Sync from SUSE:SLFO:Main bouncycastle revision fe74e90d9b8e38546fd1f264a38d6748

This commit is contained in:
Adrian Schröter 2024-05-31 14:32:41 +02:00
parent 1171f9bf02
commit 34fc588b22
12 changed files with 122 additions and 31 deletions

View File

@ -5,7 +5,7 @@
<artifactId>bcjmail-jdk18on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle Jakarta S/MIME API</name>
<version>1.77</version>
<version>1.78.1</version>
<description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed.</description>
<url>https://www.bouncycastle.org/java.html</url>
<licenses>
@ -33,19 +33,19 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcutil-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
</dependencies>

View File

@ -5,7 +5,7 @@
<artifactId>bcmail-jdk18on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle S/MIME API</name>
<version>1.77</version>
<version>1.78.1</version>
<description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
<url>https://www.bouncycastle.org/java.html</url>
<licenses>
@ -33,19 +33,19 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcutil-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
</dependencies>

View File

@ -5,7 +5,7 @@
<artifactId>bcpg-jdk18on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle OpenPGP API</name>
<version>1.77</version>
<version>1.78.1</version>
<description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
<url>https://www.bouncycastle.org/java.html</url>
<licenses>
@ -38,7 +38,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcutil-jdk18on</artifactId>
<version>1.78.1</version>
<type>jar</type>
</dependency>
</dependencies>

View File

@ -5,7 +5,7 @@
<artifactId>bcpkix-jdk18on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name>
<version>1.77</version>
<version>1.78.1</version>
<description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
<url>https://www.bouncycastle.org/java.html</url>
<licenses>
@ -33,13 +33,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcutil-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
</dependencies>

View File

@ -5,7 +5,7 @@
<artifactId>bcprov-jdk18on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle Provider</name>
<version>1.77</version>
<version>1.78.1</version>
<description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.</description>
<url>https://www.bouncycastle.org/java.html</url>
<licenses>

View File

@ -5,7 +5,7 @@
<artifactId>bctls-jdk18on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle JSSE provider and TLS/DTLS API</name>
<version>1.77</version>
<version>1.78.1</version>
<description>The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.</description>
<url>https://www.bouncycastle.org/java.html</url>
<licenses>
@ -33,13 +33,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcutil-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
</dependencies>

View File

@ -5,7 +5,7 @@
<artifactId>bcutil-jdk18on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle ASN.1 Extension and Utility APIs</name>
<version>1.77</version>
<version>1.78.1</version>
<description>The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.</description>
<url>https://www.bouncycastle.org/java.html</url>
<licenses>
@ -33,7 +33,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.77</version>
<version>1.78.1</version>
<type>jar</type>
</dependency>
</dependencies>

View File

@ -1,7 +1,7 @@
Index: bc-java-r1rv76/ant/bc+-build.xml
Index: bc-java-r1rv78/ant/bc+-build.xml
===================================================================
--- bc-java-r1rv76.orig/ant/bc+-build.xml
+++ bc-java-r1rv76/ant/bc+-build.xml
--- bc-java-r1rv78.orig/ant/bc+-build.xml
+++ bc-java-r1rv78/ant/bc+-build.xml
@@ -280,7 +280,7 @@
</target>
@ -11,7 +11,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
<target name="build-lw" depends="initMacros">
<!--
@@ -935,146 +935,6 @@
@@ -935,149 +935,6 @@
</target>
@ -38,6 +38,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
- <fileset dir="${src.dir}" includes="**/tsp/*UnitTest.java" />
- <fileset dir="${src.dir}" includes="**/utiltest/*Test.java" />
- <fileset dir="${src.dir}" includes="**/util/io/pem/*Test.java" />
- <fileset dir="${src.dir}" includes="**/keybox/*Test.java" />
- <fileset dir="${src.dir}" includes="**/test/*.java" />
- <fileset dir="${src.dir}" includes="**/test/*/*.java" />
- <fileset dir="${src.dir}" includes="**/*.asc" />
@ -68,6 +69,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
- </copy>
-
- <delete file="${test.target.src.dir}/org/bouncycastle/pqc/crypto/lms/AllTests.java" />
- <delete file="${test.target.src.dir}/org/bouncycastle/gpg/keybox/AllTests.java" />
- <delete file="${test.target.src.dir}/org/bouncycastle/x509/CertPathReviewerMessages_de.properties" />
- <delete file="${test.target.src.dir}/org/bouncycastle/x509/CertPathReviewerMessages.properties" />
-
@ -106,6 +108,7 @@ Index: bc-java-r1rv76/ant/bc+-build.xml
- </fileset>
- </classpath>
- <sysproperty key="bc.test.data.home" value="../../core/src/test/data" />
- <sysproperty key="test.java.version.prefix" value="${env.JAVA_VERSION_PREFIX}" />
-
- <formatter type="xml" />
- <batchtest todir="${artifacts.reports.xml.dir}" unless="testcase">

