This release fixes CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS
when RSA key exchange is negotiated. This potentially affected BCJSSE servers
and any other TLS servers configured to use JCE for the underlying crypto -
note the two TLS implementations using the BC lightweight APIs
are not affected by this.
Some of additional fixes, features and functionality:
* GOST3410-94 private keys encoded using ASN.1 INTEGER are now accepted
in private key info objects; GOST3412-2015 has been added
to the JCE provider and the lightweight API.
* SCRYPT is now supported as a SecretKeyFactory in the provider and
in the PKCS8 APIs.
* The BCJSSE provider now supports Server Name Indication,
session resumption in clients, the jdk.tls.namedGroups and
org.bouncycastle.jsse.ec.disableChar2 system properties.
* ECGOST-2012 public keys were being encoded with the wrong OID
for the digest parameter in the algorithm parameter set. This has been fixed.
* The BCJSSE SSLEngine implementation now correctly wraps/unwraps
application data only in whole records.
Further details on other additions and bug fixes can be found in the
release notes at:
https://www.bouncycastle.org/releasenotes.html
Security: CVE-2017-13098
2017-11-30 www/p5-Yahoo-Lifestyle: This service has been shut down
2017-11-30 games/linux-rtcw: Use the native and open source games/iortcw instead
2017-11-30 java/bootstrap-openjdk: superseded by java/bootstrap-openjdk[68]
2017-11-30 lang/gcc46: Unsupported by upstream. Use GCC 6 or newer instead.
Excerpted from the original submission:
"FreeBSD on several architectures automatically utilizes superpages. So,
for the JVM's JIT-compiled code cache and data heap, much of those regions
are already using superpages. However, the -XX:+UseLargePages option still
serves a useful, if secondary, purpose on FreeBSD. Essentially, it informs
the JVM's platform-independent layer what the supported page sizes are. So,
when memory is mmap(2)ed and munmap(2)ed within the code cache and data
heap, the addresses and sizes will be superpage-aligned and a multiple of
the superpage size, respectively. Currently, without this patch, the code
cache, for example, typically starts at an unaligned address, so the initial
portion of the code cache can never be a superpage. Similarly, unaligned
munmap(2)s on the data heap force the kernel to demote superpages to 4KB
pages, and this patch eliminates those demotions.
This patch both introduces the code needed on FreeBSD to implement
-XX:+UseLargePages and deletes code that was copied from Linux that is, to
the best of my knowledge, useless on any version of BSD, i.e., UseHugeTLBFS
and UseSHM. The additions are in part based on the Solaris version of
os_solaris.cpp, e.g., the sorting of the page sizes array."
Note I did minor style cleanup and regenerated the patches.
Submitted by: alc
armv7, mark them so.
This is part two of a multipart commit to bring armv7 ports to parity
with armv6.
Approved by: portmgr (tier-2 blanket)
Obtained from: lonesome.com -exp run
The utility to send commands to remote JVM via Dynamic Attach mechanism.
All-in-one jmap + jstack + jcmd + jinfo functionality in a single tiny program.
No installed JDK required, works with just JRE.
This is the lightweight native version of HotSpot Attach API
https://docs.oracle.com/javase/8/docs/jdk/api/attach/spec/
WWW: https://github.com/apangin/jattach
PR: 222660
Submitted by: Michael Zhilin <mizhka@gmail.com>
While I'm here, fix whitespace, and add APP_SHORTNAME to the console
output to make it clear who is doing what.
PR: 220513
Submitted by: soumar@linux.fjfi.cvut.cz
Approved by: maintainer timeout
. Fix ONLY_FOR_ARCHS to not include i386 [1]
. Rework versioning now the update format has been revealed
PR: 222540 [1]
Submitted by: Michael Osipov [1]
. Fix ONLY_FOR_ARCHS to not include i386 [1]
. Rework versioning now the update format has been revealed
. Add missing symlink to the packing list
PR: 222540 [1]
Submitted by: Michael Osipov [1]
