sts-sponsors team mailing list archive
-
sts-sponsors team
-
Mailing list archive
-
Message #04103
[Bug 1903851] Re: Tomcat9: multipart upload fails over https
This bug was fixed in the package tomcat9 - 9.0.31-1ubuntu0.4
---------------
tomcat9 (9.0.31-1ubuntu0.4) focal; urgency=medium
* d/p/lp1903851-multipart-upload-over-https.patch: apply revert
from 9.0.32 to fix multi-part upload over HTTPS (LP: #1903851)
-- Tom Moyer <tom.moyer@xxxxxxxxxxxxx> Fri, 18 Nov 2022 19:07:15 +0000
** Changed in: tomcat9 (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of SE SRU
("STS") Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1903851
Title:
Tomcat9: multipart upload fails over https
Status in tomcat9 package in Ubuntu:
Invalid
Status in tomcat9 source package in Focal:
Fix Released
Bug description:
[ Impact ]
* Tomcat version 9.0.31 has a bug that prevents multipart uploads over
encrypted connections. This happens with the NIO SSL Connector, which
is the one that gets auto-selected in a default configuration
* This patch reverts a change that was made between 9.0.30 and 9.0.31 that
causes the multipart upload to fail when using a TLS connection.
[ Test Plan ]
* Deploy focal
* Deploy tomcat9 and use the default configuration
* Enable HTTPS for tomcat9. A self-signed certificate is sufficient
* Create a keystore:
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat9/keystore
* Enable the HTTPS listener in the tomcat9 configuration file
/etc/tomcat9/server.xml
* Add the following XML snippet at the bottom of the the XML block
'<Service name="Catalina">'. Ensure that you specify the same password
as when you created the keystore above
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
keystoreFile="/etc/tomcat9/keystore" keystorePass="*******" />
* Deploy the attached WAR (JerseyDemos.war) file which is a simple test
application that exhibits the regression. This is done by placing the WAR
file in the following directory: /var/lib/tomcat9/webapps/
* In a browser on a separate machine, navigate to the application:
https://<focal instance>/JerseyDemos/fileUpload.html
* Attempt to upload the attached file: qg8dbNp.png
[ Where problems could occur ]
* This patch only addresses the server reading from the encrypted connection.
There is the potential that the server writing to this same connection may
trigger a similar issue if the client tries a multipart download.
However, that use case is less common and the code for that is a seperate
codepath entirely.
[ Other Info ]
* This change only applies to focal as releases after focal have a newer
version of tomcat9 that includes this patch already.
* Patch source:
https://github.com/apache/tomcat/commit/6e60713c75141bc00f03f08f759df993a6416c71
* Contained in upstream tag: 9.0.32
[ Original Bug Description ]
Tomcat version 9.0.31 has a bug that prevents multipart uploads over encrypted connections.
This happens with the NIO SSL Connector, which is the one that gets auto-selected on my system.
FAIL - Deploy Upload Failed, Exception:
[org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException:
Processing of multipart/form-data request failed.
java.net.SocketTimeoutException]
https://bz.apache.org/bugzilla/show_bug.cgi?id=64195
https://bz.apache.org/bugzilla/show_bug.cgi?id=64202
The bug is not present in the next Tomcat upstream release, but it
seems the correction has not been ported back to Ubuntu 20.04.1 LTS in
the tomcat9 package, version 9.0.31-1ubuntu0.1.
On a side note, the bug seems to be present also on the current
tomcat9 package, version 9.0.31-1~deb10u2 for Debian 10.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1903851/+subscriptions
