[pkg-java] r14161 - in trunk/tomcat-native/debian: . patches
Damien Raude-Morvan
drazzib at alioth.debian.org
Fri Aug 12 18:05:17 UTC 2011
Author: drazzib
Date: 2011-08-12 18:05:17 +0000 (Fri, 12 Aug 2011)
New Revision: 14161
Modified:
trunk/tomcat-native/debian/changelog
trunk/tomcat-native/debian/patches/drop_sslv2_support.diff
Log:
* New upstream release:
- Update d/patches/drop_sslv2_support.diff patch.
Modified: trunk/tomcat-native/debian/changelog
===================================================================
--- trunk/tomcat-native/debian/changelog 2011-08-12 17:42:17 UTC (rev 14160)
+++ trunk/tomcat-native/debian/changelog 2011-08-12 18:05:17 UTC (rev 14161)
@@ -1,3 +1,10 @@
+tomcat-native (1.1.22-1) unstable; urgency=low
+
+ * New upstream release:
+ - Update d/patches/drop_sslv2_support.diff patch.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Fri, 12 Aug 2011 20:02:57 +0200
+
tomcat-native (1.1.20-3) unstable; urgency=low
* Switch to 3.0 quilt source format.
Modified: trunk/tomcat-native/debian/patches/drop_sslv2_support.diff
===================================================================
--- trunk/tomcat-native/debian/patches/drop_sslv2_support.diff 2011-08-12 17:42:17 UTC (rev 14160)
+++ trunk/tomcat-native/debian/patches/drop_sslv2_support.diff 2011-08-12 18:05:17 UTC (rev 14161)
@@ -1,9 +1,11 @@
Description: Drop all support for SSLv2 protocol since it's use has been
deprecated, because of weaknesses in the security of the protocol.
Author: Damien Raude-Morvan <drazzib at debian.org>
-Last-Update: 2011-04-13
+Last-Update: 2011-08-12
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
+Index: b/jni/examples/org/apache/tomcat/jni/SSL.properties
+===================================================================
--- a/jni/examples/org/apache/tomcat/jni/SSL.properties
+++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
@@ -18,5 +18,5 @@
@@ -15,6 +17,8 @@
\ No newline at end of file
+server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
+server.verify=none
+Index: b/jni/examples/org/apache/tomcat/jni/SSLServer.java
+===================================================================
--- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
+++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
@@ -70,7 +70,7 @@
@@ -26,53 +30,8 @@
/* List the ciphers that the client is permitted to negotiate. */
SSLContext.setCipherSuite(serverCtx, serverCiphers);
/* Load Server key and certificate */
---- a/jni/native/src/sslcontext.c
-+++ b/jni/native/src/sslcontext.c
-@@ -72,17 +72,8 @@
- UNREFERENCED(o);
-
- switch (protocol) {
-- case SSL_PROTOCOL_SSLV2:
-- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
-- if (mode == SSL_MODE_CLIENT)
-- ctx = SSL_CTX_new(SSLv2_client_method());
-- else if (mode == SSL_MODE_SERVER)
-- ctx = SSL_CTX_new(SSLv2_server_method());
-- else
-- ctx = SSL_CTX_new(SSLv2_method());
-- break;
- case SSL_PROTOCOL_SSLV3:
-- case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
-+ case SSL_PROTOCOL_ALL:
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(SSLv3_client_method());
- else if (mode == SSL_MODE_SERVER)
-@@ -90,15 +81,6 @@
- else
- ctx = SSL_CTX_new(SSLv3_method());
- break;
-- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
-- case SSL_PROTOCOL_ALL:
-- if (mode == SSL_MODE_CLIENT)
-- ctx = SSL_CTX_new(SSLv23_client_method());
-- else if (mode == SSL_MODE_SERVER)
-- ctx = SSL_CTX_new(SSLv23_server_method());
-- else
-- ctx = SSL_CTX_new(SSLv23_method());
-- break;
- case SSL_PROTOCOL_TLSV1:
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(TLSv1_client_method());
-@@ -125,8 +107,7 @@
- if (c->bio_os != NULL)
- BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
-- if (!(protocol & SSL_PROTOCOL_SSLV2))
-- SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
-+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
- if (!(protocol & SSL_PROTOCOL_SSLV3))
- SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
- if (!(protocol & SSL_PROTOCOL_TLSV1))
+Index: b/jni/java/org/apache/tomcat/jni/SSL.java
+===================================================================
--- a/jni/java/org/apache/tomcat/jni/SSL.java
+++ b/jni/java/org/apache/tomcat/jni/SSL.java
@@ -70,10 +70,9 @@
@@ -87,6 +46,22 @@
/*
* Define the SSL verify levels
+Index: b/jni/java/org/apache/tomcat/jni/SSLContext.java
+===================================================================
+--- a/jni/java/org/apache/tomcat/jni/SSLContext.java
++++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
+@@ -31,9 +31,7 @@
+ * @param pool The pool to use.
+ * @param protocol The SSL protocol to use. It can be one of:
+ * <PRE>
+- * SSL_PROTOCOL_SSLV2
+ * SSL_PROTOCOL_SSLV3
+- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
+ * SSL_PROTOCOL_TLSV1
+ * SSL_PROTOCOL_ALL
+ * </PRE>
+Index: b/jni/native/include/ssl_private.h
+===================================================================
--- a/jni/native/include/ssl_private.h
+++ b/jni/native/include/ssl_private.h
@@ -113,10 +113,9 @@
@@ -101,15 +76,56 @@
#define SSL_MODE_CLIENT (0)
#define SSL_MODE_SERVER (1)
---- a/jni/java/org/apache/tomcat/jni/SSLContext.java
-+++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
-@@ -31,9 +31,7 @@
- * @param pool The pool to use.
- * @param protocol The SSL protocol to use. It can be one of:
- * <PRE>
-- * SSL_PROTOCOL_SSLV2
- * SSL_PROTOCOL_SSLV3
-- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
- * SSL_PROTOCOL_TLSV1
- * SSL_PROTOCOL_ALL
- * </PRE>
+Index: b/jni/native/src/sslcontext.c
+===================================================================
+--- a/jni/native/src/sslcontext.c
++++ b/jni/native/src/sslcontext.c
+@@ -72,6 +72,7 @@
+ UNREFERENCED(o);
+
+ switch (protocol) {
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_SSLV2:
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+@@ -80,6 +81,7 @@
+ else
+ ctx = SSL_CTX_new(SSLv2_method());
+ break;
++#endif
+ case SSL_PROTOCOL_SSLV3:
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+@@ -88,6 +90,7 @@
+ else
+ ctx = SSL_CTX_new(SSLv3_method());
+ break;
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
+ case SSL_PROTOCOL_ALL:
+@@ -99,7 +102,13 @@
+ else
+ ctx = SSL_CTX_new(SSLv23_method());
+ break;
++#endif
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_TLSV1:
++#else
++ case SSL_PROTOCOL_ALL:
++ case SSL_PROTOCOL_TLSV1:
++#endif
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(TLSv1_client_method());
+ else if (mode == SSL_MODE_SERVER)
+@@ -127,8 +136,10 @@
+ if (c->bio_os != NULL)
+ BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
++#ifndef OPENSSL_NO_SSL2
+ if (!(protocol & SSL_PROTOCOL_SSLV2))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
++#endif
+ if (!(protocol & SSL_PROTOCOL_SSLV3))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+ if (!(protocol & SSL_PROTOCOL_TLSV1))
More information about the pkg-java-commits
mailing list