[Pkg-freeipa-devel] [Git][freeipa-team/jss][master] 11 commits: Bug2184930_Fix AIA externsion print
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Thu Aug 10 09:21:58 BST 2023
Timo Aaltonen pushed to branch master at FreeIPA packaging / jss
Commits:
6ce77577 by Marco Fargetta at 2023-05-11T15:57:22+02:00
Bug2184930_Fix AIA externsion print
The "Authority Info Access" extension was not included in the oid
extension map so it was not correctly printed.
This add AIA extension to the oid map.
- - - - -
5564154e by Endi S. Dewata at 2023-05-19T14:44:01-05:00
Suppress warnings for deprecated algorithms
Algorithms such as SHA-1 and MD5 are deprecated but they still
have valid uses and in certain cases cannot be replaced easily.
The problem is currently code that uses these algorithms
generates warnings that can undermine user's confidence in the
code. To avoid the problem, the warnings have been converted
into regular debug messages which will only appear in debug mode.
- - - - -
bd81795d by Marco Fargetta at 2023-05-25T12:02:53+02:00
Bug2209625_Fix SIA extension
The "Subject Info Access" extension was not included in the oid
extension map so it was not correctly printed.
This add SIA extension to the oid map.
- - - - -
d3a3e503 by Marco Fargetta at 2023-05-31T15:43:18+02:00
Updating version to v5.4.1..
- - - - -
ccc73abd by Marco Fargetta at 2023-05-31T15:43:50+02:00
Updating version to v5.4.1
- - - - -
11f997f7 by Chris Kelley at 2023-06-16T12:45:34+01:00
Introduce Packit configuration for jss
- - - - -
9e92fe69 by Chris Kelley at 2023-06-16T12:51:26+01:00
Upstream spec file changes to reduce diffs
- - - - -
7e99d7e7 by Chris Kelley at 2023-06-16T12:53:07+01:00
Updating version to v5.4.2
- - - - -
8a777cf6 by Timo Aaltonen at 2023-08-10T11:19:02+03:00
Merge branch 'upstream'
- - - - -
1fdfb437 by Timo Aaltonen at 2023-08-10T11:19:33+03:00
version bump
- - - - -
c18d2dc5 by Timo Aaltonen at 2023-08-10T11:21:26+03:00
releasing package jss version 5.4.2-1
- - - - -
6 changed files:
- + .packit.yaml
- base/src/main/java/org/mozilla/jss/JSSProvider.java
- base/src/main/java/org/mozilla/jss/netscape/security/x509/OIDMap.java
- cmake/JSSConfig.cmake
- debian/changelog
- jss.spec
Changes:
=====================================
.packit.yaml
=====================================
@@ -0,0 +1,30 @@
+---
+# See the documentation for more information:
+# https://packit.dev/docs/configuration/
+specfile_path: jss.spec
+
+# add or remove files that should be synced
+files_to_sync:
+ - jss.spec
+ - .packit.yaml
+
+# Allow dist git reactions on packit and ckelley commits and PRs
+allowed_pr_authors:
+ - packit
+ - ckelleyRH
+allowed_committers:
+ - packit
+ - ckelleyRH
+
+upstream_package_name: jss
+# downstream (Fedora/CentOS) RPM package name
+downstream_package_name: jss
+# see: https://packit.dev/docs/configuration/#upstream_tag_template
+upstream_tag_template: "v{version}"
+
+jobs:
+ - job: propose_downstream
+ trigger: release
+ dist_git_branches:
+ - fedora-development
+# - centos-stream-9-x86_64 # When Packit integration with CentOS is avaiable, enable this
=====================================
base/src/main/java/org/mozilla/jss/JSSProvider.java
=====================================
@@ -108,7 +108,7 @@ public final class JSSProvider extends java.security.Provider {
int lineNumber = stackTrace[i + 1].getLineNumber();
String methodName = stackTrace[i + 1].getMethodName();
String className = stackTrace[i + 1].getClassName();
- logger.warn(
+ logger.debug(
"The {} algorithm used in {}::{}:{} is deprecated. Use a more secure algorithm.",
algorithm,
className,
=====================================
base/src/main/java/org/mozilla/jss/netscape/security/x509/OIDMap.java
=====================================
@@ -25,6 +25,8 @@ import java.util.Hashtable;
import java.util.Iterator;
