You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Emmanuel Bourg <eb...@apache.org> on 2014/02/28 15:15:23 UTC

Backporting security fixes to Debian

Hi,

I'm preparing a security update for the Tomcat 7 package in Debian and I
need some help with the fix for CVE-2013-2071 [1]. The tomcat7 package
in the stable Debian distribution is based on the version 7.0.28. I
applied the revisions 1471372 [2] and 1475792 [3] but I get 3 failing tests:

Testcase: testTimeoutListenerCompleteDispatch took 3.188 sec
        FAILED
expected:<500> but was:<200>
junit.framework.AssertionFailedError: expected:<500> but was:<200>
        at
org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:80)
        at
org.apache.catalina.core.TestAsyncContextImpl.doTestTimeout(TestAsyncContextImpl.java:468)
        at
org.apache.catalina.core.TestAsyncContextImpl.testTimeoutListenerCompleteDispatch(TestAsyncContextImpl.java:395)

Testcase: testDispatchErrorSingleThenComplete took 1.217 sec
        FAILED
Uri: /stage1, Status: 200, Time: 1043
junit.framework.AssertionFailedError: Uri: /stage1, Status: 200, Time: 1043
        at
org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:83)
        at
org.apache.catalina.core.TestAsyncContextImpl.doTestDispatchError(TestAsyncContextImpl.java:919)
        at
org.apache.catalina.core.TestAsyncContextImpl.testDispatchErrorSingleThenComplete(TestAsyncContextImpl.java:837)

Testcase: testMemberArrival took 4.125 sec
        FAILED
Checking member arrival length (Listener-10) expected:<9> but was:<8>
junit.framework.AssertionFailedError: Checking member arrival length
(Listener-10) expected:<9> but was:<8>
        at
org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.testMemberArrival(TestGroupChannelMemberArrival.java:80)


Anyone knows what other commits should be applied to fix these errors?

Thank you,

Emmanuel Bourg

[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
[2] http://svn.apache.org/r1471372
[3] http://svn.apache.org/r1475792

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Backporting security fixes to Debian

Posted by Emmanuel Bourg <eb...@apache.org>.

I eventually figured why the tests were failing. I forgot to remove an
assertion in TestAsyncContextImpl as part of r1475792, and
TestGroupChannelMemberArrival was failing until I applied r1453622.

Emmanuel Bourg


Le 28/02/2014 15:15, Emmanuel Bourg a écrit :
> Hi,
> 
> I'm preparing a security update for the Tomcat 7 package in Debian and I
> need some help with the fix for CVE-2013-2071 [1]. The tomcat7 package
> in the stable Debian distribution is based on the version 7.0.28. I
> applied the revisions 1471372 [2] and 1475792 [3] but I get 3 failing tests:
> 
> Testcase: testTimeoutListenerCompleteDispatch took 3.188 sec
>         FAILED
> expected:<500> but was:<200>
> junit.framework.AssertionFailedError: expected:<500> but was:<200>
>         at
> org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:80)
>         at
> org.apache.catalina.core.TestAsyncContextImpl.doTestTimeout(TestAsyncContextImpl.java:468)
>         at
> org.apache.catalina.core.TestAsyncContextImpl.testTimeoutListenerCompleteDispatch(TestAsyncContextImpl.java:395)
> 
> Testcase: testDispatchErrorSingleThenComplete took 1.217 sec
>         FAILED
> Uri: /stage1, Status: 200, Time: 1043
> junit.framework.AssertionFailedError: Uri: /stage1, Status: 200, Time: 1043
>         at
> org.apache.catalina.valves.TesterAccessLogValve.validateAccessLog(TesterAccessLogValve.java:83)
>         at
> org.apache.catalina.core.TestAsyncContextImpl.doTestDispatchError(TestAsyncContextImpl.java:919)
>         at
> org.apache.catalina.core.TestAsyncContextImpl.testDispatchErrorSingleThenComplete(TestAsyncContextImpl.java:837)
> 
> Testcase: testMemberArrival took 4.125 sec
>         FAILED
> Checking member arrival length (Listener-10) expected:<9> but was:<8>
> junit.framework.AssertionFailedError: Checking member arrival length
> (Listener-10) expected:<9> but was:<8>
>         at
> org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.testMemberArrival(TestGroupChannelMemberArrival.java:80)
> 
> 
> Anyone knows what other commits should be applied to fix these errors?
> 
> Thank you,
> 
> Emmanuel Bourg
> 
> [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
> [2] http://svn.apache.org/r1471372
> [3] http://svn.apache.org/r1475792
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org