Overview
Request 1155842 accepted
- update to 0.9.5
- important changes:
* fix denial of service (CPU consumption) via a large p2c
(aka PBES2 Count) value - CVE-2023-51775 (bsc#1220726)
* Add RFC 8037 support:
EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
X25519 & X448 ECDH for JWE (needs Java 11)
OKP (Octet Key Pair) type for JWK
* Add support for the ES256K JWS alg (ECDSA using secp256k1 curve
and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
* Add support for producing RFC9278 JWK Thumbprint URI values
* more changes in the Release Notes
https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes
- Remove: PBES2-check-iteration-count.patch
- fix package group
- Use %patch -P N instead of deprecated %patchN.
- Declare the LICENSE file as license and not doc
- Build with source and target levels 8
- Declare the LICENSE file as license and not doc
--------------------------------------------------------------------
Request History
mcalmer created request
- update to 0.9.5
- important changes:
* fix denial of service (CPU consumption) via a large p2c
(aka PBES2 Count) value - CVE-2023-51775 (bsc#1220726)
* Add RFC 8037 support:
EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
X25519 & X448 ECDH for JWE (needs Java 11)
OKP (Octet Key Pair) type for JWK
* Add support for the ES256K JWS alg (ECDSA using secp256k1 curve
and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
* Add support for producing RFC9278 JWK Thumbprint URI values
* more changes in the Release Notes
https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes
- Remove: PBES2-check-iteration-count.patch
- fix package group
- Use %patch -P N instead of deprecated %patchN.
- Declare the LICENSE file as license and not doc
- Build with source and target levels 8
- Declare the LICENSE file as license and not doc
--------------------------------------------------------------------
raulosuna accepted request
LGTM and this was already submitted to D:G:M:H:Other