Processed: tagging 851304

2017-02-13 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 851304 + security
Bug #851304 {Done: Salvatore Bonaccorso } [tomcat8] tomcat8 
use 100% cpu time
Added tag(s) security.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
851304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851304
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: closing 851304

2017-02-13 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 851304 8.0.14-1+deb8u7
Bug #851304 [tomcat8] tomcat8 use 100% cpu time
Marked as fixed in versions tomcat8/8.0.14-1+deb8u7.
Bug #851304 [tomcat8] tomcat8 use 100% cpu time
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
851304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851304
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#851304: tomcat8 use 100% cpu time

2017-02-13 Thread linux...@gmail.com 
I tried the updated package and it work well.

RickLinux

 Original Message 
From:Markus Koschany 
Sent:Thu, 09 Feb 2017 20:28:53 -0500
To:linux...@gmail.com,k...@juplo.de
Cc:851...@bugs.debian.org
Subject:Re: tomcat8 use 100% cpu time

>Hello,
>
>thank you for reporting this bug. We think we have found a solution for
>this issue. I have uploaded new binary packages of Tomcat 8 for Debian
>Jessie to [1] and a debdiff in case you prefer to build the package from
>source. We would appreciate it if you could test those packages and tell
>us if they fix your cpu load problem.
>
>[1] https://people.debian.org/~apo/tomcat8/
>
>Regards,
>
>Markus
>
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

