Bug#912191: stretch-pu: package serf/1.3.9-3+deb9u1
On Sun, Oct 28, 2018 at 08:21:55PM -0400, James McCoy wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> Serf's testsuite uses some pre-generated SSL certs, which have an expiry
> of 3 years. The timebomb has gone off, and serf is currently FTBFS
> (#911714). The pending upstream release now has a script which
> generates the certs, so I've backported that and run it every build.
>
> Since an upload was needed, I also included a NULL pointer dereference
> fix (#893688).
>
> The package has already been uploaded.
Attached debdiff.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
diffstat for serf_1.3.9-3 serf_1.3.9-3+deb9u1
debian/create_certs.py | 262 ++++++++
debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list | 34 +
debian/patches/r1792234-expired-certs | 324 ----------
debian/serfclientcert.p12.b64 | 65 --
serf-1.3.9/debian/changelog | 9
serf-1.3.9/debian/control | 3
serf-1.3.9/debian/patches/series | 2
serf-1.3.9/debian/rules | 14
8 files changed, 320 insertions(+), 393 deletions(-)
diff -u serf-1.3.9/debian/changelog serf-1.3.9/debian/changelog
--- serf-1.3.9/debian/changelog
+++ serf-1.3.9/debian/changelog
@@ -1,3 +1,12 @@
+serf (1.3.9-3+deb9u1) stretch; urgency=medium
+
+ * Backport r1712790 from upstream to fix NULL pointer dereference.
+ Thanks to Colin Watson for investigation and report (Closes: #893688)
+ * Backport create_certs.py from upstream to generate certs at test time
+ (Closes: #911714)
+
+ -- James McCoy <jamessan@debian.org> Sun, 28 Oct 2018 19:52:35 -0400
+
serf (1.3.9-3) unstable; urgency=medium
* Add libssl-dev to libserf-dev's Depends, otherwise pkg-config can't
diff -u serf-1.3.9/debian/control serf-1.3.9/debian/control
--- serf-1.3.9/debian/control
+++ serf-1.3.9/debian/control
@@ -7,7 +7,8 @@
# CFLAGS as of 1.12.1+dfsg-9
scons (>= 2.3.1-2),
quilt, libapr1-dev, libaprutil1-dev, chrpath, libkrb5-dev, zlib1g-dev,
- libssl-dev
+ libssl-dev,
+ python-openssl <!nocheck>
Standards-Version: 3.9.8
Homepage: https://serf.apache.org/
Vcs-Git: https://anonscm.debian.org/git/collab-maint/pkg-serf.git
reverted:
--- serf-1.3.9/debian/patches/r1792234-expired-certs
+++ serf-1.3.9.orig/debian/patches/r1792234-expired-certs
@@ -1,324 +0,0 @@
-------------------------------------------------------------------------
-r1792234 | astieger | 2017-04-21 15:03:06 -0400 (Fri, 21 Apr 2017) | 12 lines
-
-On the 1.3.x branch: Copy test certificates from trunk r1704177
-
-The test were failing due to recently expired certificates.
-
-* test/server/serfcacert.pem,
- test/server/serfclientcert.p12,
- test/server/serfrootcacert.pem,
- test/server/serfserver_expired_cert.pem,
- test/server/serfserver_future_cert.pem,
- test/server/serfservercert.pem: copy from trunk test/certs
-* test/server/serfserverkey.pem: copy from trunk test/certs/private
-
-
-Index: 1.3.x/test/server/serfserverkey.pem
-===================================================================
---- 1.3.x/test/server/serfserverkey.pem (revision 1792233)
-+++ 1.3.x/test/server/serfserverkey.pem (revision 1792234)
-@@ -1,30 +1,30 @@
- -----BEGIN ENCRYPTED PRIVATE KEY-----
--MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEVWBqG6vECoCAggA
--MBQGCCqGSIb3DQMHBAiAagREZjJEQQSCBMgpHbLBzmAyx9f4YHhRnDdUm4ftQ7bR
--6fF7sKxOD7fdJ+jgEB6xYBIlG9Y4+DDDbz3IvZgXIsweauV+WNscxnTHyJequoFL
--qKFPY5bEc2hskZYsi/+LfvvguZLFm1vjK08sORYK2Kdy2hwmk3sTPQmgD2T/jZpg
--vI1AkB+hXA/6AVJUVqSyAFH8u3WGr8Dxjz69YCQ+K9cPqYXJdWZzAVq/0ibSRkzL
--mSLN8VoF810AXkFxCC7DKxg+mgp9dBdR8uuBXZ9fBOz5YCI92thZwd1iYsTetmWa
--LoIS8xLMvuBaalAV8oQ7e0xuow6Cx9IjxlQ/sd8N1Xg+Z2vWTwnj9AOFIHU3s/N8
--e9L51Q9p6igZgmNm2N2+pUQ1Y5mest7gfJ1ka07ypSr0yzOnK7L41VCIposZuzyX
--psTRy+zpGULsK0lG5mH0r1CZ88G8puwyUOaOk/yUhHgc4ZSOsDbeWdQ8UohHElUA
--ZLkxwt2xWgcd8mG+FQnbXQZhDFII/aP/RBe7xfEwSQr8hhyP8fsyRmbuq5YZrkRw
--mMyp6kxX8USKmeXxBEm364RdilFgPUN3djf7ljKCPOJ1y5OTzmBQacMbXGhbqBGY
--PZUKE6szzsM1IYnrvUwP7Gf5wksR/VYMr1VnnpeBofaOJ0brXNF/MFiBE13afNT7
--JLUjA3QcAfmdYocfBTVQSM7umSBOrM7H6qsX67ye5ccAK9x1HikgxXRoqV/TxFgI
--snrXEtiDrve+nvmPYlmgP5RGyl+bAxtGGjT6TZPlfGACb7xytCpNiOK5bNsgMx7F
--ukOMiVE+sQJT95WnOJMXSmiSw2HmSBXwjpnEKNOYe+Cram64Vjaa8dFqIZSvUDMW
--ihyWAYZrHro4hKmSdeCmrk4rkYH97BxG2Gm/6oRsEDCTgTUn7OYGm5bAmxz0WPSZ
--/TQ7oYSQ3jUlX8q8NPhVPeHizjNwGWyYovmAyAzi3uPTIBsaIdeMiENyyZTXnSHq
--IkfAGekcQ/IX6VWpZGiS3ilgSqxInSVfByM2gs2thdIQ1WEcDitGsAJxFPjnimjX
--1WFk08/6aUDGK30Q9Mm2X3WjSTvCKq8ccd/bwjvQRepvzjRSl1vt6Ngvv88UPH1e
--/0GrKcXNkBEoGqZSk4D60BFz0rpyDplaZLFVEj7ET85sHP+h5JYnKCpjqkHKQUuj
