[tomcat8] 01/01: Fixed a privilege escalation when the package is upgraded (Closes: #845393)
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Fri Dec 2 09:14:42 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch jessie
in repository tomcat8.
commit d28c720ec76f020d4a4865931a58aba47f8bfc6b
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Fri Dec 2 10:10:18 2016 +0100
Fixed a privilege escalation when the package is upgraded (Closes: #845393)
---
debian/changelog | 2 ++
debian/rules | 6 ++++++
debian/tomcat8.postinst | 2 +-
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 6343228..e26eb9c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,8 @@ tomcat8 (8.0.14-1+deb8u5) UNRELEASED; urgency=medium
* Added asm-all.jar to the test classpath to fix TestWebappServiceLoader
* Fixed a test failure in the new TestNamingContext test added with the fix
for CVE-2016-6797
+ * Fixed a privilege escalation when the package is upgraded.
+ Thanks to Paul Szabo for the report (Closes: #845393)
* Test failures are no longer ignored and now stop the build
-- Emmanuel Bourg <ebourg at apache.org> Tue, 22 Nov 2016 23:21:56 +0100
diff --git a/debian/rules b/debian/rules
index 07f3025..16d4dee 100755
--- a/debian/rules
+++ b/debian/rules
@@ -134,6 +134,12 @@ binary-indep: build install
jh_manifest
dh_compress
dh_fixperms
+
+ # Make the/etc/tomcat8/Catalina/localhost directory writable by the tomcat user
+ for PACKAGE in tomcat8 tomcat8-admin tomcat8-docs tomcat8-examples; do \
+ chmod 775 --verbose debian/$$PACKAGE/etc/tomcat8/Catalina/localhost; \
+ done
+
dh_lintian
dh_installdeb
dh_gencontrol
diff --git a/debian/tomcat8.postinst b/debian/tomcat8.postinst
index 20e73c7..6f5d1b9 100644
--- a/debian/tomcat8.postinst
+++ b/debian/tomcat8.postinst
@@ -69,7 +69,7 @@ case "$1" in
chown -Rh $TOMCAT8_USER:$TOMCAT8_GROUP /var/lib/tomcat8/webapps /var/lib/tomcat8/lib
chmod 775 /var/lib/tomcat8/webapps
- chmod 775 /etc/tomcat8/Catalina /etc/tomcat8/Catalina/localhost
+ chmod 775 /etc/tomcat8/Catalina
# Authorize user tomcat8 to open privileged ports via authbind.
TOMCAT_UID="`id -u $TOMCAT8_USER`"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list