[libapache-mod-jk] 52/65: Import Debian patch 1:1.2.37-1+deb7u1
Markus Koschany
apo at moszumanska.debian.org
Sat Oct 8 14:14:48 UTC 2016
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch master
in repository libapache-mod-jk.
commit c77c87f484333bc7106dd076ce86ee28e6f82265
Merge: ca5b9bd 0e9ecac
Author: Markus Koschany <apo at gambaru.de>
Date: Sat May 23 23:33:30 2015 +0200
Import Debian patch 1:1.2.37-1+deb7u1
HOWTO-RELEASE.txt | 206 +
LICENSE | 252 +
NOTICE | 8 +
README.txt | 42 +
conf/httpd-jk.conf | 127 +
conf/uriworkermap.properties | 39 +
conf/workers.properties | 165 +
conf/workers.properties.minimal | 45 +
debian/changelog | 96 +-
debian/clean | 96 -
debian/control | 43 +-
debian/copyright | 84 +-
debian/libapache2-mod-jk.NEWS | 4 +-
debian/libapache2-mod-jk.README.Debian | 2 +-
debian/libapache2-mod-jk.apache2 | 2 -
debian/libapache2-mod-jk.install | 8 +-
debian/libapache2-mod-jk.postinst | 24 +
debian/libapache2-mod-jk.prerm | 22 +
debian/patches/CVE-2014-8111.patch | 474 +
debian/patches/fix-privacy-breach.patch | 26 -
debian/patches/series | 2 +-
debian/rules | 21 +-
debian/source.lintian-overrides | 2 +
debian/workers.properties | 6 +-
docs/ajp/ajpv13a.html | 654 +
docs/ajp/ajpv13ext.html | 654 +
docs/ajp/printer/ajpv13a.html | 653 +
docs/ajp/printer/ajpv13ext.html | 653 +
docs/generic_howto/loadbalancers.html | 207 +
docs/generic_howto/printer/loadbalancers.html | 206 +
docs/generic_howto/printer/proxy.html | 312 +
docs/generic_howto/printer/quick.html | 130 +
docs/generic_howto/printer/timeouts.html | 371 +
docs/generic_howto/printer/workers.html | 407 +
docs/generic_howto/proxy.html | 313 +
docs/generic_howto/quick.html | 131 +
docs/generic_howto/timeouts.html | 372 +
docs/generic_howto/workers.html | 408 +
docs/images/add.gif | Bin 0 -> 1037 bytes
docs/images/code.gif | Bin 0 -> 394 bytes
docs/images/design.gif | Bin 0 -> 608 bytes
docs/images/docs.gif | Bin 0 -> 261 bytes
docs/images/fix.gif | Bin 0 -> 345 bytes
docs/images/jakarta-logo.gif | Bin 0 -> 8584 bytes
docs/images/printer.gif | Bin 0 -> 438 bytes
docs/images/tomcat.gif | Bin 0 -> 2066 bytes
docs/images/update.gif | Bin 0 -> 627 bytes
docs/images/void.gif | Bin 0 -> 43 bytes
docs/index.html | 296 +
docs/miscellaneous/changelog.html | 2430 ++
docs/miscellaneous/doccontrib.html | 249 +
docs/miscellaneous/faq.html | 281 +
docs/miscellaneous/jkstatustasks.html | 184 +
docs/miscellaneous/printer/changelog.html | 2429 ++
docs/miscellaneous/printer/doccontrib.html | 248 +
docs/miscellaneous/printer/faq.html | 280 +
docs/miscellaneous/printer/jkstatustasks.html | 183 +
docs/miscellaneous/printer/reporttools.html | 61 +
docs/miscellaneous/reporttools.html | 62 +
docs/news/20041100.html | 126 +
docs/news/20050101.html | 139 +
docs/news/20060101.html | 80 +
docs/news/20070301.html | 87 +
docs/news/20081001.html | 158 +
docs/news/20090301.html | 63 +
docs/news/20100101.html | 62 +
docs/news/20110701.html | 22 +
docs/news/20120301.html | 62 +
docs/news/printer/20041100.html | 125 +
docs/news/printer/20050101.html | 138 +
docs/news/printer/20060101.html | 79 +
docs/news/printer/20070301.html | 86 +
docs/news/printer/20081001.html | 157 +
docs/news/printer/20090301.html | 62 +
docs/news/printer/20100101.html | 61 +
docs/news/printer/20110701.html | 21 +
docs/news/printer/20120301.html | 61 +
docs/printer/index.html | 295 +
docs/reference/apache.html | 1072 +
docs/reference/iis.html | 338 +
docs/reference/printer/apache.html | 1071 +
docs/reference/printer/iis.html | 337 +
docs/reference/printer/status.html | 546 +
docs/reference/printer/uriworkermap.html | 423 +
docs/reference/printer/workers.html | 1023 +
docs/reference/status.html | 547 +
docs/reference/uriworkermap.html | 424 +
docs/reference/workers.html | 1024 +
docs/style.css | 73 +
docs/webserver_howto/apache.html | 1101 +
docs/webserver_howto/iis.html | 696 +
docs/webserver_howto/nes.html | 483 +
docs/webserver_howto/printer/apache.html | 1100 +
docs/webserver_howto/printer/iis.html | 695 +
docs/webserver_howto/printer/nes.html | 482 +
jkstatus/build.properties.default | 22 +
jkstatus/build.xml | 155 +
jkstatus/conf/jkstatus-tasks.xml | 41 +
jkstatus/example/jkstatus.properties.default | 23 +
jkstatus/example/jkstatus.xml | 111 +
jkstatus/example/show.txt | 25 +
jkstatus/example/show.xml | 49 +
.../org/apache/jk/status/AbstractJkStatusTask.java | 209 +
.../src/share/org/apache/jk/status/JkBalancer.java | 335 +
.../org/apache/jk/status/JkBalancerMapping.java | 98 +
.../org/apache/jk/status/JkBalancerMember.java | 516 +
.../src/share/org/apache/jk/status/JkResult.java | 54 +
.../src/share/org/apache/jk/status/JkServer.java | 56 +
.../src/share/org/apache/jk/status/JkSoftware.java | 54 +
.../src/share/org/apache/jk/status/JkStatus.java | 90 +
.../org/apache/jk/status/JkStatusAccessor.java | 133 +
.../share/org/apache/jk/status/JkStatusParser.java | 228 +
.../org/apache/jk/status/JkStatusResetTask.java | 133 +
.../share/org/apache/jk/status/JkStatusTask.java | 735 +
.../jk/status/JkStatusUpdateLoadbalancerTask.java | 307 +
.../org/apache/jk/status/JkStatusUpdateTask.java | 529 +
.../apache/jk/status/JkStatusUpdateWorkerTask.java | 291 +
.../org/apache/jk/status/LocalStrings.properties | 15 +
jkstatus/src/share/org/apache/jk/status/antlib.xml | 34 +
.../src/share/org/apache/jk/status/jkstatus.tasks | 22 +
.../org/apache/jk/status/mbeans-descriptors.xml | 48 +
.../src/share/org/apache/jk/status/package.html | 224 +
jkstatus/test/build.xml | 120 +
jkstatus/test/conf/jkstatus.xml | 31 +
jkstatus/test/conf/log4j.xml | 76 +
.../org/apache/jk/status/JkStatusParserTest.java | 63 +
native/BUILDING.txt | 157 +
native/Makefile.am | 37 +
native/Makefile.in | 695 +
native/README.txt | 47 +
native/STATUS.txt | 72 +
native/TODO.txt | 372 +
native/aclocal.m4 | 6945 +++++
native/apache-1.3/Makefile.apxs.in | 40 +
native/apache-1.3/Makefile.in | 112 +
native/apache-1.3/Makefile.libdir | 4 +
native/apache-1.3/Makefile.netware | 282 +
native/apache-1.3/Makefile.tmpl | 53 +
native/apache-1.3/Makefile.vc | 248 +
native/apache-1.3/NWGNUmakefile | 44 +
native/apache-1.3/NWGNUmakefile.mak | 306 +
native/apache-1.3/libjk.module | 5 +
native/apache-1.3/mod_jk.c | 3476 +++
native/apache-1.3/mod_jk.dsp | 287 +
native/apache-1.3/mod_jk.exp | 1 +
native/apache-2.0/Makefile.apxs.in | 43 +
native/apache-2.0/Makefile.in | 97 +
native/apache-2.0/Makefile.vc | 286 +
native/apache-2.0/NWGNUmakefile | 325 +
native/apache-2.0/bldjk.qclsrc | 278 +
native/apache-2.0/bldjk54.qclsrc | 299 +
native/apache-2.0/config.m4 | 34 +
native/apache-2.0/mod_jk.c | 3876 +++
native/apache-2.0/mod_jk.dsp | 347 +
native/buildconf.sh | 33 +
native/common/.indent.pro | 18 +
native/common/Makefile.in | 50 +
native/common/ap_snprintf.c | 1178 +
native/common/ap_snprintf.h | 150 +
native/common/config.h.in | 109 +
native/common/jk.rc | 74 +
native/common/jk_ajp12_worker.c | 682 +
native/common/jk_ajp12_worker.h | 45 +
native/common/jk_ajp13.c | 50 +
native/common/jk_ajp13.h | 126 +
native/common/jk_ajp13_worker.c | 94 +
native/common/jk_ajp13_worker.h | 50 +
native/common/jk_ajp14.c | 695 +
native/common/jk_ajp14.h | 307 +
native/common/jk_ajp14_worker.c | 404 +
native/common/jk_ajp14_worker.h | 52 +
native/common/jk_ajp_common.c | 3368 +++
native/common/jk_ajp_common.h | 467 +
native/common/jk_connect.c | 1191 +
native/common/jk_connect.h | 78 +
native/common/jk_context.c | 296 +
native/common/jk_context.h | 138 +
native/common/jk_global.h | 408 +
native/common/jk_lb_worker.c | 1921 ++
native/common/jk_lb_worker.h | 226 +
native/common/jk_logger.h | 139 +
native/common/jk_map.c | 874 +
native/common/jk_map.h | 109 +
native/common/jk_md5.c | 475 +
native/common/jk_md5.h | 84 +
native/common/jk_msg_buff.c | 381 +
native/common/jk_msg_buff.h | 154 +
native/common/jk_mt.h | 147 +
native/common/jk_nwmain.c | 103 +
native/common/jk_pool.c | 194 +
native/common/jk_pool.h | 132 +
native/common/jk_service.h | 555 +
