[GitHub] [tomcat-training] dependabot[bot] opened a new pull request, #4: Bump grunt from 1.0.2 to 1.5.2
dependabot[bot] opened a new pull request, #4: URL: https://github.com/apache/tomcat-training/pull/4 Bumps [grunt](https://github.com/gruntjs/grunt) from 1.0.2 to 1.5.2. Release notes Sourced from https://github.com/gruntjs/grunt/releases;>grunt's releases. v1.5.2 Update Changelog 7f15fd5 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1743;>#1743 from gruntjs/cleanup-link b0ec6e1 Clean up link handling 433f91b https://github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2;>https://github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2 v1.5.1 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1742;>#1742 from gruntjs/update-symlink-test ad22608 Fix symlink test 0652305 https://github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1;>https://github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1 v1.5.0 Updated changelog b2b2c2b Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1740;>#1740 from gruntjs/update-deps-22-10 3eda6ae Update testing matrix 47d32de More updates 2e9161c Remove console log 04b960e Update dependencies, tests... aad3d45 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1736;>#1736 from justlep/main fdc7056 support .cjs extension e35fe54 https://github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0;>https://github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0 v1.4.1 Update Changelog e7625e5 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1731;>#1731 from gruntjs/update-options 5d67e34 Fix ci install d13bf88 Switch to Actions 08896ae Update grunt-known-options eee0673 Add note about a breaking change 1b6e288 https://github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1;>https://github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1 v1.4.0 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1728;>#1728 from gruntjs/update-deps-changelog 63b2e89 Update changelog and util dep 106ed17 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1727;>#1727 from gruntjs/update-deps-apr 49de70b Update CLI and nodeunit 47cf8b6 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1722;>#1722 from gruntjs/update-through e86db1c Update deps 4952368 https://github.com/gruntjs/grunt/compare/v1.3.0...v1.4.0;>https://github.com/gruntjs/grunt/compare/v1.3.0...v1.4.0 v1.3.0 Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1720;>#1720 from gruntjs/update-changelog-deps faab6be Update Changelog and legacy-util dependency 520fedb Merge pull request https://github-redirect.dependabot.com/gruntjs/grunt/issues/1719;>#1719 from gruntjs/yaml-refactor 7e669ac Switch to use safeLoad for loading YML files via file.readYAML. e350cea ... (truncated) Changelog Sourced from https://github.com/gruntjs/grunt/blob/main/CHANGELOG;>grunt's changelog. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: https://github.com/js-cli/js-liftoff/commit/e7a969d6706e730d90abb4e24d3cb4d3bce06ddb;>https://github.com/js-cli/js-liftoff/commit/e7a969d6706e730d90abb4e24d3cb4d3bce06ddb. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: https://github-redirect.dependabot.com/gruntjs/grunt/pull/1715;>gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: https://github-redirect.dependabot.com/gruntjs/grunt/pull/1677;>gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency. This is considerably more user-friendly than dropping
[tomcat-training] branch dependabot/npm_and_yarn/grunt-1.5.2 created (now 8111ba4)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/npm_and_yarn/grunt-1.5.2 in repository https://gitbox.apache.org/repos/asf/tomcat-training.git at 8111ba4 Bump grunt from 1.0.2 to 1.5.2 No new revisions were added by this update. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66035] New: SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=66035 Bug ID: 66035 Summary: SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL Product: Tomcat Native Version: 1.2.30 Hardware: PC OS: Linux Status: NEW Severity: major Priority: P2 Component: Library Assignee: dev@tomcat.apache.org Reporter: mic...