tomcat8_8.0.14-1+deb8u7_amd64.changes ACCEPTED into proposed-updates->stable-new

2017-02-13 Thread Debian FTP Masters 
Mapping stable-security to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 Feb 2017 10:34:43 +0100
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java 
libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API 
classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java 
API documenta
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8- Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web 
application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web 
applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 851304
Changes:
 tomcat8 (8.0.14-1+deb8u7) jessie-security; urgency=high
 .
   * Team upload.
   * Add BZ57544-infinite-loop.patch: It was found that https GET requests could
 trigger an infinite loop and thus cause a denial-of-service.
 (Closes: #851304)
Checksums-Sha1:
 ad801caf803c9820c66ecd071a7aaecf53c5d160 3009 tomcat8_8.0.14-1+deb8u7.dsc
 d4eba068b1b95f26be02e5d7e998f569283ea9bd 72416 
tomcat8_8.0.14-1+deb8u7.debian.tar.xz
 b44b991342a39939e422e212934ff020e39ea679 57676 
tomcat8-common_8.0.14-1+deb8u7_all.deb
 e9387c145ec1b39b76d9008522eb6a5eaedfaef2 47366 tomcat8_8.0.14-1+deb8u7_all.deb
 ce788186664d6ab1db1edf79b8b3bd298a9a8fe3 34832 
tomcat8-user_8.0.14-1+deb8u7_all.deb
 5ecc8a682fa9d97b13d25c6459f371255481dd1a 4586942 
libtomcat8-java_8.0.14-1+deb8u7_all.deb
 dff0b1425356c07397fc90d3690a396ec6c4f2c3 392178 
libservlet3.1-java_8.0.14-1+deb8u7_all.deb
 7d08b1e269cb36be01a659fdb99633bf5d1fc674 247160 
libservlet3.1-java-doc_8.0.14-1+deb8u7_all.deb
 b1bcb423ec24322bb834f67456756497704dc6f6 36248 
tomcat8-admin_8.0.14-1+deb8u7_all.deb
 0e2244c119d3cae411a2c26001d86e8691132252 194100 
tomcat8-examples_8.0.14-1+deb8u7_all.deb
 a66a44a8c1051596801dd7f41d513c42509629cc 689316 
tomcat8-docs_8.0.14-1+deb8u7_all.deb
Checksums-Sha256:
 bb2c407ee33084d20a24538aa7527fd91481bc9f2a76dd98a716ab3342c31bac 3009 
tomcat8_8.0.14-1+deb8u7.dsc
 92a7b95bedf757e57da0effbf0b42bbd519bd38b03fdad076f548b15e793debe 72416 
tomcat8_8.0.14-1+deb8u7.debian.tar.xz
 a48f1f034f6060ae6f4b2d99728f93693a107fad2b8d850be13c1e89c88bb595 57676 
tomcat8-common_8.0.14-1+deb8u7_all.deb
 1843c9d3b3a27d587cccd1130ea2721d6855d764881d00a5186c625e457a8655 47366 
tomcat8_8.0.14-1+deb8u7_all.deb
 4f4fcf90ea4174126d6e41f2ef3599caacad6ec9444366ee1b0283e4007420ee 34832 
tomcat8-user_8.0.14-1+deb8u7_all.deb
 92b6e954b33ba11cf1c618a299fdd85ec23ced629f9ef8be5e4c5eadd3b68c41 4586942 
libtomcat8-java_8.0.14-1+deb8u7_all.deb
 db979d839cd82e2e3b4021669e0de7b63fad1959d1c76c153f07ea13c893590d 392178 
libservlet3.1-java_8.0.14-1+deb8u7_all.deb
 9cdb44582c4f4d63776cd28cd61ae9cdf9e73d641d40ad77e16e0d023992f56f 247160 
libservlet3.1-java-doc_8.0.14-1+deb8u7_all.deb
 27ef186fbe1679d7d5be1c0782a74d2fde3f3020f5c14795223444fbeb88 36248 
tomcat8-admin_8.0.14-1+deb8u7_all.deb
 4aaadc98d566d909f5db163a4d8f8b6f0f4e367a30769b39ccd0a167edbb11a4 194100 
tomcat8-examples_8.0.14-1+deb8u7_all.deb
 07e0255e4bc79281d7d92871dcf1112cbda38b2489a8a31240b79086c951a61e 689316 
tomcat8-docs_8.0.14-1+deb8u7_all.deb
Files:
 ca4ce1bb8977f24a5c40bb1151c27656 3009 java optional tomcat8_8.0.14-1+deb8u7.dsc
 cf0a615e8ffdb54464b7cfc0cf48200a 72416 java optional 
tomcat8_8.0.14-1+deb8u7.debian.tar.xz
 8b6fdb01f101586aa06d545b6b66acec 57676 java optional 
tomcat8-common_8.0.14-1+deb8u7_all.deb
 3a9b23257681ab8476dd4ffe1fc0bcca 47366 java optional 
tomcat8_8.0.14-1+deb8u7_all.deb
 efef3e469e8dfe1d1cfe2a98e399965a 34832 java optional 
tomcat8-user_8.0.14-1+deb8u7_all.deb
 8c7817e692dd8c32022fd2a3edf8b90e 4586942 java optional 
libtomcat8-java_8.0.14-1+deb8u7_all.deb
 4f19ab7550d7ad02916688cef8190ebc 392178 java optional 
libservlet3.1-java_8.0.14-1+deb8u7_all.deb
 519007d996a0a6df5c1db94bc4fb0252 247160 doc optional 
libservlet3.1-java-doc_8.0.14-1+deb8u7_all.deb
 ed4de864b2755f528cb9a7e01ec65b3e 36248 java optional 
tomcat8-admin_8.0.14-1+deb8u7_all.deb
 247a244cae7d43a4dd4d20a0123fabb3 194100 java optional 
tomcat8-examples_8.0.14-1+deb8u7_all.deb
 737a0c72df568d35d15e8b4eadc182fc 689316 doc optional 
tomcat8-docs_8.0.14-1+deb8u7_all.deb

