[Bug 54069] New: Jasper no longer parses <%----------------------------%>
https://issues.apache.org/bugzilla/show_bug.cgi?id=54069 Priority: P2 Bug ID: 54069 Assignee: dev@tomcat.apache.org Summary: Jasper no longer parses <%%> Severity: normal Classification: Unclassified Reporter: j...@guno.nl Hardware: PC Status: NEW Version: 7.0.32 Component: Jasper Product: Tomcat 7 My company's JSPs use a lot of comment blocks like this: <%%> <%-- Blah blah blah --%> <%%> Starting with Tomcat 7.0.32, this causes JasperExceptions: org.apache.jasper.JasperException: Unterminated <%-- tag Up until 7.0.30, this worked fine. Perhaps this is introduced by bug 53713? This is easy to reproduce. Create a jsp file with the following contents: --- Start of page. <%%> <%-- Blah blah blah --%> <%%> End of page. --- Visit this jsp page with 7.0.32 and 7.0.30 and see the difference. I've been looking at the jsp specs to see if <%%> might be invalid; perhaps a space is mandatory following the two dashes. But I didn't see that mentioned explicitly anywhere. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1403635 - /tomcat/native/branches/1.1.x/native/src/network.c
Author: mturk
Date: Tue Oct 30 07:27:04 2012
New Revision: 1403635
URL: http://svn.apache.org/viewvc?rev=1403635&view=rev
Log:
Try to fix BZ54064. In case nothing was written, don't loop endlesly
Modified:
tomcat/native/branches/1.1.x/native/src/network.c
Modified: tomcat/native/branches/1.1.x/native/src/network.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/network.c?rev=1403635&r1=1403634&r2=1403635&view=diff
==
--- tomcat/native/branches/1.1.x/native/src/network.c (original)
+++ tomcat/native/branches/1.1.x/native/src/network.c Tue Oct 30 07:27:04 2012
@@ -600,7 +600,7 @@ TCN_IMPLEMENT_CALL(jint, Socket, sendbb)
while (sent < nbytes) {
apr_size_t wr = nbytes - sent;
ss = (*s->net->send)(s->opaque, s->jsbbuff + offset + sent, &wr);
-if (ss != APR_SUCCESS)
+if (ss != APR_SUCCESS || wr == 0)
break;
sent += wr;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54064] tomcat native randomly very slow with high CPU usage
https://issues.apache.org/bugzilla/show_bug.cgi?id=54064 --- Comment #3 from Mladen Turk --- OK. I have applied possible fix. Checkout the 1.1.x branch svn co https://svn.apache.org/repos/asf/tomcat/native/branches/1.1.x or apply a fix to tomcat-native-1.1.24 (might be easier to do since you won't need apr sources, just apr-devel package for Ubuntu) http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/network.c?r1=1403635&r2=1403634&pathrev=1403635&view=patch -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 53986] Comment end tag preceded directly by a dash causes JSP fail compilation
https://issues.apache.org/bugzilla/show_bug.cgi?id=53986 Rainer Jung changed: What|Removed |Added CC||j...@guno.nl --- Comment #11 from Rainer Jung --- *** Bug 54069 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54069] Jasper no longer parses <%----------------------------%>
https://issues.apache.org/bugzilla/show_bug.cgi?id=54069 Rainer Jung changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |DUPLICATE OS||All --- Comment #1 from Rainer Jung --- *** This bug has been marked as a duplicate of bug 53986 *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54068] Web fragment sorting incorrectly detects circular reference
https://issues.apache.org/bugzilla/show_bug.cgi?id=54068 Mark Thomas changed: What|Removed |Added Attachment #29522|0 |1 is patch|| Attachment #29522|application/octet-stream|text/plain mime type|| --- Comment #1 from Mark Thomas --- Comment on attachment 29522 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29522 Test case implementation Fix MIME type -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1403644 - in /tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT: ./ apidocs/ apidocs/class-use/ apidocs/org/apache/tomcat/maven/common/config/ apidocs/org/apache/tomcat/maven/common/config
Author: olamy Date: Tue Oct 30 09:43:19 2012 New Revision: 1403644 URL: http://svn.apache.org/viewvc?rev=1403644&view=rev Log: Apache Tomcat Maven Plugin site documentation for 2.1-SNAPSHOT [This commit notification would consist of 61 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1403649 [8/12] - in /tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT: apidocs/ apidocs/class-use/ apidocs/org/apache/tomcat/maven/common/config/ apidocs/org/apache/tomcat/maven/common/co