--VVhVhjk6IGpVQZnbGf4PSoij61NUfwpKS4zfAHg7JQrl+7bUBreXYWg2+qXvxJOE
--HrqYt2aQq9ilG3hrDXgU0+KTNpJEdteeH7ypoYcGEmlljDriwbmYs2lZ5QkgHb6t
--1ue5WfnxkjTxxjeh3Aeu3QnHogQHwS4e4zzpiJC0xHFgWbsWVi2mSwtS0aZh9d2P
--KCpMl8E7lVVDRcgFPn/36b4K9EvAoTfjEtubOU0M2fD1btQF5t0cNCmpnq6hxC0S
--onPj3HGRBh6QxcaV+86UESEPQ12TJfzetXT/+KvVFrPLMzUhwmb8j+Ozb5sU6mPC
--mCfhtCzyPW7xk0+X+1dmtUKx35MGaJlf2rbp9xEhML6vMx3qIxbO33f0mP0qiz8b
--SLTC8P8VLObo9SCY3DeIqhC83DSXsm+taylHpFGZ0sDl8CXrepLyOp+iOSyGiq1W
--ZqE=
-+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIlu67PS+3+cACAggA
-+MBQGCCqGSIb3DQMHBAhaSMe0OcI+zASCBMgDwEtC7nCmW9OIf8vqZDDOXlyiHNTm
-+2nEYtKMfr8QSGYgzQwbVF7z+OUOLQDxJgFJbrKFNbw7ummGaAR8WszH3GoCm6p4H
-+zAx61MyvM1uQzY1eykAj0/JD2/rwuwA68rV845OpB6nzz1ClrffvRPeiBuVyelyf
-+WwcV57D+lD421FDATtF46inMtT/g7hv7EaFJKBMXWTbnPY3M7NIK8jKaoL5NgQ9E
-+stZCZ4jmWVnhM00lUjevWz8RTsb6kZguTe7WxFl7TH0AlrpFjsYglwkZDzYnnvsJ
-+KBwIFYFYRNA24+adRwa1TurRCzaxtj5DxRDoAaBVw5uiYVNKbrrB4q2uqePB6aSo
-+Z6toK83FqZtTt1rHB8qbxWdKIJJiZsa0xSl1kGcWI8APmgzzVqyzDzBalI/Ze9pb
-+5LR9IpLqcYhpvbYRmf8lwU104G5tab1n7ZY8Q37J7HrPVG0g5WIj/SrwvwjY9e/B
-+oO/IFRsoyh3NJXUl2L75ra7vnk2h823R1k2YYOcnthRjQetq7CgblFQyS6Wa3bIJ
-+iTSCSauTqNolDCER0XbX3p80gVoh9wV9ELKws+b3Fx+jvFgvDtdBRnSRenD548XD
-+wy9n9/S2muffJw4D0xXFNfk2yVMjt4d7x9gbTgU8PUImoPZuNzj/bH9LKMgBYrdj
-+a1tmRLXV5x6BuVmwoCk4ao10cpyOKmFpl2Ba79QqOIQqTOveSJyGK18fQBu6OJar
-+WbvVbNhdISlU+/Qz9skxxRMBd87/MFK4D0YlWCdLBTvyVYEVQNk+HZjbuSEt34gZ
-+ST3eSNDcUD5IzPLWk08qaOVt18EDrUMNcqNiG/xBTh+Ya0Q8QrU5Wii3eeFpLlcP
-+3XOHadChmc/17OUyRcFgtfg1NbmOLtyk0Nbo9rLGmF1+3nrKba001P3oP9mbRNio
-+iD/zaXsAUXt8PGLomcntXidyAH3Qgjw8Y1WI3GIUFS9EYND7YrK3kaotdv790+Hi
-+xReOaL5zdviD9stKhNJicT33YsEu5XsTv1xxv/pAdDtMTP+YvUJURpju1G3S2RBO
-+8gcs/X8A/bCjREEOm7VQYFvcBl02KCS5HQ0R5NKy/cj4Yx27/y8r4GUDIhxOOul9
-+JhCL1rLyEBSmuoL/tNTyCjPH/Mp5UP1/oqm0ZiFl8zfu4DfkZP1w19S1SFLlLRH1
-+dTclmX090orsTJcNksFNmH8sXOsLbWYjWcMome1NiKHyFfjTsdWhA4dZrw86tP/j
-+4mOtGKwt+TFPtD/0UzwkhDVcW4Zs7jjPBtNu0Tts+XbNyRN8Oy38N6HCf+iHTuIN
-+yjZBZvpyAFIfoTRCENn9D77LvmohU4LjNLJb6YwfOACnDrEikb0TYAj7AMw042q5
-+0Do+84bJwN1PXenVDQ1p+rc4zBB3dkDQjLXw7BaGn4X93egKNCZl3tirjf23pIsL
-+yY1vyrODf44+p9PJoJmnmyOn3WzgJgdUAycX/JnGxdKxZWKrmvV+MMqyq3KUO+2C
-+0JkEc3tJoR2crvOzLpvojLu3yhZOC/BQKitAYW54PL7lacxDgkgN6fSHg1lX1Y6Y
-+/y0+IxImb5Rfees9++2f6kv87xQBBs3fMAYZR3/vA1oKzHn5RYx8x43D2DOgN6Vu
-+35g=
- -----END ENCRYPTED PRIVATE KEY-----
-Index: 1.3.x/test/server/serfcacert.pem
-===================================================================
---- 1.3.x/test/server/serfcacert.pem (revision 1792233)
-+++ 1.3.x/test/server/serfcacert.pem (revision 1792234)
-@@ -1,25 +1,25 @@
- -----BEGIN CERTIFICATE-----
- MIIEHTCCAwWgAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYDVQQGEwJC
--RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT
--FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsTElRlc3QgU3VpdGUgUm9v
--dCBDQTEVMBMGA1UEAxMMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm
--cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE0MDQxOTIxMTcyNloXDTE3MDQxODIxMTcy
--NlowgaAxCzAJBgNVBAYTAkJFMRAwDgYDVQQIEwdBbnR3ZXJwMREwDwYDVQQHEwhN
--ZWNoZWxlbjEfMB0GA1UEChMWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEWMBQGA1UE
--CxMNVGVzdCBTdWl0ZSBDQTEQMA4GA1UEAxMHU2VyZiBDQTEhMB8GCSqGSIb3DQEJ
-+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM
-+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsMElRlc3QgU3VpdGUgUm9v
-+dCBDQTEVMBMGA1UEAwwMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm
-+cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE1MDkyMDE5MTg1MloXDTE4MDkxOTE5MTg1
-+MlowgaAxCzAJBgNVBAYTAkJFMRAwDgYDVQQIDAdBbnR3ZXJwMREwDwYDVQQHDAhN
-+ZWNoZWxlbjEfMB0GA1UECgwWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEWMBQGA1UE
-+CwwNVGVzdCBTdWl0ZSBDQTEQMA4GA1UEAwwHU2VyZiBDQTEhMB8GCSqGSIb3DQEJ
- ARYSc2VyZmNhQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
--CgKCAQEA3HuEeB7EBW9i7ibiSNWwk3iCgJexF/ggQ+Am2lA7wnAWdnTjFWP+HKqD
--o+MH3xkr5dg/SaNWmvV0OFGvIcZRgpoFaBSn+BJ+X6FKzF/S36q8HckAzScjr5KB
--hubnSZR98m2jEcWyznGoDBahq+ZozYSJKKwirOhckrfOTWqlQvcjtk8pUdkTK/c8
--8qnDoRFgDuqRZdF8bcZ70bo24R2XnfGhb0T359cN+cfEcUk7UZs22+JvoAxjMB3/
--oODXHammr6+86t3SYTyXGpYnkUpAecVI2wtB61RbAbBt91jifQLijBNtYWfZKqjW
--cvW+oNeMuUao479T/e0WZvAkaIsRkQIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0G
--A1UdDgQWBBQQ9mwXNXPt7xaDnB1cV1JWfUxkhTAfBgNVHSMEGDAWgBQ8ffmGwxZN
--VX8CrM99b6wUq4qTyDANBgkqhkiG9w0BAQsFAAOCAQEAUDHna1Mb33PCnwPoo46o
--/4CypCDEkOsVIOvbFjs5viHL5O1t4/IcjWHv3OmXWar3iVdxe2kirGEcUNJkOldb
--vQz70t82WMClD0HkTBvICMOoZyxxds6mkp94GTI5z83AmiNZFCcIoCLs0RFmUXuK
