Bug#902670: tomcat7: version number causes exception in osgi startup

2018-06-30 Thread Markus Koschany 
Am 30.06.2018 um 02:04 schrieb EmTeedee:
> Hi,
> 
> On 29/06/2018 18:05, Markus Koschany wrote:
>> Ok, that makes sense. If this is the only MANIFEST file that needs an update,
>> we can patch it with the next update. 
> 
> I changed the version number in just the one MANIFEST file and the application
> started without an issue.
> Is this bug enough to release a new update or should I prepare to patch our
> other servers manually?

Hi,

I will upload a fixed version shortly. Thanks for testing and bringing
the issue to our attention.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature
__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#902670: tomcat7: version number causes exception in osgi startup

2018-06-29 Thread EmTeedee 
Hi,

On 29/06/2018 18:05, Markus Koschany wrote:
> Ok, that makes sense. If this is the only MANIFEST file that needs an update,
> we can patch it with the next update. 

I changed the version number in just the one MANIFEST file and the application
started without an issue.
Is this bug enough to release a new update or should I prepare to patch our
other servers manually?

EmTeedee

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#902670: tomcat7: version number causes exception in osgi startup

2018-06-29 Thread Emmanuel Bourg 
Le 29/06/2018 à 16:35, Markus Koschany a écrit :

> I don't think we can fix the version of tomcat7 without making it
> impossible to upgrade from Jessie to Stretch.

I think the issue is the version in the OSGi metadata of the MANIFEST.MF
file, not the version of the package. This is something we can probably fix.

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#902670: tomcat7: version number causes exception in osgi startup

2018-06-29 Thread EmTeedee 
Hi,

The application we are using uses Eclipse Equinox, which is an OSGI framework.
It is not trying to parse the debian version number, it is trying to parse the
version of exported OSGI packages.
This is used to resolve dependencies and is a core feature of OSGI.

It looks like the offending version number comes from the Export-Package[1]
attribute in /usr/share/tomcat7/lib/tomcat-jdbc.jar:/META-INF/MANIFEST.MF
In the stable package (7.0.56-3+deb8u11), the version reads "7.0.56"
In the security update (7.0.56-3+really7.0.88-1) it reads 
"7.0.56-3+really7.0.88"

This simply isn't a valid version specification, see e.g.
http://www.eclipse.org/virgo/documentation/virgo-documentation-3.7.0.M01/docs/virgo-user-guide/html/ch02s02.html#d0e341

The stable package must have set this version number independently. If this is
actually 7.0.88, I suggest that that should be put in there.

EmTeedee

[1]: the complete attribute looks like this:
Export-Package: org.apache.tomcat.jdbc.naming;uses:="javax.naming,org.
 apache.juli.logging,javax.naming.spi";version="7.0.56",org.apache.tom
 cat.jdbc.pool;uses:="org.apache.juli.logging,javax.sql,org.apache.tom
 cat.jdbc.pool.jmx,javax.management,javax.naming,javax.naming.spi,org.
 apache.tomcat.jdbc.pool.interceptor";version="7.0.56",org.apache.tomc
 at.jdbc.pool.interceptor;uses:="org.apache.tomcat.jdbc.pool,org.apach
 e.juli.logging,javax.management.openmbean,javax.management";version="
 7.0.56",org.apache.tomcat.jdbc.pool.jmx;uses:="org.apache.tomcat.jdbc
 .pool,org.apache.juli.logging,javax.management";version="7.0.56"

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#902670: tomcat7: version number causes exception in osgi startup

2018-06-29 Thread EmTeedee 
Package: tomcat7
Version: 7.0.56-3+really7.0.88-1
Severity: important
Tags: jessie jessie-security

During startup the current version number causes an application using
ecplise osgi to fail with an exception.

Caused by: java.lang.IllegalArgumentException: invalid version
"7.0.56-3+really7.0.88": non-numeric "56-3+really7"
    at org.osgi.framework.Version.parseInt(Version.java:170)
    at org.osgi.framework.Version.(Version.java:134)
    at org.osgi.framework.Version.parseVersion(Version.java:233)
    at
org.eclipse.osgi.internal.resolver.StateBuilder.addExportPackages(StateBuilder.java:342)
    at
org.eclipse.osgi.internal.resolver.StateBuilder.createExportPackages(StateBuilder.java:324)

The grammar accepted by parseVersion is:
  version ::= major('.'minor('.'micro('.'qualifier)?)?)?
  major ::= digit+
  minor ::= digit+
  micro ::= digit+
  qualifier ::= (alpha|digit|'_'|'-')+
  digit ::= [0..9]
  alpha ::= [a..zA..Z]

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500,
'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages tomcat7 depends on:
ii  adduser    3.115
ii  debconf [debconf-2.0]  1.5.61
ii  tomcat7-common 7.0.56-3+really7.0.88-1
ii  ucf    3.0036

Versions of packages tomcat7 recommends:
ii  authbind  2.1.2

Versions of packages tomcat7 suggests:
ii  libtcnative-1 1.2.12-2+deb9u1
ii  tomcat7-admin 7.0.56-3+really7.0.88-1
ii  tomcat7-docs  7.0.56-3+really7.0.88-1
pn  tomcat7-examples  
pn  tomcat7-user  

-- Configuration Files:
/etc/init.d/tomcat7 changed [not included]
/etc/tomcat7/catalina.properties [Errno 13] Permission denied:
'/etc/tomcat7/catalina.properties'
/etc/tomcat7/context.xml [Errno 13] Permission denied: 
'/etc/tomcat7/context.xml'
/etc/tomcat7/logging.properties [Errno 13] Permission denied:
'/etc/tomcat7/logging.properties'
/etc/tomcat7/policy.d/01system.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/01system.policy'
/etc/tomcat7/policy.d/02debian.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/02debian.policy'
/etc/tomcat7/policy.d/03catalina.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/03catalina.policy'
/etc/tomcat7/policy.d/04webapps.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/04webapps.policy'
/etc/tomcat7/policy.d/50local.policy [Errno 13] Permission denied:
'/etc/tomcat7/policy.d/50local.policy'
/etc/tomcat7/server.xml [Errno 13] Permission denied: '/etc/tomcat7/server.xml'
/etc/tomcat7/tomcat-users.xml [Errno 13] Permission denied:
'/etc/tomcat7/tomcat-users.xml'
/etc/tomcat7/web.xml [Errno 13] Permission denied: '/etc/tomcat7/web.xml'

-- debconf information excluded

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.