svn commit: r520309 - /tomcat/connectors/trunk/jk/xdocs/reference/apache.xml

[jfclere]

Author: jfclere
Date: Tue Mar 20 01:10:39 2007
New Revision: 520309

URL: http://svn.apache.org/viewvc?view=rev&rev=520309
Log:
Typo.

Modified:
tomcat/connectors/trunk/jk/xdocs/reference/apache.xml

Modified: tomcat/connectors/trunk/jk/xdocs/reference/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/reference/apache.xml?view=diff&rev=520309&r1=520308&r2=520309
==
--- tomcat/connectors/trunk/jk/xdocs/reference/apache.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/reference/apache.xml Tue Mar 20 01:10:39 
2007
@@ -193,7 +193,6 @@
 
 The default value is "SSL_CLIENT_CERT_CHAIN_".
 
-
 
 Name of the Apache environment variable that contains SSL session.
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED]: Project jakarta-tomcat (in module jakarta-tomcat) failed

[Jean-Frederic]

On Mon, 2007-03-19 at 19:55 -0700, Stefan Bodewig wrote:
> To whom it may engage...

Fixed thanks

Cheers

Jean-Frederic

> 
> This is an automated request, but not an unsolicited one. For 
> more information please visit http://gump.apache.org/nagged.html, 
> and/or contact the folk at [EMAIL PROTECTED]
> 
> Project jakarta-tomcat has an issue affecting its community integration.
> This issue affects 9 projects.
> The current state of this project is 'Failed', with reason 'Build Failed'.
> For reference only, the following projects are affected by this:
> - commons-jelly-tags-ojb :  Commons Jelly
> - db-ojb-from-packages-1-0-release :  ObjectRelationalBridge
> - db-torque :  Persistence Layer
> - fulcrum-cache :  Services Framework
> - jakarta-slide :  Content Management System based on WebDAV technology
> - jakarta-tomcat :  Servlet 2.2 and JSP 1.1 Reference Implementation
> - jakarta-tomcat-coyote-tomcat3 :  Connectors to various web servers
> - jakarta-turbine-jcs :  Cache
> - test-ojb-from-packages-1-0-release :  ObjectRelationalBridge
> 
> 
> Full details are available at:
> 
> http://vmgump.apache.org/gump/public/jakarta-tomcat/jakarta-tomcat/index.html
> 
> That said, some information snippets are provided here.
> 
> The following annotations (debug/informational/warning/error messages) were 
> provided:
>  -DEBUG- Output [tomcat-util.jar] identifier set to output basename: 
> [tomcat-util]
>  -DEBUG- Output [tomcat_core.jar] identifier set to output basename: 
> [tomcat_core]
>  -DEBUG- Output [tomcat_modules.jar] identifier set to output basename: 
> [tomcat_modules]
>  -DEBUG- Output [facade22.jar] identifier set to output basename: [facade22]
>  -DEBUG- Output [core_util.jar] identifier set to output basename: [core_util]
>  -DEBUG- Output [jasper.jar] identifier set to output basename: [jasper]
>  -DEBUG- Output [container_util.jar] identifier set to output basename: 
> [container_util]
>  -DEBUG- Output [tomcat.jar] identifier set to output basename: [tomcat]
>  -DEBUG- Dependency on jakarta-servletapi exists, no need to add for property 
> servlet22.jar.
>  -DEBUG- Dependency on jmx exists, no need to add for property jmxtools.jar.
>  -DEBUG- Dependency on ant exists, no need to add for property ant.home.
>  -DEBUG- Dependency on jsse exists, no need to add for property jsse.home.
>  -INFO- Failed with reason build failed
>  -DEBUG- Extracted fallback artifacts from Gump Repository
> 
> 
> 
> The following work was performed:
> http://vmgump.apache.org/gump/public/jakarta-tomcat/jakarta-tomcat/gump_work/build_jakarta-tomcat_jakarta-tomcat.html
> Work Name: build_jakarta-tomcat_jakarta-tomcat (Type: Build)
> Work ended in a state of : Failed
> Elapsed: 20 secs
> Command Line: java -Djava.awt.headless=true 
> -Xbootclasspath/p:/usr/local/gump/public/workspace/xml-xerces2/build/xercesImpl.jar:/usr/local/gump/public/workspace/xml-commons/java/external/build/xml-apis.jar:/usr/local/gump/public/workspace/xml-xalan/build/serializer.jar:/usr/local/gump/public/workspace/xml-xalan/build/xalan-unbundled.jar
>  org.apache.tools.ant.Main -Dgump.merge=/x1/gump/public/gump/work/merge.xml 
> -Dbuild.sysclasspath=only 
> -Djakarta-tomcat-connectors=/usr/local/gump/public/workspace/jakarta-tomcat-connectors
>  
> -Djtc.coyote.home=/usr/local/gump/public/workspace/jakarta-tomcat-connectors/coyote
>  -Djaxp.home=/usr/local/gump/packages/jaxp-1_3 
> -Dcommons-modeler.jar=/usr/local/gump/public/workspace/jakarta-commons/modeler/dist/commons-modeler-19032007.jar
>  -Djmxtools.jar=/usr/local/gump/packages/jmx-1_2_1-bin/lib/jmxtools.jar 
> -Djmx.jar=/usr/local/gump/packages/jmx-1_2_1-bin/lib/jmxri.jar 
> -Dtomcat-util.jar=/usr/local/gump/public/workspace/jakarta-tomcat-connectors/util/build/lib/tomcat-util.jar
>  -Dant.home=/usr/local/gump/public/workspace/ant/dist 
> -Dservlet22.jar=/usr/local/gump/public/workspace/jakarta-servletapi/dist/lib/servlet.jar
>  
> -Dcommons-logging.jar=/usr/local/gump/public/workspace/jakarta-commons/logging/target/commons-logging-api-19032007.jar
>  
> -Djtc.http11.home=/usr/local/gump/public/workspace/jakarta-tomcat-connectors/http11/build
>  -Djsse.home=/usr/local/gump/packages/jsse1.0.3 main.lite 
> [Working Directory: /usr/local/gump/public/workspace/jakarta-tomcat]
> CLASSPATH: 
> /opt/jdk1.5/lib/tools.jar:/usr/local/gump/public/workspace/jakarta-tomcat/build/tomcat/classes:/usr/local/gump/public/workspace/xml-commons/java/external/build/xml-apis-ext.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-swing.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-trax.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-junit.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-nodeps.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant.jar:/u

svn commit: r520310 - in /tomcat/connectors/trunk/jk: native/common/jk_mt.h native/configure.in xdocs/miscellaneous/changelog.xml xdocs/webserver_howto/apache.xml

