Your message dated Fri, 25 Jun 2010 13:03:01 +0000
with message-id <[email protected]>
and subject line Bug#585379: fixed in tomcat6 6.0.26-4
has caused the Debian Bug report #585379,
regarding tomcat6: tomcat fails to start using a security manager
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
585379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585379
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tomcat6
Version: 6.0.24-2
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu maverick ubuntu-patch
Using tomcat6 package version 6.0.24-2ubuntu, after editing
/etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on startup with
(in catalina.out):
Using CATALINA_BASE: /var/lib/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME: /usr/lib/jvm/java-6-openjdk
Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar
Using Security Manager
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied
(java.util.PropertyPermission java.util.logging.config.class read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at
java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
at java.lang.System.getProperty(System.java:669)
at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap. Program
will exit.
The problem is that -Djava.security.policy is being set twice, firstly in
/etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly
in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy
(an invalid path). Unfortunately the second takes precedence, and so no policy
file is actually used.
To fix this, I suggest patching catalina.sh to change 'conf/catalina.policy'
references to 'work/catalina.policy'. It would also be good to remove the
explicit setting of -Djava.security.manager and -Djava.security.policy from the
init.d script, since it is done anyway in the init script. I've attached two
patches for this.
Originally reported in Ubuntu by Jeff Turner, and tracked at
https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/591802
*** /tmp/tmpgCS3jR
In Ubuntu, we've applied the attached patch to achieve the following:
* Fixing failure to start with security manager enable (Closes: LP: #591802)
Thanks to Jeff Turner for patches
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-22-generic (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru tomcat6-6.0.24/debian/changelog tomcat6-6.0.24/debian/changelog
diff -Nru tomcat6-6.0.24/debian/patches/debian-changes-6.0.24-2ubuntu2 tomcat6-6.0.24/debian/patches/debian-changes-6.0.24-2ubuntu2
--- tomcat6-6.0.24/debian/patches/debian-changes-6.0.24-2ubuntu2 1970-01-01 01:00:00.000000000 +0100
+++ tomcat6-6.0.24/debian/patches/debian-changes-6.0.24-2ubuntu2 2010-06-09 23:12:45.000000000 +0100
@@ -0,0 +1,55 @@
+Description: Upstream changes introduced in version 6.0.24-2ubuntu2
+ This patch has been created by dpkg-source during the package build.
+ Here's the last changelog entry, hopefully it gives details on why
+ those changes were made:
+ .
+ tomcat6 (6.0.24-2ubuntu2) lucid; urgency=low
+ .
+ * Fixing failure to start with security manager enable (Closes: LP: #591802)
+ Thanks to Jeff Turner for patches
+ .
+ The person named in the Author field signed this changelog entry.
+Author: Adam Guthrie <[email protected]>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- tomcat6-6.0.24.orig/bin/catalina.sh
++++ tomcat6-6.0.24/bin/catalina.sh
+@@ -261,7 +261,7 @@ if [ "$1" = "debug" ] ; then
