[pkg-java] r15472 - in trunk/tomcat6/debian: . patches
Tony Mancill
tmancill at alioth.debian.org
Tue Nov 29 05:29:51 UTC 2011
Author: tmancill
Date: 2011-11-29 05:29:50 +0000 (Tue, 29 Nov 2011)
New Revision: 15472
Removed:
trunk/tomcat6/debian/patches/0011-623242.patch
trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch
trunk/tomcat6/debian/patches/0014-CVE-2011-1184.patch
trunk/tomcat6/debian/patches/0015-CVE-2011-2526.patch
Modified:
trunk/tomcat6/debian/changelog
trunk/tomcat6/debian/control
trunk/tomcat6/debian/patches/series
trunk/tomcat6/debian/tomcat6.init
trunk/tomcat6/debian/watch
Log:
changes for 6.0.33-1 upload
Modified: trunk/tomcat6/debian/changelog
===================================================================
--- trunk/tomcat6/debian/changelog 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/changelog 2011-11-29 05:29:50 UTC (rev 15472)
@@ -1,11 +1,19 @@
-tomcat6 (6.0.32-8) UNRELEASED; urgency=low
+tomcat6 (6.0.33-1) unstable; urgency=low
* Team upload.
+ * New upstream release.
+ * Remove the following patches (included upstream):
+ - 0011-623242.patch
+ - 0012-CVE-2011-2204.patch
+ - 0015-CVE-2011-2526.patch
+ - 0014-CVE-2011-1184.patch
* Add patch for multi-instance startup. CATALINA_HOME no longer
depends on the instance $NAME. JVM_TMP is now $NAME-specific.
- Thank you to Julien Wajsberg. (Closes: #644365)
+ * Add dependency on JRE to tomcat6-common (Closes: #644340)
+ * Modify init script to look for JVM in /usr/lib/jvm/default-java
- -- tony mancill <tmancill at debian.org> Tue, 08 Nov 2011 13:41:40 -0800
+ -- tony mancill <tmancill at debian.org> Mon, 28 Nov 2011 21:28:52 -0800
tomcat6 (6.0.32-7) unstable; urgency=medium
Modified: trunk/tomcat6/debian/control
===================================================================
--- trunk/tomcat6/debian/control 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/control 2011-11-29 05:29:50 UTC (rev 15472)
@@ -14,7 +14,8 @@
Package: tomcat6-common
Architecture: all
-Depends: libtomcat6-java (>= ${source:Version}), ${misc:Depends}
+Depends: libtomcat6-java (>= ${source:Version}), ${misc:Depends},
+ default-jre-headless | java-5-runtime | java-6-runtime
Description: Servlet and JSP engine -- common files
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
Deleted: trunk/tomcat6/debian/patches/0011-623242.patch
===================================================================
--- trunk/tomcat6/debian/patches/0011-623242.patch 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/patches/0011-623242.patch 2011-11-29 05:29:50 UTC (rev 15472)
@@ -1,53 +0,0 @@
-From: tony mancill <tmancill at debian.org>
-Date: Mon Apr 18 20:44:47 PDT 2011
-Subject: Context parameters are being overridden with parameters from the web application deployment descriptor
-Source: upstream, http://svn.apache.org/viewvc?view=revision&revision=1080224
-Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=50700
-Forwarded: not-needed
-
---- a/java/org/apache/catalina/core/StandardContext.java 2011/03/10 13:52:10 1080223
-+++ b/java/org/apache/catalina/core/StandardContext.java 2011/03/10 13:52:41 1080224
-@@ -31,6 +31,7 @@
- import java.util.HashMap;
- import java.util.Hashtable;
- import java.util.Iterator;
-+import java.util.Map;
- import java.util.Stack;
- import java.util.TreeMap;
-
-@@ -4805,23 +4806,29 @@
- * the application parameters appropriately.
- */
- private void mergeParameters() {
-+ Map<String,String> mergedParams = new HashMap<String,String>();
-+
- String names[] = findParameters();
- for (int i = 0; i < names.length; i++) {
-- context.setInitParameter(names[i], findParameter(names[i]));
-+ mergedParams.put(names[i], findParameter(names[i]));
- }
-
- ApplicationParameter params[] = findApplicationParameters();
- for (int i = 0; i < params.length; i++) {
- if (params[i].getOverride()) {
-- if (context.getInitParameter(params[i].getName()) == null) {
-- context.setInitParameter(params[i].getName(),
-+ if (mergedParams.get(params[i].getName()) == null) {
-+ mergedParams.put(params[i].getName(),
- params[i].getValue());
- }
- } else {
-- context.setInitParameter(params[i].getName(),
-- params[i].getValue());
-+ mergedParams.put(params[i].getName(), params[i].getValue());
- }
- }
-+
-+ for (Map.Entry<String,String> entry : mergedParams.entrySet()) {
-+ context.setInitParameter(entry.getKey(), entry.getValue());
-+ }
-+
- }
-
-
-
Deleted: trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch
===================================================================
--- trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/patches/0012-CVE-2011-2204.patch 2011-11-29 05:29:50 UTC (rev 15472)
@@ -1,170 +0,0 @@
-From: tony mancill <tmancill at debian.org>
-Date: Wed Jul 06 21:21:17 PDT 2011
-Subject: CVE-2011-2204
-Source: upstream, http://svn.apache.org/viewvc?view=revision&revision=1140071
-Forwarded: not-needed
-
-Index: tc6.0.x/trunk/java/org/apache/catalina/users/MemoryUser.java
-===================================================================
---- a/java/org/apache/catalina/users/MemoryUser.java (revision 1140070)
-+++ b/java/org/apache/catalina/users/MemoryUser.java (revision 1140071)
-@@ -246,7 +246,7 @@
- * <code>username</code> or </code>name</code> for the username
- * property.</p>
- */
-- public String toString() {
-+ public String toXml() {
-
- StringBuffer sb = new StringBuffer("<user username=\"");
- sb.append(RequestUtil.filter(username));
-@@ -293,5 +293,52 @@
-
- }
-
-+ /**
-+ * <p>Return a String representation of this user.</p>
-+ */
-+ @Override
-+ public String toString() {
-
-+ StringBuilder sb = new StringBuilder("User username=\"");
-+ sb.append(RequestUtil.filter(username));
-+ sb.append("\"");
-+ if (fullName != null) {
-+ sb.append(", fullName=\"");
