[Git][java-team/tomcat8][stretch] Import Debian changes 8.5.54-0+deb9u7
Markus Koschany (@apo)
gitlab at salsa.debian.org
Thu Aug 5 21:19:24 BST 2021
Markus Koschany pushed to branch stretch at Debian Java Maintainers / tomcat8
Commits:
ce2e5dc2 by Markus Koschany at 2021-08-05T22:19:04+02:00
Import Debian changes 8.5.54-0+deb9u7
tomcat8 (8.5.54-0+deb9u7) stretch-security; urgency=high
..
* Non-maintainer upload by the LTS team.
* Fix CVE-2021-30640:
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
authenticate using variations of a valid user name and/or to bypass some of
the protection provided by the LockOut Realm.
* Fix CVE-2021-33037:
Apache Tomcat did not correctly parse the HTTP transfer-encoding request
header in some circumstances leading to the possibility to request
smuggling when used with a reverse proxy. Specifically: - Tomcat
incorrectly ignored the transfer encoding header if the client declared it
would only accept an HTTP/1.0 response; - Tomcat honoured the identify
encoding; and - Tomcat did not ensure that, if present, the chunked
encoding was the final encoding.
- - - - -
4 changed files:
- debian/changelog
- + debian/patches/CVE-2021-30640.patch
- + debian/patches/CVE-2021-33037.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,21 @@
+tomcat8 (8.5.54-0+deb9u7) stretch-security; urgency=high
+
+ * Non-maintainer upload by the LTS team.
+ * Fix CVE-2021-30640:
+ A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
+ authenticate using variations of a valid user name and/or to bypass some of
+ the protection provided by the LockOut Realm.
+ * Fix CVE-2021-33037:
+ Apache Tomcat did not correctly parse the HTTP transfer-encoding request
+ header in some circumstances leading to the possibility to request
+ smuggling when used with a reverse proxy. Specifically: - Tomcat
+ incorrectly ignored the transfer encoding header if the client declared it
+ would only accept an HTTP/1.0 response; - Tomcat honoured the identify
+ encoding; and - Tomcat did not ensure that, if present, the chunked
+ encoding was the final encoding.
+
+ -- Markus Koschany <apo at debian.org> Thu, 05 Aug 2021 20:01:42 +0200
+
tomcat8 (8.5.54-0+deb9u6) stretch-security; urgency=high
* Non-maintainer upload by the LTS team.
=====================================
debian/patches/CVE-2021-30640.patch
=====================================
@@ -0,0 +1,322 @@
+From: Markus Koschany <apo at debian.org>
+Date: Thu, 5 Aug 2021 18:02:51 +0200
+Subject: CVE-2021-30640
+
+Origin: https://bugs.debian.org/991046
+Origin: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c
+Origin: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100
+Origin: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe
+Origin: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822
+Origin: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b
+Origin: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
+Origin: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
+Origin: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
+---
+ java/org/apache/catalina/realm/JNDIRealm.java | 134 +++++++++++++++++++--
+ .../realm/TestJNDIRealmAttributeValueEscape.java | 86 +++++++++++++
+ 2 files changed, 210 insertions(+), 10 deletions(-)
+ create mode 100644 test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java
+
+diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
+index 387198b..994f895 100644
+--- a/java/org/apache/catalina/realm/JNDIRealm.java
++++ b/java/org/apache/catalina/realm/JNDIRealm.java
+@@ -1627,8 +1627,11 @@ public class JNDIRealm extends RealmBase {
+ if (username == null || userPatternFormatArray[curUserPattern] == null)
+ return null;
+
+- // Form the dn from the user pattern
+- String dn = userPatternFormatArray[curUserPattern].format(new String[] { username });
++ // Form the DistinguishedName from the user pattern.
++ // Escape in case username contains a character with special meaning in
++ // an attribute value.
