Your message dated Wed, 02 Jan 2013 04:47:48 +0000
with message-id <e1tqgf2-0007oz...@franck.debian.org>
and subject line Bug#691865: fixed in tomcat7 7.0.34-1~exp1
has caused the Debian Bug report #691865,
regarding tomcat7: catalina.properties use hard references to /var/lib/tomcat7/
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
691865: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691865
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomcat7
Version: 7.0.26-1ubuntu1.1
Severity: normal

The file /usr/share/tomcat7/skel/conf/catalina.properties (and also 
/etc/tomcat7/catalina.properties) has hard references to /var/lib/tomcat7/.

If /var/lib/tomcat7/{common,server,shared} contains a jar for one tomcat7 
instance, this leaks to all other installations.

To avoid this problem the property reference ${catalina.base} should be used.
A second tomcat instance can now set $CATALINA_BASE to something else
(as /var/lib/tomcat7).

A corrected version of the catalina.properties is attached.

I have checked manually that the problematic catalina.properties is also in
tomcat7 package in sid (7.0.28-3).


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 
'precise-backports'), (500, 'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tomcat7 depends on:
ii  adduser                3.113ubuntu2
ii  debconf [debconf-2.0]  1.5.42ubuntu1
ii  tomcat7-common         7.0.26-1ubuntu1.1
ii  ucf                    3.0025+nmu2ubuntu1

Versions of packages tomcat7 recommends:
pn  authbind  <none>

Versions of packages tomcat7 suggests:
ii  libtcnative-1     1.1.22-1build1
ii  tomcat7-admin     7.0.26-1ubuntu1.1
ii  tomcat7-docs      7.0.26-1ubuntu1.1
ii  tomcat7-examples  <none>
ii  tomcat7-user      7.0.26-1ubuntu1.1

-- Configuration Files:
/etc/logrotate.d/tomcat7 changed:
/var/log/tomcat7/catalina.out {
  copytruncate
  weekly
  rotate 52
  compress
  missingok
  create 640 tomcat7 adm
}

/etc/tomcat7/catalina.properties changed:
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.base}/common/classes,${catalina.base}/common/*.jar
server.loader=${catalina.base}/server/classes,${catalina.base}/server/*.jar
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/*.jar
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,\
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
jasper.jar,jasper-el.jar,ecj-*.jar,\
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
tomcat-jdbc.jar,\
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
commons-math*.jar,commons-pool*.jar,\
jstl.jar,\
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
dnsns.jar,ldapsec.jar,localedata.jar,sunjce_provider.jar,sunmscapi.jar,\
sunpkcs11.jar,jhall.jar,tools.jar,\
sunec.jar,zipfs.jar,\
apple_provider.jar,AppleScriptEngine.jar,CoreAudio.jar,dns_sd.jar,\
j3daudio.jar,j3dcore.jar,j3dutils.jar,jai_core.jar,jai_codec.jar,\
mlibwrapper_jai.jar,MRJToolkit.jar,vecmath.jar,\
junit.jar,junit-*.jar,ant-launcher.jar
tomcat.util.buf.StringCache.byte.enabled=true

/etc/tomcat7/context.xml changed:
<?xml version='1.0' encoding='utf-8'?>
<!-- 
-->
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
    <!-- Default set of monitored resources -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>
        
    <!-- Uncomment this to disable session persistence across Tomcat restarts 
-->
    <!--
    <Manager pathname="" />
    -->
    <!-- Uncomment this to enable Comet connection tacking (provides events
         on session expiration as well as webapp lifecycle) -->
    <!--
    <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
    -->
    <!-- FUNAMBOL -->
    <Resource name="jdbc/fnblds" auth="Container" type="javax.sql.DataSource"
              factory="com.funambol.server.db.DataSourceFactory"
    />
    <Resource name="jdbc/fnblcore" auth="Container" type="javax.sql.DataSource"
              factory="com.funambol.server.db.DataSourceFactory"
    />
    <Resource name="jdbc/fnbluser" auth="Container" type="javax.sql.DataSource"
              factory="com.funambol.server.db.DataSourceFactory"
    />
</Context>

/etc/tomcat7/logging.properties changed:
handlers = java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
.handlers = java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.facility = local5
com.agafua.syslog.SyslogHandler.port = 514
com.agafua.syslog.SyslogHandler.hostname = syslog.computer42.org
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = CONFIG

