This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch wheezy in repository tomcat7.
commit 316d30963e9cd2ffa258dd2df909d4bd69e10f77 Author: Emmanuel Bourg <[email protected]> Date: Fri Feb 28 17:42:01 2014 +0100 Backported the test certificates from Tomcat 7.0.39 --- debian/changelog | 4 +- debian/keystores/localhost-cert.pem | 79 +++++++++++++++++++++ debian/keystores/localhost-copy1.jks | Bin 0 -> 2197 bytes debian/keystores/localhost-key.pem | 28 ++++++++ debian/keystores/localhost.jks | Bin 0 -> 2197 bytes debian/keystores/user1.jks | Bin 0 -> 2194 bytes debian/patches/0022-update-test-certificates.patch | 49 +++++++++++++ debian/patches/series | 1 + debian/source/include-binaries | 3 + 9 files changed, 163 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 73f4914..c7c8645 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,8 +15,10 @@ tomcat7 (7.0.28-4+deb7u1) wheezy-security; urgency=high transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited denial of service by streaming an unlimited amount of data to the server. + * Replaced the expired certificates used by the tests + (backported from Tomcat 7.0.39) - -- Emmanuel Bourg <[email protected]> Sun, 09 Feb 2014 01:09:12 +0100 + -- Emmanuel Bourg <[email protected]> Fri, 28 Feb 2014 17:38:57 +0100 tomcat7 (7.0.28-4) unstable; urgency=high diff --git a/debian/keystores/localhost-cert.pem b/debian/keystores/localhost-cert.pem new file mode 100644 index 0000000..2e1d07e --- /dev/null +++ b/debian/keystores/localhost-cert.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4099 (0x1003) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, CN=ca-test.tomcat.apache.org + Validity + Not Before: Feb 28 05:28:42 2013 GMT + Not After : Feb 28 05:28:42 2015 GMT + Subject: C=US, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e7:6f:79:3f:18:87:91:dd:27:98:34:24:79:58: + 47:f9:c2:69:2b:d8:5b:c0:e0:bb:4a:57:d6:00:b5: + bb:6a:b0:66:84:5c:b8:f0:12:0a:27:27:32:9c:82: + 2a:2f:0f:69:77:a6:e9:0d:df:64:31:51:c0:41:1e: + dc:d4:74:51:9c:a3:b8:51:13:58:73:ee:21:9c:f9: + 63:82:1b:c2:2c:49:c3:09:70:ff:a9:f3:af:a2:0c: + 0b:60:2f:6a:db:a5:01:45:3e:34:90:8e:67:69:eb: + 45:f3:34:29:85:db:39:8a:99:c2:0f:72:15:21:fd: + 54:35:a6:7b:a7:30:cb:1e:4d:3d:32:24:c6:4b:84: + 4f:5f:60:ff:64:5e:68:ca:d8:fa:de:98:7d:40:04: + 60:b7:ae:50:ec:c8:8c:ae:dd:94:81:41:18:5b:03: + 63:0f:2b:02:63:0a:95:6a:ed:7e:68:e6:b6:d5:56: + e9:4e:60:ea:1d:95:58:33:be:a2:12:55:cb:7f:9c: + c4:97:0b:db:c0:94:09:2a:b3:9f:e1:6b:78:0d:63: + 1a:41:d5:6b:db:d8:48:59:04:88:d1:11:d5:e7:45: + 28:0e:7c:1b:78:75:20:7d:ff:7f:e1:d6:ea:e4:c5: + 51:77:41:42:30:4b:ff:29:33:3d:89:58:94:69:5b: + 70:27 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 30:DB:AB:70:94:34:CA:FD:75:46:AB:CE:E2:4A:A9:9E:74:BC:69:BB + X509v3 Authority Key Identifier: + keyid:B0:3B:BC:C9:FA:28:5F:3E:04:1F:9B:6C:C7:8B:68:D8:01:B0:F8:3D + + Signature Algorithm: sha1WithRSAEncryption + ab:d3:e7:2b:35:d3:6d:9f:87:2a:64:58:f1:61:cb:56:a8:84: + 22:79:ac:0d:68:1f:55:0d:dd:16:16:72:c4:a9:75:2a:0e:f8: + b1:73:68:c9:ee:43:d8:5c:fa:07:5d:3f:41:fb:14:17:be:64: + 21:d8:1e:25:67:92:b2:c5:bb:43:1d:96:b6:d3:bd:1c:e1:a4: + c7:ee:e3:37:0b:92:14:56:ca:ad:a8:76:5b:80:c9:42:8c:89: + f1:42:6e:8c:fb:a1:d7:98:d5:6d:49:99:fe:b6:f6:c6:f3:cc: + 8f:06:54:6e:02:f5:8f:4b:f1:86:ac:14:93:6c:74:25:26:44: + 7a:5b:82:3c:57:d6:e5:14:6e:b7:29:53:e4:40:7a:2f:10:5d: + ff:28:7f:e5:e5:54:6c:38:fa:b9:27:97:2a:69:60:ba:4a:5a: + 28:65:b1:81:e0:b7:a1:74:d6:e6:07:81:6d:b8:59:c3:45:bd: + 7c:a8:17:67:1f:fc:52:1a:6c:90:87:4d:a1:98:51:8c:29:6a: + 84:d9:0d:24:a8:86:6a:5e:6a:b7:f9:27:9b:52:37:96:b5:fd: + 94:11:ca:c4:d9:6d:69:81:fa:96:34:63:3a:7c:49:2d:06:48: + ae:b1:14:59:12:29:8e:59:3d:03:99:42:90:e6:82:df:08:cf: + d7:77:ec:00 +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgICEAMwDQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCVVMx +IjAgBgNVBAMTGWNhLXRlc3QudG9tY2F0LmFwYWNoZS5vcmcwHhcNMTMwMjI4MDUy +ODQyWhcNMTUwMjI4MDUyODQyWjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAxMJbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5295PxiHkd0n +mDQkeVhH+cJpK9hbwOC7SlfWALW7arBmhFy48BIKJycynIIqLw9pd6bpDd9kMVHA +QR7c1HRRnKO4URNYc+4hnPljghvCLEnDCXD/qfOvogwLYC9q26UBRT40kI5naetF +8zQphds5ipnCD3IVIf1UNaZ7pzDLHk09MiTGS4RPX2D/ZF5oytj63ph9QARgt65Q +7MiMrt2UgUEYWwNjDysCYwqVau1+aOa21VbpTmDqHZVYM76iElXLf5zElwvbwJQJ +KrOf4Wt4DWMaQdVr29hIWQSI0RHV50UoDnwbeHUgff9/4dbq5MVRd0FCMEv/KTM9 +iViUaVtwJwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUMNurcJQ0yv11RqvO +4kqpnnS8abswHwYDVR0jBBgwFoAUsDu8yfooXz4EH5tsx4to2AGw+D0wDQYJKoZI +hvcNAQEFBQADggEBAKvT5ys1022fhypkWPFhy1aohCJ5rA1oH1UN3RYWcsSpdSoO ++LFzaMnuQ9hc+gddP0H7FBe+ZCHYHiVnkrLFu0MdlrbTvRzhpMfu4zcLkhRWyq2o +dluAyUKMifFCboz7odeY1W1Jmf629sbzzI8GVG4C9Y9L8YasFJNsdCUmRHpbgjxX +1uUUbrcpU+RAei8QXf8of+XlVGw4+rknlyppYLpKWihlsYHgt6F01uYHgW24WcNF +vXyoF2cf/FIabJCHTaGYUYwpaoTZDSSohmpearf5J5tSN5a1/ZQRysTZbWmB+pY0 +Yzp8SS0GSK6xFFkSKY5ZPQOZQpDmgt8Iz9d37AA= +-----END CERTIFICATE----- diff --git a/debian/keystores/localhost-copy1.jks b/debian/keystores/localhost-copy1.jks new file mode 100644 index 0000000..353cd81 Binary files /dev/null and b/debian/keystores/localhost-copy1.jks