apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

maven: upgrade bouncycastle due to cve (#5949)

Browse Source 
Fixes: #5948
This commit is contained in:
PJ Fanning 2022-02-08 19:52:28 +01:00 committed by GitHub
parent e609aa8e9c
commit c7885f55eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 42 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
client/pom.xml
View File

@ -564,6 +564,11 @@
<artifactId>bcpkix-jdk15on</artifactId> <artifactId>bcpkix-jdk15on</artifactId>
<version>${cs.bcprov.version}</version> <version>${cs.bcprov.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<version>${cs.bcprov.version}</version>
</dependency>
</dependencies> </dependencies>
<configuration> <configuration>
<supportedPackagings> <supportedPackagings>
@ -751,6 +756,12 @@
<overWrite>false</overWrite> <overWrite>false</overWrite>
<outputDirectory>${project.build.directory}/lib</outputDirectory> <outputDirectory>${project.build.directory}/lib</outputDirectory>
</artifactItem> </artifactItem>
<artifactItem>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<overWrite>false</overWrite>
<outputDirectory>${project.build.directory}/lib</outputDirectory>
</artifactItem>
</artifactItems> </artifactItems>
</configuration> </configuration>
</execution> </execution>
@ -786,6 +797,7 @@
<exclude>org.apache.geronimo.specs:geronimo-javamail_1.4_spec</exclude> <exclude>org.apache.geronimo.specs:geronimo-javamail_1.4_spec</exclude>
<exclude>org.bouncycastle:bcprov-jdk15on</exclude> <exclude>org.bouncycastle:bcprov-jdk15on</exclude>
<exclude>org.bouncycastle:bcpkix-jdk15on</exclude> <exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
<exclude>org.bouncycastle:bctls-jdk15on</exclude>
<exclude>mysql:mysql-connector-java</exclude> <exclude>mysql:mysql-connector-java</exclude>
</excludes> </excludes>
</artifactSet> </artifactSet>

5
plugins/integrations/kubernetes-service/pom.xml
View File

@ -126,6 +126,11 @@
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
<version>${cs.bcprov.version}</version> <version>${cs.bcprov.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<version>${cs.bcprov.version}</version>
</dependency>
<dependency> <dependency>
<groupId>joda-time</groupId> <groupId>joda-time</groupId>
<artifactId>joda-time</artifactId> <artifactId>joda-time</artifactId>

7
pom.xml
View File

@ -123,7 +123,7 @@
<cs.axiom.version>1.2.8</cs.axiom.version> <cs.axiom.version>1.2.8</cs.axiom.version>
<cs.axis.version>1.4</cs.axis.version> <cs.axis.version>1.4</cs.axis.version>
<cs.batik.version>1.14</cs.batik.version> <cs.batik.version>1.14</cs.batik.version>
<cs.bcprov.version>1.64</cs.bcprov.version> <cs.bcprov.version>1.70</cs.bcprov.version>
<cs.cglib.version>3.3.0</cs.cglib.version> <cs.cglib.version>3.3.0</cs.cglib.version>
<cs.checkstyle-lib.version>8.18</cs.checkstyle-lib.version> <cs.checkstyle-lib.version>8.18</cs.checkstyle-lib.version>
<cs.cxf.version>3.2.14</cs.cxf.version> <cs.cxf.version>3.2.14</cs.cxf.version>
@ -554,6 +554,11 @@
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
<version>${cs.bcprov.version}</version> <version>${cs.bcprov.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<version>${cs.bcprov.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.codehaus.groovy</groupId> <groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId> <artifactId>groovy-all</artifactId>

4
services/console-proxy/rdpconsole/pom.xml
View File

@ -48,6 +48,10 @@
<groupId>org.bouncycastle</groupId> <groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.sun.xml.security</groupId> <groupId>com.sun.xml.security</groupId>
<artifactId>xml-security-impl</artifactId> <artifactId>xml-security-impl</artifactId>

21
services/console-proxy/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
View File

@ -17,12 +17,13 @@
package streamer.bco; package streamer.bco;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.ServerOnlyTlsAuthentication;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsClientProtocol;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import streamer.Direction; import streamer.Direction;
import streamer.Event; import streamer.Event;
import streamer.SocketWrapperImpl; import streamer.SocketWrapperImpl;
@ -60,18 +61,18 @@ public class BcoSocketWrapperImpl extends SocketWrapperImpl {
try { try {
SecureRandom secureRandom = new SecureRandom(); bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), secureRandom);
bcoSslSocket.connect(new DefaultTlsClient() { bcoSslSocket.connect(new DefaultTlsClient(new BcTlsCrypto(new SecureRandom())) {
@Override @Override
public TlsAuthentication getAuthentication() throws IOException { public TlsAuthentication getAuthentication() throws IOException {
return new ServerOnlyTlsAuthentication() { return new ServerOnlyTlsAuthentication() {
@Override @Override
public void notifyServerCertificate(final Certificate certificate) throws IOException { public void notifyServerCertificate(final TlsServerCertificate certificate) throws IOException {
try { try {
if (sslState != null) { if (sslState != null) {
sslState.serverCertificateSubjectPublicKeyInfo = certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getEncoded(); sslState.serverCertificateSubjectPublicKeyInfo =
certificate.getCertificate().getCertificateAt(0).getEncoded();
} }
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException("Cannot get server public key.", e); throw new RuntimeException("Cannot get server public key.", e);

4
utils/pom.xml
View File

@ -70,6 +70,10 @@
<groupId>org.bouncycastle</groupId> <groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId> <artifactId>bcpkix-jdk15on</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.jcraft</groupId> <groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId> <artifactId>jsch</artifactId>