[pkg-java] r14162 - in tags/tomcat-native: . 1.1.22-1/debian 1.1.22-1/debian/patches
Damien Raude-Morvan
drazzib at alioth.debian.org
Fri Aug 12 18:05:53 UTC 2011
Author: drazzib
Date: 2011-08-12 18:05:53 +0000 (Fri, 12 Aug 2011)
New Revision: 14162
Added:
tags/tomcat-native/1.1.22-1/
tags/tomcat-native/1.1.22-1/debian/changelog
tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff
Removed:
tags/tomcat-native/1.1.22-1/debian/changelog
tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff
Log:
[svn-buildpackage] Tagging tomcat-native 1.1.22-1
Deleted: tags/tomcat-native/1.1.22-1/debian/changelog
===================================================================
--- trunk/tomcat-native/debian/changelog 2011-08-10 01:40:22 UTC (rev 14146)
+++ tags/tomcat-native/1.1.22-1/debian/changelog 2011-08-12 18:05:53 UTC (rev 14162)
@@ -1,84 +0,0 @@
-tomcat-native (1.1.20-3) unstable; urgency=low
-
- * Switch to 3.0 quilt source format.
- * d/patches/drop_sslv2_support.diff: Drop support for SSLv2
- (Closes: #622141).
- * d/copyright: Update to DEP-5 format.
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sun, 10 Jul 2011 23:42:01 +0200
-
-tomcat-native (1.1.20-2) unstable; urgency=low
-
- * Team upload.
- * Remove *.la (Closes: #621279)
- * Bump Standards-Version to 3.9.2 (no changes needed)
-
- -- tony mancill <tmancill at debian.org> Sat, 09 Apr 2011 10:57:15 -0700
-
-tomcat-native (1.1.20-1) unstable; urgency=low
-
- * New upstream release:
- - Prevent crashing JVM on shutdown.
- * Bump Standards-Version to 3.8.4 (no changes needed)
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sat, 20 Feb 2010 22:50:34 +0100
-
-tomcat-native (1.1.19-1) unstable; urgency=low
-
- * New upstream release.
- - minor versioning fix
- - allows building against OpenSSL 1.0
- * Add a README.Debian to help users to setup Tomcat 6.x
- with Tomcat Native Library
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sun, 17 Jan 2010 01:27:46 +0100
-
-tomcat-native (1.1.18-1) unstable; urgency=high
-
- * New upstream release.
- - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack
- - set urgency=high to get security fix in testing
-
- -- Damien Raude-Morvan <drazzib at debian.org> Tue, 24 Nov 2009 01:46:20 +0100
-
-tomcat-native (1.1.17-1) unstable; urgency=low
-
- * New upstream release.
- * debian/control:
- - Update my email address
- - Bump Standards-Version to 3.8.3 (no changes needed)
- - Bump debhelper version to >= 7
- - Update upstream Homepage field
- - Use default-jdk instead of default-jdk-builddep as there is no
- native (-gcj) package build.
- * debian/copyright:
- - Update upstream copyright years
- - Add myself as debian/* copyright holder
- * debian/libtcnative-1.lintian-overrides:
- - Change to be version agnostic
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sat, 07 Nov 2009 21:41:36 +0100
-
-tomcat-native (1.1.16-1) unstable; urgency=low
-
- * New upstream release (Closes: #514500)
- - Fix IPv6 issues (Closes: #517163, #521306)
- * debian/control:
- - Move libtcnative-1 to "java" section
- - Add myself to Uploaders
- - Bump Standards-Version to 3.8.1 (no changes needed)
- * debian/watch: Update to new upstream location
- * debian/rules: Provide a "get-orig-source" target using uscan
- * debian/control: Build-Depends on default-jdk-builddep
- * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java
- * Remove debian/libtcnative-1.install and use dh_lintian
- to install debian/libtcnative-1.lintian-overrides
-
- -- Damien Raude-Morvan <drazzib at drazzib.com> Sun, 29 Mar 2009 15:40:58 +0200
-
-tomcat-native (1.1.13-1) unstable; urgency=low
-
- * Initial release. Closes: #485037.