differ diff --git a/debian/keystores/localhost-key.pem b/debian/keystores/localhost-key.pem new file mode 100644 index 0000000..911476d --- /dev/null +++ b/debian/keystores/localhost-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDnb3k/GIeR3SeY +NCR5WEf5wmkr2FvA4LtKV9YAtbtqsGaEXLjwEgonJzKcgiovD2l3pukN32QxUcBB +HtzUdFGco7hRE1hz7iGc+WOCG8IsScMJcP+p86+iDAtgL2rbpQFFPjSQjmdp60Xz +NCmF2zmKmcIPchUh/VQ1pnunMMseTT0yJMZLhE9fYP9kXmjK2PremH1ABGC3rlDs +yIyu3ZSBQRhbA2MPKwJjCpVq7X5o5rbVVulOYOodlVgzvqISVct/nMSXC9vAlAkq +s5/ha3gNYxpB1Wvb2EhZBIjREdXnRSgOfBt4dSB9/3/h1urkxVF3QUIwS/8pMz2J +WJRpW3AnAgMBAAECggEBALfaj6h3NSPEW7MHIT6gyjT4o5IoQ+O65C6QDrrrpCKC +Vj6qZmSZACXQdt1sblSKWs+p8hSKNc8UUbWp7eZ9LWRRj5gg1TDrqRpJ6CoxIRUL +1/wFH6WEqC8EgHj90lcBAzxdyWZZKoAzXpNxCdeDq3eW5Fpe17jzxdUFF9Be6816 +LbxTlrMisLp0u39v1GnE/vd2nemKUWY7uNSRRrtTi8mjAmXcnogxBmAyN7wjqVHt +KKBYkyTRPCh8K6R+t/dqbZsv1k8fdS1/csXoiU2nJ86pdbSHOQ7aZMWXTZmAE5wb +G4Oe9X61Hg5xgTDO/nEd8q2Sl6mMSx9L5IjdTm+WVRkCgYEA/CaXCzlUPUtVbkih +bkDCQbYVarrRo90PskL2mgUQDUBgFOzSQXrJ6qEEYXy5PdOBhiaK3385wSXBX+nF +7LOANzrgN9k+6Vt3fe20HrYltoc5e0lxvk4rdNSyrpe+E5bz8LtASlMBj2o6W6Md +NkCAEKRp7wC2gb3MPeWhCpiJrLsCgYEA6vfthWHjL+yr6hFro/IsHnQdYSn4QPgn ++WrOg6gGwhS5ZqJLK5jB95RFvgGhNBxh8nMCP0VnJYmM1pQtzR/YE7PU7SlRyAd/ +DVkyO8NRQTzA6z/mPoeGx4dtTwaye10c7KZxmZCXq1tB4D6gTDJUQF5gt8tbx4C8 +1mul1xQ0aYUCgYAFovMzbAenCx0QxwzcwxPUljZqWVzAVfu412hdzwkp0quTLCwT +DKSg2xKW/0vAxw6ZKhlmn5hx6d8lvrsO7IBMO8OxW+jdHI9SQFMLcLTtHJ67U8v4 +HhU4mlyYLIoyM+imE/l+79YUF6LQU5gek1iJhrNbhV+PDOgY5h4wd3J0awKBgBfF +OSwzOO6SPNoTJRaS20/BY29+9XRtJm4fFgFPsE9WFWOCq6Qfcg//2gZc19gTvvzu +EZ4hAUxU3AChQPjtbcigerv7YCCiUYIiMejF26SD5uhlsH9G6qWo17AU911vkAuI +0xk7/XwCYWm0LDdJKCjS42n0krZeGbx/a2mUy7CZAoGAGXq2r3INg0xiZa8mSeJB +MeZswgGKxN7MHlKKcpELEWg97ev4NvTq4T+PEl+1miRtlyzcFgMXKe3oBU0Ru7Qu +O2u3kfLTOPGHmo+KpFNJHE8g+PwoOheNis2JZkd3T9fX7JRRYCiBeW4nMYzP2yGS +nlaUqPewhh5/1fRCmF36TyU= +-----END PRIVATE KEY----- diff --git a/debian/keystores/localhost.jks b/debian/keystores/localhost.jks new file mode 100644 index 0000000..3be335c Binary files /dev/null and b/debian/keystores/localhost.jks differ diff --git a/debian/keystores/user1.jks b/debian/keystores/user1.jks new file mode 100644 index 0000000..0c084fc Binary files /dev/null and b/debian/keystores/user1.jks differ diff --git a/debian/patches/0022-update-test-certificates.patch b/debian/patches/0022-update-test-certificates.patch new file mode 100644 index 0000000..426f2c0 --- /dev/null +++ b/debian/patches/0022-update-test-certificates.patch @@ -0,0 +1,49 @@ +Description: Uses updated test certificates to avoid a build failure when the tests are enabled. + The updated keystores were taken from Tomcat 7.0.39 (http://svn.apache.org/r1451105) +Author: Emmanuel Bourg <[email protected]> +Forwarded: not-needed +--- a/test/org/apache/tomcat/util/net/TesterSupport.java ++++ b/test/org/apache/tomcat/util/net/TesterSupport.java +@@ -89,7 +89,7 @@ + Connector connector = tomcat.getConnector(); + connector.setProperty("sslProtocol", "tls"); + File keystoreFile = +- new File("test/org/apache/tomcat/util/net/" + keystore); ++ new File("debian/keystores/" + keystore); + connector.setAttribute("keystoreFile", + keystoreFile.getAbsolutePath()); + File truststoreFile = new File( +@@ -104,11 +104,11 @@ + } + } else { + File keystoreFile = new File( +- "test/org/apache/tomcat/util/net/localhost-cert.pem"); ++ "debian/keystores/localhost-cert.pem"); + tomcat.getConnector().setAttribute("SSLCertificateFile", + keystoreFile.getAbsolutePath()); + keystoreFile = new File( +- "test/org/apache/tomcat/util/net/localhost-key.pem"); ++ "debian/keystores/localhost-key.pem"); + tomcat.getConnector().setAttribute("SSLCertificateKeyFile", + keystoreFile.getAbsolutePath()); + } +@@ -119,7 +119,7 @@ + protected static KeyManager[] getUser1KeyManagers() throws Exception { + KeyManagerFactory kmf = KeyManagerFactory.getInstance( + KeyManagerFactory.getDefaultAlgorithm()); +- kmf.init(getKeyStore("test/org/apache/tomcat/util/net/user1.jks"), ++ kmf.init(getKeyStore("debian/keystores/user1.jks"), + "changeit".toCharArray()); + return kmf.getKeyManagers(); + } +--- a/test/org/apache/tomcat/util/net/TestCustomSsl.java ++++ b/test/org/apache/tomcat/util/net/TestCustomSsl.java +@@ -62,7 +62,7 @@ + connector.setProperty("sslProtocol", "tls"); + + File keystoreFile = +- new File("test/org/apache/tomcat/util/net/localhost.jks"); ++ new File("debian/keystores/localhost.jks"); + connector.setAttribute( + "keystoreFile", keystoreFile.getAbsolutePath()); + diff --git a/debian/patches/series b/debian/patches/series index d62c03a..9c82f7c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -17,3 +17,4 @@ cve-2012-3439-tests.patch 0019-CVE-2013-2067.patch 0020-CVE-2013-2071.patch 0021-CVE-2012-3544.patch +0022-update-test-certificates.patch diff --git a/debian/source/include-binaries b/debian/source/include-binaries new file mode 100644 index 0000000..49fd341 --- /dev/null +++ b/debian/source/include-binaries @@ -0,0 +1,3 @@ +debian/keystores/localhost.jks +debian/keystores/user1.jks +debian/keystores/localhost-copy1.jks -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
