Re: [VOTE] Releasing Tomcat Connectors 1.2.21

2007-03-02 Thread Jean-Frederic 
On Thu, 2007-03-01 at 19:59 -0500, Eric Wertman wrote:
> I'm just ringing in, although I don't have a vote.  I was working with 
> Rainer on an issue with 1.2.21 on some Red Hat machines.  I started with 
> mod_jk because those were the only error messages I was getting.  It 
> turns out that those messages were not related to my ultimate problem. 
> Thanks again to Rainer for helping me track that down and sort it out.
> 
> My ultimate problem was that apache was returning bad data in some 
> requests, but logging 200 error code and the proper file sizes in the 
> access_log.  The files themselves were of variable size and often 
> contained other "junk" that was obviously from apache memory space 
> (chunks of log entries and other things).
> 
> The theories I went though included targeting sendfile, mmap, and 
> mod_cache (mod_cache_mem) .  I disabled all of these and still was 
> experiencing the problem.

Could you please fill a bugzilla report describing the problem and how
to reproduce it?

Cheers

Jean-Frederic


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 37072] - Encoding mismatch in error condition

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37072


[EMAIL PROTECTED] changed:

   What|Removed |Added

 CC||[EMAIL PROTECTED]




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Re: reload on demand

2007-03-02 Thread Christophe Pierret 
JetBrains IntelliJ IDEA supports reloading classes when you decide by the menu 
"Run"/"Reload Changed classes".
This option only works if you did not modify the structure of the classes 
(e.g.: by adding methods).
It uses support from the JVM debugging APIs so it works very well, it will 
manage existing instances as instances of the previous class version and new 
instances will be created using the new version.

-Message d'origine-
De : news [mailto:[EMAIL PROTECTED] De la part de Kent Tong
Envoyé : vendredi 2 mars 2007 04:51
À : dev@tomcat.apache.org
Objet : Re: reload on demand

Filip Hanik - Dev Lists  hanik.com> writes:

> see that the solution I gave you, doesn't need to reload the app, it 
> simply reloads the individual class file. for large apps, you don't 
> have to wait for the entire app to reload that would qualify as 
> automatic too, wouldnt it?

Thanks. I've taken a look at it. Here are some issues with it:
1) It still uses a timer. So it will still keep reloading when I am editing my 
files.
2) I have to specified which servlet classes to monitor. It seems there is no 
way to monitor all classes (including domain classes).
3) Reloading only a particular class will probably break the webapp (eg, when 
instances of classes hold references to its instances).

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r513601 - in /tomcat/tc6.0.x/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

2007-03-02 Thread Remy Maucherat 

[EMAIL PROTECTED] wrote:

Author: markt
Date: Thu Mar  1 18:38:26 2007
New Revision: 513601

URL: http://svn.apache.org/viewvc?view=rev&rev=513601
Log:
Port fix for bug 41739. Servlets with a load-on-startup value of zero should be 
loaded first.


I am not convinced by this (and the other non issues reported by this 
person), since this code was apparently present on purpose.


Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Spec conflict between ServletResponse.getWriter() and ServletResponse.reset()

2007-03-02 Thread Remy Maucherat 

Mark Thomas wrote:

Looking into bug 37072 has identified a conflict in the spec.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37072

Consider the following sequence of calls:

response.setCharacterEncoding("UTF-8");
response.getWriter();
response.reset();

After this the writer encoding and response encoding do not agree and
can not be reconciled:
- the Writer is using UTF-8 because the reset only clears the buffer,
it doesn't reset the writer's encoding
- response.getCharacterEncoding returns ISO-8859-1 due to the reset
- response.setCharacterEncoding has no effect since the getWriter()
call sets the usingWriter flag that prevents changes to the character
encoding.

The spec is clear that:
- reset() clear all the headers


This means there's no way to send the char encoding, so this means it is 
reset as well.



- calls setCharacterEncoding() have no effect after getWriter()

What isn't clear is should the call to reset() also clear the writer
(assuming of course that the response isn't committed)? Along the same
lines is getWriter(), reset(), getStream() be legal?

I am minded to clear the writer, buffer, stream and associated flags
on reset().


It's not up to us (IMO) to start dealing with possible contradictions in 
the specification, esp when there's no use case for the situation, and 
the reports should be invalid. At least, unless you enjoy it, in which 
case it would be ok :)


Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r513601 - in /tomcat/tc6.0.x/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

2007-03-02 Thread Tim Funk 
Re-reading the 2.4 spec - most references to load-on-startup state any 
non-negative number gets loaded in order lowest to highest. (Starting at 0)


BUT in the 2.2 DTD - there is this gem:
"The load-on-startup element indicates that this servlet should be
loaded on the startup of the web application.
The optional contents of these element must be a positive integer
indicating the order in which the servlet should be loaded.
Lower integers are loaded before higher integers.
If no value is specified, or if the value specified is not a positive
integer, the container is free to load it at any time in the startup
sequence."

So an older version of the spec had 0 special case where zero meant load 
on startup - but don't care when. (Since zero is not a positive 
integer). That special case disappeared starting in spec version 2.3.


-Tim

Remy Maucherat wrote:

[EMAIL PROTECTED] wrote:

Author: markt
Date: Thu Mar  1 18:38:26 2007
New Revision: 513601

URL: http://svn.apache.org/viewvc?view=rev&rev=513601
Log:
Port fix for bug 41739. Servlets with a load-on-startup value of zero 
should be loaded first.


I am not convinced by this (and the other non issues reported by this 
person), since this code was apparently present on purpose.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513719 - in /tomcat/site/trunk: docs/migration.html xdocs/migration.xml

2007-03-02 Thread remm 
Author: remm
Date: Fri Mar  2 03:58:18 2007
New Revision: 513719

URL: http://svn.apache.org/viewvc?view=rev&rev=513719
Log:
- Typos.

Modified:
tomcat/site/trunk/docs/migration.html
tomcat/site/trunk/xdocs/migration.xml

Modified: tomcat/site/trunk/docs/migration.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration.html?view=diff&rev=513719&r1=513718&r2=513719
==
--- tomcat/site/trunk/docs/migration.html (original)
+++ tomcat/site/trunk/docs/migration.html Fri Mar  2 03:58:18 2007
@@ -325,7 +325,7 @@
 
 Commons-logging was package renamed to 
org.apache.juli.logging
 so that application logging can be as independent as possible from the
-container, while wtill having the possibility of being unified. This 
change is
+container, while still having the possibility of being unified. This 
change is
 transparent when using java.logging, but requires compilation of the extra
 components when using log4j for Tomcat's logging. See the logging and 
extras
 documentation for more details.
@@ -383,7 +383,7 @@
 
 
 
-Clustering confoguration was refactored. See the clustering 
documentation
+Clustering configuration was refactored. See the clustering 
documentation
 for more details.
 
   

Modified: tomcat/site/trunk/xdocs/migration.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration.xml?view=diff&rev=513719&r1=513718&r2=513719
==
--- tomcat/site/trunk/xdocs/migration.xml (original)
+++ tomcat/site/trunk/xdocs/migration.xml Fri Mar  2 03:58:18 2007
@@ -57,7 +57,7 @@
 
 Commons-logging was package renamed to 
org.apache.juli.logging
 so that application logging can be as independent as possible from the
-container, while wtill having the possibility of being unified. This 
change is
+container, while still having the possibility of being unified. This 
change is
 transparent when using java.logging, but requires compilation of the extra
 components when using log4j for Tomcat's logging. See the logging and 
extras
 documentation for more details.
@@ -75,7 +75,7 @@
 
   
 
-Clustering confoguration was refactored. See the clustering 
documentation
+Clustering configuration was refactored. See the clustering 
documentation
 for more details.
 
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513721 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

2007-03-02 Thread markt 
Author: markt
Date: Fri Mar  2 04:10:05 2007
New Revision: 513721

URL: http://svn.apache.org/viewvc?view=rev&rev=513721
Log:
Put change in right section.

Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?view=diff&rev=513721&r1=513720&r2=513721
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Mar  2 04:10:05 2007
@@ -15,6 +15,13 @@
 
 
 
+  
+
+  
+41739 Correct handling of servlets with a load-on-startup
+value of zero. These are now the first servlets to be started. (markt)
+  
+
   
 
   
@@ -25,11 +32,7 @@
 when the serviet is reading/writing from the input/output streams
 The flag is 
-Dorg.apache.tomcat.util.net.NioSelectorShared=true
   
-  
-41739 Correct handling of servlets with a load-on-startup
-value of zero. These are now the first servlets to be started. (markt)
-  
-  
+
   
   
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r513601 - in /tomcat/tc6.0.x/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

2007-03-02 Thread Remy Maucherat 

Tim Funk wrote:
So an older version of the spec had 0 special case where zero meant load 
on startup - but don't care when. (Since zero is not a positive 
integer). That special case disappeared starting in spec version 2.3.


So it's probably because of this that this code was present. I don't 
know if there's a test about this in the TCK.


Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41740] - Environment tags not being picked-up in DefaultContext

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41740


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||DUPLICATE




--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 04:18 ---
Hint: $CATALINA_BASE/conf/context.xml

*** This bug has been marked as a duplicate of 40633 ***

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40633] - DefaultContext tag still referenced in doc.

