[Pkg-freeipa-devel] dogtag-pki: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Sat Oct 21 22:02:58 UTC 2017
debian/changelog | 17 ++++++++++++++++-
debian/control | 14 ++++++++------
debian/patches/fix-CVE-2017-7537.diff | 19 +++++++++++++++++++
debian/patches/series | 1 +
debian/pki-base.postinst | 6 +++---
debian/pki-server.postinst | 2 +-
debian/rules | 2 ++
7 files changed, 50 insertions(+), 11 deletions(-)
New commits:
commit 0ae77ced6e0d5424c49abdeeda9cb00a4e4a6ef9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Oct 21 11:58:17 2017 +0300
releasing package dogtag-pki version 10.3.5+12-5
diff --git a/debian/changelog b/debian/changelog
index c18c45e..709d68c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
+dogtag-pki (10.3.5+12-5) unstable; urgency=medium
* rules: Add a link to jboss-logging.jar.
* pki-base, pki-server: Fix postinst, strip cruft from the version string.
@@ -11,7 +11,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* control: Bump dependency on libtomcajss-java to verify we have the
correct build.
- -- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
+ -- Timo Aaltonen <tjaalton at debian.org> Sat, 21 Oct 2017 11:58:04 +0300
dogtag-pki (10.3.5+12-4) unstable; urgency=medium
commit 031b79e546f6f95730ce84d31d529611e58f76e9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Oct 21 11:58:03 2017 +0300
control: Bump dependency on libtomcajss-java to verify we have the correct build.
diff --git a/debian/changelog b/debian/changelog
index d4f5112..c18c45e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* control: Use resteasy3.0.
* fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes:
#869261)
+ * control: Bump dependency on libtomcajss-java to verify we have the
+ correct build.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
diff --git a/debian/control b/debian/control
index 0b034b9..309a799 100644
--- a/debian/control
+++ b/debian/control
@@ -30,7 +30,7 @@ Build-Depends:
libservlet3.1-java,
libsvrcore-dev,
libtomcat8.0-java,
- libtomcatjss-java (>= 7.1.4-2),
+ libtomcatjss-java (>= 7.2.4-1),
libxalan2-java,
libxerces2-java,
pkg-config,
@@ -172,7 +172,7 @@ Depends:
libjs-underscore,
libscannotation-java,
libsymkey-java (= ${source:Version}),
- libtomcatjss-java (>= 7.1.4-2),
+ libtomcatjss-java (>= 7.2.4-1),
libnuxwdog-java,
libxml-commons-external-java,
libxml-commons-resolver1.1-java,
commit 87fac6417337a701c021243fe554a969cd2995a4
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Oct 21 11:50:08 2017 +0300
fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes: #869261)
diff --git a/debian/changelog b/debian/changelog
index bb3ff9e..d4f5112 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* control: Add libcommons-httpclient-java to build-depends, and
pki-base-java depends.
* control: Use resteasy3.0.
+ * fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes:
+ #869261)
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
diff --git a/debian/patches/fix-CVE-2017-7537.diff b/debian/patches/fix-CVE-2017-7537.diff
new file mode 100644
index 0000000..80a6eee
--- /dev/null
+++ b/debian/patches/fix-CVE-2017-7537.diff
@@ -0,0 +1,19 @@
+commit 876d13c6d20e7e1235b9efbd601b47315debb492
+Author: Christina Fu <cfu at redhat.com>
+Date: Thu Jun 29 15:44:13 2017 -0700
+
+ Ticket #2779 cmc plugin default change
+
+--- a/base/ca/shared/conf/CS.cfg
++++ b/base/ca/shared/conf/CS.cfg
+@@ -733,8 +733,8 @@ ca.publish.rule.instance.LdapXCertRule.t
+ cmc.cert.confirmRequired=false
+ cmc.lraPopWitness.verify.allow=true
+ cmc.revokeCert.verify=true
+-cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+-cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
++#cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
++#cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+ cms.passwordlist=internaldb,replicationdb
+ cms.password.ignore.publishing.failure=true
+ cms.version=@APPLICATION_VERSION_MAJOR at .@APPLICATION_VERSION_MINOR@
diff --git a/debian/patches/series b/debian/patches/series
index 6cc98ec..d76ba6d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ use-bash.diff
fix-cve-2016-1240.diff
create-target-wants.diff
#use-resteasy-legacy.diff
+fix-CVE-2017-7537.diff
commit f90bbd94cf754a1cf1500e998e68d4a6b8ede827
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Oct 21 11:40:44 2017 +0300
fix the right bug in a previous, ftbfs'd upload
diff --git a/debian/changelog b/debian/changelog
index f414f39..bb3ff9e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,7 +19,7 @@ dogtag-pki (10.3.5+12-4) unstable; urgency=medium
* Depend libresteasy-java << 3.1.0, because the new on doesn't work
even after fixing the build.
