[Pkg-freeipa-devel] [Git][freeipa-team/jss][upstream] 8 commits: Bug2184930_Fix AIA externsion print

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Thu Aug 10 09:22:02 BST 2023



Timo Aaltonen pushed to branch upstream at FreeIPA packaging / jss


Commits:
6ce77577 by Marco Fargetta at 2023-05-11T15:57:22+02:00
Bug2184930_Fix AIA externsion print

The "Authority Info Access" extension was not included in the oid
extension  map so it was not correctly printed.

This add AIA extension to the oid map.

- - - - -
5564154e by Endi S. Dewata at 2023-05-19T14:44:01-05:00
Suppress warnings for deprecated algorithms

Algorithms such as SHA-1 and MD5 are deprecated but they still
have valid uses and in certain cases cannot be replaced easily.
The problem is currently code that uses these algorithms
generates warnings that can undermine user's confidence in the
code. To avoid the problem, the warnings have been converted
into regular debug messages which will only appear in debug mode.

- - - - -
bd81795d by Marco Fargetta at 2023-05-25T12:02:53+02:00
Bug2209625_Fix SIA extension

The "Subject Info Access" extension was not included in the oid
extension  map so it was not correctly printed.

This add SIA extension to the oid map.

- - - - -
d3a3e503 by Marco Fargetta at 2023-05-31T15:43:18+02:00
Updating version to v5.4.1..

- - - - -
ccc73abd by Marco Fargetta at 2023-05-31T15:43:50+02:00
Updating version to v5.4.1

- - - - -
11f997f7 by Chris Kelley at 2023-06-16T12:45:34+01:00
Introduce Packit configuration for jss

- - - - -
9e92fe69 by Chris Kelley at 2023-06-16T12:51:26+01:00
Upstream spec file changes to reduce diffs

- - - - -
7e99d7e7 by Chris Kelley at 2023-06-16T12:53:07+01:00
Updating version to v5.4.2

- - - - -


5 changed files:

- + .packit.yaml
- base/src/main/java/org/mozilla/jss/JSSProvider.java
- base/src/main/java/org/mozilla/jss/netscape/security/x509/OIDMap.java
- cmake/JSSConfig.cmake
- jss.spec


Changes:

=====================================
.packit.yaml
=====================================
@@ -0,0 +1,30 @@
+---
+# See the documentation for more information:
+# https://packit.dev/docs/configuration/
+specfile_path: jss.spec
+
+# add or remove files that should be synced
+files_to_sync:
+  - jss.spec
+  - .packit.yaml
+
+# Allow dist git reactions on packit and ckelley commits and PRs
+allowed_pr_authors:
+  - packit
+  - ckelleyRH
+allowed_committers:
+  - packit
+  - ckelleyRH
+
+upstream_package_name: jss
+# downstream (Fedora/CentOS) RPM package name
+downstream_package_name: jss
+# see: https://packit.dev/docs/configuration/#upstream_tag_template
+upstream_tag_template: "v{version}"
+
+jobs:
+  - job: propose_downstream
+    trigger: release
+    dist_git_branches:
+      - fedora-development
+#     - centos-stream-9-x86_64 # When Packit integration with CentOS is avaiable, enable this


=====================================
base/src/main/java/org/mozilla/jss/JSSProvider.java
=====================================
@@ -108,7 +108,7 @@ public final class JSSProvider extends java.security.Provider {
                     int lineNumber = stackTrace[i + 1].getLineNumber();
                     String methodName = stackTrace[i + 1].getMethodName();
                     String className = stackTrace[i + 1].getClassName();
-                    logger.warn(
+                    logger.debug(
                             "The {} algorithm used in {}::{}:{} is deprecated. Use a more secure algorithm.",
                             algorithm,
                             className,


=====================================
base/src/main/java/org/mozilla/jss/netscape/security/x509/OIDMap.java
=====================================
@@ -25,6 +25,8 @@ import java.util.Hashtable;
 import java.util.Iterator;
 import java.util.Properties;
 
