Overview Repositories Revisions Requests Users Attributes Meta

Revisions of jose4j

Raúl Osuna's avatar Raúl Osuna (raulosuna) accepted request 1155842 from Michael Calmer's avatar Michael Calmer (mcalmer) (revision 4) 
- update to 0.9.5
- important changes:
  * fix denial of service (CPU consumption) via a large p2c
    (aka PBES2 Count) value - CVE-2023-51775 (bsc#1220726)
  * Add RFC 8037 support:
    EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
    X25519 & X448 ECDH for JWE (needs Java 11)
    OKP (Octet Key Pair) type for JWK
  * Add support for the ES256K JWS alg (ECDSA using secp256k1 curve
    and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
  * Add support for producing RFC9278 JWK Thumbprint URI values
  * more changes in the Release Notes
    https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes
- Remove: PBES2-check-iteration-count.patch
- fix package group

- Use %patch -P N instead of deprecated %patchN.

- Declare the LICENSE file as license and not doc

- Build with source and target levels 8
- Declare the LICENSE file as license and not doc
--------------------------------------------------------------------
Raúl Osuna's avatar Raúl Osuna (raulosuna) accepted request 1142591 from Michael Calmer's avatar Michael Calmer (mcalmer) (revision 3) 
- Check iteration of Pbes2HmacShaWithAesKey algorithm
  CVE-2023-31582 (bsc#1216609)
  Added: PBES2-check-iteration-count.patch
Julio González Gil's avatar Julio González Gil (juliogonzalezgil) accepted request 981016 from Julio González Gil's avatar Julio González Gil (juliogonzalezgil) (revision 2) 
- Declare the LICENSE file as license and not doc
Julio González Gil's avatar Julio González Gil (juliogonzalezgil) committed (revision 1) 
- update to 0.5.1
- changes since 0.5.0
  * Addressed #65 so that the "class " prefix is not on the logger
    names of AlgorithmFactory
  * Addressed #63 with support for additional/arbitrary parameters
    in JWK
  * Addressed #64 by adding key_ops to JWK
  * Addressed #58 by having JwtClaims getAudience() and
    getStringListClaimValue(name) return an empty list rather than
    null when the claim isn’t present
- changes since 0.4.4
  * Addressed #37 with some fairly rudimentary but useful support
    for PEM encoded public keys
  * Addressed #54 by enabling HttpsJwks.getJsonWebKeys() to continue
    to use the existing cache when an exception is thrown from
    refresh().
    Default behavior is unchanged and
    setRetainCacheOnErrorDuration(...) must be called with a value
    larger than zero to get the new behavior.
  * #36 Added support for RFC 7638 JWK thumbprints
  * Addressed #35 by allowing the caller of various JOSE and JWT
    functionality to specify a particular JCA provider by name for
    cryptographic operations
  * Addressed #44 by providing a generic callback to JwtConsumer
    to customize each JWS/JWE
  * Addressed #43 now supports the 'crit' header
  * Fix ClassCastException with AndroidKeyStoreRSAPrivateKey on
    Android 6.0 Marshmallow
  * Fix #46 by using the original encoded payload in signature
    verification rather than a re-encoding of the payload
Displaying all 4 revisions
openSUSE Build Service is sponsored by
Places