Please merge tomcat5.5 5.5.26-5 (universe) from Debian unstable (main)

Debdiff from Debian version to Merged version.

Remaining changes:
- debian/control: add libecj-java builddep to fix FTBFS with default-jdk
- debian/rules: Set java source and target version to 1.5
- debian/rules: Don't fail install if Tomcat cannot be started
- debian/tomcat5.5.init: Fix JVM list to match java2-runtime-headless providers, and do not refuse using JREs
- debian/rules, debian/tomcat5.5.init: Implement TearDown spec
- debian/tomcat5.5.install: Don't install catalina.policy

Additional changes:
- debian/changelog: Cleaned up duplicate entries
- debian/tomcat5.5.init: Added LSB exit codes to status action (LP: #298051)

Debdiff from last Ubuntu version to Merged version.

From Debian:
- Adopted Debian's slightly different way of specifying the JVM runtime depends
- debian/copyright: Reference Apache 2.0 license in /usr/share/common/license

Additional changes (from me):
- debian/tomcat5.5.init: Added LSB exit codes to status action (LP: #298051)

Forwarding remaining deltas to Debian:

"Do not refuse using JREs" is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495235
"Don't install catalina.policy" is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426761
"Added LSB exit codes to status action" is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505709

Other remaining deltas are Ubuntu-specific (mostly linked to our use of openjdk-6-jdk as the default-jdk).

Hi,

Thanks for working on this. I have a couple of quick questions from reviewing the
diff.

Firstly, you drop a lot of the debian/changelog from Debian, is that intentional?

Secondly, is tomcat really a good candidate for the TearDown spec? Does it signal
to the apps running on it when it is shutting down?

Thanks,

James

Yes, the drop of changelog entries is intentional. The changelog shipped in 5.5.26-5 contained duplicated entries for versions from 5.5.15-1 to 5.5.26-2. The Debian-to-Merged debdiff doesn't represent those changes in a friendly way, but if you look at the last-in-Ubuntu to Merged debdiff, you can see that it is just adding the missing entries.

About TearDown, I've to look deeper into the code : I don't think Tomcat5.5 signals to the running applications, however it's calling a JAR method for shutdown so it might still be more appropriate to call the init script on shutdown. I'll come back to you on this.

In fact I presumed wrong, you can implement org.apache.catalina.LifecycleListener to execute special code when a Context is destroyed, and a quick shutdown would bypass that. Good catch, I'll provide fixed debdiffs in a few.

(fixed) Debdiff from Debian version to Merged version.

Remaining changes:
- debian/control: add libecj-java builddep to fix FTBFS with default-jdk
- debian/rules: Set java source and target version to 1.5
- debian/rules: Don't fail install if Tomcat cannot be started
- debian/tomcat5.5.init: Fix JVM list to match java2-runtime-headless providers, and do not refuse using JREs
- debian/tomcat5.5.install: Don't install catalina.policy

Additional changes:
- debian/changelog: Cleaned up duplicate entries
- debian/tomcat5.5.init: Added LSB exit codes to status action (LP: #298051)

(fixed) Debdiff from last Ubuntu version to Merged version.

From Debian:
- Adopted Debian's slightly different way of specifying the JVM runtime depends
- debian/copyright: Reference Apache 2.0 license in /usr/share/common/license

Additional changes (from me):
- debian/tomcat5.5.init: Added LSB exit codes to status action (LP: #298051)
- dropped Ubuntu-specific TearDown implementation which might break LifecycleListener

This bug was fixed in the package tomcat5.5 - 5.5.26-5ubuntu1

---------------
tomcat5.5 (5.5.26-5ubuntu1) jaunty; urgency=low

  * Merge from debian unstable (LP: #298043), remaining changes:
    - debian/control: add libecj-java builddep to fix FTBFS with default-jdk
    - debian/rules: Set java source and target version to 1.5
    - debian/rules: Don't fail install if Tomcat cannot be started
    - debian/tomcat5.5.init: Fix JVM list to match java2-runtime-headless
      providers, and do not refuse using JREs
    - debian/tomcat5.5.install: Don't install catalina.policy
  * debian/changelog: Removed duplicate entries
  * debian/tomcat5.5.init: Added LSB exit codes to status action (LP: #298051)
  * debian/rules: dropped Ubuntu-specific TearDown implementation which might
    break LifecycleListener

tomcat5.5 (5.5.26-5) unstable; urgency=medium

  * Merge changes from Ubuntu:
    - Use default-jre-headless, default-jdk as preferred alternatives.
    - tomcat5.5.init: Fix JDK list to match default-jre, java-6-openjdk
      and java-6-cacao. Closes: #495235.
    - tomcat5.5.postinst: Removed superfluous /etc/tomcat5.5/tomcat5.5 linking.
      Closes: #498487.
  * debian/copyright: Reference Apache 2.0 license in /usr/share/common/licenses

tomcat5.5 (5.5.26-4) unstable; urgency=high

  * Security issues fixed.
    - CVE-2008-1232: Cross-site scripting
    - CVE-2008-2370: Information disclosure
    - CVE-2008-2938: Directory traversal. Closes: #496309.

tomcat5.5 (5.5.26-3ubuntu3) intrepid; urgency=low

  * Set java source and target version to 1.5 (LP: #264808)

 -- Thierry Carrez <email address hidden> Tue, 18 Nov 2008 13:52:48 +0100