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlihf5xfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD

tomcat7_7.0.56-3+deb8u8_amd64.changes ACCEPTED into proposed-updates->stable-new

2017-02-13 Thread Debian FTP Masters 
Mapping stable-security to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 Feb 2017 10:16:57 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java 
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+deb8u8
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7- Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 854551
Changes:
 tomcat7 (7.0.56-3+deb8u8) jessie-security; urgency=high
 .
   * Team upload.
   * Add BZ57544-infinite-loop.patch: It was found that https GET requests could
 trigger an infinite loop and thus cause a denial-of-service.
 (Closes: #854551)
Checksums-Sha1:
 befc5ba2d5cbe49f31db903e7d1e244ac32d1fae 2925 tomcat7_7.0.56-3+deb8u8.dsc
 e59a76d0b1eaef9f920081ca50aff93db01375aa 90828 
tomcat7_7.0.56-3+deb8u8.debian.tar.xz
 1191daab4f6acd6457735962b829507238be47ea 63812 
tomcat7-common_7.0.56-3+deb8u8_all.deb
 d90e5e6f52b231296ec52c88e1c971cfbebec66a 52752 tomcat7_7.0.56-3+deb8u8_all.deb
 5eedecc075b8098ae988de33c84f8d3669894a99 40176 
tomcat7-user_7.0.56-3+deb8u8_all.deb
 9f8cbfd2e24ccabf4696387f916964bc907f83dc 3629222 
libtomcat7-java_7.0.56-3+deb8u8_all.deb
 fff215d4f7d1c24ec5dc879105d32aaca014236d 316142 
libservlet3.0-java_7.0.56-3+deb8u8_all.deb
 b49538a9da16f8f96ec662d8627014df5e007c15 206280 
libservlet3.0-java-doc_7.0.56-3+deb8u8_all.deb
 99b94b5fd37509c13b3b24ca84019eb32b1cdf65 41164 
tomcat7-admin_7.0.56-3+deb8u8_all.deb
 8d4ddbc441735afb29fe5c0aad081f9e48347b80 199268 
tomcat7-examples_7.0.56-3+deb8u8_all.deb
 765fa23a9d3bd9820e03bb4a9ddacf2ab6acabd7 605392 
tomcat7-docs_7.0.56-3+deb8u8_all.deb
Checksums-Sha256:
 530dbe859f764c7d31cd6bc510b19072ee1ab7ac50349ace47523506ab042363 2925 
tomcat7_7.0.56-3+deb8u8.dsc
 e9412b78ec6bd59e90519a2b96546d810b07b99e0e2153228f039b999f4296a2 90828 
tomcat7_7.0.56-3+deb8u8.debian.tar.xz
 fbffa9d377703e2163fd757e00808c21ce35601e967f702e19dad4e6a3c48ae2 63812 
tomcat7-common_7.0.56-3+deb8u8_all.deb
 0d6c58d9a34bdb5b8b4a86a05d2dad554a0b877bed7786ead8d0fa71aa59aa5f 52752 
tomcat7_7.0.56-3+deb8u8_all.deb
 3a5c1902934141b144d22e18d78574f5399b830ad2bf297f8dadc2a65371f873 40176 
tomcat7-user_7.0.56-3+deb8u8_all.deb
 fdb8c3a15cc1bbf22dcbd6db1b00e7f2bde6cd2b4dd6ba8e4b2c243f22d83d32 3629222 
libtomcat7-java_7.0.56-3+deb8u8_all.deb
 1f7bfc95bdbe9d0305b5bebbf162c21eb7d5c71857d8bdbd77a948a88d2e814c 316142 
libservlet3.0-java_7.0.56-3+deb8u8_all.deb
 9a018fc5469de006dff0fd6f97bec395016ad88804f544ffc8c58fd11417733d 206280 
libservlet3.0-java-doc_7.0.56-3+deb8u8_all.deb
 46c912cdda7f7fcf84f667f8fb6098e60c05000de9b1a14390a7f77c57fa3a6c 41164 
tomcat7-admin_7.0.56-3+deb8u8_all.deb
 46f20146f7895699449b80f8d499aaa9d18a18746c0fe31f6a3865c92d92008b 199268 
tomcat7-examples_7.0.56-3+deb8u8_all.deb
 52c6f3aeb7f72e89f01a04e598e857c4a21a119acfa8d829b09bfc8f364559aa 605392 
tomcat7-docs_7.0.56-3+deb8u8_all.deb
Files:
 be58b19b53e9479b9673514b5da5805e 2925 java optional tomcat7_7.0.56-3+deb8u8.dsc
 c46738f9819bd98168c0e8a636f2f4f3 90828 java optional 
tomcat7_7.0.56-3+deb8u8.debian.tar.xz
 36672cebe8345d04211526612cd8f80c 63812 java optional 
tomcat7-common_7.0.56-3+deb8u8_all.deb
 041c6429f9136a8a421a199d845ea37e 52752 java optional 
tomcat7_7.0.56-3+deb8u8_all.deb
 77025f6e109ae19267303449b0b690a4 40176 java optional 
tomcat7-user_7.0.56-3+deb8u8_all.deb
 aea0d0c217199b7c7f0341b9f4f14965 3629222 java optional 
libtomcat7-java_7.0.56-3+deb8u8_all.deb
 a993b23e45f715f54c93d09ae73d06d4 316142 java optional 
libservlet3.0-java_7.0.56-3+deb8u8_all.deb
 68879b9b847ef95a85f3c6fd2c6da6a1 206280 doc optional 
libservlet3.0-java-doc_7.0.56-3+deb8u8_all.deb
 e46f05bfa04f4c0c95369aa7ba6be932 41164 java optional 
tomcat7-admin_7.0.56-3+deb8u8_all.deb
 88cc6e98507ac2525873cb7aeac6e017 199268 java optional 
tomcat7-examples_7.0.56-3+deb8u8_all.deb
 d5e205cb8a524a30c8aa8332c1795523 605392 doc optional 
tomcat7-docs_7.0.56-3+deb8u8_all.deb

