Author: drazzib Date: 2011-08-12 18:05:53 +0000 (Fri, 12 Aug 2011) New Revision: 14162
Added: tags/tomcat-native/1.1.22-1/ tags/tomcat-native/1.1.22-1/debian/changelog tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff Removed: tags/tomcat-native/1.1.22-1/debian/changelog tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff Log: [svn-buildpackage] Tagging tomcat-native 1.1.22-1 Deleted: tags/tomcat-native/1.1.22-1/debian/changelog =================================================================== --- trunk/tomcat-native/debian/changelog 2011-08-10 01:40:22 UTC (rev 14146) +++ tags/tomcat-native/1.1.22-1/debian/changelog 2011-08-12 18:05:53 UTC (rev 14162) @@ -1,84 +0,0 @@ -tomcat-native (1.1.20-3) unstable; urgency=low - - * Switch to 3.0 quilt source format. - * d/patches/drop_sslv2_support.diff: Drop support for SSLv2 - (Closes: #622141). - * d/copyright: Update to DEP-5 format. - - -- Damien Raude-Morvan <draz...@debian.org> Sun, 10 Jul 2011 23:42:01 +0200 - -tomcat-native (1.1.20-2) unstable; urgency=low - - * Team upload. - * Remove *.la (Closes: #621279) - * Bump Standards-Version to 3.9.2 (no changes needed) - - -- tony mancill <tmanc...@debian.org> Sat, 09 Apr 2011 10:57:15 -0700 - -tomcat-native (1.1.20-1) unstable; urgency=low - - * New upstream release: - - Prevent crashing JVM on shutdown. - * Bump Standards-Version to 3.8.4 (no changes needed) - - -- Damien Raude-Morvan <draz...@debian.org> Sat, 20 Feb 2010 22:50:34 +0100 - -tomcat-native (1.1.19-1) unstable; urgency=low - - * New upstream release. - - minor versioning fix - - allows building against OpenSSL 1.0 - * Add a README.Debian to help users to setup Tomcat 6.x - with Tomcat Native Library - - -- Damien Raude-Morvan <draz...@debian.org> Sun, 17 Jan 2010 01:27:46 +0100 - -tomcat-native (1.1.18-1) unstable; urgency=high - - * New upstream release. - - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack - - set urgency=high to get security fix in testing - - -- Damien Raude-Morvan <draz...@debian.org> Tue, 24 Nov 2009 01:46:20 +0100 - -tomcat-native (1.1.17-1) unstable; urgency=low - - * New upstream release. - * debian/control: - - Update my email address - - Bump Standards-Version to 3.8.3 (no changes needed) - - Bump debhelper version to >= 7 - - Update upstream Homepage field - - Use default-jdk instead of default-jdk-builddep as there is no - native (-gcj) package build. - * debian/copyright: - - Update upstream copyright years - - Add myself as debian/* copyright holder - * debian/libtcnative-1.lintian-overrides: - - Change to be version agnostic - - -- Damien Raude-Morvan <draz...@debian.org> Sat, 07 Nov 2009 21:41:36 +0100 - -tomcat-native (1.1.16-1) unstable; urgency=low - - * New upstream release (Closes: #514500) - - Fix IPv6 issues (Closes: #517163, #521306) - * debian/control: - - Move libtcnative-1 to "java" section - - Add myself to Uploaders - - Bump Standards-Version to 3.8.1 (no changes needed) - * debian/watch: Update to new upstream location - * debian/rules: Provide a "get-orig-source" target using uscan - * debian/control: Build-Depends on default-jdk-builddep - * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java - * Remove debian/libtcnative-1.install and use dh_lintian - to install debian/libtcnative-1.lintian-overrides - - -- Damien Raude-Morvan <draz...@drazzib.com> Sun, 29 Mar 2009 15:40:58 +0200 - -tomcat-native (1.1.13-1) unstable; urgency=low - - * Initial release. Closes: #485037. - - -- Michael Koch <konque...@gmx.de> Sat, 07 Jun 2008 15:16:14 +0200 - Copied: tags/tomcat-native/1.1.22-1/debian/changelog (from rev 14161, trunk/tomcat-native/debian/changelog) =================================================================== --- tags/tomcat-native/1.1.22-1/debian/changelog (rev 0) +++ tags/tomcat-native/1.1.22-1/debian/changelog 2011-08-12 18:05:53 UTC (rev 14162) @@ -0,0 +1,91 @@ +tomcat-native (1.1.22-1) unstable; urgency=low + + * New upstream release: + - Update d/patches/drop_sslv2_support.diff patch. + + -- Damien Raude-Morvan <draz...@debian.org> Fri, 12 Aug 2011 20:02:57 +0200 + +tomcat-native (1.1.20-3) unstable; urgency=low + + * Switch to 3.0 quilt source format. + * d/patches/drop_sslv2_support.diff: Drop support for SSLv2 + (Closes: #622141). + * d/copyright: Update to DEP-5 format. + + -- Damien Raude-Morvan <draz...