Security fix. Please see ChangeLog.

author: Dylan Carlson <absinthe@gentoo.org> 2003-05-27 04:36:20 +0000
committer: Dylan Carlson <absinthe@gentoo.org> 2003-05-27 04:36:20 +0000
commit: 75e9551b718b811a9de017ade0851826b7135113 (patch)
tree: 3c138ab47d7977a18250b8cbb63a5100e800bfa2 /net-www/tomcat
parent: Security fix. Please see ChangeLog. (diff)
download: gentoo-2-75e9551b718b811a9de017ade0851826b7135113.tar.gz
gentoo-2-75e9551b718b811a9de017ade0851826b7135113.tar.bz2
gentoo-2-75e9551b718b811a9de017ade0851826b7135113.zip
5 files changed, 25 insertions, 14 deletions
diff --git a/net-www/tomcat/ChangeLog b/net-www/tomcat/ChangeLog
index 42b7228b8fa7..5d0fc88393f2 100644
--- a/net-www/tomcat/ChangeLog
+++ b/net-www/tomcat/ChangeLog
@@ -1,6 +1,22 @@
 # ChangeLog for net-www/tomcat
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/tomcat/ChangeLog,v 1.20 2003/04/10 07:24:59 absinthe Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/tomcat/ChangeLog,v 1.21 2003/05/27 04:36:16 absinthe Exp $
+
+*tomcat-4.1.24-r1 (27 May 2003)
+
+  27 May 2003; Dylan Carlson <absinthe@gentoo.org> tomcat-4.1.24-r1.ebuild:
+  /opt/tomcat/conf was vulnerable to local users who are snooping the
+  tomcat-users.xml file for passwords. The new ebuild fixes this problem for new
+  installations.
+  
+  If you have an existing installation of Tomcat you can do the following:
+  
+  1. # /etc/init.d/tomcat stop
+  2. # chmod -R 750 /opt/tomcat/
+  3. # /etc/init.d/tomcat start
+  
+  Thanks to "D.Tuinstra" <tuinstra@inteo.com> for pointing out the
+  vulnerability.
 
 *tomcat-4.1.24 (25 Mar 2003)
 
diff --git a/net-www/tomcat/Manifest b/net-www/tomcat/Manifest
index 8953588e2d2b..4c40d84f9954 100644
--- a/net-www/tomcat/Manifest
+++ b/net-www/tomcat/Manifest
@@ -1,5 +1,5 @@
-MD5 4f182d3f29f1526bc09928b8e69e6351 tomcat-4.1.24-r1.ebuild 3832
-MD5 5b8aafc8bb6d1f2e3d4d4368cc8ece8f ChangeLog 5078
+MD5 75d0a267728d8772dc41c3a7bddc31b3 tomcat-4.1.24-r1.ebuild 3835
+MD5 e714c8795ea79c9ee06fa92dff2ced33 ChangeLog 5078
 MD5 f3d7f1cc3b7b8a69342e6bede7395f58 files/digest-tomcat-4.1.24-r1 74
 MD5 bf1c6e3b412968c9a06aeb15f21355e9 files/4.1.24/gentoo.diff 4002
 MD5 12a2562eeb8ec6dc5ef8b2172a5f29c4 files/4.1.24/tomcat.conf 2710
diff --git a/net-www/tomcat/files/digest-tomcat-4.1.24 b/net-www/tomcat/files/digest-tomcat-4.1.24
deleted file mode 100644
index ea28aaf6bcb5..000000000000
--- a/net-www/tomcat/files/digest-tomcat-4.1.24
+++ /dev/null
@@ -1,6 +0,0 @@
-MD5 bf1c6e3b412968c9a06aeb15f21355e9 /files/4.1.24/gentoo.diff 4002
-MD5 12a2562eeb8ec6dc5ef8b2172a5f29c4 /files/4.1.24/tomcat.conf 2710
-MD5 da7e3d883b224f013f546d2a087099e8 /files/4.1.24/tomcat.init 817
-MD5 53b2c10f99d7d2c05a69fc49b7acda8b /files/4.1.24/21tomcat 58
-MD5 88ec69f43adf7db8db42b9b6ea7ba2e0 /tomcat-4.1.24.ebuild 3832
-MD5 f71fb9aa13707a62df7ba71963649de6 jakarta-tomcat-4.1.24.tar.gz 7232715
diff --git a/net-www/tomcat/files/digest-tomcat-4.1.24-r1 b/net-www/tomcat/files/digest-tomcat-4.1.24-r1
new file mode 100644
index 000000000000..8c7f9156aeee
--- /dev/null
+++ b/net-www/tomcat/files/digest-tomcat-4.1.24-r1
@@ -0,0 +1 @@
+MD5 f71fb9aa13707a62df7ba71963649de6 jakarta-tomcat-4.1.24.tar.gz 7232715
diff --git a/net-www/tomcat/tomcat-4.1.24.ebuild b/net-www/tomcat/tomcat-4.1.24-r1.ebuild
index 7f34a58ae1a8..f83c812de2b5 100644
--- a/net-www/tomcat/tomcat-4.1.24.ebuild
+++ b/net-www/tomcat/tomcat-4.1.24-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2002 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/tomcat/tomcat-4.1.24.ebuild,v 1.6 2003/04/10 07:24:59 absinthe Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/tomcat/tomcat-4.1.24-r1.ebuild,v 1.1 2003/05/27 04:36:16 absinthe Exp $
 
