freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bouncycastle15: update to version 1.59

Browse Source 
This release fixes CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS
when RSA key exchange is negotiated. This potentially affected BCJSSE servers
and any other TLS servers configured to use JCE for the underlying crypto -
note the two TLS implementations using the BC lightweight APIs
are not affected by this.

Some of additional fixes, features and functionality:

* GOST3410-94 private keys encoded using ASN.1 INTEGER are now accepted
  in private key info objects; GOST3412-2015 has been added
  to the JCE provider and the lightweight API.
* SCRYPT is now supported as a SecretKeyFactory in the provider and
  in the PKCS8 APIs.
* The BCJSSE provider now supports Server Name Indication,
  session resumption in clients, the jdk.tls.namedGroups and
  org.bouncycastle.jsse.ec.disableChar2 system properties.
* ECGOST-2012 public keys were being encoded with the wrong OID
  for the digest parameter in the algorithm parameter set. This has been fixed.
* The BCJSSE SSLEngine implementation now correctly wraps/unwraps
  application data only in whole records.

Further details on other additions and bug fixes can be found in the
release notes at:

https://www.bouncycastle.org/releasenotes.html

Security:	CVE-2017-13098
This commit is contained in:
Eugene Grosbein
2017-12-29 09:21:11 +00:00
parent 377901b804
commit efadb98a29
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/bouncycastle15/Makefile
View File

@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= bouncycastle
PORTVERSION= 1.58
PORTVERSION= 1.59
CATEGORIES= java security
MASTER_SITES= http://www.bouncycastle.org/download/ \
http://polydistortion.net/bc/download/
@@ -48,7 +48,6 @@ PORTDOCS= *
.include <bsd.port.options.mk>
# PR 220612: remove fork="true" in javac and fork="yes" in junit tasks
# NB: as of adding armv7, the patchname is kind of obsolete.
.if ${ARCH} == armv6 || ${ARCH} == armv7
EXTRA_PATCHES+= ${FILESDIR}/armv6-patch-bc+-build.xml
.endif

6
java/bouncycastle15/distinfo
View File

@@ -1,3 +1,3 @@
TIMESTAMP = 1503401517
SHA256 (crypto-158.tar.gz) = 175b342d853706107f54780052e224595453743e2a4b6aa0a0fcf02d5e24d01d
SIZE (crypto-158.tar.gz) = 123588158
TIMESTAMP = 1514536470
SHA256 (crypto-159.tar.gz) = 03c08bc60acdcc035275adccd185bc3683e8b1266aa3400bfb8a526e622aa2d6
SIZE (crypto-159.tar.gz) = 126095735