[Bug 410379] Re: Tomcat security configuration error prevents proper logging when used with Sun's JVM

Launchpad Bug Tracker 410379 at bugs.launchpad.net
Mon Dec 14 13:20:09 UTC 2009 

This bug was fixed in the package tomcat6 - 6.0.20-8ubuntu1

---------------
tomcat6 (6.0.20-8ubuntu1) lucid; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/control, debian/rules: Do not use 3.0 (quilt) source format yet
  * debian/tomcat6.default: Fix typos in "JSVC" and "remote", missing newline
  * debian/tomcat6.default, debian/tomcat6.init: Handle JSVC_CLASSPATH
    default value the same way as other defaults

tomcat6 (6.0.20-8) unstable; urgency=low

  * Corrected some spelling mistakes in debian/control.
    (Closes: #557377, #557378)
  * Added patches to install the OSGi metadata in some of the jars.
    (Closes: #558176)
  * Updated 03catalina.policy to allow "setContextClassLoader".
    - Fixes a problem where Sun's JVM would fail to generate log-files.
    (Closes: LP: #410379)
  * Updated /etc/default/tomcat6:
    - Clarified that JAVA_OPTS are passed to jscv and not the JVM.
    - Updated the JSP_COMPILER to javac (jikes is not in Debian anymore).
    (Closes: LP: #440685)
  * Use default-jdk and default-jre-headless instead of openjdk in
    (Build-)Depends.
  * Added more alternatives for java implementations to the Depends of
    libservlet2.5-java.
  * Exposed JSVC_CLASSPATH to the configuration file.
    (Closes: LP: #475457)
  * Updated description so it no longer refers to non-existent package.
    (Closes: #559475)
  * Used "set -e" in postinst and postrm instead of passing "-e" to sh
    in the #!-line.
  * Changed to 3.0 (quilt) source format.

tomcat6 (6.0.20-7) unstable; urgency=low

  * New patch fix_context_name.patch:
    - Allow Service name != Engine name. Regression in fix for 42707.
      Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47316
    - This has been fixed in trunk and will be in 6.0.21
  * Register libservlet2.5-java-doc API with doc-base
  * Fix short description of tomcat6-docs by using "documentation" suffix

tomcat6 (6.0.20-6) unstable; urgency=low

  [ Ludovic Claude ]
  * tomcat6.postinst: set the ownership of files in /etc/tomcat6/
    to root:tomcat6, to prevent an attacker running inside a tomcat6
    instance to change the tomcat configuration
  * debian/policy/02debian.policy: grant access to
    /usr/share/maven-repo/ as it is a valid source of Debian JARs.
    (Closes: #545674)
  * Bump up Standards-Version to 3.8.3
    - add debian/README.source that describes the quilt patch system.
  * debian/control: Add Conflicts on libtomcat6-java with old versions
    of tomcat6-common (Closes: #542397)

  [ Michael Koch ]
  * Replace dh_clean -k by dh_prep.
  * Added Ludovic and myself to Uploaders.
  * Build-Depends on debhelper >= 7.

tomcat6 (6.0.20-5) unstable; urgency=low

  * Fix jsp-api dependency in the Maven descriptors.
  * Put tomcat-juli.jar in /usr/share/java instead of juli.jar.
    This fixes a broken link which prevented tomcat to start
    when logging is turned on, and restores the file layout
    defined in 6.0.20-2.
  * Restore links to the jars in usr/share/tomcat6/lib
  * Change watch to download fresh sources from SVN.
    Should fix wrong encoding in tomcat-i18n-fr/es.jar in the next upstream
    version. (Closes: #522067)
  * Update ownership for files in /etc/tomcat6 and /var/lib/tomcat6/webapps.
    The new owner is tomcat6:adm (Closes: #532284)
  * Add additional directories for the common, server and shared classloader.
    Directories are also compatible with Alfresco's packaging done for
    Ubuntu. (Closes: #521318)
  * Update checksum in postrm script to reflect changes
    in the new upstream webapp
  * postrm removes the extra directories created in /var/lib/tomcat6
    to hold shared and common classes or jars.
  * Added commented out default options for enabling debug mode.
    (Closes: LP: #375493)

tomcat6 (6.0.20-4) experimental; urgency=low

  * Fix init script:
    - Change Provides: tomcat6. (Closes: #532286)
    - Check for /etc/default/rcS before sourcing it.
  * Update Standards-Version: 3.8.2 (no changes).

tomcat6 (6.0.20-3) experimental; urgency=low

  * Add the Maven POM to the package
  * Add a Build-Depends-Indep dependency on maven-repo-helper
  * Use mh_installpom and mh_installjar to install the POM and the jar to the
    Maven repository
 -- Thierry Carrez <thierry.carrez at ubuntu.com>   Mon, 14 Dec 2009 13:55:18 +0100

** Changed in: tomcat6 (Ubuntu)
       Status: In Progress => Fix Released

** Bug watch added: Apache Software Foundation Bugzilla #47316
   http://issues.apache.org/bugzilla/show_bug.cgi?id=47316

-- 
Tomcat security configuration error prevents proper logging when used with Sun's JVM
https://bugs.launchpad.net/bugs/410379
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list