Bug#1053820: marked as done (libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after upgrade 9.0.43-2~deb11u7 over u6)

Sun, 15 Oct 2023 05:51:13 -0700 

Your message dated Sun, 15 Oct 2023 12:47:25 +0000
with message-id <[email protected]>
and subject line Bug#1053820: fixed in tomcat9 9.0.43-2~deb11u8
has caused the Debian Bug report #1053820,
regarding libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after upgrade 
9.0.43-2~deb11u7 over u6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1053820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053820
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libtomcat9-java
Version: 9.0.43-2~deb11u7
Severity: important
X-Debbugs-Cc: [email protected]

Dear Maintainer,

I let unattended-upgrades handle the HTTP2 vulnerability.
It installed thusly:

> Log started: 2023-10-12  06:34:35
> (Reading database <snip...>
> Preparing to unpack .../libtomcat9-java_9.0.43-2~deb11u7_all.deb ...
> Unpacking libtomcat9-java (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Preparing to unpack .../tomcat9-common_9.0.43-2~deb11u7_all.deb ...
> Unpacking tomcat9-common (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Preparing to unpack .../tomcat9_9.0.43-2~deb11u7_all.deb ...
> Unpacking tomcat9 (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Setting up libtomcat9-java (9.0.43-2~deb11u7) ...
> Setting up tomcat9-common (9.0.43-2~deb11u7) ...
> Setting up tomcat9 (9.0.43-2~deb11u7) ...
> Processing triggers for rsyslog (8.2102.0-2+deb11u1) ...
> 
> Pending kernel upgrade!
> 
> Running kernel version:
>  5.10.0-19-amd64
> 
> Diagnostics:
>   The currently running kernel version is not the expected kernel version 
> 5.10.0-26-amd64.

I did not reboot, and all lclients (Firefox, Safari, Chrome reported
similar errors. No certificate available, security problem and 
ERR_HTTP2_PROTOCOL_ERROR

A reboot to enable the new kernel produced the same results.

I have commented-out HTTP2 and restarted Tomcat9, and the error is gone,
(but so is HTTP2)
>     <Connector port="443" 
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>                maxThreads="150" SSLEnabled="true" >
>             <!-- sam 20231012 <UpgradeProtocol 
> className="org.apache.coyote.http2.Http2Protocol" /> -->
>         <SSLHostConfig>
>                 <Certificate 
> certificateKeyFile="/etc/letsencrypt/live/puppy.ccoz.org.au/privkey.pem"
>                         
> certificateFile="/etc/letsencrypt/live/xxxxxxxxxxxxxxxxx/cert.pem"
>                         
> certificateChainFile="/etc/letsencrypt/live/xxxxxxxxxxxxxxxxx/chain.pem"
>                         type="RSA" />
>         </SSLHostConfig>
>     </Connector>


-- System Information:
       _,met$$$$$gg.          root@xxxxx
    ,g$$$$$$$$$$$$$$$P.       ----------
  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 11 (bullseye) x86_64
 ,$$P'              `$$$.     Host: HVM domU 4.7
',$$P       ,ggs.     `$$b:   Kernel: 5.10.0-26-amd64
`d$$'     ,$P"'   .    $$$    Uptime: 1 hour, 43 mins
 $$P      d$'     ,    $$P    Packages: 799 (dpkg)
 $$:      $$.   -    ,d$$'    Shell: bash 5.1.4
 $$;      Y$b._   _,d$P'      Resolution: 1024x768
 Y$$.    `.`"Y$$$$P"'         CPU: AMD Opteron 4170 HE (4) @ 2.100GHz
 `$$b      "-.__              GPU: 00:02.0 Cirrus Logic GD 5446
  `Y$$                        Memory: 1349MiB / 7938MiB
   `Y$$.
     `$$b.
       `Y$$b.
          `"Y$b._
              `"""

