From 06d9d767aef0c813693cca05479d171c0c156b37 Mon Sep 17 00:00:00 2001 From: bhashinee Date: Mon, 17 Jun 2024 14:05:32 +0530 Subject: [PATCH 1/6] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index e6a405f6..2549ed3b 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -21,11 +21,11 @@ path = "../native/build/libs/crypto-native-2.6.3-SNAPSHOT.jar" [[platform.java17.dependency]] groupId = "org.bouncycastle" artifactId = "bcpkix-jdk18on" -version = "1.77" -path = "./lib/bcpkix-jdk18on-1.77.jar" +version = "1.78" +path = "./lib/bcpkix-jdk18on-1.78.jar" [[platform.java17.dependency]] groupId = "org.bouncycastle" artifactId = "bcprov-jdk18on" -version = "1.77" -path = "./lib/bcprov-jdk18on-1.77.jar" +version = "1.78" +path = "./lib/bcprov-jdk18on-1.78.jar" From 673711eea778b31e2c3e47ad9e8486abe2b74db0 Mon Sep 17 00:00:00 2001 From: bhashinee Date: Mon, 17 Jun 2024 14:10:15 +0530 Subject: [PATCH 2/6] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index 2549ed3b..7e7d3619 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -29,3 +29,9 @@ groupId = "org.bouncycastle" artifactId = "bcprov-jdk18on" version = "1.78" path = "./lib/bcprov-jdk18on-1.78.jar" + +[[platform.java17.dependency]] +groupId = "org.bouncycastle" +artifactId = "bcutil-jdk18on" +version = "1.78" +path = "./lib/bcutil-jdk18on-1.78.jar" From 289d141c5b50e94126ee9257d6ff442ced2c498a Mon Sep 17 00:00:00 2001 From: bhashinee Date: Mon, 17 Jun 2024 14:10:36 +0530 Subject: [PATCH 3/6] Update the Bouncy Castle version --- ballerina/build.gradle | 3 +++ build-config/resources/Ballerina.toml | 6 ++++++ gradle.properties | 2 +- native/build.gradle | 1 + 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ballerina/build.gradle b/ballerina/build.gradle index a53bb0cf..48a206d6 100644 --- a/ballerina/build.gradle +++ b/ballerina/build.gradle @@ -73,6 +73,9 @@ dependencies { externalJars(group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: "${bouncycastleVersion}") { transitive = false } + externalJars(group: 'org.bouncycastle', name: 'bcutil-jdk18on', version: "${bouncycastleVersion}") { + transitive = false + } } task updateTomlFiles { diff --git a/build-config/resources/Ballerina.toml b/build-config/resources/Ballerina.toml index 2df47ec0..3b60a703 100644 --- a/build-config/resources/Ballerina.toml +++ b/build-config/resources/Ballerina.toml @@ -29,3 +29,9 @@ groupId = "org.bouncycastle" artifactId = "bcprov-jdk18on" version = "@bouncycastle.version@" path = "./lib/bcprov-jdk18on-@bouncycastle.version@.jar" + +[[platform.java17.dependency]] +groupId = "org.bouncycastle" +artifactId = "bcutil-jdk18on" +version = "@bouncycastle.version@" +path = "./lib/bcutil-jdk18on-@bouncycastle.version@.jar" diff --git a/gradle.properties b/gradle.properties index ce7debbc..10b30b41 100644 --- a/gradle.properties +++ b/gradle.properties @@ -2,7 +2,7 @@ org.gradle.caching=true group=io.ballerina.stdlib version=2.6.3-SNAPSHOT puppycrawlCheckstyleVersion=10.12.0 -bouncycastleVersion=1.77 +bouncycastleVersion=1.78 githubSpotbugsVersion=5.0.14 githubShadowVersion=7.1.2 undercouchDownloadVersion=5.4.0 diff --git a/native/build.gradle b/native/build.gradle index 06fc30f3..5fbf4ee0 100644 --- a/native/build.gradle +++ b/native/build.gradle @@ -31,6 +31,7 @@ dependencies { implementation group: 'io.ballerina.stdlib', name: 'time-native', version: "${stdlibTimeVersion}" implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: "${bouncycastleVersion}" implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: "${bouncycastleVersion}" + implementation group: 'org.bouncycastle', name: 'bcutil-jdk18on', version: "${bouncycastleVersion}" compileOnly group: 'org.graalvm.nativeimage', name: 'svm', version: "${nativeImageVersion}" } From b17aa697e9f8975df6bceb5abb33fc2887f46467 Mon Sep 17 00:00:00 2001 From: bhashinee Date: Mon, 17 Jun 2024 14:11:38 +0530 Subject: [PATCH 4/6] Update the workflows --- .github/workflows/build-timestamped-master.yml | 2 +- .github/workflows/build-with-bal-test-graalvm.yml | 2 +- .github/workflows/central-publish.yml | 2 +- .github/workflows/publish-release.yml | 2 +- .github/workflows/pull-request.yml | 2 +- .github/workflows/trivy-scan.