date:20181113

svn commit: r30873 - /release/felix/

2018-11-13 Thread cziegeler

Author: cziegeler
Date: Tue Nov 13 11:02:43 2018
New Revision: 30873

Log:
SCR 2.1.14

Added:
release/felix/org.apache.felix.scr-2.1.14-javadoc.jar   (with props)
release/felix/org.apache.felix.scr-2.1.14-javadoc.jar.asc   (with props)
release/felix/org.apache.felix.scr-2.1.14-javadoc.jar.sha1   (with props)
release/felix/org.apache.felix.scr-2.1.14-javadoc.jar.sha512   (with props)
release/felix/org.apache.felix.scr-2.1.14-source-release.tar.gz   (with 
props)
release/felix/org.apache.felix.scr-2.1.14-source-release.tar.gz.asc   (with 
props)
release/felix/org.apache.felix.scr-2.1.14-source-release.tar.gz.sha1   
(with props)
release/felix/org.apache.felix.scr-2.1.14-source-release.tar.gz.sha512   
(with props)
release/felix/org.apache.felix.scr-2.1.14-source-release.zip   (with props)
release/felix/org.apache.felix.scr-2.1.14-source-release.zip.asc   (with 
props)
release/felix/org.apache.felix.scr-2.1.14-source-release.zip.sha1   (with 
props)
release/felix/org.apache.felix.scr-2.1.14-source-release.zip.sha512   (with 
props)
release/felix/org.apache.felix.scr-2.1.14-sources.jar   (with props)
release/felix/org.apache.felix.scr-2.1.14-sources.jar.asc   (with props)
release/felix/org.apache.felix.scr-2.1.14-sources.jar.sha1   (with props)
release/felix/org.apache.felix.scr-2.1.14-sources.jar.sha512   (with props)
release/felix/org.apache.felix.scr-2.1.14.jar   (with props)
release/felix/org.apache.felix.scr-2.1.14.jar.asc   (with props)
release/felix/org.apache.felix.scr-2.1.14.jar.sha1   (with props)
release/felix/org.apache.felix.scr-2.1.14.jar.sha512   (with props)
release/felix/org.apache.felix.scr-2.1.14.pom   (with props)
release/felix/org.apache.felix.scr-2.1.14.pom.asc   (with props)
release/felix/org.apache.felix.scr-2.1.14.pom.sha1   (with props)
release/felix/org.apache.felix.scr-2.1.14.pom.sha512   (with props)
Removed:
release/felix/org.apache.felix.scr-2.1.12-javadoc.jar
release/felix/org.apache.felix.scr-2.1.12-javadoc.jar.asc
release/felix/org.apache.felix.scr-2.1.12-javadoc.jar.sha1
release/felix/org.apache.felix.scr-2.1.12-javadoc.jar.sha512
release/felix/org.apache.felix.scr-2.1.12-source-release.tar.gz
release/felix/org.apache.felix.scr-2.1.12-source-release.tar.gz.asc
release/felix/org.apache.felix.scr-2.1.12-source-release.tar.gz.sha1
release/felix/org.apache.felix.scr-2.1.12-source-release.tar.gz.sha512
release/felix/org.apache.felix.scr-2.1.12-source-release.zip
release/felix/org.apache.felix.scr-2.1.12-source-release.zip.asc
release/felix/org.apache.felix.scr-2.1.12-source-release.zip.sha1
release/felix/org.apache.felix.scr-2.1.12-source-release.zip.sha512
release/felix/org.apache.felix.scr-2.1.12-sources.jar
release/felix/org.apache.felix.scr-2.1.12-sources.jar.asc
release/felix/org.apache.felix.scr-2.1.12-sources.jar.sha1
release/felix/org.apache.felix.scr-2.1.12-sources.jar.sha512
release/felix/org.apache.felix.scr-2.1.12.jar
release/felix/org.apache.felix.scr-2.1.12.jar.asc
release/felix/org.apache.felix.scr-2.1.12.jar.sha1
release/felix/org.apache.felix.scr-2.1.12.jar.sha512
release/felix/org.apache.felix.scr-2.1.12.pom
release/felix/org.apache.felix.scr-2.1.12.pom.asc
release/felix/org.apache.felix.scr-2.1.12.pom.sha1
release/felix/org.apache.felix.scr-2.1.12.pom.sha512

Added: release/felix/org.apache.felix.scr-2.1.14-javadoc.jar
==
Binary file - no diff available.