-+ sb.append(RequestUtil.filter(fullName));
-+ sb.append("\"");
-+ }
-+ synchronized (groups) {
-+ if (groups.size() > 0) {
-+ sb.append(", groups=\"");
-+ int n = 0;
-+ Iterator<Group> values = groups.iterator();
-+ while (values.hasNext()) {
-+ if (n > 0) {
-+ sb.append(',');
-+ }
-+ n++;
-+ sb.append(RequestUtil.filter(values.next().getGroupname()));
-+ }
-+ sb.append("\"");
-+ }
-+ }
-+ synchronized (roles) {
-+ if (roles.size() > 0) {
-+ sb.append(", roles=\"");
-+ int n = 0;
-+ Iterator<Role> values = roles.iterator();
-+ while (values.hasNext()) {
-+ if (n > 0) {
-+ sb.append(',');
-+ }
-+ n++;
-+ sb.append(RequestUtil.filter(values.next().getRolename()));
-+ }
-+ sb.append("\"");
-+ }
-+ }
-+ return (sb.toString());
-+ }
-+
-+
- }
-Index: tc6.0.x/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
-===================================================================
---- a/java/org/apache/catalina/users/MemoryUserDatabase.java (revision 1140070)
-+++ b/java/org/apache/catalina/users/MemoryUserDatabase.java (revision 1140071)
-@@ -549,7 +549,7 @@
- values = getUsers();
- while (values.hasNext()) {
- writer.print(" ");
-- writer.println(values.next());
-+ writer.println(((MemoryUser) values.next()).toXml());
- }
-
- // Print the file epilog
-Index: tc6.0.x/trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
-===================================================================
---- a/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java (revision 1140070)
-+++ b/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java (revision 1140071)
-@@ -180,7 +180,7 @@
- MBeanUtils.createMBean(group);
- } catch (Exception e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Exception creating group " + group + " MBean");
-+ ("Exception creating group [" + groupname + "] MBean");
- iae.initCause(e);
- throw iae;
- }
-@@ -203,7 +203,7 @@
- MBeanUtils.createMBean(role);
- } catch (Exception e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Exception creating role " + role + " MBean");
-+ ("Exception creating role [" + rolename + "] MBean");
- iae.initCause(e);
- throw iae;
- }
-@@ -228,7 +228,7 @@
- MBeanUtils.createMBean(user);
- } catch (Exception e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Exception creating user " + user + " MBean");
-+ ("Exception creating user [" + username + "] MBean");
- iae.initCause(e);
- throw iae;
- }
-@@ -256,7 +256,7 @@
- return (oname.toString());
- } catch (MalformedObjectNameException e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Cannot create object name for group " + group);
-+ ("Cannot create object name for group [" + groupname + "]");
- iae.initCause(e);
- throw iae;
- }
-@@ -283,7 +283,7 @@
- return (oname.toString());
- } catch (MalformedObjectNameException e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Cannot create object name for role " + role);
-+ ("Cannot create object name for role [" + rolename + "]");
- iae.initCause(e);
- throw iae;
- }
-@@ -310,7 +310,7 @@
- return (oname.toString());
- } catch (MalformedObjectNameException e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Cannot create object name for user " + user);
-+ ("Cannot create object name for user [" + username + "]");
- iae.initCause(e);
- throw iae;
- }
-@@ -335,7 +335,7 @@
- database.removeGroup(group);
- } catch (Exception e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Exception destroying group " + group + " MBean");
-+ ("Exception destroying group [" + groupname + "] MBean");
- iae.initCause(e);
- throw iae;
- }
-@@ -360,7 +360,7 @@
- database.removeRole(role);
- } catch (Exception e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Exception destroying role " + role + " MBean");
-+ ("Exception destroying role [" + rolename + "] MBean");
- iae.initCause(e);
- throw iae;
- }
-@@ -385,7 +385,7 @@
- database.removeUser(user);
- } catch (Exception e) {
- IllegalArgumentException iae = new IllegalArgumentException
-- ("Exception destroying user " + user + " MBean");
-+ ("Exception destroying user [" + username + "] MBean");
- iae.initCause(e);
- throw iae;
- }
Deleted: trunk/tomcat6/debian/patches/0014-CVE-2011-1184.patch
===================================================================
--- trunk/tomcat6/debian/patches/0014-CVE-2011-1184.patch 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/patches/0014-CVE-2011-1184.patch 2011-11-29 05:29:50 UTC (rev 15472)
@@ -1,798 +0,0 @@
-Description: fix HTTP DIGEST authentication weaknesses
-Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1158180
-
-Index: tomcat6-6.0.32/java/org/apache/catalina/authenticator/DigestAuthenticator.java
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2010-04-29 11:00:41.000000000 -0400
-+++ tomcat6-6.0.32/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2011-10-13 16:38:43.989355250 -0400
-@@ -23,11 +23,14 @@
- import java.security.MessageDigest;
- import java.security.NoSuchAlgorithmException;
- import java.security.Principal;
-+import java.util.LinkedHashMap;
-+import java.util.Map;
- import java.util.StringTokenizer;
-
- import javax.servlet.http.HttpServletResponse;
-
-
-+import org.apache.catalina.LifecycleException;
- import org.apache.catalina.Realm;
- import org.apache.catalina.connector.Request;
- import org.apache.catalina.connector.Response;
-@@ -47,8 +50,8 @@
- * @version $Id: DigestAuthenticator.java 939336 2010-04-29 15:00:41Z kkolinko $
- */
-
--public class DigestAuthenticator
-- extends AuthenticatorBase {
-+public class DigestAuthenticator extends AuthenticatorBase {
-+
- private static Log log = LogFactory.getLog(DigestAuthenticator.class);
-
-
-@@ -67,6 +70,11 @@
- "org.apache.catalina.authenticator.DigestAuthenticator/1.0";
-
-
-+ /**
-+ * Tomcat's DIGEST implementation only supports auth quality of protection.
