svn propchange: r826435 - svn:log
Author: kkolinko Revision: 826435 Modified property: svn:log Modified: svn:log at Mon Nov 16 11:39:32 2009 -- --- svn:log (original) +++ svn:log Mon Nov 16 11:39:32 2009 @@ -1 +1 @@ -Chnage release howto to reflect new svn layout. +Change release howto to reflect new svn layout. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880734 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: jfclere Date: Mon Nov 16 13:07:05 2009 New Revision: 880734 URL: http://svn.apache.org/viewvc?rev=880734&view=rev Log: My vote. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=880734&r1=880733&r2=880734&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 16 13:07:05 2009 @@ -426,7 +426,7 @@ * Disable TLS renegotiation be default with an option to re-enable it Based on Costin's patch for trunk with Mark's modifications http://people.apache.org/~markt/patches/2009-11-10-cve-2009-3555-tc6.patch - +1: markt, billbarker, mturk, kkolinko + +1: markt, billbarker, mturk, kkolinko, jfclere -1: * Improvements to memory leak prevention - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880742 - /tomcat/native/branches/1.1.x/STATUS.txt
Author: jfclere Date: Mon Nov 16 13:28:11 2009 New Revision: 880742 URL: http://svn.apache.org/viewvc?rev=880742&view=rev Log: My vote. Modified: tomcat/native/branches/1.1.x/STATUS.txt Modified: tomcat/native/branches/1.1.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/STATUS.txt?rev=880742&r1=880741&r2=880742&view=diff == --- tomcat/native/branches/1.1.x/STATUS.txt (original) +++ tomcat/native/branches/1.1.x/STATUS.txt Mon Nov 16 13:28:11 2009 @@ -39,5 +39,5 @@ Backport from trunk https://svn.apache.org/viewvc?view=revision&revision=835322 https://svn.apache.org/viewvc?view=revision&revision=835335 - +1: mturk + +1: mturk, jfclere -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r880742 - /tomcat/native/branches/1.1.x/STATUS.txt
On 11/16/2009 02:28 PM, jfcl...@apache.org wrote: Author: jfclere Date: Mon Nov 16 13:28:11 2009 New Revision: 880742 URL: http://svn.apache.org/viewvc?rev=880742&view=rev Log: My vote. Well native is Commit-Then-Review. Mladen please commit. Cheers Jean-Frederic Modified: tomcat/native/branches/1.1.x/STATUS.txt Modified: tomcat/native/branches/1.1.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/STATUS.txt?rev=880742&r1=880741&r2=880742&view=diff == --- tomcat/native/branches/1.1.x/STATUS.txt (original) +++ tomcat/native/branches/1.1.x/STATUS.txt Mon Nov 16 13:28:11 2009 @@ -39,5 +39,5 @@ Backport from trunk https://svn.apache.org/viewvc?view=revision&revision=835322 https://svn.apache.org/viewvc?view=revision&revision=835335 - +1: mturk + +1: mturk, jfclere -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48158] warn that "per directory client certificate authentication" is harmful
https://issues.apache.org/bugzilla/show_bug.cgi?id=48158 --- Comment #7 from Luciana Moreira 2009-11-16 06:25:22 UTC --- Created an attachment (id=24542) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24542) patch_48158_c5_wildCard.txt I have come up with a patch to allow accepting any client certificate on a per Connector basis. In server.xml the following attribute should be added in the Connector element: If this argument is present and set to true or yes, then the AcceptAllTrustManager will be used as Trust Manager. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48158] warn that "per directory client certificate authentication" is harmful
https://issues.apache.org/bugzilla/show_bug.cgi?id=48158 --- Comment #8 from Mark Thomas 2009-11-16 06:37:25 GMT --- (In reply to comment #7) > I have come up with a patch to allow accepting any client certificate on a per > Connector basis. Please don't hijack an unrelated bug report. You should create a new issue (mark it as an enhancement request) and attach your patch to the new issue. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880786 - /tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Author: markt
Date: Mon Nov 16 15:15:45 2009
New Revision: 880786
URL: http://svn.apache.org/viewvc?rev=880786&view=rev
Log:
Remove code that doesn't do anything
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=880786&r1=880785&r2=880786&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Mon Nov 16 15:15:45 2009
@@ -223,7 +223,6 @@
uriCC.setLimit(-1);
String contextPath = request.getContextPath();
String requestURI = request.getDecodedRequestURI();
-response.setContext(request.getContext());
// Is this the action request from the login page?