[mturk]

Author: mturk
Date: Tue Mar 20 01:15:49 2007
New Revision: 520310

URL: http://svn.apache.org/viewvc?view=rev&rev=520310
Log:
Add --enable-flock configure param for explicit compilation of flock() for 
shared memory locks

Modified:
tomcat/connectors/trunk/jk/native/common/jk_mt.h
tomcat/connectors/trunk/jk/native/configure.in
tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml

Modified: tomcat/connectors/trunk/jk/native/common/jk_mt.h
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_mt.h?view=diff&rev=520310&r1=520309&r2=520310
==
--- tomcat/connectors/trunk/jk/native/common/jk_mt.h (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_mt.h Tue Mar 20 01:15:49 2007
@@ -96,7 +96,15 @@
 #include 
 #include 
 
+
+#define USE_FLOCK_LK 0
 #if HAVE_FLOCK
+#ifdef JK_USE_FLOCK
+#define USE_FLOCK_LK 1
+#endif
+#endif
+
+#if USE_FLOCK_LK
 #include 
 
 #define JK_ENTER_LOCK(x, rc)\
@@ -111,7 +119,7 @@
   rc = rc == 0 ? JK_TRUE : JK_FALSE; \
 } while (0)
 
-#else
+#else /* !USE_FLOCK_LK */
 
 #define JK_ENTER_LOCK(x, rc)\
 do {\
@@ -136,7 +144,8 @@
   while ((rc = fcntl((x), F_SETLKW, &_fl) < 0) && (errno == EINTR)); \
   rc = rc == 0 ? JK_TRUE : JK_FALSE; \
 } while (0)
-#endif /* HAVE_FLOCK */
+
+#endif /* USE_FLOCK_LK */
 
 #else  /* WIN32 || NETWARE */
 #define JK_ENTER_LOCK(x, rc) rc = JK_TRUE

Modified: tomcat/connectors/trunk/jk/native/configure.in
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/configure.in?view=diff&rev=520310&r1=520309&r2=520310
==
--- tomcat/connectors/trunk/jk/native/configure.in (original)
+++ tomcat/connectors/trunk/jk/native/configure.in Tue Mar 20 01:15:49 2007
@@ -407,6 +407,22 @@
 ])
 AC_SUBST(CFLAGS)
 
+dnl CFLAGS for shared memory lock mode
+dnl it also allows the CFLAGS environment variable.
+CFLAGS="${CFLAGS}"
+AC_ARG_ENABLE(
+prefork,
+[  --enable-flock   Turn on flock for shared locking if present],
+[
+case "${enableval}" in
+y | Y | YES | yes | TRUE | true )
+CFLAGS="${CFLAGS} -DJK_USE_FLOCK"
+AC_MSG_RESULT([...Enabling flock() shared memory locking...])
+;;
+esac
+])
+AC_SUBST(CFLAGS)
+
 dnl the APXSCFLAGS is given by apxs to the C compiler
 dnl the APXSLDFLAGS is given to the linker (for APRVARS).
 dnl APXSLDFLAGS=""

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=520310&r1=520309&r2=520310
==
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Tue Mar 20 
01:15:49 2007
@@ -26,6 +26,13 @@
   
   
 
+  
+Apache. Add --enable-flock configure parameter for explicit
+compilation of faster flock() system calls for OS supporting
+those calls. By default the fcntl system call for locking will
+be used that is a little bit slower but it can work on NFS
+mounted volumes as well. (mturk)
+  
   
 41562: Add Debug logging for read from client in ISAPI 
Redirector.
  Contributed by Tim Whittington. (mturk)

Modified: tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml?view=diff&rev=520310&r1=520309&r2=520310
==
--- tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml Tue Mar 20 
01:15:49 2007
@@ -869,6 +869,14 @@
 If you are sure, that your MPM is not multi-threaded, you can use 
"--enable-prefork"
 to force the removal of the synchronization code (thus increasing performance 
a bit).
 
+  --enable-flock
+  
+In case the Operating system supports flock system call use this flag to 
enable this
+faster locks that are implemented as system call instead emulated by GNU C 
library.
+However those locks does not work on NFS mounted volumes, so you can use
+"--enable-flock" during compile time to force the flocks() calls.
+
+
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520312 - /tomcat/connectors/trunk/jk/native/configure.in

[mturk]

Author: mturk
Date: Tue Mar 20 01:18:30 2007
New Revision: 520312

URL: http://svn.apache.org/viewvc?view=rev&rev=520312
Log:
Oops. Fix copy/paste typo.

Modified:
tomcat/connectors/trunk/jk/native/configure.in

Modified: tomcat/connectors/trunk/jk/native/configure.in
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/configure.in?view=diff&rev=520312&r1=520311&r2=520312
==
--- tomcat/connectors/trunk/jk/native/configure.in (original)
+++ tomcat/connectors/trunk/jk/native/configure.in Tue Mar 20 01:18:30 2007
@@ -411,7 +411,7 @@
 dnl it also allows the CFLAGS environment variable.
 CFLAGS="${CFLAGS}"
 AC_ARG_ENABLE(
-prefork,
+flock,
 [  --enable-flock   Turn on flock for shared locking if present],
 [
 case "${enableval}" in



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520335 - in /tomcat/connectors/trunk/jk/native: apache-1.3/mod_jk.c apache-2.0/mod_jk.c

[mturk]

Author: mturk
Date: Tue Mar 20 01:53:33 2007
New Revision: 520335

URL: http://svn.apache.org/viewvc?view=rev&rev=520335
Log:
Log mod_jk version on initialization as INFO.