* pki-tools.links: Fix the convenience links DRMTool -> KRATool.
- (Closes: #857209)
+ (Closes: #857148)
* pki-base.postinst: Force recreating pki.version if upgrading from
older than 10.3.5-1. (LP: #1691655)
commit 38e4dc5d11a45cddb65bc8f86b4f660435544b58
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Oct 21 11:37:22 2017 +0300
control: Use resteasy3.0.
diff --git a/debian/changelog b/debian/changelog
index 35d7314..f414f39 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* control: Use tomcat8.0. (Closes: #823332, #846714)
* control: Add libcommons-httpclient-java to build-depends, and
pki-base-java depends.
+ * control: Use resteasy3.0.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
diff --git a/debian/control b/debian/control
index 07a5e18..0b034b9 100644
--- a/debian/control
+++ b/debian/control
@@ -26,7 +26,7 @@ Build-Depends:
libnspr4-dev,
libnss3-dev,
libnuxwdog-java,
- libresteasy-java (<< 3.1.0),
+ libresteasy3.0-java,
libservlet3.1-java,
libsvrcore-dev,
libtomcat8.0-java,
@@ -108,7 +108,7 @@ Depends:
libjettison-java,
libjss-java (>= 4.3.1-7),
libldap-java,
- libresteasy-java (<< 3.1.0),
+ libresteasy3.0-java,
libservlet3.1-java,
libxalan2-java,
libxerces2-java,
commit ad2a0f1cbe3ee44f655026293f2d2a243931664d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Oct 21 11:33:00 2017 +0300
close two bugs
diff --git a/debian/changelog b/debian/changelog
index b2e2da5..35d7314 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* rules: Add a link to jboss-logging.jar.
* pki-base, pki-server: Fix postinst, strip cruft from the version string.
- * control: Use tomcat8.0.
+ * control: Use tomcat8.0. (Closes: #823332, #846714)
* control: Add libcommons-httpclient-java to build-depends, and
pki-base-java depends.
commit b3b3a73db57854497c58d4cc8793081f271a07d5
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 21 21:02:35 2017 +0300
control: Add libcommons-httpclient-java to build-depends, and pki-base-java depends.
diff --git a/debian/changelog b/debian/changelog
index ec4d98c..b2e2da5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* rules: Add a link to jboss-logging.jar.
* pki-base, pki-server: Fix postinst, strip cruft from the version string.
* control: Use tomcat8.0.
+ * control: Add libcommons-httpclient-java to build-depends, and
+ pki-base-java depends.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
diff --git a/debian/control b/debian/control
index 6834980..07a5e18 100644
--- a/debian/control
+++ b/debian/control
@@ -14,6 +14,7 @@ Build-Depends:
junit4,
libcommons-cli-java,
libcommons-codec-java,
+ libcommons-httpclient-java,
libcommons-io-java,
libcommons-lang-java,
libidm-console-framework-java,
@@ -99,6 +100,7 @@ Breaks: pki-base (<< 10.3.5-1)
Depends:
libcommons-cli-java,
libcommons-codec-java,
+ libcommons-httpclient-java,
libcommons-io-java,
libcommons-lang-java,
libcommons-logging-java,
commit 1dcf44c5d86296502c4d303c440e36ff5f6f341d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Sep 21 13:53:43 2017 +0300
control: Use tomcat8.0.
diff --git a/debian/changelog b/debian/changelog
index eb0f70c..ec4d98c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* rules: Add a link to jboss-logging.jar.
