Resolves: #2210630 CVE-2023-28709 tomcat
Resolves: #2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure
This commit is contained in:
parent
f2eb7721df
commit
bea4f83bae
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
/apache-tomcat-9.0.62-src.tar.gz
|
/apache-tomcat-9.0.62-src.tar.gz
|
||||||
|
/tomcat-9.0.62.redhat-00013.tar.gz
|
||||||
|
40
JmxRemoteLifecycleListener.patch
Normal file
40
JmxRemoteLifecycleListener.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
|
||||||
|
index f62f8d1..db19960 100644
|
||||||
|
--- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
|
||||||
|
+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
|
||||||
|
@@ -611,34 +611,28 @@ public class JmxRemoteLifecycleListener extends SSLHostConfig implements Lifecyc
|
||||||
|
* Better to use the internal API than re-invent the wheel.
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("restriction")
|
||||||
|
- private static class JmxRegistry extends sun.rmi.registry.RegistryImpl {
|
||||||
|
+ private static class JmxRegistry {
|
||||||
|
private static final long serialVersionUID = -3772054804656428217L;
|
||||||
|
private final String jmxName;
|
||||||
|
private final Remote jmxServer;
|
||||||
|
public JmxRegistry(int port, RMIClientSocketFactory csf,
|
||||||
|
RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) throws RemoteException {
|
||||||
|
- super(port, csf, ssf);
|
||||||
|
this.jmxName = jmxName;
|
||||||
|
this.jmxServer = jmxServer;
|
||||||
|
}
|
||||||
|
- @Override
|
||||||
|
public Remote lookup(String name)
|
||||||
|
throws RemoteException, NotBoundException {
|
||||||
|
return (jmxName.equals(name)) ? jmxServer : null;
|
||||||
|
}
|
||||||
|
- @Override
|
||||||
|
public void bind(String name, Remote obj)
|
||||||
|
throws RemoteException, AlreadyBoundException, AccessException {
|
||||||
|
}
|
||||||
|
- @Override
|
||||||
|
public void unbind(String name)
|
||||||
|
throws RemoteException, NotBoundException, AccessException {
|
||||||
|
}
|
||||||
|
- @Override
|
||||||
|
public void rebind(String name, Remote obj)
|
||||||
|
throws RemoteException, AccessException {
|
||||||
|
}
|
||||||
|
- @Override
|
||||||
|
public String[] list() throws RemoteException {
|
||||||
|
return new String[] { jmxName };
|
||||||
|
}
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (apache-tomcat-9.0.62-src.tar.gz) = 7e9cad2703473d9f096009c464b28d54d3765259fab1923ef8c9b1cbfa231fa51cedadfe771a3a95abffd258759a71023e036bda78b949440a5e826fbd4e9e09
|
SHA512 (tomcat-9.0.62.redhat-00013.tar.gz) = f2fd99557bbdfff2811518c7ee25a699df8594371421780de04e378d73730e4f942b725156a4a96056e9782780af578ed6f9360983514598d13d2deaba209264
|
||||||
|
@ -1,24 +0,0 @@
|
|||||||
diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java ./java/org/apache/jasper/compiler/JDTCompiler.java
|
|
||||||
index 2e361f2..277d8f4 100644
|
|
||||||
--- java/org/apache/jasper/compiler/JDTCompiler.java
|
|
||||||
+++ java/org/apache/jasper/compiler/JDTCompiler.java
|
|
||||||
@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
|
|
||||||
} else if(opt.equals("15")) {
|
|
||||||
settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
|
|
||||||
} else if(opt.equals("16")) {
|
|
||||||
- settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
|
|
||||||
+ settings.put(CompilerOptions.OPTION_Source, "16");
|
|
||||||
} else if(opt.equals("17")) {
|
|
||||||
// Constant not available in latest ECJ version that runs on
|
|
||||||
// Java 8.
|
|
||||||
@@ -377,8 +377,8 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
|
|
||||||
settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
|
|
||||||
settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
|
|
||||||
} else if(opt.equals("16")) {
|
|
||||||
- settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16);
|
|
||||||
- settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16);
|
|
||||||
+ settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
|
|
||||||
+ settings.put(CompilerOptions.OPTION_Compliance, "16");
|
|
||||||
} else if(opt.equals("17")) {
|
|
||||||
// Constant not available in latest ECJ version that runs on
|
|
||||||
// Java 8.
