performing a security analsysis on the Tomcat software
Dear tomcat developers, BSI, the german Federal Office for Information Security -- Bundesamt fur Sicherheit in der Informationstechnik http://www.bsi.de, e-mail: [EMAIL PROTECTED] endorses the use of Open Source software and has contracted T-Systems to perform a security check on Tomcat. The Federal Office for Information Security (BSI) is the central IT security service provider for the German government. By our basic research within the area of IT security we take responsibility for the security of our society, and are thus indispensable to the internal security of Germany. Our services and products are aimed at the users and manufacturers of information technology products. Those are primarily the public administration at federal, state and municipal level, in addition companies and private users. As Germanys National Security Agency, it is our goal to promote IT security in Germany so that everyone can make the most of the opportunities opened up by the information society. As part of its activities, BSI has contracted the security engineering group at T-Systems International to perform security-related testing of the open source Tomcat software. These activities comprise the following: + installation documentation checks, + a source code review of mod_jk and selected parts of Tomcat, + penetration testing. BSI is going to make the results of the analysis publicly available on internet, so people will be able to download the study from their site. Please contact [EMAIL PROTECTED] for any questions related to the analysis, or feel free to mail me at [EMAIL PROTECTED] The analysis has already started. I think I owe you people an apology for already having posted two bugreports (#37322 and #37332) prior to this announcement of our activity to the mailing list. We sincerely hope that our analysis will contribute to make Tomcat even more robust and easy to deploy. So far, we are very pleased with what we see, which gives us a good impression of the software. Our goal is to publish to the bugtracker individual and separable items which can be classified as bugs. We'll alert [EMAIL PROTECTED] for any serious security vulnerabilities we find (which is what Bugzilla recommends). And finally, I plan to send a general summary of findings to this mailing list when we'll have finished. These will be the kind of findings and remarks that do not fit into individual methods and modules but rather concern the software as a whole. Regards, Jorg Hohle. Solution Service Center Testfactory Security T-Systems International GmbH Postal address: Deutsche-Telekom-Allee 7, 64295 Darmstadt Tel. ++49 6151 937-6913 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 36318] - CRC error in compressed sample.war file
OK. I thought it was generated during the build. I'll just replace the one in SVN as is has got corrupted at some point. The MD5 were just us trying to ensure we were looking at the same file. Mark Yoav Shapira wrote: Hi, I don't think sample.war is generated during the build: it's a static file that lives at http://svn.apache.org/viewcvs.cgi/tomcat/container/tc5.5.x/webapps/docs/appdev/sample/. Are you saying the md5 checksum for one of the distro binaries itself is wrong? I've been generating them the same way for a couple of years now, right on minotaur with the default md5 command, the same one that virtually every other Apache project uses to sign its binaries... Yoav On 12/1/05, Mark Thomas [EMAIL PROTECTED] wrote: Yoav, Can you check your build please? It appears something isn't quite right with the sample.war you generate. Thanks, Mark [EMAIL PROTECTED] wrote: DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36318. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=36318 [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2005-12-01 22:22 --- OK, fixed again. It will take a couple of hours to sync to the main web site. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Yoav Shapira System Design and Management Fellow MIT Sloan School of Management Cambridge, MA, USA [EMAIL PROTECTED] / www.yoavshapira.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r351756 - /tomcat/jasper/tc5.5.x/jasper2/src/share/org/apache/jasper/JspC.java
