorThreadPriority() {
+  return ep.getAcceptorThreadPriority();
+}
+
+public int getPollerThreadPriority() {
+  return ep.getThreadPriority();
+}
+
+
 //  Tcp setup 
 
 public int getBacklog() {

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?view=diff&rev=519111&r1=519110&r2=519111
==
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Fri 
Mar 16 12:48:21 2007
@@ -103,6 +103,7 @@
 public static final String SESSION_ID_KEY = 
"javax.servlet.request.ssl_session";
 
 public static final int OP_REGISTER = -1; //register interest op
+
 // - Fields
 
 
@@ -318,12 +319,25 @@
 
 
 /**
- * Priority of the acceptor and poller threads.
+ * Priority of the worker threads.
  */
 protected int threadPriority = Thread.NORM_PRIORITY;
 public void setThreadPriority(int threadPriority) { this.threadPriority = 
threadPriority; }
 public int getThreadPriority() { return threadPriority; }
 
+/**
+ * Priority of the acceptor threads.
+ */
+protected int acceptorThreadPriority = Thread.NORM_PRIORITY;
+public void setAcceptorThreadPriority(int acceptorThreadPriority) { 
this.acceptorThreadPriority = acceptorThreadPriority; }
+public int getAcceptorThreadPriority() { return acceptorThreadPriority; }
+
+/**
+ * Priority of the poller threads.
+ */
+protected int pollerThreadPriority = Thread.NORM_PRIORITY;
+public void setPollerThreadPriority(int pollerThreadPriority) { 
this.pollerThreadPriority = pollerThreadPriority; }
+public int getPollerThreadPriority() { return pollerThreadPriority; }
 
 /**
  * Server socket port.

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?view=diff&rev=519111&r1=519110&r2=519111
==
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Fri Mar 16 12:48:21 2007
@@ -412,6 +412,21 @@
 The number of threads to be used to run for the polling events. 
Default value is 1.
Can't see a reason to go above that. But experiment and find your 
own results.
   
+  
+The priority of the poller threads.
+  The default value is java.lang.Thread#NORM_PRIORITY.
+  See the JavaDoc for the java.lang.Thread class for more details on
+  what this priority means.
+
+  
+  
+The priority of the acceptor threads. The threads used to accept 
new connections.
+  The default value is java.lang.Thread#NORM_PRIORITY.
+  See the JavaDoc for the java.lang.Thread class for more details on
+  what this priority means.
+
+  
+  
   
 The time in milliseconds to timeout on a select() for the poller.
This value is important, since connection clean up is done on the 
same thread, so 

DO NOT REPLY [Bug 41869] New: - Should EL (Expression Language) expressions result in the TagData.REQUEST_TIME_VALUE object?

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41869

   Summary: Should EL (Expression Language) expressions result in
the TagData.REQUEST_TIME_VALUE object?
   Product: Tomcat 5
   Version: 5.5.20
  Platform: PC
OS/Version: Windows XP
Status: NEW
  Severity: normal
  Priority: P2
 Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


I have a custom tag with attributes defined in the TLD file as allowing run-
time expression values, meaning:

  true


I also have a TagExtraInfo class that I am using to validate the values 
provided.

Inside my TagExtraInfo sub-class I have code such as this:

   Object attr = data.getAttribute("groupSize");
 
   if ( attr != null &&
!attr.equals(TagData.REQUEST_TIME_VALUE)
   {
 
and so on.   When, in my JSP, I provide attribute values such as "<%= 10 * 14 
%" (JSP scriplet) I do indeed get the TagData.REQUEST_TIME_VALUE object back 
on this call.

However, when I instead have an EL value, something like "${groupSizeValue}", 
I do not received the REQUEST_TIME_VALUE distinguished object back.  I receive 
a String object, containing the text "${groupSizeValue}".  Is this the correct 
behavior?  Everything I have read (books, Google searches, etc.) seems to 
point me in the thinking that this is a bug.


>From looking at the tomcat 5.5.20 and 5.5.23 source code, I see where the 
JspAttribute (nested class of Node) is created.  In the Validator class, line 
1117, is the creation for this object passing the constant "false" for 
the "expr" argument (5th argument to the 1st ctor of this class).  I believe 
it is line 1117 that would be getting executed since the if statement 
preceding this is:

   if (el.containsEL() && !pageInfo.isELIgnored()) {
 
 
So, my question is, why would an EL expression when EL is not being ignored be 
considered not an expression?

