[pkg-java] r17142 - in tags/tomcat-native: . 1.1.27-1/debian 1.1.27-1/debian/patches
Damien Raude-Morvan
drazzib at alioth.debian.org
Tue Aug 13 08:54:31 UTC 2013
Author: drazzib
Date: 2013-08-13 08:54:30 +0000 (Tue, 13 Aug 2013)
New Revision: 17142
Added:
tags/tomcat-native/1.1.27-1/
tags/tomcat-native/1.1.27-1/debian/changelog
tags/tomcat-native/1.1.27-1/debian/compat
tags/tomcat-native/1.1.27-1/debian/control
tags/tomcat-native/1.1.27-1/debian/copyright
tags/tomcat-native/1.1.27-1/debian/patches/drop_sslv2_support.diff
tags/tomcat-native/1.1.27-1/debian/rules
Removed:
tags/tomcat-native/1.1.27-1/debian/changelog
tags/tomcat-native/1.1.27-1/debian/compat
tags/tomcat-native/1.1.27-1/debian/control
tags/tomcat-native/1.1.27-1/debian/copyright
tags/tomcat-native/1.1.27-1/debian/patches/drop_sslv2_support.diff
tags/tomcat-native/1.1.27-1/debian/rules
Log:
[svn-buildpackage] Tagging tomcat-native 1.1.27-1
Deleted: tags/tomcat-native/1.1.27-1/debian/changelog
===================================================================
--- trunk/tomcat-native/debian/changelog 2013-08-12 09:14:39 UTC (rev 17140)
+++ tags/tomcat-native/1.1.27-1/debian/changelog 2013-08-13 08:54:30 UTC (rev 17142)
@@ -1,115 +0,0 @@
-tomcat-native (1.1.24-1) unstable; urgency=low
-
- * Team upload.
- * New upstream release (closes: #685516)
- * Update README.Debian to include reference to tomcat7.
-
- -- tony mancill <tmancill at debian.org> Sat, 25 Aug 2012 03:55:06 +0000
-
-tomcat-native (1.1.23-1) unstable; urgency=low
-
- [ tony mancill ]
- * Team upload.
- * Remove Michael Koch from Uploaders (Closes: #654135)
-
- [ Damien Raude-Morvan ]
- * New upstream release.
- * d/control: Build-Depends on dpkg-dev (>= 1.16.1~) for hardening
- flags
- * d/rules: Enable hardening build.
- * d/copyright: Use copyright-format 1.0.
- * d/control: Bump Standards-Version to 3.9.3: no changes needed.
-
- -- Damien Raude-Morvan <drazzib at debian.org> Fri, 02 Mar 2012 19:51:58 +0100
-
-tomcat-native (1.1.22-1) unstable; urgency=low
-
- * New upstream release:
- - Update d/patches/drop_sslv2_support.diff patch.
-
- -- Damien Raude-Morvan <drazzib at debian.org> Fri, 12 Aug 2011 20:02:57 +0200
-
-tomcat-native (1.1.20-3) unstable; urgency=low
-
- * Switch to 3.0 quilt source format.
- * d/patches/drop_sslv2_support.diff: Drop support for SSLv2
- (Closes: #622141).
- * d/copyright: Update to DEP-5 format.
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sun, 10 Jul 2011 23:42:01 +0200
-
-tomcat-native (1.1.20-2) unstable; urgency=low
-
- * Team upload.
- * Remove *.la (Closes: #621279)
- * Bump Standards-Version to 3.9.2 (no changes needed)
-
- -- tony mancill <tmancill at debian.org> Sat, 09 Apr 2011 10:57:15 -0700
-
-tomcat-native (1.1.20-1) unstable; urgency=low
-
- * New upstream release:
- - Prevent crashing JVM on shutdown.
- * Bump Standards-Version to 3.8.4 (no changes needed)
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sat, 20 Feb 2010 22:50:34 +0100
-
-tomcat-native (1.1.19-1) unstable; urgency=low
-
- * New upstream release.
- - minor versioning fix
- - allows building against OpenSSL 1.0
- * Add a README.Debian to help users to setup Tomcat 6.x
- with Tomcat Native Library
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sun, 17 Jan 2010 01:27:46 +0100
-
-tomcat-native (1.1.18-1) unstable; urgency=high
-
- * New upstream release.
- - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack
- - set urgency=high to get security fix in testing
-
- -- Damien Raude-Morvan <drazzib at debian.org> Tue, 24 Nov 2009 01:46:20 +0100
-
-tomcat-native (1.1.17-1) unstable; urgency=low
-
- * New upstream release.
- * debian/control:
- - Update my email address
- - Bump Standards-Version to 3.8.3 (no changes needed)
- - Bump debhelper version to >= 7
- - Update upstream Homepage field
- - Use default-jdk instead of default-jdk-builddep as there is no
- native (-gcj) package build.
- * debian/copyright:
- - Update upstream copyright years
- - Add myself as debian/* copyright holder
- * debian/libtcnative-1.lintian-overrides:
- - Change to be version agnostic
-
- -- Damien Raude-Morvan <drazzib at debian.org> Sat, 07 Nov 2009 21:41:36 +0100
-
-tomcat-native (1.1.16-1) unstable; urgency=low
-
- * New upstream release (Closes: #514500)
- - Fix IPv6 issues (Closes: #517163, #521306)
- * debian/control:
- - Move libtcnative-1 to "java" section
- - Add myself to Uploaders
- - Bump Standards-Version to 3.8.1 (no changes needed)
- * debian/watch: Update to new upstream location
- * debian/rules: Provide a "get-orig-source" target using uscan
- * debian/control: Build-Depends on default-jdk-builddep
- * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java
- * Remove debian/libtcnative-1.install and use dh_lintian
- to install debian/libtcnative-1.lintian-overrides
-
- -- Damien Raude-Morvan <drazzib at drazzib.com> Sun, 29 Mar 2009 15:40:58 +0200
-
-tomcat-native (1.1.13-1) unstable; urgency=low
-
- * Initial release. Closes: #485037.
-
- -- Michael Koch <konqueror at gmx.de> Sat, 07 Jun 2008 15:16:14 +0200
-
Copied: tags/tomcat-native/1.1.27-1/debian/changelog (from rev 17141, trunk/tomcat-native/debian/changelog)
===================================================================
--- tags/tomcat-native/1.1.27-1/debian/changelog (rev 0)
+++ tags/tomcat-native/1.1.27-1/debian/changelog 2013-08-13 08:54:30 UTC (rev 17142)
@@ -0,0 +1,131 @@
+tomcat-native (1.1.27-1) unstable; urgency=low
+
+ * New upstream release.
+ * Merge Gianfranco Costamagna work:
+ - d/control: Bump Standards-Version to 3.9.4.
+ - d/{control,compat}: Bump debhelper to 9.
+ * d/control: Update Vcs-* fields with canonical URL.
+ * d/copyright: Fix small issue in DEP-5 format.
+ * Switch to dh7:
+ - d/rules: Upgrade to dh call
+ - d/control: Drop B-D on cdbs.
+ * Install in Multi-Arch location:
+ - d/control: Add Pre-Depends and Multi-Arch fields
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Mon, 12 Aug 2013 16:11:30 +0200
+
+tomcat-native (1.1.24-1) unstable; urgency=low
+
+ * Team upload.
+ * New upstream release (closes: #685516)
+ * Update README.Debian to include reference to tomcat7.
+
+ -- tony mancill <tmancill at debian.org> Sat, 25 Aug 2012 03:55:06 +0000
+
+tomcat-native (1.1.23-1) unstable; urgency=low
+
+ [ tony mancill ]
+ * Team upload.
+ * Remove Michael Koch from Uploaders (Closes: #654135)
+
+ [ Damien Raude-Morvan ]
+ * New upstream release.
+ * d/control: Build-Depends on dpkg-dev (>= 1.16.1~) for hardening
+ flags
+ * d/rules: Enable hardening build.
+ * d/copyright: Use copyright-format 1.0.
+ * d/control: Bump Standards-Version to 3.9.3: no changes needed.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Fri, 02 Mar 2012 19:51:58 +0100
+
+tomcat-native (1.1.22-1) unstable; urgency=low
+
+ * New upstream release:
+ - Update d/patches/drop_sslv2_support.diff patch.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Fri, 12 Aug 2011 20:02:57 +0200
+
+tomcat-native (1.1.20-3) unstable; urgency=low
+
+ * Switch to 3.0 quilt source format.
