← Back to branch summary

~ubuntu-branches/ubuntu/raring/tomcat6/raring

« back to all changes in this revision

Viewing changes to debian/tomcat6.postinst

  • Committer: Package Import Robot
  • Author(s): tony mancill
  • Date: 2012-08-06 21:29:11 UTC
  • mfrom: (37.1.8 sid)
  • Revision ID: package-import@ubuntu.com-20120806212911-km3xfi4kw6426rf3
Tags: 6.0.35-5
http://bugs.debian.org/608286
http://bugs.debian.org/687818
* Apply patch to README.Debian to explain setting the HTTPOnly flag
  in cookies by default; CVE-2010-4312. (Closes: #608286)
  - Thank you to Thijs Kinkhorst for the patch.
* Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid
  updating the shipped conffile. (Closes: #687818)

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/tomcat6.postinst
4
4
. /usr/share/debconf/confmodule
5
5
TEMPLATE="/usr/share/tomcat6/defaults.template"
6
6
CONFFILE="/etc/default/tomcat6"
 
7
LR_TEMPLATE="/usr/share/tomcat6/logrotate.template"
 
8
LR_CONFFILE="/etc/logrotate.d/tomcat6"
7
9
JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC"
8
10
 
9
11
case "$1" in
36
38
        chown -R $TOMCAT6_USER:adm /var/log/tomcat6 /var/cache/tomcat6
37
39
        chmod 750 /var/log/tomcat6 /var/cache/tomcat6
38
40
 
39
 
  # replace the TOMCAT6USER token in /etc/logrotate.d/tomcat6 if it still contains the token
40
 
  LOGROTATE_TOKEN="@@@TOMCAT6USER@@@"
41
 
  if grep -q "$LOGROTATE_TOKEN" /etc/logrotate.d/tomcat6 ; then
42
 
    sed --in-place "s/$LOGROTATE_TOKEN/$TOMCAT6_USER/" /etc/logrotate.d/tomcat6
43
 
  fi
 
41
        # populate /etc/logrotate.d/tomcat6
 
42
        tmpfile=`mktemp /tmp/tomcat6.XXXXXXXXXX`
 
43
        chmod 644 $tmpfile
 
44
        cat $LR_TEMPLATE | sed "s%create 640 tomcat6 adm%create 640 $TOMCAT6_USER adm%" >> $tmpfile
 
45
        ucf --debconf-ok --sum-file /usr/share/tomcat6/logrotate.md5sum $tmpfile $LR_CONFFILE
 
46
        rm -f $tmpfile
44
47
 
45
48
        # configuration files should not be modifiable by tomcat6 user, as this can be a security issue
46
49
        # (an attacker may insert code in a webapp and have access to all tomcat configuration)