[Pkg-freeipa-devel] [Git][freeipa-team/jss][master] 2 commits: Disable-use-of-MD4-MD5-and-SHA-1-algorithms.patch: Fix tests with nss-3.59. (Closes: #975212)
Timo Aaltonen
gitlab at salsa.debian.org
Thu Dec 3 13:18:44 GMT 2020
Timo Aaltonen pushed to branch master at FreeIPA packaging / jss
Commits:
2d4db97f by Timo Aaltonen at 2020-12-03T15:08:09+02:00
Disable-use-of-MD4-MD5-and-SHA-1-algorithms.patch: Fix tests with nss-3.59. (Closes: #975212)
- - - - -
96136df7 by Timo Aaltonen at 2020-12-03T15:08:44+02:00
releasing package jss version 4.8.0-2
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/Disable-use-of-MD4-MD5-and-SHA-1-algorithms.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,10 @@
+jss (4.8.0-2) unstable; urgency=medium
+
+ * Disable-use-of-MD4-MD5-and-SHA-1-algorithms.patch: Fix tests with
+ nss-3.59. (Closes: #975212)
+
+ -- Timo Aaltonen <tjaalton at debian.org> Thu, 03 Dec 2020 15:08:12 +0200
+
jss (4.8.0-1) unstable; urgency=medium
* New upstream release.
=====================================
debian/patches/Disable-use-of-MD4-MD5-and-SHA-1-algorithms.patch
=====================================
@@ -0,0 +1,95 @@
+From bd212d9b776e6da9ceddde0e2b0d683b730a4de9 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel at redhat.com>
+Date: Thu, 19 Nov 2020 11:08:28 -0500
+Subject: [PATCH] Disable use of MD4/MD5 and SHA-1 algorithms
+
+This only applies to the test suite currently. These algorithms are now
+disabled by NSS as of version 3.59.
+
+Signed-off-by: Alexander Scheel <ascheel at redhat.com>
+---
+ org/mozilla/jss/tests/DigestTest.java | 3 +--
+ org/mozilla/jss/tests/JCASigTest.java | 22 ----------------------
+ org/mozilla/jss/tests/SigTest.java | 4 ++--
+ 3 files changed, 3 insertions(+), 26 deletions(-)
+
+diff --git a/org/mozilla/jss/tests/DigestTest.java b/org/mozilla/jss/tests/DigestTest.java
+index 51f37749..77e6ee3c 100644
+--- a/org/mozilla/jss/tests/DigestTest.java
++++ b/org/mozilla/jss/tests/DigestTest.java
+@@ -21,8 +21,7 @@ public class DigestTest {
+ /**
+ * List all the Digest Algorithms that JSS implements.
+ */
+- static final String JSS_Digest_Algs[] = { "MD2", "MD5", "SHA-1",
+- "SHA-256", "SHA-384","SHA-512"};
++ static final String JSS_Digest_Algs[] = { "SHA-256", "SHA-384","SHA-512" };
+
+ public static boolean messageDigestCompare(String alg, byte[] toBeDigested)
+ throws Exception {
+diff --git a/org/mozilla/jss/tests/JCASigTest.java b/org/mozilla/jss/tests/JCASigTest.java
+index d0afadf0..245672b2 100644
+--- a/org/mozilla/jss/tests/JCASigTest.java
++++ b/org/mozilla/jss/tests/JCASigTest.java
+@@ -101,9 +101,6 @@ public class JCASigTest {
+ System.exit(1);
+ }
+
+- sigTest("MD5/RSA", keyPair);
+- sigTest("MD2/RSA", keyPair);
+- sigTest("SHA-1/RSA", keyPair);
+ sigTest("SHA-256/RSA", keyPair);
+ sigTest("SHA-384/RSA", keyPair);
+ sigTest("SHA-512/RSA", keyPair);
+@@ -112,24 +109,6 @@ public class JCASigTest {
+ sigTest("SHA512withRSA/PSS", keyPair);
+ sigTest("RSASSA-PSS",keyPair);
+
+- // Generate an DSA keypair
+- kpgen = KeyPairGenerator.getInstance("DSA");
+- kpgen.initialize(1024);
+- keyPair = kpgen.generateKeyPair();
+- provider = kpgen.getProvider();
+-
+- System.out.println("The provider used to Generate the Keys was "
+- + provider.getName() );
+- System.out.println("provider info " + provider.getInfo() );
+-
+- if (provider.getName().equalsIgnoreCase("Mozilla-JSS") == false) {
+- System.out.println("Mozilla-JSS is supposed to be the " +
+- "default provider for JCASigTest");
+- System.exit(1);
+- }
+-
+- sigTest("SHA-1/DSA", keyPair);
+-
+ kpgen = KeyPairGenerator.getInstance("EC");
+ kpgen.initialize(256);
+ keyPair = kpgen.generateKeyPair();
+@@ -145,7 +124,6 @@ public class JCASigTest {
+ System.exit(1);
+ }
+
+- sigTest("SHA-1/EC", keyPair);
+ sigTest("SHA-256/EC", keyPair);
+ sigTest("SHA-384/EC", keyPair);
+ sigTest("SHA-512/EC", keyPair);
+diff --git a/org/mozilla/jss/tests/SigTest.java b/org/mozilla/jss/tests/SigTest.java
+index 7772af8c..f6ed0bf0 100644
+--- a/org/mozilla/jss/tests/SigTest.java
++++ b/org/mozilla/jss/tests/SigTest.java
+@@ -81,9 +81,9 @@ public class SigTest {
+ kpgen.setKeyPairUsages(usages, usages_mask);
+ keyPair = kpgen.genKeyPair();
+
+- // RSA MD5
++ // RSA SHA256
+ signer = token.getSignatureContext(
+- SignatureAlgorithm.RSASignatureWithMD5Digest);
++ SignatureAlgorithm.RSASignatureWithSHA256Digest);
+ System.out.println("Created a signing context");
+ signer.initSign(
+ (org.mozilla.jss.crypto.PrivateKey) keyPair.getPrivate());
+--
+2.27.0
+
=====================================
debian/patches/series
=====================================
@@ -1 +1,2 @@
use-release-8.diff
+Disable-use-of-MD4-MD5-and-SHA-1-algorithms.patch
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/bc4641ad721efe0dd6fec2c12f43bc801fbd7087...96136df7fe79db7bf4a07a80af3037287fc559d9
--
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/bc4641ad721efe0dd6fec2c12f43bc801fbd7087...96136df7fe79db7bf4a07a80af3037287fc559d9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20201203/45b51899/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list