native/common/jk_shm.c | 926 +
native/common/jk_shm.h | 269 +
native/common/jk_sockbuf.c | 195 +
native/common/jk_sockbuf.h | 45 +
native/common/jk_status.c | 5225 ++++
native/common/jk_status.h | 44 +
native/common/jk_types.h.in | 69 +
native/common/jk_uri_worker_map.c | 1288 +
native/common/jk_uri_worker_map.h | 228 +
native/common/jk_url.c | 112 +
native/common/jk_url.h | 44 +
native/common/jk_util.c | 2275 ++
native/common/jk_util.h | 278 +
native/common/jk_version.h | 94 +
native/common/jk_worker.c | 350 +
native/common/jk_worker.h | 55 +
native/common/jk_worker_list.h | 88 +
native/common/list.mk.in | 27 +
native/configure | 25599 +++++++++++++++++++
native/configure.in | 641 +
native/docs/api/README.txt | 18 +
native/iis/Makefile.amd64 | 294 +
native/iis/Makefile.ia64 | 294 +
native/iis/Makefile.x86 | 296 +
native/iis/README | 47 +
native/iis/installer/LICENSE.TXT | 201 +
native/iis/installer/License.rtf | 72 +
native/iis/installer/bin/README | 1 +
native/iis/installer/conf/rewrite.properties | 28 +
native/iis/installer/conf/uriworkermap.properties | 39 +
.../iis/installer/conf/workers.properties.minimal | 45 +
native/iis/installer/iisfilter.vbs | 120 +
.../iis/installer/isapi-redirector-win32-msi.ism | 4773 ++++
native/iis/installer/log/README | 1 +
native/iis/installer/tomcat.ico | Bin 0 -> 21630 bytes
native/iis/isapi.def | 24 +
native/iis/isapi.dsp | 299 +
native/iis/isapi.dsw | 59 +
native/iis/isapi_install.vbs | 224 +
native/iis/isapi_redirect.reg | 8 +
native/iis/jk_isapi_plugin.c | 3820 +++
native/iis/pcre/AUTHORS | 6 +
native/iis/pcre/COPYING | 45 +
native/iis/pcre/ChangeLog | 1650 ++
native/iis/pcre/INSTALL | 185 +
native/iis/pcre/LICENCE | 45 +
native/iis/pcre/Makefile.in | 20 +
native/iis/pcre/NEWS | 201 +
native/iis/pcre/NON-UNIX-USE | 244 +
native/iis/pcre/NWGNUmakefile | 267 +
native/iis/pcre/README | 427 +
native/iis/pcre/RunTest.in | 192 +
native/iis/pcre/chartables.hw | 183 +
native/iis/pcre/config.hw | 112 +
native/iis/pcre/config.in | 107 +
native/iis/pcre/configure.in | 185 +
native/iis/pcre/dftables.c | 173 +
native/iis/pcre/dftables.dsp | 165 +
native/iis/pcre/dftables.x86 | 109 +
native/iis/pcre/dll.mk | 60 +
native/iis/pcre/doc/README_httpd | 6 +
native/iis/pcre/get.c | 357 +
native/iis/pcre/install-sh | 251 +
native/iis/pcre/internal.h | 752 +
native/iis/pcre/libpcre.def | 34 +
native/iis/pcre/libpcre.pc.in | 12 +
native/iis/pcre/libpcreposix.def | 39 +
native/iis/pcre/maketables.c | 146 +
native/iis/pcre/makevp.bat | 25 +
native/iis/pcre/mkinstalldirs | 40 +
native/iis/pcre/pcre-config.in | 66 +
native/iis/pcre/pcre.amd64 | 141 +
native/iis/pcre/pcre.c | 9207 +++++++
native/iis/pcre/pcre.def | 22 +
native/iis/pcre/pcre.dsp | 193 +
native/iis/pcre/pcre.hw | 239 +
native/iis/pcre/pcre.ia64 | 141 +
native/iis/pcre/pcre.in | 239 +
native/iis/pcre/pcre.x86 | 135 +
native/iis/pcre/pcredemo.c | 324 +
native/iis/pcre/pcregrep.c | 673 +
native/iis/pcre/pcreposix.c | 316 +
native/iis/pcre/pcreposix.dsp | 154 +
native/iis/pcre/pcreposix.h | 99 +
native/iis/pcre/pcretest.c | 1786 ++
native/iis/pcre/perltest | 211 +
native/iis/pcre/perltest8 | 208 +
native/iis/pcre/pgrep.c | 225 +
native/iis/pcre/printint.c | 471 +
native/iis/pcre/study.c | 484 +
native/iis/pcre/testdata/testinput1 | 3841 +++
native/iis/pcre/testdata/testinput2 | 1396 +
native/iis/pcre/testdata/testinput3 | 65 +
native/iis/pcre/testdata/testinput4 | 513 +
native/iis/pcre/testdata/testinput5 | 263 +
native/iis/pcre/testdata/testinput6 | 517 +
native/iis/pcre/testdata/testoutput1 | 6274 +++++
native/iis/pcre/testdata/testoutput2 | 5607 ++++
native/iis/pcre/testdata/testoutput3 | 115 +
native/iis/pcre/testdata/testoutput4 | 903 +
native/iis/pcre/testdata/testoutput5 | 1075 +
native/iis/pcre/testdata/testoutput6 | 1013 +
native/iis/pcre/ucp.c | 151 +
native/iis/pcre/ucp.h | 58 +
native/iis/pcre/ucpinternal.h | 91 +
native/iis/pcre/ucptable.c | 15105 +++++++++++
native/iis/pcre/ucptypetable.c | 93 +
native/netscape/Makefile.linux | 55 +
native/netscape/Makefile.netware | 272 +
native/netscape/Makefile.solaris | 93 +
native/netscape/Makefile.vc | 279 +
native/netscape/README | 31 +
native/netscape/jk_nsapi_plugin.c | 634 +
native/netscape/nsapi.dsp | 275 +
native/nt_service/jk_nt_service.c | 1233 +
native/nt_service/nt_service.dsp | 199 +
native/scripts/build/config_vars.mk | 17 +
native/scripts/build/instdso.sh | 91 +
native/scripts/build/jk_common.m4 | 160 +
native/scripts/build/rules.mk | 43 +
native/scripts/build/unix/buildcheck.sh | 55 +
native/scripts/build/unix/config.guess | 1530 ++
native/scripts/build/unix/config.sub | 1779 ++
native/scripts/build/unix/install-sh | 322 +
native/scripts/build/unix/ltmain.sh | 6426 +++++
native/scripts/build/unix/missing | 353 +
support/apache.m4 | 213 +
support/get_ver.awk | 83 +
support/jk_apache_static.m4 | 133 +
support/jk_apr.m4 | 320 +
support/jk_apxs.m4 | 150 +
support/jk_dominohome.m4 | 74 +
support/jk_exec.m4 | 91 +
support/jk_java.m4 | 224 +
support/jk_pcre.m4 | 40 +
support/jk_tchome.m4 | 73 +
support/jk_ws.m4 | 229 +
support/os_apache.m4 | 44 +
tools/dist/.htaccess | 19 +
tools/dist/HEADER.html | 20 +
tools/dist/README.html | 68 +
tools/dist/binaries/netware/HEADER.html | 5 +
tools/dist/binaries/windows/HEADER.html | 12 +
tools/dist/binaries/windows/README.html | 60 +
tools/dist/binaries/windows/symbols/HEADER.html | 11 +
tools/dist/binaries/windows/symbols/README.html | 25 +
tools/jkbindist.sh | 136 +
tools/jkrelease.sh | 328 +
tools/lineends.pl | 165 +
tools/reports/README.txt | 33 +
tools/reports/tomcat_reports.pl | 431 +
tools/reports/tomcat_trend.pl | 408 +
tools/signfile.sh | 64 +
xdocs/ajp/ajpv13a.xml | 698 +
xdocs/ajp/ajpv13ext.xml | 686 +
xdocs/ajp/project.xml | 82 +
xdocs/build.xml | 259 +
xdocs/empty.xml | 40 +
xdocs/generic_howto/loadbalancers.xml | 236 +
xdocs/generic_howto/project.xml | 82 +
xdocs/generic_howto/proxy.xml | 347 +
xdocs/generic_howto/quick.xml | 170 +
xdocs/generic_howto/timeouts.xml | 405 +
xdocs/generic_howto/workers.xml | 444 +
xdocs/images/add.gif | Bin 0 -> 1037 bytes
xdocs/images/code.gif | Bin 0 -> 394 bytes
xdocs/images/design.gif | Bin 0 -> 608 bytes
xdocs/images/docs.gif | Bin 0 -> 261 bytes
xdocs/images/fix.gif | Bin 0 -> 345 bytes
xdocs/images/jakarta-logo.gif | Bin 0 -> 8584 bytes
xdocs/images/printer.gif | Bin 0 -> 438 bytes
xdocs/images/tomcat.gif | Bin 0 -> 2066 bytes
xdocs/images/update.gif | Bin 0 -> 627 bytes
xdocs/images/void.gif | Bin 0 -> 43 bytes
xdocs/index.xml | 342 +
xdocs/miscellaneous/changelog.xml | 2501 ++
xdocs/miscellaneous/doccontrib.xml | 337 +
xdocs/miscellaneous/faq.xml | 324 +
xdocs/miscellaneous/jkstatustasks.xml | 218 +
xdocs/miscellaneous/project.xml | 82 +
xdocs/miscellaneous/reporttools.xml | 91 +
xdocs/news/20041100.xml | 161 +
xdocs/news/20050101.xml | 174 +
xdocs/news/20060101.xml | 110 +
xdocs/news/20070301.xml | 117 +
xdocs/news/20081001.xml | 188 +
xdocs/news/20090301.xml | 93 +
xdocs/news/20100101.xml | 93 +
xdocs/news/20110701.xml | 53 +
xdocs/news/20120301.xml | 93 +
xdocs/news/project.xml | 82 +
xdocs/project.xml | 82 +
xdocs/reference/apache.xml | 1182 +
xdocs/reference/iis.xml | 393 +
xdocs/reference/project.xml | 82 +
xdocs/reference/status.xml | 584 +
xdocs/reference/uriworkermap.xml | 468 +
xdocs/reference/workers.xml | 1178 +
xdocs/style.css | 73 +
xdocs/style.xsl | 710 +
xdocs/webserver_howto/apache.xml | 1259 +
xdocs/webserver_howto/iis.xml | 740 +
xdocs/webserver_howto/nes.xml | 521 +
xdocs/webserver_howto/project.xml | 82 +
396 files changed, 206249 insertions(+), 327 deletions(-)
diff --cc debian/changelog
index 6f51c99,0000000..14251a4
mode 100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,372 -1,0 +1,304 @@@
- libapache-mod-jk (1:1.2.41-2) UNRELEASED; urgency=medium
-
- * Moved the package to Git
-
- -- Markus Koschany <apo at debian.org> Sat, 08 Oct 2016 15:19:56 +0200
-
- libapache-mod-jk (1:1.2.41-1) unstable; urgency=medium
-
- * Team upload.
