[pkg-java] r15810 - in tags/tomcat-native: . 1.1.23-1/debian 1.1.23-1/debian/patches

Damien Raude-Morvan drazzib at alioth.debian.org
Fri Mar 2 18:56:04 UTC 2012


Author: drazzib
Date: 2012-03-02 18:56:03 +0000 (Fri, 02 Mar 2012)
New Revision: 15810

Added:
   tags/tomcat-native/1.1.23-1/
   tags/tomcat-native/1.1.23-1/debian/changelog
   tags/tomcat-native/1.1.23-1/debian/control
   tags/tomcat-native/1.1.23-1/debian/copyright
   tags/tomcat-native/1.1.23-1/debian/patches/drop_sslv2_support.diff
   tags/tomcat-native/1.1.23-1/debian/rules
Removed:
   tags/tomcat-native/1.1.23-1/debian/changelog
   tags/tomcat-native/1.1.23-1/debian/control
   tags/tomcat-native/1.1.23-1/debian/copyright
   tags/tomcat-native/1.1.23-1/debian/patches/drop_sslv2_support.diff
   tags/tomcat-native/1.1.23-1/debian/rules
Log:
[svn-buildpackage] Tagging tomcat-native 1.1.23-1

Deleted: tags/tomcat-native/1.1.23-1/debian/changelog
===================================================================
--- trunk/tomcat-native/debian/changelog	2012-03-02 05:35:10 UTC (rev 15806)
+++ tags/tomcat-native/1.1.23-1/debian/changelog	2012-03-02 18:56:03 UTC (rev 15810)
@@ -1,98 +0,0 @@
-tomcat-native (1.1.22-2) UNRELEASED; urgency=low
-
-  * Team upload.
-  * Remove Michael Koch from Uploaders (Closes: #654135)
-
- -- tony mancill <tmancill at debian.org>  Mon, 09 Jan 2012 09:09:25 -0800
-
-tomcat-native (1.1.22-1) unstable; urgency=low
-
-  * New upstream release:
-    - Update d/patches/drop_sslv2_support.diff patch.
-
- -- Damien Raude-Morvan <drazzib at debian.org>  Fri, 12 Aug 2011 20:02:57 +0200
-
-tomcat-native (1.1.20-3) unstable; urgency=low
-
-  * Switch to 3.0 quilt source format.
-  * d/patches/drop_sslv2_support.diff: Drop support for SSLv2
-    (Closes: #622141).
-  * d/copyright: Update to DEP-5 format.
-
- -- Damien Raude-Morvan <drazzib at debian.org>  Sun, 10 Jul 2011 23:42:01 +0200
-
-tomcat-native (1.1.20-2) unstable; urgency=low
-
-  * Team upload.
-  * Remove *.la (Closes: #621279)
-  * Bump Standards-Version to 3.9.2 (no changes needed)
-
- -- tony mancill <tmancill at debian.org>  Sat, 09 Apr 2011 10:57:15 -0700
-
-tomcat-native (1.1.20-1) unstable; urgency=low
-
-  * New upstream release:
-    - Prevent crashing JVM on shutdown.
-  * Bump Standards-Version to 3.8.4 (no changes needed)
-
- -- Damien Raude-Morvan <drazzib at debian.org>  Sat, 20 Feb 2010 22:50:34 +0100
-
-tomcat-native (1.1.19-1) unstable; urgency=low
-
-  * New upstream release.
-    - minor versioning fix
-    - allows building against OpenSSL 1.0
-  * Add a README.Debian to help users to setup Tomcat 6.x
-    with Tomcat Native Library
-
- -- Damien Raude-Morvan <drazzib at debian.org>  Sun, 17 Jan 2010 01:27:46 +0100
-
-tomcat-native (1.1.18-1) unstable; urgency=high
-
-  * New upstream release.
-    - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack
-    - set urgency=high to get security fix in testing
-
- -- Damien Raude-Morvan <drazzib at debian.org>  Tue, 24 Nov 2009 01:46:20 +0100
-
-tomcat-native (1.1.17-1) unstable; urgency=low
-
-  * New upstream release.
-  * debian/control:
-    - Update my email address
-    - Bump Standards-Version to 3.8.3 (no changes needed)
-    - Bump debhelper version to >= 7
-    - Update upstream Homepage field
-    - Use default-jdk instead of default-jdk-builddep as there is no
-      native (-gcj) package build.
-  * debian/copyright:
-    - Update upstream copyright years
-    - Add myself as debian/* copyright holder
-  * debian/libtcnative-1.lintian-overrides:
-    - Change to be version agnostic
-
- -- Damien Raude-Morvan <drazzib at debian.org>  Sat, 07 Nov 2009 21:41:36 +0100
-
-tomcat-native (1.1.16-1) unstable; urgency=low
-
-  * New upstream release (Closes: #514500)
-    - Fix IPv6 issues (Closes: #517163, #521306)
-  * debian/control:
-    - Move libtcnative-1 to "java" section
-    - Add myself to Uploaders
-    - Bump Standards-Version to 3.8.1 (no changes needed)
-  * debian/watch: Update to new upstream location
-  * debian/rules: Provide a "get-orig-source" target using uscan
-  * debian/control: Build-Depends on default-jdk-builddep
-  * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java
-  * Remove debian/libtcnative-1.install and use dh_lintian
-    to install debian/libtcnative-1.lintian-overrides
-
- -- Damien Raude-Morvan <drazzib at drazzib.com>  Sun, 29 Mar 2009 15:40:58 +0200
-
-tomcat-native (1.1.13-1) unstable; urgency=low
-
-  * Initial release. Closes: #485037.
-
- -- Michael Koch <konqueror at gmx.de>  Sat, 07 Jun 2008 15:16:14 +0200
-

