DO NOT REPLY [Bug 49595] Tomcat crashes in tcnative-1.dll frequently
https://issues.apache.org/bugzilla/show_bug.cgi?id=49595 --- Comment #7 from Hiroshi Shirosaki 2011-08-12 07:11:32 UTC --- Created attachment 27380 --> https://issues.apache.org/bugzilla/attachment.cgi?id=27380 fix a issue of destroying a same socket more than one While my ajax web application was accessed by two browsers at the same time, tomcat sometimes crashed. When tomcat crashes at apr_pollset_remove(), fd->desc.s is NULL in do_remove() function of tomcat-native poll.c. It seems that a socket has been already destroyed. I checked which method calls destorySocket() of AprEndpoint. At line 1261 destroySocket(addS[i]), a same socket was destroyed within a second. I commented out line 1261, tomcat works fine. Before line 1261, Poll.add return value was APR_EBADF(= 9). -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 49595] Tomcat crashes in tcnative-1.dll frequently
https://issues.apache.org/bugzilla/show_bug.cgi?id=49595 --- Comment #8 from Hiroshi Shirosaki 2011-08-12 07:15:32 UTC --- Sorry. I mistake. Attachment 27380 is for Bug 51620. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1156993 - in /tomcat/tc5.5.x/trunk: STATUS.txt connectors/juli/src/java/org/apache/juli/FileHandler.java container/webapps/docs/changelog.xml
Author: markt
Date: Fri Aug 12 07:56:48 2011
New Revision: 1156993
URL: http://svn.apache.org/viewvc?rev=1156993&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51403
Avoid NPE in JULI FileHandler if formatter is misconfigured
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1156993&r1=1156992&r2=1156993&view=diff
==
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Aug 12 07:56:48 2011
@@ -77,12 +77,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt
-1:
-* https://issues.apache.org/bugzilla/show_bug.cgi?id=51403
- Avoid NPE in JULI FileHandler if formatter is misconfigured
- http://svn.apache.org/viewvc?rev=1137996&view=rev
- +1: kkolinko, markt, kfujino
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36362
Handle tag files with attribute names that are not valid Java identifiers
http://svn.apache.org/viewvc?rev=1138950&view=rev
Modified:
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java?rev=1156993&r1=1156992&r2=1156993&view=diff
==
---
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
Fri Aug 12 07:56:48 2011
@@ -258,7 +258,8 @@ public class FileHandler
try {
setFormatter((Formatter)
cl.loadClass(formatterName).newInstance());
} catch (Exception e) {
-// Ignore
+// Ignore and fallback to defaults
+setFormatter(new SimpleFormatter());
}
} else {
setFormatter(new SimpleFormatter());
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1156993&r1=1156992&r2=1156993&view=diff
==
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Fri Aug 12
07:56:48 2011
@@ -59,7 +59,12 @@
Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
runtime exception (e.g. OOME) occurs while creating a new user for a
MemoryUserDatabase via JMX. (markt)
-
+
+
+51403: Avoid NullPointerException in JULI FileHandler if
+formatter is misconfigured. (kkolinko)
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157000 - in /tomcat/tc5.5.x/trunk: ./ container/modules/cluster/src/share/org/apache/catalina/cluster/session/ container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ contain
Author: markt
Date: Fri Aug 12 08:13:09 2011
New Revision: 1157000
URL: http://svn.apache.org/viewvc?rev=1157000&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36362
Handle tag files with attribute names that are not valid Java identifiers
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/compiler/Generator.java
tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/compiler/JspUtil.java
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1157000&r1=1156999&r2=1157000&view=diff
==
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Aug 12 08:13:09 2011
@@ -77,15 +77,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36362
- Handle tag files with attribute names that are not valid Java identifiers
- http://svn.apache.org/viewvc?rev=1138950&view=rev
- http://svn.apache.org/viewvc?rev=1138953&view=rev
- http://svn.apache.org/viewvc?rev=1140693&view=rev
- http://svn.apache.org/viewvc?rev=1142043&view=rev
- +1: markt, kkolinko, kfujino
- -1:
-
* Multiple improvements to the Windows Installer
- https://issues.apache.org/bugzilla/show_bug.cgi?id=33262
Install monitor to auto-start for current user only rather than all users
to
Modified:
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java?rev=1157000&r1=1156999&r2=1157000&view=diff
==
---
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
(original)
+++
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
Fri Aug 12 08:13:09 2011
@@ -22,6 +22,8 @@ import java.io.InputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
+import java.lang.reflect.Modifier;
+import java.lang.reflect.Proxy;
/**
* Custom subclass of ObjectInputStream that loads from the
@@ -86,6 +88,43 @@ public final class ReplicationStream ext
}
}
+/**
+ * ObjectInputStream.resolveProxyClass has some funky way of using
+ * the incorrect class loader to resolve proxy classes, let's do it our
way instead
+ */
+protected Class resolveProxyClass(String[] interfaces)
+throws IOException, ClassNotFoundException {
+
+ClassLoader latestLoader = classLoader;
+ClassLoader nonPublicLoader = null;
+boolean hasNonPublicInterface = false;
+
+// define proxy in class loader of non-public interface(s), if any
+Class[] classObjs = new Class[interfaces.length];
+for (int i = 0; i < interfaces.length; i++) {
+Class cl = this.findWebappClass(interfaces[i]);
+if (latestLoader == null) latestLoader = cl.getClassLoader();
+if ((cl.getModifiers() & Modifier.PUBLIC) == 0) {
+if (hasNonPublicInterface) {
+if (nonPublicLoader != cl.getClassLoader()) {
+throw new IllegalAccessError(
+"conflicting non-public interface class loaders");
+}
+} else {
+nonPublicLoader = cl.getClassLoader();
+hasNonPublicInterface = true;
+}
+}
+classObjs[i] = cl;
+}
+try {
+return Proxy.getProxyClass(hasNonPublicInterface ? nonPublicLoader
+: latestLoader, classObjs);
+} catch (IllegalArgumentException e) {
+throw new ClassNotFoundException(null, e);
+}
+}
+
public Class findReplicationClass(String name)
throws ClassNotFoundException, IOException {
return Class.forName(name, false, getClass().getClassLoader());
Modified:
tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java?rev=1157000&r1=1156999&r2=1157000&view=diff
==
---
tom
DO NOT REPLY [Bug 36362] missing check for Java reserved keywords in tag file processing
https://issues.apache.org/bugzilla/show_bug.cgi?id=36362 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #9 from Mark Thomas 2011-08-12 08:13:26 UTC --- This has been fixed in 5.5.x and will be included in 5.5.34 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157004 - in /tomcat/tc5.5.x/trunk: STATUS.txt container/catalina/src/share/org/apache/catalina/security/SecurityConfig.java container/webapps/docs/changelog.xml
Author: markt
Date: Fri Aug 12 08:21:32 2011
New Revision: 1157004
URL: http://svn.apache.org/viewvc?rev=1157004&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51473
Fix concatenation of values in SecurityConfig.setSecurityProperty() when the
value provided by JRE is null.
