© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Thanks for your work on this! I have some comments though:
* the patches have DEP-3 comments (great!) but they point to a web page. I think it would be much better to include that URL in the description, then use an Origin stanza for the commits, and 'Bug: <url to upstream bug>'. If you are backporting patches, you should use 'Origin: backport, <commit url>' and the description should discuss your backporting. This will greatly speed up sponsoring, especially for non-trivial patchsets like this one
* looking at the patch commits most of them seem fine, but could you explain CVE-2012-0022.patch and CVE-2012-3439.patch a bit more?
You also didn't note the testing performed. I recalled that tomcat7 has a testsuite but that it wasn't enabled in the build in Ubuntu 11.10 and 12.04 LTS. After applying your patches, I ran the testsuite and it fails with:
test-compile:
[mkdir] Created dir: /home/jamie/
[javac] Compiling 152 source files to /home/jamie/
[javac] /home/jamie/
[javac] symbol : method setCnonceCacheS
[javac] location: class org.apache.
[javac] authenticator.
[javac] ^
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] 1 error
BUILD FAILED
In an effort to make this easier to test going forward, I have created debdiffs for oneiric and precise (attached) that add a 'testsuite' target. In essence, you would:
1. apply your patches
2. as root in a chroot:
# apt-get build-dep tomcat7
# apt-get install junit4 libjstl1.1-java libjakarta-
3. as a normal user in the same chroot:
$ debian/rules testsuite
See debian/
NAK until the testsuite failures are addressed. As per our sponsoring procedures, I am assigning you to the bug and unsubscribing ubuntu-