<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Timo Aaltonen pushed to branch master

at <a href="https://salsa.debian.org/freeipa-team/jss">FreeIPA packaging / jss</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/731b62d4c456a3e1a70519c24eb0df2c59d943b4">731b62d4</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-06-17T13:02:26Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Support LD_FLAGS from environment

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/88fa55a9d1f355036b654996aca176e59c448b9a">88fa55a9</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-06-17T14:13:47Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add additional error handling functions

PR_GetErrorText doesn't return useful information all the time;

PR_ErrorToName always returns the constant name when possible.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/de594c30681c435fa220564d2dabd701d66e9790">de594c30</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-06-19T10:56:22Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Wrap SSL_ConfigServerCert

SSL_ConfigServerCert (exposed as jss.nss.SSL.ConfigServerCert) is the

more modern form of SSL_ConfigSecureServer. Implement the wrapper with

no additional data (i.e., default configuration) and test it. Also test

ECDSA signed certificates in both C and Java BufferPRFD test suites.

Deprecate SSL_ConfigSecureServer as well.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/182add54189d9e6e5a95d925d63f044959647085">182add54</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-06-19T13:38:31Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Return String in jss.nss.PR error text functions

GetErrorText() and ErrorToName(...) previously returned byte[]; return

String as they're most likely to be used in conjunction with other

Strings.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/e6638fd23ac0a0e47b4075f8f1ea668cbf120625">e6638fd2</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-06-24T12:38:57Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Switch to SSL_ConfigServerCert

In SSLServerSocket, we use the deprecated form, SSL_ConfigSecureServer.

Switch to using the newer form, SSL_ConfigServerCert. This also saves us

a call to check the KEA usage.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/917c41ef443c690dea1ff9ea927073dcc96791ba">917c41ef</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-06-27T20:10:26Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JSS_PK11_wrapCertChain helper

A CERTCertList is roughly equivalent to a PK11Cert[] array. Add a helper

function for wrapping a CERTCertList into a PK11Cert[] jobjectArray

item. This largely mirrors the JSS_PK11_wrapCert helper function.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/0b6924d13f9a3e0ebab68f6397b4097737736864">0b6924d1</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-06-27T20:10:26Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Wrap SSL_PeerCertificate, SSL_PeerCertificateChain

These two functions are necessary for introspecting the results of a SSL

handshake with client authentication and useful for SSLSession support.

Adds a test to the TestBufferPRFD method to check their status.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/d634b1ee1d43aa26c7214d37134e67c556c03685">d634b1ee</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-15T21:05:29Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Terminate SSL test cases after too many attempts

When the handshake fails to complete in a certain number of steps,

terminate it. We set this limit as 40 as it should be significantly

larger than the number of required steps (since the buffer limit is at

2048, we'd expect no more than 10 steps, even with a large certificate

or chain).

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/b201d95a04ac1612c5c8480659edb62ffb036f85">b201d95a</a></strong>

<div>

<span>by Endi S. Dewata</span>

<i>at 2019-07-19T13:07:57Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added uncleared password warning

The Password class has been modified to store the location where

it was created initially. If the Password object is garbage

collected without being cleared first, it will display a warning

message showing the location of the offending code.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/adc2889a61212f0a213ade18a07a995aa23ea625">adc2889a</a></strong>

<div>

<span>by Endi S. Dewata</span>

<i>at 2019-07-19T16:58:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed indentations in MacData constructor.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/641a0539b79fde60df63e82a3d2c589128ab6af5">641a0539</a></strong>

<div>

<span>by Endi S. Dewata</span>

<i>at 2019-07-19T16:58:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed uncleared password in MacData

The MacData has been modified to call PBEKeyGenParams.clear()

in a finally block to ensure that the password is cleared.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/739ed78ba8694c43823e5bcb8cb7c1e78bc52702">739ed78b</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-19T18:44:12Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">In FIPS mode, disable non-FIPS tests

Certain tests are guaranteed to fail in FIPS mode. Add an environment

variable, FIPS_ENABLED, to not enable them on CMake. Also support

passing it as a CMake option.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/2007096b93282a79485ed7e2baed923966144cc6">2007096b</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-19T18:44:12Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">jss.spec: Auto-set FIPS_ENABLED

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/a1de8685f1f6fb423eaf05189f1be41198286b33">a1de8685</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-19T22:27:07Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add alternative HMAC names for JSSProvider

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/c3c69c08790211422d13cdc4048181c4e7c4099b">c3c69c08</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-22T14:39:40Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Rename HMACTest -> CrossHMACTest

On systems with case-insensitive file systems, cloning will likely fail

as there's two files with the "same" name but different contents:

HmacTest.java and HMACTest.java. Rename the latter, which attempts to

test different providers, to CrossHMACTest.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/18598df6b219d3cbb1acea0f2d2f97c3b0dfe1de">18598df6</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-22T17:00:37Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove tests/all.pl - old test suite runner

