[tomcat7] 01/01: Import Debian changes 7.0.28-4+deb7u13

Wed May 10 20:13:00 UTC 2017

This is an automated email from the git hooks/post-receive script.

apo pushed a commit to branch wheezy
in repository tomcat7.

commit ff3b886eddb9cede52a6c2fd8ba74171577fc649
Author: Markus Koschany <apo at debian.org>
Date:   Wed May 10 21:25:02 2017 +0200

    Import Debian changes 7.0.28-4+deb7u13
    
    tomcat7 (7.0.28-4+deb7u13) wheezy-security; urgency=high
    
      * Team upload.
      * Fix a regression in Tomcat's APR protocol due to the fix for CVE-2017-5647
        that prevented a successful sendfile request. (Closes: #861872)
---
 debian/changelog                   |   8 ++
 debian/patches/CVE-2017-5647.patch | 184 +++++++++++++++++--------------------
 2 files changed, 90 insertions(+), 102 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 9be0dd5..4cc7b97 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+tomcat7 (7.0.28-4+deb7u13) wheezy-security; urgency=high
+
+  * Team upload.
+  * Fix a regression in Tomcat's APR protocol due to the fix for CVE-2017-5647
+    that prevented a successful sendfile request. (Closes: #861872)
+
+ -- Markus Koschany <apo at debian.org>  Wed, 10 May 2017 21:25:02 +0200
+
 tomcat7 (7.0.28-4+deb7u12) wheezy-security; urgency=high
 
   * Team upload.
diff --git a/debian/patches/CVE-2017-5647.patch b/debian/patches/CVE-2017-5647.patch
index c62f222..0cb1fc8 100644
--- a/debian/patches/CVE-2017-5647.patch
+++ b/debian/patches/CVE-2017-5647.patch
@@ -6,13 +6,13 @@ Bug-Debian: https://bugs.debian.org/860068
 Origin: http://svn.apache.org/r1789008
 ---
  java/org/apache/coyote/AbstractProtocol.java       |  6 +-
- .../apache/coyote/http11/Http11AprProcessor.java   | 36 ++++++----
- .../apache/coyote/http11/Http11NioProcessor.java   | 35 ++++++++--
- java/org/apache/tomcat/util/net/AprEndpoint.java   | 76 ++++++++++++----------
- java/org/apache/tomcat/util/net/NioEndpoint.java   | 73 +++++++++++----------
- .../tomcat/util/net/SendfileKeepAliveState.java    | 39 +++++++++++
+ .../apache/coyote/http11/Http11AprProcessor.java   | 44 ++++++++-----
+ .../apache/coyote/http11/Http11NioProcessor.java   | 35 +++++++++--
+ java/org/apache/tomcat/util/net/AprEndpoint.java   | 47 +++++++++-----
+ java/org/apache/tomcat/util/net/NioEndpoint.java   | 73 ++++++++++++----------
+ .../tomcat/util/net/SendfileKeepAliveState.java    | 39 ++++++++++++
  java/org/apache/tomcat/util/net/SendfileState.java | 37 +++++++++++
- 7 files changed, 209 insertions(+), 93 deletions(-)
+ 7 files changed, 205 insertions(+), 76 deletions(-)
  create mode 100644 java/org/apache/tomcat/util/net/SendfileKeepAliveState.java
  create mode 100644 java/org/apache/tomcat/util/net/SendfileState.java
 