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40633


[EMAIL PROTECTED] changed:

   What|Removed |Added

 CC||[EMAIL PROTECTED]




--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 04:18 ---
*** Bug 41740 has been marked as a duplicate of this bug. ***

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r513601 - in /tomcat/tc6.0.x/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

2007-03-02 Thread Mark Thomas 
Remy Maucherat wrote:
> [EMAIL PROTECTED] wrote:
>> Author: markt
>> Date: Thu Mar  1 18:38:26 2007
>> New Revision: 513601
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=513601
>> Log:
>> Port fix for bug 41739. Servlets with a load-on-startup value of zero
>> should be loaded first.
> 
> I am not convinced by this (and the other non issues reported by this
> person), since this code was apparently present on purpose.

Perhaps reading the spec will convince you.

If the value is a positive integer or 0, the container must load and
initialize the servlet as the application is deployed. The container
must guarantee that servlets marked with lower integers are loaded
before servlets marked with higher integers.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JspC options

2007-03-02 Thread Yoav Shapira 

Hi,

On 3/2/07, Steve Joynt <[EMAIL PROTECTED]> wrote:

Would it be possible/feasible to add finer control over the java compiler
used by JspC when compiling jsps?


It's probably possible, and most likely to get done if you write the
code and send in a patch yourself ;)


The ant Javac task includes the "executable" parameter, which allows you to
specify the path to the javac executable. Can this be exposed through the
ant JspC task somehow? I'm not sure how this would be implemented for the
JDTCompiler.


See above ;)  Keep in mind also JDT is the default now...

Yoav

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Spec conflict between ServletResponse.getWriter() and ServletResponse.reset()

2007-03-02 Thread Mark Thomas 
Remy Maucherat wrote:
> Mark Thomas wrote:
>> Looking into bug 37072 has identified a conflict in the spec.
>> http://issues.apache.org/bugzilla/show_bug.cgi?id=37072
>>
>> Consider the following sequence of calls:
>>
>> response.setCharacterEncoding("UTF-8");
>> response.getWriter();
>> response.reset();
>>
>> After this the writer encoding and response encoding do not agree and
>> can not be reconciled:
>> - the Writer is using UTF-8 because the reset only clears the buffer,
>> it doesn't reset the writer's encoding
>> - response.getCharacterEncoding returns ISO-8859-1 due to the reset
>> - response.setCharacterEncoding has no effect since the getWriter()
>> call sets the usingWriter flag that prevents changes to the character
>> encoding.
>>
>> The spec is clear that:
>> - reset() clear all the headers
> 
> This means there's no way to send the char encoding, so this means it is
> reset as well.
> 
>> - calls setCharacterEncoding() have no effect after getWriter()
>>
>> What isn't clear is should the call to reset() also clear the writer
>> (assuming of course that the response isn't committed)? Along the same
>> lines is getWriter(), reset(), getStream() be legal?
>>
>> I am minded to clear the writer, buffer, stream and associated flags
>> on reset().
> 
> It's not up to us (IMO) to start dealing with possible contradictions in
> the specification, esp when there's no use case for the situation, and
> the reports should be invalid. At least, unless you enjoy it, in which
> case it would be ok :)

I think it is up to us to raise such contradictions with the expert
group for clarification. Aren't you on the expert group or am I
mis-remembering?

The obvious use case is error pages.

Given I do enjoy fixing bugs - why else would I do it ;) - am I
correct in taking your comment to mean you are not against such a
change to the reset() method?

Mark

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41746] New: - Default web application can not be changed

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41746

   Summary: Default web application can not be changed
   Product: Tomcat 6
   Version: unspecified
  Platform: PC
OS/Version: Mac OS X 10.4
Status: NEW
  Severity: normal
  Priority: P1
 Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


I have downloaded tomcat 6.0.10. 
I added mysql-connector, log4j and commons-logging to lib directory.
My context.xml file, located in META-INF directory looks like this:

  
  

  



When I deploy it on tomcat, the default web application is still ROOT webapp. 
There are no warning/error messages (in all logs, including my application log)
except these:

Catalina.out:
Mar 2, 2007 1:51:21 PM org.apache.catalina.session.PersistentManagerBase start
SEVERE: No Store configured, persistence disabled
Mar 2, 2007 1:51:25 PM org.apache.catalina.startup.HostConfig deployDescriptor
WARNING: A docBase /Volumes/Work/apache-tomcat-6.0.10/webapps/lootist inside the
host appBase has been specified, and will be ignored

I haven't changed anything in tomcat config and I haven't deployed any other 
apps. 

Note:
I tested the same app. couple of weeks ago on Apache Tomcat 6.0.7 and everything
worked ok.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED]: Project tomcat-tc6 (in module tomcat-tc6) failed

2007-03-02 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at [EMAIL PROTECTED]

Project tomcat-tc6 has an issue affecting its community integration.
This issue affects 29 projects,
 and has been outstanding for 56 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- antbook-sections :  Examples to go with Java Development with Ant
- commons-jelly-tags-ojb :  Commons Jelly
- commons-transaction :  Commons Identifier Package
- commons-vfs :  Jakarta commons
- commons-vfs-sandbox :  Jakarta commons
- db-ojb-from-packages-1-0-release :  ObjectRelationalBridge
- excalibur-fortress-bean :  Repository of reusable components.
- excalibur-fortress-container-impl :  Repository of reusable components.
- excalibur-fortress-container-test :  Repository of reusable components.
- excalibur-fortress-examples :  Repository of reusable components.
- excalibur-fortress-migration :  Repository of reusable components.
- excalibur-fortress-platform :  Repository of reusable components.
- excalibur-fortress-testcase :  Repository of reusable components.
- excalibur-monitor :  Repository of reusable components.
- excalibur-sourceresolve :  Repository of reusable components.
- excalibur-xmlutil :  Repository of reusable components.
- ivy :  Ivy Core
- ivy-tests :  Ivy is a tool for managing (recording, tracking, resolving 
a...
- jakarta-slide :  Content Management System based on WebDAV technology
- logging-log4j-chainsaw :  Chainsaw log viewer
- slide-webdavclient :  Content Management System based on WebDAV technology
- smartfrog :  Smartfrog: Application Deployment from HP Laboratories
- smartfrog-components :  Smartfrog: Application Deployment from HP 
Laboratories
- smartfrog-tasks :  Smartfrog: Application Deployment from HP Laboratories
- smartfrog-tasks-test :  Smartfrog: Application Deployment from HP 
Laboratories
- smartfrog-test :  Smartfrog: Application Deployment from HP Laboratories
- smartfrog-testharness :  Smartfrog: Application Deployment from HP 
Laboratories
- test-ojb-from-packages-1-0-release :  ObjectRelationalBridge
- tomcat-tc6 :  Java Servlet 2.5 & Server Pages JSP 2.1 implementation (for 
...


Full details are available at:
http://vmgump.apache.org/gump/public/tomcat-tc6/tomcat-tc6/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.jsvc.tar.gz.
 -INFO- Failed with reason build failed
 -DEBUG- Extracted fallback artifacts from Gump Repository



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-tc6/tomcat-tc6/gump_work/build_tomcat-tc6_tomcat-tc6.html
Work Name: build_tomcat-tc6_tomcat-tc6 (Type: Build)
Work ended in a state of : Failed
Elapsed: 32 secs
Command Line: java -Djava.awt.headless=true org.apache.tools.ant.Main 
-Dgump.merge=/x1/gump/public/gump/work/merge.xml -Dbuild.sysclasspath=only 
-Dtomcat-native.tar.gz=/usr/local/gump/public/workspace/tomcat-tc6/BUILDING.txt 
-Dcommons-daemon.jsvc.tar.gz=/usr/local/gump/public/workspace/jakarta-commons/daemon/dist/bin/jsvc.tar.gz
 
-Dcommons-daemon.jar=/usr/local/gump/public/workspace/jakarta-commons/daemon/dist/commons-daemon-02032007.jar
 
-Djasper-jdt.jar=/usr/local/gump/packages/eclipse-3.1M6/plugins/org.eclipse.jdt.core_3.1.0/jdtcore.jar
 
-Dcommons-logging-api.jar=/usr/local/gump/public/workspace/jakarta-commons/logging/target/commons-logging-api-02032007.jar
 
-Dtomcat-dbcp.jar=/usr/local/gump/public/workspace/tomcat-tc6/tomcat-deps/tomcat-jdbc-02032007.jar
 
[Working Directory: /usr/local/gump/public/workspace/tomcat-tc6]
CLASSPATH: 
/opt/jdk1.5/lib/tools.jar:/usr/local/gump/public/workspace/tomcat-tc6/output/classes:/usr/local/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-swing.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-trax.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-junit.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-nodeps.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant.jar:/usr/local/gump/packages/junit3.8.1/junit.jar:/usr/local/gump/public/workspace/xml-commons/java/build/resolver.jar:/usr/local/gump/public/workspace/dist/junit/junit.jar:/usr/local/gump/packages/javamail-1.4/mail.jar:/usr/local/gump/packages/javamail-1.4/lib/mailapi.jar:/usr/local/gump/packages/jaf-1.1ea/activation.jar:/usr/local/gump/public/workspace/jakarta-commons/logging/target/commons-logging-a

[EMAIL PROTECTED]: Project tomcat-tc6 (in module tomcat-tc6) failed

2007-03-02 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at [EMAIL PROTECTED]