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-timestamped-master.yml b/.github/workflows/build-timestamped-master.yml index b4f793fa..c8e42fa1 100644 --- a/.github/workflows/build-timestamped-master.yml +++ b/.github/workflows/build-timestamped-master.yml @@ -12,5 +12,5 @@ jobs: call_workflow: name: Run Build Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-standard-library/.github/workflows/build-timestamp-master-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/build-timestamp-master-template.yml@main secrets: inherit diff --git a/.github/workflows/build-with-bal-test-graalvm.yml b/.github/workflows/build-with-bal-test-graalvm.yml index 69614180..000baac8 100644 --- a/.github/workflows/build-with-bal-test-graalvm.yml +++ b/.github/workflows/build-with-bal-test-graalvm.yml @@ -30,7 +30,7 @@ jobs: call_stdlib_workflow: name: Run StdLib Workflow if: ${{ github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository_owner == 'ballerina-platform') }} - uses: ballerina-platform/ballerina-standard-library/.github/workflows/build-with-bal-test-graalvm-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/build-with-bal-test-graalvm-template.yml@main with: lang_tag: ${{ inputs.lang_tag }} lang_version: ${{ inputs.lang_version }} diff --git a/.github/workflows/central-publish.yml b/.github/workflows/central-publish.yml index c0bd478b..11922b55 100644 --- a/.github/workflows/central-publish.yml +++ b/.github/workflows/central-publish.yml @@ -15,7 +15,7 @@ jobs: call_workflow: name: Run Central Publish Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-standard-library/.github/workflows/central-publish-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/central-publish-template.yml@main secrets: inherit with: environment: ${{ github.event.inputs.environment }} diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 42674396..460928fe 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -9,7 +9,7 @@ jobs: call_workflow: name: Run Release Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-standard-library/.github/workflows/release-package-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/release-package-template.yml@main secrets: inherit with: package-name: crypto diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 826903b7..3b7c1462 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,5 +10,5 @@ jobs: call_workflow: name: Run PR Build Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-standard-library/.github/workflows/pull-request-build-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/pull-request-build-template.yml@main secrets: inherit diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index f3b9cbae..458aab57 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -9,5 +9,5 @@ jobs: call_workflow: name: Run Trivy Scan Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-standard-library/.github/workflows/trivy-scan-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/trivy-scan-template.yml@main secrets: inherit From 520a70e2cebc97a16f2a5de36a866ccad8d26545 Mon Sep 17 00:00:00 2001 From: bhashinee Date: Mon, 17 Jun 2024 14:22:50 +0530 Subject: [PATCH 5/6] Update the change log --- changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/changelog.md b/changelog.md index 739572a9..80e001eb 100644 --- a/changelog.md +++ b/changelog.md @@ -8,6 +8,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Added - [Introduce new APIs to sign and verify using SHA256withECDSA](https://github.com/ballerina-platform/ballerina-library/issues/5889) +## [2.6.3] - 2023-16-17 + +- [Address bouncy castle vulnerability - CVE-2024-29857](https://github.com/ballerina-platform/ballerina-library/issues/6637) + ## [2.6.1] - 2023-12-12 ### Added From d1099c07d4302f99e068e917cc1bd65b6fd99223 Mon Sep 17 00:00:00 2001 From: Bhashinee Date: Mon, 17 Jun 2024 14:23:51 +0530 Subject: [PATCH 6/6] Update changelog.md --- changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.md b/changelog.md index 80e001eb..897f3e71 100644 --- a/changelog.md +++ b/changelog.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Added - [Introduce new APIs to sign and verify using SHA256withECDSA](https://github.com/ballerina-platform/ballerina-library/issues/5889) -## [2.6.3] - 2023-16-17 +## [2.6.3] - 2023-06-17 - [Address bouncy castle vulnerability - CVE-2024-29857](https://github.com/ballerina-platform/ballerina-library/issues/6637)