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlihfW9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkwRwP/iIKw/kwDsKlpjeoV9e1AI9bp8jcR577KApu
W/Yk6qDi48+a21YFKYFwNWe3wVTbiDzis7Lkf836FP0LJfQJrpzJ9CgwnTbE0Om4

Processing of tomcat7_7.0.56-3+deb8u8_amd64.changes

2017-02-13 Thread Debian FTP Masters 
tomcat7_7.0.56-3+deb8u8_amd64.changes uploaded successfully to localhost
along with the files:
  tomcat7_7.0.56-3+deb8u8.dsc
  tomcat7_7.0.56-3+deb8u8.debian.tar.xz
  tomcat7-common_7.0.56-3+deb8u8_all.deb
  tomcat7_7.0.56-3+deb8u8_all.deb
  tomcat7-user_7.0.56-3+deb8u8_all.deb
  libtomcat7-java_7.0.56-3+deb8u8_all.deb
  libservlet3.0-java_7.0.56-3+deb8u8_all.deb
  libservlet3.0-java-doc_7.0.56-3+deb8u8_all.deb
  tomcat7-admin_7.0.56-3+deb8u8_all.deb
  tomcat7-examples_7.0.56-3+deb8u8_all.deb
  tomcat7-docs_7.0.56-3+deb8u8_all.deb

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of tomcat8_8.0.14-1+deb8u7_amd64.changes

2017-02-13 Thread Debian FTP Masters 
tomcat8_8.0.14-1+deb8u7_amd64.changes uploaded successfully to localhost
along with the files:
  tomcat8_8.0.14-1+deb8u7.dsc
  tomcat8_8.0.14-1+deb8u7.debian.tar.xz
  tomcat8-common_8.0.14-1+deb8u7_all.deb
  tomcat8_8.0.14-1+deb8u7_all.deb
  tomcat8-user_8.0.14-1+deb8u7_all.deb
  libtomcat8-java_8.0.14-1+deb8u7_all.deb
  libservlet3.1-java_8.0.14-1+deb8u7_all.deb
  libservlet3.1-java-doc_8.0.14-1+deb8u7_all.deb
  tomcat8-admin_8.0.14-1+deb8u7_all.deb
  tomcat8-examples_8.0.14-1+deb8u7_all.deb
  tomcat8-docs_8.0.14-1+deb8u7_all.deb

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#855046: openjdk-8-jre-headless (jessie-backports), can't update, ca-certificates-java too old

2017-02-13 Thread Henner Heck 

Ok...still too inexperienced with the backports...and apt...and Debian.

