You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/13 10:33:49 UTC
[6/9] git commit: updated refs/heads/master to 6c71d3b
CS-17504: Weak SSL ciphers supported by the management server
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 20a63c409d52b2c3dffc8ea58dd25ffb7e55d0e8)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
packaging/centos63/cloud.spec
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ac1a2207
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ac1a2207
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ac1a2207
Branch: refs/heads/master
Commit: ac1a2207ef3002637749773c02ecfaaaef0d0854
Parents: a308f37
Author: Harikrishna Patnala <ha...@citrix.com>
Authored: Tue Nov 4 17:47:04 2014 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
client/tomcatconf/java.security.ciphers.in | 18 ++++++++++++++++++
client/tomcatconf/tomcat6-nonssl.conf.in | 2 +-
client/tomcatconf/tomcat6-ssl.conf.in | 2 +-
debian/cloudstack-management.install | 1 +
packaging/centos63/cloud.spec | 2 +-
packaging/centos7/cloud.spec | 2 +-
packaging/fedora20/cloud.spec | 2 +-
packaging/fedora21/cloud.spec | 2 +-
8 files changed, 25 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/client/tomcatconf/java.security.ciphers.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/java.security.ciphers.in b/client/tomcatconf/java.security.ciphers.in
new file mode 100644
index 0000000..986abf6
--- /dev/null
+++ b/client/tomcatconf/java.security.ciphers.in
@@ -0,0 +1,18 @@
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing,
+ # software distributed under the License is distributed on an
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ # KIND, either express or implied. See the License for the
+ # specific language governing permissions and limitations
+ # under the License.
+
+jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/client/tomcatconf/tomcat6-nonssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-nonssl.conf.in b/client/tomcatconf/tomcat6-nonssl.conf.in
index 5ce724c..3f08c90 100644
--- a/client/tomcatconf/tomcat6-nonssl.conf.in
+++ b/client/tomcatconf/tomcat6-nonssl.conf.in
@@ -41,7 +41,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/client/tomcatconf/tomcat6-ssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-ssl.conf.in b/client/tomcatconf/tomcat6-ssl.conf.in
index c967a98..e7c53ac 100644
--- a/client/tomcatconf/tomcat6-ssl.conf.in
+++ b/client/tomcatconf/tomcat6-ssl.conf.in
@@ -40,7 +40,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/debian/cloudstack-management.install
----------------------------------------------------------------------
diff --git a/debian/cloudstack-management.install b/debian/cloudstack-management.install
index ea3f93b..4e016df 100644
--- a/debian/cloudstack-management.install
+++ b/debian/cloudstack-management.install
@@ -30,6 +30,7 @@
/etc/cloudstack/management/tomcat6.conf
/etc/cloudstack/management/web.xml
/etc/cloudstack/management/environment.properties
+/etc/cloudstack/management/java.security.ciphers
/etc/cloudstack/management/log4j-cloud.xml
/etc/cloudstack/management/tomcat-users.xml
/etc/cloudstack/management/context.xml
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/centos63/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec
index 07b3360..83e3c0c 100644
--- a/packaging/centos63/cloud.spec
+++ b/packaging/centos63/cloud.spec
@@ -290,7 +290,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf server-ssl.xml server-nonssl.xml \
- catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/centos7/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos7/cloud.spec b/packaging/centos7/cloud.spec
index 3aec349..b6c9559 100644
--- a/packaging/centos7/cloud.spec
+++ b/packaging/centos7/cloud.spec
@@ -264,7 +264,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in catalina.properties db.properties log4j-cloud.xml web.xml cloud-bridge.properties\
- ec2-service.properties server.xml commons-logging.properties environment.properties tomcat-users.xml
+ ec2-service.properties server.xml commons-logging.properties environment.properties java.security.ciphers tomcat-users.xml
do
cp packaging/centos7/tomcat7/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/fedora20/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/fedora20/cloud.spec b/packaging/fedora20/cloud.spec
index 84b29db..1bb1c97 100644
--- a/packaging/fedora20/cloud.spec
+++ b/packaging/fedora20/cloud.spec
@@ -292,7 +292,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf server-ssl.xml server-nonssl.xml \
- catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers ; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/fedora21/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/fedora21/cloud.spec b/packaging/fedora21/cloud.spec
index 98b12ba..661d807 100644
--- a/packaging/fedora21/cloud.spec
+++ b/packaging/fedora21/cloud.spec
@@ -292,7 +292,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf server-ssl.xml server-nonssl.xml \
- catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers ; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done