Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #8961

Tomcat 7 security update

Path csiph.com!news.mixmin.net!newsfeed.fsmpi.rwth-aachen.de!newsfeed.straub-nv.de!news-1.dfn.de!news.dfn.de!storethat.news.telefonica.de!telefonica.de!news.panservice.it!diesel.cu.mi.it!bofh.it!news.nic.it!robomod
From Markus Koschany <apo@gambaru.de>
Newsgroups linux.debian.maint.java
Subject Tomcat 7 security update
Date Mon, 28 Mar 2016 18:10:02 +0200
Message-ID <rhHTQ-ZO-19@gated-at.bofh.it> (permalink)
X-Mailbox-Line From debian-java-request@lists.debian.org Mon Mar 28 16:08:04 2016
Old-Return-Path <apo@gambaru.de>
X-Amavis-Spam-Status No, score=-10.88 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DIGITS_LETTERS=1, FOURLA=0.1, LDO_WHITELIST=-5, MURPHY_DRUGS_REL8=0.02, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
X-Policyd-Weight NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1; rate: -6.1
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.7.0
MIME-Version 1.0
Content-Type multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="PBECOQGrRtqJn4bpxDG41A6lCx9Qvnr0k"
X-Sa-Exim-Scanned No (on richard.fcube.de); SAEximRunCond expanded to false
X-Mailing-List <debian-java@lists.debian.org> archive/latest/19287
List-ID <debian-java.lists.debian.org>
List-URL <https://lists.debian.org/debian-java/>
List-Archive https://lists.debian.org/msgid-search/56F956D4.1000503@gambaru.de
Approved robomod@news.nic.it
Lines 577
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Date Mon, 28 Mar 2016 18:07:48 +0200
X-Original-Message-ID <56F956D4.1000503@gambaru.de>
Xref csiph.com linux.debian.maint.java:8961

Show key headers only | View raw

[Multipart message — attachments visible in raw view] - view raw

[first e-mail failed, attachment is compressed now]

Hello Security Team, hello Java Team

I have prepared security updates for Tomcat 7 fixing 9 CVEs in Wheezy
and 7 CVEs in Jessie.

I would be glad for any help with testing those patches. Apparently they
pass the test suite but I am seeing a build failure in my cowbuilder
environment due to other test failures that are also present in the
actual Debian packages. I vaguely remember that we were facing a similar
issue before. I wonder what I need to change in my environment to allow
them to succeed because it obviously wasn't a problem when the last
version was uploaded. I could successfully build the Wheezy version with
debbuild but I had no luck with Jessie so far.


The changes are in Git now:

Jessie:
https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/commit/?h=jessie&id=3db3a3938950a9f8827ac0f90c109e04c2720328

Wheezy:

https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/commit/?h=wheezy&id=1bccc33dbbe97c6d5b6f2f538d3606251ee614fb


Regards,

Markus



Wheezy test failures:



TEST-org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.BIO.txt:
FAILED
TEST-org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO.txt:	FAILED
TEST-org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO.txt:	FAILED
TEST-org.apache.catalina.tribes.group.TestGroupChannelStartStop.BIO.txt:	FAILED
TEST-org.apache.catalina.tribes.group.TestGroupChannelStartStop.BIO.txt:	FAILED
TEST-org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.NIO.txt:
FAILED
TEST-org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.NIO.txt:
FAILED
TEST-org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.BIO.txt:
FAILED

Jessie test errors:

TEST-org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndBasicAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndBasicAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndBasicAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.BIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.BIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.BIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndDigestAuthenticator.BIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndDigestAuthenticator.BIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndDigestAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndDigestAuthenticator.NIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndBasicAuthenticator.BIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndBasicAuthenticator.BIO.txt:
Caused an ERROR
TEST-org.apache.catalina.authenticator.TestSSOnonLoginAndBasicAuthenticator.BIO.txt:
Caused an ERROR

Back to linux.debian.maint.java | Previous | NextNext in thread | Find similar | Unroll thread

Thread

Tomcat 7 security update Markus Koschany <apo@gambaru.de> - 2016-03-28 18:10 +0200
  Re: Tomcat 7 security update Markus Koschany <apo@debian.org> - 2016-04-16 16:40 +0200
    Re: Tomcat 7 security update Florian Weimer <fw@deneb.enyo.de> - 2016-04-16 20:00 +0200
      Re: Tomcat 7 security update Markus Koschany <apo@debian.org> - 2016-04-17 14:50 +0200
  Re: Tomcat 7 security update Florian Weimer <fw@deneb.enyo.de> - 2016-04-16 16:50 +0200

csiph-web