Originally i tried a "dist-upgrade", which failed to upgrade the 
openjdk-8 packages previously installed from jessie-backports.

I investigated and thought to have found the reported bug as the root cause.
Synaptic only ever showed the 20140324 version of ca-certificates-java 
as current version. Is it not trustworthy with backports?


Thanks to the answers here, i ran

$ apt-get install -t jessie-backports ca-certificates-java
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  ca-certificates-java
1 upgraded, 0 newly installed, 0 to remove and 134 not upgraded.
Need to get 14.8 kB of archives.
After this operation, 1,024 B of additional disk space will be used.
Get:1 http://ftp.de.debian.org/debian/ jessie-backports/main 
ca-certificates-java all 20161107~bpo8+1 [14.8 kB]

.
.
.
done.


Now Synaptic shows version 20161107~bpo8+1 and a "dist-upgrade" updated 
the openjdk-8 packages (openjdk-8-jdk openjdk-8-jdk-headless 
openjdk-8-jre openjdk-8-jre-headless) successfully.


I am still not sure, as to why the "dist-upgrade" did not update the 
ca-certificates-java to 20161107~bpo8+1 automatically in the first place.
Possibly because the ca-certificates-java dependency for 
openjdk-8-jre-headerless has no minimum version specified?



Thank you all and best regards,
Henner Heck






smime.p7s
Description: S/MIME Cryptographic Signature
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#855046: openjdk-8-jre-headless (jessie-backports), can't update, ca-certificates-java too old

2017-02-13 Thread Rene Engelhard 
[ Not the openjdk maintainer, but.. ]

On Mon, Feb 13, 2017 at 03:26:00PM +0100, Henner Heck wrote:
> I can't update openjdk-8-jre-headless from
> 8u111-b14-2~bpo8+1
> to
> 8u121-b13-1~bpo8+1 .
> It breaks ca-certificates-java (<20160321~)
> and the only available ca-certificates-java is 20140324.

Erm, no?

% rmadison ca-certificates-java
ca-certificates-java | 20121112+nmu2   | oldstable| source, all
ca-certificates-java | 20140324| stable   | source, all
ca-certificates-java | 20140324| stable-kfreebsd  | source, all
ca-certificates-java | 20161107~bpo8+1 | jessie-backports | source, all
^^^
ca-certificates-java | 20161107| testing  | source, all
ca-certificates-java | 20161107| unstable | source, all

Besides that, the BTS is not for bpo-specific bugs sind it doesn't know
about bpo versions and gets confused wrt its version tracking.

Regards,

Rene

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#855046: openjdk-8-jre-headless (jessie-backports), can't update, ca-certificates-java too old

2017-02-13 Thread gregor herrmann 
On Mon, 13 Feb 2017 15:26:00 +0100, Henner Heck wrote:

> Package: openjdk-8-jre-headless (jessie-backports)
> Version: 8u111-b14-2~bpo8+1
> Package: ca-certificates-java
> Version: 20140324
> 
> I can't update openjdk-8-jre-headless from
> 8u111-b14-2~bpo8+1
> to
> 8u121-b13-1~bpo8+1 .
> It breaks ca-certificates-java (<20160321~)
> and the only available ca-certificates-java is 20140324.

That's not correct, backports has a newer version:

% rmadison ca-certificates-java
ca-certificates-java | 20121112+nmu2   | oldstable| source, all
ca-certificates-java | 20140324| stable   | source, all
ca-certificates-java | 20140324| stable-kfreebsd  | source, all
ca-certificates-java | 20161107~bpo8+1 | jessie-backports | source, all
ca-certificates-java | 20161107| testing  | source, all
ca-certificates-java | 20161107| unstable | source, all

> $ apt-get install openjdk-8-jre-headless

... -t jessie-backports ...

