From 6655a987b1104211cf98b6ffa8a4986c877abcd2 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2016 06:10:07 +0000 Subject: import tomcatjss-7.1.2-3.el7 --- diff --git a/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch b/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch new file mode 100644 index 0000000..b3eb8dc --- /dev/null +++ b/SOURCES/tomcatjss-Build-Tomcat-7.0.68.patch @@ -0,0 +1,13 @@ +--- src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-04-20 12:34:46.000000000 -0600 ++++ src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-08-05 15:10:53.000000000 -0600 +@@ -97,6 +97,10 @@ class JSSSupport implements SSLSupport { + return null; + } + ++ public String getProtocol() throws IOException { ++ return null; ++ } ++ + public String getSessionId() throws IOException { + return null; + } diff --git a/SOURCES/tomcatjss-missing-ciphers.patch b/SOURCES/tomcatjss-missing-ciphers.patch new file mode 100644 index 0000000..953b20c --- /dev/null +++ b/SOURCES/tomcatjss-missing-ciphers.patch @@ -0,0 +1,70 @@ +diff -up src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java +--- src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java.cfu 2016-06-29 18:54:38.498127146 -0600 ++++ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java 2016-06-29 18:56:38.646778769 -0600 +@@ -96,8 +96,12 @@ public class JSSSocketFactory implements + SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA); + cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA", + SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA); ++ + cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA", + SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA); ++ // deprecated SSL3.0 names replaced by IANA-registered TLS names ++ cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA", ++ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA); + + cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA); +@@ -116,14 +120,23 @@ public class JSSSocketFactory implements + SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA); + cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA", + SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA); ++ + cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA); ++ // deprecated SSL3.0 names replaced by IANA-registered TLS names ++ cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", ++ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA); ++ + cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA); + cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA", + SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA); ++ + cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA); ++ // deprecated SSL3.0 names replaced by IANA-registered TLS names ++ cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", ++ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA); + + cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5", + SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5); +@@ -264,6 +277,12 @@ public class JSSSocketFactory implements + cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256); + ++ cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", ++ SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA); ++ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", ++ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA); ++ cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", ++ SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA); + } + + private static HashMap eccCipherMap = new HashMap(); +@@ -308,6 +327,8 @@ public class JSSSocketFactory implements + "TLS_ECDH_RSA_WITH_NULL_SHA"); + eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, + "TLS_ECDH_ECDSA_WITH_NULL_SHA"); ++ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, ++ "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); + } + + private AbstractEndpoint endpoint; +@@ -393,6 +414,7 @@ public class JSSSocketFactory implements + + ": 0x" + Integer.toHexString(cipherid) + "\n"); + SSLSocket.setCipherPreferenceDefault(cipherid, state); + } catch (Exception e) { ++ System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e); + if (eccCipherMap.containsKey(cipherid)) { + System.err + .println("Warning: SSL ECC cipher \"" diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec index 5485c88..fb80df3 100644 --- a/SPECS/tomcatjss.spec +++ b/SPECS/tomcatjss.spec @@ -1,6 +1,6 @@ Name: tomcatjss Version: 7.1.2 -Release: 1%{?dist} +Release: 3%{?dist} Summary: JSSE implementation using JSS for Tomcat URL: http://pki.fedoraproject.org/ License: LGPLv2+ @@ -22,7 +22,7 @@ BuildRequires: jss >= 4.2.6-35 %if 0%{?fedora} >= 23 BuildRequires: tomcat >= 8.0.18 %else -BuildRequires: tomcat >= 7.0.40 +BuildRequires: tomcat >= 7.0.68 %endif Requires: apache-commons-lang @@ -36,9 +36,13 @@ Requires: jss >= 4.2.6-35 %if 0%{?fedora} >= 23 Requires: tomcat >= 8.0.18 %else -Requires: tomcat >= 7.0.40 +Requires: tomcat >= 7.0.68 %endif +## tomcatjss-7.1.2-2 +Patch1: tomcatjss-Build-Tomcat-7.0.68.patch +Patch2: tomcatjss-missing-ciphers.patch + # The 'tomcatjss' package conflicts with the 'tomcat-native' package # because it uses an underlying NSS security model rather than the # OpenSSL security model, so these two packages may not co-exist. @@ -61,6 +65,8 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package %prep %setup -q +%patch1 -p0 +%patch2 -p0 chmod -c -x LICENSE README %build @@ -91,6 +97,14 @@ rm -rf %{buildroot} %{_javadir}/* %changelog +* Wed Jun 29 2016 Christina Fu 7.1.2-3 +- Bugzilla Bug #1203407 - missing ciphers (cfu) + +* Wed Mar 16 2016 Endi Sukma Dewata 7.1.2-2 +- Bugzilla Bug #1344804 - Build failure on RHEL 7.3 + (patch for Bugzilla Bug #1245786 - Build failure on F23 was backported to + RHEL 7 to coincide with Tomcat version change to 7.0.68+) + * Wed Mar 4 2015 Endi Sukma Dewata 7.1.2-1 - Bugzilla Bug #1198450 - Support for Tomcat 8 - Bugzilla Bug #1214858 - Add nuxwdog support (alee)