Bug 215507 - [MAINTAINER] java/bouncycastle15: Update to 1.56
Summary: [MAINTAINER] java/bouncycastle15: Update to 1.56
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Eugene Grosbein
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-23 08:10 UTC by Eugene Grosbein
Modified: 2017-03-11 23:31 UTC (History)
2 users (show)

See Also:


Attachments
Update to 1.56 (4.44 KB, patch)
2016-12-23 08:10 UTC, Eugene Grosbein
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein 2016-12-23 08:10:17 UTC
Created attachment 178214 [details]
Update to 1.56

Port changes:

- upstream updated list of its MASTER_SITES (bouncycastle.gva.es is gone, downloads.bouncycastle.org changed to www.bouncycastle.org);
- pkg-descr updated to reflect current features;
- installation of zipped bundled sources made optional, enabled by default to match previous behavior.

Some of new version changes:

- a new API for DTLS/TLS and a JSSE provider suitable for Java 5 and later;
- support for RFC 7539 ChaCha20 and Poly1305 has also been added and general support for SHA-3 in the PKIX APIs has been improved;
- CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352.

Full details of the release: https://www.bouncycastle.org/releasenotes.html
Comment 1 Kurt Jaeger freebsd_committer freebsd_triage 2016-12-26 08:51:12 UTC
portlint complains:

FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR}
FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR}
FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR}
FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR}
FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR}

Should this be changed ?
Comment 2 Eugene Grosbein 2016-12-26 09:31:31 UTC
(In reply to Kurt Jaeger from comment #1)

This seems to be some kind of bug in portlint itself: it demands to use JAVALIBDIR in BUILD_DEPENDS/RUN_DEPENDS lines in spite of fact JAVALIBDIR is used there.
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-12-27 16:38:19 UTC
A commit references this bug:

Author: pi
Date: Tue Dec 27 16:37:39 UTC 2016
New revision: 429629
URL: https://svnweb.freebsd.org/changeset/ports/429629

Log:
  java/bouncycastle15: update 1.55 -> 1.56

  port changes:
  - upstream updated list of its MASTER_SITES (bouncycastle.gva.es
    is gone, downloads.bouncycastle.org changed to www.bouncycastle.org);
  - pkg-descr updated to reflect current features;
  - installation of zipped bundled sources made optional, enabled by
    default to match previous behavior.

  Some of new version changes:
  - a new API for DTLS/TLS and a JSSE provider suitable for Java 5 and later;
  - support for RFC 7539 ChaCha20 and Poly1305 has also been added
    and general support for SHA-3 in the PKIX APIs has been improved;

  Full details of the release:

  PR:		215507
  Changes:	https://www.bouncycastle.org/releasenotes.html
  Security:       CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
  		CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343,
  		CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346,
  		CVE-2016-1000352
  Submitted by:	Eugene Grosbein <ports@grosbein.net> (maintainer)

Changes:
  head/java/bouncycastle15/Makefile
  head/java/bouncycastle15/distinfo
  head/java/bouncycastle15/pkg-descr
  head/java/bouncycastle15/pkg-plist
Comment 4 Kurt Jaeger freebsd_committer freebsd_triage 2016-12-27 16:39:08 UTC
Committed, thanks! Skipping MFH, as quarterly is about to happen.

TODO: vuxml entry
Comment 5 Eugene Grosbein freebsd_committer freebsd_triage 2017-03-11 19:17:18 UTC
My PR.
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-03-11 23:24:57 UTC
A commit references this bug:

Author: eugen
Date: Sat Mar 11 23:24:15 UTC 2017
New revision: 435970
URL: https://svnweb.freebsd.org/changeset/ports/435970

Log:
  Document several security defects in the Bouncy Castle Crypto APIs

  PR:		215507
  Approved by:    vsevolod (mentor)
  Obtained from:  https://www.bouncycastle.org/releasenotes.html
  Security:       https://vuxml.FreeBSD.org/freebsd/89cf8cd2-0698-11e7-aa3f-001b216d295b

Changes:
  head/security/vuxml/vuln.xml