Author: yoavs Date: Fri Dec 2 07:50:10 2005 New Revision: 351756 URL: http://svn.apache.org/viewcvs?rev=351756view=rev Log: Bugzilla 37746: http://issues.apache.org/bugzilla/show_bug.cgi?id=37746 And other minor enhancements, like using List interface for pages Vector (while retaining Vector impl for thread safety) Modified: tomcat/jasper/tc5.5.x/jasper2/src/share/org/apache/jasper/JspC.java Modified: tomcat/jasper/tc5.5.x/jasper2/src/share/org/apache/jasper/JspC.java URL: http://svn.apache.org/viewcvs/tomcat/jasper/tc5.5.x/jasper2/src/share/org/apache/jasper/JspC.java?rev=351756r1=351755r2=351756view=diff == --- tomcat/jasper/tc5.5.x/jasper2/src/share/org/apache/jasper/JspC.java (original) +++ tomcat/jasper/tc5.5.x/jasper2/src/share/org/apache/jasper/JspC.java Fri Dec 2 07:50:10 2005 @@ -31,7 +31,7 @@ import java.net.URL; import java.net.URLClassLoader; import java.util.ArrayList; -import java.util.Enumeration; +import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.HashMap; @@ -180,7 +180,15 @@ */ private List extensions; -private Vector pages = new Vector(); +/** + * The pages. + */ +private List pages = new Vector(); + +/** + * Needs better documentation, this data member does. + * True by default. + */ private boolean errorOnUseBeanInvalidClassAttribute = true; /** @@ -198,9 +206,15 @@ private CharArrayWriter servletout; private CharArrayWriter mappingout; +/** + * The servlet context. + */ private JspCServletContext context; -// Maintain a dummy JspRuntimeContext for compiling tag files +/** + * The runtime context. + * Maintain a dummy JspRuntimeContext for compiling tag files. + */ private JspRuntimeContext rctxt; /** @@ -339,8 +353,10 @@ // Add all extra arguments to the list of files while( true ) { String file = nextFile(); -if( file==null ) break; -pages.addElement( file ); +if( file==null ) { +break; +} +pages.add( file ); } } @@ -673,26 +689,43 @@ } } -/* - * Parses comma-separated list of JSP files to be processed. +/** + * Parses comma-separated list of JSP files to be processed. If the argument + * is null, nothing is done. * * pEach file is interpreted relative to uriroot, unless it is absolute, - * in which case it must start with uriroot. + * in which case it must start with uriroot./p * * @param jspFiles Comma-separated list of JSP files to be processed */ -public void setJspFiles(String jspFiles) { -StringTokenizer tok = new StringTokenizer(jspFiles, ,); +public void setJspFiles(final String jspFiles) { +if(jspFiles == null) { +return; +} + +StringTokenizer tok = new StringTokenizer(jspFiles, ,); while (tok.hasMoreTokens()) { -pages.addElement(tok.nextToken()); +pages.add(tok.nextToken()); } } -public void setCompile( boolean b ) { -compile=b; +/** + * Sets the compile flag. + * + * @param b Flag value + */ +public void setCompile( final boolean b ) { +compile = b; } -public void setVerbose( int level ) { +/** + * Sets the verbosity level. The actual number doesn't + * matter: if it's greater than zero, the verbose flag will + * be true. + * + * @param level Positive means verbose + */ +public void setVerbose( final int level ) { if (level 0) { verbose = true; showSuccess = true; @@ -1021,7 +1054,7 @@ ext = files[i].substring(files[i].lastIndexOf('.') +1); if (getExtensions().contains(ext) || jspConfig.isJspPage(uri)) { -pages.addElement(path); +pages.add(path); } } } @@ -1029,7 +1062,15 @@ } } +/** + * Executes the compilation. + * + * @throws JasperException If an error occurs + */ public void execute() throws JasperException { +if(log.isDebugEnabled()) { +log.debug(execute() starting for + pages.size() + pages.); +} try { if (uriRoot == null) { @@ -1037,7 +1078,7 @@ throw new JasperException( Localizer.getMessage(jsp.error.jspc.missingTarget)); } -String firstJsp=(String)pages.elementAt( 0 ); +String firstJsp = (String) pages.get( 0 ); File firstJspF = new File( firstJsp ); if (!firstJspF.exists()) {
DO NOT REPLY [Bug 37746] - JspC.setJspFiles() uses space as a delimiter
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=37746. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=37746 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |ASSIGNED --- Additional Comments From [EMAIL PROTECTED] 2005-12-02 16:31 --- Good catch, thanks for reporting this. I'll remove the space from StringTokenizer, as there's no reason to require it. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r351764 - /tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml
Author: yoavs Date: Fri Dec 2 08:05:27 2005 New Revision: 351764 URL: http://svn.apache.org/viewcvs?rev=351764view=rev Log: Bugzilla 36742: http://issues.apache.org/bugzilla/show_bug.cgi?id=36742 Modified: tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml Modified: tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml?rev=351764r1=351763r2=351764view=diff == --- tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml (original) +++ tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml Fri Dec 2 08:05:27 2005 @@ -14,19 +14,6 @@ body -section name=Tomcat 5.0.32 (yoavs) - subsection name=General -changelog - fix -bug32210/bug: Fixed Realm HowTo. (yoavs) - /fix - fix -bug33204/bug: Fixed SSL HowTo. (yoavs) - /fix -/changelog - /subsection -/section - section name=Tomcat 5.0.31 (yoavs) subsection name=General changelog @@ -45,6 +32,12 @@ fix bug32603/bug: Updated Host doc to reflect appBase resolution. (yoavs) /fix + fix +bug32210/bug: Fixed Realm HowTo. (yoavs) + /fix + fix +bug33204/bug: Fixed SSL HowTo. (yoavs) + /fix /changelog /subsection @@ -56,6 +49,15 @@ fix bug32137/bug: Possible thread-safety issue in RealmBase. (yoavs) /fix +/changelog + /subsection + + subsection name=Coyote +changelog + add +bug36742/bug: Add DEBUG-level warning message to InternalInputBuffer, as suggested by +Greg Steuck. (yoavs) + /add /changelog /subsection - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r351834 - in /tomcat: connectors/trunk/.classpath container/tc5.5.x/.classpath container/tc5.5.x/webapps/docs/building.xml jasper/tc5.5.x/jasper2/.classpath
Author: keith Date: Fri Dec 2 12:48:45 2005 New Revision: 351834 URL: http://svn.apache.org/viewcvs?rev=351834view=rev Log: add a separate variable to the eclipse project for ANT_HOME as the download script doesn't download it and it is assumed to be elsewhere per our instructions. Modified: tomcat/connectors/trunk/.classpath tomcat/container/tc5.5.x/.classpath tomcat/container/tc5.5.x/webapps/docs/building.xml tomcat/jasper/tc5.5.x/jasper2/.classpath Modified: tomcat/connectors/trunk/.classpath URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/.classpath?rev=351834r1=351833r2=351834view=diff == --- tomcat/connectors/trunk/.classpath (original) +++ tomcat/connectors/trunk/.classpath Fri Dec 2 12:48:45 2005 @@ -12,6 +12,6 @@ classpathentry kind=var path=TOMCAT_LIBS_BASE/mx4j-3.0.1/lib/mx4j.jar/ classpathentry kind=var path=TOMCAT_LIBS_BASE/commons-modeler-1.1/commons-modeler.jar/ classpathentry kind=var path=TOMCAT_LIBS_BASE/commons-collections-3.1/commons-collections-3.1.jar/ - classpathentry kind=var path=TOMCAT_LIBS_BASE/apache-ant-1.6.5/lib/ant.jar/ + classpathentry kind=var path=ANT_HOME/lib/ant.jar/ classpathentry kind=output path=bin/ /classpath Modified: tomcat/container/tc5.5.x/.classpath URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/.classpath?rev=351834r1=351833r2=351834view=diff == --- tomcat/container/tc5.5.x/.classpath (original) +++ tomcat/container/tc5.5.x/.classpath Fri Dec 2 12:48:45 2005 @@ -10,9 +10,8 @@ classpathentry kind=src path=webapps/jmxremote/WEB-INF/src/ classpathentry kind=src path=webapps/manager/WEB-INF/classes/ classpathentry kind=con path=org.eclipse.jdt.launching.JRE_CONTAINER/ - classpathentry kind=var path=TOMCAT_LIBS_BASE/apache-ant-1.6.5/lib/ant.jar/ + classpathentry kind=var path=ANT_HOME/lib/ant.jar/ classpathentry kind=var path=TOMCAT_LIBS_BASE/commons-logging-1.0.4/commons-logging-api.jar/ - classpathentry kind=src path=connectors/ classpathentry kind=var path=TOMCAT_LIBS_BASE/commons-modeler-1.1/commons-modeler.jar/ classpathentry kind=var path=TOMCAT_LIBS_BASE/mx4j-3.0.1/lib/mx4j.jar/ classpathentry kind=var path=TOMCAT_LIBS_BASE/commons-launcher-0.9/bin/commons-launcher.jar/ Modified: tomcat/container/tc5.5.x/webapps/docs/building.xml URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/building.xml?rev=351834r1=351833r2=351834view=diff == --- tomcat/container/tc5.5.x/webapps/docs/building.xml (original) +++ tomcat/container/tc5.5.x/webapps/docs/building.xml Fri Dec 2 12:48:45 2005 @@ -169,14 +169,26 @@ p Use Windows-gt;Preferences and then Java-gt;Build Path-gt;Classpath -Variables to add a new Classpath variable called TOMCAT_LIBS_BASE and -set this to the base path where the binary dependencies have been -downloaded. +Variables to add two new Classpath variables: +/p + +p +table border=1 + trtdTOMCAT_LIBS_BASE/tdtdthe