Copied: tags/tomcat-native/1.1.23-1/debian/changelog (from rev 15809, trunk/tomcat-native/debian/changelog)
===================================================================
--- tags/tomcat-native/1.1.23-1/debian/changelog	                        (rev 0)
+++ tags/tomcat-native/1.1.23-1/debian/changelog	2012-03-02 18:56:03 UTC (rev 15810)
@@ -0,0 +1,107 @@
+tomcat-native (1.1.23-1) unstable; urgency=low
+
+  [ tony mancill ]
+  * Team upload.
+  * Remove Michael Koch from Uploaders (Closes: #654135)
+
+  [ Damien Raude-Morvan ]
+  * New upstream release.
+  * d/control: Build-Depends on dpkg-dev (>= 1.16.1~) for hardening
+    flags
+  * d/rules: Enable hardening build.
+  * d/copyright: Use copyright-format 1.0.
+  * d/control: Bump Standards-Version to 3.9.3: no changes needed.
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Fri, 02 Mar 2012 19:51:58 +0100
+
+tomcat-native (1.1.22-1) unstable; urgency=low
+
+  * New upstream release:
+    - Update d/patches/drop_sslv2_support.diff patch.
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Fri, 12 Aug 2011 20:02:57 +0200
+
+tomcat-native (1.1.20-3) unstable; urgency=low
+
+  * Switch to 3.0 quilt source format.
+  * d/patches/drop_sslv2_support.diff: Drop support for SSLv2
+    (Closes: #622141).
+  * d/copyright: Update to DEP-5 format.
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Sun, 10 Jul 2011 23:42:01 +0200
+
+tomcat-native (1.1.20-2) unstable; urgency=low
+
+  * Team upload.
+  * Remove *.la (Closes: #621279)
+  * Bump Standards-Version to 3.9.2 (no changes needed)
+
+ -- tony mancill <tmancill at debian.org>  Sat, 09 Apr 2011 10:57:15 -0700
+
+tomcat-native (1.1.20-1) unstable; urgency=low
+
+  * New upstream release:
+    - Prevent crashing JVM on shutdown.
+  * Bump Standards-Version to 3.8.4 (no changes needed)
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Sat, 20 Feb 2010 22:50:34 +0100
+
+tomcat-native (1.1.19-1) unstable; urgency=low
+
+  * New upstream release.
+    - minor versioning fix
+    - allows building against OpenSSL 1.0
+  * Add a README.Debian to help users to setup Tomcat 6.x
+    with Tomcat Native Library
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Sun, 17 Jan 2010 01:27:46 +0100
+
+tomcat-native (1.1.18-1) unstable; urgency=high
+
+  * New upstream release.
+    - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack
+    - set urgency=high to get security fix in testing
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Tue, 24 Nov 2009 01:46:20 +0100
+
+tomcat-native (1.1.17-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/control:
+    - Update my email address
+    - Bump Standards-Version to 3.8.3 (no changes needed)
+    - Bump debhelper version to >= 7
+    - Update upstream Homepage field
+    - Use default-jdk instead of default-jdk-builddep as there is no
+      native (-gcj) package build.
+  * debian/copyright:
+    - Update upstream copyright years
+    - Add myself as debian/* copyright holder
+  * debian/libtcnative-1.lintian-overrides:
+    - Change to be version agnostic
+
+ -- Damien Raude-Morvan <drazzib at debian.org>  Sat, 07 Nov 2009 21:41:36 +0100
+
+tomcat-native (1.1.16-1) unstable; urgency=low
+
+  * New upstream release (Closes: #514500)
+    - Fix IPv6 issues (Closes: #517163, #521306)
+  * debian/control:
+    - Move libtcnative-1 to "java" section
+    - Add myself to Uploaders
+    - Bump Standards-Version to 3.8.1 (no changes needed)
+  * debian/watch: Update to new upstream location
+  * debian/rules: Provide a "get-orig-source" target using uscan
+  * debian/control: Build-Depends on default-jdk-builddep
+  * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java
+  * Remove debian/libtcnative-1.install and use dh_lintian
+    to install debian/libtcnative-1.lintian-overrides
+
+ -- Damien Raude-Morvan <drazzib at drazzib.com>  Sun, 29 Mar 2009 15:40:58 +0200
+
+tomcat-native (1.1.13-1) unstable; urgency=low
+
+  * Initial release. Closes: #485037.
+
+ -- Michael Koch <konqueror at gmx.de>  Sat, 07 Jun 2008 15:16:14 +0200
+