Since 4.5.1, we've replaced the test suite runner with a CMake/ctest

implementation. At this point, we're preferring SSLEngine over

SSLSocket, so keeping the last few remaining test cases in all.pl (that

we're not running anyways) doesn't do much.

tests/all.pl is tracked in the jss archive for historical reference:

https://github.com/dogtagpki/jss-archive/blob/master/org/mozilla/jss/tests/all.pl

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/2ff3bbd0a69b77716424dcf3cac0ad43db5b528f">2ff3bbd0</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-24T19:24:37Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add enum for Algorithm's PKCS #11 Constants

We need to map PKCS11 Constants between their names and their values and

also between their values and Algorithm identifiers. To do so, we add

PKCS11Algorithm which enumerates identifiers common to both Algorithm

and PKCS11Constants. This will let us call into the NSS API with the

correct constant identifier from PKCS11, when needed.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/694614b1c8b9c3377661949476f98f5a1bf5f922">694614b1</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-24T19:24:37Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Expose PKCS11Algorithm enum value from Algorithm

Also changes the type of Algorithm's fields from short to int to better

match the underlying type and the type of oidIndex.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/b15d90443bf8ba64deb839fd6c6b26ec51556bcd">b15d9044</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-24T19:36:30Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix SHA1-HMAC in SymmetricKey

In SymmetricKey.java, SHA-1 HMAC was defined as PBA_SHA1_HMAC, a version

of HMAC for extending a password (using a salt) and turning it into a

key. Usually when one requests HMAC, one expects vanilla HMAC; use this

instead. We expose the old SHA1_HMAC (with PBA) as PBA_SHA1_HMAC now.

Note that later SHA-2 and SHA-3 algorithms lack PBA-based HMACs (in PKCS

v2.40 and v3.0 standards).

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/68bd9a7064292dc08d4ae62fdbf00617644b31d5">68bd9a70</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-07-25T14:23:14Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Expose SHA-2 HMAC in SymmetricKey

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/f7405a1e75493b9d62dba68292c2ac4ff0ff2739">f7405a1e</a></strong>

<div>

<span>by Robert Förster</span>

<i>at 2019-08-07T17:41:02Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix typo in JUnit CMake variable

Signed-off-by: Robert Förster <Dessa@gmake.de>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/029d0a644ee64484ce28220244f9de64d80e6360">029d0a64</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-08-08T15:42:01Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add a few standard Java interfaces when possible

This extends our interfaces to be compatible with the default JDK

interfaces whenever possible. In particular:

 - jss.crypto.SymmetricKey now extends javax.crypto.SecretKey

 - jss.pkcs11.PK11Key now implements java.security.Key

A few clarifying comments have been added where necessary.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/a7786f2481411988a025f7ca6b4f2b81abd8a71a">a7786f24</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2019-08-08T15:45:36Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release v4.6.1

This version of JSS has a few enhancements over v4.6.0:

 - Fixed LD_FLAG handling,

 - Extensions to the unfinished org.mozilla.jss.nss interface,

 - Better handling of uncleared passwords (by @edewata),

 - Better test handling in FIPS mode,

 - Changes to SymmetricKey and HMAC handling,

 - Fix typo in JUnit CMake variable (by @Dessa).

Thanks to everyone who contributed to this release!

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/364666ea5ade34af8cf4b757b5b01bb93465ef49">364666ea</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2019-09-09T20:39:56Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rules: Print test output on failure.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/8200d2405429213be5d76fd30b130b8d9d8d7679">8200d240</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2019-09-09T20:43:28Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/b43b9ad49550429da05e77c1d3d783a52f86f2c7">b43b9ad4</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2019-09-09T20:43:49Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/jss/commit/34145baabfddb1efbc0a78dce219c01bbb852b6b">34145baa</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2019-09-09T20:47:59Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package jss version 4.6.1-1