boolean loginAction =
@@ -384,8 +383,7 @@
* @param request The request to be restored
* @param session The session containing the saved information
*/
-protected boolean restoreRequest(Request request, Session session)
-throws IOException {
+protected boolean restoreRequest(Request request, Session session) {
// Retrieve and remove the SavedRequest object from our session
SavedRequest saved = (SavedRequest)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880788 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: markt Date: Mon Nov 16 15:17:38 2009 New Revision: 880788 URL: http://svn.apache.org/viewvc?rev=880788&view=rev Log: Propose limited cookie back ports Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=880788&r1=880787&r2=880788&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Nov 16 15:17:38 2009 @@ -197,7 +197,6 @@ +1: kkolinko -1: - * Disable TLS renegotiation be default with an option to re-enable it Based on Costin's patch for trunk with Mark's modifications http://people.apache.org/~markt/patches/2009-11-10-cve-2009-3555-tc5.patch @@ -209,3 +208,13 @@ http://people.apache.org/~kkolinko/patches/2009-11-15_Installer_serverxml_tc55.patch +1: kkolinko -1: + +* Single quote should be not be treated as a separator + http://svn.apache.org/viewvc?rev=830999&view=rev + +1: markt + -1: + +* Provide an option to allow = in cookie values + http://people.apache.org/~markt/patches/2009-11-15-cookie-allow-equals.patch + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880789 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Mon Nov 16 15:18:03 2009 New Revision: 880789 URL: http://svn.apache.org/viewvc?rev=880789&view=rev Log: Propose limited cookie back ports Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=880789&r1=880788&r2=880789&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 16 15:18:03 2009 @@ -453,3 +453,13 @@ http://people.apache.org/~kkolinko/patches/2009-11-12_PrivilegedFindResource_tc6.patch +1: kkolinko -1: + +* Single quote should be not be treated as a separator + http://svn.apache.org/viewvc?rev=830999&view=rev + +1: markt + -1: + +* Provide an option to allow = in cookie values + http://people.apache.org/~markt/patches/2009-11-15-cookie-allow-equals.patch + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r880788 - /tomcat/tc5.5.x/trunk/STATUS.txt
2009/11/16 : > > +* Provide an option to allow = in cookie values > + > http://people.apache.org/~markt/patches/2009-11-15-cookie-allow-equals.patch > + +1: markt > + -1: There is a misprint in the doc part of it: "value" is mentioned twice: + be dropped. If not specified, the default value specification compliant + value of false will be used. The rest looks good. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880839 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 16 16:38:10 2009 New Revision: 880839 URL: http://svn.apache.org/viewvc?rev=880839&view=rev Log: a comment and a backport proposal Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=880839&r1=880838&r2=880839&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Nov 16 16:38:10 2009 @@ -85,6 +85,8 @@ http://svn.apache.org/viewvc?rev=805182&view=rev +1: markt -1: + 0: kkolinko: ( There is a different patch for tc6.0.x now ). + * Fix regression in fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=38797 @@ -140,6 +142,16 @@ http://svn.apache.org/viewvc?view=rev&revision=439565 +1: markt -1: + 0: kkolinko ( + - In general looks good, but I do not like Compiler.java part of the + patch. Printing exceptions to stderr aka catalina.out is not good, but + silently swallowing them is not good either. Though that is to be + fixed in tc6.0.x first. + - I would like rev.832102 to be combined with this one. + - Just a note: This issue won't affect configurations where Jasper + runs with development=false. + ) + * Fix cluster replication problem for o.a.c.ha: session expiration uses a replication shortcut, so that attributes changed immediately @@ -169,6 +181,17 @@ +1: kkolinko, markt -1: + 3) Remove use of WebappClassLoader$PrivilegedFindResource, + because all findResourceInternal(String,String) calls are now already + wrapped with AccessController.doPrivileged, so additional wrapping is not + needed. Add preloading of the new PrivilegedFindResourceByName class, + (to fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48097#c13 + ) + http://people.apache.org/~kkolinko/patches/2009-11-12_PrivilegedFindResource_tc6.patch + +1: kkolinko + -1: + + * Include root cause exception into the one produced by ApplicationContextFacade#doPrivileged() http://svn.apache.org/viewvc?rev=831819&view=rev +1: kkolinko, markt - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880856 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 16 17:16:45 2009 New Revision: 880856 URL: http://svn.apache.org/viewvc?rev=880856&view=rev Log: veto Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=880856&r1=880855&r2=880856&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Nov 16 17:16:45 2009 @@ -234,10 +234,29 @@ * Single quote should be not be treated as a separator http://svn.apache.org/viewvc?rev=830999&view=rev - +1: markt + +1: markt, kkolinko -1: * Provide an option to allow = in cookie values http://people.apache.org/~markt/patches/2009-11-15-cookie-allow-equals.patch +1: markt - -1: + -1: kkolinko: ( +It does not work. +In Cookies.java#processCookieHeader(byte bytes[], int off, int len) line 367: + pos = nameEnd = getTokenEndPosition(bytes,pos,end); +will parse "a=b=c" cookie as having a name of "a=b=c". + +Go to http://localhost:8080/servlets-examples/servlet/CookieExample +Create a cookie with name "foo" and value "bar" +Refresh the page. It says: +Cookie Name: foo=bar +Cookie Value: + +Also + - ALLOW_EQUALS_IN_VALUE declaration in Cookies.java is better to be + moved upper. I do not like that it is in between "SEPARATORS" and + "separators". + + - A typo in systemprops.xml patch: "default value": "value" is + mentioned twice. + ) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r880859 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Mon Nov 16 17:25:41 2009 New Revision: 880859 URL: http://svn.apache.org/viewvc?rev=880859&view=rev Log: vote and veto Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=880859&r1=880858&r2=880859&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 16 17:25:41 2009 @@ -456,10 +456,10 @@ * Single quote should be not be treated as a separator http://svn.apache.org/viewvc?rev=830999&view=rev - +1: markt + +1: markt, kkolinko -1: * Provide an option to allow = in cookie values http://people.apache.org/~markt/patches/2009-11-15-cookie-allow-equals.patch +1: markt - -1: + -1: kkolinko: the same as with tc5.5 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r881072 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: markt Date: Tue Nov 17 00:37:26 2009 New Revision: 881072 URL: http://svn.apache.org/viewvc?rev=881072&view=rev Log: Withdraw patch whilst I review reported issues Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=881072&r1=881071&r2=881072&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Tue Nov 17 00:37:26 2009 @@ -236,27 +236,3 @@ http://svn.apache.org/viewvc?rev=830999&view=rev +1: markt, kkolinko -1: - -* Provide an option to allow = in cookie values - http://people.apache.org/~markt/patches/2009-11-15-cookie-allow-equals.patch - +1: markt - -1: kkolinko: ( -It does not work. -In Cookies.java#processCookieHeader(byte bytes[], int off, int len) line 367: - pos = nameEnd = getTokenEndPosition(bytes,pos,end); -will parse "a=b=c" cookie as having a name of "a=b=c". - -Go to http://localhost:8080/servlets-examples/servlet/CookieExample -Create a cookie with name "foo" and value "bar" -Refresh the page. It says: -Cookie Name: foo=bar -Cookie Value: - -Also - - ALLOW_EQUALS_IN_VALUE declaration in Cookies.java is better to be - moved upper. I do not like that it is in between "SEPARATORS" and - "separators". - - - A typo in systemprops.xml patch: "default value": "value" is - mentioned twice. - ) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r881073 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Tue Nov 17 00:37:46 2009 New Revision: 881073 URL: http://svn.apache.org/viewvc?rev=881073&view=rev Log: Withdraw patch whilst I review reported issues Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=881073&r1=881072&r2=881073&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Nov 17 00:37:46 2009 @@ -458,8 +458,3 @@ http://svn.apache.org/viewvc?rev=830999&view=rev +1: markt, kkolinko -1: - -* Provide an option to allow = in cookie values - http://people.apache.org/~markt/patches/2009-11-15-cookie-allow-equals.patch - +1: markt - -1: kkolinko: the same as with tc5.5 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r881088 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt bin/catalina.sh webapps/docs/changelog.xml
Author: kkolinko Date: Tue Nov 17 01:42:36 2009 New Revision: 881088 URL: http://svn.apache.org/viewvc?rev=881088&view=rev Log: Make the location of stdout and stderr output configurable. Leave the default as it always has been. Currently, one can reconfigure the location of all logfiles except this one. Patch by fhanik Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/bin/catalina.sh tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc6.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Nov 17 01:42:36 2009 @@ -1 +1 @@ -/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,772872,77 6921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,815972,817442,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,831774,831785,831828,831850,831860,832218 +/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,772872,77 6921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,815972,817442,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,831774,831785,831828,831850,831860,832218,835036 Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=881088&r1=881087&r2=881088&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Nov 17 01:42:36 2009 @@ -438,11 +438,6 @@ a) in JavaDoc: s/Locked usually files occur/Locked files usually occur/ b) in listeners.xml: s/case by case basis is required/.. as required/ or /.. if required/ ? -* Make location and filename of catalina.out configurable in catalina.sh - http://svn.apache.org/viewvc?rev=835036&view=rev - +1: fhanik, mturk, kkolinko - -1: - * Additional fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=48097 1) Code cleanup: Remove use of WebappClassLoader$PrivilegedFindRe
svn commit: r881100 - in /tomcat/trunk/java/org/apache/catalina: ./ authenticator/ connector/
Author: markt Date: Tue Nov 17 02:19:49 2009 New Revision: 881100 URL: http://svn.apache.org/viewvc?rev=881100&view=rev Log: Implement request.authenticate() This required re-factoring the Authenticator interface to use HttpServletResponse. It would be nice to refactor to use HttpServletRequest as well but at the moment the authenticator requires too much access to the request internals. Modified: tomcat/trunk/java/org/apache/catalina/Authenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java tomcat/trunk/java/org/apache/catalina/connector/Request.java Modified: tomcat/trunk/java/org/apache/catalina/Authenticator.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Authenticator.java?rev=881100&r1=881099&r2=881100&view=diff == --- tomcat/trunk/java/org/apache/catalina/Authenticator.java (original) +++ tomcat/trunk/java/org/apache/catalina/Authenticator.java Tue Nov 17 02:19:49 2009 @@ -21,6 +21,8 @@ import java.io.IOException; import java.security.Principal; +import javax.servlet.http.HttpServletResponse; + import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.deploy.LoginConfig; @@ -43,13 +45,13 @@ * created a response challenge already. * * @param request Request we are processing - * @param response Response we are creating + * @param response Response we are populating * @param configLogin configuration describing how authentication * should be performed * * @exception IOException if an input/output error occurs */ -public boolean authenticate(Request request, Response response, +public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException; /** @@ -60,13 +62,13 @@ * SSO sessions. * * @param request The servlet request we are processing - * @param response The servlet response we are generating + * @param response The servlet response we are populating * @param principal The authenticated Principal to be registered * @param authType The authentication type to be registered * @param username Username used to authenticate (if any) * @param password Password used to authenticate (if any) */ -public void register(Request request, Response response, +public void register(Request request, HttpServletResponse response, Principal principal, String authType, String username, String password); } Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=881100&r1=881099&r2=881100&view=diff == --- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Tue Nov 17 02:19:49 2009 @@ -30,6 +30,7 @@ import javax.servlet.ServletException; import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; import org.apache.catalina.Authenticator; import org.apache.catalina.Container; @@ -101,6 +102,10 @@ */ protected static final int SESSION_ID_BYTES = 16; +/** + * Authentication header + */ +protected static final String AUTH_HEADER_NAME = "WWW-Authenticate"; /** * The message digest algorithm to be used when generating session @@ -564,14 +569,14 @@ * created a response challenge already. * * @param request Request we are processing - * @param response Response we are creating + * @param response Response we are populating * @param configLogin configuration describing how authentication * should be performed * * @exception IOException if an input/output error occurs */ public abstract boolean authenticate(Request request, -Response response, +HttpServletResponse response, LoginConfig config) throws IOException; @@ -708,7 +713,7 @@ * @param username Username used to authenticate (if any) * @param password Password used to authenticate (if any)
svn commit: r881109 - in /tomcat/trunk/java: javax/servlet/http/HttpServletRequest.java javax/servlet/http/HttpServletRequestWrapper.java org/apache/catalina/connector/Request.java org/apache/catalina
Author: markt
Date: Tue Nov 17 02:41:55 2009
New Revision: 881109
URL: http://svn.apache.org/viewvc?rev=881109&view=rev
Log:
Update throws declaration for Servlet 3 file upload
Do the easy part of the implementation
Modified:
tomcat/trunk/java/javax/servlet/http/HttpServletRequest.java
tomcat/trunk/java/javax/servlet/http/HttpServletRequestWrapper.java
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java
Modified: tomcat/trunk/java/javax/servlet/http/HttpServletRequest.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/HttpServletRequest.java?rev=881109&r1=881108&r2=881109&view=diff
==
--- tomcat/trunk/java/javax/servlet/http/HttpServletRequest.java (original)
+++ tomcat/trunk/java/javax/servlet/http/HttpServletRequest.java Tue Nov 17
02:41:55 2009
@@ -697,21 +697,27 @@
/**
- *
+ * Return a collection of all uploaded Parts.
* @return
+ * @throws IOException if an I/O error occurs
+ * @throws IllegalStateException if size limits are exceeded
+ * @throws ServletException if the request is not multipart/form-data
* @since Servlet 3.0
- * TODO SERVLET3 - Add comments
*/
-public Collection getParts() throws IOException, ServletException;
+public Collection getParts() throws IOException,
+IllegalStateException, ServletException;
/**
- *
+ * Gets the named Part or null if the Part does not exist. Triggers upload
+ * of all Parts.
* @param name
* @return
- * @throws IllegalArgumentException
+ * @throws IOException if an I/O error occurs
+ * @throws IllegalStateException if size limits are exceeded
+ * @throws ServletException if the request is not multipart/form-data
* @since Servlet 3.0
- * TODO SERVLET3 - Add comments
*/
-public Part getPart(String name);
+public Part getPart(String name) throws IOException, IllegalStateException,
+ServletException;
}
Modified: tomcat/trunk/java/javax/servlet/http/HttpServletRequestWrapper.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/HttpServletRequestWrapper.java?rev=881109&r1=881108&r2=881109&view=diff
==
--- tomcat/trunk/java/javax/servlet/http/HttpServletRequestWrapper.java
(original)
+++ tomcat/trunk/java/javax/servlet/http/HttpServletRequestWrapper.java Tue Nov
17 02:41:55 2009
@@ -294,15 +294,20 @@
* @since Servlet 3.0
* TODO SERVLET3 - Add comments
*/
-public Collection getParts() throws IOException, ServletException {
+public Collection getParts() throws IllegalStateException,
+IOException, ServletException {
return this._getHttpServletRequest().getParts();
}
/**
+ * @throws ServletException
+ * @throws IOException
+ * @throws IllegalStateException
* @since Servlet 3.0
* TODO SERVLET3 - Add comments
*/
-public Part getPart(String name) {
+public Part getPart(String name) throws IllegalStateException, IOException,
+ServletException {
return this._getHttpServletRequest().getPart(name);
}
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=881109&r1=881108&r2=881109&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Tue Nov 17
02:41:55 2009
@@ -2380,13 +2380,22 @@
null, null, null);
}
-public Collection getParts() {
+public Collection getParts() throws IOException,
IllegalStateException,
+ServletException {
// TODO SERVLET3 - file upload
return null;
}
-public Part getPart(String name) throws IllegalArgumentException {
-// TODO SERVLET3 - file upload
+public Part getPart(String name) throws IOException, IllegalStateException,
+ServletException {
+Collection parts = getParts();
+Iterator iterator = parts.iterator();
+while (iterator.hasNext()) {
+Part part = iterator.next();
+if (name.equals(part.getName())) {
+return part;
+}
+}
return null;
}
Modified: tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java?rev=881109&r1=881108&r2=881109&view=diff
==
--- tomc