-
- -- Michael Koch <konqueror at gmx.de> Sat, 07 Jun 2008 15:16:14 +0200
-
Copied: tags/tomcat-native/1.1.22-1/debian/changelog (from rev 14161, trunk/tomcat-native/debian/changelog)
===================================================================
--- tags/tomcat-native/1.1.22-1/debian/changelog (rev 0)
+++ tags/tomcat-native/1.1.22-1/debian/changelog 2011-08-12 18:05:53 UTC (rev 14162)
@@ -0,0 +1,91 @@
+tomcat-native (1.1.22-1) unstable; urgency=low
+
+ * New upstream release:
+ - Update d/patches/drop_sslv2_support.diff patch.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Fri, 12 Aug 2011 20:02:57 +0200
+
+tomcat-native (1.1.20-3) unstable; urgency=low
+
+ * Switch to 3.0 quilt source format.
+ * d/patches/drop_sslv2_support.diff: Drop support for SSLv2
+ (Closes: #622141).
+ * d/copyright: Update to DEP-5 format.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sun, 10 Jul 2011 23:42:01 +0200
+
+tomcat-native (1.1.20-2) unstable; urgency=low
+
+ * Team upload.
+ * Remove *.la (Closes: #621279)
+ * Bump Standards-Version to 3.9.2 (no changes needed)
+
+ -- tony mancill <tmancill at debian.org> Sat, 09 Apr 2011 10:57:15 -0700
+
+tomcat-native (1.1.20-1) unstable; urgency=low
+
+ * New upstream release:
+ - Prevent crashing JVM on shutdown.
+ * Bump Standards-Version to 3.8.4 (no changes needed)
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sat, 20 Feb 2010 22:50:34 +0100
+
+tomcat-native (1.1.19-1) unstable; urgency=low
+
+ * New upstream release.
+ - minor versioning fix
+ - allows building against OpenSSL 1.0
+ * Add a README.Debian to help users to setup Tomcat 6.x
+ with Tomcat Native Library
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sun, 17 Jan 2010 01:27:46 +0100
+
+tomcat-native (1.1.18-1) unstable; urgency=high
+
+ * New upstream release.
+ - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack
+ - set urgency=high to get security fix in testing
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Tue, 24 Nov 2009 01:46:20 +0100
+
+tomcat-native (1.1.17-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/control:
+ - Update my email address
+ - Bump Standards-Version to 3.8.3 (no changes needed)
+ - Bump debhelper version to >= 7
+ - Update upstream Homepage field
+ - Use default-jdk instead of default-jdk-builddep as there is no
+ native (-gcj) package build.
+ * debian/copyright:
+ - Update upstream copyright years
+ - Add myself as debian/* copyright holder
+ * debian/libtcnative-1.lintian-overrides:
+ - Change to be version agnostic
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sat, 07 Nov 2009 21:41:36 +0100
+
+tomcat-native (1.1.16-1) unstable; urgency=low
+
+ * New upstream release (Closes: #514500)
+ - Fix IPv6 issues (Closes: #517163, #521306)
+ * debian/control:
+ - Move libtcnative-1 to "java" section
+ - Add myself to Uploaders
+ - Bump Standards-Version to 3.8.1 (no changes needed)
+ * debian/watch: Update to new upstream location
+ * debian/rules: Provide a "get-orig-source" target using uscan
+ * debian/control: Build-Depends on default-jdk-builddep
+ * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java
+ * Remove debian/libtcnative-1.install and use dh_lintian
+ to install debian/libtcnative-1.lintian-overrides
+
+ -- Damien Raude-Morvan <drazzib at drazzib.com> Sun, 29 Mar 2009 15:40:58 +0200
+
+tomcat-native (1.1.13-1) unstable; urgency=low
+
+ * Initial release. Closes: #485037.
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 07 Jun 2008 15:16:14 +0200
+
Deleted: tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff
===================================================================
--- trunk/tomcat-native/debian/patches/drop_sslv2_support.diff 2011-08-10 01:40:22 UTC (rev 14146)
+++ tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff 2011-08-12 18:05:53 UTC (rev 14162)
@@ -1,115 +0,0 @@
-Description: Drop all support for SSLv2 protocol since it's use has been
- deprecated, because of weaknesses in the security of the protocol.
