svn commit: r457500 - head/java/bouncycastle15
Eugene Grosbein
eugen at FreeBSD.org
Fri Dec 29 09:21:13 UTC 2017
Author: eugen
Date: Fri Dec 29 09:21:11 2017
New Revision: 457500
URL: https://svnweb.freebsd.org/changeset/ports/457500
Log:
bouncycastle15: update to version 1.59
This release fixes CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS
when RSA key exchange is negotiated. This potentially affected BCJSSE servers
and any other TLS servers configured to use JCE for the underlying crypto -
note the two TLS implementations using the BC lightweight APIs
are not affected by this.
Some of additional fixes, features and functionality:
* GOST3410-94 private keys encoded using ASN.1 INTEGER are now accepted
in private key info objects; GOST3412-2015 has been added
to the JCE provider and the lightweight API.
* SCRYPT is now supported as a SecretKeyFactory in the provider and
in the PKCS8 APIs.
* The BCJSSE provider now supports Server Name Indication,
session resumption in clients, the jdk.tls.namedGroups and
org.bouncycastle.jsse.ec.disableChar2 system properties.
* ECGOST-2012 public keys were being encoded with the wrong OID
for the digest parameter in the algorithm parameter set. This has been fixed.
* The BCJSSE SSLEngine implementation now correctly wraps/unwraps
application data only in whole records.
Further details on other additions and bug fixes can be found in the
release notes at:
https://www.bouncycastle.org/releasenotes.html
Security: CVE-2017-13098
Modified:
head/java/bouncycastle15/Makefile
head/java/bouncycastle15/distinfo
Modified: head/java/bouncycastle15/Makefile
==============================================================================
--- head/java/bouncycastle15/Makefile Fri Dec 29 09:01:54 2017 (r457499)
+++ head/java/bouncycastle15/Makefile Fri Dec 29 09:21:11 2017 (r457500)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= bouncycastle
-PORTVERSION= 1.58
+PORTVERSION= 1.59
CATEGORIES= java security
MASTER_SITES= http://www.bouncycastle.org/download/ \
http://polydistortion.net/bc/download/
@@ -48,7 +48,6 @@ PORTDOCS= *
.include <bsd.port.options.mk>
# PR 220612: remove fork="true" in javac and fork="yes" in junit tasks
-# NB: as of adding armv7, the patchname is kind of obsolete.
.if ${ARCH} == armv6 || ${ARCH} == armv7
EXTRA_PATCHES+= ${FILESDIR}/armv6-patch-bc+-build.xml
.endif
Modified: head/java/bouncycastle15/distinfo
==============================================================================
--- head/java/bouncycastle15/distinfo Fri Dec 29 09:01:54 2017 (r457499)
+++ head/java/bouncycastle15/distinfo Fri Dec 29 09:21:11 2017 (r457500)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1503401517
-SHA256 (crypto-158.tar.gz) = 175b342d853706107f54780052e224595453743e2a4b6aa0a0fcf02d5e24d01d
-SIZE (crypto-158.tar.gz) = 123588158
+TIMESTAMP = 1514536470
+SHA256 (crypto-159.tar.gz) = 03c08bc60acdcc035275adccd185bc3683e8b1266aa3400bfb8a526e622aa2d6
+SIZE (crypto-159.tar.gz) = 126095735
More information about the svn-ports-all
mailing list