-+ */
-+ protected static final String QOP = "auth";
-+
- // ----------------------------------------------------------- Constructors
-
-
-@@ -92,17 +100,49 @@
-
-
- /**
-+ * List of client nonce values currently being tracked
-+ */
-+ protected Map<String,NonceInfo> cnonces;
-+
-+
-+ /**
-+ * Maximum number of client nonces to keep in the cache. If not specified,
-+ * the default value of 1000 is used.
-+ */
-+ protected int cnonceCacheSize = 1000;
-+
-+
-+ /**
- * Private key.
- */
-- protected String key = "Catalina";
-+ protected String key = null;
-
-
-- // ------------------------------------------------------------- Properties
-+ /**
-+ * How long server nonces are valid for in milliseconds. Defaults to 5
-+ * minutes.
-+ */
-+ protected long nonceValidity = 5 * 60 * 1000;
-+
-+
-+ /**
-+ * Opaque string.
-+ */
-+ protected String opaque;
-
-
- /**
-+ * Should the URI be validated as required by RFC2617? Can be disabled in
-+ * reverse proxies where the proxy has modified the URI.
-+ */
-+ protected boolean validateUri = true;
-+
-+ // ------------------------------------------------------------- Properties
-+
-+ /**
- * Return descriptive information about this Valve implementation.
- */
-+ @Override
- public String getInfo() {
-
- return (info);
-@@ -110,9 +150,58 @@
- }
-
-
-- // --------------------------------------------------------- Public Methods
-+ public int getCnonceCacheSize() {
-+ return cnonceCacheSize;
-+ }
-+
-+
-+ public void setCnonceCacheSize(int cnonceCacheSize) {
-+ this.cnonceCacheSize = cnonceCacheSize;
-+ }
-+
-+
-+ public String getKey() {
-+ return key;
-+ }
-+
-+
-+ public void setKey(String key) {
-+ this.key = key;
-+ }
-+
-+
-+ public long getNonceValidity() {
-+ return nonceValidity;
-+ }
-+
-+
-+ public void setNonceValidity(long nonceValidity) {
-+ this.nonceValidity = nonceValidity;
-+ }
-+
-+
-+ public String getOpaque() {
-+ return opaque;
-+ }
-+
-+
-+ public void setOpaque(String opaque) {
-+ this.opaque = opaque;
-+ }
-+
-+
-+ public boolean isValidateUri() {
-+ return validateUri;
-+ }
-+
-+
-+ public void setValidateUri(boolean validateUri) {
-+ this.validateUri = validateUri;
-+ }
-
-
-+ // --------------------------------------------------------- Public Methods
-+
- /**
- * Authenticate the user making this request, based on the specified
- * login configuration. Return <code>true</code> if any specified
-@@ -126,6 +215,7 @@
- *
- * @exception IOException if an input/output error occurs
- */
-+ @Override
- public boolean authenticate(Request request,
- Response response,
- LoginConfig config)
-@@ -172,8 +262,13 @@
-
- // Validate any credentials already included with this request
- String authorization = request.getHeader("authorization");
-+ DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(),
-+ getKey(), cnonces, isValidateUri());
- if (authorization != null) {
-- principal = findPrincipal(request, authorization, context.getRealm());
-+ if (digestInfo.validate(request, authorization, config)) {
-+ principal = digestInfo.authenticate(context.getRealm());
-+ }
-+
- if (principal != null) {
- String username = parseUsername(authorization);
- register(request, response, principal,
-@@ -185,11 +280,12 @@
-
- // Send an "unauthorized" response and an appropriate challenge
-
-- // Next, generate a nOnce token (that is a token which is supposed
-+ // Next, generate a nonce token (that is a token which is supposed
- // to be unique).
-- String nOnce = generateNOnce(request);
-+ String nonce = generateNonce(request);
-
-- setAuthenticateHeader(request, response, config, nOnce);
-+ setAuthenticateHeader(request, response, config, nonce,
-+ digestInfo.isNonceStale());
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- // hres.flushBuffer();
- return (false);
-@@ -201,92 +297,6 @@
-
-
- /**
-- * Parse the specified authorization credentials, and return the
-- * associated Principal that these credentials authenticate (if any)
-- * from the specified Realm. If there is no such Principal, return
-- * <code>null</code>.
