Project

General

Profile

Actions
Copy link

Bug #17006

closed

Upgrade Bouncy Castle GPG to latest minor version

Added by François ARMAND about 4 years ago. Updated about 4 years ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Architecture - Dependencies
Target version:
6.0.5
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

We currently use bounce castle version 1.63 for bppkix and bpprov but not for GPG, which use the version provided by JGIT (1.61).
Unfortunatly, that version has a problem with the detection of gpg 2.1 unprotected private keys, which is corrected in 1.62. So we need to force its version and don't use transcient dependencies.

Moreover, it's better to only have one set of bouncy castle dependencies to avoid API breakage.

Actions
Copy link
 #1

Updated by François ARMAND about 4 years ago

Current dependency resolution:

% mvn dependency:resolve | grep bouncy | sort -u
[INFO]    org.bouncycastle:bcpg-jdk15on:jar:1.61:compile
[INFO]    org.bouncycastle:bcpkix-jdk15on:jar:1.63:compile
[INFO]    org.bouncycastle:bcprov-jdk15on:jar:1.63:compile
Actions
Copy link
 #2

Updated by François ARMAND about 4 years ago

  • Status changed from New to In progress
Actions
Copy link
 #3

Updated by François ARMAND about 4 years ago

  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2850
Actions
Copy link
 #4

Updated by François ARMAND about 4 years ago

With the patch:

% mvn dependency:resolve | grep bouncy | sort -u
[INFO]    org.bouncycastle:bcpg-jdk15on:jar:1.63:compile
[INFO]    org.bouncycastle:bcpkix-jdk15on:jar:1.63:compile
[INFO]    org.bouncycastle:bcprov-jdk15on:jar:1.63:compile
Actions
Copy link
 #5

Updated by François ARMAND about 4 years ago

  • Status changed from In progress to Pending release
Actions
Copy link
 #6

Updated by François ARMAND about 4 years ago

  • Fix check changed from To do to Checked
Actions
Copy link
 #7

Updated by Alexis Mousset about 4 years ago

  • Subject changed from Upgrade Bouncy Castle GPG to last minor version to Upgrade Bouncy Castle GPG to latest minor version
  • Name check changed from To do to Reviewed
Actions
Copy link
 #8

Updated by Vincent MEMBRÉ about 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.0.5 which was released today.

Actions
Copy link

Also available in: Atom PDF