[Pkg-freeipa-devel] [Git][freeipa-team/jss][upstream] 4 commits: Fix default values in test-init.sh
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Tue Mar 10 08:15:11 GMT 2026
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / jss
Commits:
66ca4af4 by Endi S. Dewata at 2026-02-10T17:24:32-06:00
Fix default values in test-init.sh
The test-init.sh has been updated to set the default values
of environment variables properly for all branches.
- - - - -
e691d5c9 by Endi S. Dewata at 2026-02-10T19:30:27-06:00
Fix default values for v5.9 branch
- - - - -
257fd79a by Marco Fargetta at 2026-02-19T17:31:34+01:00
Fix application data send with multiple packets
The additional check for buffer size to avoid looping in case of big
handshake packets was blocking also the application data to be sent.
To avoid limiting the application data an additional check on the
handshake status is included. If the handshake is complete then the
buffer size can contain the handshake packets and there is no need to
perform additional checks.
- - - - -
814f94a5 by Endi S. Dewata at 2026-02-24T22:43:00+00:00
Update version number to 5.9.0
- - - - -
3 changed files:
- base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
- jss.spec
- tests/bin/test-init.sh
Changes:
=====================================
base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
=====================================
@@ -1220,7 +1220,7 @@ public class JSSEngineReferenceImpl extends JSSEngine {
// Check if the incoming packet is larger than our buffer capacity.
// This prevents silent performance degradation from looping when
// processing large TLS packets (e.g., ML-DSA certificates).
- if (src_capacity > bufferSize) {
+ if (src_capacity > bufferSize && !handshake_already_complete) {
String msg = "Incoming TLS packet size (" + src_capacity + " bytes) exceeds ";
msg += "buffer capacity (" + bufferSize + " bytes). ";
msg += "This may indicate Post-Quantum Cryptography (ML-DSA) is generating ";
@@ -1548,7 +1548,7 @@ public class JSSEngineReferenceImpl extends JSSEngine {
// This prevents silent performance degradation from looping when
// sending large TLS packets (e.g., ML-DSA certificate messages).
long write_buf_data = Buffer.ReadCapacity(write_buf);
- if (write_buf_data >= bufferSize) {
+ if (write_buf_data >= bufferSize && !ssl_fd.handshakeComplete) {
String msg = "Outbound TLS data in buffer (" + write_buf_data + " bytes) ";
msg += "has reached buffer capacity (" + bufferSize + " bytes). ";
msg += "This may indicate Post-Quantum Cryptography (ML-DSA) is generating ";
=====================================
jss.spec
=====================================
@@ -19,7 +19,7 @@ License: (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) AND Apache-2.
# - development (unsupported): alpha<n> where n >= 1
# - stabilization (supported): beta<n> where n >= 1
# - GA/update (supported): <none>
-%global phase beta3
+%undefine phase
# Full version number:
# - development/stabilization: <major>.<minor>.<update>-<phase>
=====================================
tests/bin/test-init.sh
=====================================
@@ -1,24 +1,36 @@
#!/bin/bash -e
+release_branch='^v[0-9]+\.[0-9]+$'
+release_branch_with_suffix='^v[0-9]+\.[0-9]+-.*$'
+
if [ "$BASE_IMAGE" = "" ]; then
- # For master branch use fedora:latest to provide a stable development
- # platform. For other branches use the target Fedora version.
- if [ "$BRANCH_NAME" = "master" ]; then
- BASE_IMAGE=registry.fedoraproject.org/fedora:latest
+ # By default use fedora:latest to provide a stable development platform.
+ # For release branches use the target Fedora version (e.g. rawhide).
+ if [[ "$BRANCH_NAME" =~ ^v5\.9$ ]] \
+ || [[ "$BRANCH_NAME" =~ ^v5\.9-.*$ ]]; then
+ BASE_IMAGE=registry.fedoraproject.org/fedora:44
echo "BASE_IMAGE=$BASE_IMAGE" | tee -a $GITHUB_ENV
- elif [ "$BRANCH_NAME" = "v5.9" ]; then
- BASE_IMAGE=registry.fedoraproject.org/fedora:44
+ elif [[ "$BRANCH_NAME" =~ $release_branch ]] \
+ || [[ "$BRANCH_NAME" =~ $release_branch_with_suffix ]]; then
+ BASE_IMAGE=registry.fedoraproject.org/fedora:rawhide
+ echo "BASE_IMAGE=$BASE_IMAGE" | tee -a $GITHUB_ENV
+
+ else
+ BASE_IMAGE=registry.fedoraproject.org/fedora:latest
echo "BASE_IMAGE=$BASE_IMAGE" | tee -a $GITHUB_ENV
fi
fi
if [ "$COPR_REPO" = "" ]; then
- # For master branch use @pki/master to introduce new dependencies.
- # For other branches don't use COPR repo since the dependencies
- # should have already been added into the official Fedora repository.
- if [ "$BRANCH_NAME" = "master" ]
- then
+ # By default use @pki/master for development (e.g. to try new dependencies).
+ # For release branches don't use COPR repo since the dependencies should
+ # have already been added into the official Fedora repository.
+ if [[ "$BRANCH_NAME" =~ $release_branch ]] \
+ || [[ "$BRANCH_NAME" =~ $release_branch_with_suffix ]]; then
+ : # skip
+
+ else
COPR_REPO=@pki/master
echo "COPR_REPO=$COPR_REPO" | tee -a $GITHUB_ENV
fi
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/5a0a68bc2f6f20864df2e536e81b1bce639b6503...814f94a5e3127f3a8211204be283e66c347e9fb6
--
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/5a0a68bc2f6f20864df2e536e81b1bce639b6503...814f94a5e3127f3a8211204be283e66c347e9fb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20260310/a80e604f/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list