In case someone decides to follow the security improvement in Fedora's Tomcat6 brought on by recent update to tomcat6-6.0.26-3 ( https://bugzilla.redhat.com/show_bug.cgi?id=640837 ) by changing /etc/passwd 'tomcat' user to /sbin/nologin instead of /bin/sh ... Making this change causes the openoffice server's startup ( xwiki/bin/view/XWiki/OfficeImporterAdmin ) to fail with message "Inadequate Privileges." Changing back to original login-allowing ~tomcat entry in /etc/passwd allows OOo server to startup correctly. ....................... see also https://bugzilla.redhat.com/show_bug.cgi?id=574593 https://bugzilla.redhat.com/show_bug.cgi?id=605335 https://bugzilla.redhat.com/show_bug.cgi?id=586364 tomcat6-6.0.26-3.fc12 (FEDORA-2010-16248) Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API -------------------------------------------------------------------------------- Update Information: * Includes security fix for cve-2010-2227. * Package updated to new upstream version tomcat-6.0.26 * commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of commons-collections, commons-pool, and commons-dbcp * Directory permissions fixed * tomcat user shell fixed -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 12 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-3 - resolves: rhbz#641102 * Thu Oct 7 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-1 - copied spec and patches from f13 to bring f12 up to date - with all tomcat6 fedora. * Mon Oct 4 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-10 - ant-nodeps is breaking the build. Put ant-nodeps on the - OPT_JAR_LIST * Fri Oct 1 2010 David Knox <dk...(a)rehat.com> 0:6.0.26-9 - Resolves rhbz#575341 - Additionally created instances of Tomcat - are broken * Fri Jul 2 2010 David Knox <dk...(a)rehat.com> 0:6.0.26-8 - LSB initscript compliance * Thu Jul 1 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-7 - Made elspec the standard for elspec %post and %postun. * Tue Jun 29 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-6 - Completed package and file sections. Added el-spec. Fixed - directory permission problems. * Thu May 6 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-5 - Working on 589145. Tomcat can't find java compiler for java. * Thu Apr 8 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-4 - Moved build-jar-repository to later in the install process. * Tue Apr 6 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-3 - Incremented the Release tag to 3 to avoid any confusion about which - is the most recent * Tue Apr 6 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-1 - Solved packaging problems involving taglibs-standard - Solved packaging problems involving jakarta-commons - Corrected Requires(post) to Requires and checked companion BuildRequires * Mon Mar 29 2010 David Knox <dk...(a)redhat.com> 0:6.0.26-2 - Update source to tomcat6.0.26 - Bugzilla 572357 - Please retest. - OSGi manifests for servlet-api and jsp-api * Fri Mar 26 2010 Mary Ellen Foster <mefos...(a)gmail.com> 0:6.0.24-2 - Add maven POMs and metadata - Link tomcat6-juli into /usr/share/java/tomcat6 * Mon Mar 1 2010 Alexander Kurtakov <akurt...(a)redhat.com> 0:6.0.24-1 - Update to 6.0.24. * Tue Dec 22 2009 Alexander Kurtakov <akurt...(a)redhat.com> 0:6.0.20-2 - Drop file requires on /usr/share/java/ecj.jar. -------------------------------------------------------------------------------- References: [ 1 ] Bug #612799 - CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header https://bugzilla.redhat.com/show_bug.cgi?id=612799 -------------------------------------------------------------------------------- Niels http://nielsmayer.com