Bug#1053820: libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after upgrade 9.0.43-2~deb11u7 over u6

2023-10-12 Thread Markus Koschany 
Hello and thanks for the report,

I am currently looking into some test failures caused by the recent changes to
Tomcat's HTTP2 stack. The following tests fail for Tomcat9 now. Your issue
might be related. If we can find out more about the problem, we will address it
in a future update as soon as possible.

[concat] TEST-org.apache.coyote.http2.TestAsync.NIO.txt
[concat] TEST-org.apache.coyote.http2.TestAsync.NIO2.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_5_1.NIO.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_5_1.NIO2.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_5_2.NIO.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_5_2.NIO2.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_6_4.NIO.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_6_4.NIO2.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_6_5.NIO.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_6_5.NIO2.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Timeouts.NIO.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Timeouts.NIO2.txt   



Markus



signature.asc
Description: This is a digitally signed message part
__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1053820: libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after upgrade 9.0.43-2~deb11u7 over u6

2023-10-11 Thread Sam Lander 
Package: libtomcat9-java
Version: 9.0.43-2~deb11u7
Severity: important
X-Debbugs-Cc: sam.lan...@gmail.com

Dear Maintainer,

I let unattended-upgrades handle the HTTP2 vulnerability.
It installed thusly:

> Log started: 2023-10-12  06:34:35
> (Reading database 
> Preparing to unpack .../libtomcat9-java_9.0.43-2~deb11u7_all.deb ...
> Unpacking libtomcat9-java (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Preparing to unpack .../tomcat9-common_9.0.43-2~deb11u7_all.deb ...
> Unpacking tomcat9-common (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Preparing to unpack .../tomcat9_9.0.43-2~deb11u7_all.deb ...
> Unpacking tomcat9 (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Setting up libtomcat9-java (9.0.43-2~deb11u7) ...
> Setting up tomcat9-common (9.0.43-2~deb11u7) ...
> Setting up tomcat9 (9.0.43-2~deb11u7) ...
> Processing triggers for rsyslog (8.2102.0-2+deb11u1) ...
> 
> Pending kernel upgrade!
> 
> Running kernel version:
>  5.10.0-19-amd64
> 
> Diagnostics:
>   The currently running kernel version is not the expected kernel version 
> 5.10.0-26-amd64.

I did not reboot, and all lclients (Firefox, Safari, Chrome reported
similar errors. No certificate available, security problem and 
ERR_HTTP2_PROTOCOL_ERROR

A reboot to enable the new kernel produced the same results.

I have commented-out HTTP2 and restarted Tomcat9, and the error is gone,
(but so is HTTP2)
>  protocol="org.apache.coyote.http11.Http11AprProtocol"
>maxThreads="150" SSLEnabled="true" >
> 
> 
>  certificateKeyFile="/etc/letsencrypt/live/puppy.ccoz.org.au/privkey.pem"
> 
> certificateFile="/etc/letsencrypt/live/x/cert.pem"
> 
> certificateChainFile="/etc/letsencrypt/live/x/chain.pem"
> type="RSA" />
> 
> 


-- System Information:
   _,met$gg.  root@x
,g$$$P.   --
  ,g$$P" """Y$$.".OS: Debian GNU/Linux 11 (bullseye) x86_64
 ,$$P'  `$$$. Host: HVM domU 4.7
',$$P   ,ggs. `$$b:   Kernel: 5.10.0-26-amd64
`d$$' ,$P"'   .$$$Uptime: 1 hour, 43 mins
 $$P  d$' ,$$PPackages: 799 (dpkg)
 $$:  $$.   -,d$$'Shell: bash 5.1.4
 $$;  Y$b._   _,d$P'  Resolution: 1024x768
 Y$$.`.`"YP"' CPU: AMD Opteron 4170 HE (4) @ 2.100GHz
 `$$b  "-.__  GPU: 00:02.0 Cirrus Logic GD 5446
  `Y$$Memory: 1349MiB / 7938MiB
   `Y$$.
 `$$b.
   `Y$$b.
  `"Y$b._
  `"""

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.