@debian.org> Sun, 10 Jul 2011 23:42:01 +0200 + +tomcat-native (1.1.20-2) unstable; urgency=low + + * Team upload. + * Remove *.la (Closes: #621279) + * Bump Standards-Version to 3.9.2 (no changes needed) + + -- tony mancill <tmanc...@debian.org> Sat, 09 Apr 2011 10:57:15 -0700 + +tomcat-native (1.1.20-1) unstable; urgency=low + + * New upstream release: + - Prevent crashing JVM on shutdown. + * Bump Standards-Version to 3.8.4 (no changes needed) + + -- Damien Raude-Morvan <draz...@debian.org> Sat, 20 Feb 2010 22:50:34 +0100 + +tomcat-native (1.1.19-1) unstable; urgency=low + + * New upstream release. + - minor versioning fix + - allows building against OpenSSL 1.0 + * Add a README.Debian to help users to setup Tomcat 6.x + with Tomcat Native Library + + -- Damien Raude-Morvan <draz...@debian.org> Sun, 17 Jan 2010 01:27:46 +0100 + +tomcat-native (1.1.18-1) unstable; urgency=high + + * New upstream release. + - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack + - set urgency=high to get security fix in testing + + -- Damien Raude-Morvan <draz...@debian.org> Tue, 24 Nov 2009 01:46:20 +0100 + +tomcat-native (1.1.17-1) unstable; urgency=low + + * New upstream release. + * debian/control: + - Update my email address + - Bump Standards-Version to 3.8.3 (no changes needed) + - Bump debhelper version to >= 7 + - Update upstream Homepage field + - Use default-jdk instead of default-jdk-builddep as there is no + native (-gcj) package build. + * debian/copyright: + - Update upstream copyright years + - Add myself as debian/* copyright holder + * debian/libtcnative-1.lintian-overrides: + - Change to be version agnostic + + -- Damien Raude-Morvan <draz...@debian.org> Sat, 07 Nov 2009 21:41:36 +0100 + +tomcat-native (1.1.16-1) unstable; urgency=low + + * New upstream release (Closes: #514500) + - Fix IPv6 issues (Closes: #517163, #521306) + * debian/control: + - Move libtcnative-1 to "java" section + - Add myself to Uploaders + - Bump Standards-Version to 3.8.1 (no changes needed) + * debian/watch: Update to new upstream location + * debian/rules: Provide a "get-orig-source" target using uscan + * debian/control: Build-Depends on default-jdk-builddep + * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java + * Remove debian/libtcnative-1.install and use dh_lintian + to install debian/libtcnative-1.lintian-overrides + + -- Damien Raude-Morvan <draz...@drazzib.com> Sun, 29 Mar 2009 15:40:58 +0200 + +tomcat-native (1.1.13-1) unstable; urgency=low + + * Initial release. Closes: #485037. + + -- Michael Koch <konque...@gmx.de> Sat, 07 Jun 2008 15:16:14 +0200 + Deleted: tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff =================================================================== --- trunk/tomcat-native/debian/patches/drop_sslv2_support.diff 2011-08-10 01:40:22 UTC (rev 14146) +++ tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff 2011-08-12 18:05:53 UTC (rev 14162) @@ -1,115 +0,0 @@ -Description: Drop all support for SSLv2 protocol since it's use has been - deprecated, because of weaknesses in the security of the protocol. -Author: Damien Raude-Morvan <draz...@debian.org> -Last-Update: 2011-04-13 -Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141 -Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056 ---- a/jni/examples/org/apache/tomcat/jni/SSL.properties -+++ b/jni/examples/org/apache/tomcat/jni/SSL.properties -@@ -18,5 +18,5 @@ - server.cert=localhost.crt - server.key=localhost.key - server.password=secret --server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL --server.verify=none -\ No newline at end of file -+server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL -+server.verify=none ---- a/jni/examples/org/apache/tomcat/jni/SSLServer.java -+++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java -@@ -70,7 +70,7 @@ - serverPool = Pool.create(0); - try { - /* Create SSL Context, one for each Virtual Host */ -- serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER); -+ serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER); - /* List the ciphers that the client is permitted to