--LPnIB6KyS5MY74YgwXZTWlVCtDYDOPfNpAfNgxmtkVhEx4Yv5kdVqc6DLcBIWx04
--qSXsL27091qt8t6g5xpf7rYrrAxyXWXDn7oF05F8ifmgvGekvI33Uj61ZoD1OJHQ
--AY7qZcHXZL2pcVTr3xafrnaqUOeiacdHIwq6Hu3KkgLfJ/tjK6eKIxVs+PXj1Wlo
--Lg==
-+CgKCAQEArNOyobONvsFz/bA9pvhKTeCGhFVjMv1Jw7ooLW0jLn3yWaQ7iMFBLXp4
-+HjMbI9oLdVPfJgv7S/vpiX00eG6t/xuQb4+g2/0mcmOHuqK9bsEElkWyCP77SqV3
-+uqLcw9pqjz0JO2pUcNu4Uh7PtEJjXHHC3l18akZIX+GwISGzBP/RnWbiFP56vnT2
-+/SIgB3LIy0QBZHTyvggHFM9s7FvWcgoyoYhSXsvTwlRRjaty1RAKYQP13sbpwCh8
-+qTJHaG4gKoDC/IrO69tZIS7ulcWLLFpd7Qkv4RPQzmx5vezlZRkgqxjVjYGm2CcU
-+sU+AbKp48mCQLHYrt22GB+2mLX8X9QIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0G
-+A1UdDgQWBBTVcpNL7Ey5qBIxCHgYEyK4wCuVsjAfBgNVHSMEGDAWgBTdURuV/Fid
-+HUONkLf8COJ7MCHscTANBgkqhkiG9w0BAQsFAAOCAQEASTtdzNrIx9EJzrryTYVY
-+QrP4jl3DKeOGy9KN9HTClSuj2BSTFaizpzzxA++rbZs1Du8NxQWdb8kuIahLyUxY
-+hC1ZXTdZCC9Ki13aO1kIdXBLNI9QbQwkLukObqj62aWhhW1Bk6fvkbMli6Zmtt16
-+Pf/9dPQjKq1H79bz1dArM0vuG4lNjy0RspOoTmfbbRAkY4MApY9gPoC5W9UdHKzB
-+wVg/YMgEzAaKXAhgKExM/AGCMdprJFK9btDAJzkU/YLYd00EgEGrUmvwyYpANydP
-+l39A1MB3Nkb9rQeyfo32Do4cDbhRZZMlDhWN3984cg5zVHwBFzUOgKZwV/NrRGNZ
-+iQ==
- -----END CERTIFICATE-----
-Index: 1.3.x/test/server/serfserver_expired_cert.pem
-===================================================================
---- 1.3.x/test/server/serfserver_expired_cert.pem (revision 1792233)
-+++ 1.3.x/test/server/serfserver_expired_cert.pem (revision 1792234)
-@@ -1,23 +1,23 @@
- -----BEGIN CERTIFICATE-----
- MIIDxzCCAq+gAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJC
--RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT
--FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsTDVRlc3QgU3VpdGUgQ0Ex
--EDAOBgNVBAMTB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl
--LmNvbTAeFw0xNDA0MTkyMTE3MjZaFw0xMzA0MTkyMTE3MjZaMIGqMQswCQYDVQQG
--EwJCRTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNV
--BAoTFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsTEVRlc3QgU3VpdGUg
--U2VydmVyMRIwEAYDVQQDEwlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz
-+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM
-+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsMDVRlc3QgU3VpdGUgQ0Ex
-+EDAOBgNVBAMMB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl
-+LmNvbTAeFw0xNTA5MjAxOTE4NTNaFw0xNDA5MjAxOTE4NTNaMIGqMQswCQYDVQQG
-+EwJCRTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNV
-+BAoMFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsMEVRlc3QgU3VpdGUg
-+U2VydmVyMRIwEAYDVQQDDAlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz
- ZXJ2ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
--AQDPSJs4Dhlb9JpmS50uOfAN0lOFkU89FEU4SAGziNcuevcOM87dsjENMpwMJrC+
--Emepkf5KAFkSRRuIBCms2Hx0Xm/LPRXhXMys2um3U/lkbu+HqPtWwhr9vsA+LjYG
--787943qnfSPvOSssedVKkg03HchCzlko+iL3dQfQFyj7/Ew7Lh9K+TiWTnlrCGY9
--gS1NgKK+kEfXoBUp2+Fq1aUiO2wGKNK9ntcan28pIuJljBtI9hEp93Gs95zl2SR8
--e987YIveip2ofXrGEtGGuXftg1VE+jADJNBcByRpRS8cwyFx1sI9JUp/Uj899R49
--r706i9vPwLwwRAlDFB23m2ffAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD9aCwa9
--LUEF+bZGC5dYAmXDPDJdd/wa+sJcjFKf6/iDYowBMN/Rbd122XwFyPxkRa6jKqBF
--0Ub6mVXjjj7/B/nhO7g/ZjrhVBPdlUG8ehoCLtff2lME/BNDysj3dF/gKtJYdl6+
--7dvRenLG/MX8Vg/VBP5ZBLTqPms5VT570nFUidMkIK+tIBwuHFu499SXg1bI/pEF
--Jy5sUDXQD+acwDRV1aSnggwykkeH1loFkFmecdHGXip1/XLB0ts7z8lQgPC8PiCT
--xflJt4yg1U14oJkz65wrIuBt9m5GeZuca+F+BZQSN+annaXKfrPi7kOYd2BeYiz0
--t4xQp6/lhs52tj8=
-+AQDBx5VPS8uSwXFD/sDrfJXSSr+eedVpzXsme9MpOMdY/+Z5GOd94S0Q8RoWIeSo
-+ffkIAbcdK0v2EI8Wu82Kio8Y/DBkBiOCe5MsTHzSg+uvC4/FARXUAZfsxqgPQmLc
-+99GtPSVkZwbk7gYFnmhJSNM6fRG5vb0t3WJA7+xkzUoL78WK76hlhfAZ0Q6AzlPl
-+pMOXAF0YKKhghGo1/vKd8i66o54SLZ4FYkR/LCW4b/hvLZGND75hYR1ujcwI1IyE
-+m/geBtF8BfKSqNVsjxDULiWQ2egK6BwtOBd+IyYJOjElQmak0guimykBOIkiv6r5
-+Z/np1OXr5v4AWW2flkPYFL1ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACPTIazy
-+1oWLHfuOGE8a3KGOyfsmRG70J+/08noxOb+0kC4/cAVFMvrLQJY0qYINmkeJjch0
-+KW4/D4RZis5lVaP4qU+ctCJ/OHnNHtVNza9+RdSzC6K4JWcQjZ+sD1wQ5/rMtoJ9
-+yzblrps8BKZvN6a+loVIUXtwHXMNjM7DP5gHNeOA8MGn6vz8cC9Wrmyi+kA52Aap
-+EMGwWz5kmIyYX6zq8zngOVh1hGaw0qLEmJpZ485e+ow5YyIUI7EfxyDWIXifId8h
-+aFR3A2jDL17gnwR1DvNtyFMNk++1oOdm1II9ueQQdMY55CJgalZUO72qW1HLiagf
-+sa1VMFzmN3HpGCY=
- -----END CERTIFICATE-----
-Index: 1.3.x/test/server/serfservercert.pem
-===================================================================
---- 1.3.x/test/server/serfservercert.pem (revision 1792233)
-+++ 1.3.x/test/server/serfservercert.pem (revision 1792234)
-@@ -1,23 +1,23 @@
- -----BEGIN CERTIFICATE-----
- MIIDxzCCAq+gAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJC
--RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT
--FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsTDVRlc3QgU3VpdGUgQ0Ex
--EDAOBgNVBAMTB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl
--LmNvbTAeFw0xNDA0MTkyMTE3MjZaFw0xNzA0MTgyMTE3MjZaMIGqMQswCQYDVQQG
--EwJCRTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNV
--BAoTFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsTEVRlc3QgU3VpdGUg
--U2VydmVyMRIwEAYDVQQDEwlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz
-+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM
-+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsMDVRlc3QgU3VpdGUgQ0Ex
-+EDAOBgNVBAMMB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl
-+LmNvbTAeFw0xNTA5MjAxOTE4NTNaFw0xODA5MTkxOTE4NTNaMIGqMQswCQYDVQQG
-+EwJCRTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNV
-+BAoMFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsMEVRlc3QgU3VpdGUg
-+U2VydmVyMRIwEAYDVQQDDAlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz
- ZXJ2ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
--AQDPSJs4Dhlb9JpmS50uOfAN0lOFkU89FEU4SAGziNcuevcOM87dsjENMpwMJrC+
--Emepkf5KAFkSRRuIBCms2Hx0Xm/LPRXhXMys2um3U/lkbu+HqPtWwhr9vsA+LjYG
--787943qnfSPvOSssedVKkg03HchCzlko+iL3dQfQFyj7/Ew7Lh9K+TiWTnlrCGY9
--gS1NgKK+kEfXoBUp2+Fq1aUiO2wGKNK9ntcan28pIuJljBtI9hEp93Gs95zl2SR8
--e987YIveip2ofXrGEtGGuXftg1VE+jADJNBcByRpRS8cwyFx1sI9JUp/Uj899R49
--r706i9vPwLwwRAlDFB23m2ffAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHL9mzR3
--o5K3pTnSVzxE6DE/BiXY1SutA0Bp6r24aiITl7QBn0oeXo+BCm1k46W/7zL7IExQ
--sIfd07P5yrgeDlpmI3ciYD9x1Lumxks4j0HJBkVfjE6M0tCj9JTDKDUeyNkaYybL
--TN60dlvAaBrtLrpoYOJNFQNNgmZqUhu2VxPXJzMZrgZiv3g4YqBIBLzI64+bBQ5B
--Ap/DgzNbyMVDa/+CL1rU2editJTI39uU9feVVB35l5ZCb7cahcxE7y9xMhNx358B
--DuGsLXBOs6GHf9h8M+yLr1VjtN7LebkRmwSry/IKB7o6VkWOFXghMLOfSyzBwfFP
--EK7YBZc1B+X5xjg=
-+AQDBx5VPS8uSwXFD/sDrfJXSSr+eedVpzXsme9MpOMdY/+Z5GOd94S0Q8RoWIeSo
-+ffkIAbcdK0v2EI8Wu82Kio8Y/DBkBiOCe5MsTHzSg+uvC4/FARXUAZfsxqgPQmLc
-+99GtPSVkZwbk7gYFnmhJSNM6fRG5vb0t3WJA7+xkzUoL78WK76hlhfAZ0Q6AzlPl
-+pMOXAF0YKKhghGo1/vKd8i66o54SLZ4FYkR/LCW4b/hvLZGND75hYR1ujcwI1IyE
-+m/geBtF8BfKSqNVsjxDULiWQ2egK6BwtOBd+IyYJOjElQmak0guimykBOIkiv6r5
-+Z/np1OXr5v4AWW2flkPYFL1ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAI6WJcKh
-+NItjHNK5d8crJU+SGXgqQ3nItMEdri23lCALBdxhtPKEdrN4K3r8zZVFdb26qMDa
-+c45Ap4xCGYtjV366wQ6W414jFFevaHQBAoBe4m5P41ZXqF9IxxhGOlyhY3vn3KNQ
-+N5V7ZEykcFDmRMt+4eAOfnoIhbjkmt2UA+t9Bc+Efb44wcr1QDKcdD/Q8Kg4ktgc
-+r5u9zJeZg4nTvCn0mhj939CMalx1TC/13k/sbCLPYA0VMHdo/7JL4LuedSockPu9
-+ykn66wmX/epHouRlrtapNY2bC5DO/Q4BPkzwUzK7Br8cw8oe+dM/FmwmgKPyWwHg
-+yjlCT0D4mUvHaAU=
- -----END CERTIFICATE-----
-Index: 1.3.x/test/server/serfrootcacert.pem
-===================================================================
---- 1.3.x/test/server/serfrootcacert.pem (revision 1792233)
-+++ 1.3.x/test/server/serfrootcacert.pem (revision 1792234)
-@@ -1,25 +1,25 @@
- -----BEGIN CERTIFICATE-----
- MIIEKzCCAxOgAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGuMQswCQYDVQQGEwJC
--RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT
--FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsTElRlc3QgU3VpdGUgUm9v
--dCBDQTEVMBMGA1UEAxMMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm
--cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE0MDQxOTIxMTcyNVoXDTE3MDQxODIxMTcy
--NVowga4xCzAJBgNVBAYTAkJFMRAwDgYDVQQIEwdBbnR3ZXJwMREwDwYDVQQHEwhN
--ZWNoZWxlbjEfMB0GA1UEChMWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEbMBkGA1UE
--CxMSVGVzdCBTdWl0ZSBSb290IENBMRUwEwYDVQQDEwxTZXJmIFJvb3QgQ0ExJTAj
-+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM
-+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGzAZBgNVBAsMElRlc3QgU3VpdGUgUm9v
-+dCBDQTEVMBMGA1UEAwwMU2VyZiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzZXJm
-+cm9vdGNhQGV4YW1wbGUuY29tMB4XDTE1MDkyMDE5MTg0OVoXDTE4MDkxOTE5MTg0
-+OVowga4xCzAJBgNVBAYTAkJFMRAwDgYDVQQIDAdBbnR3ZXJwMREwDwYDVQQHDAhN
-+ZWNoZWxlbjEfMB0GA1UECgwWSW4gU2VyZiB3ZSB0cnVzdCwgSW5jLjEbMBkGA1UE
-+CwwSVGVzdCBTdWl0ZSBSb290IENBMRUwEwYDVQQDDAxTZXJmIFJvb3QgQ0ExJTAj
- BgkqhkiG9w0BCQEWFnNlcmZyb290Y2FAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3
--DQEBAQUAA4IBDwAwggEKAoIBAQCsSwBl8wpBCuSvD4EQX1pgOfoKCLlYf0LExusE
--x+Kiz7ZemlOvGffHazpLbYA1nMi+sKYe3Y8LTJnMaQm3V3eDG/qP84X6FP8vBlfS
--DJCeNoQ3+oZUPLwKzrV9SZh96nXDXWsMYq3wF/4jjl1ZG+Xz3gRVD60ZEblYN9Hn
--dPLmnZaMn3K1HHgMqNZPUs+q85/w3BxdcGLU8oaWR6esdMa8jUjcqMAnh0JOz2mg
--uiEQex7tafz77whf2WPJ7cxY5fAFnBMM8l35QQA49ZA+I9toVyP7fadMkjB8g4so
