Created attachment 178214 [details] Update to 1.56 Port changes: - upstream updated list of its MASTER_SITES (bouncycastle.gva.es is gone, downloads.bouncycastle.org changed to www.bouncycastle.org); - pkg-descr updated to reflect current features; - installation of zipped bundled sources made optional, enabled by default to match previous behavior. Some of new version changes: - a new API for DTLS/TLS and a JSSE provider suitable for Java 5 and later; - support for RFC 7539 ChaCha20 and Poly1305 has also been added and general support for SHA-3 in the PKIX APIs has been improved; - CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352. Full details of the release: https://www.bouncycastle.org/releasenotes.html
portlint complains: FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR} FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR} FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR} FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR} FATAL: Makefile: you should use ${JAVALIBDIR} in BUILD_DEPENDS/RUN_DEPENDS to define dependencies on JAR files installed in ${JAVAJARDIR} Should this be changed ?
(In reply to Kurt Jaeger from comment #1) This seems to be some kind of bug in portlint itself: it demands to use JAVALIBDIR in BUILD_DEPENDS/RUN_DEPENDS lines in spite of fact JAVALIBDIR is used there.
A commit references this bug: Author: pi Date: Tue Dec 27 16:37:39 UTC 2016 New revision: 429629 URL: https://svnweb.freebsd.org/changeset/ports/429629 Log: java/bouncycastle15: update 1.55 -> 1.56 port changes: - upstream updated list of its MASTER_SITES (bouncycastle.gva.es is gone, downloads.bouncycastle.org changed to www.bouncycastle.org); - pkg-descr updated to reflect current features; - installation of zipped bundled sources made optional, enabled by default to match previous behavior. Some of new version changes: - a new API for DTLS/TLS and a JSSE provider suitable for Java 5 and later; - support for RFC 7539 ChaCha20 and Poly1305 has also been added and general support for SHA-3 in the PKIX APIs has been improved; Full details of the release: PR: 215507 Changes: https://www.bouncycastle.org/releasenotes.html Security: CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352 Submitted by: Eugene Grosbein <ports@grosbein.net> (maintainer) Changes: head/java/bouncycastle15/Makefile head/java/bouncycastle15/distinfo head/java/bouncycastle15/pkg-descr head/java/bouncycastle15/pkg-plist
Committed, thanks! Skipping MFH, as quarterly is about to happen. TODO: vuxml entry
My PR.
A commit references this bug: Author: eugen Date: Sat Mar 11 23:24:15 UTC 2017 New revision: 435970 URL: https://svnweb.freebsd.org/changeset/ports/435970 Log: Document several security defects in the Bouncy Castle Crypto APIs PR: 215507 Approved by: vsevolod (mentor) Obtained from: https://www.bouncycastle.org/releasenotes.html Security: https://vuxml.FreeBSD.org/freebsd/89cf8cd2-0698-11e7-aa3f-001b216d295b Changes: head/security/vuxml/vuln.xml