- * Imported Upstream version 1.2.41.
- * Drop README.source. We use regular upstream releases again.
- * Update get-orig-source target. Use --verbose and --download-current-version
- flags.
- * Drop disable-libtool-check.patch. Not required for normal releases.
- * Vcs-Browser: Use https.
- * Remove autoconf and automake from Build-Depends again.
- * Run wrap-and-sort -sa.
- * Add clean file and ensure libapache-mod-jk can be built twice in a row.
- * debian/rules: Remove override for dh_auto_clean.
- * Update debian/copyright for new release.
-
- -- Markus Koschany <apo at debian.org> Fri, 30 Oct 2015 22:33:34 +0100
-
- libapache-mod-jk (1:1.2.40+svn150520-1) unstable; urgency=high
-
- * Team upload.
- * Imported Upstream SVN snapshot version 1.2.40+svn150520.
- - Fix CVE-2014-8111: (Closes: #783233)
- Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of
- previous JkMount rules, which allows remote attackers to access otherwise
- restricted artifacts via unspecified vectors.
- * debian/control: Build-Depend on debhelper >= 9.
- * Remove source.lintian-overrides since we now build-depend on debhelper >=9.
- * Drop 0004-corrupted-worker-activation-status.patch. Fixed upstream.
- * debian/rules:
- - Disable sed command in debian/rules. Apparently not necessary for this
- release.
- - Run buildconf.sh before dh_auto_configure step since this is a requirement
- for building SVN snapshots.
- - Update dh_auto_clean override. Ensure that the package can be built twice
- in a row.
- * debian/control:
- - Add autoconf to Build-Depends.
- - Add automake to Build-Depends.
- - Remove Conflicts and Replaces fields because they are obsolete.
- * Add disable-libtool-check.patch and fix a FTBFS. We already build-depend on
- libtool but the script is not smart enough.
- * Add fix-privacy-breach.patch and fix lintian errors about "privacy breach
- logo".
- * Update debian/copyright information. Add missing BSD-3-clause license.
- * Add README.source.
-
- -- Markus Koschany <apo at gambaru.de> Thu, 21 May 2015 17:53:24 +0200
-
- libapache-mod-jk (1:1.2.37-4) unstable; urgency=medium
++libapache-mod-jk (1:1.2.37-1+deb7u1) wheezy-security; urgency=high
+
+ * Team upload.
- * Switched to tomcat8 (Closes: #759624)
- * Standards-Version updated to 3.9.6 (no changes)
-
- -- Emmanuel Bourg <ebourg at apache.org> Mon, 17 Nov 2014 14:52:23 +0100
-
- libapache-mod-jk (1:1.2.37-3) unstable; urgency=low
-
- * d/rules: Fix "Hardening CPPFLAGS missing" (Closes: #710809).
- Thanks to Simon Ruderich for providing patch.
- * d/patches/0004-corrupted-worker-activation-status.patch:
- Fix "Worker activation state corrupted when using jkmanager",
- Thanks to David Gubler for patch (Closes: #711934).
-
- -- Damien Raude-Morvan <drazzib at debian.org> Mon, 12 Aug 2013 10:28:44 +0200
-
- libapache-mod-jk (1:1.2.37-2) unstable; urgency=low
-
- * Re-enable Apache 2.4 transition after wheezy release (Closes: #666851):
- - d/control: Add Build-Depends apache2-dev and dh-apache2.
- - d/rules: Call apache2 dh addon.
- - d/libapache2-mod-jk.{postinst,postrm}: Replace with
- d/libapache2-mod-jk.apache2.
- - d/control: Remove explicit Depends on apache2.2-common.
- * d/control: Bump Standards-Version to 3.9.4: no changes needed.
- * d/control: Use canonical URL for Vcs-* fields.
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sat, 01 Jun 2013 15:14:00 +0200
++ * Add CVE-2014-8111.patch. (Closes: #783233)
++ It was discovered that a JkUnmount rule for a subtree of a previous JkMount
++ rule could be ignored. This could allow a remote attacker to potentially
++ access a private artifact in a tree that would otherwise not be accessible
++ to them.
++ - Add option to control handling of multiple adjacent slashes in mount and
++ unmount. New default is collapsing the slashes only in unmount. Before
++ this change, adjacent slashes were never collapsed, so most mounts and
++ unmounts didn't match for URLs with multiple adjacent slashes.
++ - Configuration is done via new JkOption for Apache (values
++ "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount").
++
++ -- Markus Koschany <apo at gambaru.de> Sat, 23 May 2015 23:33:30 +0200
+
+libapache-mod-jk (1:1.2.37-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sun, 03 Jun 2012 23:09:32 +0200
+
+libapache-mod-jk (1:1.2.36-1) unstable; urgency=low
+
+ * New upstream release.
+ * Revert Apache 2.4 transition (ie. just for wheezy release).
+ * Refresh patches.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Fri, 18 May 2012 19:20:50 +0200
+
+libapache-mod-jk (1:1.2.35-1) experimental; urgency=low
+
+ * New upstream release:
+ - d/patches/0004-compiler-hardening.patch: Merged upstream.
+ * d/rules: Just use dh_auto. No need to force using sub-directory as
+ debhelper is doing it for us.
+ * Prepare Apache 2.4 transition (Closes: #666851):
+ - d/control: Add Build-Depends apache2-dev and dh-apache2.
+ - d/rules: Call apache2 dh addon.
+ - d/libapache2-mod-jk.{postinst,postrm}: Replace with
+ d/libapache2-mod-jk.apache2.
+ - d/control: Remove explicit Depends on apache2.2-common.
+ * d/control: Bump Standards-Version to 3.9.3, no changes needed.
+ * d/copyright: Upgrade to copyright-format 1.0.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Wed, 04 Apr 2012 22:32:12 +0200
+
+libapache-mod-jk (1:1.2.32-2) unstable; urgency=low
+
+ * Team upload.
+ * Set debian/compat to 9; bump debhelper dependency to 8.1.3.
+ * Modify debian/rules to enable hardening flags
+ and add patches/0004-compiler-hardening.patch (Closes: #656876)
+ * Remove Michael Koch from Uploaders. (Closes: #654045)
+
+ -- tony mancill <tmancill at debian.org> Sat, 04 Feb 2012 07:17:54 +0000
+
+libapache-mod-jk (1:1.2.32-1) unstable; urgency=low
+
+ * New upstream release:
+ - Fix whitespace trimming when parsing attribute lists. LP: #592576.
+ * Add myself in Uploaders.
+ * Include a sensible default configuration in
+ /etc/apache2/mods-available/jk.conf
+ and remove old sample in /usr/share/doc/libapache2-mod-jk/.
+ LP: #118649.
+ * Describe changes in upstream handling of JkMount in global scope
+ vs in VirtualHost scope (in d/README and default configuration).
+ Closes: #460398.
+ * Bump Standards-Version to 3.9.2:
+ - d/control: Add recommended get-orig-source target.
+ * d/watch: Update to new upstream layout.
+ * Refresh patches.
+ * d/copyright: Upgrade to DEP-5 format.
+ * d/README.source: Removed (aka dpatch one)
+ * d/libapache-mod-jk.*: Remove old traces from Apache 1.3
+ (dropped since lenny).
+ * d/rules: Switch to dh7 handling.
+ * d/compat: Switch to debhelper compat level 8.
+ * Replace d/patches/0004 by autotools_dev dh sequence addons.
+ * d/rules: Enable LFS with -D_FILE_OFFSET_BITS=64. Closes: #590075.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Thu, 14 Jul 2011 01:15:52 +0200
+
+libapache-mod-jk (1:1.2.31-1) unstable; urgency=low
+
+ * Team upload.
+ * Bump debhelper compatibility level to 7.
+ * Bump Standards-Version to 3.9.1. No changes were required.
+ * Remove duplicated control fields in binary packages.
+ * Fix lintian warning about dh_clean -k deprecation.
+ * Update package section to httpd.
+ * Document in NEWS the minimal Linux version needed (>= 2.6.27) to use
+ this module.
+
+ -- Miguel Landaeta <miguel at miguel.cc> Tue, 15 Feb 2011 09:29:23 -0430
+
+libapache-mod-jk (1:1.2.30-1) unstable; urgency=low
+
+ * Team upload
+ * New upstream release
+ * Convert patches to dep3 format.
+ * Switch to source format 3.0.
+ * Remove Stefan (Gybas) and Arnaud from Uploaders list. Thanks to your
+ contribution in the past!
+ * Add Vcs-* headers.
+ * Add missing Depends: ${misc:Depends}.
+ * Update Standards-Version: 3.9.0 (no changes).
+ * Update patch for config.guess and config.sub.
+ * Switch to tomcat6 and default-java in workers.properties. Thanks to
+ Olivier Berger. (Closes: #590078)
+
+ -- Torsten Werner <twerner at debian.org> Sat, 24 Jul 2010 01:04:36 +0200
+
+libapache-mod-jk (1:1.2.28-2) unstable; urgency=low
+
+ * Added debian/patches/05_config_update.dpatch which updates
+ config.{guess|sub} in native/scripts/build/unix/ (Closes: #540392).
+ * debian/control: Let libapache2-mod-jk suggest tomcat6 instead of
+ tomcat5.5.
+ * Added debian/README.source.