import java.util.Properties;
+import org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension;
+import org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension;
import org.mozilla.jss.netscape.security.util.ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,6 +67,10 @@ public class OIDMap {
AuthorityKeyIdentifierExtension.NAME;
private static final String SUB_KEY_IDENTIFIER = ROOT + "." +
SubjectKeyIdentifierExtension.NAME;
+ private static final String AUTHORITY_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." +
+ AuthInfoAccessExtension.NAME;
+ private static final String SUBJECT_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." +
+ SubjectInfoAccessExtension.NAME;
private static final String KEY_USAGE = ROOT + "." +
KeyUsageExtension.NAME;
private static final String PRIVATE_KEY_USAGE = ROOT + "." +
@@ -85,6 +91,7 @@ public class OIDMap {
CertificatePoliciesExtension.NAME;
private static final String SUBJ_DIR_ATTR = ROOT + "." +
SubjectDirAttributesExtension.NAME;
+
public static final String EXT_KEY_USAGE_NAME = "ExtendedKeyUsageExtension";
public static final String EXT_INHIBIT_ANY_POLICY_NAME = "InhibitAnyPolicyExtension";
private static final String EXT_KEY_USAGE = ROOT + "." +
@@ -109,6 +116,8 @@ public class OIDMap {
// Load the default name to oid map (EXTENSIONS_OIDS)
private static void loadNamesDefault(Properties props) {
props.put(SUB_KEY_IDENTIFIER, "2.5.29.14");
+ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.1");
+ props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.11");
props.put(KEY_USAGE, "2.5.29.15");
props.put(PRIVATE_KEY_USAGE, "2.5.29.16");
props.put(SUB_ALT_NAME, "2.5.29.17");
@@ -131,6 +140,10 @@ public class OIDMap {
"org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension");
props.put(SUB_KEY_IDENTIFIER,
"org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension");
+ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER,
+ "org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension");
+ props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER,
+ "org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension");
props.put(KEY_USAGE,
"org.mozilla.jss.netscape.security.x509.KeyUsageExtension");
props.put(PRIVATE_KEY_USAGE,
=====================================
cmake/JSSConfig.cmake
=====================================
@@ -3,7 +3,7 @@ macro(jss_config)
# MAJOR MINOR PATCH BETA
# When BETA is 1, it is a pre-release (it enables some tests).
# When BETA is 0, it is a final release.
- jss_config_version(5 4 0 0)
+ jss_config_version(5 4 2 0)
# Configure output directories
jss_config_outputs()
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+jss (5.4.2-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Thu, 10 Aug 2023 11:21:16 +0300
+
jss (5.4.0-1) experimental; urgency=medium
* New upstream release.
=====================================
jss.spec
=====================================
@@ -7,7 +7,7 @@ Name: jss
# Upstream version number:
%global major_version 5
%global minor_version 4
-%global update_version 0
+%global update_version 2
# Downstream release number:
# - development/stabilization (unsupported): 0.<n> where n >= 1
@@ -25,7 +25,7 @@ Name: jss
Summary: Java Security Services (JSS)
URL: https://github.com/dogtagpki/jss
-License: MPLv1.1 or GPLv2+ or LGPLv2+
+License: MPL-1.1 or GPL-2.0-or-later or LGPL-2.1-or-later
Version: %{major_version}.%{minor_version}.%{update_version}
Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/2e65f85f7aa5e1292df8f5e557b227d67eab8d31...c18d2dc5434c2f0ceab5f0ea0bf86c356c71dad7
--
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/2e65f85f7aa5e1292df8f5e557b227d67eab8d31...c18d2dc5434c2f0ceab5f0ea0bf86c356c71dad7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230810/49095cef/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list