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/security/SecurityConfig.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1157004&r1=1157003&r2=1157004&view=diff
==
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Aug 12 08:21:32 2011
@@ -102,13 +102,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51473
- Fix concatenation of values in SecurityConfig.setSecurityProperty()
- when the value provided by JRE is null.
- http://svn.apache.org/viewvc?rev=1142904&view=rev
- +1: kkolinko, markt, kfujino
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51324
Improve handling of exceptions when flushing the response buffer to
ensure that the doFlush flag does not get stuck in the enabled state.
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/security/SecurityConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/security/SecurityConfig.java?rev=1157004&r1=1157003&r2=1157004&view=diff
==
---
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/security/SecurityConfig.java
(original)
+++
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/security/SecurityConfig.java
Fri Aug 12 08:21:32 2011
@@ -38,6 +38,8 @@ public final class SecurityConfig{
+ ",org.apache.coyote."
+ ",org.apache.tomcat.";
+// FIX ME package "javax." was removed to prevent HotSpot
+// fatal internal errors
private final static String PACKAGE_DEFINITION= "java.,sun."
+ ",org.apache.catalina."
+ ",org.apache.coyote."
@@ -116,13 +118,14 @@ public final class SecurityConfig{
if (System.getSecurityManager() != null){
String definition = Security.getProperty(properties);
if( definition != null && definition.length() > 0 ){
-definition += ",";
+if (packageList.length() > 0) {
+definition = definition + ',' + packageList;
+}
+} else {
+definition = packageList;
}
-Security.setProperty(properties,
-// FIX ME package "javax." was removed to prevent HotSpot
-// fatal internal errors
-definition + packageList);
+Security.setProperty(properties, definition);
}
}
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1157004&r1=1157003&r2=1157004&view=diff
==
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Fri Aug 12
08:21:32 2011
@@ -64,6 +64,11 @@
51403: Avoid NullPointerException in JULI FileHandler if
formatter is misconfigured. (kkolinko)
+
+51473: Fix concatenation of values in
+SecurityConfig.setSecurityProperty() when the value provided by JRE is
+null. (kkolinko)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51473] SecurityConfig,set "package.definition" security property to "nullsun.,java.,..."
https://issues.apache.org/bugzilla/show_bug.cgi?id=51473 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #4 from Mark Thomas 2011-08-12 08:22:17 UTC --- This has been fixed in 5.5.x and will be included in 5.5.34 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157008 - in /tomcat/tc5.5.x/trunk: STATUS.txt container/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java container/webapps/docs/changelog.xml
Author: markt
Date: Fri Aug 12 08:29:13 2011
New Revision: 1157008
URL: http://svn.apache.org/viewvc?rev=1157008&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51324
Improve handling of exceptions when flushing the response buffer to ensure that
the doFlush flag does not get stuck in the enabled state.
Patch by Jeremy Norris.
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1157008&r1=1157007&r2=1157008&view=diff
==
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Aug 12 08:29:13 2011
@@ -102,14 +102,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51324
- Improve handling of exceptions when flushing the response buffer to
- ensure that the doFlush flag does not get stuck in the enabled state.
- Patch by Jeremy Norris.
- http://svn.apache.org/viewvc?rev=1133014&view=rev
- +1: kkolinko, markt, kfujino
- -1:
-
* Fix various sendfile issues. CVE-2011-2526
This is a port of r1145380, r1145694 and r1146005
http://people.apache.org/~markt/patches/2011-07-13-cve-2011-2526-tc5.patch
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java?rev=1157008&r1=1157007&r2=1157008&view=diff
==
---
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java
(original)
+++
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/connector/OutputBuffer.java
Fri Aug 12 08:29:13 2011
@@ -237,6 +237,7 @@ public class OutputBuffer extends Writer
cb.recycle();
bb.recycle();
closed = false;
+doFlush = false;
suspended = false;
if (conv!= null) {
@@ -315,19 +316,22 @@ public class OutputBuffer extends Writer
return;
doFlush = true;
-if (initial) {
-// If the buffers are empty, commit the response header
-coyoteResponse.sendHeaders();
-initial = false;
-}
-if (state == CHAR_STATE) {
-cb.flushBuffer();
-bb.flushBuffer();
-state = BYTE_STATE;
-} else if (state == BYTE_STATE) {
-bb.flushBuffer();
+try {
+if (initial) {
+// If the buffers are empty, commit the response header
+coyoteResponse.sendHeaders();
+initial = false;
+}
+if (state == CHAR_STATE) {
+cb.flushBuffer();
+bb.flushBuffer();
+state = BYTE_STATE;
+} else if (state == BYTE_STATE) {
+bb.flushBuffer();
+}
+} finally {
+doFlush = false;
}
-doFlush = false;
if (realFlush) {
coyoteResponse.action(ActionCode.ACTION_CLIENT_FLUSH,
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1157008&r1=1157007&r2=1157008&view=diff
==
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Fri Aug 12
08:29:13 2011
@@ -61,6 +61,11 @@
MemoryUserDatabase via JMX. (markt)
+51324: Improve handling of exceptions when flushing the
+response buffer to ensure that the doFlush flag does not get stuck in
+the enabled state. Patch provided by Jeremy Norris. (kkolinko)
+
+
51403: Avoid NullPointerException in JULI FileHandler if
formatter is misconfigured. (kkolinko)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157015 - /tomcat/trunk/webapps/docs/config/listeners.xml
Author: markt Date: Fri Aug 12 09:00:24 2011 New Revision: 1157015 URL: http://svn.apache.org/viewvc?rev=1157015&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51649 Document ThreadLocalLeakPreventionListener Modified: tomcat/trunk/webapps/docs/config/listeners.xml Modified: tomcat/trunk/webapps/docs/config/listeners.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/listeners.xml?rev=1157015&r1=1157014&r2=1157015&view=diff == --- tomcat/trunk/webapps/docs/config/listeners.xml (original) +++ tomcat/trunk/webapps/docs/config/listeners.xml Fri Aug 12 09:00:24 2011 @@ -292,6 +292,22 @@ + + +The ThreadLocal Leak Prevention Listener triggers the +renewal of threads in Executor pools when a +Contextis being stopped to avoid thread-local +related memory leaks. Active threads will be renewed one by one when they +come back to the pool after executing their task. + +This listener must only be nested within Server +elements. + +No additional attributes are supported by the ThreadLocal Leak +Prevention Listener. + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157017 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/config/listeners.xml
Author: markt Date: Fri Aug 12 09:03:22 2011 New Revision: 1157017 URL: http://svn.apache.org/viewvc?rev=1157017&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51649 Document ThreadLocalLeakPreventionListener Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Fri Aug 12 09:03:22 2011 @@ -1 +1 @@ -/tomcat/trunk:1156171,1156276,1156304,1156530,1156602 +/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015 Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1157017&r1=1157016&r2=1157017&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Aug 12 09:03:22 2011 @@ -89,6 +89,14 @@ + + + +51649: Update the documentation web application to include +the ThreadLocal leak prevention listener. (markt) + + + Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml?rev=1157017&r1=1157016&r2=1157017&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml Fri Aug 12 09:03:22 2011 @@ -292,6 +292,22 @@ + + +The ThreadLocal Leak Prevention Listener triggers the +renewal of threads in Executor pools when a +Contextis being stopped to avoid thread-local +related memory leaks. Active threads will be renewed one by one when they +come back to the pool after executing their task. + +This listener must only be nested within Server +elements. + +No additional attributes are supported by the ThreadLocal Leak +Prevention Listener. + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51649] Web documentation about listeners should mention ThreadLocalLeakPreventionListener
https://issues.apache.org/bugzilla/show_bug.cgi?id=51649 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #1 from Mark Thomas 2011-08-12 09:03:43 UTC --- Fixed in trunk and 7.0.x and will be included in 7.0.21 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157018 - /tomcat/trunk/java/org/apache/catalina/util/RequestUtil.java
Author: markt
Date: Fri Aug 12 09:09:32 2011
New Revision: 1157018
URL: http://svn.apache.org/viewvc?rev=1157018&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51650
Code clean-up
Modified:
tomcat/trunk/java/org/apache/catalina/util/RequestUtil.java
Modified: tomcat/trunk/java/org/apache/catalina/util/RequestUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/RequestUtil.java?rev=1157018&r1=1157017&r2=1157018&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/util/RequestUtil.java (original)
+++ tomcat/trunk/java/org/apache/catalina/util/RequestUtil.java Fri Aug 12
09:09:32 2011
@@ -174,8 +174,8 @@ public final class RequestUtil {
*
* @param map Map that accumulates the resulting parameters
* @param data Input string containing request parameters
- * @param encoding The encoding to use; if null, the default encoding is
- * used. If an unsupported encoding is specified the parameters will not be
+ * @param encoding The encoding to use; encoding must not be null.