base path where the binary dependencies have been downloaded/td/tr + trtdANT_HOME/tdtdthe base path of Ant 1.6.2 or later/td/tr +/table +/p + +p Use File-gt;New Project to create a new Java project for each of the binaries repository (e.g., /usr/share/java), container, connectors, jasper, servletapi. Unless you thought ahead to make the ${tomcat.source} directory be under -your Workspace folder, tell Eclipse the external location. +your Workspace folder, tell Eclipse the external location using quot;Import/Export...quot;, +General-gt;Existing Project into Workspace. +/p + +p Eclipse .project and .classpath files are provided in each of these directories so Eclipse should find all source trees and jars, and hopefully compile without problems. bNote/b that these Modified: tomcat/jasper/tc5.5.x/jasper2/.classpath URL: http://svn.apache.org/viewcvs/tomcat/jasper/tc5.5.x/jasper2/.classpath?rev=351834r1=351833r2=351834view=diff == --- tomcat/jasper/tc5.5.x/jasper2/.classpath (original) +++ tomcat/jasper/tc5.5.x/jasper2/.classpath Fri Dec 2 12:48:45 2005 @@ -3,7 +3,7 @@ classpathentry kind=src path=src/share/ classpathentry kind=con path=org.eclipse.jdt.launching.JRE_CONTAINER/ classpathentry kind=var path=TOMCAT_LIBS_BASE/commons-logging-1.0.4/commons-logging-api.jar/ - classpathentry kind=var path=TOMCAT_LIBS_BASE/apache-ant-1.6.5/lib/ant.jar/ + classpathentry kind=var path=ANT_HOME/lib/ant.jar/ classpathentry kind=var path=TOMCAT_LIBS_BASE/commons-el-1.0/commons-el.jar/ classpathentry kind=var path=TOMCAT_LIBS_BASE/eclipse/plugins/org.eclipse.jdt.core_3.1.1.jar/
Problems with Tomcat 5.5.12 and the BEA JVM (1.4.2_05)
I have a question from Deepak Bhole (he is still waiting for the mailing list subscription confirmation -- it seems to take some time): We encountered a problem with using tomcat 5.5.12 with the BEA 1.4.2_05 JVM. This is a known issue in the JVM, and has been fixed in 1.4.2_08 (which we don't have yet). I traced the code that was throwing the exception down to code in juli (tomcat's supplied LogManager). The juli in tomcat 5.5.9 works fine with BEA 1.4.2_05; the juli in tomcat5.5.12 does not. I have been experimenting with using juli from 5.5.9 in 5.5.12, and so far I have encountered no problems. Do you know if juli is a pluggable connector whose version can be varied across a specific version of tomcat? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
directory listings (updated patch)
Attached is an updated patch for the directory listings cache. I've made the following changes: * the cache is now implemented in a separate class (org.apache.catalina.util.ExpiringCache) * added the following servlet parameters: - listings-cache [true] - listings-cache-size [1000] - listings-cache-ttl [5000] * fixed the cache to key on the full resource path (I was under the mistaken impression that contextPath was enough) I also modified the synchronization behavior a bit. Previously if directory A were being rendered then a request for directory B would wait for it to finish before proceeding. With this patch a request will only wait if a previous request is already rendering the same directory. I believe this is closer to the ideal behavior since threads will never waste resources rendering the same directory twice, but independent directory listings will proceed in parallel. Please let me know if you would like any further changes. -- Rafael H. Schloming [EMAIL PROTECTED] Index: container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java === --- container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java (revision 347964) +++ container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java (working copy) @@ -32,6 +32,7 @@ import java.io.Reader; import java.io.StringReader; import java.io.StringWriter; +import java.io.UnsupportedEncodingException; import java.util.Enumeration; import java.util.StringTokenizer; import java.util.Vector; @@ -54,6 +55,7 @@ import javax.xml.transform.stream.StreamSource; import org.apache.catalina.Globals; +import org.apache.catalina.util.ExpiringCache; import org.apache.catalina.util.ServerInfo; import org.apache.catalina.util.StringManager; import org.apache.catalina.util.URLEncoder; @@ -144,14 +146,32 @@ * the platform default is used. */ protected String fileEncoding = null; - - + + /** * Minimum size for sendfile usage in bytes. */ protected int