Modified: tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractRunWarMojo.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractRunWarMojo.html?rev=1403649&r1=1403648&r2=1403649&view=diff == --- tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractRunWarMojo.html (original) +++ tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractRunWarMojo.html Tue Oct 30 09:56:45 2012 @@ -2,7 +2,7 @@ - + Uses of Class org.apache.tomcat.maven.plugin.tomcat6.AbstractRunWarMojo (Apache Tomcat Maven Plugin :: Tomcat 6.x 2.1-SNAPSHOT API) Modified: tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractWarCatalinaMojo.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractWarCatalinaMojo.html?rev=1403649&r1=1403648&r2=1403649&view=diff == --- tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractWarCatalinaMojo.html (original) +++ tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/AbstractWarCatalinaMojo.html Tue Oct 30 09:56:45 2012 @@ -2,7 +2,7 @@ - + Uses of Class org.apache.tomcat.maven.plugin.tomcat6.AbstractWarCatalinaMojo (Apache Tomcat Maven Plugin :: Tomcat 6.x 2.1-SNAPSHOT API) Modified: tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployMojo.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployMojo.html?rev=1403649&r1=1403648&r2=1403649&view=diff == --- tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployMojo.html (original) +++ tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployMojo.html Tue Oct 30 09:56:45 2012 @@ -2,7 +2,7 @@ - + Uses of Class org.apache.tomcat.maven.plugin.tomcat6.DeployMojo (Apache Tomcat Maven Plugin :: Tomcat 6.x 2.1-SNAPSHOT API) Modified: tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployOnlyMojo.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployOnlyMojo.html?rev=1403649&r1=1403648&r2=1403649&view=diff == --- tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployOnlyMojo.html (original) +++ tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/DeployOnlyMojo.html Tue Oct 30 09:56:45 2012 @@ -2,7 +2,7 @@ - + Uses of Class org.apache.tomcat.maven.plugin.tomcat6.DeployOnlyMojo (Apache Tomcat Maven Plugin :: Tomcat 6.x 2.1-SNAPSHOT API) Modified: tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/ExplodedMojo.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/ExplodedMojo.html?rev=1403649&r1=1403648&r2=1403649&view=diff == --- tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/ExplodedMojo.html (original) +++ tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-use/ExplodedMojo.html Tue Oct 30 09:56:45 2012 @@ -2,7 +2,7 @@ - + Uses of Class org.apache.tomcat.maven.plugin.tomcat6.ExplodedMojo (Apache Tomcat Maven Plugin :: Tomcat 6.x 2.1-SNAPSHOT API) Modified: tomcat/site/trunk/docs/maven-plugin-2.1-SNAPSHOT/tomcat6-maven-plugin/apidocs/org/apache/tomcat/maven/plugin/tomcat6/class-
[Bug 54076] New: SPNEGO authenticator stateless-ness leads to a DoS with stateful clients
https://issues.apache.org/bugzilla/show_bug.cgi?id=54076
Priority: P2
Bug ID: 54076
Assignee: dev@tomcat.apache.org
Summary: SPNEGO authenticator stateless-ness leads to a DoS
with stateful clients
Severity: major
Classification: Unclassified
OS: All
Reporter: 1983-01...@gmx.net
Hardware: All
Status: NEW
Version: trunk
Component: Catalina
Product: Tomcat 7
At the moment, Tomcat is not able to store connection-level information to
support stateful authentication mechanisms. This has been confirmed on the
mailinglist: http://www.mail-archive.com/users@tomcat.apache.org/msg102169.html
Unfortunately, a client which observes that, like Apache HTTPComponents or
libserf (used in Apache Subversion) with authenticate only the first the
request and expect the server to cache that for the connection. Subsequent comm
will end in an endless loop. See here
http://serf.googlecode.com/issues/attachment?aid=770006001&name=tomcat-serf-spnego-response.png&token=GDWvY5f7eMDzDGwtg1tD5N_MUXY%3A1351604707042&inline=1
and here
http://serf.googlecode.com/issues/attachment?aid=770006002&name=serf-endless-loop.png&token=cHvvfubJuAHDuTMjG_OHOaps5hQ%3A1351604707042&inline=1
A simple hint can tell the client that the server does not support stateful
auth on a connection-level. Add here
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?view=markup#l272
before line 272 "response.addHeader("Connection", "close");" and the client
will open a new connection and reauth further requests.
Not doing so makes the Tomcat server vulnerable to DoS as you can see in the
second screenshot.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54076] SPNEGO authenticator's stateless-ness leads to a DoS with stateful clients
https://issues.apache.org/bugzilla/show_bug.cgi?id=54076 Michael Osipov <1983-01...@gmx.net> changed: What|Removed |Added Summary|SPNEGO authenticator|SPNEGO authenticator's |stateless-ness leads to a |stateless-ness leads to a |DoS with stateful clients |DoS with stateful clients -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-taglibs-standard (in module tomcat-taglibs) failed
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-taglibs-standard has an issue affecting its community
integration.
This issue affects 2 projects,
and has been outstanding for 153 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-taglibs-standard : Standard Taglib
- tomcat-taglibs-standard-install : JSP Taglibs
Full details are available at:
http://vmgump.apache.org/gump/public/tomcat-taglibs/tomcat-taglibs-standard/index.html
That said, some information snippets are provided here.
