Changes..
Norton AntiVirus Deleted1.txt Description: plain/text - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/compiler Compiler.java JspCompiler.java
marcsaeg2003/07/01 13:59:02
Modified:src/share/org/apache/jasper/compiler Tag: tomcat_32
Compiler.java JspCompiler.java
Log:
Avoid multiple calls to isOutDated().
Avoid multiple string concatenations in getPackageName().
Revision ChangesPath
No revision
No revision
1.19.2.7 +3 -6
jakarta-tomcat/src/share/org/apache/jasper/compiler/Compiler.java
Index: Compiler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/Compiler.java,v
retrieving revision 1.19.2.6
retrieving revision 1.19.2.7
diff -u -r1.19.2.6 -r1.19.2.7
--- Compiler.java 9 Mar 2001 23:35:25 - 1.19.2.6
+++ Compiler.java 1 Jul 2003 20:59:02 - 1.19.2.7
@@ -116,9 +116,6 @@
new Object[] { classFileName },
Logger.DEBUG);
- if (!isOutDated())
-return false;
-
// Hack to avoid readign the class file every time -
// getClassName() is an _expensive_ operation, and it's needed only
// if isOutDated() return true.
1.14.2.4 +34 -17
jakarta-tomcat/src/share/org/apache/jasper/compiler/JspCompiler.java
Index: JspCompiler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/JspCompiler.java,v
retrieving revision 1.14.2.3
retrieving revision 1.14.2.4
diff -u -r1.14.2.3 -r1.14.2.4
--- JspCompiler.java 5 Jan 2001 18:07:21 - 1.14.2.3
+++ JspCompiler.java 1 Jul 2003 20:59:02 - 1.14.2.4
@@ -94,11 +94,19 @@
this.outDated = false;
setMangler(this);
- // If the .class file exists and is outdated, compute a new
- // class name
- if( isOutDated() ) {
- generateNewClassName();
- }
+ctxt.setServletPackageName(getPackageName());
+}
+
+public boolean compile() throws FileNotFoundException, JasperException,
Exception
+
+{
+// If the .class file exists and is outdated, compute a new class name
+if( isOutDated() ) {
+generateNewClassName();
+return super.compile();
+}
+
+return false;
}
private void generateNewClassName() {
@@ -195,6 +203,15 @@
try, void, volatile, while
};
+public static String[] fsKeywords = null;
+static{
+fsKeywords = new String[keywords.length];
+char fs = File.separatorChar;
+for(int i=0;ikeywords.length;i++){
+fsKeywords[i] = new String(fs + keywords[i]);
+}
+}
+
public final String getPackageName() {
if( pkgName!=null) return pkgName;
@@ -206,18 +223,18 @@
if (indexOfSepChar == -1 || indexOfSepChar == 0)
pkgName = null;
else {
- for (int i = 0; i keywords.length; i++) {
- char fs = File.separatorChar;
- int index1 = pathName.indexOf(fs + keywords[i]);
- int index2 = pathName.indexOf(keywords[i]);
- if (index1 == -1 index2 == -1) continue;
- int index = (index2 == -1) ? index1 : index2;
- while (index != -1) {
- String tmpathName = pathName.substring (0,index+1) + '%';
- pathName = tmpathName + pathName.substring (index+2);
- index = pathName.indexOf(fs + keywords[i]);
- }
- }
+char fs = File.separatorChar;
+for (int i = 0; i keywords.length; i++) {
+int index1 = pathName.indexOf(fsKeywords[i]);
+int index2 = pathName.indexOf(keywords[i]);
+if (index1 == -1 index2 == -1) continue;
+int index = (index2 == -1) ? index1 : index2;
+while (index != -1) {
+String tmpathName = pathName.substring (0,index+1) + '%';
+pathName = tmpathName + pathName.substring (index+2);
+index = pathName.indexOf(fs + keywords[i]);
+}
+}
// XXX fix for paths containing '.'.
// Need to be more elegant here.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core ContextManager.java
marcsaeg2003/07/01 13:59:58
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
ContextManager.java
Log:
Check for debug 0 before printing debug messages.
Catch SocketException to avoid sending data down a closed connection.
Revision ChangesPath
No revision
No revision
1.100.2.28 +17 -9
jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
Index: ContextManager.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
retrieving revision 1.100.2.27
retrieving revision 1.100.2.28
diff -u -r1.100.2.27 -r1.100.2.28
--- ContextManager.java 5 Oct 2001 18:12:33 - 1.100.2.27
+++ ContextManager.java 1 Jul 2003 20:59:57 - 1.100.2.28
@@ -567,7 +567,8 @@
}
String vhost=ctx.getHost();
- logInt(Adding context + ctx.toString());
+ if(debug0)
+logInt(Adding context + ctx.toString());
// XXX temporary workaround for the old SimpleMapper -
// This code will be removed as soon as the new mapper is stable.
@@ -581,7 +582,8 @@
public void removeContext( Context context ) throws TomcatException {
if( context==null ) return;
- logInt( Removing context + context.toString());
+ if(debug0)
+logInt( Removing context + context.toString());
ContextInterceptor cI[]=getContextInterceptors();
for( int i=0; i cI.length; i++ ) {
@@ -1038,8 +1040,8 @@
// XXX this log was intended to debug the status code generation.
// it can be removed for all cases.
if( code != 302 code != 401 )
- ctx.log( code ++ req + +
- req.getAttribute(javax.servlet.error.message));
+ if(debug0)
+ctx.log( code ++ req + +
req.getAttribute(javax.servlet.error.message));
errorPath = ctx.getErrorPage( code );
if( errorPath != null ) {
@@ -1098,7 +1100,14 @@
Note that it is _WRONG_ to send the trace back to
the client. AFAIK the trace is the _best_ debugger.
*/
- if (t instanceof UnavailableException) {
+if( t instanceof SocketException ) {
+/*
+ * There's nothing we can do in this case because the connection
+ * with the client is already gone. MAS 1/14/03
+ */
+ctx.log(SocketException in: + req ++ t.getMessage());
+return;
+}else if (t instanceof UnavailableException) {
int unavailableTime = -1;
if ( !((UnavailableException)t).isPermanent() ) {
unavailableTime = ((UnavailableException)t).getUnavailableSeconds();
@@ -1115,16 +1124,15 @@
res.setStatus(HttpServletResponse.SC_SERVICE_UNAVAILABLE); // 503
handleStatus( req, res, HttpServletResponse.SC_SERVICE_UNAVAILABLE );
return;
- }
- else if( t instanceof IllegalStateException ) {
+ } else if( t instanceof IllegalStateException ) {
ctx.log(IllegalStateException in: + req + +
t.getMessage() );
} else if( t instanceof org.apache.jasper.JasperException ) {
ctx.log(JasperException: + req ++ t.getMessage());
} else if( t instanceof IOException ) {
if ( Broken pipe.equals(t.getMessage()))
- return;
- ctx.log(IOException in: + req ++ t.getMessage());
+return;
+ctx.log(IOException in: + req ++ t.getMessage());
} else {
ctx.log(Exception in: + req , t );
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/connector Ajp13ConnectionHandler.java
marcsaeg2003/07/01 14:01:09
Modified:src/share/org/apache/tomcat/service/connector Tag: tomcat_32
Ajp13ConnectionHandler.java
Log:
Replaced a stack trace on System.err with a debug message.
Revision ChangesPath
No revision
No revision
1.4.2.2 +5 -4
jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectionHandler.java
Index: Ajp13ConnectionHandler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectionHandler.java,v
retrieving revision 1.4.2.1
retrieving revision 1.4.2.2
diff -u -r1.4.2.1 -r1.4.2.2
--- Ajp13ConnectionHandler.java 12 Dec 2000 09:41:43 - 1.4.2.1
+++ Ajp13ConnectionHandler.java 1 Jul 2003 21:01:08 - 1.4.2.2
@@ -175,7 +175,8 @@
//System.out.println(Closing connection);
socket.close();
} catch (Exception e) {
-e.printStackTrace();
+contextM.doLog(Exception in ProcessConnection, e,
org.apache.tomcat.logging.Logger.DEBUG);
+//e.printStackTrace();
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util FileUtil.java
marcsaeg2003/07/01 14:02:14
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
FileUtil.java
Log:
Performance improvments. Removed lots of calls to String.charAt() and
repeated calls to System.getProperty() for properties that will never
change.
Revision ChangesPath
No revision
No revision
1.9.2.9 +8 -6
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/FileUtil.java
Index: FileUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/FileUtil.java,v
retrieving revision 1.9.2.8
retrieving revision 1.9.2.9
diff -u -r1.9.2.8 -r1.9.2.9
--- FileUtil.java 21 Mar 2001 22:23:06 - 1.9.2.8
+++ FileUtil.java 1 Jul 2003 21:02:13 - 1.9.2.9
@@ -84,6 +84,8 @@
public class FileUtil {
+private static boolean isNetware =
System.getProperty(os.name).startsWith(NetWare);
+
public static File[] listFiles(File dir) {
String[] ss = dir.list();
@@ -244,7 +246,7 @@
patchPath.charAt(1) == ':') {
char[] ca = patchPath.replace('/', '\\').toCharArray();
char c;
- StringBuffer sb = new StringBuffer();
+ StringBuffer sb = new StringBuffer(ca.length);
for (int i = 0; i ca.length; i++) {
if ((ca[i] != '\\') ||
@@ -268,7 +270,7 @@
}
// fix path on NetWare - all '/' become '\\' and remove duplicate '\\'
- if (System.getProperty(os.name).startsWith(NetWare)
+ if (isNetware
path.length() =3
path.indexOf(':') 0) {
char ca[] = patchPath.replace('/', '\\').toCharArray();
@@ -297,7 +299,7 @@
return true;
// NetWare volume:
- if (System.getProperty(os.name).startsWith(NetWare)
+ if (isNetware
path.length() =3
path.indexOf(':') 0)
return true;
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util ThreadPool.java
marcsaeg2003/07/01 14:02:57
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
ThreadPool.java
Log:
Removed an error message that wasn't actually about an error condition.
This avoids filling log files with useless messages.
Revision ChangesPath
No revision
No revision
1.9.2.4 +4 -4
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/ThreadPool.java
Index: ThreadPool.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/ThreadPool.java,v
retrieving revision 1.9.2.3
retrieving revision 1.9.2.4
diff -u -r1.9.2.3 -r1.9.2.4
--- ThreadPool.java 25 Aug 2001 01:01:41 - 1.9.2.3
+++ ThreadPool.java 1 Jul 2003 21:02:57 - 1.9.2.4
@@ -206,7 +206,7 @@
openThreads(toOpen);
} else {
// XXX There really should be a way to log which pool is
exhuasted
-loghelper.log(Pool exhausted with + currentThreadCount +
threads.);
+//loghelper.log(Pool exhausted with + currentThreadCount +
threads.);
// Wait for a thread to become idel.
while(currentThreadsBusy == currentThreadCount) {
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util RequestUtil.java
marcsaeg2003/07/01 14:07:43
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
RequestUtil.java
Log:
Several performance improvements.
Revision ChangesPath
No revision
No revision
1.14.2.9 +38 -35
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java
Index: RequestUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java,v
retrieving revision 1.14.2.8
retrieving revision 1.14.2.9
diff -u -r1.14.2.8 -r1.14.2.9
--- RequestUtil.java 5 Oct 2001 21:03:54 - 1.14.2.8
+++ RequestUtil.java 1 Jul 2003 21:07:43 - 1.14.2.9
@@ -303,9 +303,10 @@
while (strPos strLen) {
int laPos;// lookahead position
+char[] ca = str.toCharArray();
// look ahead to next URLencoded metacharacter, if any
for (laPos = strPos; laPos strLen; laPos++) {
-char laChar = str.charAt(laPos);
+char laChar = ca[laPos];
if ((laChar == '+') || (laChar == '%')) {
break;
}
@@ -313,7 +314,7 @@
// if there were non-metacharacters, copy them all as a block
if (laPos strPos) {
-dec.append(str.substring(strPos,laPos));
+dec.append(ca, strPos, laPos);
strPos = laPos;
}
@@ -331,7 +332,7 @@
} else if (metaChar == '%') {
char c = (char) Integer.parseInt(str.substring(strPos + 1, strPos +
3), 16);
if(c == '/' || c == '%' || c=='.' || c == '\\' || c == '\0')
-dec.append(str.substring(strPos, strPos+3));
+dec.append(ca, strPos, strPos+3);
else
dec.append(c);
strPos += 3;
@@ -341,40 +342,42 @@
return dec.toString();
}
-public static String unUrlDecode(String data) {
- StringBuffer buf = new StringBuffer();
- for (int i = 0; i data.length(); i++) {
- char c = data.charAt(i);
- switch (c) {
- case '+':
- buf.append(' ');
- break;
- case '%':
- // XXX XXX
- try {
- buf.append((char) Integer.parseInt(data.substring(i+1,
-i+3), 16));
- i += 2;
- } catch (NumberFormatException e) {
+public static String unUrlDecode(String data)
+{
+StringBuffer buf = new StringBuffer(data.length());
+char ca[] = data.toCharArray();
+for (int i = 0; i data.length(); i++) {
+char c = ca[i];
+switch (c) {
+case '+':
+buf.append(' ');
+break;
+case '%':
+// XXX XXX
+try {
+buf.append((char) Integer.parseInt(data.substring(i+1,
+ i+3), 16));
+i += 2;
+} catch (NumberFormatException e) {
String msg = Decode error ;
- // XXX no need to add sm just for that
- // sm.getString(serverRequest.urlDecode.nfe, data);
+// XXX no need to add sm just for that
+// sm.getString(serverRequest.urlDecode.nfe, data);
+
+throw new IllegalArgumentException(msg);
+} catch (StringIndexOutOfBoundsException e) {
+String rest = data.substring(i);
+buf.append(rest);
+if (rest.length()==2)
+i++;
+}
- throw new IllegalArgumentException(msg);
- } catch (StringIndexOutOfBoundsException e) {
- String rest = data.substring(i);
- buf.append(rest);
- if (rest.length()==2)
- i++;
- }
-
- break;
- default:
- buf.append(c);
- break;
- }
- }
- return buf.toString();
+break;
+default:
+buf.append(c);
+break;
+}
+}
+return buf.toString();
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util CookieTools.java DateTool.java MimeHeaderField.java
marcsaeg2003/06/04 07:25:51
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
CookieTools.java DateTool.java MimeHeaderField.java
Log:
Fixed a thread synchronization bug that appears in MimeHeaderField.parseDate().
The SimpleDateFormats in DateTool where exposed as public members that parseDate()
reference directly with no synchronization. The SimpleDateFormat methods are
not thread safe.
Tomcat 3.2.x is no longer being officially maintained. There will be no
more official releases of Tomcat 3.2.x. To get these fixes you will need
to build Tomcat from source.
Revision ChangesPath
No revision
No revision
1.7.2.3 +5 -9
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/CookieTools.java
Index: CookieTools.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/CookieTools.java,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.3
diff -u -r1.7.2.2 -r1.7.2.3
--- CookieTools.java 10 Nov 2000 23:37:25 - 1.7.2.2
+++ CookieTools.java 4 Jun 2003 14:25:50 - 1.7.2.3
@@ -135,13 +135,9 @@
if (version == 0) {
buf.append (;Expires=);
if (cookie.getMaxAge() == 0)
-DateTool.oldCookieFormat.format(new Date(1), buf,
-new FieldPosition(0));
+DateTool.formatOldCookie(new Date(1), buf);
else
-DateTool.oldCookieFormat.format
-(new Date( System.currentTimeMillis() +
- cookie.getMaxAge() *1000L), buf,
- new FieldPosition(0));
+DateTool.formatOldCookie(new Date( System.currentTimeMillis() +
cookie.getMaxAge() *1000L), buf);
} else {
buf.append (;Max-Age=);
buf.append (cookie.getMaxAge());
1.2.2.2 +46 -17
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/DateTool.java
Index: DateTool.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/DateTool.java,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -r1.2.2.1 -r1.2.2.2
--- DateTool.java 30 Jul 2001 00:57:34 - 1.2.2.1
+++ DateTool.java 4 Jun 2003 14:25:50 - 1.2.2.2
@@ -110,38 +110,67 @@
/** DateFormat to be used to format dates
*/
-public final static SimpleDateFormat rfc1123Format =
- new SimpleDateFormat(RFC1123_PATTERN, LOCALE_US);
+private final static SimpleDateFormat rfc1123Format = new
SimpleDateFormat(RFC1123_PATTERN, LOCALE_US);
/** DateFormat to be used to format old netscape cookies
*/
-public final static SimpleDateFormat oldCookieFormat =
- new SimpleDateFormat(OLD_COOKIE_PATTERN, LOCALE_US);
+private final static SimpleDateFormat oldCookieFormat = new
SimpleDateFormat(OLD_COOKIE_PATTERN, LOCALE_US);
-public final static SimpleDateFormat rfc1036Format =
- new SimpleDateFormat(rfc1036Pattern, LOCALE_US);
+private final static SimpleDateFormat rfc1036Format = new
SimpleDateFormat(rfc1036Pattern, LOCALE_US);
-public final static SimpleDateFormat asctimeFormat =
- new SimpleDateFormat(asctimePattern, LOCALE_US);
+private final static SimpleDateFormat asctimeFormat = new
SimpleDateFormat(asctimePattern, LOCALE_US);
static {
- rfc1123Format.setTimeZone(GMT_ZONE);
- oldCookieFormat.setTimeZone(GMT_ZONE);
- rfc1036Format.setTimeZone(GMT_ZONE);
- asctimeFormat.setTimeZone(GMT_ZONE);
+rfc1123Format.setTimeZone(GMT_ZONE);
+oldCookieFormat.setTimeZone(GMT_ZONE);
+rfc1036Format.setTimeZone(GMT_ZONE);
+asctimeFormat.setTimeZone(GMT_ZONE);
}
private static String rfc1123DS;
private static long rfc1123Sec;
+
+public static Date rfc1123Parse(String dateString) throws ParseException
+{
+synchronized(rfc1123Format){
+return rfc1123Format.parse(dateString);
+}
+}
+
+public static Date rfc1036Parse(String dateString) throws ParseException
+{
+synchronized(rfc1036Format){
+return rfc1036Format.parse(dateString);
+}
+}
+
+public static Date asctimeParse(String dateString) throws ParseException
+{
+synchronized(asctimeFormat){
+return asctimeFormat.parse(dateString);
+}
+}
+
+public static void formatOldCookie(Date d, StringBuffer buf)
+{
+synchronized(oldCookieFormat
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core BufferedServletOutputStream.java
marcsaeg2002/07/02 06:52:40
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
BufferedServletOutputStream.java
Log:
If an invalid character is sent through BufferedServletOutputStream it will
cause an infinite loop on the error page because the same invalid character
will put into the error page which will then be sent through the BSOS which
will cause another exception to the error page which will start the whole
over again.
NOTE: I know that TC3.2.x has been obsoleted, but I came across this one
change that I made locally after the 3.2.4 release and figured I'd get into
CVS before it got lost on my local machine.
Revision ChangesPath
No revision
No revision
1.14.2.4 +5 -5
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/BufferedServletOutputStream.java
Index: BufferedServletOutputStream.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/BufferedServletOutputStream.java,v
retrieving revision 1.14.2.3
retrieving revision 1.14.2.4
diff -u -r1.14.2.3 -r1.14.2.4
--- BufferedServletOutputStream.java 22 Jun 2001 19:57:06 - 1.14.2.3
+++ BufferedServletOutputStream.java 2 Jul 2002 13:52:39 - 1.14.2.4
@@ -215,9 +215,9 @@
// streams properly encode their output.
//
if ((c 0xff00) != 0) {// high order byte must be zero
- String errMsg = sm.getString(
+String errMsg = sm.getString(
servletOutputStreamImpl.fmt.not_iso8859_1,
- new Object[] {new Character(c)});
+ new Object[] {Integer.toHexString((int)c)});
throw new IOException(errMsg);
}
write(c);
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Constants.java
marcsaeg01/11/20 06:53:18
Modified:src/webpages Tag: tomcat_32 index.html
src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
Log:
Updated version numbers for Tomcat 3.2.4 release.
Revision ChangesPath
No revision
No revision
1.13.2.23 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.22
retrieving revision 1.13.2.23
diff -u -r1.13.2.22 -r1.13.2.23
--- index.html2001/10/26 15:55:11 1.13.2.22
+++ index.html2001/11/20 14:53:18 1.13.2.23
@@ -4,13 +4,13 @@
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
meta name=GENERATOR content=Mozilla/4.72 [en] (WinNT; U) [Netscape]
meta name=Author content=Anil K. Vijendran
-titleTomcat v3.2.4 beta 1/title
+titleTomcat v3.2.4/title
/head
body bgcolor=#FF
img SRC=tomcat.gif height=92 width=130 align=LEFTbfont face=Arial,
Helvetica, sans-seriffont size=+3Tomcat/font/font/b
br
bfont face=Arial, Helvetica, sans-seriffont size=-1Version
-3.2.4 beta 1/font/font/b
+3.2.4/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
No revision
No revision
1.22.2.21 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.20
retrieving revision 1.22.2.21
diff -u -r1.22.2.20 -r1.22.2.21
--- Constants.java2001/10/26 15:55:11 1.22.2.20
+++ Constants.java2001/11/20 14:53:18 1.22.2.21
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = Tomcat Web Server;
-public static final String TOMCAT_VERSION = 3.2.4 beta 1;
+public static final String TOMCAT_VERSION = 3.2.4;
public static final String JSP_NAME = JSP;
public static final String JSP_VERSION = 1.1;
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-site/xdocs index.xml news.xml
marcsaeg01/11/20 09:42:21 Modified:docs index.html news.html xdocsindex.xml news.xml Log: Updates for the Tomcat 3.2.4 release. Revision ChangesPath 1.16 +9 -8 jakarta-tomcat-site/docs/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat-site/docs/index.html,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- index.html2001/11/19 04:44:37 1.15 +++ index.html2001/11/20 17:42:21 1.16 @@ -204,14 +204,15 @@ 3.1 should update to 3.1.1 to close the security holes and they are strongly encouraged to migrate to the current production release, Tomcat 3.2.3./p -pstrongTomcat 3.2.x/strong. Version 3.2 added few new features since 3.1; -the major effort was a refactoring of the internals to improve performance and -stability. The 3.2.1 release, like 3.1.1, was a security patch. Version 3.2.2 -fixed a large number of bugs and all known specification compliance issues. -Version 3.2.3 is a security update that closes a serious security hole. All -users of Tomcat versions prior to 3.2.3 should updgrade as soon as possible. -The 3.2.x branch will continue in maintenance mode, but no new feature releases -are planned./p +pstrongTomcat 3.2.x/strong. Version 3.2 added few new features +since 3.1; the major effort was a refactoring of the internals to improve +performance and stability. The 3.2.1 release, like 3.1.1, was a security +patch. Version 3.2.2 fixed a large number of bugs and all known +specification compliance issues. Version 3.2.3 was a security update that +closes a serious security hole. Version 3.2.4 is a minor bug fix release. +All users of Tomcat versions prior to 3.2.3 should updgrade as soon as +possible. With the exception of fixes for critical security related bugs, +development on the Tomcat 3.2.x branch has stopped./p pstrongTomcat 3.3/strong. Version 3.3 is the current production quality release. It continues the refactoring that was begun in version 3.2 and carries it to its logical conclusion. Version 3.3 provides a much more modular 1.13 +11 -1 jakarta-tomcat-site/docs/news.html Index: news.html === RCS file: /home/cvs/jakarta-tomcat-site/docs/news.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- news.html 2001/10/27 01:14:45 1.12 +++ news.html 2001/11/20 17:42:21 1.13 @@ -107,7 +107,17 @@ /td/tr trtd blockquote -h326 October 2001 - Apache Tomcat 3.2.4 beta 1 Released/h3 +h320 November 2001 - Apache Tomcat 3.2.4 Released/h3 +pTomcat 3.2.4 is not available for download +a href=http://www.apache.org/dist/jakarta/jakarta-tomcat/release/v3.2.4;here/a/p +pTomcat 3.2.4 fixes bugs found since the Tomcat 3.2.3 release in July, +2001. See the RELEASE-NOTES file for details on bug fixes and changes in +this release. /p +pWith the exception of fixes for critical security problems, this is the +last Tomcat 3.2.x release. All future Servlet 2.2/JSP 1.1 Tomcat releases +will be based on Tomcat 3.3./p +hr noshade= size=1 / +h326 October 2001 - Apache Tomcat 3.2.4 beta 1 Released/h3 pThe first beta release of Jakarta Tomcat 3.2.4 is now available for download at a href=http://www.apache.org/dist/jakarta/jakarta-tomcat/release/v3.2.4-beta-1;here/a/p pTomcat 3.2.4 fixes bugs found since the Tomcat 3.2.3 release in July, 1.15 +9 -8 jakarta-tomcat-site/xdocs/index.xml Index: index.xml === RCS file: /home/cvs/jakarta-tomcat-site/xdocs/index.xml,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- index.xml 2001/11/19 04:44:07 1.14 +++ index.xml 2001/11/20 17:42:21 1.15 @@ -88,14 +88,15 @@ strongly encouraged to migrate to the current production release, Tomcat 3.2.3./p -pstrongTomcat 3.2.x/strong. Version 3.2 added few new features since 3.1; -the major effort was a refactoring of the internals to improve performance and -stability. The 3.2.1 release, like 3.1.1, was a security patch. Version 3.2.2 -fixed a large
cvs commit: jakarta-tomcat-site/xdocs news.xml
marcsaeg01/11/20 09:46:09 Modified:docs news.html xdocsnews.xml Log: Fixed a stupid typo. Revision ChangesPath 1.14 +1 -1 jakarta-tomcat-site/docs/news.html Index: news.html === RCS file: /home/cvs/jakarta-tomcat-site/docs/news.html,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- news.html 2001/11/20 17:42:21 1.13 +++ news.html 2001/11/20 17:46:09 1.14 @@ -108,7 +108,7 @@ trtd blockquote h320 November 2001 - Apache Tomcat 3.2.4 Released/h3 -pTomcat 3.2.4 is not available for download +pTomcat 3.2.4 is now available for download a href=http://www.apache.org/dist/jakarta/jakarta-tomcat/release/v3.2.4;here/a/p pTomcat 3.2.4 fixes bugs found since the Tomcat 3.2.3 release in July, 2001. See the RELEASE-NOTES file for details on bug fixes and changes in 1.12 +1 -1 jakarta-tomcat-site/xdocs/news.xml Index: news.xml === RCS file: /home/cvs/jakarta-tomcat-site/xdocs/news.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- news.xml 2001/11/20 17:42:21 1.11 +++ news.xml 2001/11/20 17:46:09 1.12 @@ -12,7 +12,7 @@ h320 November 2001 - Apache Tomcat 3.2.4 Released/h3 -pTomcat 3.2.4 is not available for download +pTomcat 3.2.4 is now available for download a href=http://www.apache.org/dist/jakarta/jakarta-tomcat/release/v3.2.4;here/a/p pTomcat 3.2.4 fixes bugs found since the Tomcat 3.2.3 release in July, -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/11/13 06:29:35 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Final update to release notes prior to release vote. Revision ChangesPath No revision No revision 1.1.2.12 +2 -1 jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.11 retrieving revision 1.1.2.12 diff -u -r1.1.2.11 -r1.1.2.12 --- RELEASE-NOTES 2001/10/26 16:07:49 1.1.2.11 +++ RELEASE-NOTES 2001/11/13 14:29:34 1.1.2.12 @@ -1,4 +1,4 @@ -$Id: RELEASE-NOTES,v 1.1.2.11 2001/10/26 16:07:49 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.12 2001/11/13 14:29:34 marcsaeg Exp $ Release Notes for: @@ -334,6 +334,7 @@ the older version of JAXP and there is no requirement for users to upgrade to JAXP 1.1 unless their applications require the new version. + - Fixed NullPointerException in HttpConnectionHandler. (#4577) 7.2 Security Vulnerabilities fixed in Tomcat 3.2.4 No revision No revision 1.8.2.24 +2 -1 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.23 retrieving revision 1.8.2.24 diff -u -r1.8.2.23 -r1.8.2.24 --- readme2001/10/26 16:07:49 1.8.2.23 +++ readme2001/11/13 14:29:34 1.8.2.24 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.23 2001/10/26 16:07:49 marcsaeg Exp $ +$Id: readme,v 1.8.2.24 2001/11/13 14:29:34 marcsaeg Exp $ Release Notes for: @@ -334,6 +334,7 @@ the older version of JAXP and there is no requirement for users to upgrade to JAXP 1.1 unless their applications require the new version. + - Fixed NullPointerException in HttpConnectionHandler. (#4577) 7.2 Security Vulnerabilities fixed in Tomcat 3.2.4 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-site/docs news.html
marcsaeg01/10/26 18:14:45 Modified:xdocsnews.xml docs news.html Log: Added Tomcat 3.2.4 Revision ChangesPath 1.10 +18 -0 jakarta-tomcat-site/xdocs/news.xml Index: news.xml === RCS file: /home/cvs/jakarta-tomcat-site/xdocs/news.xml,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- news.xml 2001/10/22 20:05:57 1.9 +++ news.xml 2001/10/27 01:14:45 1.10 @@ -10,6 +10,24 @@ section name=News amp; Status +h326 October 2001 - Apache Tomcat 3.2.4 beta 1 Released/h3 + +pThe first beta release of Jakarta Tomcat 3.2.4 is now available for download at +a href=http://www.apache.org/dist/jakarta/jakarta-tomcat/release/v3.2.4-beta-1;here/a/p + +pTomcat 3.2.4 fixes bugs found since the Tomcat 3.2.3 release in July, +2001. See the RELEASE-NOTES file for details on bug fixes and changes in +this release. /p + +pPlease download and the release and try it your environment. Report +any bugs to the a href=http://nagoya.betaversion.org/bugzilla/;Apache Bug Database/a +/p + +pAssuming no show stopping bugs are found during the beta period, the +final release is expected on about November 8, 2001./p + +hr noshade= size=1/ + h322 October 2001 - Apache Tomcat 3.3 Final Released/h3 pAt long last, Tomcat 3.3 has reached Final Release! With its 1.12 +13 -1 jakarta-tomcat-site/docs/news.html Index: news.html === RCS file: /home/cvs/jakarta-tomcat-site/docs/news.html,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- news.html 2001/10/22 20:06:18 1.11 +++ news.html 2001/10/27 01:14:45 1.12 @@ -107,7 +107,19 @@ /td/tr trtd blockquote -h322 October 2001 - Apache Tomcat 3.3 Final Released/h3 +h326 October 2001 - Apache Tomcat 3.2.4 beta 1 Released/h3 +pThe first beta release of Jakarta Tomcat 3.2.4 is now available for download at +a href=http://www.apache.org/dist/jakarta/jakarta-tomcat/release/v3.2.4-beta-1;here/a/p +pTomcat 3.2.4 fixes bugs found since the Tomcat 3.2.3 release in July, +2001. See the RELEASE-NOTES file for details on bug fixes and changes in +this release. /p +pPlease download and the release and try it your environment. Report +any bugs to the a href=http://nagoya.betaversion.org/bugzilla/;Apache Bug Database/a +/p +pAssuming no show stopping bugs are found during the beta period, the +final release is expected on about November 8, 2001./p +hr noshade= size=1 / +h322 October 2001 - Apache Tomcat 3.3 Final Released/h3 pAt long last, Tomcat 3.3 has reached Final Release! With its refactored set of core classes and modules, it offers a number of new features, better performance, and more flexible configuration
cvs commit: jakarta-tomcat build.xml
marcsaeg01/10/26 06:59:04
Modified:.Tag: tomcat_32 build.xml
Log:
Changes to support building with different JAXP versions and parsers.
Revision ChangesPath
No revision
No revision
1.53.2.8 +7 -6 jakarta-tomcat/build.xml
Index: build.xml
===
RCS file: /home/cvs/jakarta-tomcat/build.xml,v
retrieving revision 1.53.2.7
retrieving revision 1.53.2.8
diff -u -r1.53.2.7 -r1.53.2.8
--- build.xml 2001/07/17 14:25:27 1.53.2.7
+++ build.xml 2001/10/26 13:59:03 1.53.2.8
@@ -5,7 +5,8 @@
property name=ant.home value=../jakarta-ant/
property name=debug value=on/
property name=j2ee.home value=../../j2ee/build/unix/
- property name=jaxp value=../jaxp-1.0.1 /
+ property name=jaxp value=../jaxp-1.1/jaxp.jar /
+ property name=parser value=../jaxp-1.1/crimson.jar /
property name=optimize value=true /
property name=servlet.jar value=../jakarta-servletapi/lib/servlet.jar/
property name=tomcat.build value=../build/tomcat/
@@ -54,10 +55,10 @@
file=${ant.home}/lib/ant.jar/
copy tofile=${tomcat.build}/lib/servlet.jar
file=${servlet.jar}/
-copy tofile=${tomcat.build}/lib/jaxp.jar
-file=${jaxp}/jaxp.jar/
-copy tofile=${tomcat.build}/lib/parser.jar
-file=${jaxp}/parser.jar/
+copy todir=${tomcat.build}/lib
+file=${jaxp}/
+copy todir=${tomcat.build}/lib
+file=${parser}/
!-- Copy golden files for the tests webapp --
copy todir=${tomcat.build}/lib/test/Golden
@@ -89,7 +90,7 @@
!-- Compile the standard Tomcat components --
javac srcdir=src/share destdir=${tomcat.build}/classes
- classpath=${servlet.jar};${jaxp}/jaxp.jar
+ classpath=${servlet.jar};${jaxp};${parser}
debug=${debug}
optimize=${optimize}
deprecation=off
cvs commit: jakarta-tomcat/src/etc server.xml
marcsaeg01/10/26 07:01:10 Modified:src/etc Tag: tomcat_32 server.xml Log: Adds Jdk12Interceptor. It is currently commented out. Revision ChangesPath No revision No revision 1.29.2.12 +7 -1 jakarta-tomcat/src/etc/server.xml Index: server.xml === RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v retrieving revision 1.29.2.11 retrieving revision 1.29.2.12 diff -u -r1.29.2.11 -r1.29.2.12 --- server.xml2001/07/15 23:09:31 1.29.2.11 +++ server.xml2001/10/26 14:01:10 1.29.2.12 @@ -125,7 +125,13 @@ ContextInterceptor className=org.apache.tomcat.context.WorkDirInterceptor / -!-- Request processing -- + !-- Uncomment if you are using JDK1.2 or higher. + Insures proper thread context class loader is in effect for servlet execution + ContextInterceptor +className=org.apache.tomcat.request.Jdk12Interceptor / + -- + + !-- Request processing -- !-- Session interceptor will extract the session id from cookies and deal with URL rewriting ( by fixing the URL ). If you wish to suppress the use of cookies for session identifiers, change the
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/net ServerSocketFactory.java
marcsaeg01/10/26 07:18:01
Modified:src/share/org/apache/tomcat/net Tag: tomcat_32
ServerSocketFactory.java
Log:
Fixed a race condition in getDefault().
PR: 4418
Submitted by: [EMAIL PROTECTED]
Revision ChangesPath
No revision
No revision
1.5.2.2 +8 -11
jakarta-tomcat/src/share/org/apache/tomcat/net/Attic/ServerSocketFactory.java
Index: ServerSocketFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/net/Attic/ServerSocketFactory.java,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- ServerSocketFactory.java 2000/10/04 20:23:50 1.5.2.1
+++ ServerSocketFactory.java 2001/10/26 14:18:00 1.5.2.2
@@ -122,22 +122,19 @@
/**
* Returns a copy of the environment's default socket factory.
*/
-public static ServerSocketFactory getDefault () {
+public static synchronized ServerSocketFactory getDefault () {
//
// optimize typical case: no synch needed
//
if (theFactory == null) {
-synchronized (ServerSocketFactory.class) {
-//
-// Different implementations of this method could
-// work rather differently. For example, driving
-// this from a system property, or using a different
-// implementation than JavaSoft's.
-//
-
-theFactory = new DefaultServerSocketFactory ();
-}
+//
+// Different implementations of this method could
+// work rather differently. For example, driving
+// this from a system property, or using a different
+// implementation than JavaSoft's.
+//
+theFactory = new DefaultServerSocketFactory ();
}
try {
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/10/26 08:46:58 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Updates for 3.2.4 beta 1 Revision ChangesPath No revision No revision 1.1.2.10 +43 -32jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.9 retrieving revision 1.1.2.10 diff -u -r1.1.2.9 -r1.1.2.10 --- RELEASE-NOTES 2001/07/17 14:07:00 1.1.2.9 +++ RELEASE-NOTES 2001/10/26 15:46:57 1.1.2.10 @@ -1,8 +1,8 @@ -$Id: RELEASE-NOTES,v 1.1.2.9 2001/07/17 14:07:00 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.10 2001/10/26 15:46:57 marcsaeg Exp $ Release Notes for: - TOMCAT Version 3.2.3 + TOMCAT Version 3.2.4 @@ -83,11 +83,12 @@ - Tomcat 3.2.1 was a security update. See section 7.3 for details. -- Tomcat 3.2.2 was a bug fix release. Section 7.1 describes the issues -that have been fixed in the version. +- Tomcat 3.2.2 was a bug fix release. - Tomcat 3.2.3 is a security release. +- Tomcat 3.2.4 is a bug fix release. See section 7.1 for details. + - Tomcat 4.0 is separate development from Tomcat 3.x. It is based on the Catalina architecture, which is very different from the architecture of Tomcat 3.x. In addition, Tomcat 4.0 is to be the reference implementation @@ -96,16 +97,9 @@ = 5. NEW FEATURES IN THIS RELEASE - -5.1 Docbase and File Based Localization - -Tomcat 3.2.2 now supports a method mapping requests into localized resources -automatically based on the client's and the server's locale. Localized -content can be organized using one directory per locale (Docbase) or -into a single directory the locale specified in the file names (File based). -A detailed description of this feature can be found in -doc/tomcat-localization-how.html +Version 3.2.4 is strictly a bug fix release. No new features have been +added. = @@ -310,24 +304,41 @@ 7. FIXES AND ENHANCEMENTS IN UPDATES -7.1 Fixes and Enhancements in Release 3.2.3 +7.1 Fixes and Enhancements in Release 3.2.4 This section highlights the bugs fixed in this release. + + - Cookie name expires is a reserved token (#1114) + - Thread initialization problem in thread pool (#1745) + - AJP12 returned invalid HTTP headers when redirecting to very + long URLS (#2333) + - Fixed casting problem in JspFactoryImpl.getPageContext(). (#4260) + - Setting sesstion-timeout in web.xml did not prevent sessions from + timing out. (#4412) + - Fixed race condition in ServerSocketFactory.getDefault(). (#4418) + - Removed the restrictions on encoded spcecial characters in URLs + that was added as a security precaution in 3.2.3. The encoded + special characters are not decoded and remain the URL and + path info returned to servlets. + - Jk_nt_service now supports the ability to be restarted automatically + by the Windows 2000 service control manager if Tomcat terminates + abnormally. + - Fixed invalid servlet mapping in web.xml generated by JspC (#3474, #3499) + - Added findResource() and findResources() to AdaptiveClassLoader12 + - A Date: HTTP header is now sent in responses when running stand + alone. (#345) + - Simple held on to a reference to removed objects preventing + garbage collection. + + + +7.2 Security Vulnerabilities fixed in Tomcat 3.2.4 - - The show source links the examples web app didn't work. (#372) - - Thread synchronization problems with servlet reloading. (#1628) - - Recycling BufferedServletOutputStream didn't reset usingWriter. (#1802) - - ZIP files in tomcat/lib were not automatically added to the CLASSPATH - by tomcat.bat (#1935) - - A sign extension problem caused ServletInputStream to prematurely return - EOF. (#1673, #1993) - - Multistatus codes for RFC 2518 were missing. (#2069) - - Missing error pages caused Tomcat to enter an infinite loop. (#2327) - - JDBCRealm SQL statements not being closed. (#2149) - - Potential for message buffer overflow in AJP13. (#1528) +The randomness of generated session ids has been enhanced to prevent the +generation of guessable ids. -7.2 Security vulnerabilities fixed in Tomcat 3.2.3 +7.3 Security vulnerabilities fixed in Tomcat 3.2.3 Non
cvs commit: jakarta-tomcat/src/webpages index.html
marcsaeg01/10/26 08:55:11
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
src/webpages Tag: tomcat_32 index.html
Log:
Updated version number for Tomcat 3.2.4 beta 1 release.
Revision ChangesPath
No revision
No revision
1.22.2.20 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.19
retrieving revision 1.22.2.20
diff -u -r1.22.2.19 -r1.22.2.20
--- Constants.java2001/07/22 12:18:42 1.22.2.19
+++ Constants.java2001/10/26 15:55:11 1.22.2.20
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = Tomcat Web Server;
-public static final String TOMCAT_VERSION = 3.2.4-dev;
+public static final String TOMCAT_VERSION = 3.2.4 beta 1;
public static final String JSP_NAME = JSP;
public static final String JSP_VERSION = 1.1;
No revision
No revision
1.13.2.22 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.21
retrieving revision 1.13.2.22
diff -u -r1.13.2.21 -r1.13.2.22
--- index.html2001/07/22 12:18:42 1.13.2.21
+++ index.html2001/10/26 15:55:11 1.13.2.22
@@ -4,13 +4,13 @@
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
meta name=GENERATOR content=Mozilla/4.72 [en] (WinNT; U) [Netscape]
meta name=Author content=Anil K. Vijendran
-titleTomcat v3.2.4-dev/title
+titleTomcat v3.2.4 beta 1/title
/head
body bgcolor=#FF
img SRC=tomcat.gif height=92 width=130 align=LEFTbfont face=Arial,
Helvetica, sans-seriffont size=+3Tomcat/font/font/b
br
bfont face=Arial, Helvetica, sans-seriffont size=-1Version
-3.2.4-dev/font/font/b
+3.2.4 beta 1/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/10/26 09:07:49 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Added note about JAXP 1.1 Revision ChangesPath No revision No revision 1.1.2.11 +6 -2 jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.10 retrieving revision 1.1.2.11 diff -u -r1.1.2.10 -r1.1.2.11 --- RELEASE-NOTES 2001/10/26 15:46:57 1.1.2.10 +++ RELEASE-NOTES 2001/10/26 16:07:49 1.1.2.11 @@ -1,4 +1,4 @@ -$Id: RELEASE-NOTES,v 1.1.2.10 2001/10/26 15:46:57 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.11 2001/10/26 16:07:49 marcsaeg Exp $ Release Notes for: @@ -329,7 +329,11 @@ alone. (#345) - Simple held on to a reference to removed objects preventing garbage collection. - + - Tomcat 3.2.4 now ships with JAXP 1.1. Prior releases used + JAXP 1.0.1. Tomcat 3.2.4 remains completely compatible with + the older version of JAXP and there is no requirement for users + to upgrade to JAXP 1.1 unless their applications require the new + version. 7.2 Security Vulnerabilities fixed in Tomcat 3.2.4 No revision No revision 1.8.2.23 +6 -2 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.22 retrieving revision 1.8.2.23 diff -u -r1.8.2.22 -r1.8.2.23 --- readme2001/10/26 15:46:57 1.8.2.22 +++ readme2001/10/26 16:07:49 1.8.2.23 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.22 2001/10/26 15:46:57 marcsaeg Exp $ +$Id: readme,v 1.8.2.23 2001/10/26 16:07:49 marcsaeg Exp $ Release Notes for: @@ -329,7 +329,11 @@ alone. (#345) - Simple held on to a reference to removed objects preventing garbage collection. - + - Tomcat 3.2.4 now ships with JAXP 1.1. Prior releases used + JAXP 1.0.1. Tomcat 3.2.4 remains completely compatible with + the older version of JAXP and there is no requirement for users + to upgrade to JAXP 1.1 unless their applications require the new + version. 7.2 Security Vulnerabilities fixed in Tomcat 3.2.4
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime JspFactoryImpl.java
marcsaeg01/10/25 10:25:49
Modified:src/share/org/apache/jasper/runtime Tag: tomcat_32
JspFactoryImpl.java
Log:
Changed the cast from PageContextImpl to PageContext when retrieving
page contexts from the pool.
PR: 4260
Submitted by: [EMAIL PROTECTED] (Udo Stark
Revision ChangesPath
No revision
No revision
1.4.2.2 +4 -4
jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java
Index: JspFactoryImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java,v
retrieving revision 1.4.2.1
retrieving revision 1.4.2.2
diff -u -r1.4.2.1 -r1.4.2.2
--- JspFactoryImpl.java 2001/05/18 14:40:35 1.4.2.1
+++ JspFactoryImpl.java 2001/10/25 17:25:48 1.4.2.2
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java,v
1.4.2.1 2001/05/18 14:40:35 marcsaeg Exp $
- * $Revision: 1.4.2.1 $
- * $Date: 2001/05/18 14:40:35 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java,v
1.4.2.2 2001/10/25 17:25:48 marcsaeg Exp $
+ * $Revision: 1.4.2.2 $
+ * $Date: 2001/10/25 17:25:48 $
*
*
*
@@ -89,7 +89,7 @@
try {
PageContext pc;
if( usePool ) {
- pc=(PageContextImpl)pool.get();
+ pc=(PageContext)pool.get();
if( pc == null ) pc= new PageContextImpl(this);
} else {
pc = new PageContextImpl(this);
cvs commit: jakarta-tomcat RELEASE-PLAN-3.2.4
marcsaeg01/10/19 10:17:47 Added: .Tag: tomcat_32 RELEASE-PLAN-3.2.4 Log: Release notes for the proposed Tomcat 3.2.4 release. Revision ChangesPath No revision No revision 1.1.2.1 +50 -0 jakarta-tomcat/Attic/RELEASE-PLAN-3.2.4
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util RequestUtil.java
marcsaeg01/10/05 11:12:33
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
ContextManager.java
src/share/org/apache/tomcat/util Tag: tomcat_32
RequestUtil.java
Log:
This change addresses a side effect of a change done in Tomcat 3.2.3 to
close a security hole. In Tomcat 3.2.3 we disallowed any URI that
contained encoded special characters like %, /, ., \. While this did help
close the security hole, it caused other problems. First, it violates the
URL specification (see RFC1630 and RFC1738) and second it prevents some
useful URLs from working.
To address this I've modified the behavior of RequestUtil.URLDecode(). It
used to check for some encoded special characters and if it found them it
would throw and InvalidArgumentException. I've added checks for the rest
of the special characters. Also, instead of throwing an exception the
encoded character is left in the resulting string.
Thus a URI like /fu%2fba%72 will decode to /fu%2fbar. Leaving the encoded
characters in the result will preclude them from matching against prefixes
or security constraints but the data will be available to servlets and JSP
pages that want the information, but they will have to decode these
strings on their own.
There is still an issue regarding the value returned by getPathInfo().
The specification states (in the 4/27/2000 errata) that getPathInfo()
should return a decoded value. The value currently returned by
getPathInfo() does not decode any of the special characters listed above.
It is not clear to me now if we should take the extra step of completely
decoding the path info or not, so for now I'm leaving it alone.
Revision ChangesPath
No revision
No revision
1.100.2.27 +2 -8
jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
Index: ContextManager.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
retrieving revision 1.100.2.26
retrieving revision 1.100.2.27
diff -u -r1.100.2.26 -r1.100.2.27
--- ContextManager.java 2001/07/17 04:25:54 1.100.2.26
+++ ContextManager.java 2001/10/05 18:12:33 1.100.2.27
@@ -742,18 +742,12 @@
public void service( Request req, Response res ) {
/**
- * XXX Normalize and validate the request URI. This is important
+ * XXX Normalize the request URI. This is important
* to prevent non-normalized URIs from causing security constraints
* from being bypassed. For example,
/examples/jsp/../jsp/security/protected/index.jsp
- * would not trigger the AccessInterceptor. Also, encoded special chars
- * ., /, \ and % are forbidden in URIs to prevent additional security problems.
+ * would not trigger the AccessInterceptor.
*/
req.setRequestURI(URLUtil.normalizeURI(req.getRequestURI()));
-String ucURI = req.getRequestURI().toUpperCase();
-if(ucURI.indexOf(%25) = 0 || ucURI.indexOf(%2E) = 0 ||
- ucURI.indexOf(%2F) = 0 || ucURI.indexOf(%5C) =0){
-res.setStatus(404);
-}
internalService( req, res );
// clean up
No revision
No revision
1.14.2.7 +4 -4
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java
Index: RequestUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java,v
retrieving revision 1.14.2.6
retrieving revision 1.14.2.7
diff -u -r1.14.2.6 -r1.14.2.7
--- RequestUtil.java 2001/08/12 23:26:57 1.14.2.6
+++ RequestUtil.java 2001/10/05 18:12:33 1.14.2.7
@@ -326,10 +326,10 @@
continue;
} else if (metaChar == '%') {
char c = (char) Integer.parseInt(str.substring(strPos + 1, strPos +
3), 16);
-if(c == '/' || c == '\0')
-throw new IllegalArgumentException(URL contains encoded
special chars.);
-
-dec.append(c);
+if(c == '/' || c == '%' || c=='.' || c == '\\' || c == '\0')
+dec.append(str.substring(strPos, strPos+3));
+else
+dec.append(c);
strPos += 3;
}
}
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util SimplePool.java
marcsaeg01/10/05 11:23:43
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
SimplePool.java
Log:
When an object is removed from the pool the pool's reference should be
removed to expedite garbage collection.
Submitted by: David Schreibman [EMAIL PROTECTED]
Revision ChangesPath
No revision
No revision
1.3.2.2 +4 -3
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java
Index: SimplePool.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java,v
retrieving revision 1.3.2.1
retrieving revision 1.3.2.2
diff -u -r1.3.2.1 -r1.3.2.2
--- SimplePool.java 2001/02/28 19:21:22 1.3.2.1
+++ SimplePool.java 2001/10/05 18:23:43 1.3.2.2
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java,v
1.3.2.1 2001/02/28 19:21:22 larryi Exp $
- * $Revision: 1.3.2.1 $
- * $Date: 2001/02/28 19:21:22 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java,v
1.3.2.2 2001/10/05 18:23:43 marcsaeg Exp $
+ * $Revision: 1.3.2.2 $
+ * $Date: 2001/10/05 18:23:43 $
*
*
*
@@ -118,6 +118,7 @@
synchronized( lock ) {
if( current = 0 ) {
item = pool[current];
+pool[current] = null;
current -= 1;
}
}
cvs commit: jakarta-tomcat/src/native/jk jk_lb_worker.c
marcsaeg01/10/05 11:49:42
Modified:src/native/jk Tag: tomcat_32 jk_lb_worker.c
Log:
Use a zero byte, not a NULL pointer to terminate the string.
Submitted by: Mathias Herberts [[EMAIL PROTECTED]]
Revision ChangesPath
No revision
No revision
1.2.2.2 +2 -2 jakarta-tomcat/src/native/jk/Attic/jk_lb_worker.c
Index: jk_lb_worker.c
===
RCS file: /home/cvs/jakarta-tomcat/src/native/jk/Attic/jk_lb_worker.c,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -r1.2.2.1 -r1.2.2.2
--- jk_lb_worker.c2001/01/11 03:07:11 1.2.2.1
+++ jk_lb_worker.c2001/10/05 18:49:42 1.2.2.2
@@ -58,7 +58,7 @@
* several workers. *
* Author: Gal Shachor [EMAIL PROTECTED] *
* Based on: *
- * Version: $Revision: 1.2.2.1 $ *
+ * Version: $Revision: 1.2.2.2 $ *
***/
#include jk_pool.h
@@ -133,7 +133,7 @@
* string if appended...
*/
if(id_end = strchr(id_start, '?')) {
-id_end = NULL;
+id_end = '\0';
}
return id_start;
}
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util RequestUtil.java
marcsaeg01/10/05 14:03:54 Modified:src/share/org/apache/tomcat/util Tag: tomcat_32 RequestUtil.java Log: Updated comments for URLDecode(). Revision ChangesPath No revision No revision 1.14.2.8 +5 -1 jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java Index: RequestUtil.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java,v retrieving revision 1.14.2.7 retrieving revision 1.14.2.8 diff -u -r1.14.2.7 -r1.14.2.8 --- RequestUtil.java 2001/10/05 18:12:33 1.14.2.7 +++ RequestUtil.java 2001/10/05 21:03:54 1.14.2.8 @@ -277,7 +277,11 @@ } /** - * This method decodes the given urlencoded string. + * This method decodes the given urlencoded string. Note that 'special' characters + * /, \, %, . and \0 are *NOT* decoded. The /, % and . characters are reserved by the + * URL specification and may only be used in URLs for their reserved purpose in their + * unencoded form. The \ and \0 characters are prohibited to avoide security problems + * some platforms. * * @param str the url-encoded string * @return the decoded string
cvs commit: jakarta-tomcat/src/native/jk jk_ajp12_worker.c
marcsaeg01/10/05 14:50:14
Modified:src/native/apache1.3 Tag: tomcat_32 mod_jk.c
src/native/apache2.0 Tag: tomcat_32 mod_jk.c
src/native/jk Tag: tomcat_32 jk_ajp12_worker.c
Log:
Fixes Bugzilla 2333. Instead of the proposed patch, which did its own
memory allocation, I used jk_pool_strdup(), but the end result is the same.
In the process of fixing this one I noticed that the jk_pool created in
mod_jk was not being closed. This usually doesn't leak because the pool's
buffer is allocated on the stack in jk_handler(), but it would leak any
dynamically allocated memory.
I'll commit the same changes to the jakarta-tomcat-connectors repository.