@josifci.cz Target Milestone: --- Created attachment 38265 --> https://bz.apache.org/bugzilla/attachment.cgi?id=38265=edit hs_err_pid Hello, we are switching from APR+OpenSSL to NIO(2)+OpenSSL connector configuration and we are facing SIGSEGV error. Tested multiple Java+tomcat-native+OpenSSL combinations, nothing helped. Tested also with Oracle JDK 11.0.15, openssl 1.1.1n, latest tomcat-native fyi. Our APR+OpenSSL configuration is rock solid. Best Regards Michal Josifek # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x7f13f860fbe5, pid=36351, tid=36401 # # JRE version: OpenJDK Runtime Environment Corretto-11.0.14.9.1 (11.0.14+9) (build 11.0.14+9-LTS) # Java VM: OpenJDK 64-Bit Server VM Corretto-11.0.14.9.1 (11.0.14+9-LTS, mixed mode, tiered, compressed oops, g1 gc, linux-amd64) # Problematic frame: # C [libssl.so.1.0.0+0x49be5] SSL_SESSION_get_id+0x5 # # Core dump will be written. Default location: //core.36351 # # An error report file with more information is saved as: # /tmp/hs_err_pid36351.log Compiled method (nm) 2514776 22100 n 0 org.apache.tomcat.jni.SSL::getSessionId (native) total in heap [0x7f143d67ef10,0x7f143d67f350] = 1088 relocation [0x7f143d67f088,0x7f143d67f0c0] = 56 main code [0x7f143d67f0c0,0x7f143d67f348] = 648 oops [0x7f143d67f348,0x7f143d67f350] = 8 Compiled method (nm) 2514781 22100 n 0 org.apache.tomcat.jni.SSL::getSessionId (native) total in heap [0x7f143d67ef10,0x7f143d67f350] = 1088 relocation [0x7f143d67f088,0x7f143d67f0c0] = 56 main code [0x7f143d67f0c0,0x7f143d67f348] = 648 oops [0x7f143d67f348,0x7f143d67f350] = 8 # # If you would like to submit a bug report, please visit: # https://github.com/corretto/corretto-11/issues/ # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: 66035: Add NULL check on the SSL session reference
Rémy,
On 4/27/22 07:08, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c8ecaa44f6 66035: Add NULL check on the SSL session reference
c8ecaa44f6 is described below
commit c8ecaa44f6a110873bd7bf8b3c2f08354e2900d8
Author: remm
AuthorDate: Wed Apr 27 13:08:08 2022 +0200
66035: Add NULL check on the SSL session reference
Add NULL check on the SSL session reference in the Panama code before
accessing the session id and creation time.
Should this be done in tcnative as well? Or was this intended to be a
belt-and-suspenders check to avoid the problem whether or not it exists
in tcnative?
I think the attached patch ought to do it for tcnative.
-chris
=== CUT ===
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d59246ea3..5329a93da 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -2001,8 +2001,12 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL,
getSessionId)(TCN_STDARGS, jlong ssl)
}
UNREFERENCED(o);
session = SSL_get_session(ssl_);
-session_id = SSL_SESSION_get_id(session, );
+if (NULL == session) {
+tcn_ThrowException(e, "ssl session is null");
+return NULL;
+}
+session_id = SSL_SESSION_get_id(session, );
if (len == 0 || session_id == NULL) {
return NULL;
}
diff --git a/native/src/sslnetwork.c b/native/src/sslnetwork.c
index 6e5960f91..46b253ec8 100644
--- a/native/src/sslnetwork.c
+++ b/native/src/sslnetwork.c
@@ -689,7 +689,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket,
renegotiate)(TCN_STDARGS,
#if defined(SSL_OP_NO_TLSv1_3)
session = SSL_get_session(con->ssl);
-if (SSL_SESSION_get_protocol_version(session) == TLS1_3_VERSION) {
+if (NULL != session && SSL_SESSION_get_protocol_version(session) ==
TLS1_3_VERSION) {
// TLS 1.3 renegotiation
retVal = SSL_verify_client_post_handshake(con->ssl);
if (retVal <= 0) {
=== CUT ===
---
.../org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java | 7 ++-
webapps/docs/changelog.xml | 4
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index e34759c913..52e0677144 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1568,6 +1568,9 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
var allocator = SegmentAllocator.ofScope(engineScope);
MemorySegment lenPointer =
allocator.allocate(CLinker.C_POINTER);
var session = SSL_get_session(state.ssl);
+if (MemoryAddress.NULL.equals(session)) {
+return new byte[0];
+}
MemoryAddress sessionId = SSL_SESSION_get_id(session,
lenPointer);
int length = MemoryAccess.getInt(lenPointer);
id = (length == 0) ? new byte[0] :
sessionId.asSegment(length, engineScope).toByteArray();
@@ -1589,7 +1592,9 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
synchronized (OpenSSLEngine.this) {
if (!destroyed) {
var session = SSL_get_session(state.ssl);
-creationTime = SSL_SESSION_get_time(session);
+if (!MemoryAddress.NULL.equals(session)) {
+creationTime = SSL_SESSION_get_time(session);
+}
}
}
return creationTime * 1000L;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3df044a28f..702914aadd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -144,6 +144,10 @@
Tomcat will not be running on a JRE where these issues are present.