The following annotations (debug/informational/warning/error messages) were
provided:
-INFO- Optional dependency httpunit failed with reason build failed
-DEBUG- (Apache Gump generated) Apache Maven Settings in:
/srv/gump/public/workspace/tomcat-taglibs/standard/gump_mvn_settings.xml
-INFO- Failed with reason build failed
-DEBUG- Maven POM in:
/srv/gump/public/workspace/tomcat-taglibs/standard/pom.xml
-INFO- Failed to extract fallback artifacts from Gump Repository
The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-taglibs/tomcat-taglibs-standard/gump_work/build_tomcat-taglibs_tomcat-taglibs-standard.html
Work Name: build_tomcat-taglibs_tomcat-taglibs-standard (Type: Build)
Work ended in a state of : Failed
Elapsed: 22 secs
Command Line: /opt/maven2/bin/mvn --batch-mode -DskipTests=true --settings
/srv/gump/public/workspace/tomcat-taglibs/standard/gump_mvn_settings.xml
install
[Working Directory: /srv/gump/public/workspace/tomcat-taglibs/standard]
M2_HOME: /opt/maven2
-
[INFO] [compiler:compile {execution: default-compile}]
[INFO] Nothing to compile - all classes are up to date
[debug] execute contextualize
[INFO] [resources:testResources {execution: default-testResources}]
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory
/srv/gump/public/workspace/tomcat-taglibs/standard/spec/src/test/resources
[INFO] Copying 3 resources
[INFO] [compiler:testCompile {execution: default-testCompile}]
[INFO] No sources to compile
[INFO] [surefire:test {execution: default-test}]
[INFO] Tests are skipped.
[INFO] [bundle:bundle {execution: default-bundle}]
[INFO] [install:install {execution: default-install}]
[INFO] Installing
/srv/gump/public/workspace/tomcat-taglibs/standard/spec/target/taglibs-standard-spec-1.2-SNAPSHOT.jar
to
/srv/gump/public/workspace/mvnlocalrepo/shared/org/apache/taglibs/taglibs-standard-spec/1.2-SNAPSHOT/taglibs-standard-spec-1.2-SNAPSHOT.jar
[INFO] [bundle:install {execution: default-install}]
[INFO] Parsing
file:/srv/gump/public/workspace/mvnlocalrepo/shared/repository.xml
[INFO] Installing
org/apache/taglibs/taglibs-standard-spec/1.2-SNAPSHOT/taglibs-standard-spec-1.2-SNAPSHOT.jar
[INFO] Writing OBR metadata
[INFO]
[INFO] Building JSTL Implementation
[INFO]task-segment: [install]
[INFO]
[INFO] [remote-resources:process {execution: default}]
[INFO] snapshot org.apache.taglibs:taglibs-standard-spec:1.2-SNAPSHOT: checking
for updates from apache.snapshots
[debug] execute contextualize
[INFO] [resources:resources {execution: default-resources}]
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 14 resources
[INFO] Copying 3 resources
[INFO] [compiler:compile {execution: default-compile}]
[INFO] Compiling 96 source files to
/srv/gump/public/workspace/tomcat-taglibs/standard/impl/target/classes
[INFO] -
[ERROR] COMPILATION ERROR :
[INFO] -
[ERROR]
/srv/gump/public/workspace/tomcat-taglibs/standard/impl/src/main/java/org/apache/taglibs/standard/tag/common/sql/DataSourceWrapper.java:[38,7]
error: DataSourceWrapper is not abstract and does not override abstract method
getParentLogger() in CommonDataSource
[INFO] 1 error
[INFO] -
[INFO]
[ERROR] BUILD FAILURE
[INFO]
[INFO] Compilation failure
/srv/gump/public/workspace/tomcat-taglibs/standard/impl/src/main/java/org/apache/taglibs/standard/tag/common/sql/DataSourceWrapper.java:[38,7]
error: DataSourceWrapper is not abstract and does not override abstract method
getParentLogger() in CommonDataSource
[INFO]
[INFO] For more information, run Maven with the -e switch
[INFO] --
[Bug 54076] SPNEGO authenticator's stateless-ness leads to a DoS with stateful clients
https://issues.apache.org/bugzilla/show_bug.cgi?id=54076 --- Comment #1 from Mark Thomas --- Is that really a DoS (in that the server is unavailable to other clients) or do you mean that the client gets stuck in an infinite loop? For a DoS, the resources used by Tomcat need to be out of proportion to the number of requests. i.e. If a client just sending a request again and again uses roughly the same server resources as this case then it is not a DoS. The report does not (at this point) sound like a DoS. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54076] SPNEGO authenticator's stateless-ness leads to a DoS with stateful clients
https://issues.apache.org/bugzilla/show_bug.cgi?id=54076 --- Comment #2 from Michael Osipov <1983-01...@gmx.net> --- Well, I guess the latter applies but I have tried only one client at the same time. I was able to loop client and server within seconds for tens of thousands of requests (as you have seen in the screenshot). I guess if you scale to 100 parallel connections or more what would happen to a Tomcat instance? May this lead to a DoS? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54076] SPNEGO authenticator's stateless-ness may lead to a DoS with stateful clients
https://issues.apache.org/bugzilla/show_bug.cgi?id=54076 Michael Osipov <1983-01...@gmx.net> changed: What|Removed |Added Summary|SPNEGO authenticator's |SPNEGO authenticator's |stateless-ness leads to a |stateless-ness may lead to |DoS with stateful clients |a DoS with stateful clients -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