+ * Updated Standards-Version to 3.8.3.
+
+ -- Michael Koch <konqueror at gmx.de> Thu, 20 Aug 2009 20:04:39 +0200
+
+libapache-mod-jk (1:1.2.28-1) unstable; urgency=low
+
+ * New upstream release.
+ - Removed debian/patches/05_bug_451494.dpatch. Applied upstream.
+ - Removed debian/patches/06_CVE-2008-5519.dpatch. Applied upstream.
+ * Updated Build-Depends to debhelper (>= 5) as 4 is deprecated.
+ * Link /usr/share/common-licenses/Apache-2.0 in debian/copgyright.
+ * Updated Standards-Version to 3.8.2.
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 25 Jul 2009 23:08:41 +0200
+
+libapache-mod-jk (1:1.2.26-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the security-team.
+ * CVE-2008-5519: Fix information disclosure vulnerability when clients
+ abort connection before sending POST body (closes: #523054).
+
+ -- Stefan Fritsch <sf at debian.org> Sat, 30 May 2009 15:49:20 +0200
+
+libapache-mod-jk (1:1.2.26-2) unstable; urgency=low
+
+ * Apply patch to fix JkOptions handling for virtual hosts. Thanks to
+ Toshihiro Sasajima for the patch, Closes: #451494
+ * Fixed debian/copyright to mention copyright and license properly.
+ * debian/libapache-mod-jk-doc.doc-base: Moved to section
+ System/Administration.
+ * Remove unused lintian override for libapache-mod-jk-doc.
+
+ -- Michael Koch <konqueror at gmx.de> Wed, 02 Apr 2008 23:09:41 +0200
+
+libapache-mod-jk (1:1.2.26-1) unstable; urgency=low
+
+ * New upstream release.
+ * Updated Standards-Version to 3.7.3.
+ * Fixed URL in Homepage field.
+ * Fixed typo in debian/libapache2-mod-jk.NEWS.
+
+ -- Michael Koch <konqueror at gmx.de> Thu, 27 Dec 2007 13:04:55 -0100
+
+libapache-mod-jk (1:1.2.25-2) unstable; urgency=low
+
+ * debian/workers.properties: Renamed worker.loadbalancer.balanced_workers to
+ worker.loadbalancer.balance_workers. Closes: #448062.
+
+ -- Michael Koch <konqueror at gmx.de> Thu, 25 Oct 2007 21:18:33 +0200
+
+libapache-mod-jk (1:1.2.25-1) unstable; urgency=low
+
+ * New upstream release.
+ * Don't suggest tomcat5 anymore.
+ * Use Homepage: field in debian/control
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 15 Sep 2007 09:07:30 +0200
+
+libapache-mod-jk (1:1.2.23-4) unstable; urgency=low
+
+ * libapache2-mod-jk: Removed Suggests on tomcat4.
+ * libapache-mod-jk-doc: Removed Suggests on libapache-mod-jk.
+
+ -- Michael Koch <konqueror at gmx.de> Thu, 5 Jul 2007 13:44:24 +0200
+
+libapache-mod-jk (1:1.2.23-3) unstable; urgency=low
+
+ * Don't build libapache-mod-jk binary package anymore. Closes: #429125.
+ * Removed Wolfgang from Uploaders.
+
+ -- Michael Koch <konqueror at gmx.de> Sun, 24 Jun 2007 18:34:33 -0100
+
+libapache-mod-jk (1:1.2.23-2) unstable; urgency=low
+
+ * Point workers.tomcat_home to /usr/share/tomcat5 and
+ workers.java_home to /usr/lib/jvm/java-gcj.
+ * Generate changelog from changelog.html correctly.
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 09 Jun 2007 16:06:13 -0100
+
+libapache-mod-jk (1:1.2.23-1) unstable; urgency=high
+
+ * New upstream release.
+ - Forward unparsed URI to tomcat. Closes: #425836.
+ CVE-2007-1860
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 2 Jun 2007 23:14:13 +0200
+
+libapache-mod-jk (1:1.2.22-1) unstable; urgency=low
+
+ * New upstream release
+ - works when no JkWorkersFile option set (Closes: #419448).
+ * Added debian/patches/04_no-worker-error.dpatch to make the message
+ "Could not find worker" an error and more visible (Closes: #418887).
+
+ -- Michael Koch <konqueror at gmx.de> Tue, 17 Apr 2007 08:12:38 +0200
+
+libapache-mod-jk (1:1.2.21-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Michael Koch <konqueror at gmx.de> Thu, 12 Apr 2007 07:21:37 +0000
+
+libapache-mod-jk (1:1.2.18-3) unstable; urgency=medium
+
+ * debian/rules: copy source tree for native part to compile seperately for
+ Apache 2.0 (Closes: #396224, #406636).
+ * Added tomcat5.5 to Depends on tomcat4 | tomcat5 | tomcat5.5.
+ * Updated Standards-Version to 3.7.2.
+ * Added myself to Uploaders.
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 17 Feb 2007 17:10:27 +0100
+
+libapache-mod-jk (1:1.2.18-2) unstable; urgency=low
+
+ * debian/control (Depends): updated to apache2.2-common (closes:
+ #391651), thanks to Philippe Marzouk.
+ * debian/patches/03_jk-runtime-status_default_location.dpatch:
+ added. This change the default location of JkShmFile variable (closes:
+ #362004), thanks to Adrian Bridgett.
+
+ -- Arnaud Vandyck <avdyk at debian.org> Mon, 9 Oct 2006 15:41:47 +0200
+
+libapache-mod-jk (1:1.2.18-1) unstable; urgency=low
+
+ * New upstream
+ * debian/watch: added
+ * Added myself to uploaders
+ * debian/rules: modified to revert changes in upstream structure (jk
+ directory does not exist anymore)
+
+ -- Arnaud Vandyck <avdyk at debian.org> Wed, 2 Aug 2006 11:11:03 +0200
+
+libapache-mod-jk (1:1.2.14.1-2) unstable; urgency=low
+
+ * Fixed binary arch only build by splitting
+ arch and indep install targets
+
+ -- Wolfgang Baer <WBaer at gmx.de> Mon, 03 Oct 2005 13:25:14 +0200
+
+libapache-mod-jk (1:1.2.14.1-1) unstable; urgency=low
+
+ * New upstream release (closes: #307331)
+ * Removed cdbs dependency - building only with debhelper
+ * Build Apache2 package (closes: #296345)
+ + debian/control: package libapache2-mod-jk added
+ + debian/control: added apache2-threaded-dev build dependency
+ * Split documentation in own package so it does not ship twice
+ + debian/control: package libapache-mod-jk-doc added
+ + debian/control: xsltproc dependency for building
+ + debian/control: added conflicts/replaces with old libapache-mod-jk
+ * Updated workers.properties
+ * Added example httpd.conf files for Apache 1.3 and 2
+ * Added tomcat5 as alternative to tomcat4 to suggests
+ * Only provide example conf files (for Apache1.3/2) which have to be
+ installed and modified for a specific setup by the user (closes: #321203)
+ * Added conflicts/replaces with libapache2-mod-jk2 and added NEWS.Debian
+ * Registered documentation with doc-base
+ * Added lintian override for changelog html file used in the manual
+ * Updated copyright to new upstream Apache License Version 2.0
+ * Updated Standards-Version to 3.6.2 - no changes
+
+ -- Wolfgang Baer <WBaer at gmx.de> Tue, 6 Sep 2005 14:43:49 +0200
+
+libapache-mod-jk (1:1.2.5-2) unstable; urgency=low
+
+ * Added libtool build dependency (closes: #229395)
+
+ -- Stefan Gybas <sgybas at debian.org> Fri, 30 Jan 2004 17:22:12 +0100
+
+libapache-mod-jk (1:1.2.5-1) unstable; urgency=low
+
+ * New upstream release (libapache-mod-jk was previously built by the tomcat
+ source package)
+ * Updated download location in copyright file
+ * Mention in the long description that this module can talk to a remote
+ Tomcat server so it can go into main
+ * Updated to the new module handling in Apache 1.3.29 and support Apache,
+ Apache-Perl and Apache-SSL
+
+ -- Stefan Gybas <sgybas at debian.org> Sat, 10 Jan 2004 17:18:52 +0100
+
diff --cc debian/control
index 985ef38,0000000..397575b
mode 100644,000000..100644
--- a/debian/control
+++ b/debian/control
@@@ -1,49 -1,0 +1,42 @@@
+Source: libapache-mod-jk
+Section: httpd
+Priority: optional
+Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
- Uploaders:
- Damien Raude-Morvan <drazzib at debian.org>
- Build-Depends:
- apache2-dev,
- autotools-dev,
- debhelper (>= 9),
- dh-apache2,
- libtool
- Build-Depends-Indep:
- lynx,
- xsltproc
- Standards-Version: 3.9.6
- Vcs-Git: https://anonscm.debian.org/git/pkg-java/libapache-mod-jk.git
- Vcs-Browser: https://anonscm.debian.org/viewvc/pkg-java/trunk/libapache-mod-jk
- Homepage: http://tomcat.apache.org
++Uploaders: Damien Raude-Morvan <drazzib at debian.org>
++Build-Depends: apache2-threaded-dev,
++ autotools-dev,
++ debhelper (>= 8.1.3~),
++ libtool
++Build-Depends-Indep: lynx, xsltproc
++Standards-Version: 3.9.3
++Homepage: http://tomcat.apache.org/
++Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/libapache-mod-jk
++Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/libapache-mod-jk/
+
+Package: libapache2-mod-jk
+Architecture: any
- Depends:
- ${misc:Depends},
- ${shlibs:Depends}
- Suggests:
- libapache-mod-jk-doc,
- tomcat8
++Depends: apache2.2-common, ${misc:Depends}, ${shlibs:Depends}
++Suggests: libapache-mod-jk-doc, tomcat6
++Conflicts: libapache2-mod-jk2
++Replaces: libapache2-mod-jk2
+Description: Apache 2 connector for the Tomcat Java servlet engine
+ Apache Tomcat is the reference implementation for the Java Servlet and
+ JavaServer Pages (JSP) specification from the Apache Jakarta project.
+ .
+ This package contains an Apache 2 module (mod_jk) to forward requests
+ from Apache to Tomcat using the AJP 1.3 or 1.4 protocol. It can either
+ talk to Tomcat on the local machine or to a remote engine using TCP.