--- End Message ---
--- Begin Message --- 
Source: tomcat9
Source-Version: 9.0.43-2~deb11u8
Done: Emmanuel Bourg <[email protected]>

We believe that the bug you reported is fixed in the latest version of
tomcat9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <[email protected]> (supplier of updated tomcat9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 12 Oct 2023 17:32:21 +0200
Source: tomcat9
Architecture: source
Version: 9.0.43-2~deb11u8
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers 
<[email protected]>
Changed-By: Emmanuel Bourg <[email protected]>
Closes: 1053820
Changes:
 tomcat9 (9.0.43-2~deb11u8) bullseye-security; urgency=high
 .
   * Fixed the HTTP/2 overhead protection triggered on data frames.
     (Closes: #1053820
Checksums-Sha1:
 21c4c651b718b1c50136aa05a5156f1a75dbc9c5 2906 tomcat9_9.0.43-2~deb11u8.dsc
 5f703f84f09b2c86ed304929671c1daae78043de 56720 
tomcat9_9.0.43-2~deb11u8.debian.tar.xz
 be48ce5a115787000c58f9c28af980446ebe44d0 12156 
tomcat9_9.0.43-2~deb11u8_source.buildinfo
Checksums-Sha256:
 046e5f28d4a9722132d59ac5954de69f94f9833f919df745b1ceefb13079e8d5 2906 
tomcat9_9.0.43-2~deb11u8.dsc
 f85edc77eb8e5e816a926c9ac80f666382e7574290868ea321526a570667cc2c 56720 
tomcat9_9.0.43-2~deb11u8.debian.tar.xz
 a252f14c178f86754f387e48ccea8f45aa527bca941c3fcd55215cf770808c7a 12156 
tomcat9_9.0.43-2~deb11u8_source.buildinfo
Files:
 6f79c8ab4b2cc2c0473d51c18fa75768 2906 java optional 
tomcat9_9.0.43-2~deb11u8.dsc
 ee10311fa63eb9fa1ac9c613d46b0f13 56720 java optional 
tomcat9_9.0.43-2~deb11u8.debian.tar.xz
 bcb2b809f03c62b09a60d659f1aee53f 12156 java optional 
tomcat9_9.0.43-2~deb11u8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUoM9dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkqrcQAMxtrdP7vSR0qXnQkAUjHbMb9zMlmwSzfC+M
D8GQNXF3i7tJZRA3Op7/nAI0eemTLCmPrDGwwZUsaGeCKtU3SqzDD70FcDZANf60
yS8Pu0TfmOeTisGodwc0zjWLlg/OxSHLL8oPDExj9RDdDeNkArwZ+VQ0OIDD5ZEh
PTl6hKo7bwYnfzo/xuEZwXJuNYFIJtk11ea3uvhsfEQw3jEZkb9cFeJ9RukkZsi5
BPJ4xcQs48ca13vtkxc4g/bNORtye1GL3oeA9HTCD7Gm+st4svI1YyBbuxnsg5KM
5pChx7k5HeL6dX9F9OE5pd/tJdWGapyyo9xiDUk5gJlgxUOImT2eij8tyBbfpniV
L8ANb+6QjQq7btf/yVUu6IsP36PvnLMspdQq7zkneQp28Fcvlwmhw79iZ8IvuDdz
2fGpEsZRCpSxXadPAQfx/7XXuzU/rWVTlRt+JB965vYLaZOvdQ0/HyW4RlNm9tOd
PRoqsJA5MA59PtYP+VUN/Ut4YmNkBFf4IBwYughbLuCSnAJFvhOwh9XnXGDylopp
XvK46BpO+KSAJ71rGa8jxZJ0sKXuJZrTUAX/YsyvvaQVY7802gCrr3cW2FlxWcyT
IhcdaCc7IwmJw20HxwChzGJ+9uWR5f927/PK9vQeCtuXHaOb3pqD2gi8HYRI0Edu
7vb16qek
=DwpG
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
[email protected] for discussions and questions.

Reply via email to