Bug#645221: marked as done (tomcat6: Tomcat6 initscript influenced by user's environment variables)

Tue, 08 Nov 2011 11:21:18 -0800 

Your message dated Tue, 08 Nov 2011 19:17:26 +0000
with message-id <e1rnrak-0003xf...@franck.debian.org>
and subject line Bug#645221: fixed in tomcat6 6.0.32-7
has caused the Debian Bug report #645221,
regarding tomcat6: Tomcat6 initscript influenced by user's environment variables
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
645221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645221
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: tomcat6
Version: 6.0.32-6
Severity: normal
Tags: l10n


Hi,

I use Tomcat6 on several machines running Debian Squeeze and Sid. Some of them 
are servers using locale en_GB.UTF-8, while my PC is using fr_FR.UTF-8. When 
I'm connecting on these servers, SSH forwards some environment variables, 
including LC_ALL.

Here is my PC's locale :

LANG=fr_FR.UTF-8
LANGUAGE=fr_FR.UTF-8
LC_CTYPE="fr_FR.UTF-8"
LC_NUMERIC="fr_FR.UTF-8"
LC_TIME="fr_FR.UTF-8"
LC_COLLATE="fr_FR.UTF-8"
LC_MONETARY="fr_FR.UTF-8"
LC_MESSAGES="fr_FR.UTF-8"
LC_PAPER="fr_FR.UTF-8"
LC_NAME="fr_FR.UTF-8"
LC_ADDRESS="fr_FR.UTF-8"
LC_TELEPHONE="fr_FR.UTF-8"
LC_MEASUREMENT="fr_FR.UTF-8"
LC_IDENTIFICATION="fr_FR.UTF-8"
LC_ALL=fr_FR.UTF-8


And here is the locale on the server when I'm connected to by SSH :

LANG=en_GB.UTF-8
LANGUAGE=en_GB:en
LC_CTYPE="fr_FR.UTF-8"
LC_NUMERIC="fr_FR.UTF-8"
LC_TIME="fr_FR.UTF-8"
LC_COLLATE="fr_FR.UTF-8"
LC_MONETARY="fr_FR.UTF-8"
LC_MESSAGES="fr_FR.UTF-8"
LC_PAPER="fr_FR.UTF-8"
LC_NAME="fr_FR.UTF-8"
LC_ADDRESS="fr_FR.UTF-8"
LC_TELEPHONE="fr_FR.UTF-8"
LC_MEASUREMENT="fr_FR.UTF-8"
LC_IDENTIFICATION="fr_FR.UTF-8"
LC_ALL=fr_FR.UTF-8



This is because Debian's openssh-client package has by default "SendEnv LANG 
LC_*" in /etc/ssh/ssh_config (which is not the case upstream according to the 
ssh_config(5) manpage)


After a server restart; if I run a test JSP script which outputs the day of 
week, I get "Thursday" :

SimpleDateFormat day_of_week = new SimpleDateFormat("EEEEEEEEE");
out.print(day_of_week.format(new java.util.Date()));


If I do a "/etc/init.d/tomcat6 restart", The same page gives "jeudi".

I added a line "unset LC_ALL" in /etc/default/tomcat6 and restarted Tomcat, and 
the test script gives now "Thursday".


Init scripts should not be influenced by user's environment, and restarting 
Tomcat by a user should not give a behaviour different to when Tomcat has been 
started on system boot.

The fix would be to unset LC_ALL variable in the init script provided by the 
package.


Regards,

Nicolas Pichon.





-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tomcat6 depends on:
ii  adduser                3.113      
ii  debconf [debconf-2.0]  1.5.41     
ii  tomcat6-common         6.0.32-6   
ii  ucf                    3.0025+nmu2

Versions of packages tomcat6 recommends:
pn  authbind  <none>

Versions of packages tomcat6 suggests:
ii  libtcnative-1     <none>  
ii  tomcat6-admin     6.0.32-6
ii  tomcat6-docs      <none>  
ii  tomcat6-examples  6.0.32-6
ii  tomcat6-user      6.0.32-6

-- Configuration Files:
/etc/default/tomcat6 changed [not included]
/etc/logrotate.d/tomcat6 changed [not included]
/etc/tomcat6/catalina.properties changed [not included]
/etc/tomcat6/context.xml changed [not included]
/etc/tomcat6/policy.d/03catalina.policy changed [not included]
/etc/tomcat6/policy.d/50local.policy changed [not included]
/etc/tomcat6/server.xml changed [not included]
/etc/tomcat6/tomcat-users.xml changed [not included]
/etc/tomcat6/web.xml changed [not included]

-- debconf information:
  tomcat6/javaopts: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
  tomcat6/groupname: tomcat6
  tomcat6/username: tomcat6

--- End Message ---
--- Begin Message --- 
Source: tomcat6
Source-Version: 6.0.32-7