Modified:
tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c
tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c

Modified: tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c?view=diff&rev=520335&r1=520334&r2=520335
==
--- tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c (original)
+++ tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c Tue Mar 20 01:53:33 
2007
@@ -2615,6 +2615,9 @@
 #if MODULE_MAGIC_NUMBER >= 19980527
 /* Tell apache we're here */
 ap_add_version_component(JK_EXPOSED_VERSION);
+jk_log(conf->log, JK_LOG_INFO,
+   "mod_jk (%s) initialized",
+   JK_EXPOSED_VERSION);
 #endif
 return;
 }

Modified: tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c?view=diff&rev=520335&r1=520334&r2=520335
==
--- tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c (original)
+++ tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c Tue Mar 20 01:53:33 
2007
@@ -2704,8 +2704,10 @@
 if (ap_mpm_query(AP_MPMQ_MAX_THREADS, &mpm_threads) != APR_SUCCESS)
 mpm_threads = 1;
 }
-jk_log(conf->log, JK_LOG_INFO,
-   "Setting default connection pool max size to %d", mpm_threads);
+if (JK_IS_DEBUG_LEVEL(conf->log))
+jk_log(conf->log, JK_LOG_DEBUG,
+   "Setting default connection pool max size to %d",
+   mpm_threads);
 jk_set_worker_def_cache_size(mpm_threads);
 
 if ((conf->worker_file != NULL) &&
@@ -2734,6 +2736,9 @@
 
 if (wc_open(init_map, &worker_env, conf->log)) {
 ap_add_version_component(pconf, JK_EXPOSED_VERSION);
+jk_log(conf->log, JK_LOG_INFO,
+   "mod_jk (%s) initialized",
+   JK_EXPOSED_VERSION);
 }
 else {
 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520336 - /tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc

[hgomez]

Author: hgomez
Date: Tue Mar 20 01:54:06 2007
New Revision: 520336

URL: http://svn.apache.org/viewvc?view=rev&rev=520336
Log:
Add optmizing compile option

Modified:
tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc

Modified: tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc?view=diff&rev=520336&r1=520335&r2=520336
==
Binary files - no diff available.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520337 - in /tomcat/connectors/trunk/jk/native: apache-1.3/mod_jk.c apache-2.0/mod_jk.c iis/jk_isapi_plugin.c

[mturk]

Author: mturk
Date: Tue Mar 20 01:58:24 2007
New Revision: 520337

URL: http://svn.apache.org/viewvc?view=rev&rev=520337
Log:
JK_EXPOSED_VERSION already contains mod_jk string.

Modified:
tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c
tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c
tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c

Modified: tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c?view=diff&rev=520337&r1=520336&r2=520337
==
--- tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c (original)
+++ tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c Tue Mar 20 01:58:24 
2007
@@ -2616,7 +2616,7 @@
 /* Tell apache we're here */
 ap_add_version_component(JK_EXPOSED_VERSION);
 jk_log(conf->log, JK_LOG_INFO,
-   "mod_jk (%s) initialized",
+   "%s initialized",
JK_EXPOSED_VERSION);
 #endif
 return;

Modified: tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c?view=diff&rev=520337&r1=520336&r2=520337
==
--- tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c (original)
+++ tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c Tue Mar 20 01:58:24 
2007
@@ -2737,7 +2737,7 @@
 if (wc_open(init_map, &worker_env, conf->log)) {
 ap_add_version_component(pconf, JK_EXPOSED_VERSION);
 jk_log(conf->log, JK_LOG_INFO,
-   "mod_jk (%s) initialized",
+   "%s initialized",
JK_EXPOSED_VERSION);
 }
 else {

Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?view=diff&rev=520337&r1=520336&r2=520337
==
--- tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c Tue Mar 20 01:58:24 
2007
@@ -1341,7 +1341,11 @@
 }
 }
 }
-
+if (rc) {
+jk_log(logger, JK_LOG_INFO,
+   "isapi_redirect/%s initialized",
+   JK_VERSTRING);
+}
 return rc;
 }
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520338 - /tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc

[mturk]

Author: mturk
Date: Tue Mar 20 02:01:23 2007
New Revision: 520338

URL: http://svn.apache.org/viewvc?view=rev&rev=520338
Log:
Remove the binary type from .qclsrc

Modified:
tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc   (props changed)

Propchange: tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc
--
svn:eol-style = native

Propchange: tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc
('svn:mime-type' removed)



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520339 - /tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc

[mturk]

Author: mturk
Date: Tue Mar 20 02:04:02 2007
New Revision: 520339

URL: http://svn.apache.org/viewvc?view=rev&rev=520339
Log:
No function change. Just to check if the props are working

Modified:
tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc

Modified: tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc?view=diff&rev=520339&r1=520338&r2=520339
==
--- tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc (original)
+++ tomcat/connectors/trunk/jk/native/apache-2.0/bldjk.qclsrc Tue Mar 20 
02:04:02 2007
@@ -229,6 +229,6 @@
   SRCMBR(MOD_JK) +
   BNDSRVPGM(QHTTPSVR/QZSRAPR QHTTPSVR/QZSRCORE +
 QHTTPSVR/QZSRXMLP QHTTPSVR/QZSRSDBM) +
-  TEXT('Apache mod_jk tomcat connector module')
+  TEXT('Apache Tomcat mod_jk connector module')
 
 ENDPGM



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41819] - JSF components does not work inside a JSP tag

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41819





--- Additional Comments From [EMAIL PROTECTED]  2007-03-20 05:22 ---
Created an attachment (id=19752)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19752&action=view)
war to test the bug (jars are not included, because size of the file will be
too big)

it includes a jsf file Page1.jsp, which contains a jsp tag "PageHeader.tag". In
PageHeader.tag. When I run it in glassfish, the result is the following: 
"user test" is shown in the browser. If I run it with Tomcat I get an error:
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:85)

   
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330)

   
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:415)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
   