+import org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension;
+import org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension;
 import org.mozilla.jss.netscape.security.util.ObjectIdentifier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -65,6 +67,10 @@ public class OIDMap {
                                           AuthorityKeyIdentifierExtension.NAME;
     private static final String SUB_KEY_IDENTIFIER = ROOT + "." +
                                           SubjectKeyIdentifierExtension.NAME;
+    private static final String AUTHORITY_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." +
+                                          AuthInfoAccessExtension.NAME;
+    private static final String SUBJECT_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." +
+                                          SubjectInfoAccessExtension.NAME;
     private static final String KEY_USAGE = ROOT + "." +
                                           KeyUsageExtension.NAME;
     private static final String PRIVATE_KEY_USAGE = ROOT + "." +
@@ -85,6 +91,7 @@ public class OIDMap {
             CertificatePoliciesExtension.NAME;
     private static final String SUBJ_DIR_ATTR = ROOT + "." +
             SubjectDirAttributesExtension.NAME;
+
     public static final String EXT_KEY_USAGE_NAME = "ExtendedKeyUsageExtension";
     public static final String EXT_INHIBIT_ANY_POLICY_NAME = "InhibitAnyPolicyExtension";
     private static final String EXT_KEY_USAGE = ROOT + "." +
@@ -109,6 +116,8 @@ public class OIDMap {
     // Load the default name to oid map (EXTENSIONS_OIDS)
     private static void loadNamesDefault(Properties props) {
         props.put(SUB_KEY_IDENTIFIER, "2.5.29.14");
+        props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.1");
+        props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.11");
         props.put(KEY_USAGE, "2.5.29.15");
         props.put(PRIVATE_KEY_USAGE, "2.5.29.16");
         props.put(SUB_ALT_NAME, "2.5.29.17");
@@ -131,6 +140,10 @@ public class OIDMap {
                    "org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension");
         props.put(SUB_KEY_IDENTIFIER,
                   "org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension");
+        props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER,
+                 "org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension");
+        props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER,
+                "org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension");
         props.put(KEY_USAGE,
                   "org.mozilla.jss.netscape.security.x509.KeyUsageExtension");
         props.put(PRIVATE_KEY_USAGE,


=====================================
cmake/JSSConfig.cmake
=====================================
@@ -3,7 +3,7 @@ macro(jss_config)
     #   MAJOR MINOR PATCH BETA
     # When BETA is 1, it is a pre-release (it enables some tests).
     # When BETA is 0, it is a final release.
-    jss_config_version(5 4 0 0)
+    jss_config_version(5 4 2 0)
 
     # Configure output directories
     jss_config_outputs()


=====================================
jss.spec
=====================================
@@ -7,7 +7,7 @@ Name:           jss
 # Upstream version number:
 %global         major_version 5
 %global         minor_version 4
-%global         update_version 0
+%global         update_version 2
 
 # Downstream release number:
 # - development/stabilization (unsupported): 0.<n> where n >= 1
@@ -25,7 +25,7 @@ Name:           jss
 
 Summary:        Java Security Services (JSS)
 URL:            https://github.com/dogtagpki/jss
-License:        MPLv1.1 or GPLv2+ or LGPLv2+
+License:        MPL-1.1 or GPL-2.0-or-later or LGPL-2.1-or-later
 Version:        %{major_version}.%{minor_version}.%{update_version}
 Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
 



View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/808f42762bb63442ed3adfd5bd6346665db5f94f...7e99d7e747d64ce93372afd7dd6c3ec252fb4cec

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/808f42762bb63442ed3adfd5bd6346665db5f94f...7e99d7e747d64ce93372afd7dd6c3ec252fb4cec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230810/7a737157/attachment-0001.htm>


More information about the Pkg-freeipa-devel mailing list