group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1664179] Re: Wrong POM dependency in javax.servlet.jsp:jsp-api:2.2

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1664179@xxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Apr 2017 22:11:47 -0000
Reply-to: Bug 1664179 <1664179@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package tomcat7 - 7.0.52-1ubuntu0.11

---------------
tomcat7 (7.0.52-1ubuntu0.11) trusty; urgency=medium

  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7 contains
    the '%' character (LP: #1666570).
  * Fix javax.servlet.jsp POM to use servlet-api version 3.0 instead of
    2.2 (LP: #1664179).

 -- Joshua Powers <josh.powers@xxxxxxxxxxxxx>  Wed, 22 Mar 2017 13:42:56
-0600

** Changed in: tomcat7 (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1664179

Title:
  Wrong POM dependency in javax.servlet.jsp:jsp-api:2.2

Status in tomcat7 package in Ubuntu:
  Invalid
Status in tomcat7 source package in Trusty:
  Fix Released
Status in tomcat7 source package in Xenial:
  Fix Committed
Status in tomcat7 source package in Yakkety:
  Fix Committed

Bug description:
  == Begin SRU Template ==
  [Impact]

   * The Tomcat7 package specifies an incorrect version of the javax.servlet api. If users attempt to use the version specified, 2.2, it will fail trying to find that version as it does not exist at all.
   * Currently the version is auto filled in by @MAVEN.DEPLOY.VERSION@, which is used to fill in other fields as well. However, the API versions are not all the same and should not be specified like this.
   * The official servlet version for Tomcat 7, 3.0, was specified here: https://jcp.org/en/jsr/detail?id=315

  [Test Case]

  An example to test Tomcat7 on Trusty. The same instructions can apply
  to other releases.

  Overview: Install tomcat7 and attempt to build the pom. It will fail
  as the built in library specifies a non-existent version of 2.2.

   * lxc launch ubuntu-daily:trusty trusty
   * lxc exec trusty bash
   * apt install tomcat7 maven-debian-helper libmaven-dependency-plugin-java libservlet3.0-java
   * wget https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1664179/+attachment/4818104/+files/pom.xml
   * mvn-debian -q generate-sources -X

  [Regression Potential]

   * Users currently experiencing this issue would be expecting a SRU fix to come from us. Working around it would require changing the /usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.2/jsp-api-2.2.pom  to use the 3.0 version. This fix does the same thing.
   * There is the slight, albeit incredibly low chance, that someone actually has scripted something to modify the package itself and swap out @MAVEN.DEPLOY.VERSION@ to the correct value.
   * The tomcat8 package has gone away from using @MAVEN.DEPLOY.VERSION@ in favor of specifying the exact version as well to avoid this type of mismatch.

  [Other Info]

  Hi,

  Ubuntu 16.04.1 LTS,
  libservlet3.0-java=7.0.68-1ubuntu0.1

  In /usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.2/jsp-api-2.2.pom
  file that belongs to libservlet3.0-java there is the following
  dependency:

  <dependency>
    <groupId>javax.servlet</groupId>
    <artifactId>servlet-api</artifactId>
    <version>2.2</version>
    <scope>compile</scope>
  </dependency>

  But there is no corresponding javax.servlet:servlet-api:2.2 in
  /usr/share/maven-repo. So if I try to build some Java library that
  depends on javax.servlet.jsp:jsp-api:2.2 with mvn-debian, I cannot do
  it due to wrong transitive dependency.

  I've attached a test pom.xml to reproduce the bug:

  ubuntu@build:~$ ls -la pom.xml
  -rw-rw-r-- 1 ubuntu ubuntu 1185 Feb 13 10:12 pom.xml
  ubuntu@build:~$
  ubuntu@build:~$ mvn-debian -q generate-sources
  find: ‘/usr/share/maven-repo/org/codehaus/plexus/plexus-compiler/*/*.jar’: No such file or directory
  find: ‘/usr/share/maven-repo/org/codehaus/plexus/plexus-compilers/*/*.jar’: No such file or directory
  find: ‘/usr/share/maven-repo/org/codehaus/plexus/plexus-containers/*/*.jar’: No such file or directory
  [ERROR] Failed to execute goal on project yyy: Could not resolve dependencies for project xxx:yyy:pom:debian: Cannot access central (https://repo.maven.apache.org/maven2) in offline mode and the artifact javax.servlet:servlet-api:jar:2.2 has not been downloaded from it before. -> [Help 1]
  [ERROR]
  [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
  [ERROR] Re-run Maven using the -X switch to enable full debug logging.
  [ERROR]
  [ERROR] For more information about the errors and possible solutions, please read the following articles:
  [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
  ubuntu@build:~$

  I believe that javax.servlet.jsp:jsp-api:2.2 should list javax.servlet
  :servlet-api:3.0 as dependency, not 2.2

  == End SRU Template ==

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1664179/+subscriptions