Hi Emmanuel
Last night, I re-enabled HTTP2 with the new (9.0.43-2~deb11u8) build.
Unfortunately, it did not fix my problem.
I am going to rummage with tcpdump and a purpose-installed debian VM to
investigate further.
Hopefully I can either track the problem down myself (not very likely), or
at least offer you a better quality bug report.



On Mon, 16 Oct 2023 at 10:51, Sam Lander <sam.lan...@gmail.com> wrote:

>
>
> ---------- Forwarded message ---------
> From: Debian Bug Tracking System <ow...@bugs.debian.org>
> Date: Sun, 15 Oct 2023 at 23:51
> Subject: Bug#1053820 closed by Debian FTP Masters <
> ftpmas...@ftp-master.debian.org> (reply to Emmanuel Bourg <
> ebo...@apache.org>) (Bug#1053820: fixed in tomcat9 9.0.43-2~deb11u8)
> To: Sam Lander <sam.lan...@gmail.com>
>
>
> This is an automatic notification regarding your Bug report
> which was filed against the libtomcat9-java package:
>
> #1053820: libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after
> upgrade 9.0.43-2~deb11u7 over u6
>
> It has been closed by Debian FTP Masters <ftpmas...@ftp-master.debian.org>
> (reply to Emmanuel Bourg <ebo...@apache.org>).
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Debian FTP Masters <
> ftpmas...@ftp-master.debian.org> (reply to Emmanuel Bourg <
> ebo...@apache.org>) by
> replying to this email.
>
>
> --
> 1053820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053820
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>
>
> ---------- Forwarded message ----------
> From: Debian FTP Masters <ftpmas...@ftp-master.debian.org>
> To: 1053820-cl...@bugs.debian.org
> Cc:
> Bcc:
> Date: Sun, 15 Oct 2023 12:47:25 +0000
> Subject: Bug#1053820: fixed in tomcat9 9.0.43-2~deb11u8
> Source: tomcat9
> Source-Version: 9.0.43-2~deb11u8
> Done: Emmanuel Bourg <ebo...@apache.org>
>
> We believe that the bug you reported is fixed in the latest version of
> tomcat9, which is due to be installed in the Debian FTP archive.
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 1053...@bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Emmanuel Bourg <ebo...@apache.org> (supplier of updated tomcat9 package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmas...@ftp-master.debian.org)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Thu, 12 Oct 2023 17:32:21 +0200
> Source: tomcat9
> Architecture: source
> Version: 9.0.43-2~deb11u8
> Distribution: bullseye-security
> Urgency: high
> Maintainer: Debian Java Maintainers <
> pkg-java-maintain...@lists.alioth.debian.org>
> Changed-By: Emmanuel Bourg <ebo...@apache.org>
> Closes: 1053820
> Changes:
>  tomcat9 (9.0.43-2~deb11u8) bullseye-security; urgency=high
>  .
>    * Fixed the HTTP/2 overhead protection triggered on data frames.
>      (Closes: #1053820
> Checksums-Sha1:
>  21c4c651b718b1c50136aa05a5156f1a75dbc9c5 2906 tomcat9_9.0.43-2~deb11u8.dsc
>  5f703f84f09b2c86ed304929671c1daae78043de 56720
> tomcat9_9.0.43-2~deb11u8.debian.tar.xz
>  be48ce5a115787000c58f9c28af980446ebe44d0 12156
> tomcat9_9.0.43-2~deb11u8_source.buildinfo
> Checksums-Sha256:
>  046e5f28d4a9722132d59ac5954de69f94f9833f919df745b1ceefb13079e8d5 2906
> tomcat9_9.0.43-2~deb11u8.dsc
>  f85edc77eb8e5e816a926c9ac80f666382e7574290868ea321526a570667cc2c 56720
> tomcat9_9.0.43-2~deb11u8.debian.tar.xz
>  a252f14c178f86754f387e48ccea8f45aa527bca941c3fcd55215cf770808c7a 12156
> tomcat9_9.0.43-2~deb11u8_source.buildinfo
> Files:
>  6f79c8ab4b2cc2c0473d51c18fa75768 2906 java optional
> tomcat9_9.0.43-2~deb11u8.dsc
>  ee10311fa63eb9fa1ac9c613d46b0f13 56720 java optional
> tomcat9_9.0.43-2~deb11u8.debian.tar.xz
>  bcb2b809f03c62b09a60d659f1aee53f 12156 java optional
> tomcat9_9.0.43-2~deb11u8_source.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUoM9dfFIAAAAAALgAo
> aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
> RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
> YW4ub3JnAAoJENmtFLlRO1HkqrcQAMxtrdP7vSR0qXnQkAUjHbMb9zMlmwSzfC+M
> D8GQNXF3i7tJZRA3Op7/nAI0eemTLCmPrDGwwZUsaGeCKtU3SqzDD70FcDZANf60
> yS8Pu0TfmOeTisGodwc0zjWLlg/OxSHLL8oPDExj9RDdDeNkArwZ+VQ0OIDD5ZEh
> PTl6hKo7bwYnfzo/xuEZwXJuNYFIJtk11ea3uvhsfEQw3jEZkb9cFeJ9RukkZsi5
> BPJ4xcQs48ca13vtkxc4g/bNORtye1GL3oeA9HTCD7Gm+st4svI1YyBbuxnsg5KM
> 5pChx7k5HeL6dX9F9OE5pd/tJdWGapyyo9xiDUk5gJlgxUOImT2eij8tyBbfpniV
