[Pkg-freeipa-devel] dogtag-pki: Changes to 'master'

Timo Aaltonen tjaalton at moszumanska.debian.org
Sat Oct 21 22:02:58 UTC 2017


 debian/changelog                      |   17 ++++++++++++++++-
 debian/control                        |   14 ++++++++------
 debian/patches/fix-CVE-2017-7537.diff |   19 +++++++++++++++++++
 debian/patches/series                 |    1 +
 debian/pki-base.postinst              |    6 +++---
 debian/pki-server.postinst            |    2 +-
 debian/rules                          |    2 ++
 7 files changed, 50 insertions(+), 11 deletions(-)

New commits:
commit 0ae77ced6e0d5424c49abdeeda9cb00a4e4a6ef9
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Sat Oct 21 11:58:17 2017 +0300

    releasing package dogtag-pki version 10.3.5+12-5

diff --git a/debian/changelog b/debian/changelog
index c18c45e..709d68c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
+dogtag-pki (10.3.5+12-5) unstable; urgency=medium
 
   * rules: Add a link to jboss-logging.jar.
   * pki-base, pki-server: Fix postinst, strip cruft from the version string.
@@ -11,7 +11,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
   * control: Bump dependency on libtomcajss-java to verify we have the
     correct build.
 
- -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
+ -- Timo Aaltonen <tjaalton at debian.org>  Sat, 21 Oct 2017 11:58:04 +0300
 
 dogtag-pki (10.3.5+12-4) unstable; urgency=medium
 

commit 031b79e546f6f95730ce84d31d529611e58f76e9
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Sat Oct 21 11:58:03 2017 +0300

    control: Bump dependency on libtomcajss-java to verify we have the correct build.

diff --git a/debian/changelog b/debian/changelog
index d4f5112..c18c45e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
   * control: Use resteasy3.0.
   * fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes:
     #869261)
+  * control: Bump dependency on libtomcajss-java to verify we have the
+    correct build.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
 
diff --git a/debian/control b/debian/control
index 0b034b9..309a799 100644
--- a/debian/control
+++ b/debian/control
@@ -30,7 +30,7 @@ Build-Depends:
  libservlet3.1-java,
  libsvrcore-dev,
  libtomcat8.0-java,
- libtomcatjss-java (>= 7.1.4-2),
+ libtomcatjss-java (>= 7.2.4-1),
  libxalan2-java,
  libxerces2-java,
  pkg-config,
@@ -172,7 +172,7 @@ Depends:
  libjs-underscore,
  libscannotation-java,
  libsymkey-java (= ${source:Version}),
- libtomcatjss-java (>= 7.1.4-2),
+ libtomcatjss-java (>= 7.2.4-1),
  libnuxwdog-java,
  libxml-commons-external-java,
  libxml-commons-resolver1.1-java,

commit 87fac6417337a701c021243fe554a969cd2995a4
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Sat Oct 21 11:50:08 2017 +0300

    fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes: #869261)

diff --git a/debian/changelog b/debian/changelog
index bb3ff9e..d4f5112 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
   * control: Add libcommons-httpclient-java to build-depends, and
     pki-base-java depends.
   * control: Use resteasy3.0.
+  * fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes:
+    #869261)
 
  -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
 
diff --git a/debian/patches/fix-CVE-2017-7537.diff b/debian/patches/fix-CVE-2017-7537.diff
new file mode 100644
index 0000000..80a6eee
--- /dev/null
+++ b/debian/patches/fix-CVE-2017-7537.diff
@@ -0,0 +1,19 @@
+commit 876d13c6d20e7e1235b9efbd601b47315debb492
+Author: Christina Fu <cfu at redhat.com>
+Date:   Thu Jun 29 15:44:13 2017 -0700
+
+    Ticket #2779 cmc plugin default change
+
+--- a/base/ca/shared/conf/CS.cfg
++++ b/base/ca/shared/conf/CS.cfg
+@@ -733,8 +733,8 @@ ca.publish.rule.instance.LdapXCertRule.t
+ cmc.cert.confirmRequired=false
+ cmc.lraPopWitness.verify.allow=true
+ cmc.revokeCert.verify=true
+-cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+-cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
++#cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
++#cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+ cms.passwordlist=internaldb,replicationdb
+ cms.password.ignore.publishing.failure=true
+ cms.version=@APPLICATION_VERSION_MAJOR at .@APPLICATION_VERSION_MINOR@
diff --git a/debian/patches/series b/debian/patches/series
index 6cc98ec..d76ba6d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ use-bash.diff
 fix-cve-2016-1240.diff
 create-target-wants.diff
 #use-resteasy-legacy.diff
+fix-CVE-2017-7537.diff