--o9z/5ODh4sB5YVnFltSTFRFuSj7pau5Yn4wJGlJas5JgmIZjAgMBAAGjUDBOMAwG
--A1UdEwQFMAMBAf8wHQYDVR0OBBYEFDx9+YbDFk1VfwKsz31vrBSripPIMB8GA1Ud
--IwQYMBaAFDx9+YbDFk1VfwKsz31vrBSripPIMA0GCSqGSIb3DQEBCwUAA4IBAQAE
--zB/Uco7La4sgXBxKAbMa75B01eR/3Ur9Xl2eHzQKbsEte1ERXPxtu+bS/WP+5D/A
--1OKNVvFr0KqK2xlYXjXrjfgXZEc5nizLtnqHq/iE4PKwfptJFTeIexjv2WK5ErnT
--PaF9dWDpwhOjiUcdU9/ILWE3PcIgrffr0VYqNkO7/vPTBablreJbPvT5vDMnm9Fz
--cVBDmlUvg7M1+G7XVbk00Y6yenI2j+q1DkAuYBcQb3xjsFdMsVsCN9F6/4BWhS+f
--z90CFM3Ndu0xXV8t+cl0mAljluRfxFjTCB7GxgxzKtPYHTQUtUfNKhVohNk4IF1z
--sO9kZ8pSTplTJ9Q8hJfi
-+DQEBAQUAA4IBDwAwggEKAoIBAQDFuK4gqHm89lXVVX7PiHgXAJQRhMd2B1da7HhH
-+2684/ELutwspKqsdsfDAQUNI2HkvQdklpcR7D+Q9wr6qLV26/vBS/GGFbLV2EYXu
-+ezdlSW+bawKMRzQ++w1nclu9ZczPnYw21R/h7rFrYXChA+iklgNm0ZOmeI/vJ14i
-+iT4eh00lQbrf8/jtqVt44h+2PvuBDOE99H1EG2H8Sdwd55S07zv3qx5jDyUgBtp5
-+BoAAVRMM0tzyHe4fJvSu8FIyCPxkjvkwPTh0thg5rSD1BUTRhbj5zlvoq5D2WWnW
-+zYM32neNBa1qOIQrz5KeBXgTb+jaLJuUxmKnbbssBvO1LD2tAgMBAAGjUDBOMAwG
-+A1UdEwQFMAMBAf8wHQYDVR0OBBYEFN1RG5X8WJ0dQ42Qt/wI4nswIexxMB8GA1Ud
-+IwQYMBaAFN1RG5X8WJ0dQ42Qt/wI4nswIexxMA0GCSqGSIb3DQEBCwUAA4IBAQBa
-+peHLvPD9qy27XfvEmAfshZDC95+QEe7YEncKztP2N4OIAtTf/otOIdTA3bQF2HeC
-+Pb5TZU26/l4uPcrsDAYYfHxfZ5ijzp//aL3JfRZA5H5TdIXtTnS0F1QoWdCbcdtg
-+SVcuwphz2rTIlQIibMKxKmUY0GMYqLohXAnzWm6ne7m2EluAc8hHAE562/Z3UQsS
-+IMWkMHhsJnZCt1qcZ93ZIGuTEcRvVB8TFOV/o5WMK+bW2T9JZ0CP8h96X4YLgfEI
-+WrHTiIojvcNeviCC4Wu6AIWTg2Q3uIKBt8xE564QuOLNkvh2RDr3rPsgpI4xE5kf
-+3q2PBC1IAhlLRm0qlzzB
- -----END CERTIFICATE-----
-Index: 1.3.x/test/server/serfserver_future_cert.pem
-===================================================================
---- 1.3.x/test/server/serfserver_future_cert.pem (revision 1792233)
-+++ 1.3.x/test/server/serfserver_future_cert.pem (revision 1792234)
-@@ -1,23 +1,23 @@
- -----BEGIN CERTIFICATE-----
- MIIDxzCCAq+gAwIBAgIDAYa0MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJC
--RTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNVBAoT
--FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsTDVRlc3QgU3VpdGUgQ0Ex
--EDAOBgNVBAMTB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl
--LmNvbTAeFw0yNDA0MTYyMTE3MjZaFw0yNzA0MTYyMTE3MjZaMIGqMQswCQYDVQQG
--EwJCRTEQMA4GA1UECBMHQW50d2VycDERMA8GA1UEBxMITWVjaGVsZW4xHzAdBgNV
--BAoTFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsTEVRlc3QgU3VpdGUg
--U2VydmVyMRIwEAYDVQQDEwlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz
-+RTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNVBAoM
-+FkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xFjAUBgNVBAsMDVRlc3QgU3VpdGUgQ0Ex
-+EDAOBgNVBAMMB1NlcmYgQ0ExITAfBgkqhkiG9w0BCQEWEnNlcmZjYUBleGFtcGxl
-+LmNvbTAeFw0yNTA5MTcxOTE4NTNaFw0yODA5MTYxOTE4NTNaMIGqMQswCQYDVQQG
-+EwJCRTEQMA4GA1UECAwHQW50d2VycDERMA8GA1UEBwwITWVjaGVsZW4xHzAdBgNV
-+BAoMFkluIFNlcmYgd2UgdHJ1c3QsIEluYy4xGjAYBgNVBAsMEVRlc3QgU3VpdGUg
-+U2VydmVyMRIwEAYDVQQDDAlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnNlcmZz
- ZXJ2ZXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
--AQDPSJs4Dhlb9JpmS50uOfAN0lOFkU89FEU4SAGziNcuevcOM87dsjENMpwMJrC+
--Emepkf5KAFkSRRuIBCms2Hx0Xm/LPRXhXMys2um3U/lkbu+HqPtWwhr9vsA+LjYG
--787943qnfSPvOSssedVKkg03HchCzlko+iL3dQfQFyj7/Ew7Lh9K+TiWTnlrCGY9
--gS1NgKK+kEfXoBUp2+Fq1aUiO2wGKNK9ntcan28pIuJljBtI9hEp93Gs95zl2SR8
--e987YIveip2ofXrGEtGGuXftg1VE+jADJNBcByRpRS8cwyFx1sI9JUp/Uj899R49
--r706i9vPwLwwRAlDFB23m2ffAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABp4mfjd
--CCixsQkBQAzHIBO8i/UC1XRwYy0Bfjq54PNp608Z6h0Oh2igODJ9y4j69ItgWOda
--4jK1xrkUD7p7SFR2WQdEO4hWwq3Rlsknj3SLsyfESzK4vRLO2c2LU1Uyfset5DMP
--ty7ja2Bqwy+o86u/vbYfU8fA03xJuFIUrztauhVl3vi64v5y6kUUMRslQQSo7pam
--jdDwN1HABeQGY73fAVKRHo+pe5a5yXOJ//wm2cH2CcIbWNbK4BSmBj81fgmgvUPp
--JbmQw7+qy4qcifDbiIiCBhTWwgHSozYwtrprQ7vFvnnxO6tjcaHYZYjSNb2yIrEU
--r3cl/ZbuP1O0aW4=
-+AQDBx5VPS8uSwXFD/sDrfJXSSr+eedVpzXsme9MpOMdY/+Z5GOd94S0Q8RoWIeSo
-+ffkIAbcdK0v2EI8Wu82Kio8Y/DBkBiOCe5MsTHzSg+uvC4/FARXUAZfsxqgPQmLc
-+99GtPSVkZwbk7gYFnmhJSNM6fRG5vb0t3WJA7+xkzUoL78WK76hlhfAZ0Q6AzlPl
-+pMOXAF0YKKhghGo1/vKd8i66o54SLZ4FYkR/LCW4b/hvLZGND75hYR1ujcwI1IyE
-+m/geBtF8BfKSqNVsjxDULiWQ2egK6BwtOBd+IyYJOjElQmak0guimykBOIkiv6r5
-+Z/np1OXr5v4AWW2flkPYFL1ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEGt3pLx
-+BwWeRd19WVsXpOoUMLtRbRUGIJtouFSIwH4XTexqtGvW7iPsMRaeGC9NFRCmJJP/
-+Pu10+tpBT7BpW46ObfvLAbDi8r/LlHpt8qajAO7N51/ELZdyDbW29mry+562eF1C
-+fVsk6U97hDeqbXpOCgdaFoyIGiQRCCstkCG8kGOOajRlrGfxo8+VaqU877NzWyf9
-+fAu+q7SrzWCpOCbcjylICJc1rtNNnLjnSsw1gu9as7PBdI6MJSGID3BxYENDJCPL
-+bzZfmCG46De6+MiVI4jJyL7RWjRNjR7zyMdoUEEMXyfn3Oy4H9KCly1icTmMwmz9
-+Wy1l/P9tXx5hj4I=
- -----END CERTIFICATE-----
-
-------------------------------------------------------------------------
diff -u serf-1.3.9/debian/patches/series serf-1.3.9/debian/patches/series
--- serf-1.3.9/debian/patches/series
+++ serf-1.3.9/debian/patches/series
@@ -2 +2 @@
-r1792234-expired-certs
+r1712790-serf_bucket_aggregate_prepend-empty-list
diff -u serf-1.3.9/debian/rules serf-1.3.9/debian/rules
--- serf-1.3.9/debian/rules
+++ serf-1.3.9/debian/rules
@@ -25,7 +25,12 @@
scons $(parallel) GSSAPI=/usr CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LINKFLAGS="$(LDFLAGS)" PREFIX=/usr LIBDIR=$(libdir)
ifeq (, $(filter nocheck,$(DEB_BUILD_OPTIONS)))
- base64 -d debian/serfclientcert.p12.b64 > test/server/serfclientcert.p12
+ if ! [ -d debian/distcerts ]; then \
+ mkdir -p debian/testcerts/private debian/distcerts; \
+ cp test/server/*.pem test/server/serfclientcert.p12 debian/distcerts/; \
+ (cd debian/testcerts && python ../create_certs.py); \
+ cp debian/testcerts/*.pem debian/testcerts/private/serfserverkey.pem debian/testcerts/serfclientcert.p12 test/server/; \
+ fi
scons check
endif
@@ -35,9 +40,14 @@
dh_testdir
scons -c
- rm -f test/server/serfclientcert.p12
rm -f debian/stamp-* .saved_config .sconsign.dblite config.log
rm -rf .sconf_temp
+ rm -rf debian/testcerts
+ if [ -d debian/distcerts ]; then \
+ rm test/server/*.pem test/server/*.p12; \
+ cp debian/distcerts/* test/server/; \
+ rm -rf debian/distcerts; \
+ fi
dh_clean
reverted:
--- serf-1.3.9/debian/serfclientcert.p12.b64
+++ serf-1.3.9.orig/debian/serfclientcert.p12.b64
@@ -1,65 +0,0 @@
-MIIOWQIBAzCCDh8GCSqGSIb3DQEHAaCCDhAEgg4MMIIOCDCCCL8GCSqGSIb3DQEHBqCCCLAwggis
-AgEAMIIIpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQInYTHspcVEugCAggAgIIIeDdqU4+0
-++w3j7MOd1mQE9NdJC2bLf8gh2eI4suNDJMlROSyobsuL1j8Keobq1R9/Jv1S5RTjYtLgRHO8QaL
-wvKkd8Gtu8dHvQeG2rprdpcvu2u0uN3V7dwyfJSgmQBMoPQJJTVZMr6NCu/+1vWBZTMSE52MPLQ3
-FlVdWNFxKQXLjAWcDeLTEtRLg00mi4tPI62CCbpeDZ/Zln5TnDiYNN4rIZBgJ185VzhF/EvuXpj/
-MUyJ9iNEpPSL3C7Lk98D7DgvHIII87oQwqEBfPI0KvYeUPs8tkgVbxvdNcpxcYjca/PI5NhZiazG
-lhtdWtwwrf0FDP5IlCNsbKErulfHQKc4qzF+KiUeHZU9ex5YyNN7xlTLtYyVTfF0wD5aIAWodYE1
-c8dhjlCn2wZCyc8xNfHMh/57momRYoZfoUl0L+gt2b4gyKEUzJ6X0bQDDFWZawa/LrVjxULYJlRm
-ngUOPdVke0CBrgnxuxgLZrmEjvGJjSmp670BMDgiNu2DYPFkl8vuTTmqNvQVjDNzaJHa7LXDcDmq
-4Zsqu0yfBytHVCmW6G1z7Hko07U403d7CoEI5qEvC9LXL7BqOaFexu1Qln/KNNSZUkeON3WVOc8w
-9Qxwp7x0tPgtGwStqd7z8uNFlSNY/udb3YyQwHGvFj1AEOJZdSPIV6NNyBU4YPBHVtpko7dAaQye
-qabSN0gE0y3iZ6o4vghJSNJd0VPBR+dnmvzyxafn1bK/ZOZkk/tMU2RPqsvsFOrlQxBG/bz7buDi
-Fk/wcP9RTt5yn3+vSqCqKwvTfeLcwlwQhemPqNINrOMIkRAhjCUXnwpawCfPQekW1vNEIhtZEUav
-xEmeyRrfebnc5ocTmrd76ETJ2meBnDrbJfq2voXlCNFp9c4rLDSR/zZP9EC8nFU8BimSUSby5+A+
-bWklobR9g9KcL6SB1HEiuADZe9V9Ws7uNYfo3b+mIJUoHuli9gGlTekyXs3MPyVIdMhprjVLLrlc
-hWJyHrFZ2NJulI9K/Cwmb6duvammn/aqBWoIPFNYNXmh6+J5X2V/qHZ00REJVF2ocSQCppVFPEQ0
-4xqa21JzZ/Fh+4ieajujahbolyJf5jU1UQHPTOpp3o8G0dkjQ1EOLgETOYtNTCY8TbQFfZOr8VuX
-nXd0PTfx3wNkYybg3NYnUauKTBTrtux4n3HmwoPG8iCHps8scFKpFSFit9D4N0LpznABrvT0vCi+
-Ld5Pb93YRPLYeqtu83mEVk8GbXUNoaYjXKu7jUtFfZu/peLTCI04tROhBd4OPISFelJgZ9nnn4zD
-3Ffi3vQMT3K1SGujfYgO7FTbqqEyHAcNIriF4IkZccrkAcM+QlySplArNxy2UEfFh//AXt7wWlSg
-uCIeKxIRzsaw4u/uZsfWZkJXoRSRjTFhXDMXOSdt/rd3Cdp9ggJ81l+1cPkXRcyq/h9d0ApubCoo
-q6wIKNelYdmb6A0F2vPfc9DASmA1mzPFf6/80419Qinl6o8hCBB+Yvx/y3Sr2s3F3oobCXeSmcEU
-3CPrccdgBQJzl+JdtPSWwZc9T64faxA54yM3TOV5yuHiWKWTQW/e4q7bvotb90xHROELbaSaC6wH
-70aW6vimJKL9xeyDaQyt39JYa8So+NsRv/dlxcAdkOk2RoXjtTRP+DSbd8R/T6y535MXL5B8GfKG
-qMJvcOUwywc1JGLzuauv1yaBWYiiuozuRWVYCtEsj7+SIUgVsbBgoaLWPsp5oHt9XSya8+zwfEyi
-M7woNc84VRvr0t6da1Oph3hsC8aO35odkhWJ3ujfXFpKTdGHunRjqjUmITC3W+39idn5l21CP3oq
-JlkiB8MPUqJMKXp4xOnAxvEif5upyX8Q640VUwtmhWZ4owIF+0hnyBLdhSYKIeEWDw7LbZe8rY6J
-rsJ+0TFyZWvM/1bPucA7L9dGA9MIce1Av56VwAZ5sbdRspAm/vb8Zt83+JgaTBJuGJ5X5UukF6Ep
-uxCIKZKvGZ/LCk2PaYU39PxnzUPbYGvDrOlTAcCyWA75gegp0DZ9nKeieF2C6BPwS3vy+2EGDC46
-HNh77/2JVlI3BF4sChsv73KXzonoF6VJBqXwlsl/eyPSIeD5qmMesyXJ9EsetLKnFRvOF2YnG/wx
-uzEcNiqz/BOZofusu+112yrFOTCKL2AfZmbMFodWQgHBg5Zu4Nd62rEHTjyGaXfAHMrm4MyR/Jef
-swILOaHKyPyPiZWS4doh3Uot9iD6A0GMu4Ox6Hn/c9SyFJCWxkkqA3FsLRsYGb8TnvgVt25nlHOP
-FlMV4jHICLoXwDjZatiQK2Q+1FebcIbbQlwtjjsnqT1iZVpCLImlIs7QHLJj7G39jkkeV0ltH7Kk
-PlfoTIvh3RRJUJnxVN6KWYbFE1r6flvPYp1eG8vvSwcRyz3Qdf4m5++mTBgwyjQOIBZUM5CRMh2M
-WdOtLHlXWmPuhYu9BrxV9k5X/XgqLOkB6bZfaafb3Rwo1flJ6+36qhfJSz/zDMUmmZEyR5/DlUtH
-Crx67bHAPh0Ny49ctVHVWbsM4gXhnGCTGtO3PoJKo8VLjpWDx0eejk7fzp09BbhXfKqaHs5D3bhY
-aV0/jS5/Ri0Lv+9gD6r6mwtOjLm1jYeljniX3oyS1torZzjGOLxQdA7HK2rqSI2O/LcKym0WlsKI
-reIDD3SqDURxQ/C+emD5ywuD9fLoCPm0PZzoV1EJOW4iC0AOIAD2cRoxOiU6YoqOfT97F6AL3aNt
-yH0O0YZzS6hBBkgdZk9V7vxTXUxAsGiNhMbe1u2RpGyWcEabTKNMQsopX4B/HHoYfB3Ec2oxssIR
-WkAoepUFdjElIWSfBrTixS7e66FxRcGExAUty1t3iAanWuMyBEy0O5gVdDYz/9F8xlZf1TdiMIIF
-QQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG
-9w0BDAEDMA4ECOJz0inVGvG2AgIIAASCBMiCqDG+EbKn329zRIWZ13XP2TbF6ZG+5DgbAlriSP9S
-lgHGTj9VmGueiT14e+JH+y08s1Ho4mGmTFfYS2Hy0FBwceM8m4ldpJKOT7CTNG/JesNw7JdtIZdM
-WT3TC8SXzX2fhO989oR1JgWGZoHsyNPxzNS3BYgJzZ0+yeSH1tF31QyP/9RQal7fVtL9BxU1/32P
-r1M2tK44CObgx/Suiztb83Knz/Prln4LHlwqlUXqyHEO5M3d24zTv8yxbSatr3y9yCmZEtP/8Y6h
-SL3T+30355eNz5UoTukrVdZEzCA/dDjOzWoBWvoxQIVZQBqFpJFEpB18LVhUlM8zxYC+hYHvNWAZ
-FelTFrb7tXaaROC78mlu2tAWngy6Cwue1oLyAazYI8V5T0XQYIHO13ATbgLxSJWqwRgeCp3wS1eV
-4RWRXAqCHvyLw8mLnW4uSW1lz9aCMVT5sg7s9bs5O94okHFKTU7+lI2W3H1Fs+K0dJuDu9b1EyR/
-k/MCHTB++bbZRdycPby1thmL5Y/+D4StmEbd8bD//b/DCfs4q1+fNc1Rh9C0OtME4dcHUbO+WO1W
-qSXbO2yLT/EaWv569a78Vc449T6h4Yd8QfhcbeV0WlN0XECkjgjpfL8aCEt7f8FpTZdmIGB0DAEj
-hWUqrpxxkeey6A4f84FJyFzFQStOVW5Nq5h+xEJa+x3XuKH9zCIWUtkh26W38ge6LZOm+HNLJHz3
-gJ/oHkGcpix6eJpUmBxi89JRk3HcbTFWbXq9PsXHNrwLNSnz46+G/IAdZYEbZ5/vuUcx9D3hYNXv
-IDt4/dl89Racdby9wuSMlYOPM+isOMQXPQBUTWUxlMWBmgmB/vnF+Oa3oHe4/wUor5vcu09eQCME
-6ut5nyT+0sjLQ3Gw3w5vruvb6YJ3w4X0PSMP/0lbD7TSalUeQlpk4tJiGh1nfv9uyPsTzCyc2kFH
-D8DBqobZa+QSTbB/sFYHI3aJmAeBp81U6pDT/nzqM0BqOwyt/slmLb6gv9GDL12ipiLkspbSiMUf
-y3Lsb5hGBnhiQ+/z75O+yWxY/KmkQW79o+e+aIMaZZN56q76rLWghuUTIzjPeG8BcDhorPKg8oKF
-h9iEr+ICPOSolTsy1ZN8/9O5ciT0X0UHqpq6r10mWA5P012/OthccHfEFslC3bv0uNDtKj2vHC9U
-fBf5SLoCu340eZmhkHycJyGDeG+O5sRpm4RBP9FfkFvamLNy0w0UeVeuPz/TMESRkfN7zg+qeCVf
-jzFTf/qAHHccU0Luey+tvQesyfGsnQOsgRPVnq5cgaGyYUS3Le4mQs/VXuEpCiJAFDDKsdBMZR1F
-LNEstM+F3Xe9sgE02cQM6pTSLx6poGcsLPYMthNmgeECTEhyd0x4DECrAX6OzBEacqAAH388omfh
-GJDQ/X65bnomNx4UACmWwcgMH2d/UJeeZCzOYlpsTF9X9oos1mB6GqQ1uyRqv4/1LSgWFL1YfaTq
-pYijdYNOYbA+0eR4g1O24KQcityGM0nFbsug4bXoa7zhB0nIOx5LU56Qw+xrzgqaGp75q1JrxtYe
-uNwLlMMwmHuq81PkcjIhBagWhlpXMR9HcXUd7vf9l4glivvEprfIo0aqyv7WZc3SvaprrG0xJTAj
-BgkqhkiG9w0BCRUxFgQUwpiePJVgUFpOHmHsUupbKlejPAEwMTAhMAkGBSsOAwIaBQAEFFon2x9t
-HyX7YwF0xcRICsWlXshyBAhhXmfWoNGx7gICCAA=
only in patch2:
unchanged:
--- serf-1.3.9.orig/debian/create_certs.py
+++ serf-1.3.9/debian/create_certs.py
@@ -0,0 +1,262 @@
+#!/usr/bin/env python
+
+#
+# ===================================================================
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ===================================================================
+#
+
+# This script creates the private keys and certificates required for
+# running the serf test suite.
+#
+# It should be run from the test/certs folder without arguments.
+# Certificates will be created in the test/certs folder, private keys in the
+# test/certs/private folder.
+#
+# You'll need to install pyOpenSSL for this script to work.
+
+from OpenSSL import crypto, SSL
+from calendar import timegm
+from datetime import datetime
+
+# for serf, update this number every time the certs are updated.
+SERIAL_NUMBER=100020
+
+KEY_ALGO=crypto.TYPE_RSA
+KEY_SIZE=2048
+KEY_CIPHER='DES3'
+SIGN_ALGO='SHA256'
+VALID_DAYS=365 * 3
+
+def create_key(keyfile='', passphrase=None):
+ key = crypto.PKey()
+ key.generate_key(KEY_ALGO, KEY_SIZE)
+ if passphrase:
+ open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
+ key, KEY_CIPHER,
+ passphrase))
+ else:
+ open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
+ key))
+
+ return key
+
+def create_pkcs12(clientkey, clientcert, issuer, pkcs12file, passphrase=None):
+ pkcs12 = crypto.PKCS12()
+
+ pkcs12.set_certificate(clientcert)
+ pkcs12.set_privatekey(clientkey)
+ pkcs12.set_ca_certificates([issuer])
+ open(pkcs12file, "wt").write(pkcs12.export(passphrase=passphrase,
+ iter=2048, maciter=2048))
+
+def create_crl(revokedcert, cakey, cacert, crlfile, next_crl_days=VALID_DAYS):
+ crl = crypto.CRL()
+ revoked = crypto.Revoked()
+
+ serial_number = "%x" % revokedcert.get_serial_number()
+ now = datetime.utcnow()
+ now_str = now.strftime('%Y%m%d%H%M%SZ')
+
+ revoked.set_serial(serial_number)
+ revoked.set_reason('unspecified')
+ revoked.set_rev_date(now_str) # revoked as of now
+
+ crl.add_revoked(revoked)
+ open(crlfile, "wt").write(crl.export(cacert, cakey, days=next_crl_days,
+ digest=b'md5'))
+
+# subjectAltName
+def create_cert(subjectkey, certfile, issuer=None, issuerkey=None, country='',
+ state='', city='', org='', ou='', cn='', email='', ca=False,
+ valid_before=0, days_valid=VALID_DAYS, subjectAltName=None,
+ ocsp_responder_url=None, ocsp_signer=False):
+ '''
+ Create a X509 signed certificate.