-- *
-- * @param request HTTP servlet request
-- * @param authorization Authorization credentials from this request
-- * @param realm Realm used to authenticate Principals
-- */
-- protected static Principal findPrincipal(Request request,
-- String authorization,
-- Realm realm) {
--
-- //System.out.println("Authorization token : " + authorization);
-- // Validate the authorization credentials format
-- if (authorization == null)
-- return (null);
-- if (!authorization.startsWith("Digest "))
-- return (null);
-- authorization = authorization.substring(7).trim();
--
-- // Bugzilla 37132: http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
-- String[] tokens = authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
--
-- String userName = null;
-- String realmName = null;
-- String nOnce = null;
-- String nc = null;
-- String cnonce = null;
-- String qop = null;
-- String uri = null;
-- String response = null;
-- String method = request.getMethod();
--
-- for (int i = 0; i < tokens.length; i++) {
-- String currentToken = tokens[i];
-- if (currentToken.length() == 0)
-- continue;
--
-- int equalSign = currentToken.indexOf('=');
-- if (equalSign < 0)
-- return null;
-- String currentTokenName =
-- currentToken.substring(0, equalSign).trim();
-- String currentTokenValue =
-- currentToken.substring(equalSign + 1).trim();
-- if ("username".equals(currentTokenName))
-- userName = removeQuotes(currentTokenValue);
-- if ("realm".equals(currentTokenName))
-- realmName = removeQuotes(currentTokenValue, true);
-- if ("nonce".equals(currentTokenName))
-- nOnce = removeQuotes(currentTokenValue);
-- if ("nc".equals(currentTokenName))
-- nc = removeQuotes(currentTokenValue);
-- if ("cnonce".equals(currentTokenName))
-- cnonce = removeQuotes(currentTokenValue);
-- if ("qop".equals(currentTokenName))
-- qop = removeQuotes(currentTokenValue);
-- if ("uri".equals(currentTokenName))
-- uri = removeQuotes(currentTokenValue);
-- if ("response".equals(currentTokenName))
-- response = removeQuotes(currentTokenValue);
-- }
--
-- if ( (userName == null) || (realmName == null) || (nOnce == null)
-- || (uri == null) || (response == null) )
-- return null;
--
-- // Second MD5 digest used to calculate the digest :
-- // MD5(Method + ":" + uri)
-- String a2 = method + ":" + uri;
-- //System.out.println("A2:" + a2);
--
-- byte[] buffer = null;
-- synchronized (md5Helper) {
-- buffer = md5Helper.digest(a2.getBytes());
-- }
-- String md5a2 = md5Encoder.encode(buffer);
--
-- return (realm.authenticate(userName, response, nOnce, nc, cnonce, qop,
-- realmName, md5a2));
--
-- }
--
--
-- /**
- * Parse the username from the specified authorization string. If none
- * can be identified, return <code>null</code>
- *
-@@ -294,7 +304,6 @@
- */
- protected String parseUsername(String authorization) {
-
-- //System.out.println("Authorization token : " + authorization);
- // Validate the authorization credentials format
- if (authorization == null)
- return (null);
-@@ -354,20 +363,20 @@
- *
- * @param request HTTP Servlet request
- */
-- protected String generateNOnce(Request request) {
-+ protected String generateNonce(Request request) {
-
- long currentTime = System.currentTimeMillis();
-
-- String nOnceValue = request.getRemoteAddr() + ":" +
-- currentTime + ":" + key;
-+
-+ String ipTimeKey =
-+ request.getRemoteAddr() + ":" + currentTime + ":" + getKey();
-
-- byte[] buffer = null;
-+ byte[] buffer;
- synchronized (md5Helper) {
-- buffer = md5Helper.digest(nOnceValue.getBytes());
-+ buffer = md5Helper.digest(ipTimeKey.getBytes());
- }
-- nOnceValue = md5Encoder.encode(buffer);
-
-- return nOnceValue;
-+ return currentTime + ":" + md5Encoder.encode(buffer);
- }
-
-
-@@ -379,7 +388,7 @@
- * WWW-Authenticate = "WWW-Authenticate" ":" "Digest"
- * digest-challenge
- *
-- * digest-challenge = 1#( realm | [ domain ] | nOnce |
-+ * digest-challenge = 1#( realm | [ domain ] | nonce |
- * [ digest-opaque ] |[ stale ] | [ algorithm ] )
- *
- * realm = "realm" "=" realm-value
-@@ -396,29 +405,303 @@
- * @param response HTTP Servlet response
- * @param config Login configuration describing how authentication
- * should be performed
-- * @param nOnce nonce token
-+ * @param nonce nonce token
- */
- protected void setAuthenticateHeader(Request request,
- Response response,
- LoginConfig config,
-- String nOnce) {
-+ String nonce,
-+ boolean isNonceStale) {
-
- // Get the realm name
- String realmName = config.getRealmName();
- if (realmName == null)
- realmName = REALM_NAME;
-
-- byte[] buffer = null;
-- synchronized (md5Helper) {
-- buffer = md5Helper.digest(nOnce.getBytes());
-+ String authenticateHeader;
-+ if (isNonceStale) {
-+ authenticateHeader = "Digest realm=\"" + realmName + "\", " +
-+ "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" +
-+ getOpaque() + "\", stale=true";
-+ } else {
-+ authenticateHeader = "Digest realm=\"" + realmName + "\", " +
-+ "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" +
-+ getOpaque() + "\"";
- }
-
-- String authenticateHeader = "Digest realm=\"" + realmName + "\", "
-- + "qop=\"auth\", nonce=\"" + nOnce + "\", " + "opaque=\""
-- + md5Encoder.encode(buffer) + "\"";
- response.setHeader("WWW-Authenticate", authenticateHeader);
-
- }
-
-
-+ // ------------------------------------------------------- Lifecycle Methods
-+
-+ @Override
-+ public void start() throws LifecycleException {
-+ super.start();
-+
-+ // Generate a random secret key
-+ if (getKey() == null) {
-+ setKey(generateSessionId());
-+ }
-+
-+ // Generate the opaque string the same way
-+ if (getOpaque() == null) {
-+ setOpaque(generateSessionId());
-+ }
-+
-+ cnonces = new LinkedHashMap<String, DigestAuthenticator.NonceInfo>() {
-+
