|Summary:||www-servers/tomcat-6.0.18-r2 overwrites sensitive Files in webapps/ROOT|
|Product:||Gentoo Linux||Reporter:||Phillip Merensky <gentoo>|
|Component:||New packages||Assignee:||Java team <java>|
|Package list:||Runtime testing required:||---|
Description Phillip Merensky 2009-02-02 12:21:58 UTC
The Ebuild silently overwrites ROOT/WEB-INF/web.xml, ROOT/favicon.ico and maybe other files in a ROOT application. Reproducible: Always Steps to Reproduce: 1. Install Tomcat 6 with a ROOT Web application present 2. web.xml and favicon.ico will be overwritten 3. Actual Results: This is very dangerous, because your ROOT web application will not work any longer if your ROOT/WEB-INF/web.xml is different than the default one (which it obviously is in most cases). Expected Results: The Ebuild must check if webapps/ROOT ist present and skip the copying if it is (see attachment). I am currently working on a solution which will be attached to this bug in the next hours.
Comment 1 Marijn Schouten (RETIRED) 2009-02-02 12:32:58 UTC
simply list the files in CONFIG_PROTECT?
Comment 2 Phillip Merensky 2009-02-02 13:03:13 UTC
This would be a solution for me personally. But in my opinion the ebuild should do this for the default webapps location. As I am new to Ebuild writing I do not know if there is a possibility to update CONFIG_PROTECT from an ebuild. Sensitive Files should not be overwritten automatically. Or am I wrong here?
Comment 3 Phillip Merensky 2009-02-02 13:50:29 UTC
Maybe 254526 would be the solution?
Comment 4 Mike Weissman 2009-02-02 15:42:19 UTC
This is a duplicate of bug#180519 I have been testing a fix for this in [java-experimental] tomcat-r4 has the fix. bug#254526 Does NOT contain the fix this this, that bug is dedicate for configuration for Netbeans. thanks, weisso