+ * d/patches/drop_sslv2_support.diff: Drop support for SSLv2
+ (Closes: #622141).
+ * d/copyright: Update to DEP-5 format.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sun, 10 Jul 2011 23:42:01 +0200
+
+tomcat-native (1.1.20-2) unstable; urgency=low
+
+ * Team upload.
+ * Remove *.la (Closes: #621279)
+ * Bump Standards-Version to 3.9.2 (no changes needed)
+
+ -- tony mancill <tmancill at debian.org> Sat, 09 Apr 2011 10:57:15 -0700
+
+tomcat-native (1.1.20-1) unstable; urgency=low
+
+ * New upstream release:
+ - Prevent crashing JVM on shutdown.
+ * Bump Standards-Version to 3.8.4 (no changes needed)
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sat, 20 Feb 2010 22:50:34 +0100
+
+tomcat-native (1.1.19-1) unstable; urgency=low
+
+ * New upstream release.
+ - minor versioning fix
+ - allows building against OpenSSL 1.0
+ * Add a README.Debian to help users to setup Tomcat 6.x
+ with Tomcat Native Library
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sun, 17 Jan 2010 01:27:46 +0100
+
+tomcat-native (1.1.18-1) unstable; urgency=high
+
+ * New upstream release.
+ - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack
+ - set urgency=high to get security fix in testing
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Tue, 24 Nov 2009 01:46:20 +0100
+
+tomcat-native (1.1.17-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/control:
+ - Update my email address
+ - Bump Standards-Version to 3.8.3 (no changes needed)
+ - Bump debhelper version to >= 7
+ - Update upstream Homepage field
+ - Use default-jdk instead of default-jdk-builddep as there is no
+ native (-gcj) package build.
+ * debian/copyright:
+ - Update upstream copyright years
+ - Add myself as debian/* copyright holder
+ * debian/libtcnative-1.lintian-overrides:
+ - Change to be version agnostic
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sat, 07 Nov 2009 21:41:36 +0100
+
+tomcat-native (1.1.16-1) unstable; urgency=low
+
+ * New upstream release (Closes: #514500)
+ - Fix IPv6 issues (Closes: #517163, #521306)
+ * debian/control:
+ - Move libtcnative-1 to "java" section
+ - Add myself to Uploaders
+ - Bump Standards-Version to 3.8.1 (no changes needed)
+ * debian/watch: Update to new upstream location
+ * debian/rules: Provide a "get-orig-source" target using uscan
+ * debian/control: Build-Depends on default-jdk-builddep
+ * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java
+ * Remove debian/libtcnative-1.install and use dh_lintian
+ to install debian/libtcnative-1.lintian-overrides
+
+ -- Damien Raude-Morvan <drazzib at drazzib.com> Sun, 29 Mar 2009 15:40:58 +0200
+
+tomcat-native (1.1.13-1) unstable; urgency=low
+
+ * Initial release. Closes: #485037.
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 07 Jun 2008 15:16:14 +0200
+
Deleted: tags/tomcat-native/1.1.27-1/debian/compat
===================================================================
--- trunk/tomcat-native/debian/compat 2013-08-12 09:14:39 UTC (rev 17140)
+++ tags/tomcat-native/1.1.27-1/debian/compat 2013-08-13 08:54:30 UTC (rev 17142)
@@ -1 +0,0 @@
-7
Copied: tags/tomcat-native/1.1.27-1/debian/compat (from rev 17141, trunk/tomcat-native/debian/compat)
===================================================================
--- tags/tomcat-native/1.1.27-1/debian/compat (rev 0)
+++ tags/tomcat-native/1.1.27-1/debian/compat 2013-08-13 08:54:30 UTC (rev 17142)
@@ -0,0 +1 @@
+9
Deleted: tags/tomcat-native/1.1.27-1/debian/control
===================================================================
--- trunk/tomcat-native/debian/control 2013-08-12 09:14:39 UTC (rev 17140)
+++ tags/tomcat-native/1.1.27-1/debian/control 2013-08-13 08:54:30 UTC (rev 17142)
@@ -1,32 +0,0 @@
-Source: tomcat-native
-Section: java
-Priority: extra
-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
-Uploaders: Damien Raude-Morvan <drazzib at debian.org>
-Build-Depends: cdbs,
- debhelper (>= 7),
- default-jdk,
- dpkg-dev (>= 1.16.1~),
- libapr1-dev,
- libssl-dev
-Standards-Version: 3.9.3
-Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/tomcat-native/
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/tomcat-native/
-Homepage: http://tomcat.apache.org/native-doc/
-
-Package: libtcnative-1
-Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}
-Description: Tomcat native library using the apache portable runtime
- Tomcat can use the Apache Portable Runtime to provide superior scalability,
- performance, and better integration with native server technologies.
- The Apache Portable Runtime is a highly portable library that is at the
- heart of Apache HTTP Server 2.x. APR has many uses, including access to
- advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level
- functionality (random number generation, system status, etc), and native
- process handling (shared memory, NT pipes and Unix sockets).
- .
- These features allows making Tomcat a general purpose webserver, will
- enable much better integration with other native web technologies, and
- overall make Java much more viable as a full fledged webserver platform
- rather than simply a backend focused technology.
Copied: tags/tomcat-native/1.1.27-1/debian/control (from rev 17141, trunk/tomcat-native/debian/control)
===================================================================
--- tags/tomcat-native/1.1.27-1/debian/control (rev 0)
+++ tags/tomcat-native/1.1.27-1/debian/control 2013-08-13 08:54:30 UTC (rev 17142)
@@ -0,0 +1,33 @@
+Source: tomcat-native
+Section: java
+Priority: extra
+Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
+Uploaders: Damien Raude-Morvan <drazzib at debian.org>
+Build-Depends: debhelper (>= 9),
+ default-jdk,
+ dpkg-dev (>= 1.16.1~),
+ libapr1-dev,
+ libssl-dev
+Standards-Version: 3.9.4
+Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/tomcat-native/
+Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/tomcat-native/
+Homepage: http://tomcat.apache.org/native-doc/
+
+Package: libtcnative-1
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Multi-Arch: same
+Description: Tomcat native library using the apache portable runtime
+ Tomcat can use the Apache Portable Runtime to provide superior scalability,
+ performance, and better integration with native server technologies.
+ The Apache Portable Runtime is a highly portable library that is at the
+ heart of Apache HTTP Server 2.x. APR has many uses, including access to
+ advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level
+ functionality (random number generation, system status, etc), and native
+ process handling (shared memory, NT pipes and Unix sockets).
+ .
+ These features allows making Tomcat a general purpose webserver, will
+ enable much better integration with other native web technologies, and
+ overall make Java much more viable as a full fledged webserver platform
+ rather than simply a backend focused technology.
Deleted: tags/tomcat-native/1.1.27-1/debian/copyright
===================================================================
--- trunk/tomcat-native/debian/copyright 2013-08-12 09:14:39 UTC (rev 17140)
+++ tags/tomcat-native/1.1.27-1/debian/copyright 2013-08-13 08:54:30 UTC (rev 17142)
@@ -1,17 +0,0 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: Apache Tomcat Native Library
-Upstream-Contact: <http://tomcat.apache.org/native-doc/>
-Source: http://www.apache.org/dist/tomcat/tomcat-connectors/native/
-
-Files: *
-Copyright: Copyright (C) 2004-2011 The Apache Software Foundation.
-License: Apache-2.0
-
-Files: debian/*
-Copyright: 2008-2009, Michael Koch <konqueror at gmx.de>
-Copyright: 2010-2011, Damien Raude-Morvan
-License: Apache-2.0
-
-License: Apache-2.0
- A complete copy of the Apache License, Version 2.0, can be found in
- /usr/share/common-licenses/Apache-2.0 on Debian Systems.
Copied: tags/tomcat-native/1.1.27-1/debian/copyright (from rev 17141, trunk/tomcat-native/debian/copyright)
===================================================================
--- tags/tomcat-native/1.1.27-1/debian/copyright (rev 0)
+++ tags/tomcat-native/1.1.27-1/debian/copyright 2013-08-13 08:54:30 UTC (rev 17142)
@@ -0,0 +1,17 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Apache Tomcat Native Library
+Upstream-Contact: <http://tomcat.apache.org/native-doc/>
+Source: http://www.apache.org/dist/tomcat/tomcat-connectors/native/
+
+Files: *
+Copyright: Copyright (C) 2004-2011 The Apache Software Foundation.