|
|
@ -1,345 +0,0 @@
|
|||||||
diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
|
|
||||||
index 8746b6b..dc878c6 100644
|
|
||||||
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
|
|
||||||
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
|
|
||||||
@@ -1820,41 +1820,13 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
|
|
||||||
// shutting down the executor
|
|
||||||
boolean usingExecutor = false;
|
|
||||||
try {
|
|
||||||
-
|
|
||||||
- // Runnable wrapped by Thread
|
|
||||||
- // "target" in Sun/Oracle JDK
|
|
||||||
- // "runnable" in IBM JDK
|
|
||||||
- // "action" in Apache Harmony
|
|
||||||
- Object target = null;
|
|
||||||
- for (String fieldName : new String[] { "target", "runnable", "action" }) {
|
|
||||||
- try {
|
|
||||||
- Field targetField = thread.getClass().getDeclaredField(fieldName);
|
|
||||||
- targetField.setAccessible(true);
|
|
||||||
- target = targetField.get(thread);
|
|
||||||
- break;
|
|
||||||
- } catch (NoSuchFieldException nfe) {
|
|
||||||
- continue;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // "java.util.concurrent" code is in public domain,
|
|
||||||
- // so all implementations are similar including our
|
|
||||||
- // internal fork.
|
|
||||||
- if (target != null && target.getClass().getCanonicalName() != null &&
|
|
||||||
- (target.getClass().getCanonicalName().equals(
|
|
||||||
- "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
|
|
||||||
- target.getClass().getCanonicalName().equals(
|
|
||||||
- "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
|
|
||||||
- Field executorField = target.getClass().getDeclaredField("this$0");
|
|
||||||
- executorField.setAccessible(true);
|
|
||||||
- Object executor = executorField.get(target);
|
|
||||||
- if (executor instanceof ThreadPoolExecutor) {
|
|
||||||
- ((ThreadPoolExecutor) executor).shutdownNow();
|
|
||||||
- usingExecutor = true;
|
|
||||||
- } else if (executor instanceof java.util.concurrent.ThreadPoolExecutor) {
|
|
||||||
- ((java.util.concurrent.ThreadPoolExecutor) executor).shutdownNow();
|
|
||||||
- usingExecutor = true;
|
|
||||||
- }
|
|
||||||
+ Object executor = JreCompat.getInstance().getExecutor(thread);
|
|
||||||
+ if (executor instanceof ThreadPoolExecutor) {
|
|
||||||
+ ((ThreadPoolExecutor) executor).shutdownNow();
|
|
||||||
+ usingExecutor = true;
|
|
||||||
+ } else if (executor instanceof java.util.concurrent.ThreadPoolExecutor) {
|
|
||||||
+ ((java.util.concurrent.ThreadPoolExecutor) executor).shutdownNow();
|
|
||||||
+ usingExecutor = true;
|
|
||||||
}
|
|
||||||
} catch (NoSuchFieldException | IllegalAccessException | RuntimeException e) {
|
|
||||||
// InaccessibleObjectException is only available in Java 9+,
|
|
||||||
@@ -2306,6 +2278,12 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
|
|
||||||
|
|
||||||
|
|
||||||
private void clearReferencesObjectStreamClassCaches() {
|
|
||||||
+ if (JreCompat.isJre19Available()) {
|
|
||||||
+ // The memory leak this fixes has been fixed in Java 19 onwards,
|
|
||||||
+ // 17.0.4 onwards and 11.0.16 onwards
|
|
||||||
+ // See https://bugs.openjdk.java.net/browse/JDK-8277072
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
try {
|
|
||||||
Class<?> clazz = Class.forName("java.io.ObjectStreamClass$Caches");
|
|
||||||
clearCache(clazz, "localDescs");
|
|
||||||
@@ -2333,14 +2311,19 @@ public abstract class WebappClassLoaderBase extends URLClassLoader
|
|
||||||
throws ReflectiveOperationException, SecurityException, ClassCastException {
|
|
||||||
Field f = target.getDeclaredField(mapName);
|
|
||||||
f.setAccessible(true);
|
|
||||||
- Map<?,?> map = (Map<?,?>) f.get(null);
|
|
||||||
- Iterator<?> keys = map.keySet().iterator();
|
|
||||||
- while (keys.hasNext()) {
|
|
||||||
- Object key = keys.next();
|
|
||||||
- if (key instanceof Reference) {
|
|
||||||
- Object clazz = ((Reference<?>) key).get();
|
|
||||||
- if (loadedByThisOrChild(clazz)) {
|
|
||||||
- keys.remove();
|
|
||||||
+ Object map = f.get(null);
|
|
||||||
+ // Avoid trying to clear references if Tomcat is running on a JRE that
|
|
||||||
+ // includes the fix for this memory leak
|
|
||||||
+ // See https://bugs.openjdk.java.net/browse/JDK-8277072
|
|
||||||
+ if (map instanceof Map<?,?>) {
|
|
||||||
+ Iterator<?> keys = ((Map<?,?>) map).keySet().iterator();
|
|
||||||
+ while (keys.hasNext()) {
|
|
||||||
+ Object key = keys.next();
|
|
||||||
+ if (key instanceof Reference) {
|
|
||||||
+ Object clazz = ((Reference<?>) key).get();
|
|
||||||
+ if (loadedByThisOrChild(clazz)) {
|
|
||||||
+ keys.remove();
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java
|
|
||||||
index 62df145..e5df728 100644
|
|
||||||
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
|
|
||||||
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
|
|
||||||
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.compat;
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.lang.reflect.AccessibleObject;
|
|
||||||
+import java.lang.reflect.Field;
|
|
||||||
import java.lang.reflect.InvocationTargetException;
|
|
||||||
import java.lang.reflect.Method;
|
|
||||||
import java.net.SocketAddress;
|
|
||||||
@@ -45,6 +46,7 @@ public class JreCompat {
|
|
||||||
|
|
||||||
private static final JreCompat instance;
|
|
||||||
private static final boolean graalAvailable;
|
|
||||||
+ private static final boolean jre19Available;
|
|
||||||
private static final boolean jre16Available;
|
|
||||||
private static final boolean jre11Available;
|
|
||||||
private static final boolean jre9Available;
|
|
||||||
@@ -67,18 +69,26 @@ public class JreCompat {
|
|
||||||
|
|
||||||
// This is Tomcat 9 with a minimum Java version of Java 8.
|
|
||||||
// Look for the highest supported JVM first
|
|
||||||
- if (Jre16Compat.isSupported()) {
|
|
||||||
+ if (Jre19Compat.isSupported()) {
|
|
||||||
+ instance = new Jre19Compat();
|
|
||||||
+ jre9Available = true;
|
|
||||||
+ jre16Available = true;
|
|
||||||
+ jre19Available = true;
|
|
||||||
+ } else if (Jre16Compat.isSupported()) {
|
|
||||||
instance = new Jre16Compat();
|
|
||||||
jre9Available = true;
|
|
||||||
jre16Available = true;
|
|
||||||
+ jre19Available = false;
|
|
||||||
} else if (Jre9Compat.isSupported()) {
|
|
||||||
instance = new Jre9Compat();
|
|
||||||
jre9Available = true;
|
|
||||||
jre16Available = false;
|
|
||||||
+ jre19Available = false;
|
|
||||||
} else {
|
|
||||||
instance = new JreCompat();
|
|
||||||
jre9Available = false;
|
|
||||||
jre16Available = false;
|
|
||||||
+ jre19Available = false;
|
|
||||||
}
|
|
||||||
jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
|
|
||||||
|
|
||||||
@@ -124,6 +134,9 @@ public class JreCompat {
|
|
||||||
return jre16Available;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ public static boolean isJre19Available() {
|
|
||||||
+ return jre19Available;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
// Java 8 implementation of Java 9 methods
|
|
||||||
|
|
||||||
@@ -303,6 +316,8 @@ public class JreCompat {
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+ // Java 8 implementations of Java 16 methods
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* Return Unix domain socket address for given path.
|
|
||||||
* @param path The path
|
|
||||||
@@ -329,4 +344,63 @@ public class JreCompat {
|
|
||||||
public SocketChannel openUnixDomainSocketChannel() {
|
|
||||||
throw new UnsupportedOperationException(sm.getString("jreCompat.noUnixDomainSocket"));
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+ // Java 8 implementations of Java 19 methods
|
|
||||||
+
|
|
||||||
+ /**
|
|
||||||
+ * Obtains the executor, if any, used to create the provided thread.
|
|
||||||
+ *
|
|
||||||
+ * @param thread The thread to examine
|
|
||||||
+ *
|
|
||||||
+ * @return The executor, if any, that created the provided thread
|
|
||||||
+ *
|
|
||||||
+ * @throws NoSuchFieldException
|
|
||||||
+ * If a field used via reflection to obtain the executor cannot
|
|
||||||
+ * be found
|
|
||||||
+ * @throws SecurityException
|
|
||||||
+ * If a security exception occurs while trying to identify the
|
|
||||||
+ * executor
|
|
||||||
+ * @throws IllegalArgumentException
|
|
||||||
+ * If the instance object does not match the class of the field
|
|
||||||
+ * when obtaining a field value via reflection
|
|
||||||
+ * @throws IllegalAccessException
|
|
||||||
+ * If a field is not accessible due to access restrictions
|
|
||||||
+ */
|
|
||||||
+ public Object getExecutor(Thread thread)
|
|
||||||
+ throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
|
|
||||||
+
|
|
||||||
+ Object result = null;
|
|
||||||
+
|
|
||||||
+ // Runnable wrapped by Thread
|
|
||||||
+ // "target" in Sun/Oracle JDK
|
|
||||||
+ // "runnable" in IBM JDK
|
|
||||||
+ // "action" in Apache Harmony
|
|
||||||
+ Object target = null;
|
|
||||||
+ for (String fieldName : new String[] { "target", "runnable", "action" }) {
|
|
||||||
+ try {
|
|
||||||
+ Field targetField = thread.getClass().getDeclaredField(fieldName);
|
|
||||||
+ targetField.setAccessible(true);
|
|
||||||
+ target = targetField.get(thread);
|
|
||||||
+ break;
|
|
||||||
+ } catch (NoSuchFieldException nfe) {
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // "java.util.concurrent" code is in public domain,
|
|
||||||
+ // so all implementations are similar including our
|
|
||||||
+ // internal fork.
|
|
||||||
+ if (target != null && target.getClass().getCanonicalName() != null &&
|
|
||||||
+ (target.getClass().getCanonicalName().equals(
|
|
||||||
+ "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
|
|
||||||
+ target.getClass().getCanonicalName().equals(
|
|
||||||
+ "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
|
|
||||||
+ Field executorField = target.getClass().getDeclaredField("this$0");
|
|
||||||
+ executorField.setAccessible(true);
|
|
||||||
+ result = executorField.get(target);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return result;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
diff --git a/java/org/apache/tomcat/util/compat/LocalStrings.properties b/java/org/apache/tomcat/util/compat/LocalStrings.properties
|
|
||||||
index 79427da..c4c2f7d 100644
|
|
||||||
--- a/java/org/apache/tomcat/util/compat/LocalStrings.properties
|
|
||||||
+++ b/java/org/apache/tomcat/util/compat/LocalStrings.properties
|
|
||||||
@@ -16,6 +16,8 @@
|
|
||||||
jre16Compat.javaPre16=Class not found so assuming code is running on a pre-Java 16 JVM
|
|
||||||
jre16Compat.unexpected=Failed to create references to Java 16 classes and methods
|
|
||||||
|
|
||||||
+jre19Compat.javaPre19=Class not found so assuming code is running on a pre-Java 19 JVM
|
|
||||||
+
|
|
||||||
jre9Compat.invalidModuleUri=The module URI provided [{0}] could not be converted to a URL for the JarScanner to process
|
|
||||||
jre9Compat.javaPre9=Class not found so assuming code is running on a pre-Java 9 JVM
|
|
||||||
jre9Compat.unexpected=Failed to create references to Java 9 classes and methods
|
|
||||||
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
|
|
||||||
index d118196..42dfe38 100644
|
|
||||||
--- a/webapps/docs/config/context.xml
|
|
||||||
+++ b/webapps/docs/config/context.xml
|
|
||||||
@@ -769,7 +769,11 @@
|
|
||||||
therefore requires that the command line option
|
|
||||||
<code>-XaddExports:java.base/java.io=ALL-UNNAMED</code> is set
|
|
||||||
when running on Java 9 and above. If not specified, the default value of
|
|
||||||
- <code>true</code> will be used.</p>
|
|
||||||
+ <code>true</code> will be used.</p>
|
|
||||||
+ <p>The memory leak associated with <code>ObjectStreamClass</code> has
|
|
||||||
+ been fixed in Java 19 onwards, Java 17.0.4 onwards and Java 11.0.16
|
|
||||||
+ onwards. The check will be disabled when running on a version
|
|
||||||
+ of Java that contains the fix.</p>
|
|
||||||
</attribute>
|
|
||||||
|
|
||||||
<attribute name="clearReferencesRmiTargets" required="false">
|
|
||||||
diff --git a/java/org/apache/tomcat/util/compat/Jre19Compat.java b/java/org/apache/tomcat/util/compat/Jre19Compat.java
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..fb94810b40
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/java/org/apache/tomcat/util/compat/Jre19Compat.java
|
|
||||||
@@ -0,0 +1,84 @@
|
|
||||||
+/*
|
|
||||||
+ * Licensed to the Apache Software Foundation (ASF) under one or more
|
|
||||||
+ * contributor license agreements. See the NOTICE file distributed with
|
|
||||||
+ * this work for additional information regarding copyright ownership.
|
|
||||||
+ * The ASF licenses this file to You under the Apache License, Version 2.0
|
|
||||||
+ * (the "License"); you may not use this file except in compliance with
|
|
||||||
+ * the License. You may obtain a copy of the License at
|
|
||||||
+ *
|
|
||||||
+ * http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
+ *
|
|
||||||
+ * Unless required by applicable law or agreed to in writing, software
|
|
||||||
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
+ * See the License for the specific language governing permissions and
|
|
||||||
+ * limitations under the License.
|
|
||||||
+ */
|
|
||||||
+package org.apache.tomcat.util.compat;
|
|
||||||
+
|
|
||||||
+import java.lang.reflect.Field;
|
|
||||||
+
|
|
||||||
+import org.apache.juli.logging.Log;
|
|
||||||
+import org.apache.juli.logging.LogFactory;
|
|
||||||
+import org.apache.tomcat.util.res.StringManager;
|
|
||||||
+
|
|
||||||
+public class Jre19Compat extends Jre16Compat {
|
|
||||||
+
|
|
||||||
+ private static final Log log = LogFactory.getLog(Jre19Compat.class);
|
|
||||||
+ private static final StringManager sm = StringManager.getManager(Jre19Compat.class);
|
|
||||||
+
|
|
||||||
+ private static final boolean supported;
|
|
||||||
+
|
|
||||||
+ static {
|
|
||||||
+ // Don't need any Java 19 specific classes (yet) so just test for one of
|
|
||||||
+ // the new ones for now.
|
|
||||||
+ Class<?> c1 = null;
|
|
||||||
+ try {
|
|
||||||
+ c1 = Class.forName("java.lang.WrongThreadException");
|
|
||||||
+ } catch (ClassNotFoundException cnfe) {
|
|
||||||
+ // Must be pre-Java 16
|
|
||||||
+ log.debug(sm.getString("jre19Compat.javaPre19"), cnfe);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ supported = (c1 != null);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ static boolean isSupported() {
|
|
||||||
+ return supported;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ @Override
|
|
||||||
+ public Object getExecutor(Thread thread)
|
|
||||||
+ throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
|
|
||||||
+
|
|
||||||
+ Object result = super.getExecutor(thread);
|
|
||||||
+
|
|
||||||
+ if (result == null) {
|
|
||||||
+ Object holder = null;
|
|
||||||
+ Object task = null;
|
|
||||||
+ try {
|
|
||||||
+ Field holderField = thread.getClass().getDeclaredField("holder");
|
|
||||||
+ holderField.setAccessible(true);
|
|
||||||
+ holder = holderField.get(thread);
|
|
||||||
+
|
|
||||||
+ Field taskField = holder.getClass().getDeclaredField("task");
|
|
||||||
+ taskField.setAccessible(true);
|
|
||||||
+ task = taskField.get(holder);
|
|
||||||
+ } catch (NoSuchFieldException nfe) {
|
|
||||||
+ return null;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (task!= null && task.getClass().getCanonicalName() != null &&
|
|
||||||
+ (task.getClass().getCanonicalName().equals(
|
|
||||||
+ "org.apache.tomcat.util.threads.ThreadPoolExecutor.Worker") ||
|
|
||||||
+ task.getClass().getCanonicalName().equals(
|
|
||||||
+ "java.util.concurrent.ThreadPoolExecutor.Worker"))) {
|
|
||||||
+ Field executorField = task.getClass().getDeclaredField("this$0");
|
|
||||||
+ executorField.setAccessible(true);
|
|
||||||
+ result = executorField.get(task);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return result;
|
|
||||||
+ }
|
|
||||||
+}
|
|
17
tomcat.spec
17
tomcat.spec
@ -32,7 +32,7 @@
|
|||||||
%global major_version 9
|
%global major_version 9
|
||||||
%global minor_version 0
|
%global minor_version 0
|
||||||
%global micro_version 62
|
%global micro_version 62
|
||||||
%global packdname apache-tomcat-%{version}-src
|
%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013
|
||||||
%global servletspec 4.0
|
%global servletspec 4.0
|
||||||
%global elspec 3.0
|
%global elspec 3.0
|
||||||
%global tcuid 53
|
%global tcuid 53
|
||||||
@ -56,12 +56,12 @@
|
|||||||
Name: tomcat
|
Name: tomcat
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: %{major_version}.%{minor_version}.%{micro_version}
|
Version: %{major_version}.%{minor_version}.%{micro_version}
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://tomcat.apache.org/
|
URL: http://tomcat.apache.org/
|
||||||
Source0: http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz
|
Source0: %{packdname}.tar.gz
|
||||||
Source1: %{name}-%{major_version}.%{minor_version}.conf
|
Source1: %{name}-%{major_version}.%{minor_version}.conf
|
||||||
Source3: %{name}-%{major_version}.%{minor_version}.sysconfig
|
Source3: %{name}-%{major_version}.%{minor_version}.sysconfig
|
||||||
Source4: %{name}-%{major_version}.%{minor_version}.wrapper
|
Source4: %{name}-%{major_version}.%{minor_version}.wrapper
|
||||||
@ -80,11 +80,9 @@ Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.pat
|
|||||||
Patch2: %{name}-build.patch
|
Patch2: %{name}-build.patch
|
||||||
Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
|
Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
|
||||||
Patch4: rhbz-1857043.patch
|
Patch4: rhbz-1857043.patch
|
||||||
Patch5: %{name}-%{major_version}.%{minor_version}-JDTCompiler.patch
|
|
||||||
# remove bnd dependency which version is too low on rhel8
|
# remove bnd dependency which version is too low on rhel8
|
||||||
Patch6: remove-bnd-annotation.patch
|
Patch6: remove-bnd-annotation.patch
|
||||||
# The fixes for memory leak which have been fixed in 9.0.64, remove this patch in the next tomcat update
|
Patch7: JmxRemoteLifecycleListener.patch
|
||||||
Patch7: %{name}-%{major_version}.%{minor_version}-memory-leak.patch
|
|
||||||
Patch8: fix-malformed-dtd.patch
|
Patch8: fix-malformed-dtd.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
@ -230,7 +228,6 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
|
|||||||
%patch -P2 -p0
|
%patch -P2 -p0
|
||||||
%patch -P3 -p0
|
%patch -P3 -p0
|
||||||
%patch -P4 -p0
|
%patch -P4 -p0
|
||||||
%patch -P5 -p0
|
|
||||||
%patch -P6 -p1
|
%patch -P6 -p1
|
||||||
%patch -P7 -p1
|
%patch -P7 -p1
|
||||||
%patch -P8 -p1
|
%patch -P8 -p1
|
||||||
@ -271,7 +268,7 @@ touch HACK
|
|||||||
deploy
|
deploy
|
||||||
|
|
||||||
# remove some jars that we'll replace with symlinks later
|
# remove some jars that we'll replace with symlinks later
|
||||||
%{__rm} output/build/bin/commons-daemon.jar output/build/lib/ecj.jar
|
%{__rm} output/build/lib/ecj.jar
|
||||||
# Remove the example webapps per Apache Tomcat Security Considerations
|
# Remove the example webapps per Apache Tomcat Security Considerations
|
||||||
# see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
|
# see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
|
||||||
%{__rm} -rf output/build/webapps/examples
|
%{__rm} -rf output/build/webapps/examples
|
||||||
@ -599,6 +596,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Aug 18 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-10
|
||||||
|
- Resolves: #2210630 CVE-2023-28709 tomcat
|
||||||
|
- Resolves: #2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure
|
||||||
|
|
||||||
* Thu Aug 17 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-9
|
* Thu Aug 17 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-9
|
||||||
- Resolves: #2184135 Add Obsoletes to tomcat package
|
- Resolves: #2184135 Add Obsoletes to tomcat package
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user