sendfileSize = 48 * 1024; - - + + +/** + * The maximum number of directory listings to cache. + */ +protected int listingsCacheSize = 1000; + + +/** + * The maximum lifetime of cached directory listings. + */ +protected long listingsCacheTTL = 5000; // 5 seconds + + +/** + * The expiring cache of directory listings, or null if this + * feature is disabled. + */ +protected ExpiringCache listingsCache = null; + // - Static Initializer @@ -253,7 +273,36 @@ } catch (Throwable t) { ; } +try { +value = getServletConfig().getInitParameter(listings-cache-size); +listingsCacheSize = Integer.parseInt(value); +} catch (Throwable t) { +; +} +try { +value = getServletConfig().getInitParameter(listings-cache-ttl); +listingsCacheTTL = Long.parseLong(value); +} catch (Throwable t) { +; +} +try { +value = getServletConfig().getInitParameter(listings-cache); +if (value == null || new Boolean(value).booleanValue()) { +listingsCache = new ExpiringCache +(100, listingsCacheSize, listingsCacheTTL, (float) 0.75) { +protected Object key(Object[] args) { +return args[0] + / + ((CacheEntry) args[1]).name; +} +protected Object fault(Object[] args) { +return doRender((String) args[0], (CacheEntry) args[1]); +} +}; +} +} catch (Throwable t) { +; +} + globalXsltFile = getServletConfig().getInitParameter(globalXsltFile); localXsltFile = getServletConfig().getInitParameter(localXsltFile); readmeFile = getServletConfig().getInitParameter(readmeFile); @@ -,22 +1160,36 @@ return result; } +protected InputStream render +(String contextPath, CacheEntry cacheEntry) { +byte[] bytes; +if (listingsCache == null) { +bytes = doRender(contextPath, cacheEntry); +} else { +bytes = (byte[]) listingsCache.get(new Object[] {contextPath, cacheEntry}); +} +return new ByteArrayInputStream(bytes); +} - /** * Decide which way to render. HTML or XML. */ -protected InputStream render +protected byte[] doRender (String contextPath, CacheEntry cacheEntry) { InputStream xsltInputStream = findXsltInputStream(cacheEntry.context); +String str; if (xsltInputStream==null) { -return renderHtml(contextPath, cacheEntry); +str =
svn commit: r351785 - /tomcat/build/tc5.5.x/
Author: keith Date: Fri Dec 2 10:03:21 2005 New Revision: 351785 URL: http://svn.apache.org/viewcvs?rev=351785view=rev Log: svn ignore the eclipse build dirs Modified: tomcat/build/tc5.5.x/ (props changed) Propchange: tomcat/build/tc5.5.x/ -- --- svn:ignore (original) +++ svn:ignore Fri Dec 2 10:03:21 2005 @@ -5,3 +5,4 @@ dist release build.properties +bin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r351798 - /tomcat/container/tc5.5.x/webapps/docs/building.xml
Author: keith Date: Fri Dec 2 10:31:46 2005 New Revision: 351798 URL: http://svn.apache.org/viewcvs?rev=351798view=rev Log: add minimum ant version add eclipse compiler compliance level note Modified: tomcat/container/tc5.5.x/webapps/docs/building.xml Modified: tomcat/container/tc5.5.x/webapps/docs/building.xml URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/building.xml?rev=351798r1=351797r2=351798view=diff == --- tomcat/container/tc5.5.x/webapps/docs/building.xml (original) +++ tomcat/container/tc5.5.x/webapps/docs/building.xml Fri Dec 2 10:31:46 2005 @@ -42,10 +42,10 @@ /section -section name=Install Apache Ant 1.6.x +section name=Install Apache Ant 1.6.2 or later p -Download a binary distribution of Ant 1.6.x from +Download a binary distribution of Ant 1.6.2 or later from a href=http://ant.apache.org/bindownload.cgi;here/a. /p @@ -180,7 +180,8 @@ Eclipse .project and .classpath files are provided in each of these directories so Eclipse should find all source trees and jars, and hopefully compile without problems. bNote/b that these -files assume you are using Eclipse with a 5.0 or later JDK. +files assume you are using Eclipse with a 5.0 or later JDK; also, the +connectors module must be built with a compiler compliance level of 5.0. /p p - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r351763 - /tomcat/connectors/branches/tc5.0.x/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java
Author: yoavs Date: Fri Dec 2 08:05:14 2005 New Revision: 351763 URL: http://svn.apache.org/viewcvs?rev=351763view=rev Log: Bugzilla 36742: http://issues.apache.org/bugzilla/show_bug.cgi?id=36742 Modified: tomcat/connectors/branches/tc5.0.x/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java Modified: tomcat/connectors/branches/tc5.0.x/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java URL: http://svn.apache.org/viewcvs/tomcat/connectors/branches/tc5.0.x/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java?rev=351763r1=351762r2=351763view=diff == --- tomcat/connectors/branches/tc5.0.x/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java (original) +++ tomcat/connectors/branches/tc5.0.x/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java Fri Dec 2 08:05:14 2005 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2004 The Apache Software Foundation + * Copyright 1999-2005 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the License); * you may not use this file except in compliance with the License. @@ -36,7 +36,12 @@ * @author a href=mailto:[EMAIL PROTECTED]Remy Maucherat/a */ public class InternalInputBuffer implements InputBuffer { - +/** + * Logger. + */ +private static org.apache.commons.logging.Log log += org.apache.commons.logging.LogFactory.getLog(InternalInputBuffer.class); + // -- Constants @@ -730,8 +735,14 @@ if (parsingHeader) { if (lastValid == buf.length) { -throw new IOException -(sm.getString(iib.requestheadertoolarge.error)); +// Bugzilla 36742: http://issues.apache.org/bugzilla/show_bug.cgi?id=36742 +String err = sm.getString(iib.requestheadertoolarge.error); + +if(log.isDebugEnabled()) { +log.debug(err); +} + +throw new IOException(err); } nRead = inputStream.read(buf, pos, buf.length - lastValid); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 36318] - CRC error in compressed sample.war file
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36318. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=36318 --- Additional Comments From [EMAIL PROTECTED] 2005-12-02 16:18 --- Confirmed, looks good now, thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 36540] - pooled cluster replication does not seem ensure synchronized replication in tomcat 5.5.11
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36540. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=36540 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |NEEDINFO Version|Nightly Build |5.5.11 --- Additional Comments From [EMAIL PROTECTED] 2005-12-02 16:55 --- Please (anyone involved in this issue) submit the doc enhancements you'd like to see. I'll be glad to quickly look at them and commit them for the next release. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35276] - Calling EL fuction in same taglib from tagfile triggers infinite recursion
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35276. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35276 --- Additional Comments From [EMAIL PROTECTED] 2005-12-02 19:58 --- Is the fix present in 5.5.13? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 37746] - JspC.setJspFiles() uses space as a delimiter
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=37746. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=37746 [EMAIL PROTECTED] changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2005-12-02 16:50 --- Fixed. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 37750] - SocketException: Connection reset causes severe error
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=37750. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=37750 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |NEEDINFO --- Additional Comments From [EMAIL PROTECTED] 2005-12-02 16:52 --- It's not us who chose to categorize this exception as SEVERE ;) So this never happened with 5.5.9, only 5.5.12? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 36742] - Missing diagnostics in InternalInputBuffer on overly long headers
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36742. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=36742 [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2005-12-02 17:06 --- Fix applied on 5.0 branch. Thanks for contributing it. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Tomcat 5.5.12 and the BEA JVM (1.4.2_05)
Hi, Do you know if juli is a pluggable connector whose version can be varied across a specific version of tomcat? No, it's not at the moment. That's not to say it's static and unchanging, of course. -- Yoav Shapira System Design and Management Fellow MIT Sloan School of Management Cambridge, MA, USA [EMAIL PROTECTED] / www.yoavshapira.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]