Bug#854551: Bug#851304: tomcat8 use 100% cpu time
Markus Koschany
apo at debian.org
Sat Feb 18 18:53:33 UTC 2017
On 18.02.2017 13:21, Salvatore Bonaccorso wrote:
[...]
> No problem. Thanks for noticing, can you let us know as usual when you
> have a debdiff ready for the regression update?
>
> I tend to see this as regression update for the previous DSA, so no
> need for a new CVE id. But let me know if someone thinks otherwise and
> I can followup with MITRE.
>
> Thanks for your coninous work,
I agree this is a regression update. Please find attached the debdiffs
for Tomcat 7 and Tomcat 8.
Regards,
Markus
-------------- next part --------------
diff -Nru tomcat7-7.0.56/debian/changelog tomcat7-7.0.56/debian/changelog
--- tomcat7-7.0.56/debian/changelog 2017-02-13 10:16:57.000000000 +0100
+++ tomcat7-7.0.56/debian/changelog 2017-02-18 19:16:13.000000000 +0100
@@ -1,3 +1,12 @@
+tomcat7 (7.0.56-3+deb8u9) jessie-security; urgency=high
+
+ * Team upload.
+ * Add BZ57544-infinite-loop-part2.patch.
+ Fix regression due to an incomplete fix for CVE-2017-6056.
+ See #854551 for further information.
+
+ -- Markus Koschany <apo at debian.org> Sat, 18 Feb 2017 19:16:13 +0100
+
tomcat7 (7.0.56-3+deb8u8) jessie-security; urgency=high
* Team upload.
diff -Nru tomcat7-7.0.56/debian/patches/BZ57544-infinite-loop-part2.patch tomcat7-7.0.56/debian/patches/BZ57544-infinite-loop-part2.patch
--- tomcat7-7.0.56/debian/patches/BZ57544-infinite-loop-part2.patch 1970-01-01 01:00:00.000000000 +0100
+++ tomcat7-7.0.56/debian/patches/BZ57544-infinite-loop-part2.patch 2017-02-18 19:16:13.000000000 +0100
@@ -0,0 +1,29 @@
+From: Markus Koschany <apo at debian.org>
+Date: Sat, 18 Feb 2017 19:15:02 +0100
+Subject: BZ57544-infinite-loop-part2
+
+Fix 400 HTTP errors due to an incomplete fix for CVE-2017-6056.
+
+Bug-Debian: https://bugs.debian.org/854551
+Origin: https://github.com/apache/tomcat80/commit/534d62075f8c03cc3e77f301e53be53acdefd1c9
+---
+ java/org/apache/coyote/http11/AbstractInputBuffer.java | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/java/org/apache/coyote/http11/AbstractInputBuffer.java b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+index a1251d6..ac56de1 100644
+--- a/java/org/apache/coyote/http11/AbstractInputBuffer.java
++++ b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+@@ -227,9 +227,10 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{
+ // Copy leftover bytes to the beginning of the buffer
+ if (lastValid - pos > 0 && pos > 0) {
+ System.arraycopy(buf, pos, buf, 0, lastValid - pos);
+- lastValid = lastValid - pos;
+- pos = 0;
+ }
++ // Always reset pos to zero
++ lastValid = lastValid - pos;
++ pos = 0;
+
+ // Recycle filters
+ for (int i = 0; i <= lastActiveFilter; i++) {
diff -Nru tomcat7-7.0.56/debian/patches/series tomcat7-7.0.56/debian/patches/series
--- tomcat7-7.0.56/debian/patches/series 2017-02-13 10:16:57.000000000 +0100
+++ tomcat7-7.0.56/debian/patches/series 2017-02-18 19:16:13.000000000 +0100
@@ -39,3 +39,4 @@
CVE-2016-8735.patch
CVE-2016-8745.patch
BZ57544-infinite-loop.patch
+BZ57544-infinite-loop-part2.patch
-------------- next part --------------
diff -Nru tomcat8-8.0.14/debian/changelog tomcat8-8.0.14/debian/changelog
--- tomcat8-8.0.14/debian/changelog 2017-02-13 09:34:43.000000000 +0000
+++ tomcat8-8.0.14/debian/changelog 2017-02-18 17:44:25.000000000 +0000
@@ -1,3 +1,12 @@
+tomcat8 (8.0.14-1+deb8u8) jessie-security; urgency=high
+
+ * Team upload.
+ * Add BZ57544-infinite-loop-part2.patch.
+ Fix regression (400 HTTP errors) due to an incomplete fix for
+ CVE-2017-6056. See #854551 for further information.
+
+ -- Markus Koschany <apo at debian.org> Sat, 18 Feb 2017 18:44:25 +0100
+
tomcat8 (8.0.14-1+deb8u7) jessie-security; urgency=high
* Team upload.
diff -Nru tomcat8-8.0.14/debian/patches/BZ57544-infinite-loop-part2.patch tomcat8-8.0.14/debian/patches/BZ57544-infinite-loop-part2.patch
--- tomcat8-8.0.14/debian/patches/BZ57544-infinite-loop-part2.patch 1970-01-01 00:00:00.000000000 +0000
+++ tomcat8-8.0.14/debian/patches/BZ57544-infinite-loop-part2.patch 2017-02-18 17:44:25.000000000 +0000
@@ -0,0 +1,29 @@
+From: Markus Koschany <apo at debian.org>
+Date: Sat, 18 Feb 2017 18:39:09 +0100
+Subject: BZ57544-infinite-loop-part2
+
+Fix 400 HTTP errors due to an incomplete fix for CVE-2017-6056.
+
+Bug-Debian: https://bugs.debian.org/854551
+Origin: https://github.com/apache/tomcat80/commit/534d62075f8c03cc3e77f301e53be53acdefd1c9
+---
+ java/org/apache/coyote/http11/AbstractInputBuffer.java | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/java/org/apache/coyote/http11/AbstractInputBuffer.java b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+index 2aef369..1fbeb27 100644
+--- a/java/org/apache/coyote/http11/AbstractInputBuffer.java
++++ b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+@@ -237,9 +237,10 @@ public abstract class AbstractInputBuffer<S> implements InputBuffer{
+ // Copy leftover bytes to the beginning of the buffer
+ if (lastValid - pos > 0 && pos > 0) {
+ System.arraycopy(buf, pos, buf, 0, lastValid - pos);
+- lastValid = lastValid - pos;
+- pos = 0;
+ }
++ // Always reset pos to zero
++ lastValid = lastValid - pos;
++ pos = 0;
+
+ // Recycle filters
+ for (int i = 0; i <= lastActiveFilter; i++) {
diff -Nru tomcat8-8.0.14/debian/patches/series tomcat8-8.0.14/debian/patches/series
--- tomcat8-8.0.14/debian/patches/series 2017-02-13 09:34:43.000000000 +0000
+++ tomcat8-8.0.14/debian/patches/series 2017-02-18 17:44:25.000000000 +0000
@@ -34,3 +34,4 @@
CVE-2016-8735.patch
CVE-2016-8745.patch
BZ57544-infinite-loop.patch
+BZ57544-infinite-loop-part2.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20170218/05f673b8/attachment-0002.sig>
More information about the pkg-java-maintainers
mailing list