Deleted: tags/tomcat-native/1.1.23-1/debian/control
===================================================================
--- trunk/tomcat-native/debian/control	2012-03-02 05:35:10 UTC (rev 15806)
+++ tags/tomcat-native/1.1.23-1/debian/control	2012-03-02 18:56:03 UTC (rev 15810)
@@ -1,27 +0,0 @@
-Source: tomcat-native
-Section: java
-Priority: extra
-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
-Uploaders: Damien Raude-Morvan <drazzib at debian.org>
-Build-Depends: cdbs, debhelper (>= 7), default-jdk, libapr1-dev, libssl-dev
-Standards-Version: 3.9.2
-Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/tomcat-native/
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/tomcat-native/
-Homepage: http://tomcat.apache.org/native-doc/
-
-Package: libtcnative-1
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: Tomcat native library using the apache portable runtime
- Tomcat can use the Apache Portable Runtime to provide superior scalability,
- performance, and better integration with native server technologies. 
- The Apache Portable Runtime is a highly portable library that is at the
- heart of Apache HTTP Server 2.x. APR has many uses, including access to
- advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level
- functionality (random number generation, system status, etc), and native
- process handling (shared memory, NT pipes and Unix sockets).
- .     
- These features allows making Tomcat a general purpose webserver, will
- enable much better integration with other native web technologies, and
- overall make Java much more viable as a full fledged webserver platform
- rather than simply a backend focused technology.

Copied: tags/tomcat-native/1.1.23-1/debian/control (from rev 15809, trunk/tomcat-native/debian/control)
===================================================================
--- tags/tomcat-native/1.1.23-1/debian/control	                        (rev 0)
+++ tags/tomcat-native/1.1.23-1/debian/control	2012-03-02 18:56:03 UTC (rev 15810)
@@ -0,0 +1,32 @@
+Source: tomcat-native
+Section: java
+Priority: extra
+Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
+Uploaders: Damien Raude-Morvan <drazzib at debian.org>
+Build-Depends: cdbs,
+               debhelper (>= 7),
+               default-jdk,
+               dpkg-dev (>= 1.16.1~),
+               libapr1-dev,
+               libssl-dev
+Standards-Version: 3.9.3
+Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/tomcat-native/
+Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/tomcat-native/
+Homepage: http://tomcat.apache.org/native-doc/
+
+Package: libtcnative-1
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: Tomcat native library using the apache portable runtime
+ Tomcat can use the Apache Portable Runtime to provide superior scalability,
+ performance, and better integration with native server technologies.
+ The Apache Portable Runtime is a highly portable library that is at the
+ heart of Apache HTTP Server 2.x. APR has many uses, including access to
+ advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level
+ functionality (random number generation, system status, etc), and native
+ process handling (shared memory, NT pipes and Unix sockets).
+ .
+ These features allows making Tomcat a general purpose webserver, will
+ enable much better integration with other native web technologies, and
+ overall make Java much more viable as a full fledged webserver platform
+ rather than simply a backend focused technology.

Deleted: tags/tomcat-native/1.1.23-1/debian/copyright
===================================================================
--- trunk/tomcat-native/debian/copyright	2012-03-02 05:35:10 UTC (rev 15806)
+++ tags/tomcat-native/1.1.23-1/debian/copyright	2012-03-02 18:56:03 UTC (rev 15810)
@@ -1,18 +0,0 @@
-Format: http://dep.debian.net/deps/dep5/
-Upstream-Name: Apache Tomcat Native Library
-Upstream-Contact: <http://tomcat.apache.org/native-doc/>
-Source: http://www.apache.org/dist/tomcat/tomcat-connectors/native/
-
-Files: *
-Copyright: Copyright (C) 2004-2011 The Apache Software Foundation.
-License: Apache-2.0
-
-Files: debian/*
-Copyright: 2008-2009, Michael Koch <konqueror at gmx.de>
-Copyright: 2010-2011, Damien Raude-Morvan
-License: Apache-2.0
-
-License: Apache-2.0
-  A complete copy of the Apache License, Version 2.0, can be found in
-  /usr/share/common-licenses/Apache-2.0 on Debian Systems.
-

Copied: tags/tomcat-native/1.1.23-1/debian/copyright (from rev 15809, trunk/tomcat-native/debian/copyright)
===================================================================
--- tags/tomcat-native/1.1.23-1/debian/copyright	                        (rev 0)
+++ tags/tomcat-native/1.1.23-1/debian/copyright	2012-03-02 18:56:03 UTC (rev 15810)
@@ -0,0 +1,17 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Apache Tomcat Native Library
+Upstream-Contact: <http://tomcat.apache.org/native-doc/>
+Source: http://www.apache.org/dist/tomcat/tomcat-connectors/native/
+
+Files: *
+Copyright: Copyright (C) 2004-2011 The Apache Software Foundation.
+License: Apache-2.0
+
+Files: debian/*
+Copyright: 2008-2009, Michael Koch <konqueror at gmx.de>
+Copyright: 2010-2011, Damien Raude-Morvan
+License: Apache-2.0
+
+License: Apache-2.0
+  A complete copy of the Apache License, Version 2.0, can be found in
+  /usr/share/common-licenses/Apache-2.0 on Debian Systems.