Propchange: release/felix/org.apache.felix.scr-2.1.14-javadoc.jar
--
svn:executable = *

Propchange: release/felix/org.apache.felix.scr-2.1.14-javadoc.jar
--
svn:mime-type = application/octet-stream

Added: release/felix/org.apache.felix.scr-2.1.14-javadoc.jar.asc
==
--- release/felix/org.apache.felix.scr-2.1.14-javadoc.jar.asc (added)
+++ release/felix/org.apache.felix.scr-2.1.14-javadoc.jar.asc Tue Nov 13 
11:02:43 2018
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCgAdFiEEX9UUWovQMXqU3HcTP89Sn/LyegYFAlvmrzYACgkQP89Sn/Ly
+egZcHA//SjXj0XCJkT5dxmbirqcEkth2v29QTcLJ4aS+Mngpp/LoCQcQNR3Ec+Z4
+u5mcn5xSeWiaxV0rGXPWXvhio6s9FJ7/UWAOxJV/r/rUt72Q2wYLdHlu2swBc+tr
+SDPIdQr2JXfn1BJS+uneFDeB3FUGPH3EIXBQ2z6xc9XcSq72Ltq1bI+jATWEnEdX
+FJgvxxZsplo3KalcDX2mYnI603YPzNd9sW+3NFnYLzUTQCoes6wPmOKGywHQKvwl
+NjQZNhB8V2iC2/atJk51MapeORZWBRzCWcFqh9J3aLPQgEBlqSf4buGSJlU4fvbO
+/ggiOJqLkTuOYOObFunXq41MIsUEWwsW5zJd+4GEduX2oORm3dOlRIMNydP8f+Af
+dI1lMCqGnnSUoK6pXbzBLDsC6DhEzn8rhkdmSB53LYptbchUEtnhyqkCuvcOy4Xw
+res1TgFJRD9f4iiioIedE52IqzGpooZR6o2F77WPVxCOEBG9qJPDmHVN3QNGT/Tq

svn commit: r1846501 - in /felix/trunk/webconsole: ./ src/main/java/org/apache/felix/webconsole/internal/servlet/ src/test/java/org/apache/felix/webconsole/internal/servlet/

2018-11-13 Thread cziegeler

Author: cziegeler
Date: Tue Nov 13 10:38:33 2018
New Revision: 1846501

URL: http://svn.apache.org/viewvc?rev=1846501=rev
Log:
FELIX-5934 : The Felix Web Console stores unsalted hashed password. Apply patch 
from Antonio Sanso

Added:

felix/trunk/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/

felix/trunk/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/PasswordTest.java
   (with props)
Modified:
felix/trunk/webconsole/changelog.txt

felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/Password.java

Modified: felix/trunk/webconsole/changelog.txt
URL: 
http://svn.apache.org/viewvc/felix/trunk/webconsole/changelog.txt?rev=1846501=1846500=1846501=diff
==
--- felix/trunk/webconsole/changelog.txt (original)
+++ felix/trunk/webconsole/changelog.txt Tue Nov 13 10:38:33 2018
@@ -1,9 +1,15 @@
+Changes in 4.3.10
+-
+** Improvement
+* [FELIX-5934] - The web console stores unsalted hashed password
+
+
 Changes in 4.3.8
 
 ** Improvement
-* [5901] - Update to latest jQuery UI 1.12.1
+* [FELIX-5901] - Update to latest jQuery UI 1.12.1
 ** Bug
-* [5893] - JQuery Security bug CVE-2015-9251 in Web Console
+* [FELIX-5893] - JQuery Security bug CVE-2015-9251 in Web Console
 
 
 Changes from 4.3.2 to 4.3.4

Modified: 
felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/Password.java
URL: 
http://svn.apache.org/viewvc/felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/Password.java?rev=1846501=1846500=1846501=diff
==
--- 
felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/Password.java
 (original)
+++ 
felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/Password.java
 Tue Nov 13 10:38:33 2018
@@ -19,10 +19,10 @@
 package org.apache.felix.webconsole.internal.servlet;
 
 
+import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
-
+import java.security.SecureRandom;
 
 /**
  * The Password class encapsulates encoding and decoding
@@ -31,22 +31,29 @@ import java.util.Arrays;
  * Encoded hashed passwords are strings of the form
  * {hashAlgorithm}base64-encoded-password-hash where
  * hashAlgorithm is the name of the hash algorithm used to hash
- * the password and base64-encoded-password-hash is the password
- * hashed with the indicated hash algorithm and subsequently encoded in
- * Base64.
+ * the password and password is the password
+ * hashed with the indicated hash algorithm.
  */
 class Password
 {
 
 // the default hash algorithm (part of the Java Platform since 1.4)
 private static final String DEFAULT_HASH_ALGO = "SHA-256";
+
+private static final char DELIMITER = '-';
+
+private static final int NO_ITERATIONS = 1;
+
+private static final int DEFAULT_ITERATIONS = 1000;
+
+public static final int DEFAULT_SALT_SIZE = 8;
 
