From 5ecf70c42f9bb3435e8fdf368fee638b554b6ceb Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 10 2018 05:51:23 +0000
Subject: import tomcat-7.0.76-6.el7


---

diff --git a/SOURCES/tomcat-7.0.service b/SOURCES/tomcat-7.0.service
index 2b20aa0..832e7c6 100644
--- a/SOURCES/tomcat-7.0.service
+++ b/SOURCES/tomcat-7.0.service
@@ -15,8 +15,6 @@ EnvironmentFile=-/etc/sysconfig/tomcat
 ExecStart=/usr/libexec/tomcat/server start
 SuccessExitStatus=143
 User=tomcat
-Group=tomcat
-
 
 [Install]
 WantedBy=multi-user.target
diff --git a/SOURCES/tomcat-named.service b/SOURCES/tomcat-named.service
index 9bbcb17..2998060 100644
--- a/SOURCES/tomcat-named.service
+++ b/SOURCES/tomcat-named.service
@@ -19,8 +19,6 @@ ExecStart=/usr/libexec/tomcat/server start
 ExecStop=/usr/libexec/tomcat/server stop
 SuccessExitStatus=143
 User=tomcat
-Group=tomcat
 
 [Install]
 WantedBy=multi-user.target
-
diff --git a/SPECS/tomcat.spec b/SPECS/tomcat.spec
index 493f3b3..7a5ff00 100644
--- a/SPECS/tomcat.spec
+++ b/SPECS/tomcat.spec
@@ -35,7 +35,7 @@
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 3.0
 %global elspec 2.2
-%global tcuid 91
+%global tcuid 53
 
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir %{_var}/lib/%{name}
@@ -54,7 +54,7 @@
 Name:          tomcat
 Epoch:         0
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       3%{?dist}
+Release:       6%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 Group:         System Environment/Daemons
@@ -512,9 +512,14 @@ done
 
 %pre
 # add the tomcat user and group
-%{_sbindir}/groupadd -g %{tcuid} -r tomcat 2>/dev/null || :
-%{_sbindir}/useradd -c "Apache Tomcat" -u %{tcuid} -g tomcat \
-    -s /sbin/nologin -r -d %{homedir} tomcat 2>/dev/null || :
+getent group tomcat >/dev/null || %{_sbindir}/groupadd -f -g %{tcuid} -r tomcat
+if ! getent passwd tomcat >/dev/null ; then
+    if ! getent passwd %{tcuid} >/dev/null ; then
+        %{_sbindir}/useradd -r -u %{tcuid} -g tomcat -d %{homedir} -s /sbin/nologin -c "Apache Tomcat" tomcat
+        # Tomcat uses a reserved ID, so there should never be an else
+    fi
+fi
+exit 0
 
 %post
 # install but don't activate
@@ -683,10 +688,17 @@ fi
 %attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
 
 %changelog
-* Thu Oct 12 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-3
-- Resolves: rhbz#1498344 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
-- Resolves: rhbz#1495654 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
-- Resolves: rhbz#1470596 CVE-2017-5647 Add follow up revision
+* Wed Nov 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-6
+- Related: rhbz#1505762 Remove erroneous useradd
+
+* Tue Nov 07 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-5
+- Resolves: rhbz#1485453 man page uid and gid mismatch for service accounts
+- Resolves: rhbz#1505762 Problem to start tomcat with a user whose group has a name different to the user
+
+* Mon Nov 06 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-3
+- Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
+- Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
+- Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision
 
 * Thu Jun 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-2
 - Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism