debian/0000755000000000000000000000000012256413101007161 5ustar debian/libtcnative-1.lintian-overrides0000644000000000000000000000015711275403076015220 0ustar libtcnative-1: non-dev-pkg-with-shlib-symlink libtcnative-1: package-name-doesnt-match-sonames libtcnative-1-0 debian/README.Debian0000644000000000000000000000147212016046322011227 0ustar Debian usage of Tomcat Native Library ===================================== Enable Tomcat Native Library in Tomcat 6.x: - edit /etc/tomcat6/server.xml to check if AprLifecycleListener is activated [you should remove XML comments if present] - start or restart Tomcat by using /etc/init.d/tomcat6 restart Check library loading at Tomcat 6.x startup: - when starting, Tomcat will output the following log message to a file named like /var/log/tomcat6/catalina.*.log --- org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.24. org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. --- If you are using Tomcat 7.x, follow the instructions above, replacing tomcat6 with tomcat7. debian/watch0000644000000000000000000000021211163700256010213 0ustar version=3 http://www.apache.org/dist/tomcat/tomcat-connectors/native/([\d\.]+)/source/tomcat-native-([\d\.]+)-src\.tar\.gz debian uupdate debian/rules0000755000000000000000000000107712202371217010250 0ustar #!/usr/bin/make -f %: dh $@ --sourcedirectory=jni/native override_dh_auto_configure: JAVA_HOME=/usr/lib/jvm/default-java \ dh_auto_configure -- --with-apr=/usr --with-ssl=/usr DEB_INSTALL_CHANGELOGS_libtcnative_1 := CHANGELOG.txt override_dh_auto_clean: dh_auto_clean rm -f jni/native/config.nice override_dh_auto_install: dh_auto_install rmdir debian/libtcnative-1/usr/bin rmdir debian/libtcnative-1/usr/include find $(DEB_DESTDIR) -name "*.la" -exec rm -vf {} \; # No check target override_dh_auto_test: get-orig-source: uscan --force-download --rename debian/changelog0000644000000000000000000001100712256410361011037 0ustar tomcat-native (1.1.29-1) unstable; urgency=low * Team upload. [ Gianfranco Costamagna ] * New upstream release [ tony mancill ] * Bump Standards-Version to 3.9.5. -- tony mancill Tue, 24 Dec 2013 14:54:00 -0800 tomcat-native (1.1.27-1) unstable; urgency=low * New upstream release. * Merge Gianfranco Costamagna work: - d/control: Bump Standards-Version to 3.9.4. - d/{control,compat}: Bump debhelper to 9. * d/control: Update Vcs-* fields with canonical URL. * d/copyright: Fix small issue in DEP-5 format. * Switch to dh7: - d/rules: Upgrade to dh call - d/control: Drop B-D on cdbs. * Install in Multi-Arch location: - d/control: Add Pre-Depends and Multi-Arch fields -- Damien Raude-Morvan Mon, 12 Aug 2013 16:11:30 +0200 tomcat-native (1.1.24-1) unstable; urgency=low * Team upload. * New upstream release (closes: #685516) * Update README.Debian to include reference to tomcat7. -- tony mancill Sat, 25 Aug 2012 03:55:06 +0000 tomcat-native (1.1.23-1) unstable; urgency=low [ tony mancill ] * Team upload. * Remove Michael Koch from Uploaders (Closes: #654135) [ Damien Raude-Morvan ] * New upstream release. * d/control: Build-Depends on dpkg-dev (>= 1.16.1~) for hardening flags * d/rules: Enable hardening build. * d/copyright: Use copyright-format 1.0. * d/control: Bump Standards-Version to 3.9.3: no changes needed. -- Damien Raude-Morvan Fri, 02 Mar 2012 19:51:58 +0100 tomcat-native (1.1.22-1) unstable; urgency=low * New upstream release: - Update d/patches/drop_sslv2_support.diff patch. -- Damien Raude-Morvan Fri, 12 Aug 2011 20:02:57 +0200 tomcat-native (1.1.20-3) unstable; urgency=low * Switch to 3.0 quilt source format. * d/patches/drop_sslv2_support.diff: Drop support for SSLv2 (Closes: #622141). * d/copyright: Update to DEP-5 format. -- Damien Raude-Morvan Sun, 10 Jul 2011 23:42:01 +0200 tomcat-native (1.1.20-2) unstable; urgency=low * Team upload. * Remove *.la (Closes: #621279) * Bump Standards-Version to 3.9.2 (no changes needed) -- tony mancill Sat, 09 Apr 2011 10:57:15 -0700 tomcat-native (1.1.20-1) unstable; urgency=low * New upstream release: - Prevent crashing JVM on shutdown. * Bump Standards-Version to 3.8.4 (no changes needed) -- Damien Raude-Morvan Sat, 20 Feb 2010 22:50:34 +0100 tomcat-native (1.1.19-1) unstable; urgency=low * New upstream release. - minor versioning fix - allows building against OpenSSL 1.0 * Add a README.Debian to help users to setup Tomcat 6.x with Tomcat Native Library -- Damien Raude-Morvan Sun, 17 Jan 2010 01:27:46 +0100 tomcat-native (1.1.18-1) unstable; urgency=high * New upstream release. - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack - set urgency=high to get security fix in testing -- Damien Raude-Morvan Tue, 24 Nov 2009 01:46:20 +0100 tomcat-native (1.1.17-1) unstable; urgency=low * New upstream release. * debian/control: - Update my email address - Bump Standards-Version to 3.8.3 (no changes needed) - Bump debhelper version to >= 7 - Update upstream Homepage field - Use default-jdk instead of default-jdk-builddep as there is no native (-gcj) package build. * debian/copyright: - Update upstream copyright years - Add myself as debian/* copyright holder * debian/libtcnative-1.lintian-overrides: - Change to be version agnostic -- Damien Raude-Morvan Sat, 07 Nov 2009 21:41:36 +0100 tomcat-native (1.1.16-1) unstable; urgency=low * New upstream release (Closes: #514500) - Fix IPv6 issues (Closes: #517163, #521306) * debian/control: - Move libtcnative-1 to "java" section - Add myself to Uploaders - Bump Standards-Version to 3.8.1 (no changes needed) * debian/watch: Update to new upstream location * debian/rules: Provide a "get-orig-source" target using uscan * debian/control: Build-Depends on default-jdk-builddep * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java * Remove debian/libtcnative-1.install and use dh_lintian to install debian/libtcnative-1.lintian-overrides -- Damien Raude-Morvan Sun, 29 Mar 2009 15:40:58 +0200 tomcat-native (1.1.13-1) unstable; urgency=low * Initial release. Closes: #485037. -- Michael Koch Sat, 07 Jun 2008 15:16:14 +0200 debian/patches/0000755000000000000000000000000012256413063010617 5ustar debian/patches/drop_sslv2_support.diff0000644000000000000000000001063512202371217015342 0ustar Description: Drop all support for SSLv2 protocol since it's use has been deprecated, because of weaknesses in the security of the protocol. Author: Damien Raude-Morvan Last-Update: 2013-08-12 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622141 Forwarded: https://issues.apache.org/bugzilla/show_bug.cgi?id=51056 --- a/jni/examples/org/apache/tomcat/jni/SSL.properties +++ b/jni/examples/org/apache/tomcat/jni/SSL.properties @@ -18,5 +18,5 @@ server.cert=localhost.crt server.key=localhost.key server.password=secret -server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL -server.verify=none \ No newline at end of file +server.ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL +server.verify=none --- a/jni/examples/org/apache/tomcat/jni/SSLServer.java +++ b/jni/examples/org/apache/tomcat/jni/SSLServer.java @@ -70,7 +70,7 @@ serverPool = Pool.create(0); try { /* Create SSL Context, one for each Virtual Host */ - serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV2 | SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER); + serverCtx = SSLContext.make(serverPool, SSL.SSL_PROTOCOL_SSLV3, SSL.SSL_MODE_SERVER); /* List the ciphers that the client is permitted to negotiate. */ SSLContext.setCipherSuite(serverCtx, serverCiphers); /* Load Server key and certificate */ --- a/jni/java/org/apache/tomcat/jni/SSL.java +++ b/jni/java/org/apache/tomcat/jni/SSL.java @@ -68,7 +68,6 @@ * Define the SSL Protocol options */ public static final int SSL_PROTOCOL_NONE = 0; - public static final int SSL_PROTOCOL_SSLV2 = (1<<0); public static final int SSL_PROTOCOL_SSLV3 = (1<<1); public static final int SSL_PROTOCOL_TLSV1 = (1<<2); public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); --- a/jni/java/org/apache/tomcat/jni/SSLContext.java +++ b/jni/java/org/apache/tomcat/jni/SSLContext.java @@ -31,9 +31,7 @@ * @param pool The pool to use. * @param protocol The SSL protocol to use. It can be one of: * 
