[tomcat8] 01/01: Fixed a privilege escalation when the package is purged (Closes: #845385)

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Fri Dec 2 09:33:52 UTC 2016 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch jessie
in repository tomcat8.

commit 4f321e73a19688d2605bf284b448c22ae02ddee0
Author: Emmanuel Bourg <ebourg at apache.org>
Date:   Fri Dec 2 10:27:10 2016 +0100

    Fixed a privilege escalation when the package is purged (Closes: #845385)
---
 debian/changelog         | 4 +++-
 debian/tomcat8.postrm.in | 3 ---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e26eb9c..8c45cb1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,8 +25,10 @@ tomcat8 (8.0.14-1+deb8u5) UNRELEASED; urgency=medium
   * Added asm-all.jar to the test classpath to fix TestWebappServiceLoader
   * Fixed a test failure in the new TestNamingContext test added with the fix
     for CVE-2016-6797
-  * Fixed a privilege escalation when the package is upgraded.
+  * Fixed a potential privilege escalation when the tomcat8 package is upgraded.
     Thanks to Paul Szabo for the report (Closes: #845393)
+  * Fixed a potential privilege escalation when the tomcat8 package is purged.
+    Thanks to Paul Szabo for the report (Closes: #845385)
   * Test failures are no longer ignored and now stop the build
 
  -- Emmanuel Bourg <ebourg at apache.org>  Tue, 22 Nov 2016 23:21:56 +0100
diff --git a/debian/tomcat8.postrm.in b/debian/tomcat8.postrm.in
index d25ce11..d70d5e7 100644
--- a/debian/tomcat8.postrm.in
+++ b/debian/tomcat8.postrm.in
@@ -64,9 +64,6 @@ case "$1" in
           /etc/tomcat8/Catalina/localhost /etc/tomcat8/Catalina /etc/tomcat8
         # clean up /etc/authbind after conffiles have been removed
         rmdir --ignore-fail-on-non-empty /etc/authbind/byuid /etc/authbind
-        # Put all files owned by group tomcat8 back into root group before deleting
-        # the tomcat8 user and group
-        chown -Rhf root:root /etc/tomcat8/ || true
         # Remove user/group and log files (don't remove everything under
         # /var/lib/tomcat8 because there might be user-installed webapps)
         db_get tomcat8/username && TOMCAT8_USER="$RET" || TOMCAT8_USER="tomcat8"

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git

More information about the pkg-java-commits mailing list