[Bug 1073159] Re: Please backport tomcat7 7.0.34 (main) from raring to precise (and quantal)
H.-Dirk Schmitt
dirk at computer42.org
Thu Dec 20 13:46:42 UTC 2012
A backport is again available in
It works - but the APR has been changed:
> An incompatible version 1.1.22 of the APR based Apache Tomcat Native
library is installed, while Tomcat requires version 1.1.24
So in addition also tomcat-native should be backported
** Summary changed:
- Please backport tomcat7 7.0.34 (main) from raring to precise (and quantal)
+ Please backport tomcat7 7.0.34 (main) from raring to precise (and quantal) [and tomcat-native]
** Description changed:
Please backport tomcat7 7.0.30-0ubuntu1 (main) from raring to precise.
Reason for the backport:
========================
- Currently tomcat7 on precise is 7.0.26
- quantal an roaring providing 7.0.30
+ Currently tomcat7 on precise is 7.0.26 (see linked CVE)
+ quantal is providing 7.0.30 (see some of the linked CVE)
+ raring is providing 7.0.34
In my opinion it would be good to have the most current tomcat7 version also in precise-backports.
The goal should be providing the latest tomcat7 stable release also via backports in the LTS release of ubuntu.
+ In addition the old version if affected by some security issues.
The number of fixes is still impressing :-)
https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+
+
+ NOTE: In tomcat 7.0.34 has the APR library has changed. For satisfying the runtime dependency tomcat-native should also backported
Testing:
========
Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing.
You can test-build the backport in your PPA with backportpackage:
$ backportpackage -u ppa:<lp username>/<ppa name> -s raring -d precise tomcat7
--> see ppa:dirk-computer42/c42-backport
* precise:
[X] Package builds without modification
[X] tomcat7-common installs cleanly and runs
[X] libservlet3.0-java installs cleanly and runs
[X] tomcat7-docs installs cleanly and runs
[X] libservlet3.0-java-doc installs cleanly and runs
[X] tomcat7 installs cleanly and runs
[X] libtomcat7-java installs cleanly and runs
[X] tomcat7-user installs cleanly and runs
[X] tomcat7-admin installs cleanly and runs
[X] tomcat7-examples installs cleanly and runs
Reverse dependencies:
=====================
The following reverse-dependencies need to be tested against the new version of tomcat7. For reverse-build-dependencies (-Indep), please test that the package still builds against the new tomcat7. For reverse-dependencies, please test that the version of the package currently in the release still works with the new tomcat7 installed. Reverse- Recommends, Suggests, and Enhances don't need to be tested, and are listed for completeness-sake.
tomcat7-common
--------------
libservlet3.0-java
------------------
* libjtharness-java
[ ] precise (Reverse-Depends)
* jtharness
[ ] precise (Reverse-Build-Depends-Indep)
tomcat7-docs
------------
libservlet3.0-java-doc
----------------------
tomcat7
-------
libtomcat7-java
---------------
tomcat7-user
------------
tomcat7-admin
-------------
tomcat7-examples
----------------
** Also affects: tomcat7 (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- Please backport tomcat7 7.0.34 (main) from raring to precise (and quantal) [and tomcat-native]
+ Please backport tomcat7 7.0.34 (main) from raring to precise (and quantal) [and tomcat-native] to fix serious CVE reports
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1073159
Title:
Please backport tomcat7 7.0.34 (main) from raring to precise (and
quantal) [and tomcat-native] to fix serious CVE reports
To manage notifications about this bug go to:
https://bugs.launchpad.net/precise-backports/+bug/1073159/+subscriptions
More information about the Ubuntu-server-bugs
mailing list