[Pkg-freeipa-devel] [Git][freeipa-team/jss][upstream] 42 commits: Update version to v5.2.0
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Wed Nov 9 17:11:36 GMT 2022
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / jss
Commits:
0179ac6d by Chris Kelley at 2022-02-09T17:03:37+00:00
Update version to v5.2.0
- - - - -
4fa4e351 by Chris Kelley at 2022-02-09T17:09:53+00:00
Restore erroneously remove %
- - - - -
0eb6879c by Chris Kelley at 2022-02-09T17:40:37+00:00
Update jss_config_version to 5 2 0 1
- - - - -
5922560a by Matthew McClain at 2022-02-11T20:43:58+00:00
Fix memory leak on each TLS connection
Each TLS connection is leaking a bunch of data that isn't in the heap
and so after 25k requests Tomcat uses about 2.5GB resident memory.
There are large number of relationships that point at each other and we
need to break the cycle so JSSEngineReferenceImpl's finalizer can run
and clear all the native resources these point at.
The lowest impact place to break the cycle was at SSLAlertEvent.engine.
This relationship doesn't seem to be used anywhere. Once the cycle is
broken, JSSEngineReferenceImpl can be garbage collected and the
finalizer can run.
Signed-off-by: Chris Kelley <ckelley at redhat.com>
- - - - -
3aabe0e9 by Chris Kelley at 2022-02-14T10:51:01+00:00
Additional fix for TLS connection I missed from original patch
- - - - -
902a72df by Endi S. Dewata at 2022-02-17T09:32:14-06:00
Replace deprecated X509Certificate.getSubjectDN() and getIssuerDN()
The X509Certificate.getSubjectDN() and getIssuerDN() have been
replaced with getSubjectX500Principal() and getIssuerX500Principal(),
respectively, except where the values are converted into X500Name.
- - - - -
3e4c3401 by Endi S. Dewata at 2022-02-24T16:22:50-06:00
Add build.sh --java-home option
- - - - -
bf8f4a2d by Endi S. Dewata at 2022-02-24T18:38:04-06:00
Clean up build.sh and jss.spec
- - - - -
1ced9c8c by Endi S. Dewata at 2022-02-28T10:10:44-06:00
Add X509CertImpl.getSubjectName() and getIssuerName()
The original X509CertImpl.getSubjectDN() and getIssuerDN() would
get the subject name and issuer name (which are X500Name objects)
then downcast them into Principal objects.
Since these methods are deprecated, new getSubjectName() and
getIssuerName() methods have been added as replacements. These
methods will return the subject name and issuer name directly
as X500Name objects. They can be used to fix some deprecation
warnings in PKI.
- - - - -
7d1ba7f9 by Endi S. Dewata at 2022-02-28T13:23:58-06:00
Fix some Javadoc warnings
- - - - -
d0da0eb7 by Endi S. Dewata at 2022-03-03T12:46:10-06:00
Add build.sh options for RPM build
The build.sh has been modified to provide options such that
the RPM build can be done according to the RPM specification.
It will also set the environment variables for CMake as
defined in /usr/lib/rpm/macros.d/macros.cmake.
- - - - -
6d3d84b4 by Endi S. Dewata at 2022-03-04T09:36:23-06:00
Add doc for deprecated methods in X509CertImpl
- - - - -
73d0adc3 by Stefan de Konink at 2022-03-04T10:20:16-06:00
Fix typo in slf4j-api.jar
- - - - -
fde24758 by Endi S. Dewata at 2022-03-18T15:32:22-05:00
Update generate_rpm_spec() in build.sh
The generate_rpm_spec() in build.sh has been modified
to edit the spec file in place.
- - - - -
37f73bb8 by Chris Kelley at 2022-03-25T07:00:11+00:00
Fix bugs identified by Sonar in x509 classes
* Use try-with-resources in CRLDistributionPoint
* Put array designator on the type in main method
* Fix potential infinite loop by checking whether stream is empty.