negotiate. */ - SSLContext.setCipherSuite(serverCtx, serverCiphers); - /* Load Server key and certificate */ ---- a/jni/native/src/sslcontext.c -+++ b/jni/native/src/sslcontext.c -@@ -72,17 +72,8 @@ - UNREFERENCED(o); - - switch (protocol) { -- case SSL_PROTOCOL_SSLV2: -- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: -- if (mode == SSL_MODE_CLIENT) -- ctx = SSL_CTX_new(SSLv2_client_method()); -- else if (mode == SSL_MODE_SERVER) -- ctx = SSL_CTX_new(SSLv2_server_method()); -- else -- ctx = SSL_CTX_new(SSLv2_method()); -- break; - case SSL_PROTOCOL_SSLV3: -- case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: -+ case SSL_PROTOCOL_ALL: - if (mode == SSL_MODE_CLIENT) - ctx = SSL_CTX_new(SSLv3_client_method()); - else if (mode == SSL_MODE_SERVER) -@@ -90,15 +81,6 @@ - else - ctx = SSL_CTX_new(SSLv3_method()); - break; -- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: -- case SSL_PROTOCOL_ALL: -- if (mode == SSL_MODE_CLIENT) -- ctx = SSL_CTX_new(SSLv23_client_method()); -- else if (mode == SSL_MODE_SERVER) -- ctx = SSL_CTX_new(SSLv23_server_method()); -- else -- ctx = SSL_CTX_new(SSLv23_method()); -- break; - case SSL_PROTOCOL_TLSV1: - if (mode == SSL_MODE_CLIENT) - ctx = SSL_CTX_new(TLSv1_client_method()); -@@ -125,8 +107,7 @@ - if (c->bio_os != NULL) - BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); - SSL_CTX_set_options(c->ctx, SSL_OP_ALL); -- if (!(protocol & SSL_PROTOCOL_SSLV2)) -- SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2); -+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2); - if (!(protocol & SSL_PROTOCOL_SSLV3)) - SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); - if (!(protocol & SSL_PROTOCOL_TLSV1)) ---- a/jni/java/org/apache/tomcat/jni/SSL.java -+++ b/jni/java/org/apache/tomcat/jni/SSL.java -@@ -70,10 +70,9 @@ - * Define the SSL Protocol options - */ - public static final int SSL_PROTOCOL_NONE = 0; -- public static final int SSL_PROTOCOL_SSLV2 = (1<<0); - public static final int SSL_PROTOCOL_SSLV3 = (1<<1); - public static final int SSL_PROTOCOL_TLSV1 = (1<<2); -- public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); -+ public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); - - /* - * Define the SSL verify levels ---- a/jni/native/include/ssl_private.h -+++ b/jni/native/include/ssl_private.h -@@ -113,10 +113,9 @@ - * Define the SSL Protocol options - */ - #define SSL_PROTOCOL_NONE (0) --#define SSL_PROTOCOL_SSLV2 (1<<0) - #define SSL_PROTOCOL_SSLV3 (1<<1) - #define SSL_PROTOCOL_TLSV1 (1<<2) --#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) -+#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) - - #define SSL_MODE_CLIENT (0) - #define SSL_MODE_SERVER (1) ---- a/jni/java/org/apache/tomcat/jni/SSLContext.java -+++ b/jni/java/org/apache/tomcat/jni/SSLContext.java -@@ -31,9 +31,7 @@ - * @param pool The pool to use. - * @param protocol The SSL protocol to use. It can be one of: - * <PRE> -- * SSL_PROTOCOL_SSLV2 - * SSL_PROTOCOL_SSLV3 -- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3 - * SSL_PROTOCOL_TLSV1 - * SSL_PROTOCOL_ALL - * </PRE> Copied: tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff (from rev 14161, trunk/tomcat-native/debian/patches/drop_sslv2_support.diff) =================================================================== --- tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff (rev 0) +++ tags/tomcat-native/1.1.22-1/debian/patches/drop_sslv2_support.diff 2011-08-12 18:05:53 UTC (rev 14162) @@ -0,0 +1,131 @@ +Description: Drop all support for SSLv2 protocol since it's use has been + deprecated, because of weaknesses in the security of the protocol. +Author: Damien Raude-Morvan <draz...