++ String dn = userPatternFormatArray[curUserPattern].format(
++ new String[] { doAttributeValueEscaping(username) });
+
+ try {
+ user = getUserByPattern(context, username, attrIds, dn);
+@@ -1668,8 +1671,9 @@ public class JNDIRealm extends RealmBase {
+ if (username == null || userSearchFormat == null)
+ return null;
+
+- // Form the search filter
+- String filter = userSearchFormat.format(new String[] { username });
++ // Escape in case username contains a character with special meaning in
++ // a search filter.
++ String filter = userSearchFormat.format(new String[] { doFilterEscaping(username) });
+
+ // Set up the search controls
+ SearchControls constraints = new SearchControls();
+@@ -1931,6 +1935,8 @@ public class JNDIRealm extends RealmBase {
+ if (user == null)
+ return null;
+
++ // This is returned from the directory so will be attribute value
++ // escaped if required
+ String dn = user.getDN();
+ String username = user.getUserName();
+ String userRoleId = user.getUserRoleId();
+@@ -1960,7 +1966,10 @@ public class JNDIRealm extends RealmBase {
+ return list;
+
+ // Set up parameters for an appropriate search
+- String filter = roleFormat.format(new String[] { doRFC2254Encoding(dn), username, userRoleId });
++ String filter = roleFormat.format(new String[] {
++ doFilterEscaping(dn),
++ doFilterEscaping(doAttributeValueEscaping(username)),
++ doFilterEscaping(doAttributeValueEscaping(userRoleId)) });
+ SearchControls controls = new SearchControls();
+ if (roleSubtree)
+ controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+@@ -1974,7 +1983,9 @@ public class JNDIRealm extends RealmBase {
+ Name name = np.parse(dn);
+ String nameParts[] = new String[name.size()];
+ for (int i = 0; i < name.size(); i++) {
+- nameParts[i] = name.get(i);
++ // May have been returned with \<char> escaping rather than
++ // \<hex><hex>. Make sure it is \<hex><hex>.
++ nameParts[i] = convertToHexEscape(name.get(i));
+ }
+ base = roleBaseFormat.format(nameParts);
+ } else {
+@@ -1995,7 +2006,7 @@ public class JNDIRealm extends RealmBase {
+ Attributes attrs = result.getAttributes();
+ if (attrs == null)
+ continue;
+- String dname = getDistinguishedName(context, roleBase, result);
++ String dname = getDistinguishedName(context, base, result);
+ String name = getAttributeValue(roleName, attrs);
+ if (name != null && dname != null) {
+ groupMap.put(dname, name);
+@@ -2028,14 +2039,19 @@ public class JNDIRealm extends RealmBase {
+ Map<String, String> newThisRound = new HashMap<>(); // Stores the groups we find in this iteration
+
+ for (Entry<String, String> group : newGroups.entrySet()) {
+- filter = roleFormat.format(new String[] { doRFC2254Encoding(group.getKey()),
+- group.getValue(), group.getValue() });
++ // Group key is already value escaped if required
++ // Group value is not value escaped
++ // Everything needs to be filter escaped
++ filter = roleFormat.format(new String[] {
++ doFilterEscaping(group.getKey()),
++ doFilterEscaping(doAttributeValueEscaping(group.getValue())),
++ doFilterEscaping(doAttributeValueEscaping(group.getValue())) });
+
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace("Perform a nested group search with base "+ roleBase + " and filter " + filter);
+ }
+
+- results = searchAsUser(context, user, roleBase, filter, controls,
++ results = searchAsUser(context, user, base, filter, controls,
+ isRoleSearchAsUser());
+
+ try {
+@@ -2719,10 +2735,36 @@ public class JNDIRealm extends RealmBase {
+ * ) -> \29
+ * \ -> \5c
+ * \0 -> \00
++ *
+ * @param inString string to escape according to RFC 2254 guidelines
++ *
+ * @return String the escaped/encoded result
++ *
++ * @deprecated Will be removed in Tomcat 10.1.x onwards
+ */
++ @Deprecated
+ protected String doRFC2254Encoding(String inString) {
++ return doFilterEscaping(inString);
++ }
++
++
++ /**
++ * Given an LDAP search string, returns the string with certain characters
++ * escaped according to RFC 2254 guidelines.
