I think this security related bug should be added to the list of release related bugs.
https://jira.iotivity.org/browse/IOT-2374 IOT-2374 Cannot use ocprovisioningmanager.h without including internal headers This will make users unable to used security with a downloaded SDK since it cannot be used without the internal headers that should not be part of the SDK. George Nash From: iotivity-dev-bounces at lists.iotivity.org [mailto:[email protected]] On Behalf Of ??? (Uze Choi) Sent: Tuesday, May 23, 2017 2:17 AM To: iotivity-dev at lists.iotivity.org Subject: [dev] IoTivity1.3.0-RC3 tag 1.3.0-RC3 just has been tagged. Please start the QA with it. BR, Uze Choi From: Malsbary, Todd [mailto:[email protected]] Sent: Tuesday, May 23, 2017 3:55 AM To: iotivity-dev at lists.iotivity.org<mailto:iotivity-dev at lists.iotivity.org>; uzchoi at samsung.com<mailto:uzchoi at samsung.com> Subject: Re: [dev] [State update-4 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Uze, On this topic, I noticed a regression this morning and reopened https://jira.iotivity.org/browse/IOT-2175. I pushed up https://gerrit.iotivity.org/gerrit/#/c/20261/ to fix it. Thanks, -Todd On Mon, 2017-05-22 at 21:44 +0900, ??? (Uze Choi) wrote: After some patches are verified let me make the RC3 tag. Today Jenkins server is too slow. Please do not merge without my consent from now on?. BR, Uze Choi From: ??? (Uze Choi) [mailto:[email protected]] Sent: Monday, May 22, 2017 10:35 AM To: 'iotivity-dev at lists.iotivity.org' Cc: 'Agis, Ed'; 'Mitch Kettrick' Subject: [State update-3 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi All, With the great help of Security People Nathan, Dan, Randeep, Dongik, Oleg, Andrii, Dmitriy and so on, Most of pending issues are resolved. However, there are still some code under the review, as of now. Please let them merged soon to make a RC3 tagging. BR, Uze Choi From: iotivity-dev-bounces at lists.iotivity.org<mailto:iotivity-dev-bounces at lists.iotivity.org> [mailto:[email protected]] On Behalf Of ??? Sent: Sunday, May 21, 2017 1:16 PM To: Heldt-Sheller, Nathan; Bell, Richard S; ???; iotivity-dev at lists.iotivity.org<mailto:iotivity-dev at lists.iotivity.org> Cc: Agis, Ed; Mitch Kettrick Subject: Re: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Nathan, I believe Patches for these issues will be merged by this week. (I mean by this Sunday) Then release version can pass the current version CTT test case excluding issues to be resolved from CTT. And better to include following but not necessary to include below I believe. ? Bug IOT-1928 Update mbedtls version before 1.3 release ? Improvement IOT-1896 BR Uze Choi --------- Original Message --------- Sender : Heldt-Sheller, Nathan <nathan.heldt-sheller at intel.com<mailto:nathan.heldt-sheller at intel.com>> Date : 2017-05-21 08:12 (GMT+9) Title : RE: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Uze, As an update, all known P1 Security Issues have either been resolved, or have pending patches in Gerrit review; see JIRA for updated status: All Open, In Progress, Assigned and Re-opened Issues with ?Security? tag, P1, and Fix In Version 1.3.0<https://jira.iotivity.org/issues/?jql=project%20%3D%20IOT%20AND%20status%20in%20(Open%2C%20%22In%20Progress%22%2C%20Reopened%2C%20Assigned)%20AND%20priority%20%3D%20P1%20AND%20fixVersion%20%3D%20%22IoTivity%201.3.0%22%20AND%20labels%20%3D%20security%20ORDER%20BY%20priority%20DESC%2C%20created%20DESC> We are waiting on code review and/or Jenkins for 7 of the 8 open issues. The mbedTLS update issue, you already known about. However it should be noted that there are likely many outstanding issues other than these that will prevent OCF 1.0 certification. I understand it is your intention to release 1.3.0 without passing complete CTT, but I wanted to be 100% clear that there will almost surely be other certification blocking issues discovered as CTT and IoTivity bugs are fixed and more of the TCs are running. I hope the intention is to release again when complete CTT is passing. Summary copy/paste from JIRA: ? Bug IOT-2293 [Security] /oic/sec/acl2 resource is being updated by payload for /oic/sec/acl resource ? Bug IOT-2292 [Security] 'creds->credusage' property of /oic/sec/cred resource is of string type, expected is array of string in OCF1.0 ? Bug IOT-2281 [Security] /oic/sec/amacl resource is responding for GET request, but not for POST ? Bug IOT-2280 [Security] /oic/sec/doxm resource unable to update rowneruuid ? Bug IOT-2271 provisioningclient fails to discover sampleserver_randompin, when using default ACEs ? Bug IOT-2258 OCCreateResource() must allow Secure *and* Unsecure "ep" ? Bug IOT-1928 Update mbedtls version before 1.3 release ? Improvement IOT-1896 Implement privacy mitigation approach for unique identifiers Thanks, Nathan [cid:image001.gif at 01D2D54D.924B6B60] [http://ext.samsung.net/mail/ext/v1/external/status/update?userid=uzchoi&do=bWFpbElEPTIwMTcwNTIxMDQxNTUxZXBjbXMxcDFmOTIzMjE4Nzg5NTYwZTI3YzVlYTNjZWY3Y2IyZjFkZCZyZWNpcGllbnRBZGRyZXNzPWlvdGl2aXR5LWRldkBsaXN0cy5pb3Rpdml0eS5vcmc_] _______________________________________________ iotivity-dev mailing list iotivity-dev at lists.iotivity.org<mailto:iotivity-dev at lists.iotivity.org> https://lists.iotivity.org/mailman/listinfo/iotivity-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170525/5b73c76f/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 13402 bytes Desc: image001.gif URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170525/5b73c76f/attachment.gif>