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)

   
org.apache.jasper.servlet.JspServletWrapper.loadTagFile(JspServletWrapper.java:212)

   
org.apache.jasper.compiler.TagFileProcessor.loadTagFile(TagFileProcessor.java:576)

   
org.apache.jasper.compiler.TagFileProcessor.access$000(TagFileProcessor.java:50)

   
org.apache.jasper.compiler.TagFileProcessor$TagFileLoaderVisitor.visit(TagFileProcessor.java:627)

org.apache.jasper.compiler.Node$CustomTag.accept(Node.java:1507)
org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2336)
org.apache.jasper.compiler.Node$Visitor.visitBody(Node.java:2386)
   
org.apache.jasper.compiler.TagFileProcessor$TagFileLoaderVisitor.visit(TagFileProcessor.java:631)

org.apache.jasper.compiler.Node$CustomTag.accept(Node.java:1507)
org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2336)
org.apache.jasper.compiler.Node$Visitor.visitBody(Node.java:2386)
   
org.apache.jasper.compiler.TagFileProcessor$TagFileLoaderVisitor.visit(TagFileProcessor.java:631)

org.apache.jasper.compiler.Node$CustomTag.accept(Node.java:1507)
org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2336)
org.apache.jasper.compiler.Node$Visitor.visitBody(Node.java:2386)
org.apache.jasper.compiler.Node$Visitor.visit(Node.java:2392)
org.apache.jasper.compiler.Node$Root.accept(Node.java:489)
org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2336)
   
org.apache.jasper.compiler.TagFileProcessor.loadTagFiles(TagFileProcessor.java:645)

org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:190)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:306)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
   
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)

   
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:308)

   
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
   
com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:414)

   
com.sun.faces.application.ViewHandlerImpl.executePageToBuildView(ViewHandlerImpl.java:455)

   
com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:139)
   
org.ajax4jsf.framework.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:101)

   
org.ajax4jsf.framework.ajax.AjaxViewHandler.renderView(AjaxViewHandler.java:221)

   
com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:533)
   
org.ajax4jsf.framework.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:101)

   
org.ajax4jsf.framework.ajax.AjaxViewHandler.renderView(AjaxViewHandler.java:221)

   
com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:108)

com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:266)
com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:159)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:

DO NOT REPLY [Bug 41901] New: - if custom component written in facelets include statement is called inside , if statement is now executed

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41901

   Summary: if custom component written in facelets include 
statement is called inside , if statement
is now executed
   Product: Tomcat 6
   Version: 6.0.7
  Platform: Other
OS/Version: other
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


I have a custom composite component in facelets, which contains code as 
following:

1. 
2. 

I call this component from  as following:

   



 
 

>From line 1. I get printed "7", but line 2 does not print "s" as I would 
>expect.

If I call the same component from inside , I get the correct 
result:


 



  
 

In the last case I get printed "7" and "s".

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41901] - if custom component written in facelets include statement is called inside , if statement is now executed

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41901


[EMAIL PROTECTED] changed:

   What|Removed |Added

 CC||[EMAIL PROTECTED]




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41819] - JSF components does not work inside a JSP tag

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41819


[EMAIL PROTECTED] changed:

   What|Removed |Added

 CC||[EMAIL PROTECTED]




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Fwd: Vendor Notification VU#239041 - apache-tomcat]

[Remy Maucherat]

Remy Maucherat wrote:

-1 for the report summary posted at:
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html

It is highly misleading.


(moving to dev list since it's obviously not confidential)

In particular, the beginning is wrong IMO:
"Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request 
containing strings like "/\../" allow attackers to break out of the 
given context."
implies that "/\../" is special, would do something to standlone Tomcat, 
 could be used to browse the HD, etc. The rest then goes into the proxy 
situation, which should be the only thing being described.


Reworked text:

Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used behind a proxy (including, but not limited to, Apache HTTP server 
with mod_proxy and mod_jk) configured to only proxy some contexts, a 
HTTP request containing strings like "/\../" may allow attackers to work 
around the context restriction of the proxy, and access the non-proxied 
contexts.


The following Java startup options have been added to Tomcat to provide 
additional control of the handling of '\' and '%5c' in URLs (both 
options default to false):

* -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
* -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
This issue can also be solved by configuring the appropriate URL 
handling in the proxy server.


Due to the impossibility to guarantee that all URLs are handled by 
Tomcat as they are in proxy servers, Tomcat should always be secured as 
if no proxy restricting context access was used.


Comments ?

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Fwd: Vendor Notification VU#239041 - apache-tomcat]

[Yoav Shapira]

Hi,

On 3/20/07, Remy Maucherat <[EMAIL PROTECTED]> wrote:

Due to the impossibility to guarantee that all URLs are handled by
Tomcat as they are in proxy servers, Tomcat should always be secured as
if no proxy restricting context access was used.

Comments ?


+1 to your reworked text, I like it.

Yoav

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Fwd: Vendor Notification VU#239041 - apache-tomcat]

[Peter Rossbach]

+1, Jep, this explain better the real problem :-)

Peter



Am 20.03.2007 um 15:10 schrieb Remy Maucherat:


Remy Maucherat wrote:

-1 for the report summary posted at:
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
It is highly misleading.


(moving to dev list since it's obviously not confidential)

In particular, the beginning is wrong IMO:
"Tomcat permits both '\' and '%5C' as path delimiters. A HTTP  
request containing strings like "/\../" allow attackers to break  
out of the given context."
implies that "/\../" is special, would do something to standlone  
Tomcat,  could be used to browse the HD, etc. The rest then goes  
into the proxy situation, which should be the only thing being  
described.


Reworked text:

Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat  
is used behind a proxy (including, but not limited to, Apache HTTP  
server with mod_proxy and mod_jk) configured to only proxy some  
contexts, a HTTP request containing strings like "/\../" may allow  
attackers to work around the context restriction of the proxy, and  
access the non-proxied contexts.


The following Java startup options have been added to Tomcat to  
provide additional control of the handling of '\' and '%5c' in URLs  
(both options default to false):

* -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
* - 
Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true| 
false
This issue can also be solved by configuring the appropriate URL  
handling in the proxy server.