++ * The character mapping is as follows:
++ * char -> Replacement
++ * ---------------------------
++ * * -> \2a
++ * ( -> \28
++ * ) -> \29
++ * \ -> \5c
++ * \0 -> \00
++ *
++ * @param inString string to escape according to RFC 2254 guidelines
++ *
++ * @return String the escaped/encoded result
++ */
++ protected String doFilterEscaping(String inString) {
+ StringBuilder buf = new StringBuilder(inString.length());
+ for (int i = 0; i < inString.length(); i++) {
+ char c = inString.charAt(i);
+@@ -2812,6 +2854,78 @@ public class JNDIRealm extends RealmBase {
+ }
+
+
++ /**
++ * Implements the necessary escaping to represent an attribute value as a
++ * String as per RFC 4514.
++ *
++ * @param input The original attribute value
++ * @return The string representation of the attribute value
++ */
++ protected String doAttributeValueEscaping(String input) {
++ int len = input.length();
++ StringBuilder result = new StringBuilder();
++
++ for (int i = 0; i < len; i++) {
++ char c = input.charAt(i);
++ switch (c) {
++ case ' ': {
++ if (i == 0 || i == (len -1)) {
++ result.append("\\20");
++ } else {
++ result.append(c);
++ }
++ break;
++ }
++ case '#': {
++ if (i == 0 ) {
++ result.append("\\23");
++ } else {
++ result.append(c);
++ }
++ break;
++ }
++ case '\"': {
++ result.append("\\22");
++ break;
++ }
++ case '+': {
++ result.append("\\2B");
++ break;
++ }
++ case ',': {
++ result.append("\\2C");
++ break;
++ }
++ case ';': {
++ result.append("\\3B");
++ break;
++ }
++ case '<': {
++ result.append("\\3C");
++ break;
++ }
++ case '>': {
++ result.append("\\3E");
++ break;
++ }
++ case '\\': {
++ result.append("\\5C");
++ break;
++ }
++ case '\u0000': {
++ result.append("\\00");
++ break;
++ }
++ default:
++ result.append(c);
++ }
++
++ }
++
++ return result.toString();
++ }
++
++
+ protected static String convertToHexEscape(String input) {
+ if (input.indexOf('\\') == -1) {
+ // No escaping present. Return original.
+diff --git a/test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java b/test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java
+new file mode 100644
+index 0000000..677bcc5
+--- /dev/null
++++ b/test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java
+@@ -0,0 +1,86 @@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.catalina.realm;
++
++import java.util.ArrayList;
++import java.util.Collection;
++import java.util.List;
++
++import org.junit.Assert;
++import org.junit.Test;
++import org.junit.runner.RunWith;
++import org.junit.runners.Parameterized;
++import org.junit.runners.Parameterized.Parameter;
++
++ at RunWith(Parameterized.class)
++public class TestJNDIRealmAttributeValueEscape {
++
++ @Parameterized.Parameters(name = "{index}: in[{0}], out[{1}]")
++ public static Collection<Object[]> parameters() {
++ List<Object[]> parameterSets = new ArrayList<>();
++
++ // No escaping required
++ parameterSets.add(new String[] { "none", "none" });
++ // Simple cases (same order as RFC 4512 section 2)
++ // Each appearing at the beginning, middle and ent
++ parameterSets.add(new String[] { " test", "\\20test" });
++ parameterSets.add(new String[] { "te st", "te st" });
++ parameterSets.add(new String[] { "test ", "test\\20" });
++ parameterSets.add(new String[] { "#test", "\\23test" });
++ parameterSets.add(new String[] { "te#st", "te#st" });
++ parameterSets.add(new String[] { "test#", "test#" });