/etc/tomcat7/server.xml changed:
<?xml version="1.0" encoding="utf-8"?>
<!--
* $HeadURL: 
svn://svn.computer42.org:3691/c42CfgRepos/trunk/etc/c42CfgRepos/tomcat6/server.xml.garfield
 $
* $Revision: 1973 $ $Date: 2009-05-22 20:28:52 +0200 (Fri, 22. May 2009) $
* $Author: dirk $
-->
<Server port="8005" shutdown="SHUTDOWN">
  <!-- Security listener. Documentation at /docs/config/listeners.html
       <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" 
SSLEngine="off" />
  <!--Initialize Jasper prior to webapps are loaded. Documentation at 
/docs/jasper-howto.html -->
  <Listener className="org.apache.catalina.core.JasperListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener 
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener 
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener 
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container" 
type="org.apache.catalina.UserDatabase" description="User database that can be 
updated and saved" 
factory="org.apache.catalina.users.MemoryUserDatabaseFactory" 
pathname="conf/tomcat-users.xml"/>
  </GlobalNamingResources>
  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" 
URIEncoding="UTF-8" redirectPort="443"/>
    <Connector port="8009" protocol="AJP/1.3" URIEncoding="UTF-8" 
redirectPort="8443"/>
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="odie-1">
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
resourceName="UserDatabase"/>
      <Host name="localhost" appBase="webapps" unpackWARs="true" 
autoDeploy="true">
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" 
requireReauthentication="true"/>
        <Valve className="org.apache.catalina.valves.AccessLogValve" 
directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" 
resolveHosts="true"/>
      </Host>
    </Engine>
  </Service>
</Server>

/etc/tomcat7/tomcat-users.xml [Errno 13] Keine Berechtigung: 
u'/etc/tomcat7/tomcat-users.xml'

-- debconf information:
  tomcat7/groupname: tomcat7
  tomcat7/username: tomcat7
  tomcat7/javaopts: -Djava.awt.headless=true -XX:+UseConcMarkSweepGC 
-XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=128m -Xmx512m 
-Dfunambol.debug=false -Dfunambol.home=/opt/Funambol -Dfile.encoding=UTF-8

--- End Message ---
--- Begin Message ---
Source: tomcat7
Source-Version: 7.0.34-1~exp1