* pki-base, pki-server: Fix postinst, strip cruft from the version string.
+ * control: Use tomcat8.0.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
diff --git a/debian/control b/debian/control
index 3653932..6834980 100644
--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,7 @@ Build-Depends:
libresteasy-java (<< 3.1.0),
libservlet3.1-java,
libsvrcore-dev,
- libtomcat8-java,
+ libtomcat8.0-java,
libtomcatjss-java (>= 7.1.4-2),
libxalan2-java,
libxerces2-java,
@@ -180,7 +180,7 @@ Depends:
python-ldap,
python-lxml,
python-selinux,
- tomcat8-user,
+ tomcat8.0-user,
velocity,
${java:Depends},
${misc:Depends},
commit 9b550ec03513085cbfe74ccdadd61dbeebd10513
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Sep 22 07:45:29 2017 +0300
pki-base: Fix postinst, strip cruft from the version string.
diff --git a/debian/changelog b/debian/changelog
index 25d16b8..eb0f70c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
* rules: Add a link to jboss-logging.jar.
+ * pki-base, pki-server: Fix postinst, strip cruft from the version string.
-- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
diff --git a/debian/pki-base.postinst b/debian/pki-base.postinst
index 59110de..1c3ba24 100644
--- a/debian/pki-base.postinst
+++ b/debian/pki-base.postinst
@@ -1,13 +1,13 @@
#!/bin/sh
set -e
-OLD_VERSION=`echo $2 | sed 's/-.*//;s/+git.*//'`
-VERSION=`dpkg-query -W pki-base | sed 's/.*\t//;s/-.*//;s/+git.*//'`
+OLD_VERSION=`echo $2 | sed 's/-.*//;s/+git.*//;s/+[0-9][0-9]//'`
+VERSION=`dpkg-query -W pki-base | sed 's/.*\t//;s/-.*//;s/+git.*//;s/+[0-9][0-9]//'`
if [ "$1" = configure ]; then
# we've forgot to create pki.version before, do it here
# and force recreating it if the version is old enough
- if dpkg --compare-versions "$2" lt "10.3.5-1"; then
+ if dpkg --compare-versions "$2" lt "10.3.5+12-5"; then
echo "Configuration-Version: $OLD_VERSION" > /etc/pki/pki.version
fi
diff --git a/debian/pki-server.postinst b/debian/pki-server.postinst
index 71d0113..610f627 100644
--- a/debian/pki-server.postinst
+++ b/debian/pki-server.postinst
@@ -2,7 +2,7 @@
set -e
OUT=/dev/null
-VERSION=`dpkg-query -W pki-server | sed 's/.*\t//;s/-.*//'`
+VERSION=`dpkg-query -W pki-server | sed 's/.*\t//;s/-.*//;s/+git.*//;s/+[0-9][0-9]//'`
if [ "$1" = configure ]; then
# lets give them a user/group in all cases.
commit b06f6b806aa16b925ac1c78b238d9cc4f815a458
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Sep 18 21:51:15 2017 +0300
rules: Add a link to jboss-logging.jar.
diff --git a/debian/changelog b/debian/changelog
index 9ee6c8e..25d16b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dogtag-pki (10.3.5+12-5) UNRELEASED; urgency=medium
+
+ * rules: Add a link to jboss-logging.jar.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Mon, 18 Sep 2017 21:51:09 +0300
+
dogtag-pki (10.3.5+12-4) unstable; urgency=medium
* pki-tomcatd.init: If no instance is configured, the initscript
diff --git a/debian/rules b/debian/rules
index 0047ba1..c8d969d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -150,6 +150,8 @@ override_dh_install:
# not needed since we don't ship any binary applets
rm -rf $(CURDIR)/debian/tmp/usr/share/pki/tps/applets
+ ln -sf /usr/share/java/jboss-logging.jar $(CURDIR)/debian/tmp/usr/share/pki/lib/jboss-logging.jar
+
dh_install --fail-missing
get-orig-source: SOURCE=dogtag-pki
More information about the Pkg-freeipa-devel
mailing list