- - - - -
4cbcc766 by Chris Kelley at 2022-03-25T16:00:53+00:00
Update SonarCloud analysis to Java 17
- - - - -
66f36a7a by Chris Kelley at 2022-03-25T16:18:51+00:00
Replace use of assert in PK11Signature
* assert can be disabled in JVM settings and it is confusing to see it
used for control flow.
* Also some other minor code cleanup like ordering modifiers, removing
Boolean literals and deduping constants
- - - - -
75f19fc4 by Chris Kelley at 2022-03-25T16:23:00+00:00
Remove dead code/conditionals that can only ever take one value
- - - - -
c5e16628 by Chris Kelley at 2022-03-28T11:01:24+01:00
Use try-with-resources in CertTemplate
- - - - -
71b93e79 by Endi S. Dewata at 2022-04-04T09:14:18-05:00
Update PKCS11Constants
The PKCS11Constants class has been updated to include the new
constants introduced in NSS 3.73.
Resolves: https://github.com/dogtagpki/jss/issues/832
- - - - -
10cc7200 by Endi S. Dewata at 2022-04-04T10:06:48-05:00
Clean up build.sh
- - - - -
229187f0 by Endi S. Dewata at 2022-04-07T16:49:08-05:00
Update tests to cache container images
- - - - -
34c75a11 by Endi S. Dewata at 2022-04-07T16:49:08-05:00
Add test for HTTPS connector with NSS database
- - - - -
87f833fa by Endi S. Dewata at 2022-04-11T14:02:15-05:00
Update version number to 5.2.0-beta1
- - - - -
c964d389 by Endi S. Dewata at 2022-04-13T12:54:33-05:00
Drop i686 support
- - - - -
ec939e93 by Endi S. Dewata at 2022-04-13T15:56:11-05:00
Add build.sh --name option
The build.sh and jss.spec have been modified to provide a
mechanism to change the RPM package name.
- - - - -
92363818 by Endi S. Dewata at 2022-04-27T13:24:58-05:00
Add RPM macros for timestamp and commit ID
- - - - -
8fd51dfd by Endi S. Dewata at 2022-04-27T15:29:28-05:00
Add RPM macro for development phase
- - - - -
9dfab927 by Endi S. Dewata at 2022-04-27T15:29:32-05:00
Add RPM macros for version and release numbers
- - - - -
4fb1bdb4 by Endi S. Dewata at 2022-04-27T15:51:52-05:00
Fix missing generics
- - - - -
36480e87 by Endi S. Dewata at 2022-04-27T17:51:40-05:00
Remove redundant type checks
- - - - -
fe5be447 by Endi S. Dewata at 2022-04-27T17:51:40-05:00
Remove redundant type casts
- - - - -
d2fea38b by Endi S. Dewata at 2022-04-27T19:41:04-05:00
Update version number to v5.2.0-beta2
- - - - -
debae563 by Endi S. Dewata at 2022-04-28T09:57:54-05:00
Add dogtag-jss subpackage
- - - - -
1c4ad1a8 by Endi S. Dewata at 2022-05-05T15:48:17-05:00
Add PyDev project
- - - - -
90a8e7f1 by Endi S. Dewata at 2022-05-10T10:36:59-05:00
Fix COPR build failure
The .copr/Makefile has been updated to fix COPR build failure
caused by changes in Git 2.35.2:
fatal: unsafe repository (<current dir> is owned by someone else)
https://stackoverflow.com/questions/71901632/fatal-unsafe-repository-home-repon-is-owned-by-someone-else
- - - - -
23630dd4 by Jack Magne at 2022-05-19T16:28:21-07:00
Fix Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider
The solution the the bug is to provide a way to initialize JSS such that the underlying nss system is initialized as a context
instead of a full NSS initialization. This allows jss / nss to create it's own nss init scenario. This could be of use where
the main process has already inited nss with a set of params and properties. Allowing say a library loaded into the man process the ability
to do a context based nss init, allows the library to set it's own nss params and not inherit those from the main process.
For instance if a main process has initialized nss to have a read only database, the context init will allow the library to load an nss
context with a read write database.