We believe that the bug you reported is fixed in the latest version of
tomcat7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 691...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill <tmanc...@debian.org> (supplier of updated tomcat7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 01 Jan 2013 19:01:12 -0800
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java 
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.34-1~exp1
Distribution: experimental
Urgency: low
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmanc...@debian.org>
Description: 
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7    - Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 679012 691773 691865 696944
Changes: 
 tomcat7 (7.0.34-1~exp1) experimental; urgency=low
 .
   * Upload to experimental (Vcs-Git branch is exp/master.)
   * New upstream version 7.0.34
   * remove patches included in the upstream release
     - cve-2012-3439.patch
     - cve-2012-3439-tests.patch
     - 0016-CVE-2012-4431.patch
     - 0017-CVE-2012-3546.patch
   * refresh patches
   * add /usr/lib/jvm/java-7-oracle to JDK search path
     - Thanks to Nuno Afonso. (Closes: #679012)
   * add log compression to logrotate cronjob via defaults file
     - Thanks to Thijs Kinkhorst. (Closes: #696944)
   * add distinct javax poms to install JARs using both Tomcat and javax
     coordinates (Closes: #691773)
   * update catalina.properties to expand ${catalina.home} instead of
     referencing /var/lib/tomcat7 explicitly.
     - Thanks to H.-Dirk Schmidt (Closes: #691865)
Checksums-Sha1: 
 cf6811f0908d884afdacede339123b490ec82655 2634 tomcat7_7.0.34-1~exp1.dsc
 9c72f3413406d63f4c3e1a81daf05238678448d1 3961694 tomcat7_7.0.34.orig.tar.gz
 de94e582eeea80abd0fd5a7c0335159a0c0ca517 46175 
tomcat7_7.0.34-1~exp1.debian.tar.gz
 97e6c72552f0c0e40703f019c53304b7259855a7 62800 
tomcat7-common_7.0.34-1~exp1_all.deb
 2a6a7a9ef2fa910e197c116f33e4c35f27461c5f 50408 tomcat7_7.0.34-1~exp1_all.deb
 f16bd3c117ef0027d1ac5abb1ea3b1403e49567a 38178 
tomcat7-user_7.0.34-1~exp1_all.deb
 ed35a94ecfca531dc5ac0c0ae5a3b77a19f49511 3508556 
libtomcat7-java_7.0.34-1~exp1_all.deb
 0de6d1213ff2230abecdfe3ed21449edff3a60ef 305668 
libservlet3.0-java_7.0.34-1~exp1_all.deb
 c58b254e33aea2661be0f5a2e8740a205f2c5502 300952 
libservlet3.0-java-doc_7.0.34-1~exp1_all.deb
 e6d32d7d1c8c1516f5648442486f875998a1a502 50452 
tomcat7-admin_7.0.34-1~exp1_all.deb
 7addcf18fbbfa1ed21608cd75912c44f70c3c6a2 201320 
tomcat7-examples_7.0.34-1~exp1_all.deb
 6bcf160b957ab4cef24d7672af897b23da5f4bf6 666666 
tomcat7-docs_7.0.34-1~exp1_all.deb
Checksums-Sha256: 
 e486b47c232b8dae403447ad7ce59858e9e373fabd6852715bfa42c6cc8043ab 2634 
tomcat7_7.0.34-1~exp1.dsc
 a9fce1021710168ec0f3ec272ea796ba28dae32ed34e1885a831d57ed8814261 3961694 
tomcat7_7.0.34.orig.tar.gz
 8e6cf1d67c553dd58e44db3fb22ff625450eb69cb14d7b55788ecdd15ec88202 46175 
tomcat7_7.0.34-1~exp1.debian.tar.gz
 6bb2d52dc7ace5cc368bb6684dcc7fe19e87dd1fe21a35c7f8c318291335f4f2 62800 
tomcat7-common_7.0.34-1~exp1_all.deb
 f1e0bac119036f73de07a83b2cd48025393da3a3b19ad3dd43bfeac7a9dc26f8 50408 
tomcat7_7.0.34-1~exp1_all.deb
 45c01e16d4554853434834597f3ababa672f9a10410c3cf02c1c8e508110309a 38178 
tomcat7-user_7.0.34-1~exp1_all.deb
 5743e8b9f0f8a75a2697fe2771562f30cd3bf9ae43232f17da6af74399e27a17 3508556 
libtomcat7-java_7.0.34-1~exp1_all.deb
 bad0c94242eb8673ba2df817518a6a8b6230f08bc63adbdaf8d054f8a09ef01b 305668 
libservlet3.0-java_7.0.34-1~exp1_all.deb
 8c4d3ee96340128f558f53cdbc3760d5b691be4460cb9226e428ab264bf7aa26 300952 
libservlet3.0-java-doc_7.0.34-1~exp1_all.deb
 f424970f70eda21b25c243254755e3791493974b67859531fa692f1aae594dd4 50452 
tomcat7-admin_7.0.34-1~exp1_all.deb
 e2988dbacad74f7830344756022efaeeb359bbd05130f85ccfcfeea6a2568eb0 201320 
tomcat7-examples_7.0.34-1~exp1_all.deb
 6722f04afd04a70e3814576bcb22d33315b9f9827223fa52b2acc963443d9cc8 666666 
tomcat7-docs_7.0.34-1~exp1_all.deb
Files: 
 d8491005cfad7b9193ec96c68b393694 2634 java optional tomcat7_7.0.34-1~exp1.dsc
 65be5f6232175afda059b9c313840f22 3961694 java optional 
tomcat7_7.0.34.orig.tar.gz
 89747650a6232698e851439cc4f4c985 46175 java optional 
tomcat7_7.0.34-1~exp1.debian.tar.gz
 e170a15fcf0346b10ea01983c93612d9 62800 java optional 
tomcat7-common_7.0.34-1~exp1_all.deb
 0f52276f794c74f9eaeff927ff7e2d42 50408 java optional 
tomcat7_7.0.34-1~exp1_all.deb
 6438201df41ebbe9a1761269713a31b8 38178 java optional 
tomcat7-user_7.0.34-1~exp1_all.deb
 091f9e184a69219fe9f74077e7327a4d 3508556 java optional 
libtomcat7-java_7.0.34-1~exp1_all.deb
 8b9eeba666268ba33418337c60eda23f 305668 java optional 
libservlet3.0-java_7.0.34-1~exp1_all.deb
 d2e1e1db4e4ae8e10c68ee21a02dd647 300952 doc optional 
libservlet3.0-java-doc_7.0.34-1~exp1_all.deb
 a3457b48beccaeb400e2c61608f53820 50452 java optional 
tomcat7-admin_7.0.34-1~exp1_all.deb
 cc69c2aea3ef119878f944c626ed344c 201320 java optional 
tomcat7-examples_7.0.34-1~exp1_all.deb
 d4e4b0208ea8c4204245551db28d2e32 666666 doc optional 
tomcat7-docs_7.0.34-1~exp1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ47cmAAoJECHSBYmXSz6WaBoQALWnYH8BHcTy5wRFJMNoOfhW
ubAnWYrzbZBuNJX8jVVKcCJ3EwJYmOopPzUUWS8fKFcsuyl9NTZ63q8DqPYccEp/
H7uBEb1oy1seHVowyqrPNXoG7JJEwzH4jTu0G6cHGsL3IDvkjLyqJ/zY3b5Vp67t
0Yu4Ex1l+uD5KdTPsvRrp0D+Z52qIL3+Dzj4MtztP028H6TdlR+lOhUCsZo6JCnq
D1+cDWISxKw4En62Io7CAZGcNUh4CFaFZPqtmYKlqs2s2EasaorVJoiiRvwG3umu
fDKCVCw6XwuELE8sG2P63R5huNETOU88HTjS9IIj3NWaaq0VQt4OXNRb5PAtwxbm
YfAqTIvkJo/BnMCOYxtPjIzdkzOJ3wSmilvNlBp4rSUiixKZ7hJ2h9xEff8A0tzh
VyMbGWoRCz1AzqGhQnI0+D74IT+DEbkR5VxjAAw5UJLhEGJAw8fSmhCVbBsS2KED
00Z3w6Rz4sA+x0OjepEX2jG5XEzoJK3AI3Sd0G6dv9hWonsevd+gr6mChM78/djZ
xO3cVbC5CjhDGrvCB+BsRpVFcs3QQDBNqWg0sDyJBsApUH/PKHJdmRInLzFJEuJO
Kmxosz3UlWls4pFKudxZu9pdR2c0avmCb/SLmyxyg0cHBnCue+bfqD2/SuUpmcOM
PCc7DAZy5/0CIGYu+zgx
=rSrF
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to