-+ private static final long serialVersionUID = 1L;
-+ private static final long LOG_SUPPRESS_TIME = 5 * 60 * 1000;
-+
-+ private long lastLog = 0;
-+
-+ @Override
-+ protected boolean removeEldestEntry(
-+ Map.Entry<String,NonceInfo> eldest) {
-+ // This is called from a sync so keep it simple
-+ long currentTime = System.currentTimeMillis();
-+ if (size() > getCnonceCacheSize()) {
-+ if (lastLog < currentTime &&
-+ currentTime - eldest.getValue().getTimestamp() <
-+ getNonceValidity()) {
-+ // Replay attack is possible
-+ log.warn(sm.getString(
-+ "digestAuthenticator.cacheRemove"));
-+ lastLog = currentTime + LOG_SUPPRESS_TIME;
-+ }
-+ return true;
-+ }
-+ return false;
-+ }
-+ };
-+ }
-+
-+ private static class DigestInfo {
-+
-+ private String opaque;
-+ private long nonceValidity;
-+ private String key;
-+ private Map<String,NonceInfo> cnonces;
-+ private boolean validateUri = true;
-+
-+ private String userName = null;
-+ private String method = null;
-+ private String uri = null;
-+ private String response = null;
-+ private String nonce = null;
-+ private String nc = null;
-+ private String cnonce = null;
-+ private String realmName = null;
-+ private String qop = null;
-+
-+ private boolean nonceStale = false;
-+
-+
-+ public DigestInfo(String opaque, long nonceValidity, String key,
-+ Map<String,NonceInfo> cnonces, boolean validateUri) {
-+ this.opaque = opaque;
-+ this.nonceValidity = nonceValidity;
-+ this.key = key;
-+ this.cnonces = cnonces;
-+ this.validateUri = validateUri;
-+ }
-+
-+ public boolean validate(Request request, String authorization,
-+ LoginConfig config) {
-+ // Validate the authorization credentials format
-+ if (authorization == null) {
-+ return false;
-+ }
-+ if (!authorization.startsWith("Digest ")) {
-+ return false;
-+ }
-+ authorization = authorization.substring(7).trim();
-+
-+ // Bugzilla 37132: http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
-+ String[] tokens = authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
-+
-+ method = request.getMethod();
-+ String opaque = null;
-+
-+ for (int i = 0; i < tokens.length; i++) {
-+ String currentToken = tokens[i];
-+ if (currentToken.length() == 0)
-+ continue;
-+
-+ int equalSign = currentToken.indexOf('=');
-+ if (equalSign < 0) {
-+ return false;
-+ }
-+ String currentTokenName =
-+ currentToken.substring(0, equalSign).trim();
-+ String currentTokenValue =
-+ currentToken.substring(equalSign + 1).trim();
-+ if ("username".equals(currentTokenName))
-+ userName = removeQuotes(currentTokenValue);
-+ if ("realm".equals(currentTokenName))
-+ realmName = removeQuotes(currentTokenValue, true);
-+ if ("nonce".equals(currentTokenName))
-+ nonce = removeQuotes(currentTokenValue);
-+ if ("nc".equals(currentTokenName))
-+ nc = removeQuotes(currentTokenValue);
-+ if ("cnonce".equals(currentTokenName))
-+ cnonce = removeQuotes(currentTokenValue);
-+ if ("qop".equals(currentTokenName))
-+ qop = removeQuotes(currentTokenValue);
-+ if ("uri".equals(currentTokenName))
-+ uri = removeQuotes(currentTokenValue);
-+ if ("response".equals(currentTokenName))
-+ response = removeQuotes(currentTokenValue);
-+ if ("opaque".equals(currentTokenName))
-+ opaque = removeQuotes(currentTokenValue);
-+ }
-+
-+ if ( (userName == null) || (realmName == null) || (nonce == null)
-+ || (uri == null) || (response == null) ) {
-+ return false;
-+ }
-+
-+ // Validate the URI - should match the request line sent by client
-+ if (validateUri) {
-+ String uriQuery;
-+ String query = request.getQueryString();
-+ if (query == null) {
-+ uriQuery = request.getRequestURI();
-+ } else {
-+ uriQuery = request.getRequestURI() + "?" + query;
-+ }
-+ if (!uri.equals(uriQuery)) {
-+ return false;
-+ }
-+ }
-+
-+ // Validate the Realm name
-+ String lcRealm = config.getRealmName();
-+ if (lcRealm == null) {
-+ lcRealm = REALM_NAME;
-+ }
-+ if (!lcRealm.equals(realmName)) {
-+ return false;
-+ }
-+
-+ // Validate the opaque string
-+ if (!this.opaque.equals(opaque)) {
-+ return false;
-+ }
-+
-+ // Validate nonce
-+ int i = nonce.indexOf(":");
-+ if (i < 0 || (i + 1) == nonce.length()) {
-+ return false;
-+ }
-+ long nonceTime;
-+ try {
-+ nonceTime = Long.parseLong(nonce.substring(0, i));
-+ } catch (NumberFormatException nfe) {
-+ return false;
-+ }
-+ String md5clientIpTimeKey = nonce.substring(i + 1);
-+ long currentTime = System.currentTimeMillis();
-+ if ((currentTime - nonceTime) > nonceValidity) {
-+ nonceStale = true;
-+ return false;
-+ }
-+ String serverIpTimeKey =
-+ request.getRemoteAddr() + ":" + nonceTime + ":" + key;
-+ byte[] buffer = null;
-+ synchronized (md5Helper) {
-+ buffer = md5Helper.digest(serverIpTimeKey.getBytes());
-+ }
-+ String md5ServerIpTimeKey = md5Encoder.encode(buffer);
-+ if (!md5ServerIpTimeKey.equals(md5clientIpTimeKey)) {
-+ return false;
-+ }
-+
-+ // Validate qop
-+ if (qop != null && !QOP.equals(qop)) {
-+ return false;
-+ }
-+
-+ // Validate cnonce and nc
-+ // Check if presence of nc and nonce is consistent with presence of qop
-+ if (qop == null) {
-+ if (cnonce != null || nc != null) {
-+ return false;
-+ }
-+ } else {
-+ if (cnonce == null || nc == null) {
-+ return false;
-+ }
-+ if (nc.length() != 8) {
-+ return false;
-+ }
-+ long count;
-+ try {
-+ count = Long.parseLong(nc, 16);
-+ } catch (NumberFormatException nfe) {
-+ return false;
-+ }
-+ NonceInfo info;
-+ synchronized (cnonces) {
-+ info = cnonces.get(cnonce);
-+ }
-+ if (info == null) {
-+ info = new NonceInfo();
-+ } else {
-+ if (count <= info.getCount()) {
-+ return false;
-+ }
-+ }
-+ info.setCount(count);
-+ info.setTimestamp(currentTime);
-+ synchronized (cnonces) {
-+ cnonces.put(cnonce, info);
-+ }
-+ }
-+ return true;
-+ }
-+
-+ public boolean isNonceStale() {
-+ return nonceStale;
-+ }
-+
-+ public Principal authenticate(Realm realm) {
-+ // Second MD5 digest used to calculate the digest :
-+ // MD5(Method + ":" + uri)
-+ String a2 = method + ":" + uri;
-+
-+ byte[] buffer;
-+ synchronized (md5Helper) {
-+ buffer = md5Helper.digest(a2.getBytes());
-+ }
-+ String md5a2 = md5Encoder.encode(buffer);
-+
-+ return realm.authenticate(userName, response, nonce, nc, cnonce,
-+ qop, realmName, md5a2);
-+ }
-+
-+ }
-+
-+ private static class NonceInfo {
-+ private volatile long count;
-+ private volatile long timestamp;
-+
-+ public void setCount(long l) {
-+ count = l;
-+ }
-+
-+ public long getCount() {
-+ return count;
-+ }
-+
-+ public void setTimestamp(long l) {
-+ timestamp = l;
-+ }
-+
-+ public long getTimestamp() {
-+ return timestamp;
-+ }
-+ }
- }
-Index: tomcat6-6.0.32/java/org/apache/catalina/authenticator/LocalStrings.properties
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/catalina/authenticator/LocalStrings.properties 2009-12-21 07:56:09.000000000 -0500
-+++ tomcat6-6.0.32/java/org/apache/catalina/authenticator/LocalStrings.properties 2011-10-13 16:38:43.989355250 -0400
-@@ -28,5 +28,7 @@
- authenticator.unauthorized=Cannot authenticate with the provided credentials
- authenticator.userDataConstraint=This request violates a User Data constraint for this application
-
-+digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
-+
- formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
- formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page
-Index: tomcat6-6.0.32/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/catalina/authenticator/mbeans-descriptors.xml 2007-08-04 19:30:01.000000000 -0400
-+++ tomcat6-6.0.32/java/org/apache/catalina/authenticator/mbeans-descriptors.xml 2011-10-13 16:38:43.989355250 -0400
-@@ -60,10 +60,30 @@
- description="Fully qualified class name of the managed object"
- type="java.lang.String"
- writeable="false"/>
--
-+
-+ <attribute name="cnonceCacheSize"
-+ description="The size of the cnonce cache used to prevent replay attacks"
-+ type="int"/>
-+
- <attribute name="entropy"
- description="A String initialization parameter used to increase the entropy of the initialization of our random number generator"
- type="java.lang.String"/>
-+
-+ <attribute name="key"
-+ description="The secret key used by digest authentication"
-+ type="java.lang.String"/>
-+
-+ <attribute name="nonceValidity"
-+ description="The time, in milliseconds, for which a server issued nonce will be valid"
-+ type="long"/>
-+
-+ <attribute name="opaque"
-+ description="The opaque server string used by digest authentication"
-+ type="java.lang.String"/>
-+
-+ <attribute name="validateUri"
-+ description="Should the uri be validated as required by RFC2617?"
-+ type="boolean"/>
- </mbean>
-
- <mbean name="FormAuthenticator"
-Index: tomcat6-6.0.32/java/org/apache/catalina/realm/RealmBase.java
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/catalina/realm/RealmBase.java 2010-04-29 20:08:58.000000000 -0400
-+++ tomcat6-6.0.32/java/org/apache/catalina/realm/RealmBase.java 2011-10-13 16:38:43.989355250 -0400
-@@ -353,22 +353,27 @@
- *
- * @param username Username of the Principal to look up
- * @param clientDigest Digest which has been submitted by the client
-- * @param nOnce Unique (or supposedly unique) token which has been used
-+ * @param nonce Unique (or supposedly unique) token which has been used
- * for this request
- * @param realm Realm name
- * @param md5a2 Second MD5 digest used to calculate the digest :
- * MD5(Method + ":" + uri)
- */
- public Principal authenticate(String username, String clientDigest,
-- String nOnce, String nc, String cnonce,
-+ String nonce, String nc, String cnonce,
- String qop, String realm,
- String md5a2) {
-
- String md5a1 = getDigest(username, realm);
- if (md5a1 == null)
- return null;
-- String serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":"
-- + cnonce + ":" + qop + ":" + md5a2;
-+ String serverDigestValue;
-+ if (qop == null) {
-+ serverDigestValue = md5a1 + ":" + nonce + ":" + md5a2;
-+ } else {
-+ serverDigestValue = md5a1 + ":" + nonce + ":" + nc + ":" +
-+ cnonce + ":" + qop + ":" + md5a2;
-+ }
-
- byte[] valueBytes = null;
- if(getDigestEncoding() == null) {
-@@ -390,7 +395,7 @@
-
- if (log.isDebugEnabled()) {
- log.debug("Digest : " + clientDigest + " Username:" + username
-- + " ClientSigest:" + clientDigest + " nOnce:" + nOnce
-+ + " ClientSigest:" + clientDigest + " nonce:" + nonce
- + " nc:" + nc + " cnonce:" + cnonce + " qop:" + qop
- + " realm:" + realm + "md5a2:" + md5a2
- + " Server digest:" + serverDigest);
-Index: tomcat6-6.0.32/webapps/docs/config/valve.xml
-===================================================================
---- tomcat6-6.0.32.orig/webapps/docs/config/valve.xml 2010-11-02 15:26:07.000000000 -0400
-+++ tomcat6-6.0.32/webapps/docs/config/valve.xml 2011-10-13 16:38:43.989355250 -0400
-@@ -460,6 +460,12 @@
- used.</p>
- </attribute>
-
-+ <attribute name="cnonceCacheSize" required="false">
-+ <p>To protect against replay attacks, the DIGEST authenticator tracks
-+ client nonce and nonce count values. This attribute controls the size
-+ of that cache. If not specified, the default value of 1000 is used.</p>
-+ </attribute>
-+
- <attribute name="disableProxyCaching" required="false">
- <p>Controls the caching of pages that are protected by security
- constraints. Setting this to <code>false</code> may help work around
-@@ -470,6 +476,26 @@
- <code>true</code> will be used.</p>
- </attribute>
-
-+ <attribute name="key" required="false">
-+ <p>The secret key used by digest authentication. If not set, a secure
-+ random value is generated. This should normally only be set when it is