++ parameterSets.add(new String[] { "\"test", "\\22test" });
++ parameterSets.add(new String[] { "te\"st", "te\\22st" });
++ parameterSets.add(new String[] { "test\"", "test\\22" });
++ parameterSets.add(new String[] { "+test", "\\2Btest" });
++ parameterSets.add(new String[] { "te+st", "te\\2Bst" });
++ parameterSets.add(new String[] { "test+", "test\\2B" });
++ parameterSets.add(new String[] { ",test", "\\2Ctest" });
++ parameterSets.add(new String[] { "te,st", "te\\2Cst" });
++ parameterSets.add(new String[] { "test,", "test\\2C" });
++ parameterSets.add(new String[] { ";test", "\\3Btest" });
++ parameterSets.add(new String[] { "te;st", "te\\3Bst" });
++ parameterSets.add(new String[] { "test;", "test\\3B" });
++ parameterSets.add(new String[] { "<test", "\\3Ctest" });
++ parameterSets.add(new String[] { "te<st", "te\\3Cst" });
++ parameterSets.add(new String[] { "test<", "test\\3C" });
++ parameterSets.add(new String[] { ">test", "\\3Etest" });
++ parameterSets.add(new String[] { "te>st", "te\\3Est" });
++ parameterSets.add(new String[] { "test>", "test\\3E" });
++ parameterSets.add(new String[] { "\\test", "\\5Ctest" });
++ parameterSets.add(new String[] { "te\\st", "te\\5Cst" });
++ parameterSets.add(new String[] { "test\\", "test\\5C" });
++ parameterSets.add(new String[] { "\u0000test", "\\00test" });
++ parameterSets.add(new String[] { "te\u0000st", "te\\00st" });
++ parameterSets.add(new String[] { "test\u0000", "test\\00" });
++ return parameterSets;
++ }
++
++
++ @Parameter(0)
++ public String in;
++ @Parameter(1)
++ public String out;
++
++ private JNDIRealm realm = new JNDIRealm();
++
++ @Test
++ public void testConvertToHexEscape() throws Exception {
++ String result = realm.doAttributeValueEscaping(in);
++ Assert.assertEquals(out, result);
++ }
++}
+\ No newline at end of file
=====================================
debian/patches/CVE-2021-33037.patch
=====================================
@@ -0,0 +1,239 @@
+From: Markus Koschany <apo at debian.org>
+Date: Thu, 5 Aug 2021 14:31:58 +0200
+Subject: CVE-2021-33037
+
+Bug-Debian: https://bugs.debian.org/991046
+Origin: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc
+Origin: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b
+Origin: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02
+---
+ java/org/apache/coyote/http11/Http11Processor.java | 25 ++--
+ .../apache/coyote/http11/TestHttp11Processor.java | 133 +++++++++++++++++----
+ webapps/docs/changelog.xml | 15 +++
+ 3 files changed, 140 insertions(+), 33 deletions(-)
+
+diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
+index 47953e8..bc6c9b5 100644
+--- a/java/org/apache/coyote/http11/Http11Processor.java
++++ b/java/org/apache/coyote/http11/Http11Processor.java
+@@ -450,14 +450,22 @@ public class Http11Processor extends AbstractProcessor {
+ * supported, a 501 response will be returned to the client.
+ */
+ private void addInputFilter(InputFilter[] inputFilters, String encodingName) {
++ if (contentDelimitation) {
++ // Chunked has already been specified and it must be the final
++ // encoding.
++ // 400 - Bad request
++ response.setStatus(400);
++ setErrorState(ErrorState.CLOSE_CLEAN, null);
++ if (log.isDebugEnabled()) {
++ log.debug(sm.getString("http11processor.request.prepare") +
++ " Tranfer encoding lists chunked before [" + encodingName + "]");
++ }
++ return;
++ }
+
+ // Parsing trims and converts to lower case.
