Bug#902670: tomcat7: version number causes exception in osgi startup
Am 30.06.2018 um 02:04 schrieb EmTeedee: > Hi, > > On 29/06/2018 18:05, Markus Koschany wrote: >> Ok, that makes sense. If this is the only MANIFEST file that needs an update, >> we can patch it with the next update. > > I changed the version number in just the one MANIFEST file and the application > started without an issue. > Is this bug enough to release a new update or should I prepare to patch our > other servers manually? Hi, I will upload a fixed version shortly. Thanks for testing and bringing the issue to our attention. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#902670: tomcat7: version number causes exception in osgi startup
Hi, On 29/06/2018 18:05, Markus Koschany wrote: > Ok, that makes sense. If this is the only MANIFEST file that needs an update, > we can patch it with the next update. I changed the version number in just the one MANIFEST file and the application started without an issue. Is this bug enough to release a new update or should I prepare to patch our other servers manually? EmTeedee
Bug#902670: tomcat7: version number causes exception in osgi startup
Am 29.06.2018 um 17:20 schrieb EmTeedee: > Hi, > > The application we are using uses Eclipse Equinox, which is an OSGI framework. > It is not trying to parse the debian version number, it is trying to parse the > version of exported OSGI packages. > This is used to resolve dependencies and is a core feature of OSGI. > > It looks like the offending version number comes from the Export-Package[1] > attribute in /usr/share/tomcat7/lib/tomcat-jdbc.jar:/META-INF/MANIFEST.MF > In the stable package (7.0.56-3+deb8u11), the version reads "7.0.56" > In the security update (7.0.56-3+really7.0.88-1) it reads > "7.0.56-3+really7.0.88" > > This simply isn't a valid version specification, see e.g. > http://www.eclipse.org/virgo/documentation/virgo-documentation-3.7.0.M01/docs/virgo-user-guide/html/ch02s02.html#d0e341 > > The stable package must have set this version number independently. If this is > actually 7.0.88, I suggest that that should be put in there. Ok, that makes sense. If this is the only MANIFEST file that needs an update, we can patch it with the next update. signature.asc Description: OpenPGP digital signature
Bug#902670: tomcat7: version number causes exception in osgi startup
Le 29/06/2018 à 16:35, Markus Koschany a écrit : > I don't think we can fix the version of tomcat7 without making it > impossible to upgrade from Jessie to Stretch. I think the issue is the version in the OSGi metadata of the MANIFEST.MF file, not the version of the package. This is something we can probably fix. Emmanuel Bourg
Bug#902670: tomcat7: version number causes exception in osgi startup
Hi, The application we are using uses Eclipse Equinox, which is an OSGI framework. It is not trying to parse the debian version number, it is trying to parse the version of exported OSGI packages. This is used to resolve dependencies and is a core feature of OSGI. It looks like the offending version number comes from the Export-Package[1] attribute in /usr/share/tomcat7/lib/tomcat-jdbc.jar:/META-INF/MANIFEST.MF In the stable package (7.0.56-3+deb8u11), the version reads "7.0.56" In the security update (7.0.56-3+really7.0.88-1) it reads "7.0.56-3+really7.0.88" This simply isn't a valid version specification, see e.g. http://www.eclipse.org/virgo/documentation/virgo-documentation-3.7.0.M01/docs/virgo-user-guide/html/ch02s02.html#d0e341 The stable package must have set this version number independently. If this is actually 7.0.88, I suggest that that should be put in there. EmTeedee [1]: the complete attribute looks like this: Export-Package: org.apache.tomcat.jdbc.naming;uses:="javax.naming,org. apache.juli.logging,javax.naming.spi";version="7.0.56",org.apache.tom cat.jdbc.pool;uses:="org.apache.juli.logging,javax.sql,org.apache.tom cat.jdbc.pool.jmx,javax.management,javax.naming,javax.naming.spi,org. apache.tomcat.jdbc.pool.interceptor";version="7.0.56",org.apache.tomc at.jdbc.pool.interceptor;uses:="org.apache.tomcat.jdbc.pool,org.apach e.juli.logging,javax.management.openmbean,javax.management";version=" 7.0.56",org.apache.tomcat.jdbc.pool.jmx;uses:="org.apache.tomcat.jdbc .pool,org.apache.juli.logging,javax.management";version="7.0.56"
