[pkg-java] r4462 - in trunk/jetty/debian: . patches
mkoch at alioth.debian.org
mkoch at alioth.debian.org
Wed Oct 24 13:37:03 UTC 2007
Author: mkoch
Date: 2007-10-24 13:37:03 +0000 (Wed, 24 Oct 2007)
New Revision: 4462
Added:
trunk/jetty/debian/patches/disable-jetty-plus.patch
trunk/jetty/debian/watch
Removed:
trunk/jetty/debian/patches/cve-2007-6969.patch
Modified:
trunk/jetty/debian/changelog
trunk/jetty/debian/control
trunk/jetty/debian/jetty.init
trunk/jetty/debian/patches/sunjsse-disable.patch
trunk/jetty/debian/rules
trunk/jetty/debian/start.config
Log:
jetty (5.1.14-1) unstable; urgency=low
* New upstream release.
- Removed debian/patches/cve-2007-6969.patch. Applied upstream.
* Added recognition of installed libcommons-el-java to debian/start.config.
Closes: #352093.
* Fixed short and long service description in debian/jetty.init.
Closes: #446788.
* Removed libapache2-mod-webapp from Suggests.
* Added watch file.
-- Michael Koch <konqueror at gmx.de> Wed, 24 Oct 2007 14:14:45 +0200
Modified: trunk/jetty/debian/changelog
===================================================================
--- trunk/jetty/debian/changelog 2007-10-24 13:29:00 UTC (rev 4461)
+++ trunk/jetty/debian/changelog 2007-10-24 13:37:03 UTC (rev 4462)
@@ -1,3 +1,16 @@
+jetty (5.1.14-1) unstable; urgency=low
+
+ * New upstream release.
+ - Removed debian/patches/cve-2007-6969.patch. Applied upstream.
+ * Added recognition of installed libcommons-el-java to debian/start.config.
+ Closes: #352093.
+ * Fixed short and long service description in debian/jetty.init.
+ Closes: #446788.
+ * Removed libapache2-mod-webapp from Suggests.
+ * Added watch file.
+
+ -- Michael Koch <konqueror at gmx.de> Wed, 24 Oct 2007 14:14:45 +0200
+
jetty (5.1.10-4) unstable; urgency=low
* Added patch to fix CVE-2006-6969. Thanks to Greg Wilkins for the patch.
Modified: trunk/jetty/debian/control
===================================================================
--- trunk/jetty/debian/control 2007-10-24 13:29:00 UTC (rev 4461)
+++ trunk/jetty/debian/control 2007-10-24 13:37:03 UTC (rev 4462)
@@ -4,13 +4,13 @@
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Uploaders: Philipp Meier <meier at fnogol.de>, Michael Koch <konqueror at gmx.de>
Build-Depends: debhelper (>= 4.9.5), cdbs (>> 0.4.5.3)
-Build-Depends-Indep: java-gcj-compat-dev, ant, junit, libmx4j-java, liblog4j1.2-java, libservlet2.4-java, libcommons-logging-java
+Build-Depends-Indep: java-gcj-compat-dev, ant, junit, libmx4j-java, liblog4j1.2-java, libservlet2.4-java, libcommons-logging-java, libgnumail-java
Standards-Version: 3.7.2
Package: jetty
Architecture: all
Depends: java-gcj-compat | java1-runtime | java2-runtime, libxerces2-java, libmx4j-java, adduser, libtomcat5.5-java, libservlet2.4-java, libcommons-logging-java, ant, apache2-utils
-Suggests: libapache2-mod-webapp | libapache2-mod-jk
+Suggests: libapache2-mod-jk
Description: Java servlet engine and webserver
Jetty is an Open Source HTTP Servlet Server written in 100% Java.
It is designed to be light weight, high performance, embeddable,
Modified: trunk/jetty/debian/jetty.init
===================================================================
--- trunk/jetty/debian/jetty.init 2007-10-24 13:29:00 UTC (rev 4461)
+++ trunk/jetty/debian/jetty.init 2007-10-24 13:37:03 UTC (rev 4462)
@@ -12,9 +12,8 @@
# Should-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
-# Short-Description: Generate xfree86 configuration at boot time
-# Description: Preseed X configuration and use dexconf to
-# generate a new configuration file.
+# Short-Description: Start Jetty
+# Description: Start Jetty HTTP server and servlet container.
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
Deleted: trunk/jetty/debian/patches/cve-2007-6969.patch
===================================================================
--- trunk/jetty/debian/patches/cve-2007-6969.patch 2007-10-24 13:29:00 UTC (rev 4461)
+++ trunk/jetty/debian/patches/cve-2007-6969.patch 2007-10-24 13:37:03 UTC (rev 4462)
@@ -1,117 +0,0 @@
---- src/org/mortbay/jetty/servlet/AbstractSessionManager.java 2006/06/21 09:35:28 1.52
-+++ src/org/mortbay/jetty/servlet/AbstractSessionManager.java 2006/11/22 20:01:10 1.53
-@@ -15,6 +15,8 @@
-
- package org.mortbay.jetty.servlet;
-
-+import java.security.NoSuchAlgorithmException;
-+import java.security.SecureRandom;
- import java.util.ArrayList;
- import java.util.Collections;
- import java.util.Enumeration;
-@@ -82,6 +84,7 @@
- protected transient ArrayList _sessionAttributeListeners=new ArrayList();
- protected transient Map _sessions;
- protected transient Random _random;
-+ protected transient boolean _weakRandom;
- protected transient ServletHandler _handler;
- protected int _minSessions = 0;
- protected int _maxSessions = 0;
-@@ -102,6 +105,7 @@
- public AbstractSessionManager(Random random)
- {
- _random=random;
-+ _weakRandom=false;
- }
-
-
-@@ -192,8 +196,7 @@
- /* ------------------------------------------------------------ */
- /* new Session ID.
- * If the request has a requestedSessionID which is unique, that is used.
-- * The session ID is created as a unique random long, represented as in a
-- * base between 30 and 36, selected by timestamp.
-+ * The session ID is created as a unique random long base 36.
- * If the request has a jvmRoute attribute, that is appended as a
- * worker tag, else any worker tag set on the manager is appended.
- * @param request
-@@ -221,9 +224,16 @@
- String id=null;
- while (id==null || id.length()==0 || __allSessions.containsKey(id))
- {
-- long r = _random.nextLong();
-- if (r<0)r=-r;
-- id=Long.toString(r,30+(int)(created%7));
-+ long r=_weakRandom
-+ ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
-+ :_random.nextLong();
-+ r^=created;
-+ if (request!=null && request.getRemoteAddr()!=null)
-+ r^=request.getRemoteAddr().hashCode();
-+ if (r<0)
-+ r=-r;
-+ id=Long.toString(r,36);
-+
- String worker = (String)request.getAttribute("org.mortbay.http.ajp.JVMRoute");
- if (worker!=null)
- id+="."+worker;
-@@ -469,11 +479,18 @@
- if (_random==null)
- {
- log.debug("New random session seed");
-- _random=new Random();
-+ try
-+ {
-+ _random=SecureRandom.getInstance("SHA1PRNG");
-+ }
-+ catch (NoSuchAlgorithmException e)
-+ {
-+ log.warn("Could not generate SecureRandom for session-id randomness",e);
-+ _random=new Random();
-+ _weakRandom=true;
-+ }
-+ _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
- }
-- else
-- if(log.isDebugEnabled())log.debug("Initializing random session key: "+_random);
-- _random.nextLong();
-
- if (_sessions==null)
- _sessions=new HashMap();
-@@ -564,7 +581,20 @@
- thread.setContextClassLoader(old_loader);
- }
- }
--
-+
-+
-+ /* ------------------------------------------------------------ */
-+ public Random getRandom()
-+ {
-+ return _random;
-+ }
-+
-+ /* ------------------------------------------------------------ */
-+ public void setRandom(Random random)
-+ {
-+ _random=random;
-+ }
-+
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
-@@ -607,7 +637,7 @@
-
- } // SessionScavenger
-
--
-+
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
-@@ -926,4 +956,5 @@
- }
-
-
-+
- }
Added: trunk/jetty/debian/patches/disable-jetty-plus.patch
===================================================================
--- trunk/jetty/debian/patches/disable-jetty-plus.patch (rev 0)
+++ trunk/jetty/debian/patches/disable-jetty-plus.patch 2007-10-24 13:37:03 UTC (rev 4462)
@@ -0,0 +1,34 @@
+--- extra/plus/build.xml
++++ extra/plus/build.xml
+@@ -132,6 +132,7 @@
+ <include name="**/*.properties" />
+ </fileset>
+ </copy>
++ <!--
+ <javac srcdir="${src}"
+ destdir="${classes}"
+ debug="true"
+@@ -142,6 +143,7 @@
+ </classpath>
+ <include name="**/*.java"/>
+ </javac>
++ -->
+ </target>
+
+
+@@ -197,6 +199,7 @@
+ if="jaas.demo.available"
+ description="JAAS demo webapp">
+ <mkdir dir="${jaas.webapp.classes}"/>
++ <!--
+ <javac srcdir="${demo.src}"
+ destdir="${jaas.webapp.classes}"
+ debug="${javac.debug}"
+@@ -208,6 +211,7 @@
+ </classpath>
+ <include name="**/jaas/**.java" />
+ </javac>
++ -->
+ </target>
+
+
Modified: trunk/jetty/debian/patches/sunjsse-disable.patch
===================================================================
--- trunk/jetty/debian/patches/sunjsse-disable.patch 2007-10-24 13:29:00 UTC (rev 4461)
+++ trunk/jetty/debian/patches/sunjsse-disable.patch 2007-10-24 13:37:03 UTC (rev 4462)
@@ -13,10 +13,12 @@
</target>
<!-- ==================================================================== -->
-@@ -182,6 +188,7 @@
+@@ -181,6 +188,7 @@
+ <pathelement path="${classes}"/>
</classpath>
<include name="**/*.java"/>
- <exclude name="**/jmx/**" unless="jmx.available"/>
+- <exclude name="**/jmx/**" unless="jmx.available"/>
++ <exclude name="**/jmx/**"/>
+ <exclude name="**/SunJsseListener.java" unless="sunjsse.available"/>
</javac>
@@ -36,10 +38,12 @@
</target>
-@@ -136,6 +142,7 @@
+@@ -135,6 +142,7 @@
+ <pathelement path="${classes}"/>
</classpath>
<include name="**/*.java"/>
- <exclude name="**/jmx/**" unless="jmx.available"/>
+- <exclude name="**/jmx/**" unless="jmx.available"/>
++ <exclude name="**/jmx/**"/>
+ <exclude name="**/SunJsseListener.java" unless="sunjsse.available"/>
</javac>
Modified: trunk/jetty/debian/rules
===================================================================
--- trunk/jetty/debian/rules 2007-10-24 13:29:00 UTC (rev 4461)
+++ trunk/jetty/debian/rules 2007-10-24 13:37:03 UTC (rev 4462)
@@ -7,5 +7,5 @@
JAVA_HOME := /usr/lib/jvm/java-gcj
ANT_HOME := /usr/share/ant
-DEB_JARS := mx4j log4j-1.2 log4j junit
+DEB_JARS := mx4j log4j-1.2 log4j junit commons-logging gnumail
DEB_ANT_INSTALL_TARGET := webapps extra javadoc
Modified: trunk/jetty/debian/start.config
===================================================================
--- trunk/jetty/debian/start.config 2007-10-24 13:29:00 UTC (rev 4461)
+++ trunk/jetty/debian/start.config 2007-10-24 13:37:03 UTC (rev 4462)
@@ -74,6 +74,7 @@
# Set the classpath for the supporting cast
$(java.lib.home)/commons-logging.jar ! available org.apache.commons.logging.LogFactory
+$(java.lib.home)/commons-el.jar ! available org.apache.commons.el.ExpressionEvaluatorImpl
$(java.lib.home)/jmxri.jar ! available javax.management.MBeanServer
$(tomcat.lib.home)/jasper-runtime.jar ! available org.apache.jasper.Constants
$(tomcat.lib.home)/jasper-compiler.jar ! available org.apache.jasper.JspCompilationContext
Added: trunk/jetty/debian/watch
===================================================================
--- trunk/jetty/debian/watch (rev 0)
+++ trunk/jetty/debian/watch 2007-10-24 13:37:03 UTC (rev 4462)
@@ -0,0 +1,2 @@
+version=3
+ftp://ftp.mortbay.org/pub/jetty-5/jetty-(.*)\.tgz debian uupdate
More information about the pkg-java-commits
mailing list