> L8ANb+6QjQq7btf/yVUu6IsP36PvnLMspdQq7zkneQp28Fcvlwmhw79iZ8IvuDdz
> 2fGpEsZRCpSxXadPAQfx/7XXuzU/rWVTlRt+JB965vYLaZOvdQ0/HyW4RlNm9tOd
> PRoqsJA5MA59PtYP+VUN/Ut4YmNkBFf4IBwYughbLuCSnAJFvhOwh9XnXGDylopp
> XvK46BpO+KSAJ71rGa8jxZJ0sKXuJZrTUAX/YsyvvaQVY7802gCrr3cW2FlxWcyT
> IhcdaCc7IwmJw20HxwChzGJ+9uWR5f927/PK9vQeCtuXHaOb3pqD2gi8HYRI0Edu
> 7vb16qek
> =DwpG
> -----END PGP SIGNATURE-----
>
>
> ---------- Forwarded message ----------
> From: Sam Lander <sam.lan...@gmail.com>
> To: Debian Bug Tracking System <sub...@bugs.debian.org>
> Cc:
> Bcc:
> Date: Thu, 12 Oct 2023 10:43:42 +1100
> Subject: libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after
> upgrade 9.0.43-2~deb11u7 over u6
> Package: libtomcat9-java
> Version: 9.0.43-2~deb11u7
> Severity: important
> X-Debbugs-Cc: sam.lan...@gmail.com
>
> Dear Maintainer,
>
> I let unattended-upgrades handle the HTTP2 vulnerability.
> It installed thusly:
>
> > Log started: 2023-10-12  06:34:35
> > (Reading database <snip...>
> > Preparing to unpack .../libtomcat9-java_9.0.43-2~deb11u7_all.deb ...
> > Unpacking libtomcat9-java (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> > Preparing to unpack .../tomcat9-common_9.0.43-2~deb11u7_all.deb ...
> > Unpacking tomcat9-common (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> > Preparing to unpack .../tomcat9_9.0.43-2~deb11u7_all.deb ...
> > Unpacking tomcat9 (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> > Setting up libtomcat9-java (9.0.43-2~deb11u7) ...
> > Setting up tomcat9-common (9.0.43-2~deb11u7) ...
> > Setting up tomcat9 (9.0.43-2~deb11u7) ...
> > Processing triggers for rsyslog (8.2102.0-2+deb11u1) ...
> >
> > Pending kernel upgrade!
> >
> > Running kernel version:
> >  5.10.0-19-amd64
> >
> > Diagnostics:
> >   The currently running kernel version is not the expected kernel
> version 5.10.0-26-amd64.
>
> I did not reboot, and all lclients (Firefox, Safari, Chrome reported
> similar errors. No certificate available, security problem and
> ERR_HTTP2_PROTOCOL_ERROR
>
> A reboot to enable the new kernel produced the same results.
>
> I have commented-out HTTP2 and restarted Tomcat9, and the error is gone,
> (but so is HTTP2)
> >     <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> >                maxThreads="150" SSLEnabled="true" >
> >             <!-- sam 20231012 <UpgradeProtocol
> className="org.apache.coyote.http2.Http2Protocol" /> -->
> >         <SSLHostConfig>
> >                 <Certificate certificateKeyFile="/etc/letsencrypt/live/
> puppy.ccoz.org.au/privkey.pem"
> >
>  certificateFile="/etc/letsencrypt/live/xxxxxxxxxxxxxxxxx/cert.pem"
> >
>  certificateChainFile="/etc/letsencrypt/live/xxxxxxxxxxxxxxxxx/chain.pem"
> >                         type="RSA" />
> >         </SSLHostConfig>
> >     </Connector>
>
>
> -- System Information:
>        _,met$$$$$gg.          root@xxxxx
>     ,g$$$$$$$$$$$$$$$P.       ----------
>   ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 11 (bullseye) x86_64
>  ,$$P'              `$$$.     Host: HVM domU 4.7
> ',$$P       ,ggs.     `$$b:   Kernel: 5.10.0-26-amd64
> `d$$'     ,$P"'   .    $$$    Uptime: 1 hour, 43 mins
>  $$P      d$'     ,    $$P    Packages: 799 (dpkg)
>  $$:      $$.   -    ,d$$'    Shell: bash 5.1.4
>  $$;      Y$b._   _,d$P'      Resolution: 1024x768
>  Y$$.    `.`"Y$$$$P"'         CPU: AMD Opteron 4170 HE (4) @ 2.100GHz
>  `$$b      "-.__              GPU: 00:02.0 Cirrus Logic GD 5446
>   `Y$$                        Memory: 1349MiB / 7938MiB
>    `Y$$.
>      `$$b.
>        `Y$$b.
>           `"Y$b._
>               `"""
>
>
> --
> Sam Lander
> 0414 626 080
>
>

-- 
Sam Lander
Community Connections Australia
(   1300 36 46 88  M:  0414 626 080
+    PO Box 253 Parramatta 2124
+    L1 90 Phillip St Parramatta 2150
:    www.ccoz.org.au

The content of this email is confidential and intended for the recipient
specified in the message only. It is strictly forbidden to share any
part of this message with any third party, without a written consent of
the sender. If you received this message by mistake, please reply to
this message and follow with its deletion, so that we can ensure such a
mistake does not occur in the future.

Reply via email to