commit f90bbd94cf754a1cf1500e998e68d4a6b8ede827
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Sat Oct 21 11:40:44 2017 +0300

    fix the right bug in a previous, ftbfs'd upload

diff --git a/debian/changelog b/debian/changelog
index f414f39..bb3ff9e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,7 +19,7 @@ dogtag-pki (10.3.5+12-4) unstable; urgency=medium
   * Depend libresteasy-java << 3.1.0, because the new on doesn't work
     even after fixing the build.
   * pki-tools.links: Fix the convenience links DRMTool -> KRATool.
-    (Closes: #857209)
+    (Closes: #857148)
   * pki-base.postinst: Force recreating pki.version if upgrading from
     older than 10.3.5-1. (LP: #1691655)
 

commit 38e4dc5d11a45cddb65bc8f86b4f660435544b58
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Sat Oct 21 11:37:22 2017 +0300

    control: Use resteasy3.0.

diff --git a/debian/changelog b/debian/changelog
index 35d7314..f414f39 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
   * control: Use tomcat8.0. (Closes: #823332, #846714)
   * control: Add libcommons-httpclient-java to build-depends, and
     pki-base-java depends.
+  * control: Use resteasy3.0.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
 
diff --git a/debian/control b/debian/control
index 07a5e18..0b034b9 100644
--- a/debian/control
+++ b/debian/control
@@ -26,7 +26,7 @@ Build-Depends:
  libnspr4-dev,
  libnss3-dev,
  libnuxwdog-java,
- libresteasy-java (<< 3.1.0),
+ libresteasy3.0-java,
  libservlet3.1-java,
  libsvrcore-dev,
  libtomcat8.0-java,
@@ -108,7 +108,7 @@ Depends:
  libjettison-java,
  libjss-java (>= 4.3.1-7),
  libldap-java,
- libresteasy-java (<< 3.1.0),
+ libresteasy3.0-java,
  libservlet3.1-java,
  libxalan2-java,
  libxerces2-java,

commit ad2a0f1cbe3ee44f655026293f2d2a243931664d
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Sat Oct 21 11:33:00 2017 +0300

    close two bugs

diff --git a/debian/changelog b/debian/changelog
index b2e2da5..35d7314 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
 
   * rules: Add a link to jboss-logging.jar.
   * pki-base, pki-server: Fix postinst, strip cruft from the version string.
-  * control: Use tomcat8.0.
+  * control: Use tomcat8.0. (Closes: #823332, #846714)
   * control: Add libcommons-httpclient-java to build-depends, and
     pki-base-java depends.
 

commit b3b3a73db57854497c58d4cc8793081f271a07d5
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Thu Sep 21 21:02:35 2017 +0300

    control: Add libcommons-httpclient-java to build-depends, and pki-base-java depends.

diff --git a/debian/changelog b/debian/changelog
index ec4d98c..b2e2da5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
   * rules: Add a link to jboss-logging.jar.
   * pki-base, pki-server: Fix postinst, strip cruft from the version string.
   * control: Use tomcat8.0.
+  * control: Add libcommons-httpclient-java to build-depends, and
+    pki-base-java depends.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
 
diff --git a/debian/control b/debian/control
index 6834980..07a5e18 100644
--- a/debian/control
+++ b/debian/control
@@ -14,6 +14,7 @@ Build-Depends:
  junit4,
  libcommons-cli-java,
  libcommons-codec-java,
+ libcommons-httpclient-java,
  libcommons-io-java,
  libcommons-lang-java,
  libidm-console-framework-java,
@@ -99,6 +100,7 @@ Breaks: pki-base (<< 10.3.5-1)
 Depends:
  libcommons-cli-java,
  libcommons-codec-java,
+ libcommons-httpclient-java,
  libcommons-io-java,
  libcommons-lang-java,
  libcommons-logging-java,

commit 1dcf44c5d86296502c4d303c440e36ff5f6f341d
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Thu Sep 21 13:53:43 2017 +0300

    control: Use tomcat8.0.