PR: 2333
Submitted by: [EMAIL PROTECTED]
Revision ChangesPath
No revision
No revision
1.7.2.7 +2 -0 jakarta-tomcat/src/native/apache1.3/Attic/mod_jk.c
Index: mod_jk.c
===
RCS file: /home/cvs/jakarta-tomcat/src/native/apache1.3/Attic/mod_jk.c,v
retrieving revision 1.7.2.6
retrieving revision 1.7.2.7
diff -u -r1.7.2.6 -r1.7.2.7
--- mod_jk.c 2001/09/17 23:53:21 1.7.2.6
+++ mod_jk.c 2001/10/05 21:50:14 1.7.2.7
@@ -703,6 +703,8 @@
}
}
+jk_close_pool(private_data.p);
+
if(rc) {
return OK; /* NOT r-status, even if it has changed. */
}
No revision
No revision
1.6.2.2 +2 -0 jakarta-tomcat/src/native/apache2.0/Attic/mod_jk.c
Index: mod_jk.c
===
RCS file: /home/cvs/jakarta-tomcat/src/native/apache2.0/Attic/mod_jk.c,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -r1.6.2.1 -r1.6.2.2
--- mod_jk.c 2001/05/19 04:23:43 1.6.2.1
+++ mod_jk.c 2001/10/05 21:50:14 1.6.2.2
@@ -523,6 +523,8 @@
}
}
+jk_close_pool(private_data.p);
+
if(rc) {
return OK; /* NOT r-status, even if it has changed. */
}
No revision
No revision
1.2.2.2 +3 -3 jakarta-tomcat/src/native/jk/Attic/jk_ajp12_worker.c
Index: jk_ajp12_worker.c
===
RCS file: /home/cvs/jakarta-tomcat/src/native/jk/Attic/jk_ajp12_worker.c,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -r1.2.2.1 -r1.2.2.2
--- jk_ajp12_worker.c 2001/02/01 22:50:09 1.2.2.1
+++ jk_ajp12_worker.c 2001/10/05 21:50:14 1.2.2.2
@@ -57,7 +57,7 @@
* Description: ajpv1.2 worker, used to call local or remote jserv hosts *
* Author: Gal Shachor [EMAIL PROTECTED] *
* Based on:jserv_ajpv12.c from Jserv *
- * Version: $Revision: 1.2.2.1 $ *
+ * Version: $Revision: 1.2.2.2 $ *
***/
#include jk_ajp12_worker.h
@@ -534,14 +534,14 @@
jk_log(l, JK_LOG_DEBUG, ajpv12_handle_response, read %s=%s\n, name,
value);
if(0 == strcmp(Status, name)) {
-char *numeric = strtok(value, \t);
+ char *numeric = strtok(value, \t);
status = atoi(numeric);
if(status 100 || status 999) {
jk_log(l, JK_LOG_ERROR, ajpv12_handle_response, invalid status
code\n);
return JK_FALSE;
}
-reason = strtok(NULL, \t);
+ reason = jk_pool_strdup(s-pool, strtok(NULL, \t));
} else {
if(headers_capacity == headers_len) {
jk_log(l, JK_LOG_DEBUG, ajpv12_handle_response, allocating header
arrays\n);
cvs commit: jakarta-tomcat-connectors/jk/native/common jk_ajp12_worker.c
marcsaeg01/10/05 14:52:08
Modified:jk/native/apache-1.3 mod_jk.c
jk/native/apache-2.0 mod_jk.c
jk/native/common jk_ajp12_worker.c
Log:
Porting change from tomcat_32.
Fixes Bugzilla 2333. Instead of the proposed patch, which did its own
memory allocation, I used jk_pool_strdup(), but the end result is the same.
In the process of fixing this one I noticed that the jk_pool created in
mod_jk was not being closed. This usually doesn't leak because the pool's
buffer is allocated on the stack in jk_handler(), but it would leak any
dynamically allocated memory.
Revision ChangesPath
1.19 +3 -1 jakarta-tomcat-connectors/jk/native/apache-1.3/mod_jk.c
Index: mod_jk.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/apache-1.3/mod_jk.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- mod_jk.c 2001/10/01 21:30:49 1.18
+++ mod_jk.c 2001/10/05 21:52:08 1.19
@@ -61,7 +61,7 @@
* Author: Gal Shachor [EMAIL PROTECTED] *
* Dan Milstein [EMAIL PROTECTED]*
* Henri Gomez [EMAIL PROTECTED] *
- * Version: $Revision: 1.18 $ *
+ * Version: $Revision: 1.19 $ *
***/
/*
@@ -1132,6 +1132,8 @@
end-done(end, l);
}
}
+
+jk_close_pool(private_data.p);
if(rc) {
return OK; /* NOT r-status, even if it has changed. */
1.29 +3 -1 jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c
Index: mod_jk.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- mod_jk.c 2001/10/04 13:09:42 1.28
+++ mod_jk.c 2001/10/05 21:52:08 1.29
@@ -60,7 +60,7 @@
* Description: Apache 2 plugin for Jakarta/Tomcat *
* Author: Gal Shachor [EMAIL PROTECTED] *
* Henri Gomez [EMAIL PROTECTED] *
- * Version: $Revision: 1.28 $ *
+ * Version: $Revision: 1.29 $ *
***/
/*
@@ -1235,6 +1235,8 @@
#endif
}
}
+
+jk_close_pool(private_data.p);
if(rc) {
return OK;/* NOT r-status, even if it has changed. */
1.4 +2 -2 jakarta-tomcat-connectors/jk/native/common/jk_ajp12_worker.c
Index: jk_ajp12_worker.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_ajp12_worker.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- jk_ajp12_worker.c 2001/06/18 14:15:11 1.3
+++ jk_ajp12_worker.c 2001/10/05 21:52:08 1.4
@@ -59,7 +59,7 @@
* Description: ajpv1.2 worker, used to call local or remote jserv hosts *
* Author: Gal Shachor [EMAIL PROTECTED] *
* Based on:jserv_ajpv12.c from Jserv *
- * Version: $Revision: 1.3 $ *
+ * Version: $Revision: 1.4 $ *
***/
#include jk_ajp12_worker.h
@@ -545,7 +545,7 @@
jk_log(l, JK_LOG_ERROR, ajpv12_handle_response, invalid status
code\n);
return JK_FALSE;
}
-reason = strtok(NULL, \t);
+reason = jk_pool_strdup(s-pool, strtok(NULL, \t));
} else {
if(headers_capacity == headers_len) {
jk_log(l, JK_LOG_DEBUG, ajpv12_handle_response, allocating header
arrays\n);
cvs commit: jakarta-tomcat-connectors/jk/native/apache-2.0 mod_jk.c mod_jk.dsp
marcsaeg01/10/04 06:09:42 Modified:jk/native/apache-2.0 mod_jk.c mod_jk.dsp Log: Changes to allow builds on Win32 platforms. Revision ChangesPath 1.28 +3 -1 jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c Index: mod_jk.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- mod_jk.c 2001/10/02 09:41:09 1.27 +++ mod_jk.c 2001/10/04 13:09:42 1.28 @@ -60,7 +60,7 @@ * Description: Apache 2 plugin for Jakarta/Tomcat * * Author: Gal Shachor [EMAIL PROTECTED] * * Henri Gomez [EMAIL PROTECTED] * - * Version: $Revision: 1.27 $ * + * Version: $Revision: 1.28 $ * ***/ /* @@ -69,6 +69,8 @@ #include apu_compat.h #include ap_config.h +#include apr_lib.h +#include apr_date.h #include httpd.h #include http_config.h #include http_request.h 1.5 +43 -46jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.dsp Index: mod_jk.dsp === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.dsp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- mod_jk.dsp2001/06/07 13:54:12 1.4 +++ mod_jk.dsp2001/10/04 13:09:42 1.5 @@ -43,8 +43,7 @@ # PROP Ignore_Export_Lib 0 # PROP Target_Dir # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D WIN32 /D NDEBUG /D _WINDOWS /D _MBCS /D _USRDLL /D APACHE_EXPORTS /YX /FD /c -# ADD CPP /nologo /MT /W3 /GX /O2 /I ../common /I $(JAVA_HOME)\include /I $(JAVA_HOME)\include\win32 /I $(APACHE2_HOME)\src\include /I $(APACHE2_HOME)\src\lib\apr\include /I $(APACHE2_HOME)\src\os\win32 /D _WIN32 /D NDEBUG /D WIN32 /D _WINDOWS /D WIN32_LEAN_AND_MEAN /D _MBCS /D _USRDLL /D SHARED_MODULE /FD /c -# SUBTRACT CPP /Fr /YX +# ADD CPP /nologo /MT /W3 /GX /O2 /I ..\common /I $(JAVA_HOME)\include /I $(JAVA_HOME)\include\win32 /I $(APACHE2_HOME)\include /I $(APACHE2_HOME)\srclib\apr\include /I $(APACHE2_HOME)\srclib\apr-util\include /I $(APACHE2_HOME)\os\win32 /D _WIN32 /D NDEBUG /D WIN32 /D _WINDOWS /D WIN32_LEAN_AND_MEAN /D _MBCS /D _USRDLL /D SHARED_MODULE /FD /c # ADD BASE MTL /nologo /D NDEBUG /mktyplib203 /win32 # ADD MTL /nologo /D NDEBUG /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d NDEBUG @@ -54,7 +53,7 @@ # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 -# ADD LINK32 ApacheCore.lib aprlib.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib wsock32.lib /nologo /dll /machine:I386 /libpath:$(APACHE2_HOME)\src\lib\apr\Release /libpath:$(APACHE2_HOME)\src\CoreR +# ADD LINK32 libhttpd.lib libapr.lib libaprutil.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib wsock32.lib /nologo /dll /machine:I386 /libpath:$(APACHE2_HOME)\Release /libpath:$(APACHE2_HOME)\srclib\apr\Release /libpath:$(APACHE2_HOME)\srclib\apr-util\Release !ELSEIF $(CFG) == apache - Win32 Debug @@ -70,7 +69,7 @@ # PROP Ignore_Export_Lib 0 # PROP Target_Dir # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D WIN32 /D _DEBUG /D _WINDOWS /D _MBCS /D _USRDLL /D APACHE_EXPORTS /YX /FD /GZ /c -# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I ../common /I $(JAVA_HOME)\include /I $(JAVA_HOME)\include\win32 /I $(APACHE2_HOME)\src\include /I $(APACHE2_HOME)\src\lib\apr\include /I $(APACHE2_HOME)\src\os\win32 /D _DEBUG /D WIN32 /D _WINDOWS /D _MBCS /D _USRDLL /D SHARED_MODULE /FR /YX /FD /GZ /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I ..\common /I $(JAVA_HOME)\include /I $(JAVA_HOME)\include\win32 /I $(APACHE2_HOME)\include /I $(APACHE2_HOME)\srclib\apr\include /I $(APACHE2_HOME)\srclib\apr-util\include /I $(APACHE2_HOME)\os\win32 /D _DEBUG /D WIN32 /D _WINDOWS /D _MBCS /D _USRDLL /D SHARED_MODULE /FR /YX /FD /GZ /c # ADD BASE MTL /nologo /D _DEBUG /mktyplib203 /win32 # ADD MTL /nologo /D _DEBUG /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d _DEBUG @@ -80,7 +79,7 @@ # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug
cvs commit: jakarta-tomcat/src/share/org/apache/jasper JspC.java
marcsaeg01/09/08 13:54:51
Modified:src/share/org/apache/jasper Tag: tomcat_32 JspC.java
Log:
Fixes invalid servlet mapping in generated web.xml file.
PR: 3474, 3499
Submitted by: Blakeslee, Todd [[EMAIL PROTECTED]]
Revision ChangesPath
No revision
No revision
1.15.2.4 +7 -7 jakarta-tomcat/src/share/org/apache/jasper/JspC.java
Index: JspC.java
===
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/jasper/JspC.java,v
retrieving revision 1.15.2.3
retrieving revision 1.15.2.4
diff -u -r1.15.2.3 -r1.15.2.4
--- JspC.java 2001/01/12 04:46:58 1.15.2.3
+++ JspC.java 2001/09/08 20:54:51 1.15.2.4
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/jasper/JspC.java,v
1.15.2.3 2001/01/12 04:46:58 larryi Exp $
- * $Revision: 1.15.2.3 $
- * $Date: 2001/01/12 04:46:58 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/jasper/JspC.java,v
1.15.2.4 2001/09/08 20:54:51 marcsaeg Exp $
+ * $Revision: 1.15.2.4 $
+ * $Date: 2001/09/08 20:54:51 $
*
*
*
@@ -391,11 +391,11 @@
servletout.write(/servlet-class\n\t/servlet\n);
}
if (mappingout != null) {
-mappingout.write(\n\tservlet-mapping\n\t\turl-pattern);
-mappingout.write(file);
-mappingout.write(/url-pattern\n\t\tservlet-name);
+mappingout.write(\n\tservlet-mapping\n\t\tservlet-name);
mappingout.write(thisServletName);
-mappingout.write(/servlet-name\n\t/servlet-mapping\n);
+mappingout.write(/servlet-name\n\t\turl-pattern);
+mappingout.write(file.replace('\\', '/'));
+mappingout.write(/url-pattern\n\t/servlet-mapping\n);
}
return true;
} catch (JasperException je) {
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util SessionIdGenerator.java
marcsaeg01/09/04 19:42:14
Modified:src/share/org/apache/tomcat/startup Tag: tomcat_32
Tomcat.java
src/share/org/apache/tomcat/util Tag: tomcat_32
SessionIdGenerator.java
Log:
Switch back to the default PRNG seed generator to avoid security weakness
in the manual seed generator. The PRNG is now initialized when the container
starts so that we don't take the hit on the first request.
Submitted by: Kevin E. Fu ([EMAIL PROTECTED])
Revision ChangesPath
No revision
No revision
1.31.2.2 +5 -0 jakarta-tomcat/src/share/org/apache/tomcat/startup/Tomcat.java
Index: Tomcat.java
===
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/startup/Tomcat.java,v
retrieving revision 1.31.2.1
retrieving revision 1.31.2.2
diff -u -r1.31.2.1 -r1.31.2.2
--- Tomcat.java 2000/11/28 00:19:20 1.31.2.1
+++ Tomcat.java 2001/09/05 02:42:13 1.31.2.2
@@ -199,6 +199,11 @@
// auto-configured contexts are initialized.
generateServerConfig( cm );
+// Initialize the Session ID Generator. Generating the PRNG seed
+// can be very time consuming so do we want to do this before
+// we start handling requests
+SessionIdGenerator.initialize();
+
cm.start(); // start serving
}
No revision
No revision
1.3.2.4 +41 -33
jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java
Index: SessionIdGenerator.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v
retrieving revision 1.3.2.3
retrieving revision 1.3.2.4
diff -u -r1.3.2.3 -r1.3.2.4
--- SessionIdGenerator.java 2000/12/22 17:35:05 1.3.2.3
+++ SessionIdGenerator.java 2001/09/05 02:42:14 1.3.2.4
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v
1.3.2.3 2000/12/22 17:35:05 marcsaeg Exp $
- * $Revision: 1.3.2.3 $
- * $Date: 2000/12/22 17:35:05 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/SessionIdGenerator.java,v
1.3.2.4 2001/09/05 02:42:14 marcsaeg Exp $
+ * $Revision: 1.3.2.4 $
+ * $Date: 2001/09/05 02:42:14 $
*
*
*
@@ -125,35 +125,23 @@
* Return the entropy increaser value, or compute a semi-useful value
* if this String has not yet been set.
*/
-public static String getEntropy() {
-
- // Calculate a semi-useful value if this has not been set
- if (entropy == null)
- setEntropy((new Object()).toString());
-
- return (entropy);
-
+public static String getEntropy()
+{
+return (entropy);
}
-
/**
* Set the entropy increaser value.
*
* @param entropy The new entropy increaser value
*/
-public static void setEntropy(String newEntropy) {
-
- entropy = newEntropy;
-
+public static void setEntropy(String newEntropy)
+{
+entropy = newEntropy;
}
-
- // ** NOTE that this must work together with get_jserv_session_balance()
-// ** in jserv_balance.c
-static synchronized public String getIdentifier (String jsIdent)
+public static void initialize()
{
-StringBuffer sessionId = new StringBuffer();
-
if (randomSource == null) {
String className = System.getProperty(tomcat.sessionid.randomclass);
if (className != null) {
@@ -168,19 +156,39 @@
if (randomSource == null)
randomSource = new java.security.SecureRandom();
- // Set the seed PRNG's seed value
- long seed = System.currentTimeMillis();
- char entropy[] = getEntropy().toCharArray();
- for (int i = 0; i entropy.length; i++) {
- long update = ((byte) entropy[i]) ((i % 8)
* 8);
- seed ^= update;
- }
- randomSource.setSeed(seed);
- }
+String entropyValue = getEntropy();
+if(entropyValue != null){
+/*
+ * We only do the manual seed generation if there is a user
+ * supplied entropy value. This is only for backwards
+ * compatibility. It is expected that very few people
+ * ever took
cvs commit: jakarta-tomcat/src/native/mod_jk/nt_service jk_nt_service.c
marcsaeg01/08/31 06:53:41 Modified:src/native/mod_jk/nt_service jk_nt_service.c Log: Porting changes to tomcat_32. If the Tomcat VM dies unexpectedly, jk_nt_service now terminates abruptly (i.e. without notifying the SCM). This causes the NT service recovery process to attempt to restart the service (assuming the jk_nt_service has been configured for restarting). Submitted by: Dave Ringoen [[EMAIL PROTECTED]] Revision ChangesPath 1.4 +6 -1 jakarta-tomcat/src/native/mod_jk/nt_service/jk_nt_service.c Index: jk_nt_service.c === RCS file: /home/cvs/jakarta-tomcat/src/native/mod_jk/nt_service/jk_nt_service.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- jk_nt_service.c 2001/04/24 08:49:46 1.3 +++ jk_nt_service.c 2001/08/31 13:53:41 1.4 @@ -56,7 +56,7 @@ /*** * Description: NT System service for Jakarta/Tomcat * * Author: Gal Shachor [EMAIL PROTECTED] * - * Version: $Revision: 1.3 $ * + * Version: $Revision: 1.4 $ * ***/ #include jk_global.h @@ -535,6 +535,11 @@ /* * Tomcat died !!! */ +CloseHandle(hServerStopEvent); +CloseHandle(hTomcat); +exit(0); // exit ungracefully so + // Service Control Manager + // will attempt a restart. break; default: /*
cvs commit: jakarta-tomcat/src/native/nt_service jk_nt_service.c
marcsaeg01/08/30 19:18:55 Modified:src/native/nt_service Tag: tomcat_32 jk_nt_service.c Log: If the Tomcat VM dies unexpectedly, jk_nt_service now terminates abruptly (i.e. without notifying the SCM). This causes the NT service recovery process to attempt to restart the service (assuming the jk_nt_service has been configured for restarting). Submitted by: Dave Ringoen [[EMAIL PROTECTED]] Revision ChangesPath No revision No revision 1.3.2.3 +6 -1 jakarta-tomcat/src/native/nt_service/Attic/jk_nt_service.c Index: jk_nt_service.c === RCS file: /home/cvs/jakarta-tomcat/src/native/nt_service/Attic/jk_nt_service.c,v retrieving revision 1.3.2.2 retrieving revision 1.3.2.3 diff -u -r1.3.2.2 -r1.3.2.3 --- jk_nt_service.c 2000/11/10 23:09:50 1.3.2.2 +++ jk_nt_service.c 2001/08/31 02:18:55 1.3.2.3 @@ -56,7 +56,7 @@ /*** * Description: NT System service for Jakarta/Tomcat * * Author: Gal Shachor [EMAIL PROTECTED] * - * Version: $Revision: 1.3.2.2 $ * + * Version: $Revision: 1.3.2.3 $ * ***/ #include jk_global.h @@ -534,6 +534,11 @@ /* * Tomcat died !!! */ +CloseHandle(hServerStopEvent); +CloseHandle(hTomcat); +exit(0); // exit ungracefully so + // Service Control Manager + // will attempt a restart. break; default: /*
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util DateTool.java MimeHeaderField.java
marcsaeg01/07/29 17:57:34
Modified:src/share/org/apache/tomcat/service/http Tag: tomcat_32
HttpResponseAdapter.java
src/share/org/apache/tomcat/util Tag: tomcat_32
DateTool.java MimeHeaderField.java
Log:
A Date: header is now sent in the response when Tomcat is running stand-alone.
Also fixes a bug in the previous date formats that had a 5 digit date format
(y) that caused a leading zero at the front of the years (e.g. 02001).
PR: 345
Submitted by: GOMEZ Henri [[EMAIL PROTECTED]]
Revision ChangesPath
No revision
No revision
1.11.2.2 +4 -4
jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpResponseAdapter.java
Index: HttpResponseAdapter.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpResponseAdapter.java,v
retrieving revision 1.11.2.1
retrieving revision 1.11.2.2
diff -u -r1.11.2.1 -r1.11.2.2
--- HttpResponseAdapter.java 2000/11/07 03:16:50 1.11.2.1
+++ HttpResponseAdapter.java 2001/07/30 00:57:34 1.11.2.2
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpResponseAdapter.java,v
1.11.2.1 2000/11/07 03:16:50 craigmcc Exp $
- * $Revision: 1.11.2.1 $
- * $Date: 2000/11/07 03:16:50 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpResponseAdapter.java,v
1.11.2.2 2001/07/30 00:57:34 marcsaeg Exp $
+ * $Revision: 1.11.2.2 $
+ * $Date: 2001/07/30 00:57:34 $
*
*
*
@@ -143,7 +143,7 @@
// This avoids redundant setting of date ( very expensive ).
// XXX XXX Check if IIS, NES do generate the date
MimeHeaderField dateH= headers.find( Date );
- if( false dateH == null ) {
+ if( dateH == null ) {
// no date header set by user
dateH=headers.putHeader();
dateH.setName(Date);
No revision
No revision
1.2.2.1 +19 -5
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/DateTool.java
Index: DateTool.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/DateTool.java,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -r1.2 -r1.2.2.1
--- DateTool.java 2000/05/24 16:34:20 1.2
+++ DateTool.java 2001/07/30 00:57:34 1.2.2.1
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/DateTool.java,v 1.2
2000/05/24 16:34:20 costin Exp $
- * $Revision: 1.2 $
- * $Date: 2000/05/24 16:34:20 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/DateTool.java,v
1.2.2.1 2001/07/30 00:57:34 marcsaeg Exp $
+ * $Revision: 1.2.2.1 $
+ * $Date: 2001/07/30 00:57:34 $
*
*
*
@@ -94,7 +94,7 @@
/** format for RFC 1123 date string -- Sun, 06 Nov 1994 08:49:37 GMT
*/
public final static String RFC1123_PATTERN =
-EEE, dd MMM y HH:mm:ss z;
+EEE, dd MMM HH:mm:ss z;
// format for RFC 1036 date string -- Sunday, 06-Nov-94 08:49:37 GMT
private final static String rfc1036Pattern =
@@ -102,7 +102,7 @@
// format for C asctime() date string -- Sun Nov 6 08:49:37 1994
private final static String asctimePattern =
-EEE MMM d HH:mm:ss y;
+EEE MMM d HH:mm:ss ;
/** Pattern used for old cookies
*/
@@ -131,4 +131,18 @@
asctimeFormat.setTimeZone(GMT_ZONE);
}
+private static String rfc1123DS;
+private static long rfc1123Sec;
+
+/**
+ */
+public static String format1123( Date d ) {
+long dt = d.getTime() % 1000;
+if ((rfc1123DS != null) (dt == rfc1123Sec))
+return rfc1123DS;
+
+rfc1123DS = rfc1123Format.format( d );
+rfc1123Sec = dt;
+return rfc1123DS;
+}
}
1.10.2.3 +4 -4
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/MimeHeaderField.java
Index: MimeHeaderField.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/MimeHeaderField.java,v
retrieving revision 1.10.2.2
retrieving revision 1.10.2.3
diff -u -r1.10.2.2 -r1.10.2.3
--- MimeHeaderField.java 2000/11/10 06:42:52 1.10.2.2
+++ MimeHeaderField.java 2001/07/30 00:57:34 1.10.2.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/loader AdaptiveClassLoader.java AdaptiveClassLoader12.java
marcsaeg01/07/23 14:49:08
Modified:src/share/org/apache/tomcat/loader Tag: tomcat_32
AdaptiveClassLoader.java AdaptiveClassLoader12.java
Log:
Added findResource() and findResources() per the JDk 1.2 class loader.
These methods only appear in AdaptiveClassLoader12 as they are only
supported in the 1.2 JDK. The actual implementation of these methods
resides in AdaptiveClassLoader to avoid duplicating code.
Obtained from: David Haraburda [[EMAIL PROTECTED]]
Revision ChangesPath
No revision
No revision
1.9.2.4 +81 -61
jakarta-tomcat/src/share/org/apache/tomcat/loader/Attic/AdaptiveClassLoader.java
Index: AdaptiveClassLoader.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/loader/Attic/AdaptiveClassLoader.java,v
retrieving revision 1.9.2.3
retrieving revision 1.9.2.4
diff -u -r1.9.2.3 -r1.9.2.4
--- AdaptiveClassLoader.java 2001/03/04 03:47:58 1.9.2.3
+++ AdaptiveClassLoader.java 2001/07/23 21:49:08 1.9.2.4
@@ -15,24 +15,24 @@
*
* 3. All advertising materials mentioning features or use of this
*software must display the following acknowledgment:
- *This product includes software developed by the Java Apache
+ *This product includes software developed by the Java Apache
*Project for use in the Apache JServ servlet engine project
*http://java.apache.org/.
*
- * 4. The names Apache JServ, Apache JServ Servlet Engine and
- *Java Apache Project must not be used to endorse or promote products
+ * 4. The names Apache JServ, Apache JServ Servlet Engine and
+ *Java Apache Project must not be used to endorse or promote products
*derived from this software without prior written permission.
*
* 5. Products derived from this software may not be called Apache JServ
- *nor may Apache nor Apache JServ appear in their names without
+ *nor may Apache nor Apache JServ appear in their names without
*prior written permission of the Java Apache Project.
*
* 6. Redistributions of any form whatsoever must retain the following
*acknowledgment:
- *This product includes software developed by the Java Apache
+ *This product includes software developed by the Java Apache
*Project for use in the Apache JServ servlet engine project
*http://java.apache.org/.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE JAVA APACHE PROJECT AS IS AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
@@ -118,12 +118,12 @@
* @author Martin Pool
* @author Jim Heintz
* @author a href=mailto:[EMAIL PROTECTED];Stefano Mazzocchi/a
- * @version $Revision: 1.9.2.3 $ $Date: 2001/03/04 03:47:58 $
+ * @version $Revision: 1.9.2.4 $ $Date: 2001/07/23 21:49:08 $
* @see java.lang.ClassLoader
*/
public class AdaptiveClassLoader extends ClassLoader {
private static final int debug=0;
-
+
/**
* Instance of the SecurityManager installed.
*/
@@ -163,7 +163,7 @@
* compatibility, we'll duplicate the 1.2 private member var.
*/
protected ClassLoader parent;
-
+
/**
* Private class used to maintain information about the classes that
* we loaded.
@@ -194,7 +194,7 @@
return origin == null;
}
}
-
+
//--- Constructors
/**
@@ -215,7 +215,7 @@
cache = new Hashtable();
}
-public void setRepository( Vector classRepository )
+public void setRepository( Vector classRepository )
throws IllegalArgumentException
{
// Verify that all the repository are valid.
