Author: mturk
Date: Thu Nov 12 06:01:01 2009
New Revision: 835246
URL: http://svn.apache.org/viewvc?rev=835246&view=rev
Log:
Cast some votes
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?
Author: mturk
Date: Thu Nov 12 05:57:20 2009
New Revision: 835244
URL: http://svn.apache.org/viewvc?rev=835244&view=rev
Log:
Cast some votes
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?
https://issues.apache.org/bugzilla/show_bug.cgi?id=48169
--- Comment #2 from Troy Bowman 2009-11-11 16:24:45 UTC ---
The linux distro is Gentoo. Best distro for people who like to drive
stick-shift. ;)
Thanks to your explanation, I changed the following and the delay indeed
completely disappear
On Wed, 2009-11-11 at 16:45 -0500, Mark Thomas wrote:
> I really do loath cookies right now. I've pulled the proposed patches for
> 5.5.x
> and 6.0.x until I (or someone else) can take a look at this.
I do too. v0 cookies is 15 years old stuff that Netscape hacked out of
thin air without thinking
On 11/11/2009 02:45 PM, Mark Thomas wrote:
Remy Maucherat wrote:
Hi,
I think cookies are still broken, and this is getting more and more
complex. The apparent issue is that the parser applies v1 parsing rules
when parsing v0 cookies (which are generated using a much more lenient
character e
Author: markt
Date: Wed Nov 11 21:55:00 2009
New Revision: 835086
URL: http://svn.apache.org/viewvc?rev=835086&view=rev
Log:
Pull patches while we sort out issues
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6
Author: markt
Date: Wed Nov 11 21:54:23 2009
New Revision: 835084
URL: http://svn.apache.org/viewvc?rev=835084&view=rev
Log:
Pull patches while we sort out issues
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5
Remy Maucherat wrote:
> Hi,
>
> I think cookies are still broken, and this is getting more and more
> complex. The apparent issue is that the parser applies v1 parsing rules
> when parsing v0 cookies (which are generated using a much more lenient
> character exclusion), resulting in cookies that c
Author: fhanik
Date: Wed Nov 11 19:54:40 2009
New Revision: 835037
URL: http://svn.apache.org/viewvc?rev=835037&view=rev
Log:
proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=83
Author: fhanik
Date: Wed Nov 11 19:51:50 2009
New Revision: 835036
URL: http://svn.apache.org/viewvc?rev=835036&view=rev
Log:
Make the location of stdout and stderr output configurable. Leave the default
as it always has been.
Currently, one can reconfigure the location of all logfiles except thi
Author: costin
Date: Wed Nov 11 19:13:24 2009
New Revision: 835017
URL: http://svn.apache.org/viewvc?rev=835017&view=rev
Log:
Add similar SSL tests for NIO connector.
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TestTomcatSSL.java
Modified: tomcat/trunk/test/org/apache/catalina/s
https://issues.apache.org/bugzilla/show_bug.cgi?id=48179
Summary: After startup seeing
java.io.FileNotFoundException:/tldcache.ser
(No such file or directory)
Product: Tomcat 5
Version: 5.5.23
Platform: PC
O
Great foresight, Filip !
public int handshake(boolean read, boolean write) throws IOException {
if ( initHandshakeComplete ) return 0; //we have done our initial
handshake
...
}
+ no handling of the SSLEngineResult -> just perfect security !
I have an update to the uni
On 11/11/2009 11:13 AM, Costin Manolache wrote:
Sorry for my confusion - didn't realize NIO has its own ssl AND is not the
default in the embedded tomcat.
We should make it in trunk - and maybe get rid of the old connector, APR +
the old connector is still the most stable one. So we should l
https://issues.apache.org/bugzilla/show_bug.cgi?id=48178
Summary: org.apache.tomcat.lite.Locale2Charset.defaultMap is
not threadsafe
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Hi,
I think cookies are still broken, and this is getting more and more
complex. The apparent issue is that the parser applies v1 parsing rules
when parsing v0 cookies (which are generated using a much more lenient
character exclusion), resulting in cookies that cannot be parsed back.
A simple ex
Sorry for my confusion - didn't realize NIO has its own ssl AND is not the
default in the embedded tomcat.
We should make it in trunk - and maybe get rid of the old connector, APR +
NIO is enough ( plus the new one I'm
planning for lite :-)
I changed the tests - the good news is that indeed NIO r
https://issues.apache.org/bugzilla/show_bug.cgi?id=48177
Summary: org.apache.naming.java.javaURLContextFactory.getInitia
lContext not thread-safe
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
https://issues.apache.org/bugzilla/show_bug.cgi?id=48170
--- Comment #3 from Earl Nolan 2009-11-11 09:27:26 UTC ---
The simplest approach is to change the static member variable declaration:
private static volatile JspFactory deflt = null;
and then remove the synchronized keyword on the getter/
On Wed, Nov 11, 2009 at 1:36 AM, Konstantin Kolinko
wrote:
> 2009/11/10 :
> > Author: markt
> > Date: Tue Nov 10 16:57:29 2009
> > New Revision: 834544
> >
> > URL: http://svn.apache.org/viewvc?rev=834544&view=rev
> > Log:
> > Proposal for cve-2009-3555 work-around
> >
> > Modified:
> >tomcat
On 11/11/2009 12:11 AM, Costin Manolache wrote:
openssl s_client ...