Bug#902670: tomcat7: version number causes exception in osgi startup
Am 29.06.2018 um 13:07 schrieb EmTeedee: > Package: tomcat7 > Version: 7.0.56-3+really7.0.88-1 > Severity: important > Tags: jessie jessie-security > > During startup the current version number causes an application using > ecplise osgi to fail with an exception. I don't think we can fix the version of tomcat7 without making it impossible to upgrade from Jessie to Stretch. Why do you parse the version string of Debian's Tomcat7 package? I believe this should be fixed at the application level. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#902670: tomcat7: version number causes exception in osgi startup
Package: tomcat7
Version: 7.0.56-3+really7.0.88-1
Severity: important
Tags: jessie jessie-security
During startup the current version number causes an application using
ecplise osgi to fail with an exception.
Caused by: java.lang.IllegalArgumentException: invalid version
"7.0.56-3+really7.0.88": non-numeric "56-3+really7"
at org.osgi.framework.Version.parseInt(Version.java:170)
at org.osgi.framework.Version.(Version.java:134)
at org.osgi.framework.Version.parseVersion(Version.java:233)
at
org.eclipse.osgi.internal.resolver.StateBuilder.addExportPackages(StateBuilder.java:342)
at
org.eclipse.osgi.internal.resolver.StateBuilder.createExportPackages(StateBuilder.java:324)
The grammar accepted by parseVersion is:
version ::= major('.'minor('.'micro('.'qualifier)?)?)?
major ::= digit+
minor ::= digit+
micro ::= digit+
qualifier ::= (alpha|digit|'_'|'-')+
digit ::= [0..9]
alpha ::= [a..zA..Z]
-- System Information:
Debian Release: 9.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500,
'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages tomcat7 depends on:
ii adduser 3.115
ii debconf [debconf-2.0] 1.5.61
ii tomcat7-common 7.0.56-3+really7.0.88-1
ii ucf 3.0036
Versions of packages tomcat7 recommends:
ii authbind 2.1.2
Versions of packages tomcat7 suggests:
ii libtcnative-1 1.2.12-2+deb9u1
ii tomcat7-admin 7.0.56-3+really7.0.88-1
ii tomcat7-docs 7.0.56-3+really7.0.88-1
pn tomcat7-examples
pn tomcat7-user
-- Configuration Files:
/etc/init.d/tomcat7 changed [not included]
/etc/tomcat7/catalina.properties [Errno 13] Permission denied:
'/etc/tomcat7/catalina.properties'
/etc/tomcat7/context.xml [Errno 13] Permission denied:
'/etc/tomcat7/context.xml'
/etc/tomcat7/logging.properties [Errno 13] Permission denied:
'/etc/tomcat7/logging.properties'
/etc/tomcat7/policy.d/01system.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/01system.policy'
/etc/tomcat7/policy.d/02debian.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/02debian.policy'
/etc/tomcat7/policy.d/03catalina.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/03catalina.policy'
/etc/tomcat7/policy.d/04webapps.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/04webapps.policy'
/etc/tomcat7/policy.d/50local.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/50local.policy'
/etc/tomcat7/server.xml [Errno 13] Permission denied: '/etc/tomcat7/server.xml'
/etc/tomcat7/tomcat-users.xml [Errno 13] Permission denied:
'/etc/tomcat7/tomcat-users.xml'
/etc/tomcat7/web.xml [Errno 13] Permission denied: '/etc/tomcat7/web.xml'
-- debconf information excluded