+ * If an unsupported encoding is specified the parameters will not be
* parsed and the map will not be modified
*/
public static void parseParameters(Map map, String data,
@@ -184,15 +184,10 @@ public final class RequestUtil {
if ((data != null) && (data.length() > 0)) {
// use the specified encoding to extract bytes out of the
-// given string so that the encoding is not lost. If an
-// encoding is not specified, let it use platform default
+// given string so that the encoding is not lost.
byte[] bytes = null;
try {
-if (encoding == null) {
-bytes = data.getBytes(Charset.defaultCharset());
-} else {
-bytes = data.getBytes(B2CConverter.getCharset(encoding));
-}
+bytes = data.getBytes(B2CConverter.getCharset(encoding));
parseParameters(map, bytes, encoding);
} catch (UnsupportedEncodingException uee) {
if (log.isDebugEnabled()) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157019 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/util/RequestUtil.java webapps/docs/changelog.xml
Author: markt
Date: Fri Aug 12 09:11:35 2011
New Revision: 1157019
URL: http://svn.apache.org/viewvc?rev=1157019&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51650
Code clean-up
Patch provided by Felix Schumacher
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Aug 12 09:11:35 2011
@@ -1 +1 @@
-/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015
+/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java?rev=1157019&r1=1157018&r2=1157019&view=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java Fri Aug
12 09:11:35 2011
@@ -174,8 +174,8 @@ public final class RequestUtil {
*
* @param map Map that accumulates the resulting parameters
* @param data Input string containing request parameters
- * @param encoding The encoding to use; if null, the default encoding is
- * used. If an unsupported encoding is specified the parameters will not be
+ * @param encoding The encoding to use; encoding must not be null.
+ * If an unsupported encoding is specified the parameters will not be
* parsed and the map will not be modified
*/
public static void parseParameters(Map map, String data,
@@ -184,15 +184,10 @@ public final class RequestUtil {
if ((data != null) && (data.length() > 0)) {
// use the specified encoding to extract bytes out of the
-// given string so that the encoding is not lost. If an
-// encoding is not specified, let it use platform default
+// given string so that the encoding is not lost.
byte[] bytes = null;
try {
-if (encoding == null) {
-bytes = data.getBytes(Charset.defaultCharset());
-} else {
-bytes = data.getBytes(B2CConverter.getCharset(encoding));
-}
+bytes = data.getBytes(B2CConverter.getCharset(encoding));
parseParameters(map, bytes, encoding);
} catch (UnsupportedEncodingException uee) {
if (log.isDebugEnabled()) {
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1157019&r1=1157018&r2=1157019&view=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Aug 12 09:11:35 2011
@@ -71,6 +71,10 @@
Unregisters MBean of DataSource when web application stops. (kfujino)
+
+51650: Code clean-up. Patch provided by Felix Schumacher.
+(markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51650] possible nullpointer exception in RequestUtil.parseParameters
https://issues.apache.org/bugzilla/show_bug.cgi?id=51650 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #3 from Mark Thomas 2011-08-12 09:11:57 UTC --- Thanks for the patch. It has been applied to trunk and 7.0.x and will be included in 7.0.21 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51652] Saxon JAR in the application's WEB-INF/lib will cause javax.xml.parsers.ParserConfigurationException: AElfred parser is namespace-aware
https://issues.apache.org/bugzilla/show_bug.cgi?id=51652 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE OS/Version||All --- Comment #1 from Mark Thomas 2011-08-12 09:14:55 UTC --- *** This bug has been marked as a duplicate of bug 51395 *** -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51395] First application that loads SAXParserFactory causes Class loader memory leak
https://issues.apache.org/bugzilla/show_bug.cgi?id=51395 Mark Thomas changed: What|Removed |Added CC||v...@aviarc.com.au --- Comment #4 from Mark Thomas 2011-08-12 09:14:55 UTC --- *** Bug 51652 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 7.0.20 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.20 Apache Tomcat 7.0.20 includes bug fixes and the following new features and fixes compared to version 7.0.19: - JSP files with dependencies in JARs are no longer recompiled on every access thereby improving performance. - Update to version 1.1.22 of the native component of the AJP and HTTP APR/native connectors. - Update to Commons Daemon 1.0.7. - Converted unit tests to JUnit 4. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Note that this version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures. Downloads: http://tomcat.apache.org/download-70.cgi Migration guide from Apache Tomcat 5.5.x and 6.0.x: http://tomcat.apache.org/migration.html Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1157000 - in /tomcat/tc5.5.x/trunk: ./ container/modules/cluster/src/share/org/apache/catalina/cluster/session/ container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ con
Hi Mark, On 12.08.2011 10:13, ma...@apache.org wrote: > Author: markt > Date: Fri Aug 12 08:13:09 2011 > New Revision: 1157000 > > URL: http://svn.apache.org/viewvc?rev=1157000&view=rev > Log: > Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36362 > Handle tag files with attribute names that are not valid Java identifiers > > Modified: > tomcat/tc5.5.x/trunk/STATUS.txt > > tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java > > tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java > tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml > > tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/compiler/Generator.java > > tomcat/tc5.5.x/trunk/jasper/src/share/org/apache/jasper/compiler/JspUtil.java > Modified: > tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java > URL: > http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java?rev=1157000&r1=1156999&r2=1157000&view=diff > == > --- > tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java > (original) > +++ > tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java > Fri Aug 12 08:13:09 2011 > Modified: > tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java > URL: > http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java?rev=1157000&r1=1156999&r2=1157000&view=diff > == > --- > tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java > (original) > +++ > tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java > Fri Aug 12 08:13:09 2011 It looks like you unintentionally also committed the fix for the following STATUS item in addition to the fix for BZ36362: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51647 Session replication fails with ClassNotFoundException when session attribute is Java dynamic proxy https://issues.apache.org/bugzilla/attachment.cgi?id=27375 +1: markt, kfujino Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51654] New: NullPointerException in startup (org.apache.catalina.startup.HostConfig.filterAppPaths) due to missing app base
https://issues.apache.org/bugzilla/show_bug.cgi?id=51654
Bug #: 51654
Summary: NullPointerException in startup
(org.apache.catalina.startup.HostConfig.filterAppPaths
) due to missing app base
Product: Tomcat 7
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: d.tonho...@m-plify.com
Classification: Unclassified
A hard-to-diagnose NullPointerException at startup which can be bettered with
an appropriate error message:
INFO: Starting Servlet Engine: Apache Tomcat/7.0.19
java.lang.NullPointerException
at org.apache.catalina.startup.HostConfig.filterAppPaths(HostConfig.java:493)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:466)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1322)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:89)
Ok, what's this about?
In "protected String[] filterAppPaths(String[] unfilteredAppPaths)"
the exception is raised at
for (String appPath : unfilteredAppPaths)
Which means the "unfilteredAppPaths" passed in is null. filterAppPaths does not
check for that (shouldn't there be an assertion at least)
The problems comes from "deployApps()":
protected void deployApps() {
File appBase = appBase();
File configBase = configBase();
String[] filteredAppPaths = filterAppPaths(appBase.list()); <
// Deploy XML descriptors from configBase
deployDescriptors(configBase, configBase.list());
// Deploy WARs, and loop if additional descriptors are found
deployWARs(appBase, filteredAppPaths);
// Deploy expanded folders
deployDirectories(appBase, filteredAppPaths);
}
Where "appBase.list()" returns null. This must be because "appBase" does not
actually denote a directory (A-HA!)
Indeed, the server.xml points to a nonexisting appBase.
Suggesting to add a check to "deployApps":
protected void deployApps() {
File appBase = appBase();
File configBase = configBase();
if (!appBase.exists() || appBase.list()==null) {
throw new IllegalArgumentException("The appBase " + appBase + "
does not exist or cannot be listed");
}
String[] filteredAppPaths = filterAppPaths(appBase.list()); <
// Deploy XML descriptors from configBase
deployDescriptors(configBase, configBase.list());
// Deploy WARs, and loop if additional descriptors are found
deployWARs(appBase, filteredAppPaths);
// Deploy expanded folders
deployDirectories(appBase, filteredAppPaths);
}
This probably violates some I18N requirement though.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51655] New: Index page does not say what native does
https://issues.apache.org/bugzilla/show_bug.cgi?id=51655 Bug #: 51655 Summary: Index page does not say what native does Product: Tomcat Native Version: unspecified Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: dev@tomcat.apache.org ReportedBy: s...@apache.org Classification: Unclassified The TC Native index page does not give any details of what it does or why/when it should be used. It would be helpful to add an overview of its purpose and functionality. Also, there are no obvious links to the developer community or sources of help. The title also reads oddly: "The Apache Tomcat Native" sounds like a person of Amerindian origin. It would be better as: "The Apache Tomcat Native Library" or "Apache Tomcat Native Library" -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51655] Index page does not say what native does
https://issues.apache.org/bugzilla/show_bug.cgi?id=51655 --- Comment #1 from Sebb 2011-08-12 11:12:15 UTC --- By the index page, I mean: http://tomcat.apache.org/native-doc/ which is what comes up first when searching for Tomcat Native. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1157000 - in /tomcat/tc5.5.x/trunk: ./ container/modules/cluster/src/share/org/apache/catalina/cluster/session/ container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ con
On 12/08/2011 11:29, Rainer Jung wrote: > Hi Mark, > > On 12.08.2011 10:13, ma...@apache.org wrote: >> Author: markt >> Date: Fri Aug 12 08:13:09 2011 >> New Revision: 1157000 > It looks like you unintentionally also committed the fix for the > following STATUS item in addition to the fix for BZ36362: > > * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51647 >Session replication fails with ClassNotFoundException when session > attribute Yep. I'll revert that shortly. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat) Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.19 Tomcat 6.0.30 to 6.0.32 Tomcat 5.5.32 to 5.5.33 Description: Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only applies if: a) Tomcat is running on a Linux operating system b) jsvc was compiled with libcap c) -user parameter is used The Tomcat versions above shipped with source files for jsvc that included this vulnerability. Mitigation: Affected users of all versions can mitigate these vulnerabilities by taking any of the following actions: a) upgrade to jsvc 1.0.7 or later b) do not use -user parameter to switch user c) recompile the jsvc without libcap support Updated jsvc source is included in Apache Tomcat 7.0.20 and will be included in the next releases of Tomcat 6.0.x and 5.5.x. Updated source can be obtained from the Apache Commons Daemon project. Credit: This issue was identified by Wilfried Weissmann. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157086 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html docs/security-7.html xdocs/security-5.xml xdocs/security-6.xml xdocs/security-7.xml
Author: markt Date: Fri Aug 12 13:09:21 2011 New Revision: 1157086 URL: http://svn.apache.org/viewvc?rev=1157086&view=rev Log: Update site for CVE-2011-2729 Modified: tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/xdocs/security-5.xml tomcat/site/trunk/xdocs/security-6.xml tomcat/site/trunk/xdocs/security-7.xml Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1157086&r1=1157085&r2=1157086&view=diff == --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Fri Aug 12 13:09:21 2011 @@ -390,6 +390,33 @@ Affects: 5.5.0-5.5.33 + +Important: Information disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729"; rel="nofollow">CVE-2011-2729 + + +Due to a bug in the capabilities code, jsvc (the service wrapper for + Linux that is part of the Commons Daemon project) does not drop + capabilities allowing the application to access files and directories + owned by superuser. This vulnerability only occurs when all of the + following are true: + + Tomcat is running on a Linux operating system + jsvc was compiled with libcap + -user parameter is used + + Affected Tomcat versions shipped with source files for jsvc that included + this vulnerability. + + +There is a http://people.apache.org/~markt/patches/2011-08-12-cve-2011-22729-tc5.patch";> + proposed patch for this issue. + +This was identified by Wilfried Weissmann on 20 July 2011 and made public + on 12 August 2011. + +Affects: 5.5.32-5.5.33 + Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1157086&r1=1157085&r2=1157086&view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Fri Aug 12 13:09:21 2011 @@ -387,6 +387,34 @@ Affects: 6.0.0-6.0.32 + +Important: Information disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729"; rel="nofollow">CVE-2011-2729 + + +Due to a bug in the capabilities code, jsvc (the service wrapper for + Linux that is part of the Commons Daemon project) does not drop + capabilities allowing the application to access files and directories + owned by superuser. This vulnerability only occurs when all of the + following are true: + + Tomcat is running on a Linux operating system + jsvc was compiled with libcap + -user parameter is used + + Affected Tomcat versions shipped with source files for jsvc that included + this vulnerability. + + +This was fixed in revision + http://svn.apache.org/viewvc?rev=1153824&view=rev";> + 1153824. + +This was identified by Wilfried Weissmann on 20 July 2011 and made public + on 12 August 2011. + +Affects: 6.0.30-6.0.32 + Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1157086&r1=1157085&r2=1157086&view=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Fri Aug 12 13:09:21 2011 @@ -215,6 +215,9 @@ Apache Tomcat 7.x vulnerabilities +Fixed