@@ -275,7 +275,7 @@
void log( String s ) {
System.out.println(AdaptiveClassLoader: + s );
}
-
+
//--- Methods
/**
@@ -326,7 +326,7 @@
return false;
} else {
return (entry.origin.lastModified() != entry.lastModified);
-
+
}
}
@@ -348,7 +348,7 @@
if( debug5 )
log( cache entry: + entry.loadedClass.getName());
if (entry.isSystemClass()) continue;
-
+
// XXX: Because we want the classloader to be an accurate
// reflection of the contents of the repository, we also
// reload if a class origin file is now missing. This
@@ -381,7 +381,7 @@
*/
public AdaptiveClassLoader reinstantiate() {
AdaptiveClassLoader cl=new AdaptiveClassLoader();
- cl.setParent(parent
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/07/17 07:07:01 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Updated readme and RELEASE-NOTES for the 3.2.3 security release. Revision ChangesPath No revision No revision 1.1.2.9 +47 -78jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.8 retrieving revision 1.1.2.9 diff -u -r1.1.2.8 -r1.1.2.9 --- RELEASE-NOTES 2001/05/11 22:44:28 1.1.2.8 +++ RELEASE-NOTES 2001/07/17 14:07:00 1.1.2.9 @@ -1,8 +1,8 @@ -$Id: RELEASE-NOTES,v 1.1.2.8 2001/05/11 22:44:28 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.9 2001/07/17 14:07:00 marcsaeg Exp $ Release Notes for: - TOMCAT Version 3.2.2 + TOMCAT Version 3.2.3 @@ -30,10 +30,18 @@ You should read the License Agreement (in the LICENSE file of the top level directory), which applies to all software included in this release. -Tomcat Version 3.2.2 is a bug fix release. No new features have been -added in this release. The bugs known to be fixed in Version 3.2.2 -are described in section 7.1 below. +Tomcat version 3.2.3 is a security update release. This release closes a +hole that potentially allowed access to resource protected by a +security-constraint in web.xml. This release also includes fixes for +several other bugs discovered after the release of Tomcat version 3.2.2. +Section 7 lists the bugs fixed in this release. + +Users of previous version of Tomcat are strongly encouraged to upgrade to +this release. No changes to any configuration files are required. Existing +installations can be upgraded to version 3.2.3 by simply copying the JAR +files in this release into an existing 3.2.x tomcat/lib directory. + = 2. INSTALLING AND RUNNING TOMCAT @@ -75,9 +83,11 @@ - Tomcat 3.2.1 was a security update. See section 7.3 for details. -- Tomcat 3.2.2 is a bug fix release. Section 7.1 describes the issues +- Tomcat 3.2.2 was a bug fix release. Section 7.1 describes the issues that have been fixed in the version. +- Tomcat 3.2.3 is a security release. + - Tomcat 4.0 is separate development from Tomcat 3.x. It is based on the Catalina architecture, which is very different from the architecture of Tomcat 3.x. In addition, Tomcat 4.0 is to be the reference implementation @@ -299,82 +309,41 @@ === 7. FIXES AND ENHANCEMENTS IN UPDATES + +7.1 Fixes and Enhancements in Release 3.2.3 + +This section highlights the bugs fixed in this release. -7.1 Fixes and Enhancements in Release 3.2.2 + - The show source links the examples web app didn't work. (#372) + - Thread synchronization problems with servlet reloading. (#1628) + - Recycling BufferedServletOutputStream didn't reset usingWriter. (#1802) + - ZIP files in tomcat/lib were not automatically added to the CLASSPATH + by tomcat.bat (#1935) + - A sign extension problem caused ServletInputStream to prematurely return + EOF. (#1673, #1993) + - Multistatus codes for RFC 2518 were missing. (#2069) + - Missing error pages caused Tomcat to enter an infinite loop. (#2327) + - JDBCRealm SQL statements not being closed. (#2149) + - Potential for message buffer overflow in AJP13. (#1528) -This section highlights the bugs fixed in this release. In addition to -these, there have been many other minor bug fixes through the product. -Documentation - - Several updates to how-to documents and users guide. +7.2 Security vulnerabilities fixed in Tomcat 3.2.3 -Servlet - - Fix infinite loop if no prefix matches the request URI. Now returns - a 404 error. - - Handle UnavailableException in included servlets. - - User principle was incorrectly maintained. (#757) - - Use access control for forward() and include() when security manager - is being used. - - Properly interpret url-patterns inside security-contraints. (#567) - - Fix authentication with Sybase ASE 11.9.2 and Interbase. - - reqeust.getPort() now returns the correct port when using SSL. (#743) - - Fix JSP source disclosure problem. (#619) - - ServletRequest.getProtocol() could contain a CRLF. (#620) - - Better initialization of psuedo-random number generator improves - response time for first request that generates a session. - - Fix
cvs commit: jakarta-tomcat build.xml
marcsaeg01/07/17 07:25:30
Modified:.Tag: tomcat_32 build.xml
Log:
Now include RELEASE-NOTES and KEYS in the binary distribution.
Revision ChangesPath
No revision
No revision
1.53.2.7 +2 -0 jakarta-tomcat/build.xml
Index: build.xml
===
RCS file: /home/cvs/jakarta-tomcat/build.xml,v
retrieving revision 1.53.2.6
retrieving revision 1.53.2.7
diff -u -r1.53.2.6 -r1.53.2.7
--- build.xml 2001/02/16 15:14:08 1.53.2.6
+++ build.xml 2001/07/17 14:25:27 1.53.2.7
@@ -46,6 +46,8 @@
fileset dir=src/doc/
/copy
copy tofile=${tomcat.build}/LICENSE file=LICENSE/
+copy tofile=${tomcat.build}/RELEASE-NOTES file=RELEASE-NOTES/
+copy tofile=${tomcat.build}/KEYS file=KEYS/
!-- Copy library JAR files --
copy tofile=${tomcat.build}/lib/ant.jar
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Constants.java
marcsaeg01/07/17 08:57:00
Modified:src/webpages Tag: tomcat_32 index.html
src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
Log:
Updated version numbers for the 3.2.3 release.
Revision ChangesPath
No revision
No revision
1.13.2.20 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.19
retrieving revision 1.13.2.20
diff -u -r1.13.2.19 -r1.13.2.20
--- index.html2001/05/30 21:25:29 1.13.2.19
+++ index.html2001/07/17 15:56:50 1.13.2.20
@@ -4,13 +4,13 @@
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
meta name=GENERATOR content=Mozilla/4.72 [en] (WinNT; U) [Netscape]
meta name=Author content=Anil K. Vijendran
-titleTomcat v3.2.3-dev/title
+titleTomcat v3.2.3/title
/head
body bgcolor=#FF
img SRC=tomcat.gif height=92 width=130 align=LEFTbfont face=Arial,
Helvetica, sans-seriffont size=+3Tomcat/font/font/b
br
bfont face=Arial, Helvetica, sans-seriffont size=-1Version
-3.2.3-dev/font/font/b
+3.2.3/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
No revision
No revision
1.22.2.18 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.17
retrieving revision 1.22.2.18
diff -u -r1.22.2.17 -r1.22.2.18
--- Constants.java2001/05/30 21:25:33 1.22.2.17
+++ Constants.java2001/07/17 15:56:56 1.22.2.18
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = Tomcat Web Server;
-public static final String TOMCAT_VERSION = 3.2.3-dev;
+public static final String TOMCAT_VERSION = 3.2.3;
public static final String JSP_NAME = JSP;
public static final String JSP_VERSION = 1.1;
cvs commit: jakarta-tomcat-site/docs index.html news.html
marcsaeg01/07/17 11:25:18 Modified:xdocsindex.xml news.xml docs index.html news.html Log: Release 3.2.3. Revision ChangesPath 1.3 +5 -3 jakarta-tomcat-site/xdocs/index.xml Index: index.xml === RCS file: /home/cvs/jakarta-tomcat-site/xdocs/index.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- index.xml 2001/05/29 03:21:46 1.2 +++ index.xml 2001/07/17 18:25:09 1.3 @@ -52,11 +52,13 @@ strongly encouraged to migrate to the current production release, Tocmat 3.2.1./p -pstrongTomcat 3.2.x/strong. Tomcat 3.2.2 is the current production +pstrongTomcat 3.2.x/strong. Tomcat 3.2.3 is the current production quality release. Version 3.2 added few new features; the major effort was a refactoring of the internals to improve performance and stability. The -3.2.1 release, like 3.1.1, was a security patch. Version 3.2.2 fixes a -large number of bugs and all known specification compliance issues. The +3.2.1 release, like 3.1.1, was a security patch. Version 3.2.2 fixed a +large number of bugs and all known specification compliance issues. Version +3.2.3 is a security update that closes a serious security hole. All users +of Tomcat versions prior to 3.2.3 should updgrade as soon as possible. The 3.2.x branch will continue in maintenance mode, but no new feature releases are planned./p 1.4 +17 -0 jakarta-tomcat-site/xdocs/news.xml Index: news.xml === RCS file: /home/cvs/jakarta-tomcat-site/xdocs/news.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- news.xml 2001/05/29 03:49:09 1.3 +++ news.xml 2001/07/17 18:25:10 1.4 @@ -10,6 +10,23 @@ section name=News amp; Status +h317 July 2001 - Jakarta Tomcat 3.2.3 Released/h3 + +pstrongTomcat 3.2.3/strong is a security release. A serious security problem +was found in Tomcat 3.2.2 that could allow unconstrained access to protected areas +of a web site. This release closes that security hole and also includes several +other bug fixes that have been applied since the release of Tomcat 3.2.2. Please see +the RELEASE-NOTES for details on the security problem and other bug fixes available +in this release. The release is available for download +a href=http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.3;here/a. +/p + +pIt is strongly encouraged that all users of Tomcat 3.2.2 or earlier upgrade +to version 3.2.3 as soon as possible. +/p + +hr noshade= size=1/ + h328 May 2001 - Jakarta Tomcat 3.2.2 Released/h3 pstrongTomcat 3.2.2/strong is a maintenance release that fixes 1.3 +11 -5 jakarta-tomcat-site/docs/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat-site/docs/index.html,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- index.html2001/05/29 03:21:45 1.2 +++ index.html2001/07/17 18:25:14 1.3 @@ -36,7 +36,7 @@ tr !-- LEFT SIDE NAVIGATION -- -td valign=top nowrap=true +td width=20% valign=top nowrap=true pstrongTomcat/strong/p ul lia href=./index.htmlFront Page/a @@ -98,7 +98,7 @@ /li /ul /td -td align=left valign=top +td width=80% align=left valign=top table border=0 cellspacing=0 cellpadding=2 width=100% trtd bgcolor=#525D76 font color=#ff face=arial,helvetica,sanserif @@ -118,7 +118,9 @@ participate in this open development project. To learn more about getting involved, a href=/site/getinvolved.htmlclick here/a. /p /blockquote +/p /td/tr + trtdbr//td/tr /table table border=0 cellspacing=0 cellpadding=2 width=100% trtd bgcolor=#525D76 @@ -149,11 +151,13 @@ 3.1 should update to 3.1.1 to close the security holes and they are strongly encouraged to migrate to the current production release, Tocmat 3.2.1./p -pstrongTomcat 3.2.x/strong. Tomcat 3.2.2 is the current production +pstrongTomcat 3.2.x/strong. Tomcat 3.2.3 is the current production quality release. Version 3.2 added few new features; the major effort
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util URLUtil.java
marcsaeg01/07/16 21:25:56
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
ContextManager.java
src/share/org/apache/tomcat/request Tag: tomcat_32
AccessInterceptor.java
src/share/org/apache/tomcat/util Tag: tomcat_32 URLUtil.java
Log:
This fixes several security related problems.
1) Non-normalized URIs bypass security-contraints
2) HTTP method (e.g. GET, POST, ...) comparisons in the AccessInterceptor were case
sensitive. Thus, using telnet to issue get
/examples/jsp/security/protected/index.jsp
would bypass the security constraint, but GET
/examples/jsp/security/protected/index.jsp would not.
3) Special chars (%25, %2e, %2f, %5c) in URIs are forbidden.
PR: 2612
Revision ChangesPath
No revision
No revision
1.100.2.26 +16 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
Index: ContextManager.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
retrieving revision 1.100.2.25
retrieving revision 1.100.2.26
diff -u -r1.100.2.25 -r1.100.2.26
--- ContextManager.java 2001/07/11 05:24:14 1.100.2.25
+++ ContextManager.java 2001/07/17 04:25:54 1.100.2.26
@@ -740,7 +740,22 @@
* XXX make sure the alghoritm is right, deal with response codes
*/
public void service( Request req, Response res ) {
- internalService( req, res );
+
+/**
+ * XXX Normalize and validate the request URI. This is important
+ * to prevent non-normalized URIs from causing security constraints
+ * from being bypassed. For example,
/examples/jsp/../jsp/security/protected/index.jsp
+ * would not trigger the AccessInterceptor. Also, encoded special chars
+ * ., /, \ and % are forbidden in URIs to prevent additional security problems.
+ */
+req.setRequestURI(URLUtil.normalizeURI(req.getRequestURI()));
+String ucURI = req.getRequestURI().toUpperCase();
+if(ucURI.indexOf(%25) = 0 || ucURI.indexOf(%2E) = 0 ||
+ ucURI.indexOf(%2F) = 0 || ucURI.indexOf(%5C) =0){
+res.setStatus(404);
+}
+
+internalService( req, res );
// clean up
try {
res.finish();
No revision
No revision
1.12.2.9 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/AccessInterceptor.java
Index: AccessInterceptor.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/AccessInterceptor.java,v
retrieving revision 1.12.2.8
retrieving revision 1.12.2.9
diff -u -r1.12.2.8 -r1.12.2.9
--- AccessInterceptor.java2001/07/15 23:09:31 1.12.2.8
+++ AccessInterceptor.java2001/07/17 04:25:55 1.12.2.9
@@ -314,7 +314,7 @@
if( ctMethods != null ctMethods.length 0 ) {
boolean ok=false;
for( int i=0; i ctMethods.length; i++ ) {
- if( method.equals( ctMethods[i] ) ) {
+ if( method.equalsIgnoreCase( ctMethods[i] ) ) {
ok=true;
break;
}
No revision
No revision
1.7.2.3 +90 -3
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java
Index: URLUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.3
diff -u -r1.7.2.2 -r1.7.2.3
--- URLUtil.java 2001/04/08 01:37:57 1.7.2.2
+++ URLUtil.java 2001/07/17 04:25:55 1.7.2.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v 1.7.2.2
2001/04/08 01:37:57 marcsaeg Exp $
- * $Revision: 1.7.2.2 $
- * $Date: 2001/04/08 01:37:57 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v 1.7.2.3
2001/07/17 04:25:55 marcsaeg Exp $
+ * $Revision: 1.7.2.3 $
+ * $Date: 2001/07/17 04:25:55 $
*
*
*
@@ -205,4 +205,91 @@
return hasEscape;
}
+
+// Based on Apache's path normalization code
+public static String normalizeURI(String URI)
+{
+int start=0;
+int end=URI.length();
+char buff[] = new char[URI.length()];
+URI.getChars(0, URI.length(), buff, 0);
+int i=0;
+int j=0;
+
+// remove //
+for( i=start, j=start; iend-1; i
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core LocalStrings.properties LocalStrings_es.properties LocalStrings_fr.properties LocalStrings_se.properties
marcsaeg01/06/25 13:19:34
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
LocalStrings.properties LocalStrings_es.properties
LocalStrings_fr.properties
LocalStrings_se.properties
Log:
Added status codes for RFC 2518
sc.102=Processing
sc.422=Unprocessable Entity
sc.423=Locked
sc.424=Failed Dependency
sc.507=Insufficient Storage
PR: 2069
Submitted by: [EMAIL PROTECTED] (Stefan Eissing)
Revision ChangesPath
No revision
No revision
1.8.4.2 +6 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/LocalStrings.properties
Index: LocalStrings.properties
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/LocalStrings.properties,v
retrieving revision 1.8.4.1
retrieving revision 1.8.4.2
diff -u -r1.8.4.1 -r1.8.4.2
--- LocalStrings.properties 2001/03/15 20:15:15 1.8.4.1
+++ LocalStrings.properties 2001/06/25 20:19:23 1.8.4.2
@@ -1,4 +1,4 @@
-# $Id: LocalStrings.properties,v 1.8.4.1 2001/03/15 20:15:15 marcsaeg Exp $
+# $Id: LocalStrings.properties,v 1.8.4.2 2001/06/25 20:19:23 marcsaeg Exp $
#
# Localized strings for package org.apache.tomcat.core
@@ -55,6 +55,7 @@
sc.100=Continue
sc.101=Switching Protocols
+sc.102=Processing
sc.200=OK
sc.201=Created
sc.202=Accepted
@@ -88,12 +89,16 @@
sc.415=Unsupported Media Type
sc.416=Requested Range Not Satisfiable
sc.417=Expectation Failed
+sc.422=Unprocessable Entity
+sc.423=Locked
+sc.424=Failed Dependency
sc.500=Internal Server Error
sc.501=Not Implemented
sc.502=Bad Gateway
sc.503=Service Unavailable
sc.504=Gateway Timeout
sc.505=HTTP Version Not Supported
+sc.507=Insufficient Storage
servletOutputStreamImpl.write.iae=invalid write length: {0}
servletOutputStreamImpl.fmt.not_iso8859_1=Not an ISO 8859_1 character:{0}
1.2.4.2 +6 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/LocalStrings_es.properties
Index: LocalStrings_es.properties
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/LocalStrings_es.properties,v
retrieving revision 1.2.4.1
retrieving revision 1.2.4.2
diff -u -r1.2.4.1 -r1.2.4.2
--- LocalStrings_es.properties2001/03/15 20:15:17 1.2.4.1
+++ LocalStrings_es.properties2001/06/25 20:19:25 1.2.4.2
@@ -1,4 +1,4 @@
-# $Id: LocalStrings_es.properties,v 1.2.4.1 2001/03/15 20:15:17 marcsaeg Exp $
+# $Id: LocalStrings_es.properties,v 1.2.4.2 2001/06/25 20:19:25 marcsaeg Exp $
#
# Localized strings for package org.apache.tomcat.core
@@ -54,6 +54,7 @@
sc.100=Continuar
sc.101=Cambiando Protocolos
+sc.102=Processing
sc.200=OK
sc.201=Creado
sc.202=Aceptado
@@ -87,12 +88,16 @@
sc.415=Tipo de Medio No Soportado
sc.416=El Rango Pedido No Ser Satifecho
sc.417=Expectativa Fallada
+sc.422=Unprocessable Entity
+sc.423=Locked
+sc.424=Failed Dependency
sc.500=Error Interno del Servidor
sc.501=No Implementado
sc.502=Gateway Incorrecto
sc.503=Servicio no Disponible
sc.504=Gateway Caducado
sc.505=Version de HTTP No Soportada
+sc.507=Insufficient Storage
servletOutputStreamImpl.write.iae=longitud de escritura incorrecta: {0}
servletOutputStreamImpl.fmt.not_iso8859_1=No es un caracter ISO 8859_1:{0}
1.1.2.3 +6 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/LocalStrings_fr.properties
Index: LocalStrings_fr.properties
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/LocalStrings_fr.properties,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- LocalStrings_fr.properties2001/03/15 20:15:17 1.1.2.2
+++ LocalStrings_fr.properties2001/06/25 20:19:26 1.1.2.3
@@ -1,4 +1,4 @@
-# $Id: LocalStrings_fr.properties,v 1.1.2.2 2001/03/15 20:15:17 marcsaeg Exp $
+# $Id: LocalStrings_fr.properties,v 1.1.2.3 2001/06/25 20:19:26 marcsaeg Exp $
#
# Localized strings for package org.apache.tomcat.core
@@ -55,6 +55,7 @@
sc.100=Continue
sc.101=Switching Protocols
+sc.102=Processing
sc.200=OK
sc.201=Created
sc.202=Accepted
@@ -88,12 +89,16 @@
sc.415=Unsupported Media Type
sc.416=Requested Range Not Satisfiable
sc.417=Expectation Failed
+sc.422=Unprocessable Entity
+sc.423=Locked
+sc.424=Failed Dependency
sc.500=Internal Server Error
sc.501=Not Implemented
sc.502=Bad Gateway
sc.503=Service Unavailable
sc.504=Gateway Timeout
sc.505=HTTP Version Not Supported
+sc.507=Insufficient Storage
cvs commit: jakarta-tomcat/src/shell tomcat.bat
marcsaeg01/06/24 12:27:16 Modified:src/shell Tag: tomcat_32 tomcat.bat Log: Making tomcat.bat consistent with tomcat.sh in how files are added to the classpath. Tomcat.bat only added jar files while tomcat.sh added all files in tomcat/lib. This made it more difficult for users to have .zip file automatically added to Tomcat's classpath. PR: 1935 Submitted by: [EMAIL PROTECTED] (Jonathan Pierce) Revision ChangesPath No revision No revision 1.24.2.7 +2 -2 jakarta-tomcat/src/shell/tomcat.bat Index: tomcat.bat === RCS file: /home/cvs/jakarta-tomcat/src/shell/tomcat.bat,v retrieving revision 1.24.2.6 retrieving revision 1.24.2.7 diff -u -r1.24.2.6 -r1.24.2.7 --- tomcat.bat2001/01/11 19:12:45 1.24.2.6 +++ tomcat.bat2001/06/24 19:27:10 1.24.2.7 @@ -22,7 +22,7 @@ rem rem JAVA_HOMEMust point at your Java Development Kit installation. rem -rem $Id: tomcat.bat,v 1.24.2.6 2001/01/11 19:12:45 larryi Exp $ +rem $Id: tomcat.bat,v 1.24.2.7 2001/06/24 19:27:10 marcsaeg Exp $ rem - @@ -76,7 +76,7 @@ :dynClasspath set _LIBJARS= -for %%i in (%TOMCAT_HOME%\lib\*.jar) do call %TOMCAT_HOME%\bin\cpappend.bat %%i +for %%i in (%TOMCAT_HOME%\lib\*.*) do call %TOMCAT_HOME%\bin\cpappend.bat %%i if not %_LIBJARS% == goto gotLibJars echo Unable to set CLASSPATH dynamically. if %OS% == Windows_NT goto staticClasspath
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/connector Ajp13ConnectorRequest.java
marcsaeg01/06/20 13:52:24 Modified:src/share/org/apache/tomcat/service/connector Tag: tomcat_32 Ajp13ConnectorRequest.java Log: Fixed sign extension problem in doRead(), again. PR: 1673 Submitted by: Richard Evans ([EMAIL PROTECTED]) Revision ChangesPath No revision No revision 1.5.2.8 +4 -4 jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java Index: Ajp13ConnectorRequest.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v retrieving revision 1.5.2.7 retrieving revision 1.5.2.8 diff -u -r1.5.2.7 -r1.5.2.8 --- Ajp13ConnectorRequest.java2001/05/11 22:37:24 1.5.2.7 +++ Ajp13ConnectorRequest.java2001/06/20 20:52:23 1.5.2.8 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v 1.5.2.7 2001/05/11 22:37:24 marcsaeg Exp $ - * $Revision: 1.5.2.7 $ - * $Date: 2001/05/11 22:37:24 $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v 1.5.2.8 2001/06/20 20:52:23 marcsaeg Exp $ + * $Revision: 1.5.2.8 $ + * $Date: 2001/06/20 20:52:23 $ * * * @@ -253,7 +253,7 @@ return -1; } } -return (char) bodyBuff[pos++]; +return bodyBuff[pos++] 0xFF; // prevent sign extension of byte value } public int doRead(byte[] b, int off, int len) throws IOException
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/connector MsgBuffer.java
marcsaeg01/06/18 19:42:23
Modified:src/share/org/apache/tomcat/service/connector Tag: tomcat_32
MsgBuffer.java
Log:
Fix buffer bounds check.
PR: 1528
Submitted by: [EMAIL PROTECTED]
Revision ChangesPath
No revision
No revision
1.7.2.2 +4 -4
jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/MsgBuffer.java
Index: MsgBuffer.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/MsgBuffer.java,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -r1.7.2.1 -r1.7.2.2
--- MsgBuffer.java2000/12/12 09:41:44 1.7.2.1
+++ MsgBuffer.java2001/06/19 02:42:23 1.7.2.2
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/MsgBuffer.java,v
1.7.2.1 2000/12/12 09:41:44 hgomez Exp $
- * $Revision: 1.7.2.1 $
- * $Date: 2000/12/12 09:41:44 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/MsgBuffer.java,v
1.7.2.2 2001/06/19 02:42:23 marcsaeg Exp $
+ * $Revision: 1.7.2.2 $
+ * $Date: 2001/06/19 02:42:23 $
*
*
*
@@ -158,7 +158,7 @@
public void appendBytes( byte b[], int off, int len ) {
BuffTool.addInt( buff, pos, len );
pos+=2;
- if( pos + len buff.length ) {
+ if( pos + len = buff.length ) {
System.out.println(Buffer overflow + buff.length + + pos + +
len );
}
System.arraycopy( b, off, buff, pos, len);
cvs commit: jakarta-tomcat/src/examples/WEB-INF/classes/examples ShowSource.java
marcsaeg01/06/14 08:23:47
Modified:src/examples/WEB-INF/classes/examples Tag: tomcat_32
ShowSource.java
Log:
The code that attempted to prevent exposing the contents of files in the WEB-INF and
META-INF directories was broken and actually prevented source files from being
displayed.
PR: 372
Submitted by: Tony Robertson ([EMAIL PROTECTED])
Revision ChangesPath
No revision
No revision
1.4.4.2 +2 -2
jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java
Index: ShowSource.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java,v
retrieving revision 1.4.4.1
retrieving revision 1.4.4.2
diff -u -r1.4.4.1 -r1.4.4.2
--- ShowSource.java 2000/12/10 03:07:51 1.4.4.1
+++ ShowSource.java 2001/06/14 15:23:46 1.4.4.2
@@ -21,8 +21,8 @@
public int doEndTag() throws JspException {
if ((jspFile.indexOf( .. ) = 0) ||
-(jspFile.toUpperCase().indexOf(/WEB-INF/) != 0) ||
-(jspFile.toUpperCase().indexOf(/META-INF/) != 0))
+(jspFile.toUpperCase().indexOf(/WEB-INF/) = 0) ||
+(jspFile.toUpperCase().indexOf(/META-INF/) = 0))
throw new JspTagException(Invalid JSP file + jspFile);
InputStream in
cvs commit: jakarta-tomcat/src/doc tomcat-ssl-howto.html
marcsaeg01/06/13 16:43:05 Modified:src/doc Tag: tomcat_32 tomcat-ssl-howto.html Log: Fixed URL for apache-ssl. Revision ChangesPath No revision No revision 1.1.2.5 +1 -1 jakarta-tomcat/src/doc/tomcat-ssl-howto.html Index: tomcat-ssl-howto.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/tomcat-ssl-howto.html,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- tomcat-ssl-howto.html 2001/06/05 14:38:23 1.1.2.4 +++ tomcat-ssl-howto.html 2001/06/13 23:43:05 1.1.2.5 @@ -68,7 +68,7 @@ pTomcat can use SSL directly (via an HTTP connector supporting SSL) or via an SSL-capable Apache (a - href=http://www.apachessl.org;Apache-SSL/a or a + href=http://www.apache-ssl.org;Apache-SSL/a or a href=http://www.modssl.org;apache+mod_ssl/a) with the mod_jk connector./p
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Constants.java
marcsaeg01/05/30 14:25:34
Modified:src/webpages Tag: tomcat_32 index.html
src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
Log:
Updating version numbers to 3.2.3-dev.