View File

@ -1,3 +1,84 @@
-------------------------------------------------------------------
Mon Apr 29 16:07:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Update to version 1.78.1
* Defects Fixed:
- The new dependency of the the PGP API on the bcutil jar was
missing from the module jar, the OSGi manifest, and the Maven
POM. This has been fixed.
- Missing exports and duplicate imports have been added/removed
from the OSGi manifests.
- The OSGi manifests now have the same bundle IDs as 1.77 and
lock down dependencies to the equivalent variations
- A check in the X.509 Extensions class preventing the parsing
of empty extensions has been removed.
-------------------------------------------------------------------
Mon Apr 29 06:39:43 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to version 1.78: [bsc#1223252, CVE-2024-30171]
* Security Advisories.
- CVE-2024-29857: Importing an EC certificate with specially crafted
F2m parameters can cause high CPU usage during parameter evaluation.
- CVE-2024-30171: Possible timing based leakage in RSA based handshakes
due to exception processing eliminated.
- CVE-2024-30172: Crafted signature and public key can be used to
trigger an infinite loop in the Ed25519 verification code.
- CVE-2024-301XX: When endpoint identification is enabled in the BCJSSE
and an SSL socket is not created with an explicit hostname (as happens
with HttpsURLConnection), hostname verification could be performed
against a DNS-resolved IP address. This has been fixed.
* Defects Fixed:
- Issues with a dangling weak reference causing intermittent
NullPointerExceptions in the OcspCache have been fixed.
- Issues with non-constant time RSA operations in TLS handshakes.
- Issue with Ed25519, Ed448 signature verification causing intermittent
infinite loop have been fixed.
- Issues with non-constant time ML-KEM implementation ("Kyber Slash").
- Align ML-KEM input validation with FIPS 203 IPD requirements.
- Make PEM parsing more forgiving of whitespace to align with RFC 7468.
- Fix CCM length checks with large nonce sizes (n=12, n=13).
- EAC: Fixed the CertificateBody ASN.1 type to support an optional
Certification Authority Reference in a Certificate Request.
- ASN.1: ObjectIdentifier (also Relative OID) parsing has been optimized
and the contents octets for both types are now limited to 4096 bytes.
- BCJSSE: Fixed a missing null check on the result of PrivateKey.getEncoded(),
which could cause issues for HSM RSA keys.
- BCJSSE: When endpoint identification is enabled and an SSL socket is not
created with an explicit hostname (as happens with HttpsURLConnection),
hostname verification could be performed against a DNS-resolved IP address.
- The missing module import of java.logging to the provider module has been added.
- GOST ASN.1 public key alg parameters are now compliant with RFC 9215.
- An off-by-one error in the encoding for EccP256CurvePoint for ITS.
- PEM Parser now enforces PEM headers to start at the beginning of the line
to be meaningful.
* Additional Features and Functionality.
- An implementation of MLS (RFC 9420 - The Messaging Layer Security Protocol)
has been added as a new module.
- NTRU now supports NTRU-HPS4096-1229 and NTRU-HRSS-1373.
- Improvements to PGP support, including Camellia key wrapping and Curve25519,
Curve448 key types (including XDH with HKDF).
- Added initial support for ML-KEM in TLS.
- Added XWing hybrid KEM construction (X25519 + ML-KEM-768).
- Introduced initial KEMSpi support (NTRU, SNTRU Prime) for JDK 21+.
- Introduced initial composite signature support for X509 Certificates.
- PKCS#12 now supports PKCS12-AES256-AES128, PKCS12-AES256-AES128-GCM,
PKCS12-DEF-AES256-AES128, and PKCS12-DEF-AES256-AES128-GCM.
- The default type for the KeyStore.getInstance("PKCS12", "BC") can now be set
using the org.bouncycastle.pkcs12.default system/security property.
- The PGP SExpParser will now handle Ed25519 and Ed448 keys.
- Dilithium and Kyber key encoding updated to latest Draft RFCs
(draft-ietf-lamps-dilithium-certificates and draft-ietf-lamps-kyber-certificates)
- Support has been added for encryption key derivation using HKDF in CMS, see
draft-housley-lamps-cms-cek-hkdf-sha256.
- X500Name now recognises jurisdiction{C,ST,L} DNs.
- CertPathValidationContext and CertificatePoliciesValidation now include
implementations of Memoable.
- The Composite post-quantum signatures implementation has been updated to the
latest draft draft-ounsworth-pq-composite-sigs.
* Full release notes: bouncycastle.org/releasenotes.html#r1rv78
* Rebase bouncycastle-notests.patch
-------------------------------------------------------------------
Mon Dec 4 13:44:16 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

View File

@ -17,12 +17,13 @@
%global ver_major 1
%global ver_minor 77
%global gittag r%{ver_major}rv%{ver_minor}
%global archivever jdk18on-%{ver_major}%{ver_minor}
%global ver_minor 78
%global ver_micro 1
%global gittag r%{ver_major}rv%{ver_minor}%{?ver_micro:v%{ver_micro}}
%global archivever jdk18on-%{ver_major}%{ver_minor}%{?ver_micro:0%{ver_micro}}
%global classname org.bouncycastle.jce.provider.BouncyCastleProvider
Name: bouncycastle
Version: %{ver_major}.%{ver_minor}
Version: %{ver_major}.%{ver_minor}%{?ver_micro:.%{ver_micro}}
Release: 0
Summary: Bouncy Castle Cryptography APIs for Java
License: Apache-2.0 AND MIT

BIN
r1rv77.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
r1rv78v1.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.