We believe that the bug you reported is fixed in the latest version of
tomcat6, which is due to be installed in the Debian FTP archive:

libservlet2.5-java-doc_6.0.32-7_all.deb
  to main/t/tomcat6/libservlet2.5-java-doc_6.0.32-7_all.deb
libservlet2.5-java_6.0.32-7_all.deb
  to main/t/tomcat6/libservlet2.5-java_6.0.32-7_all.deb
libtomcat6-java_6.0.32-7_all.deb
  to main/t/tomcat6/libtomcat6-java_6.0.32-7_all.deb
tomcat6-admin_6.0.32-7_all.deb
  to main/t/tomcat6/tomcat6-admin_6.0.32-7_all.deb
tomcat6-common_6.0.32-7_all.deb
  to main/t/tomcat6/tomcat6-common_6.0.32-7_all.deb
tomcat6-docs_6.0.32-7_all.deb
  to main/t/tomcat6/tomcat6-docs_6.0.32-7_all.deb
tomcat6-examples_6.0.32-7_all.deb
  to main/t/tomcat6/tomcat6-examples_6.0.32-7_all.deb
tomcat6-extras_6.0.32-7_all.deb
  to main/t/tomcat6/tomcat6-extras_6.0.32-7_all.deb
tomcat6-user_6.0.32-7_all.deb
  to main/t/tomcat6/tomcat6-user_6.0.32-7_all.deb
tomcat6_6.0.32-7.debian.tar.gz
  to main/t/tomcat6/tomcat6_6.0.32-7.debian.tar.gz
tomcat6_6.0.32-7.dsc
  to main/t/tomcat6/tomcat6_6.0.32-7.dsc
tomcat6_6.0.32-7_all.deb
  to main/t/tomcat6/tomcat6_6.0.32-7_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 645...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill <tmanc...@debian.org> (supplier of updated tomcat6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 08 Nov 2011 10:42:32 -0800
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java 
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs 
tomcat6-extras
Architecture: source all
Version: 6.0.32-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: tony mancill <tmanc...@debian.org>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-extras - Servlet and JSP engine -- additional components
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 645221 648038
Changes: 
 tomcat6 (6.0.32-7) unstable; urgency=medium
 .
   [ tony mancill ]
   * Team upload.
   * Add "unset LC_ALL" to /etc/defaults/tomcat6 to prevent user
     environment settings from leaking into the servlet container.
     - Thank you to Nicolas Pichon.  (Closes: #645221)
   * Apply patch for CVE-2011-1184 and CVE-2011-2526.
     - Thank you to Marc Deslauriers.  (Closes: #648038)
 .
   [ Niels Thykier ]
   * Added build-arch and build-indep targets in d/rules.
Checksums-Sha1: 
 c35015d1d8ded1646145971b33d08caddbc8fe93 2592 tomcat6_6.0.32-7.dsc
 504d2866065462e3301870f3f5590756b6b9c9d1 52706 tomcat6_6.0.32-7.debian.tar.gz
 fadd27cc043620cce205dfbeeed9bfc2faf8bd77 49070 tomcat6-common_6.0.32-7_all.deb
 3d85c1d470fd4fcb2d7fa39bc7bb56edb449e766 38692 tomcat6_6.0.32-7_all.deb
 72a840f6e9a8b995f7898c50f4038461d7630c88 29816 tomcat6-user_6.0.32-7_all.deb
 4dbb7f4c8dfa811045a08116a8eed7b8467baa50 3071364 
libtomcat6-java_6.0.32-7_all.deb
 5f0337c250daad6266e5c45a4e94f802acb9114a 194506 
libservlet2.5-java_6.0.32-7_all.deb
 ffa6d95bb5b1d9434484d400d9ad6e0a687cddbb 257214 
libservlet2.5-java-doc_6.0.32-7_all.deb
 bb64552b4895eafc121e4948f3c0ce6dad4b97ab 48546 tomcat6-admin_6.0.32-7_all.deb
 9178c583d7c2ad11f82d4fd491c9f68b575731ca 163482 
tomcat6-examples_6.0.32-7_all.deb
 4b8ee8ba7b7bd417b3bd0aba119cad0b2bb035a0 546638 tomcat6-docs_6.0.32-7_all.deb