+
+ subjectAltName
+ Array of fully qualified subject alternative names (use OpenSSL syntax):
+ For a DNS entry, use: ['DNS:localhost']. Other options are 'email', 'URI', 'IP'.
+ '''
+ cert = crypto.X509()
+
+ cert.set_version(3-1) # version 3, starts at 0
+ cert.get_subject().C = country
+ cert.get_subject().ST = state
+ cert.get_subject().L = city
+ cert.get_subject().O = org
+ cert.get_subject().OU = ou
+ if cn:
+ cert.get_subject().CN = cn
+ cert.get_subject().emailAddress = email
+ cert.set_serial_number(SERIAL_NUMBER)
+ cert.set_pubkey(subjectkey)
+
+ cert.gmtime_adj_notBefore(valid_before * 24 * 3600)
+ cert.gmtime_adj_notAfter(days_valid * 24 * 3600)
+
+ if issuer is None:
+ issuer = cert # self signed
+ issuerkey = subjectkey
+ cert.set_issuer(issuer.get_subject())
+
+ if ca:
+ cert.add_extensions([
+ crypto.X509Extension("basicConstraints", False,
+ "CA:TRUE"),
+ crypto.X509Extension("subjectKeyIdentifier", False, "hash",
+ subject=cert)
+ ])
+ cert.add_extensions([
+ crypto.X509Extension("authorityKeyIdentifier", False,
+ "keyid:always", issuer=issuer)
+ ])
+
+ if subjectAltName:
+ critical = True if not cn else False
+ cert.add_extensions([
+ crypto.X509Extension('subjectAltName', critical, ", ".join(subjectAltName))])
+
+ if ocsp_responder_url:
+ cert.add_extensions([
+ crypto.X509Extension('authorityInfoAccess', False,
+ 'OCSP;URI:' + ocsp_responder_url)])
+
+ if ocsp_signer:
+ cert.add_extensions([
+ crypto.X509Extension('extendedKeyUsage', True, 'OCSPSigning')
+ ])
+
+ cert.sign(issuerkey, SIGN_ALGO)
+
+ open(certfile, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM,
+ cert))
+ return cert
+
+if __name__ == '__main__':
+ # root CA key pair and certificate.
+ # This key will be used to sign the intermediate CA certificate
+ rootcakey = create_key('private/serfrootcakey.pem', 'serftest')
+
+ rootcacert = create_cert(subjectkey=rootcakey,
+ certfile='serfrootcacert.pem',
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Root CA', cn='Serf Root CA',
+ email='serfrootca@example.com', ca=True)
+
+ # intermediate CA key pair and certificate
+ # This key will be used to sign all server certificates
+ cakey = create_key('private/serfcakey.pem', 'serftest')
+
+ cacert = create_cert(subjectkey=cakey, certfile='serfcacert.pem',
+ issuer=rootcacert, issuerkey=rootcakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite CA', cn='Serf CA',
+ email='serfca@example.com', ca=True)
+
+ # server key pair
+ # server certificate, no errors
+ serverkey = create_key('private/serfserverkey.pem', 'serftest')
+
+ servercert = create_cert(subjectkey=serverkey,
+ certfile='serfservercert.pem',
+ issuer=cacert, issuerkey=cakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server', cn='localhost',
+ email='serfserver@example.com')
+
+ # server certificate that expired a year ago
+ expiredcert = create_cert(subjectkey=serverkey,
+ certfile='serfserver_expired_cert.pem',
+ issuer=cacert, issuerkey=cakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server', cn='localhost',
+ email='serfserver@example.com',
+ days_valid=-365)
+
+ # server certificate that will be valid in 10 years
+ expiredcert = create_cert(subjectkey=serverkey,
+ certfile='serfserver_future_cert.pem',
+ issuer=cacert, issuerkey=cakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server', cn='localhost',
+ email='serfserver@example.com',
+ valid_before=10*365,
+ days_valid=13*365)
+
+ # server certificate with SubjectAltName and empty CN
+ san_nocncert = create_cert(subjectkey=serverkey,
+ certfile='serfserver_san_nocn_cert.pem',
+ issuer=cacert, issuerkey=cakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server',
+ cn=None,
+ email='serfserver@example.com',
+ days_valid=13*365,
+ subjectAltName=['DNS:localhost'])
+
+ # server certificate with OCSP responder URL
+ ocspcert = create_cert(subjectkey=serverkey,
+ certfile='serfserver_san_ocsp_cert.pem',
+ issuer=cacert, issuerkey=cakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server',
+ cn='localhost',
+ email='serfserver@example.com',
+ days_valid=13*365,
+ subjectAltName=['DNS:localhost'],
+ ocsp_responder_url='http://localhost:17080')
+
+ # OCSP responder certifi
+ ocsprspcert = create_cert(subjectkey=serverkey,
+ certfile='serfocspresponder.pem',
+ issuer=cacert, issuerkey=cakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server',
+ cn='localhost',
+ email='serfserver@example.com',
+ days_valid=13*365,
+ ocsp_signer=True)
+
+ # client key pair and certificate
+ clientkey = create_key('private/serfclientkey.pem', 'serftest')
+
+ clientcert = create_cert(subjectkey=clientkey,
+ certfile='serfclientcert.pem',
+ issuer=cacert, issuerkey=cakey,
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Client', cn='Serf Client',
+ email='serfclient@example.com')
+
+ clientpkcs12 = create_pkcs12(clientkey, clientcert, cacert,
+ 'serfclientcert.p12', 'serftest')
+
+ # Note that this creates a v1 CRL file without extensions set, and with
+ # MD5 hash. Not ideal, but pyOpenSSL doesn't support more than this.
+ #
+ # crl
+ crl = create_crl(servercert, cakey, cacert, 'serfservercrl.pem')
only in patch2:
unchanged:
--- serf-1.3.9.orig/debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list
+++ serf-1.3.9/debian/patches/r1712790-serf_bucket_aggregate_prepend-empty-list
@@ -0,0 +1,34 @@
+Description: Make serf_bucket_aggregate_prepend() behave properly when prepending a bucket to an empty list
+Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1712790
+
+Index: b/buckets/aggregate_buckets.c
+===================================================================
+--- a/buckets/aggregate_buckets.c
++++ b/buckets/aggregate_buckets.c
+@@ -149,6 +149,8 @@
+ new_list->bucket = prepend_bucket;
+ new_list->next = ctx->list;
+
++ if (ctx->list == NULL)
++ ctx->last = new_list;
+ ctx->list = new_list;
+ }
+
+@@ -278,6 +280,8 @@
+
+ /* If we have no more in our list, return EOF. */
+ if (!ctx->list) {
++ ctx->last = NULL;
++
+ if (ctx->hold_open) {
+ return ctx->hold_open(ctx->hold_open_baton, bucket);
+ }
+@@ -390,6 +394,8 @@
+
+ /* If we have no more in our list, return EOF. */
+ if (!ctx->list) {
++ ctx->last = NULL;
++
+ if (ctx->hold_open) {
+ return ctx->hold_open(ctx->hold_open_baton, bucket);
+ }
Reply to: