Date: Mon, 13 Jul 2015 13:44:24 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201527] devel/hadoop2: bundled version of tomcat is vulnerable, unnecessary Message-ID: <bug-201527-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201527 Bug ID: 201527 Summary: devel/hadoop2: bundled version of tomcat is vulnerable, unnecessary Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: demon@FreeBSD.org Reporter: feld@FreeBSD.org Flags: maintainer-feedback?(demon@FreeBSD.org) Assignee: demon@FreeBSD.org hadoop2 bundles Tomcat 6.0.41 which is unnecessary and currently a security vulnerability. You should be able to require www/tomcat6 as a RUN_DEPENDENCY instead. Tomcat has the ability for different programs to share a single installation via the use of CATALINA_HOME and CATALINA_BASE using something like this: CATALINA_HOME=${LOCALBASE}/apache-tomcat-6.0 CATALINA_BASE=${LOCALBASE}/share/hadoop/httpfs/tomcat and for the kms part of the app: CATALINA_BASE=${LOCALBASE}/share/hadoop/kms/tomcat The CATALINA_HOME should point to the system-installed Tomcat and CATALINA_BASE is where you want your own private {bin,conf,logs,temp,webapps,work} dirs. (bin is usually only used if you want to supply a setenv.sh script to override any ENVs internal to Tomcat) I do not know how to run or test hadoop, but if you would like my assistance I can help with this if you can do the testing. Thanks! -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201527-13>