in Apache Tomcat 7.0.20 + + Fixed in Apache Tomcat 7.0.19 @@ -296,6 +299,62 @@ + + + + +Fixed in Apache Tomcat 7.0.20 + + + + + + + + + + +Important: Information disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729"; rel="nofollow">CVE-2011-2729 + + +Due to a bug in the capabilities code, jsvc (the service wrapper for + Linux that is part of the Commons Daemon project) does not drop + capabilities allowing the application to access files and directories + owned by superuser. This vulnerability only occurs when all of the + following are true: + + Tomcat is running on a Linux operating system + jsvc was compiled with libcap + -user parameter is used + + Affected Tomcat versions shipped with source files for jsvc that included + this vulnerability. + + +This was fixed in revision + http://svn.apache.org/viewvc?rev=1153379&view=rev";> + 1153379. + +This was identified by Wilfried Weissmann on 20 July 2011 and made public + on 12 August 2011. + +Affects: 7.0.0-7.0.19 + + + + + + + + + + + + + + + Modified: tomcat/site/trunk/xdocs/security-5.xml URL: http://svn.apache.org/viewvc/tomcat/site
[SECURITY] CVE-2011-2481: Apache Tomcat information disclosure vulnerability
CVE-2011-2481: Apache Tomcat information disclosure vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.16 Previous versions are not affected. Description: The re-factoring of XML validation for Tomcat 7.0.x re-introduced the vulnerability previously reported as CVE-2009-0783. This was initially reported as a memory leak (https://issues.apache.org/bugzilla/show_bug.cgi?id=51395). If a web application is the first web application loaded, this bug allows that web application to potentially view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance. Mitigation: 7.0.x users should upgrade to 7.0.17 or later Example: See https://issues.apache.org/bugzilla/show_bug.cgi?id=29936#c12 for an example web application that can be used to replace the XML parser used by Tomcat. Credit: The security implications of bug 51395 were identified by the Tomcat security team. References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-7.html The Apache Tomcat Security Team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157093 - in /tomcat/site/trunk: docs/security-7.html xdocs/security-7.xml
Author: markt Date: Fri Aug 12 13:19:44 2011 New Revision: 1157093 URL: http://svn.apache.org/viewvc?rev=1157093&view=rev Log: Update site for CVE-2011-2481 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/xdocs/security-7.xml Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1157093&r1=1157092&r2=1157093&view=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Fri Aug 12 13:19:44 2011 @@ -415,11 +415,11 @@ Affects: 7.0.0-7.0.18 -Note: The issue below was fixed in Apache Tomcat 7.0.17 but the +Note: The issues below were fixed in Apache Tomcat 7.0.17 but the release votes for the 7.0.17 and 7.0.18 release candidates did not pass. Therefore, although users must download 7.0.19 to obtain a version that - includes a fix for this issue, versions 7.0.17 and 7.0.18 is not included - in the list of affected versions. + includes a fix for these issues, versions 7.0.17 and 7.0.18 are not + included in the list of affected versions. @@ -445,6 +445,31 @@ Affects: 7.0.0-7.0.16 + +Low: Information disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481"; rel="nofollow">CVE-2011-2481 + + +The re-factoring of XML validation for Tomcat 7.0.x re-introduced the + vulnerability previously reported as + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"; rel="nofollow">CVE-2009-0783. This was initially + https://issues.apache.org/bugzilla/show_bug.cgi?id=51395";> + reported as a memory leak. If a web application is the first web + application loaded, this bugs allows that web application to potentially + view and/or alter the web.xml, context.xml and tld files of other web + applications deployed on the Tomcat instance. + +This was fixed in + http://svn.apache.org/viewvc?rev=1137753&view=rev";> + revision 1137753 and + http://svn.apache.org/viewvc?rev=1138788&view=rev";> + revision 1138788 and . + +This was identified by the Tomcat security team on 20 June 2011 and + made public on 12 August 2011. + +Affects: 7.0.0-7.0.16 + Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1157093&r1=1157092&r2=1157093&view=diff == --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Fri Aug 12 13:19:44 2011 @@ -102,11 +102,11 @@ Affects: 7.0.0-7.0.18 -Note: The issue below was fixed in Apache Tomcat 7.0.17 but the +Note: The issues below were fixed in Apache Tomcat 7.0.17 but the release votes for the 7.0.17 and 7.0.18 release candidates did not pass. Therefore, although users must download 7.0.19 to obtain a version that - includes a fix for this issue, versions 7.0.17 and 7.0.18 is not included - in the list of affected versions. + includes a fix for these issues, versions 7.0.17 and 7.0.18 are not + included in the list of affected versions. Low: Information disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204"; @@ -130,6 +130,31 @@ Affects: 7.0.0-7.0.16 +Low: Information disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481"; + rel="nofollow">CVE-2011-2481 + +The re-factoring of XML validation for Tomcat 7.0.x re-introduced the + vulnerability previously reported as + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"; + rel="nofollow">CVE-2009-0783. This was initially + https://issues.apache.org/bugzilla/show_bug.cgi?id=51395";> + reported as a memory leak. If a web application is the first web + application loaded, this bugs allows that web application to potentially + view and/or alter the web.xml, context.xml and tld files of other web + applications deployed on the Tomcat instance. + +This was fixed in + http://svn.apache.org/viewvc?rev=1137753&view=rev";> + revision 1137753 and + http://svn.apache.org/viewvc?rev=1138788&view=rev";> + revision 1138788 and . + +This was identified by the Tomcat security team on 20 June 2011 and + made public on 12 August 2011. + +Affects: 7.0.0-7.0.16 + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r1153379 - svn:log
Author: markt Revision: 1153379 Modified property: svn:log Modified: svn:log at Fri Aug 12 13:21:55 2011 -- --- svn:log (original) +++ svn:log Fri Aug 12 13:21:55 2011 @@ -1 +1,2 @@ Update to daemon 1.0.7 +This fixes CVE-2011-2729 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r1137753 - svn:log
Author: markt Revision: 1137753 Modified property: svn:log Modified: svn:log at Fri Aug 12 13:22:58 2011 -- --- svn:log (original) +++ svn:log Fri Aug 12 13:22:58 2011 @@ -1,2 +1,3 @@ Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51395 Fix memory leak triggered when an application that includes a SAXParserFactory is the first web application to be loaded. +Fix part 1 of 2 for CVE-2011-2481 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r1138788 - svn:log
Author: markt Revision: 1138788 Modified property: svn:log Modified: svn:log at Fri Aug 12 13:23:23 2011 -- --- svn:log (original) +++ svn:log Fri Aug 12 13:23:23 2011 @@ -1,2 +1,3 @@ Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51395 Better fix for memory leak that aligns ContextConfig with TldConfig +Fix part 2 of 2 for CVE-2011-2481 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat 6.0.33 ?
