headers
remm | 1 Jun 01:08
Picon
Favicon
Gravatar

svn commit: r543307 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/ErrorReportValve.java

Author: remm
Date: Thu May 31 16:08:24 2007
New Revision: 543307

URL: http://svn.apache.org/viewvc?view=rev&rev=543307
Log:
- 42559: I did not make equivalent modifications (the isCommitted method was not invoked on the facade).

Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/ErrorReportValve.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/ErrorReportValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/ErrorReportValve.java?view=diff&rev=543307&r1=543306&r2=543307
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/ErrorReportValve.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/ErrorReportValve.java Thu May 31
16:08:24 2007
@@ -104,7 +104,7 @@
         Throwable throwable =
             (Throwable) request.getAttribute(Globals.EXCEPTION_ATTR);

-        if (response.isAppCommitted()) {
+        if (response.isCommitted()) {
             return;
         }
Permalink | Reply | 0 comments |
headers
bugzilla | 1 Jun 01:43
Picon
Favicon

DO NOT REPLY [Bug 42560] - Tomact quits unexpectedly

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42560>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42560

markt <at> apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID

------- Additional Comments From markt <at> apache.org  2007-05-31 16:43 -------
Without a test case or steps to reproduce there is no way any one here is going
to be able to fix this for you. You would be better off asking for help on the
users list.

--

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Permalink | Reply | 0 comments |
headers
bugzilla | 1 Jun 01:47
Picon
Favicon

DO NOT REPLY [Bug 42554] - mod_ssl + mod_jk with status_worker does not work on a single node cluster.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42554>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42554

markt <at> apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |RESOLVED
         Resolution|                            |INVALID

------- Additional Comments From markt <at> apache.org  2007-05-31 16:47 -------
Configuration questions belong on the user list.

Also,

# Per prohibir que els usuaris accedeixin al WEB-INF de Tomcat
<Location "/Export/htdocs/*/WEB-INF/">
    AllowOverride None
    deny from all
</Location>

suggests you are overlapping your httpd document root and one or more Tomcat
docBases. This is asking for a world of security pain. These should be kept
separate unless you are 100% sure of what you are doing and fully understand the
risks. Ask on the users list of you need information about this.
(Continue reading)

Permalink | Reply | 0 comments |
headers
markt | 1 Jun 04:35
Picon
Favicon
Gravatar

svn commit: r543366 - in /tomcat/connectors/trunk/jk/xdocs: reference/apache.xml webserver_howto/apache.xml

Author: markt
Date: Thu May 31 19:35:40 2007
New Revision: 543366

URL: http://svn.apache.org/viewvc?view=rev&rev=543366
Log:
Add a warning to the httpd docs. There have been a couple of security reports, bugs and questions to the users
list about this recently.

Modified:
    tomcat/connectors/trunk/jk/xdocs/reference/apache.xml
    tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml

Modified: tomcat/connectors/trunk/jk/xdocs/reference/apache.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/reference/apache.xml?view=diff&rev=543366&r1=543365&r2=543366
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/reference/apache.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/reference/apache.xml Thu May 31 19:35:40 2007
@@ -13,7 +13,8 @@

 <body>

-<section name="Configuration Directives"> <p>
+<section name="Configuration Directives">
+<p>
 Most of the directives are allowed once in the global part of the Apache httpd
 configuration and once in every &lt;VirtualHost&gt; elements. Exceptions from this rule are
 explicitely listed in the table below.
@@ -24,6 +25,10 @@
 Exceptions from this rule are
(Continue reading)

Permalink | Reply | 2 comments |
headers
Bill Barker | 1 Jun 04:45
Favicon

Re: svn commit: r543366 - in /tomcat/connectors/trunk/jk/xdocs: reference/apache.xml webserver_howto/apache.xml


