jose4j/jose4j.changes

-------------------------------------------------------------------
Tue Sep 24 05:12:22 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Use SOURCE_DATE_EPOCH for reproducible builds

-------------------------------------------------------------------
Fri Mar  1 09:12:00 UTC 2024 - Michael Calmer <mc@suse.com>

- update to 0.9.5
- important changes:
  * fix denial of service (CPU consumption) via a large p2c
    (aka PBES2 Count) value - CVE-2023-51775 (bsc#1220726)
  * Add RFC 8037 support:
    EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
    X25519 & X448 ECDH for JWE (needs Java 11)
    OKP (Octet Key Pair) type for JWK
  * Add support for the ES256K JWS alg (ECDSA using secp256k1 curve
    and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
  * Add support for producing RFC9278 JWK Thumbprint URI values
  * more changes in the Release Notes
    https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes
- Remove: PBES2-check-iteration-count.patch
- fix package group

-------------------------------------------------------------------
Wed Feb 21 13:52:38 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Use %patch -P N instead of deprecated %patchN.

-------------------------------------------------------------------
Mon Jan 29 16:13:47 UTC 2024 - Michael Calmer <mc@suse.com>

- Check iteration of Pbes2HmacShaWithAesKey algorithm
  CVE-2023-31582 (bsc#1216609)
  Added: PBES2-check-iteration-count.patch

-------------------------------------------------------------------
Mon Jan 29 16:13:46 UTC 2024 - Michael Calmer <mc@suse.com>

- update to 0.5.1
- changes since 0.5.0
  * Addressed #65 so that the "class " prefix is not on the logger
    names of AlgorithmFactory
  * Addressed #63 with support for additional/arbitrary parameters
    in JWK
  * Addressed #64 by adding key_ops to JWK
  * Addressed #58 by having JwtClaims getAudience() and
    getStringListClaimValue(name) return an empty list rather than
    null when the claim isn’t present
- changes since 0.4.4
  * Addressed #37 with some fairly rudimentary but useful support
    for PEM encoded public keys
  * Addressed #54 by enabling HttpsJwks.getJsonWebKeys() to continue
    to use the existing cache when an exception is thrown from
    refresh().
    Default behavior is unchanged and
    setRetainCacheOnErrorDuration(...) must be called with a value
    larger than zero to get the new behavior.
  * #36 Added support for RFC 7638 JWK thumbprints
  * Addressed #35 by allowing the caller of various JOSE and JWT
    functionality to specify a particular JCA provider by name for
    cryptographic operations
  * Addressed #44 by providing a generic callback to JwtConsumer
    to customize each JWS/JWE
  * Addressed #43 now supports the 'crit' header
  * Fix ClassCastException with AndroidKeyStoreRSAPrivateKey on
    Android 6.0 Marshmallow
  * Fix #46 by using the original encoded payload in signature
    verification rather than a re-encoding of the payload
  * Addressed #48 by providing a method for getting a JWS with
    detached content
  * Fix #38 by not logging secrets and other info from
    ConcatKeyDerivationFunction
  * Fix #41 allowing users to specify arbitrary NumericDate
    values
  * Fix #39 - no more NPE by conditionally avoiding key length
    checks when raw secret key isn’t available because of
    non-extractable key data due to PKCS11/HSM provider
- add %defattr
- Declare the LICENSE file as license and not doc

-------------------------------------------------------------------
Wed Oct 25 15:48:07 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Build with source and target levels 8

-------------------------------------------------------------------
Thu Nov 19 00:59:24 CET 2015 - ro@suse.de

- fix group entry in specfile 

-------------------------------------------------------------------
Fri Oct 23 08:34:45 UTC 2015 - dmacvicar@suse.de

- initial version for 0.4.4