Jean-frederic Clere-3 wrote: > > On 07/27/2011 07:07 PM, Mark Thomas wrote: >> On 27/07/2011 17:31, Henri Gomez wrote: >>> Hi guys, >>> >>> We're stuck with Tomcat 6.0.32 with this bug >>> (https://issues.apache.org/bugzilla/show_bug.cgi?id=50189). >>> Did there is any date for 6.0.33 release ? >> >> Any committer can roll a release. Last time I checked, you were a >> committer. > > Well I can do a release... Next week. > Any update on this? Thanks, Petr -- View this message in context: http://old.nabble.com/Tomcat-6.0.33---tp32149462p32250168.html Sent from the Tomcat - Dev mailing list archive at Nabble.com. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r1153824 - svn:log
Author: markt Revision: 1153824 Modified property: svn:log Modified: svn:log at Fri Aug 12 13:24:23 2011 -- --- svn:log (original) +++ svn:log Fri Aug 12 13:24:23 2011 @@ -1,2 +1,3 @@ * Update to Apache Commons Daemon 1.0.7 * Use two alternative download locations for components downloaded from apache.org. +This is the fix for CVE-2011-2729 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157107 - in /tomcat/tc5.5.x/trunk/container/modules: cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java groupcom/src/share/org/apache/catalina/tribes/io/Replica
Author: markt
Date: Fri Aug 12 13:47:10 2011
New Revision: 1157107
URL: http://svn.apache.org/viewvc?rev=1157107&view=rev
Log:
Undo accidental changes included in 1157000
Modified:
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java
Modified:
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java?rev=1157107&r1=1157106&r2=1157107&view=diff
==
---
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
(original)
+++
tomcat/tc5.5.x/trunk/container/modules/cluster/src/share/org/apache/catalina/cluster/session/ReplicationStream.java
Fri Aug 12 13:47:10 2011
@@ -22,8 +22,6 @@ import java.io.InputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
-import java.lang.reflect.Modifier;
-import java.lang.reflect.Proxy;
/**
* Custom subclass of ObjectInputStream that loads from the
@@ -88,43 +86,6 @@ public final class ReplicationStream ext
}
}
-/**
- * ObjectInputStream.resolveProxyClass has some funky way of using
- * the incorrect class loader to resolve proxy classes, let's do it our
way instead
- */
-protected Class resolveProxyClass(String[] interfaces)
-throws IOException, ClassNotFoundException {
-
-ClassLoader latestLoader = classLoader;
-ClassLoader nonPublicLoader = null;
-boolean hasNonPublicInterface = false;
-
-// define proxy in class loader of non-public interface(s), if any
-Class[] classObjs = new Class[interfaces.length];
-for (int i = 0; i < interfaces.length; i++) {
-Class cl = this.findWebappClass(interfaces[i]);
-if (latestLoader == null) latestLoader = cl.getClassLoader();
-if ((cl.getModifiers() & Modifier.PUBLIC) == 0) {
-if (hasNonPublicInterface) {
-if (nonPublicLoader != cl.getClassLoader()) {
-throw new IllegalAccessError(
-"conflicting non-public interface class loaders");
-}
-} else {
-nonPublicLoader = cl.getClassLoader();
-hasNonPublicInterface = true;
-}
-}
-classObjs[i] = cl;
-}
-try {
-return Proxy.getProxyClass(hasNonPublicInterface ? nonPublicLoader
-: latestLoader, classObjs);
-} catch (IllegalArgumentException e) {
-throw new ClassNotFoundException(null, e);
-}
-}
-
public Class findReplicationClass(String name)
throws ClassNotFoundException, IOException {
return Class.forName(name, false, getClass().getClassLoader());
Modified:
tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java?rev=1157107&r1=1157106&r2=1157107&view=diff
==
---
tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java
(original)
+++
tomcat/tc5.5.x/trunk/container/modules/groupcom/src/share/org/apache/catalina/tribes/io/ReplicationStream.java
Fri Aug 12 13:47:10 2011
@@ -22,8 +22,6 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
-import java.lang.reflect.Modifier;
-import java.lang.reflect.Proxy;
/**
* Custom subclass of ObjectInputStream that loads from the
@@ -73,68 +71,23 @@ public final class ReplicationStream ext
public Class resolveClass(ObjectStreamClass classDesc)
throws ClassNotFoundException, IOException {
String name = classDesc.getName();
+boolean tryRepFirst = name.startsWith("org.apache.catalina.tribes");
try {
-return resolveClass(name);
+try
+{
+if ( tryRepFirst ) return findReplicationClass(name);
+else return findExternalClass(name);
+}
+catch ( Exception x )
+{
+if ( tryRepFirst ) return findExternalClass(name);
+else return findReplicationClass(name);
+}
} catch (ClassNotFoundException e) {
return super.resolveClass(classDesc);
DO NOT REPLY [Bug 51582] NPE in SlowQueryReport
https://issues.apache.org/bugzilla/show_bug.cgi?id=51582 --- Comment #1 from Patric Rufflar 2011-08-12 14:10:40 UTC --- Another one: java.lang.NullPointerException at org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport.reportFailedQuery(SlowQueryReport.java:86) at org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx.reportFailedQuery(SlowQueryReportJmx.java:147) at org.apache.tomcat.jdbc.pool.interceptor.AbstractQueryReport$StatementProxy.invoke(AbstractQueryReport.java:236) at $Proxy7.executeQuery(Unknown Source) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51582] NPE in SlowQueryReport
https://issues.apache.org/bugzilla/show_bug.cgi?id=51582 --- Comment #2 from Patric Rufflar 2011-08-12 14:15:43 UTC --- Both exceptions seems to be caused due to race conditions (one thread is executing a statement, while another one is canceling it and possibly closing the ProxyConnection) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51656] New: NullPointerException in host-manager application (in javax.servlet.GenericServlet.getServletContext during logging)
https://issues.apache.org/bugzilla/show_bug.cgi?id=51656 Bug #: 51656 Summary: NullPointerException in host-manager application (in javax.servlet.GenericServlet.getServletContext during logging) Product: Tomcat 7 Version: 7.0.19 Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: d.tonho...@m-plify.com Classification: Unclassified Starting the host application of Tomcat 7.0.19 gives an NPE (Dammit this description window is too narrow...) java.lang.NullPointerException at javax.servlet.GenericServlet.getServletContext(GenericServlet.java:125) at javax.servlet.GenericServlet.log(GenericServlet.java:190) at org.apache.catalina.manager.host. HTMLHostManagerServlet.list(HTMLHostManagerServlet.java:234) at org.apache.catalina.manager.host. HTMLHostManagerServlet.doGet(HTMLHostManagerServlet.java:106) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core. ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core. ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.filters. CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:187) at org.apache.catalina.core. ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core. ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core. StandardWrapperValve.invoke(StandardWrapperValve.java:224) at org.apache.catalina.core. StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator. AuthenticatorBase.invoke(AuthenticatorBase.java:572) at org.apache.catalina.core. StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves. ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.core. StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.valves. AccessLogValve.invoke(AccessLogValve.java:851) at org.apache.catalina.connector. CoyoteAdapter.service(CoyoteAdapter.java:405) at org.apache.coyote.http11. Http11Processor.process(Http11Processor.java:278) at org.apache.coyote. AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) at org.apache.tomcat.util.net. JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent. ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent. ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat 6.0.33 ?