+License: Apache-2.0
+
+Files: debian/*
+Copyright: 2008-2009, Michael Koch <konqueror at gmx.de>,
+ 2010-2013, Damien Raude-Morvan <drazzib at debian.org>
+License: Apache-2.0
+
+License: Apache-2.0
+ A complete copy of the Apache License, Version 2.0, can be found in
+ /usr/share/common-licenses/Apache-2.0 on Debian Systems.
Deleted: tags/tomcat-native/1.1.27-1/debian/patches/drop_sslv2_support.diff
===================================================================
--- trunk/tomcat-native/debian/patches/drop_sslv2_support.diff 2013-08-12 09:14:39 UTC (rev 17140)
+++ tags/tomcat-native/1.1.27-1/debian/patches/drop_sslv2_support.diff 2013-08-13 08:54:30 UTC (rev 17142)
@@ -1,119 +0,0 @@
-Description: Drop all support for SSLv2 protocol since it's use has been
- deprecated, because of weaknesses in the security of the protocol.
-Author: Damien Raude-Morvan <drazzib at debian.org>
-Last-Update: 2011-08-12
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
-Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
---- a/jni/examples/org/apache/tomcat/jni/SSL.properties
-+++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
-@@ -18,5 +18,5 @@
- server.cert=localhost.crt
- server.key=localhost.key
- server.password=secret
--server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
--server.verify=none
-\ No newline at end of file
-+server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
-+server.verify=none
---- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
-+++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
-@@ -70,7 +70,7 @@
- serverPool = Pool.create(0);
- try {
- /* Create SSL Context, one for each Virtual Host */
-- serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
-+ serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
- /* List the ciphers that the client is permitted to negotiate. */
- SSLContext.setCipherSuite(serverCtx, serverCiphers);
- /* Load Server key and certificate */
---- a/jni/java/org/apache/tomcat/jni/SSL.java
-+++ b/jni/java/org/apache/tomcat/jni/SSL.java
-@@ -70,10 +70,9 @@
- * Define the SSL Protocol options
- */
- public static final int SSL_PROTOCOL_NONE = 0;
-- public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
- public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
- public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
-- public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
-+ public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
-
- /*
- * Define the SSL verify levels
---- a/jni/java/org/apache/tomcat/jni/SSLContext.java
-+++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
-@@ -31,9 +31,7 @@
- * @param pool The pool to use.
- * @param protocol The SSL protocol to use. It can be one of:
- * <PRE>
-- * SSL_PROTOCOL_SSLV2
- * SSL_PROTOCOL_SSLV3
-- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
- * SSL_PROTOCOL_TLSV1
- * SSL_PROTOCOL_ALL
- * </PRE>
---- a/jni/native/include/ssl_private.h
-+++ b/jni/native/include/ssl_private.h
-@@ -114,10 +114,9 @@
- * Define the SSL Protocol options
- */
- #define SSL_PROTOCOL_NONE (0)
--#define SSL_PROTOCOL_SSLV2 (1<<0)
- #define SSL_PROTOCOL_SSLV3 (1<<1)
- #define SSL_PROTOCOL_TLSV1 (1<<2)
--#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-+#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-
- #define SSL_MODE_CLIENT (0)
- #define SSL_MODE_SERVER (1)
---- a/jni/native/src/sslcontext.c
-+++ b/jni/native/src/sslcontext.c
-@@ -72,6 +72,7 @@
- UNREFERENCED(o);
-
- switch (protocol) {
