[Pkg-freeipa-devel] tomcatjss: Changes to 'master'

Timo Aaltonen tjaalton at moszumanska.debian.org
Wed Aug 31 12:18:53 UTC 2016


 build.xml                                                |    4 -
 debian/changelog                                         |    6 ++
 src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java |   32 +++++++++++++--
 tomcatjss.spec                                           |    8 +++
 4 files changed, 44 insertions(+), 6 deletions(-)

New commits:
commit 7fbbdbb86fd2b5a074c661bd3206c57c1c116108
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Wed Aug 31 15:17:37 2016 +0300

    releasing package tomcatjss version 7.1.4-1

diff --git a/debian/changelog b/debian/changelog
index e5a0398..d0b03d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+tomcatjss (7.1.4-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Wed, 31 Aug 2016 15:14:48 +0300
+
 tomcatjss (7.1.3-3) unstable; urgency=medium
 
   * control: Revert to building with libtomcat7-java again.

commit c5af32b76ba01258ea5931637a66d2fc8bf78204
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Wed Aug 31 15:06:59 2016 +0300

    Imported Upstream version 7.1.4

diff --git a/build.xml b/build.xml
index 4bd13ec..1bbe8a5 100755
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
 
   <property name="Name" value="Tomcat JSS"/>
   <property name="name" value="tomcatjss"/>
-  <property name="version" value="7.1.3"/>
-  <property name="manifest-version" value="7.1.3"/>
+  <property name="version" value="7.1.4"/>
+  <property name="manifest-version" value="7.1.4"/>
 
   <!--
     Set the properties that control various build options
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
index 7576618..2d00366 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -96,8 +96,12 @@ public class JSSSocketFactory implements
                 SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
         cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
                 SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
+
         cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
                 SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+        // deprecated SSL3.0 names replaced by IANA-registered TLS names
+        cipherMap.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+                SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
 
         cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
                 SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
@@ -116,14 +120,23 @@ public class JSSSocketFactory implements
                 SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
         cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
                 SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
+
         cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
                 SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+        // deprecated SSL3.0 names replaced by IANA-registered TLS names
+        cipherMap.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+                SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+
         cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
                 SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
         cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
                 SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
+
         cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
                 SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+        // deprecated SSL3.0 names replaced by IANA-registered TLS names
+        cipherMap.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+                SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
 
         cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
                 SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
@@ -257,13 +270,21 @@ public class JSSSocketFactory implements
                 SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
         cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
                 SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
-        cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
-                SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
         cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
                 SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+/* unsupported by nss
+        cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+                SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
         cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
                 SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
-
+*/
+
+        cipherMap.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+                SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
+        cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+                SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
+        cipherMap.put("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+                SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
     }
 
     private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
@@ -308,6 +329,10 @@ public class JSSSocketFactory implements
                 "TLS_ECDH_RSA_WITH_NULL_SHA");
         eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
                 "TLS_ECDH_ECDSA_WITH_NULL_SHA");
+/* unsupported by nss
+        eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+                "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
+*/
     }
 
     private AbstractEndpoint endpoint;
@@ -393,6 +418,7 @@ public class JSSSocketFactory implements
                             + ": 0x" + Integer.toHexString(cipherid) + "\n");
                     SSLSocket.setCipherPreferenceDefault(cipherid, state);
                 } catch (Exception e) {
+                    System.err.println("SSLSocket.setCipherPreferenceDefault exception:" +e);
                     if (eccCipherMap.containsKey(cipherid)) {
                         System.err
                                 .println("Warning: SSL ECC cipher \""
diff --git a/tomcatjss.spec b/tomcatjss.spec
index 7c29c35..6baaca8 100755
--- a/tomcatjss.spec
+++ b/tomcatjss.spec
@@ -1,5 +1,5 @@
 Name:     tomcatjss
-Version:  7.1.3
+Version:  7.1.4
 Release:  1%{?dist}
 Summary:  JSSE implementation using JSS for Tomcat
 URL:      http://pki.fedoraproject.org/
@@ -91,6 +91,12 @@ rm -rf %{buildroot}
 %{_javadir}/*
 
 %changelog
+* Tue Jul 5 2016 Christina Fu <cfu at redhat.com> 7.1.4.1
+- Bugzilla Bug #1203407 missing ciphers (cfu)
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng at fedoraproject.org> 7.1.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
 * Wed Jul 22 2015 Endi Sukma Dewata <edewata at redhat.com> 7.1.3-1
 - Bugzilla Bug #1245786 - Build failure on F23
 



More information about the Pkg-freeipa-devel mailing list