On 08/12/2011 03:23 PM, Petr Sumbera wrote: Jean-frederic Clere-3 wrote: On 07/27/2011 07:07 PM, Mark Thomas wrote: On 27/07/2011 17:31, Henri Gomez wrote: Hi guys, We're stuck with Tomcat 6.0.32 with this bug (https://issues.apache.org/bugzilla/show_bug.cgi?id=50189). Did there is any date for 6.0.33 release ? Any committer can roll a release. Last time I checked, you were a committer. Well I can do a release... Next week. Any update on this? I will do that on Monday... Sorry too busy before. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157151 - in /tomcat/trunk/java/org/apache/coyote/http11: AbstractInputBuffer.java InternalInputBuffer.java
Author: markt
Date: Fri Aug 12 15:17:50 2011
New Revision: 1157151
URL: http://svn.apache.org/viewvc?rev=1157151&view=rev
Log:
Push down inputStream as it is only used by BIO
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java?rev=1157151&r1=1157150&r2=1157151&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java Fri Aug
12 15:17:50 2011
@@ -17,7 +17,6 @@
package org.apache.coyote.http11;
import java.io.IOException;
-import java.io.InputStream;
import org.apache.coyote.InputBuffer;
import org.apache.coyote.Request;
@@ -137,12 +136,6 @@ public abstract class AbstractInputBuffe
/**
- * Underlying input stream.
- */
-protected InputStream inputStream;
-
-
-/**
* Underlying input buffer.
*/
protected InputBuffer inputStreamInputBuffer;
@@ -171,28 +164,6 @@ public abstract class AbstractInputBuffe
/**
- * Set the underlying socket input stream.
- */
-public void setInputStream(InputStream inputStream) {
-
-// FIXME: Check for null ?
-
-this.inputStream = inputStream;
-
-}
-
-
-/**
- * Get the underlying socket input stream.
- */
-public InputStream getInputStream() {
-
-return inputStream;
-
-}
-
-
-/**
* Add an input filter to the filter library.
*/
public void addFilter(InputFilter filter) {
@@ -271,7 +242,6 @@ public abstract class AbstractInputBuffe
// Recycle Request object
request.recycle();
-inputStream = null;
lastValid = 0;
pos = 0;
lastActiveFilter = -1;
Modified: tomcat/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java?rev=1157151&r1=1157150&r2=1157151&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java Fri Aug
12 15:17:50 2011
@@ -18,6 +18,7 @@ package org.apache.coyote.http11;
import java.io.EOFException;
import java.io.IOException;
+import java.io.InputStream;
import java.nio.charset.Charset;
import org.apache.coyote.InputBuffer;
@@ -39,6 +40,12 @@ public class InternalInputBuffer extends
/**
+ * Underlying input stream.
+ */
+protected InputStream inputStream;
+
+
+/**
* Default constructor.
*/
public InternalInputBuffer(Request request, int headerBufferSize) {
@@ -59,6 +66,29 @@ public class InternalInputBuffer extends
}
+
+/**
+ * Set the underlying socket input stream.
+ */
+public void setInputStream(InputStream inputStream) {
+
+// FIXME: Check for null ?
+
+this.inputStream = inputStream;
+
+}
+
+
+/**
+ * Get the underlying socket input stream.
+ */
+public InputStream getInputStream() {
+
+return inputStream;
+
+}
+
+
/**
* Read the request line. This function is meant to be used during the
* HTTP request header parsing. Do NOT attempt to read the request body
@@ -428,6 +458,13 @@ public class InternalInputBuffer extends
}
+@Override
+public void recycle() {
+super.recycle();
+inputStream = null;
+}
+
+
// -- Protected Methods
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1157151 - in /tomcat/trunk/java/org/apache/coyote/http11: AbstractInputBuffer.java InternalInputBuffer.java
Mark,
On 8/12/2011 11:17 AM, ma...@apache.org wrote:
> +@Override
> +public void recycle() {
> +super.recycle();
> +inputStream = null;
> +}
If inputStream != null, should it be close()d? Or is this a shared
reference for which that kind of thing isn't appropriate? Or do we just
let the GC take care of that?