 19d0aeb84b0a11acdf5f72b1230c9e1fc79368bd 12452 tomcat6-extras_6.0.32-7_all.deb
Checksums-Sha256: 
 b35d793d58444f47f7970c4ba86a632b78d3045c1b2c52a11d79f69c0df3a22d 2592 
tomcat6_6.0.32-7.dsc
 4cf8c48e300b9ed3233b0e2f3c6ead38291a3bfde5d3663b05cf633d3e03b489 52706 
tomcat6_6.0.32-7.debian.tar.gz
 69fcd4abea20778330fc7a78101f7198b5ea731d78d681d20c67bfe39a0c693f 49070 
tomcat6-common_6.0.32-7_all.deb
 391a6cbdf3c126948a5785d428393addc334d1b574459b7ea560bdd8de79fd2b 38692 
tomcat6_6.0.32-7_all.deb
 c785f3b1b44129fe048b70e69368451f50e93f7d9e9310fc49becfb3b6135495 29816 
tomcat6-user_6.0.32-7_all.deb
 36e3a5437ffd30e6955fe6a1c45a489823f505699ba606d962bb2549dec72b53 3071364 
libtomcat6-java_6.0.32-7_all.deb
 aaaf154b91235372a2b014a933dad9dbe31813fb1da66fd40fdc24e297d18e3e 194506 
libservlet2.5-java_6.0.32-7_all.deb
 ad2f31b1a68590f498207946dcae8e5cd2ee258bfd56a77e4a5f47ce3c30cb62 257214 
libservlet2.5-java-doc_6.0.32-7_all.deb
 94ad8e870840a21c4381b17c04ebf6cc02a8573c42bf9016f4b0ebbb44e4ff94 48546 
tomcat6-admin_6.0.32-7_all.deb
 07acf177bf4eff24fe5cc5987a1409c001b8904e6b4ffdccd84d86820d9f2b9e 163482 
tomcat6-examples_6.0.32-7_all.deb
 7f96027ec36e3720860648545bc02d23bbd8ed7bb44913845bf3bf8389695724 546638 
tomcat6-docs_6.0.32-7_all.deb
 f1c033f1d99a8120463ee7b11a1e962e461f95614fb8d1662712a5530cc92a43 12452 
tomcat6-extras_6.0.32-7_all.deb
Files: 
 1d2d7640e3d8c2ebf9dfdc33df8ecec0 2592 java optional tomcat6_6.0.32-7.dsc
 78996ddeb77d90f1287369794f511c19 52706 java optional 
tomcat6_6.0.32-7.debian.tar.gz
 aecc5b2d48e7c5661df4ac0e234aade9 49070 java optional 
tomcat6-common_6.0.32-7_all.deb
 4f6a110101f1cef7888f0fe71cb59f53 38692 java optional tomcat6_6.0.32-7_all.deb
 12b57634c7b869ac2cd5a22dcfdf50b8 29816 java optional 
tomcat6-user_6.0.32-7_all.deb
 db8a0f37ca4037d7825d4aedb79a7392 3071364 java optional 
libtomcat6-java_6.0.32-7_all.deb
 f0c02812589de66b382cb7e150b91951 194506 java optional 
libservlet2.5-java_6.0.32-7_all.deb
 3666fb091039b64cc83ce444701cbc63 257214 doc optional 
libservlet2.5-java-doc_6.0.32-7_all.deb
 83d81aba53b901c57508055f42f7b62b 48546 java optional 
tomcat6-admin_6.0.32-7_all.deb
 41d25c3ab70fc81dbf34ab9de42f32d1 163482 java optional 
tomcat6-examples_6.0.32-7_all.deb
 2f1229d7b2282e49b6a85f45d9ca85e1 546638 doc optional 
tomcat6-docs_6.0.32-7_all.deb
 8beade16423e0bce90a1af0f4a3a440e 12452 java optional 
tomcat6-extras_6.0.32-7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJOuX7aAAoJECHSBYmXSz6WqTAP/Ag0v7bxch4ZJvrhf1VCSvKI
zxTvkqLCN2lBr3jbAUtPGVRJlkVW+TjMEI4LmQNwVy4qJL3ZKLgUs/KtPbBJtAgY
CL1N+3HwksLaz86UtCkf++aGCxRP33zy4gT0B0vwsDglrjzUau2oVLAGeFeDALfb
n3NkTE4wFrThU+0qHbE4hF17tcZ6yEzR/UOIReNOSbq14Is+sWc4sWyfO0BUA1fi
5CKlbLFU6xykadSgeoic7a9KMc5hAnCpPQ0SdhWxCJofLlGFGqTHoRt3e1mJmCVY
EhgwraRfDEMAOpkHMArYb9r2I634yhYv6EhRyp9rmj5m38sOks9BdR6Lh+YHSvDK
dZZE1v5QoIuN7xsRn+V8XVE4Tzh9JeYjONkHb+JCy3Whiic5DyjbRe1HFYBcUQkb
Z1ycN2Q20LvECto/hJ/J626tvk5DWE9ZGMks4Q68qaURvd9ZXMjddxgLnoCnEyo+
5ITmKX1QCk5cwaSHWXtwfZ8JA1fv4PuNPYXFkr+CzW3QdUT1cLYeXeeWBbrYZyrP
L0MnrlSdZ0Was+H1LHvqz76u6gw6DNSIa0oJxzP2W2n26dsYV2Ow8fmxIR8tEhZj
mMM4HKTcuGjnACYO+58LXRbiOp6QygkewiOEBbF8f+RJr3tUl7+cA1e5pBDZlfHd
WDi3deF3CeR2ZFbPGpPy
=lKij
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to