[Git][java-team/tomcat10][trixie] 2 commits: Add bouncycastle.patch and fix a FTBFS.

Thu, 04 Jun 2026 04:06:19 -0700 


Markus Koschany pushed to branch trixie at Debian Java Maintainers / tomcat10


Commits:
ed3e17b3 by Markus Koschany at 2026-06-04T13:00:24+02:00
Add bouncycastle.patch and fix a FTBFS.

- - - - -
0fc779b5 by Emmanuel Bourg at 2026-06-04T13:00:24+02:00
New build dependency on Bouncy Castle

- - - - -


5 changed files:

- debian/ant.properties
- debian/changelog
- debian/control
- + debian/patches/bouncycastle.patch
- debian/patches/series


Changes:

=====================================
debian/ant.properties
=====================================
@@ -2,6 +2,9 @@ compile.debug=true
 execute.validate=false
 
 exist=true
+bouncycastle-provider.jar=/usr/share/java/bcprov.jar
+bouncycastle-pkix.jar=/usr/share/java/bcpkix.jar
+bouncycastle-util.jar=/usr/share/java/bcutil.jar
 bnd.jar=/usr/share/java/bnd.jar
 bndlib.jar=/usr/share/java/bndlib.jar
 bytebuddy.jar=/usr/share/java/byte-buddy.jar


=====================================
debian/changelog
=====================================
@@ -7,6 +7,7 @@ tomcat10 (10.1.55-1~deb13u1) trixie-security; urgency=medium
       CVE-2026-34487, CVE-2026-34483, CVE-2026-32990, CVE-2026-29146,
       CVE-2026-29145, CVE-2026-29129, CVE-2026-25854, CVE-2026-24880
   * Refresh the patches.
+  * New build dependency on Bouncy Castle.
 
  -- Markus Koschany <[email protected]>  Tue, 02 Jun 2026 15:38:19 +0200
 


=====================================
debian/control
=====================================
@@ -13,6 +13,8 @@ Build-Depends:
  default-jdk,
  javahelper,
  junit4 (>= 4.11),
+ libbcpkix-java,
+ libbcprov-java,
  libbyte-buddy-java,
  libderby-java,
  libeasymock-java (>= 3.0),


=====================================
debian/patches/bouncycastle.patch
=====================================
@@ -0,0 +1,51 @@
+From: Markus Koschany <[email protected]>
+Date: Thu, 16 Apr 2026 21:54:06 +0200
+Subject: bouncycastle
+
+Small adjustments due to older bouncycastle version in bullseye.
+
+Forwarded: not-needed
+---
+ .../tomcat/util/net/ocsp/TesterOcspResponderServlet.java       | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
++++ b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
+@@ -65,6 +65,9 @@ import org.bouncycastle.operator.DigestC
+ import org.bouncycastle.operator.OperatorCreationException;
+ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+ import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
++import org.bouncycastle.asn1.x509.CRLReason;
++import org.bouncycastle.asn1.ocsp.RevokedInfo;
++import org.bouncycastle.asn1.ASN1GeneralizedTime;
+ 
+ /*
+  * Based on https://github.com/wdawson/revoker - ALv2 licensed
+@@ -216,6 +219,9 @@ public class TesterOcspResponderServlet
+         Req[] requests = ocspReq.getRequestList();
+         for (Req request : requests) {
+             CertificateID certificateID = request.getCertID();
++            ASN1GeneralizedTime revocationTime = new ASN1GeneralizedTime(new 
Date());
++            CRLReason reason = CRLReason.lookup(CRLReason.keyCompromise);
++            RevokedInfo revokedInfo = new RevokedInfo(revocationTime, reason);
+             if (fixedResponse == null) {
+                 switch (certificateID.getSerialNumber().intValue()) {
+                     // TODO read index.db rather than hard-code certificate 
serial numbers
+@@ -228,7 +234,7 @@ public class TesterOcspResponderServlet
+                     case 4097:
+                     case 4099:
+                     case 4102:
+-                        responseBuilder.addResponse(certificateID, new 
RevokedStatus(new Date(0)));
++                        responseBuilder.addResponse(certificateID, new 
RevokedStatus(revokedInfo));
+                         break;
+                     default:
+                         responseBuilder.addResponse(certificateID, new 
UnknownStatus());
+@@ -239,7 +245,7 @@ public class TesterOcspResponderServlet
+                         responseBuilder.addResponse(certificateID, 
CertificateStatus.GOOD);
+                         break;
+                     case REVOKED:
+-                        responseBuilder.addResponse(certificateID, new 
RevokedStatus(new Date(0)));
++                        responseBuilder.addResponse(certificateID, new 
RevokedStatus(revokedInfo));
+                         break;
+                     case TRY_LATER:
+                         // NO-OP


=====================================
debian/patches/series
=====================================
@@ -13,3 +13,4 @@
 0030-eclipse-jdt-classpath.patch
 disable-jacoco.patch
 exclude-TestJNDIRealmIntegration.patch
+bouncycastle.patch



View it on GitLab: 
https://salsa.debian.org/java-team/tomcat10/-/compare/7bd575cdd209fa4562e143bb6aa31c630d5b70a9...0fc779b514423b820c0d9de00a7424e1ba658ed0

-- 
View it on GitLab: 
https://salsa.debian.org/java-team/tomcat10/-/compare/7bd575cdd209fa4562e143bb6aa31c630d5b70a9...0fc779b514423b820c0d9de00a7424e1ba658ed0
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
pkg-java-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits

Reply via email to