-chris
signature.asc
Description: OpenPGP digital signature
svn commit: r1157161 - /tomcat/trunk/modules/jdbc-pool/sign.sh
Author: fhanik Date: Fri Aug 12 15:40:01 2011 New Revision: 1157161 URL: http://svn.apache.org/viewvc?rev=1157161&view=rev Log: remove file not needed anymore Removed: tomcat/trunk/modules/jdbc-pool/sign.sh - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: DO NOT REPLY [Bug 51656] New: NullPointerException in host-manager application (in javax.servlet.GenericServlet.getServletContext during logging)
On 12 August 2011 15:34, wrote: > https://issues.apache.org/bugzilla/show_bug.cgi?id=51656 > > (Dammit this description window is too narrow...) Just drag the bottom rh corner (indicated by small dots) ... - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157198 - in /tomcat/trunk/java/org/apache/coyote/http11: AbstractInputBuffer.java Http11AprProcessor.java Http11NioProcessor.java Http11Processor.java InternalAprInputBuffer.java Interna
Author: markt
Date: Fri Aug 12 17:59:22 2011
New Revision: 1157198
URL: http://svn.apache.org/viewvc?rev=1157198&view=rev
Log:
Align InputBuffer initialisation across the connectors
Remove unused code
Reduce visibility of properties and methods
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/java/org/apache/coyote/http11/InternalAprInputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/InternalInputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java?rev=1157198&r1=1157197&r2=1157198&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractInputBuffer.java Fri Aug
12 17:59:22 2011
@@ -22,9 +22,11 @@ import org.apache.coyote.InputBuffer;
import org.apache.coyote.Request;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.http.MimeHeaders;
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SocketWrapper;
import org.apache.tomcat.util.res.StringManager;
-public abstract class AbstractInputBuffer implements InputBuffer{
+public abstract class AbstractInputBuffer implements InputBuffer{
protected static final boolean[] HTTP_TOKEN_CHAR = new boolean[128];
@@ -223,12 +225,16 @@ public abstract class AbstractInputBuffe
}
-public abstract boolean parseRequestLine(boolean useAvailableDataOnly)
throws IOException;
+public abstract boolean parseRequestLine(boolean useAvailableDataOnly)
+throws IOException;
public abstract boolean parseHeaders() throws IOException;
protected abstract boolean fill(boolean block) throws IOException;
+protected abstract void init(SocketWrapper socketWrapper,
+AbstractEndpoint endpoint) throws IOException;
+
// - Public Methods
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1157198&r1=1157197&r2=1157198&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Fri Aug
12 17:59:22 2011
@@ -174,8 +174,8 @@ public class Http11AprProcessor extends
// Setting up the socket
this.socket = socketWrapper;
+inputBuffer.init(socketWrapper, endpoint);
long socketRef = socketWrapper.getSocket().longValue();
-inputBuffer.setSocket(socketRef);
outputBuffer.setSocket(socketRef);
// Error flag
@@ -619,7 +619,7 @@ public class Http11AprProcessor extends
}
@Override
-protected AbstractInputBuffer getInputBuffer() {
+protected AbstractInputBuffer getInputBuffer() {
return inputBuffer;
}
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=1157198&r1=1157197&r2=1157198&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Fri Aug
12 17:59:22 2011
@@ -205,9 +205,8 @@ public class Http11NioProcessor extends
// Setting up the socket
this.socket = socketWrapper;
-inputBuffer.setSocket(this.socket.getSocket());
+inputBuffer.init(socketWrapper, endpoint);
outputBuffer.setSocket(this.socket.getSocket());
-inputBuffer.setSelectorPool(((NioEndpoint)endpoint).getSelectorPool());
outputBuffer.setSelectorPool(((NioEndpoint)endpoint).getSelectorPool());
// Error flag
@@ -647,7 +646,7 @@ public class Http11NioProcessor extends
}
@Override
-protected AbstractInputBuffer getInputBuffer() {
+protected AbstractInputBuffer getInputBuffer() {
return inputBuffer;
}
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1157198&r1=1157197&r2=1157198&view=diff
===
DO NOT REPLY [Bug 51056] Disable / drop support for SSLv2
https://issues.apache.org/bugzilla/show_bug.cgi?id=51056 --- Comment #7 from drazzib 2011-08-12 18:00:50 UTC --- I've updated my patch : - for 1.1.22 release - to use OPENSSL_NO_SSL2 define instead of dropping code -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 51056] Disable / drop support for SSLv2
https://issues.apache.org/bugzilla/show_bug.cgi?id=51056 drazzib changed: What|Removed |Added Attachment #26883|0 |1 is obsolete|| --- Comment #8 from drazzib 2011-08-12 18:01:40 UTC --- Created attachment 27383 --> https://issues.apache.org/bugzilla/attachment.cgi?id=27383 Drop SSLv2 support -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1157204 - in /tomcat/trunk: java/org/apache/coyote/http11/ test/org/apache/coyote/http11/
Author: markt
Date: Fri Aug 12 18:24:21 2011
New Revision: 1157204
URL: http://svn.apache.org/viewvc?rev=1157204&view=rev
Log:
Align OutputBuffer initialisation across the connectors
Reduce visibility of properties and methods
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractOutputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/java/org/apache/coyote/http11/InternalAprOutputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/InternalNioOutputBuffer.java
tomcat/trunk/java/org/apache/coyote/http11/InternalOutputBuffer.java
tomcat/trunk/test/org/apache/coyote/http11/TestGzipOutputFilter.java
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractOutputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractOutputBuffer.java?rev=1157204&r1=1157203&r2=1157204&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractOutputBuffer.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractOutputBuffer.java Fri
Aug 12 18:24:21 2011
@@ -28,9 +28,11 @@ import org.apache.tomcat.util.buf.ByteCh
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.HttpMessages;
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SocketWrapper;
import org.apache.tomcat.util.res.StringManager;
-public abstract class AbstractOutputBuffer implements OutputBuffer{
+public abstract class AbstractOutputBuffer implements OutputBuffer{
// - Instance Variables
@@ -316,7 +318,11 @@ public abstract class AbstractOutputBuff
activeFilters[lastActiveFilter].end();
finished = true;
}
+
+public abstract void init(SocketWrapper socketWrapper,
+AbstractEndpoint endpoint) throws IOException;
+
public abstract void sendAck() throws IOException;
protected abstract void commit() throws IOException;
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1157204&r1=1157203&r2=1157204&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Fri Aug
12 18:24:21 2011
@@ -175,8 +175,7 @@ public class Http11AprProcessor extends
// Setting up the socket
this.socket = socketWrapper;
inputBuffer.init(socketWrapper, endpoint);
-long socketRef = socketWrapper.getSocket().longValue();
-outputBuffer.setSocket(socketRef);
+outputBuffer.init(socketWrapper, endpoint);
// Error flag
error = false;
@@ -190,6 +189,8 @@ public class Http11AprProcessor extends
boolean openSocket = false;
boolean sendfileInProgress = false;
+long socketRef = socketWrapper.getSocket().longValue();
+
while (!error && keepAlive && !comet && !isAsync() &&
!endpoint.isPaused()) {
// Parsing the request header
@@ -624,7 +625,7 @@ public class Http11AprProcessor extends
}
@Override
-protected AbstractOutputBuffer getOutputBuffer() {
+protected AbstractOutputBuffer getOutputBuffer() {
return outputBuffer;
}
}
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?rev=1157204&r1=1157203&r2=1157204&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java Fri Aug
12 18:24:21 2011
@@ -206,8 +206,7 @@ public class Http11NioProcessor extends
// Setting up the socket
this.socket = socketWrapper;
inputBuffer.init(socketWrapper, endpoint);
-outputBuffer.setSocket(this.socket.getSocket());
-
outputBuffer.setSelectorPool(((NioEndpoint)endpoint).getSelectorPool());
+outputBuffer.init(socketWrapper, endpoint);
// Error flag
error = false;
@@ -651,7 +650,7 @@ public class Http11NioProcessor extends
}
@Override
-protected AbstractOutputBuffer getOutputBuffer() {
+protected AbstractOutputBuffer getOutputBuffer() {
return outputBuffer;
}
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.o
DO NOT REPLY [Bug 51580] Severe error deploying WAR application (ExpandWar error)
https://issues.apache.org/bugzilla/show_bug.cgi?id=51580 Christopher Schultz changed: What|Removed |Added Severity|enhancement |major --- Comment #7 from Christopher Schultz 2011-08-12 19:02:50 UTC --- Cleon, can you attach a minimal WAR file that reproduces this issue? Also, if there are any environmental settings necessary, such as expandWars="false", please let me know. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