-+#ifndef OPENSSL_NO_SSL2
- case SSL_PROTOCOL_SSLV2:
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(SSLv2_client_method());
-@@ -80,6 +81,7 @@
- else
- ctx = SSL_CTX_new(SSLv2_method());
- break;
-+#endif
- case SSL_PROTOCOL_SSLV3:
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(SSLv3_client_method());
-@@ -88,6 +90,7 @@
- else
- ctx = SSL_CTX_new(SSLv3_method());
- break;
-+#ifndef OPENSSL_NO_SSL2
- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
- case SSL_PROTOCOL_ALL:
-@@ -99,7 +102,13 @@
- else
- ctx = SSL_CTX_new(SSLv23_method());
- break;
-+#endif
-+#ifndef OPENSSL_NO_SSL2
- case SSL_PROTOCOL_TLSV1:
-+#else
-+ case SSL_PROTOCOL_ALL:
-+ case SSL_PROTOCOL_TLSV1:
-+#endif
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(TLSv1_client_method());
- else if (mode == SSL_MODE_SERVER)
-@@ -127,8 +136,10 @@
- if (c->bio_os != NULL)
- BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
-+#ifndef OPENSSL_NO_SSL2
- if (!(protocol & SSL_PROTOCOL_SSLV2))
- SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
-+#endif
- if (!(protocol & SSL_PROTOCOL_SSLV3))
- SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
- if (!(protocol & SSL_PROTOCOL_TLSV1))
Copied: tags/tomcat-native/1.1.27-1/debian/patches/drop_sslv2_support.diff (from rev 17141, trunk/tomcat-native/debian/patches/drop_sslv2_support.diff)
===================================================================
--- tags/tomcat-native/1.1.27-1/debian/patches/drop_sslv2_support.diff (rev 0)
+++ tags/tomcat-native/1.1.27-1/debian/patches/drop_sslv2_support.diff 2013-08-13 08:54:30 UTC (rev 17142)
@@ -0,0 +1,115 @@
+Description: Drop all support for SSLv2 protocol since it's use has been
+ deprecated, because of weaknesses in the security of the protocol.
+Author: Damien Raude-Morvan <drazzib at debian.org>
+Last-Update: 2013-08-12
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141
+Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
+--- a/jni/examples/org/apache/tomcat/jni/SSL.properties
++++ b/jni/examples/org/apache/tomcat/jni/SSL.properties
+@@ -18,5 +18,5 @@
+ server.cert=localhost.crt
+ server.key=localhost.key
+ server.password=secret
+-server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+-server.verify=none
+\ No newline at end of file
++server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
++server.verify=none
+--- a/jni/examples/org/apache/tomcat/jni/SSLServer.java
++++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java
+@@ -70,7 +70,7 @@
+ serverPool = Pool.create(0);
+ try {
+ /* Create SSL Context, one for each Virtual Host */
+- serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
++ serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER);
+ /* List the ciphers that the client is permitted to negotiate. */
+ SSLContext.setCipherSuite(serverCtx, serverCiphers);
+ /* Load Server key and certificate */
+--- a/jni/java/org/apache/tomcat/jni/SSL.java
++++ b/jni/java/org/apache/tomcat/jni/SSL.java
+@@ -68,7 +68,6 @@
+ * Define the SSL Protocol options
+ */
+ public static final int SSL_PROTOCOL_NONE = 0;
+- public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
+ public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
+ public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
+ public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
+--- a/jni/java/org/apache/tomcat/jni/SSLContext.java
++++ b/jni/java/org/apache/tomcat/jni/SSLContext.java
+@@ -31,9 +31,7 @@
+ * @param pool The pool to use.