svn commit: r881119 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Tue Nov 17 03:00:06 2009 New Revision: 881119 URL: http://svn.apache.org/viewvc?rev=881119&view=rev Log: remove warning, as I did testing updated patch, as lines in catalina.sh were changed in rev.881088 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=881119&r1=881118&r2=881119&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Nov 17 03:00:06 2009 @@ -166,8 +166,7 @@ - Moved the code that adds ";" or ":" to non-empty CLASSPATH. That is to avoid the gap between this preparationary step and the one that actually adds jars to the CLASSPATH. - Warning: I have not tried to run the patched catalina.sh yet. I hope it works. - http://people.apache.org/~kkolinko/patches/2009-11-12_log-config-per-instance.patch + http://people.apache.org/~kkolinko/patches/2009-11-16_log-config-per-instance.patch +1: kkolinko -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r881122 - /tomcat/tc6.0.x/trunk/webapps/ROOT/index.html
Author: kkolinko Date: Tue Nov 17 03:02:42 2009 New Revision: 881122 URL: http://svn.apache.org/viewvc?rev=881122&view=rev Log: Update Tomcat copyright year on the welcome page Modified: tomcat/tc6.0.x/trunk/webapps/ROOT/index.html Modified: tomcat/tc6.0.x/trunk/webapps/ROOT/index.html URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/ROOT/index.html?rev=881122&r1=881121&r2=881122&view=diff == --- tomcat/tc6.0.x/trunk/webapps/ROOT/index.html (original) +++ tomcat/tc6.0.x/trunk/webapps/ROOT/index.html Tue Nov 17 03:02:42 2009 @@ -201,7 +201,7 @@ - Copyright © 1999-2008 Apache Software Foundation + Copyright © 1999-2009 Apache Software Foundation All Rights Reserved - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r881128 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: kkolinko Date: Tue Nov 17 03:09:34 2009 New Revision: 881128 URL: http://svn.apache.org/viewvc?rev=881128&view=rev Log: propose backport Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=881128&r1=881127&r2=881128&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Tue Nov 17 03:09:34 2009 @@ -236,3 +236,9 @@ http://svn.apache.org/viewvc?rev=830999&view=rev +1: markt, kkolinko -1: + +* Implement https://issues.apache.org/bugzilla/show_bug.cgi?id=37847 + Make location and filename of catalina.out configurable in catalina.sh + http://svn.apache.org/viewvc?rev=881088&view=rev + +1: kkolinko + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 37847] Allow User To Optionally Specify Catalina Output File
https://issues.apache.org/bugzilla/show_bug.cgi?id=37847 --- Comment #2 from Konstantin Kolinko 2009-11-16 19:14:11 UTC --- Implemented in Tomcat 6 (r881088), proposed for 5.5. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Sharing the same $CATALINA_BASE
Hi, Anyone knows what might be the pitfalls of sharing the CATALINA_BASE among multiple TC instances? Presume you have a way to bind multiple instance's Connectors to the same ports what might be other problems? For example app management (stop/start) is not recognized across instances, although deployment is, thanks to the file system scanning. Adding some shared status resource would handle the first one thought. Logging looks good, although at least DEBUG would need to carry an instance pid. Anything else? Regards -- ^TM - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48207] New: hh
https://issues.apache.org/bugzilla/show_bug.cgi?id=48207 Summary: hh Product: Tomcat Native Version: unspecified Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: dev@tomcat.apache.org ReportedBy: ka...@is.naist.jp -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r881179 - in /tomcat/native/branches/1.1.x: STATUS.txt native/include/ssl_private.h native/src/sslcontext.c native/src/sslnetwork.c native/src/sslutils.c xdocs/miscellaneous/changelog.xml
Author: mturk
Date: Tue Nov 17 07:44:03 2009
New Revision: 881179
URL: http://svn.apache.org/viewvc?rev=881179&view=rev
Log:
Backport CVE-2009-3555 patch from trunk
Modified:
tomcat/native/branches/1.1.x/STATUS.txt
tomcat/native/branches/1.1.x/native/include/ssl_private.h
tomcat/native/branches/1.1.x/native/src/sslcontext.c
tomcat/native/branches/1.1.x/native/src/sslnetwork.c
tomcat/native/branches/1.1.x/native/src/sslutils.c
tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/branches/1.1.x/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/STATUS.txt?rev=881179&r1=881178&r2=881179&view=diff
==
--- tomcat/native/branches/1.1.x/STATUS.txt (original)
+++ tomcat/native/branches/1.1.x/STATUS.txt Tue Nov 17 07:44:03 2009
@@ -34,10 +34,3 @@
* Add detection of the macosx jvm.
