[jenkinsci/jenkins] dd80d5: [SECURITY-54]

Tue, 12 Feb 2013 13:52:07 -0800 

  Branch: refs/heads/SECURITY-54
  Home:   https://github.com/jenkinsci/jenkins
  Commit: dd80d5b6b78a110444123911dc04dc664630a81f
      
https://github.com/jenkinsci/jenkins/commit/dd80d5b6b78a110444123911dc04dc664630a81f
  Author: Kohsuke Kawaguchi <[email protected]>
  Date:   2013-02-12 (Tue, 12 Feb 2013)

  Changed paths:
    M core/src/main/java/hudson/slaves/SlaveComputer.java
    M core/src/main/java/jenkins/model/Jenkins.java
    M core/src/main/resources/hudson/slaves/JNLPLauncher/main.jelly
    M core/src/main/resources/hudson/slaves/SlaveComputer/slave-agent.jnlp.jelly
    M pom.xml
    M test/src/test/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java

  Log Message:
  -----------
  [SECURITY-54]

Jesse's original patch


  Commit: ef988d7104e4b8cffa802660dffc8df6e9da77ea
      
https://github.com/jenkinsci/jenkins/commit/ef988d7104e4b8cffa802660dffc8df6e9da77ea
  Author: Kohsuke Kawaguchi <[email protected]>
  Date:   2013-02-12 (Tue, 12 Feb 2013)

  Changed paths:
    M core/src/main/java/hudson/slaves/SlaveComputer.java

  Log Message:
  -----------
  Use the proper block cipher mode.

Or else the information about the plain text still ends up revealing as a 
pattern without the attacker knowing the key.


  Commit: b4b9c5c63ffe1a347354b748e4b97b88961216f7
      
https://github.com/jenkinsci/jenkins/commit/b4b9c5c63ffe1a347354b748e4b97b88961216f7
  Author: Kohsuke Kawaguchi <[email protected]>
  Date:   2013-02-12 (Tue, 12 Feb 2013)

  Changed paths:
    M core/src/main/java/hudson/slaves/SlaveComputer.java
    M core/src/main/resources/hudson/slaves/SlaveComputer/slave-agent.jnlp.jelly

  Log Message:
  -----------
  No need to hide SLAVE_SECRET from the encrypted payload.

jnlpMac is needed to decrypt this payload to begin with, so there's no point in 
hiding it. This simplifies the code a little bit.


Compare: 
https://github.com/jenkinsci/jenkins/compare/dd80d5b6b78a^...b4b9c5c63ffe

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to