 S=${WORKDIR}/jakarta-${P}
 At="jakarta-tomcat-${PV}.tar.gz"
@@ -32,7 +32,7 @@ pkg_setup() {
 src_install() {
 	TOMCAT_HOME="/opt/tomcat"
 	INSTALLING="yes"
-	DIROPTIONS="--mode=0775 --owner=tomcat --group=tomcat"
+	DIROPTIONS="--mode=0750 --owner=tomcat --group=tomcat"
 	
 	# Create directories
 	dodir ${TOMCAT_HOME}
@@ -56,12 +56,12 @@ src_install() {
 
 	cp -a ${FILESDIR}/${PV}/tomcat.conf ${S}/tomcat
 	insinto /etc/conf.d
-	insopts -m0755
+	insopts -m0750
 	doins ${S}/tomcat
 	
 	cp -a ${FILESDIR}/${PV}/21tomcat ${S}/21tomcat
 	insinto /etc/env.d
-	insopts -m0755
+	insopts -m0750
 	doins ${S}/21tomcat
 
 	# SEND JARS TO SHARED LOCATION
@@ -76,7 +76,7 @@ src_install() {
 	dodoc RELEASE-NOTES-* README.txt RUNNING.txt LICENSE RELEASE-PLAN-4.1.txt
 	
 	chown -R tomcat.tomcat ${S}
-	DIROPTIONS="--mode=0775 --owner=tomcat --group=tomcat"
+	DIROPTIONS="--mode=0750 --owner=tomcat --group=tomcat"
 	dodir ${TOMCAT_HOME}/common
 	dodir ${TOMCAT_HOME}/common/classes
 	dodir ${TOMCAT_HOME}/webapps
author	Dylan Carlson <absinthe@gentoo.org>	2003-05-27 04:36:20 +0000
committer	Dylan Carlson <absinthe@gentoo.org>	2003-05-27 04:36:20 +0000
commit	75e9551b718b811a9de017ade0851826b7135113 (patch)
tree	3c138ab47d7977a18250b8cbb63a5100e800bfa2 /net-www/tomcat
parent	Security fix. Please see ChangeLog. (diff)
download	gentoo-2-75e9551b718b811a9de017ade0851826b7135113.tar.gz gentoo-2-75e9551b718b811a9de017ade0851826b7135113.tar.bz2 gentoo-2-75e9551b718b811a9de017ade0851826b7135113.zip