Alexander Scheel
parent
01ab6695c1
commit
53c7b90df4
1
.gitignore
vendored
1
.gitignore
vendored
@ -23,3 +23,4 @@ jss-4.2.6.tar.gz
|
||||
/jss-4.5.3.tar.gz
|
||||
/jss-4.6.1.tar.gz
|
||||
/jss-4.6.2.tar.gz
|
||||
/jss-4.6.3.tar.gz
|
||||
|
||||
@ -1,53 +0,0 @@
|
||||
From 91514ca0a2979ba778d27220ced0cd312e2cd2d2 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Tue, 29 Oct 2019 10:43:56 -0400
|
||||
Subject: [PATCH] Fix NativeProxy reference tracker
|
||||
|
||||
In eb5df01003d74b57473eacb84e538d31f5bb06ca, I introduced a bug by
|
||||
setting mPointer after trying to add NativeProxy to the registry. In
|
||||
most instances this won't matter, however, if another instance exists in
|
||||
the HashSet with the same hash value, the equals comparator will be
|
||||
used, triggering a NPE.
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
org/mozilla/jss/util/NativeProxy.java | 13 +++++--------
|
||||
1 file changed, 5 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/org/mozilla/jss/util/NativeProxy.java b/org/mozilla/jss/util/NativeProxy.java
|
||||
index 1c6d1aa5..a0811f76 100644
|
||||
--- a/org/mozilla/jss/util/NativeProxy.java
|
||||
+++ b/org/mozilla/jss/util/NativeProxy.java
|
||||
@@ -40,8 +40,8 @@ public abstract class NativeProxy implements AutoCloseable
|
||||
*/
|
||||
public NativeProxy(byte[] pointer) {
|
||||
assert(pointer!=null);
|
||||
- registry.add(this);
|
||||
mPointer = pointer;
|
||||
+ registry.add(this);
|
||||
|
||||
if (saveStacktraces) {
|
||||
mTrace = Arrays.toString(Thread.currentThread().getStackTrace());
|
||||
@@ -61,15 +61,12 @@ public abstract class NativeProxy implements AutoCloseable
|
||||
if( ! (obj instanceof NativeProxy) ) {
|
||||
return false;
|
||||
}
|
||||
- if( ((NativeProxy)obj).mPointer.length != mPointer.length) {
|
||||
+ if (((NativeProxy)obj).mPointer == null) {
|
||||
+ /* If mPointer is null, we have no way to compare the values
|
||||
+ * of the pointers, so assume they're unequal. */
|
||||
return false;
|
||||
}
|
||||
- for(int i=0; i < mPointer.length; i++) {
|
||||
- if(mPointer[i] != ((NativeProxy)obj).mPointer[i]) {
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
- return true;
|
||||
+ return Arrays.equals(((NativeProxy)obj).mPointer, mPointer);
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.21.0
|
||||
|
||||
39
0001-Fix-base64-encoding-of-CSRs.patch
Normal file
39
0001-Fix-base64-encoding-of-CSRs.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 18efce236af6a1affebb274838318ba715114218 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Tue, 25 Feb 2020 09:14:47 -0500
|
||||
Subject: [PATCH 3/8] Fix base64-encoding of CSRs
|
||||
|
||||
In 8de4440c5652f6f1af5b4b923a15730ba84f29e1, the base64 encoder was
|
||||
changed from apache-commons-codec to the Java standard library to drop
|
||||
a dependency. However, the behavior changed as a result: the Java
|
||||
standard library doesn't include a final line separator, whereas
|
||||
apache-commons-codec did. This results in malformed CSRs:
|
||||
|
||||
> YWRPxyBKvFAOB29fwPwBJLZksrwQ0xAs7sooc+qF-----END NEW CERTIFICATE REQUEST-----
|
||||
|
||||
Resolves: https://pagure.io/freeipa/issue/8199
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
org/mozilla/jss/netscape/security/util/Utils.java | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/org/mozilla/jss/netscape/security/util/Utils.java b/org/mozilla/jss/netscape/security/util/Utils.java
|
||||
index 19f3b1f9..e6e56ce4 100644
|
||||
--- a/org/mozilla/jss/netscape/security/util/Utils.java
|
||||
+++ b/org/mozilla/jss/netscape/security/util/Utils.java
|
||||
@@ -378,7 +378,10 @@ public class Utils {
|
||||
* @return base-64 encoded data
|
||||
*/
|
||||
public static String base64encodeMultiLine(byte[] bytes) {
|
||||
- return Base64.getMimeEncoder().encodeToString(bytes);
|
||||
+ // When switching from apache-commons-codec to the standard library,
|
||||
+ // the standard library does not include a final line separator at
|
||||
+ // the end of the encoded data. This results in malformed CSRs.
|
||||
+ return Base64.getMimeEncoder().encodeToString(bytes) + "\r\n";
|
||||
}
|
||||
|
||||
|
||||
--
|
||||
2.24.1
|
||||
|
||||
10
jss.spec
10
jss.spec
@ -6,8 +6,8 @@ Summary: Java Security Services (JSS)
|
||||
URL: http://www.dogtagpki.org/wiki/JSS
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
|
||||
Version: 4.6.2
|
||||
Release: 4%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
Version: 4.6.3
|
||||
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
# global _phase -a1
|
||||
|
||||
# To generate the source tarball:
|
||||
@ -25,7 +25,7 @@ Source: https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
|
||||
# <version tag> \
|
||||
# > jss-VERSION-RELEASE.patch
|
||||
# Patch: jss-VERSION-RELEASE.patch
|
||||
Patch0: 0001-Fix-NativeProxy-reference-tracker.patch
|
||||
Patch0: 0001-Fix-base64-encoding-of-CSRs.patch
|
||||
Patch1: 0002-Fix-swapped-parameter-names-with-PBE.patch
|
||||
Patch2: 0003-Use-specified-algorithm-for-KeyWrap.patch
|
||||
|
||||
@ -162,6 +162,10 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
|
||||
|
||||
################################################################################
|
||||
%changelog
|
||||
* Thu Mar 5 2020 Dogtag PKI Team <pki-devel@redhat.com> - 4.6.3-1
|
||||
- Rebase to JSS 4.6.3
|
||||
- Fixes base64 encoding of CSRs
|
||||
|
||||
* Wed Mar 04 2020 Dogtag PKI Team <pki-devel@redhat.com> - 4.6.2-4
|
||||
- Fix for PBE errors
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (jss-4.6.2.tar.gz) = 53c12822b980f6dcaf5616366834fe4eaee07d84feae53096aa0ea142146e90d375910456d8192068cde5e63c3b60ded87862af50ea89c6b64224e8c105e00dd
|
||||
SHA512 (jss-4.6.3.tar.gz) = 6c45b67c40737ee7bbc9ad1db8a5ed233b050697f9c048e1a49cc541de889416afd36b2c9bcdc44a52d10b0c75f036e22155a5ee95869fdf31772683637a27b1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user