Your message dated Sat, 16 Oct 2021 14:32:12 +0000
with message-id <[email protected]>
and subject line Bug#987179: fixed in tomcat9 9.0.43-2~deb11u2
has caused the Debian Bug report #987179,
regarding tomcat9: catalina.out created with root owner, then logrotate fails
to process it
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987179: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987179
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tomcat9
Version: 9.0.43-1
Severity: important
Hello,
I just deployed 9 servers using Debian 11 and I have a rather serious issue
with them.
[email protected]:~# ls -lah /var/log/tomcat9/catalina.out
-rw-r----- 1 root adm 2.8G Apr 19 10:05 /var/log/tomcat9/catalina.out
[email protected]:~# ls -lah /var/log/tomcat9/catalina.out
-rw-r----- 1 tomcat adm 1.3M Apr 19 10:05 /var/log/tomcat9/catalina.out
As you can see, owner is incorrect. That wouldn't not be such of an issue, if
the file could be processed correctly with logrotate, but that's not the case:
Apr 19 00:00:18 debian11.server[3689613]: error: error opening
/var/log/tomcat9/catalina.out: Permission denied
Apr 19 00:00:18 debian11.server systemd[1]: logrotate.service: Main process
exited, code=exited, status=1/FAILURE
Apr 19 00:00:18 debian11.server systemd[1]: logrotate.service: Failed with
result 'exit-code'.
Apr 19 00:00:18 debian11.server systemd[1]: logrotate.service: Consumed 11.480s
CPU time.
What's happening now is that the file is silently growing forever and lead to
one server crash during the weekend after running out of disk space.
I'm not sure it's an RC bug but it's definitely quite serious to me and should
be fixed before the release.
On both system, the file is created by an rsyslog rule at
/etc/rsyslog.d/tomcat9.conf which looks identical to me.
However, it seems the /var/log/tomcat9 folder has different directory
permission, which could be the reason why the file had been created with a
different owner:
[email protected]:~# ls -lahd /var/log/tomcat9
drwxrws--- 2 tomcat adm 4.0K Apr 19 06:25 /var/log/tomcat9
[email protected]:~# ls -lahd /var/log/tomcat9
drwxr-s--- 2 tomcat adm 32K Apr 19 06:25 /var/log/tomcat9
Or something changed withing rsyslog behavior, I'm not sure. Modifying rsyslog
file to explicitly set file owner could also be an option.
Best regards, Adam.
-- System Information:
Debian Release: 10.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-14-amd64 (SMP w/32 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages tomcat9 depends on:
ii lsb-base 10.2019051400
ii systemd 241-7~deb10u6
pn tomcat9-common <none>
ii ucf 3.0038+nmu1
Versions of packages tomcat9 recommends:
pn libtcnative-1 <none>
Versions of packages tomcat9 suggests:
pn tomcat9-admin <none>
pn tomcat9-docs <none>
pn tomcat9-examples <none>
pn tomcat9-user <none>
--- End Message ---
--- Begin Message ---
Source: tomcat9
Source-Version: 9.0.43-2~deb11u2
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tomcat9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated tomcat9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 Sep 2021 21:34:00 +0200
Source: tomcat9
Architecture: source
Version: 9.0.43-2~deb11u2
Distribution: bullseye
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 987179
Changes:
tomcat9 (9.0.43-2~deb11u2) bullseye-security; urgency=high
.
* Team upload.
* CVE-2021-30640: Fix NullPointerException.
If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
* Set the fileOwner of catalina.out to tomcat explicitly.
Thanks to Adam Cecile for the report. (Closes: #987179)
* Fix CVE-2021-41079:
Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
crafted packet could be used to trigger an infinite loop resulting in a
denial of service.
Checksums-Sha1:
a27ec0f15a525ee97dd99fa5bf91c37c71661c62 2906 tomcat9_9.0.43-2~deb11u2.dsc
d3db3ecc231ff648ea3678c0bf4a3e97d764592c 39700
tomcat9_9.0.43-2~deb11u2.debian.tar.xz
92042feb2c7f05d782b8760815679d91974e9d86 13842
tomcat9_9.0.43-2~deb11u2_amd64.buildinfo
Checksums-Sha256:
98d55301f6d8e0ce06c1c32363f2f0d13c160ebc6112d824a8edd76d7b89b16d 2906
tomcat9_9.0.43-2~deb11u2.dsc
09d789107102d037ecce90a9dd74d667c2c4acb1239668012794abbbc6867251 39700
tomcat9_9.0.43-2~deb11u2.debian.tar.xz
e68a6748ecb5a31e9c806ec20888bcf0e5d7a9c72618c3ab9fcac8dbe160f710 13842
tomcat9_9.0.43-2~deb11u2_amd64.buildinfo
Files:
e6eecf8fbe6d21a01dd781f4c07f41bc 2906 java optional
tomcat9_9.0.43-2~deb11u2.dsc
88da03eb8cf6791b2e76e0a5ee9dbcbd 39700 java optional
tomcat9_9.0.43-2~deb11u2.debian.tar.xz
961474e1c3997ea2b75890659e6a92d2 13842 java optional
tomcat9_9.0.43-2~deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFgT8BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk9sIQAKa5EfMxTU93FBbjiY47jfTCGOOT+u+OuCJU
EJ7GmZgwtyLEHDrCvuJyvJTZSTxukVGyLqaID2Ou06/5CjZQJ2CuUlf7g91dDT0R
1djA24EF+h129YlN0hH9kT81981XzTp6UO5+plDhOzfjh+d3EqPf8xGzuSLotAlR
oJrDGJltoivyEiuSZSljQLdPNZAzzrpsMK1UkYACEacpOBwq0GHoEcq7Hihx0Qde
LzztVyhu9zaWclAAaBGQWIH8pebK763AybOOVlBgk1Ggrnru6feqsf+Ufds+mRnk
AdNeLNYsKgFp+pGvgx4At89YJKravagnoSV6FCJNs9lEoxUXyufY7q7gKpXuTI3n
D9PMoFkJ8PYc7TrQYR6gbW2iLHjrp9N92bRf2lCrsdDdkMPQCkyPC0eCK4HJ37DH
mG9+lFoaiVZxkshbyDra0zOmVvLgAffozGVY1ZsFLcpEcU08cLY68ENsEH90Qfsv
AEQDEGol9bLGAnkJKXh5C8H4HBHVsjVfVTc2H9l/Is45GkGC1A0o/JNELSt/+T7x
mLc9ZyKKtzMnWRXnyKUiZoeGfQJAMUOyINNhJaskPe00OQ/2f9Wh4bebp2Wi0NgQ
fhKI9K/pwUH8H9ia+wAstfKGWlL6Vj5pkhoJEXCeyA9alxPRcBlFp0E31wlNTiWt
Lj+ajdRS
=lAT4
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