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -sourcepath "$CATALINA_HOME"/../../java \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -288,7 +288,7 @@ elif [ "$1" = "run" ]; then
+ exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+@@ -321,7 +321,7 @@ elif [ "$1" = "start" ] ; then
+ "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+- -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
++ -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
diff -Nru tomcat6-6.0.24/debian/patches/series tomcat6-6.0.24/debian/patches/series
--- tomcat6-6.0.24/debian/patches/series 2010-03-25 10:22:10.000000000 +0000
+++ tomcat6-6.0.24/debian/patches/series 2010-06-09 23:02:06.000000000 +0100
@@ -7,3 +7,4 @@
servlet-api-OSGi.patch
jsp-api-OSGi.patch
allow-empty-pid-file.patch
+debian-changes-6.0.24-2ubuntu2
diff -Nru tomcat6-6.0.24/debian/tomcat6.init tomcat6-6.0.24/debian/tomcat6.init
--- tomcat6-6.0.24/debian/tomcat6.init 2010-03-25 22:12:33.000000000 +0000
+++ tomcat6-6.0.24/debian/tomcat6.init 2010-06-09 22:37:23.000000000 +0100
@@ -107,7 +107,6 @@
SECURITY=""
if [ "$TOMCAT6_SECURITY" = "yes" ]; then
- JAVA_OPTS="$JAVA_OPTS -Djava.security.manager -Djava.security.policy=\"$POLICY_CACHE\""
SECURITY="-security"
fi
--- End Message ---
--- Begin Message ---
Source: tomcat6
Source-Version: 6.0.26-4
We believe that the bug you reported is fixed in the latest version of
tomcat6, which is due to be installed in the Debian FTP archive:
libservlet2.5-java-doc_6.0.26-4_all.deb
to main/t/tomcat6/libservlet2.5-java-doc_6.0.26-4_all.deb
libservlet2.5-java_6.0.26-4_all.deb
to main/t/tomcat6/libservlet2.5-java_6.0.26-4_all.deb
libtomcat6-java_6.0.26-4_all.deb
to main/t/tomcat6/libtomcat6-java_6.0.26-4_all.deb
tomcat6-admin_6.0.26-4_all.deb
to main/t/tomcat6/tomcat6-admin_6.0.26-4_all.deb
tomcat6-common_6.0.26-4_all.deb
to main/t/tomcat6/tomcat6-common_6.0.26-4_all.deb
tomcat6-docs_6.0.26-4_all.deb
to main/t/tomcat6/tomcat6-docs_6.0.26-4_all.deb
tomcat6-examples_6.0.26-4_all.deb
to main/t/tomcat6/tomcat6-examples_6.0.26-4_all.deb
tomcat6-user_6.0.26-4_all.deb
to main/t/tomcat6/tomcat6-user_6.0.26-4_all.deb
tomcat6_6.0.26-4.debian.tar.gz
to main/t/tomcat6/tomcat6_6.0.26-4.debian.tar.gz
tomcat6_6.0.26-4.dsc
to main/t/tomcat6/tomcat6_6.0.26-4.dsc
tomcat6_6.0.26-4_all.deb
to main/t/tomcat6/tomcat6_6.0.26-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thierry Carrez <[email protected]> (supplier of updated tomcat6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 24 Jun 2010 15:55:10 +0200
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source all
Version: 6.0.26-4
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Thierry Carrez <[email protected]>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 585379
Changes:
tomcat6 (6.0.26-4) unstable; urgency=low
.
[ Thierry Carrez ]
* Fix issues preventing from running Tomcat6 with a security manager:
- debian/tomcat6.init: Remove duplicate securitymanager options.
- debian/patches/catalina-sh-security-manager.patch: Use the right
location for the security.policy file in catalina.sh.
- Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original
patches and to Adam Guthrie for the Lucid debdiff.
* Allow binding to any interface when using authbind, rather than only allow
binding to all (LP: #594989)
* Force backgrounding of catalina.sh in start-stop-daemon, to allow the init
script to be started through ssh -t (LP: #588481)
.
[ Torsten Werner ]
* Remove Paul from Uploaders list.