+-
+- if (encodingName.equals("identity")) {
+- // Skip
+- } else if (encodingName.equals("chunked")) {
+- inputBuffer.addActiveFilter
+- (inputFilters[Constants.CHUNKED_FILTER]);
++ if (encodingName.equals("chunked")) {
++ inputBuffer.addActiveFilter(inputFilters[Constants.CHUNKED_FILTER]);
+ contentDelimitation = true;
+ } else {
+ for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
+@@ -974,13 +982,14 @@ public class Http11Processor extends AbstractProcessor {
+ InputFilter[] inputFilters = inputBuffer.getFilters();
+
+ // Parse transfer-encoding header
+- if (http11) {
++ // HTTP specs say an HTTP 1.1 server should accept any recognised
++ // HTTP 1.x header from a 1.x client unless the specs says otherwise.
++ if (!http09) {
+ MessageBytes transferEncodingValueMB = headers.getValue("transfer-encoding");
+ if (transferEncodingValueMB != null) {
+ List<String> encodingNames = new ArrayList<>();
+ if (TokenList.parseTokenList(headers.values("transfer-encoding"), encodingNames)) {
+ for (String encodingName : encodingNames) {
+- // "identity" codings are ignored
+ addInputFilter(inputFilters, encodingName);
+ }
+ } else {
+diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java b/test/org/apache/coyote/http11/TestHttp11Processor.java
+index c873614..0007d15 100644
+--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
++++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
+@@ -252,31 +252,6 @@ public class TestHttp11Processor extends TomcatBaseTest {
+ }
+
+
+- @Test
+- public void testWithTEIdentity() throws Exception {
+- getTomcatInstanceTestWebapp(false, true);
+-
+- String request =
+- "POST /test/echo-params.jsp HTTP/1.1" + SimpleHttpClient.CRLF +
+- "Host: any" + SimpleHttpClient.CRLF +
+- "Transfer-encoding: identity" + SimpleHttpClient.CRLF +
+- "Content-Length: 9" + SimpleHttpClient.CRLF +
+- "Content-Type: application/x-www-form-urlencoded" +
+- SimpleHttpClient.CRLF +
+- "Connection: close" + SimpleHttpClient.CRLF +
+- SimpleHttpClient.CRLF +
+- "test=data";
+-
+- Client client = new Client(getPort());
+- client.setRequest(new String[] {request});
+-
+- client.connect();
+- client.processRequest();
+- Assert.assertTrue(client.isResponse200());
+- Assert.assertTrue(client.getResponseBody().contains("test - data"));
+- }
+-
+-
+ @Test
+ public void testWithTESavedRequest() throws Exception {
+ getTomcatInstanceTestWebapp(false, true);
+@@ -1659,4 +1634,112 @@ public class TestHttp11Processor extends TomcatBaseTest {
+ out.print(" and request.getServerPort() is " + req.getServerPort());
+ }
+ }
++
++
++ @Test
++ public void testTEHeaderUnknown01() throws Exception {
++ doTestTEHeaderInvalid("identity", false);
++ }
++
++
++ @Test
++ public void testTEHeaderUnknown02() throws Exception {
++ doTestTEHeaderInvalid("identity, chunked", false);
++ }
++
++
++ @Test
++ public void testTEHeaderUnknown03() throws Exception {
++ doTestTEHeaderInvalid("unknown, chunked", false);
++ }
++
++
++ @Test
++ public void testTEHeaderUnknown04() throws Exception {
++ doTestTEHeaderInvalid("void", false);
++ }
++
++
++ @Test
++ public void testTEHeaderUnknown05() throws Exception {
++ doTestTEHeaderInvalid("void, chunked", false);
++ }
++
++
++ @Test
++ public void testTEHeaderUnknown06() throws Exception {
++ doTestTEHeaderInvalid("void, identity", false);
++ }
++
++
++ @Test
++ public void testTEHeaderUnknown07() throws Exception {