+
+Package: libapache-mod-jk-doc
+Architecture: all
+Section: doc
- Depends:
- ${misc:Depends}
- Suggests:
- libapache2-mod-jk
++Depends: ${misc:Depends}
++Suggests: libapache2-mod-jk
++Conflicts: libapache-mod-jk (<= 1.2.5-2)
++Replaces: libapache-mod-jk (<= 1.2.5-2)
+Description: Documentation of libapache2-mod-jk package
+ Documentation and examples of the Apache jk connector for the Tomcat
+ Java servlet engine.
+ .
+ For uptodate documentation about Tomcat connectors please take a look
+ at the home page at http://tomcat.apache.org/connectors-doc/.
diff --cc debian/copyright
index 0b4c07a,0000000..c26ee7a
mode 100644,000000..100644
--- a/debian/copyright
+++ b/debian/copyright
@@@ -1,96 -1,0 +1,18 @@@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Apache Tomcat JK Connector
+Upstream-Contact: <http://tomcat.apache.org/connectors-doc/>
+Source: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/
+
+Files: *
- Copyright: Copyright (c) 1999-2015 Apache Foundation
++Copyright: Copyright (c) 1999-2011 Apache Foundation
+License: Apache-2.0
+
- Files: native/iis/pcre/*
- Copyright: 1997-2004, University of Cambridge
- License: BSD-3-clause
-
- Files: native/scripts/build/unix/ltmain.sh
- native/scripts/build/unix/missing
- native/scripts/build/unix/compile
- native/aclocal.m4
- Copyright: 1996-2013 Free Software Foundation, Inc.
- License: GPL-2+
-
- Files: native/scripts/build/unix/config.guess
- native/scripts/build/unix/config.sub
- Copyright: 1992-2014 Free Software Foundation, Inc.
- License: GPL-3+
-
- Files: native/scripts/build/unix/install-sh
- Copyright: 1994, X Consortium
- License: MIT
- Permission is hereby granted, free of charge, to any person obtaining a copy
- of this software and associated documentation files (the "Software"), to
- deal in the Software without restriction, including without limitation the
- rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
- sell copies of the Software, and to permit persons to whom the Software is
- furnished to do so, subject to the following conditions:
- .
- The above copyright notice and this permission notice shall be included in
- all copies or substantial portions of the Software.
- .
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
- AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
- TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- .
- Except as contained in this notice, the name of the X Consortium shall not
- be used in advertising or otherwise to promote the sale, use or other deal-
- ings in this Software without prior written authorization from the X Consor-
- tium.
-
-
+Files: debian/*
+Copyright: 2003, Stefan Gybas <sgybas at debian.org>
- 2009, Michael Koch <konqueror at gmx.de>
- 2011, Damien Raude-Morvan <drazzib at debian.org>
- 2015, Markus Koschany <apo at debian.org>
++ 2009, Michael Koch <konqueror at gmx.de>
++ 2011, Damien Raude-Morvan <drazzib at debian.org>
+License: Apache-2.0
+
+License: Apache-2.0
+ A complete copy of the Apache License, Version 2.0, can be found in
+ /usr/share/common-licenses/Apache-2.0 on Debian Systems.
-
- License: BSD-3-clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
- .
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- .
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- .
- * Neither the name of the University of Cambridge nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
- License: GPL-2+
- On Debian systems, the full text of the GNU General Public license 2
- can be found in the file '/usr/share/common-licenses/GPL-2
-
- License: GPL-3+
- On Debian systems, the full text of the GNU General Public license 3
- can be found in the file '/usr/share/common-licenses/GPL-3
diff --cc debian/libapache2-mod-jk.NEWS
index 1bdf780,0000000..c76356b
mode 100644,000000..100644
--- a/debian/libapache2-mod-jk.NEWS
+++ b/debian/libapache2-mod-jk.NEWS
@@@ -1,36 -1,0 +1,36 @@@
+libapache2-mod-jk (1:1.2.32-1) unstable; urgency=low
+
+ libapache2-mod-jk now provide a default configuration file for Apache 2.x.
+ This file is located at /etc/apache2/mods-available/jk.conf.
+ Please note, that this configuration will be activated on first installation
+ or when (re-)enabling jk module with "a2enmod jk".
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Thu, 14 Jul 2011 01:15:52 +0200
+
+libapache2-mod-jk (1:1.2.31-1) unstable; urgency=low
+
+ Since 1.2.31 libapache2-mod-jk is compiled under kernels with support for
+ the SOCK_CLOEXEC flag in socket(2) syscall. Because of this, on Linux
+ systems, libapache-mod-jk only works with kernel versions >= 2.6.27.
+
+ -- Miguel Landaeta <miguel at miguel.cc> Sun, 13 Feb 2011 19:17:43 -0430
+
+libapache2-mod-jk (1:1.2.26-1) unstable; urgency=low
+
+ Since 1.2.26, please note that by default no mounts will be inherited from the
+ global scope to any VirtualHost. See JkMountCopy option documentation
+ for more information (and Debian bug #460398).
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Thu, 14 Jul 2011 01:15:52 +0200
+
+libapache2-mod-jk (1:1.2.14.1-1) unstable; urgency=low
+
+ This package replaces the previously libapache2-mod-jk2 package
+ which is now unsupported upstream and therefore removed from
+ the archive.
+
+ Its recommended to switch to this package. Due to building packages
- for Apache 1.3 and 2 the documentation is now packaged separately
- (libapache-mod-jk-doc).
++ for Apache 1.3 and 2 the documentation is now packaged separately
++ (libapache-mod-jk-doc).
+
+ -- Wolfgang Baer <WBaer at gmx.de> Thu, 23 Jun 2005 22:42:54 +0200
diff --cc debian/libapache2-mod-jk.README.Debian
index f9c6215,0000000..8cf16b9
mode 100644,000000..100644
--- a/debian/libapache2-mod-jk.README.Debian
+++ b/debian/libapache2-mod-jk.README.Debian
@@@ -1,23 -1,0 +1,23 @@@
+libapache2-mod-jk for Debian
+----------------------------------
+
+Package works with Apache 2.x HTTP server.
+The documentation can be found in the libapache-mod-jk-doc package.
+
+At install, this module is enabled into existing Apache2 configuration.
+Default configuration is located here :
+ /etc/apache2/mods-available/jk.conf
+
+One default worker named ajp13_worker, which connects to the localhost on
+port 8009, is configured. If you need more workers or want to connect to
+a remote tomcat you have to modify the workers.properties file.
+
+By default, no webapp is mounted so you'll have to edit jk.conf
- to enable, at least, a JkMount directive for you webapp.
++to enable, at least, a JkMount directive for you webapp.
+
+Please pay attention to global scope vs VirtualHost when setting JkMount
+(see #460398) as, by default, no mounts will be inherited from the
+global scope to any VirtualHost. See JkMountCopy option documentation
+for more information.
+
+ -- Wolfgang Baer <WBaer at gmx.de> Thu, 23 Jun 2005 22:42:54 +0200
diff --cc debian/libapache2-mod-jk.install
index 6ef6e11,0000000..e982abe
mode 100644,000000..100644
--- a/debian/libapache2-mod-jk.install
+++ b/debian/libapache2-mod-jk.install
@@@ -1,4 -1,0 +1,4 @@@
- conf/jk.conf /etc/apache2/mods-available/
- debian/jk.load /etc/apache2/mods-available/
- debian/workers.properties /etc/libapache2-mod-jk/
- native/apache-2.0/mod_jk.so /usr/lib/apache2/modules/
++conf/jk.conf /etc/apache2/mods-available/
++debian/jk.load /etc/apache2/mods-available/
++debian/workers.properties /etc/libapache2-mod-jk/
++native/apache-2.0/mod_jk.so /usr/lib/apache2/modules/
diff --cc debian/libapache2-mod-jk.postinst
index 0000000,0000000..c2d5bc9
new file mode 100644
--- /dev/null
+++ b/debian/libapache2-mod-jk.postinst
@@@ -1,0 -1,0 +1,24 @@@
++#!/bin/sh
++set -e
++
++#DEBHELPER#
++
++case "$1" in
++ configure)
++
++ # Only activate jk if this is not an upgrade
++ if [ -z "$2" ]; then
++ a2enmod jk || true
++ fi
++ ;;
++
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "$0 called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++exit 0
diff --cc debian/libapache2-mod-jk.prerm
index 0000000,0000000..2f7c53b
new file mode 100644
--- /dev/null
+++ b/debian/libapache2-mod-jk.prerm
@@@ -1,0 -1,0 +1,22 @@@
++#!/bin/sh
++set -e
++
++#DEBHELPER#
++
++case "$1" in
++ upgrade|failed-upgrade)
++ # Nothing to do here
++ ;;
++
++ deconfigure|remove)
++ # Disable jk if this is not an upgrade
++ a2dismod jk || true
++ ;;
++
++ *)
++ echo "$0 called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++exit 0
diff --cc debian/patches/CVE-2014-8111.patch
index 0000000,0000000..70a2530
new file mode 100644
--- /dev/null
+++ b/debian/patches/CVE-2014-8111.patch
@@@ -1,0 -1,0 +1,474 @@@
++From: Markus Koschany <apo at gambaru.de>
++Date: Sat, 23 May 2015 00:05:21 +0200
++Subject: CVE-2014-8111
++
++It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule
++could be ignored. This could allow a remote attacker to potentially access a
++private artifact in a tree that would otherwise not be accessible to them.