Revision ChangesPath
No revision
No revision
1.13.2.19 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.18
retrieving revision 1.13.2.19
diff -u -r1.13.2.18 -r1.13.2.19
--- index.html2001/05/29 01:28:36 1.13.2.18
+++ index.html2001/05/30 21:25:29 1.13.2.19
@@ -4,13 +4,13 @@
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
meta name=GENERATOR content=Mozilla/4.72 [en] (WinNT; U) [Netscape]
meta name=Author content=Anil K. Vijendran
-titleTomcat v3.2.2/title
+titleTomcat v3.2.3-dev/title
/head
body bgcolor=#FF
img SRC=tomcat.gif height=92 width=130 align=LEFTbfont face=Arial,
Helvetica, sans-seriffont size=+3Tomcat/font/font/b
br
bfont face=Arial, Helvetica, sans-seriffont size=-1Version
-3.2.2/font/font/b
+3.2.3-dev/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
No revision
No revision
1.22.2.17 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.16
retrieving revision 1.22.2.17
diff -u -r1.22.2.16 -r1.22.2.17
--- Constants.java2001/05/29 01:28:35 1.22.2.16
+++ Constants.java2001/05/30 21:25:33 1.22.2.17
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = Tomcat Web Server;
-public static final String TOMCAT_VERSION = 3.2.2;
+public static final String TOMCAT_VERSION = 3.2.3-dev;
public static final String JSP_NAME = JSP;
public static final String JSP_VERSION = 1.1;
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request StaticInterceptor.java
marcsaeg01/05/30 14:33:04 Modified:src/share/org/apache/tomcat/request Tag: tomcat_32 StaticInterceptor.java Log: The previous commit by arieh removed larryi's previous fix for using javax.servlet.include.servlet_path. Revision ChangesPath No revision No revision 1.7.2.10 +4 -1 jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/StaticInterceptor.java Index: StaticInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/StaticInterceptor.java,v retrieving revision 1.7.2.9 retrieving revision 1.7.2.10 diff -u -r1.7.2.9 -r1.7.2.10 --- StaticInterceptor.java2001/03/16 23:41:57 1.7.2.9 +++ StaticInterceptor.java2001/05/30 21:33:02 1.7.2.10 @@ -377,7 +377,10 @@ subReq=req.getChild(); Context ctx=subReq.getContext(); - String pathInfo=subReq.getServletPath(); +// If this file is being included, use javax.servlet.include.servlet_path. +String pathInfo = (String)subReq.getAttribute(javax.servlet.include.servlet_path); +if(pathInfo == null) +pathInfo=subReq.getServletPath(); String absPath = (String)subReq.getNote( realFileNote ); if( absPath==null ) absPath=ctx.getRealPath( pathInfo );
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime BodyContentImpl.java
marcsaeg01/05/28 17:55:33
Modified:src/share/org/apache/jasper/runtime Tag: tomcat_32
BodyContentImpl.java
Log:
Larry found this one while comparing 3.2.2 with 3.3. Hopefully this is the
last time we need to 'fix' this buffer sizing problem.
Revision ChangesPath
No revision
No revision
1.6.6.5 +9 -13
jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java
Index: BodyContentImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java,v
retrieving revision 1.6.6.4
retrieving revision 1.6.6.5
diff -u -r1.6.6.4 -r1.6.6.5
--- BodyContentImpl.java 2001/04/23 19:00:20 1.6.6.4
+++ BodyContentImpl.java 2001/05/29 00:55:32 1.6.6.5
@@ -109,19 +109,15 @@
char[] tmp = null;
- //XXX Should it be multiple of DEFAULT_BUFFER_SIZE??
-
-int newBufferSize = bufferSize * 2;
-if (len = newBufferSize) {
- bufferSize = newBufferSize;
- tmp = new char [bufferSize];
- } else {
- tmp = new char [bufferSize + len];
- bufferSize += len;
- }
- System.arraycopy(cb, 0, tmp, 0, cb.length);
- cb = tmp;
- tmp = null;
+if(len = bufferSize){
+bufferSize *= 2;
+}else{
+bufferSize += len;
+}
+tmp = new char[bufferSize];
+System.arraycopy(cb, 0, tmp, 0, cb.length);
+cb = tmp;
+tmp = null;
}
/**
cvs commit: jakarta-tomcat/src/webpages index.html
marcsaeg01/05/28 18:28:37
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
src/webpages Tag: tomcat_32 index.html
Log:
Updating version numbers for the Tomcat 3.2.2 final release.
Revision ChangesPath
No revision
No revision
1.22.2.16 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.15
retrieving revision 1.22.2.16
diff -u -r1.22.2.15 -r1.22.2.16
--- Constants.java2001/05/11 23:21:44 1.22.2.15
+++ Constants.java2001/05/29 01:28:35 1.22.2.16
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = Tomcat Web Server;
-public static final String TOMCAT_VERSION = 3.2.2 beta 5;
+public static final String TOMCAT_VERSION = 3.2.2;
public static final String JSP_NAME = JSP;
public static final String JSP_VERSION = 1.1;
No revision
No revision
1.13.2.18 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.17
retrieving revision 1.13.2.18
diff -u -r1.13.2.17 -r1.13.2.18
--- index.html2001/05/11 23:21:42 1.13.2.17
+++ index.html2001/05/29 01:28:36 1.13.2.18
@@ -4,13 +4,13 @@
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
meta name=GENERATOR content=Mozilla/4.72 [en] (WinNT; U) [Netscape]
meta name=Author content=Anil K. Vijendran
-titleTomcat v3.2.2 beta 5/title
+titleTomcat v3.2.2/title
/head
body bgcolor=#FF
img SRC=tomcat.gif height=92 width=130 align=LEFTbfont face=Arial,
Helvetica, sans-seriffont size=+3Tomcat/font/font/b
br
bfont face=Arial, Helvetica, sans-seriffont size=-1Version
-3.2.2 beta 5/font/font/b
+3.2.2/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
cvs commit: jakarta-tomcat-site/xdocs news.xml
marcsaeg01/05/28 20:49:09 Modified:docs news.html xdocsnews.xml Log: Removed some bogus stuff from previous edit. Revision ChangesPath 1.3 +4 -6 jakarta-tomcat-site/docs/news.html Index: news.html === RCS file: /home/cvs/jakarta-tomcat-site/docs/news.html,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- news.html 2001/05/29 03:21:45 1.2 +++ news.html 2001/05/29 03:49:09 1.3 @@ -105,19 +105,15 @@ a name=News StatusstrongNews Status/strong/a /font /td/tr + trtdbr//td/tr trtd blockquote h328 May 2001 - Jakarta Tomcat 3.2.2 Released/h3 pstrongTomcat 3.2.2/strong is a maintenance release that fixes -several bugs since the 3.2.1 release and fixes all known specification +several bugs since the 3.2.1 release and corrects all known specification compliance issues. The release is available for download a href=http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.2;here/a. /p -pstrongTomcat 4.0-beta-5/strong is the latest update to the next -generation version of Tomcat 4.0. It fixes two security vulnerabilities -that were discovered in Tomcat 4.0-b4 (and prior versions). Anyone who -downloaded Tomcat 4.0-b4 is urged to update immediately. Get your copy -a href=http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b4;here/a./p hr noshade= size=1 / h314 May 2001 - Jakarta Tomcat 4.0-beta-5 Released/h3 pstrongTomcat 4.0-beta-5/strong is the latest update to the next @@ -223,7 +219,9 @@ the subject b[NEWS]/b to bmarcsaeg at apache dot org/b. /p /blockquote +/p /td/tr + trtdbr//td/tr /table /td /tr 1.3 +1 -7 jakarta-tomcat-site/xdocs/news.xml Index: news.xml === RCS file: /home/cvs/jakarta-tomcat-site/xdocs/news.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- news.xml 2001/05/29 03:21:46 1.2 +++ news.xml 2001/05/29 03:49:09 1.3 @@ -13,16 +13,10 @@ h328 May 2001 - Jakarta Tomcat 3.2.2 Released/h3 pstrongTomcat 3.2.2/strong is a maintenance release that fixes -several bugs since the 3.2.1 release and fixes all known specification +several bugs since the 3.2.1 release and corrects all known specification compliance issues. The release is available for download a href=http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.2;here/a. /p - -pstrongTomcat 4.0-beta-5/strong is the latest update to the next -generation version of Tomcat 4.0. It fixes two security vulnerabilities -that were discovered in Tomcat 4.0-b4 (and prior versions). Anyone who -downloaded Tomcat 4.0-b4 is urged to update immediately. Get your copy -a href=http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b4;here/a./p hr noshade= size=1/
cvs commit: jakarta-tomcat/src/doc index.html
marcsaeg01/05/26 09:04:14 Modified:src/doc Tag: tomcat_32 index.html Log: Fixed HREF for documentation home page to match the new Tomcat web site. Revision ChangesPath No revision No revision 1.5.2.6 +2 -2 jakarta-tomcat/src/doc/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/index.html,v retrieving revision 1.5.2.5 retrieving revision 1.5.2.6 diff -u -r1.5.2.5 -r1.5.2.6 --- index.html2000/11/29 18:01:54 1.5.2.5 +++ index.html2001/05/26 16:04:14 1.5.2.6 @@ -1,7 +1,7 @@ html head -!-- $Id: index.html,v 1.5.2.5 2000/11/29 18:01:54 craigmcc Exp $ -- +!-- $Id: index.html,v 1.5.2.6 2001/05/26 16:04:14 marcsaeg Exp $ -- !-- Copyright 1999, Apache Software Foundation -- meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 link rel=stylesheet href=uguide/style.css @@ -87,7 +87,7 @@ /ul -pb* The absolute latest Tomcat documentation can be found online at the a href=http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/index.html;Tomcat +pb* The absolute latest Tomcat documentation can be found online at the a href=http://jakarta.apache.org/tomcat/tomcat-3.2-doc/index.html;Tomcat Documentation homepage/a./b/p table width=100% border=0 cellpadding=10 cellspacing=0
cvs commit: jakarta-tomcat KEYS
marcsaeg01/05/25 14:41:37 Added: .Tag: tomcat_32 KEYS Log: PGP public keys for Tomcat developers. Revision ChangesPath No revision No revision 1.1.2.1 +37 -0 jakarta-tomcat/Attic/KEYS
cvs commit: jakarta-tomcat-site - Imported sources
marcsaeg01/05/22 10:31:51 Log: Initial Tomcat Web Site Status: Vendor Tag: tomcat-site Release Tags: start N jakarta-tomcat-site/build.sh N jakarta-tomcat-site/build.xml N jakarta-tomcat-site/cpappend.bat N jakarta-tomcat-site/build.bat N jakarta-tomcat-site/README.txt N jakarta-tomcat-site/.cvsignore N jakarta-tomcat-site/xdocs/velocity.properties N jakarta-tomcat-site/xdocs/index.xml N jakarta-tomcat-site/xdocs/news.xml N jakarta-tomcat-site/xdocs/stylesheets/project.xml N jakarta-tomcat-site/xdocs/images/tomcat-power.gif N jakarta-tomcat-site/xdocs/images/tomcat.gif N jakarta-tomcat-site/docs/index.html N jakarta-tomcat-site/docs/news.html N jakarta-tomcat-site/docs/images/tomcat.gif N jakarta-tomcat-site/docs/images/tomcat-power.gif No conflicts created by this import
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime JspFactoryImpl.java
marcsaeg01/05/18 07:40:38
Modified:src/share/org/apache/jasper/runtime Tag: tomcat_32
JspFactoryImpl.java
Log:
Added test for null page context in releasePageContext.
Submitted by: Antony Bowesman [[EMAIL PROTECTED]]
Revision ChangesPath
No revision
No revision
1.4.2.1 +5 -3
jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java
Index: JspFactoryImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- JspFactoryImpl.java 2000/06/30 20:21:02 1.4
+++ JspFactoryImpl.java 2001/05/18 14:40:35 1.4.2.1
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java,v 1.4
2000/06/30 20:21:02 costin Exp $
- * $Revision: 1.4 $
- * $Date: 2000/06/30 20:21:02 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/JspFactoryImpl.java,v
1.4.2.1 2001/05/18 14:40:35 marcsaeg Exp $
+ * $Revision: 1.4.2.1 $
+ * $Date: 2001/05/18 14:40:35 $
*
*
*
@@ -108,6 +108,8 @@
}
public void releasePageContext(PageContext pc) {
+if(pc == null)
+return;
pc.release();
if( usePool) {
pool.put( pc );
cvs commit: jakarta-tomcat/src/etc tomcat.policy
marcsaeg01/05/18 10:41:11 Modified:src/etc Tag: tomcat_32 tomcat.policy Log: Added read permission to line.separator and file.separator. Revision ChangesPath No revision No revision 1.5.2.3 +3 -0 jakarta-tomcat/src/etc/tomcat.policy Index: tomcat.policy === RCS file: /home/cvs/jakarta-tomcat/src/etc/tomcat.policy,v retrieving revision 1.5.2.2 retrieving revision 1.5.2.3 diff -u -r1.5.2.2 -r1.5.2.3 --- tomcat.policy 2001/04/13 22:09:06 1.5.2.2 +++ tomcat.policy 2001/05/18 17:41:02 1.5.2.3 @@ -44,4 +44,7 @@ permission java.util.PropertyPermission java.vm.version, read; permission java.util.PropertyPermission java.vm.vendor, read; permission java.util.PropertyPermission java.vm.name, read; + +permission java.util.PropertyPermission line.separator, read; +permission java.util.PropertyPermission file.separator, read; };
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util RequestUtil.java
marcsaeg01/05/11 15:34:30
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
RequestUtil.java
Log:
Fixes one last JSP source disclosure bug. On some platforms a URL ending
in .jsp%00 would cause the JSP's source text to be served back to the
client.
URLDecode() now works similar to Apache httpd and treats %00 and %2f
as forbidden characters in a URL.
Revision ChangesPath
No revision
No revision
1.14.2.4 +6 -13
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java
Index: RequestUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java,v
retrieving revision 1.14.2.3
retrieving revision 1.14.2.4
diff -u -r1.14.2.3 -r1.14.2.4
--- RequestUtil.java 2001/03/17 20:52:50 1.14.2.3
+++ RequestUtil.java 2001/05/11 22:34:28 1.14.2.4
@@ -274,7 +274,7 @@
* @author: cut paste from JServ, much faster that previous tomcat impl
*/
public final static String URLDecode(String str)
- throws NumberFormatException, StringIndexOutOfBoundsException
+ throws NumberFormatException,
StringIndexOutOfBoundsException,IllegalArgumentException
{
if (str == null) return null;
@@ -312,18 +312,11 @@
strPos++;
continue;
} else if (metaChar == '%') {
- // We throw the original exception - the super will deal with it
- //try {
- dec.append((char) Integer.parseInt(
-str.substring(strPos + 1, strPos +
3), 16));
- //} catch (NumberFormatException e) {
- //throw new IllegalArgumentException(invalid
hexadecimal
- //+ str.substring(strPos + 1, strPos + 3)
- //+ in URLencoded string (illegal unescaped
'%'?) );
- //} catch (StringIndexOutOfBoundsException e) {
- //throw new IllegalArgumentException(illegal
unescaped '%'
- //+ in URLencoded string );
- //}
+char c = (char) Integer.parseInt(str.substring(strPos + 1, strPos +
3), 16);
+if(c == '/' || c == '\0')
+throw new IllegalArgumentException(URL contains encoded
special chars.);
+
+dec.append(c);
strPos += 3;
}
}
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/connector Ajp12ConnectionHandler.java Ajp13ConnectorRequest.java
marcsaeg01/05/11 15:37:26
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
RequestImpl.java
src/share/org/apache/tomcat/service/connector Tag: tomcat_32
Ajp12ConnectionHandler.java
Ajp13ConnectorRequest.java
Log:
getRemoteHost() now does DNS lookups (if necessary) to determine the
remote host name based on the client's IP address.
PR: 208
Revision ChangesPath
No revision
No revision
1.52.2.10 +10 -2
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java
Index: RequestImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v
retrieving revision 1.52.2.9
retrieving revision 1.52.2.10
diff -u -r1.52.2.9 -r1.52.2.10
--- RequestImpl.java 2001/05/07 16:24:34 1.52.2.9
+++ RequestImpl.java 2001/05/11 22:37:21 1.52.2.10
@@ -813,9 +813,17 @@
}
public String getRemoteHost() {
-// This is belt and suspenders. The request adapters should have set this
correctly.
-if(remoteHost == null || remoteHost.length() == 0)
+// AJP12 defaults to empty string, AJP13 defaults to null
+if(remoteHost != null remoteHost.length() != 0)
+return remoteHost;
+
+try{
+remoteHost = InetAddress.getByName(remoteAddr).getHostName();
+}catch(Exception e){
+// If anything went wrong then fall back to using the remote hosts IP
address
remoteHost = remoteAddr;
+}
+
return remoteHost;
}
No revision
No revision
1.28.2.4 +0 -2
jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp12ConnectionHandler.java
Index: Ajp12ConnectionHandler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp12ConnectionHandler.java,v
retrieving revision 1.28.2.3
retrieving revision 1.28.2.4
diff -u -r1.28.2.3 -r1.28.2.4
--- Ajp12ConnectionHandler.java 2001/05/07 16:24:40 1.28.2.3
+++ Ajp12ConnectionHandler.java 2001/05/11 22:37:23 1.28.2.4
@@ -271,8 +271,6 @@
if( doLog ) log(AJP: RA= + remoteAddr );
remoteHost = ajpin.readString();//remote host
-if(remoteHost.length() == 0)
-remoteHost = remoteAddr; // If host isn't specified then use IP
address
if( doLog ) log(AJP: RH= + remoteHost );
remoteUser = ajpin.readString(null); //remote user
1.5.2.7 +3 -5
jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java
Index: Ajp13ConnectorRequest.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v
retrieving revision 1.5.2.6
retrieving revision 1.5.2.7
diff -u -r1.5.2.6 -r1.5.2.7
--- Ajp13ConnectorRequest.java2001/05/07 16:24:42 1.5.2.6
+++ Ajp13ConnectorRequest.java2001/05/11 22:37:24 1.5.2.7
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v
1.5.2.6 2001/05/07 16:24:42 marcsaeg Exp $
- * $Revision: 1.5.2.6 $
- * $Date: 2001/05/07 16:24:42 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v
1.5.2.7 2001/05/11 22:37:24 marcsaeg Exp $
+ * $Revision: 1.5.2.7 $
+ * $Date: 2001/05/11 22:37:24 $
*
*
*
@@ -144,8 +144,6 @@
requestURI = msg.getString();
remoteAddr = msg.getString();
remoteHost = msg.getString();
-if(remoteHost == null) //If we don't have a host then use the IP
address
-remoteHost = remoteAddr;
serverName = msg.getString();
serverPort = msg.getInt();
bsc= msg.getByte();
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/05/11 15:44:33 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Updated description of the fix for bug 208. Revision ChangesPath No revision No revision 1.1.2.8 +6 -3 jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.7 retrieving revision 1.1.2.8 diff -u -r1.1.2.7 -r1.1.2.8 --- RELEASE-NOTES 2001/05/08 01:31:17 1.1.2.7 +++ RELEASE-NOTES 2001/05/11 22:44:28 1.1.2.8 @@ -1,4 +1,4 @@ -$Id: RELEASE-NOTES,v 1.1.2.7 2001/05/08 01:31:17 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.8 2001/05/11 22:44:28 marcsaeg Exp $ Release Notes for: @@ -295,6 +295,7 @@ will indicate a URL scheme of HTTP. The AJP13 protocol does not suffer from this problem. + === 7. FIXES AND ENHANCEMENTS IN UPDATES @@ -332,8 +333,10 @@ - HttpServletRequest.encodeURL() now properly encodes URLs that contain an anchor but no query string. (#1182) - Error pages now work in virtual hosts. - - ServletRequest.getRemoteHost() now returns the remote IP address - if the remote host name isn't known. (#208) + - ServletRequest.getRemoteHost() now does a DNS lookup (if necessary) to + determine the name of the remote host. As required by the spec, if this + look up fails the method returns the remote host's IP address. (#208) + Jasper - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269) No revision No revision 1.8.2.20 +6 -3 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.19 retrieving revision 1.8.2.20 diff -u -r1.8.2.19 -r1.8.2.20 --- readme2001/05/08 01:31:19 1.8.2.19 +++ readme2001/05/11 22:44:32 1.8.2.20 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.19 2001/05/08 01:31:19 marcsaeg Exp $ +$Id: readme,v 1.8.2.20 2001/05/11 22:44:32 marcsaeg Exp $ Release Notes for: @@ -295,6 +295,7 @@ will indicate a URL scheme of HTTP. The AJP13 protocol does not suffer from this problem. + === 7. FIXES AND ENHANCEMENTS IN UPDATES @@ -332,8 +333,10 @@ - HttpServletRequest.encodeURL() now properly encodes URLs that contain an anchor but no query string. (#1182) - Error pages now work in virtual hosts. - - ServletRequest.getRemoteHost() now returns the remote IP address - if the remote host name isn't known. (#208) + - ServletRequest.getRemoteHost() now does a DNS lookup (if necessary) to + determine the name of the remote host. As required by the spec, if this + look up fails the method returns the remote host's IP address. (#208) + Jasper - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269)
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Constants.java
marcsaeg01/05/11 16:21:46
Modified:src/webpages Tag: tomcat_32 index.html
src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
Log:
Updated version numbers for Tomcat 3.2.2 beta 5.
Revision ChangesPath
No revision
No revision
1.13.2.17 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.16
retrieving revision 1.13.2.17
diff -u -r1.13.2.16 -r1.13.2.17
--- index.html2001/04/30 13:34:13 1.13.2.16
+++ index.html2001/05/11 23:21:42 1.13.2.17
@@ -4,13 +4,13 @@
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
meta name=GENERATOR content=Mozilla/4.72 [en] (WinNT; U) [Netscape]
meta name=Author content=Anil K. Vijendran
-titleTomcat v3.2.2 beta 4/title
+titleTomcat v3.2.2 beta 5/title
/head
body bgcolor=#FF
img SRC=tomcat.gif height=92 width=130 align=LEFTbfont face=Arial,
Helvetica, sans-seriffont size=+3Tomcat/font/font/b
br
bfont face=Arial, Helvetica, sans-seriffont size=-1Version
-3.2.2 beta 4/font/font/b
+3.2.2 beta 5/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
No revision
No revision
1.22.2.15 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.14
retrieving revision 1.22.2.15
diff -u -r1.22.2.14 -r1.22.2.15
--- Constants.java2001/04/30 13:34:12 1.22.2.14
+++ Constants.java2001/05/11 23:21:44 1.22.2.15
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = Tomcat Web Server;
-public static final String TOMCAT_VERSION = 3.2.2 beta 4;
+public static final String TOMCAT_VERSION = 3.2.2 beta 5;
public static final String JSP_NAME = JSP;
public static final String JSP_VERSION = 1.1;
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/05/07 06:34:36 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Some final updates to the release notes. Revision ChangesPath No revision No revision 1.1.2.6 +7 -14 jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.5 retrieving revision 1.1.2.6 diff -u -r1.1.2.5 -r1.1.2.6 --- RELEASE-NOTES 2001/04/30 13:18:59 1.1.2.5 +++ RELEASE-NOTES 2001/05/07 13:34:25 1.1.2.6 @@ -1,4 +1,4 @@ -$Id: RELEASE-NOTES,v 1.1.2.5 2001/04/30 13:18:59 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.6 2001/05/07 13:34:25 marcsaeg Exp $ Release Notes for: @@ -173,15 +173,8 @@ its experimental nature, and the extra overhead required to perform the necessary checks on every request. -6.5 Returned strings from getServletPath, getPathInfo, and getPathTranslated +6.5 Avoiding Out of environment space errors on Windows 95/98 -The Servlet 2.2 Errata - April 27, 2000 specifies that HttpServletRequest -methods getServletPath, getPathInfo, and getPathTranslated should return -decoded strings. This clarification has not been implemented in Tomcat 3.2. -In Tomcat 3.2, these methods return encoded strings. - -6.6 Avoiding Out of environment space errors on Windows 95/98 - This error can easily occur since the default amount of environment space is typically insufficient to run Tomcat. Here are a couple of ways to avoid it. @@ -212,7 +205,7 @@ line to your autoexec.bat or to the startup.bat and shutdown.bat files themselves. -6.7 URL's are now case sensitive on all operating systems +6.6 URL's are now case sensitive on all operating systems As of Tomcat 3.2, URL's are case sensitive for all operating systems, including operating systems which have case insensitive file systems, such as @@ -241,7 +234,7 @@ Tomcat, then invoking those links would carry the mismatched case to Tomcat where it cause the resource not to be found. -6.8 Generated Configuration Files for Web Connectors +6.7 Generated Configuration Files for Web Connectors At startup time, Tomcat normally generates configuration files like tomcat-apache.conf to reflect the contexts that are defined. However, the @@ -254,7 +247,7 @@ and will be addressed by the introduction of the MOD_WARP connector in Tomcat 4.0. -6.9 Limitation on Form Based Login +6.8 Limitation on Form Based Login If the pages you specify for form-login-page or form-error-page are within the area protected by a security constraint, Tomcat 3.2 will be unable to @@ -267,7 +260,7 @@ or more subdirectories, and establish security constraints to protect the subdirectories. -6.10 Limitation on Document Base Paths +6.9 Limitation on Document Base Paths Tomcat 3.2 is unable to support Windows SMB paths in a Context directive like this: @@ -282,7 +275,7 @@ where r: is mapped to this share. -6.11 Resource Paths Can't Contain URL Escapes +6.10 Resource Paths Can't Contain URL Escapes The path passed to javax.servlet.Context.getResource() and javax.servlet.Context.getResrouceAsStream() cannot contain URL escapes of No revision No revision 1.8.2.18 +7 -14 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.17 retrieving revision 1.8.2.18 diff -u -r1.8.2.17 -r1.8.2.18 --- readme2001/04/30 13:18:59 1.8.2.17 +++ readme2001/05/07 13:34:32 1.8.2.18 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.17 2001/04/30 13:18:59 marcsaeg Exp $ +$Id: readme,v 1.8.2.18 2001/05/07 13:34:32 marcsaeg Exp $ Release Notes for: @@ -173,15 +173,8 @@ its experimental nature, and the extra overhead required to perform the necessary checks on every request. -6.5 Returned strings from getServletPath, getPathInfo, and getPathTranslated +6.5 Avoiding Out of environment space errors on Windows 95/98 -The Servlet 2.2 Errata - April 27, 2000 specifies that HttpServletRequest -methods getServletPath, getPathInfo, and getPathTranslated should return -decoded strings. This clarification has not been implemented in Tomcat 3.2. -In Tomcat 3.2, these methods return encoded strings. - -6.6 Avoiding Out of environment space errors on Windows 95/98 - This error can easily occur since the default amount of environment
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/connector Ajp12ConnectionHandler.java Ajp13ConnectorRequest.java
marcsaeg01/05/07 09:24:46
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
RequestImpl.java
src/share/org/apache/tomcat/service/connector Tag: tomcat_32
Ajp12ConnectionHandler.java
Ajp13ConnectorRequest.java
Log:
The implementation of ServletRequest.getRemoteHost() was not spec compliant.
In cases where the host is not known (e.g. AJP12 and AJP13) the returned
value was either an empty string or a null. These are both wrong. The spec
says that getRemoteHost() return the remote IP address if the host is not
known.
PR: 208
Revision ChangesPath
No revision
No revision
1.52.2.9 +4 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java
Index: RequestImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v
retrieving revision 1.52.2.8
retrieving revision 1.52.2.9
diff -u -r1.52.2.8 -r1.52.2.9
--- RequestImpl.java 2001/04/17 10:43:52 1.52.2.8
+++ RequestImpl.java 2001/05/07 16:24:34 1.52.2.9
@@ -813,7 +813,10 @@
}
public String getRemoteHost() {
- return remoteHost;
+// This is belt and suspenders. The request adapters should have set this
correctly.
+if(remoteHost == null || remoteHost.length() == 0)
+remoteHost = remoteAddr;
+return remoteHost;
}
/** Fill in the buffer. This method is probably easier to implement than
No revision
No revision
1.28.2.3 +3 -1
jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp12ConnectionHandler.java
Index: Ajp12ConnectionHandler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp12ConnectionHandler.java,v
retrieving revision 1.28.2.2
retrieving revision 1.28.2.3
diff -u -r1.28.2.2 -r1.28.2.3
--- Ajp12ConnectionHandler.java 2000/11/10 06:42:51 1.28.2.2
+++ Ajp12ConnectionHandler.java 2001/05/07 16:24:40 1.28.2.3
@@ -271,7 +271,9 @@
if( doLog ) log(AJP: RA= + remoteAddr );
remoteHost = ajpin.readString();//remote host
- if( doLog ) log(AJP: RH= + remoteHost );
+if(remoteHost.length() == 0)
+remoteHost = remoteAddr; // If host isn't specified then use IP
address
+if( doLog ) log(AJP: RH= + remoteHost );
remoteUser = ajpin.readString(null); //remote user
if( doLog ) log(AJP: RU= + remoteUser);
1.5.2.6 +5 -3
jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java
Index: Ajp13ConnectorRequest.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v
retrieving revision 1.5.2.5
retrieving revision 1.5.2.6
diff -u -r1.5.2.5 -r1.5.2.6
--- Ajp13ConnectorRequest.java2001/02/14 22:19:55 1.5.2.5
+++ Ajp13ConnectorRequest.java2001/05/07 16:24:42 1.5.2.6
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v
1.5.2.5 2001/02/14 22:19:55 danmil Exp $
- * $Revision: 1.5.2.5 $
- * $Date: 2001/02/14 22:19:55 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Attic/Ajp13ConnectorRequest.java,v
1.5.2.6 2001/05/07 16:24:42 marcsaeg Exp $
+ * $Revision: 1.5.2.6 $
+ * $Date: 2001/05/07 16:24:42 $
*
*
*
@@ -144,6 +144,8 @@
requestURI = msg.getString();
remoteAddr = msg.getString();
remoteHost = msg.getString();
+if(remoteHost == null) //If we don't have a host then use the IP
address
+remoteHost = remoteAddr;
serverName = msg.getString();
serverPort = msg.getInt();
bsc= msg.getByte();
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/05/07 18:31:20 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Updated descriptions in section 4, added note about AJP12/SSL limitation to section 6 and added description of fix for bug 208. Revision ChangesPath No revision No revision 1.1.2.7 +19 -3 jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.6 retrieving revision 1.1.2.7 diff -u -r1.1.2.6 -r1.1.2.7 --- RELEASE-NOTES 2001/05/07 13:34:25 1.1.2.6 +++ RELEASE-NOTES 2001/05/08 01:31:17 1.1.2.7 @@ -1,4 +1,4 @@ -$Id: RELEASE-NOTES,v 1.1.2.6 2001/05/07 13:34:25 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.7 2001/05/08 01:31:17 marcsaeg Exp $ Release Notes for: @@ -70,9 +70,14 @@ version 3.1 also focused on reorganizing the code (modularization, cleanup, refactoring, removal of dead code, and separation of J2EE-specific code). -- Tomcat 3.2 is the first performance tune-up, and also adds a few new -features (see next section). +- Tomcat 3.2 was the first performance tune-up, and also added a few new +features. +- Tomcat 3.2.1 was a security update. See section 7.3 for details. + +- Tomcat 3.2.2 is a bug fix release. Section 7.1 describes the issues +that have been fixed in the version. + - Tomcat 4.0 is separate development from Tomcat 3.x. It is based on the Catalina architecture, which is very different from the architecture of Tomcat 3.x. In addition, Tomcat 4.0 is to be the reference implementation @@ -281,6 +286,15 @@ javax.servlet.Context.getResrouceAsStream() cannot contain URL escapes of the form %HH. Paths containing any URL escapes will return null. +6.11 AJP12 and SSL + +The AJP12 protocol does not provide a mechanism for identifying requests +that arrived on a secure transport (e.g. SSL). Tomcat assumes that any +request that arrived on server port 443 is secure and sets the URL scheme +to HTTPS. Requests on any other port are assumed to be non-secure and +will indicate a URL scheme of HTTP. The AJP13 protocol does not suffer +from this problem. + === 7. FIXES AND ENHANCEMENTS IN UPDATES @@ -318,6 +332,8 @@ - HttpServletRequest.encodeURL() now properly encodes URLs that contain an anchor but no query string. (#1182) - Error pages now work in virtual hosts. + - ServletRequest.getRemoteHost() now returns the remote IP address + if the remote host name isn't known. (#208) Jasper - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269) No revision No revision 1.8.2.19 +19 -3 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.18 retrieving revision 1.8.2.19 diff -u -r1.8.2.18 -r1.8.2.19 --- readme2001/05/07 13:34:32 1.8.2.18 +++ readme2001/05/08 01:31:19 1.8.2.19 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.18 2001/05/07 13:34:32 marcsaeg Exp $ +$Id: readme,v 1.8.2.19 2001/05/08 01:31:19 marcsaeg Exp $ Release Notes for: @@ -70,9 +70,14 @@ version 3.1 also focused on reorganizing the code (modularization, cleanup, refactoring, removal of dead code, and separation of J2EE-specific code). -- Tomcat 3.2 is the first performance tune-up, and also adds a few new -features (see next section). +- Tomcat 3.2 was the first performance tune-up, and also added a few new +features. +- Tomcat 3.2.1 was a security update. See section 7.3 for details. + +- Tomcat 3.2.2 is a bug fix release. Section 7.1 describes the issues +that have been fixed in the version. + - Tomcat 4.0 is separate development from Tomcat 3.x. It is based on the Catalina architecture, which is very different from the architecture of Tomcat 3.x. In addition, Tomcat 4.0 is to be the reference implementation @@ -281,6 +286,15 @@ javax.servlet.Context.getResrouceAsStream() cannot contain URL escapes of the form %HH. Paths containing any URL escapes will return null. +6.11 AJP12 and SSL + +The AJP12 protocol does not provide a mechanism for identifying requests +that arrived on a secure transport (e.g. SSL). Tomcat assumes that any +request that arrived on server port 443 is secure and sets the URL scheme +to HTTPS. Requests on any other port
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/04/30 06:18:59 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Release note updates for beta 4. Revision ChangesPath No revision No revision 1.1.2.5 +6 -1 jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- RELEASE-NOTES 2001/04/08 01:51:05 1.1.2.4 +++ RELEASE-NOTES 2001/04/30 13:18:59 1.1.2.5 @@ -1,4 +1,4 @@ -$Id: RELEASE-NOTES,v 1.1.2.4 2001/04/08 01:51:05 marcsaeg Exp $ +$Id: RELEASE-NOTES,v 1.1.2.5 2001/04/30 13:18:59 marcsaeg Exp $ Release Notes for: @@ -322,6 +322,9 @@ error-page tags in web.xml. (#291) - URL encoded data in servlet paths and path info are now decoded properly. (#657) + - HttpServletRequest.encodeURL() now properly encodes URLs that contain + an anchor but no query string. (#1182) + - Error pages now work in virtual hosts. Jasper - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269) @@ -337,6 +340,8 @@ - Fixed the defualt character encoding. The default charset is now ISO-8859-1. (#285) - jsp:plugin was not being expanded correctly. (#467) + - Fixed bug that could cause the body of a JSP page to be exeucted before + or while its jspInit() method was being executed. (#1280) Connectors No revision No revision 1.8.2.17 +6 -1 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.16 retrieving revision 1.8.2.17 diff -u -r1.8.2.16 -r1.8.2.17 --- readme2001/04/08 01:51:05 1.8.2.16 +++ readme2001/04/30 13:18:59 1.8.2.17 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.16 2001/04/08 01:51:05 marcsaeg Exp $ +$Id: readme,v 1.8.2.17 2001/04/30 13:18:59 marcsaeg Exp $ Release Notes for: @@ -322,6 +322,9 @@ error-page tags in web.xml. (#291) - URL encoded data in servlet paths and path info are now decoded properly. (#657) + - HttpServletRequest.encodeURL() now properly encodes URLs that contain + an anchor but no query string. (#1182) + - Error pages now work in virtual hosts. Jasper - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269) @@ -337,6 +340,8 @@ - Fixed the defualt character encoding. The default charset is now ISO-8859-1. (#285) - jsp:plugin was not being expanded correctly. (#467) + - Fixed bug that could cause the body of a JSP page to be exeucted before + or while its jspInit() method was being executed. (#1280) Connectors
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/servlet JspServlet.java
marcsaeg01/04/27 13:51:48
Modified:src/share/org/apache/jasper/servlet Tag: tomcat_32
JspServlet.java
Log:
The last commit accidentally remove a previous thread synchronization fix.
The creation of the compiler in doLoadJSP() must be synchronized.
Revision ChangesPath
No revision
No revision
1.3.2.7 +9 -2
jakarta-tomcat/src/share/org/apache/jasper/servlet/JspServlet.java
Index: JspServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/servlet/JspServlet.java,v
retrieving revision 1.3.2.6
retrieving revision 1.3.2.7
diff -u -r1.3.2.6 -r1.3.2.7
--- JspServlet.java 2001/04/25 23:29:30 1.3.2.6
+++ JspServlet.java 2001/04/27 20:51:47 1.3.2.7
@@ -418,7 +418,7 @@
* Several threads may be handling requests for the same jspUri.
* Only one of them is allowed to create the JspServletWrapper.
*/
-synchronized(this){
+synchronized(jsps){
wrapper = (JspServletWrapper) jsps.get(jspUri);
if(wrapper == null) {
wrapper = new JspServletWrapper(jspUri, isErrorPage);
@@ -593,7 +593,14 @@
req, res);
boolean outDated = false;
-Compiler compiler = ctxt.createCompiler();
+synchronized(jsw){
+/*
+ * Creating a compiler opens the associated .class file (if it exists)
+ * and reads the actual class name. If we allow a compiler to be
+ * created while a compile is going on then bad things can happen.
+ */
+Compiler compiler = ctxt.createCompiler();
+}
try {
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime BodyContentImpl.java
marcsaeg01/04/23 12:00:26
Modified:src/share/org/apache/jasper/runtime Tag: tomcat_32
BodyContentImpl.java
Log:
Fixing buffer size calculation. The last commit attempted to improve
performace by doubling the buffer size when reallocating. Unfortunately
I messed up applying the patch and got the bufferSize variable out of
sync with the actual size of the buffer.
PR: 1271
Revision ChangesPath
No revision
No revision
1.6.6.4 +4 -3
jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java
Index: BodyContentImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java,v
retrieving revision 1.6.6.3
retrieving revision 1.6.6.4
diff -u -r1.6.6.3 -r1.6.6.4
--- BodyContentImpl.java 2001/03/09 23:31:54 1.6.6.3
+++ BodyContentImpl.java 2001/04/23 19:00:20 1.6.6.4
@@ -111,9 +111,10 @@
//XXX Should it be multiple of DEFAULT_BUFFER_SIZE??
- if (len = Constants.DEFAULT_BUFFER_SIZE) {
- tmp = new char [bufferSize + Constants.DEFAULT_BUFFER_SIZE];
- bufferSize = bufferSize * 2;
+int newBufferSize = bufferSize * 2;
+if (len = newBufferSize) {
+ bufferSize = newBufferSize;
+ tmp = new char [bufferSize];
} else {
tmp = new char [bufferSize + len];
bufferSize += len;
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util ThreadPool.java
marcsaeg01/04/22 19:16:03
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
ThreadPool.java
Log:
Added a log message to indicate that the thread pool has been
exhausted. The log message will only show up in log levels of
INFORMATION and higher.
Exhuasting the pool is not an error condition, but if it happens
often enough it probably indicates that the server configuration
needs to be changed.
Revision ChangesPath
No revision
No revision
1.9.2.2 +6 -3
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/ThreadPool.java
Index: ThreadPool.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/ThreadPool.java,v
retrieving revision 1.9.2.1
retrieving revision 1.9.2.2
diff -u -r1.9.2.1 -r1.9.2.2
--- ThreadPool.java 2000/07/06 22:20:17 1.9.2.1
+++ ThreadPool.java 2001/04/23 02:16:03 1.9.2.2
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/ThreadPool.java,v
1.9.2.1 2000/07/06 22:20:17 alex Exp $
- * $Revision: 1.9.2.1 $
- * $Date: 2000/07/06 22:20:17 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/ThreadPool.java,v
1.9.2.2 2001/04/23 02:16:03 marcsaeg Exp $
+ * $Revision: 1.9.2.2 $
+ * $Date: 2001/04/23 02:16:03 $
*
*
*
@@ -205,6 +205,9 @@
int toOpen = currentThreadCount + minSpareThreads;
openThreads(toOpen);
} else {
+// XXX There really should be a way to log which pool is
exhuasted
+loghelper.log("Pool exhausted with " + currentThreadCount + "
threads.");
+
// Wait for a thread to become idel.
while(currentThreadsBusy == currentThreadCount) {
try {
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade HttpServletResponseFacade.java
marcsaeg01/04/16 09:02:13
Modified:src/share/org/apache/tomcat/facade Tag: tomcat_32
HttpServletResponseFacade.java
Log:
Completes the fix for Bugzilla 578. In addtion to needing the protocol handler for
HTTPS, the URL encoder also needs to properly determine the default port for secure
connections in addition to normal HTTP connections.
PR: 578
Submitted by: [EMAIL PROTECTED] (Santiago Gala)
Revision ChangesPath
No revision
No revision
1.6.2.4 +10 -7
jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java
Index: HttpServletResponseFacade.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
retrieving revision 1.6.2.3
retrieving revision 1.6.2.4
diff -u -r1.6.2.3 -r1.6.2.4
--- HttpServletResponseFacade.java2001/03/06 17:38:13 1.6.2.3
+++ HttpServletResponseFacade.java2001/04/16 16:02:12 1.6.2.4
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
1.6.2.3 2001/03/06 17:38:13 marcsaeg Exp $
- * $Revision: 1.6.2.3 $
- * $Date: 2001/03/06 17:38:13 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
1.6.2.4 2001/04/16 16:02:12 marcsaeg Exp $
+ * $Revision: 1.6.2.4 $
+ * $Date: 2001/04/16 16:02:12 $
*
*
*
@@ -353,11 +353,14 @@
return (false);
if (!request.getServerName().equalsIgnoreCase(url.getHost()))
return (false);
-// Set the URL port to HTTP default if not available before comparing
-int urlPort = url.getPort();
-if (urlPort == -1) {
+// Set the URL port to the HTTP(S) default if not available before comparing
+int urlPort = url.getPort();
+if (urlPort == -1) {
+if(request.isSecure())
+urlPort = 443;
+else
urlPort = 80;
-}
+}
if (request.getServerPort() != urlPort)
return (false);
String contextPath = request.getContext().getPath();
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util URLUtil.java
marcsaeg01/04/07 18:37:57
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32 Context.java
src/share/org/apache/tomcat/facade Tag: tomcat_32
ServletContextFacade.java
src/share/org/apache/tomcat/util Tag: tomcat_32 URLUtil.java
Log:
One more time to address the double decode security hole.
Trying to detect the URLFileConnection bug turned out to be problematic so I've
decided for now to just disallow all resource names with URL escapes
in them. This certainly prevents the security hole but does preclude
some resources that with valid escapes in them. This will be noted as
a Tomcat limitation.
Thanks to Costin for the simplifying idea.
Revision ChangesPath
No revision
No revision
1.100.2.7 +3 -6 jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java
Index: Context.java
===
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java,v
retrieving revision 1.100.2.6
retrieving revision 1.100.2.7
diff -u -r1.100.2.6 -r1.100.2.7
--- Context.java 2001/04/07 01:07:18 1.100.2.6
+++ Context.java 2001/04/08 01:37:57 1.100.2.7
@@ -169,8 +169,6 @@
Vector vhostAliases=new Vector();
FacadeManager facadeM;
-private boolean fileURLBug = URLUtil.hasFileURLBug();// Saves a
synchronized method call for each request
-
public Context() {
defaultContainer=new Container();
defaultContainer.setContext( this );
@@ -753,6 +751,9 @@
public URL getResource(String rpath) throws MalformedURLException {
if (rpath == null) return null;
+if(URLUtil.hasEscape(rpath))
+return null;
+
URL url = null;
String absPath=getAbsolutePath();
@@ -769,10 +770,6 @@
}
try {
-if(!fileURLBug){
-realPath = URLEncoder.encode(realPath);
-}
-System.out.println("Context.getResource: realPath = " + realPath);
url=new URL("file", null, 0,realPath );
if( debug9) log( "getResourceURL=" + url + " request=" + rpath );
return url;
No revision
No revision
1.3.2.3 +8 -0
jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/ServletContextFacade.java
Index: ServletContextFacade.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/ServletContextFacade.java,v
retrieving revision 1.3.2.2
retrieving revision 1.3.2.3
diff -u -r1.3.2.2 -r1.3.2.3
--- ServletContextFacade.java 2000/11/18 00:09:44 1.3.2.2
+++ ServletContextFacade.java 2001/04/08 01:37:57 1.3.2.3
@@ -137,6 +137,12 @@
}
public InputStream getResourceAsStream(String path) {
+if(path == null)
+return null;
+
+if(URLUtil.hasEscape(path))
+return null;
+
InputStream is = null;
try {
URL url = getResource(path);
@@ -145,6 +151,8 @@
is = con.getInputStream();
} catch (MalformedURLException e) {
} catch (IOException e) {
+} catch (NullPointerException e){
+// probably because getResource() returned null
}
return is;
}
No revision
No revision
1.7.2.2 +17 -39
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java
Index: URLUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -r1.7.2.1 -r1.7.2.2
--- URLUtil.java 2001/04/07 01:07:19 1.7.2.1
+++ URLUtil.java 2001/04/08 01:37:57 1.7.2.2
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v 1.7.2.1
2001/04/07 01:07:19 marcsaeg Exp $
- * $Revision: 1.7.2.1 $
- * $Date: 2001/04/07 01:07:19 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v 1.7.2.2
2001/04/08 01:37:57 marcsaeg Exp $
+ * $Revision: 1.7.2.2 $
+ * $Date: 2001/04/08 01:37:57 $
*
*
*
@@ -78,10 +78,6 @@
*/
public class URLUtil {
-
-private static boolean fileURLBug = false;
-private static boolean fileURLBugChecked = false;
-
public static URL resolve(String s)
throws MalformedURLException
{
@@ -1
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/04/07 18:51:05 Modified:.Tag: tomcat_32 RELEASE-NOTES src/doc Tag: tomcat_32 readme Log: Updates prior to releasing 3.2.2 beta 3. Revision ChangesPath No revision No revision 1.1.2.4 +305 -59 jakarta-tomcat/Attic/RELEASE-NOTES Index: RELEASE-NOTES === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-NOTES,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- RELEASE-NOTES 2001/02/25 20:38:11 1.1.2.3 +++ RELEASE-NOTES 2001/04/08 01:51:05 1.1.2.4 @@ -1,3 +1,5 @@ +$Id: RELEASE-NOTES,v 1.1.2.4 2001/04/08 01:51:05 marcsaeg Exp $ + Release Notes for: TOMCAT Version 3.2.2 @@ -27,11 +29,10 @@ You should read the License Agreement (in the LICENSE file of the top level directory), which applies to all software included in this release. - -This document adds descriptions of the bug fixes and enhancements that have -been added in update releases of Tomcat 3.2 since the original release. See -Section 7 for details. +Tomcat Version 3.2.2 is a bug fix release. No new features have been +added in this release. The bugs known to be fixed in Version 3.2.2 +are described in section 7.1 below. = 2. INSTALLING AND RUNNING TOMCAT @@ -43,8 +44,7 @@ For detailed information about installing and running Tomcat, point your browser at file "doc/uguide/tomcat_ug.html" under the directory into which -you unpacked the Tomcat distribution or see the documentation at -http://jakarta.apache.org/tomcat/index.html. +you unpacked the Tomcat distribution. = @@ -59,35 +59,39 @@ = 4. TOMCAT: PAST, PRESENT, AND FUTURE -- Version 3.0 (released 12/1999) was the initial release of Tomcat. In -addition to implementing the Java Servlet and Server Pages specification, +- Version 3.0 (released 12/1999) was the initial release of Tomcat. In +addition to implementing the Java Servlet and Server Pages specification, this release featured a minimal Apache connector. -- Tomcat 3.1 (released 4/2000) improved the Apache connection and added -connector support for Netscape and IIS web servers. It also added WAR file -support, automatic servlet reloading, and a command line tool (jspc) to -compile the JSP pages that comprise your application in advance of -deployment. Finally, version 3.1 also focused on reorganizing the code -(modularization, cleanup, refactoring, removal of dead code, and separation -of J2EE-specific code). +- Tomcat 3.1 (released 4/2000) improved the Apache connection and added +connector support for Netscape and IIS web servers. It also added WAR file +support, automatic servlet reloading, and a command line tool (jspc) to +compile ahead of time the JSP pages that comprise your application. Finally, +version 3.1 also focused on reorganizing the code (modularization, cleanup, +refactoring, removal of dead code, and separation of J2EE-specific code). -- Tomcat 3.2 is the first performance tune-up, and also adds a few new +- Tomcat 3.2 is the first performance tune-up, and also adds a few new features (see next section). -- Tomcat 3.2.2 is a bug fix release that collects the fixes that have -been applied since version 3.2.1 was released. +- Tomcat 4.0 is separate development from Tomcat 3.x. It is based on the +Catalina architecture, which is very different from the architecture of +Tomcat 3.x. In addition, Tomcat 4.0 is to be the reference implementation +for the Servlet 2.3 and JSP 1.2 specifications. -- It is expected that Tomcat 3.3 will feature additional major performance -improvements resulting from changes in data representation and algorithms. -Version 3.3 will also undergo a major review of security (to be able to -trust that "untrusted" code runs safely), and support for I18N character -sets. = 5. NEW FEATURES IN THIS RELEASE + +5.1 Docbase and File Based Localization + +Tomcat 3.2.2 now supports a method mapping requests into localized resources +automatically based on the client's and the server's locale. Localized +content can be organized using one directory per locale (Docbase) or +into a single directory the locale specified in the file names (File based). + +A detailed description of this feature can be found in +doc/tomcat-l
cvs commit: jakarta-tomcat/src/webpages index.html
marcsaeg01/04/07 18:55:10
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
src/webpages Tag: tomcat_32 index.html
Log:
Changed version numbers to Tomcat 3.2.2 beta 3.
Revision ChangesPath
No revision
No revision
1.22.2.13 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.12
retrieving revision 1.22.2.13
diff -u -r1.22.2.12 -r1.22.2.13
--- Constants.java2001/03/23 19:13:15 1.22.2.12
+++ Constants.java2001/04/08 01:55:10 1.22.2.13
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = "Tomcat Web Server";
-public static final String TOMCAT_VERSION = "3.2.2 beta 2";
+public static final String TOMCAT_VERSION = "3.2.2 beta 3";
public static final String JSP_NAME = "JSP";
public static final String JSP_VERSION = "1.1";
No revision
No revision
1.13.2.15 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.14
retrieving revision 1.13.2.15
diff -u -r1.13.2.14 -r1.13.2.15
--- index.html2001/03/23 19:13:15 1.13.2.14
+++ index.html2001/04/08 01:55:10 1.13.2.15
@@ -4,13 +4,13 @@
meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
meta name="GENERATOR" content="Mozilla/4.72 [en] (WinNT; U) [Netscape]"
meta name="Author" content="Anil K. Vijendran"
-titleTomcat v3.2.2 beta 2/title
+titleTomcat v3.2.2 beta 3/title
/head
body bgcolor="#FF"
img SRC="tomcat.gif" height=92 width=130 align=LEFTbfont face="Arial,
Helvetica, sans-serif"font size=+3Tomcat/font/font/b
br
bfont face="Arial, Helvetica, sans-serif"font size=-1Version
-3.2.2 beta 2/font/font/b
+3.2.2 beta 3/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util URLUtil.java
marcsaeg01/04/06 18:07:19
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32 Context.java
src/share/org/apache/tomcat/util Tag: tomcat_32 URLUtil.java
Log:
Fixes a security hole caused by URLs being decoded twice. The second
decoding is happening when an InputStream is opened on a file: URL. The
security problem does not appear when using JDK1.2.2.
Revision ChangesPath
No revision
No revision
1.100.2.6 +8 -2 jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java
Index: Context.java
===
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java,v
retrieving revision 1.100.2.5
retrieving revision 1.100.2.6
diff -u -r1.100.2.5 -r1.100.2.6
--- Context.java 2001/03/16 23:43:53 1.100.2.5
+++ Context.java 2001/04/07 01:07:18 1.100.2.6
@@ -168,6 +168,8 @@
String vhost=null;
Vector vhostAliases=new Vector();
FacadeManager facadeM;
+
+private boolean fileURLBug = URLUtil.hasFileURLBug();// Saves a
synchronized method call for each request
public Context() {
defaultContainer=new Container();
@@ -767,9 +769,13 @@
}
try {
-url=new URL("file", null, 0,realPath );
+if(!fileURLBug){
+realPath = URLEncoder.encode(realPath);
+}
+System.out.println("Context.getResource: realPath = " + realPath);
+url=new URL("file", null, 0,realPath );
if( debug9) log( "getResourceURL=" + url + " request=" + rpath );
- return url;
+return url;
} catch( IOException ex ) {
ex.printStackTrace();
return null;
No revision
No revision
1.7.2.1 +47 -3
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java
Index: URLUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- URLUtil.java 2000/05/01 23:07:48 1.7
+++ URLUtil.java 2001/04/07 01:07:19 1.7.2.1
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v 1.7
2000/05/01 23:07:48 costin Exp $
- * $Revision: 1.7 $
- * $Date: 2000/05/01 23:07:48 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/URLUtil.java,v 1.7.2.1
2001/04/07 01:07:19 marcsaeg Exp $
+ * $Revision: 1.7.2.1 $
+ * $Date: 2001/04/07 01:07:19 $
*
*
*
@@ -65,7 +65,10 @@
package org.apache.tomcat.util;
import java.net.URL;
+import java.net.URLConnection;
import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
import java.net.MalformedURLException;
import java.io.IOException;
@@ -76,6 +79,9 @@
public class URLUtil {
+private static boolean fileURLBug = false;
+private static boolean fileURLBugChecked = false;
+
public static URL resolve(String s)
throws MalformedURLException
{
@@ -183,4 +189,42 @@
return null;
}
+/*
+ * There was a bug in versions of Suns Java runtime
+ * in versions prior to 1.3.0 for file: URLs. In those version
+ * URL encodings (%HH) were not decoded, in 1.3.0 and later
+ * they are. For example, in 1.2.2, the URL file:%2e would try
+ * try to open a file called %2e. In 1.3.0 and later it would
+ * try to open the current directory (i.e. .).
+ *
+ * This extra URL decoding for file: URLs can open severe security
+ * holes because it causes URLs to be decoded twice. For example,
+ * a request URI containing sequences of /%252e%252e would get
+ * interpreted as sequences of /.. and could escape the web application.
