diff --git a/0001-Fix-BZ55470-Add-class-path-logging-to-help-debug-CNF.patch b/0001-Fix-BZ55470-Add-class-path-logging-to-help-debug-CNF.patch new file mode 100644 index 0000000000000000000000000000000000000000..82df89baece427f36aba5d863537b07e3752a6a9 --- /dev/null +++ b/0001-Fix-BZ55470-Add-class-path-logging-to-help-debug-CNF.patch @@ -0,0 +1,206 @@ +From f5f987d3e7fda3dd91b086ea5a7b04ad545c420e Mon Sep 17 00:00:00 2001 +From: zhaosai +Date: Wed, 20 Nov 2024 20:32:19 +0800 +Subject: [PATCH] Fix BZ55470 Add class path logging to help debug CNFE + +--- + .../loader/WebappClassLoaderBase.java | 4 + + .../tomcat/util/buf/LocalStrings.properties | 5 + + .../apache/tomcat/util/buf/ToStringUtil.java | 101 ++++++++++++++++++ + .../apache/tomcat/util/digester/Digester.java | 7 ++ + webapps/docs/changelog.xml | 8 +- + 5 files changed, 124 insertions(+), 1 deletion(-) + create mode 100644 java/org/apache/tomcat/util/buf/ToStringUtil.java + +diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java b/java/org/apache/catalina/loader/WebappClassLoaderBase.java +index 553cd7a..3f0202c 100644 +--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java ++++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java +@@ -73,6 +73,7 @@ import org.apache.juli.logging.LogFactory; + import org.apache.tomcat.InstrumentableClassLoader; + import org.apache.tomcat.util.ExceptionUtils; + import org.apache.tomcat.util.IntrospectionUtils; ++import org.apache.tomcat.util.buf.ToStringUtil; + import org.apache.tomcat.util.compat.JreCompat; + import org.apache.tomcat.util.res.StringManager; + import org.apache.tomcat.util.security.PermissionCheck; +@@ -1305,6 +1306,9 @@ public abstract class WebappClassLoaderBase extends URLClassLoader + } + } + ++ if (log.isDebugEnabled()) { ++ log.debug(ToStringUtil.classPathForCNFE(this)); ++ } + throw new ClassNotFoundException(name); + } + +diff --git a/java/org/apache/tomcat/util/buf/LocalStrings.properties b/java/org/apache/tomcat/util/buf/LocalStrings.properties +index 847bfa1..2801239 100644 +--- a/java/org/apache/tomcat/util/buf/LocalStrings.properties ++++ b/java/org/apache/tomcat/util/buf/LocalStrings.properties +@@ -38,6 +38,11 @@ messageBytes.illegalCharacter=The Unicode character [{0}] at code point [{1}] ca + stringCache.byteTime=ByteCache generation time: {0}ms + stringCache.charTime=CharCache generation time: {0}ms + ++toStringUtil.classpath.classloader=ClassLoader [{0}] loading classes from: ++toStringUtil.classpath.header=Logging class path for each class loader in hierarchy to aid debugging of ClassNotFoundException ++toStringUtil.classpath.platform=JRE provided classes ++toStringUtil.classpath.unknown=Unknown - not an instance of URLClassLoader ++ + uDecoder.eof=End of file (EOF) + uDecoder.isHexDigit=The hexadecimal encoding is invalid + uDecoder.noSlash=The encoded slash character is not allowed +diff --git a/java/org/apache/tomcat/util/buf/ToStringUtil.java b/java/org/apache/tomcat/util/buf/ToStringUtil.java +new file mode 100644 +index 0000000..1d562d6 +--- /dev/null ++++ b/java/org/apache/tomcat/util/buf/ToStringUtil.java +@@ -0,0 +1,101 @@ ++/* ++ * Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++package org.apache.tomcat.util.buf; ++ ++import java.io.File; ++import java.net.URL; ++import java.net.URLClassLoader; ++ ++import org.apache.tomcat.util.res.StringManager; ++ ++/** ++ * Utility class used to provide String representations of objects. It is typically used in debug logging. ++ */ ++public class ToStringUtil { ++ ++ private static final StringManager sm = StringManager.getManager(ToStringUtil.class); ++ ++ private static final String INDENT = " "; ++ ++ ++ private ToStringUtil() { ++ // Utility class. Hide default constructor. ++ } ++ ++ ++ /** ++ * Generate a String representation of the class path for the given class loader and any parent class loaders to aid ++ * debugging of {@link ClassNotFoundException}. ++ * ++ * @param classLoader The class loader to analyse ++ * ++ * @return A String representation of the class path. The format is undefined and may change in future point ++ * releases. The output includes new lines. ++ */ ++ public static String classPathForCNFE(ClassLoader classLoader) { ++ // The result is expected to be fairly large ++ StringBuilder result = new