Project tomcat-tc6 has an issue affecting its community integration.
This issue affects 29 projects,
 and has been outstanding for 56 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- antbook-sections :  Examples to go with Java Development with Ant
- commons-jelly-tags-ojb :  Commons Jelly
- commons-transaction :  Commons Identifier Package
- commons-vfs :  Jakarta commons
- commons-vfs-sandbox :  Jakarta commons
- db-ojb-from-packages-1-0-release :  ObjectRelationalBridge
- excalibur-fortress-bean :  Repository of reusable components.
- excalibur-fortress-container-impl :  Repository of reusable components.
- excalibur-fortress-container-test :  Repository of reusable components.
- excalibur-fortress-examples :  Repository of reusable components.
- excalibur-fortress-migration :  Repository of reusable components.
- excalibur-fortress-platform :  Repository of reusable components.
- excalibur-fortress-testcase :  Repository of reusable components.
- excalibur-monitor :  Repository of reusable components.
- excalibur-sourceresolve :  Repository of reusable components.
- excalibur-xmlutil :  Repository of reusable components.
- ivy :  Ivy Core
- ivy-tests :  Ivy is a tool for managing (recording, tracking, resolving 
a...
- jakarta-slide :  Content Management System based on WebDAV technology
- logging-log4j-chainsaw :  Chainsaw log viewer
- slide-webdavclient :  Content Management System based on WebDAV technology
- smartfrog :  Smartfrog: Application Deployment from HP Laboratories
- smartfrog-components :  Smartfrog: Application Deployment from HP 
Laboratories
- smartfrog-tasks :  Smartfrog: Application Deployment from HP Laboratories
- smartfrog-tasks-test :  Smartfrog: Application Deployment from HP 
Laboratories
- smartfrog-test :  Smartfrog: Application Deployment from HP Laboratories
- smartfrog-testharness :  Smartfrog: Application Deployment from HP 
Laboratories
- test-ojb-from-packages-1-0-release :  ObjectRelationalBridge
- tomcat-tc6 :  Java Servlet 2.5 & Server Pages JSP 2.1 implementation (for 
...


Full details are available at:
http://vmgump.apache.org/gump/public/tomcat-tc6/tomcat-tc6/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.jsvc.tar.gz.
 -INFO- Failed with reason build failed
 -DEBUG- Extracted fallback artifacts from Gump Repository



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-tc6/tomcat-tc6/gump_work/build_tomcat-tc6_tomcat-tc6.html
Work Name: build_tomcat-tc6_tomcat-tc6 (Type: Build)
Work ended in a state of : Failed
Elapsed: 32 secs
Command Line: java -Djava.awt.headless=true org.apache.tools.ant.Main 
-Dgump.merge=/x1/gump/public/gump/work/merge.xml -Dbuild.sysclasspath=only 
-Dtomcat-native.tar.gz=/usr/local/gump/public/workspace/tomcat-tc6/BUILDING.txt 
-Dcommons-daemon.jsvc.tar.gz=/usr/local/gump/public/workspace/jakarta-commons/daemon/dist/bin/jsvc.tar.gz
 
-Dcommons-daemon.jar=/usr/local/gump/public/workspace/jakarta-commons/daemon/dist/commons-daemon-02032007.jar
 
-Djasper-jdt.jar=/usr/local/gump/packages/eclipse-3.1M6/plugins/org.eclipse.jdt.core_3.1.0/jdtcore.jar
 
-Dcommons-logging-api.jar=/usr/local/gump/public/workspace/jakarta-commons/logging/target/commons-logging-api-02032007.jar
 
-Dtomcat-dbcp.jar=/usr/local/gump/public/workspace/tomcat-tc6/tomcat-deps/tomcat-jdbc-02032007.jar
 
[Working Directory: /usr/local/gump/public/workspace/tomcat-tc6]
CLASSPATH: 
/opt/jdk1.5/lib/tools.jar:/usr/local/gump/public/workspace/tomcat-tc6/output/classes:/usr/local/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-swing.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-trax.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-junit.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant-nodeps.jar:/usr/local/gump/public/workspace/ant/dist/lib/ant.jar:/usr/local/gump/packages/junit3.8.1/junit.jar:/usr/local/gump/public/workspace/xml-commons/java/build/resolver.jar:/usr/local/gump/public/workspace/dist/junit/junit.jar:/usr/local/gump/packages/javamail-1.4/mail.jar:/usr/local/gump/packages/javamail-1.4/lib/mailapi.jar:/usr/local/gump/packages/jaf-1.1ea/activation.jar:/usr/local/gump/public/workspace/jakarta-commons/logging/target/commons-logging-a

svn commit: r513747 - /tomcat/connectors/trunk/jk/native/common/jk_version.h

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 05:26:46 2007
New Revision: 513747

URL: http://svn.apache.org/viewvc?view=rev&rev=513747
Log:
Start 1.2.2-dev

Modified:
tomcat/connectors/trunk/jk/native/common/jk_version.h

Modified: tomcat/connectors/trunk/jk/native/common/jk_version.h
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_version.h?view=diff&rev=513747&r1=513746&r2=513747
==
--- tomcat/connectors/trunk/jk/native/common/jk_version.h (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_version.h Fri Mar  2 05:26:46 
2007
@@ -26,14 +26,14 @@
 /** START OF AREA TO MODIFY BEFORE RELEASING */
 #define JK_VERMAJOR 1
 #define JK_VERMINOR 2
-#define JK_VERFIX   21
-#define JK_VERSTRING"1.2.21"
+#define JK_VERFIX   22
+#define JK_VERSTRING"1.2.22"
 
 /* Beta number */
 #define JK_VERBETA  0
 #define JK_BETASTRING   "0"
 /* set JK_VERISRELEASE to 1 when release (do not forget to commit!) */
-#define JK_VERISRELEASE 1
+#define JK_VERISRELEASE 0
 #define JK_VERRC0
 #define JK_RCSTRING "0"
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513749 - /tomcat/connectors/trunk/jk/HOWTO-RELEASE

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 05:29:17 2007
New Revision: 513749

URL: http://svn.apache.org/viewvc?view=rev&rev=513749
Log:
Add a note about building NEWS.

Modified:
tomcat/connectors/trunk/jk/HOWTO-RELEASE

Modified: tomcat/connectors/trunk/jk/HOWTO-RELEASE
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/HOWTO-RELEASE?view=diff&rev=513749&r1=513748&r2=513749
==
--- tomcat/connectors/trunk/jk/HOWTO-RELEASE (original)
+++ tomcat/connectors/trunk/jk/HOWTO-RELEASE Fri Mar  2 05:29:17 2007
@@ -19,6 +19,7 @@
 xdocs/index.xml
 xdocs/news/.xml
 native/STATUS.txt
+tools/jkrelease.sh (check that all  ../docs/news/printer/*html are in the 
list).
 
 Update the JK_VERISRELEASE define in jk/native/common/jk_version.h, here is
 a svn diff that shows what I changed:



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513752 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

2007-03-02 Thread funkman 
Author: funkman
Date: Fri Mar  2 05:37:24 2007
New Revision: 513752

URL: http://svn.apache.org/viewvc?view=rev&rev=513752
Log:
fix gump complaint for xsl

Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?view=diff&rev=513752&r1=513751&r2=513752
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Mar  2 05:37:24 2007
@@ -22,6 +22,7 @@
 value of zero. These are now the first servlets to be started. (markt)
   
 
+  
   
 
   
@@ -40,7 +41,7 @@
 Fix previous update to servlet 2.5 xsd to use correct declaration.
 (markt)
   
-  
+
   
 
 
@@ -116,15 +117,15 @@
 Chris Halstead. (markt)
   
   
-40524: request.getAuthType() now returns CLIENT_CERT rather 
+40524: request.getAuthType() now returns CLIENT_CERT rather
 than CLIENT-CERT. (markt)
   
   
-40526: Return support for JPDA_OPTS to catalina.bat and add 
+40526: Return support for JPDA_OPTS to catalina.bat and add
 a new option JPDA_SUSPEND, submitted by by Kurt Roy. (markt)
   
   
-41265: In embedded, remove the code that resets 
checkInterval 
+41265: In embedded, remove the code that resets 
checkInterval
 values of zero to 300. (markt)
   
 
@@ -156,7 +157,7 @@
   
 
   
-41466: When using the NioChannel and SecureNioChannel its 
+41466: When using the NioChannel and SecureNioChannel its
 important to use the channels buffers. (fhanik)
   
 
@@ -415,7 +416,7 @@
 Add xsds for JSP 2.1 (remm)
   
   
-41106: Update validation checks for EL to also include 
+41106: Update validation checks for EL to also include
 legacy 1.2 tags (remm)
   
 
@@ -456,7 +457,7 @@
 Fix passing of the keystore password for the NIO connector (fhanik)
   
 
-   
+  
 
 
   
@@ -493,7 +494,7 @@
 validation, bom encoding support (remm)
   
 
-   
+  
   
 
   
@@ -509,7 +510,7 @@
 Implement explicit flushing in AJP (mturk)
   
 
-   
+  
 
 
   
@@ -534,7 +535,7 @@
 Unifed EL 2.1 support (jhook)
   
 
-   
+  
   
 
   
@@ -548,18 +549,18 @@
 resources (costin)
   
 
-   
+  
   
 
   
 New cluster configuration and new documentation (fhanik)
   
 
-   
+  
   
 
 
-   
+  
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41747] New: - error in ant task description

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41747

   Summary: error in ant task description
   Product: Tomcat 5
   Version: 5.5.20
  Platform: All
   URL: http://tomcat.apache.org/tomcat-5.5-doc/manager-
howto.html
OS/Version: other
Status: NEW
  Severity: trivial
  Priority: P2
 Component: Webapps:Documentation
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


