Markus Koschany pushed to branch bookworm at Debian Java Maintainers / tomcat10
Commits:
8a30ba64 by Markus Koschany at 2026-06-02T15:43:15+02:00
Fix the changelog
- - - - -
d6e51b56 by Emmanuel Bourg at 2026-06-02T18:26:54+02:00
New build dependency on Bouncy Castle
- - - - -
8db6f886 by Markus Koschany at 2026-06-02T18:31:10+02:00
Add bouncycastle.patch and fix a FTBFS.
- - - - -
5 changed files:
- debian/ant.properties
- debian/changelog
- debian/control
- + debian/patches/bouncycastle.patch
- debian/patches/series
Changes:
=====================================
debian/ant.properties
=====================================
@@ -2,6 +2,9 @@ compile.debug=true
execute.validate=false
exist=true
+bouncycastle-provider.jar=/usr/share/java/bcprov.jar
+bouncycastle-pkix.jar=/usr/share/java/bcpkix.jar
+bouncycastle-util.jar=/usr/share/java/bcutil.jar
bnd.jar=/usr/share/java/bnd.jar
bndlib.jar=/usr/share/java/bndlib.jar
bytebuddy.jar=/usr/share/java/byte-buddy.jar
=====================================
debian/changelog
=====================================
@@ -6,9 +6,8 @@ tomcat10 (10.1.55-1~deb12u1) bookworm-security; urgency=medium
CVE-2026-43513, CVE-2026-43514, CVE-2026-43515, CVE-2026-34500,
CVE-2026-34487, CVE-2026-34483, CVE-2026-32990, CVE-2026-29146,
CVE-2026-29145, CVE-2026-29129, CVE-2026-25854, CVE-2026-24880
- Debian dropped the server packages in 10.1.52-2 thus these issues are no
- longer relevant for sid and forky.
* Refresh the patches.
+ * New build dependency on Bouncy Castle.
-- Markus Koschany <[email protected]> Tue, 02 Jun 2026 14:45:43 +0200
=====================================
debian/control
=====================================
@@ -13,6 +13,8 @@ Build-Depends:
default-jdk,
javahelper,
junit4 (>= 4.11),
+ libbcpkix-java,
+ libbcprov-java,
libbyte-buddy-java,
libderby-java,
libeasymock-java (>= 3.0),
=====================================
debian/patches/bouncycastle.patch
=====================================
@@ -0,0 +1,51 @@
+From: Markus Koschany <[email protected]>
+Date: Thu, 16 Apr 2026 21:54:06 +0200
+Subject: bouncycastle
+
+Small adjustments due to older bouncycastle version in bullseye.
+
+Forwarded: not-needed
+---
+ .../tomcat/util/net/ocsp/TesterOcspResponderServlet.java | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
++++ b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
+@@ -65,6 +65,9 @@ import org.bouncycastle.operator.DigestC
+ import org.bouncycastle.operator.OperatorCreationException;
+ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+ import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
++import org.bouncycastle.asn1.x509.CRLReason;
++import org.bouncycastle.asn1.ocsp.RevokedInfo;
++import org.bouncycastle.asn1.ASN1GeneralizedTime;
+
+ /*
+ * Based on https://github.com/wdawson/revoker - ALv2 licensed
+@@ -216,6 +219,9 @@ public class TesterOcspResponderServlet
+ Req[] requests = ocspReq.getRequestList();
+ for (Req request : requests) {
+ CertificateID certificateID = request.getCertID();
++ ASN1GeneralizedTime revocationTime = new ASN1GeneralizedTime(new
Date());
++ CRLReason reason = CRLReason.lookup(CRLReason.keyCompromise);
++ RevokedInfo revokedInfo = new RevokedInfo(revocationTime, reason);
+ if (fixedResponse == null) {
+ switch (certificateID.getSerialNumber().intValue()) {
+ // TODO read index.db rather than hard-code certificate
serial numbers
+@@ -228,7 +234,7 @@ public class TesterOcspResponderServlet
+ case 4097:
+ case 4099:
+ case 4102:
+- responseBuilder.addResponse(certificateID, new
RevokedStatus(new Date(0)));
++ responseBuilder.addResponse(certificateID, new
RevokedStatus(revokedInfo));
+ break;
+ default:
+ responseBuilder.addResponse(certificateID, new
UnknownStatus());
+@@ -239,7 +245,7 @@ public class TesterOcspResponderServlet
+ responseBuilder.addResponse(certificateID,
CertificateStatus.GOOD);
+ break;
+ case REVOKED:
+- responseBuilder.addResponse(certificateID, new
RevokedStatus(new Date(0)));
++ responseBuilder.addResponse(certificateID, new
RevokedStatus(revokedInfo));
+ break;
+ case TRY_LATER:
+ // NO-OP
=====================================
debian/patches/series
=====================================
@@ -13,3 +13,4 @@
0030-eclipse-jdt-classpath.patch
disable-jacoco.patch
exclude-TestJNDIRealmIntegration.patch
+bouncycastle.patch
View it on GitLab:
https://salsa.debian.org/java-team/tomcat10/-/compare/8c355fb50c52cf975554b748aded92bc63500108...8db6f8861dcf4ead6e1c6f8f6ccf4f7e24574cfa
--
View it on GitLab:
https://salsa.debian.org/java-team/tomcat10/-/compare/8c355fb50c52cf975554b748aded92bc63500108...8db6f8861dcf4ead6e1c6f8f6ccf4f7e24574cfa
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
pkg-java-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
