[Bug 201527] devel/hadoop2: bundled version of tomcat is vulnerable, unnecessary
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 13 13:44:24 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201527
Bug ID: 201527
Summary: devel/hadoop2: bundled version of tomcat is
vulnerable, unnecessary
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: demon at FreeBSD.org
Reporter: feld at FreeBSD.org
Flags: maintainer-feedback?(demon at FreeBSD.org)
Assignee: demon at FreeBSD.org
hadoop2 bundles Tomcat 6.0.41 which is unnecessary and currently a security
vulnerability. You should be able to require www/tomcat6 as a RUN_DEPENDENCY
instead. Tomcat has the ability for different programs to share a single
installation via the use of CATALINA_HOME and CATALINA_BASE using something
like this:
CATALINA_HOME=${LOCALBASE}/apache-tomcat-6.0
CATALINA_BASE=${LOCALBASE}/share/hadoop/httpfs/tomcat
and for the kms part of the app:
CATALINA_BASE=${LOCALBASE}/share/hadoop/kms/tomcat
The CATALINA_HOME should point to the system-installed Tomcat and CATALINA_BASE
is where you want your own private {bin,conf,logs,temp,webapps,work} dirs. (bin
is usually only used if you want to supply a setenv.sh script to override any
ENVs internal to Tomcat)
I do not know how to run or test hadoop, but if you would like my assistance I
can help with this if you can do the testing.
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list