Type "R" ( to renegotiate ).
Unfortunately renegotiation is handled transparently and did work quite
well...
bummer, I will see what needs to be done today.
Costin
On Tue, Nov 10, 2009 at 10:53 PM, Filip Hanik - Dev List
https://issues.apache.org/bugzilla/show_bug.cgi?id=48175
Sebb changed:
What|Removed |Added
Attachment #24516|application/octet-stream|text/plain
mime type|
https://issues.apache.org/bugzilla/show_bug.cgi?id=48175
--- Comment #1 from Sebb 2009-11-11 08:03:09 UTC ---
Created an attachment (id=24518)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=24518)
Some more logger fields
--
Configure bugmail: https://issues.apache.org/bugzilla/userp
https://issues.apache.org/bugzilla/show_bug.cgi?id=48176
Summary: Fields that should be final
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
C
On Wed, Nov 11, 2009 at 12:09 AM, Luciana Moreira Sa de Souza Signed
by - PrivaSphere AG wrote:
> Hello,
>
> I am currently working on my company's platform to get around this security
> problem during re-negotiation. After discussing with my group about the
> progress being made towards a fix fo
https://issues.apache.org/bugzilla/show_bug.cgi?id=48175
Summary: Loggers should be final
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Compo
https://issues.apache.org/bugzilla/show_bug.cgi?id=48174
Summary: org.apache.tomcat.jni.Address.APR_ANYADDR should be
final
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
https://issues.apache.org/bugzilla/show_bug.cgi?id=48173
Summary: org.apache.catalina.tribes.io.ChannelData.EMPTY_DATA_A
RRAY should be final
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Stat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48172
--- Comment #3 from Sebb 2009-11-11 06:22:34 UTC ---
Created an attachment (id=24515)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=24515)
Make fields final
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.c
https://issues.apache.org/bugzilla/show_bug.cgi?id=48172
--- Comment #2 from Sebb 2009-11-11 03:52:08 UTC ---
The lastCheck field is also not synch.
This is not problem, so long as:
* the instance of JspRuntimeContext is created before the background thread is
started
* checkCompile() is only e
https://issues.apache.org/bugzilla/show_bug.cgi?id=48172
--- Comment #1 from Sebb 2009-11-11 03:38:03 UTC ---
Created an attachment (id=24514)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=24514)
Convert jspReloadCount to AtomicInteger
--
Configure bugmail: https://issues.apache.or
https://issues.apache.org/bugzilla/show_bug.cgi?id=48172
Summary: JspRuntimeContext synch. problems.
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
https://issues.apache.org/bugzilla/show_bug.cgi?id=48170
--- Comment #2 from Sebb 2009-11-11 03:13:35 UTC ---
(In reply to comment #1)
> (In reply to comment #0)
> > I have a soak test at constant load that is initially stable. Within the
> > hour,
> > an ever increasing number of blocked threa
https://issues.apache.org/bugzilla/show_bug.cgi?id=48170
--- Comment #1 from Sebb 2009-11-11 03:09:43 UTC ---
(In reply to comment #0)
> I have a soak test at constant load that is initially stable. Within the
> hour,
> an ever increasing number of blocked threads develops. The vast majority o
2009/11/10 :
> Author: markt
> Date: Tue Nov 10 16:57:29 2009
> New Revision: 834544
>
> URL: http://svn.apache.org/viewvc?rev=834544&view=rev
> Log:
> Proposal for cve-2009-3555 work-around
>
> Modified:
> tomcat/tc6.0.x/trunk/STATUS.txt
>
> +
> +* Disable TLS renegotiation be default with an
Author: markt
Date: Wed Nov 11 09:34:28 2009
New Revision: 834818
URL: http://svn.apache.org/viewvc?rev=834818&view=rev
Log:
Votes
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=834818
https://issues.apache.org/bugzilla/show_bug.cgi?id=48097
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
Author: markt
Date: Wed Nov 11 09:17:43 2009
New Revision: 834814
URL: http://svn.apache.org/viewvc?rev=834814&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48097
Avoid throwing an AccessControlException which can lead to a
NoClassDefFoundError on first access of first jsp.
On 11/11/09 09:09, Luciana Moreira Sa de Souza Signed by - PrivaSphere AG wrote:
Hello,
I am currently working on my company's platform to get around this
security problem during re-negotiation. After discussing with my group
about the progress being made towards a fix for tomcat, some questions
Hello,
I am currently working on my company's platform to get around this
security problem during re-negotiation. After discussing with my group
about the progress being made towards a fix for tomcat, some questions
were raised and I was hoping you could help me answer them.
We use Tomcat 5.
Author: kkolinko
Date: Wed Nov 11 08:05:02 2009
New Revision: 834796
URL: http://svn.apache.org/viewvc?rev=834796&view=rev
Log:
vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=8347
41 matches
Mail list logo