Due to the impossibility to guarantee that all URLs are handled by  
Tomcat as they are in proxy servers, Tomcat should always be  
secured as if no proxy restricting context access was used.


Comments ?

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Fwd: Vendor Notification VU#239041 - apache-tomcat]

[Mladen Turk]

Remy Maucherat wrote:


Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used behind a proxy (including, but not limited to, Apache HTTP server 
with mod_proxy and mod_jk) configured to only proxy some contexts, a 
HTTP request containing strings like "/\../" may allow attackers to work 
around the context restriction of the proxy, and access the non-proxied 
contexts.




But this is unlikely to happen unless you explicitly add
AllowEncodedSlashes and unless you physically put your webapps
inside ServerRoot so they can be directly access by web server
regardless of proxy used.

The following Java startup options have been added to Tomcat to provide 
additional control of the handling of '\' and '%5c' in URLs (both 
options default to false):

* -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
* -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
This issue can also be solved by configuring the appropriate URL 
handling in the proxy server.


Due to the impossibility to guarantee that all URLs are handled by 
Tomcat as they are in proxy servers, Tomcat should always be secured as 
if no proxy restricting context access was used.


Comments ?



Makes sense to have those double secured.

Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Fwd: Vendor Notification VU#239041 - apache-tomcat]

[Remy Maucherat]

Mladen Turk wrote:

Remy Maucherat wrote:


Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used behind a proxy (including, but not limited to, Apache HTTP server 
with mod_proxy and mod_jk) configured to only proxy some contexts, a 
HTTP request containing strings like "/\../" may allow attackers to 
work around the context restriction of the proxy, and access the 
non-proxied contexts.


But this is unlikely to happen unless you explicitly add
AllowEncodedSlashes and unless you physically put your webapps
inside ServerRoot so they can be directly access by web server
regardless of proxy used.


This may depend on the platform, and it could apply to any proxy. It's 
very similar to the content-length thingie.


Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520427 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml

[remm]

Author: remm
Date: Tue Mar 20 08:21:10 2007
New Revision: 520427

URL: http://svn.apache.org/viewvc?view=rev&rev=520427
Log:
- Clarify the '\' security issue.

Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=520427&r1=520426&r2=520427
==
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Tue Mar 20 08:21:10 2007
@@ -246,15 +246,16 @@
CVE-2007-0450
 
 
-Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
-   containing strings like "/\../" allow attackers to break out of the 
given
-   context. Additionally, when using Tomcat behind a proxy configured to
-   only proxy some contexts this permits access to non-proxied contexts.
-   When used behind a proxy it is recommended that Tomcat is secured as if
-   the proxy were not present.
+Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used 
+   behind a proxy (including, but not limited to, Apache HTTP server with 
+   mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP 
request 
+   containing strings like "/\../" may allow attackers to work around the 
context 
+   restriction of the proxy, and access the non-proxied contexts.
+
 
-The following Java startup options have been added to Tomcat to provide
-   additional control of the handling of '\' and '%5c' in URLs:
+The following Java startup options have been added to Tomcat to provide 
+   additional control of the handling of '\' and '%5c' in URLs (both 
options 
+   default to false):

  
 
@@ -267,7 +268,11 @@
  
 

-   These options default to false.
+
+
+Due to the impossibility to guarantee that all URLs are handled by 
Tomcat as 
+   they are in proxy servers, Tomcat should always be secured as if no 
proxy 
+   restricting context access was used.
 
 
 Affects: 4.0.0-4.0.6, 4.1.0-4.1.34

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=520427&r1=520426&r2=520427
==
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Tue Mar 20 08:21:10 2007
@@ -269,15 +269,16 @@
CVE-2007-0450
 
 
-Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
-   containing strings like "/\../" allow attackers to break out of the 
given
-   context. Additionally, when using Tomcat behind a proxy configured to
-   only proxy some contexts this permits access to non-proxied contexts.
-   When used behind a proxy it is recommended that Tomcat is secured as if
-   the proxy were not present.
+Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used 
+   behind a proxy (including, but not limited to, Apache HTTP server with 
+   mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP 
request 
+   containing strings like "/\../" may allow attackers to work around the 
context 
+   restriction of the proxy, and access the non-proxied contexts.
+
 
-The following Java startup options have been added to Tomcat to provide
-   additional control of the handling of '\' and '%5c' in URLs:
+The following Java startup options have been added to Tomcat to provide 
+   additional control of the handling of '\' and '%5c' in URLs (both 
options 
+   default to false):

  
 
@@ -290,7 +291,11 @@
  
 

-   These options default to false.
+
+
+Due to the impossibility to guarantee that all URLs are handled by 
Tomcat as 
+   they are in proxy servers, Tomcat should always be secured as if no 
proxy 
+   restricting context access was used.
 
 
 Affects: 5.5.0-5.5.21, 5.0.0-5.0.30

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=520427&r1=520426&r2=520427
==
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Tue Mar 20 08:21:10 2007
@@ -269,15 +269,16 @@
CVE-2007-0450
 
 
-Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
-   containing strings like "/\../" allow attackers to break out of the 
given
-   context. Additionally, when using Tomcat behind a proxy

Re: [Fwd: Vendor Notification VU#239041 - apache-tomcat]

[William A. Rowe, Jr.]

Mladen Turk wrote:
> Remy Maucherat wrote:
>>
>> Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is
>> used behind a proxy (including, but not limited to, Apache HTTP server
>> with mod_proxy and mod_jk) configured to only proxy some contexts, a
>> HTTP request containing strings like "/\../" may allow attackers to
>> work around the context restriction of the proxy, and access the
>> non-proxied contexts.

You neglected to mention %2F - a significant identical issue.

> But this is unlikely to happen unless you explicitly add
> AllowEncodedSlashes and unless you physically put your webapps
> inside ServerRoot so they can be directly access by web server
> regardless of proxy used.

Nope - you have one misunderstanding of AllowEncodedSlashes!

On Windows, this will not happen (if the path is physical and not
virtual), you are correct.  On all platforms, %2F is caught and
rejected by default, as well.

On Unix, %5C is an opaque filename byte.  E.g. /My\Cool\App/ is a
one level deep filename "My\Cool\App" (escaped with shell syntax as
My\\Cool\\App).  On both, '\' itself unescaped is meaningless and
disallowed.

Just to be clear, %2F is also an opaque filename byte, that can't
be represented on Unix or Windows (because it is their path seperator).
But on Mac OS 9 for example, there would be nothing improper about
/my%2Fdocs mapping to the file my/docs in WebServer:Documents.  It
most definitely NEVER means path-delimiter.

So Unix couldn't care less that you are passing %5C's al la '\'s,
they are opaque character bytes, per RFC 2396 (which for purposes of
HTTP/1.1 is not superseded by RFC 3986, although it would be in the
next draft of the HTTP spec, probably.)

I've started a thread on httpd suggesting to disallow %5C the same on
Unix as on Windows, or to treat it as '/' path delimiter on either, for
the sake of consistency and the fact that half the world is treating %5C
as a delimiter against the RFC guidelines.

Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520518 - /tomcat/connectors/trunk/jni/native/src/sslcontext.c

[mturk]

Author: mturk
Date: Tue Mar 20 11:48:25 2007
New Revision: 520518

URL: http://svn.apache.org/viewvc?view=rev&rev=520518
Log:
Return APR_ENOTIMPL for a dummy SSLContext.free function

Modified:
tomcat/connectors/trunk/jni/native/src/sslcontext.c

Modified: tomcat/connectors/trunk/jni/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/native/src/sslcontext.c?view=diff&rev=520518&r1=520517&r2=520518
==
--- tomcat/connectors/trunk/jni/native/src/sslcontext.c (original)
+++ tomcat/connectors/trunk/jni/native/src/sslcontext.c Tue Mar 20 11:48:25 2007
@@ -597,6 +597,7 @@
 {
 UNREFERENCED_STDARGS;
 UNREFERENCED(ctx);
+return APR_ENOTIMPL;
 }
 
 TCN_IMPLEMENT_CALL(void, SSLContext, setContextId)(TCN_STDARGS, jlong ctx,



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41909] New: - JK2 build should allow building for Apache 2.0 and 1.3 simultaneously

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41909

   Summary: JK2 build should allow building for Apache 2.0 and 1.3
simultaneously
   Product: Tomcat 5
   Version: Unknown
  Platform: Other
OS/Version: other
Status: NEW
  Severity: enhancement
  Priority: P4
 Component: Native:JK
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


The .configure script for JK2 has an option to specify a --with-apxs= path
directive that points to the Apache apxs executable. The connector is then built
for either Apache 1.3 or 2.o. Because separate build directories are set up, the
script should allow either the specification of multiple --with-apxs items
(confusing) or the user to say --with-apxs-1.3= and --with-apxs-2.0= to build
both targets.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520556 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml

[remm]

Author: remm
Date: Tue Mar 20 13:28:25 2007
New Revision: 520556

URL: http://svn.apache.org/viewvc?view=rev&rev=520556
Log:
- Some additional tweaks.

Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=520556&r1=520555&r2=520556
==
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Tue Mar 20 13:28:25 2007
@@ -246,27 +246,23 @@
CVE-2007-0450
 
 
-Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used 
+Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is 
used 
behind a proxy (including, but not limited to, Apache HTTP server with 
mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP 
request 
containing strings like "/\../" may allow attackers to work around the 
context 
restriction of the proxy, and access the non-proxied contexts.
 
 
-The following Java startup options have been added to Tomcat to provide 
-   additional control of the handling of '\' and '%5c' in URLs (both 
options 
+The following Java system properties have been added to Tomcat to 
provide 
+   additional control of the handling of path delimiters in URLs (both 
options 
default to false):

  
-
-   -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
- 
-
+   
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH: 
true|false
+ 
  
-
-   
-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
- 
-
+   
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH: 
true|false
+ 

 
 

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=520556&r1=520555&r2=520556
==
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Tue Mar 20 13:28:25 2007
@@ -269,27 +269,23 @@
CVE-2007-0450
 
 
-Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used 
+Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is 
used 
behind a proxy (including, but not limited to, Apache HTTP server with 
mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP 
request 
containing strings like "/\../" may allow attackers to work around the 
context 
restriction of the proxy, and access the non-proxied contexts.
 
 
-The following Java startup options have been added to Tomcat to provide 
-   additional control of the handling of '\' and '%5c' in URLs (both 
options 
+The following Java system properties have been added to Tomcat to 
provide 
+   additional control of the handling of path delimiters in URLs (both 
options 
default to false):

  
-
-   -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
- 
-
+   
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH: 
true|false
+ 
  
-
-   
-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
- 
-
+   
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH: 
true|false
+ 

 
 

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=520556&r1=520555&r2=520556
==
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Tue Mar 20 13:28:25 2007
@@ -269,27 +269,23 @@
CVE-2007-0450
 
 
-Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is 
used 
+Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is 
used 
behind a proxy (including, but not limited to, Apache HTTP server with 
mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP 
request 
containing strings like "/\../" may allow attackers to work around the 
context 
restriction of the proxy, and access the non-proxied contexts.
 
 
-The following Java startup options have been added to Tomcat to provide 
-   additional control of the handling of '\' and '%5c' in URLs (both 
options 
+The following Java system properties have been added to Tomcat to 
provide 
+   additio

Re: [Fwd: Vendor Notification VU#239041 - apache-tomcat]

[Remy Maucherat]

William A. Rowe, Jr. wrote:

Mladen Turk wrote:

Remy Maucherat wrote:

Tomcat permits both '\' and '%5C' as path delimiters. When Tomcat is
used behind a proxy (including, but not limited to, Apache HTTP server
with mod_proxy and mod_jk) configured to only proxy some contexts, a
HTTP request containing strings like "/\../" may allow attackers to
work around the context restriction of the proxy, and access the
non-proxied contexts.


You neglected to mention %2F - a significant identical issue.


Ok, it's fixed.

