On Sun, Oct 28, 2018 at 08:21:55PM -0400, James McCoy wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian....@packages.debian.org > Usertags: pu > > Serf's testsuite uses some pre-generated SSL certs, which have an expiry > of 3 years. The timebomb has gone off, and serf is currently FTBFS > (#911714). The pending upstream release now has a script which > generates the certs, so I've backported that and run it every build. > > Since an upload was needed, I also included a NULL pointer dereference > fix (#893688). > > The package has already been uploaded.
Attached debdiff. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
diffstat for serf_1.3.9-3 serf_1.3.9-3+deb9u1 debian/create_certs.py | 262 ++++++++ debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list | 34 + debian/patches/r1792234-expired-certs | 324 ---------- debian/serfclientcert.p12.b64 | 65 -- serf-1.3.9/debian/changelog | 9 serf-1.3.9/debian/control | 3 serf-1.3.9/debian/patches/series | 2 serf-1.3.9/debian/rules | 14 8 files changed, 320 insertions(+), 393 deletions(-) diff -u serf-1.3.9/debian/changelog serf-1.3.9/debian/changelog --- serf-1.3.9/debian/changelog +++ serf-1.3.9/debian/changelog @@ -1,3 +1,12 @@ +serf (1.3.9-3+deb9u1) stretch; urgency=medium + + * Backport r1712790 from upstream to fix NULL pointer dereference. + Thanks to Colin Watson for investigation and report (Closes: #893688) + * Backport create_certs.py from upstream to generate certs at test time + (Closes: #911714) + + -- James McCoy <james...@debian.org> Sun, 28 Oct 2018 19:52:35 -0400 + serf (1.3.9-3) unstable; urgency=medium * Add libssl-dev to libserf-dev's Depends, otherwise pkg-config can't diff -u serf-1.3.9/debian/control serf-1.3.9/debian/control --- serf-1.3.9/debian/control +++ serf-1.3.9/debian/control @@ -7,7 +7,8 @@ # CFLAGS as of 1.12.1+dfsg-9 scons (>= 2.3.1-2), quilt, libapr1-dev, libaprutil1-dev, chrpath, libkrb5-dev, zlib1g-dev, - libssl-dev + libssl-dev, + python-openssl <!nocheck> Standards-Version: 3.9.8 Homepage: https://serf.apache.org/ Vcs-Git: https://anonscm.debian.org/git/collab-maint/pkg-serf.git reverted: --- serf-1.3.9/debian/patches/r1792234-expired-certs +++ serf-1.3.9.orig/debian/patches/r1792234-expired-certs @@ -1,324 +0,0 @@ ------------------------------------------------------------------------- -r1792234 | astieger | 2017-04-21 15:03:06 -0400 (Fri, 21 Apr 2017) | 12 lines - -On the 1.3.x branch: Copy test certificates from trunk r1704177 - -The test were failing due to recently expired certificates. - -* test/server/serfcacert.pem, - test/server/serfclientcert.p12, - test/server/serfrootcacert.pem, - test/server/serfserver_expired_cert.pem, - test/server/serfserver_future_cert.pem, - test/server/serfservercert.pem: copy from trunk test/certs -* test/server/serfserverkey.pem: copy from trunk test/certs/private - - -Index: 1.3.x/test/server/serfserverkey.pem -=================================================================== ---- 1.3.x/test/server/serfserverkey.pem (revision 1792233) -+++ 1.3.x/test/server/serfserverkey.pem (revision 1792234) -@@ -1,30 +1,30 @@ - -----BEGIN ENCRYPTED PRIVATE KEY----- --MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEVWBqG6vECoCAggA --MBQGCCqGSIb3DQMHBAiAagREZjJEQQSCBMgpHbLBzmAyx9f4YHhRnDdUm4ftQ7bR --6fF7sKxOD7fdJ+jgEB6xYBIlG9Y4+DDDbz3IvZgXIsweauV+WNscxnTHyJequoFL --qKFPY5bEc2hskZYsi/+LfvvguZLFm1vjK08sORYK2Kdy2hwmk3sTPQmgD2T/jZpg --vI1AkB+hXA/6AVJUVqSyAFH8u3WGr8Dxjz69YCQ+K9cPqYXJdWZzAVq/0ibSRkzL --mSLN8VoF810AXkFxCC7DKxg+mgp9dBdR8uuBXZ9fBOz5YCI92thZwd1iYsTetmWa --LoIS8xLMvuBaalAV8oQ7e0xuow6Cx9IjxlQ/sd8N1Xg+Z2vWTwnj9AOFIHU3s/N8 --e9L51Q9p6igZgmNm2N2+pUQ1Y5mest7gfJ1ka07ypSr0yzOnK7L41VCIposZuzyX --psTRy+zpGULsK0lG5mH0r1CZ88G8puwyUOaOk/yUhHgc4ZSOsDbeWdQ8UohHElUA --ZLkxwt2xWgcd8mG+FQnbXQZhDFII/aP/RBe7xfEwSQr8hhyP8fsyRmbuq5YZrkRw --mMyp6kxX8USKmeXxBEm364RdilFgPUN3djf7ljKCPOJ1y5OTzmBQacMbXGhbqBGY --PZUKE6szzsM1IYnrvUwP7Gf5wksR/VYMr1VnnpeBofaOJ0brXNF/MFiBE13afNT7 --JLUjA3QcAfmdYocfBTVQSM7umSBOrM7H6qsX67ye5ccAK9x1HikgxXRoqV/TxFgI --snrXEtiDrve+nvmPYlmgP5RGyl+bAxtGGjT6TZPlfGACb7xytCpNiOK5bNsgMx7F --ukOMiVE+sQJT95WnOJMXSmiSw2HmSBXwjpnEKNOYe+Cram64Vjaa8dFqIZSvUDMW --ihyWAYZrHro4hKmSdeCmrk4rkYH97BxG2Gm/6oRsEDCTgTUn7OYGm5bAmxz0WPSZ --/TQ7oYSQ3jUlX8q8NPhVPeHizjNwGWyYovmAyAzi3uPTIBsaIdeMiENyyZTXnSHq --IkfAGekcQ/IX6VWpZGiS3ilgSqxInSVfByM2gs2thdIQ1WEcDitGsAJxFPjnimjX --1WFk08/6aUDGK30Q9Mm2X3WjSTvCKq8ccd/bwjvQRepvzjRSl1vt6Ngvv88UPH1e --/0GrKcXNkBEoGqZSk4D60BFz0rpyDplaZLFVEj7ET85sHP+h5JYnKCpjqkHKQUuj --VVhVhjk6IGpVQZnbGf4PSoij61NUfwpKS4zfAHg7JQrl+7bUBreXYWg2+qXvxJOE --HrqYt2aQq9ilG3hrDXgU0+KTNpJEdteeH7ypoYcGEmlljDriwbmYs2lZ5QkgHb6t --1ue5WfnxkjTxxjeh3Aeu3QnHogQHwS4e4zzpiJC0xHFgWbsWVi2mSwtS0aZh9d2P --KCpMl8E7lVVDRcgFPn/36b4K9EvAoTfjEtubOU0M2fD1btQF5t0cNCmpnq6hxC0S --onPj3HGRBh6QxcaV+86UESEPQ12TJfzetXT/+KvVFrPLMzUhwmb8j+Ozb5sU6mPC --mCfhtCzyPW7xk0+X+1dmtUKx35MGaJlf2rbp9xEhML6vMx3qIxbO33f0mP0qiz8b --SLTC8P8VLObo9SCY3DeIqhC83DSXsm+taylHpFGZ0sDl8CXrepLyOp+iOSyGiq1W --ZqE= -+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIlu67PS+3+cACAggA -+MBQGCCqGSIb3DQMHBAhaSMe0OcI+zASCBMgDwEtC7nCmW9OIf8vqZDDOXlyiHNTm -+2nEYtKMfr8QSGYgzQwbVF7z+OUOLQDxJgFJbrKFNbw7ummGaAR8WszH3GoCm6p4H -+zAx61MyvM1uQzY1eykAj0/JD2/rwuwA68rV845OpB6nzz1ClrffvRPeiBuVyelyf -+WwcV57D+lD421FDATtF46inMtT/g7hv7EaFJKBMXWTbnPY3M7NIK8jKaoL5NgQ9E -+stZCZ4jmWVnhM00lUjevWz8RTsb6kZguTe7WxFl7TH0AlrpFjsYglwkZDzYnnvsJ -+KBwIFYFYRNA24+adRwa1TurRCzaxtj5DxRDoAaBVw5uiYVNKbrrB4q2uqePB6aSo -+Z6toK83FqZtTt1rHB8qbxWdKIJJiZsa0xSl1kGcWI8APmgzzVqyzDzBalI/Ze9pb -+5LR9IpLqcYhpvbYRmf8lwU104G5tab1n7ZY8Q37J7HrPVG0g5WIj/SrwvwjY9e/B -+oO/IFRsoyh3NJXUl2L75ra7vnk2h823R1k2YYOcnthRjQetq7CgblFQyS6Wa3bIJ -+iTSCSauTqNolDCER0XbX3p80gVoh9wV9ELKws+b3Fx+jvFgvDtdBRnSRenD548XD -+wy9n9/S2muffJw4D0xXFNfk2yVMjt4d7x9gbTgU8PUImoPZuNzj/bH9LKMgBYrdj -+a1tmRLXV5x6BuVmwoCk4ao10cpyOKmFpl2Ba79QqOIQqTOveSJyGK18fQBu6OJar -+WbvVbNhdISlU+/Qz9skxxRMBd87/MFK4D0YlWCdLBTvyVYEVQNk+HZjbuSEt34gZ -+ST3eSNDcUD5IzPLWk08qaOVt18EDrUMNcqNiG/xBTh+Ya0Q8QrU5Wii3eeFpLlcP -+3XOHadChmc/17OUyRcFgtfg1NbmOLtyk0Nbo9rLGmF1+3nrKba001P3oP9mbRNio -+iD/zaXsAUXt8PGLomcntXidyAH3Qgjw8Y1WI3GIUFS9EYND7YrK3kaotdv790+Hi -+xReOaL5zdviD9stKhNJicT33YsEu5XsTv1xxv/pAdDtMTP+YvUJURpju1G3S2RBO -+8gcs/X8A/bCjREEOm7VQYFvcBl02KCS5HQ0R5NKy/cj4Yx27/y8r4GUDIhxOOul9 -+JhCL1rLyEBSmuoL/tNTyCjPH/Mp5UP1/oqm0ZiFl8zfu4DfkZP1w19S1SFLlLRH1 -+dTclmX090orsTJcNksFNmH8sXOsLbWYjWcMome1NiKHyFfjTsdWhA4dZrw86tP/j -+4mOtGKwt+TFPtD/0UzwkhDVcW4Zs7jjPBtNu0Tts+XbNyRN8Oy38N6HCf+iHTuIN -+yjZBZvpyAFIfoTRCENn9D77LvmohU4LjNLJb6YwfOACnDrEikb0TYAj7AMw042q5 -+0Do+84bJwN1PXenVDQ1p+rc4zBB3dkDQjLXw7BaGn4X93egKNCZl3tirjf23pIsL -+yY1vyrODf44+p9PJoJmnmyOn3WzgJgdUAycX/JnGxdKxZWKrmvV+MMqyq3KUO+2C -+0JkEc3tJoR2crvOzLpvojLu3yhZOC/BQKitAYW54PL7lacxDgkgN6fSHg1lX1Y6Y -+/y0+IxImb5Rfees9++2f6kv87xQBBs3fMAYZR3/vA1oKzHn5RYx8x43D2DOgN6Vu -+35g= - -----END ENCRYPTED PRIVATE KEY----- -Index: 1.3.x/test/server/serfcacert.pem -=================================================================== ---- 1.3.x/test/server/serfcacert.pem (revision 1792233) -+++ 1.3.x/test/server/serfcacert.pem (revision 1792234) -@@ -1,25 +1,25 @@ - -----BEGIN CERTIFICATE----- - MIIEHTCCAwWgAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYDVQQGEwJC --RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT --FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsTElRlc3QgU3VpdGUgUm9v --dCBDQTEVMBMGA1UEAxMMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm --cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE0MDQxOTIxMTcyNloXDTE3MDQxODIxMTcy --NlowgaAxCzAJBgNVBAYTAkJFMRAwDgYDVQQIEwdBbnR3ZXJwMREwDwYDVQQHEwhN --ZWNoZWxlbjEfMB0GA1UEChMWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEWMBQGA1UE --CxMNVGVzdCBTdWl0ZSBDQTEQMA4GA1UEAxMHU2VyZiBDQTEhMB8GCSqGSIb3DQEJ -+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM -+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsMElRlc3QgU3VpdGUgUm9v -+dCBDQTEVMBMGA1UEAwwMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm -+cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE1MDkyMDE5MTg1MloXDTE4MDkxOTE5MTg1 -+MlowgaAxCzAJBgNVBAYTAkJFMRAwDgYDVQQIDAdBbnR3ZXJwMREwDwYDVQQHDAhN -+ZWNoZWxlbjEfMB0GA1UECgwWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEWMBQGA1UE -+CwwNVGVzdCBTdWl0ZSBDQTEQMA4GA1UEAwwHU2VyZiBDQTEhMB8GCSqGSIb3DQEJ - ARYSc2VyZmNhQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB --CgKCAQEA3HuEeB7EBW9i7ibiSNWwk3iCgJexF/ggQ+Am2lA7wnAWdnTjFWP+HKqD --o+MH3xkr5dg/SaNWmvV0OFGvIcZRgpoFaBSn+BJ+X6FKzF/S36q8HckAzScjr5KB --hubnSZR98m2jEcWyznGoDBahq+ZozYSJKKwirOhckrfOTWqlQvcjtk8pUdkTK/c8 --8qnDoRFgDuqRZdF8bcZ70bo24R2XnfGhb0T359cN+cfEcUk7UZs22+JvoAxjMB3/ --oODXHammr6+86t3SYTyXGpYnkUpAecVI2wtB61RbAbBt91jifQLijBNtYWfZKqjW --cvW+oNeMuUao479T/e0WZvAkaIsRkQIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0G --A1UdDgQWBBQQ9mwXNXPt7xaDnB1cV1JWfUxkhTAfBgNVHSMEGDAWgBQ8ffmGwxZN --VX8CrM99b6wUq4qTyDANBgkqhkiG9w0BAQsFAAOCAQEAUDHna1Mb33PCnwPoo46o --/4CypCDEkOsVIOvbFjs5viHL5O1t4/IcjWHv3OmXWar3iVdxe2kirGEcUNJkOldb --vQz70t82WMClD0HkTBvICMOoZyxxds6mkp94GTI5z83AmiNZFCcIoCLs0RFmUXuK --LPnIB6KyS5MY74YgwXZTWlVCtDYDOPfNpAfNgxmtkVhEx4Yv5kdVqc6DLcBIWx04 --qSXsL27091qt8t6g5xpf7rYrrAxyXWXDn7oF05F8ifmgvGekvI33Uj61ZoD1OJHQ --AY7qZcHXZL2pcVTr3xafrnaqUOeiacdHIwq6Hu3KkgLfJ/tjK6eKIxVs+PXj1Wlo --Lg== -+CgKCAQEArNOyobONvsFz/bA9pvhKTeCGhFVjMv1Jw7ooLW0jLn3yWaQ7iMFBLXp4 -+HjMbI9oLdVPfJgv7S/vpiX00eG6t/xuQb4+g2/0mcmOHuqK9bsEElkWyCP77SqV3 -+uqLcw9pqjz0JO2pUcNu4Uh7PtEJjXHHC3l18akZIX+GwISGzBP/RnWbiFP56vnT2 -+/SIgB3LIy0QBZHTyvggHFM9s7FvWcgoyoYhSXsvTwlRRjaty1RAKYQP13sbpwCh8 -+qTJHaG4gKoDC/IrO69tZIS7ulcWLLFpd7Qkv4RPQzmx5vezlZRkgqxjVjYGm2CcU -+sU+AbKp48mCQLHYrt22GB+2mLX8X9QIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0G -+A1UdDgQWBBTVcpNL7Ey5qBIxCHgYEyK4wCuVsjAfBgNVHSMEGDAWgBTdURuV/Fid -+HUONkLf8COJ7MCHscTANBgkqhkiG9w0BAQsFAAOCAQEASTtdzNrIx9EJzrryTYVY -+QrP4jl3DKeOGy9KN9HTClSuj2BSTFaizpzzxA++rbZs1Du8NxQWdb8kuIahLyUxY -+hC1ZXTdZCC9Ki13aO1kIdXBLNI9QbQwkLukObqj62aWhhW1Bk6fvkbMli6Zmtt16 -+Pf/9dPQjKq1H79bz1dArM0vuG4lNjy0RspOoTmfbbRAkY4MApY9gPoC5W9UdHKzB -+wVg/YMgEzAaKXAhgKExM/AGCMdprJFK9btDAJzkU/YLYd00EgEGrUmvwyYpANydP -+l39A1MB3Nkb9rQeyfo32Do4cDbhRZZMlDhWN3984cg5zVHwBFzUOgKZwV/NrRGNZ -+iQ== - -----END CERTIFICATE----- -Index: 1.3.x/test/server/serfserver_expired_cert.pem -=================================================================== ---- 1.3.x/test/server/serfserver_expired_cert.pem (revision 1792233) -+++ 1.3.x/test/server/serfserver_expired_cert.pem (revision 1792234) -@@ -1,23 +1,23 @@ - -----BEGIN CERTIFICATE----- - MIIDxzCCAq+gAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJC --RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT --FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsTDVRlc3QgU3VpdGUgQ0Ex --EDAOBgNVBAMTB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl --LmNvbTAeFw0xNDA0MTkyMTE3MjZaFw0xMzA0MTkyMTE3MjZaMIGqMQswCQYDVQQG --EwJCRTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNV --BAoTFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsTEVRlc3QgU3VpdGUg --U2VydmVyMRIwEAYDVQQDEwlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz -+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM -+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsMDVRlc3QgU3VpdGUgQ0Ex -+EDAOBgNVBAMMB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl -+LmNvbTAeFw0xNTA5MjAxOTE4NTNaFw0xNDA5MjAxOTE4NTNaMIGqMQswCQYDVQQG -+EwJCRTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNV -+BAoMFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsMEVRlc3QgU3VpdGUg -+U2VydmVyMRIwEAYDVQQDDAlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz - ZXJ2ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB --AQDPSJs4Dhlb9JpmS50uOfAN0lOFkU89FEU4SAGziNcuevcOM87dsjENMpwMJrC+ --Emepkf5KAFkSRRuIBCms2Hx0Xm/LPRXhXMys2um3U/lkbu+HqPtWwhr9vsA+LjYG --787943qnfSPvOSssedVKkg03HchCzlko+iL3dQfQFyj7/Ew7Lh9K+TiWTnlrCGY9 --gS1NgKK+kEfXoBUp2+Fq1aUiO2wGKNK9ntcan28pIuJljBtI9hEp93Gs95zl2SR8 --e987YIveip2ofXrGEtGGuXftg1VE+jADJNBcByRpRS8cwyFx1sI9JUp/Uj899R49 --r706i9vPwLwwRAlDFB23m2ffAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD9aCwa9 --LUEF+bZGC5dYAmXDPDJdd/wa+sJcjFKf6/iDYowBMN/Rbd122XwFyPxkRa6jKqBF --0Ub6mVXjjj7/B/nhO7g/ZjrhVBPdlUG8ehoCLtff2lME/BNDysj3dF/gKtJYdl6+ --7dvRenLG/MX8Vg/VBP5ZBLTqPms5VT570nFUidMkIK+tIBwuHFu499SXg1bI/pEF --Jy5sUDXQD+acwDRV1aSnggwykkeH1loFkFmecdHGXip1/XLB0ts7z8lQgPC8PiCT --xflJt4yg1U14oJkz65wrIuBt9m5GeZuca+F+BZQSN+annaXKfrPi7kOYd2BeYiz0 --t4xQp6/lhs52tj8= -+AQDBx5VPS8uSwXFD/sDrfJXSSr+eedVpzXsme9MpOMdY/+Z5GOd94S0Q8RoWIeSo -+ffkIAbcdK0v2EI8Wu82Kio8Y/DBkBiOCe5MsTHzSg+uvC4/FARXUAZfsxqgPQmLc -+99GtPSVkZwbk7gYFnmhJSNM6fRG5vb0t3WJA7+xkzUoL78WK76hlhfAZ0Q6AzlPl -+pMOXAF0YKKhghGo1/vKd8i66o54SLZ4FYkR/LCW4b/hvLZGND75hYR1ujcwI1IyE -+m/geBtF8BfKSqNVsjxDULiWQ2egK6BwtOBd+IyYJOjElQmak0guimykBOIkiv6r5 -+Z/np1OXr5v4AWW2flkPYFL1ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACPTIazy -+1oWLHfuOGE8a3KGOyfsmRG70J+/08noxOb+0kC4/cAVFMvrLQJY0qYINmkeJjch0 -+KW4/D4RZis5lVaP4qU+ctCJ/OHnNHtVNza9+RdSzC6K4JWcQjZ+sD1wQ5/rMtoJ9 -+yzblrps8BKZvN6a+loVIUXtwHXMNjM7DP5gHNeOA8MGn6vz8cC9Wrmyi+kA52Aap -+EMGwWz5kmIyYX6zq8zngOVh1hGaw0qLEmJpZ485e+ow5YyIUI7EfxyDWIXifId8h -+aFR3A2jDL17gnwR1DvNtyFMNk++1oOdm1II9ueQQdMY55CJgalZUO72qW1HLiagf -+sa1VMFzmN3HpGCY= - -----END CERTIFICATE----- -Index: 1.3.x/test/server/serfservercert.pem -=================================================================== ---- 1.3.x/test/server/serfservercert.pem (revision 1792233) -+++ 1.3.x/test/server/serfservercert.pem (revision 1792234) -@@ -1,23 +1,23 @@ - -----BEGIN CERTIFICATE----- - MIIDxzCCAq+gAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJC --RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT --FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsTDVRlc3QgU3VpdGUgQ0Ex --EDAOBgNVBAMTB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl --LmNvbTAeFw0xNDA0MTkyMTE3MjZaFw0xNzA0MTgyMTE3MjZaMIGqMQswCQYDVQQG --EwJCRTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNV --BAoTFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsTEVRlc3QgU3VpdGUg --U2VydmVyMRIwEAYDVQQDEwlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz -+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM -+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsMDVRlc3QgU3VpdGUgQ0Ex -+EDAOBgNVBAMMB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl -+LmNvbTAeFw0xNTA5MjAxOTE4NTNaFw0xODA5MTkxOTE4NTNaMIGqMQswCQYDVQQG -+EwJCRTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNV -+BAoMFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsMEVRlc3QgU3VpdGUg -+U2VydmVyMRIwEAYDVQQDDAlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz - ZXJ2ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB --AQDPSJs4Dhlb9JpmS50uOfAN0lOFkU89FEU4SAGziNcuevcOM87dsjENMpwMJrC+ --Emepkf5KAFkSRRuIBCms2Hx0Xm/LPRXhXMys2um3U/lkbu+HqPtWwhr9vsA+LjYG --787943qnfSPvOSssedVKkg03HchCzlko+iL3dQfQFyj7/Ew7Lh9K+TiWTnlrCGY9 --gS1NgKK+kEfXoBUp2+Fq1aUiO2wGKNK9ntcan28pIuJljBtI9hEp93Gs95zl2SR8 --e987YIveip2ofXrGEtGGuXftg1VE+jADJNBcByRpRS8cwyFx1sI9JUp/Uj899R49 --r706i9vPwLwwRAlDFB23m2ffAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHL9mzR3 --o5K3pTnSVzxE6DE/BiXY1SutA0Bp6r24aiITl7QBn0oeXo+BCm1k46W/7zL7IExQ --sIfd07P5yrgeDlpmI3ciYD9x1Lumxks4j0HJBkVfjE6M0tCj9JTDKDUeyNkaYybL --TN60dlvAaBrtLrpoYOJNFQNNgmZqUhu2VxPXJzMZrgZiv3g4YqBIBLzI64+bBQ5B --Ap/DgzNbyMVDa/+CL1rU2editJTI39uU9feVVB35l5ZCb7cahcxE7y9xMhNx358B --DuGsLXBOs6GHf9h8M+yLr1VjtN7LebkRmwSry/IKB7o6VkWOFXghMLOfSyzBwfFP --EK7YBZc1B+X5xjg= -+AQDBx5VPS8uSwXFD/sDrfJXSSr+eedVpzXsme9MpOMdY/+Z5GOd94S0Q8RoWIeSo -+ffkIAbcdK0v2EI8Wu82Kio8Y/DBkBiOCe5MsTHzSg+uvC4/FARXUAZfsxqgPQmLc -+99GtPSVkZwbk7gYFnmhJSNM6fRG5vb0t3WJA7+xkzUoL78WK76hlhfAZ0Q6AzlPl -+pMOXAF0YKKhghGo1/vKd8i66o54SLZ4FYkR/LCW4b/hvLZGND75hYR1ujcwI1IyE -+m/geBtF8BfKSqNVsjxDULiWQ2egK6BwtOBd+IyYJOjElQmak0guimykBOIkiv6r5 -+Z/np1OXr5v4AWW2flkPYFL1ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAI6WJcKh -+NItjHNK5d8crJU+SGXgqQ3nItMEdri23lCALBdxhtPKEdrN4K3r8zZVFdb26qMDa -+c45Ap4xCGYtjV366wQ6W414jFFevaHQBAoBe4m5P41ZXqF9IxxhGOlyhY3vn3KNQ -+N5V7ZEykcFDmRMt+4eAOfnoIhbjkmt2UA+t9Bc+Efb44wcr1QDKcdD/Q8Kg4ktgc -+r5u9zJeZg4nTvCn0mhj939CMalx1TC/13k/sbCLPYA0VMHdo/7JL4LuedSockPu9 -+ykn66wmX/epHouRlrtapNY2bC5DO/Q4BPkzwUzK7Br8cw8oe+dM/FmwmgKPyWwHg -+yjlCT0D4mUvHaAU= - -----END CERTIFICATE----- -Index: 1.3.x/test/server/serfrootcacert.pem -=================================================================== ---- 1.3.x/test/server/serfrootcacert.pem (revision 1792233) -+++ 1.3.x/test/server/serfrootcacert.pem (revision 1792234) -@@ -1,25 +1,25 @@ - -----BEGIN CERTIFICATE----- - MIIEKzCCAxOgAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYDVQQGEwJC --RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT --FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsTElRlc3QgU3VpdGUgUm9v --dCBDQTEVMBMGA1UEAxMMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm --cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE0MDQxOTIxMTcyNVoXDTE3MDQxODIxMTcy --NVowga4xCzAJBgNVBAYTAkJFMRAwDgYDVQQIEwdBbnR3ZXJwMREwDwYDVQQHEwhN --ZWNoZWxlbjEfMB0GA1UEChMWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEbMBkGA1UE --CxMSVGVzdCBTdWl0ZSBSb290IENBMRUwEwYDVQQDEwxTZXJmIFJvb3QgQ0ExJTAj -+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM -+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsMElRlc3QgU3VpdGUgUm9v -+dCBDQTEVMBMGA1UEAwwMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm -+cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE1MDkyMDE5MTg0OVoXDTE4MDkxOTE5MTg0 -+OVowga4xCzAJBgNVBAYTAkJFMRAwDgYDVQQIDAdBbnR3ZXJwMREwDwYDVQQHDAhN -+ZWNoZWxlbjEfMB0GA1UECgwWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEbMBkGA1UE -+CwwSVGVzdCBTdWl0ZSBSb290IENBMRUwEwYDVQQDDAxTZXJmIFJvb3QgQ0ExJTAj - BgkqhkiG9w0BCQEWFnNlcmZyb290Y2FAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 --DQEBAQUAA4IBDwAwggEKAoIBAQCsSwBl8wpBCuSvD4EQX1pgOfoKCLlYf0LExusE --x+Kiz7ZemlOvGffHazpLbYA1nMi+sKYe3Y8LTJnMaQm3V3eDG/qP84X6FP8vBlfS --DJCeNoQ3+oZUPLwKzrV9SZh96nXDXWsMYq3wF/4jjl1ZG+Xz3gRVD60ZEblYN9Hn --dPLmnZaMn3K1HHgMqNZPUs+q85/w3BxdcGLU8oaWR6esdMa8jUjcqMAnh0JOz2mg --uiEQex7tafz77whf2WPJ7cxY5fAFnBMM8l35QQA49ZA+I9toVyP7fadMkjB8g4so --o9z/5ODh4sB5YVnFltSTFRFuSj7pau5Yn4wJGlJas5JgmIZjAgMBAAGjUDBOMAwG --A1UdEwQFMAMBAf8wHQYDVR0OBBYEFDx9+YbDFk1VfwKsz31vrBSripPIMB8GA1Ud --IwQYMBaAFDx9+YbDFk1VfwKsz31vrBSripPIMA0GCSqGSIb3DQEBCwUAA4IBAQAE --zB/Uco7La4sgXBxKAbMa75B01eR/3Ur9Xl2eHzQKbsEte1ERXPxtu+bS/WP+5D/A --1OKNVvFr0KqK2xlYXjXrjfgXZEc5nizLtnqHq/iE4PKwfptJFTeIexjv2WK5ErnT --PaF9dWDpwhOjiUcdU9/ILWE3PcIgrffr0VYqNkO7/vPTBablreJbPvT5vDMnm9Fz --cVBDmlUvg7M1+G7XVbk00Y6yenI2j+q1DkAuYBcQb3xjsFdMsVsCN9F6/4BWhS+f --z90CFM3Ndu0xXV8t+cl0mAljluRfxFjTCB7GxgxzKtPYHTQUtUfNKhVohNk4IF1z --sO9kZ8pSTplTJ9Q8hJfi -+DQEBAQUAA4IBDwAwggEKAoIBAQDFuK4gqHm89lXVVX7PiHgXAJQRhMd2B1da7HhH -+2684/ELutwspKqsdsfDAQUNI2HkvQdklpcR7D+Q9wr6qLV26/vBS/GGFbLV2EYXu -+ezdlSW+bawKMRzQ++w1nclu9ZczPnYw21R/h7rFrYXChA+iklgNm0ZOmeI/vJ14i -+iT4eh00lQbrf8/jtqVt44h+2PvuBDOE99H1EG2H8Sdwd55S07zv3qx5jDyUgBtp5 -+BoAAVRMM0tzyHe4fJvSu8FIyCPxkjvkwPTh0thg5rSD1BUTRhbj5zlvoq5D2WWnW -+zYM32neNBa1qOIQrz5KeBXgTb+jaLJuUxmKnbbssBvO1LD2tAgMBAAGjUDBOMAwG -+A1UdEwQFMAMBAf8wHQYDVR0OBBYEFN1RG5X8WJ0dQ42Qt/wI4nswIexxMB8GA1Ud -+IwQYMBaAFN1RG5X8WJ0dQ42Qt/wI4nswIexxMA0GCSqGSIb3DQEBCwUAA4IBAQBa -+peHLvPD9qy27XfvEmAfshZDC95+QEe7YEncKztP2N4OIAtTf/otOIdTA3bQF2HeC -+Pb5TZU26/l4uPcrsDAYYfHxfZ5ijzp//aL3JfRZA5H5TdIXtTnS0F1QoWdCbcdtg -+SVcuwphz2rTIlQIibMKxKmUY0GMYqLohXAnzWm6ne7m2EluAc8hHAE562/Z3UQsS -+IMWkMHhsJnZCt1qcZ93ZIGuTEcRvVB8TFOV/o5WMK+bW2T9JZ0CP8h96X4YLgfEI -+WrHTiIojvcNeviCC4Wu6AIWTg2Q3uIKBt8xE564QuOLNkvh2RDr3rPsgpI4xE5kf -+3q2PBC1IAhlLRm0qlzzB - -----END CERTIFICATE----- -Index: 1.3.x/test/server/serfserver_future_cert.pem -=================================================================== ---- 1.3.x/test/server/serfserver_future_cert.pem (revision 1792233) -+++ 1.3.x/test/server/serfserver_future_cert.pem (revision 1792234) -@@ -1,23 +1,23 @@ - -----BEGIN CERTIFICATE----- - MIIDxzCCAq+gAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJC --RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT --FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsTDVRlc3QgU3VpdGUgQ0Ex --EDAOBgNVBAMTB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl --LmNvbTAeFw0yNDA0MTYyMTE3MjZaFw0yNzA0MTYyMTE3MjZaMIGqMQswCQYDVQQG --EwJCRTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNV --BAoTFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsTEVRlc3QgU3VpdGUg --U2VydmVyMRIwEAYDVQQDEwlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz -+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM -+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsMDVRlc3QgU3VpdGUgQ0Ex -+EDAOBgNVBAMMB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl -+LmNvbTAeFw0yNTA5MTcxOTE4NTNaFw0yODA5MTYxOTE4NTNaMIGqMQswCQYDVQQG -+EwJCRTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNV -+BAoMFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsMEVRlc3QgU3VpdGUg -+U2VydmVyMRIwEAYDVQQDDAlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz - ZXJ2ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB --AQDPSJs4Dhlb9JpmS50uOfAN0lOFkU89FEU4SAGziNcuevcOM87dsjENMpwMJrC+ --Emepkf5KAFkSRRuIBCms2Hx0Xm/LPRXhXMys2um3U/lkbu+HqPtWwhr9vsA+LjYG --787943qnfSPvOSssedVKkg03HchCzlko+iL3dQfQFyj7/Ew7Lh9K+TiWTnlrCGY9 --gS1NgKK+kEfXoBUp2+Fq1aUiO2wGKNK9ntcan28pIuJljBtI9hEp93Gs95zl2SR8 --e987YIveip2ofXrGEtGGuXftg1VE+jADJNBcByRpRS8cwyFx1sI9JUp/Uj899R49 --r706i9vPwLwwRAlDFB23m2ffAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABp4mfjd --CCixsQkBQAzHIBO8i/UC1XRwYy0Bfjq54PNp608Z6h0Oh2igODJ9y4j69ItgWOda --4jK1xrkUD7p7SFR2WQdEO4hWwq3Rlsknj3SLsyfESzK4vRLO2c2LU1Uyfset5DMP --ty7ja2Bqwy+o86u/vbYfU8fA03xJuFIUrztauhVl3vi64v5y6kUUMRslQQSo7pam --jdDwN1HABeQGY73fAVKRHo+pe5a5yXOJ//wm2cH2CcIbWNbK4BSmBj81fgmgvUPp --JbmQw7+qy4qcifDbiIiCBhTWwgHSozYwtrprQ7vFvnnxO6tjcaHYZYjSNb2yIrEU --r3cl/ZbuP1O0aW4= -+AQDBx5VPS8uSwXFD/sDrfJXSSr+eedVpzXsme9MpOMdY/+Z5GOd94S0Q8RoWIeSo -+ffkIAbcdK0v2EI8Wu82Kio8Y/DBkBiOCe5MsTHzSg+uvC4/FARXUAZfsxqgPQmLc -+99GtPSVkZwbk7gYFnmhJSNM6fRG5vb0t3WJA7+xkzUoL78WK76hlhfAZ0Q6AzlPl -+pMOXAF0YKKhghGo1/vKd8i66o54SLZ4FYkR/LCW4b/hvLZGND75hYR1ujcwI1IyE -+m/geBtF8BfKSqNVsjxDULiWQ2egK6BwtOBd+IyYJOjElQmak0guimykBOIkiv6r5 -+Z/np1OXr5v4AWW2flkPYFL1ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEGt3pLx -+BwWeRd19WVsXpOoUMLtRbRUGIJtouFSIwH4XTexqtGvW7iPsMRaeGC9NFRCmJJP/ -+Pu10+tpBT7BpW46ObfvLAbDi8r/LlHpt8qajAO7N51/ELZdyDbW29mry+562eF1C -+fVsk6U97hDeqbXpOCgdaFoyIGiQRCCstkCG8kGOOajRlrGfxo8+VaqU877NzWyf9 -+fAu+q7SrzWCpOCbcjylICJc1rtNNnLjnSsw1gu9as7PBdI6MJSGID3BxYENDJCPL -+bzZfmCG46De6+MiVI4jJyL7RWjRNjR7zyMdoUEEMXyfn3Oy4H9KCly1icTmMwmz9 -+Wy1l/P9tXx5hj4I= - -----END CERTIFICATE----- - ------------------------------------------------------------------------- diff -u serf-1.3.9/debian/patches/series serf-1.3.9/debian/patches/series --- serf-1.3.9/debian/patches/series +++ serf-1.3.9/debian/patches/series @@ -2 +2 @@ -r1792234-expired-certs +r1712790-serf_bucket_aggregate_prepend-empty-list diff -u serf-1.3.9/debian/rules serf-1.3.9/debian/rules --- serf-1.3.9/debian/rules +++ serf-1.3.9/debian/rules @@ -25,7 +25,12 @@ scons $(parallel) GSSAPI=/usr CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LINKFLAGS="$(LDFLAGS)" PREFIX=/usr LIBDIR=$(libdir) ifeq (, $(filter nocheck,$(DEB_BUILD_OPTIONS))) - base64 -d debian/serfclientcert.p12.b64 > test/server/serfclientcert.p12 + if ! [ -d debian/distcerts ]; then \ + mkdir -p debian/testcerts/private debian/distcerts; \ + cp test/server/*.pem test/server/serfclientcert.p12 debian/distcerts/; \ + (cd debian/testcerts && python ../create_certs.py); \ + cp debian/testcerts/*.pem debian/testcerts/private/serfserverkey.pem debian/testcerts/serfclientcert.p12 test/server/; \ + fi scons check endif @@ -35,9 +40,14 @@ dh_testdir scons -c - rm -f test/server/serfclientcert.p12 rm -f debian/stamp-* .saved_config .sconsign.dblite config.log rm -rf .sconf_temp + rm -rf debian/testcerts + if [ -d debian/distcerts ]; then \ + rm test/server/*.pem test/server/*.p12; \ + cp debian/distcerts/* test/server/; \ + rm -rf debian/distcerts; \ + fi dh_clean reverted: --- serf-1.3.9/debian/serfclientcert.p12.b64 +++ serf-1.3.9.orig/debian/serfclientcert.p12.b64 @@ -1,65 +0,0 @@ -MIIOWQIBAzCCDh8GCSqGSIb3DQEHAaCCDhAEgg4MMIIOCDCCCL8GCSqGSIb3DQEHBqCCCLAwggis -AgEAMIIIpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQInYTHspcVEugCAggAgIIIeDdqU4+0 -++w3j7MOd1mQE9NdJC2bLf8gh2eI4suNDJMlROSyobsuL1j8Keobq1R9/Jv1S5RTjYtLgRHO8QaL -wvKkd8Gtu8dHvQeG2rprdpcvu2u0uN3V7dwyfJSgmQBMoPQJJTVZMr6NCu/+1vWBZTMSE52MPLQ3 -FlVdWNFxKQXLjAWcDeLTEtRLg00mi4tPI62CCbpeDZ/Zln5TnDiYNN4rIZBgJ185VzhF/EvuXpj/ -MUyJ9iNEpPSL3C7Lk98D7DgvHIII87oQwqEBfPI0KvYeUPs8tkgVbxvdNcpxcYjca/PI5NhZiazG -lhtdWtwwrf0FDP5IlCNsbKErulfHQKc4qzF+KiUeHZU9ex5YyNN7xlTLtYyVTfF0wD5aIAWodYE1 -c8dhjlCn2wZCyc8xNfHMh/57momRYoZfoUl0L+gt2b4gyKEUzJ6X0bQDDFWZawa/LrVjxULYJlRm -ngUOPdVke0CBrgnxuxgLZrmEjvGJjSmp670BMDgiNu2DYPFkl8vuTTmqNvQVjDNzaJHa7LXDcDmq -4Zsqu0yfBytHVCmW6G1z7Hko07U403d7CoEI5qEvC9LXL7BqOaFexu1Qln/KNNSZUkeON3WVOc8w -9Qxwp7x0tPgtGwStqd7z8uNFlSNY/udb3YyQwHGvFj1AEOJZdSPIV6NNyBU4YPBHVtpko7dAaQye -qabSN0gE0y3iZ6o4vghJSNJd0VPBR+dnmvzyxafn1bK/ZOZkk/tMU2RPqsvsFOrlQxBG/bz7buDi -Fk/wcP9RTt5yn3+vSqCqKwvTfeLcwlwQhemPqNINrOMIkRAhjCUXnwpawCfPQekW1vNEIhtZEUav -xEmeyRrfebnc5ocTmrd76ETJ2meBnDrbJfq2voXlCNFp9c4rLDSR/zZP9EC8nFU8BimSUSby5+A+ -bWklobR9g9KcL6SB1HEiuADZe9V9Ws7uNYfo3b+mIJUoHuli9gGlTekyXs3MPyVIdMhprjVLLrlc -hWJyHrFZ2NJulI9K/Cwmb6duvammn/aqBWoIPFNYNXmh6+J5X2V/qHZ00REJVF2ocSQCppVFPEQ0 -4xqa21JzZ/Fh+4ieajujahbolyJf5jU1UQHPTOpp3o8G0dkjQ1EOLgETOYtNTCY8TbQFfZOr8VuX -nXd0PTfx3wNkYybg3NYnUauKTBTrtux4n3HmwoPG8iCHps8scFKpFSFit9D4N0LpznABrvT0vCi+ -Ld5Pb93YRPLYeqtu83mEVk8GbXUNoaYjXKu7jUtFfZu/peLTCI04tROhBd4OPISFelJgZ9nnn4zD -3Ffi3vQMT3K1SGujfYgO7FTbqqEyHAcNIriF4IkZccrkAcM+QlySplArNxy2UEfFh//AXt7wWlSg -uCIeKxIRzsaw4u/uZsfWZkJXoRSRjTFhXDMXOSdt/rd3Cdp9ggJ81l+1cPkXRcyq/h9d0ApubCoo -q6wIKNelYdmb6A0F2vPfc9DASmA1mzPFf6/80419Qinl6o8hCBB+Yvx/y3Sr2s3F3oobCXeSmcEU -3CPrccdgBQJzl+JdtPSWwZc9T64faxA54yM3TOV5yuHiWKWTQW/e4q7bvotb90xHROELbaSaC6wH -70aW6vimJKL9xeyDaQyt39JYa8So+NsRv/dlxcAdkOk2RoXjtTRP+DSbd8R/T6y535MXL5B8GfKG -qMJvcOUwywc1JGLzuauv1yaBWYiiuozuRWVYCtEsj7+SIUgVsbBgoaLWPsp5oHt9XSya8+zwfEyi -M7woNc84VRvr0t6da1Oph3hsC8aO35odkhWJ3ujfXFpKTdGHunRjqjUmITC3W+39idn5l21CP3oq -JlkiB8MPUqJMKXp4xOnAxvEif5upyX8Q640VUwtmhWZ4owIF+0hnyBLdhSYKIeEWDw7LbZe8rY6J -rsJ+0TFyZWvM/1bPucA7L9dGA9MIce1Av56VwAZ5sbdRspAm/vb8Zt83+JgaTBJuGJ5X5UukF6Ep -uxCIKZKvGZ/LCk2PaYU39PxnzUPbYGvDrOlTAcCyWA75gegp0DZ9nKeieF2C6BPwS3vy+2EGDC46 -HNh77/2JVlI3BF4sChsv73KXzonoF6VJBqXwlsl/eyPSIeD5qmMesyXJ9EsetLKnFRvOF2YnG/wx -uzEcNiqz/BOZofusu+112yrFOTCKL2AfZmbMFodWQgHBg5Zu4Nd62rEHTjyGaXfAHMrm4MyR/Jef -swILOaHKyPyPiZWS4doh3Uot9iD6A0GMu4Ox6Hn/c9SyFJCWxkkqA3FsLRsYGb8TnvgVt25nlHOP -FlMV4jHICLoXwDjZatiQK2Q+1FebcIbbQlwtjjsnqT1iZVpCLImlIs7QHLJj7G39jkkeV0ltH7Kk -PlfoTIvh3RRJUJnxVN6KWYbFE1r6flvPYp1eG8vvSwcRyz3Qdf4m5++mTBgwyjQOIBZUM5CRMh2M -WdOtLHlXWmPuhYu9BrxV9k5X/XgqLOkB6bZfaafb3Rwo1flJ6+36qhfJSz/zDMUmmZEyR5/DlUtH -Crx67bHAPh0Ny49ctVHVWbsM4gXhnGCTGtO3PoJKo8VLjpWDx0eejk7fzp09BbhXfKqaHs5D3bhY -aV0/jS5/Ri0Lv+9gD6r6mwtOjLm1jYeljniX3oyS1torZzjGOLxQdA7HK2rqSI2O/LcKym0WlsKI -reIDD3SqDURxQ/C+emD5ywuD9fLoCPm0PZzoV1EJOW4iC0AOIAD2cRoxOiU6YoqOfT97F6AL3aNt -yH0O0YZzS6hBBkgdZk9V7vxTXUxAsGiNhMbe1u2RpGyWcEabTKNMQsopX4B/HHoYfB3Ec2oxssIR -WkAoepUFdjElIWSfBrTixS7e66FxRcGExAUty1t3iAanWuMyBEy0O5gVdDYz/9F8xlZf1TdiMIIF -QQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG -9w0BDAEDMA4ECOJz0inVGvG2AgIIAASCBMiCqDG+EbKn329zRIWZ13XP2TbF6ZG+5DgbAlriSP9S -lgHGTj9VmGueiT14e+JH+y08s1Ho4mGmTFfYS2Hy0FBwceM8m4ldpJKOT7CTNG/JesNw7JdtIZdM -WT3TC8SXzX2fhO989oR1JgWGZoHsyNPxzNS3BYgJzZ0+yeSH1tF31QyP/9RQal7fVtL9BxU1/32P -r1M2tK44CObgx/Suiztb83Knz/Prln4LHlwqlUXqyHEO5M3d24zTv8yxbSatr3y9yCmZEtP/8Y6h -SL3T+30355eNz5UoTukrVdZEzCA/dDjOzWoBWvoxQIVZQBqFpJFEpB18LVhUlM8zxYC+hYHvNWAZ -FelTFrb7tXaaROC78mlu2tAWngy6Cwue1oLyAazYI8V5T0XQYIHO13ATbgLxSJWqwRgeCp3wS1eV -4RWRXAqCHvyLw8mLnW4uSW1lz9aCMVT5sg7s9bs5O94okHFKTU7+lI2W3H1Fs+K0dJuDu9b1EyR/ -k/MCHTB++bbZRdycPby1thmL5Y/+D4StmEbd8bD//b/DCfs4q1+fNc1Rh9C0OtME4dcHUbO+WO1W -qSXbO2yLT/EaWv569a78Vc449T6h4Yd8QfhcbeV0WlN0XECkjgjpfL8aCEt7f8FpTZdmIGB0DAEj -hWUqrpxxkeey6A4f84FJyFzFQStOVW5Nq5h+xEJa+x3XuKH9zCIWUtkh26W38ge6LZOm+HNLJHz3 -gJ/oHkGcpix6eJpUmBxi89JRk3HcbTFWbXq9PsXHNrwLNSnz46+G/IAdZYEbZ5/vuUcx9D3hYNXv -IDt4/dl89Racdby9wuSMlYOPM+isOMQXPQBUTWUxlMWBmgmB/vnF+Oa3oHe4/wUor5vcu09eQCME -6ut5nyT+0sjLQ3Gw3w5vruvb6YJ3w4X0PSMP/0lbD7TSalUeQlpk4tJiGh1nfv9uyPsTzCyc2kFH -D8DBqobZa+QSTbB/sFYHI3aJmAeBp81U6pDT/nzqM0BqOwyt/slmLb6gv9GDL12ipiLkspbSiMUf -y3Lsb5hGBnhiQ+/z75O+yWxY/KmkQW79o+e+aIMaZZN56q76rLWghuUTIzjPeG8BcDhorPKg8oKF -h9iEr+ICPOSolTsy1ZN8/9O5ciT0X0UHqpq6r10mWA5P012/OthccHfEFslC3bv0uNDtKj2vHC9U -fBf5SLoCu340eZmhkHycJyGDeG+O5sRpm4RBP9FfkFvamLNy0w0UeVeuPz/TMESRkfN7zg+qeCVf -jzFTf/qAHHccU0Luey+tvQesyfGsnQOsgRPVnq5cgaGyYUS3Le4mQs/VXuEpCiJAFDDKsdBMZR1F -LNEstM+F3Xe9sgE02cQM6pTSLx6poGcsLPYMthNmgeECTEhyd0x4DECrAX6OzBEacqAAH388omfh -GJDQ/X65bnomNx4UACmWwcgMH2d/UJeeZCzOYlpsTF9X9oos1mB6GqQ1uyRqv4/1LSgWFL1YfaTq -pYijdYNOYbA+0eR4g1O24KQcityGM0nFbsug4bXoa7zhB0nIOx5LU56Qw+xrzgqaGp75q1JrxtYe -uNwLlMMwmHuq81PkcjIhBagWhlpXMR9HcXUd7vf9l4glivvEprfIo0aqyv7WZc3SvaprrG0xJTAj -BgkqhkiG9w0BCRUxFgQUwpiePJVgUFpOHmHsUupbKlejPAEwMTAhMAkGBSsOAwIaBQAEFFon2x9t -HyX7YwF0xcRICsWlXshyBAhhXmfWoNGx7gICCAA= only in patch2: unchanged: --- serf-1.3.9.orig/debian/create_certs.py +++ serf-1.3.9/debian/create_certs.py @@ -0,0 +1,262 @@ +#!/usr/bin/env python + +# +# =================================================================== +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# =================================================================== +# + +# This script creates the private keys and certificates required for +# running the serf test suite. +# +# It should be run from the test/certs folder without arguments. +# Certificates will be created in the test/certs folder, private keys in the +# test/certs/private folder. +# +# You'll need to install pyOpenSSL for this script to work. + +from OpenSSL import crypto, SSL +from calendar import timegm +from datetime import datetime + +# for serf, update this number every time the certs are updated. +SERIAL_NUMBER=100020 + +KEY_ALGO=crypto.TYPE_RSA +KEY_SIZE=2048 +KEY_CIPHER='DES3' +SIGN_ALGO='SHA256' +VALID_DAYS=365 * 3 + +def create_key(keyfile='', passphrase=None): + key = crypto.PKey() + key.generate_key(KEY_ALGO, KEY_SIZE) + if passphrase: + open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, + key, KEY_CIPHER, + passphrase)) + else: + open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, + key)) + + return key + +def create_pkcs12(clientkey, clientcert, issuer, pkcs12file, passphrase=None): + pkcs12 = crypto.PKCS12() + + pkcs12.set_certificate(clientcert) + pkcs12.set_privatekey(clientkey) + pkcs12.set_ca_certificates([issuer]) + open(pkcs12file, "wt").write(pkcs12.export(passphrase=passphrase, + iter=2048, maciter=2048)) + +def create_crl(revokedcert, cakey, cacert, crlfile, next_crl_days=VALID_DAYS): + crl = crypto.CRL() + revoked = crypto.Revoked() + + serial_number = "%x" % revokedcert.get_serial_number() + now = datetime.utcnow() + now_str = now.strftime('%Y%m%d%H%M%SZ') + + revoked.set_serial(serial_number) + revoked.set_reason('unspecified') + revoked.set_rev_date(now_str) # revoked as of now + + crl.add_revoked(revoked) + open(crlfile, "wt").write(crl.export(cacert, cakey, days=next_crl_days, + digest=b'md5')) + +# subjectAltName +def create_cert(subjectkey, certfile, issuer=None, issuerkey=None, country='', + state='', city='', org='', ou='', cn='', email='', ca=False, + valid_before=0, days_valid=VALID_DAYS, subjectAltName=None, + ocsp_responder_url=None, ocsp_signer=False): + ''' + Create a X509 signed certificate. + + subjectAltName + Array of fully qualified subject alternative names (use OpenSSL syntax): + For a DNS entry, use: ['DNS:localhost']. Other options are 'email', 'URI', 'IP'. + ''' + cert = crypto.X509() + + cert.set_version(3-1) # version 3, starts at 0 + cert.get_subject().C = country + cert.get_subject().ST = state + cert.get_subject().L = city + cert.get_subject().O = org + cert.get_subject().OU = ou + if cn: + cert.get_subject().CN = cn + cert.get_subject().emailAddress = email + cert.set_serial_number(SERIAL_NUMBER) + cert.set_pubkey(subjectkey) + + cert.gmtime_adj_notBefore(valid_before * 24 * 3600) + cert.gmtime_adj_notAfter(days_valid * 24 * 3600) + + if issuer is None: + issuer = cert # self signed + issuerkey = subjectkey + cert.set_issuer(issuer.get_subject()) + + if ca: + cert.add_extensions([ + crypto.X509Extension("basicConstraints", False, + "CA:TRUE"), + crypto.X509Extension("subjectKeyIdentifier", False, "hash", + subject=cert) + ]) + cert.add_extensions([ + crypto.X509Extension("authorityKeyIdentifier", False, + "keyid:always", issuer=issuer) + ]) + + if subjectAltName: + critical = True if not cn else False + cert.add_extensions([ + crypto.X509Extension('subjectAltName', critical, ", ".join(subjectAltName))]) + + if ocsp_responder_url: + cert.add_extensions([ + crypto.X509Extension('authorityInfoAccess', False, + 'OCSP;URI:' + ocsp_responder_url)]) + + if ocsp_signer: + cert.add_extensions([ + crypto.X509Extension('extendedKeyUsage', True, 'OCSPSigning') + ]) + + cert.sign(issuerkey, SIGN_ALGO) + + open(certfile, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, + cert)) + return cert + +if __name__ == '__main__': + # root CA key pair and certificate. + # This key will be used to sign the intermediate CA certificate + rootcakey = create_key('private/serfrootcakey.pem', 'serftest') + + rootcacert = create_cert(subjectkey=rootcakey, + certfile='serfrootcacert.pem', + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Root CA', cn='Serf Root CA', + email='serfroo...