diff --git a/CVE-2019-17359.patch b/CVE-2019-17359.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8af990c5f34ca860c550378b930bee8ce7e7b6c9
--- /dev/null
+++ b/CVE-2019-17359.patch
@@ -0,0 +1,119 @@
+diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
+--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java 2019-12-25 16:41:28.246642457 +0800
++++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java 2019-12-25 16:42:45.727085573 +0800
+@@ -139,7 +139,7 @@
+ {
+ boolean isConstructed = (tag & CONSTRUCTED) != 0;
+
+- DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(this, length);
++ DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(this, length, limit);
+
+ if ((tag & APPLICATION) != 0)
+ {
+diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
+--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java 2019-12-25 16:41:28.246642457 +0800
++++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java 2019-12-25 16:43:14.097247799 +0800
+@@ -168,7 +168,7 @@
+ }
+ else
+ {
+- DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length);
++ DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length, _limit);
+
+ if ((tag & BERTags.APPLICATION) != 0)
+ {
+diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
+--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java 2019-12-25 16:41:28.246642457 +0800
++++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java 2019-12-25 16:45:17.287952074 +0800
+@@ -19,9 +19,10 @@
+
+ DefiniteLengthInputStream(
+ InputStream in,
+- int length)
++ int length,
++ int limit)
+ {
+- super(in, length);
++ super(in, limit, length);
+
+ if (length < 0)
+ {
+@@ -97,6 +98,12 @@
+ return EMPTY_BYTES;
+ }
+
++ //make sure it's safe to do this!
++ if (_remaining >= this.getLimit())
++ {
++ throw new IOException("corrupted stream - out of bounds length found: " + _remaining + " >= " + this.getLimit());
++ }
++
+ byte[] bytes = new byte[_remaining];
+ if ((_remaining -= Streams.readFully(_in, bytes)) != 0)
+ {
+diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
+--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java 2019-12-25 16:41:28.246642457 +0800
++++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java 2019-12-25 16:45:50.298140750 +0800
+@@ -17,7 +17,7 @@
+ int limit)
+ throws IOException
+ {
+- super(in, limit);
++ super(in, limit, limit);
+
+ _b1 = in.read();
+ _b2 = in.read();
+diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
+--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java 2019-12-25 16:41:28.256642514 +0800
++++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java 2019-12-25 16:47:41.218774610 +0800
+@@ -10,19 +10,27 @@
+ {
+ protected final InputStream _in;
+ private int _limit;
++ private int _length;
+
+ LimitedInputStream(
+ InputStream in,
+- int limit)
++ int limit,
++ int length)
+ {
+ this._in = in;
+ this._limit = limit;
++ this._length = length;
++ }
++
++ int getLimit()
++ {
++ return _limit;
+ }
+
+ int getRemaining()
+ {
+ // TODO: maybe one day this can become more accurate
+- return _limit;
++ return _length;
+ }
+
+ protected void setParentEofDetect(boolean on)
+diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java
+--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java 2019-12-25 16:41:28.256642514 +0800
++++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java 2019-12-25 16:48:49.509164763 +0800
+@@ -11,7 +11,7 @@
+ private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory();
+
+ /**
+- * Find out possible longest length...
++ * Find out possible longest length, capped by available memory.
+ *
+ * @param in input stream of interest
+ * @return length calculation or MAX_VALUE.
+@@ -20,7 +20,7 @@
+ {
+ if (in instanceof LimitedInputStream)
+ {
+- return ((LimitedInputStream)in).getRemaining();
++ return ((LimitedInputStream)in).getLimit();
+ }
+ else if (in instanceof ASN1InputStream)
+ {
diff --git a/bcmail-jdk15on-1.61.pom b/bcmail-jdk15on-1.61.pom
new file mode 100644
index 0000000000000000000000000000000000000000..e720603e91e173e5d58dd9b1a715bd810f86cfa0
--- /dev/null
+++ b/bcmail-jdk15on-1.61.pom
@@ -0,0 +1,46 @@
+
+
+ 4.0.0
+ org.bouncycastle
+ bcmail-jdk15on
+ jar
+ Bouncy Castle S/MIME API
+ 1.61
+ The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.
+ http://www.bouncycastle.org/java.html
+
+
+ Bouncy Castle Licence
+ http://www.bouncycastle.org/licence.html
+ repo
+
+
+
+ https://github.com/bcgit/bc-java
+
+
+ GitHub
+ https://github.com/bcgit/bc-java/issues
+
+
+
+ feedback-crypto
+ The Legion of the Bouncy Castle Inc.