-+ necessary to keep key values constant either across server restarts
-+ and/or across a cluster.</p>
-+ </attribute>
-+
-+ <attribute name="nonceValidity" required="false">
-+ <p>The time, in milliseconds, that a server generated nonce will be
-+ considered valid for use in authentication. If not specified, the
-+ default value of 300000 (5 minutes) will be used.</p>
-+ </attribute>
-+
-+ <attribute name="opaque" required="false">
-+ <p>The opaque server string used by digest authentication. If not set, a
-+ random value is generated. This should normally only be set when it is
-+ necessary to keep opaque values constant either across server restarts
-+ and/or across a cluster.</p>
-+ </attribute>
-+
- <attribute name="securePagesWithPragma" required="false">
- <p>Controls the caching of pages that are protected by security
- constraints. Setting this to <code>false</code> may help work around
-@@ -479,6 +505,14 @@
- If not set, the default value of <code>true</code> will be used.</p>
- </attribute>
-
-+ <attribute name="validateUri" required="false">
-+ <p>Should the URI be validated as required by RFC2617? If not specified,
-+ the default value of <code>true</code> will be used. This should
-+ normally only be set when Tomcat is located behind a reverse proxy and
-+ the proxy is modifying the URI passed to Tomcat such that DIGEST
-+ authentication always fails.</p>
-+ </attribute>
-+
- </attributes>
-
- </subsection>
Deleted: trunk/tomcat6/debian/patches/0015-CVE-2011-2526.patch
===================================================================
--- trunk/tomcat6/debian/patches/0015-CVE-2011-2526.patch 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/patches/0015-CVE-2011-2526.patch 2011-11-29 05:29:50 UTC (rev 15472)
@@ -1,144 +0,0 @@
-Description: fix file restriction bypass or denial of service via untrusted web application
-Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1146703
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634992
-
-Index: tomcat6-6.0.32/java/org/apache/catalina/connector/LocalStrings.properties
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/catalina/connector/LocalStrings.properties 2011-01-20 16:36:06.000000000 -0500
-+++ tomcat6-6.0.32/java/org/apache/catalina/connector/LocalStrings.properties 2011-10-13 16:40:14.477357566 -0400
-@@ -61,6 +61,7 @@
- coyoteRequest.parseParameters=Exception thrown whilst processing POSTed parameters
- coyoteRequest.postTooLarge=Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
- coyoteRequest.chunkedPostTooLarge=Parameters were not parsed because the size of the posted data was too big. Because this request was a chunked request, it could not be processed further. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
-+coyoteRequest.sendfileNotCanonical=Unable to determine canonical name of file [{0}] specified for use with sendfile
- coyoteRequest.sessionEndAccessFail=Exception triggered ending access to session while recycling request
-
- requestFacade.nullRequest=The request object has been recycled and is no longer associated with this facade
-Index: tomcat6-6.0.32/java/org/apache/catalina/connector/Request.java
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/catalina/connector/Request.java 2011-02-01 22:09:54.000000000 -0500
-+++ tomcat6-6.0.32/java/org/apache/catalina/connector/Request.java 2011-10-13 16:39:36.549356595 -0400
-@@ -19,6 +19,7 @@
- package org.apache.catalina.connector;
-
-
-+import java.io.File;
- import java.io.InputStream;
- import java.io.IOException;
- import java.io.BufferedReader;
-@@ -1455,6 +1456,26 @@
- return;
- }
-
-+ // Do the security check before any updates are made
-+ if (Globals.IS_SECURITY_ENABLED &&
-+ name.equals("org.apache.tomcat.sendfile.filename")) {
-+ // Use the canonical file name to avoid any possible symlink and
-+ // relative path issues
-+ String canonicalPath;
-+ try {
-+ canonicalPath = new File(value.toString()).getCanonicalPath();
-+ } catch (IOException e) {
-+ throw new SecurityException(sm.getString(
-+ "coyoteRequest.sendfileNotCanonical", value), e);
-+ }
-+ // Sendfile is performed in Tomcat's security context so need to
-+ // check if the web app is permitted to access the file while still
-+ // in the web app's security context
-+ System.getSecurityManager().checkRead(canonicalPath);
-+ // Update the value so the canonical path is used
-+ value = canonicalPath;
-+ }
-+
- oldValue = attributes.put(name, value);
- if (oldValue != null) {
- replaced = true;
-Index: tomcat6-6.0.32/java/org/apache/catalina/servlets/DefaultServlet.java
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/catalina/servlets/DefaultServlet.java 2011-01-20 12:08:54.000000000 -0500
-+++ tomcat6-6.0.32/java/org/apache/catalina/servlets/DefaultServlet.java 2011-10-13 16:39:36.549356595 -0400
-@@ -1619,7 +1619,6 @@
- request.setAttribute("org.apache.tomcat.sendfile.start", new Long(range.start));
- request.setAttribute("org.apache.tomcat.sendfile.end", new Long(range.end + 1));
- }
-- request.setAttribute("org.apache.tomcat.sendfile.token", this);
- return true;
- } else {
- return false;
-Index: tomcat6-6.0.32/java/org/apache/coyote/http11/Http11AprProcessor.java
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/coyote/http11/Http11AprProcessor.java 2011-01-07 12:49:20.000000000 -0500
-+++ tomcat6-6.0.32/java/org/apache/coyote/http11/Http11AprProcessor.java 2011-10-13 16:39:36.549356595 -0400
-@@ -910,7 +910,18 @@
- sendfileData.socket = socket;
- sendfileData.keepAlive = keepAlive;
- if (!endpoint.getSendfile().add(sendfileData)) {
-- openSocket = true;
-+ if (sendfileData.socket == 0) {
-+ // Didn't send all the data but the socket is no longer
-+ // set. Something went wrong. Close the connection.