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: CometEvent.END will never be called

[Remy Maucherat]

Filip Hanik - Dev Lists wrote:
Since apps are shutdown before the connectors, all CometProcessors are 
marked unavailable by the time the connector wants to invoke CometEvent.END


when thinking about it, the servlet developer can piggy back on the 
Servlet.destroy method, but should we enable this call to go through or 
should we remove it?


I don't think it can be called at the moment either.

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520693 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

[fhanik]

Author: fhanik
Date: Tue Mar 20 18:34:07 2007
New Revision: 520693

URL: http://svn.apache.org/viewvc?view=rev&rev=520693
Log:
don't give the selector infinite time to shutdown

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?view=diff&rev=520693&r1=520692&r2=520693
==
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Tue 
Mar 20 18:34:07 2007
@@ -1225,7 +1225,7 @@
 close = true;
 events.clear();
 selector.wakeup();
-try { stopLatch.await(); } catch (InterruptedException ignore ) {}
+try { stopLatch.await(5,TimeUnit.SECONDS); } catch 
(InterruptedException ignore ) {}
 }
 
 public void addEvent(Runnable event) {



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: CometEvent.END will never be called

[Filip Hanik - Dev Lists]

Remy Maucherat wrote:

Filip Hanik - Dev Lists wrote:
Since apps are shutdown before the connectors, all CometProcessors 
are marked unavailable by the time the connector wants to invoke 
CometEvent.END


when thinking about it, the servlet developer can piggy back on the 
Servlet.destroy method, but should we enable this call to go through 
or should we remove it?


I don't think it can be called at the moment either.
I guess its useful if the connector is shutdown through JMX or other 
method, but the container is still alive, so there are two ways the 
CometProcessor needs to be aware of cleanup:

1. Tomcat shutdown - use CometProcessor.destroy
2. Connector shutdown - use CometEvent.END

I just noticed that CometProcessor doesn't extend HttpServlet, I thought 
that inheritance was a given, is it not? It's useful for the scenario 
where the connector doesn't support comet, you can still deploy and 
invoke service(req,resp) method on it, and the URL is still valid.


thoughts?

Filip


Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: CometEvent.END will never be called

[Filip Hanik - Dev Lists]

Filip Hanik - Dev Lists wrote:

Remy Maucherat wrote:

Filip Hanik - Dev Lists wrote:
Since apps are shutdown before the connectors, all CometProcessors 
are marked unavailable by the time the connector wants to invoke 
CometEvent.END


when thinking about it, the servlet developer can piggy back on the 
Servlet.destroy method, but should we enable this call to go through 
or should we remove it?


I don't think it can be called at the moment either.
I guess its useful if the connector is shutdown through JMX or other 
method, but the container is still alive, so there are two ways the 
CometProcessor needs to be aware of cleanup:

1. Tomcat shutdown - use CometProcessor.destroy
2. Connector shutdown - use CometEvent.END

I just noticed that CometProcessor doesn't extend HttpServlet

I meant the javax.servlet.Servlet interface,
CometFilter extends javax.servlet.Filter

Filip
, I thought that inheritance was a given, is it not? It's useful for 
the scenario where the connector doesn't support comet, you can still 
deploy and invoke service(req,resp) method on it, and the URL is still 
valid.


thoughts?

Filip


Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520777 - /tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c

[mturk]

Author: mturk
Date: Tue Mar 20 23:58:38 2007
New Revision: 520777

URL: http://svn.apache.org/viewvc?view=rev&rev=520777
Log:
Make sure that any change to shared memory is protected by shm lock if the 
pessimistic locking is configured.

Modified:
tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c

Modified: tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c?view=diff&rev=520777&r1=520776&r2=520777
==
--- tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c Tue Mar 20 23:58:38 
2007
@@ -864,18 +864,29 @@
 s->route = rec->r;
 prec = rec;
 
-if (rec->s->state == JK_LB_STATE_RECOVER)
-rec->s->state = JK_LB_STATE_PROBE;
-
 if (JK_IS_DEBUG_LEVEL(l))
 jk_log(l, JK_LOG_DEBUG,
"service worker=%s route=%s",
rec->s->name, s->route);
+
+if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
+jk_shm_lock();
+if (rec->s->state == JK_LB_STATE_RECOVER)
+rec->s->state = JK_LB_STATE_PROBE;
+if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
+jk_shm_unlock();
+   
 while ((!(r=rec->w->get_endpoint(rec->w, &end, l)) || !end) && 
(retry < p->worker->s->retries)) {
 retry++;
 retry_wait *=2;
+
+if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
+jk_shm_lock();
 if (retry_wait > JK_LB_MAX_RETRY_WAIT)
 retry_wait = JK_LB_MAX_RETRY_WAIT;
+if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
+jk_shm_unlock();
+
 if (JK_IS_DEBUG_LEVEL(l))
 jk_log(l, JK_LOG_DEBUG,
"could not get free endpoint for worker"
@@ -889,8 +900,12 @@
  * as in error if the retry number is
  * greater then the number of retries.
  */
+if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
+jk_shm_lock();
 if (rec->s->state != JK_LB_STATE_ERROR)
 rec->s->state = JK_LB_STATE_BUSY;
+if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
+jk_shm_unlock();
 jk_log(l, JK_LOG_INFO,
"could not get free endpoint for worker %s (%d 
retries)",
rec->s->name, retry);
@@ -973,8 +988,6 @@
 if (service_stat == JK_TRUE) {
 rec->s->state = JK_LB_STATE_OK;
 rec->s->error_time = 0;
-if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
-jk_shm_unlock();
 rc = JK_TRUE;
 }
 else if (service_stat == JK_CLIENT_ERROR) {
@@ -985,8 +998,6 @@
 rec->s->client_errors++;
 rec->s->state = JK_LB_STATE_OK;
 rec->s->error_time = 0;
-if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
-jk_shm_unlock();
 jk_log(l, JK_LOG_INFO,
"unrecoverable error %d, request failed."
" Client failed in the middle of request,"
@@ -1004,9 +1015,6 @@
 rec->s->errors++;
 rec->s->state = JK_LB_STATE_ERROR;
 rec->s->error_time = time(NULL);
-if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
-jk_shm_unlock();
-
 if (is_service_error != JK_HTTP_SERVER_BUSY) {
 /*
 * Error is not recoverable - break with an error.
@@ -1024,6 +1032,8 @@
"service failed, worker %s is in error state",
rec->s->name);
 }
+if (p->worker->lblock == JK_LB_LOCK_PESSIMISTIC)
+jk_shm_unlock();
 }
 if ( rc == -1 ) {
 /*



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r520780 - /tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c

[mturk]

Author: mturk
Date: Wed Mar 21 00:20:50 2007
New Revision: 520780

URL: http://svn.apache.org/viewvc?view=rev&rev=520780
Log:
Simplify the add_lig_items by adding local function for filling the common 
values.