@@ -34,18 +34,18 @@ index e86eff8..81aaebd 100644
                      // Need to keep the connection associated with the processor
                      longPoll(socket, processor);
 diff --git a/java/org/apache/coyote/http11/Http11AprProcessor.java b/java/org/apache/coyote/http11/Http11AprProcessor.java
-index 24f7c5e..52ae9c5 100644
+index 24f7c5e..18fd30b 100644
 --- a/java/org/apache/coyote/http11/Http11AprProcessor.java
 +++ b/java/org/apache/coyote/http11/Http11AprProcessor.java
-@@ -36,6 +36,7 @@ import org.apache.tomcat.util.ExceptionUtils;
+@@ -35,6 +35,7 @@ import org.apache.tomcat.jni.Socket;
+ import org.apache.tomcat.util.ExceptionUtils;
  import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
  import org.apache.tomcat.util.net.AprEndpoint;
- import org.apache.tomcat.util.net.SSLSupport;
 +import org.apache.tomcat.util.net.SendfileKeepAliveState;
+ import org.apache.tomcat.util.net.SSLSupport;
  import org.apache.tomcat.util.net.SocketStatus;
  import org.apache.tomcat.util.net.SocketWrapper;
- 
-@@ -221,29 +222,36 @@ public class Http11AprProcessor extends AbstractHttp11Processor<Long> {
+@@ -221,24 +222,33 @@ public class Http11AprProcessor extends AbstractHttp11Processor<Long> {
          // Do sendfile as needed: add socket to sendfile and end
          if (sendfileData != null && !error) {
              sendfileData.socket = socketWrapper.getSocket().longValue();
@@ -60,42 +60,42 @@ index 24f7c5e..52ae9c5 100644
 -                                "http11processor.sendfile.error"));
 -                    }
 -                    error = true;
+-                } else {
+-                    // The sendfile Poller will add the socket to the main
+-                    // Poller once sendfile processing is complete
+-                    sendfileInProgress = true;
+-                }
+-                return true;
 +            if (keepAlive) {
 +                if (getInputBuffer().available() == 0) {
 +                    sendfileData.keepAliveState = SendfileKeepAliveState.OPEN;
-                 } else {
++                 } else {
 +                    sendfileData.keepAliveState = SendfileKeepAliveState.PIPELINED;
-+                }
++                 }
 +            } else {
 +                sendfileData.keepAliveState = SendfileKeepAliveState.NONE;
-+            }
-+            switch (((AprEndpoint)endpoint).getSendfile().add(sendfileData)) {
-+                case DONE:
-+                    return false;
-+                case PENDING:
-                     // The sendfile Poller will add the socket to the main
-                     // Poller once sendfile processing is complete
-                     sendfileInProgress = true;
-+                    return true;
-+                case ERROR:
-+                    // Something went wrong.
-+                    // Close the connection. Too late to set status code.
-+                    if (log.isDebugEnabled()) {
-+                        log.debug(sm.getString(
-+                                    "http11processor.sendfile.error"));
-+                    }
-+                     return true;
-                 }
--                return true;
--            }
+             }
++             switch (((AprEndpoint)endpoint).getSendfile().add(sendfileData)) {
++                 case DONE:
++                      return false;
++                 case PENDING:
++                      // The sendfile Poller will add the socket to the main
++                      // Poller once sendfile processing is complete
++                      sendfileInProgress = true;
++                       return true;
++                 case ERROR:
++                       // Something went wrong.
++                        // Close the connection. Too late to set status code.
++                        if (log.isDebugEnabled()) {
++                             log.debug(sm.getString(
++                                          "http11processor.sendfile.error"));
++                        }
++                        error = true;
++                        return true;
++                 }
          }
          return false;
      }
- 
--
-     @Override
-     protected void resetTimeouts() {
-         // NOOP for APR
 diff --git a/java/org/apache/coyote/http11/Http11NioProcessor.java b/java/org/apache/coyote/http11/Http11NioProcessor.java
 index 32b0bc6..acc1b96 100644
 --- a/java/org/apache/coyote/http11/Http11NioProcessor.java
@@ -157,7 +157,7 @@ index 32b0bc6..acc1b96 100644
  
      @Override
 diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java
-index 3ac6283..91de4d7 100644
+index 3ac6283..fa6ec69 100644
 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java
 +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
 @@ -1353,7 +1353,7 @@ public class AprEndpoint extends AbstractEndpoint {
@@ -169,73 +169,52 @@ index 3ac6283..91de4d7 100644
      }
  
