This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch master in repository libapache-mod-jk.
commit c77c87f484333bc7106dd076ce86ee28e6f82265 Merge: ca5b9bd 0e9ecac Author: Markus Koschany <[email protected]> Date: Sat May 23 23:33:30 2015 +0200 Import Debian patch 1:1.2.37-1+deb7u1 HOWTO-RELEASE.txt | 206 + LICENSE | 252 + NOTICE | 8 + README.txt | 42 + conf/httpd-jk.conf | 127 + conf/uriworkermap.properties | 39 + conf/workers.properties | 165 + conf/workers.properties.minimal | 45 + debian/changelog | 96 +- debian/clean | 96 - debian/control | 43 +- debian/copyright | 84 +- debian/libapache2-mod-jk.NEWS | 4 +- debian/libapache2-mod-jk.README.Debian | 2 +- debian/libapache2-mod-jk.apache2 | 2 - debian/libapache2-mod-jk.install | 8 +- debian/libapache2-mod-jk.postinst | 24 + debian/libapache2-mod-jk.prerm | 22 + debian/patches/CVE-2014-8111.patch | 474 + debian/patches/fix-privacy-breach.patch | 26 - debian/patches/series | 2 +- debian/rules | 21 +- debian/source.lintian-overrides | 2 + debian/workers.properties | 6 +- docs/ajp/ajpv13a.html | 654 + docs/ajp/ajpv13ext.html | 654 + docs/ajp/printer/ajpv13a.html | 653 + docs/ajp/printer/ajpv13ext.html | 653 + docs/generic_howto/loadbalancers.html | 207 + docs/generic_howto/printer/loadbalancers.html | 206 + docs/generic_howto/printer/proxy.html | 312 + docs/generic_howto/printer/quick.html | 130 + docs/generic_howto/printer/timeouts.html | 371 + docs/generic_howto/printer/workers.html | 407 + docs/generic_howto/proxy.html | 313 + docs/generic_howto/quick.html | 131 + docs/generic_howto/timeouts.html | 372 + docs/generic_howto/workers.html | 408 + docs/images/add.gif | Bin 0 -> 1037 bytes docs/images/code.gif | Bin 0 -> 394 bytes docs/images/design.gif | Bin 0 -> 608 bytes docs/images/docs.gif | Bin 0 -> 261 bytes docs/images/fix.gif | Bin 0 -> 345 bytes docs/images/jakarta-logo.gif | Bin 0 -> 8584 bytes docs/images/printer.gif | Bin 0 -> 438 bytes docs/images/tomcat.gif | Bin 0 -> 2066 bytes docs/images/update.gif | Bin 0 -> 627 bytes docs/images/void.gif | Bin 0 -> 43 bytes docs/index.html | 296 + docs/miscellaneous/changelog.html | 2430 ++ docs/miscellaneous/doccontrib.html | 249 + docs/miscellaneous/faq.html | 281 + docs/miscellaneous/jkstatustasks.html | 184 + docs/miscellaneous/printer/changelog.html | 2429 ++ docs/miscellaneous/printer/doccontrib.html | 248 + docs/miscellaneous/printer/faq.html | 280 + docs/miscellaneous/printer/jkstatustasks.html | 183 + docs/miscellaneous/printer/reporttools.html | 61 + docs/miscellaneous/reporttools.html | 62 + docs/news/20041100.html | 126 + docs/news/20050101.html | 139 + docs/news/20060101.html | 80 + docs/news/20070301.html | 87 + docs/news/20081001.html | 158 + docs/news/20090301.html | 63 + docs/news/20100101.html | 62 + docs/news/20110701.html | 22 + docs/news/20120301.html | 62 + docs/news/printer/20041100.html | 125 + docs/news/printer/20050101.html | 138 + docs/news/printer/20060101.html | 79 + docs/news/printer/20070301.html | 86 + docs/news/printer/20081001.html | 157 + docs/news/printer/20090301.html | 62 + docs/news/printer/20100101.html | 61 + docs/news/printer/20110701.html | 21 + docs/news/printer/20120301.html | 61 + docs/printer/index.html | 295 + docs/reference/apache.html | 1072 + docs/reference/iis.html | 338 + docs/reference/printer/apache.html | 1071 + docs/reference/printer/iis.html | 337 + docs/reference/printer/status.html | 546 + docs/reference/printer/uriworkermap.html | 423 + docs/reference/printer/workers.html | 1023 + docs/reference/status.html | 547 + docs/reference/uriworkermap.html | 424 + docs/reference/workers.html | 1024 + docs/style.css | 73 + docs/webserver_howto/apache.html | 1101 + docs/webserver_howto/iis.html | 696 + docs/webserver_howto/nes.html | 483 + docs/webserver_howto/printer/apache.html | 1100 + docs/webserver_howto/printer/iis.html | 695 + docs/webserver_howto/printer/nes.html | 482 + jkstatus/build.properties.default | 22 + jkstatus/build.xml | 155 + jkstatus/conf/jkstatus-tasks.xml | 41 + jkstatus/example/jkstatus.properties.default | 23 + jkstatus/example/jkstatus.xml | 111 + jkstatus/example/show.txt | 25 + jkstatus/example/show.xml | 49 + .../org/apache/jk/status/AbstractJkStatusTask.java | 209 + .../src/share/org/apache/jk/status/JkBalancer.java | 335 + .../org/apache/jk/status/JkBalancerMapping.java | 98 + .../org/apache/jk/status/JkBalancerMember.java | 516 + .../src/share/org/apache/jk/status/JkResult.java | 54 + .../src/share/org/apache/jk/status/JkServer.java | 56 + .../src/share/org/apache/jk/status/JkSoftware.java | 54 + .../src/share/org/apache/jk/status/JkStatus.java | 90 + .../org/apache/jk/status/JkStatusAccessor.java | 133 + .../share/org/apache/jk/status/JkStatusParser.java | 228 + .../org/apache/jk/status/JkStatusResetTask.java | 133 + .../share/org/apache/jk/status/JkStatusTask.java | 735 + .../jk/status/JkStatusUpdateLoadbalancerTask.java | 307 + .../org/apache/jk/status/JkStatusUpdateTask.java | 529 + .../apache/jk/status/JkStatusUpdateWorkerTask.java | 291 + .../org/apache/jk/status/LocalStrings.properties | 15 + jkstatus/src/share/org/apache/jk/status/antlib.xml | 34 + .../src/share/org/apache/jk/status/jkstatus.tasks | 22 + .../org/apache/jk/status/mbeans-descriptors.xml | 48 + .../src/share/org/apache/jk/status/package.html | 224 + jkstatus/test/build.xml | 120 + jkstatus/test/conf/jkstatus.xml | 31 + jkstatus/test/conf/log4j.xml | 76 + .../org/apache/jk/status/JkStatusParserTest.java | 63 + native/BUILDING.txt | 157 + native/Makefile.am | 37 + native/Makefile.in | 695 + native/README.txt | 47 + native/STATUS.txt | 72 + native/TODO.txt | 372 + native/aclocal.m4 | 6945 +++++ native/apache-1.3/Makefile.apxs.in | 40 + native/apache-1.3/Makefile.in | 112 + native/apache-1.3/Makefile.libdir | 4 + native/apache-1.3/Makefile.netware | 282 + native/apache-1.3/Makefile.tmpl | 53 + native/apache-1.3/Makefile.vc | 248 + native/apache-1.3/NWGNUmakefile | 44 + native/apache-1.3/NWGNUmakefile.mak | 306 + native/apache-1.3/libjk.module | 5 + native/apache-1.3/mod_jk.c | 3476 +++ native/apache-1.3/mod_jk.dsp | 287 + native/apache-1.3/mod_jk.exp | 1 + native/apache-2.0/Makefile.apxs.in | 43 + native/apache-2.0/Makefile.in | 97 + native/apache-2.0/Makefile.vc | 286 + native/apache-2.0/NWGNUmakefile | 325 + native/apache-2.0/bldjk.qclsrc | 278 + native/apache-2.0/bldjk54.qclsrc | 299 + native/apache-2.0/config.m4 | 34 + native/apache-2.0/mod_jk.c | 3876 +++ native/apache-2.0/mod_jk.dsp | 347 + native/buildconf.sh | 33 + native/common/.indent.pro | 18 + native/common/Makefile.in | 50 + native/common/ap_snprintf.c | 1178 + native/common/ap_snprintf.h | 150 + native/common/config.h.in | 109 + native/common/jk.rc | 74 + native/common/jk_ajp12_worker.c | 682 + native/common/jk_ajp12_worker.h | 45 + native/common/jk_ajp13.c | 50 + native/common/jk_ajp13.h | 126 + native/common/jk_ajp13_worker.c | 94 + native/common/jk_ajp13_worker.h | 50 + native/common/jk_ajp14.c | 695 + native/common/jk_ajp14.h | 307 + native/common/jk_ajp14_worker.c | 404 + native/common/jk_ajp14_worker.h | 52 + native/common/jk_ajp_common.c | 3368 +++ native/common/jk_ajp_common.h | 467 + native/common/jk_connect.c | 1191 + native/common/jk_connect.h | 78 + native/common/jk_context.c | 296 + native/common/jk_context.h | 138 + native/common/jk_global.h | 408 + native/common/jk_lb_worker.c | 1921 ++ native/common/jk_lb_worker.h | 226 + native/common/jk_logger.h | 139 + native/common/jk_map.c | 874 + native/common/jk_map.h | 109 + native/common/jk_md5.c | 475 + native/common/jk_md5.h | 84 + native/common/jk_msg_buff.c | 381 + native/common/jk_msg_buff.h | 154 + native/common/jk_mt.h | 147 + native/common/jk_nwmain.c | 103 + native/common/jk_pool.c | 194 + native/common/jk_pool.h | 132 + native/common/jk_service.h | 555 + native/common/jk_shm.c | 926 + native/common/jk_shm.h | 269 + native/common/jk_sockbuf.c | 195 + native/common/jk_sockbuf.h | 45 + native/common/jk_status.c | 5225 ++++ native/common/jk_status.h | 44 + native/common/jk_types.h.in | 69 + native/common/jk_uri_worker_map.c | 1288 + native/common/jk_uri_worker_map.h | 228 + native/common/jk_url.c | 112 + native/common/jk_url.h | 44 + native/common/jk_util.c | 2275 ++ native/common/jk_util.h | 278 + native/common/jk_version.h | 94 + native/common/jk_worker.c | 350 + native/common/jk_worker.h | 55 + native/common/jk_worker_list.h | 88 + native/common/list.mk.in | 27 + native/configure | 25599 +++++++++++++++++++ native/configure.in | 641 + native/docs/api/README.txt | 18 + native/iis/Makefile.amd64 | 294 + native/iis/Makefile.ia64 | 294 + native/iis/Makefile.x86 | 296 + native/iis/README | 47 + native/iis/installer/LICENSE.TXT | 201 + native/iis/installer/License.rtf | 72 + native/iis/installer/bin/README | 1 + native/iis/installer/conf/rewrite.properties | 28 + native/iis/installer/conf/uriworkermap.properties | 39 + .../iis/installer/conf/workers.properties.minimal | 45 + native/iis/installer/iisfilter.vbs | 120 + .../iis/installer/isapi-redirector-win32-msi.ism | 4773 ++++ native/iis/installer/log/README | 1 + native/iis/installer/tomcat.ico | Bin 0 -> 21630 bytes native/iis/isapi.def | 24 + native/iis/isapi.dsp | 299 + native/iis/isapi.dsw | 59 + native/iis/isapi_install.vbs | 224 + native/iis/isapi_redirect.reg | 8 + native/iis/jk_isapi_plugin.c | 3820 +++ native/iis/pcre/AUTHORS | 6 + native/iis/pcre/COPYING | 45 + native/iis/pcre/ChangeLog | 1650 ++ native/iis/pcre/INSTALL | 185 + native/iis/pcre/LICENCE | 45 + native/iis/pcre/Makefile.in | 20 + native/iis/pcre/NEWS | 201 + native/iis/pcre/NON-UNIX-USE | 244 + native/iis/pcre/NWGNUmakefile | 267 + native/iis/pcre/README | 427 + native/iis/pcre/RunTest.in | 192 + native/iis/pcre/chartables.hw | 183 + native/iis/pcre/config.hw | 112 + native/iis/pcre/config.in | 107 + native/iis/pcre/configure.in | 185 + native/iis/pcre/dftables.c | 173 + native/iis/pcre/dftables.dsp | 165 + native/iis/pcre/dftables.x86 | 109 + native/iis/pcre/dll.mk | 60 + native/iis/pcre/doc/README_httpd | 6 + native/iis/pcre/get.c | 357 + native/iis/pcre/install-sh | 251 + native/iis/pcre/internal.h | 752 + native/iis/pcre/libpcre.def | 34 + native/iis/pcre/libpcre.pc.in | 12 + native/iis/pcre/libpcreposix.def | 39 + native/iis/pcre/maketables.c | 146 + native/iis/pcre/makevp.bat | 25 + native/iis/pcre/mkinstalldirs | 40 + native/iis/pcre/pcre-config.in | 66 + native/iis/pcre/pcre.amd64 | 141 + native/iis/pcre/pcre.c | 9207 +++++++ native/iis/pcre/pcre.def | 22 + native/iis/pcre/pcre.dsp | 193 + native/iis/pcre/pcre.hw | 239 + native/iis/pcre/pcre.ia64 | 141 + native/iis/pcre/pcre.in | 239 + native/iis/pcre/pcre.x86 | 135 + native/iis/pcre/pcredemo.c | 324 + native/iis/pcre/pcregrep.c | 673 + native/iis/pcre/pcreposix.c | 316 + native/iis/pcre/pcreposix.dsp | 154 + native/iis/pcre/pcreposix.h | 99 + native/iis/pcre/pcretest.c | 1786 ++ native/iis/pcre/perltest | 211 + native/iis/pcre/perltest8 | 208 + native/iis/pcre/pgrep.c | 225 + native/iis/pcre/printint.c | 471 + native/iis/pcre/study.c | 484 + native/iis/pcre/testdata/testinput1 | 3841 +++ native/iis/pcre/testdata/testinput2 | 1396 + native/iis/pcre/testdata/testinput3 | 65 + native/iis/pcre/testdata/testinput4 | 513 + native/iis/pcre/testdata/testinput5 | 263 + native/iis/pcre/testdata/testinput6 | 517 + native/iis/pcre/testdata/testoutput1 | 6274 +++++ native/iis/pcre/testdata/testoutput2 | 5607 ++++ native/iis/pcre/testdata/testoutput3 | 115 + native/iis/pcre/testdata/testoutput4 | 903 + native/iis/pcre/testdata/testoutput5 | 1075 + native/iis/pcre/testdata/testoutput6 | 1013 + native/iis/pcre/ucp.c | 151 + native/iis/pcre/ucp.h | 58 + native/iis/pcre/ucpinternal.h | 91 + native/iis/pcre/ucptable.c | 15105 +++++++++++ native/iis/pcre/ucptypetable.c | 93 + native/netscape/Makefile.linux | 55 + native/netscape/Makefile.netware | 272 + native/netscape/Makefile.solaris | 93 + native/netscape/Makefile.vc | 279 + native/netscape/README | 31 + native/netscape/jk_nsapi_plugin.c | 634 + native/netscape/nsapi.dsp | 275 + native/nt_service/jk_nt_service.c | 1233 + native/nt_service/nt_service.dsp | 199 + native/scripts/build/config_vars.mk | 17 + native/scripts/build/instdso.sh | 91 + native/scripts/build/jk_common.m4 | 160 + native/scripts/build/rules.mk | 43 + native/scripts/build/unix/buildcheck.sh | 55 + native/scripts/build/unix/config.guess | 1530 ++ native/scripts/build/unix/config.sub | 1779 ++ native/scripts/build/unix/install-sh | 322 + native/scripts/build/unix/ltmain.sh | 6426 +++++ native/scripts/build/unix/missing | 353 + support/apache.m4 | 213 + support/get_ver.awk | 83 + support/jk_apache_static.m4 | 133 + support/jk_apr.m4 | 320 + support/jk_apxs.m4 | 150 + support/jk_dominohome.m4 | 74 + support/jk_exec.m4 | 91 + support/jk_java.m4 | 224 + support/jk_pcre.m4 | 40 + support/jk_tchome.m4 | 73 + support/jk_ws.m4 | 229 + support/os_apache.m4 | 44 + tools/dist/.htaccess | 19 + tools/dist/HEADER.html | 20 + tools/dist/README.html | 68 + tools/dist/binaries/netware/HEADER.html | 5 + tools/dist/binaries/windows/HEADER.html | 12 + tools/dist/binaries/windows/README.html | 60 + tools/dist/binaries/windows/symbols/HEADER.html | 11 + tools/dist/binaries/windows/symbols/README.html | 25 + tools/jkbindist.sh | 136 + tools/jkrelease.sh | 328 + tools/lineends.pl | 165 + tools/reports/README.txt | 33 + tools/reports/tomcat_reports.pl | 431 + tools/reports/tomcat_trend.pl | 408 + tools/signfile.sh | 64 + xdocs/ajp/ajpv13a.xml | 698 + xdocs/ajp/ajpv13ext.xml | 686 + xdocs/ajp/project.xml | 82 + xdocs/build.xml | 259 + xdocs/empty.xml | 40 + xdocs/generic_howto/loadbalancers.xml | 236 + xdocs/generic_howto/project.xml | 82 + xdocs/generic_howto/proxy.xml | 347 + xdocs/generic_howto/quick.xml | 170 + xdocs/generic_howto/timeouts.xml | 405 + xdocs/generic_howto/workers.xml | 444 + xdocs/images/add.gif | Bin 0 -> 1037 bytes xdocs/images/code.gif | Bin 0 -> 394 bytes xdocs/images/design.gif | Bin 0 -> 608 bytes xdocs/images/docs.gif | Bin 0 -> 261 bytes xdocs/images/fix.gif | Bin 0 -> 345 bytes xdocs/images/jakarta-logo.gif | Bin 0 -> 8584 bytes xdocs/images/printer.gif | Bin 0 -> 438 bytes xdocs/images/tomcat.gif | Bin 0 -> 2066 bytes xdocs/images/update.gif | Bin 0 -> 627 bytes xdocs/images/void.gif | Bin 0 -> 43 bytes xdocs/index.xml | 342 + xdocs/miscellaneous/changelog.xml | 2501 ++ xdocs/miscellaneous/doccontrib.xml | 337 + xdocs/miscellaneous/faq.xml | 324 + xdocs/miscellaneous/jkstatustasks.xml | 218 + xdocs/miscellaneous/project.xml | 82 + xdocs/miscellaneous/reporttools.xml | 91 + xdocs/news/20041100.xml | 161 + xdocs/news/20050101.xml | 174 + xdocs/news/20060101.xml | 110 + xdocs/news/20070301.xml | 117 + xdocs/news/20081001.xml | 188 + xdocs/news/20090301.xml | 93 + xdocs/news/20100101.xml | 93 + xdocs/news/20110701.xml | 53 + xdocs/news/20120301.xml | 93 + xdocs/news/project.xml | 82 + xdocs/project.xml | 82 + xdocs/reference/apache.xml | 1182 + xdocs/reference/iis.xml | 393 + xdocs/reference/project.xml | 82 + xdocs/reference/status.xml | 584 + xdocs/reference/uriworkermap.xml | 468 + xdocs/reference/workers.xml | 1178 + xdocs/style.css | 73 + xdocs/style.xsl | 710 + xdocs/webserver_howto/apache.xml | 1259 + xdocs/webserver_howto/iis.xml | 740 + xdocs/webserver_howto/nes.xml | 521 + xdocs/webserver_howto/project.xml | 82 + 396 files changed, 206249 insertions(+), 327 deletions(-) diff --cc debian/changelog index 6f51c99,0000000..14251a4 mode 100644,000000..100644 --- a/debian/changelog +++ b/debian/changelog @@@ -1,372 -1,0 +1,304 @@@ - libapache-mod-jk (1:1.2.41-2) UNRELEASED; urgency=medium - - * Moved the package to Git - - -- Markus Koschany <[email protected]> Sat, 08 Oct 2016 15:19:56 +0200 - - libapache-mod-jk (1:1.2.41-1) unstable; urgency=medium - - * Team upload. - * Imported Upstream version 1.2.41. - * Drop README.source. We use regular upstream releases again. - * Update get-orig-source target. Use --verbose and --download-current-version - flags. - * Drop disable-libtool-check.patch. Not required for normal releases. - * Vcs-Browser: Use https. - * Remove autoconf and automake from Build-Depends again. - * Run wrap-and-sort -sa. - * Add clean file and ensure libapache-mod-jk can be built twice in a row. - * debian/rules: Remove override for dh_auto_clean. - * Update debian/copyright for new release. - - -- Markus Koschany <[email protected]> Fri, 30 Oct 2015 22:33:34 +0100 - - libapache-mod-jk (1:1.2.40+svn150520-1) unstable; urgency=high - - * Team upload. - * Imported Upstream SVN snapshot version 1.2.40+svn150520. - - Fix CVE-2014-8111: (Closes: #783233) - Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of - previous JkMount rules, which allows remote attackers to access otherwise - restricted artifacts via unspecified vectors. - * debian/control: Build-Depend on debhelper >= 9. - * Remove source.lintian-overrides since we now build-depend on debhelper >=9. - * Drop 0004-corrupted-worker-activation-status.patch. Fixed upstream. - * debian/rules: - - Disable sed command in debian/rules. Apparently not necessary for this - release. - - Run buildconf.sh before dh_auto_configure step since this is a requirement - for building SVN snapshots. - - Update dh_auto_clean override. Ensure that the package can be built twice - in a row. - * debian/control: - - Add autoconf to Build-Depends. - - Add automake to Build-Depends. - - Remove Conflicts and Replaces fields because they are obsolete. - * Add disable-libtool-check.patch and fix a FTBFS. We already build-depend on - libtool but the script is not smart enough. - * Add fix-privacy-breach.patch and fix lintian errors about "privacy breach - logo". - * Update debian/copyright information. Add missing BSD-3-clause license. - * Add README.source. - - -- Markus Koschany <[email protected]> Thu, 21 May 2015 17:53:24 +0200 - - libapache-mod-jk (1:1.2.37-4) unstable; urgency=medium ++libapache-mod-jk (1:1.2.37-1+deb7u1) wheezy-security; urgency=high + + * Team upload. - * Switched to tomcat8 (Closes: #759624) - * Standards-Version updated to 3.9.6 (no changes) - - -- Emmanuel Bourg <[email protected]> Mon, 17 Nov 2014 14:52:23 +0100 - - libapache-mod-jk (1:1.2.37-3) unstable; urgency=low - - * d/rules: Fix "Hardening CPPFLAGS missing" (Closes: #710809). - Thanks to Simon Ruderich for providing patch. - * d/patches/0004-corrupted-worker-activation-status.patch: - Fix "Worker activation state corrupted when using jkmanager", - Thanks to David Gubler for patch (Closes: #711934). - - -- Damien Raude-Morvan <[email protected]> Mon, 12 Aug 2013 10:28:44 +0200 - - libapache-mod-jk (1:1.2.37-2) unstable; urgency=low - - * Re-enable Apache 2.4 transition after wheezy release (Closes: #666851): - - d/control: Add Build-Depends apache2-dev and dh-apache2. - - d/rules: Call apache2 dh addon. - - d/libapache2-mod-jk.{postinst,postrm}: Replace with - d/libapache2-mod-jk.apache2. - - d/control: Remove explicit Depends on apache2.2-common. - * d/control: Bump Standards-Version to 3.9.4: no changes needed. - * d/control: Use canonical URL for Vcs-* fields. - - -- Damien Raude-Morvan <[email protected]> Sat, 01 Jun 2013 15:14:00 +0200 ++ * Add CVE-2014-8111.patch. (Closes: #783233) ++ It was discovered that a JkUnmount rule for a subtree of a previous JkMount ++ rule could be ignored. This could allow a remote attacker to potentially ++ access a private artifact in a tree that would otherwise not be accessible ++ to them. ++ - Add option to control handling of multiple adjacent slashes in mount and ++ unmount. New default is collapsing the slashes only in unmount. Before ++ this change, adjacent slashes were never collapsed, so most mounts and ++ unmounts didn't match for URLs with multiple adjacent slashes. ++ - Configuration is done via new JkOption for Apache (values ++ "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount"). ++ ++ -- Markus Koschany <[email protected]> Sat, 23 May 2015 23:33:30 +0200 + +libapache-mod-jk (1:1.2.37-1) unstable; urgency=low + + * New upstream release. + + -- Damien Raude-Morvan <[email protected]> Sun, 03 Jun 2012 23:09:32 +0200 + +libapache-mod-jk (1:1.2.36-1) unstable; urgency=low + + * New upstream release. + * Revert Apache 2.4 transition (ie. just for wheezy release). + * Refresh patches. + + -- Damien Raude-Morvan <[email protected]> Fri, 18 May 2012 19:20:50 +0200 + +libapache-mod-jk (1:1.2.35-1) experimental; urgency=low + + * New upstream release: + - d/patches/0004-compiler-hardening.patch: Merged upstream. + * d/rules: Just use dh_auto. No need to force using sub-directory as + debhelper is doing it for us. + * Prepare Apache 2.4 transition (Closes: #666851): + - d/control: Add Build-Depends apache2-dev and dh-apache2. + - d/rules: Call apache2 dh addon. + - d/libapache2-mod-jk.{postinst,postrm}: Replace with + d/libapache2-mod-jk.apache2. + - d/control: Remove explicit Depends on apache2.2-common. + * d/control: Bump Standards-Version to 3.9.3, no changes needed. + * d/copyright: Upgrade to copyright-format 1.0. + + -- Damien Raude-Morvan <[email protected]> Wed, 04 Apr 2012 22:32:12 +0200 + +libapache-mod-jk (1:1.2.32-2) unstable; urgency=low + + * Team upload. + * Set debian/compat to 9; bump debhelper dependency to 8.1.3. + * Modify debian/rules to enable hardening flags + and add patches/0004-compiler-hardening.patch (Closes: #656876) + * Remove Michael Koch from Uploaders. (Closes: #654045) + + -- tony mancill <[email protected]> Sat, 04 Feb 2012 07:17:54 +0000 + +libapache-mod-jk (1:1.2.32-1) unstable; urgency=low + + * New upstream release: + - Fix whitespace trimming when parsing attribute lists. LP: #592576. + * Add myself in Uploaders. + * Include a sensible default configuration in + /etc/apache2/mods-available/jk.conf + and remove old sample in /usr/share/doc/libapache2-mod-jk/. + LP: #118649. + * Describe changes in upstream handling of JkMount in global scope + vs in VirtualHost scope (in d/README and default configuration). + Closes: #460398. + * Bump Standards-Version to 3.9.2: + - d/control: Add recommended get-orig-source target. + * d/watch: Update to new upstream layout. + * Refresh patches. + * d/copyright: Upgrade to DEP-5 format. + * d/README.source: Removed (aka dpatch one) + * d/libapache-mod-jk.*: Remove old traces from Apache 1.3 + (dropped since lenny). + * d/rules: Switch to dh7 handling. + * d/compat: Switch to debhelper compat level 8. + * Replace d/patches/0004 by autotools_dev dh sequence addons. + * d/rules: Enable LFS with -D_FILE_OFFSET_BITS=64. Closes: #590075. + + -- Damien Raude-Morvan <[email protected]> Thu, 14 Jul 2011 01:15:52 +0200 + +libapache-mod-jk (1:1.2.31-1) unstable; urgency=low + + * Team upload. + * Bump debhelper compatibility level to 7. + * Bump Standards-Version to 3.9.1. No changes were required. + * Remove duplicated control fields in binary packages. + * Fix lintian warning about dh_clean -k deprecation. + * Update package section to httpd. + * Document in NEWS the minimal Linux version needed (>= 2.6.27) to use + this module. + + -- Miguel Landaeta <[email protected]> Tue, 15 Feb 2011 09:29:23 -0430 + +libapache-mod-jk (1:1.2.30-1) unstable; urgency=low + + * Team upload + * New upstream release + * Convert patches to dep3 format. + * Switch to source format 3.0. + * Remove Stefan (Gybas) and Arnaud from Uploaders list. Thanks to your + contribution in the past! + * Add Vcs-* headers. + * Add missing Depends: ${misc:Depends}. + * Update Standards-Version: 3.9.0 (no changes). + * Update patch for config.guess and config.sub. + * Switch to tomcat6 and default-java in workers.properties. Thanks to + Olivier Berger. (Closes: #590078) + + -- Torsten Werner <[email protected]> Sat, 24 Jul 2010 01:04:36 +0200 + +libapache-mod-jk (1:1.2.28-2) unstable; urgency=low + + * Added debian/patches/05_config_update.dpatch which updates + config.