+ * @param protocol The SSL protocol to use. It can be one of:
+ * <PRE>
+- * SSL_PROTOCOL_SSLV2
+ * SSL_PROTOCOL_SSLV3
+- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
+ * SSL_PROTOCOL_TLSV1
+ * SSL_PROTOCOL_ALL
+ * </PRE>
+--- a/jni/native/include/ssl_private.h
++++ b/jni/native/include/ssl_private.h
+@@ -113,10 +113,9 @@
+ * Define the SSL Protocol options
+ */
+ #define SSL_PROTOCOL_NONE (0)
+-#define SSL_PROTOCOL_SSLV2 (1<<0)
+ #define SSL_PROTOCOL_SSLV3 (1<<1)
+ #define SSL_PROTOCOL_TLSV1 (1<<2)
+-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
++#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+
+ #define SSL_MODE_CLIENT (0)
+ #define SSL_MODE_SERVER (1)
+--- a/jni/native/src/sslcontext.c
++++ b/jni/native/src/sslcontext.c
+@@ -72,6 +72,7 @@
+ UNREFERENCED(o);
+
+ switch (protocol) {
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_SSLV2:
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+@@ -80,6 +81,7 @@
+ else
+ ctx = SSL_CTX_new(SSLv2_method());
+ break;
++#endif
+ case SSL_PROTOCOL_SSLV3:
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+@@ -88,6 +90,7 @@
+ else
+ ctx = SSL_CTX_new(SSLv3_method());
+ break;
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
+ case SSL_PROTOCOL_ALL:
+@@ -99,7 +102,13 @@
+ else
+ ctx = SSL_CTX_new(SSLv23_method());
+ break;
++#endif
++#ifndef OPENSSL_NO_SSL2
+ case SSL_PROTOCOL_TLSV1:
++#else
++ case SSL_PROTOCOL_ALL:
++ case SSL_PROTOCOL_TLSV1:
++#endif
+ if (mode == SSL_MODE_CLIENT)
+ ctx = SSL_CTX_new(TLSv1_client_method());
+ else if (mode == SSL_MODE_SERVER)
+@@ -127,8 +136,10 @@
+ if (c->bio_os != NULL)
+ BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
++#ifndef OPENSSL_NO_SSL2
+ if (!(protocol & SSL_PROTOCOL_SSLV2))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
++#endif
+ if (!(protocol & SSL_PROTOCOL_SSLV3))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+ if (!(protocol & SSL_PROTOCOL_TLSV1))
Deleted: tags/tomcat-native/1.1.27-1/debian/rules
===================================================================
--- trunk/tomcat-native/debian/rules 2013-08-12 09:14:39 UTC (rev 17140)
+++ tags/tomcat-native/1.1.27-1/debian/rules 2013-08-13 08:54:30 UTC (rev 17142)
@@ -1,25 +0,0 @@
-#!/usr/bin/make -f
-
-include /usr/share/cdbs/1/rules/debhelper.mk
-include /usr/share/cdbs/1/class/autotools.mk
-
-DPKG_EXPORT_BUILDFLAGS = 1
-include /usr/share/dpkg/buildflags.mk
-
-DEB_SRCDIR := jni/native
-
-DEB_CONFIGURE_SCRIPT_ENV := JAVA_HOME=/usr/lib/jvm/default-java
-DEB_CONFIGURE_EXTRA_FLAGS := --with-apr=/usr --with-ssl=/usr
-
-DEB_INSTALL_CHANGELOGS_libtcnative_1 := CHANGELOG.txt
-
-clean::
- rm -f jni/native/config.nice
-
-install/libtcnative-1::
- rmdir debian/libtcnative-1/usr/bin
- rmdir debian/libtcnative-1/usr/include
- find $(DEB_DESTDIR) -name "*.la" -exec rm -vf {} \;
-
-get-orig-source:
- uscan --force-download --rename
Copied: tags/tomcat-native/1.1.27-1/debian/rules (from rev 17141, trunk/tomcat-native/debian/rules)
===================================================================
--- tags/tomcat-native/1.1.27-1/debian/rules (rev 0)
+++ tags/tomcat-native/1.1.27-1/debian/rules 2013-08-13 08:54:30 UTC (rev 17142)
@@ -0,0 +1,27 @@
+#!/usr/bin/make -f
+
+%:
+ dh $@ --sourcedirectory=jni/native
+
+override_dh_auto_configure:
+ JAVA_HOME=/usr/lib/jvm/default-java \
+ dh_auto_configure -- --with-apr=/usr --with-ssl=/usr
+
+DEB_INSTALL_CHANGELOGS_libtcnative_1 := CHANGELOG.txt
+
+
+override_dh_auto_clean:
+ dh_auto_clean
+ rm -f jni/native/config.nice
+
+override_dh_auto_install:
+ dh_auto_install
+ rmdir debian/libtcnative-1/usr/bin
+ rmdir debian/libtcnative-1/usr/include
+ find $(DEB_DESTDIR) -name "*.la" -exec rm -vf {} \;
+
+# No check target
+override_dh_auto_test:
+
+get-orig-source:
+ uscan --force-download --rename
More information about the pkg-java-commits
mailing list