@example.com', ca=True) + + # intermediate CA key pair and certificate + # This key will be used to sign all server certificates + cakey = create_key('private/serfcakey.pem', 'serftest') + + cacert = create_cert(subjectkey=cakey, certfile='serfcacert.pem', + issuer=rootcacert, issuerkey=rootcakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite CA', cn='Serf CA', + email='ser...@example.com', ca=True) + + # server key pair + # server certificate, no errors + serverkey = create_key('private/serfserverkey.pem', 'serftest') + + servercert = create_cert(subjectkey=serverkey, + certfile='serfservercert.pem', + issuer=cacert, issuerkey=cakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Server', cn='localhost', + email='serfser...@example.com') + + # server certificate that expired a year ago + expiredcert = create_cert(subjectkey=serverkey, + certfile='serfserver_expired_cert.pem', + issuer=cacert, issuerkey=cakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Server', cn='localhost', + email='serfser...@example.com', + days_valid=-365) + + # server certificate that will be valid in 10 years + expiredcert = create_cert(subjectkey=serverkey, + certfile='serfserver_future_cert.pem', + issuer=cacert, issuerkey=cakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Server', cn='localhost', + email='serfser...@example.com', + valid_before=10*365, + days_valid=13*365) + + # server certificate with SubjectAltName and empty CN + san_nocncert = create_cert(subjectkey=serverkey, + certfile='serfserver_san_nocn_cert.pem', + issuer=cacert, issuerkey=cakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Server', + cn=None, + email='serfser...@example.com', + days_valid=13*365, + subjectAltName=['DNS:localhost']) + + # server certificate with OCSP responder URL + ocspcert = create_cert(subjectkey=serverkey, + certfile='serfserver_san_ocsp_cert.pem', + issuer=cacert, issuerkey=cakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Server', + cn='localhost', + email='serfser...@example.com', + days_valid=13*365, + subjectAltName=['DNS:localhost'], + ocsp_responder_url='http://localhost:17080') + + # OCSP responder certifi + ocsprspcert = create_cert(subjectkey=serverkey, + certfile='serfocspresponder.pem', + issuer=cacert, issuerkey=cakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Server', + cn='localhost', + email='serfser...@example.com', + days_valid=13*365, + ocsp_signer=True) + + # client key pair and certificate + clientkey = create_key('private/serfclientkey.pem', 'serftest') + + clientcert = create_cert(subjectkey=clientkey, + certfile='serfclientcert.pem', + issuer=cacert, issuerkey=cakey, + country='BE', state='Antwerp', city='Mechelen', + org='In Serf we trust, Inc.', + ou='Test Suite Client', cn='Serf Client', + email='serfcli...@example.com') + + clientpkcs12 = create_pkcs12(clientkey, clientcert, cacert, + 'serfclientcert.p12', 'serftest') + + # Note that this creates a v1 CRL file without extensions set, and with + # MD5 hash. Not ideal, but pyOpenSSL doesn't support more than this. + # + # crl + crl = create_crl(servercert, cakey, cacert, 'serfservercrl.pem') only in patch2: unchanged: --- serf-1.3.9.orig/debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list +++ serf-1.3.9/debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list @@ -0,0 +1,34 @@ +Description: Make serf_bucket_aggregate_prepend() behave properly when prepending a bucket to an empty list +Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1712790 + +Index: b/buckets/aggregate_buckets.c +=================================================================== +--- a/buckets/aggregate_buckets.c ++++ b/buckets/aggregate_buckets.c +@@ -149,6 +149,8 @@ + new_list->bucket = prepend_bucket; + new_list->next = ctx->list; + ++ if (ctx->list == NULL) ++ ctx->last = new_list; + ctx->list = new_list; + } + +@@ -278,6 +280,8 @@ + + /* If we have no more in our list, return EOF. */ + if (!ctx->list) { ++ ctx->last = NULL; ++ + if (ctx->hold_open) { + return ctx->hold_open(ctx->hold_open_baton, bucket); + } +@@ -390,6 +394,8 @@ + + /* If we have no more in our list, return EOF. */ + if (!ctx->list) { ++ ctx->last = NULL; ++ + if (ctx->hold_open) { + return ctx->hold_open(ctx->hold_open_baton, bucket); + }
