https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Status|REOPENED|RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #13 from Sridhar Murthy murt...@us.ibm.com 2011-02-16 09:50:33
EST ---
I will test this out next week and let you know if the issue reported is
resolved. Thank you very much Konstantin for helping me with the patch.
Regards,
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
Konstantin Kolinko knst.koli...@gmail.com changed:
What|Removed |Added
Attachment #26630|0 |1
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #12 from Konstantin Kolinko knst.koli...@gmail.com 2011-02-14
10:22:04 EST ---
Created an attachment (id=26652)
-- (https://issues.apache.org/bugzilla/attachment.cgi?id=26652)
2011-02-14 Binary version of the patch for 5.5.33
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #10 from Sridhar Murthy murt...@us.ibm.com 2011-02-10 10:23:00
EST ---
Hi Konstantin:
Thank you very much for working on this issue, identifying the problem and also
providing a patch.
I will download the patch and test it
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
Summary: When Tomcat was updated from version 5.5.27 to 5.5.32,
SSL support for Tomcat does not work.
Product: Tomcat 5
Version: 5.5.32
Platform: Other
OS/Version: AIX
was updated
|from version 5.5.27 to |from version 5.5.27 to
|5.5.32, SSL support for |5.5.32, SSL support for
|Tomcat does not work. |Tomcat does not work on AIX
||5.3 TL-11 SP-2
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #1 from Sridhar Murthy murt...@us.ibm.com 2011-02-09 10:23:33 EST
---
The download source for Tomcat 5.5.32 is:
http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.32/bin/
The files that were downloaded are:
_1_)
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
Sridhar Murthy murt...@us.ibm.com changed:
What|Removed |Added
CC|
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #2 from Konstantin Kolinko knst.koli...@gmail.com 2011-02-09
13:26:54 EST ---
(In reply to comment #0)
Catalina logs have some errors and I have attached the log to this BUG
report).
There is no attachment. Without seeing
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
Christopher Schultz ch...@christopherschultz.net changed:
What|Removed |Added
Status|NEW
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #4 from Sridhar Murthy murt...@us.ibm.com 2011-02-09 14:02:44 EST
---
Created an attachment (id=26628)
-- (https://issues.apache.org/bugzilla/attachment.cgi?id=26628)
Catalina Log
--
Configure bugmail:
Resolution|INVALID |
--- Comment #5 from Sridhar Murthy murt...@us.ibm.com 2011-02-09 14:14:21 EST
---
I personally think that it is not a help request.
We had a server.xml file working for both SSL port and Non-SSL port for Tomcat
Version 5.5.27
We updated the Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #6 from Konstantin Kolinko knst.koli...@gmail.com 2011-02-09
14:23:42 EST ---
From the log:
Feb 8, 2011 8:40:32 PM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Feb 8, 2011
port for Tomcat 5.5.27
and fails to serve Tomcat on SSL port for Tomcat 5.5.32
Sumitting the server.xml file that works correctly for both SSL and non-SSL
port for Tomcat 5.5.27 and fails to serve Tomcat on SSL port for Tomcat 5.5.32.
If Tomcat 5.5.32 is working correctly then should the server.xml
$
I configure Tomcat 5.5.27 and use the same server.xml that was used for 5.5.32.
Guess what - both ports (8443 and 8080) are listening as per the design:
root@svmciqa002 $ netstat -an | grep 8443
tcp0 0 *.8443 *.*LISTEN
root@svmciqa002 $ netstat
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744
--- Comment #9 from Konstantin Kolinko knst.koli...@gmail.com 2011-02-09
21:30:57 EST ---
Created an attachment (id=26630)
-- (https://issues.apache.org/bugzilla/attachment.cgi?id=26630)
2011-02-11_tc55_50744_JSSESocketFactory.patch
(In
Kirk True wrote:
Hi all,
I had some problems building 5.5.27 as pulled from
http://tomcat.apache.org/download-55.cgi.
Thanks for the report.
The first issue was that I couldn't use a JDK 1.4.2-level compiler as it
chokes on the class format of the JUnit libraries.
I'll look
Mark Thomas wrote:
Kirk True wrote:
The first issue was that I couldn't use a JDK 1.4.2-level compiler as it
chokes on the class format of the JUnit libraries.
I'll look into this.
This works for me if I use the version of JUuit (3.8.2) specified in the
build.properties.default
Mark
Hi all,
I had some problems building 5.5.27 as pulled from
http://tomcat.apache.org/download-55.cgi.
The first issue was that I couldn't use a JDK 1.4.2-level compiler as it
chokes on the class format of the JUnit libraries. Using JDK 1.6 didn't
work because of the fact
On 17/04/2009, Kirk True k...@mustardgrain.com wrote:
Hi all,
I had some problems building 5.5.27 as pulled from
http://tomcat.apache.org/download-55.cgi.
The first issue was that I couldn't use a JDK 1.4.2-level compiler as it
chokes on the class format of the JUnit libraries.
AFAIK
Hi sebb,
sebb wrote:
On 17/04/2009, Kirk True k...@mustardgrain.com wrote:
Hi all,
I had some problems building 5.5.27 as pulled from
http://tomcat.apache.org/download-55.cgi.
The first issue was that I couldn't use a JDK 1.4.2-level compiler as it
chokes on the class format
Konstantin Kolinko wrote:
Running apache-tomcat-4.1.38.exe (the RC version proposed for voting)
with default options (changing nothing in the dialog) installs some files
into ${catalina.home}/src/
e.g.
/src/connectors/coyote/src/conf/MANIFEST.MF
Running apache-tomcat-5.5.27.exe also
Running apache-tomcat-4.1.38.exe (the RC version proposed for voting)
with default options (changing nothing in the dialog) installs some files
into ${catalina.home}/src/
e.g.
/src/connectors/coyote/src/conf/MANIFEST.MF
Running apache-tomcat-5.5.27.exe also installs some
/src/connectors/
/src
https://issues.apache.org/bugzilla/show_bug.cgi?id=45870
--- Comment #1 from ZhaoKaijin [EMAIL PROTECTED] 2008-09-23 23:21:44 PST ---
2008-09-24 14:20:58,468 [http-80-Processor23 ERROR UserCookie]:
java.lang.IllegalArgumentException: Missing argument
2008-9-24 14:20:58
Resolution||INVALID
--- Comment #2 from Mark Thomas [EMAIL PROTECTED] 2008-09-24 02:18:54 PST ---
5.5.27 is stricter when parsing cookie values. It looks like you have an
illegal cookie value.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi
https://issues.apache.org/bugzilla/show_bug.cgi?id=45870
Summary: javax.crypto.IllegalBlockSizeException for update from
5.5.17 to 5.5.27
Product: Tomcat 5
Version: 5.5.27
Platform: PC
OS/Version: Windows XP
Status
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 5.5.27 stable.
Apache Tomcat 5.5.27 incorporates numerous security updates and bug fixes.
Please refer to the change log for the list of changes:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
Downloads:
http
Filip Hanik - Dev Lists wrote:
The candidates binaries are available here:
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.27/
According to the release process, the 5.5.27 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[X] Stable
Even considering the discussion about the startup problems when
On Sep 2, 2008, at 2:37 PM, Filip Hanik - Dev Lists wrote:
The candidates binaries are available here:
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.27/
According to the release process, the 5.5.27 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[X] Stable
security fixes.
If this were a regression, I would agree with you.
I guess I'm not understanding how you use the term regression. 5.5.25
for sure did not have this problem.
5.5.26 introduced it, and 5.5.27 has it.
How do you mean regression?
--
George Sexton
MH Software, Inc.
Voice: +1 303 438
George Sexton wrote:
I guess I'm not understanding how you use the term regression. 5.5.25
for sure did not have this problem.
5.5.26 introduced it, and 5.5.27 has it.
How do you mean regression?
x.y.-1 was free of it and x.y.-0 demonstrated it.
This is x.y.-2 is free of it, x.y.-1
William A. Rowe, Jr. wrote:
George Sexton wrote:
I guess I'm not understanding how you use the term regression. 5.5.25
for sure did not have this problem.
5.5.26 introduced it, and 5.5.27 has it.
How do you mean regression?
x.y.-1 was free of it and x.y.-0 demonstrated it.
This is x.y
On Tue, Sep 2, 2008 at 2:37 PM, Filip Hanik - Dev Lists
[EMAIL PROTECTED] wrote:
The candidates binaries are available here:
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.27/
According to the release process, the 5.5.27 tag is:
[ ] Broken
[ ] Alpha
[ X ] Beta
[ ] Stable
Beta
George Sexton wrote:
For me this is a critical error. Tomcat 5.5.26 and 5.5.27 don't work
when run under the security manager.
It's really not a trivial corner case. Did you look at my stack trace
from Saturday? Trying to open a socket in one part of my code triggered
the bug. The class
Rainer Jung wrote:
As far as I understand the issue, the solution is to use the correct
security manager profile. In catalina.policy there is already a comment
how to do that (search for per context logging).
I'm not doing per context logging and I don't want to. That's what I
find
the term regression.
5.5.25 for sure did not have this problem.
5.5.26 introduced it, and 5.5.27 has it.
How do you mean regression?
x.y.-1 was free of it and x.y.-0 demonstrated it.
This is x.y.-2 is free of it, x.y.-1 demonstrated it, and x.y.-0 still
has it. From the perspective of a release
Rainer Jung wrote:
As far as I understand the issue, the solution is to use the correct
security manager profile. In catalina.policy there is already a comment
how to do that (search for per context logging).
Just to be perfectly clear. This bug means that tomcat will not work in
On Wed, Sep 3, 2008 at 1:58 PM, Filip Hanik - Dev Lists
[EMAIL PROTECTED] wrote:
I wont stop this release, there are way too many important fixes.
the only way this release wont happen, is if we don't get 3+ stable votes,
then we do another release
You don't need 3 stable votes. You need
this be a good compromise
for 5.5.27?
Regards,
Rainer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
for all your
vhosts looks like, but wouldn't something like this be a good compromise
for 5.5.27?
Regards,
Rainer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
George Sexton
MH
this be a good compromise
for 5.5.27?
Regards,
Rainer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Rainer Jung wrote:
George Sexton schrieb:
I will try a wild-card permission and see what happens.
Thank you. One caveat: I tried to end it the path with
${file.separator}-, but that doesn't work. When using the trailing -
syntax, you really have to use a real file separator, not the
The candidates binaries are available here:
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.27/
According to the release process, the 5.5.27 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[ ] Stable
-
To unsubscribe, e-mail
/
According to the release process, the 5.5.27 tag is:
[ ] Broken
[ ] Alpha
[ ] Beta
[ ] Stable
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
George Sexton
MH Software, Inc.
Voice: +1
.
If this were a regression, I would agree with you.
5.5.27 should be shipped as is with the security fixes, and then have
the security patch reviewed and applied which fixes the security issue
so that it's ready for the next release.
I've been testing 5.5.27 internally using my applications and have
Unfortunately, its broken when you run with security enabled.
I worked with Mark Thomas on this on 5.5.26, and he sent me a patch to
JULI. It looks like it didn't make it in. This issue causes a start up
error for every context, plus for me, it breaks my app.
Here's a URL to the patch Mark
George Sexton wrote:
Unfortunately, its broken when you run with security enabled.
I worked with Mark Thomas on this on 5.5.26, and he sent me a patch to
JULI. It looks like it didn't make it in. This issue causes a start up
error for every context, plus for me, it breaks my app.
That patch
Hi!
I noticed that the *.md5 files in the candidate binaries for 5.5.27 release,
and also the ones in released 6.0.18, have an extra line feed
(CR-LF in 5.5.27, LF in 6.0.18)
between the checksum and the file name.
IIRC, for the 5.5.26 release it was corrected by hand
http://marc.info/?l=tomcat
http://people.apache.org/~fhanik/tomcat/tomcat-5.5/v5.5.27/
Unless I hear some complaints, I will be posting a vote on Monday
Filip
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hi,
URIEncoding=UTF-8 seems to be broken for 5.5.trunk at the moment. The
reason is related to one of the fixes for BZ 44494. It doesn't have to
do with the fixes for URIEncoding CVE.
6.0.18 works. For 5.5.trunk when URIEncoding=UTF-8 you always get a
redirect to the ROOT context start page if
On Mon, 2008-08-25 at 17:16 +0200, Rainer Jung wrote:
If we revert the backport of
http://svn.eu.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/buf/B2CConverter.java?r1=642819r2=647307diff_format=h
then the redirect loop is gone, and the usual content gets served, but
we know,
take over that will be nice, because we really should have a working
5.5.27 soon.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
?
Regards,
Rainer
P.S: I'll soon need to stop investigating this for today. If anyone can
take over that will be nice, because we really should have a working
5.5.27 soon.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
into it, but maybe something is wrong in
CoyoteAdapter.convertURI?
Regards,
Rainer
P.S: I'll soon need to stop investigating this for today. If anyone can
take over that will be nice, because we really should have a working
5.5.27 soon
into it, but maybe something is wrong in
CoyoteAdapter.convertURI?
Regards,
Rainer
P.S: I'll soon need to stop investigating this for today. If anyone can
take over that will be nice, because we really should have a working
5.5.27 soon
,
Rainer
P.S: I'll soon need to stop investigating this for today. If anyone can
take over that will be nice, because we really should have a working
5.5.27 soon.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e
this for today. If anyone can
take over that will be nice, because we really should have a working
5.5.27 soon.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Filip Hanik - Dev Lists wrote:
there is a required patch in STATUS.txt before I can actually move this,
right now its failing TCK tests
Filip
Filip Hanik - Dev Lists wrote:
How about cutting a release candidate on Monday, Aug 18th and if all
is well, have a release towards end of next week?
Filip Hanik - Dev Lists wrote:
there is a required patch in STATUS.txt before I can actually move this,
right now its failing TCK tests
I added a third +1 and some other votes.
Regards,
Rainer
-
To unsubscribe, e-mail:
there is a required patch in STATUS.txt before I can actually move this,
right now its failing TCK tests
Filip
Filip Hanik - Dev Lists wrote:
How about cutting a release candidate on Monday, Aug 18th and if all
is well, have a release towards end of next week?
Filip
I will tag afternoon (PST) tomorrow, this gives me a chance to run
through the TCK tests first
Filip
Filip Hanik - Dev Lists wrote:
How about cutting a release candidate on Monday, Aug 18th and if all
is well, have a release towards end of next week?
Filip
Filip Hanik - Dev Lists schrieb:
How about cutting a release candidate on Monday, Aug 18th and if all is
well, have a release towards end of next week?
+1
Rainer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
Filip Hanik - Dev Lists wrote:
How about cutting a release candidate on Monday, Aug 18th and if all is
well, have a release towards end of next week?
+1
I will try and do a 4.1.38 as well.
Mark
-
To unsubscribe, e-mail:
On Wed, Aug 13, 2008 at 9:33 PM, Filip Hanik - Dev Lists
[EMAIL PROTECTED] wrote:
How about cutting a release candidate on Monday, Aug 18th and if all is
well, have a release towards end of next week?
I'm not a committer, but +1. I'll help test once the RC is bundled. I
have been having
On Thu, Aug 14, 2008 at 12:33 AM, Filip Hanik - Dev Lists
[EMAIL PROTECTED] wrote:
How about cutting a release candidate on Monday, Aug 18th and if all is
well, have a release towards end of next week?
+1.
Yoav
-
To
How about cutting a release candidate on Monday, Aug 18th and if all is
well, have a release towards end of next week?
Filip
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
With the 3 known security vulnerabilities in 5.5.26, when will 5.5.27
be scheduled for release?
http://tomcat.apache.org/security-5.html
I am particularly worried about CVE-2008-2370 myself.
I would rather not have to go through and completely test 6.0.18 which
has been released and has the 3
68 matches
Mail list logo