-     * SSL_PROTOCOL_SSLV2
      * SSL_PROTOCOL_SSLV3
-     * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
      * SSL_PROTOCOL_TLSV1
      * SSL_PROTOCOL_ALL
      *
--- a/jni/native/include/ssl_private.h +++ b/jni/native/include/ssl_private.h @@ -113,10 +113,9 @@ * Define the SSL Protocol options */ #define SSL_PROTOCOL_NONE (0) -#define SSL_PROTOCOL_SSLV2 (1<<0) #define SSL_PROTOCOL_SSLV3 (1<<1) #define SSL_PROTOCOL_TLSV1 (1<<2) -#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) +#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) #define SSL_MODE_CLIENT (0) #define SSL_MODE_SERVER (1) --- a/jni/native/src/sslcontext.c +++ b/jni/native/src/sslcontext.c @@ -72,6 +72,7 @@ UNREFERENCED(o); switch (protocol) { +#ifndef OPENSSL_NO_SSL2 case SSL_PROTOCOL_SSLV2: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv2_client_method()); @@ -80,6 +81,7 @@ else ctx = SSL_CTX_new(SSLv2_method()); break; +#endif case SSL_PROTOCOL_SSLV3: if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(SSLv3_client_method()); @@ -88,6 +90,7 @@ else ctx = SSL_CTX_new(SSLv3_method()); break; +#ifndef OPENSSL_NO_SSL2 case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: case SSL_PROTOCOL_ALL: @@ -99,7 +102,13 @@ else ctx = SSL_CTX_new(SSLv23_method()); break; +#endif +#ifndef OPENSSL_NO_SSL2 case SSL_PROTOCOL_TLSV1: +#else + case SSL_PROTOCOL_ALL: + case SSL_PROTOCOL_TLSV1: +#endif if (mode == SSL_MODE_CLIENT) ctx = SSL_CTX_new(TLSv1_client_method()); else if (mode == SSL_MODE_SERVER) @@ -127,8 +136,10 @@ if (c->bio_os != NULL) BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); SSL_CTX_set_options(c->ctx, SSL_OP_ALL); +#ifndef OPENSSL_NO_SSL2 if (!(protocol & SSL_PROTOCOL_SSLV2)) SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2); +#endif if (!(protocol & SSL_PROTOCOL_SSLV3)) SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); if (!(protocol & SSL_PROTOCOL_TLSV1)) debian/patches/series0000644000000000000000000000003011551364555012035 0ustar drop_sslv2_support.diff debian/source/0000755000000000000000000000000012256413063010470 5ustar debian/source/format0000644000000000000000000000001411551364555011706 0ustar 3.0 (quilt) debian/compat0000644000000000000000000000000212202371217010361 0ustar 9 debian/copyright0000644000000000000000000000117312202371217011120 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Apache Tomcat Native Library Upstream-Contact: Source: http://www.apache.org/dist/tomcat/tomcat-connectors/native/ Files: * Copyright: Copyright (C) 2004-2011 The Apache Software Foundation. License: Apache-2.0 Files: debian/* Copyright: 2008-2009, Michael Koch , 2010-2013, Damien Raude-Morvan License: Apache-2.0 License: Apache-2.0 A complete copy of the Apache License, Version 2.0, can be found in /usr/share/common-licenses/Apache-2.0 on Debian Systems. debian/control0000644000000000000000000000277212256410403010576 0ustar Source: tomcat-native Section: java Priority: extra Maintainer: Debian Java Maintainers Uploaders: Damien Raude-Morvan Build-Depends: debhelper (>= 9), default-jdk, dpkg-dev (>= 1.16.1~), libapr1-dev, libssl-dev Standards-Version: 3.9.5 Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/tomcat-native/ Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/tomcat-native/ Homepage: http://tomcat.apache.org/native-doc/ Package: libtcnative-1 Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Description: Tomcat native library using the apache portable runtime Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). . These features allows making Tomcat a general purpose webserver, will enable much better integration with other native web technologies, and overall make Java much more viable as a full fledged webserver platform rather than simply a backend focused technology.