{guess|sub} in native/scripts/build/unix/ (Closes: #540392). + * debian/control: Let libapache2-mod-jk suggest tomcat6 instead of + tomcat5.5. + * Added debian/README.source. + * Updated Standards-Version to 3.8.3. + + -- Michael Koch <[email protected]> Thu, 20 Aug 2009 20:04:39 +0200 + +libapache-mod-jk (1:1.2.28-1) unstable; urgency=low + + * New upstream release. + - Removed debian/patches/05_bug_451494.dpatch. Applied upstream. + - Removed debian/patches/06_CVE-2008-5519.dpatch. Applied upstream. + * Updated Build-Depends to debhelper (>= 5) as 4 is deprecated. + * Link /usr/share/common-licenses/Apache-2.0 in debian/copgyright. + * Updated Standards-Version to 3.8.2. + + -- Michael Koch <[email protected]> Sat, 25 Jul 2009 23:08:41 +0200 + +libapache-mod-jk (1:1.2.26-2.1) unstable; urgency=high + + * Non-maintainer upload by the security-team. + * CVE-2008-5519: Fix information disclosure vulnerability when clients + abort connection before sending POST body (closes: #523054). + + -- Stefan Fritsch <[email protected]> Sat, 30 May 2009 15:49:20 +0200 + +libapache-mod-jk (1:1.2.26-2) unstable; urgency=low + + * Apply patch to fix JkOptions handling for virtual hosts. Thanks to + Toshihiro Sasajima for the patch, Closes: #451494 + * Fixed debian/copyright to mention copyright and license properly. + * debian/libapache-mod-jk-doc.doc-base: Moved to section + System/Administration. + * Remove unused lintian override for libapache-mod-jk-doc. + + -- Michael Koch <[email protected]> Wed, 02 Apr 2008 23:09:41 +0200 + +libapache-mod-jk (1:1.2.26-1) unstable; urgency=low + + * New upstream release. + * Updated Standards-Version to 3.7.3. + * Fixed URL in Homepage field. + * Fixed typo in debian/libapache2-mod-jk.NEWS. + + -- Michael Koch <[email protected]> Thu, 27 Dec 2007 13:04:55 -0100 + +libapache-mod-jk (1:1.2.25-2) unstable; urgency=low + + * debian/workers.properties: Renamed worker.loadbalancer.balanced_workers to + worker.loadbalancer.balance_workers. Closes: #448062. + + -- Michael Koch <[email protected]> Thu, 25 Oct 2007 21:18:33 +0200 + +libapache-mod-jk (1:1.2.25-1) unstable; urgency=low + + * New upstream release. + * Don't suggest tomcat5 anymore. + * Use Homepage: field in debian/control + + -- Michael Koch <[email protected]> Sat, 15 Sep 2007 09:07:30 +0200 + +libapache-mod-jk (1:1.2.23-4) unstable; urgency=low + + * libapache2-mod-jk: Removed Suggests on tomcat4. + * libapache-mod-jk-doc: Removed Suggests on libapache-mod-jk. + + -- Michael Koch <[email protected]> Thu, 5 Jul 2007 13:44:24 +0200 + +libapache-mod-jk (1:1.2.23-3) unstable; urgency=low + + * Don't build libapache-mod-jk binary package anymore. Closes: #429125. + * Removed Wolfgang from Uploaders. + + -- Michael Koch <[email protected]> Sun, 24 Jun 2007 18:34:33 -0100 + +libapache-mod-jk (1:1.2.23-2) unstable; urgency=low + + * Point workers.tomcat_home to /usr/share/tomcat5 and + workers.java_home to /usr/lib/jvm/java-gcj. + * Generate changelog from changelog.html correctly. + + -- Michael Koch <[email protected]> Sat, 09 Jun 2007 16:06:13 -0100 + +libapache-mod-jk (1:1.2.23-1) unstable; urgency=high + + * New upstream release. + - Forward unparsed URI to tomcat. Closes: #425836. + CVE-2007-1860 + + -- Michael Koch <[email protected]> Sat, 2 Jun 2007 23:14:13 +0200 + +libapache-mod-jk (1:1.2.22-1) unstable; urgency=low + + * New upstream release + - works when no JkWorkersFile option set (Closes: #419448). + * Added debian/patches/04_no-worker-error.dpatch to make the message + "Could not find worker" an error and more visible (Closes: #418887). + + -- Michael Koch <[email protected]> Tue, 17 Apr 2007 08:12:38 +0200 + +libapache-mod-jk (1:1.2.21-1) unstable; urgency=low + + * New upstream release + + -- Michael Koch <[email protected]> Thu, 12 Apr 2007 07:21:37 +0000 + +libapache-mod-jk (1:1.2.18-3) unstable; urgency=medium + + * debian/rules: copy source tree for native part to compile seperately for + Apache 2.0 (Closes: #396224, #406636). + * Added tomcat5.5 to Depends on tomcat4 | tomcat5 | tomcat5.5. + * Updated Standards-Version to 3.7.2. + * Added myself to Uploaders. + + -- Michael Koch <[email protected]> Sat, 17 Feb 2007 17:10:27 +0100 + +libapache-mod-jk (1:1.2.18-2) unstable; urgency=low + + * debian/control (Depends): updated to apache2.2-common (closes: + #391651), thanks to Philippe Marzouk. + * debian/patches/03_jk-runtime-status_default_location.dpatch: + added. This change the default location of JkShmFile variable (closes: + #362004), thanks to Adrian Bridgett. + + -- Arnaud Vandyck <[email protected]> Mon, 9 Oct 2006 15:41:47 +0200 + +libapache-mod-jk (1:1.2.18-1) unstable; urgency=low + + * New upstream + * debian/watch: added + * Added myself to uploaders + * debian/rules: modified to revert changes in upstream structure (jk + directory does not exist anymore) + + -- Arnaud Vandyck <[email protected]> Wed, 2 Aug 2006 11:11:03 +0200 + +libapache-mod-jk (1:1.2.14.1-2) unstable; urgency=low + + * Fixed binary arch only build by splitting + arch and indep install targets + + -- Wolfgang Baer <[email protected]> Mon, 03 Oct 2005 13:25:14 +0200 + +libapache-mod-jk (1:1.2.14.1-1) unstable; urgency=low + + * New upstream release (closes: #307331) + * Removed cdbs dependency - building only with debhelper + * Build Apache2 package (closes: #296345) + + debian/control: package libapache2-mod-jk added + + debian/control: added apache2-threaded-dev build dependency + * Split documentation in own package so it does not ship twice + + debian/control: package libapache-mod-jk-doc added + + debian/control: xsltproc dependency for building + + debian/control: added conflicts/replaces with old libapache-mod-jk + * Updated workers.properties + * Added example httpd.conf files for Apache 1.3 and 2 + * Added tomcat5 as alternative to tomcat4 to suggests + * Only provide example conf files (for Apache1.3/2) which have to be + installed and modified for a specific setup by the user (closes: #321203) + * Added conflicts/replaces with libapache2-mod-jk2 and added NEWS.Debian + * Registered documentation with doc-base + * Added lintian override for changelog html file used in the manual + * Updated copyright to new upstream Apache License Version 2.0 + * Updated Standards-Version to 3.6.2 - no changes + + -- Wolfgang Baer <[email protected]> Tue, 6 Sep 2005 14:43:49 +0200 + +libapache-mod-jk (1:1.2.5-2) unstable; urgency=low + + * Added libtool build dependency (closes: #229395) + + -- Stefan Gybas <[email protected]> Fri, 30 Jan 2004 17:22:12 +0100 + +libapache-mod-jk (1:1.2.5-1) unstable; urgency=low + + * New upstream release (libapache-mod-jk was previously built by the tomcat + source package) + * Updated download location in copyright file + * Mention in the long description that this module can talk to a remote + Tomcat server so it can go into main + * Updated to the new module handling in Apache 1.3.29 and support Apache, + Apache-Perl and Apache-SSL + + -- Stefan Gybas <[email protected]> Sat, 10 Jan 2004 17:18:52 +0100 + diff --cc debian/control index 985ef38,0000000..397575b mode 100644,000000..100644 --- a/debian/control +++ b/debian/control @@@ -1,49 -1,0 +1,42 @@@ +Source: libapache-mod-jk +Section: httpd +Priority: optional +Maintainer: Debian Java Maintainers <[email protected]> - Uploaders: - Damien Raude-Morvan <[email protected]> - Build-Depends: - apache2-dev, - autotools-dev, - debhelper (>= 9), - dh-apache2, - libtool - Build-Depends-Indep: - lynx, - xsltproc - Standards-Version: 3.9.6 - Vcs-Git: https://anonscm.debian.org/git/pkg-java/libapache-mod-jk.git - Vcs-Browser: https://anonscm.debian.org/viewvc/pkg-java/trunk/libapache-mod-jk - Homepage: http://tomcat.apache.org ++Uploaders: Damien Raude-Morvan <[email protected]> ++Build-Depends: apache2-threaded-dev, ++ autotools-dev, ++ debhelper (>= 8.1.3~), ++ libtool ++Build-Depends-Indep: lynx, xsltproc ++Standards-Version: 3.9.3 ++Homepage: http://tomcat.apache.org/ ++Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/libapache-mod-jk ++Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/libapache-mod-jk/ + +Package: libapache2-mod-jk +Architecture: any - Depends: - ${misc:Depends}, - ${shlibs:Depends} - Suggests: - libapache-mod-jk-doc, - tomcat8 ++Depends: apache2.2-common, ${misc:Depends}, ${shlibs:Depends} ++Suggests: libapache-mod-jk-doc, tomcat6 ++Conflicts: libapache2-mod-jk2 ++Replaces: libapache2-mod-jk2 +Description: Apache 2 connector for the Tomcat Java servlet engine + Apache Tomcat is the reference implementation for the Java Servlet and + JavaServer Pages (JSP) specification from the Apache Jakarta project. + . + This package contains an Apache 2 module (mod_jk) to forward requests + from Apache to Tomcat using the AJP 1.3 or 1.4 protocol. It can either + talk to Tomcat on the local machine or to a remote engine using TCP. + +Package: libapache-mod-jk-doc +Architecture: all +Section: doc - Depends: - ${misc:Depends} - Suggests: - libapache2-mod-jk ++Depends: ${misc:Depends} ++Suggests: libapache2-mod-jk ++Conflicts: libapache-mod-jk (<= 1.2.5-2) ++Replaces: libapache-mod-jk (<= 1.2.5-2) +Description: Documentation of libapache2-mod-jk package + Documentation and examples of the Apache jk connector for the Tomcat + Java servlet engine. + . + For uptodate documentation about Tomcat connectors please take a look + at the home page at http://tomcat.apache.org/connectors-doc/. diff --cc debian/copyright index 0b4c07a,0000000..c26ee7a mode 100644,000000..100644 --- a/debian/copyright +++ b/debian/copyright @@@ -1,96 -1,0 +1,18 @@@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Apache Tomcat JK Connector +Upstream-Contact: <http://tomcat.apache.org/connectors-doc/> +Source: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/ + +Files: * - Copyright: Copyright (c) 1999-2015 Apache Foundation ++Copyright: Copyright (c) 1999-2011 Apache Foundation +License: Apache-2.0 + - Files: native/iis/pcre/* - Copyright: 1997-2004, University of Cambridge - License: BSD-3-clause - - Files: native/scripts/build/unix/ltmain.sh - native/scripts/build/unix/missing - native/scripts/build/unix/compile - native/aclocal.m4 - Copyright: 1996-2013 Free Software Foundation, Inc. - License: GPL-2+ - - Files: native/scripts/build/unix/config.guess - native/scripts/build/unix/config.sub - Copyright: 1992-2014 Free Software Foundation, Inc. - License: GPL-3+ - - Files: native/scripts/build/unix/install-sh - Copyright: 1994, X Consortium - License: MIT - Permission is hereby granted, free of charge, to any person obtaining a copy - of this software and associated documentation files (the "Software"), to - deal in the Software without restriction, including without limitation the - rights to use, copy, modify, merge, publish, distribute, sublicense, and/or - sell copies of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: - . - The above copyright notice and this permission notice shall be included in - all copies or substantial portions of the Software. - . - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN - AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- - TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - . - Except as contained in this notice, the name of the X Consortium shall not - be used in advertising or otherwise to promote the sale, use or other deal- - ings in this Software without prior written authorization from the X Consor- - tium. - - +Files: debian/* +Copyright: 2003, Stefan Gybas <[email protected]> - 2009, Michael Koch <[email protected]> - 2011, Damien Raude-Morvan <[email protected]> - 2015, Markus Koschany <[email protected]> ++ 2009, Michael Koch <[email protected]> ++ 2011, Damien Raude-Morvan <[email protected]> +License: Apache-2.0 + +License: Apache-2.0 + A complete copy of the Apache License, Version 2.0, can be found in + /usr/share/common-licenses/Apache-2.0 on Debian Systems. - - License: BSD-3-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - . - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - . - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - . - * Neither the name of the University of Cambridge nor the names of its - contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - . - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - License: GPL-2+ - On Debian systems, the full text of the GNU General Public license 2 - can be found in the file '/usr/share/common-licenses/GPL-2 - - License: GPL-3+ - On Debian systems, the full text of the GNU General Public license 3 - can be found in the file '/usr/share/common-licenses/GPL-3 diff --cc debian/libapache2-mod-jk.NEWS index 1bdf780,0000000..c76356b mode 100644,000000..100644 --- a/debian/libapache2-mod-jk.NEWS +++ b/debian/libapache2-mod-jk.NEWS @@@ -1,36 -1,0 +1,36 @@@ +libapache2-mod-jk (1:1.2.32-1) unstable; urgency=low + + libapache2-mod-jk now provide a default configuration file for Apache 2.x. + This file is located at /etc/apache2/mods-available/jk.conf. + Please note, that this configuration will be activated on first installation + or when (re-)enabling jk module with "a2enmod jk". + + -- Damien Raude-Morvan <[email protected]> Thu, 14 Jul 2011 01:15:52 +0200 + +libapache2-mod-jk (1:1.2.31-1) unstable; urgency=low + + Since 1.2.31 libapache2-mod-jk is compiled under kernels with support for + the SOCK_CLOEXEC flag in socket(2) syscall. Because of this, on Linux + systems, libapache-mod-jk only works with kernel versions >= 2.6.27. + + -- Miguel Landaeta <[email protected]> Sun, 13 Feb 2011 19:17:43 -0430 + +libapache2-mod-jk (1:1.2.26-1) unstable; urgency=low + + Since 1.2.26, please note that by default no mounts will be inherited from the + global scope to any VirtualHost. See JkMountCopy option documentation + for more information (and Debian bug #460398). + + -- Damien Raude-Morvan <[email protected]> Thu, 14 Jul 2011 01:15:52 +0200 + +libapache2-mod-jk (1:1.2.14.1-1) unstable; urgency=low + + This package replaces the previously libapache2-mod-jk2 package + which is now unsupported upstream and therefore removed from + the archive. + + Its recommended to switch to this package. Due to building packages - for Apache 1.3 and 2 the documentation is now packaged separately - (libapache-mod-jk-doc). ++ for Apache 1.3 and 2 the documentation is now packaged separately ++ (libapache-mod-jk-doc). + + -- Wolfgang Baer <[email protected]> Thu, 23 Jun 2005 22:42:54 +0200 diff --cc debian/libapache2-mod-jk.README.Debian index f9c6215,0000000..8cf16b9 mode 100644,000000..100644 --- a/debian/libapache2-mod-jk.README.Debian +++ b/debian/libapache2-mod-jk.README.Debian @@@ -1,23 -1,0 +1,23 @@@ +libapache2-mod-jk for Debian +---------------------------------- + +Package works with Apache 2.x HTTP server. +The documentation can be found in the libapache-mod-jk-doc package. + +At install, this module is enabled into existing Apache2 configuration. +Default configuration is located here : + /etc/apache2/mods-available/jk.conf + +One default worker named ajp13_worker, which connects to the localhost on +port 8009, is configured. If you need more workers or want to connect to +a remote tomcat you have to modify the workers.properties file. + +By default, no webapp is mounted so you'll have to edit jk.conf - to enable, at least, a JkMount directive for you webapp. ++to enable, at least, a JkMount directive for you webapp. + +Please pay attention to global scope vs VirtualHost when setting JkMount +(see #460398) as, by default, no mounts will be inherited from the +global scope to any VirtualHost. See JkMountCopy option documentation +for more information. + + -- Wolfgang Baer <[email protected]> Thu, 23 Jun 2005 22:42:54 +0200 diff --cc debian/libapache2-mod-jk.install index 6ef6e11,0000000..e982abe mode 100644,000000..100644 --- a/debian/libapache2-mod-jk.install +++ b/debian/libapache2-mod-jk.install @@@ -1,4 -1,0 +1,4 @@@ - conf/jk.conf /etc/apache2/mods-available/ - debian/jk.load /etc/apache2/mods-available/ - debian/workers.properties /etc/libapache2-mod-jk/ - native/apache-2.0/mod_jk.so /usr/lib/apache2/modules/ ++conf/jk.conf /etc/apache2/mods-available/ ++debian/jk.load /etc/apache2/mods-available/ ++debian/workers.properties /etc/libapache2-mod-jk/ ++native/apache-2.0/mod_jk.so /usr/lib/apache2/modules/ diff --cc debian/libapache2-mod-jk.postinst index 0000000,0000000..c2d5bc9 new file mode 100644 --- /dev/null +++ b/debian/libapache2-mod-jk.postinst @@@ -1,0 -1,0 +1,24 @@@ ++#!/bin/sh ++set -e ++ ++#DEBHELPER# ++ ++case "$1" in ++ configure) ++ ++ # Only activate jk if this is not an upgrade ++ if [ -z "$2" ]; then ++ a2enmod jk || true ++ fi ++ ;; ++ ++ abort-upgrade|abort-remove|abort-deconfigure) ++ ;; ++ ++ *) ++ echo "$0 called with unknown argument \`$1'" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 diff --cc debian/libapache2-mod-jk.prerm index 0000000,0000000..2f7c53b new file mode 100644 --- /dev/null +++ b/debian/libapache2-mod-jk.prerm @@@ -1,0 -1,0 +1,22 @@@ ++#!