Wrong description of ant task 'deploy': Instead of
   ... war="${build}${path}.war"/>
should be written
   ... war="file:${build}${path}.war"/>

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513773 - in /tomcat/site/trunk: docs/download-connectors.html xdocs/download-connectors.xml

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 06:12:23 2007
New Revision: 513773

URL: http://svn.apache.org/viewvc?view=rev&rev=513773
Log:
Change mod_jk to 1.2.21

Modified:
tomcat/site/trunk/docs/download-connectors.html
tomcat/site/trunk/xdocs/download-connectors.xml

Modified: tomcat/site/trunk/docs/download-connectors.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-connectors.html?view=diff&rev=513773&r1=513772&r2=513773
==
--- tomcat/site/trunk/docs/download-connectors.html (original)
+++ tomcat/site/trunk/docs/download-connectors.html Fri Mar  2 06:12:23 2007
@@ -230,18 +230,18 @@
 
 
 
-JK
 1.2.20 Source Release tar.gz
+JK
 1.2.21 Source Release tar.gz
 
 
-[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.tar.gz.asc";>pgp]
+[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz.asc";>pgp]
 
 
 
 
-JK
 1.2.20 Source Release zip
+JK
 1.2.21 Source Release zip
 
 
-[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.zip.asc";>pgp]
+[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.zip.asc";>pgp]
 
 
 

Modified: tomcat/site/trunk/xdocs/download-connectors.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/download-connectors.xml?view=diff&rev=513773&r1=513772&r2=513773
==
--- tomcat/site/trunk/xdocs/download-connectors.xml (original)
+++ tomcat/site/trunk/xdocs/download-connectors.xml Fri Mar  2 06:12:23 2007
@@ -29,13 +29,13 @@
 JK 1.2 (actively 
maintained)
 
 Source
-JK
 1.2.20 Source Release tar.gz
-[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.tar.gz.asc";>pgp]
+JK
 1.2.21 Source Release tar.gz
+[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz.asc";>pgp]
 
 
 
-JK
 1.2.20 Source Release zip
-[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.zip.asc";>pgp]
+JK
 1.2.21 Source Release zip
+[http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.zip.asc";>pgp]
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: reload on demand

2007-03-02 Thread Filip Hanik - Dev Lists 

Kent Tong wrote:

Filip Hanik - Dev Lists  hanik.com> writes:

  
see that the solution I gave you, doesn't need to reload the app, it 
simply reloads the individual class file. for large apps, you don't have 
to wait for the entire app to reload

that would qualify as automatic too, wouldnt it?



Thanks. I've taken a look at it. Here are some issues with it:
1) It still uses a timer. So it will still keep reloading when I
am editing my files.
2) I have to specified which servlet classes to monitor. It seems
there is no way to monitor all classes (including domain classes).
3) Reloading only a particular class will probably break the
webapp (eg, when instances of classes hold references to its 
instances).
  
sounds like you want the cake and eat it too, follow Yoav's suggestion, 
and write a macro so that everytime you update a class you touch a 
watched resource after the update has been complete


Filip



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

http://tomcat.apache.org/tomcat-6.0-doc/RELEASE-NOTES.txt is missing?

2007-03-02 Thread Yoav Shapira 

I get a 404 at http://tomcat.apache.org/tomcat-6.0-doc/RELEASE-NOTES.txt

The release notes that ship with the 6.0.10 binary downloads are fine.

Yoav

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513780 - in /tomcat/connectors/trunk/jk: native/STATUS.txt native/common/portable.h.sample native/configure.in native/iis/installer/isapi-redirector-win32-msi.ism native/iis/isapi_redirec

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 06:25:46 2007
New Revision: 513780

URL: http://svn.apache.org/viewvc?view=rev&rev=513780
Log:
Change version to 1.2.22

Modified:
tomcat/connectors/trunk/jk/native/STATUS.txt
tomcat/connectors/trunk/jk/native/common/portable.h.sample
tomcat/connectors/trunk/jk/native/configure.in

tomcat/connectors/trunk/jk/native/iis/installer/isapi-redirector-win32-msi.ism
tomcat/connectors/trunk/jk/native/iis/isapi_redirect.rc
tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/native/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/STATUS.txt?view=diff&rev=513780&r1=513779&r2=513780
==
--- tomcat/connectors/trunk/jk/native/STATUS.txt (original)
+++ tomcat/connectors/trunk/jk/native/STATUS.txt Fri Mar  2 06:25:46 2007
@@ -3,6 +3,7 @@
 
 Release:
 
+1.2.22  : in development
 1.2.21  : released March 1, 2007
 1.2.20  : released December 10, 2006
 1.2.19  : released September 17, 2006

Modified: tomcat/connectors/trunk/jk/native/common/portable.h.sample
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/portable.h.sample?view=diff&rev=513780&r1=513779&r2=513780
==
--- tomcat/connectors/trunk/jk/native/common/portable.h.sample (original)
+++ tomcat/connectors/trunk/jk/native/common/portable.h.sample Fri Mar  2 
06:25:46 2007
@@ -93,4 +93,4 @@
 #define USE_SO_SNDTIMEO 1
 
 /* Version number of package */
-#define VERSION "1.2.21"
+#define VERSION "1.2.22"

Modified: tomcat/connectors/trunk/jk/native/configure.in
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/configure.in?view=diff&rev=513780&r1=513779&r2=513780
==
--- tomcat/connectors/trunk/jk/native/configure.in (original)
+++ tomcat/connectors/trunk/jk/native/configure.in Fri Mar  2 06:25:46 2007
@@ -11,7 +11,7 @@
 
 dnl package and version. (synchronization with common/jk_version.h ?)
 PACKAGE=mod_jk
-VERSION=1.2.21
+VERSION=1.2.22
 
 AM_INIT_AUTOMAKE(${PACKAGE}, ${VERSION})
 

Modified: 
tomcat/connectors/trunk/jk/native/iis/installer/isapi-redirector-win32-msi.ism
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/installer/isapi-redirector-win32-msi.ism?view=diff&rev=513780&r1=513779&r2=513780
==
--- 
tomcat/connectors/trunk/jk/native/iis/installer/isapi-redirector-win32-msi.ism 
(original)
+++ 
tomcat/connectors/trunk/jk/native/iis/installer/isapi-redirector-win32-msi.ism 
Fri Mar  2 06:25:46 2007
@@ -3409,7 +3409,7 @@
ProductIDnone
ProductLanguage1033
ProductNameTomcat Isapi 
Redirector
-   ProductVersion1.2.21
+   ProductVersion1.2.22
ProgressType0install
ProgressType1Installing
ProgressType2installed

Modified: tomcat/connectors/trunk/jk/native/iis/isapi_redirect.rc
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/isapi_redirect.rc?view=diff&rev=513780&r1=513779&r2=513780
==
--- tomcat/connectors/trunk/jk/native/iis/isapi_redirect.rc (original)
+++ tomcat/connectors/trunk/jk/native/iis/isapi_redirect.rc Fri Mar  2 06:25:46 
2007
@@ -1,4 +1,4 @@
-#define JK_COPYRIGHT "Copyright 2000-2006 The Apache Software " \
+#define JK_COPYRIGHT "Copyright 2000-2007 The Apache Software " \
  "Foundation or its licensors, as applicable."
 
 #define JK_LICENSE "Licensed under the Apache License, Version 2.0 " \
@@ -14,13 +14,13 @@
 "specific language governing permissions and " \
 "limitations under the License."
 
-#define JK_VERSION_STR  "1.2.21"
+#define JK_VERSION_STR  "1.2.22"
 #define JK_DLL_BASENAME "isapi_redirect-" JK_VERSION_STR
 
 
 1 VERSIONINFO
- FILEVERSION 1,2,21,0
- PRODUCTVERSION 1,2,21,0
+ FILEVERSION 1,2,22,0
+ PRODUCTVERSION 1,2,22,0
  FILEFLAGSMASK 0x3fL
 #if defined(_DEBUG)
  FILEFLAGS 0x01L

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=513780&r1=513779&r2=513780
==
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar  2 
06:25:46 2007
@@ -22,6 +22,9 @@
   new documentation project for JK was started.
   
 
+
+  
+
 
   
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-ma

Re: Covering official Tomcat 6 release

2007-03-02 Thread Yoav Shapira 

Hi,
FYI, I just had an IM conversation with Rick.  He's nice.  He wants
someone to maybe do a screencast about Tomcat 6.  I told him I
personally wasn't interested and don't have the spare bandwidth, but
that other Tomcat committers might be interested.  If someone wants to
do it, just keep us in the loop please.  I also told him to ask
questions, if any, on [EMAIL PROTECTED]  C'est tout,

Yoav

On 3/1/07, Yoav Shapira <[EMAIL PROTECTED]> wrote:

Rick,
I've contacted the Tomcat developer group, and apparently no one is
interested enough or has the time to help out with this effort right
now... Besides me, of course ;)  So I'll make myself available via
email and instant messenger right now.  Hopefully that'll work and I
can answer most of your questions well enough.  Phone is a bit less
convenient for the next day or two.

If you prefer to chat with other or more people from the Tomcat
developer group, it'll probably be possible, but will require more
time, at least a day or two.

My IM contact information: ShapiraYoav on AIM, yoavs1 on Yahoo,
[EMAIL PROTECTED] on MSN.

Thanks,

Yoav

On 3/1/07, Rick Ross <[EMAIL PROTECTED]> wrote:
> Hi Yoav,
>
> We saw at DZone that you guys have just released the first official
> "stable" version of Apache Tomcat 6. I'd like to get someone on our end
> assigned to communicate with appropriate members of the Tomcat team to
> give this good exposure at DZone, Javalobby and EclipseZone. Maybe an
> interview is in order, what do you think?
>
> Could you consider who would be the best person/persons at your end and
> get back to me asap?
>
> Thanks very much,
> Rick
>
> PS - DZone link -
> http://www.dzone.com/links/apache_tomcat_6010_stable_released.html
>
> --
> Rick Ross
> President, DZone, Inc.
> Phone: +1.919.678.0300
> Email: [EMAIL PROTECTED]
> Yahoo/AOL/Skype: rickrossjl
> MSN: [EMAIL PROTECTED]
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: http://tomcat.apache.org/tomcat-6.0-doc/RELEASE-NOTES.txt is missing?

2007-03-02 Thread Rainer Jung 

I can confirm, that this file is missing in the content directory.

However I don't know, how the release process for TC works, so I can't 
immediately fix it.


Rainer

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: reload on demand

2007-03-02 Thread Kent Tong 
Filip Hanik - Dev Lists  hanik.com> writes:

> sounds like you want the cake and eat it too, follow Yoav's suggestion, 
> and write a macro so that everytime you update a class you touch a 
> watched resource after the update has been complete

I really don't understand. What's wrong with reloading a changed webapp
whenever it is accessed?




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41746] - Default web application can not be changed

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41746





--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 07:06 ---
(In reply to comment #0)
> Note:
> I tested the same app. couple of weeks ago on Apache Tomcat 6.0.7 and 
> everything
> worked ok.

Nice try :)


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: reload on demand

2007-03-02 Thread Yoav Shapira 

Hi,

On 3/2/07, Kent Tong <[EMAIL PROTECTED]> wrote:

Filip Hanik - Dev Lists  hanik.com> writes:

> sounds like you want the cake and eat it too, follow Yoav's suggestion,
> and write a macro so that everytime you update a class you touch a
> watched resource after the update has been complete

I really don't understand. What's wrong with reloading a changed webapp
whenever it is accessed?


The general idea is to reload an app when you know it needs to be
reloaded, not when it's accessed, so as to minimize delays as seen by
the users.  It's a basic principle of designing for performance.
However, there's nothing written in stone that says you can't do what
you want: go write the code and have a blast with it ;)  That's part
of the fun of open-source software...

Yoav

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513808 - /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 07:27:47 2007
New Revision: 513808

URL: http://svn.apache.org/viewvc?view=rev&rev=513808
Log:
Add lastest idem from 1.2.21

Modified:
tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=513808&r1=513807&r2=513808
==
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar  2 
07:27:47 2007
@@ -29,6 +29,17 @@
   
   
 
+  
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>CVE-2007-0774
+: Fix a buffer overflow in map_uri_to_worker().
+URL longer that 4095 were crashing mod_jk.
+This could have allow different kind of attacks. Reported by ZDI.
+Please note this issue only affected versions 1.2.19 and 1.2.20 of the
+Apache Tomcat JK Web Server Connector and not previous versions.
+Tomcat 5.5.20 and Tomcat 4.1.34
+included a vulnerable version in their source packages.
+Other versions of Tomcat were not affected.
+  
   
   Check the worker. parameters and don't start if the parameter is not a 
valid one. (jfclere)
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: reload on demand

2007-03-02 Thread Filip Hanik - Dev Lists 

Kent Tong wrote:

Filip Hanik - Dev Lists  hanik.com> writes:

  
sounds like you want the cake and eat it too, follow Yoav's suggestion, 
and write a macro so that everytime you update a class you touch a 
watched resource after the update has been complete



I really don't understand. What's wrong with reloading a changed webapp
whenever it is accessed?
  

besides having zero purpose in a production environment?
You've already been presented with so many options, take one of them and 
use them, you can accomplish exactly what you are looking for, but I 
doubt anyone wants to actually add in code that you are suggesting into 
the platform.


Filip




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread Mladen Turk 

Jean-Frederic wrote:


Source distribtions can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi



Can you fix the files to 664 in www.apache.org/dist
for 1.2.21 ?

Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Releasing Tomcat Connectors 1.2.21

2007-03-02 Thread Jim Jagielski 


On Mar 1, 2007, at 11:11 AM, Jean-Frederic wrote:



Apache Tomcat Connectors 1.2.21 is:
[X] Stable - no major issues, no regressions
[ ] Beta - at least one significant issue -- tell us what it is
[ ] Alpha - multiple significant issues -- tell us what they are



Stable

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread Jean-Frederic 
On Fri, 2007-03-02 at 17:34 +0100, Mladen Turk wrote:
> Jean-Frederic wrote:
> > 
> > Source distribtions can be downloaded from an
> > Apache Software Foundation mirror at:
> > 
> > http://tomcat.apache.org/download-connectors.cgi
> >
> 
> Can you fix the files to 664 in www.apache.org/dist
> for 1.2.21 ?

Done thanks

Cheers

Jean-Frederic

> 
> Regards,
> Mladen.
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread Mladen Turk 

Jean-Frederic wrote:

On Fri, 2007-03-02 at 17:34 +0100, Mladen Turk wrote:

Jean-Frederic wrote:

Source distribtions can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi


Can you fix the files to 664 in www.apache.org/dist
for 1.2.21 ?


Done thanks



Cool. I'll create Windows binaries as soon as
the sources gets synced with mirrors.

I propose we don't maintain the Apache 1.3
binaries for Win32 any more. Apache 2.0 and 2.2
binaries should be more then enough.

Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41749] New: - Tomcat with APR using SSL spins CPU at 100%

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41749

   Summary: Tomcat with APR using SSL spins CPU at 100%
   Product: Tomcat 5
   Version: 5.5.20
  Platform: Macintosh
OS/Version: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connector:Coyote
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


I have a problem about once a week with a server which primarily serves HTTPS.
The server continues to respond, but it pegs the CPU. The only remedy is to
restart tomcat. 

The configuration is:

Redhat EL 4.
Dual AMD Operteron Processors.
1GB.
2.6.9-42.0.2.ELsmp
openssl-0.9.7a-43.14
apr 1.2.8
tomcat-native 1.1.8
tomcat 5.5.20
thawte issued certificate.

Here's the stacktrace for the only two threads which are doing any work. All
other threads are waiting.

"http-8443-14" daemon prio=1 tid=0x090c0630 nid=0x1cdc runnable
[0x883fe000..0x883feeb0]
at org.apache.tomcat.jni.Socket.recvbb(Native Method)
at
org.apache.coyote.http11.InternalAprInputBuffer.fill(InternalAprInputBuffer.java:817)
at
org.apache.coyote.http11.InternalAprInputBuffer$SocketInputBuffer.doRead(InternalAprInputBuffer.java:852)
at
org.apache.coyote.http11.filters.IdentityInputFilter.doRead(IdentityInputFilter.java:115)
at
org.apache.coyote.http11.InternalAprInputBuffer.doRead(InternalAprInputBuffer.java:771)
at org.apache.coyote.Request.doRead(Request.java:418)
at 
org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:284)
at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:404)
at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:299)
at 
org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:192)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
- locked <0xa22ee680> (a java.io.InputStreamReader)
at java.io.InputStreamReader.read(Unknown Source)
at 
org.apache.xerces.readers.CharReader.fillCurrentChunk(CharReader.java:167)
at org.apache.xerces.readers.CharReader.(CharReader.java:85)
at
org.apache.xerces.readers.DefaultReaderFactory.createCharReader(DefaultReaderFactory.java:186)
at
org.apache.xerces.readers.DefaultReaderFactory.createReader(DefaultReaderFactory.java:140)
at
org.apache.xerces.readers.DefaultEntityHandler.startReadingFromDocument(DefaultEntityHandler.java:493)
at 
org.apache.xerces.framework.XMLParser.parseSomeSetup(XMLParser.java:314)
at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1097)
at javax.xml.parsers.SAXParser.parse(Unknown Source)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at 
org.apache.axis.server.AxisServer.initSOAPConstants(AxisServer.java:345)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:279)
at 
org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at 
org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at 
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:833)
at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:639)
at 
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread William L. Thomson Jr. 
On Fri, 2007-03-02 at 18:26 +0100, Mladen Turk wrote:
>
> Cool. I'll create Windows binaries as soon as
> the sources gets synced with mirrors.

Yeah that slowed me down a bit as well :)

Packaged and available on Gentoo in ~arch.

-- 
William L. Thomson Jr.
Gentoo/Java


signature.asc
Description: This is a digitally signed message part

[ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread Jean-Frederic 
The Apache Tomcat team is pleased to announce the immediate availability
of version 1.2.21 of the Apache Tomcat Connectors.

It contains connectors, which allow a web server such as Apache HTTPD,
Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web
application server.

This version of mod_jk is principally a bug and security fix release. 
The following potential security flaw is addressed:

CVE-2007-0774:
Fix a buffer overflow in map_uri_to_worker().
URL longer that 4095 were crashing mod_jk. This could have allow
different kind of attacks. Reported by ZDI.
Please note this issue only
affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server
Connector and not previous versions.  Tomcat 5.5.20 and Tomcat 4.1.34
included a vulnerable version in their source packages.
Other versions of Tomcat were not affected.

See http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
for a complete list of changes.

Source distribtions can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Binary distributions for a number of different operating systems and
web servers can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Documentation for using JK with Tomcat 3.3, 4.1, 5.0 and 5.5
can be found at:

http://tomcat.apache.org/connectors-doc/

Thank you,

-- The Apache Tomcat Team



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Covering official Tomcat 6 release

2007-03-02 Thread William A. Rowe, Jr. 
Yoav Shapira wrote:
> Hi,
> FYI, I just had an IM conversation with Rick.  He's nice.  He wants
> someone to maybe do a screencast about Tomcat 6.  I told him I
> personally wasn't interested and don't have the spare bandwidth, but
> that other Tomcat committers might be interested.  If someone wants to
> do it, just keep us in the loop please.  I also told him to ask
> questions, if any, on [EMAIL PROTECTED]  C'est tout,

Related venue - I'm certain Rich and David would love to podcast one
of you at http://www.feathercast.org/ - please consider setting one up!

Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Covering official Tomcat 6 release

2007-03-02 Thread Yoav Shapira 

Hi,

On 3/2/07, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:

Yoav Shapira wrote:
> Hi,
> FYI, I just had an IM conversation with Rick.  He's nice.  He wants
> someone to maybe do a screencast about Tomcat 6.  I told him I
> personally wasn't interested and don't have the spare bandwidth, but
> that other Tomcat committers might be interested.  If someone wants to
> do it, just keep us in the loop please.  I also told him to ask
> questions, if any, on [EMAIL PROTECTED]  C'est tout,

Related venue - I'm certain Rich and David would love to podcast one
of you at http://www.feathercast.org/ - please consider setting one up!


Yeah, David mentioned it last time I met him.  We had other time
constraints, but we'll probably do a FeatherCast next time one of them
is in Boston or we meet otherwise...

Yoav

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513908 - /tomcat/build/tags/tc5.5.x/TOMCAT_5_5_23/

2007-03-02 Thread fhanik 
Author: fhanik
Date: Fri Mar  2 11:40:36 2007
New Revision: 513908

URL: http://svn.apache.org/viewvc?view=rev&rev=513908
Log:
Tagging Tomcat version TOMCAT_5_5_23.

Added:
tomcat/build/tags/tc5.5.x/TOMCAT_5_5_23/
  - copied from r513907, tomcat/build/tc5.5.x/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513909 - /tomcat/connectors/tags/tc5.5.x/TOMCAT_5_5_23/

2007-03-02 Thread fhanik 
Author: fhanik
Date: Fri Mar  2 11:40:40 2007
New Revision: 513909

URL: http://svn.apache.org/viewvc?view=rev&rev=513909
Log:
Tagging Tomcat version TOMCAT_5_5_23.

Added:
tomcat/connectors/tags/tc5.5.x/TOMCAT_5_5_23/
  - copied from r513908, tomcat/connectors/trunk/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513910 - /tomcat/container/tags/tc5.5.x/TOMCAT_5_5_23/

2007-03-02 Thread fhanik 
Author: fhanik
Date: Fri Mar  2 11:40:43 2007
New Revision: 513910

URL: http://svn.apache.org/viewvc?view=rev&rev=513910
Log:
Tagging Tomcat version TOMCAT_5_5_23.

Added:
tomcat/container/tags/tc5.5.x/TOMCAT_5_5_23/
  - copied from r513909, tomcat/container/tc5.5.x/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513911 - /tomcat/jasper/tags/tc5.5.x/TOMCAT_5_5_23/

2007-03-02 Thread fhanik 
Author: fhanik
Date: Fri Mar  2 11:40:47 2007
New Revision: 513911

URL: http://svn.apache.org/viewvc?view=rev&rev=513911
Log:
Tagging Tomcat version TOMCAT_5_5_23.

Added:
tomcat/jasper/tags/tc5.5.x/TOMCAT_5_5_23/
  - copied from r513910, tomcat/jasper/tc5.5.x/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513912 - /tomcat/servletapi/tags/servlet2.4-jsp2.0-tc5.x/TOMCAT_5_5_23/

2007-03-02 Thread fhanik 
Author: fhanik
Date: Fri Mar  2 11:40:51 2007
New Revision: 513912

URL: http://svn.apache.org/viewvc?view=rev&rev=513912
Log:
Tagging Tomcat version TOMCAT_5_5_23.

Added:
tomcat/servletapi/tags/servlet2.4-jsp2.0-tc5.x/TOMCAT_5_5_23/
  - copied from r513911, tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r513913 - /tomcat/site/tags/TOMCAT_5_5_23/

2007-03-02 Thread fhanik 
Author: fhanik
Date: Fri Mar  2 11:40:54 2007
New Revision: 513913

URL: http://svn.apache.org/viewvc?view=rev&rev=513913
Log:
Tagging Tomcat version TOMCAT_5_5_23.

Added:
tomcat/site/tags/TOMCAT_5_5_23/
  - copied from r513912, tomcat/site/trunk/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Proposed new security pages

2007-03-02 Thread Jean-Frederic 
On Thu, 2007-02-15 at 22:34 -0500, Mark Thomas wrote:
> All,
> 
> I have started to put together some additional security pages based on
> httpd. I have only added text for a couple vulnerabilities but the
> plan is to include all those in the CVE list plus any I can find in
> the archives.
> 
> The draft is currently on people.a.o at
> http://people.apache.org/~markt/tomcat-security/security.html
> 
> My plan is to commit as is and then work through the CVE list. Once I
> have all the CVE entries I'll remove the work in progress comment at
> the top of the first page and then start searching the archives and
> other public vulnerability databases.
> 
> Any comments before I commit these changes to the live site?

Add a mod_jk Apache Tomcat JK

+1

Cheers

Jean-Frederic

> 
> Mark
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41538] - Unable to run Tomcat as a Windows service under JDK 1.6

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41538





--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 14:10 ---
Mladen, I think you are mistaking two different bugs here.

The first issue is that in older builds of JDK6 could not find msvcr71.dll and
poped up a dialog box when you ran java from command-line. This has been fixed
in JDK6 final. See: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6372216

The second issue (totally unrelated to the first) is that Tomcat does not ship
msvcr71.dll as part of its installer even though Microsoft's deployment guide
clearly requires this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/_crt_c_run.2d.time_libraries.asp

I quote: "An application should use and redistribute msvcr71.dll, and it should
avoid placing a copy or using an existing copy of msvcr71.dll in the system
directory. Instead, the application should keep a copy of msvcr71.dll in its
application directory with the program executable."

Just because the JRE happens to redistribute msvcr71.dll itself does not mean
that Tomcat is not required to do the same. The point of an installer is to
unpack the software and fully configure it. By asking users to manually add
JAVA_HOME/bin to their PATH (where is this documented even?) you are completely
missing this point.

In my humble view you have two options:

1) Follow the Microsoft deployment guide and redistribute msvcr71.dll with
Tomcat. Every application I know does this.

2) Alternatively, if you insist on reusing msvcr71.dll shipped with the JRE,
Tomcat's installer should either copy it into the tomcat/bin directory or modify
tomcat5.exe to explicitly look for it in jre/bin.

The existing error message is extremely cryptic and very hard to figure out.
Please reconsider fixing this as soon as possible.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41746] - Default web application can not be changed

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41746


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 14:18 ---
Since 5.5, to create a path="" you have couple of different options

1. define the http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread Rainer Jung 
Looks like you are using JkRequestLogFormat. This adds a kind of access
log to the mod_jk log file. New versions of mod_jk are able to log all
intersting info directly to the access log, so there should be no need
for JkRequestLogFormat in general.

Drop JkRequestLogFormat and set JkLogLevel to error (or warn).

Actually info would be beter. Info produces lines you can ignore unless
there are warnings o errors, but then there is helpful additional
information to understand, why the error occured.

Regards,

Rainer

Sven Köhler schrieb:
>> The Apache Tomcat team is pleased to announce the immediate availability
>> of version 1.2.21 of the Apache Tomcat Connectors.
> 
> Thanks! I desperately waited for it! ;-)
> 
> 
> If i may ask a quick question:
> what's that log output in mod_jk.log, looking like this?
> 
> [Fri Mar 02 23:02:48 2007] worker1 www.jugendherberge.de 0.045109
> [Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.019886
> [Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.047229
> [Fri Mar 02 23:02:52 2007] worker1 www.jugendherberge.de 0.038092
> 
> 
> JkLogLevel is set to info.
> Also tried error.
> 
> Actually, if i had a wish, i'd like to have only error-messages in
> mod_jk.log.
> 
> 
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread Sven Köhler 
> The Apache Tomcat team is pleased to announce the immediate availability
> of version 1.2.21 of the Apache Tomcat Connectors.

Thanks! I desperately waited for it! ;-)


If i may ask a quick question:
what's that log output in mod_jk.log, looking like this?

[Fri Mar 02 23:02:48 2007] worker1 www.jugendherberge.de 0.045109
[Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.019886
[Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.047229
[Fri Mar 02 23:02:52 2007] worker1 www.jugendherberge.de 0.038092


JkLogLevel is set to info.
Also tried error.

Actually, if i had a wish, i'd like to have only error-messages in
mod_jk.log.





signature.asc
Description: OpenPGP digital signature

[VOTE] Release build 5.5.23

2007-03-02 Thread Filip Hanik - Dev Lists 
Candidate binaries are available here: 
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.23/


According to the (slightly) updated release process, the 5.5.23 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[ ] Stable


Filip

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JK2 confusion

2007-03-02 Thread William A. Rowe, Jr. 
Since JK2 is now off the map, does it make sense to update

http://www.apache.org/dist/tomcat/tomcat-connectors/

and simply remove jk2?  The user could still dig these up if they
wanted over at

http://archive.apache.org/dist/tomcat/tomcat-connectors/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Debugging tomcat

2007-03-02 Thread Sven Köhler 
Hi,

i'd like to investigate about some bug - or at least something, of which
i think, that it is a bug.

Therefor, i would like to somehow dump all the AJP-packets, that are
exchanged between mod_jk and tomcat.

Is there some packet-dump-feature of either mod_jk or tomcat, that i
could use?


Thanks,
  Sven



signature.asc
Description: OpenPGP digital signature

Re: JK2 confusion

2007-03-02 Thread Rainer Jung 
Yes I agree, that it's time for this. We could also remove mod_jk2 from
the download page and add a text line saying, that mod_jk2 is deprecated
and is only available from the archive (which itself has a link on that
page).

William A. Rowe, Jr. schrieb:
> Since JK2 is now off the map, does it make sense to update
> 
> http://www.apache.org/dist/tomcat/tomcat-connectors/
> 
> and simply remove jk2?  The user could still dig these up if they
> wanted over at
> 
> http://archive.apache.org/dist/tomcat/tomcat-connectors/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Debugging tomcat

2007-03-02 Thread Rainer Jung 
On the mod_jk side: set your log level to trace.

On the tomcat side: depending on your exact connectors, set Log Level
for org.apache.jk, org.apache.ajp, org.apache.coyote to debug.

Sven Köhler schrieb:
> Hi,
> 
> i'd like to investigate about some bug - or at least something, of which
> i think, that it is a bug.
> 
> Therefor, i would like to somehow dump all the AJP-packets, that are
> exchanged between mod_jk and tomcat.
> 
> Is there some packet-dump-feature of either mod_jk or tomcat, that i
> could use?
> 
> 
> Thanks,
>   Sven
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r514026 - in /tomcat/site/trunk/docs: security-jk.html security.html

2007-03-02 Thread markt 
Author: markt
Date: Fri Mar  2 16:26:54 2007
New Revision: 514026

URL: http://svn.apache.org/viewvc?view=rev&rev=514026
Log:
Add JK vulnerability list, including recently announced issue.

Added:
tomcat/site/trunk/docs/security-jk.html   (with props)
Modified:
tomcat/site/trunk/docs/security.html

Added: tomcat/site/trunk/docs/security-jk.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-jk.html?view=auto&rev=514026
==
--- tomcat/site/trunk/docs/security-jk.html (added)
+++ tomcat/site/trunk/docs/security-jk.html Fri Mar  2 16:26:54 2007
@@ -0,0 +1,266 @@
+
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+
+
+Apache Tomcat - Apache Tomcat 6.x vulnerabilities
+
+
+
+
+
+
+
+
+
+
+http://tomcat.apache.org/";>
+
+
+
+
+
+Apache Tomcat
+
+
+
+
+http://www.apache.org/";>
+http://www.apache.org/images/asf-logo.gif"; align="right" alt="Apache 
Logo" border="0"/>
+
+
+
+
+
+http://www.google.com/search"; method="get">
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Apache Tomcat
+
+
+
+Home
+
+
+
+Download
+
+
+
+Which version?
+
+
+Tomcat 6.x
+
+
+Tomcat 5.x
+
+
+Tomcat 4.1
+
+
+Tomcat 3.3
+
+
+Tomcat Connectors
+
+
+http://archive.apache.org/dist/tomcat";>Archives
+
+
+
+Documentation
+
+
+
+Tomcat 6.0
+
+
+Tomcat 5.5
+
+
+Tomcat 5.0
+
+
+Tomcat 4.1
+
+
+Tomcat 3.3
+
+
+Tomcat Connectors
+
+
+
+Problems?
+
+
+
+Security Reports
+
+
+Find help
+
+
+FAQ
+
+
+Mailing Lists
+
+
+Bug Database
+
+
+IRC
+
+
+
+Get Involved
+
+
+
+Overview
+
+
+SVN Repositories
+
+
+Mailing Lists
+
+
+
+Misc
+
+
+
+Who We Are
+
+
+Heritage
+
+
+http://www.apache.org";>Apache Home
+
+
+Resources
+
+
+Contact
+
+
+Legal
+
+
+
+
+
+
+
+
+
+
+Apache Tomcat JK Connectors vulnerabilities
+
+
+
+
+
+
+
+
+This page lists all security vulnerabilities fixed in released versions
+   of Apache Tomcat Jk Connectors. Each vulnerability is given a
+   security impact rating by the Apache
+   Tomcat security team - please note that this rating may vary from
+   platform to platform. We also list the versions of Apache Tomcat JK
+   Connectors the flaw is known to affect, and where a flaw has not been
+   verified list the version with a question mark.
+
+This page has been created from a review of the Apache Tomcat archives
+   and the CVE list. Please send comments or corrections for these
+   vulnerabilities to the mailto:[EMAIL PROTECTED]">Tomcat
+   Security Team.
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fixed in Apache Tomcat JK Connector 1.2.21
+
+
+
+
+
+
+
+
+
+critical: Arbitary code execution and denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>
+   CVE-2007-0774
+
+
+An unsafe memory copy in the URI handler for the native JK connector
+   could result in a stackoverflow condition which could be leveraged to
+   execute arbitary code or crash the web server.
+
+Affects: JK 1.2.19-1.2.20
+   Source shipped with: Tomcat 4.1.34, 5.5.20
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Copyright © 1999-2006, The Apache Software Foundation
+
+
+
+
+
+
+
+

Propchange: tomcat/site/trunk/docs/security-jk.html
--
svn:eol-style = native

Modified: tomcat/site/trunk/docs/security.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?view=diff&rev=514026&r1=514025&r2=514026
==
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Fri Mar  2 16:26:54 2007
@@ -205,6 +205,10 @@
 Apache Tomcat 3.x Security Vulnerabilitites
   
 
+  
+Apache Tomcat JK Connectors Security
+  Vulnerabilitites
+
 
   
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Proposed new security pages

2007-03-02 Thread Mark Thomas 
Jean-Frederic wrote:
> On Thu, 2007-02-15 at 22:34 -0500, Mark Thomas wrote:
>> Any comments before I commit these changes to the live site?
> 
> Add a mod_jk Apache Tomcat JK

Done, with information about the recently announced issue.

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41752] New: - Wrong message on exception in MemoryRealm

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41752

   Summary: Wrong message on exception in MemoryRealm
   Product: Tomcat 5
   Version: 5.5.20
  Platform: Other
OS/Version: other
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


When Digester read tomcat-user.xml file and exception is throw, then is created
new LifecycleException. As first parameter of this Exception is message string.
This string is hardcoded to "memoryRealm.readXml", so I thing that log message
will be wrong too!

I think that there must be used StringManager.

actual implementation:

Digester digester = getDigester();
try {
  synchronized (digester) {
digester.push(this);
digester.parse(file);
  }
} 
catch (Exception e) {
  throw new LifecycleException("memoryRealm.readXml", e);
} 
finally {
  digester.reset();
}


fixed:

Digester digester = getDigester();
try {
  synchronized (digester) {
digester.push(this);
digester.parse(file);
  }
} 
catch (Exception e) {
  throw new LifecycleException(sm.getString("memoryRealm.readXml"), e);
} 
finally {
  digester.reset();
}

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Debugging tomcat

2007-03-02 Thread Sven Köhler 
> On the tomcat side: depending on your exact connectors, set Log Level
> for org.apache.jk, org.apache.ajp, org.apache.coyote to debug.

I tried appending "org.apache.level = FINE" to logging.properties of
tomcat 6.0.10.

But catalina.out doesn't contain any addition information. Hmm ...

Also appended the line "org.apache.handler =
java.util.logging.ConsoleHandler".

Still nothing additional in catalina.out :-(
Hmm ...

Can somebody point me at my mistake?


Thanks,
  Sven




signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Release build 5.5.23

2007-03-02 Thread Remy Maucherat 

Filip Hanik - Dev Lists wrote:
Candidate binaries are available here: 
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.23/


According to the (slightly) updated release process, the 5.5.23 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[X] Stable


Rémy


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r514031 - /tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 16:38:29 2007
New Revision: 514031

URL: http://svn.apache.org/viewvc?view=rev&rev=514031
Log:
Arrange the explaination.

Modified:
tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=514031&r1=514030&r2=514031
==
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar  2 
16:38:29 2007
@@ -22,18 +22,15 @@
   new documentation project for JK was started.
   
 
-
-  
-
 
   
   
 
   
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>CVE-2007-0774
-: Fix a buffer overflow in map_uri_to_worker().
-URL longer that 4095 were crashing mod_jk.
-This could have allow different kind of attacks. Reported by ZDI.
+: A denial of service and critical remote code execution vulnerability.
+Caused by buffer overflow in map_uri_to_worker() when URL were longer 
that 4095 bytes.
+Reported by ZDI (www.zerodayintiative.com).
 Please note this issue only affected versions 1.2.19 and 1.2.20 of the
 Apache Tomcat JK Web Server Connector and not previous versions.
 Tomcat 5.5.20 and Tomcat 4.1.34



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r514035 - in /tomcat/site/trunk/xdocs: security-jk.xml security.xml

2007-03-02 Thread markt 
Author: markt
Date: Fri Mar  2 16:58:38 2007
New Revision: 514035

URL: http://svn.apache.org/viewvc?view=rev&rev=514035
Log:
Add JK vulnerability list, including recently announced issue.
Odd. This were missed in last commit.

Added:
tomcat/site/trunk/xdocs/security-jk.xml   (with props)
Modified:
tomcat/site/trunk/xdocs/security.xml

Added: tomcat/site/trunk/xdocs/security-jk.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?view=auto&rev=514035
==
--- tomcat/site/trunk/xdocs/security-jk.xml (added)
+++ tomcat/site/trunk/xdocs/security-jk.xml Fri Mar  2 16:58:38 2007
@@ -0,0 +1,42 @@
+
+
+
+  
+Apache Tomcat Project
+Apache Tomcat 6.x vulnerabilities
+  
+
+
+
+  
+This page lists all security vulnerabilities fixed in released versions
+   of Apache Tomcat Jk Connectors. Each vulnerability is given a
+   security impact rating by the Apache
+   Tomcat security team - please note that this rating may vary from
+   platform to platform. We also list the versions of Apache Tomcat JK
+   Connectors the flaw is known to affect, and where a flaw has not been
+   verified list the version with a question mark.
+
+This page has been created from a review of the Apache Tomcat archives
+   and the CVE list. Please send comments or corrections for these
+   vulnerabilities to the mailto:[EMAIL PROTECTED]">Tomcat
+   Security Team.
+
+  
+
+  
+critical: Arbitary code execution and denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>
+   CVE-2007-0774
+
+An unsafe memory copy in the URI handler for the native JK connector
+   could result in a stackoverflow condition which could be leveraged to
+   execute arbitary code or crash the web server.
+
+Affects: JK 1.2.19-1.2.20
+   Source shipped with: Tomcat 4.1.34, 5.5.20
+
+  
+
+
+

Propchange: tomcat/site/trunk/xdocs/security-jk.xml
--
svn:eol-style = native

Modified: tomcat/site/trunk/xdocs/security.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?view=diff&rev=514035&r1=514034&r2=514035
==
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Fri Mar  2 16:58:38 2007
@@ -21,6 +21,8 @@
   
   Apache Tomcat 3.x Security Vulnerabilitites
   
+  Apache Tomcat JK Connectors Security
+  Vulnerabilitites
 
   
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r514039 - in /tomcat/site/trunk: docs/download-connectors.html xdocs/download-connectors.xml

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 17:07:41 2007
New Revision: 514039

URL: http://svn.apache.org/viewvc?view=rev&rev=514039
Log:
Add a note to the new mod_jk vulnerabilities page.

Modified:
tomcat/site/trunk/docs/download-connectors.html
tomcat/site/trunk/xdocs/download-connectors.xml

Modified: tomcat/site/trunk/docs/download-connectors.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-connectors.html?view=diff&rev=514039&r1=514038&r2=514039
==
--- tomcat/site/trunk/docs/download-connectors.html (original)
+++ tomcat/site/trunk/docs/download-connectors.html Fri Mar  2 17:07:41 2007
@@ -221,7 +221,10 @@
 
 
 
-JK 1.2 (actively maintained)
+JK 1.2 (actively maintained) (
+WARNING: Critical vulnerabilities in previous 
versions
+) 
+
 
 
 

Modified: tomcat/site/trunk/xdocs/download-connectors.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/download-connectors.xml?view=diff&rev=514039&r1=514038&r2=514039
==
--- tomcat/site/trunk/xdocs/download-connectors.xml (original)
+++ tomcat/site/trunk/xdocs/download-connectors.xml Fri Mar  2 17:07:41 2007
@@ -26,7 +26,8 @@
 
 
 
-JK 1.2 (actively 
maintained)
+JK 1.2 (actively 
maintained) (WARNING: Critical 
vulnerabilities in previous versions) 
+
 
 Source
 JK
 1.2.21 Source Release tar.gz



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r514042 - /tomcat/connectors/trunk/jk/xdocs/index.xml

2007-03-02 Thread jfclere 
Author: jfclere
Date: Fri Mar  2 17:20:48 2007
New Revision: 514042

URL: http://svn.apache.org/viewvc?view=rev&rev=514042
Log:
Add a long note about the vulnerability.

Modified:
tomcat/connectors/trunk/jk/xdocs/index.xml

Modified: tomcat/connectors/trunk/jk/xdocs/index.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/index.xml?view=diff&rev=514042&r1=514041&r2=514042
==
--- tomcat/connectors/trunk/jk/xdocs/index.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/index.xml Fri Mar  2 17:20:48 2007
@@ -33,6 +33,28 @@
 The Apache Tomcat team is proud to announce the immediate availability
 of Tomcat Connectors 1.2.21 Stable.
 
+This version addresses the security flaw:
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>CVE-2007-0774
+A Long URL Stack Overflow Vulnerability exists in the URI handler for the 
mod_jk library.
+When parsing a long URL request, the URI worker map routine performs an
+unsafe memory copy. This results in a stack overflow condition which can
+be leveraged execute arbitrary code.
+
+Please note this issue only affected versions 1.2.19 and 1.2.20 of the
+JK Apache Tomcat Connector and not previous versions.
+Tomcat 5.5.20 and Tomcat 4.1.34
+included a vulnerable version in their source packages.
+No other source code releases  and no binary 
packages
+of Tomcat were affected.
+
+The Apache Tomcat project recommends that all users who have built mod_jk from 
source apply the patch or upgrade to the latest level and rebuild. Providers of 
mod_jk-based modules in pre-compiled form will be able to determine if this 
vulnerability applies to their builds. That determination has no bearing on any 
other builds of mod_jk, and mod_jk users are urged to exercise caution and 
apply patches or upgrade unless they have specific instructions from the 
provider of their module.
+
+The Tomcat Project thanks an anonymous researcher working with 
+TippingPoint (www.tippingpoint.com) and the Zero Day Initiative 
+(www.zerodayintiative.com) for their responsible reporting of this 
+vulnerability.
+
 Download the http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz";>JK
 1.2.21 release sources
  | http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz.asc";>PGP
 signature
 
@@ -193,11 +215,11 @@
 
 
 
-2006
+2006
 
-2005
+2005
 
-2004
+2004
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

2007-03-02 Thread Jean-Frederic 
Hi,

Paul Querna suggest to use LimitRequestLine 4000 on Apache httpd to
limit the possible abuse of this vulnerability.
Just add it in httpd.conf and make a graceful restart.

Cheers

Jean-Frederic


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 36155] - tomcat chooses wrong host if using mod_jk

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36155


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|WORKSFORME  |




--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 20:13 ---
I found the bug.
It's still present in Tomcat 6.0.10.
I will supply details soon, as well as a patch.


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: reload on demand

2007-03-02 Thread Kent Tong 
Yoav Shapira  apache.org> writes:

> The general idea is to reload an app when you know it needs to be
> reloaded, not when it's accessed, so as to minimize delays as seen by
> the users.  It's a basic principle of designing for performance.
> However, there's nothing written in stone that says you can't do what
> you want: go write the code and have a blast with it ;)  That's part
> of the fun of open-source software...

Thanks. That's pretty much what I thought (regarding performance). I'll
see what I can do to code it...




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: reload on demand

2007-03-02 Thread Kent Tong 
Filip Hanik - Dev Lists  hanik.com> writes:

> besides having zero purpose in a production environment?

Right, it has no purpose in a production env. It's only used in
development.

> You've already been presented with so many options, take one of them and 
> use them, you can accomplish exactly what you are looking for, 

The Tomcat resources manager doesn't work at all as it doesn't reload
the whole webapp and still uses a timer.

> but I doubt anyone wants to actually add in code that you are suggesting into 
> the platform.

I am going to see if I can create a patch for that. So, this places
zero burden on you guys. The only question is whether this feature
is absolutely less or is worth something for some people?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 36155] - tomcat chooses wrong host if using mod_jk

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36155





--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 21:59 ---
So the bug is in the class org.apache.tomcat.util.buf.MessageBytes.

The method setBytes doesn't clear the char-buffer. And the method setChars
doesn't clear the byte-buffer.

If useIPVHosts is enabled, then the parameter "host" of the
org.apache.tomcat.util.http.mapper.map()-method is a MessageBytes-Object of the
type T_BYTES. The method MessageBytes.toChars()-method is called. But this
method exists, if the charbuffer is already filled.

And in deed, the char-buffer is already filled. While the byte-buffer contains
the value "host1", the char-buffer may still contain the value "host2" because
the MessageBytes objects are reused. And instead of converting the
byte-buffer-value "host1" to chars, the old value "host2" is used. This resulted
in the bug.

So the following patch fixes the problem.


With your permission, i would like to clean up the class MessageBytes.
It really needs it - IMHO.


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 36155] - tomcat chooses wrong host if using mod_jk

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36155





--- Additional Comments From [EMAIL PROTECTED]  2007-03-02 22:00 ---
Created an attachment (id=19659)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19659&action=view)
patch for this bug

The patch should apply cleanly to Tomcat 6.0.10

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 36155] - tomcat chooses wrong host if using mod_jk

2007-03-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36155


[EMAIL PROTECTED] changed:

   What|Removed |Added

  Component|Native:JK   |Catalina
 OS/Version|other   |All
Product|Tomcat 5|Tomcat 6
   Platform|Other   |All
   Target Milestone|--- |default
Version|5.5.12  |6.0.7




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]