Cf. https://backports.debian.org/Instructions/

Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   BOFH excuse #415:  Maintenance window broken 

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#855046: openjdk-8-jre-headless (jessie-backports), can't update, ca-certificates-java too old

2017-02-13 Thread Henner Heck 


Package: openjdk-8-jre-headless (jessie-backports)
Version: 8u111-b14-2~bpo8+1
Package: ca-certificates-java
Version: 20140324

I can't update openjdk-8-jre-headless from
8u111-b14-2~bpo8+1
to
8u121-b13-1~bpo8+1 .
It breaks ca-certificates-java (<20160321~)
and the only available ca-certificates-java is 20140324.


Output:
--

$ apt-get install openjdk-8-jre-headless
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 openjdk-8-jre-headless : Breaks: ca-certificates-java (< 20160321~) 
but 20140324 is to be installed

E: Unable to correct problems, you have held broken packages.

--

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux 8.7 (jessie)
Release:8.7
Codename:   jessie

--

$ uname -a
Linux cruncher 4.9.0-0.bpo.1-amd64 #1 SMP Debian 4.9.2-2~bpo8+1 
(2017-01-26) x86_64 GNU/Linux


--


Best regards,
Henner Heck



smime.p7s
Description: S/MIME Cryptographic Signature
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#854551: Pending fixes for bugs in the tomcat7 package

2017-02-13 Thread pkg-java-maintainers 
tag 854551 + pending
thanks

Some bugs in the tomcat7 package are closed in revision
f1925c3b011e51ccff77e272b38a4a4896fd3f15 in branch '  jessie' by
Markus Koschany

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/commit/?id=f1925c3

Commit message:

Import Debian changes 7.0.56-3+deb8u8

tomcat7 (7.0.56-3+deb8u8) jessie-security; urgency=high

  * Team upload.
  * Add BZ57544-infinite-loop.patch: It was found that https GET requests 
could
trigger an infinite loop and thus cause a denial-of-service.
(Closes: #854551)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Pending fixes for bugs in the tomcat7 package

2017-02-13 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 854551 + pending
Bug #854551 [tomcat7] tomcat7: Remote https GET requests to Tomcat7 with 
default config cause server cpu to jump 100% forever
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
854551: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854551
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#851304: Pending fixes for bugs in the tomcat8 package

2017-02-13 Thread pkg-java-maintainers 
tag 851304 + pending
thanks

Some bugs in the tomcat8 package are closed in revision
401af63dfb55e4153aba434d2e6f5d973f01e4cd in branch '  jessie' by
Markus Koschany

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/tomcat8.git/commit/?id=401af63

Commit message:

Import Debian changes 8.0.14-1+deb8u7

tomcat8 (8.0.14-1+deb8u7) jessie-security; urgency=high

  * Team upload.
  * Add BZ57544-infinite-loop.patch: It was found that https GET requests 
could
trigger an infinite loop and thus cause a denial-of-service.
(Closes: #851304)

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#854551: Bug#851304: tomcat8 use 100% cpu time

2017-02-13 Thread Markus Koschany 
On 13.02.2017 08:34, Moritz Mühlenhoff wrote:
> On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote:
>> Hi,
>>
>> a bug was reported against tomcat8 and tomcat7 in Jessie and it seems
>> the issue is related to our latest security updates. We would like to
>> address this regression as soon as possible because this one can be
>> triggered remotely and cause a denial-of-service.
>>
>> I have attached the debdiffs for tomcat8 and tomcat7 to this email. I
>> will update the changelogs later.
> 
> Thanks, please upload.

Thanks. Uploaded.




signature.asc
Description: OpenPGP digital signature
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Pending fixes for bugs in the tomcat8 package

2017-02-13 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 851304 + pending
Bug #851304 [tomcat8] tomcat8 use 100% cpu time
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
851304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851304
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.