2010-06-09 16:13:20 |
Jeff Turner |
bug |
|
|
added bug |
2010-06-09 16:13:20 |
Jeff Turner |
attachment added |
|
Quilt patch to fix the security policy location in the init.d script http://launchpadlibrarian.net/50021809/fix-securitypolicy-location.patch |
|
2010-06-09 16:13:20 |
Jeff Turner |
attachment added |
|
Dependencies.txt http://launchpadlibrarian.net/50018111/Dependencies.txt |
|
2010-06-09 16:15:03 |
Jeff Turner |
attachment added |
|
Patch to fix debian/tomcat6.init so it doesn't redundantly set security manager params http://launchpadlibrarian.net/50021843/tomcat6.init.patch |
|
2010-06-09 16:30:39 |
Brian Murray |
tags |
apport-bug i386 lucid |
apport-bug i386 lucid patch |
|
2010-06-09 21:20:30 |
Adam Guthrie |
tomcat6 (Ubuntu): status |
New |
Confirmed |
|
2010-06-09 22:21:10 |
Adam Guthrie |
attachment added |
|
tomcat6_6.0.24-2ubuntu2.debdiff http://launchpadlibrarian.net/50039553/tomcat6_6.0.24-2ubuntu2.debdiff |
|
2010-06-09 22:52:18 |
Adam Guthrie |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585379 |
|
2010-06-09 22:52:18 |
Adam Guthrie |
bug task added |
|
tomcat6 (Debian) |
|
2010-06-09 22:54:08 |
Adam Guthrie |
tags |
apport-bug i386 lucid patch |
apport-bug i386 lucid patch patch-forwarded-debian |
|
2010-06-10 00:04:56 |
Bug Watch Updater |
tomcat6 (Debian): status |
Unknown |
New |
|
2010-06-11 09:20:32 |
Thierry Carrez |
tomcat6 (Ubuntu): importance |
Undecided |
High |
|
2010-06-11 09:20:32 |
Thierry Carrez |
tomcat6 (Ubuntu): status |
Confirmed |
Triaged |
|
2010-06-11 09:20:46 |
Thierry Carrez |
nominated for series |
|
Ubuntu Lucid |
|
2010-06-11 09:20:46 |
Thierry Carrez |
bug task added |
|
tomcat6 (Ubuntu Lucid) |
|
2010-06-11 09:20:56 |
Thierry Carrez |
tomcat6 (Ubuntu Lucid): status |
New |
Triaged |
|
2010-06-11 09:21:02 |
Thierry Carrez |
tomcat6 (Ubuntu Lucid): importance |
Undecided |
High |
|
2010-06-16 13:41:51 |
Thierry Carrez |
tomcat6 (Ubuntu): assignee |
|
Thierry Carrez (ttx) |
|
2010-06-16 13:41:53 |
Thierry Carrez |
tomcat6 (Ubuntu Lucid): assignee |
|
Thierry Carrez (ttx) |
|
2010-06-24 13:18:34 |
Thierry Carrez |
tomcat6 (Ubuntu): status |
Triaged |
Fix Committed |
|
2010-06-25 20:31:19 |
Launchpad Janitor |
branch linked |
|
lp:debian/sid/tomcat6 |
|
2010-06-26 06:42:37 |
Bug Watch Updater |
tomcat6 (Debian): status |
New |
Fix Released |
|
2010-07-05 12:54:12 |
Thierry Carrez |
tomcat6 (Ubuntu Lucid): status |
Triaged |
In Progress |
|
2010-07-05 13:37:30 |
Thierry Carrez |
description |
Binary package hint: tomcat6
Using tomcat6 package version 6.0.24-2ubuntu, after editing /etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on startup with (in catalina.out):
Using CATALINA_BASE: /var/lib/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME: /usr/lib/jvm/java-6-openjdk
Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar
Using Security Manager
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
at java.lang.System.getProperty(System.java:669)
at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit.
