Re: [CRYPTO] Basic SSL 3.x support added
On Thu, 23 Nov 2023 at 11:57, sebb wrote: > > The test suite now runs on ubuntu-latest, windows-latest and > macos-latest with Java 8,11,17,21 > > On macOS, the OpenSSL library path has to be provided, otherwise the > test can crash with > > '"...bin/java is loading libcrypto in an unsafe way" > > AFAICT, this is where libcrypto.dylib does not resolve to a filename > that contains a version number. > (Normally libcrypto.dylib is a link pointing to libcrypto.1.1.dylib or > similar in the same directory) > > I have not yet found this lone library, so I am beginning to wonder if > it is in the dylib cache? On further investigation, it appears that the default crypto library is a dummy that does not have an in-built version. It does not matter if the file name includes a version or not. That was a red herring. > If so, then macOS will always require the library path to be provided. The user will either have to provide jn[ai].library.path or ensure that there is a suitable library in the current working directory. (This can be a soft link) > I don't think it's possible to trap the error, so it cannot be > automatically recovered. > It might perhaps be possible to use dlopen_preflight() to check if a > file exists; will need to run further checks. > AFAICT, dlopen_preflight() returns true if (and only if) the library load will succeed, so could be used to avoid a crash. It has to do the same checks as dlopen(), so should only be used if necessary. I think it would make sense to only do the check if the user has not provided a library path. This could be added to the JNI loads quite easily. However so far I have been unable to get the method working in the JNA case. It would need to be done in an independent class that is only loaded on macOS. > On Sat, 18 Nov 2023 at 03:26, Alex Remily wrote: > > > > Just pulled master and successfully ran tests against OpenSSL 3.1.3 on Mac > > OS 11 BigSur. Nice work sebb! > > > > Apache Commons Crypto 1.2.1-SNAPSHOT > > > > Native code loaded OK: 1.2.1-SNAPSHOT > > > > Native name: Apache Commons Crypto > > > > Native built: Nov 17 2023 > > > > OpenSSL library loaded OK, version: 0x30100030 > > > > OpenSSL library info: OpenSSL 3.1.3 19 Sep 2023 > > > > DLL name: libcrypto.dylib > > > > DLL path: /usr/local/Cellar/openssl@3/3.1.3/lib/libcrypto.3.dylib > > > > Additional OpenSSL_version(n) details: > > > > OpenSSLVersion(1): compiler: clang -fPIC -arch x86_64 -O3 -Wall -DL_ENDIAN > > -DOPENSSL_PIC -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG > > > > OpenSSLVersion(2): built on: Tue Sep 19 13:01:49 2023 UTC > > > > OpenSSLVersion(3): platform: darwin64-x86_64-cc > > > > OpenSSLVersion(4): OPENSSLDIR: "/usr/local/etc/openssl@3" > > > > OpenSSLVersion(5): ENGINESDIR: "/usr/local/Cellar/openssl@3 > > /3.1.3/lib/engines-3" > > > > OpenSSLVersion(6): 3.1.3 > > > > OpenSSLVersion(7): 3.1.3 > > > > OpenSSLVersion(8): MODULESDIR: "/usr/local/Cellar/openssl@3 > > /3.1.3/lib/ossl-modules" > > > > OpenSSLVersion(9): CPUINFO: OPENSSL_ia32cap=0x7ffaf3eb:0x27ab > > > > Random instance created OK: > > org.apache.commons.crypto.random.OpenSslCryptoRandom@30c4e352 > > > > Cipher AES/CTR/NoPadding instance created OK: > > org.apache.commons.crypto.cipher.OpenSslCipher@673c4f6e > > > > On Tue, Nov 14, 2023 at 8:27 AM sebb wrote: > > > > > On Tue, 14 Nov 2023 at 13:17, Alex Remily wrote: > > > > > > > > That's fantastic. I read that there were big API changes with the move > > > to > > > > OpenSSL 3, but maybe those changes were not in the functionality that > > > > commons crypto exposes. Have you merged into master yet? I look > > > > forward > > > > to playing around with it. > > > > > > Yes, it is in master. > > > > > > > Alex > > > > > > > > On Wed, Nov 8, 2023 at 7:12 PM sebb wrote: > > > > > > > > > Crypto now builds and tests OK on > > > > > macOS-latest - OpenSSL 3.1.4 24 Oct 2023 > > > > > and > > > > > Ubuntu-latest - OpenSSL 3.0.2 15 Mar 2022 > > > > > Tested with Java 8 and 21 > > > > > > > > > > I only had to allow for two changed names: > > > > > > > > > > EVP_CIPHER_CTX_block_size => EVP_CIPHER_CTX_get_block_size > > > > > EVP_CIPHER_flags => EVP_CIPHER_get_flags > > > > > > > > > > This seems too easy, so I suspect there may be some missing tests. > > > > > > > > > > Sebb > > > > > > > > > > - > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
[VOTE] Release Apache Commons IO 2.15.1 based on RC1
