Sync from SUSE:SLFO:Main bouncycastle revision fe74e90d9b8e38546fd1f264a38d6748

bcjmail-jdk18on-1.78.1.pom

@@ -5,7 +5,7 @@
   <artifactId>bcjmail-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle Jakarta S/MIME API</name>
-  <version>1.77</version>
+  <version>1.78.1</version>
   <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,19 +33,19 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcmail-jdk18on-1.78.1.pom

@@ -5,7 +5,7 @@
   <artifactId>bcmail-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle S/MIME API</name>
-  <version>1.77</version>
+  <version>1.78.1</version>
   <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,19 +33,19 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcpg-jdk18on-1.78.1.pom

@@ -5,7 +5,7 @@
   <artifactId>bcpg-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle OpenPGP API</name>
-  <version>1.77</version>
+  <version>1.78.1</version>
   <description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -38,7 +38,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
+      <type>jar</type>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcutil-jdk18on</artifactId>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcpkix-jdk18on-1.78.1.pom

@@ -5,7 +5,7 @@
   <artifactId>bcpkix-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name>
-  <version>1.77</version>
+  <version>1.78.1</version>
   <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,13 +33,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcprov-jdk18on-1.78.1.pom

@@ -5,7 +5,7 @@
   <artifactId>bcprov-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle Provider</name>
-  <version>1.77</version>
+  <version>1.78.1</version>
   <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>

bctls-jdk18on-1.78.1.pom

@@ -5,7 +5,7 @@
   <artifactId>bctls-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle JSSE provider and TLS/DTLS API</name>
-  <version>1.77</version>
+  <version>1.78.1</version>
   <description>The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,13 +33,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcutil-jdk18on-1.78.1.pom

@@ -5,7 +5,7 @@
   <artifactId>bcutil-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle ASN.1 Extension and Utility APIs</name>
-  <version>1.77</version>
+  <version>1.78.1</version>
   <description>The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,7 +33,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.77</version>
+      <version>1.78.1</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bouncycastle-notests.patch

@@ -1,7 +1,7 @@
-Index: bc-java-r1rv76/ant/bc+-build.xml
+Index: bc-java-r1rv78/ant/bc+-build.xml
 ===================================================================
---- bc-java-r1rv76.orig/ant/bc+-build.xml
-+++ bc-java-r1rv76/ant/bc+-build.xml
+--- bc-java-r1rv78.orig/ant/bc+-build.xml
++++ bc-java-r1rv78/ant/bc+-build.xml
 @@ -280,7 +280,7 @@
  
      </target>
@@ -11,7 +11,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
  
      <target name="build-lw" depends="initMacros">
          <!--
-@@ -935,146 +935,6 @@
+@@ -935,149 +935,6 @@
  
      </target>
  
@@ -38,6 +38,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
 -             <fileset dir="${src.dir}" includes="**/tsp/*UnitTest.java" />
 -             <fileset dir="${src.dir}" includes="**/utiltest/*Test.java" />
 -             <fileset dir="${src.dir}" includes="**/util/io/pem/*Test.java" />
+-             <fileset dir="${src.dir}" includes="**/keybox/*Test.java" />
 -             <fileset dir="${src.dir}" includes="**/test/*.java" />
 -             <fileset dir="${src.dir}" includes="**/test/*/*.java" />
 -             <fileset dir="${src.dir}" includes="**/*.asc" />
@@ -68,6 +69,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
 -        </copy>
 -
 -        <delete file="${test.target.src.dir}/org/bouncycastle/pqc/crypto/lms/AllTests.java" />
+-        <delete file="${test.target.src.dir}/org/bouncycastle/gpg/keybox/AllTests.java" />
 -        <delete file="${test.target.src.dir}/org/bouncycastle/x509/CertPathReviewerMessages_de.properties" />
 -        <delete file="${test.target.src.dir}/org/bouncycastle/x509/CertPathReviewerMessages.properties" />
 -
@@ -106,6 +108,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
 -                </fileset>
 -            </classpath>
 -            <sysproperty key="bc.test.data.home" value="../../core/src/test/data" />
+-            <sysproperty key="test.java.version.prefix" value="${env.JAVA_VERSION_PREFIX}" />
 -
 -            <formatter type="xml" />
 -            <batchtest todir="${artifacts.reports.xml.dir}" unless="testcase">