@debian.org> +Last-Update: 2011-08-12 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141 +Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056 +Index: b/jni/examples/org/apache/tomcat/jni/SSL.properties +=================================================================== +--- a/jni/examples/org/apache/tomcat/jni/SSL.properties ++++ b/jni/examples/org/apache/tomcat/jni/SSL.properties +@@ -18,5 +18,5 @@ + server.cert=localhost.crt + server.key=localhost.key + server.password=secret +-server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +-server.verify=none +\ No newline at end of file ++server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL ++server.verify=none +Index: b/jni/examples/org/apache/tomcat/jni/SSLServer.java +=================================================================== +--- a/jni/examples/org/apache/tomcat/jni/SSLServer.java ++++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java +@@ -70,7 +70,7 @@ + serverPool = Pool.create(0); + try { + /* Create SSL Context, one for each Virtual Host */ +- serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER); ++ serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER); + /* List the ciphers that the client is permitted to negotiate. */ + SSLContext.setCipherSuite(serverCtx, serverCiphers); + /* Load Server key and certificate */ +Index: b/jni/java/org/apache/tomcat/jni/SSL.java +=================================================================== +--- a/jni/java/org/apache/tomcat/jni/SSL.java ++++ b/jni/java/org/apache/tomcat/jni/SSL.java +@@ -70,10 +70,9 @@ + * Define the SSL Protocol options + */ + public static final int SSL_PROTOCOL_NONE = 0; +- public static final int SSL_PROTOCOL_SSLV2 = (1<<0); + public static final int SSL_PROTOCOL_SSLV3 = (1<<1); + public static final int SSL_PROTOCOL_TLSV1 = (1<<2); +- public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); ++ public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); + + /* + * Define the SSL verify levels +Index: b/jni/java/org/apache/tomcat/jni/SSLContext.java +=================================================================== +--- a/jni/java/org/apache/tomcat/jni/SSLContext.java ++++ b/jni/java/org/apache/tomcat/jni/SSLContext.java +@@ -31,9 +31,7 @@ + * @param pool The pool to use. + * @param protocol The SSL protocol to use. It can be one of: + * <PRE> +- * SSL_PROTOCOL_SSLV2 + * SSL_PROTOCOL_SSLV3 +- * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3 + * SSL_PROTOCOL_TLSV1 + * SSL_PROTOCOL_ALL + * </PRE> +Index: b/jni/native/include/ssl_private.h +=================================================================== +--- a/jni/native/include/ssl_private.h ++++ b/jni/native/include/ssl_private.h +@@ -113,10 +113,9 @@ + * Define the SSL Protocol options + */ + #define SSL_PROTOCOL_NONE (0) +-#define SSL_PROTOCOL_SSLV2 (1<<0) + #define SSL_PROTOCOL_SSLV3 (1<<1) + #define SSL_PROTOCOL_TLSV1 (1<<2) +-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) ++#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) + + #define SSL_MODE_CLIENT (0) + #define SSL_MODE_SERVER (1) +Index: b/jni/native/src/sslcontext.c +=================================================================== +--- a/jni/native/src/sslcontext.c ++++ b/jni/native/src/sslcontext.c +@@ -72,6 +72,7 @@ + UNREFERENCED(o); + + switch (protocol) { ++#ifndef OPENSSL_NO_SSL2 + case SSL_PROTOCOL_SSLV2: + if (mode == SSL_MODE_CLIENT) + ctx = SSL_CTX_new(SSLv2_client_method()); +@@ -80,6 +81,7 @@ + else + ctx = SSL_CTX_new(SSLv2_method()); + break; ++#endif + case SSL_PROTOCOL_SSLV3: + if (mode == SSL_MODE_CLIENT) + ctx = SSL_CTX_new(SSLv3_client_method()); +@@ -88,6 +90,7 @@ + else + ctx = SSL_CTX_new(SSLv3_method()); + break; ++#ifndef OPENSSL_NO_SSL2 + case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: + case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: + case SSL_PROTOCOL_ALL: +@@ -99,7 +102,13 @@ + else + ctx = SSL_CTX_new(SSLv23_method()); + break; ++#endif ++#ifndef OPENSSL_NO_SSL2 + case SSL_PROTOCOL_TLSV1: ++#else ++ case SSL_PROTOCOL_ALL: ++ case SSL_PROTOCOL_TLSV1: ++#endif + if (mode == SSL_MODE_CLIENT) + ctx = SSL_CTX_new(TLSv1_client_method()); + else if (mode == SSL_MODE_SERVER) +@@ -127,8 +136,10 @@ + if (c->bio_os != NULL) + BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + SSL_CTX_set_options(c->ctx, SSL_OP_ALL); ++#ifndef OPENSSL_NO_SSL2 + if (!(protocol & SSL_PROTOCOL_SSLV2)) + SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2); ++#endif + if (!(protocol & SSL_PROTOCOL_SSLV3)) + SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); + if (!(protocol & SSL_PROTOCOL_TLSV1)) _______________________________________________ pkg-java-commits mailing list pkg-java-comm...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits