tomcat (tomcat7) 7.0.32 is in Cauldron, so that one is OK there.

Ubuntu has issued an advisory on November 21:
http://www.ubuntu.com/usn/usn-1637-1/

This fixes CVE-2012-2733, as well as three that the upstream security pages fail to mention.  According to the CVE entries, they are fixed upstream in 5.5.36, 6.0.36, and 7.0.30.  They are CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887.

Fedora has issued an advisory on December 11:
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094893.html

This references the ones listed upstream as fixed in tomcat7.

Another LWN link with the other CVEs for tomcat7:
http://lwn.net/Vulnerabilities/529883/

OpenSuSE has issued advisories for tomcat6 and tomcat7 on December 27:
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

The advisories come with this note:

   - document how to protect against slowloris DoS
   (CVE-2012-5568/bnc#791679) in README.SUSE

That CVE hasn't previously been referenced (even on upstream's security pages), and is tracked here:
http://lwn.net/Vulnerabilities/530910/

I added apache-mod_antiloris to mandriva contrib in 2009 to mitigate slowloris. It could be worthwhile importing it to Mageia I guess.

tomcat6-6.0.36-1.mga3 and tomcat5-5.5.31-9.mga3 builds fine for me (mga2), but not in cauldron. I hope someone can look at that.

tomcat5-5.5.31-9.mga3:
- P107: security fix for CVE-2012-3439 (upstream)

tomcat6-6.0.36-1.mga3:
- 6.0.36 (fixes CVE-2012-2733, CVE-2012-3439, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534)

Packages has been submitted to mga2, updates_testing:

tomcat5-5.5.31-6.1.mga2:
- P107: security fix for CVE-2012-3439 (upstream)

tomcat6-6.0.35-4.1.mga2:
- P4: security fix for CVE-2012-4534 (upstream)
- P5: security fix for CVE-2012-4431 (upstream)
- P6: security fix for CVE-2012-3546 (upstream)
- P7: security fix for CVE-2012-3439 (upstream)
- P8: security fix for CVE-2012-2733 (upstream)

Packages built so far for Mageia 2:
tomcat5-5.5.31-6.2.mga2
tomcat5-webapps-5.5.31-6.2.mga2
tomcat5-admin-webapps-5.5.31-6.2.mga2
tomcat5-servlet-2.4-api-5.5.31-6.2.mga2
tomcat5-servlet-2.4-api-javadoc-5.5.31-6.2.mga2
tomcat5-jsp-2.0-api-5.5.31-6.2.mga2
tomcat5-jsp-2.0-api-javadoc-5.5.31-6.2.mga2
tomcat5-common-lib-5.5.31-6.2.mga2
tomcat5-server-lib-5.5.31-6.2.mga2
tomcat5-jasper-5.5.31-6.2.mga2
tomcat5-jasper-javadoc-5.5.31-6.2.mga2
tomcat5-jasper-eclipse-5.5.31-6.2.mga2
tomcat6-6.0.35-4.2.mga2
tomcat6-admin-webapps-6.0.35-4.2.mga2
tomcat6-docs-webapp-6.0.35-4.2.mga2
tomcat6-javadoc-6.0.35-4.2.mga2
tomcat6-jsp-2.1-api-6.0.35-4.2.mga2
tomcat6-lib-6.0.35-4.2.mga2
tomcat6-servlet-2.5-api-6.0.35-4.2.mga2
tomcat6-el-2.1-api-6.0.35-4.2.mga2
tomcat6-webapps-6.0.35-4.2.mga2

Still needed:
- tomcat5 and tomcat6 in Cauldron (won't build)
- tomcat (aka tomcat 7) in Mageia 2

build fixed in cauldron for tomcat5 and 6

new tomcat pushed in mageia2

Thanks D Morgan!  Assigning to QA.

Advisory to come later (any help with that is welcome).

Packages built:
tomcat5-5.5.31-6.2.mga2
tomcat5-webapps-5.5.31-6.2.mga2
tomcat5-admin-webapps-5.5.31-6.2.mga2
tomcat5-servlet-2.4-api-5.5.31-6.2.mga2
tomcat5-servlet-2.4-api-javadoc-5.5.31-6.2.mga2
tomcat5-jsp-2.0-api-5.5.31-6.2.mga2
tomcat5-jsp-2.0-api-javadoc-5.5.31-6.2.mga2
tomcat5-common-lib-5.5.31-6.2.mga2
tomcat5-server-lib-5.5.31-6.2.mga2
tomcat5-jasper-5.5.31-6.2.mga2
tomcat5-jasper-javadoc-5.5.31-6.2.mga2
tomcat5-jasper-eclipse-5.5.31-6.2.mga2
tomcat6-6.0.35-4.2.mga2
tomcat6-admin-webapps-6.0.35-4.2.mga2
tomcat6-docs-webapp-6.0.35-4.2.mga2
tomcat6-javadoc-6.0.35-4.2.mga2
tomcat6-jsp-2.1-api-6.0.35-4.2.mga2
tomcat6-lib-6.0.35-4.2.mga2
tomcat6-servlet-2.5-api-6.0.35-4.2.mga2
tomcat6-el-2.1-api-6.0.35-4.2.mga2
tomcat6-webapps-6.0.35-4.2.mga2
tomcat-7.0.32-3.mga2
tomcat-admin-webapps-7.0.32-3.mga2
tomcat-docs-webapp-7.0.32-3.mga2
tomcat-javadoc-7.0.32-3.mga2
tomcat-systemv-7.0.32-3.mga2
tomcat-jsvc-7.0.32-3.mga2
tomcat-jsp-2.2-api-7.0.32-3.mga2
tomcat-lib-7.0.32-3.mga2
tomcat-servlet-3.0-api-7.0.32-3.mga2
tomcat-el-2.2-api-7.0.32-3.mga2
tomcat-webapps-7.0.32-3.mga2

from SRPMS:
tomcat5-5.5.31-6.2.mga2.src.rpm
tomcat6-6.0.35-4.2.mga2.src.rpm
tomcat-7.0.32-3.mga2.src.rpm

CC: (none) => dmorganec
Version: Cauldron => 2
Assignee: dmorganec => qa-bugs
Whiteboard: MGA2TOO => (none)

This should be simple to test..

Tomcat5
-------
Download the sample hello world webapp from
http://tomcat.apache.org/tomcat-5.5-doc/appdev/sample/sample.war into
/usr/share/tomcat5/webapps/

accessed http://localhost:8080/sample

Tomcat6
-------
Test using 
http://tomcat.apache.org/tomcat-6.0-doc/appdev/sample/sample.war
downloaded to /var/lib/tomcat6/webapps, and
http://localhost:8080/sample/

Tomcat7
-------
http://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/sample.war

Not sure the directory name to put this, it could be tomcat7/webapps or just tomcat/webapps. This is the first update for tomcat7. Whichever exists.

Browse it at http://localhost:8080/sample/

Whiteboard: (none) => has_procedure

Adding bug 2317

----------------------------------------
Running checks for "tomcat" using media
"Core Release" and "Core Updates Testing".
----------------------------------------
Mageia release 2 (Official) for i586
Latest version found in "Core Release" is tomcat-7.0.23-4.mga2
Latest version found in "Core Updates Testing" is tomcat-7.0.32-3.mga2
----------------------------------------
The following packages will require linking:

java-1.5.0-gcj-1.5.0.0-17.1.24.mga2 (Core Release)
----------------------------------------

Depends on: (none) => 2317

OK, here are the advisories.

We haven't addressed CVE-2012-5568, so we'll need a new bug for that one.

Advisory (tomcat5):
========================

Updated tomcat5 package fixes security vulnerabilities:

The replay-countermeasure functionality in the HTTP Digest Access
Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x
before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
values instead of nonce (aka server nonce) and nc (aka nonce-count) values,
which makes it easier for remote attackers to bypass intended access
restrictions by sniffing the network for valid requests (CVE-2012-5885).

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information
about the authenticated user within the session state, which makes it easier
for remote attackers to bypass authentication via vectors related to the
session ID (CVE-2012-5886).

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly
check for stale nonce values in conjunction with enforcement of proper
credentials, which makes it easier for remote attackers to bypass intended
access restrictions by sniffing the network for valid requests
(CVE-2012-5887).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
http://tomcat.apache.org/security-5.html
========================

Updated packages in core/updates_testing:
========================
tomcat5-5.5.31-6.2.mga2
tomcat5-webapps-5.5.31-6.2.mga2
tomcat5-admin-webapps-5.5.31-6.2.mga2
tomcat5-servlet-2.4-api-5.5.31-6.2.mga2
tomcat5-servlet-2.4-api-javadoc-5.5.31-6.2.mga2
tomcat5-jsp-2.0-api-5.5.31-6.2.mga2
tomcat5-jsp-2.0-api-javadoc-5.5.31-6.2.mga2
tomcat5-common-lib-5.5.31-6.2.mga2
tomcat5-server-lib-5.5.31-6.2.mga2
tomcat5-jasper-5.5.31-6.2.mga2
tomcat5-jasper-javadoc-5.5.31-6.2.mga2
tomcat5-jasper-eclipse-5.5.31-6.2.mga2

from tomcat5-5.5.31-6.2.mga2.src.rpm

Advisory (tomcat6):
========================

Updated tomcat6 package fixes security vulnerabilities:

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO
connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not
properly restrict the request-header size, which allows remote attackers to
cause a denial of service (memory consumption) via a large amount of header
data (CVE-2012-2733).

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36
and 7.x before 7.0.30, when FORM authentication is used, allows remote
attackers to bypass security-constraint checks by leveraging a previous
setUserPrincipal call and then placing /j_security_check at the end of a
URI (CVE-2012-3546).

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x
before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the
cross-site request forgery (CSRF) protection mechanism via a request that
lacks a session identifier (CVE-2012-4431).

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction
with sendfile and HTTPS, allows remote attackers to cause a denial of
service (infinite loop) by terminating the connection during the reading of
a response (CVE-2012-4534).

The replay-countermeasure functionality in the HTTP Digest Access
Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x
before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
values instead of nonce (aka server nonce) and nc (aka nonce-count) values,
which makes it easier for remote attackers to bypass intended access
restrictions by sniffing the network for valid requests (CVE-2012-5885).

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information
about the authenticated user within the session state, which makes it easier
for remote attackers to bypass authentication via vectors related to the
session ID (CVE-2012-5886).

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly
check for stale nonce values in conjunction with enforcement of proper
credentials, which makes it easier for remote attackers to bypass intended
access restrictions by sniffing the network for valid requests
(CVE-2012-5887).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
http://tomcat.apache.org/security-6.html
http://www.ubuntu.com/usn/usn-1637-1/
========================

Updated packages in core/updates_testing:
========================
tomcat6-6.0.35-4.2.mga2
tomcat6-admin-webapps-6.0.35-4.2.mga2
tomcat6-docs-webapp-6.0.35-4.2.mga2
tomcat6-javadoc-6.0.35-4.2.mga2
tomcat6-jsp-2.1-api-6.0.35-4.2.mga2
tomcat6-lib-6.0.35-4.2.mga2
tomcat6-servlet-2.5-api-6.0.35-4.2.mga2
tomcat6-el-2.1-api-6.0.35-4.2.mga2
tomcat6-webapps-6.0.35-4.2.mga2

from tomcat6-6.0.35-4.2.mga2.src.rpm

Advisory (tomcat aka tomcat7):
========================

Updated tomcat package fixes security vulnerabilities:

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO
connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not
properly restrict the request-header size, which allows remote attackers to
cause a denial of service (memory consumption) via a large amount of header
data (CVE-2012-2733).

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36
and 7.x before 7.0.30, when FORM authentication is used, allows remote
attackers to bypass security-constraint checks by leveraging a previous
setUserPrincipal call and then placing /j_security_check at the end of a
URI (CVE-2012-3546).

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x
before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the
cross-site request forgery (CSRF) protection mechanism via a request that
lacks a session identifier (CVE-2012-4431).

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction
with sendfile and HTTPS, allows remote attackers to cause a denial of
service (infinite loop) by terminating the connection during the reading of
a response (CVE-2012-4534).

The replay-countermeasure functionality in the HTTP Digest Access
Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x
before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
values instead of nonce (aka server nonce) and nc (aka nonce-count) values,
which makes it easier for remote attackers to bypass intended access
restrictions by sniffing the network for valid requests (CVE-2012-5885).

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information
about the authenticated user within the session state, which makes it easier
for remote attackers to bypass authentication via vectors related to the
session ID (CVE-2012-5886).

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x
before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly
check for stale nonce values in conjunction with enforcement of proper
credentials, which makes it easier for remote attackers to bypass intended
access restrictions by sniffing the network for valid requests
(CVE-2012-5887).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
http://tomcat.apache.org/security-7.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094893.html
========================

Updated packages in core/updates_testing:
========================
tomcat-7.0.32-3.mga2
tomcat-admin-webapps-7.0.32-3.mga2
tomcat-docs-webapp-7.0.32-3.mga2
tomcat-javadoc-7.0.32-3.mga2
tomcat-systemv-7.0.32-3.mga2
tomcat-jsvc-7.0.32-3.mga2
tomcat-jsp-2.2-api-7.0.32-3.mga2
tomcat-lib-7.0.32-3.mga2
tomcat-servlet-3.0-api-7.0.32-3.mga2
tomcat-el-2.2-api-7.0.32-3.mga2
tomcat-webapps-7.0.32-3.mga2

from tomcat-7.0.32-3.mga2.src.rpm

All SuSE did for CVE-2012-5568 is add this in the equivalent of the README.urpmi file:
https://build.opensuse.org/package/view_file?expand=1&file=README.SUSE.in&package=tomcat6.openSUSE_12.1_Update&project=home%3Amvyskocil%3Abranches%3AOBS_Maintained%3Atomcat6

Testing mga2 64

It seems tomcat comes with the sample and examples now so no need to download anything.

Tomcat 7
--------
# urpmi tomcat tomcat-webapps tomcat-admin-webapps

Edit /etc/tomcat/tomcat-users.xml and uncomment the users, adding manager-gui role to one of them.

# systemctl start tomcat.service

Browse http://localhost:8080/sample and http://localhost:8080/examples and click the links.

Also browse http://localhost:8080 and log into the 'manager app' with the credentials just configured with manager-gui role.

All seems ok


Tomcat 6
--------
Same procedure

# service tomcat6 start

Same testing, all OK.


Tomcat 5
--------

Before
Installs tomcat6-jsp-2.1-api & tomcat6-servlet-2.5-api from Updates. I seem to remember this was a workaround from a previous update.

    17/17: tomcat5-admin-webapps ###############################################
find: `/var/lib/tomcat5/server/webapps/admin/WEB-INF/lib': No such file or directory
/usr/bin/build-jar-repository: error: /var/lib/tomcat5/server/webapps/admin/WEB-INF/lib must be a writable directory
/usr/bin/build-jar-repository: error: Could not find commons-fileupload Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm
warning: %post(tomcat5-admin-webapps-0:5.5.31-6.mga2.noarch) scriptlet failed, exit status 7


Permissions problems, this is an old issue :\


After
It does install tomcat5 jsp & servlet packages but still installs tomcat6 packages if installed from fresh.

Also still the permissions error.

Preparing...                     ###############################################
      1/8: tomcat5-servlet-2.4-api
                                 ###############################################
      2/8: tomcat5-jasper        ###############################################
      3/8: tomcat5-server-lib    ###############################################
      4/8: tomcat5-jsp-2.0-api   ###############################################
      5/8: tomcat5-common-lib    ###############################################
      6/8: tomcat5               ###############################################
      7/8: tomcat5-admin-webapps ###############################################
find: `/var/lib/tomcat5/server/webapps/admin/WEB-INF/lib': No such file or directory
/usr/bin/build-jar-repository: error: /var/lib/tomcat5/server/webapps/admin/WEB-INF/lib must be a writable directory
/usr/bin/build-jar-repository: error: Could not find commons-fileupload Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm
warning: %post(tomcat5-admin-webapps-0:5.5.31-6.2.mga2.noarch) scriptlet failed, exit status 7
      8/8: tomcat5-webapps       ###############################################


# ll -d /var/lib/tomcat5/server/webapps/admin/WEB-INF
drwxr-x--- 2 root tomcat 4096 Dec 31 12:52 /var/lib/tomcat5/server/webapps/admin/WEB-INF

No write perms for group, the directory is empty.


Removing completely and reinstalling doesn't cure the problem

# urpme tomcat -a
# rm -rf /var/lib/tomcat5
# urpmi tomcat5 tomcat5-webapps tomcat5-admin-webapps

Installs the two tomcat6 packages from updates testing aswell as the tomcat5 equivalents and has the same permissions problem.

We've had permission problems with tomcat in the past too.

Whiteboard: has_procedure => has_procedure feedback

We could split the bug if it's difficult to fix.

Previous was bug 3099 on mga1 where there was a permissions issue with a different directory. If there is no fix it could maybe be resolved in the same way.

Should we split this bug to allow tomcat 6 & 7 to be pushed?

Bug 8692 filed for tomcat6 and tomcat (tomcat7).

Tomcat 6 & 7 validated in bug 8692

Please use this bug for tomcat5 only now. Thanks!

Summary: tomcat5, tomcat6, tomcat (tomcat7) new security issues fixed upstream => tomcat5, tomcat6, tomcat (tomcat7) new security issues fixed upstream [now just tomcat5]

Assigning dmorgan, please reassign to QA when you've had a chance to look at this.

Thanks.

CC: (none) => qa-bugs
Assignee: qa-bugs => dmorganec

please test new rpm

Assigning back to QA.

The advisory is the first one in Comment 15.  If anyone wants to add a note into it about the permissions issue that was fixed, feel free :o)

Package list:
tomcat5-5.5.31-6.3.mga2
tomcat5-webapps-5.5.31-6.3.mga2
tomcat5-admin-webapps-5.5.31-6.3.mga2
tomcat5-servlet-2.4-api-5.5.31-6.3.mga2
tomcat5-servlet-2.4-api-javadoc-5.5.31-6.3.mga2
tomcat5-jsp-2.0-api-5.5.31-6.3.mga2
tomcat5-jsp-2.0-api-javadoc-5.5.31-6.3.mga2
tomcat5-common-lib-5.5.31-6.3.mga2
tomcat5-server-lib-5.5.31-6.3.mga2
tomcat5-jasper-5.5.31-6.3.mga2
tomcat5-jasper-javadoc-5.5.31-6.3.mga2
tomcat5-jasper-eclipse-5.5.31-6.3.mga2

from tomcat5-5.5.31-6.3.mga2.src.rpm

Assignee: dmorganec => qa-bugs

One problem fixed \o/

new problem :\

      9/9: tomcat5-admin-webapps ###############################################
/usr/bin/build-jar-repository: error: Could not find struts Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm
/usr/bin/build-jar-repository: error: Could not find commons-fileupload Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm
warning: %post(tomcat5-admin-webapps-0:5.5.31-6.3.mga2.noarch) scriptlet failed, exit status 7

The commons fileupload is cured by installing apache-commons-fileupload

9/9: tomcat5-admin-webapps ###############################################
/usr/bin/build-jar-repository: error: Could not find struts Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm

Struts is an extra 208 packages, is it necessary too?

yes struts is necessary. 

Please test new rpm

The advisory is the first one in Comment 15.  If anyone wants to add a note into it about the permissions or requirements issues that were fixed, feel free :o)

Package list:
tomcat5-5.5.31-6.4.mga2
tomcat5-webapps-5.5.31-6.4.mga2
tomcat5-admin-webapps-5.5.31-6.4.mga2
tomcat5-servlet-2.4-api-5.5.31-6.4.mga2
tomcat5-servlet-2.4-api-javadoc-5.5.31-6.4.mga2
tomcat5-jsp-2.0-api-5.5.31-6.4.mga2
tomcat5-jsp-2.0-api-javadoc-5.5.31-6.4.mga2
tomcat5-common-lib-5.5.31-6.4.mga2
tomcat5-server-lib-5.5.31-6.4.mga2
tomcat5-jasper-5.5.31-6.4.mga2
tomcat5-jasper-javadoc-5.5.31-6.4.mga2
tomcat5-jasper-eclipse-5.5.31-6.4.mga2

from tomcat5-5.5.31-6.4.mga2.src.rpm

Whiteboard: has_procedure feedback => has_procedure

Testing mga2 64

This cures the problems with installation but the service doesn't start

# service tomcat5 start
Starting tomcat5 (via systemctl):  Job failed. See system journal and 'systemctl status' for details.
                                                                  [FAILED]
# systemctl status tomcat5.service 
tomcat5.service - LSB: start and stop tomcat
          Loaded: loaded (/etc/rc.d/init.d/tomcat5)
          Active: failed (Result: exit-code) since Wed, 13 Mar 2013 16:27:19 +0000; 14s ago
         Process: 17326 ExecStart=/etc/rc.d/init.d/tomcat5 start (code=exited, status=127)
          CGroup: name=systemd:/system/tomcat5.service

# tail /var/log/syslog
systemd[1]: tomcat5.service: control process exited, code=exited status=127
tomcat5[17326]: Starting tomcat5: [FAILED]
systemd[1]: Unit tomcat5.service entered failed state.

/var/log/tomcat5/catalina.out shows..
su: /bin/nologin: No such file or directory

Assigning dmorgan again (sorry!)

Please reassign to QA when you have a chance to take a look

Thanks

Assignee: qa-bugs => dmorganec
Whiteboard: has_procedure feedback => has_procedure

Closing this now due to Mageia 2 EOL.

http://blog.mageia.org/en/2013/11/21/farewell-mageia-2/

Status: NEW => RESOLVED
Resolution: (none) => OLD
QA Contact: (none) => security