The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately the second takes precedence, and so no policy file is actually used.
To fix this, I suggest patching catalina.sh to change 'conf/catalina.policy' references to 'work/catalina.policy'. It would also be good to remove the explicit setting of -Djava.security.manager and -Djava.security.policy from the init.d script, since it is done anyway in the init script. I've attached two patches for this.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: tomcat6 6.0.24-2ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Thu Jun 10 01:14:40 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1)
PackageArchitecture: all
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: tomcat6 |
Binary package hint: tomcat6
Using tomcat6 package version 6.0.24-2ubuntu, after editing /etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on startup with (in catalina.out):
Using CATALINA_BASE: /var/lib/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME: /usr/lib/jvm/java-6-openjdk
Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar
Using Security Manager
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
at java.lang.System.getProperty(System.java:669)
at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit.
The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately the second takes precedence, and so no policy file is actually used.
To fix this, I suggest patching catalina.sh to change 'conf/catalina.policy' references to 'work/catalina.policy'. It would also be good to remove the explicit setting of -Djava.security.manager and -Djava.security.policy from the init.d script, since it is done anyway in the init script. I've attached two patches for this.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: tomcat6 6.0.24-2ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Thu Jun 10 01:14:40 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1)
PackageArchitecture: all
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: tomcat6
== SRU Report ==
Impact:
Regression for users of TOMCAT6_SECURITY=yes, that won't work after upgrading to Lucid.
Development branch fix:
6.0.26-4 has this fix, and a sync request to 6.0.26-5 was filed (bug 599265)
Minimal patch:
See attached at comment 9.
TEST CASE:
$ sudo apt-get install tomcat6
$ sudo sed -i "s/#TOMCAT6_SECURITY=no/TOMCAT6_SECURITY=yes/" /etc/default/tomcat6
$ sudo service tomcat6 restart
Affected = FAIL
Fixed = PASS
Regression potential:
The patch only affects the options used when TOMCAT6_SECURITY=yes, and the current duplicated options prevent it from working completely. |
|
2010-07-05 13:38:07 |
Thierry Carrez |
attachment added |
|
Minimal SRU patch http://launchpadlibrarian.net/51412745/patch |
|
2010-07-05 13:40:13 |
Thierry Carrez |
tomcat6 (Ubuntu Lucid): status |
In Progress |
Confirmed |
|
2010-07-07 14:34:40 |
Martin Pitt |
tomcat6 (Ubuntu Lucid): status |
Confirmed |
Fix Committed |
|
2010-07-07 14:34:46 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
2010-07-07 14:34:51 |
Martin Pitt |
tags |
apport-bug i386 lucid patch patch-forwarded-debian |
apport-bug i386 lucid patch patch-forwarded-debian verification-needed |
|
2010-07-07 15:15:54 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/tomcat6 |
|
2010-07-12 19:58:35 |
Adam Guthrie |
tags |
apport-bug i386 lucid patch patch-forwarded-debian verification-needed |
apport-bug i386 lucid patch patch-accepted-debian verification-needed |
|
2010-07-13 06:21:57 |
Martin Pitt |
tags |
apport-bug i386 lucid patch patch-accepted-debian verification-needed |
apport-bug i386 lucid patch patch-accepted-debian verification-done |
|
2010-07-13 17:29:06 |
Launchpad Janitor |
tomcat6 (Ubuntu): status |
Fix Committed |
Fix Released |
|
2010-07-13 17:29:06 |
Launchpad Janitor |
cve linked |
|
2010-1157 |
|
2010-07-14 05:11:24 |
Launchpad Janitor |
tomcat6 (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2011-09-19 21:23:11 |
Ubuntu Foundations Team Bug Bot |
tags |
apport-bug i386 lucid patch patch-accepted-debian verification-done |
apport-bug i386 lucid patch patch-accepted-debian testcase verification-done |
|