Bug 970058 - bouncycastle-1.50 is available
bouncycastle-1.50 is available
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: bouncycastle (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Michal Srb
Fedora Extras Quality Assurance
: FutureFeature, Triaged
Depends On:
Blocks: 1022551
  Show dependency treegraph
 
Reported: 2013-06-03 07:57 EDT by Upstream Release Monitoring
Modified: 2014-02-26 03:31 EST (History)
7 users (show)

See Also:
Fixed In Version: bouncycastle-1.50-1.fc21
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-25 03:31:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
update to 1.49 (1.01 KB, application/xml)
2013-08-23 11:35 EDT, Dhiru Kholia
no flags Details
update to 1.49 (9.65 KB, text/x-rpm-spec)
2013-08-23 11:36 EDT, Dhiru Kholia
no flags Details

  None (edit)
Description Upstream Release Monitoring 2013-06-03 07:57:28 EDT
Latest upstream release: 1.49
Current version in Fedora Rawhide: 1.46
URL: http://www.bouncycastle.org/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 1 Dhiru Kholia 2013-08-23 11:35:33 EDT
Created attachment 789636 [details]
update to 1.49
Comment 2 Dhiru Kholia 2013-08-23 11:36:07 EDT
Created attachment 789637 [details]
update to 1.49
Comment 3 Dhiru Kholia 2013-08-23 11:36:59 EDT
I have attached an updated .spec file. Please review.
Comment 4 Fedora Admin XMLRPC Client 2013-09-25 09:43:36 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 5 Vít Ondruch 2013-10-22 09:49:15 EDT
Hi, what are the chances to get this into Fedora? I am working on JRuby 1.7.5 and it depends on BC 1.47+. Thanks.
Comment 6 Upstream Release Monitoring 2013-12-03 04:02:57 EST
Latest upstream release: 1.50
Current version/release in Fedora Rawhide: 1.46-11.fc21
URL: http://www.bouncycastle.org/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 7 Mattias Ellert 2014-01-24 17:47:37 EST
Since I had to build the updated bouncycastle in order to do the bouncycastle-pkix review, I have some comments on the proposed specfile. Some of these are similar to comments in the bouncycastle-pkix review but apply here too.

Why is there a BuildRequires on java-devel >= 1:1.7 and a Requires on java >= 1:1.7? Is not Java 1.5 sufficient?

Is the full java really necessary, or is java-headless sufficient?

Upstream binary jar: compiled Java class data, version 49.0 (Java 1.5)
Packaged binary jar: compiled Java class data, version 50.0 (Java 1.6)
So not the same build method as upstream.

non-US English spelling in description: organised → organized

unexpanded macros in post and postun: %update_maven_depmap
%update_maven_depmap is obsolete and must not be used according to current guidelines

What is the purpose of Requires(post) and Requires(postun): jpackage-utils >= 1.7? Are these for supporting the now obsolete %update_maven_depmap? Can they be removed?

The package installs a versioned jar file. Guidelines say jar files should be unversioned. 

There is no changelog entry for the new version.

bogus date in %changelog: Wed Nov 11 2008


PS. Which version will be in EPEL 7?
Comment 8 Mattias Ellert 2014-02-17 11:45:55 EST
Any chance of this being updated soon?

It would make a lot of sense to have an updated version in EPEL 7, and having a newer version in EPEL than in Fedora Rewhide would be really weird.

I am aware that updating bouncycastle is blocked by the bouncycastle-pkix review, since the different bouncycastle packages should be updated in parallel. But it seems to be stuck waiting for the submitter to address the comments. Is any of the other bouncycastle packagers interested to pick it up? It really would make sense if the same set of people were maintining all the bouncycastle* packages since they ar so tightly coupled.
Comment 9 Michal Srb 2014-02-25 03:31:19 EST
Latest bouncycastle is in Rawhide now. Closing.
Comment 10 Mattias Ellert 2014-02-25 05:20:30 EST
Thanks for this.

I have some comments on the new Fedora version.

A)

The spec says:
BuildRequires:    java-devel >= 1.7
Requires:         java-headless >= 1.7

This should be either:
BuildRequires:    java-devel
Requires:         java-headless

i.e. no versions, or:
BuildRequires:    java-devel >= 1:1.7
Requires:         java-headless >= 1:1.7

i.e. version and epoch. Version only is not correct.

B)

The Fedora version is compiled using -source 1.6 -target 1.6, while upstream's distributed binary jars are compiled using -source 1.5 -target 1.5. Was this deviation from upstream deliberate or just on oversight in the update from the 1.46 spec (1.46 upstream was compiled with -source 1.6 -target 1.6).

C)

Non American English spelling in package description: organised → organized.
Comment 11 Michal Srb 2014-02-26 03:31:37 EST
(In reply to Mattias Ellert from comment #10)
> Thanks for this.
> 
> I have some comments on the new Fedora version.

Hello Mattias

Thanks for your interest in bouncycastle package.

> 
> A)
> 
> The spec says:
> BuildRequires:    java-devel >= 1.7
> Requires:         java-headless >= 1.7
> 
> This should be either:
> BuildRequires:    java-devel
> Requires:         java-headless
> 
> i.e. no versions, or:
> BuildRequires:    java-devel >= 1:1.7
> Requires:         java-headless >= 1:1.7
> 
> i.e. version and epoch. Version only is not correct.

Good catch, I will fix it.

> 
> B)
> 
> The Fedora version is compiled using -source 1.6 -target 1.6, while
> upstream's distributed binary jars are compiled using -source 1.5 -target
> 1.5. Was this deviation from upstream deliberate or just on oversight in the
> update from the 1.46 spec (1.46 upstream was compiled with -source 1.6
> -target 1.6).

I have no idea why original packager decided to go with 1.6, but I don't consider it a real bug. We ship OpenJDK7 and this package is not intended to be used outside of Fedora. Nevertheless, we can build it with -target 1.5, I am fine with that.

> 
> C)
> 
> Non American English spelling in package description: organised → organized.

Will be fixed.

Thanks

Note You need to log in before you can comment on or make changes to this bug.