Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package tomcat for openSUSE:Factory checked 
in at 2021-11-10 21:46:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tomcat (Old)
 and      /work/SRC/openSUSE:Factory/.tomcat.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "tomcat"

Wed Nov 10 21:46:39 2021 rev:78 rq:930612 version:9.0.43

Changes:
--------
--- /work/SRC/openSUSE:Factory/tomcat/tomcat.changes    2021-10-21 
23:55:17.772018384 +0200
+++ /work/SRC/openSUSE:Factory/.tomcat.new.1890/tomcat.changes  2021-11-10 
21:47:20.695834900 +0100
@@ -1,0 +2,25 @@
+Wed Nov 10 06:51:24 UTC 2021 - Fridrich Strba <fst...@suse.com>
+
+- Modified patch:
+  * tomcat-9.0-osgi-build.patch
+    + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0
+
+-------------------------------------------------------------------
+Fri Oct 29 11:15:32 UTC 2021 - Michele Bussolotto <michele.bussolo...@suse.com>
+
+- Fixed CVEs:
+  * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
+  * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. 
clients (bsc#1188278)
+- Added patches:
+  * tomcat-9.0-CVE-2021-30640.patch
+  * tomcat-9.0-CVE-2021-33037.patch
+
+-------------------------------------------------------------------
+Thu Oct 28 08:33:07 UTC 2021 - Michele Bussolotto <michele.bussolo...@suse.com>
+
+- Fixed CVEs:
+  * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
+- Added patches:
+  * tomcat-9.0-CVE-2021-41079.patch
+
+-------------------------------------------------------------------

New:
----
  tomcat-9.0-CVE-2021-30640.patch
  tomcat-9.0-CVE-2021-33037.patch
  tomcat-9.0-CVE-2021-41079.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tomcat.spec ++++++
--- /var/tmp/diff_new_pack.PfPRWw/_old  2021-11-10 21:47:21.531835264 +0100
+++ /var/tmp/diff_new_pack.PfPRWw/_new  2021-11-10 21:47:21.535835266 +0100
@@ -83,6 +83,9 @@
 Patch5:         tomcat-9.0.43-java8compat.patch
 # PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to 
avoid tomcat not starting
 Patch6:         tomcat-9.0.31-secretRequired-default.patch
+Patch7:         tomcat-9.0-CVE-2021-41079.patch
+Patch8:         tomcat-9.0-CVE-2021-33037.patch
+Patch9:         tomcat-9.0-CVE-2021-30640.patch
 
 BuildRequires:  ant >= 1.8.1
 BuildRequires:  ant-antlr
@@ -90,8 +93,8 @@
 BuildRequires:  apache-commons-daemon
 BuildRequires:  apache-commons-dbcp >= 2.0
 BuildRequires:  apache-commons-pool2
-BuildRequires:  aqute-bnd >= 5.1.1
-BuildRequires:  aqute-bndlib >= 5.1.1
+BuildRequires:  aqute-bnd >= 5.2
+BuildRequires:  aqute-bndlib >= 5.2
 BuildRequires:  ecj >= 4.4.0
 BuildRequires:  fdupes
 BuildRequires:  findutils
@@ -257,6 +260,9 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 # remove date from docs
 sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl
@@ -293,6 +299,7 @@
     -Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \
     -Dsaaj-api.jar="$(build-classpath geronimo-saaj-1.1-api)" \
     -Dbnd.jar="$(build-classpath aqute-bnd/biz.aQute.bnd)" \
+    -Dbndant.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.ant)" \
     -Dbndlib.jar="$(build-classpath aqute-bnd/biz.aQute.bndlib)" \
     -Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
     -Dbndannotation.jar="$(build-classpath 
aqute-bnd/biz.aQute.bnd.annotation)" \


++++++ tomcat-9.0-CVE-2021-30640.patch ++++++
++++ 2666 lines (skipped)

++++++ tomcat-9.0-CVE-2021-33037.patch ++++++
Index: 
apache-tomcat-9.0.43-src/java/org/apache/coyote/http11/Http11Processor.java
===================================================================
--- 
apache-tomcat-9.0.43-src.orig/java/org/apache/coyote/http11/Http11Processor.java
+++ apache-tomcat-9.0.43-src/java/org/apache/coyote/http11/Http11Processor.java
@@ -212,11 +212,8 @@ public class Http11Processor extends Abs
 
         // Parsing trims and converts to lower case.
 
-        if (encodingName.equals("identity")) {
-            // Skip
-        } else if (encodingName.equals("chunked")) {
-            inputBuffer.addActiveFilter
-                (inputFilters[Constants.CHUNKED_FILTER]);
+        if (encodingName.equals("chunked")) {
+            
inputBuffer.addActiveFilter(inputFilters[Constants.CHUNKED_FILTER]);
             contentDelimitation = true;
         } else {
             for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
@@ -753,13 +750,14 @@ public class Http11Processor extends Abs
         InputFilter[] inputFilters = inputBuffer.getFilters();
 
         // Parse transfer-encoding header
-        if (http11) {
+        // HTTP specs say an HTTP 1.1 server should accept any recognised
+        // HTTP 1.x header from a 1.x client unless the specs says otherwise.
+        if (!http09) {
             MessageBytes transferEncodingValueMB = 
headers.getValue("transfer-encoding");
             if (transferEncodingValueMB != null) {
                 List<String> encodingNames = new ArrayList<>();
                 if 
(TokenList.parseTokenList(headers.values("transfer-encoding"), encodingNames)) {
                     for (String encodingName : encodingNames) {
-                        // "identity" codings are ignored
                         addInputFilter(inputFilters, encodingName);
                     }
                 } else {
Index: 
apache-tomcat-9.0.43-src/test/org/apache/coyote/http11/TestHttp11Processor.java
===================================================================
--- 
apache-tomcat-9.0.43-src.orig/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ 
apache-tomcat-9.0.43-src/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -254,31 +254,6 @@ public class TestHttp11Processor extends
 
 
     @Test
-    public void testWithTEIdentity() throws Exception {
-        getTomcatInstanceTestWebapp(false, true);
-
-        String request =
-            "POST /test/echo-params.jsp HTTP/1.1" + SimpleHttpClient.CRLF +
-            "Host: any" + SimpleHttpClient.CRLF +
-            "Transfer-encoding: identity" + SimpleHttpClient.CRLF +
-            "Content-Length: 9" + SimpleHttpClient.CRLF +
-            "Content-Type: application/x-www-form-urlencoded" +
-                    SimpleHttpClient.CRLF +
-            "Connection: close" + SimpleHttpClient.CRLF +
-                SimpleHttpClient.CRLF +
-            "test=data";
-
-        Client client = new Client(getPort());
-        client.setRequest(new String[] {request});
-
-        client.connect();
-        client.processRequest();
-        Assert.assertTrue(client.isResponse200());
-        Assert.assertTrue(client.getResponseBody().contains("test - data"));
-    }
-
-
-    @Test
     public void testWithTESavedRequest() throws Exception {
         getTomcatInstanceTestWebapp(false, true);
 
@@ -1859,4 +1834,102 @@ public class TestHttp11Processor extends
             // NO-OP
         }
     }
+
+
+    @Test
+    public void testTEHeaderUnknown01() throws Exception {
+        doTestTEHeaderUnknown("identity");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown02() throws Exception {
+        doTestTEHeaderUnknown("identity, chunked");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown03() throws Exception {
+        doTestTEHeaderUnknown("unknown, chunked");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown04() throws Exception {
+        doTestTEHeaderUnknown("void");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown05() throws Exception {
+        doTestTEHeaderUnknown("void, chunked");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown06() throws Exception {
+        doTestTEHeaderUnknown("void, identity");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown07() throws Exception {
+        doTestTEHeaderUnknown("identity, void");
+    }
+
+
+    private void doTestTEHeaderUnknown(String headerValue) throws Exception {
+        Tomcat tomcat = getTomcatInstance();
+
+        // No file system docBase required
+        Context ctx = tomcat.addContext("", null);
+
+        // Add servlet
+        Tomcat.addServlet(ctx, "TesterServlet", new TesterServlet(false));
+        ctx.addServletMappingDecoded("/foo", "TesterServlet");
+
+        tomcat.start();
+
+        String request =
+                "GET /foo HTTP/1.1" + SimpleHttpClient.CRLF +
+                "Host: localhost:" + getPort() + SimpleHttpClient.CRLF +
+                "Transfer-Encoding: " + headerValue + SimpleHttpClient.CRLF +
+                SimpleHttpClient.CRLF;
+
+        Client client = new Client(tomcat.getConnector().getLocalPort());
+        client.setRequest(new String[] {request});
+
+        client.connect();
+        client.processRequest(false);
+
+        Assert.assertTrue(client.isResponse501());
+    }
+
+
+    @Test
+    public void testWithTEChunkedHttp10() throws Exception {
+
+        getTomcatInstanceTestWebapp(false, true);
+
+        String request =
+            "POST /test/echo-params.jsp HTTP/1.0" + SimpleHttpClient.CRLF +
+            "Host: any" + SimpleHttpClient.CRLF +
+            "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
+            "Content-Type: application/x-www-form-urlencoded" +
+                    SimpleHttpClient.CRLF +
+            "Connection: close" + SimpleHttpClient.CRLF +
+            SimpleHttpClient.CRLF +
+            "9" + SimpleHttpClient.CRLF +
+            "test=data" + SimpleHttpClient.CRLF +
+            "0" + SimpleHttpClient.CRLF +
+            SimpleHttpClient.CRLF;
+
+        Client client = new Client(getPort());
+        client.setRequest(new String[] {request});
+
+        client.connect();
+        client.processRequest();
+        Assert.assertTrue(client.isResponse200());
+        Assert.assertTrue(client.getResponseBody().contains("test - data"));
+    }
 }
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -347,6 +347,16 @@
         connections are attempted and fail. Patch provided by Maurizio Adami.
         (markt)
       </fix>
+      <fix>
+        Remove support for the <code>identity</code> transfer encoding. The
+        inclusion of this encoding in RFC 2616 was an error that was corrected
+        in 2001. Requests using this transfer encoding will now receive a 501
+        response. (markt)
+      </fix>
+      <fix>
+        Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
+        clients. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">
++++++ tomcat-9.0-CVE-2021-41079.patch ++++++
>From d4b340fa8feaf55831f9a59350578f7b6ca048b8 Mon Sep 17 00:00:00 2001
From: Mark Thomas <ma...@apache.org>
Date: Wed, 3 Mar 2021 12:00:46 +0000
Subject: [PATCH] Improve robustness

---
 .../apache/tomcat/util/net/openssl/LocalStrings.properties  | 1 +
 java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java  | 6 ++++--
 webapps/docs/changelog.xml                                  | 4 ++++
 3 files changed, 9 insertions(+), 2 deletions(-)

Index: 
apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
===================================================================
--- 
apache-tomcat-9.0.43-src.orig/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ 
apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -17,6 +17,7 @@ engine.ciphersFailure=Failed getting cip
 engine.emptyCipherSuite=Empty cipher suite
 engine.engineClosed=Engine is closed
 engine.failedCipherSuite=Failed to enable cipher suite [{0}]
+engine.failedToReadAvailableBytes=There are plain text bytes available to read 
but no bytes were read
 engine.inboundClose=Inbound closed before receiving peer's close_notify
 engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= 
offset + length <= srcs.length [{2}])
 engine.invalidDestinationBuffersState=The state of the destination buffers 
changed concurrently while unwrapping bytes
Index: 
apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
===================================================================
--- 
apache-tomcat-9.0.43-src.orig/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ 
apache-tomcat-9.0.43-src/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -592,8 +592,10 @@ public final class OpenSSLEngine extends
                     throw new SSLException(e);
                 }
 
-                if (bytesRead == 0) {
-                    break;
+                if (bytesRead <= 0) {
+                    // This should not be possible. pendingApp is positive
+                    // therefore the read should have read at least one byte.
+                    throw new 
IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
                 }
 
                 bytesProduced += bytesRead;
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
@@ -173,6 +173,10 @@
         the access log file, include information on the current user in the
         associated log message  (markt)
       </fix>
+      <fix>
+        Make handling of OpenSSL read errors more robust when plain text data 
is
+        reported to be available to read. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">
++++++ tomcat-9.0-osgi-build.patch ++++++
--- /var/tmp/diff_new_pack.PfPRWw/_old  2021-11-10 21:47:21.667835323 +0100
+++ /var/tmp/diff_new_pack.PfPRWw/_new  2021-11-10 21:47:21.667835323 +0100
@@ -2,10 +2,11 @@
 ===================================================================
 --- apache-tomcat-9.0.37-src.orig/build.xml
 +++ apache-tomcat-9.0.37-src/build.xml
-@@ -3307,6 +3307,12 @@ Read the Building page on the Apache Tom
+@@ -3307,6 +3307,13 @@ Read the Building page on the Apache Tom
      <!-- Add bnd tasks to project -->
      <path id="bnd.classpath">
        <fileset file="${bnd.jar}" />
++      <fileset file="${bndant.jar}" />
 +      <fileset file="${bndlib.jar}" />
 +      <fileset file="${bndlibg.jar}" />
 +      <fileset file="${bndannotation.jar}" />

Reply via email to