 // the hash algorithm used to hash the password or null
 // if the password is not hashed at all
 private final String hashAlgo;
 
 // the hashed or plain password
-private final byte[] password;
+private final String password;
 
 
 /**
@@ -73,18 +80,16 @@ class Password
  */
 static String hashPassword( final String textPassword )
 {
-final byte[] bytePassword = Base64.getBytesUtf8( textPassword );
-return hashPassword( DEFAULT_HASH_ALGO, bytePassword );
+String salt = generateSalt(DEFAULT_SALT_SIZE);
+return hashPassword( DEFAULT_HASH_ALGO, DEFAULT_ITERATIONS, salt, 
textPassword  );
 }
 
-
 Password( String textPassword )
 {
 this.hashAlgo = getPasswordHashAlgorithm( textPassword );
-this.password = getPasswordBytes( textPassword );
+this.password = getPassword(textPassword);
 }
 
-
 /**
  * Returns {@code true} if this password matches the password
  * {@code toCompare}. If this password is hashed, the {@code toCompare}
@@ -97,32 +102,47 @@ class Password
  */
 boolean matches( final byte[] toCompare )
 {
-return Arrays.equals( this.password, hashPassword( toCompare, 
this.hashAlgo ) );
+if (this.hashAlgo != null) 
+{
+int startPos = 0;
+String salt = extractSalt(this.password, startPos);
+int iterations = NO_ITERATIONS;
+if (salt != null) 
+{
+startPos += salt.length()+1;
+iterations = extractIterations(this.password, startPos);
+   
+}
+String hash = hashPassword(this.hashAlgo, iterations, salt, new 
String(toCompare));
+final StringBuilder buf = new StringBuilder();
+

svn commit: r1846502 - in /felix/site/trunk/content: downloads.list news.mdtext

2018-11-13 Thread cziegeler

Author: cziegeler
Date: Tue Nov 13 11:05:12 2018
New Revision: 1846502

URL: http://svn.apache.org/viewvc?rev=1846502=rev
Log:
SCR 2.1.14

Modified:
felix/site/trunk/content/downloads.list
felix/site/trunk/content/news.mdtext

Modified: felix/site/trunk/content/downloads.list
URL: 
http://svn.apache.org/viewvc/felix/site/trunk/content/downloads.list?rev=1846502=1846501=1846502=diff
==
--- felix/site/trunk/content/downloads.list (original)
+++ felix/site/trunk/content/downloads.list Tue Nov 13 11:05:12 2018
@@ -89,7 +89,7 @@ OSGi OBR service API|org.osgi.service.ob
 Preferences|org.apache.felix.prefs|1.1.0
 Remote Shell|org.apache.felix.shell.remote|1.1.2|project||doc/changelog.txt
 Resolver|org.apache.felix.resolver|2.0.0|||doc/changelog.txt
-SCR (Declarative Services)|org.apache.felix.scr|2.1.12
+SCR (Declarative Services)|org.apache.felix.scr|2.1.14
 SCR Compat (Declarative Services)|org.apache.felix.scr.compat|1.0.4
 SCR Annotations|org.apache.felix.scr.annotations|1.12.0
 SCR DS Annotations|org.apache.felix.scr.ds-annotations|1.2.10
@@ -137,4 +137,4 @@ SCR Ant Task|org.apache.felix.scr.ant|1.
 # This list is sorted by the title before writing the table
 # Format: title|artifactId|version[|classifier[|extension]]
 SCR bnd Plugin|org.apache.felix.scr.bnd|1.9.0
-SCR Ext Anno|org.apache.felix.scr.ext.anno|1.0.0
\ No newline at end of file
+SCR Ext Anno|org.apache.felix.scr.ext.anno|1.0.0

Modified: felix/site/trunk/content/news.mdtext
URL: 
http://svn.apache.org/viewvc/felix/site/trunk/content/news.mdtext?rev=1846502=1846501=1846502=diff
==
--- felix/site/trunk/content/news.mdtext (original)
+++ felix/site/trunk/content/news.mdtext Tue Nov 13 11:05:12 2018
@@ -1,5 +1,6 @@
 Title: News
 
+* Apache Felix SCR 2.1.14 released (November 13th, 2018)
 * Apache Felix Dependency Manager r13 (October 22nd, 2018)
 * Apache Felix Felix Http SSL Filter 1.2.6 released (October 18th, 2018)
 * Apache Felix SCR 2.1.12 released (October 17th, 2018)
@@ -394,4 +395,4 @@ Title: News
 * Feathercast [podcast](http://feathercast.org/?p=46) about Felix released. 
(May 23, 2007)
 * Felix has graduated into a top level project!
 * The Felix 0.8.0-incubator release is now available in the http://felix.apache.org/site/downloads.cgi;>downloads section.
-* Felix has its own website! (July 17, 2006)
\ No newline at end of file
+* Felix has its own website! (July 17, 2006)

svn commit: r1036894 - in /websites/staging/felix/trunk/content: ./ downloads.html news.html

2018-11-13 Thread buildbot

Author: buildbot
Date: Tue Nov 13 11:05:56 2018
New Revision: 1036894

Log:
Staging update by buildbot for felix

Modified:
websites/staging/felix/trunk/content/   (props changed)
websites/staging/felix/trunk/content/downloads.html
websites/staging/felix/trunk/content/news.html

Propchange: websites/staging/felix/trunk/content/
--
--- cms:source-revision (original)
+++ cms:source-revision Tue Nov 13 11:05:56 2018
@@ -1 +1 @@
-1844753
+1846502

Modified: websites/staging/felix/trunk/content/downloads.html
==
--- websites/staging/felix/trunk/content/downloads.html (original)
+++ websites/staging/felix/trunk/content/downloads.html Tue Nov 13 11:05:56 2018
@@ -543,9 +543,9 @@ h2:hover > .headerlink, h3:hover > .head
 
 
 SCR (Declarative Services)
-2.1.12 (http://svn.apache.org/repos/asf/felix/releases/org.apache.felix.scr-2.1.12/changelog.txt;>changes)
-jar (http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.12.jar.asc;>asc,
 http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.12.jar.sha1;>sha1)
-tar.gz
 (http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.12-source-release.tar.gz.asc;>asc,
 http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.12-source-release.tar.gz.sha1;>sha1)
 zip 
(http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.12-source-release.zip.asc;>asc,
 http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.12-source-release.zip.sha1;>sha1)
+2.1.14 (http://svn.apache.org/repos/asf/felix/releases/org.apache.felix.scr-2.1.14/changelog.txt;>changes)
+jar (http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.14.jar.asc;>asc,
 http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.14.jar.sha1;>sha1)
+tar.gz
 (http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.14-source-release.tar.gz.asc;>asc,
 http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.14-source-release.tar.gz.sha1;>sha1)
 zip 
(http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.14-source-release.zip.asc;>asc,
 http://www.apache.org/dist/felix/org.apache.felix.scr-2.1.14-source-release.zip.sha1;>sha1)
 
 
 SCR Annotations
@@ -823,7 +823,7 @@ the http://archive.apache.org/d
 
 
   
-Rev. 1844590 by pderop on Mon, 22 Oct 2018 17:23:35 +
+Rev. 1846502 by cziegeler on Tue, 13 Nov 2018 11:05:12 +
   

 Apache Felix, Felix, Apache, the Apache feather logo, and the Apache 
Felix project

Modified: websites/staging/felix/trunk/content/news.html
==
--- websites/staging/felix/trunk/content/news.html (original)
+++ websites/staging/felix/trunk/content/news.html Tue Nov 13 11:05:56 2018
@@ -89,6 +89,7 @@ h2:hover > .headerlink, h3:hover > .head
 }
 h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, 
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, 
dt:hover > .elementid-permalink { visibility: visible }
 
+Apache Felix SCR 2.1.14 released (November 13th, 2018)
 Apache Felix Dependency Manager r13 (October 22nd, 2018)
 Apache Felix Felix Http SSL Filter 1.2.6 released (October 18th, 2018)
 Apache Felix SCR 2.1.12 released (October 17th, 2018)
@@ -486,7 +487,7 @@ h2:hover > .headerlink, h3:hover > .head
 Felix has its own website! (July 17, 2006)
 
   
-Rev. 1844589 by pderop on Mon, 22 Oct 2018 17:21:41 +
+Rev. 1846502 by cziegeler on Tue, 13 Nov 2018 11:05:12 +
   

 Apache Felix, Felix, Apache, the Apache feather logo, and the Apache 
Felix project

svn commit: r30873 - /release/felix/

svn commit: r1846501 - in /felix/trunk/webconsole: ./ src/main/java/org/apache/felix/webconsole/internal/servlet/ src/test/java/org/apache/felix/webconsole/internal/servlet/

svn commit: r1846502 - in /felix/site/trunk/content: downloads.list news.mdtext

svn commit: r1036894 - in /websites/staging/felix/trunk/content: ./ downloads.html news.html

4 matches

Site Navigation

Mail list logo

Footer information