[pkg-java] r13525 - in trunk/tomcat-native/debian: . patches source

Damien Raude-Morvan drazzib at alioth.debian.org
Wed Apr 13 18:20:31 UTC 2011 

Author: drazzib
Date: 2011-04-13 18:20:29 +0000 (Wed, 13 Apr 2011)
New Revision: 13525

Added:
   trunk/tomcat-native/debian/patches/
   trunk/tomcat-native/debian/patches/drop_sslv2_support.diff
   trunk/tomcat-native/debian/patches/series
   trunk/tomcat-native/debian/source/
   trunk/tomcat-native/debian/source/format
Removed:
   trunk/tomcat-native/debian/lintian/
Modified:
   trunk/tomcat-native/debian/changelog
Log:
* Switch to 3.0 quilt source format.
* d/patches/drop_sslv2_support.diff: Drop support for SSLv2
  (Closes: #622141).

Modified: trunk/tomcat-native/debian/changelog
===================================================================
--- trunk/tomcat-native/debian/changelog	2011-04-13 07:56:26 UTC (rev 13524)
+++ trunk/tomcat-native/debian/changelog	2011-04-13 18:20:29 UTC (rev 13525)
@@ -1,3 +1,11 @@
+tomcat-native (1.1.20-3) UNRELEASED; urgency=low
+
+  * Switch to 3.0 quilt source format.
+  * d/patches/drop_sslv2_support.diff: Drop support for SSLv2
+    (Closes: #622141).
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Wed, 13 Apr 2011 20:19:54 +0200
+
 tomcat-native (1.1.20-2) unstable; urgency=low
 
   * Team upload.

Added: trunk/tomcat-native/debian/patches/drop_sslv2_support.diff
===================================================================
--- trunk/tomcat-native/debian/patches/drop_sslv2_support.diff	                        (rev 0)
+++ trunk/tomcat-native/debian/patches/drop_sslv2_support.diff	2011-04-13 18:20:29 UTC (rev 13525)
@@ -0,0 +1,115 @@
+Description: Drop all support for SSLv2 protocol since it's use has been
+ deprecated, because of weaknesses in the security of the protocol.
+Author: Damien Raude-Morvan <drazzib at debian.org>
+Last-Update: 2011-04-13
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
+Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
+--- a/jni/examples/org/apache/tomcat/jni/SSL.properties
++++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
+@@ -18,5 +18,5 @@
+ server.cert=localhost.crt
+ server.key=localhost.key
+ server.password=secret
+-server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+-server.verify=none
+\ No newline at end of file
++server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
++server.verify=none
+--- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
++++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
+@@ -70,7 +70,7 @@
+         serverPool = Pool.create(0);
+         try {
+             /* Create SSL Context, one for each Virtual Host */
+-            serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
++            serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
+             /* List the ciphers that the client is permitted to negotiate. */
+             SSLContext.setCipherSuite(serverCtx, serverCiphers);
+             /* Load Server key and certificate */
+--- a/jni/native/src/sslcontext.c
++++ b/jni/native/src/sslcontext.c
+@@ -72,17 +72,8 @@
+     UNREFERENCED(o);
+ 
+     switch (protocol) {
+-        case SSL_PROTOCOL_SSLV2:
+-        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
+-            if (mode == SSL_MODE_CLIENT)
+-                ctx = SSL_CTX_new(SSLv2_client_method());
+-            else if (mode == SSL_MODE_SERVER)
+-                ctx = SSL_CTX_new(SSLv2_server_method());
+-            else
+-                ctx = SSL_CTX_new(SSLv2_method());
+-        break;
+         case SSL_PROTOCOL_SSLV3:
+-        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
++        case SSL_PROTOCOL_ALL:
+             if (mode == SSL_MODE_CLIENT)
+                 ctx = SSL_CTX_new(SSLv3_client_method());
+             else if (mode == SSL_MODE_SERVER)
+@@ -90,15 +81,6 @@
+             else
+                 ctx = SSL_CTX_new(SSLv3_method());
+         break;
+-        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
+-        case SSL_PROTOCOL_ALL:
+-            if (mode == SSL_MODE_CLIENT)
+-                ctx = SSL_CTX_new(SSLv23_client_method());
+-            else if (mode == SSL_MODE_SERVER)
+-                ctx = SSL_CTX_new(SSLv23_server_method());
+-            else
+-                ctx = SSL_CTX_new(SSLv23_method());
+-        break;
+         case SSL_PROTOCOL_TLSV1:
+             if (mode == SSL_MODE_CLIENT)
+                 ctx = SSL_CTX_new(TLSv1_client_method());
+@@ -125,8 +107,7 @@
+     if (c->bio_os != NULL)
+         BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
+-    if (!(protocol & SSL_PROTOCOL_SSLV2))
+-        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
++    SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
+     if (!(protocol & SSL_PROTOCOL_SSLV3))
+         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+     if (!(protocol & SSL_PROTOCOL_TLSV1))
+--- a/jni/java/org/apache/tomcat/jni/SSL.java
++++ b/jni/java/org/apache/tomcat/jni/SSL.java
+@@ -70,10 +70,9 @@
+      * Define the SSL Protocol options
+      */
+     public static final int SSL_PROTOCOL_NONE  = 0;
+-    public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
+     public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
+     public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
+-    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
++    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
+ 
+     /*
+      * Define the SSL verify levels
+--- a/jni/native/include/ssl_private.h
++++ b/jni/native/include/ssl_private.h
+@@ -113,10 +113,9 @@
+  * Define the SSL Protocol options
+  */
+ #define SSL_PROTOCOL_NONE       (0)
+-#define SSL_PROTOCOL_SSLV2      (1<<0)
+ #define SSL_PROTOCOL_SSLV3      (1<<1)
+ #define SSL_PROTOCOL_TLSV1      (1<<2)
+-#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
++#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+ 
+ #define SSL_MODE_CLIENT         (0)
+ #define SSL_MODE_SERVER         (1)
+--- a/jni/java/org/apache/tomcat/jni/SSLContext.java
++++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
+@@ -31,9 +31,7 @@
+      * @param pool The pool to use.
+      * @param protocol The SSL protocol to use. It can be one of:
+      * <PRE>
+-     * SSL_PROTOCOL_SSLV2
+      * SSL_PROTOCOL_SSLV3
+-     * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
+      * SSL_PROTOCOL_TLSV1
+      * SSL_PROTOCOL_ALL
+      * </PRE>

Added: trunk/tomcat-native/debian/patches/series
===================================================================
--- trunk/tomcat-native/debian/patches/series	                        (rev 0)
+++ trunk/tomcat-native/debian/patches/series	2011-04-13 18:20:29 UTC (rev 13525)
@@ -0,0 +1 @@
+drop_sslv2_support.diff

Added: trunk/tomcat-native/debian/source/format
===================================================================
--- trunk/tomcat-native/debian/source/format	                        (rev 0)
+++ trunk/tomcat-native/debian/source/format	2011-04-13 18:20:29 UTC (rev 13525)
@@ -0,0 +1 @@
+3.0 (quilt)

More information about the pkg-java-commits mailing list