Deleted: tags/tomcat-native/1.1.23-1/debian/patches/drop_sslv2_support.diff
===================================================================
--- trunk/tomcat-native/debian/patches/drop_sslv2_support.diff	2012-03-02 05:35:10 UTC (rev 15806)
+++ tags/tomcat-native/1.1.23-1/debian/patches/drop_sslv2_support.diff	2012-03-02 18:56:03 UTC (rev 15810)
@@ -1,131 +0,0 @@
-Description: Drop all support for SSLv2 protocol since it's use has been
- deprecated, because of weaknesses in the security of the protocol.
-Author: Damien Raude-Morvan <drazzib at debian.org>
-Last-Update: 2011-08-12
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
-Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
-Index: b/jni/examples/org/apache/tomcat/jni/SSL.properties
-===================================================================
---- a/jni/examples/org/apache/tomcat/jni/SSL.properties
-+++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
-@@ -18,5 +18,5 @@
- server.cert=localhost.crt
- server.key=localhost.key
- server.password=secret
--server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
--server.verify=none
-\ No newline at end of file
-+server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
-+server.verify=none
-Index: b/jni/examples/org/apache/tomcat/jni/SSLServer.java
-===================================================================
---- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
-+++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
-@@ -70,7 +70,7 @@
-         serverPool = Pool.create(0);
-         try {
-             /* Create SSL Context, one for each Virtual Host */
--            serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
-+            serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
-             /* List the ciphers that the client is permitted to negotiate. */
-             SSLContext.setCipherSuite(serverCtx, serverCiphers);
-             /* Load Server key and certificate */
-Index: b/jni/java/org/apache/tomcat/jni/SSL.java
-===================================================================
---- a/jni/java/org/apache/tomcat/jni/SSL.java
-+++ b/jni/java/org/apache/tomcat/jni/SSL.java
-@@ -70,10 +70,9 @@
-      * Define the SSL Protocol options
-      */
-     public static final int SSL_PROTOCOL_NONE  = 0;
--    public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
-     public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
-     public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
--    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
-+    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
- 
-     /*
-      * Define the SSL verify levels
-Index: b/jni/java/org/apache/tomcat/jni/SSLContext.java
-===================================================================
---- a/jni/java/org/apache/tomcat/jni/SSLContext.java
-+++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
-@@ -31,9 +31,7 @@
-      * @param pool The pool to use.
-      * @param protocol The SSL protocol to use. It can be one of:
-      * <PRE>
--     * SSL_PROTOCOL_SSLV2
-      * SSL_PROTOCOL_SSLV3
--     * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
-      * SSL_PROTOCOL_TLSV1
-      * SSL_PROTOCOL_ALL
-      * </PRE>
-Index: b/jni/native/include/ssl_private.h
-===================================================================
---- a/jni/native/include/ssl_private.h
-+++ b/jni/native/include/ssl_private.h
-@@ -113,10 +113,9 @@
-  * Define the SSL Protocol options
-  */
- #define SSL_PROTOCOL_NONE       (0)
--#define SSL_PROTOCOL_SSLV2      (1<<0)
- #define SSL_PROTOCOL_SSLV3      (1<<1)
- #define SSL_PROTOCOL_TLSV1      (1<<2)
--#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-+#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
- 
- #define SSL_MODE_CLIENT         (0)
- #define SSL_MODE_SERVER         (1)
-Index: b/jni/native/src/sslcontext.c
-===================================================================
---- a/jni/native/src/sslcontext.c
-+++ b/jni/native/src/sslcontext.c
-@@ -72,6 +72,7 @@
-     UNREFERENCED(o);
- 
-     switch (protocol) {
-+#ifndef OPENSSL_NO_SSL2
-         case SSL_PROTOCOL_SSLV2:
-             if (mode == SSL_MODE_CLIENT)
-                 ctx = SSL_CTX_new(SSLv2_client_method());
-@@ -80,6 +81,7 @@
-             else
-                 ctx = SSL_CTX_new(SSLv2_method());
-         break;
-+#endif
-         case SSL_PROTOCOL_SSLV3:
-             if (mode == SSL_MODE_CLIENT)
-                 ctx = SSL_CTX_new(SSLv3_client_method());
-@@ -88,6 +90,7 @@
-             else
-                 ctx = SSL_CTX_new(SSLv3_method());
-         break;
-+#ifndef OPENSSL_NO_SSL2
-         case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
-         case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
-         case SSL_PROTOCOL_ALL:
-@@ -99,7 +102,13 @@
-             else
-                 ctx = SSL_CTX_new(SSLv23_method());
-         break;
-+#endif
-+#ifndef OPENSSL_NO_SSL2
-         case SSL_PROTOCOL_TLSV1:
-+#else
-+	case SSL_PROTOCOL_ALL:
-+	case SSL_PROTOCOL_TLSV1:
-+#endif
-             if (mode == SSL_MODE_CLIENT)
-                 ctx = SSL_CTX_new(TLSv1_client_method());
-             else if (mode == SSL_MODE_SERVER)
-@@ -127,8 +136,10 @@
-     if (c->bio_os != NULL)
-         BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
-+#ifndef OPENSSL_NO_SSL2
-     if (!(protocol & SSL_PROTOCOL_SSLV2))
-         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
-+#endif
-     if (!(protocol & SSL_PROTOCOL_SSLV3))
-         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
-     if (!(protocol & SSL_PROTOCOL_TLSV1))

