Hello community, here is the log from the commit of package tomcat for openSUSE:Factory checked in at 2020-10-14 15:40:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tomcat (Old) and /work/SRC/openSUSE:Factory/.tomcat.new.3486 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tomcat" Wed Oct 14 15:40:15 2020 rev:72 rq:841719 version:9.0.36 Changes: -------- --- /work/SRC/openSUSE:Factory/tomcat/tomcat.changes 2020-08-29 20:34:12.337259586 +0200 +++ /work/SRC/openSUSE:Factory/.tomcat.new.3486/tomcat.changes 2020-10-14 15:41:03.382401462 +0200 @@ -1,0 +2,9 @@ +Tue Oct 13 11:23:32 UTC 2020 - Matei Albu <ma...@suse.com> + +- Fix CVE-2020-13943 (bsc#1177582) +- Added patch: + * tomcat-9.0-CVE-2020-13943.patch +- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup + scripts (bsc#1177601) + +------------------------------------------------------------------- New: ---- tomcat-9.0-CVE-2020-13943.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tomcat.spec ++++++ --- /var/tmp/diff_new_pack.xsJgIu/_old 2020-10-14 15:41:04.946402008 +0200 +++ /var/tmp/diff_new_pack.xsJgIu/_new 2020-10-14 15:41:04.946402008 +0200 @@ -83,6 +83,7 @@ Patch5: tomcat-9.0.31-java8compat.patch # PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to avoid tomcat not starting Patch6: tomcat-9.0.31-secretRequired-default.patch +Patch7: tomcat-9.0-CVE-2020-13943.patch BuildRequires: ant >= 1.8.1 BuildRequires: ant-antlr @@ -262,6 +263,7 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 # remove date from docs sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl ++++++ tomcat-9.0-CVE-2020-13943.patch ++++++ >From 55911430df13f8c9998fbdee1f9716994d2db59b Mon Sep 17 00:00:00 2001 From: Mark Thomas <ma...@apache.org> Date: Thu, 23 Jul 2020 17:43:45 +0100 Subject: [PATCH] Move check for current streams to end of header parsing. --- java/org/apache/coyote/http2/Http2Parser.java | 2 +- .../coyote/http2/Http2UpgradeHandler.java | 24 ++++++++++--------- .../coyote/http2/TestHttp2Section_5_1.java | 20 ++++++++++------ 3 files changed, 27 insertions(+), 19 deletions(-) Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2Parser.java +++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java @@ -738,7 +738,7 @@ class Http2Parser { HeaderEmitter headersStart(int streamId, boolean headersEndStream) throws Http2Exception, IOException; void headersContinue(int payloadSize, boolean endOfHeaders); - void headersEnd(int streamId) throws ConnectionException; + void headersEnd(int streamId) throws Http2Exception; // Priority frames (also headers) void reprioritise(int streamId, int parentStreamId, boolean exclusive, int weight) Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2UpgradeHandler.java +++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java @@ -1451,16 +1451,6 @@ class Http2UpgradeHandler extends Abstra stream.checkState(FrameType.HEADERS); stream.receivedStartOfHeaders(headersEndStream); closeIdleStreams(streamId); - if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) { - setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet()); - // Ignoring maxConcurrentStreams increases the overhead count - increaseOverheadCount(); - throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams", - Long.toString(localSettings.getMaxConcurrentStreams())), - Http2Error.REFUSED_STREAM, streamId); - } - // Valid new stream reduces the overhead count - reduceOverheadCount(); return stream; } else { if (log.isDebugEnabled()) { @@ -1528,12 +1518,24 @@ class Http2UpgradeHandler extends Abstra @Override - public void headersEnd(int streamId) throws ConnectionException { + public void headersEnd(int streamId) throws Http2Exception { Stream stream = getStream(streamId, connectionState.get().isNewStreamAllowed()); if (stream != null) { setMaxProcessedStream(streamId); if (stream.isActive()) { if (stream.receivedEndOfHeaders()) { + + if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) { + setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet()); + // Ignoring maxConcurrentStreams increases the overhead count + increaseOverheadCount(); + throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams", + Long.toString(localSettings.getMaxConcurrentStreams())), + Http2Error.REFUSED_STREAM, streamId); + } + // Valid new stream reduces the overhead count + reduceOverheadCount(); + processStreamOnContainerThread(stream); } } Index: apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java =================================================================== --- apache-tomcat-9.0.36-src.orig/test/org/apache/coyote/http2/TestHttp2Section_5_1.java +++ apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java @@ -222,11 +222,11 @@ public class TestHttp2Section_5_1 extend // Expecting // 1 * headers // 56k-1 of body (7 * ~8k) - // 1 * error (could be in any order) - for (int i = 0; i < 8; i++) { + // 1 * error + // for a total of 9 frames (could be in any order) + for (int i = 0; i < 9; i++) { parser.readFrame(true); } - parser.readFrame(true); Assert.assertTrue(output.getTrace(), output.getTrace().contains("5-RST-[" + @@ -238,14 +238,20 @@ public class TestHttp2Section_5_1 extend // Release the remaining body sendWindowUpdate(0, (1 << 31) - 2); - // Allow for the 8k still in the stream window + // Allow for the ~8k still in the stream window sendWindowUpdate(3, (1 << 31) - 8193); - // 192k of body (24 * 8k) - // 1 * error (could be in any order) - for (int i = 0; i < 24; i++) { + // Read until the end of stream 3 + while (!output.getTrace().contains("3-EndOfStream")) { parser.readFrame(true); } + output.clearTrace(); + + // Confirm another request can be sent once concurrency falls back below limit + sendSimpleGetRequest(7); + parser.readFrame(true); + parser.readFrame(true); + Assert.assertEquals(getSimpleResponseTrace(7), output.getTrace()); } ++++++ tomcat-9.0-jsvc.service ++++++ --- /var/tmp/diff_new_pack.xsJgIu/_old 2020-10-14 15:41:05.014402032 +0200 +++ /var/tmp/diff_new_pack.xsJgIu/_new 2020-10-14 15:41:05.014402032 +0200 @@ -14,8 +14,8 @@ Type=simple EnvironmentFile=/etc/tomcat/tomcat.conf Environment="NAME=" "USE_JSVC=true" -ExecStart=/usr/lib/tomcat/server start -ExecStop=/usr/lib/tomcat/server stop +ExecStart=/usr/libexec/tomcat/server start +ExecStop=/usr/libexec/tomcat/server stop [Install] WantedBy=multi-user.target ++++++ tomcat-9.0.service ++++++ --- /var/tmp/diff_new_pack.xsJgIu/_old 2020-10-14 15:41:05.106402064 +0200 +++ /var/tmp/diff_new_pack.xsJgIu/_new 2020-10-14 15:41:05.106402064 +0200 @@ -14,8 +14,8 @@ EnvironmentFile=/etc/tomcat/tomcat.conf Environment="NAME=" EnvironmentFile=-/etc/sysconfig/tomcat -ExecStart=/usr/lib/tomcat/server start -ExecStop=/usr/lib/tomcat/server stop +ExecStart=/usr/libexec/tomcat/server start +ExecStop=/usr/libexec/tomcat/server stop SuccessExitStatus=143 User=tomcat Group=tomcat ++++++ tomcat-9.0.wrapper ++++++ --- /var/tmp/diff_new_pack.xsJgIu/_old 2020-10-14 15:41:05.130402073 +0200 +++ /var/tmp/diff_new_pack.xsJgIu/_new 2020-10-14 15:41:05.130402073 +0200 @@ -1,7 +1,7 @@ #!/bin/bash if [ "$1" = "version" ]; then - . /usr/lib/tomcat/preamble + . /usr/libexec/tomcat/preamble exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ org.apache.catalina.util.ServerInfo fi ++++++ tomcat-named.service ++++++ --- /var/tmp/diff_new_pack.xsJgIu/_old 2020-10-14 15:41:05.166402085 +0200 +++ /var/tmp/diff_new_pack.xsJgIu/_new 2020-10-14 15:41:05.166402085 +0200 @@ -15,8 +15,8 @@ EnvironmentFile=/etc/tomcat/tomcat.conf Environment="NAME=%I" EnvironmentFile=-/etc/sysconfig/tomcat@%I -ExecStart=/usr/lib/tomcat/server start -ExecStop=/usr/lib/tomcat/server stop +ExecStart=/usr/libexec/tomcat/server start +ExecStop=/usr/libexec/tomcat/server stop SuccessExitStatus=143 User=tomcat Group=tomcat ++++++ tomcat-preamble ++++++ --- /var/tmp/diff_new_pack.xsJgIu/_old 2020-10-14 15:41:05.186402092 +0200 +++ /var/tmp/diff_new_pack.xsJgIu/_new 2020-10-14 15:41:05.186402092 +0200 @@ -1,6 +1,6 @@ #!/bin/bash -. /usr/lib/tomcat/functions +. /usr/libexec/tomcat/functions # Get the tomcat config (use this for environment specific settings) ++++++ tomcat-server ++++++ --- /var/tmp/diff_new_pack.xsJgIu/_old 2020-10-14 15:41:05.218402104 +0200 +++ /var/tmp/diff_new_pack.xsJgIu/_new 2020-10-14 15:41:05.222402105 +0200 @@ -1,6 +1,6 @@ #!/bin/bash -. /usr/lib/tomcat/preamble +. /usr/libexec/tomcat/preamble MAIN_CLASS=org.apache.catalina.startup.Bootstrap