Your message dated Fri, 25 Sep 2009 05:32:27 +0000 with message-id <e1mr3pv-00061a...@ries.debian.org> and subject line Bug#545674: fixed in tomcat6 6.0.20-6 has caused the Debian Bug report #545674, regarding manager webapp crashes due to missing permissions to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 545674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545674 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tomcat6 Version: 6.0.20-5 Severity: grave Justification: renders package unusable Installing tomcat6-admin on a brand new Debian/squeeze gets nothing but a crash, when accessing the admin page. A similar crash happens when accessing any web app. I reproduced this on a fresh squeeze (a xen host made for this purpose). apt-get install tomcat6-admin edit /etc/tomcat6/tomcat-users.xml - uncomment the users section - change passwords - add 'admin' and 'manager' to user 'tomcat' Point a browser to port 8080 on that host. Get the 'It Works' page. Click on the 'manager webapp' link, get to ...:8080/manager/html, and see a 500 page with description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Servlet.init() for servlet HTMLManager threw exception org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) java.lang.Thread.run(Thread.java:636) root cause java.security.AccessControlException: access denied (java.util.PropertyPermission catalina.base read) java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) java.security.AccessController.checkPermission(AccessController.java:553) java.lang.SecurityManager.checkPermission(SecurityManager.java:549) java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) java.lang.System.getProperty(System.java:669) org.apache.catalina.manager.ManagerServlet.init(ManagerServlet.java:487) org.apache.catalina.manager.HTMLManagerServlet.init(HTMLManagerServlet.java:646) javax.servlet.GenericServlet.init(GenericServlet.java:212) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:616) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:537) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) java.lang.Thread.run(Thread.java:636) A similar crash can be provoked with the URL ...:8080/foobar/ (but not with plain /foobar without the trailing slash) That is why I report this on tomcat6, and not tomcat6-admin. We had a similar problem after upgrading from tomcat6 from 6.0.20-2 to 6.0.20-5. If I can provide any additional information, I'd be glad to do so. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages tomcat6 depends on: ii adduser 3.110 add and remove users and groups ii jsvc 1.0.2~svn20061127-9 wrapper to launch Java application ii tomcat6-common 6.0.20-5 Servlet and JSP engine -- common f tomcat6 recommends no packages. Versions of packages tomcat6 suggests: ii tomcat6-admin 6.0.20-5 Servlet and JSP engine -- admin we pn tomcat6-docs <none> (no description available) pn tomcat6-examples <none> (no description available) -- no debconf information
--- End Message ---
--- Begin Message ---Source: tomcat6 Source-Version: 6.0.20-6 We believe that the bug you reported is fixed in the latest version of tomcat6, which is due to be installed in the Debian FTP archive: libservlet2.5-java-doc_6.0.20-6_all.deb to pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-6_all.deb libservlet2.5-java_6.0.20-6_all.deb to pool/main/t/tomcat6/libservlet2.5-java_6.0.20-6_all.deb libtomcat6-java_6.0.20-6_all.deb to pool/main/t/tomcat6/libtomcat6-java_6.0.20-6_all.deb tomcat6-admin_6.0.20-6_all.deb to pool/main/t/tomcat6/tomcat6-admin_6.0.20-6_all.deb tomcat6-common_6.0.20-6_all.deb to pool/main/t/tomcat6/tomcat6-common_6.0.20-6_all.deb tomcat6-docs_6.0.20-6_all.deb to pool/main/t/tomcat6/tomcat6-docs_6.0.20-6_all.deb tomcat6-examples_6.0.20-6_all.deb to pool/main/t/tomcat6/tomcat6-examples_6.0.20-6_all.deb tomcat6-user_6.0.20-6_all.deb to pool/main/t/tomcat6/tomcat6-user_6.0.20-6_all.deb tomcat6_6.0.20-6.diff.gz to pool/main/t/tomcat6/tomcat6_6.0.20-6.diff.gz tomcat6_6.0.20-6.dsc to pool/main/t/tomcat6/tomcat6_6.0.20-6.dsc tomcat6_6.0.20-6_all.deb to pool/main/t/tomcat6/tomcat6_6.0.20-6_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 545...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Koch <konque...