Modified:
tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c

Modified: tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c?view=diff&rev=520780&r1=520779&r2=520780
==
--- tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c Wed Mar 21 00:20:50 
2007
@@ -79,6 +79,32 @@
 NULL
 };
 
+static const char *lb_first_log_names[] = {
+JK_NOTE_LB_FIRST_NAME,
+JK_NOTE_LB_FIRST_VALUE,
+JK_NOTE_LB_FIRST_ACCESSED,
+JK_NOTE_LB_FIRST_READ,
+JK_NOTE_LB_FIRST_TRANSFERRED,
+JK_NOTE_LB_FIRST_ERRORS,
+JK_NOTE_LB_FIRST_BUSY,
+JK_NOTE_LB_FIRST_ACTIVATION,
+JK_NOTE_LB_FIRST_STATE,
+NULL
+};
+
+static const char *lb_last_log_names[] = {
+JK_NOTE_LB_LAST_NAME,
+JK_NOTE_LB_LAST_VALUE,
+JK_NOTE_LB_LAST_ACCESSED,
+JK_NOTE_LB_LAST_READ,
+JK_NOTE_LB_LAST_TRANSFERRED,
+JK_NOTE_LB_LAST_ERRORS,
+JK_NOTE_LB_LAST_BUSY,
+JK_NOTE_LB_LAST_ACTIVATION,
+JK_NOTE_LB_LAST_STATE,
+NULL
+};
+
 struct lb_endpoint
 {
 lb_worker_t *worker;
@@ -798,6 +824,47 @@
 return rc;
 }
 
+static void lb_add_log_items(jk_ws_service_t *s,
+ const char *const *log_names,
+ worker_record_t *w,
+ jk_logger_t *l)
+{
+const char **log_values = jk_pool_alloc(s->pool, sizeof(char *) * 
JK_LB_NOTES_COUNT);
+char *buf = jk_pool_alloc(s->pool, sizeof(char *) * JK_LB_NOTES_COUNT * 
JK_LB_UINT64_STR_SZ);
+if (log_values && buf) {
+/* JK_NOTE_LB_FIRST_NAME */
+log_values[0] = w->s->name;
+snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT64_T_FMT, 
w->s->lb_value);
+/* JK_NOTE_LB_FIRST_VALUE */
+log_values[1] = buf;
+buf += JK_LB_UINT64_STR_SZ;
+snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT64_T_FMT, w->s->elected);
+/* JK_NOTE_LB_FIRST_ACCESSED */
+log_values[2] = buf;
+buf += JK_LB_UINT64_STR_SZ;
+snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT64_T_FMT, w->s->readed);
+/* JK_NOTE_LB_FIRST_READ */
+log_values[3] = buf;
+buf += JK_LB_UINT64_STR_SZ;
+snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT64_T_FMT, 
w->s->transferred);
+/* JK_NOTE_LB_FIRST_TRANSFERRED */
+log_values[4] = buf;
+buf += JK_LB_UINT64_STR_SZ;
+snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT32_T_FMT, w->s->errors);
+/* JK_NOTE_LB_FIRST_ERRORS */
+log_values[5] = buf;
+buf += JK_LB_UINT64_STR_SZ;
+snprintf(buf, JK_LB_UINT64_STR_SZ, "%d", w->s->busy);
+/* JK_NOTE_LB_FIRST_BUSY */
+log_values[6] = buf;
+/* JK_NOTE_LB_FIRST_ACTIVATION */
+log_values[7] = jk_lb_get_activation(w, l);
+/* JK_NOTE_LB_FIRST_STATE */
+log_values[8] = jk_lb_get_state(w, l);
+s->add_log_items(s, log_names, log_values, JK_LB_NOTES_COUNT);
+}
+}
+
 static int JK_METHOD service(jk_endpoint_t *e,
  jk_ws_service_t *s,
  jk_logger_t *l, int *is_error)
@@ -1045,42 +1112,8 @@
"recoverable error... will try to recover on other 
worker");
 }
 if (first == 1 && s->add_log_items) {
-const char **log_names = jk_pool_alloc(s->pool, sizeof(char *) 
* JK_LB_NOTES_COUNT);
-const char **log_values = jk_pool_alloc(s->pool, sizeof(char 
*) * JK_LB_NOTES_COUNT);
-char *buf = jk_pool_alloc(s->pool, sizeof(char *) * 
JK_LB_NOTES_COUNT * JK_LB_UINT64_STR_SZ);;
 first = 0;
-if (log_names && log_values && buf) {
-log_names[0] = JK_NOTE_LB_FIRST_NAME;
-log_values[0] = prec->s->name;
-snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT64_T_FMT, 
prec->s->lb_value);
-log_names[1] = JK_NOTE_LB_FIRST_VALUE;
-log_values[1] = buf;
-buf += JK_LB_UINT64_STR_SZ;
-snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT64_T_FMT, 
prec->s->elected);
-log_names[2] = JK_NOTE_LB_FIRST_ACCESSED;
-log_values[2] = buf;
-buf += JK_LB_UINT64_STR_SZ;
-snprintf(buf, JK_LB_UINT64_STR_SZ, "%" JK_UINT64_T_FMT, 
prec->s->readed);
-log_names[3] = JK_NOTE_LB_FIRST_READ;
-log_values[3] = buf;
-buf += JK_LB_UINT64_STR_SZ;
-snprintf(buf, JK_LB_UINT64_STR_SZ,