Bug#691865: tomcat7: catalina.properties use hard references to /var/lib/tomcat7/

H.-Dirk Schmitt dirk at computer42.org
Tue Oct 30 14:03:20 UTC 2012 

Package: tomcat7
Version: 7.0.26-1ubuntu1.1
Severity: normal

The file /usr/share/tomcat7/skel/conf/catalina.properties (and also /etc/tomcat7/catalina.properties) has hard references to /var/lib/tomcat7/.

If /var/lib/tomcat7/{common,server,shared} contains a jar for one tomcat7 instance, this leaks to all other installations.

To avoid this problem the property reference ${catalina.base} should be used.
A second tomcat instance can now set $CATALINA_BASE to something else
(as /var/lib/tomcat7).

A corrected version of the catalina.properties is attached.

I have checked manually that the problematic catalina.properties is also in
tomcat7 package in sid (7.0.28-3).


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-backports'), (500, 'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tomcat7 depends on:
ii  adduser                3.113ubuntu2
ii  debconf [debconf-2.0]  1.5.42ubuntu1
ii  tomcat7-common         7.0.26-1ubuntu1.1
ii  ucf                    3.0025+nmu2ubuntu1

Versions of packages tomcat7 recommends:
pn  authbind  <none>

Versions of packages tomcat7 suggests:
ii  libtcnative-1     1.1.22-1build1
ii  tomcat7-admin     7.0.26-1ubuntu1.1
ii  tomcat7-docs      7.0.26-1ubuntu1.1
ii  tomcat7-examples  <none>
ii  tomcat7-user      7.0.26-1ubuntu1.1

-- Configuration Files:
/etc/logrotate.d/tomcat7 changed:
/var/log/tomcat7/catalina.out {
  copytruncate
  weekly
  rotate 52
  compress
  missingok
  create 640 tomcat7 adm
}

/etc/tomcat7/catalina.properties changed:
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.base}/common/classes,${catalina.base}/common/*.jar
server.loader=${catalina.base}/server/classes,${catalina.base}/server/*.jar
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/*.jar
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,\
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
jasper.jar,jasper-el.jar,ecj-*.jar,\
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
tomcat-jdbc.jar,\
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
commons-math*.jar,commons-pool*.jar,\
jstl.jar,\
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
dnsns.jar,ldapsec.jar,localedata.jar,sunjce_provider.jar,sunmscapi.jar,\
sunpkcs11.jar,jhall.jar,tools.jar,\
sunec.jar,zipfs.jar,\
apple_provider.jar,AppleScriptEngine.jar,CoreAudio.jar,dns_sd.jar,\
j3daudio.jar,j3dcore.jar,j3dutils.jar,jai_core.jar,jai_codec.jar,\
mlibwrapper_jai.jar,MRJToolkit.jar,vecmath.jar,\
junit.jar,junit-*.jar,ant-launcher.jar
tomcat.util.buf.StringCache.byte.enabled=true

/etc/tomcat7/context.xml changed:
<?xml version='1.0' encoding='utf-8'?>
<!-- 
-->
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
    <!-- Default set of monitored resources -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>
	
    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
    <!--
    <Manager pathname="" />
    -->
    <!-- Uncomment this to enable Comet connection tacking (provides events
         on session expiration as well as webapp lifecycle) -->
    <!--
    <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
    -->
    <!-- FUNAMBOL -->
    <Resource name="jdbc/fnblds" auth="Container" type="javax.sql.DataSource"
              factory="com.funambol.server.db.DataSourceFactory"
    />
    <Resource name="jdbc/fnblcore" auth="Container" type="javax.sql.DataSource"
              factory="com.funambol.server.db.DataSourceFactory"
    />
    <Resource name="jdbc/fnbluser" auth="Container" type="javax.sql.DataSource"
              factory="com.funambol.server.db.DataSourceFactory"
    />
</Context>

/etc/tomcat7/logging.properties changed:
handlers = java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
.handlers = java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.transport = udp
com.agafua.syslog.SyslogHandler.facility = local5
com.agafua.syslog.SyslogHandler.port = 514
com.agafua.syslog.SyslogHandler.hostname = syslog.computer42.org
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = CONFIG

/etc/tomcat7/server.xml changed:
<?xml version="1.0" encoding="utf-8"?>
<!--
* $HeadURL: svn://svn.computer42.org:3691/c42CfgRepos/trunk/etc/c42CfgRepos/tomcat6/server.xml.garfield $
* $Revision: 1973 $ $Date: 2009-05-22 20:28:52 +0200 (Fri, 22. May 2009) $
* $Author: dirk $
-->
<Server port="8005" shutdown="SHUTDOWN">
  <!-- Security listener. Documentation at /docs/config/listeners.html
       <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
  <Listener className="org.apache.catalina.core.JasperListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml"/>
  </GlobalNamingResources>
  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="443"/>
    <Connector port="8009" protocol="AJP/1.3" URIEncoding="UTF-8" redirectPort="8443"/>
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="odie-1">
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" requireReauthentication="true"/>
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="true"/>
      </Host>
    </Engine>
  </Service>
</Server>

/etc/tomcat7/tomcat-users.xml [Errno 13] Keine Berechtigung: u'/etc/tomcat7/tomcat-users.xml'

-- debconf information:
  tomcat7/groupname: tomcat7
  tomcat7/username: tomcat7
  tomcat7/javaopts: -Djava.awt.headless=true -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=128m -Xmx512m -Dfunambol.debug=false -Dfunambol.home=/opt/Funambol -Dfile.encoding=UTF-8

More information about the pkg-java-maintainers mailing list