@gmx.de> (supplier of updated tomcat6 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 25 Sep 2009 07:14:07 +0200 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: source all Version: 6.0.20-6 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Michael Koch <konque...@gmx.de> Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6 - Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- example web applications tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Closes: 542397 545674 Changes: tomcat6 (6.0.20-6) unstable; urgency=low . [ Ludovic Claude ] * tomcat6.postinst: set the ownership of files in /etc/tomcat6/ to root:tomcat6, to prevent an attacker running inside a tomcat6 instance to change the tomcat configuration * debian/policy/02debian.policy: grant access to /usr/share/maven-repo/ as it is a valid source of Debian JARs. (Closes: #545674) * Bump up Standards-Version to 3.8.3 - add debian/README.source that describes the quilt patch system. * debian/control: Add Conflicts on libtomcat6-java with old versions of tomcat6-common (Closes: #542397) . [ Michael Koch ] * Replace dh_clean -k by dh_prep. * Added Ludovic and myself to Uploaders. * Build-Depends on debhelper >= 7. Checksums-Sha1: a06516161c4c41ccee1b4ebdbb0c6cc7a7e1080d 1543 tomcat6_6.0.20-6.dsc 291b8d96e60c4c6aa91f6111caee700919b2894b 21623 tomcat6_6.0.20-6.diff.gz 9aaa1aa0c86b9201dc9638a3a05c3ed0d0d952cc 37630 tomcat6-common_6.0.20-6_all.deb 2679634ffba67da8cf0ec4c6a2669529cee9a1d3 26816 tomcat6_6.0.20-6_all.deb 4e68db47cc1f2a35f58880139326068c851e9ad8 21886 tomcat6-user_6.0.20-6_all.deb 534b18fc3f13d7ad5ea2ed051f317c614acd9fbb 2915014 libtomcat6-java_6.0.20-6_all.deb 912928b563ab0a88dce8acce9636a10dad56f74c 183428 libservlet2.5-java_6.0.20-6_all.deb 6aad3ce7fa4754e7927301914b45db0c03f8e42d 250960 libservlet2.5-java-doc_6.0.20-6_all.deb 1ab56d0dddc2933484c7008e3425a83d986d21ea 27972 tomcat6-admin_6.0.20-6_all.deb adae41a30cebf9318c3d2395ec2aae70407d8437 421320 tomcat6-examples_6.0.20-6_all.deb 135ab20aa251d3174465ad5b591f5ac02df1d7dd 492128 tomcat6-docs_6.0.20-6_all.deb Checksums-Sha256: 582ada9ce202902c6623b11ac4cc980cd3756f86f8b480fc166e9cb351460c7a 1543 tomcat6_6.0.20-6.dsc bfa77702e70f042a3e921a8f85c27dfbff21b368e5dd3e91d892a722af8f48f8 21623 tomcat6_6.0.20-6.diff.gz cc8ecbce6acc18f01bd72dc33ab2d365eaf7de75c1828b1fabaccac85199e58b 37630 tomcat6-common_6.0.20-6_all.deb 10eaacb4b6a0dbca90048008da2b2e156e78065e46b936a8e4e8d97b7970b34e 26816 tomcat6_6.0.20-6_all.deb fa1b19f3ff1d2d1a799d99b812839ffc28737b79b0dd83be5ca88d7853ce9c61 21886 tomcat6-user_6.0.20-6_all.deb 04f066964c989d822930634c4070bb0b13d7b0ee4d7d6d6e32bbc26592874cf2 2915014 libtomcat6-java_6.0.20-6_all.deb fb2b094f18cb2f20288131491e68fa8a54d347604e107649fabbfa4b5dc56a75 183428 libservlet2.5-java_6.0.20-6_all.deb ef17c64f2567a19d024b4fc6e1c95f9e7d178704602c4ada02678bc9918413c2 250960 libservlet2.5-java-doc_6.0.20-6_all.deb d8e84c7038933759768e825fa384d424b7ace5301f30b906d7f58d05aa62f49b 27972 tomcat6-admin_6.0.20-6_all.deb 75a6bb5fbc26a7c66407872c467892870ea61eb218d88507ed6af80b3d2274cd 421320 tomcat6-examples_6.0.20-6_all.deb 7edf787c2cd30de293d9a4ec81ce7d6dda1c09f30f47a9d4458d09fa2409dc94 492128 tomcat6-docs_6.0.20-6_all.deb Files: 11b778aae3154cc0d4c6309bd573992e 1543 java optional tomcat6_6.0.20-6.dsc c5e03d86705fe0b782f03fcaa108a05a 21623 java optional tomcat6_6.0.20-6.diff.gz b5586d77c09cb8851d78e93b53ac6329 37630 java optional tomcat6-common_6.0.20-6_all.deb 5ab98c689a67f05d950a5635d5054dd1 26816 java optional tomcat6_6.0.20-6_all.deb e0cbec1ed8650b42aafa385a30151497 21886 java optional tomcat6-user_6.0.20-6_all.deb 711cefcbdebfd37f18ba3ce7e88ef43b 2915014 java optional libtomcat6-java_6.0.20-6_all.deb b18812ff90c1e75647b5450ef35e40b4 183428 java optional libservlet2.5-java_6.0.20-6_all.deb b829cf59963da0fa18072dd9b189355d 250960 doc optional libservlet2.5-java-doc_6.0.20-6_all.deb 72a84048d18db22f62e69ac37593e942 27972 java optional tomcat6-admin_6.0.20-6_all.deb 77ef31e03b0464f214131d5243a23d41 421320 java optional tomcat6-examples_6.0.20-6_all.deb b2b2405b09a19254d6e0d81f0106e1e3 492128 doc optional tomcat6-docs_6.0.20-6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkq8U1MACgkQWSOgCCdjSDuBdgCcCB98YEq9oAIV7upCsh07KM0R aWwAniLAxrlt3z2auXLTZSv9DF7MxhQo =gqj+ -----END PGP SIGNATURE-----
--- End Message ---