  
-@@ -1439,17 +1439,11 @@ public class AprEndpoint extends AbstractEndpoint {
+@@ -1439,7 +1439,7 @@ public class AprEndpoint extends AbstractEndpoint {
           * @return true if all the data has been sent right away, and false
           *              otherwise
           */
 -        public boolean add(SendfileData data) {
-+
-+         public SendfileState add(SendfileData data) {
++        public SendfileState add(SendfileData data) {
              // Initialize fd from data given
              try {
                  data.fdpool = Socket.pool(data.socket);
--            } catch (Exception e) {
--                // Pool not created so no need to destroy it.
--                log.error(sm.getString("endpoint.sendfile.error"), e);
--                data.socket = 0;
+@@ -1447,7 +1447,7 @@ public class AprEndpoint extends AbstractEndpoint {
+                 // Pool not created so no need to destroy it.
+                 log.error(sm.getString("endpoint.sendfile.error"), e);
+                 data.socket = 0;
 -                return false;
--            }
--            try {
++                return SendfileState.ERROR;
+             }
+             try {
                  data.fd = File.open
-                     (data.fileName, File.APR_FOPEN_READ
-                      | File.APR_FOPEN_SENDFILE_ENABLED | File.APR_FOPEN_BINARY,
-@@ -1463,39 +1457,35 @@ public class AprEndpoint extends AbstractEndpoint {
-                     if (nw < 0) {
-                         if (!(-nw == Status.EAGAIN)) {
-                             Pool.destroy(data.fdpool);
--                            // No need to close socket, this will be done by
--                            // calling code since data.socket == 0
+@@ -1466,7 +1466,7 @@ public class AprEndpoint extends AbstractEndpoint {
+                             // No need to close socket, this will be done by
+                             // calling code since data.socket == 0
                              data.socket = 0;
 -                            return false;
 +                            return SendfileState.ERROR;
                          } else {
                              // Break the loop and add the socket to poller.
                              break;
-                         }
--                    }
--
--                    data.pos = data.pos + nw;
--                    if (data.pos >= data.end) {
--                        // Entire file has been sent
--                        Pool.destroy(data.fdpool);
--                        // Set back socket to blocking mode
--                        Socket.timeoutSet(data.socket, socketProperties.getSoTimeout() * 1000);
+@@ -1479,14 +1479,14 @@ public class AprEndpoint extends AbstractEndpoint {
+                         Pool.destroy(data.fdpool);
+                         // Set back socket to blocking mode
+                         Socket.timeoutSet(data.socket, socketProperties.getSoTimeout() * 1000);
 -                        return true;
-+                    } else {
-+                        data.pos = data.pos + nw;
-+                        if (data.pos >= data.end) {
-+                            // Entire file has been sent
-+                            Pool.destroy(data.fdpool);
-+                            // Set back socket to blocking mode
-+                            Socket.timeoutSet(
-+                                    data.socket, getSoTimeout() * 1000);
-+                            return SendfileState.DONE;
-+                        }
++                        return SendfileState.DONE;
                      }
                  }
              } catch (Exception e) {
--                log.error(sm.getString("endpoint.sendfile.error"), e);
--                Pool.destroy(data.fdpool);
--                data.socket = 0;
+                 log.error(sm.getString("endpoint.sendfile.error"), e);
+                 Pool.destroy(data.fdpool);
+                 data.socket = 0;
 -                return false;
-+                log.warn(sm.getString("endpoint.sendfile.error"), e);
 +                return SendfileState.ERROR;
              }
              // Add socket to the list. Newly added sockets will wait
              // at most for pollTime before being polled
-             synchronized (this) {
-                 addS.add(data);
--                addCount++;
+@@ -1495,7 +1495,7 @@ public class AprEndpoint extends AbstractEndpoint {
+                 addCount++;
                  this.notify();
              }
 -            return false;
@@ -243,45 +222,46 @@ index 3ac6283..91de4d7 100644
          }
  
          /**
-@@ -1611,18 +1601,32 @@ public class AprEndpoint extends AbstractEndpoint {
+@@ -1611,18 +1611,33 @@ public class AprEndpoint extends AbstractEndpoint {
                              state.pos = state.pos + nw;
                              if (state.pos >= state.end) {
                                  remove(state);
 -                                if (state.keepAlive) {
 +                                switch (state.keepAliveState) {
 +                                case NONE: {
-+                                    // Close the socket since this is
-+                                    // the end of the not keep-alive request.
-+                                    destroySocket(state.socket);
-+                                    break;
++                                        // Close the socket since this is
++                                        // the end of the not keep-alive request.
++                                        destroySocket(state.socket);
++                                        break;
 +                                }
 +                                case PIPELINED: {
                                      // Destroy file descriptor pool, which should close the file
                                      Pool.destroy(state.fdpool);
--                                    Socket.timeoutSet(state.socket, socketProperties.getSoTimeout() * 1000);
+                                     Socket.timeoutSet(state.socket, socketProperties.getSoTimeout() * 1000);
 -                                    // If all done put the socket back in the poller for
-+                                    Socket.timeoutSet(state.socket, getSoTimeout() * 1000);
-+                                    // Process the pipelined request data
-+                                    if (!processSocket(state.socket, SocketStatus.OPEN)) {
-+                                        destroySocket(state.socket);
-+                                    }
-+                                    break;
-+                                }
-+                                case OPEN: {
-+                                    // Destroy file descriptor pool, which should close the file
-+                                    Pool.destroy(state.fdpool);
-+                                    Socket.timeoutSet(state.socket, getSoTimeout() * 1000);
-+                                    // Put the socket back in the poller for
-                                     // processing of further requests
+-                                    // processing of further requests
 -                                    getPoller().add(state.socket,
 -                                            getKeepAliveTimeout());
 -                                } else {
 -                                    // Close the socket since this is
 -                                    // the end of not keep-alive request.
 -                                    destroySocket(state.socket);
-+                                    getPoller().add(state.socket, getKeepAliveTimeout());
++                                     // Process the pipelined request data
++                                    if (!processSocket(state.socket, SocketStatus.OPEN)) {
++                                        destroySocket(state.socket);
++                                    }
 +                                    break;
 +                                }
++                                case OPEN: {
++                                     // Destroy file descriptor pool, which should close the file
++                                     Pool.destroy(state.fdpool);
++                                     Socket.timeoutSet(state.socket, socketProperties.getSoTimeout() * 1000);
++                                      // Put the socket back in the poller for
++                                      // processing of further requests
++                                      getPoller().add(state.socket,
++                                              getKeepAliveTimeout());
++                                      break;
++                                }
                                  }
                              }
                          }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git