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r519115 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

[fhanik]

Author: fhanik
Date: Fri Mar 16 12:56:05 2007
New Revision: 519115

URL: http://svn.apache.org/viewvc?view=rev&rev=519115
Log:
minor tweaks

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?view=diff&rev=519115&r1=519114&r2=519115
==
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Fri 
Mar 16 12:56:05 2007
@@ -712,7 +712,7 @@
 executor = new ThreadPoolExecutor(getMinSpareThreads(), 
getMaxThreads(), 60, TimeUnit.SECONDS,taskqueue, tf);
 taskqueue.setParent( (ThreadPoolExecutor) executor);
 }
-} else {
+} else if ( executor != null ) {//avoid two thread pools being 
created
 workers = new WorkerStack(maxThreads);
 }
 
@@ -1898,7 +1898,7 @@
 }
 
 public boolean offer(Runnable o) {
-if ( parent != null && 
parent.getPoolSize()

svn commit: r519168 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

[fhanik]

Author: fhanik
Date: Fri Mar 16 15:38:19 2007
New Revision: 519168

URL: http://svn.apache.org/viewvc?view=rev&rev=519168
Log:
fixed minor bug introduced recently

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?view=diff&rev=519168&r1=519167&r2=519168
==
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Fri 
Mar 16 15:38:19 2007
@@ -1145,11 +1145,11 @@
 }
 } else {
 final SelectionKey key = 
socket.getIOChannel().keyFor(socket.getPoller().getSelector());
-final KeyAttachment att = (KeyAttachment) key.attachment();
-//we are registering the key to start with, reset the fairness 
counter.
-att.setFairness(0);
 try {
 if (key != null) {
+final KeyAttachment att = (KeyAttachment) 
key.attachment();
+//we are registering the key to start with, reset the 
fairness counter.
+att.setFairness(0);
 key.interestOps(interestOps);
 att.interestOps(interestOps);
 }



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r519177 - /tomcat/connectors/branches/tc4.1.x/

[markt]

Author: markt
Date: Fri Mar 16 16:18:28 2007
New Revision: 519177

URL: http://svn.apache.org/viewvc?view=rev&rev=519177
Log:
Remove tc4.1.x branch for connectors as it uses trunk

Removed:
tomcat/connectors/branches/tc4.1.x/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r519197 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html docs/security.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml xdocs/secu

[markt]

Author: markt
Date: Fri Mar 16 18:07:15 2007
New Revision: 519197

URL: http://svn.apache.org/viewvc?view=rev&rev=519197
Log:
Add CVE-2007-0450 to security pages.

Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=519197&r1=519196&r2=519197
==
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 16 18:07:15 2007
@@ -211,6 +211,61 @@
 
 
 
+
+Fixed in Apache Tomcat 4.1.35
+
+
+
+
+
+
+
+
+
+important: Directory traversal
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450";>
+   CVE-2007-0450
+
+
+Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+   containing strings like "/\../" allow attackers to break out of the 
given
+   context. Additionally, when using Tomcat behind a proxy configured to
+   only proxy some contexts this permits access to non-proxied contexts.
+   When used behind a proxy it is recommended that Tomcat is secured as if
+   the proxy were not present.
+
+The following Java startup options have been added to Tomcat to provide
+   additional control of the handling of '\' and '%5c' in URLs:
+   
+ 
+
+   -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ 
+
+ 
+
+   
-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ 
+
+   
+   These options default to false.
+
+
+Affects: 4.0.0-4.0.6, 4.1.0-4.1.34
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 Fixed in Apache Tomcat 4.1.32
 

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=519197&r1=519196&r2=519197
==
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Mar 16 18:07:15 2007
@@ -211,6 +211,61 @@
 
 
 
+
+Fixed in Apache Tomcat 5.5.22, 5.0.HEAD
+
+
+
+
+
+
+
+
+
+important: Directory traversal
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450";>
+   CVE-2007-0450
+
+
+Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+   containing strings like "/\../" allow attackers to break out of the 
given
+   context. Additionally, when using Tomcat behind a proxy configured to
+   only proxy some contexts this permits access to non-proxied contexts.
+   When used behind a proxy it is recommended that Tomcat is secured as if
+   the proxy were not present.
+
+The following Java startup options have been added to Tomcat to provide
+   additional control of the handling of '\' and '%5c' in URLs:
+   
+ 
+
+   -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ 
+
+ 
+
+   
-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ 
+
+   
+   These options default to false.
+
+
+Affects: 5.5.0-5.5.21, 5.0.0-5.0.30
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 Fixed in Apache Tomcat 5.5.13, 5.0.HEAD
 

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=519197&r1=519196&r2=519197
==
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Mar 16 18:07:15 2007
@@ -211,8 +211,8 @@
 
 
 
-
-Fixed in Apache Tomcat 6.?.?
+
+Fixed in Apache Tomcat 6.0.10
 
 
 
@@ -221,7 +221,37 @@
 
 
 
+
+important: Directory traversal
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450";>
+   CVE-2007-0450
+
 
+Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+   containing strings like "/\../" allow attackers to break out of the 
given
+   context. Additionally, when using Tomcat behind a proxy configured to
+   only proxy some contexts this permits access to non-proxied contexts.
+   When used behind a proxy it is recommended that Tomcat is secured as if
+   the proxy were not present.
+
+The following Java startup options have been added to Tomcat to provide
+   additional control of the handling of '\' and '%5c' in URLs:
+   
+ 
+
+   -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ 
+
+ 
+
+   
-Dorg.apache.catalina.connector.

svn commit: r519205 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml

[markt]

Author: markt
Date: Fri Mar 16 18:43:09 2007
New Revision: 519205

URL: http://svn.apache.org/viewvc?view=rev&rev=519205
Log:
Add CVE-2005-2090 to security pages.

Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=519205&r1=519204&r2=519205
==
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 16 18:43:09 2007
@@ -211,8 +211,8 @@
 
 
 
-
-Fixed in Apache Tomcat 4.1.35
+
+Fixed in Apache Tomcat 4.1.HEAD
 
 
 
@@ -221,6 +221,25 @@
 
 
 
+
+important: Information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090";>
+   CVE-2005-2090
+
+
+Requests with multiple content-length headers should be rejected as
+   invalid. When multiple components (firewalls, caches, proxies and 
Tomcat)
+   process a sequence of requests where one or more requests contain
+   multiple content-length headers and several components accept do not
+   reject the request and make different decisions as to which
+   content-length leader to use an attacker can poision a web-cache, 
perform
+   an XSS attack and obtain senstive information from requests other then
+   their own. Tomcat now returns 400 for requests with multiple
+   content-length headers.
+   
+
+Affects: 4.0.0-4.0.6, 4.1.0-4.1.34
+
 
 important: Directory traversal
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450";>

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=519205&r1=519204&r2=519205
==
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Mar 16 18:43:09 2007
@@ -211,6 +211,48 @@
 
 
 
+
+Fixed in Apache Tomcat 5.5.23
+
+
+
+
+
+
+
+
+
+important: Information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090";>
+   CVE-2005-2090
+
+
+Requests with multiple content-length headers should be rejected as
+   invalid. When multiple components (firewalls, caches, proxies and 
Tomcat)
+   process a sequence of requests where one or more requests contain
+   multiple content-length headers and several components accept do not
+   reject the request and make different decisions as to which
+   content-length leader to use an attacker can poision a web-cache, 
perform
+   an XSS attack and obtain senstive information from requests other then
+   their own. Tomcat now returns 400 for requests with multiple
+   content-length headers.
+   
+
+Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.22
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 Fixed in Apache Tomcat 5.5.22, 5.0.HEAD
 

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=519205&r1=519204&r2=519205
==
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Mar 16 18:43:09 2007
@@ -211,6 +211,48 @@
 
 
 
+
+Fixed in Apache Tomcat 6.0.HEAD
+
+
+
+
+
+
+
+
+
+important: Information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090";>
+   CVE-2005-2090
+
+
+Requests with multiple content-length headers should be rejected as
+   invalid. When multiple components (firewalls, caches, proxies and 
Tomcat)
+   process a sequence of requests where one or more requests contain
+   multiple content-length headers and several components accept do not
+   reject the request and make different decisions as to which
+   content-length leader to use an attacker can poision a web-cache, 
perform
+   an XSS attack and obtain senstive information from requests other then
+   their own. Tomcat now returns 400 for requests with multiple
+   content-length headers.
+   
+
+Affects: 6.0.0-6.0.10
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 Fixed in Apache Tomcat 6.0.10
 

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=519205&r1=519204&r2=519205
==
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 16 18:43:09 2007
@@ -24,7 +24,24 @@
 
   
 
-  
+  
+important: Information disclosure
+   http://cve.mitre.o

svn commit: r519208 - /tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt

[markt]

Author: markt
Date: Fri Mar 16 18:45:15 2007
New Revision: 519208

URL: http://svn.apache.org/viewvc?view=rev&rev=519208
Log:
Update change log.

Modified:
tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt

Modified: tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
URL: 
http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt?view=diff&rev=519208&r1=519207&r2=519208
==
--- tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt (original)
+++ tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Fri Mar 16 18:45:15 
2007
@@ -1925,6 +1925,9 @@
  Return 400 (bad request) if a request contains multiple content-length
  headers.
 
+[4.1.35] CoyoteConnector
+ No longer accept '\' and '%5c' as path delimiters by default.
+
 
 
 Jasper Bug Fixes:



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r519210 - /tomcat/container/branches/tc4.1.x/build.properties.default

[markt]

Author: markt
Date: Fri Mar 16 18:49:54 2007
New Revision: 519210

URL: http://svn.apache.org/viewvc?view=rev&rev=519210
Log:
Update to latest version

Modified:
tomcat/container/branches/tc4.1.x/build.properties.default

Modified: tomcat/container/branches/tc4.1.x/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/build.properties.default?view=diff&rev=519210&r1=519209&r2=519210
==
--- tomcat/container/branches/tc4.1.x/build.properties.default (original)
+++ tomcat/container/branches/tc4.1.x/build.properties.default Fri Mar 16 
18:49:54 2007
@@ -223,8 +223,8 @@
 
 # - NSIS, version 2.14 or later -
 nsis.home=C:/Program Files/nsis
-nsis.loc=${base-sourceforge.loc}/nsis/nsis-2.23-setup.exe?download
-nsis.install.exe=${nsis.home}/nsis-223.exe
+nsis.loc=${base-sourceforge.loc}/nsis/nsis-2.24-setup.exe?download
+nsis.install.exe=${nsis.home}/nsis-224.exe
 
 
 # - PureTLS Extension, version 0.9 or later -



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]