Copied: tags/tomcat-native/1.1.23-1/debian/patches/drop_sslv2_support.diff (from rev 15809, trunk/tomcat-native/debian/patches/drop_sslv2_support.diff)
===================================================================
--- tags/tomcat-native/1.1.23-1/debian/patches/drop_sslv2_support.diff	                        (rev 0)
+++ tags/tomcat-native/1.1.23-1/debian/patches/drop_sslv2_support.diff	2012-03-02 18:56:03 UTC (rev 15810)
@@ -0,0 +1,119 @@
+Description: Drop all support for SSLv2 protocol since it's use has been
+ deprecated, because of weaknesses in the security of the protocol.
+Author: Damien Raude-Morvan <drazzib at debian.org>
+Last-Update: 2011-08-12
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
+Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
+--- a/jni/examples/org/apache/tomcat/jni/SSL.properties
++++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
+@@ -18,5 +18,5 @@
+ server.cert=localhost.crt
+ server.key=localhost.key
+ server.password=secret
+-server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+-server.verify=none
+\ No newline at end of file
++server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
++server.verify=none
+--- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
++++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
+@@ -70,7 +70,7 @@
+         serverPool = Pool.create(0);
+         try {
+             /* Create SSL Context, one for each Virtual Host */
+-            serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
++            serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
+             /* List the ciphers that the client is permitted to negotiate. */
+             SSLContext.setCipherSuite(serverCtx, serverCiphers);
+             /* Load Server key and certificate */
+--- a/jni/java/org/apache/tomcat/jni/SSL.java
++++ b/jni/java/org/apache/tomcat/jni/SSL.java
+@@ -70,10 +70,9 @@
+      * Define the SSL Protocol options
+      */
+     public static final int SSL_PROTOCOL_NONE  = 0;
+-    public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
+     public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
+     public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
+-    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
++    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
+ 
+     /*
+      * Define the SSL verify levels
+--- a/jni/java/org/apache/tomcat/jni/SSLContext.java
++++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
+@@ -31,9 +31,7 @@
+      * @param pool The pool to use.
+      * @param protocol The SSL protocol to use. It can be one of:
+      * <PRE>
+-     * SSL_PROTOCOL_SSLV2
+      * SSL_PROTOCOL_SSLV3
+-     * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
+      * SSL_PROTOCOL_TLSV1
+      * SSL_PROTOCOL_ALL
+      * </PRE>
+--- a/jni/native/include/ssl_private.h
++++ b/jni/native/include/ssl_private.h
+@@ -114,10 +114,9 @@
+  * Define the SSL Protocol options
+  */
+ #define SSL_PROTOCOL_NONE       (0)
+-#define SSL_PROTOCOL_SSLV2      (1<<0)
+ #define SSL_PROTOCOL_SSLV3      (1<<1)
+ #define SSL_PROTOCOL_TLSV1      (1<<2)
+-#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
++#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+ 
+ #define SSL_MODE_CLIENT         (0)
+ #define SSL_MODE_SERVER         (1)
+--- a/jni/native/src/sslcontext.c
++++ b/jni/native/src/sslcontext.c
+@@ -72,6 +72,7 @@
+     UNREFERENCED(o);
+ 
+     switch (protocol) {
++#ifndef OPENSSL_NO_SSL2
+         case SSL_PROTOCOL_SSLV2:
+             if (mode == SSL_MODE_CLIENT)
+                 ctx = SSL_CTX_new(SSLv2_client_method());
+@@ -80,6 +81,7 @@
+             else
+                 ctx = SSL_CTX_new(SSLv2_method());
+         break;
++#endif
+         case SSL_PROTOCOL_SSLV3:
+             if (mode == SSL_MODE_CLIENT)
+                 ctx = SSL_CTX_new(SSLv3_client_method());
+@@ -88,6 +90,7 @@
+             else
+                 ctx = SSL_CTX_new(SSLv3_method());
+         break;
++#ifndef OPENSSL_NO_SSL2
+         case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
+         case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
+         case SSL_PROTOCOL_ALL:
+@@ -99,7 +102,13 @@
+             else
+                 ctx = SSL_CTX_new(SSLv23_method());
+         break;
++#endif
++#ifndef OPENSSL_NO_SSL2
+         case SSL_PROTOCOL_TLSV1:
++#else
++	case SSL_PROTOCOL_ALL:
++	case SSL_PROTOCOL_TLSV1:
++#endif
+             if (mode == SSL_MODE_CLIENT)
+                 ctx = SSL_CTX_new(TLSv1_client_method());
+             else if (mode == SSL_MODE_SERVER)
+@@ -127,8 +136,10 @@
+     if (c->bio_os != NULL)
+         BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
++#ifndef OPENSSL_NO_SSL2
+     if (!(protocol & SSL_PROTOCOL_SSLV2))
+         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
++#endif
+     if (!(protocol & SSL_PROTOCOL_SSLV3))
+         SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+     if (!(protocol & SSL_PROTOCOL_TLSV1))