bouncycastle.changes

@@ -1,3 +1,84 @@
+-------------------------------------------------------------------
+Mon Apr 29 16:07:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Update to version 1.78.1
+  * Defects Fixed:
+    - The new dependency of the the PGP API on the bcutil jar was
+      missing from the module jar, the OSGi manifest, and the Maven
+      POM. This has been fixed.
+    - Missing exports and duplicate imports have been added/removed
+      from the OSGi manifests.
+    - The OSGi manifests now have the same bundle IDs as 1.77 and
+      lock down dependencies to the equivalent variations
+    - A check in the X.509 Extensions class preventing the parsing
+      of empty extensions has been removed.
+
+-------------------------------------------------------------------
+Mon Apr 29 06:39:43 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to version 1.78: [bsc#1223252, CVE-2024-30171]
+  * Security Advisories.
+    - CVE-2024-29857: Importing an EC certificate with specially crafted
+      F2m parameters can cause high CPU usage during parameter evaluation.
+    - CVE-2024-30171: Possible timing based leakage in RSA based handshakes
+      due to exception processing eliminated.
+    - CVE-2024-30172: Crafted signature and public key can be used to
+      trigger an infinite loop in the Ed25519 verification code.
+    - CVE-2024-301XX: When endpoint identification is enabled in the BCJSSE
+      and an SSL socket is not created with an explicit hostname (as happens
+      with HttpsURLConnection), hostname verification could be performed
+      against a DNS-resolved IP address. This has been fixed.
+  * Defects Fixed:
+    - Issues with a dangling weak reference causing intermittent
+      NullPointerExceptions in the OcspCache have been fixed.
+    - Issues with non-constant time RSA operations in TLS handshakes.
+    - Issue with Ed25519, Ed448 signature verification causing intermittent
+      infinite loop have been fixed.
+    - Issues with non-constant time ML-KEM implementation ("Kyber Slash").
+    - Align ML-KEM input validation with FIPS 203 IPD requirements.
+    - Make PEM parsing more forgiving of whitespace to align with RFC 7468.
+    - Fix CCM length checks with large nonce sizes (n=12, n=13).
+    - EAC: Fixed the CertificateBody ASN.1 type to support an optional
+      Certification Authority Reference in a Certificate Request.
+    - ASN.1: ObjectIdentifier (also Relative OID) parsing has been optimized
+      and the contents octets for both types are now limited to 4096 bytes.
+    - BCJSSE: Fixed a missing null check on the result of PrivateKey.getEncoded(),
+      which could cause issues for HSM RSA keys.
+    - BCJSSE: When endpoint identification is enabled and an SSL socket is not
+      created with an explicit hostname (as happens with HttpsURLConnection),
+      hostname verification could be performed against a DNS-resolved IP address.
+    - The missing module import of java.logging to the provider module has been added.
+    - GOST ASN.1 public key alg parameters are now compliant with RFC 9215.
+    - An off-by-one error in the encoding for EccP256CurvePoint for ITS.
+    - PEM Parser now enforces PEM headers to start at the beginning of the line
+      to be meaningful.
+  * Additional Features and Functionality.
+    - An implementation of MLS (RFC 9420 - The Messaging Layer Security Protocol)
+      has been added as a new module.
+    - NTRU now supports NTRU-HPS4096-1229 and NTRU-HRSS-1373.
+    - Improvements to PGP support, including Camellia key wrapping and Curve25519,
+      Curve448 key types (including XDH with HKDF).
+    - Added initial support for ML-KEM in TLS.
+    - Added XWing hybrid KEM construction (X25519 + ML-KEM-768).
+    - Introduced initial KEMSpi support (NTRU, SNTRU Prime) for JDK 21+.
+    - Introduced initial composite signature support for X509 Certificates.
+    - PKCS#12 now supports PKCS12-AES256-AES128, PKCS12-AES256-AES128-GCM,
+      PKCS12-DEF-AES256-AES128, and PKCS12-DEF-AES256-AES128-GCM.
+    - The default type for the KeyStore.getInstance("PKCS12", "BC") can now be set
+      using the org.bouncycastle.pkcs12.default system/security property.
+    - The PGP SExpParser will now handle Ed25519 and Ed448 keys.
+    - Dilithium and Kyber key encoding updated to latest Draft RFCs
+      (draft-ietf-lamps-dilithium-certificates and draft-ietf-lamps-kyber-certificates)
+    - Support has been added for encryption key derivation using HKDF in CMS, see
+      draft-housley-lamps-cms-cek-hkdf-sha256.
+    - X500Name now recognises jurisdiction{C,ST,L} DNs.
+    - CertPathValidationContext and CertificatePoliciesValidation now include
+      implementations of Memoable.
+    - The Composite post-quantum signatures implementation has been updated to the
+      latest draft draft-ounsworth-pq-composite-sigs.
+  * Full release notes: bouncycastle.org/releasenotes.html#r1rv78
+  * Rebase bouncycastle-notests.patch
+
 -------------------------------------------------------------------
 Mon Dec  4 13:44:16 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

bouncycastle.spec

@@ -17,12 +17,13 @@
 
 
 %global ver_major 1
-%global ver_minor 77
-%global gittag r%{ver_major}rv%{ver_minor}
-%global archivever jdk18on-%{ver_major}%{ver_minor}
+%global ver_minor 78
+%global ver_micro 1
+%global gittag r%{ver_major}rv%{ver_minor}%{?ver_micro:v%{ver_micro}}
+%global archivever jdk18on-%{ver_major}%{ver_minor}%{?ver_micro:0%{ver_micro}}
 %global classname org.bouncycastle.jce.provider.BouncyCastleProvider
 Name:           bouncycastle
-Version:        %{ver_major}.%{ver_minor}
+Version:        %{ver_major}.%{ver_minor}%{?ver_micro:.%{ver_micro}}
 Release:        0
 Summary:        Bouncy Castle Cryptography APIs for Java
 License:        Apache-2.0 AND MIT
@@ -51,7 +52,7 @@ BuildRequires:  jakarta-mail
 BuildRequires:  javamail
 BuildRequires:  javapackages-local >= 6
 Requires(post): javapackages-tools
-Requires(postun):javapackages-tools
+Requires(postun): javapackages-tools
 Provides:       bcprov = %{version}-%{release}
 BuildArch:      noarch