++
++Forwarded: https://svn.apache.org/viewvc?view=revision&revision=r1647017
++---
++ native/apache-1.3/mod_jk.c | 24 +++++++++++++--
++ native/apache-2.0/mod_jk.c | 24 +++++++++++++--
++ native/common/jk_global.h | 7 ++++-
++ native/common/jk_uri_worker_map.c | 48 +++++++++++++++++------------
++ native/common/jk_uri_worker_map.h | 7 +++++
++ native/common/jk_util.c | 19 ++++++++++++
++ native/common/jk_util.h | 2 ++
++ native/iis/jk_isapi_plugin.c | 64 ++++++++++++++++++++++++++++-----------
++ 8 files changed, 153 insertions(+), 42 deletions(-)
++
++diff --git a/native/apache-1.3/mod_jk.c b/native/apache-1.3/mod_jk.c
++index 81c3a58..9d6840f 100644
++--- a/native/apache-1.3/mod_jk.c
+++++ b/native/apache-1.3/mod_jk.c
++@@ -2074,9 +2074,11 @@ const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line)
++
++ mask = 0;
++
++- if (action == '-' && !strncasecmp(w, "ForwardURI", strlen("ForwardURI")))
+++ if (action == '-' &&
+++ (!strncasecmp(w, "ForwardURI", strlen("ForwardURI")) ||
+++ !strncasecmp(w, "CollapseSlashes", strlen("CollapseSlashes"))))
++ return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '-", w,
++- "': ForwardURI* options can not be disabled", NULL);
+++ "': option can not be disabled", NULL);
++
++ if (!strcasecmp(w, "ForwardURICompat")) {
++ opt = JK_OPT_FWDURICOMPAT;
++@@ -2094,6 +2096,18 @@ const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line)
++ opt = JK_OPT_FWDURIPROXY;
++ mask = JK_OPT_FWDURIMASK;
++ }
+++ else if (!strcasecmp(w, "CollapseSlashesAll")) {
+++ opt = JK_OPT_COLLAPSEALL;
+++ mask = JK_OPT_COLLAPSEMASK;
+++ }
+++ else if (!strcasecmp(w, "CollapseSlashesNone")) {
+++ opt = JK_OPT_COLLAPSENONE;
+++ mask = JK_OPT_COLLAPSEMASK;
+++ }
+++ else if (!strcasecmp(w, "CollapseSlashesUnmount")) {
+++ opt = JK_OPT_COLLAPSEUNMOUNT;
+++ mask = JK_OPT_COLLAPSEMASK;
+++ }
++ else if (!strcasecmp(w, "ForwardDirectories")) {
++ opt = JK_OPT_FWDDIRS;
++ }
++@@ -2763,6 +2777,10 @@ static void *merge_jk_config(ap_pool * p, void *basev, void *overridesv)
++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_FWDURIMASK;
++ else
++ overrides->options |= (base->options & ~base->exclude_options);
+++ if (overrides->options & JK_OPT_COLLAPSEMASK)
+++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_COLLAPSEMASK;
+++ else
+++ overrides->options |= (base->options & ~base->exclude_options);
++
++ if (base->envvars) {
++ if (overrides->envvars && overrides->envvars_has_own) {
++@@ -2983,6 +3001,8 @@ static void jk_init(server_rec * s, ap_pool * p)
++ uri_worker_map_switch(sconf->uw_map, sconf->log);
++ uri_worker_map_load(sconf->uw_map, sconf->log);
++ }
+++ if (conf->options & JK_OPT_COLLAPSEMASK)
+++ sconf->uw_map->collapse_slashes = conf->options & JK_OPT_COLLAPSEMASK;
++ }
++ else {
++ if (sconf->mountcopy == JK_TRUE) {
++diff --git a/native/apache-2.0/mod_jk.c b/native/apache-2.0/mod_jk.c
++index 7c04440..26345ea 100644
++--- a/native/apache-2.0/mod_jk.c
+++++ b/native/apache-2.0/mod_jk.c
++@@ -2175,9 +2175,11 @@ static const char *jk_set_options(cmd_parms * cmd, void *dummy,
++
++ mask = 0;
++
++- if (action == '-' && !strncasecmp(w, "ForwardURI", strlen("ForwardURI")))
+++ if (action == '-' &&
+++ (!strncasecmp(w, "ForwardURI", strlen("ForwardURI")) ||
+++ !strncasecmp(w, "CollapseSlashes", strlen("CollapseSlashes"))))
++ return apr_pstrcat(cmd->pool, "JkOptions: Illegal option '-", w,
++- "': ForwardURI* options can not be disabled", NULL);
+++ "': option can not be disabled", NULL);
++
++ if (!strcasecmp(w, "ForwardURICompat")) {
++ opt = JK_OPT_FWDURICOMPAT;
++@@ -2195,6 +2197,18 @@ static const char *jk_set_options(cmd_parms * cmd, void *dummy,
++ opt = JK_OPT_FWDURIPROXY;
++ mask = JK_OPT_FWDURIMASK;
++ }
+++ else if (!strcasecmp(w, "CollapseSlashesAll")) {
+++ opt = JK_OPT_COLLAPSEALL;
+++ mask = JK_OPT_COLLAPSEMASK;
+++ }
+++ else if (!strcasecmp(w, "CollapseSlashesNone")) {
+++ opt = JK_OPT_COLLAPSENONE;
+++ mask = JK_OPT_COLLAPSEMASK;
+++ }
+++ else if (!strcasecmp(w, "CollapseSlashesUnmount")) {
+++ opt = JK_OPT_COLLAPSEUNMOUNT;
+++ mask = JK_OPT_COLLAPSEMASK;
+++ }
++ else if (!strcasecmp(w, "ForwardDirectories")) {
++ opt = JK_OPT_FWDDIRS;
++ }
++@@ -2987,6 +3001,10 @@ static void *merge_jk_config(apr_pool_t * p, void *basev, void *overridesv)
++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_FWDURIMASK;
++ else
++ overrides->options |= (base->options & ~base->exclude_options);
+++ if (overrides->options & JK_OPT_COLLAPSEMASK)
+++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_COLLAPSEMASK;
+++ else
+++ overrides->options |= (base->options & ~base->exclude_options);
++
++ if (base->envvars) {
++ if (overrides->envvars && overrides->envvars_has_own) {
++@@ -3464,6 +3482,8 @@ static int jk_post_config(apr_pool_t * pconf,
++ uri_worker_map_switch(sconf->uw_map, sconf->log);
++ uri_worker_map_load(sconf->uw_map, sconf->log);
++ }
+++ if (conf->options & JK_OPT_COLLAPSEMASK)
+++ sconf->uw_map->collapse_slashes = conf->options & JK_OPT_COLLAPSEMASK;
++ }
++ else {
++ if (sconf->mountcopy == JK_TRUE) {
++diff --git a/native/common/jk_global.h b/native/common/jk_global.h
++index aefe87e..942ee32 100644
++--- a/native/common/jk_global.h
+++++ b/native/common/jk_global.h
++@@ -252,6 +252,11 @@ extern "C"
++
++ #define JK_OPT_FWDURIMASK 0x0007
++
+++#define JK_OPT_COLLAPSEMASK 0x7000
+++#define JK_OPT_COLLAPSEALL 0x1000
+++#define JK_OPT_COLLAPSENONE 0x2000
+++#define JK_OPT_COLLAPSEUNMOUNT 0x4000
+++
++ #define JK_OPT_FWDURICOMPAT 0x0001
++ #define JK_OPT_FWDURICOMPATUNPARSED 0x0002
++ #define JK_OPT_FWDURIESCAPED 0x0003
++@@ -269,7 +274,7 @@ extern "C"
++ #define JK_OPT_FWDKEYSIZE 0x0200
++ #define JK_OPT_REJECTUNSAFE 0x0400
++
++-#define JK_OPT_DEFAULT (JK_OPT_FWDURIDEFAULT | JK_OPT_FWDKEYSIZE)
+++#define JK_OPT_DEFAULT (JK_OPT_FWDURIDEFAULT | JK_OPT_FWDKEYSIZE | JK_OPT_COLLAPSEUNMOUNT)
++
++ /* Check for EBCDIC systems */
++
++diff --git a/native/common/jk_uri_worker_map.c b/native/common/jk_uri_worker_map.c
++index 250cdb5..8c3d44e 100644
++--- a/native/common/jk_uri_worker_map.c
+++++ b/native/common/jk_uri_worker_map.c
++@@ -174,9 +174,10 @@ static void uri_worker_map_dump(jk_uri_worker_map_t *uw_map,
++ int i, off;
++ if (JK_IS_DEBUG_LEVEL(l)) {
++ jk_log(l, JK_LOG_DEBUG, "uri map dump %s: id=%d, index=%d file='%s' reject_unsafe=%d "
++- "reload=%d modified=%d checked=%d",
+++ "collapse_slashes=%d reload=%d modified=%d checked=%d",
++ reason, uw_map->id, uw_map->index, STRNULL_FOR_NULL(uw_map->fname),
++- uw_map->reject_unsafe, uw_map->reload, uw_map->modified, uw_map->checked);
+++ uw_map->reject_unsafe, uw_map->collapse_slashes,
+++ uw_map->reload, uw_map->modified, uw_map->checked);
++ }
++ for (i = 0; i <= 1; i++) {
++ jk_log(l, JK_LOG_DEBUG, "generation %d: size=%d nosize=%d capacity=%d",
++@@ -242,6 +243,7 @@ int uri_worker_map_alloc(jk_uri_worker_map_t **uw_map_p,
++ uw_map->index = 0;
++ uw_map->fname = NULL;
++ uw_map->reject_unsafe = 0;
+++ uw_map->collapse_slashes = JK_COLLAPSE_DEFAULT;
++ uw_map->reload = JK_URIMAP_DEF_RELOAD;
++ uw_map->modified = 0;
++ uw_map->checked = 0;
++@@ -681,48 +683,42 @@ void parse_rule_extensions(char *rule, rule_extension_t *extensions,
++ else if (!strncmp(param, JK_UWMAP_EXTENSION_ACTIVE, strlen(JK_UWMAP_EXTENSION_ACTIVE))) {
++ if (extensions->active)
++ jk_log(l, JK_LOG_WARNING,
++- "rule extension '%s' only allowed once",
++- JK_UWMAP_EXTENSION_ACTIVE);
+++ "rule extension '" JK_UWMAP_EXTENSION_ACTIVE "' only allowed once");
++ else
++ extensions->active = param + strlen(JK_UWMAP_EXTENSION_ACTIVE);
++ }
++ else if (!strncmp(param, JK_UWMAP_EXTENSION_DISABLED, strlen(JK_UWMAP_EXTENSION_DISABLED))) {
++ if (extensions->disabled)
++ jk_log(l, JK_LOG_WARNING,
++- "rule extension '%s' only allowed once",
++- JK_UWMAP_EXTENSION_DISABLED);
+++ "rule extension '" JK_UWMAP_EXTENSION_DISABLED "' only allowed once");
++ else
++ extensions->disabled = param + strlen(JK_UWMAP_EXTENSION_DISABLED);
++ }
++ else if (!strncmp(param, JK_UWMAP_EXTENSION_STOPPED, strlen(JK_UWMAP_EXTENSION_STOPPED))) {
++ if (extensions->stopped)
++ jk_log(l, JK_LOG_WARNING,
++- "rule extension '%s' only allowed once",
++- JK_UWMAP_EXTENSION_STOPPED);
+++ "rule extension '" JK_UWMAP_EXTENSION_STOPPED "' only allowed once");
++ else
++ extensions->stopped = param + strlen(JK_UWMAP_EXTENSION_STOPPED);
++ }
++ else if (!strncmp(param, JK_UWMAP_EXTENSION_FAIL_ON_STATUS, strlen(JK_UWMAP_EXTENSION_FAIL_ON_STATUS))) {
++ if (extensions->fail_on_status_str)
++ jk_log(l, JK_LOG_WARNING,
++- "rule extension '%s' only allowed once",
++- JK_UWMAP_EXTENSION_FAIL_ON_STATUS);
+++ "rule extension '" JK_UWMAP_EXTENSION_FAIL_ON_STATUS "' only allowed once");
++ else
++ extensions->fail_on_status_str = param + strlen(JK_UWMAP_EXTENSION_FAIL_ON_STATUS);
++ }
++ else if (!strncmp(param, JK_UWMAP_EXTENSION_SESSION_COOKIE, strlen(JK_UWMAP_EXTENSION_SESSION_COOKIE))) {
++ if (extensions->session_cookie)
++ jk_log(l, JK_LOG_WARNING,
++- "extension '%s' in uri worker map only allowed once",
++- JK_UWMAP_EXTENSION_SESSION_COOKIE);
+++ "extension '" JK_UWMAP_EXTENSION_SESSION_COOKIE "' in uri worker map only allowed once");
++ else
++ extensions->session_cookie = param + strlen(JK_UWMAP_EXTENSION_SESSION_COOKIE);
++ }
++ else if (!strncmp(param, JK_UWMAP_EXTENSION_SESSION_PATH, strlen(JK_UWMAP_EXTENSION_SESSION_PATH))) {
++ if (extensions->session_path)
++ jk_log(l, JK_LOG_WARNING,
++- "extension '%s' in uri worker map only allowed once",
++- JK_UWMAP_EXTENSION_SESSION_PATH);
+++ "extension '" JK_UWMAP_EXTENSION_SESSION_PATH "' in uri worker map only allowed once");
++ else {
++ // Check if the session identifier starts with semicolon.
++ if (!strcmp(param, JK_UWMAP_EXTENSION_SESSION_PATH)) {
++@@ -1034,12 +1030,12 @@ static int is_nomatch(jk_uri_worker_map_t *uw_map,
++ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map,
++ const char *uri, const char *vhost,
++ rule_extension_t **extensions,
++- int *index,
++- jk_logger_t *l)
+++ int *index, jk_logger_t *l)
++ {
++ unsigned int i;
++ unsigned int vhost_len;
++ int reject_unsafe;
+++ int collapse_slashes;
++ int rv = -1;
++ char url[JK_MAX_URI_LEN+1];
++
++@@ -1069,10 +1065,8 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map,
++ return NULL;
++ }
++ }
++- /* Make the copy of the provided uri and strip
++- * everything after the first ';' char.
++- */
++ reject_unsafe = uw_map->reject_unsafe;
+++ collapse_slashes = uw_map->collapse_slashes;
++ vhost_len = 0;
++ /*
++ * In case we got a vhost, we prepend a slash
++@@ -1100,6 +1094,9 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map,
++ }
++ vhost_len += off;
++ }
+++ /* Make the copy of the provided uri and strip
+++ * everything after the first ';' char.
+++ */
++ for (i = 0; i < strlen(uri); i++) {
++ if (i == JK_MAX_URI_LEN) {
++ jk_log(l, JK_LOG_WARNING,
++@@ -1127,6 +1124,12 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map,
++ jk_log(l, JK_LOG_DEBUG, "Found session identifier '%s' in url '%s'",
++ url_rewrite, uri);
++ }
+++ if (collapse_slashes == JK_COLLAPSE_ALL) {
+++ /* Remove multiple slashes
+++ * No need to copy url, because it is local and
+++ * the unchanged url is no longer needed */
+++ jk_no2slash(url);
+++ }
++ if (JK_IS_DEBUG_LEVEL(l))
++ jk_log(l, JK_LOG_DEBUG, "Attempting to map URI '%s' from %d maps",
++ url, IND_THIS(uw_map->size));
++@@ -1138,6 +1141,13 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map,
++
++ /* In case we found a match, check for the unmounts. */
++ if (rv >= 0 && IND_THIS(uw_map->nosize)) {
+++ if (collapse_slashes == JK_COLLAPSE_UNMOUNT) {
+++ /* Remove multiple slashes when looking for
+++ * unmount to prevent trivial unmount bypass attack.
+++ * No need to copy url, because it is local and
+++ * the unchanged url is no longer needed */
+++ jk_no2slash(url);
+++ }
++ /* Again first including vhost. */
++ int rc = is_nomatch(uw_map, url, rv, l);
++ /* If no unmount was find, try without vhost. */
++diff --git a/native/common/jk_uri_worker_map.h b/native/common/jk_uri_worker_map.h
++index 1598937..16c14ff 100644
++--- a/native/common/jk_uri_worker_map.h
+++++ b/native/common/jk_uri_worker_map.h
++@@ -58,6 +58,11 @@ extern "C"
++ #define MATCH_TYPE_STOPPED 0x4000
++ */
++
+++#define JK_COLLAPSE_ALL 0x0001
+++#define JK_COLLAPSE_NONE 0x0002
+++#define JK_COLLAPSE_UNMOUNT 0x0003
+++#define JK_COLLAPSE_DEFAULT JK_COLLAPSE_UNMOUNT
+++
++ #define SOURCE_TYPE_WORKERDEF 0x0001
++ #define SOURCE_TYPE_JKMOUNT 0x0002
++ #define SOURCE_TYPE_URIMAP 0x0003
++@@ -166,6 +171,8 @@ struct jk_uri_worker_map
++ JK_CRIT_SEC cs;
++ /* should we forward potentially unsafe URLs */
++ int reject_unsafe;
+++ /* how to handle multiple adjacent slashes in URLs */
+++ int collapse_slashes;
++ /* uriworkermap filename */
++ const char *fname;
++ /* uriworkermap reload check interval */
++diff --git a/native/common/jk_util.c b/native/common/jk_util.c
++index 8c5d803..4455f86 100644
++--- a/native/common/jk_util.c
+++++ b/native/common/jk_util.c
++@@ -2089,6 +2089,25 @@ int jk_wildchar_match(const char *str, const char *exp, int icase)
++ return (str[x] != '\0');
++ }
++
+++void jk_no2slash(char *name)
+++{
+++ char *d, *s;
+++
+++ s = d = name;
+++
+++ while (*s) {
+++ if ((*d++ = *s) == '/') {
+++ do {
+++ ++s;
+++ } while (*s == '/');
+++ }
+++ else {
+++ ++s;
+++ }
+++ }
+++ *d = '\0';
+++}
+++
++ #ifdef _MT_CODE_PTHREAD
++ jk_pthread_t jk_gettid()
++ {
++diff --git a/native/common/jk_util.h b/native/common/jk_util.h
++index 2313c2c..930943c 100644
++--- a/native/common/jk_util.h
+++++ b/native/common/jk_util.h
++@@ -238,6 +238,8 @@ int is_http_status_fail(unsigned int http_status_fail_num,
++
++ int jk_wildchar_match(const char *str, const char *exp, int icase);
++
+++void jk_no2slash(char *name);
+++
++ #define TC32_BRIDGE_TYPE 32
++ #define TC33_BRIDGE_TYPE 33
++ #define TC40_BRIDGE_TYPE 40
++diff --git a/native/iis/jk_isapi_plugin.c b/native/iis/jk_isapi_plugin.c
++index e949734..736ac05 100644
++--- a/native/iis/jk_isapi_plugin.c
+++++ b/native/iis/jk_isapi_plugin.c
++@@ -117,23 +117,27 @@ static char HTTP_WORKER_HEADER_INDEX[RES_BUFFER_SIZE];
++ #define W3SVC_REGISTRY_KEY "SYSTEM\\CurrentControlSet\\Services\\W3SVC\\Parameters"
++ #define EXTENSION_URI_TAG "extension_uri"
++
++-#define URI_SELECT_TAG "uri_select"
++-#define URI_SELECT_PARSED_VERB "parsed"
++-#define URI_SELECT_UNPARSED_VERB "unparsed"
++-#define URI_SELECT_ESCAPED_VERB "escaped"
++-#define URI_SELECT_PROXY_VERB "proxy"
++-#define URI_REWRITE_TAG "rewrite_rule_file"
++-#define SHM_SIZE_TAG "shm_size"
++-#define WORKER_MOUNT_RELOAD_TAG "worker_mount_reload"
++-#define STRIP_SESSION_TAG "strip_session"
++-#define AUTH_COMPLETE_TAG "auth_complete"
++-#define REJECT_UNSAFE_TAG "reject_unsafe"
++-#define WATCHDOG_INTERVAL_TAG "watchdog_interval"
++-#define ENABLE_CHUNKED_ENCODING_TAG "enable_chunked_encoding"
++-#define ERROR_PAGE_TAG "error_page"
++-
++-#define LOG_ROTATION_TIME_TAG "log_rotationtime"
++-#define LOG_FILESIZE_TAG "log_filesize"
+++#define URI_SELECT_TAG "uri_select"
+++#define URI_SELECT_PARSED_VERB "parsed"
+++#define URI_SELECT_UNPARSED_VERB "unparsed"
+++#define URI_SELECT_ESCAPED_VERB "escaped"
+++#define URI_SELECT_PROXY_VERB "proxy"
+++#define URI_REWRITE_TAG "rewrite_rule_file"
+++#define SHM_SIZE_TAG "shm_size"
+++#define WORKER_MOUNT_RELOAD_TAG "worker_mount_reload"
+++#define STRIP_SESSION_TAG "strip_session"
+++#define AUTH_COMPLETE_TAG "auth_complete"
+++#define REJECT_UNSAFE_TAG "reject_unsafe"
+++#define COLLAPSE_SLASHES_TAG "collapse_slashes"
+++#define COLLAPSE_SLASHES_ALL_VERB "all"
+++#define COLLAPSE_SLASHES_NONE_VERB "none"
+++#define COLLAPSE_SLASHES_UNMOUNT_VERB "unmount"
+++#define WATCHDOG_INTERVAL_TAG "watchdog_interval"
+++#define ENABLE_CHUNKED_ENCODING_TAG "enable_chunked_encoding"
+++#define ERROR_PAGE_TAG "error_page"
+++
+++#define LOG_ROTATION_TIME_TAG "log_rotationtime"
+++#define LOG_FILESIZE_TAG "log_filesize"
++
++ /* HTTP standard headers */
++ #define TRANSFER_ENCODING_CHUNKED_HEADER_COMPLETE "Transfer-Encoding: chunked"
++@@ -501,6 +505,7 @@ static int strip_session = 0;
++ static int use_auth_notification_flags = 1;
++ static int chunked_encoding_enabled = JK_FALSE;
++ static int reject_unsafe = 0;
+++static int collapse_slashes = JK_COLLAPSE_DEFAULT;
++ static volatile int watchdog_interval = 0;
++ static HANDLE watchdog_handle = NULL;
++ static char error_page_buf[INTERNET_MAX_URL_LENGTH] = {0};
++@@ -2791,6 +2796,7 @@ static int init_jk(char *serverName)
++ uw_map->reject_unsafe = 1;
++ else
++ uw_map->reject_unsafe = 0;
+++ uw_map->collapse_slashes = collapse_slashes;
++ uw_map->reload = worker_mount_reload;
++ if (worker_mount_file[0]) {
++ uw_map->fname = worker_mount_file;
++@@ -2920,6 +2926,17 @@ int parse_uri_select(const char *uri_select)
++ return -1;
++ }
++