</pre>

</li>

</ul>

<h4>30 changed files:</h4>

<ul>

<li class="file-stats">

<a href="#9a2aa4db38d3115ed60da621e012c0efc0172aae">

CMakeLists.txt

</a>

</li>

<li class="file-stats">

<a href="#9f3af9fef0e3976107ab469d0eb1c9684c9aa796">

cmake/JSSConfig.cmake

</a>

</li>

<li class="file-stats">

<a href="#a8a567af8ceb46f449dc0e7aaaf4ce0465d01d9e">

cmake/JSSTests.cmake

</a>

</li>

<li class="file-stats">

<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">

debian/changelog

</a>

</li>

<li class="file-stats">

<a href="#8756c63497c8dc39f7773438edf53b220c773f67">

debian/rules

</a>

</li>

<li class="file-stats">

<a href="#063bf4b6263fbc45f86d361246396c742b514a97">

jss.spec

</a>

</li>

<li class="file-stats">

<a href="#b12d4bb39e2227abf2936f0537fc380e566dcdc9">

lib/jss.map

</a>

</li>

<li class="file-stats">

<a href="#203cdf732fbb9205397f279bd7e42f3af0fb737d">

org/mozilla/jss/JSSProvider.java

</a>

</li>

<li class="file-stats">

<a href="#8833ba33d533b57513711e07f2773adb0f9f409f">

org/mozilla/jss/crypto/Algorithm.c

</a>

</li>

<li class="file-stats">

<a href="#84d9750968259e68434fbcc99aa64720b205d6c1">

org/mozilla/jss/crypto/Algorithm.h

</a>

</li>

<li class="file-stats">

<a href="#1e55069c6ae4c00f75c6de6a53a6e2ddca7cde12">

org/mozilla/jss/crypto/Algorithm.java

</a>

</li>

<li class="file-stats">

<a href="#9a4f0eb74161b1a35cad72a7e244447004aec38d">

org/mozilla/jss/crypto/Cipher.java

</a>

</li>

<li class="file-stats">

<a href="#9599ddf1a277db3c8b8604b518ffbfcb22a3261f">

org/mozilla/jss/crypto/KeyGenAlgorithm.java

</a>

</li>

<li class="file-stats">

<a href="#9573b30e2d4aa15ec2db8d08a28eae899f713bfd">

<span class="new-file">

+

org/mozilla/jss/crypto/PKCS11Algorithm.java

</span>

</a>

</li>

<li class="file-stats">

<a href="#a2288b26e6b24435f87687900a7bde8f9aeb7794">

org/mozilla/jss/crypto/SymmetricKey.java

</a>

</li>

<li class="file-stats">

<a href="#28cff736485d163f81b08c15eddb6d10328ac1b9">

org/mozilla/jss/nss/PR.c

</a>

</li>

<li class="file-stats">

<a href="#c856b7870c88d31c2429297c19cdfa88752dc1a1">

org/mozilla/jss/nss/PR.java

</a>

</li>

<li class="file-stats">

<a href="#65b2fc955e09e75c11ec141638056d35dabf6343">

org/mozilla/jss/nss/SSL.c

</a>

</li>

<li class="file-stats">

<a href="#6a4715b78f5dcf288bb93e12f80728c449dfbd7c">

org/mozilla/jss/nss/SSL.java

</a>

</li>

<li class="file-stats">

<a href="#52d4b774fd2876a5f57ec12870c134851adfab1c">

org/mozilla/jss/pkcs11/PK11Cert.c

</a>

</li>

<li class="file-stats">

<a href="#6bae8a6414c564c84840920032bb4a1f9ed6ccc8">

org/mozilla/jss/pkcs11/PK11Key.java

</a>

</li>

<li class="file-stats">

<a href="#fd3acb3454893cd0a3e34b8762523c40c7cea092">

org/mozilla/jss/pkcs11/PK11SymKey.java

</a>

</li>

<li class="file-stats">

<a href="#1af24b312a31af6c6860441bafb04ae7e5a8d10f">

org/mozilla/jss/pkcs11/pk11util.h

</a>

</li>

<li class="file-stats">

<a href="#0659d0028ec2668e522c4cef4478324187f20c48">

org/mozilla/jss/pkcs12/MacData.java

</a>

</li>

<li class="file-stats">

<a href="#1f42f357776157a00c042f501b1d8776cf0ed8b7">

org/mozilla/jss/ssl/SSLServerSocket.c

</a>

</li>

<li class="file-stats">

<a href="#aecaaf7caec68fa5e9897c8158c2807ae723cc4e">

org/mozilla/jss/tests/HMACTest.java

→

org/mozilla/jss/tests/CrossHMACTest.java

</a>

</li>

<li class="file-stats">

<a href="#bc07812b6f7405bc6ee5f4eff4476d726f9e8a09">

org/mozilla/jss/tests/TestBufferPRFD.c

</a>

</li>

<li class="file-stats">

<a href="#77a8a285c18c3dff2c3d1d8fb55f2101760f29ac">

org/mozilla/jss/tests/TestBufferPRFD.java

</a>

</li>

<li class="file-stats">

<a href="#2fc9ccc517f8a34d9f59fdd0db47aa8b404efdf9">

org/mozilla/jss/tests/TestPRFD.java

</a>

</li>

<li class="file-stats">

<a href="#571fce6567d3fc1a5a3a030f256f9e6cc4c528f8">

<span class="deleted-file">

−

org/mozilla/jss/tests/all.pl

</span>

</a>

</li>

</ul>

<h5>The diff was not included because it is too large.</h5>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/freeipa-team/jss/compare/02ef7a82a02fb667653e75ee78e83d45f2943937...34145baabfddb1efbc0a78dce219c01bbb852b6b">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>