<markt <at> apache.org> wrote in message 
news:20070601023541.022721A981A <at> eris.apache.org...
> Author: markt
> Date: Thu May 31 19:35:40 2007
> New Revision: 543366
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=543366
> Log:
> Add a warning to the httpd docs. There have been a couple of security 
> reports, bugs and questions to the users list about this recently.
>
> Modified:
>    tomcat/connectors/trunk/jk/xdocs/reference/apache.xml
>    tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml
>
> Modified: tomcat/connectors/trunk/jk/xdocs/reference/apache.xml
> URL: 
> http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/reference/apache.xml?view=diff&rev=543366&r1=543365&r2=543366
> ==============================================================================
> --- tomcat/connectors/trunk/jk/xdocs/reference/apache.xml (original)
> +++ tomcat/connectors/trunk/jk/xdocs/reference/apache.xml Thu May 31 
> 19:35:40 2007
> @@ -13,7 +13,8 @@
>
> <body>
>
> -<section name="Configuration Directives"> <p>
> +<section name="Configuration Directives">
> +<p>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Mark Thomas | 1 Jun 05:43
Picon
Favicon
Gravatar

Re: svn commit: r543366 - in /tomcat/connectors/trunk/jk/xdocs: reference/apache.xml webserver_howto/apache.xml

Bill Barker wrote:
> <markt <at> apache.org> wrote in message 
>> +<p><b>The Apache httpd DocumentRoot should not overlap with a Tomcat 
>> Host's
>> +appBase or the docBase of any Context. Configuring httpd/Tomcat this way 
>> is very
>> +likely to result in JSP source code disclosure and/or other security 
>> issues.
>> +</b></p>
> 
> IMHO, this is misleading.  It requires a lot more httpd configuration to 
> make this secure, but it isn't in and of itself insecure.
> 
> And, if you are going to go this route, you should also warn about:
>    Alias /myapp /var/tomcat/webapps/myapp
> 

I am not going to get upset if you want to commit some alternative
guidance. My main concern is that there is some warning as a number of
how-to guides seem to recommend it without the extra security and
there has been a rash of related e-mails recently.

Mark
Permalink | Reply | 0 comments |
headers
Paul McMahan | 1 Jun 07:08
Picon

please publish a snapshot

Could someone please publish a snapshot of  http://svn.apache.org/ 
repos/asf/tomcat/trunk/  to the Apache snapshot repo?

Best wishes,
Paul
Permalink | Reply | 3 comments |
headers
bugzilla | 1 Jun 07:10
Picon
Favicon

DO NOT REPLY [Bug 42409] - Extra response headers not sent when using custom error page

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42409>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42409

------- Additional Comments From shivahr <at> gmail.com  2007-05-31 22:10 -------
James,
If you have any strong use-case for your requirement, this might be reconsidered.

--

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Permalink | Reply | 0 comments |
headers
bugzilla | 1 Jun 07:26
Picon
Favicon

DO NOT REPLY [Bug 42409] - Extra response headers not sent when using custom error page

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42409>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42409

------- Additional Comments From shivahr <at> gmail.com  2007-05-31 22:26 -------
Forgot to mention the answer to your question. Extra response headers set in the
Custom error page will be preserved and passed back to the client. 

Is there any strong reason why you are not doing this and why you want to set
the extra response headers in the Servlet/JSP from where error is thrown?

--

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Permalink | Reply | 0 comments |
headers
Peter Rossbach | 1 Jun 08:24
Picon
Favicon
Gravatar

Re: svn commit: r543093 - in /tomcat/connectors/trunk/jk: native/common/jk_mt.h xdocs/miscellaneous/changelog.xml xdocs/webserver_howto/apache.xml

Hi Rainer,

patch works ;)

Thanks
Peter

Am 31.05.2007 um 19:09 schrieb Rainer Jung:

> Could you try to find out, how pthread_t is defined on OS X?
> Does the following patch help?
>
> Index: jk_util.c
> ===================================================================
> --- jk_util.c   (revision 542900)
> +++ jk_util.c   (working copy)
> @@ -1686,12 +1686,87 @@
>      pthread_getunique_np(&t, &tid);
>      return ((int)(tid.intId.lo & 0xFFFFFFFF));
>  #else
> -    int tid = (int)(t & 0xFFFF);
> +    int tid = ((int)t) & 0xFFFF;
>      return tid;
>  #endif /* AS400 */
>  }
>  #endif
>
>
> Regards,
>
(Continue reading)

Permalink | Reply | 0 comments |

Gmane