+++int parse_collapse_slashes(const char *collapse_slashes)
+++{
+++ if (!strcasecmp(collapse_slashes, COLLAPSE_SLASHES_ALL_VERB))
+++ return JK_OPT_COLLAPSEALL;
+++ if (!strcasecmp(collapse_slashes, COLLAPSE_SLASHES_NONE_VERB))
+++ return JK_OPT_COLLAPSENONE;
+++ if (!strcasecmp(collapse_slashes, COLLAPSE_SLASHES_UNMOUNT_VERB))
+++ return JK_OPT_COLLAPSEUNMOUNT;
+++ return -1;
+++}
+++
++ static int read_registry_init_data(void)
++ {
++ char tmpbuf[MAX_PATH];
++@@ -3017,7 +3034,18 @@ static int read_registry_init_data(void)
++ uri_select_option = opt;
++ }
++ else {
++- goto cleanup;
+++ jk_log(logger, JK_LOG_ERROR, "Invalid value '%s' for configuration item '"
+++ URI_SELECT_TAG "'", tmpbuf);
+++ }
+++ }
+++ if (get_config_parameter(src, COLLAPSE_SLASHES_TAG, tmpbuf, sizeof(tmpbuf))) {
+++ int opt = parse_collapse_slashes(tmpbuf);
+++ if (opt >= 0) {
+++ collapse_slashes = opt;
+++ }
+++ else {
+++ jk_log(logger, JK_LOG_ERROR, "Invalid value '%s' for configuration item '"
+++ COLLAPSE_SLASHES_TAG "'", tmpbuf);
++ }
++ }
++ shm_config_size = get_config_int(src, SHM_SIZE_TAG, -1);
diff --cc debian/patches/series
index cb4453d,0000000..5f2aa5c
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,4 -1,0 +1,4 @@@
+0001-disable-logo.patch
+0002-debianize-log-directory.patch
+0003-upgrade-info-to-error-message.patch
- fix-privacy-breach.patch
++CVE-2014-8111.patch
diff --cc debian/rules
index ac77a31,0000000..b3e295d
mode 100755,000000..100755
--- a/debian/rules
+++ b/debian/rules
@@@ -1,32 -1,0 +1,45 @@@
+#!/usr/bin/make -f
+
- # Enable LFS, build system doesn't respect CPPFLAGS.
- export DEB_CFLAGS_MAINT_APPEND = -D_LARGEFILE_SUPPORT -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 $(shell dpkg-buildflags --get CPPFLAGS)
++# Enable LFS
++CFLAGS = -D_LARGEFILE_SUPPORT -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 $(shell dpkg-buildflags --get CFLAGS)
+
+%:
- dh $@ --with autotools_dev,apache2 --sourcedirectory=native
++ dh $@ --with autotools_dev --sourcedirectory=native
+
+override_dh_auto_configure:
+ dh_auto_configure -- --with-apxs=/usr/bin/apxs2
++ sed -i -e 's/^LIBTOOL = .*$$/LIBTOOL = \/bin\/sh ..\/libtool/' native/common/Makefile
+
+override_dh_auto_build:
+ dh_auto_build
+ cp conf/httpd-jk.conf conf/jk.conf
+
++override_dh_auto_clean:
++ rm -f conf/jk.conf
++ # ac_config_files
++ rm -f Makefile apache-1.3/Makefile apache-1.3/Makefile.apxs \
++ apache-2.0/Makefile apache-2.0/Makefile.apxs common/Makefile \
++ common/list.mk common/jk_types.h jni/Makefile
++ # MAINTAINERCLEANFILES
++ rm -f native/config.{status,log,cache}
++ rm -f native/apache-2.0/mod_jk.{o,la,lo,a} native/apache-2.0/mod_jk.so*
++ rm -f native/common/*.{lo,o}
++ rm -rf native/apache-2.0/.libs native/common/.libs
++
+override_dh_auto_install:
+ifneq (,$(filter libapache-mod-jk-doc, $(shell dh_listpackages)))
+ cd xdocs && install -d ../build/docs/ && cp -R * ../build/docs/
+ cd build/docs && for i in `find . -name '*.xml'`; do xsltproc style.xsl $$i > `dirname $$i`/`basename $$i .xml`.html; done
+ cd build/docs && find . -name '*.xml' -exec rm -f {} \;
+ cd build/docs && rm -f style.xsl BUILDING
+ cd build/docs/miscellaneous && lynx -dump -nolist changelog.html > ../changelog
+endif
+
+override_dh_compress:
+ dh_compress -Xchangelog.html
+
+# No check target
+override_dh_auto_test:
+
+get-orig-source:
- uscan --verbose --download-current-version --force-download
++ uscan --force-download --rename
diff --cc debian/source.lintian-overrides
index 0000000,0000000..c3a8e6e
new file mode 100644
--- /dev/null
+++ b/debian/source.lintian-overrides
@@@ -1,0 -1,0 +1,2 @@@
++# override: using compat=9 with debhelper 8.1.3 for build-hardening flags
++package-needs-versioned-debhelper-build-depends 9
diff --cc debian/workers.properties
index 1e282f0,0000000..91ba7f2
mode 100644,000000..100644
--- a/debian/workers.properties
+++ b/debian/workers.properties
@@@ -1,100 -1,0 +1,100 @@@
+# workers.properties -
+#
+# This file is a simplified version of the workers.properties supplied
+# with the upstream sources. The jni inprocess worker (not build in the
+# debian package) section and the ajp12 (deprecated) section are removed.
+#
+# As a general note, the characters $( and ) are used internally to define
+# macros. Do not use them in your own configuration!!!
+#
+# Whenever you see a set of lines such as:
+# x=value
+# y=$(x)\something
+#
+# the final value for y will be value\something
+#
+# Normaly all you will need to do is un-comment and modify the first three
+# properties, i.e. workers.tomcat_home, workers.java_home and ps.
+# Most of the configuration is derived from these.
+#
+# When you are done updating workers.tomcat_home, workers.java_home and ps
+# you should have 3 workers configured:
+#
+# - An ajp13 worker that connects to localhost:8009
+# - A load balancer worker
+#
+#
+
- # OPTIONS ( very important for jni mode )
++# OPTIONS ( very important for jni mode )
+
+#
+# workers.tomcat_home should point to the location where you
+# installed tomcat. This is where you have your conf, webapps and lib
+# directories.
+#
- workers.tomcat_home=/usr/share/tomcat8
++workers.tomcat_home=/usr/share/tomcat6
+
+#
+# workers.java_home should point to your Java installation. Normally
+# you should have a bin and lib directories beneath it.
+#
+workers.java_home=/usr/lib/jvm/default-java
+
+#
+# You should configure your environment slash... ps=\ on NT and / on UNIX
+# and maybe something different elsewhere.
+#
+ps=/
+
+#
+#------ ADVANCED MODE ------------------------------------------------
+#---------------------------------------------------------------------
+#
+
+#
+#------ worker list ------------------------------------------
+#---------------------------------------------------------------------
+#
+#
+# The workers that your plugins should create and work with
- #
++#
+worker.list=ajp13_worker
+
+#
+#------ ajp13_worker WORKER DEFINITION ------------------------------
+#---------------------------------------------------------------------
+#
+
+#
+# Defining a worker named ajp13_worker and of type ajp13
+# Note that the name and the type do not have to match.
+#
+worker.ajp13_worker.port=8009
+worker.ajp13_worker.host=localhost
+worker.ajp13_worker.type=ajp13
+#
+# Specifies the load balance factor when used with
+# a load balancing worker.
+# Note:
+# ----> lbfactor must be > 0
+# ----> Low lbfactor means less work done by the worker.
+worker.ajp13_worker.lbfactor=1
+
+#
+# Specify the size of the open connection cache.
+#worker.ajp13_worker.cachesize
+
+#
+#------ DEFAULT LOAD BALANCER WORKER DEFINITION ----------------------
+#---------------------------------------------------------------------
+#
+
+#
+# The loadbalancer (type lb) workers perform wighted round-robin
+# load balancing with sticky sessions.
+# Note:
+# ----> If a worker dies, the load balancer will check its state
+# once in a while. Until then all work is redirected to peer
+# workers.
+worker.loadbalancer.type=lb
+worker.loadbalancer.balance_workers=ajp13_worker
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libapache-mod-jk.git
More information about the pkg-java-commits
mailing list