-+ // Too late to set status code.
-+ if (log.isDebugEnabled()) {
-+ log.debug(sm.getString(
-+ "http11processor.sendfile.error"));
-+ }
-+ error = true;
-+ } else {
-+ openSocket = true;
-+ }
- break;
- }
- }
-Index: tomcat6-6.0.32/java/org/apache/coyote/http11/LocalStrings.properties
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/coyote/http11/LocalStrings.properties 2009-05-02 21:29:42.000000000 -0400
-+++ tomcat6-6.0.32/java/org/apache/coyote/http11/LocalStrings.properties 2011-10-13 16:39:36.549356595 -0400
-@@ -56,6 +56,7 @@
- http11processor.socket.info=Exception getting socket information
- http11processor.socket.ssl=Exception getting SSL attributes
- http11processor.socket.timeout=Error setting socket timeout
-+http11processor.sendfile.error=Error sending data using sendfile. May be caused by invalid request attributes for start/end points
-
- #
- # InternalInputBuffer
-Index: tomcat6-6.0.32/java/org/apache/tomcat/util/net/AprEndpoint.java
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/tomcat/util/net/AprEndpoint.java 2011-02-01 03:07:46.000000000 -0500
-+++ tomcat6-6.0.32/java/org/apache/tomcat/util/net/AprEndpoint.java 2011-10-13 16:41:23.769359341 -0400
-@@ -1812,7 +1812,9 @@
- data.pos, data.end - data.pos, 0);
- if (nw < 0) {
- if (!(-nw == Status.EAGAIN)) {
-- destroySocket(data.socket);
-+ Pool.destroy(data.fdpool);
-+ // No need to close socket, this will be done by
-+ // calling code since data.socket == 0
- data.socket = 0;
- return false;
- } else {
-Index: tomcat6-6.0.32/java/org/apache/tomcat/util/net/NioEndpoint.java
-===================================================================
---- tomcat6-6.0.32.orig/java/org/apache/tomcat/util/net/NioEndpoint.java 2011-01-07 13:43:39.000000000 -0500
-+++ tomcat6-6.0.32/java/org/apache/tomcat/util/net/NioEndpoint.java 2011-10-13 16:39:36.553356596 -0400
-@@ -1734,6 +1734,13 @@
- sd.pos += written;
- sd.length -= written;
- attachment.access();
-+ } else {
-+ // Unusual not to be able to transfer any bytes
-+ // Check the length was set correctly
-+ if (sd.fchannel.size() <= sd.pos) {
-+ throw new IOException("Sendfile configured to " +
-+ "send more data than was available");
-+ }
- }
- }
- if ( sd.length <= 0 && sc.getOutboundRemaining()<=0) {
-@@ -1758,6 +1765,7 @@
- log.debug("Send file connection is being closed");
- }
- cancelledKey(sk,SocketStatus.STOP,false);
-+ return false;
- }
- } else if ( attachment.interestOps() == 0 && reg ) {
- if (log.isDebugEnabled()) {
Modified: trunk/tomcat6/debian/patches/series
===================================================================
--- trunk/tomcat6/debian/patches/series 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/patches/series 2011-11-29 05:29:50 UTC (rev 15472)
@@ -7,8 +7,4 @@
0007-add-OSGi-headers-to-servlet-api.patch
0008-add-OSGI-headers-to-jsp-api.patch
0010-Use-java.security.policy-file-in-catalina.sh.patch
-0011-623242.patch
-0012-CVE-2011-2204.patch
0013-CVE-2011-3190.patch
-0014-CVE-2011-1184.patch
-0015-CVE-2011-2526.patch
Modified: trunk/tomcat6/debian/tomcat6.init
===================================================================
--- trunk/tomcat6/debian/tomcat6.init 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/tomcat6.init 2011-11-29 05:29:50 UTC (rev 15472)
@@ -54,7 +54,7 @@
# The first existing directory is used for JAVA_HOME (if JAVA_HOME is not
# defined in $DEFAULT)
-JDK_DIRS="/usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-sun /usr/lib/jvm/java-1.5.0-sun /usr/lib/j2sdk1.5-sun /usr/lib/j2sdk1.5-ibm"
+JDK_DIRS="/usr/lib/jvm/default-java /usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-sun /usr/lib/jvm/java-1.5.0-sun /usr/lib/j2sdk1.5-sun /usr/lib/j2sdk1.5-ibm"
# Look for the right JVM to use
for jdir in $JDK_DIRS; do
Modified: trunk/tomcat6/debian/watch
===================================================================
--- trunk/tomcat6/debian/watch 2011-11-28 22:47:11 UTC (rev 15471)
+++ trunk/tomcat6/debian/watch 2011-11-29 05:29:50 UTC (rev 15472)
@@ -1,3 +1,3 @@
version=3
opts=uversionmangle=s/_/./g \
- http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/ TOMCAT_([0-9_]*[02468])/ debian debian/orig-tar.sh
+ http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/ TOMCAT_([0-9_]*[0-9])/ debian debian/orig-tar.sh
More information about the pkg-java-commits
mailing list