+ feedback-crypto@bouncycastle.org
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ 1.61
+ jar
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+ 1.61
+ jar
+
+
+
diff --git a/bcpg-jdk15on-1.61.pom b/bcpg-jdk15on-1.61.pom
new file mode 100644
index 0000000000000000000000000000000000000000..e5b414dabbcd4a0240bcc2083c99d635552eb53c
--- /dev/null
+++ b/bcpg-jdk15on-1.61.pom
@@ -0,0 +1,45 @@
+
+
+ 4.0.0
+ org.bouncycastle
+ bcpg-jdk15on
+ jar
+ Bouncy Castle OpenPGP API
+ 1.61
+ The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
+ http://www.bouncycastle.org/java.html
+
+
+ Bouncy Castle Licence
+ http://www.bouncycastle.org/licence.html
+ repo
+
+
+ Apache Software License, Version 1.1
+ http://www.apache.org/licenses/LICENSE-1.1
+ repo
+
+
+
+ https://github.com/bcgit/bc-java
+
+
+ GitHub
+ https://github.com/bcgit/bc-java/issues
+
+
+
+ feedback-crypto
+ The Legion of the Bouncy Castle Inc.
+ feedback-crypto@bouncycastle.org
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ 1.61
+ jar
+
+
+
diff --git a/bcpkix-jdk15on-1.61.pom b/bcpkix-jdk15on-1.61.pom
new file mode 100644
index 0000000000000000000000000000000000000000..5497b8723a53bcc127f7df2b4e81c732b10f4729
--- /dev/null
+++ b/bcpkix-jdk15on-1.61.pom
@@ -0,0 +1,40 @@
+
+
+ 4.0.0
+ org.bouncycastle
+ bcpkix-jdk15on
+ jar
+ Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs
+ 1.61
+ The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
+ http://www.bouncycastle.org/java.html
+
+
+ Bouncy Castle Licence
+ http://www.bouncycastle.org/licence.html
+ repo
+
+
+
+ https://github.com/bcgit/bc-java
+
+
+ GitHub
+ https://github.com/bcgit/bc-java/issues
+
+
+
+ feedback-crypto
+ The Legion of the Bouncy Castle Inc.
+ feedback-crypto@bouncycastle.org
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ 1.61
+ jar
+
+
+
diff --git a/bcprov-jdk15on-1.61.pom b/bcprov-jdk15on-1.61.pom
new file mode 100644
index 0000000000000000000000000000000000000000..04fe3fa6736cf375a4fa02f54905839151e376f3
--- /dev/null
+++ b/bcprov-jdk15on-1.61.pom
@@ -0,0 +1,32 @@
+
+
+ 4.0.0
+ org.bouncycastle
+ bcprov-jdk15on
+ jar
+ Bouncy Castle Provider
+ 1.61
+ The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
+ http://www.bouncycastle.org/java.html
+
+
+ Bouncy Castle Licence
+ http://www.bouncycastle.org/licence.html
+ repo
+
+
+
+ https://github.com/bcgit/bc-java
+
+
+ GitHub
+ https://github.com/bcgit/bc-java/issues
+
+
+
+ feedback-crypto
+ The Legion of the Bouncy Castle Inc.
+ feedback-crypto@bouncycastle.org
+
+
+
diff --git a/bctls-jdk15on-1.61.pom b/bctls-jdk15on-1.61.pom
new file mode 100644
index 0000000000000000000000000000000000000000..d5634cb1dadd7e6c1e14192b65915999b4d63bd8
--- /dev/null
+++ b/bctls-jdk15on-1.61.pom
@@ -0,0 +1,40 @@
+
+
+ 4.0.0
+ org.bouncycastle
+ bctls-jdk15on
+ jar
+ Bouncy Castle JSSE provider and TLS/DTLS API
+ 1.61
+ The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.
+ http://www.bouncycastle.org/java.html
+
+
+ Bouncy Castle Licence
+ http://www.bouncycastle.org/licence.html
+ repo
+
+
+
+ https://github.com/bcgit/bc-java
+
+
+ GitHub
+ https://github.com/bcgit/bc-java/issues
+
+
+
+ feedback-crypto
+ The Legion of the Bouncy Castle Inc.
+ feedback-crypto@bouncycastle.org
+
+
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ 1.61
+ jar
+
+
+
diff --git a/bouncycastle.spec b/bouncycastle.spec
new file mode 100644
index 0000000000000000000000000000000000000000..48086a99835789b36cdfe113ecfb8e3c5fb65cb0
--- /dev/null
+++ b/bouncycastle.spec
@@ -0,0 +1,160 @@
+%define tag r1rv61
+%define class_name org.bouncycastle.jce.provider.BouncyCastleProvider
+%define jdk_dir build/artifacts/jdk1.5
+%define java_sec_dir %{_sysconfdir}/java/security/security.d
+%define suffix_name security/classpath.security
+
+Name: bouncycastle
+Version: 1.61
+Release: 4
+Summary: A Java implementation of cryptographic algorithms
+License: MIT
+URL: http://www.bouncycastle.org
+Source0: https://github.com/bcgit/bc-java/archive/%{tag}.tar.gz
+Source1: http://repo1.maven.org/maven2/org/bouncycastle/bcmail-jdk15on/%{version}/bcmail-jdk15on-%{version}.pom
+Source2: http://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/%{version}/bcpg-jdk15on-%{version}.pom
+Source3: http://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/%{version}/bcpkix-jdk15on-%{version}.pom
+Source4: http://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/%{version}/bcprov-jdk15on-%{version}.pom
+Source5: http://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk15on/%{version}/bctls-jdk15on-%{version}.pom
+Patch6000: CVE-2019-17359.patch
+
+BuildRequires: ant ant-junit aqute-bnd javamail javapackages-local
+Requires(post): javapackages-tools
+Requires(postun): javapackages-tools
+
+BuildArch: noarch
+
+Provides: bcprov = %{version}-%{release}
+Provides: %{name}-pkix
+Provides: %{name}-pg
+Provides: %{name}-mail
+Provides: %{name}-tls
+Provides: %{name}-javadoc
+Provides: %{name}-pkix-javadoc = %{version}-%{release}
+Provides: %{name}-pg-javadoc = %{version}-%{release}
+Provides: %{name}-mail-javadoc = %{version}-%{release}
+Obsoletes: %{name}-pkix
+Obsoletes: %{name}-pg
+Obsoletes: %{name}-mail
+Obsoletes: %{name}-tls
+Obsoletes: %{name}-javadoc
+Obsoletes: %{name}-pkix-javadoc < %{version}-%{release}
+Obsoletes: %{name}-pg-javadoc < %{version}-%{release}
+Obsoletes: %{name}-mail-javadoc < %{version}-%{release}
+
+%description
+The package is organised so that it contains a light-weight API suitable for
+use in any environment (including the newly released J2ME) with the additional
+infrastructure to conform the algorithms to the JCE framework.
+
+
+%prep
+%autosetup -n bc-java-%{tag} -p1
+
+find . -type f -name "*.class" -delete
+find . -type f -name "*.jar" -delete
+
+sed -i -e '/ bnd.bnd <> "$secfile"
+ done
+ done
+} || :
+
+%postun
+if [ "$1" -eq 0 ] ; then
+
+ {
+ suffix=%{suffix_name}
+ class_secfiles="/usr/lib/$suffix /usr/lib64/$suffix"
+
+ for secfile in $class_secfiles
+ do
+ [ -f "$secfile" ] || continue
+
+ sed -i '/^security\.provider\./d' "$secfile"
+
+ num=0
+ for provider in $(ls %{java_sec_dir})
+ do
+ num=$((num + 1))
+ echo "security.provider.${num}=${provider#*-}" >> "$secfile"
+ done
+ done
+ } || :
+
+fi
+
+%files
+%doc docs/ core/docs/ *.html
+%doc %{_javadocdir}/%{name}
+%license %{jdk_dir}/bcprov-jdk15on-*/LICENSE.html
+%{_datadir}/maven-metadata/*
+%{_javadir}/*
+%{_mavenpomdir}/*
+%{java_sec_dir}/2000-%{class_name}
+
+%changelog
+* Wed Feb 12 2020 Shuaishuai Song - 1.61-4
+- remove script
+
+* Thu Dec 26 2019 zhujunhao - 1.61-3
+- Type:cves
+- ID:CVE-2019-17359
+- SUG:restart
+- DESC:fix CVE-2019-17359
+
+* Tue Dec 10 2019 huyan - 1.61-2
+- Package Initialization
diff --git a/r1rv61.tar.gz b/r1rv61.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..289564a0c0720ef31be7f1b52bd11b575a56717a
Binary files /dev/null and b/r1rv61.tar.gz differ