Markus Koschany pushed to branch bullseye at Debian Java Maintainers / tomcat9
Commits: 2aeade1e by Markus Koschany at 2021-09-25T21:33:40+02:00 Fix CVE-2021-41079 - - - - - cf7b34d3 by Markus Koschany at 2021-09-25T21:35:43+02:00 Update changelog - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2021-41079.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,21 @@ +tomcat9 (9.0.43-2~deb11u2) bullseye-security; urgency=high + + * Team upload. + * CVE-2021-30640: Fix NullPointerException. + If no userRoleAttribute is specified in the user's Realm configuration its + default value will be null. This will cause a NPE in the methods + doFilterEscaping and doAttributeValueEscaping. This is upstream bug + https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 + * Set the fileOwner of catalina.out to tomcat explicitly. + Thanks to Adam Cecile for the report. (Closes: #987179) + * Fix CVE-2021-41079: + Apache Tomcat did not properly validate incoming TLS packets. When Tomcat + was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially + crafted packet could be used to trigger an infinite loop resulting in a + denial of service. + + -- Markus Koschany <[email protected]> Sat, 25 Sep 2021 21:34:00 +0200 + tomcat9 (9.0.43-2~deb11u1) bullseye-security; urgency=medium * Team upload. ===================================== debian/patches/CVE-2021-41079.patch ===================================== @@ -0,0 +1,55 @@ +From: Markus Koschany <[email protected]> +Date: Sat, 25 Sep 2021 18:29:40 +0200 +Subject: CVE-2021-41079 + +Origin: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 +--- + java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 + + java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 6 ++++-- + webapps/docs/changelog.xml | 4 ++++ + 3 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties +index 84990f3..34ec880 100644 +--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties ++++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties +@@ -17,6 +17,7 @@ engine.ciphersFailure=Failed getting cipher list + engine.emptyCipherSuite=Empty cipher suite + engine.engineClosed=Engine is closed + engine.failedCipherSuite=Failed to enable cipher suite [{0}] ++engine.failedToReadAvailableBytes=There are plain text bytes available to read but no bytes were read + engine.inboundClose=Inbound closed before receiving peer's close_notify + engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}]) + engine.invalidDestinationBuffersState=The state of the destination buffers changed concurrently while unwrapping bytes +diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java +index cdd0617..679fee4 100644 +--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java ++++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java +@@ -591,8 +591,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn + throw new SSLException(e); + } + +- if (bytesRead == 0) { +- break; ++ if (bytesRead <= 0) { ++ // This should not be possible. pendingApp is positive ++ // therefore the read should have read at least one byte. ++ throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes")); + } + + bytesProduced += bytesRead; +diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml +index 1ce6df0..1815ab5 100644 +--- a/webapps/docs/changelog.xml ++++ b/webapps/docs/changelog.xml +@@ -173,6 +173,10 @@ + the access log file, include information on the current user in the + associated log message (markt) + </fix> ++ <fix> ++ Make handling of OpenSSL read errors more robust when plain text data is ++ reported to be available to read. (markt) ++ </fix> + </changelog> + </subsection> + <subsection name="Coyote"> ===================================== debian/patches/series ===================================== @@ -13,3 +13,4 @@ 0027-java11-compilation.patch CVE-2021-30640.patch CVE-2021-33037.patch +CVE-2021-41079.patch View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/1e969ffcfa81899e782141cbe1e8e6fe2b73d4db...cf7b34d3c518fa556be825437479bfeba86a0b68 -- View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/1e969ffcfa81899e782141cbe1e8e6fe2b73d4db...cf7b34d3c518fa556be825437479bfeba86a0b68 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