We have fixed quite one important bug and added some enhancements since Apache Commons IO 2.15.0 was released, so I would like to release Apache Commons IO 2.15.1. Apache Commons IO 2.15.1 RC1 is available for review here: https://dist.apache.org/repos/dist/dev/commons/io/2.15.1-RC1 (svn revision 65522) The Git tag commons-io-2.15.1-RC1 commit for this RC is dc51644d5adbb0c461efb58380ec51fbca10005d which you can browse here: https://gitbox.apache.org/repos/asf?p=commons-io.git;a=commit;h=dc51644d5adbb0c461efb58380ec51fbca10005d You may checkout this tag using: git clone https://gitbox.apache.org/repos/asf/commons-io.git --branch commons-io-2.15.1-RC1 commons-io-2.15.1-RC1 Maven artifacts are here: https://repository.apache.org/content/repositories/orgapachecommons-1675/commons-io/commons-io/2.15.1/ These are the artifacts and their hashes: #Release SHA-512s #Fri Nov 24 11:28:20 EST 2023 commons-io-2.15.1-bin.tar.gz=c00b9cbd8e213311137e10e3425cf19af60c737103b3ed968c33fdc5f803892f364f4e754a7d3a222a579ee6a58a1e8731ef51835d516d2a6aab8fd2f0845e35 commons-io-2.15.1-bin.zip=944d0e2e750895d8371c7ecbed5e0593bceec404b7a0c6c9f1c2e77986ccabb2280b84485dcf34ae4339256ae164b8e04d4b95101bbfaf28de24aea711fed4bd commons-io-2.15.1-bom.json=7186ba77d019082653b32b08f91ed64d9de7ed567d9978a7888acc87ee9c8af1b0b4344a4ffd7f01b2cb5393b5fb74c368e2769527a5242372c124ba2625db19 commons-io-2.15.1-bom.xml=afc61569e85d1a4d4c6c49a91caae3479cd79c6ba9623d2f662a22ee0129111e42d668414560b16fce9606f602a2cca2127f9de57e524332316ba871ffe90e31 commons-io-2.15.1-javadoc.jar=f275a97668465fe467bd3a690d60da4d842957b94fe22247bbeff43afa4ad008d7fed4e194f8f42ac55b3979a4015dc907f02259e2fe679288f63e469e31366c commons-io-2.15.1-sources.jar=3ee4e22de8a3e04ff8651873b596a23bd517152f3ede3d14af1e5b6b52eb878f360a2ac672453cf67efb948fea4e969019f9023dd7d1d1b064fb164cc17154a2 commons-io-2.15.1-src.tar.gz=809c7aa66354f2e35fd23f295c4e2f325596ee7f842b7f63f6acc3bd9377c17d4dd276ce62c477fff8d51d0d660e9addbc068270a876097cbecfe3e64f57f385 commons-io-2.15.1-src.zip=f98e754fe68827390960f5ca08d8b3ae4eed54243e164c9e347f6f8f40519d096f6bfff4e2696d79870576be36a7140a6cea600381c3c8739361e72a6b392375 commons-io-2.15.1-test-sources.jar=6a1a70ef392183ad0217e8f517ddcce0fb840c1b6076f9a3407a240e3738da94ce24639422fcda232cd96526360a85284765bef60c127b2dd2be8e47ee6fe96c commons-io-2.15.1-tests.jar=2bfeac593dfa23cc0da62e4a2c3470ef63ee54ca6987ac2176cb437d0c3ca867f0d92b62d166244da94d9154362cf58486904ef35c3c95645dcd8074bb4d6674 commons-io_commons-io-2.15.1.spdx.json=eada6a6c341abad84bad3d3fd6e9a00326bf7646110bcc46c6db997bc9d28eed372daa622371abbaad5abf58f47bd4870c7af9f0662d5769e6cb71565987be15 I have tested this with mvn -V -Prelease -Ptest-deploy -P jacoco -P japicmp clean package site deploy using: Apache Maven 3.9.5 (57804ffe001d7215b5e7bcb531cf83df38f93546) Maven home: /usr/local/Cellar/maven/3.9.5/libexec Java version: 21.0.1, vendor: Homebrew, runtime: /usr/local/Cellar/openjdk/21.0.1/libexec/openjdk.jdk/Contents/Home Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "14.1.1", arch: "x86_64", family: "mac" Darwin 23.1.0 Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:27 PDT 2023; root:xnu-10002.41.9~6/RELEASE_X86_64 x86_64 Details of changes since 2.15.0 are in the release notes: https://dist.apache.org/repos/dist/dev/commons/io/2.15.1-RC1/RELEASE-NOTES.txt https://dist.apache.org/repos/dist/dev/commons/io/2.15.1-RC1/site/changes-report.html Site: https://dist.apache.org/repos/dist/dev/commons/io/2.15.1-RC1/site/index.html (note some *relative* links are broken and the 2.15.1 directories are not yet created - these will be OK once the site is deployed.) JApiCmp Report (compared to 2.15.0): https://dist.apache.org/repos/dist/dev/commons/io/2.15.1-RC1/site/japicmp.html RAT Report: https://dist.apache.org/repos/dist/dev/commons/io/2.15.1-RC1/site/rat-report.html KEYS: https://downloads.apache.org/commons/KEYS Please review the release candidate and vote. This vote will close no sooner than 72 hours from now. [ ] +1 Release these artifacts [ ] +0 OK, but... [ ] -0 OK, but really should fix... [ ] -1 I oppose this release because... Thank you, Gary Gregory, Release Manager (using key 86fdc7e2a11262cb) For following is intended as a helper and refresher for reviewers. Validating a release candidate == These guidelines are NOT complete. Requirements: Git, Java, Maven. You can validate a release from a release candidate (RC) tag as follows. 1a) Clone and checkout the RC tag git clone https://gitbox.apache.org/repos/asf/commons-io.git --branch commons-io-2.15.1-RC1 commons-io-2.15.1-RC1 cd commons-io-2.15.1-RC1 1b) Download and unpack the source archive from: https://dist.apache.org/repos/dist/dev/commons/io/2.15.1-RC1/source 2) Check Apache licenses This step is not required if the site includes a RAT report page which you then must check. mvn apache-rat:check