Checksums-Sha1:
bb57f898a0bfefc5d26ea633124f515dbe173dd8 1605 tomcat6_6.0.26-4.dsc
a72ecddfa869ead4482eecbb49139a8754b93d84 30586 tomcat6_6.0.26-4.debian.tar.gz
16cfde03b7147af749c7c77784dc45d896efd391 46424 tomcat6-common_6.0.26-4_all.deb
5614a467d0e4008f4158f4b8ab1830a99ce2f827 31018 tomcat6_6.0.26-4_all.deb
c55e3ec51f3cf7fc2ea2c17e1219f124ecd27f58 25268 tomcat6-user_6.0.26-4_all.deb
f1b228bfaa10edefe71abc50656103e21330c72b 3017972
libtomcat6-java_6.0.26-4_all.deb
2bccbfa17f7ffc8091238a62630e6d93556e80fd 190798
libservlet2.5-java_6.0.26-4_all.deb
e49a5dd312f9be3d3b80e554c00ff30c5d621475 253538
libservlet2.5-java-doc_6.0.26-4_all.deb
1fe20868bc06a3225c0eab92169c21fd9f3c04ae 41272 tomcat6-admin_6.0.26-4_all.deb
cbc50a061cdda6d7ac7e9ff707197ba8be323b5b 158042
tomcat6-examples_6.0.26-4_all.deb
53f5a9c5b750f22ff70a6c5b1598d17ee1553c0f 517754 tomcat6-docs_6.0.26-4_all.deb
Checksums-Sha256:
a76dc8f31eac5d107f18b5d960aa58547bf3877c9cf61645add6914d8776cbfd 1605
tomcat6_6.0.26-4.dsc
fc278f673dec50c26f778e7be42f6c4ea992df86315f6e50b902632f1a252c3b 30586
tomcat6_6.0.26-4.debian.tar.gz
6452d52d33c80f3a9060813c6f757bba392a9a152b0f673500ca071fa93fd2e0 46424
tomcat6-common_6.0.26-4_all.deb
50452a2c272793d243b71de3d1fb05176a227ecfa69ce99349d51454c09882ab 31018
tomcat6_6.0.26-4_all.deb
e82c98fc739e4e4e3e05aeaa0069517af6f8919bf55e997712b0bb73145d54d6 25268
tomcat6-user_6.0.26-4_all.deb
3e8957a4ba38cba317941039b5ae2cb377dfe4b1957afddd5722b6335ea6bb11 3017972
libtomcat6-java_6.0.26-4_all.deb
13d202d4387e17bc2b9590b06d44a7000fb1887aedbe9b006f26284c852c8951 190798
libservlet2.5-java_6.0.26-4_all.deb
2d73e4bec6479c4ab5802e7287b35dd617cea0cd47330d61a271e2deeeb0ba37 253538
libservlet2.5-java-doc_6.0.26-4_all.deb
3e93f7c1e022957de692a12a5a68e34442e91cb58fb99f4f5fa383bdd479de69 41272
tomcat6-admin_6.0.26-4_all.deb
4ca91586b0bc1a38350d1d2d2fb8021fe2fdf5625b6fcf181d6273faf11344df 158042
tomcat6-examples_6.0.26-4_all.deb
2d5bb716a74e227c012da9894df618044e77658d16a4e377c987df24f83b54b3 517754
tomcat6-docs_6.0.26-4_all.deb
Files:
dbfcc30abdbe6be3ef83587b35d4a5bf 1605 java optional tomcat6_6.0.26-4.dsc
b2cae6cb5c9cf934fb6386893ee860c6 30586 java optional
tomcat6_6.0.26-4.debian.tar.gz
a3713bd662956a8fc1b213ea825eebb5 46424 java optional
tomcat6-common_6.0.26-4_all.deb
c74bfa35dc94fcdcbd748a8ccd09d986 31018 java optional tomcat6_6.0.26-4_all.deb
93d970fbd15a98ec7acb80db275bec6d 25268 java optional
tomcat6-user_6.0.26-4_all.deb
6cc4ebb7e3f1f72e3fb3a83a1931658d 3017972 java optional
libtomcat6-java_6.0.26-4_all.deb
9814bca1cc798f8625d566eb47b3fdbb 190798 java optional
libservlet2.5-java_6.0.26-4_all.deb
2455efee267393d4dad194fbd751c0e7 253538 doc optional
libservlet2.5-java-doc_6.0.26-4_all.deb
1513f6e9037aef14e943fc01ae97a1b3 41272 java optional
tomcat6-admin_6.0.26-4_all.deb
2a702da4b16ea8bd850fef508ed505ff 158042 java optional
tomcat6-examples_6.0.26-4_all.deb
e0b371acd461f508760df6db1b66c352 517754 doc optional
tomcat6-docs_6.0.26-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwkpxkACgkQfY3dicTPjsPeXgCdFGE5pnwoKISATGGJZSG2vbgR
ZR4AoJgWl4mzlymQaQBK6JrXRs2Wh07N
=NELF
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please
use
[email protected] for discussions and questions.