++ doTestTEHeaderInvalid("identity, void", false);
++ }
++
++
++ @Test
++ public void testTEHeaderChunkedNotLast01() throws Exception {
++ doTestTEHeaderInvalid("chunked, void", true);
++ }
++
++
++ private void doTestTEHeaderInvalid(String headerValue, boolean badRequest) throws Exception {
++ Tomcat tomcat = getTomcatInstance();
++
++ // No file system docBase required
++ Context ctx = tomcat.addContext("", null);
++
++ // Add servlet
++ Tomcat.addServlet(ctx, "TesterServlet", new TesterServlet());
++ ctx.addServletMappingDecoded("/foo", "TesterServlet");
++
++ tomcat.start();
++
++ String request =
++ "GET /foo HTTP/1.1" + SimpleHttpClient.CRLF +
++ "Host: localhost:" + getPort() + SimpleHttpClient.CRLF +
++ "Transfer-Encoding: " + headerValue + SimpleHttpClient.CRLF +
++ SimpleHttpClient.CRLF;
++
++ Client client = new Client(tomcat.getConnector().getLocalPort());
++ client.setRequest(new String[] {request});
++
++ client.connect();
++ client.processRequest(false);
++
++ if (badRequest) {
++ Assert.assertTrue(client.isResponse400());
++ } else {
++ Assert.assertTrue(client.isResponse501());
++ }
++ }
++
++
++ @Test
++ public void testWithTEChunkedHttp10() throws Exception {
++
++ getTomcatInstanceTestWebapp(false, true);
++
++ String request =
++ "POST /test/echo-params.jsp HTTP/1.0" + SimpleHttpClient.CRLF +
++ "Host: any" + SimpleHttpClient.CRLF +
++ "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
++ "Content-Type: application/x-www-form-urlencoded" +
++ SimpleHttpClient.CRLF +
++ "Connection: close" + SimpleHttpClient.CRLF +
++ SimpleHttpClient.CRLF +
++ "9" + SimpleHttpClient.CRLF +
++ "test=data" + SimpleHttpClient.CRLF +
++ "0" + SimpleHttpClient.CRLF +
++ SimpleHttpClient.CRLF;
++
++ Client client = new Client(getPort());
++ client.setRequest(new String[] {request});
++
++ client.connect();
++ client.processRequest();
++ Assert.assertTrue(client.isResponse200());
++ Assert.assertTrue(client.getResponseBody().contains("test - data"));
++ }
+ }
+diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
+index 2c848ae..97883ef 100644
+--- a/webapps/docs/changelog.xml
++++ b/webapps/docs/changelog.xml
+@@ -197,6 +197,21 @@
+ Improve validation of request lines, including for HTTP/0.9 requests.
+ (markt)
+ </fix>
++ <fix>
++ Remove support for the <code>identity</code> transfer encoding. The
++ inclusion of this encoding in RFC 2616 was an error that was corrected
++ in 2001. Requests using this transfer encoding will now receive a 501
++ response. (markt)
++ </fix>
++ <fix>
++ Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
++ clients. (markt)
++ </fix>
++ <fix>
++ Ensure that if the transfer encoding header contains the
++ <code>chunked</code>, that the <code>chunked</code> encoding is the
++ final encoding listed. (markt)
++ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="WebSocket">
=====================================
debian/patches/series
=====================================
@@ -16,3 +16,5 @@ CVE-2020-17527.patch
CVE-2021-25122.patch
CVE-2021-25329.patch
CVE-2021-24122.patch
+CVE-2021-33037.patch
+CVE-2021-30640.patch
View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/ce2e5dc2f63198c0043aae9aced899eb066d2583
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/ce2e5dc2f63198c0043aae9aced899eb066d2583
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20210805/8f55c954/attachment.htm>
More information about the pkg-java-commits
mailing list