Wrong POM dependency in javax.servlet.jsp:jsp-api:2.2

Thanks for the bug report.

# Steps to reproduce
I am kind of a novice when it comes to maven and what we have in Ubuntu, so my apologies if I miss something obvious here. In a Xenial LXD container I ran the following:

> apt install maven-debian-helper libmaven-dependency-plugin-java libservlet3.0-java
> wget <your pom.xml>
> mvn-deiban -q generate-sources -X

It failed as expected with the your error message. After looking at your suggestion if I modified:
/usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.2/jsp-api.2.2.pom
to point at 3.0 and not 2.2 and your build worked.

# Source
The source for that file is contained in debian/javaxpoms/jsp-api.pom and if you pull the Ubuntu source you will find that the version is set to "<version>@MAVEN.DEPLOY.VERSION@</version>". Well in debian/rules there is a stanza for setting it:

perl -p -i -e 's/\@MAVEN.DEPLOY.VERSION\@/2.2/' \
              debian/javaxpoms/jsp-api.pom

I believe you would then propose we change 2.2 to 3.0?

> I believe you would then propose we change 2.2 to 3.0?

If you simply change 2.2 to 3.0 in debian/rules in that stanze, then it'll change the dependency on javax.el:el-api as well.

So, the dependencies should be the following:
javax.el:el-api:2.2 (same as it is now)
javax.servlet:servlet-api:3.0 (changed from 2.2 to 3.0)

You can consult the table of versions for jsp, servlet, etc. here:
http://stackoverflow.com/questions/2013879/the-ultimate-java-version-table-j2ee-java-ee-servlet-jsp-jstl

In case of libservlet2.5-java package maintainers have replaced the actual versions to "debian", so it works properly.

For the case of libservlet3.1-java everything is also fine:
https://anonscm.debian.org/cgit/pkg-java/tomcat8.git/tree/debian/javaxpoms/jsp-api.pom
(compare it with the table).

Saying more general: Tomcat always provides a compatible set of versions for jsp-api, servlet-api and el-api. So, POM dependencies within a libservletXXX-java package have to point to the corresponding versions of .jar-s that are placed in such package.

Thanks for the table. Looking at the docs it does look like 2.2 JSP should have 3.0 servlet and 2.2 EL, therefore I believe the following changes would fix this:

diff --git a/debian/javaxpoms/jsp-api.pom b/debian/javaxpoms/jsp-api.pom
index 56271e0..e2dbf6d 100644
--- a/debian/javaxpoms/jsp-api.pom
+++ b/debian/javaxpoms/jsp-api.pom
@@ -19,7 +19,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>javax.servlet.jsp</groupId>
   <artifactId>jsp-api</artifactId>
- <version>@MAVEN.DEPLOY.VERSION@</version>
+ <version>2.2</version>
   <description>JSP package</description>
   <url>http://tomcat.apache.org/</url>
   <licenses>
@@ -43,13 +43,13 @@
     <dependency>
       <groupId>javax.el</groupId>
       <artifactId>el-api</artifactId>
- <version>@MAVEN.DEPLOY.VERSION@</version>
+ <version>2.2</version>
       <scope>compile</scope>
     </dependency>
     <dependency>
       <groupId>javax.servlet</groupId>
       <artifactId>servlet-api</artifactId>
- <version>@MAVEN.DEPLOY.VERSION@</version>
+ <version>3.0</version>
       <scope>compile</scope>
     </dependency>
   </dependencies>

@tadam I have submitted these changes to be fixed on trusty, xenial, and yakkety. I am not submitting this to be fixed on zesty because it is source only.

Once the changes are reviewed and accepted, unless I need to make any changes :), the new packages will enter the proposed pocket for final testing and acceptance and after a minimum of 7 days released. I believe I have that right, but open to correction from anyone ;)

OK, thank you Joshua.

Before this can go through the SRU process, please indicate if the Zesty version of tomcat7 (7.0.75-1) already has this bug fixed (Fix Released) or is unaffected (Invalid).

@arges because the package is source only in zesty I am marking the primary task as invalid.

Hello Yury, or anyone else affected,

Accepted tomcat7 into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/tomcat7/7.0.72-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Yury, or anyone else affected,

Accepted tomcat7 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/tomcat7/7.0.68-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Yury, or anyone else affected,

Accepted tomcat7 into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.11 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

@sru-team

Verified tomcat7 trusty (7.0.52-1ubuntu0.11) based on the test case described in the SRU template. The build completed without error. Marking as verification-done-trusty.

I will do Xenial and Yakkety once I have binaries.

This bug was fixed in the package tomcat7 - 7.0.52-1ubuntu0.11

---------------
tomcat7 (7.0.52-1ubuntu0.11) trusty; urgency=medium

  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7 contains
    the '%' character (LP: #1666570).
  * Fix javax.servlet.jsp POM to use servlet-api version 3.0 instead of
    2.2 (LP: #1664179).

 -- Joshua Powers <email address hidden> Wed, 22 Mar 2017 13:42:56 -0600

As part of a recent change in the Stable Release Update verification policy we would like to inform that for a bug to be considered verified for a given release a verification-done-$RELEASE tag needs to be added to the bug where $RELEASE is the name of the series the package that was tested (e.g. verification-done-xenial). Please note that the global 'verification-done' tag can no longer be used for this purpose.

Thank you!

Marking yakkety as won't fix due to EOL status.

tomcat7 in xenial-proposed failed to build.