commcare-android icon indicating copy to clipboard operation
commcare-android copied to clipboard

Published 20 hours ago verified publisher icon dimagi

Please update Bouncy Castle

Open Neustradamus opened this issue 4 years ago • 2 comments

Please update Bouncy Castle

  • https://www.bouncycastle.org/
  • https://www.bouncycastle.org/releasenotes.html
  • http://www.bouncycastle.org/latest_releases.html
  • https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bouncy%20castle
  • https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bouncycastle
  • https://www.cvedetails.com/vulnerability-list/vendor_id-7637/Bouncycastle.html

Neustradamus avatar Jan 12 '21 07:01 Neustradamus

Seems like bcprov-jdk15on-1.68 contains class files that require java 15 and the build fails with

Execution failed for task ':app:compileCommcareDebugKotlin'.
> Could not resolve all artifacts for configuration ':app:commcareDebugCompileClasspath'.
   > Failed to transform bcprov-jdk15on-1.68.jar (org.bouncycastle:bcprov-jdk15on:1.68) to match attributes {artifactType=android-classes-jar, org.gradle.category=library, org.gradle.libraryelements=jar, org.gradle.status=release, org.gradle.usage=java-api}.
      > Execution failed for JetifyTransform: /Users/dsi-admin/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.68/46a080368d38b428d237a59458f9bc915222894d/bcprov-jdk15on-1.68.jar.
         > Failed to transform '/Users/dsi-admin/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.68/46a080368d38b428d237a59458f9bc915222894d/bcprov-jdk15on-1.68.jar' using Jetifier. Reason: IllegalArgumentException, message: Unsupported class file major version 59. (Run with --stacktrace for more details.)

I think it's because jetifier doesn't handle multi-release jars and I can turn it off using android.jetifier.blacklist=bcprov-jdk15on-1.68.jar but I'm not sure if that's a good way.

I read here that If you have issues with multi-release jars see the jdk15to18 release jars below so I'm gonna go ahead and use jdk15to18 instead of jdk15on.

ShivamPokhriyal avatar Mar 22 '21 09:03 ShivamPokhriyal

@ShivamPokhriyal: Good job, thanks for your update!

In the same time, can you update to 1.69?

Neustradamus avatar Jul 20 '21 06:07 Neustradamus

@shubham1g5, @ShivamPokhriyal: Can you update to latest BouncyCastle version?

Currently it is 1.78.1:

  • https://www.bouncycastle.org/download/bouncy-castle-java/

Linked to:

  • https://github.com/dimagi/commcare-android/issues/2218
  • https://github.com/dimagi/commcare-android/pull/2311
  • https://github.com/dimagi/commcare-android/pull/2343
  • https://github.com/dimagi/commcare-android/issues/2426
  • https://github.com/dimagi/commcare-android/pull/2454
  • https://github.com/dimagi/commcare-android/pull/2628

Neustradamus avatar May 30 '24 10:05 Neustradamus