This is accomplished in a very simple manner with respect to jss. Right now jss allows one singleton instance to be created for a program.
This fix allows the caller to choose to have the singleton to be inited either as a context or a full init. Theoretically the nss context
concept would allow for multiple contexts to be created,but for simplicity, JSS will only allow one such context or full nss init.
The original behavior of doing a full NSS init beneath JSS persists as the default. In order to do a context init the following sample code will suffice:
CryptoManager.initializeWithContext(databaseDir);
manager = CryptoManager.getInstance();
...
...
manager.shutdown().
Notice that an explicit call to shutdown is recommended because the NSS context inited must be destroyed at the native code level, in oder to not interfere with the main program's nss instance.
If one wants to explicitly specify the Initialization values, the following call can be used as well:
InitializationValues vals =
new InitializationValues(args[0],
"", "", "secmod.db");
CryptoManager.initializeWithContext(vals);
CryptoManager manager = CryptoManager.getIntance();
...
...
manager.shutdwown();
Note: That as of this patch , there is no way to call for a context init when using the JCA provider interface. That can be a future improvement.
- - - - -
9cc70ed1 by Endi S. Dewata at 2022-06-07T23:10:33+01:00
Update OpenLDAP clients to use -H option
The latest OpenLDAP clients no longer have the -h option so the
the tests have been updated to use the -H option instead.
- - - - -
c138bcb3 by Marco Fargetta at 2022-06-29T17:57:15-05:00
Fix SSLEngine test failures)
Fix #861
- - - - -
051428e3 by Endi S. Dewata at 2022-06-29T17:58:35-05:00
Fix incorrect RPM macro
- - - - -
e1e3be7d by Endi S. Dewata at 2022-06-29T18:03:19-05:00
Update project URL
- - - - -
2077be07 by Endi S. Dewata at 2022-06-29T18:03:19-05:00
Update version number to 5.2.0
- - - - -
30 changed files:
- .copr/Makefile
- .github/workflows/code-analysis.yml
- .github/workflows/pkcs11-tests.yml
- .github/workflows/pki-tests.yml
- + .github/workflows/tomcat-tests.yml
- + .pydevproject
- README.md
- build.sh
- cmake/JSSConfig.cmake
- cmake/JSSTests.cmake
- + docs/changes/v5.2.0/API-Changes.adoc
- jss.spec
- lib/jss.map
- src/main/java/org/mozilla/jss/CryptoManager.c
- src/main/java/org/mozilla/jss/CryptoManager.java
- src/main/java/org/mozilla/jss/InitializationValues.java
- src/main/java/org/mozilla/jss/netscape/security/pkcs/PKCS12Util.java
- src/main/java/org/mozilla/jss/netscape/security/util/Cert.java
- src/main/java/org/mozilla/jss/netscape/security/util/CertPrettyPrint.java
- src/main/java/org/mozilla/jss/netscape/security/util/DerEncoder.java
- src/main/java/org/mozilla/jss/netscape/security/x509/AlgIdDSA.java
- src/main/java/org/mozilla/jss/netscape/security/x509/AlgorithmId.java
- src/main/java/org/mozilla/jss/netscape/security/x509/CRLDistributionPoint.java
- src/main/java/org/mozilla/jss/netscape/security/x509/CertAttrSet.java
- src/main/java/org/mozilla/jss/netscape/security/x509/X509CRLImpl.java
- src/main/java/org/mozilla/jss/netscape/security/x509/X509CertImpl.java
- src/main/java/org/mozilla/jss/nss/PR.java
- src/main/java/org/mozilla/jss/nss/SSLFDProxy.java
- src/main/java/org/mozilla/jss/pkcs11/PK11Signature.java
- src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/6472faa92930120fff9d350d04343a5a8fbc9d91...2077be079e37bc5c5e86cf15df1ed7daa2efe8c0
--
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/6472faa92930120fff9d350d04343a5a8fbc9d91...2077be079e37bc5c5e86cf15df1ed7daa2efe8c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20221109/e5156382/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list