(markt)
+
+66035: Add NULL check on the SSL session reference in the
+Panama code before accessing the session id and creation time. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66035] SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=66035
--- Comment #2 from Christopher Schultz ---
Proposed patch for tcnative:
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d59246ea3..5329a93da 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -2001,8 +2001,12 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL,
getSessionId)(TCN_STDARGS, jlong ssl)
}
UNREFERENCED(o);
session = SSL_get_session(ssl_);
-session_id = SSL_SESSION_get_id(session, );
+if (NULL == session) {
+tcn_ThrowException(e, "ssl session is null");
+return NULL;
+}
+session_id = SSL_SESSION_get_id(session, );
if (len == 0 || session_id == NULL) {
return NULL;
}
diff --git a/native/src/sslnetwork.c b/native/src/sslnetwork.c
index 6e5960f91..46b253ec8 100644
--- a/native/src/sslnetwork.c
+++ b/native/src/sslnetwork.c
@@ -689,7 +689,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket,
renegotiate)(TCN_STDARGS,
#if defined(SSL_OP_NO_TLSv1_3)
session = SSL_get_session(con->ssl);
-if (SSL_SESSION_get_protocol_version(session) == TLS1_3_VERSION) {
+if (NULL != session && SSL_SESSION_get_protocol_version(session) ==
TLS1_3_VERSION) {
// TLS 1.3 renegotiation
retVal = SSL_verify_client_post_handshake(con->ssl);
if (retVal <= 0) {
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
ApacheCon Asia 2022 is calling for Presentations!
Hi All, ApacheCon Asia is coming again as a virtual event this July 29 - 31. The CFP will end on Tuesday, May 31st, 2022 8:00 AM (Beijing time - UTC +8). More details could be found here: https://apachecon.com/acasia2022/cfp.html Please remember that there is no need to be present at the conference, it is completely virtual, the talk is pre-recorded. The presentation could be either in English or in Chinese. Please free free to submit your ideas related to Web server / Tomcat or other topics here: https://shimo.im/forms/6ZTBLanjqW8pY3dj/fill?channel=website -- Best Regards! Huxing - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: 66035: Add NULL check on the SSL session reference
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c8ecaa44f6 66035: Add NULL check on the SSL session reference
c8ecaa44f6 is described below
commit c8ecaa44f6a110873bd7bf8b3c2f08354e2900d8
Author: remm
AuthorDate: Wed Apr 27 13:08:08 2022 +0200
66035: Add NULL check on the SSL session reference
Add NULL check on the SSL session reference in the Panama code before
accessing the session id and creation time.
---
.../org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java | 7 ++-
webapps/docs/changelog.xml | 4
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index e34759c913..52e0677144 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1568,6 +1568,9 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
var allocator = SegmentAllocator.ofScope(engineScope);
MemorySegment lenPointer =
allocator.allocate(CLinker.C_POINTER);
var session = SSL_get_session(state.ssl);
+if (MemoryAddress.NULL.equals(session)) {
+return new byte[0];
+}
MemoryAddress sessionId = SSL_SESSION_get_id(session,
lenPointer);
int length = MemoryAccess.getInt(lenPointer);
id = (length == 0) ? new byte[0] :
sessionId.asSegment(length, engineScope).toByteArray();
@@ -1589,7 +1592,9 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
synchronized (OpenSSLEngine.this) {
if (!destroyed) {
var session = SSL_get_session(state.ssl);
-creationTime = SSL_SESSION_get_time(session);
+if (!MemoryAddress.NULL.equals(session)) {
+creationTime = SSL_SESSION_get_time(session);
+}
}
}
return creationTime * 1000L;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3df044a28f..702914aadd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -144,6 +144,10 @@
Tomcat will not be running on a JRE where these issues are present.
(markt)
+
+66035: Add NULL check on the SSL session reference in the
+Panama code before accessing the session id and creation time. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66035] SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL
https://bz.apache.org/bugzilla/show_bug.cgi?id=66035
--- Comment #1 from Remy Maucherat ---
The handshake failed and the session id is accessed through your access logging
pattern.
Looking at the Panama code there could be an optimistic use of the
SSL_get_session call (it would return NULL if there's no session because
handshake failed).
The native code seems to have the same problem, since it does:
UNREFERENCED(o);
session = SSL_get_session(ssl_);
session_id = SSL_SESSION_get_id(session, );
While other places do:
session = SSL_get_session(ssl_);
if (session) {
return SSL_get_time(session);
} else {
tcn_ThrowException(e, "ssl session is null");
return 0;
}
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