/bin/sh ++set -e ++ ++#DEBHELPER# ++ ++case "$1" in ++ upgrade|failed-upgrade) ++ # Nothing to do here ++ ;; ++ ++ deconfigure|remove) ++ # Disable jk if this is not an upgrade ++ a2dismod jk || true ++ ;; ++ ++ *) ++ echo "$0 called with unknown argument \`$1'" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 diff --cc debian/patches/CVE-2014-8111.patch index 0000000,0000000..70a2530 new file mode 100644 --- /dev/null +++ b/debian/patches/CVE-2014-8111.patch @@@ -1,0 -1,0 +1,474 @@@ ++From: Markus Koschany <[email protected]> ++Date: Sat, 23 May 2015 00:05:21 +0200 ++Subject: CVE-2014-8111 ++ ++It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule ++could be ignored. This could allow a remote attacker to potentially access a ++private artifact in a tree that would otherwise not be accessible to them. ++ ++Forwarded: https://svn.apache.org/viewvc?view=revision&revision=r1647017 ++--- ++ native/apache-1.3/mod_jk.c | 24 +++++++++++++-- ++ native/apache-2.0/mod_jk.c | 24 +++++++++++++-- ++ native/common/jk_global.h | 7 ++++- ++ native/common/jk_uri_worker_map.c | 48 +++++++++++++++++------------ ++ native/common/jk_uri_worker_map.h | 7 +++++ ++ native/common/jk_util.c | 19 ++++++++++++ ++ native/common/jk_util.h | 2 ++ ++ native/iis/jk_isapi_plugin.c | 64 ++++++++++++++++++++++++++++----------- ++ 8 files changed, 153 insertions(+), 42 deletions(-) ++ ++diff --git a/native/apache-1.3/mod_jk.c b/native/apache-1.3/mod_jk.c ++index 81c3a58..9d6840f 100644 ++--- a/native/apache-1.3/mod_jk.c +++++ b/native/apache-1.3/mod_jk.c ++@@ -2074,9 +2074,11 @@ const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line) ++ ++ mask = 0; ++ ++- if (action == '-' && !strncasecmp(w, "ForwardURI", strlen("ForwardURI"))) +++ if (action == '-' && +++ (!strncasecmp(w, "ForwardURI", strlen("ForwardURI")) || +++ !strncasecmp(w, "CollapseSlashes", strlen("CollapseSlashes")))) ++ return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '-", w, ++- "': ForwardURI* options can not be disabled", NULL); +++ "': option can not be disabled", NULL); ++ ++ if (!strcasecmp(w, "ForwardURICompat")) { ++ opt = JK_OPT_FWDURICOMPAT; ++@@ -2094,6 +2096,18 @@ const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line) ++ opt = JK_OPT_FWDURIPROXY; ++ mask = JK_OPT_FWDURIMASK; ++ } +++ else if (!strcasecmp(w, "CollapseSlashesAll")) { +++ opt = JK_OPT_COLLAPSEALL; +++ mask = JK_OPT_COLLAPSEMASK; +++ } +++ else if (!strcasecmp(w, "CollapseSlashesNone")) { +++ opt = JK_OPT_COLLAPSENONE; +++ mask = JK_OPT_COLLAPSEMASK; +++ } +++ else if (!strcasecmp(w, "CollapseSlashesUnmount")) { +++ opt = JK_OPT_COLLAPSEUNMOUNT; +++ mask = JK_OPT_COLLAPSEMASK; +++ } ++ else if (!strcasecmp(w, "ForwardDirectories")) { ++ opt = JK_OPT_FWDDIRS; ++ } ++@@ -2763,6 +2777,10 @@ static void *merge_jk_config(ap_pool * p, void *basev, void *overridesv) ++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_FWDURIMASK; ++ else ++ overrides->options |= (base->options & ~base->exclude_options); +++ if (overrides->options & JK_OPT_COLLAPSEMASK) +++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_COLLAPSEMASK; +++ else +++ overrides->options |= (base->options & ~base->exclude_options); ++ ++ if (base->envvars) { ++ if (overrides->envvars && overrides->envvars_has_own) { ++@@ -2983,6 +3001,8 @@ static void jk_init(server_rec * s, ap_pool * p) ++ uri_worker_map_switch(sconf->uw_map, sconf->log); ++ uri_worker_map_load(sconf->uw_map, sconf->log); ++ } +++ if (conf->options & JK_OPT_COLLAPSEMASK) +++ sconf->uw_map->collapse_slashes = conf->options & JK_OPT_COLLAPSEMASK; ++ } ++ else { ++ if (sconf->mountcopy == JK_TRUE) { ++diff --git a/native/apache-2.0/mod_jk.c b/native/apache-2.0/mod_jk.c ++index 7c04440..26345ea 100644 ++--- a/native/apache-2.0/mod_jk.c +++++ b/native/apache-2.0/mod_jk.c ++@@ -2175,9 +2175,11 @@ static const char *jk_set_options(cmd_parms * cmd, void *dummy, ++ ++ mask = 0; ++ ++- if (action == '-' && !strncasecmp(w, "ForwardURI", strlen("ForwardURI"))) +++ if (action == '-' && +++ (!strncasecmp(w, "ForwardURI", strlen("ForwardURI")) || +++ !strncasecmp(w, "CollapseSlashes", strlen("CollapseSlashes")))) ++ return apr_pstrcat(cmd->pool, "JkOptions: Illegal option '-", w, ++- "': ForwardURI* options can not be disabled", NULL); +++ "': option can not be disabled", NULL); ++ ++ if (!strcasecmp(w, "ForwardURICompat")) { ++ opt = JK_OPT_FWDURICOMPAT; ++@@ -2195,6 +2197,18 @@ static const char *jk_set_options(cmd_parms * cmd, void *dummy, ++ opt = JK_OPT_FWDURIPROXY; ++ mask = JK_OPT_FWDURIMASK; ++ } +++ else if (!strcasecmp(w, "CollapseSlashesAll")) { +++ opt = JK_OPT_COLLAPSEALL; +++ mask = JK_OPT_COLLAPSEMASK; +++ } +++ else if (!strcasecmp(w, "CollapseSlashesNone")) { +++ opt = JK_OPT_COLLAPSENONE; +++ mask = JK_OPT_COLLAPSEMASK; +++ } +++ else if (!strcasecmp(w, "CollapseSlashesUnmount")) { +++ opt = JK_OPT_COLLAPSEUNMOUNT; +++ mask = JK_OPT_COLLAPSEMASK; +++ } ++ else if (!strcasecmp(w, "ForwardDirectories")) { ++ opt = JK_OPT_FWDDIRS; ++ } ++@@ -2987,6 +3001,10 @@ static void *merge_jk_config(apr_pool_t * p, void *basev, void *overridesv) ++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_FWDURIMASK; ++ else ++ overrides->options |= (base->options & ~base->exclude_options); +++ if (overrides->options & JK_OPT_COLLAPSEMASK) +++ overrides->options |= (base->options & ~base->exclude_options) & ~JK_OPT_COLLAPSEMASK; +++ else +++ overrides->options |= (base->options & ~base->exclude_options); ++ ++ if (base->envvars) { ++ if (overrides->envvars && overrides->envvars_has_own) { ++@@ -3464,6 +3482,8 @@ static int jk_post_config(apr_pool_t * pconf, ++ uri_worker_map_switch(sconf->uw_map, sconf->log); ++ uri_worker_map_load(sconf->uw_map, sconf->log); ++ } +++ if (conf->options & JK_OPT_COLLAPSEMASK) +++ sconf->uw_map->collapse_slashes = conf->options & JK_OPT_COLLAPSEMASK; ++ } ++ else { ++ if (sconf->mountcopy == JK_TRUE) { ++diff --git a/native/common/jk_global.h b/native/common/jk_global.h ++index aefe87e..942ee32 100644 ++--- a/native/common/jk_global.h +++++ b/native/common/jk_global.h ++@@ -252,6 +252,11 @@ extern "C" ++ ++ #define JK_OPT_FWDURIMASK 0x0007 ++ +++#define JK_OPT_COLLAPSEMASK 0x7000 +++#define JK_OPT_COLLAPSEALL 0x1000 +++#define JK_OPT_COLLAPSENONE 0x2000 +++#define JK_OPT_COLLAPSEUNMOUNT 0x4000 +++ ++ #define JK_OPT_FWDURICOMPAT 0x0001 ++ #define JK_OPT_FWDURICOMPATUNPARSED 0x0002 ++ #define JK_OPT_FWDURIESCAPED 0x0003 ++@@ -269,7 +274,7 @@ extern "C" ++ #define JK_OPT_FWDKEYSIZE 0x0200 ++ #define JK_OPT_REJECTUNSAFE 0x0400 ++ ++-#define JK_OPT_DEFAULT (JK_OPT_FWDURIDEFAULT | JK_OPT_FWDKEYSIZE) +++#define JK_OPT_DEFAULT (JK_OPT_FWDURIDEFAULT | JK_OPT_FWDKEYSIZE | JK_OPT_COLLAPSEUNMOUNT) ++ ++ /* Check for EBCDIC systems */ ++ ++diff --git a/native/common/jk_uri_worker_map.c b/native/common/jk_uri_worker_map.c ++index 250cdb5..8c3d44e 100644 ++--- a/native/common/jk_uri_worker_map.c +++++ b/native/common/jk_uri_worker_map.c ++@@ -174,9 +174,10 @@ static void uri_worker_map_dump(jk_uri_worker_map_t *uw_map, ++ int i, off; ++ if (JK_IS_DEBUG_LEVEL(l)) { ++ jk_log(l, JK_LOG_DEBUG, "uri map dump %s: id=%d, index=%d file='%s' reject_unsafe=%d " ++- "reload=%d modified=%d checked=%d", +++ "collapse_slashes=%d reload=%d modified=%d checked=%d", ++ reason, uw_map->id, uw_map->index, STRNULL_FOR_NULL(uw_map->fname), ++- uw_map->reject_unsafe, uw_map->reload, uw_map->modified, uw_map->checked); +++ uw_map->reject_unsafe, uw_map->collapse_slashes, +++ uw_map->reload, uw_map->modified, uw_map->checked); ++ } ++ for (i = 0; i <= 1; i++) { ++ jk_log(l, JK_LOG_DEBUG, "generation %d: size=%d nosize=%d capacity=%d", ++@@ -242,6 +243,7 @@ int uri_worker_map_alloc(jk_uri_worker_map_t **uw_map_p, ++ uw_map->index = 0; ++ uw_map->fname = NULL; ++ uw_map->reject_unsafe = 0; +++ uw_map->collapse_slashes = JK_COLLAPSE_DEFAULT; ++ uw_map->reload = JK_URIMAP_DEF_RELOAD; ++ uw_map->modified = 0; ++ uw_map->checked = 0; ++@@ -681,48 +683,42 @@ void parse_rule_extensions(char *rule, rule_extension_t *extensions, ++ else if (!strncmp(param, JK_UWMAP_EXTENSION_ACTIVE, strlen(JK_UWMAP_EXTENSION_ACTIVE))) { ++ if (extensions->active) ++ jk_log(l, JK_LOG_WARNING, ++- "rule extension '%s' only allowed once", ++- JK_UWMAP_EXTENSION_ACTIVE); +++ "rule extension '" JK_UWMAP_EXTENSION_ACTIVE "' only allowed once"); ++ else ++ extensions->active = param + strlen(JK_UWMAP_EXTENSION_ACTIVE); ++ } ++ else if (!strncmp(param, JK_UWMAP_EXTENSION_DISABLED, strlen(JK_UWMAP_EXTENSION_DISABLED))) { ++ if (extensions->disabled) ++ jk_log(l, JK_LOG_WARNING, ++- "rule extension '%s' only allowed once", ++- JK_UWMAP_EXTENSION_DISABLED); +++ "rule extension '" JK_UWMAP_EXTENSION_DISABLED "' only allowed once"); ++ else ++ extensions->disabled = param + strlen(JK_UWMAP_EXTENSION_DISABLED); ++ } ++ else if (!strncmp(param, JK_UWMAP_EXTENSION_STOPPED, strlen(JK_UWMAP_EXTENSION_STOPPED))) { ++ if (extensions->stopped) ++ jk_log(l, JK_LOG_WARNING, ++- "rule extension '%s' only allowed once", ++- JK_UWMAP_EXTENSION_STOPPED); +++ "rule extension '" JK_UWMAP_EXTENSION_STOPPED "' only allowed once"); ++ else ++ extensions->stopped = param + strlen(JK_UWMAP_EXTENSION_STOPPED); ++ } ++ else if (!strncmp(param, JK_UWMAP_EXTENSION_FAIL_ON_STATUS, strlen(JK_UWMAP_EXTENSION_FAIL_ON_STATUS))) { ++ if (extensions->fail_on_status_str) ++ jk_log(l, JK_LOG_WARNING, ++- "rule extension '%s' only allowed once", ++- JK_UWMAP_EXTENSION_FAIL_ON_STATUS); +++ "rule extension '" JK_UWMAP_EXTENSION_FAIL_ON_STATUS "' only allowed once"); ++ else ++ extensions->fail_on_status_str = param + strlen(JK_UWMAP_EXTENSION_FAIL_ON_STATUS); ++ } ++ else if (!strncmp(param, JK_UWMAP_EXTENSION_SESSION_COOKIE, strlen(JK_UWMAP_EXTENSION_SESSION_COOKIE))) { ++ if (extensions->session_cookie) ++ jk_log(l, JK_LOG_WARNING, ++- "extension '%s' in uri worker map only allowed once", ++- JK_UWMAP_EXTENSION_SESSION_COOKIE); +++ "extension '" JK_UWMAP_EXTENSION_SESSION_COOKIE "' in uri worker map only allowed once"); ++ else ++ extensions->session_cookie = param + strlen(JK_UWMAP_EXTENSION_SESSION_COOKIE); ++ } ++ else if (!strncmp(param, JK_UWMAP_EXTENSION_SESSION_PATH, strlen(JK_UWMAP_EXTENSION_SESSION_PATH))) { ++ if (extensions->session_path) ++ jk_log(l, JK_LOG_WARNING, ++- "extension '%s' in uri worker map only allowed once", ++- JK_UWMAP_EXTENSION_SESSION_PATH); +++ "extension '" JK_UWMAP_EXTENSION_SESSION_PATH "' in uri worker map only allowed once"); ++ else { ++ // Check if the session identifier starts with semicolon. ++ if (!strcmp(param, JK_UWMAP_EXTENSION_SESSION_PATH)) { ++@@ -1034,12 +1030,12 @@ static int is_nomatch(jk_uri_worker_map_t *uw_map, ++ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map, ++ const char *uri, const char *vhost, ++ rule_extension_t **extensions, ++- int *index, ++- jk_logger_t *l) +++ int *index, jk_logger_t *l) ++ { ++ unsigned int i; ++ unsigned int vhost_len; ++ int reject_unsafe; +++ int collapse_slashes; ++ int rv = -1; ++ char url[JK_MAX_URI_LEN+1]; ++ ++@@ -1069,10 +1065,8 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map, ++ return NULL; ++ } ++ } ++- /* Make the copy of the provided uri and strip ++- * everything after the first ';' char. ++- */ ++ reject_unsafe = uw_map->reject_unsafe; +++ collapse_slashes = uw_map->collapse_slashes; ++ vhost_len = 0; ++ /* ++ * In case we got a vhost, we prepend a slash ++@@ -1100,6 +1094,9 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map, ++ } ++ vhost_len += off; ++ } +++ /* Make the copy of the provided uri and strip +++ * everything after the first ';' char. +++ */ ++ for (i = 0; i < strlen(uri); i++) { ++ if (i == JK_MAX_URI_LEN) { ++ jk_log(l, JK_LOG_WARNING, ++@@ -1127,6 +1124,12 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map, ++ jk_log(l, JK_LOG_DEBUG, "Found session identifier '%s' in url '%s'", ++ url_rewrite, uri); ++ } +++ if (collapse_slashes == JK_COLLAPSE_ALL) { +++ /* Remove multiple slashes +++ * No need to copy url, because it is local and +++ * the unchanged url is no longer needed */ +++ jk_no2slash(url); +++ } ++ if (JK_IS_DEBUG_LEVEL(l)) ++ jk_log(l, JK_LOG_DEBUG, "Attempting to map URI '%s' from %d maps", ++ url, IND_THIS(uw_map->size)); ++@@ -1138,6 +1141,13 @@ const char *map_uri_to_worker_ext(jk_uri_worker_map_t *uw_map, ++ ++ /* In case we found a match, check for the unmounts. */ ++ if (rv >= 0 && IND_THIS(uw_map->nosize)) { +++ if (collapse_slashes == JK_COLLAPSE_UNMOUNT) { +++ /* Remove multiple slashes when looking for +++ * unmount to prevent trivial unmount bypass attack. +++ * No need to copy url, because it is local and +++ * the unchanged url is no longer needed */ +++ jk_no2slash(url); +++ } ++ /* Again first including vhost. */ ++ int rc = is_nomatch(uw_map, url, rv, l); ++ /* If no unmount was find, try without vhost. */ ++diff --git a/native/common/jk_uri_worker_map.h b/native/common/jk_uri_worker_map.h ++index 1598937..16c14ff 100644 ++--- a/native/common/jk_uri_worker_map.h +++++ b/native/common/jk_uri_worker_map.h ++@@ -58,6 +58,11 @@ extern "C" ++ #define MATCH_TYPE_STOPPED 0x4000 ++ */ ++ +++#define JK_COLLAPSE_ALL 0x0001 +++#define JK_COLLAPSE_NONE 0x0002 +++#define JK_COLLAPSE_UNMOUNT 0x0003 +++#define JK_COLLAPSE_DEFAULT JK_COLLAPSE_UNMOUNT +++ ++ #define SOURCE_TYPE_WORKERDEF 0x0001 ++ #define SOURCE_TYPE_JKMOUNT 0x0002 ++ #define SOURCE_TYPE_URIMAP 0x0003 ++@@ -166,6 +171,8 @@ struct jk_uri_worker_map ++ JK_CRIT_SEC cs; ++ /* should we forward potentially unsafe URLs */ ++ int reject_unsafe; +++ /* how to handle multiple adjacent slashes in URLs */ +++ int collapse_slashes; ++ /* uriworkermap filename */ ++ const char *fname; ++ /* uriworkermap reload check interval */ ++diff --git a/native/common/jk_util.c b/native/common/jk_util.c ++index 8c5d803..4455f86 100644 ++--- a/native/common/jk_util.c +++++ b/native/common/jk_util.c ++@@ -2089,6 +2089,25 @@ int jk_wildchar_match(const char *str, const char *exp, int icase) ++ return (str[x] != '\0'); ++ } ++ +++void jk_no2slash(char *name) +++{ +++ char *d, *s; +++ +++ s = d = name; +++ +++ while (*s) { +++ if ((*d++ = *s) == '/') { +++ do { +++ ++s; +++ } while (*s == '/'); +++ } +++ else { +++ ++s; +++ } +++ } +++ *d = '\0'; +++} +++ ++ #ifdef _MT_CODE_PTHREAD ++ jk_pthread_t jk_gettid() ++ { ++diff --git a/native/common/jk_util.h b/native/common/jk_util.h ++index 2313c2c..930943c 100644 ++--- a/native/common/jk_util.h +++++ b/native/common/jk_util.h ++@@ -238,6 +238,8 @@ int is_http_status_fail(unsigned int http_status_fail_num, ++ ++ int jk_wildchar_match(const char *str, const char *exp, int icase); ++ +++void jk_no2slash(char *name); +++ ++ #define TC32_BRIDGE_TYPE 32 ++ #define TC33_BRIDGE_TYPE 33 ++ #define TC40_BRIDGE_TYPE 40 ++diff --git a/native/iis/jk_isapi_plugin.c b/native/iis/jk_isapi_plugin.c ++index e949734..736ac05 100644 ++--- a/native/iis/jk_isapi_plugin.c +++++ b/native/iis/jk_isapi_plugin.c ++@@ -117,23 +117,27 @@ static char HTTP_WORKER_HEADER_INDEX[RES_BUFFER_SIZE]; ++ #define W3SVC_REGISTRY_KEY "SYSTEM\\CurrentControlSet\\Services\\W3SVC\\Parameters" ++ #define EXTENSION_URI_TAG "extension_uri" ++ ++-#define URI_SELECT_TAG "uri_select" ++-#define URI_SELECT_PARSED_VERB "parsed" ++-#define URI_SELECT_UNPARSED_VERB "unparsed" ++-#define URI_SELECT_ESCAPED_VERB "escaped" ++-#define URI_SELECT_PROXY_VERB "proxy" ++-#define URI_REWRITE_TAG "rewrite_rule_file" ++-#define SHM_SIZE_TAG "shm_size" ++-#define WORKER_MOUNT_RELOAD_TAG "worker_mount_reload" ++-#define STRIP_SESSION_TAG "strip_session" ++-#define AUTH_COMPLETE_TAG "auth_complete" ++-#define REJECT_UNSAFE_TAG "reject_unsafe" ++-#define WATCHDOG_INTERVAL_TAG "watchdog_interval" ++-#define ENABLE_CHUNKED_ENCODING_TAG "enable_chunked_encoding" ++-#define ERROR_PAGE_TAG "error_page" ++- ++-#define LOG_ROTATION_TIME_TAG "log_rotationtime" ++-#define LOG_FILESIZE_TAG "log_filesize" +++#define URI_SELECT_TAG "uri_select" +++#define URI_SELECT_PARSED_VERB "parsed" +++#define URI_SELECT_UNPARSED_VERB "unparsed" +++#define URI_SELECT_ESCAPED_VERB "escaped" +++#define URI_SELECT_PROXY_VERB "proxy" +++#define URI_REWRITE_TAG "rewrite_rule_file" +++#define SHM_SIZE_TAG "shm_size" +++#define WORKER_MOUNT_RELOAD_TAG "worker_mount_reload" +++#define STRIP_SESSION_TAG "strip_session" +++#define AUTH_COMPLETE_TAG "auth_complete" +++#define REJECT_UNSAFE_TAG "reject_unsafe" +++#define COLLAPSE_SLASHES_TAG "collapse_slashes" +++#define COLLAPSE_SLASHES_ALL_VERB "all" +++#define COLLAPSE_SLASHES_NONE_VERB "none" +++#define COLLAPSE_SLASHES_UNMOUNT_VERB "unmount" +++#define WATCHDOG_INTERVAL_TAG "watchdog_interval" +++#define ENABLE_CHUNKED_ENCODING_TAG "enable_chunked_encoding" +++#define ERROR_PAGE_TAG "error_page" +++ +++#define LOG_ROTATION_TIME_TAG "log_rotationtime" +++#define LOG_FILESIZE_TAG "log_filesize" ++ ++ /* HTTP standard headers */ ++ #define TRANSFER_ENCODING_CHUNKED_HEADER_COMPLETE "Transfer-Encoding: chunked" ++@@ -501,6 +505,7 @@ static int strip_session = 0; ++ static int use_auth_notification_flags = 1; ++ static int chunked_encoding_enabled = JK_FALSE; ++ static int reject_unsafe = 0; +++static int collapse_slashes = JK_COLLAPSE_DEFAULT; ++ static volatile int watchdog_interval = 0; ++ static HANDLE watchdog_handle = NULL; ++ static char error_page_buf[INTERNET_MAX_URL_LENGTH] = {0}; ++@@ -2791,6 +2796,7 @@ static int init_jk(char *serverName) ++ uw_map->reject_unsafe = 1; ++ else ++ uw_map->reject_unsafe = 0; +++ uw_map->collapse_slashes = collapse_slashes; ++ uw_map->reload = worker_mount_reload; ++ if (worker_mount_file[0]) { ++ uw_map->fname = worker_mount_file; ++@@ -2920,6 +2926,17 @@ int parse_uri_select(const char *uri_select) ++ return -1; ++ } ++ +++int parse_collapse_slashes(const char *collapse_slashes) +++{ +++ if (!strcasecmp(collapse_slashes, COLLAPSE_SLASHES_ALL_VERB)) +++ return JK_OPT_COLLAPSEALL; +++ if (!strcasecmp(collapse_slashes, COLLAPSE_SLASHES_NONE_VERB)) +++ return JK_OPT_COLLAPSENONE; +++ if (!strcasecmp(collapse_slashes, COLLAPSE_SLASHES_UNMOUNT_VERB)) +++ return JK_OPT_COLLAPSEUNMOUNT; +++ return -1; +++} +++ ++ static int read_registry_init_data(void) ++ { ++ char tmpbuf[MAX_PATH]; ++@@ -3017,7 +3034,18 @@ static int read_registry_init_data(void) ++ uri_select_option = opt; ++ } ++ else { ++- goto cleanup; +++ jk_log(logger, JK_LOG_ERROR, "Invalid value '%s' for configuration item '" +++ URI_SELECT_TAG "'", tmpbuf); +++ } +++ } +++ if (get_config_parameter(src, COLLAPSE_SLASHES_TAG, tmpbuf, sizeof(tmpbuf))) { +++ int opt = parse_collapse_slashes(tmpbuf); +++ if (opt >= 0) { +++ collapse_slashes = opt; +++ } +++ else { +++ jk_log(logger, JK_LOG_ERROR, "Invalid value '%s' for configuration item '" +++ COLLAPSE_SLASHES_TAG "'", tmpbuf); ++ } ++ } ++ shm_config_size = get_config_int(src, SHM_SIZE_TAG, -1); diff --cc debian/patches/series index cb4453d,0000000..5f2aa5c mode 100644,000000..100644 --- a/debian/patches/series +++ b/debian/patches/series @@@ -1,4 -1,0 +1,4 @@@ +0001-disable-logo.patch +0002-debianize-log-directory.patch +0003-upgrade-info-to-error-message.patch - fix-privacy-breach.patch ++CVE-2014-8111.patch diff --cc debian/rules index ac77a31,0000000..b3e295d mode 100755,000000..100755 --- a/debian/rules +++ b/debian/rules @@@ -1,32 -1,0 +1,45 @@@ +#!/usr/bin/make -f + - # Enable LFS, build system doesn't respect CPPFLAGS. - export DEB_CFLAGS_MAINT_APPEND = -D_LARGEFILE_SUPPORT -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 $(shell dpkg-buildflags --get CPPFLAGS) ++# Enable LFS ++CFLAGS = -D_LARGEFILE_SUPPORT -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 $(shell dpkg-buildflags --get CFLAGS) + +%: - dh $@ --with autotools_dev,apache2 --sourcedirectory=native ++ dh $@ --with autotools_dev --sourcedirectory=native + +override_dh_auto_configure: + dh_auto_configure -- --with-apxs=/usr/bin/apxs2 ++ sed -i -e 's/^LIBTOOL = .*$$/LIBTOOL = \/bin\/sh ..\/libtool/' native/common/Makefile + +override_dh_auto_build: + dh_auto_build + cp conf/httpd-jk.conf conf/jk.conf + ++override_dh_auto_clean: ++ rm -f conf/jk.conf ++ # ac_config_files ++ rm -f Makefile apache-1.3/Makefile apache-1.3/Makefile.apxs \ ++ apache-2.0/Makefile apache-2.0/Makefile.apxs common/Makefile \ ++ common/list.mk common/jk_types.h jni/Makefile ++ # MAINTAINERCLEANFILES ++ rm -f native/config.{status,log,cache} ++ rm -f native/apache-2.0/mod_jk.{o,la,lo,a} native/apache-2.0/mod_jk.so* ++ rm -f native/common/*.{lo,o} ++ rm -rf native/apache-2.0/.libs native/common/.libs ++ +override_dh_auto_install: +ifneq (,$(filter libapache-mod-jk-doc, $(shell dh_listpackages))) + cd xdocs && install -d ../build/docs/ && cp -R * ../build/docs/ + cd build/docs && for i in `find . -name '*.xml'`; do xsltproc style.xsl $$i > `dirname $$i`/`basename $$i .xml`.html; done + cd build/docs && find . -name '*.xml' -exec rm -f {} \; + cd build/docs && rm -f style.xsl BUILDING + cd build/docs/miscellaneous && lynx -dump -nolist changelog.html > ../changelog +endif + +override_dh_compress: + dh_compress -Xchangelog.html + +# No check target +override_dh_auto_test: + +get-orig-source: - uscan --verbose --download-current-version --force-download ++ uscan --force-download --rename diff --cc debian/source.lintian-overrides index 0000000,0000000..c3a8e6e new file mode 100644 --- /dev/null +++ b/debian/source.lintian-overrides @@@ -1,0 -1,0 +1,2 @@@ ++# override: using compat=9 with debhelper 8.1.3 for build-hardening flags ++package-needs-versioned-debhelper-build-depends 9 diff --cc debian/workers.properties index 1e282f0,0000000..91ba7f2 mode 100644,000000..100644 --- a/debian/workers.properties +++ b/debian/workers.properties @@@ -1,100 -1,0 +1,100 @@@ +# workers.properties - +# +# This file is a simplified version of the workers.properties supplied +# with the upstream sources. The jni inprocess worker (not build in the +# debian package) section and the ajp12 (deprecated) section are removed. +# +# As a general note, the characters $( and ) are used internally to define +# macros. Do not use them in your own configuration!!! +# +# Whenever you see a set of lines such as: +# x=value +# y=$(x)\something +# +# the final value for y will be value\something +# +# Normaly all you will need to do is un-comment and modify the first three +# properties, i.e. workers.tomcat_home, workers.java_home and ps. +# Most of the configuration is derived from these. +# +# When you are done updating workers.tomcat_home, workers.java_home and ps +# you should have 3 workers configured: +# +# - An ajp13 worker that connects to localhost:8009 +# - A load balancer worker +# +# + - # OPTIONS ( very important for jni mode ) ++# OPTIONS ( very important for jni mode ) + +# +# workers.tomcat_home should point to the location where you +# installed tomcat. This is where you have your conf, webapps and lib +# directories. +# - workers.tomcat_home=/usr/share/tomcat8 ++workers.tomcat_home=/usr/share/tomcat6 + +# +# workers.java_home should point to your Java installation. Normally +# you should have a bin and lib directories beneath it. +# +workers.java_home=/usr/lib/jvm/default-java + +# +# You should configure your environment slash... ps=\ on NT and / on UNIX +# and maybe something different elsewhere. +# +ps=/ + +# +#------ ADVANCED MODE ------------------------------------------------ +#--------------------------------------------------------------------- +# + +# +#------ worker list ------------------------------------------ +#--------------------------------------------------------------------- +# +# +# The workers that your plugins should create and work with - # ++# +worker.list=ajp13_worker + +# +#------ ajp13_worker WORKER DEFINITION ------------------------------ +#--------------------------------------------------------------------- +# + +# +# Defining a worker named ajp13_worker and of type ajp13 +# Note that the name and the type do not have to match. +# +worker.ajp13_worker.port=8009 +worker.ajp13_worker.host=localhost +worker.ajp13_worker.type=ajp13 +# +# Specifies the load balance factor when used with +# a load balancing worker. +# Note: +# ----> lbfactor must be > 0 +# ----> Low lbfactor means less work done by the worker. +worker.ajp13_worker.lbfactor=1 + +# +# Specify the size of the open connection cache. +#worker.ajp13_worker.cachesize + +# +#------ DEFAULT LOAD BALANCER WORKER DEFINITION ---------------------- +#--------------------------------------------------------------------- +# + +# +# The loadbalancer (type lb) workers perform wighted round-robin +# load balancing with sticky sessions. +# Note: +# ----> If a worker dies, the load balancer will check its state +# once in a while. Until then all work is redirected to peer +# workers. +worker.loadbalancer.type=lb +worker.loadbalancer.balance_workers=ajp13_worker -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libapache-mod-jk.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