StringBuilder(4096); ++ result.append(sm.getString("toStringUtil.classpath.header")); ++ result.append("\n"); ++ while (classLoader != null) { ++ classPathForCNFE(classLoader, result); ++ classLoader = classLoader.getParent(); ++ } ++ return result.toString(); ++ } ++ ++ ++ private static void classPathForCNFE(ClassLoader classLoader, StringBuilder result) { ++ result.append(INDENT); ++ result.append(sm.getString("toStringUtil.classpath.classloader", classLoader)); ++ result.append("\n"); ++ if (classLoader instanceof URLClassLoader) { ++ URL[] urls = ((URLClassLoader) classLoader).getURLs(); ++ for (URL url : urls) { ++ result.append(INDENT); ++ result.append(INDENT); ++ result.append(url); ++ result.append("\n"); ++ } ++ } else if (classLoader == ClassLoader.getSystemClassLoader()) { ++ // From Java 9 the internal class loaders no longer extend ++ // URLCLassLoader ++ String cp = System.getProperty("java.class.path"); ++ if (cp != null && cp.length() > 0) { ++ String[] paths = cp.split(File.pathSeparator); ++ for (String path : paths) { ++ result.append(INDENT); ++ result.append(INDENT); ++ result.append(path); ++ result.append("\n"); ++ } ++ } ++ } else if (classLoader == ClassLoader.getPlatformClassLoader()) { ++ // From Java 9 the internal class loaders no longer extend ++ // URLCLassLoader ++ result.append(INDENT); ++ result.append(INDENT); ++ result.append(sm.getString("toStringUtil.classpath.platform")); ++ result.append("\n"); ++ } else { ++ result.append(INDENT); ++ result.append(INDENT); ++ result.append(sm.getString("toStringUtil.classpath.unknown")); ++ result.append("\n"); ++ } ++ } ++} +diff --git a/java/org/apache/tomcat/util/digester/Digester.java b/java/org/apache/tomcat/util/digester/Digester.java +index e7c7a53..b00155c 100644 +--- a/java/org/apache/tomcat/util/digester/Digester.java ++++ b/java/org/apache/tomcat/util/digester/Digester.java +@@ -44,6 +44,7 @@ import org.apache.tomcat.util.ExceptionUtils; + import org.apache.tomcat.util.IntrospectionUtils; + import org.apache.tomcat.util.IntrospectionUtils.PropertySource; + import org.apache.tomcat.util.buf.B2CConverter; ++import org.apache.tomcat.util.buf.ToStringUtil; + import org.apache.tomcat.util.res.StringManager; + import org.xml.sax.Attributes; + import org.xml.sax.EntityResolver; +@@ -1275,6 +1276,12 @@ public class Digester extends DefaultHandler2 { + log.trace(" Fire begin() for " + rule); + } + rule.begin(namespaceURI, name, list); ++ } catch (ClassNotFoundException cnfe) { ++ log.error(sm.getString("digester.error.begin"), cnfe); ++ if (log.isDebugEnabled()) { ++ log.debug(ToStringUtil.classPathForCNFE(getClassLoader())); ++ } ++ throw createSAXException(cnfe); + } catch (Exception e) { + log.error(sm.getString("digester.error.begin"), e); + throw createSAXException(e); +diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml +index 8737117..33dda10 100644 +--- a/webapps/docs/changelog.xml ++++ b/webapps/docs/changelog.xml +@@ -417,7 +417,13 @@ + method void sendEarlyHints(). This method will be added to + the Servlet API (removing the need for the cast) in Servlet 6.2 onwards. + (markt) +- ++ ++ ++ 55470: Add debug logging that reports the class path when a ++ ClassNotFoundException occurs in the digester or the web ++ application class loader. Based on a patch by Ralf Hauser. (markt) ++ ++ + + 69214: Do not reject a CORS request that uses POST but does + not include a content-type header. Tomcat now correctly +-- +2.25.1 + diff --git a/tomcat.spec b/tomcat.spec index 265eaf3ec60e18172fd05d4d8ce8e7bbf4b6dc02..1bb7051b853b5478d03ef11257de42486ae0cf4f 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -23,7 +23,7 @@ Name: tomcat Epoch: 1 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 2 +Release: 3 Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API License: Apache-2.0 @@ -52,6 +52,7 @@ Patch4: rhbz-1857043.patch Patch6: remove-bnd-annotation.patch Patch7: build-with-jdk-1.8.patch Patch8: CVE-2024-52318.patch +Patch9: 0001-Fix-BZ55470-Add-class-path-logging-to-help-debug-CNF.patch BuildArch: noarch @@ -418,6 +419,9 @@ fi %{appdir}/docs %changelog +* Wed Nov 20 2024 zhaosaisai - 1:9.0.96-3 +- Fix BZ 55470 for adding class path logging to help debug CNFE + * Tue Nov 19 2024 wangkai <13474090681@163.com> - 1:9.0.96-2 - Fix CVE-2024-52318