-Author: Damien Raude-Morvan <drazzib at debian.org>
-Last-Update: 2011-04-13
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
-Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
---- a/jni/examples/org/apache/tomcat/jni/SSL.properties
-+++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
-@@ -18,5 +18,5 @@
- server.cert=localhost.crt
- server.key=localhost.key
- server.password=secret
--server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
--server.verify=none
-\ No newline at end of file
-+server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
-+server.verify=none
---- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
-+++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
-@@ -70,7 +70,7 @@
- serverPool = Pool.create(0);
- try {
- /* Create SSL Context, one for each Virtual Host */
-- serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
-+ serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
- /* List the ciphers that the client is permitted to negotiate. */
- SSLContext.setCipherSuite(serverCtx, serverCiphers);
- /* Load Server key and certificate */
---- a/jni/native/src/sslcontext.c
-+++ b/jni/native/src/sslcontext.c
-@@ -72,17 +72,8 @@
- UNREFERENCED(o);
-
- switch (protocol) {
-- case SSL_PROTOCOL_SSLV2:
-- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
-- if (mode == SSL_MODE_CLIENT)
-- ctx = SSL_CTX_new(SSLv2_client_method());
-- else if (mode == SSL_MODE_SERVER)
-- ctx = SSL_CTX_new(SSLv2_server_method());
-- else
-- ctx = SSL_CTX_new(SSLv2_method());
-- break;
- case SSL_PROTOCOL_SSLV3:
-- case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
-+ case SSL_PROTOCOL_ALL:
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(SSLv3_client_method());
- else if (mode == SSL_MODE_SERVER)
-@@ -90,15 +81,6 @@
- else
- ctx = SSL_CTX_new(SSLv3_method());
- break;
-- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
-- case SSL_PROTOCOL_ALL:
-- if (mode == SSL_MODE_CLIENT)
-- ctx = SSL_CTX_new(SSLv23_client_method());
-- else if (mode == SSL_MODE_SERVER)
-- ctx = SSL_CTX_new(SSLv23_server_method());
-- else
-- ctx = SSL_CTX_new(SSLv23_method());
-- break;
- case SSL_PROTOCOL_TLSV1:
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(TLSv1_client_method());
-@@ -125,8 +107,7 @@
- if (c->bio_os != NULL)
- BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
-- if (!(protocol & SSL_PROTOCOL_SSLV2))
-- SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
-+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
- if (!(protocol & SSL_PROTOCOL_SSLV3))
- SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
- if (!(protocol & SSL_PROTOCOL_TLSV1))
---- a/jni/java/org/apache/tomcat/jni/SSL.java
-+++ b/jni/java/org/apache/tomcat/jni/SSL.java
-@@ -70,10 +70,9 @@
- * Define the SSL Protocol options
- */
- public static final int SSL_PROTOCOL_NONE = 0;
-- public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
- public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
- public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
-- public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
-+ public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
-
- /*
- * Define the SSL verify levels
---- a/jni/native/include/ssl_private.h
-+++ b/jni/native/include/ssl_private.h
-@@ -113,10 +113,9 @@
- * Define the SSL Protocol options
- */
- #define SSL_PROTOCOL_NONE (0)
--#define SSL_PROTOCOL_SSLV2 (1<<0)
- #define SSL_PROTOCOL_SSLV3 (1<<1)
- #define SSL_PROTOCOL_TLSV1 (1<<2)
--#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-+#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-
- #define SSL_MODE_CLIENT (0)
- #define SSL_MODE_SERVER (1)
---- a/jni/java/org/apache/tomcat/jni/SSLContext.java
-+++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
-@@ -31,9 +31,7 @@
- * @param pool The pool to use.
- * @param protocol The SSL protocol to use. It can be one of:
- * <PRE>
-- * SSL_PROTOCOL_SSLV2
- * SSL_PROTOCOL_SSLV3
-- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
- * SSL_PROTOCOL_TLSV1
- * SSL_PROTOCOL_ALL
- * </PRE>
Copied: tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff (from rev 14161, trunk/tomcat-native/debian/patches/drop_sslv2_support.diff)
===================================================================
--- tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff (rev 0)
+++ tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff 2011-08-12 18:05:53 UTC (rev 14162)
@@ -0,0 +1,131 @@
+Description: Drop all support for SSLv2 protocol since it's use has been
+ deprecated, because of weaknesses in the security of the protocol.
+Author: Damien Raude-Morvan <drazzib at debian.org>
+Last-Update: 2011-08-12
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
+Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
+Index: b/jni/examples/org/apache/tomcat/jni/SSL.properties
+===================================================================
+--- a/jni/examples/org/apache/tomcat/jni/SSL.properties
++++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
+@@ -18,5 +18,5 @@
+ server.cert=localhost.crt
+ server.key=localhost.key
+ server.password=secret
+-server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+-server.verify=none
+\ No newline at end of file
++server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
++server.verify=none
+Index: b/jni/examples/org/apache/tomcat/jni/SSLServer.java
+===================================================================
+--- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
++++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
+@@ -70,7 +70,7 @@
+ serverPool = Pool.create(0);
+ try {
+ /* Create SSL Context, one for each Virtual Host */
+- serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
++ serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
+ /* List the ciphers that the client is permitted to negotiate. */
+ SSLContext.setCipherSuite(serverCtx, serverCiphers);
+ /* Load Server key and certificate */
+Index: b/jni/java/org/apache/tomcat/jni/SSL.java
+===================================================================
+--- a/jni/java/org/apache/tomcat/jni/SSL.java
++++ b/jni/java/org/apache/tomcat/jni/SSL.java
+@@ -70,10 +70,9 @@
+ * Define the SSL Protocol options
+ */
+ public static final int SSL_PROTOCOL_NONE = 0;
+- public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
+ public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
+ public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
+- public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
++ public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
+
+ /*
+ * Define the SSL verify levels
+Index: b/jni/java/org/apache/tomcat/jni/SSLContext.java
+===================================================================
+--- a/jni/java/org/apache/tomcat/jni/SSLContext.java
++++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
+@@ -31,9 +31,7 @@
+ * @param pool The pool to use.
+ * @param protocol The SSL protocol to use. It can be one of:
+ * <PRE>
+- * SSL_PROTOCOL_SSLV2
+ * SSL_PROTOCOL_SSLV3
+- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
+ * SSL_PROTOCOL_TLSV1
+ * SSL_PROTOCOL_ALL
+ * </PRE>
+Index: b/jni/native/include/ssl_private.h
+===================================================================
+--- a/jni/native/include/ssl_private.h
++++ b/jni/native/include/ssl_private.h
+@@ -113,10 +113,9 @@
+ * Define the SSL Protocol options
+ */
+ #define SSL_PROTOCOL_NONE (0)
+-#define SSL_PROTOCOL_SSLV2 (1<<0)
+ #define SSL_PROTOCOL_SSLV3 (1<<1)
+ #define SSL_PROTOCOL_TLSV1 (1<<2)
+-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
++#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+
+ #define SSL_MODE_CLIENT (0)
+ #define SSL_MODE_SERVER (1)
+Index: b/jni/native/src/sslcontext.c
+===================================================================
+--- a/jni/native/src/sslcontext.c
++++ b/jni/native/src/sslcontext.c
+@@ -72,6 +72,7 @@
+ UNREFERENCED(o);
+
+ switch (protocol) {
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_SSLV2:
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+@@ -80,6 +81,7 @@
+ else
+ ctx = SSL_CTX_new(SSLv2_method());
+ break;
++#endif
+ case SSL_PROTOCOL_SSLV3:
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+@@ -88,6 +90,7 @@
+ else
+ ctx = SSL_CTX_new(SSLv3_method());
+ break;
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
+ case SSL_PROTOCOL_ALL:
+@@ -99,7 +102,13 @@
+ else
+ ctx = SSL_CTX_new(SSLv23_method());
+ break;
++#endif
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_TLSV1:
++#else
++ case SSL_PROTOCOL_ALL:
++ case SSL_PROTOCOL_TLSV1:
++#endif
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(TLSv1_client_method());
+ else if (mode == SSL_MODE_SERVER)
+@@ -127,8 +136,10 @@
+ if (c->bio_os != NULL)
+ BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
++#ifndef OPENSSL_NO_SSL2
+ if (!(protocol & SSL_PROTOCOL_SSLV2))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
++#endif
+ if (!(protocol & SSL_PROTOCOL_SSLV3))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+ if (!(protocol & SSL_PROTOCOL_TLSV1))
More information about the pkg-java-commits
mailing list