+ *
+ * The only way to determine if the current VM suffers from this bug
+ * of not is to execute a URLConnection.getInputStream() on a file
+ * URL
+ *
+ */
+public static synchronized boolean hasFileURLBug()
+{
+if(!fileURLBugChecked){
+fileURLBugChecked = true;
+fileURLBug = false;
+try{
+System.out.println("URLUtil.hasFileURLBug: user.dir = " +
System.getProperty("user.dir"));
+URL url = new URL("file:%2e");
+URLConnection con = url.openConnection();
+InputStream is = con.getInputStream();
+
cvs commit: jakarta-tomcat/src/doc Tomcat-on-NetWare-HowTo.html
marcsaeg01/03/27 13:29:30 Added: src/doc Tag: tomcat_32 Tomcat-on-NetWare-HowTo.html Log: Adding new "how to" document for Tomcat on NetWare. Submitted by:Mike Anderson [[EMAIL PROTECTED]] Revision ChangesPath No revision No revision 1.1.2.1 +348 -0jakarta-tomcat/src/doc/Attic/Tomcat-on-NetWare-HowTo.html
cvs commit: jakarta-tomcat/src/webpages index.html
marcsaeg01/03/23 11:13:16
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
src/webpages Tag: tomcat_32 index.html
Log:
Updating version numbers for the Tomcat 3.2.2 beta 2 release.
Revision ChangesPath
No revision
No revision
1.22.2.12 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.11
retrieving revision 1.22.2.12
diff -u -r1.22.2.11 -r1.22.2.12
--- Constants.java2001/02/26 17:20:33 1.22.2.11
+++ Constants.java2001/03/23 19:13:15 1.22.2.12
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = "Tomcat Web Server";
-public static final String TOMCAT_VERSION = "3.2.2 beta 1";
+public static final String TOMCAT_VERSION = "3.2.2 beta 2";
public static final String JSP_NAME = "JSP";
public static final String JSP_VERSION = "1.1";
No revision
No revision
1.13.2.14 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.13
retrieving revision 1.13.2.14
diff -u -r1.13.2.13 -r1.13.2.14
--- index.html2001/03/09 18:52:18 1.13.2.13
+++ index.html2001/03/23 19:13:15 1.13.2.14
@@ -4,13 +4,13 @@
meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
meta name="GENERATOR" content="Mozilla/4.72 [en] (WinNT; U) [Netscape]"
meta name="Author" content="Anil K. Vijendran"
-titleTomcat v3.2.2 beta 1/title
+titleTomcat v3.2.2 beta 2/title
/head
body bgcolor="#FF"
img SRC="tomcat.gif" height=92 width=130 align=LEFTbfont face="Arial,
Helvetica, sans-serif"font size=+3Tomcat/font/font/b
br
bfont face="Arial, Helvetica, sans-serif"font size=-1Version
-3.2.2 beta 1/font/font/b
+3.2.2 beta 2/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade HttpServletRequestFacade.java
marcsaeg01/03/22 06:51:54 Modified:src/share/org/apache/tomcat/facade Tag: tomcat_32 HttpServletRequestFacade.java Log: Fixing missing type for NO_SESSION_FACADE. Revision ChangesPath No revision No revision 1.6.2.3 +1 -1 jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletRequestFacade.java Index: HttpServletRequestFacade.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletRequestFacade.java,v retrieving revision 1.6.2.2 retrieving revision 1.6.2.3 diff -u -r1.6.2.2 -r1.6.2.3 --- HttpServletRequestFacade.java 2001/03/21 21:13:54 1.6.2.2 +++ HttpServletRequestFacade.java 2001/03/22 14:51:54 1.6.2.3 @@ -89,7 +89,7 @@ HttpSessionFacade sessionFacade; ServletInputStreamFacade isFacade=null; BufferedReader reader; -static final NO_SESSION_FACADE=true; +static final boolean NO_SESSION_FACADE=true; private boolean usingStream = false; private boolean usingReader = false;
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service/http HttpConnectionHandler.java
marcsaeg01/03/21 09:11:43
Modified:src/share/org/apache/tomcat/service Tag: tomcat_32
PoolTcpEndpoint.java
src/share/org/apache/tomcat/service/http Tag: tomcat_32
HttpConnectionHandler.java
Log:
Moving the recently added socket timeout handling from PoolTcpEndpoint into
the HTTP connection handler where it belongs (thanks Henri). There
are other users of the PoolTcpEndpoint code that will break if the
socket read times out.
PR: 1006
Revision ChangesPath
No revision
No revision
1.8.2.5 +3 -6
jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java
Index: PoolTcpEndpoint.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java,v
retrieving revision 1.8.2.4
retrieving revision 1.8.2.5
diff -u -r1.8.2.4 -r1.8.2.5
--- PoolTcpEndpoint.java 2001/03/20 22:21:25 1.8.2.4
+++ PoolTcpEndpoint.java 2001/03/21 17:11:29 1.8.2.5
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java,v
1.8.2.4 2001/03/20 22:21:25 marcsaeg Exp $
- * $Revision: 1.8.2.4 $
- * $Date: 2001/03/20 22:21:25 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java,v
1.8.2.5 2001/03/21 17:11:29 marcsaeg Exp $
+ * $Revision: 1.8.2.5 $
+ * $Date: 2001/03/21 17:11:29 $
*
*
*
@@ -290,9 +290,6 @@
accepted = null;
}
}
-
-if(accepted != null)
-accepted.setSoTimeout(timeout);
if( factory != null accepted != null)
factory.initSocket( accepted );
}
No revision
No revision
1.26.2.4 +18 -3
jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpConnectionHandler.java
Index: HttpConnectionHandler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpConnectionHandler.java,v
retrieving revision 1.26.2.3
retrieving revision 1.26.2.4
diff -u -r1.26.2.3 -r1.26.2.4
--- HttpConnectionHandler.java2000/10/04 20:23:56 1.26.2.3
+++ HttpConnectionHandler.java2001/03/21 17:11:38 1.26.2.4
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpConnectionHandler.java,v
1.26.2.3 2000/10/04 20:23:56 costin Exp $
- * $Revision: 1.26.2.3 $
- * $Date: 2000/10/04 20:23:56 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpConnectionHandler.java,v
1.26.2.4 2001/03/21 17:11:38 marcsaeg Exp $
+ * $Revision: 1.26.2.4 $
+ * $Date: 2001/03/21 17:11:38 $
*
*
*
@@ -77,6 +77,8 @@
public class HttpConnectionHandler implements TcpConnectionHandler {
+private int timeout = 30; // 5 minutes
+
boolean secure=false;
ContextManager contextM;
@@ -139,6 +141,7 @@
return;
// System.out.print("1");
socket=connection.getSocket();
+socket.setSoTimeout(timeout);
if (socket == null)
return;
// System.out.print("2");
@@ -230,6 +233,18 @@
// SocketExceptions are normal
contextM.doLog( "SocketException reading request, ignored", e,
Logger.INFORMATION);
}
+catch (java.io.InterruptedIOException ioe) {
+// InterruptedIOException are timeout and we must abort process
+ioe.printStackTrace();
+contextM.doLog( "Timeout while reading request, aborting", ioe,
Logger.ERROR);
+try{
+if (socket != null)
+socket.close ();
+}
+catch (IOException e){
+ /* ignore */
+}
+}
catch (java.io.IOException e) {
// IOExceptions are normal
contextM.doLog( "IOException reading request, ignored", e,
Logger.INFORMATION);
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/03/21 15:07:01 Modified:src/doc Tag: tomcat_32 readme Log: Another round of updates to the release notes prior to releasing 3.2.2-beta 2 Revision ChangesPath No revision No revision 1.8.2.15 +22 -2 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.14 retrieving revision 1.8.2.15 diff -u -r1.8.2.14 -r1.8.2.15 --- readme2001/03/09 18:51:40 1.8.2.14 +++ readme2001/03/21 23:06:58 1.8.2.15 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.14 2001/03/09 18:51:40 marcsaeg Exp $ +$Id: readme,v 1.8.2.15 2001/03/21 23:06:58 marcsaeg Exp $ Release Notes for: @@ -82,9 +82,17 @@ = 5. NEW FEATURES IN THIS RELEASE -Tomcat Version 3.2.2 is a bug release only. No new features were added. +5.1 Docbase and File Based Localization +Tomcat 3.2.2 now supports a method mapping requests into localized resources +automatically based on the client's and the server's locale. Localized +content can be organized using one directory per locale (Docbase) or +into a single directory the locale specified in the file names (File based). +A detailed description of this feature can be found in +doc/tomcat-localization-how.html + + = 6. KNOWN BUGS AND ISSUES @@ -305,6 +313,11 @@ - Fix session tracking through forward(). (#504) - Fix problem with getSession() overwritting the requested session ID and related URL rewritting problems. (#160) + - Better error reporting for load-on-startup servler load failures. ((#489) + - Static files (e.g. .html) can how be used as the location for + error-page tags in web.xml. (#291) + - URL encoded data in servlet paths and path info are now decoded + properly. (#657) Jasper - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269) @@ -317,16 +330,23 @@ - Better error reporting if compile fails due to missing tag library. - Fix thread synchronization problem that can cause page compilation to fail (#44). + - Fixed the defualt character encoding. The default charset is now + ISO-8859-1. (#285) + - jsp:plugin was not being expanded correctly. (#467) + Connectors - Fix infinite loop on invalid content-length for ajp12. (#264) - Fix infinite llop if Tomcat connector closed connection. (#510) - For ajp13 protocol, add support for multipart form encoding and file uploads now work. - Reading session ids from cookies in the load balancer. (#603) + - HTTP connections now time out if no data is received from the + client. (#1006) IIS - Better error logging for startup failures. + NetWare - Fix for netbuf_getbytes() not supported on NetWare 5.1.
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/service PoolTcpEndpoint.java
marcsaeg01/03/20 14:21:28
Modified:src/share/org/apache/tomcat/service Tag: tomcat_32
PoolTcpEndpoint.java
Log:
Set the SO_TIMEOUT value on the accepted socket. This prevents a DOS
attacked by clients opening connections and never sending any data.
The default timeout was also increased from 1 second to 5 minutes (which
is the default value used by Apache httpd).
PR: 1006
Submitted by: [EMAIL PROTECTED] (Tal Dayan)
Revision ChangesPath
No revision
No revision
1.8.2.4 +9 -6
jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java
Index: PoolTcpEndpoint.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java,v
retrieving revision 1.8.2.3
retrieving revision 1.8.2.4
diff -u -r1.8.2.3 -r1.8.2.4
--- PoolTcpEndpoint.java 2000/11/17 23:19:55 1.8.2.3
+++ PoolTcpEndpoint.java 2001/03/20 22:21:25 1.8.2.4
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java,v
1.8.2.3 2000/11/17 23:19:55 craigmcc Exp $
- * $Revision: 1.8.2.3 $
- * $Date: 2000/11/17 23:19:55 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Attic/PoolTcpEndpoint.java,v
1.8.2.4 2001/03/20 22:21:25 marcsaeg Exp $
+ * $Revision: 1.8.2.4 $
+ * $Date: 2001/03/20 22:21:25 $
*
*
*
@@ -98,7 +98,7 @@
private static StringManager sm =
StringManager.getManager("org.apache.tomcat.service");
private static final int BACKLOG = 100;
-private static final int TIMEOUT = 1000;
+private static final int TIMEOUT = 30; // 5 minutes
private boolean isPool = true;
@@ -290,8 +290,11 @@
accepted = null;
}
}
- if( factory != null accepted != null)
- factory.initSocket( accepted );
+
+if(accepted != null)
+accepted.setSoTimeout(timeout);
+if( factory != null accepted != null)
+factory.initSocket( accepted );
}
}
cvs commit: jakarta-tomcat/src/doc/appdev web.xml.txt
marcsaeg01/03/19 15:51:44 Modified:src/doc/appdev Tag: tomcat_32 web.xml.txt Log: Fixed a couple simple typos. /param-name was paramName in a couple places. PR: 1012 Submitted by: [EMAIL PROTECTED] (Kaaskopjes) Revision ChangesPath No revision No revision 1.1.4.2 +2 -2 jakarta-tomcat/src/doc/appdev/web.xml.txt Index: web.xml.txt === RCS file: /home/cvs/jakarta-tomcat/src/doc/appdev/web.xml.txt,v retrieving revision 1.1.4.1 retrieving revision 1.1.4.2 diff -u -r1.1.4.1 -r1.1.4.2 --- web.xml.txt 2000/07/06 23:26:57 1.1.4.1 +++ web.xml.txt 2001/03/19 23:51:43 1.1.4.2 @@ -85,11 +85,11 @@ /description servlet-classcom.mycompany.mypackage.ControllerServlet/servlet-class init-param -param-namelistOrders/paramName +param-namelistOrders/param-name param-valuecom.mycompany.myactions.ListOrdersAction/param-value /init-param init-param -param-namesaveCustomer/paramName +param-namesaveCustomer/param-name param-valuecom.mycompany.myactions.SaveCustomerAction/param-value /init-param !-- Load this servlet at server startup time --
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/session StandardManager.java StandardSession.java
marcsaeg01/03/16 16:08:46
Modified:src/share/org/apache/tomcat/session Tag: tomcat_32
StandardManager.java StandardSession.java
Log:
HttpSession.getLastAccessedTime() returns the time the session was accessed
prior to the current request. Therefore two access times are maintained
within the session (lastAccessedTime and thisAccessedTime).
Session expiration should be based on the most recent accessed time, not
the value returned by getLastAccessedTime(), otherewise its possible to
expire a session prematurely.
This fix adds method to StandardSession to expose the value of
thisAccessedTime and change session expiration checking to use this method.
PR: 570
Submitted by: [EMAIL PROTECTED]
Revision ChangesPath
No revision
No revision
1.11.2.3 +5 -5
jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java
Index: StandardManager.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v
retrieving revision 1.11.2.2
retrieving revision 1.11.2.3
diff -u -r1.11.2.2 -r1.11.2.3
--- StandardManager.java 2000/12/22 17:38:15 1.11.2.2
+++ StandardManager.java 2001/03/17 00:08:40 1.11.2.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v
1.11.2.2 2000/12/22 17:38:15 marcsaeg Exp $
- * $Revision: 1.11.2.2 $
- * $Date: 2000/12/22 17:38:15 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardManager.java,v
1.11.2.3 2001/03/17 00:08:40 marcsaeg Exp $
+ * $Revision: 1.11.2.3 $
+ * $Date: 2001/03/17 00:08:40 $
*
*
*
@@ -103,7 +103,7 @@
* @author [EMAIL PROTECTED]
* @author a href="mailto:[EMAIL PROTECTED]"Jon S. Stevens/a
* @author Shai Fultheim [[EMAIL PROTECTED]]
- * @version $Revision: 1.11.2.2 $ $Date: 2000/12/22 17:38:15 $
+ * @version $Revision: 1.11.2.3 $ $Date: 2001/03/17 00:08:40 $
*/
public final class StandardManager implements Runnable {
// - Instance Variables
@@ -478,7 +478,7 @@
if (maxInactiveInterval 0)
continue;
int timeIdle = // Truncate, do not round up
- (int) ((timeNow - session.getLastAccessedTime()) / 1000L);
+ (int) ((timeNow - session.getLatestAccessedTime()) / 1000L);
if (timeIdle = maxInactiveInterval)
session.expire();
}
1.15.2.1 +12 -4
jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSession.java
Index: StandardSession.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSession.java,v
retrieving revision 1.15
retrieving revision 1.15.2.1
diff -u -r1.15 -r1.15.2.1
--- StandardSession.java 2000/06/18 22:21:49 1.15
+++ StandardSession.java 2001/03/17 00:08:42 1.15.2.1
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSession.java,v
1.15 2000/06/18 22:21:49 jon Exp $
- * $Revision: 1.15 $
- * $Date: 2000/06/18 22:21:49 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSession.java,v
1.15.2.1 2001/03/17 00:08:42 marcsaeg Exp $
+ * $Revision: 1.15.2.1 $
+ * $Date: 2001/03/17 00:08:42 $
*
*
*
@@ -97,7 +97,7 @@
*
* @author Craig R. McClanahan
* @author a href="mailto:[EMAIL PROTECTED]"Jon S. Stevens/a
- * @version $Revision: 1.15 $ $Date: 2000/06/18 22:21:49 $
+ * @version $Revision: 1.15.2.1 $ $Date: 2001/03/17 00:08:42 $
*/
final class StandardSession
@@ -269,6 +269,14 @@
}
+
+/**
+ *
+ */
+public long getLatestAccessedTime()
+{
+return this.thisAccessedTime;
+}
/**
* Return the Manager within which this Session is valid.
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/context DefaultCMSetter.java
marcsaeg01/03/16 16:26:44
Modified:src/share/org/apache/tomcat/context Tag: tomcat_32
DefaultCMSetter.java
Log:
Use the default locale for generated error pages.
Reported by [EMAIL PROTECTED] (Yoshiyuki Karezaki).
PR: 691
Submitted by: Kazuhiro Kazama
Revision ChangesPath
No revision
No revision
1.45.2.9 +20 -4
jakarta-tomcat/src/share/org/apache/tomcat/context/Attic/DefaultCMSetter.java
Index: DefaultCMSetter.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/context/Attic/DefaultCMSetter.java,v
retrieving revision 1.45.2.8
retrieving revision 1.45.2.9
diff -u -r1.45.2.8 -r1.45.2.9
--- DefaultCMSetter.java 2000/11/11 02:56:57 1.45.2.8
+++ DefaultCMSetter.java 2001/03/17 00:26:39 1.45.2.9
@@ -151,7 +151,11 @@
public void doService(Request req, Response res)
throws Exception
{
- res.setContentType("text/html");// ISO-8859-1 default
+ String charset = LocaleToCharsetMap.getCharset(Locale.getDefault());
+ if (charset == null || charset.equalsIgnoreCase("ISO-8859-1"))
+ res.setContentType("text/html");
+ else
+ res.setContentType("text/html; charset=" + charset);
String requestURI = (String)req.
getAttribute("javax.servlet.include.request_uri");
@@ -226,7 +230,11 @@
return;
}
- res.setContentType("text/html");
+ String charset = LocaleToCharsetMap.getCharset(Locale.getDefault());
+ if (charset == null || charset.equalsIgnoreCase("ISO-8859-1"))
+ res.setContentType("text/html");
+ else
+ res.setContentType("text/html; charset=" + charset);
res.setStatus( 500 );
StringBuffer buf = new StringBuffer();
@@ -331,7 +339,11 @@
String msg=(String)req.getAttribute("javax.servlet.error.message");
String errorURI = res.getErrorURI();
- res.setContentType("text/html");
+ String charset = LocaleToCharsetMap.getCharset(Locale.getDefault());
+ if (charset == null || charset.equalsIgnoreCase("ISO-8859-1"))
+ res.setContentType("text/html");
+ else
+ res.setContentType("text/html; charset=" + charset);
// res is reset !!!
// status is already set
int sc=res.getStatus();
@@ -432,7 +444,11 @@
if( debug0) ctx.log("Redirect " + location + " " + req );
- res.setContentType("text/html");// ISO-8859-1 default
+ String charset = LocaleToCharsetMap.getCharset(Locale.getDefault());
+ if (charset == null || charset.equalsIgnoreCase("ISO-8859-1"))
+ res.setContentType("text/html");
+ else
+ res.setContentType("text/html; charset=" + charset);
res.setHeader("Location", location);
StringBuffer buf = new StringBuffer();
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
marcsaeg01/03/15 11:00:42
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
RequestImpl.java
Log:
The servlet path and path info were being stored in their URL encoded
form which violates the servlet spec.
According to the Servlet 2.2 API specification errata dated 4/27/2000,
the servlet path, path info and path translated values (i.e.
getServletPath(), getPathInfo() and getPathTranslated()) should return
decoded values.
For example
http://localhost/space+test.html
should return a servlet path of
/space test.html
and
http://localhost/servlet/SnoopServlet/path%20info
should return a path info of
/path info
PR: 657/Bugzilla 369
Revision ChangesPath
No revision
No revision
1.52.2.7 +14 -2
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java
Index: RequestImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v
retrieving revision 1.52.2.6
retrieving revision 1.52.2.7
diff -u -r1.52.2.6 -r1.52.2.7
--- RequestImpl.java 2001/03/06 01:09:51 1.52.2.6
+++ RequestImpl.java 2001/03/15 19:00:37 1.52.2.7
@@ -573,7 +573,13 @@
public void setPathInfo(String pathInfo) {
-this.pathInfo = pathInfo;
+try{
+this.pathInfo = RequestUtil.URLDecode(pathInfo);
+}catch(Exception e){
+if(contextM != null)
+contextM.log("RequestImpl.setPathInfo: Unable to decode pathInfo,
using encoded version. pathInfo = " + pathInfo);
+this.pathInfo = pathInfo;
+}
}
/** Set query string - will be called by forward
@@ -585,7 +591,13 @@
}
public void setServletPath(String servletPath) {
- this.servletPath = servletPath;
+try{
+this.servletPath = RequestUtil.URLDecode(servletPath);
+}catch(Exception e){
+if(contextM != null)
+contextM.log("RequestImpl.setServletPath: Unable to decode servlet
path, using encoded version. path = " + servletPath);
+this.servletPath = servletPath;
+}
}
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request StaticInterceptor.java
marcsaeg01/03/12 13:50:16
Modified:src/share/org/apache/tomcat/request Tag: tomcat_32
StaticInterceptor.java
Log:
Using an HTML file (or any other static content) as the location
for an error-page in web.xml wouldn't work. If the error-page
was for the 404 status code, the container would enter an infinite
loop.
FileHandler.service() now looks for the javax.servlet.include.request_uri
attribute in the request and if it isn't null is uses this as the file
to serve.
PR: 291
Revision ChangesPath
No revision
No revision
1.7.2.7 +4 -1
jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/StaticInterceptor.java
Index: StaticInterceptor.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/StaticInterceptor.java,v
retrieving revision 1.7.2.6
retrieving revision 1.7.2.7
diff -u -r1.7.2.6 -r1.7.2.7
--- StaticInterceptor.java2000/12/12 20:33:46 1.7.2.6
+++ StaticInterceptor.java2001/03/12 21:50:16 1.7.2.7
@@ -332,7 +332,10 @@
subReq=req.getChild();
Context ctx=subReq.getContext();
- String pathInfo=subReq.getServletPath();
+ // If this file is being included, use javax.servlet.include.request_uri.
+ String pathInfo =
(String)subReq.getAttribute("javax.servlet.include.request_uri");
+ if(pathInfo == null)
+ pathInfo=subReq.getServletPath();
String absPath = (String)subReq.getNote( realFileNote );
if( absPath==null )
absPath=ctx.getRealPath( pathInfo );
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/compiler PluginGenerator.java
marcsaeg01/03/11 13:01:37
Modified:src/share/org/apache/jasper/compiler Tag: tomcat_32
PluginGenerator.java
Log:
Parameter values from jsp:param tags weren't being properly quoted in the
generated source.
PR: BugRat 554/Bugzilla 301
Revision ChangesPath
No revision
No revision
1.7.2.3 +5 -4
jakarta-tomcat/src/share/org/apache/jasper/compiler/PluginGenerator.java
Index: PluginGenerator.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/PluginGenerator.java,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.3
diff -u -r1.7.2.2 -r1.7.2.3
--- PluginGenerator.java 2001/03/10 01:37:35 1.7.2.2
+++ PluginGenerator.java 2001/03/11 21:01:36 1.7.2.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/PluginGenerator.java,v
1.7.2.2 2001/03/10 01:37:35 nacho Exp $
- * $Revision: 1.7.2.2 $
- * $Date: 2001/03/10 01:37:35 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/PluginGenerator.java,v
1.7.2.3 2001/03/11 21:01:36 marcsaeg Exp $
+ * $Revision: 1.7.2.3 $
+ * $Date: 2001/03/11 21:01:36 $
*
*
*
@@ -320,8 +320,9 @@
writer.indent ();
writer.print ("out.println (");
writer.print (" _jspxNSString [i][0] + ");
- writer.print ("\"=\"");
+ writer.print ("\"=\\\"\"");
writer.print (" + _jspxNSString[i][1]");
+ writer.print (" + \"\\\"\"");
writer.print (");");
writer.println ();
writer.popIndent ();
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/03/09 10:51:43 Modified:src/doc Tag: tomcat_32 readme Log: More updates for the 3.2.2 release. Revision ChangesPath No revision No revision 1.8.2.14 +8 -22 jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.13 retrieving revision 1.8.2.14 diff -u -r1.8.2.13 -r1.8.2.14 --- readme2001/03/05 14:26:29 1.8.2.13 +++ readme2001/03/09 18:51:40 1.8.2.14 @@ -1,4 +1,4 @@ -$Id: readme,v 1.8.2.13 2001/03/05 14:26:29 marcsaeg Exp $ +$Id: readme,v 1.8.2.14 2001/03/09 18:51:40 marcsaeg Exp $ Release Notes for: @@ -14,7 +14,7 @@ 4. Tomcat: Past, Present, and Future 5. New Features In This Release 6. Known Bugs and Issues -7. Security Vulnerabilities Fixed in 3.2.1 +7. Fixes and Enhancements in Updates = @@ -30,17 +30,10 @@ You should read the License Agreement (in the LICENSE file of the top level directory), which applies to all software included in this release. -Tomcat Version 3.2.1 is a security related update! See Section 7, below, -for details on the changes that have been made. All other existing issues with -Tomcat 3.2 will remain in 3.2.1 -- they will be addressed in subsequent -maintenance updates (3.2.2, and so on). - -No changes to the native code components of Tomcat 3.2 have been made. -Therefore, you should *not* need to recompile components such as mod_jserv -in order to take advantage of this release. You only need to replace the -Java based modules in the "jakarta-tomcat-3.2.*" distribution. +Tomcat Version 3.2.2 is a bug fix release. No new features have been +added in this release. The bugs known to be fixed in Version 3.2.2 +are described in section 7.1 below. - = 2. INSTALLING AND RUNNING TOMCAT @@ -88,16 +81,8 @@ = 5. NEW FEATURES IN THIS RELEASE - -Tomcat 3.2.1 is a maintenance and bug fix release, based on the Tomcat 3.2 -(final) code base. The following changes are included: - -- Disallowed requesting JSP pages under the WEB-INF directory - (/WEB-INF/dummy.jsp). Previously, only requests for static files - were being disallowed. -- The JDBCRealm request interceptor will now log the description of any - JDBC exception that occurs, to aid in debugging. +Tomcat Version 3.2.2 is a bug release only. No new features were added. = @@ -318,6 +303,8 @@ - Better initialization of psuedo-random number generator improves response time for first request that generates a session. - Fix session tracking through forward(). (#504) + - Fix problem with getSession() overwritting the requested session ID + and related URL rewritting problems. (#160) Jasper - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269) @@ -330,7 +317,6 @@ - Better error reporting if compile fails due to missing tag library. - Fix thread synchronization problem that can cause page compilation to fail (#44). - Connectors - Fix infinite loop on invalid content-length for ajp12. (#264) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime BodyContentImpl.java
marcsaeg01/03/09 15:31:55
Modified:src/share/org/apache/jasper/runtime Tag: tomcat_32
BodyContentImpl.java
Log:
One last performance update to the previous commit.
Double the buffer size on a realloc instead of incrementing the length.
Submitted by: Andrew Gilbert [[EMAIL PROTECTED]]
Revision ChangesPath
No revision
No revision
1.6.6.3 +1 -1
jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java
Index: BodyContentImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java,v
retrieving revision 1.6.6.2
retrieving revision 1.6.6.3
diff -u -r1.6.6.2 -r1.6.6.3
--- BodyContentImpl.java 2001/03/04 03:42:19 1.6.6.2
+++ BodyContentImpl.java 2001/03/09 23:31:54 1.6.6.3
@@ -113,7 +113,7 @@
if (len = Constants.DEFAULT_BUFFER_SIZE) {
tmp = new char [bufferSize + Constants.DEFAULT_BUFFER_SIZE];
- bufferSize += Constants.DEFAULT_BUFFER_SIZE;
+ bufferSize = bufferSize * 2;
} else {
tmp = new char [bufferSize + len];
bufferSize += len;
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/compiler Compiler.java JspParseEventListener.java JspReader.java
marcsaeg01/03/09 15:35:26
Modified:src/share/org/apache/jasper/compiler Tag: tomcat_32
Compiler.java JspParseEventListener.java
JspReader.java
Log:
Change JSP default character encoding from 8859_1 to ISO-8859-1 which is
the preferred name (not to mention the one in the specification).
PR: 285
Submitted by: [EMAIL PROTECTED] (Palle Girgensohn)
Revision ChangesPath
No revision
No revision
1.19.2.6 +4 -4
jakarta-tomcat/src/share/org/apache/jasper/compiler/Compiler.java
Index: Compiler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/Compiler.java,v
retrieving revision 1.19.2.5
retrieving revision 1.19.2.6
diff -u -r1.19.2.5 -r1.19.2.6
--- Compiler.java 2001/01/12 04:46:59 1.19.2.5
+++ Compiler.java 2001/03/09 23:35:25 1.19.2.6
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/Compiler.java,v 1.19.2.5
2001/01/12 04:46:59 larryi Exp $
- * $Revision: 1.19.2.5 $
- * $Date: 2001/01/12 04:46:59 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/Compiler.java,v 1.19.2.6
2001/03/09 23:35:25 marcsaeg Exp $
+ * $Revision: 1.19.2.6 $
+ * $Date: 2001/03/09 23:35:25 $
*
*
*
@@ -143,7 +143,7 @@
// - compiling the generated servlets (pass -encoding to javac).
// XXX - There are really three encodings of interest.
-String jspEncoding = "8859_1"; // default per JSP spec
+String jspEncoding = "ISO-8859-1"; // default per JSP spec
// We try UTF8 by default. If it fails, we use the java encoding
// specified for JspServlet init parameter "javaEncoding".
1.17.2.4 +4 -4
jakarta-tomcat/src/share/org/apache/jasper/compiler/JspParseEventListener.java
Index: JspParseEventListener.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/JspParseEventListener.java,v
retrieving revision 1.17.2.3
retrieving revision 1.17.2.4
diff -u -r1.17.2.3 -r1.17.2.4
--- JspParseEventListener.java2000/12/22 19:33:08 1.17.2.3
+++ JspParseEventListener.java2001/03/09 23:35:25 1.17.2.4
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/JspParseEventListener.java,v
1.17.2.3 2000/12/22 19:33:08 pierred Exp $
- * $Revision: 1.17.2.3 $
- * $Date: 2000/12/22 19:33:08 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/JspParseEventListener.java,v
1.17.2.4 2001/03/09 23:35:25 marcsaeg Exp $
+ * $Revision: 1.17.2.4 $
+ * $Date: 2001/03/09 23:35:25 $
*
*
*
@@ -324,7 +324,7 @@
else
writer.println("response.setContentType(\"" +
servletContentType +
-";charset=8859_1\");");
+";charset=ISO-8859-1\");");
writer.println("pageContext = _jspxFactory.getPageContext(this, request,
response,\n"
+ "\t\t\t"
+ writer.quoteString(error) + ", "
1.16.2.7 +1 -1
jakarta-tomcat/src/share/org/apache/jasper/compiler/JspReader.java
Index: JspReader.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/compiler/JspReader.java,v
retrieving revision 1.16.2.6
retrieving revision 1.16.2.7
diff -u -r1.16.2.6 -r1.16.2.7
--- JspReader.java2000/12/22 19:33:08 1.16.2.6
+++ JspReader.java2001/03/09 23:35:25 1.16.2.7
@@ -278,7 +278,7 @@
{
this.context = ctx;
this.encoding = encoding;
- if (this.encoding == null) this.encoding = "8859_1";
+ if (this.encoding == null) this.encoding = "ISO-8859-1";
pushFile(file, encoding);
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/doc/appdev source.html
marcsaeg01/03/07 16:56:42 Modified:src/doc/appdev Tag: tomcat_32 source.html Log: The source for the example bulid.bat was incorrect. There is a missing %CP% on the second set. The example build.bat file was fixed ages ago but the documentation hadn't gotten updated. PR: 447 Revision ChangesPath No revision No revision 1.2.4.3 +3 -3 jakarta-tomcat/src/doc/appdev/source.html Index: source.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/appdev/source.html,v retrieving revision 1.2.4.2 retrieving revision 1.2.4.3 diff -u -r1.2.4.2 -r1.2.4.3 --- source.html 2000/11/27 22:45:49 1.2.4.2 +++ source.html 2001/03/08 00:56:41 1.2.4.3 @@ -208,7 +208,7 @@ pre #!/bin/sh # build -- Build Script for the "Hello, World" Application -# $Id: source.html,v 1.2.4.2 2000/11/27 22:45:49 craigmcc Exp $ +# $Id: source.html,v 1.2.4.3 2001/03/08 00:56:41 marcsaeg Exp $ # Identify the custom class path components we need CP=$TOMCAT_HOME/lib/ant.jar:$TOMCAT_HOME/lib/servlet.jar @@ -227,13 +227,13 @@ pre @echo off rem build.bat -- Build Script for the "Hello, World" Application -rem $Id: source.html,v 1.2.4.2 2000/11/27 22:45:49 craigmcc Exp $ +rem $Id: source.html,v 1.2.4.3 2001/03/08 00:56:41 marcsaeg Exp $ set _CP=%CP% rem Identify the custom class path components we need set CP=%TOMCAT_HOME%\lib\ant.jar;%TOMCAT_HOME%\lib\servlet.jar -set CP=%TOMCAT_HOME%\lib\jaxp.jar;%TOMCAT_HOME%\lib\parser.jar +set CP=%CP%;%TOMCAT_HOME%\lib\jaxp.jar;%TOMCAT_HOME%\lib\parser.jar set CP=%CP%;%JAVA_HOME%\lib\tools.jar rem Execute ANT to perform the requird build target - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade HttpServletResponseFacade.java
marcsaeg01/03/06 09:38:17
Modified:src/share/org/apache/tomcat/facade Tag: tomcat_32
HttpServletResponseFacade.java
Log:
This fixes some additional problems uncovered by the fix for
Bugzilla 160.
The isEncodable() method used isRequestedSessionIdValid() to determine
if there was an active session. This is incorrect, because the requested
session id may have expired or been invalidated and a new session created.
isEncodeable() now encodes sessions that are new (i.e. we don't know yet
if the client will be sending cookies or not) or if, if the session
is not new (meaning the requested session id was a valid session) and
the requested session id did not come from a cookie.
Revision ChangesPath
No revision
No revision
1.6.2.3 +19 -17
jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java
Index: HttpServletResponseFacade.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
retrieving revision 1.6.2.2
retrieving revision 1.6.2.3
diff -u -r1.6.2.2 -r1.6.2.3
--- HttpServletResponseFacade.java2000/11/20 23:59:43 1.6.2.2
+++ HttpServletResponseFacade.java2001/03/06 17:38:13 1.6.2.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
1.6.2.2 2000/11/20 23:59:43 craigmcc Exp $
- * $Revision: 1.6.2.2 $
- * $Date: 2000/11/20 23:59:43 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
1.6.2.3 2001/03/06 17:38:13 marcsaeg Exp $
+ * $Revision: 1.6.2.3 $
+ * $Date: 2001/03/06 17:38:13 $
*
*
*
@@ -120,8 +120,7 @@
*/
public String encodeRedirectURL(String location) {
if (isEncodeable(toAbsolute(location)))
- return (toEncoded(location,
- response.getRequest().getRequestedSessionId()));
+ return (toEncoded(location, response.getRequest().getSession(false)));
else
return (location);
}
@@ -135,11 +134,10 @@
public String encodeURL(String url) {
if (isEncodeable(toAbsolute(url)))
- return (toEncoded(url,
- response.getRequest().getRequestedSessionId()));
+ return (toEncoded(url, response.getRequest().getSession(false)));
else
- return (url);
-}
+ return (url);
+ }
/**
* @deprecated
@@ -333,12 +331,14 @@
if (location.startsWith("#"))
return (false);
- // Are we in a valid session that is not using cookies?
- Request request = response.getRequest();
- if (!request.getFacade().isRequestedSessionIdValid() )
- return (false);
- if ( request.getFacade().isRequestedSessionIdFromCookie() )
- return (false);
+// Are we in a valid session that is not using cookies?
+Request request = response.getRequest();
+HttpSession session = request.getSession(false);
+if(session == null)
+return false;
+ // If the session is new, encode the URL
+ if(!session.isNew()
request.getFacade().isRequestedSessionIdFromCookie())
+return false;
// Is this a valid absolute URL?
URL url = null;
@@ -412,11 +412,12 @@
* @param url URL to be encoded with the session id
* @param sessionId Session id to be included in the encoded URL
*/
-private String toEncoded(String url, String sessionId) {
+private String toEncoded(String url, HttpSession session) {
- if ((url == null) || (sessionId == null))
+ if ((url == null) || (session == null))
return (url);
+ String sessionId = session.getId();
String path = null;
String query = null;
int question = url.indexOf("?");
@@ -431,6 +432,7 @@
sb.append(sessionId);
if (query != null)
sb.append(query);
+
return (sb.toString());
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/doc readme
marcsaeg01/03/05 06:26:36 Modified:src/doc Tag: tomcat_32 readme Log: Updates for 3.2.2. Why do we have two release notes files (doc/readme and RELEASE-NOTES) and why are they different? Revision ChangesPath No revision No revision 1.8.2.13 +57 -14jakarta-tomcat/src/doc/readme Index: readme === RCS file: /home/cvs/jakarta-tomcat/src/doc/readme,v retrieving revision 1.8.2.12 retrieving revision 1.8.2.13 diff -u -r1.8.2.12 -r1.8.2.13 --- readme2001/02/16 04:13:16 1.8.2.12 +++ readme2001/03/05 14:26:29 1.8.2.13 @@ -1,8 +1,8 @@ -$Id: readme,v 1.8.2.12 2001/02/16 04:13:16 marcsaeg Exp $ +$Id: readme,v 1.8.2.13 2001/03/05 14:26:29 marcsaeg Exp $ Release Notes for: - TOMCAT Version 3.2.1 + TOMCAT Version 3.2.2 @@ -124,7 +124,7 @@ Please note the following information about this implementation: - BASIC and FORM based authentication should work correctly. Please - report any bugs you encounter here at http://jakarta.apache.org/bugs. + report any bugs you encounter here at http://jakarta.apache.org/site/bugs.html. The example application has a protected area defined at the following URL: http://localhost:8080/examples/jsp/security/protected @@ -289,22 +289,65 @@ where "r:" is mapped to this share. -6.11 Misconfiguration Can Cause CPU-Bound Loop -If you misconfigure Tomcat 3.2 in a way that there is no valid context to -handle a request (such as removing the root context and then attempting a -request that should be handled by that context), Tomcat will enter a CPU-bound -loop instead of responding with a 404 error. +=== +7. FIXES AND ENHANCEMENTS IN UPDATES -Workaround: kill the offending Tomcat process and correct your server.xml -file such that there is a properly configured root context. +7.1 Fixes and Enhancements in Release 3.2.2 -=== -7. SECURITY VULNERABILITIES FIXED IN TOMCAT 3.2.1 +This section highlights the bugs fixed in this release. In addition to +these, there have been many other minor bug fixes through the product. + +Documentation + - Several updates to how-to documents and users guide. + +Servlet + - Fix infinite loop if no prefix matches the request URI. Now returns + a 404 error. + - Handle UnavailableException in included servlets. + - User principle was incorrectly maintained. (#757) + - Use access control for forward() and include() when security manager + is being used. + - Properly interpret url-patterns inside security-contraints. (#567) + - Fix authentication with Sybase ASE 11.9.2 and Interbase. + - reqeust.getPort() now returns the correct port when using SSL. (#743) + - Fix problem accessing via HTTP without protocol. (#513) + - Fix JSP source disclosure problem. (#619) + - ServletRequest.getProtocol() could contain a CRLF. (#620) + - Better initialization of psuedo-random number generator improves + response time for first request that generates a session. + - Fix session tracking through forward(). (#504) + +Jasper + - Fix for UnsupportedEncodingException due to UTF8 instead of UTF-8. (#269) + - Support compiling with debug information. + - If JSP source file is removed, then generated files are removed + and subsequent requests return a 404 error. (#698) + - Fix compile error with more than one set of tags with the same + name. (#540) + - Support for non 8859-1 character encodings for included pages. + - Better error reporting if compile fails due to missing tag library. + - Fix thread synchronization problem that can cause page compilation to + fail (#44). + + +Connectors + - Fix infinite loop on invalid content-length for ajp12. (#264) + - Fix infinite llop if Tomcat connector closed connection. (#510) + - For ajp13 protocol, add support for multipart form encoding + and file uploads now work. + - Reading session ids from cookies in the load balancer. (#603) + + IIS + - Better error logging for startup failures. + NetWare + - Fix for netbuf_getbytes() not supported on NetWare 5.1. + +7.2 Security vulnerabilities fixed in Tomcat 3.2.1 -7.1 Protection of Resources in /WEB-INF and /META-INF Directories +7.2.1 Protection of Resources in /WEB-INF and /META-INF Directories The servlet specification prohibits servlet containers fr
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade HttpServletRequestFacade.java
marcsaeg01/03/05 17:13:05
Modified:src/share/org/apache/tomcat/facade Tag: tomcat_32
HttpServletRequestFacade.java
Log:
The isRequestedSessionIdValid() should be based on the value of
getRequestedSessionId(). Instead of just checking that getSession(false)
returns a non-null value (i.e. there is an active session) we must
also test that the active session's ID matches the requested session id.
PR: 160
Revision ChangesPath
No revision
No revision
1.6.2.1 +6 -4
jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletRequestFacade.java
Index: HttpServletRequestFacade.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletRequestFacade.java,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- HttpServletRequestFacade.java 2000/06/19 21:53:13 1.6
+++ HttpServletRequestFacade.java 2001/03/06 01:13:05 1.6.2.1
@@ -401,10 +401,12 @@
}
public boolean isRequestedSessionIdValid() {
- // so here we just assume that if we have a session it's,
- // all good, else not.
- HttpSession session = (HttpSession)request.getSession(false);
- return (session != null);
+boolean isvalid = false;
+HttpSession session = (HttpSession)request.getSession(false);
+if(session != null session.getId().equals(getRequestedSessionId()))
+isvalid = true;
+
+return isvalid;
}
/** Adapter - Request uses getSessionIdSource
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util FileUtil.java
marcsaeg01/03/04 20:02:50
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
FileUtil.java
Log:
Removed trim() from patch() method to avoide security hole. This patch was applied
to Tomcat 3.3 a couple months ago, but never got ported to the tomcat_32 branch.
Submitted by Kazuhiro Kazama.
Revision ChangesPath
No revision
No revision
1.9.2.6 +4 -4
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/FileUtil.java
Index: FileUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/FileUtil.java,v
retrieving revision 1.9.2.5
retrieving revision 1.9.2.6
diff -u -r1.9.2.5 -r1.9.2.6
--- FileUtil.java 2000/11/05 05:28:53 1.9.2.5
+++ FileUtil.java 2001/03/05 04:02:49 1.9.2.6
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/FileUtil.java,v
1.9.2.5 2000/11/05 05:28:53 craigmcc Exp $
- * $Revision: 1.9.2.5 $
- * $Date: 2000/11/05 05:28:53 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/FileUtil.java,v
1.9.2.6 2001/03/05 04:02:49 marcsaeg Exp $
+ * $Revision: 1.9.2.6 $
+ * $Date: 2001/03/05 04:02:49 $
*
*
*
@@ -228,7 +228,7 @@
}
public static String patch(String path) {
- String patchPath = path.trim();
+ String patchPath = path;
// Move drive spec to the front of the path
if (patchPath.length() = 3
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime BodyContentImpl.java
marcsaeg01/03/03 19:26:22
Modified:src/share/org/apache/jasper/runtime Tag: tomcat_32
BodyContentImpl.java
Log:
BodyContentImpl.java
Revision ChangesPath
No revision
No revision
1.6.6.1 +6 -8
jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java
Index: BodyContentImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java,v
retrieving revision 1.6
retrieving revision 1.6.6.1
diff -u -r1.6 -r1.6.6.1
--- BodyContentImpl.java 1999/11/13 00:32:51 1.6
+++ BodyContentImpl.java 2001/03/04 03:26:21 1.6.6.1
@@ -88,7 +88,7 @@
super(writer);
cb = new char[bufferSize];
nextChar = 0;
-}
+ }
/**
* Write a single character.
@@ -107,19 +107,19 @@
//Need to re-allocate the buffer since it is to be
//unbounded according to the updated spec..
-char[] tmp = new char [bufferSize];
- System.arraycopy(cb, 0, tmp, 0, cb.length);
+char[] tmp = null;
//XXX Should it be multiple of DEFAULT_BUFFER_SIZE??
if (len = Constants.DEFAULT_BUFFER_SIZE) {
- cb = new char [bufferSize + Constants.DEFAULT_BUFFER_SIZE];
+ tmp = new char [bufferSize + Constants.DEFAULT_BUFFER_SIZE];
bufferSize += Constants.DEFAULT_BUFFER_SIZE;
} else {
- cb = new char [bufferSize + len];
+ tmp = new char [bufferSize + len];
bufferSize += len;
}
- System.arraycopy(tmp, 0, cb, 0, tmp.length);
+ System.arraycopy(cb, 0, tmp, 0, cb.length);
+ cb = tmp;
tmp = null;
}
@@ -499,8 +499,6 @@
public void clear() throws IOException {
synchronized (lock) {
-cb = new char [Constants.DEFAULT_BUFFER_SIZE];
- bufferSize = Constants.DEFAULT_BUFFER_SIZE;
nextChar = 0;
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime BodyContentImpl.java
marcsaeg01/03/03 19:42:20
Modified:src/share/org/apache/jasper/runtime Tag: tomcat_32
BodyContentImpl.java
Log:
I somehow commited the previous revision without a log message. This update
improves buffer allocation to increase performance. Submitted by Casey Lucas
[EMAIL PROTECTED].
Revision ChangesPath
No revision
No revision
1.6.6.2 +1 -1
jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java
Index: BodyContentImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java,v
retrieving revision 1.6.6.1
retrieving revision 1.6.6.2
diff -u -r1.6.6.1 -r1.6.6.2
--- BodyContentImpl.java 2001/03/04 03:26:21 1.6.6.1
+++ BodyContentImpl.java 2001/03/04 03:42:19 1.6.6.2
@@ -105,7 +105,7 @@
private void reAllocBuff (int len) {
//Need to re-allocate the buffer since it is to be
- //unbounded according to the updated spec..
+ //unbounded according to the updated spec..
char[] tmp = null;
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/webpages index.html
marcsaeg01/02/26 09:20:37
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
src/webpages Tag: tomcat_32 index.html
Log:
Changing version numbers to 3.2.2 beta 1
Revision ChangesPath
No revision
No revision
1.22.2.11 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.10
retrieving revision 1.22.2.11
diff -u -r1.22.2.10 -r1.22.2.11
--- Constants.java2001/02/09 23:05:44 1.22.2.10
+++ Constants.java2001/02/26 17:20:33 1.22.2.11
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = "Tomcat Web Server";
-public static final String TOMCAT_VERSION = "3.2.2-dev";
+public static final String TOMCAT_VERSION = "3.2.2 beta 1";
public static final String JSP_NAME = "JSP";
public static final String JSP_VERSION = "1.1";
No revision
No revision
1.13.2.12 +2 -2 jakarta-tomcat/src/webpages/index.html
Index: index.html
===
RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v
retrieving revision 1.13.2.11
retrieving revision 1.13.2.12
diff -u -r1.13.2.11 -r1.13.2.12
--- index.html2001/02/16 04:13:16 1.13.2.11
+++ index.html2001/02/26 17:20:36 1.13.2.12
@@ -4,13 +4,13 @@
meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
meta name="GENERATOR" content="Mozilla/4.72 [en] (WinNT; U) [Netscape]"
meta name="Author" content="Anil K. Vijendran"
-titleTomcat v3.2.2-dev/title
+titleTomcat v3.2.2 beta 1/title
/head
body bgcolor="#FF"
img SRC="tomcat.gif" height=92 width=130 align=LEFTbfont face="Arial,
Helvetica, sans-serif"font size=+3Tomcat/font/font/b
br
bfont face="Arial, Helvetica, sans-serif"font size=-1Version
-3.2.2-dev/font/font/b
+3.2.2 beta 1/font/font/b
pThis is the default Tomcat home page. This page serves as a quick reference
guide to related resources and is located at:
ul
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat RELEASE-PLAN-3.2.2
marcsaeg01/02/25 12:39:45 Modified:.Tag: tomcat_32 RELEASE-PLAN-3.2.2 Log: Removed the paragraph about approval vote as this vote passed already. Revision ChangesPath No revision No revision 1.1.2.3 +1 -9 jakarta-tomcat/Attic/RELEASE-PLAN-3.2.2 Index: RELEASE-PLAN-3.2.2 === RCS file: /home/cvs/jakarta-tomcat/Attic/RELEASE-PLAN-3.2.2,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- RELEASE-PLAN-3.2.22001/02/08 01:05:27 1.1.2.2 +++ RELEASE-PLAN-3.2.22001/02/25 20:39:45 1.1.2.3 @@ -1,12 +1,4 @@ -$Id: RELEASE-PLAN-3.2.2,v 1.1.2.2 2001/02/08 01:05:27 marcsaeg Exp $ - -NOTE: This document is the first cut at a release plan for the next - dot release of Tomcat. Nothing in this document should be - considered authoritative until it has been discussed and approved - on the TOMCAT-DEV mailing list, at which point this note will - be removed. - - +$Id: RELEASE-PLAN-3.2.2,v 1.1.2.3 2001/02/25 20:39:45 marcsaeg Exp $ Tomcat 3.2.2 Release Plan = - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/servlet JspServlet.java
marcsaeg01/02/22 12:32:02
Modified:src/share/org/apache/jasper/servlet JspServlet.java
Log:
Porting thread synchronization fix from tomcat_32.
The need to synchronize the ctxt.createCompiler() call
doesn't seem to be critical in tomcat 3.3 due to the different
class naming scheme. Someone more familiar with the Jasper
changes in Tomcat 3.3 should probably review this.
PR: Bugzilla 80/BugRat 44
Revision ChangesPath
1.8 +2 -2
jakarta-tomcat/src/share/org/apache/jasper/servlet/JspServlet.java
Index: JspServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/jasper/servlet/JspServlet.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JspServlet.java 2001/02/20 03:36:00 1.7
+++ JspServlet.java 2001/02/22 20:32:00 1.8
@@ -461,8 +461,8 @@
Compiler compiler = ctxt.createCompiler();
try {
-outDated = compiler.compile();
-if ( (jsw.servletClass == null) || (compiler.isOutDated()) ) {
+outDated = compiler.isOutDated();
+if ( (jsw.servletClass == null) || outDated ) {
synchronized ( this ) {
if ((jsw.servletClass == null) ||
(compiler.isOutDated() )) {
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request AccessInterceptor.java
marcsaeg01/02/13 19:48:09
Modified:src/share/org/apache/tomcat/request Tag: tomcat_32
AccessInterceptor.java
Log:
If two url-patterns were specified inside a security constraint such as
url-pattern/abc123/*/url-pattern
and
url-pattern/abc/*/url-pattern
then AccessInterceptor would incorrectly match the url /abc123 with both patterns.
PR: 567
Submitted by: [EMAIL PROTECTED]
Revision ChangesPath
No revision
No revision
1.12.2.5 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/AccessInterceptor.java
Index: AccessInterceptor.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/AccessInterceptor.java,v
retrieving revision 1.12.2.4
retrieving revision 1.12.2.5
diff -u -r1.12.2.4 -r1.12.2.5
--- AccessInterceptor.java2000/08/24 21:50:51 1.12.2.4
+++ AccessInterceptor.java2001/02/14 03:48:09 1.12.2.5
@@ -321,7 +321,7 @@
switch( ct.getMapType() ) {
case Container.PREFIX_MAP:
- return path.startsWith( ctPath.substring(0, ctPathL - 2 ));
+ return path.startsWith( ctPath.substring(0, ctPathL - 1 ));
case Container.EXTENSION_MAP:
return ctPath.substring( 1 ).equals( URLUtil.getExtension( path ));
case Container.PATH_MAP:
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Constants.java
marcsaeg01/02/09 15:05:47
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
Constants.java
Log:
Changing TOMCAT_VERSION to 3.2.2-dev
Revision ChangesPath
No revision
No revision
1.22.2.10 +1 -1
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java
Index: Constants.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/Constants.java,v
retrieving revision 1.22.2.9
retrieving revision 1.22.2.10
diff -u -r1.22.2.9 -r1.22.2.10
--- Constants.java2001/02/08 13:39:49 1.22.2.9
+++ Constants.java2001/02/09 23:05:44 1.22.2.10
@@ -67,7 +67,7 @@
public class Constants {
public static final String TOMCAT_NAME = "Tomcat Web Server";
-public static final String TOMCAT_VERSION = "3.2.2";
+public static final String TOMCAT_VERSION = "3.2.2-dev";
public static final String JSP_NAME = "JSP";
public static final String JSP_VERSION = "1.1";
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/webpages index.html
marcsaeg01/02/09 15:06:27 Modified:src/webpages Tag: tomcat_32 index.html Log: Changing version to 3.2.2-dev Revision ChangesPath No revision No revision 1.13.2.10 +2 -2 jakarta-tomcat/src/webpages/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat/src/webpages/index.html,v retrieving revision 1.13.2.9 retrieving revision 1.13.2.10 diff -u -r1.13.2.9 -r1.13.2.10 --- index.html2001/02/08 13:41:42 1.13.2.9 +++ index.html2001/02/09 23:06:26 1.13.2.10 @@ -4,13 +4,13 @@ meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" meta name="GENERATOR" content="Mozilla/4.72 [en] (WinNT; U) [Netscape]" meta name="Author" content="Anil K. Vijendran" -titleTomcat v3.2.2/title +titleTomcat v3.2.2-dev/title /head body bgcolor="#FF" img SRC="tomcat.gif" height=92 width=130 align=LEFTbfont face="Arial, Helvetica, sans-serif"font size=+3Tomcat/font/font/b br bfont face="Arial, Helvetica, sans-serif"font size=-1Version -3.2.1/font/font/b +3.2.2-dev/font/font/b pThis is the default Tomcat home page. This page serves as a quick reference guide to related resources and is located at: ul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
