Jamie,
There seems to be a problem with the updated package.
See https://plus.google.com/112659624466139657672/posts/cMaEhQbcdGL
I guess the precise package cause the problem. Was there anything added
regarding startup?
--
You received this bug notification because you are a member of Ubuntu
There was nothing added to the package regarding startup. The user
reports after using update-rc.d to manage when tomcat7 would start, when
upgrading, they are added back. Note that the update-rc.d manpage
states: Please note that this program was designed for use in
package maintainer
One could also adjust the scripts to stop. Again, from the man page:
A common system administration error is to delete the links with the
thought that this will disable the service, i.e., that this will
prevent the service from being started. However, if all links
Thanks for your debdiff for Ubuntu 12.04. I verified it against upstream
and it looks good. The build log looks fine and after several runs
through the testsuite, I've noted the intermittent tests in QRT (this
took a while and was a bit frustrating). Uploading to the security PPA
now. While
This bug was fixed in the package tomcat7 - 7.0.26-1ubuntu1.2
---
tomcat7 (7.0.26-1ubuntu1.2) precise-security; urgency=low
[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
(LP: #1115053)
- debian/patches/0013-CVE-2012-2733.patch: Fix for
This is the precise patch. Hopefully it goes smoother this time ;)
Note that I got certificate errors when I run the testsuite (in
TestClientCert.BIO.txt, TestClientCert.NIO.txt, TestCustomSSL.BIO.txt,
TestCustomSSL.NIO.txt, TestSSL.BIO.txt and TestSSL.NIO.txt). However I
got the exact same
Unsubscribing ubuntu-security-sponsors for now. Please resubscribe after
a precise debdiff has been attached. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
This bug was fixed in the package tomcat7 - 7.0.21-1ubuntu0.1
---
tomcat7 (7.0.21-1ubuntu0.1) oneiric-security; urgency=low
[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
(LP: #1115053)
- debian/patches/CVE-2012-0022.patch: Fix for
** Branch linked: lp:~ubuntu-branches/ubuntu/oneiric/tomcat7/oneiric-
security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open vulnerabilities in
Thanks Christian.
I updated the timestamp in the changelog, otherwise looked good to me.
Thanks, this was a beast.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
I rewrote the description on CVE-2012-3439.patch and fixed the
whitespace changes in CVE-2012-0022.patch as far as I saw them.
CVE-2012-3439 gave me quite some headache since the testcases upstream changed
already before a lot and it was hard to adopt to the oneiric version. Either I
would have
Thanks for reworking this. This is quite the patch set! :)
I can confirm that it run the testsuite with no added failures or errors.
Comparing the buildlogs also looks good. In reviewing these:
CVE-2011-3375.patch - ACK
CVE-2011-3376.patch - ACK
CVE-2012-0022.patch - ACK (had some whitespace
Unsubscribing ubuntu-security-sponsors for now. Please resubscribe after
commenting/resbumitting.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open
Finally the tests run without any errors. I hope everything is okay now
with the patch. Thanks for your patience anyway.
** Patch added: lp1115053-oneiric-4.debdiff
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3557794/+files/lp1115053-oneiric-4.debdiff
--
You
Thanks for the updated debdiff. Unfortunately, I am also getting the
following additional test suite failure:
output/build/logs/TEST-org.apache.catalina.core.TestAsyncContextImpl.BIO.txt:
Tests run: 32, Failures: 1, Errors: 0, Time elapsed: 75.853 sec
This definitely needs to be tracked down
I updated the DEP-3 comments according to your input. I hope it's easier
now to understand the patches I made. For some patches I didn't find the
according upstream bugs so I left them out. As far as I see is the Bug-
field optional.
The testsuite additions are now included. I got one error
I see. Thanks for the further comments. I will see that I can fix this
and prepare a new debdiff.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open
Oh yes, you are of course right. I was thinking of CVE-2012-5568.
Reviewing oneiric now. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open
Thanks for your work on this! I have some comments though:
* the patches have DEP-3 comments (great!) but they point to a web page. I
think it would be much better to include that URL in the description, then use
an Origin stanza for the commits, and 'Bug: url to upstream bug'. If you are
** Patch added: add testsuite to oneiric packaging
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3530842/+files/tomcat7_7.0.21-1ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7
** Patch added: add testsuite to precise packaging
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3530843/+files/tomcat7_7.0.26-1ubuntu1.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7
When you submit your new debdiffs, please include my testsuite additions
for future use (the testsuite is enabled in the build and shouldn't
change the build in any way-- it just adds a new target to make testing
easier). Thanks!
** Changed in: tomcat7 (Ubuntu Oneiric)
Status: Triaged = In
Unsubscribing ubuntu-security-sponsors for now-- please resubscribe when
you resubmit. Thanks again for your work on this! :)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Jamie,
Thanks for the info. There is a fix for CVE-2012-2733 for tomcat7 from
upstream (see
http://svn.apache.org/viewvc?view=revisionrevision=1350301).
Did you see the new debdiff for oneiric in comment #5? All the fixes for
the CVEs I am aware of should be in it (as well CVE-2012-2733). Please
24 matches
Mail list logo