Deleted: tags/tomcat-native/1.1.23-1/debian/rules
===================================================================
--- trunk/tomcat-native/debian/rules	2012-03-02 05:35:10 UTC (rev 15806)
+++ tags/tomcat-native/1.1.23-1/debian/rules	2012-03-02 18:56:03 UTC (rev 15810)
@@ -1,22 +0,0 @@
-#!/usr/bin/make -f
-  
-include /usr/share/cdbs/1/rules/debhelper.mk
-include /usr/share/cdbs/1/class/autotools.mk
-
-DEB_SRCDIR := jni/native
-
-DEB_CONFIGURE_SCRIPT_ENV := JAVA_HOME=/usr/lib/jvm/default-java
-DEB_CONFIGURE_EXTRA_FLAGS := --with-apr=/usr --with-ssl=/usr
-
-DEB_INSTALL_CHANGELOGS_libtcnative_1 := CHANGELOG.txt
-
-clean::
-	rm -f jni/native/config.nice
-
-install/libtcnative-1::
-	rmdir debian/libtcnative-1/usr/bin
-	rmdir debian/libtcnative-1/usr/include
-	find $(DEB_DESTDIR) -name "*.la" -exec rm -vf {} \;
-
-get-orig-source:
-	uscan --force-download --rename

Copied: tags/tomcat-native/1.1.23-1/debian/rules (from rev 15809, trunk/tomcat-native/debian/rules)
===================================================================
--- tags/tomcat-native/1.1.23-1/debian/rules	                        (rev 0)
+++ tags/tomcat-native/1.1.23-1/debian/rules	2012-03-02 18:56:03 UTC (rev 15810)
@@ -0,0 +1,25 @@
+#!/usr/bin/make -f
+  
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
+DEB_SRCDIR := jni/native
+
+DEB_CONFIGURE_SCRIPT_ENV := JAVA_HOME=/usr/lib/jvm/default-java
+DEB_CONFIGURE_EXTRA_FLAGS := --with-apr=/usr --with-ssl=/usr
+
+DEB_INSTALL_CHANGELOGS_libtcnative_1 := CHANGELOG.txt
+
+clean::
+	rm -f jni/native/config.nice
+
+install/libtcnative-1::
+	rmdir debian/libtcnative-1/usr/bin
+	rmdir debian/libtcnative-1/usr/include
+	find $(DEB_DESTDIR) -name "*.la" -exec rm -vf {} \;
+
+get-orig-source:
+	uscan --force-download --rename




More information about the pkg-java-commits mailing list