Backport from trunk
http://svn.eu.apache.org/viewvc?view=rev&revision=803803
-
-* Fix CVE-2009-3555 by disabling renegotiation
- Backport from trunk
- https://svn.apache.org/viewvc?view=revision&revision=835322
- https://svn.apache.org/viewvc?view=revision&revision=835335
- +1: mturk, jfclere
- -1:
Modified: tomcat/native/branches/1.1.x/native/include/ssl_private.h
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/ssl_private.h?rev=881179&r1=881178&r2=881179&view=diff
==
--- tomcat/native/branches/1.1.x/native/include/ssl_private.h (original)
+++ tomcat/native/branches/1.1.x/native/include/ssl_private.h Tue Nov 17
07:44:03 2009
@@ -256,12 +256,29 @@
tcn_pass_cb_t *cb_data;
};
+
typedef struct {
apr_pool_t *pool;
tcn_ssl_ctxt_t *ctx;
SSL*ssl;
X509 *peer;
int shutdown_type;
+/* Track the handshake/renegotiation state for the connection so
+ * that all client-initiated renegotiations can be rejected, as a
+ * partial fix for CVE-2009-3555.
+ */
+enum {
+RENEG_INIT = 0, /* Before initial handshake */
+RENEG_REJECT, /* After initial handshake; any client-initiated
+ * renegotiation should be rejected
+ */
+RENEG_ALLOW,/* A server-initated renegotiation is taking
+ * place (as dictated by configuration)
+ */
+RENEG_ABORT /* Renegotiation initiated by client, abort the
+ * connection
+ */
+} reneg_state;
apr_socket_t *sock;
apr_pollset_t *pollset;
} tcn_ssl_conn_t;
@@ -287,6 +304,7 @@
DH *SSL_dh_get_param_from_file(const char *);
RSA*SSL_callback_tmp_RSA(SSL *, int, int);
DH *SSL_callback_tmp_DH(SSL *, int, int);
+voidSSL_callback_handshake(const SSL *, int, int);
voidSSL_vhost_algo_id(const unsigned char *, unsigned char *, int);
int SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
int SSL_callback_SSL_verify(int, X509_STORE_CTX *);
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=881179&r1=881178&r2=881179&view=diff
==
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Tue Nov 17 07:44:03
2009
@@ -162,6 +162,7 @@
/* Set default password callback */
SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb
*)SSL_password_callback);
SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void
*)(&tcn_password_callback));
+SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
/*
* Let us cleanup the ssl context when the pool is destroyed
*/
Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=881179&r1=881178&r2=881179&view=diff
==
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Tue Nov 17 07:44:03
2009
@@ -181,6 +181,10 @@
return APR_ENOPOLL;
if (!con->sock)
return APR_ENOTSOCK;
+if (con->reneg_state == RENEG_ABORT) {
+con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+return APR_ECONNABORTED;
+}
/* Check if the socket was already closed
*/
@@ -384,6 +388,11 @@
int s, i, wr = (int)(*len);
apr_status_t rv = APR_SUCCESS;
+if (con->reneg_state == RENEG_ABORT) {
+*len = 0;
+con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+return APR_ECONNABORTED;
+}
Re: svn commit: r880742 - /tomcat/native/branches/1.1.x/STATUS.txt
On 16/11/09 14:35, jean-frederic clere wrote: On 11/16/2009 02:28 PM, jfcl...@apache.org wrote: Well native is Commit-Then-Review. Mladen please commit. Done. Do you wish to tag the 1.1.18? If do, don't forget this time to define TCN_IS_DEV_VERSION in include/tcn_version.h to zero before tagging :) Regards -- ^TM - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
