Bug 782849 - RFE: please provide version 1.46 on EPEL5
Summary: RFE: please provide version 1.46 on EPEL5
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: bouncycastle
Version: el5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Steve Traylen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-18 16:49 UTC by CristinaA
Modified: 2012-02-12 11:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-12 11:37:19 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description CristinaA 2012-01-18 16:49:06 UTC 
Hi,

bouncycastle 1.46 is now available.
It is present in EPEL 6, but some of our java-based software needs this newer version for EPEL 5.
Would it be possible to have this version also for EPEL5?

Thank you very much,
Cristina
Comment 1 Fedora Update System 2012-01-23 22:40:58 UTC 
bouncycastle-1.46-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/bouncycastle-1.46-1.el5
Comment 2 Fedora Update System 2012-01-24 17:39:59 UTC 
Package bouncycastle-1.46-1.el5:
* should fix your issue,
* was pushed to the Fedora EPEL 5 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing bouncycastle-1.46-1.el5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0221/bouncycastle-1.46-1.el5
then log in and leave karma (feedback).
Comment 3 CristinaA 2012-02-03 12:24:57 UTC 
From one of the interested people:

I've tested a little bit

1) installs on SL5 and updates 1.45 correctly.
2) compilation and all canl tests run fine using the library.
3) observation: the jar from this library is unsigned (as the SL6 version). This was discussed lengthy on EMT (start on 25.03.2011), when talking about 1.45 version. I've briefly read the thread now and I can say that I think nobody was fully right (at least regarding the main thread topic). With the current 1.6 JDKs signing the provider is optional (it was not before, e.g. in JDK 1.4, what Bernd thought is still true). However for unsigned providers some of the features won't work, the list is here:
http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
And this is not true that Fedora maintainers can not sign when rebuilding BC from source: they can, it is described in the above document how to obtain a signing certificate.
Anyway this point is probably not our business, as it seems that even indirectly we don't use restricted APIs. However I can't guarantee this for sure. E.g. it may happen that I use indirectly a restricted API, but for the algorithms which are tested the standard JDK provider is chosen, while for one or two not implemented in the JDK provider BC provider would be chosen.

Bottom line: I would ack the package.

Cheers
Krzysztof
Comment 4 Steve Traylen 2012-02-08 08:23:24 UTC 
Fails for me:

Upon upgrade requests to my tomcat services (probably trustmanager) just hang.

Will close won't fix shortly.

Steve.
Comment 5 Joni Hahkala 2012-02-12 11:33:45 UTC 
It was a weird problem. When definitions that were deprecated in X509Extensions were used, the threads just hung. They didn't proceed or throw exceptions. Replacing the references to the deprecated definitions with the string values made things work fine. To me it seems to point to bug in java or maybe there was something else thrown that tomcat swallowed. I couldn't use the new definitions from bc 1.46 as they were not present in bc 1.45. Ubuntu/debian seem to still use 1.44 etc, so just supporting 1.46+ isn't a good option.
Note You need to log in before you can comment on or make changes to this bug.