diff --git a/debian/changelog b/debian/changelog
index eb0f70c..ec4d98c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
 
   * rules: Add a link to jboss-logging.jar.
   * pki-base, pki-server: Fix postinst, strip cruft from the version string.
+  * control: Use tomcat8.0.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
 
diff --git a/debian/control b/debian/control
index 3653932..6834980 100644
--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,7 @@ Build-Depends:
  libresteasy-java (<< 3.1.0),
  libservlet3.1-java,
  libsvrcore-dev,
- libtomcat8-java,
+ libtomcat8.0-java,
  libtomcatjss-java (>= 7.1.4-2),
  libxalan2-java,
  libxerces2-java,
@@ -180,7 +180,7 @@ Depends:
  python-ldap,
  python-lxml,
  python-selinux,
- tomcat8-user,
+ tomcat8.0-user,
  velocity,
  ${java:Depends},
  ${misc:Depends},

commit 9b550ec03513085cbfe74ccdadd61dbeebd10513
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Fri Sep 22 07:45:29 2017 +0300

    pki-base: Fix postinst, strip cruft from the version string.

diff --git a/debian/changelog b/debian/changelog
index 25d16b8..eb0f70c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
 
   * rules: Add a link to jboss-logging.jar.
+  * pki-base, pki-server: Fix postinst, strip cruft from the version string.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
 
diff --git a/debian/pki-base.postinst b/debian/pki-base.postinst
index 59110de..1c3ba24 100644
--- a/debian/pki-base.postinst
+++ b/debian/pki-base.postinst
@@ -1,13 +1,13 @@
 #!/bin/sh
 set -e
 
-OLD_VERSION=`echo $2 | sed 's/-.*//;s/+git.*//'`
-VERSION=`dpkg-query -W pki-base | sed 's/.*\t//;s/-.*//;s/+git.*//'`
+OLD_VERSION=`echo $2 | sed 's/-.*//;s/+git.*//;s/+[0-9][0-9]//'`
+VERSION=`dpkg-query -W pki-base | sed 's/.*\t//;s/-.*//;s/+git.*//;s/+[0-9][0-9]//'`
 
 if [ "$1" = configure ]; then
     # we've forgot to create pki.version before, do it here
     # and force recreating it if the version is old enough
-    if dpkg --compare-versions "$2" lt "10.3.5-1"; then
+    if dpkg --compare-versions "$2" lt "10.3.5+12-5"; then
         echo "Configuration-Version: $OLD_VERSION" > /etc/pki/pki.version
     fi
 
diff --git a/debian/pki-server.postinst b/debian/pki-server.postinst
index 71d0113..610f627 100644
--- a/debian/pki-server.postinst
+++ b/debian/pki-server.postinst
@@ -2,7 +2,7 @@
 set -e
 
 OUT=/dev/null
-VERSION=`dpkg-query -W pki-server | sed 's/.*\t//;s/-.*//'`
+VERSION=`dpkg-query -W pki-server | sed 's/.*\t//;s/-.*//;s/+git.*//;s/+[0-9][0-9]//'`
 
 if [ "$1" = configure ]; then
     # lets give them a user/group in all cases.

commit b06f6b806aa16b925ac1c78b238d9cc4f815a458
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Mon Sep 18 21:51:15 2017 +0300

    rules: Add a link to jboss-logging.jar.

diff --git a/debian/changelog b/debian/changelog
index 9ee6c8e..25d16b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
+
+  * rules: Add a link to jboss-logging.jar.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Mon, 18 Sep 2017 21:51:09 +0300
+
 dogtag-pki (10.3.5+12-4) unstable; urgency=medium
 
   * pki-tomcatd.init: If no instance is configured, the initscript
diff --git a/debian/rules b/debian/rules
index 0047ba1..c8d969d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -150,6 +150,8 @@ override_dh_install:
 	# not needed since we don't ship any binary applets
 	rm -rf $(CURDIR)/debian/tmp/usr/share/pki/tps/applets
 
+	ln -sf /usr/share/java/jboss-logging.jar $(CURDIR)/debian/tmp/usr/share/pki/lib/jboss-logging.jar
+
 	dh_install --fail-missing
 
 get-orig-source: SOURCE=dogtag-pki



More information about the Pkg-freeipa-devel mailing list