This is an automated email from the ASF dual-hosted git repository. duncangrant pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-dist.git
The following commit(s) were added to refs/heads/master by this push: new 779ceaa Bump BouncyCastle version new 32aa85d Merge pull request #160 from aledsage/bump-bouncycastle 779ceaa is described below commit 779ceaa5c548192bbea678f7f61e1ad91901c82f Author: Aled Sage <aled.s...@gmail.com> AuthorDate: Mon Apr 20 13:24:04 2020 +0100 Bump BouncyCastle version Overrides jclouds BouncyCastle version. --- .../resources/etc/org.apache.karaf.features.xml | 62 ++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/karaf/apache-brooklyn/src/main/resources/etc/org.apache.karaf.features.xml b/karaf/apache-brooklyn/src/main/resources/etc/org.apache.karaf.features.xml new file mode 100644 index 0000000..7234cb2 --- /dev/null +++ b/karaf/apache-brooklyn/src/main/resources/etc/org.apache.karaf.features.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<featuresProcessing xmlns="http://karaf.apache.org/xmlns/features-processing/v1.0.0"> + + <!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + + <!-- + File copied from standard Brooklyn 1.0.0, which uses Karaf 4.2.7. + Original file contained the blacklistedRepositories section. + All modifications are commented. + --> + + + <blacklistedRepositories> + <repository>mvn:org.apache.karaf.features/framework/4.3.0-SNAPSHOT/xml/features</repository> + <repository>mvn:org.apache.karaf.features/standard/4.3.0-SNAPSHOT/xml/features</repository> + <repository>mvn:org.apache.karaf.features/enterprise/4.3.0-SNAPSHOT/xml/features</repository> + <repository>mvn:org.apache.karaf.features/enterprise-legacy/4.3.0-SNAPSHOT/xml/features</repository> + <repository>mvn:org.apache.karaf.features/spring/4.3.0-SNAPSHOT/xml/features</repository> + <repository>mvn:org.apache.karaf.features/spring-legacy/4.3.0-SNAPSHOT/xml/features</repository> + </blacklistedRepositories> + + + <!-- + Upgrades BouncyCastle (to fix vulnerabilities), and related dependencies. + The old versions are referenced by jclouds. + + For more info on the override mechanism used here, see: + - https://issues.apache.org/jira/browse/KARAF-5376?focusedCommentId=16431939&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16431939 + - https://github.com/apache/karaf/blob/master/features/core/src/test/resources/org/apache/karaf/features/internal/service/org.apache.karaf.features.xml + - https://stackoverflow.com/a/53589206 + --> + <bundleReplacements> + <bundle originalUri="mvn:net.i2p.crypto/eddsa/0.1.0" + replacement="mvn:net.i2p.crypto/eddsa/0.2.0" /> + <bundle originalUri="mvn:com.hierynomus/sshj/0.20.0" + replacement="mvn:com.hierynomus/sshj/0.22.0" /> + <bundle originalUri="mvn:org.bouncycastle/bcprov-ext-jdk15on/1.51" + replacement="mvn:org.bouncycastle/bcprov-ext-jdk15on/1.61" /> + <bundle originalUri="mvn:org.bouncycastle/bcpkix-jdk15on/1.51" + replacement="mvn:org.bouncycastle/bcpkix-jdk15on/1.61" /> + <bundle originalUri="mvn:net.i2p.crypto/eddsa/0.1.0" + replacement="mvn:net.i2p.crypto/eddsa/0.2.0" /> + </bundleReplacements> + +</featuresProcessing>