performing a security analsysis on the Tomcat software

2005-12-02 Thread Hoehle, Joerg-Cyril
Dear tomcat developers, BSI, the german Federal Office for Information Security -- Bundesamt fur Sicherheit in der Informationstechnik http://www.bsi.de, e-mail: [EMAIL PROTECTED] endorses the use of Open Source software and has contracted T-Systems to perform a security check on Tomcat. The

Re: DO NOT REPLY [Bug 36318] - CRC error in compressed sample.war file

2005-12-02 Thread Mark Thomas
OK. I thought it was generated during the build. I'll just replace the one in SVN as is has got corrupted at some point. The MD5 were just us trying to ensure we were looking at the same file. Mark Yoav Shapira wrote: Hi, I don't think sample.war is generated during the build: it's a static

svn commit: r351756 - /tomcat/jasper/tc5.5.x/jasper2/src/share/org/apache/jasper/JspC.java

2005-12-02 Thread yoavs
Author: yoavs Date: Fri Dec 2 07:50:10 2005 New Revision: 351756 URL: http://svn.apache.org/viewcvs?rev=351756view=rev Log: Bugzilla 37746: http://issues.apache.org/bugzilla/show_bug.cgi?id=37746 And other minor enhancements, like using List interface for pages Vector (while retaining Vector

DO NOT REPLY [Bug 37746] - JspC.setJspFiles() uses space as a delimiter

2005-12-02 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=37746. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.

svn commit: r351764 - /tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml

2005-12-02 Thread yoavs
Author: yoavs Date: Fri Dec 2 08:05:27 2005 New Revision: 351764 URL: http://svn.apache.org/viewcvs?rev=351764view=rev Log: Bugzilla 36742: http://issues.apache.org/bugzilla/show_bug.cgi?id=36742 Modified: tomcat/container/branches/tc5.0.x/webapps/docs/changelog.xml Modified:

svn commit: r351834 - in /tomcat: connectors/trunk/.classpath container/tc5.5.x/.classpath container/tc5.5.x/webapps/docs/building.xml jasper/tc5.5.x/jasper2/.classpath

2005-12-02 Thread keith
Author: keith Date: Fri Dec 2 12:48:45 2005 New Revision: 351834 URL: http://svn.apache.org/viewcvs?rev=351834view=rev Log: add a separate variable to the eclipse project for ANT_HOME as the download script doesn't download it and it is assumed to be elsewhere per our instructions. Modified:

Problems with Tomcat 5.5.12 and the BEA JVM (1.4.2_05)

2005-12-02 Thread Fernando Nasser
I have a question from Deepak Bhole (he is still waiting for the mailing list subscription confirmation -- it seems to take some time): We encountered a problem with using tomcat 5.5.12 with the BEA 1.4.2_05 JVM. This is a known issue in the JVM, and has been fixed in 1.4.2_08 (which we don't

directory listings (updated patch)

2005-12-02 Thread Rafael H. Schloming
Attached is an updated patch for the directory listings cache. I've made the following changes: * the cache is now implemented in a separate class (org.apache.catalina.util.ExpiringCache) * added the following servlet parameters: - listings-cache [true] - listings-cache-size

svn commit: r351785 - /tomcat/build/tc5.5.x/

2005-12-02 Thread keith
Author: keith Date: Fri Dec 2 10:03:21 2005 New Revision: 351785 URL: http://svn.apache.org/viewcvs?rev=351785view=rev Log: svn ignore the eclipse build dirs Modified: tomcat/build/tc5.5.x/ (props changed) Propchange: tomcat/build/tc5.5.x/

svn commit: r351798 - /tomcat/container/tc5.5.x/webapps/docs/building.xml

2005-12-02 Thread keith
Author: keith Date: Fri Dec 2 10:31:46 2005 New Revision: 351798 URL: http://svn.apache.org/viewcvs?rev=351798view=rev Log: add minimum ant version add eclipse compiler compliance level note Modified: tomcat/container/tc5.5.x/webapps/docs/building.xml Modified:

svn commit: r351763 - /tomcat/connectors/branches/tc5.0.x/http11/src/java/org/apache/coyote/http11/InternalInputBuffer.java

2005-12-02 Thread yoavs
Author: yoavs Date: Fri Dec 2 08:05:14 2005 New Revision: 351763 URL: http://svn.apache.org/viewcvs?rev=351763view=rev Log: Bugzilla 36742: http://issues.apache.org/bugzilla/show_bug.cgi?id=36742 Modified:

DO NOT REPLY [Bug 36318] - CRC error in compressed sample.war file

2005-12-02 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36318. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.

DO NOT REPLY [Bug 36540] - pooled cluster replication does not seem ensure synchronized replication in tomcat 5.5.11

2005-12-02 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36540. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.

DO NOT REPLY [Bug 35276] - Calling EL fuction in same taglib from tagfile triggers infinite recursion

2005-12-02 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35276. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.

DO NOT REPLY [Bug 37746] - JspC.setJspFiles() uses space as a delimiter

2005-12-02 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=37746. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.

DO NOT REPLY [Bug 37750] - SocketException: Connection reset causes severe error

2005-12-02 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=37750. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.

DO NOT REPLY [Bug 36742] - Missing diagnostics in InternalInputBuffer on overly long headers

2005-12-02 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=36742. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.

Re: Problems with Tomcat 5.5.12 and the BEA JVM (1.4.2_05)

2005-12-02 Thread Yoav Shapira
Hi, Do you know if juli is a pluggable connector whose version can be varied across a specific version of tomcat? No, it's not at the moment. That's not to say it's static and unchanging, of course. -- Yoav Shapira System Design and Management Fellow MIT Sloan School of Management Cambridge,