From ae79d27cb186707d115afabb90e74911186c37ad3b5d580fa86c0aadfde3ec12 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Thu, 20 Oct 2022 06:34:10 +0000 Subject: [PATCH] Accepting request 1030002 from home:pmonrealgonzalez:branches:Java:packages - Update to version 1.72: * Defects Fixed: - There were parameter errors in XMSS^MT OIDs for XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have been fixed. - There was an error in Merkle tree construction for the Evidence Records (ERS) implementation which could result in invalid roots been timestamped. ERS now produces an ArchiveTimeStamp for each data object/group with an associated reduced hash tree. The reduced hash tree is now calculated as a simple path to the root of the tree for each record. - OpenPGP will now ignore signatures marked as non-exportable on encoding. - A tagging calculation error in GCMSIV which could result in incorrect tags has been fixed. - Issues around Java 17 which could result in failing tests have been addressed. * Additional Features and Functionality: - BCJSSE: TLS 1.3 is now enabled by default where no explicit protocols are supplied (e.g. "TLS" or "Default" SSLContext algorithms, or SSLContext.getDefault() method). - BCJSSE: Rewrite SSLEngine implementation to improve compatibility with SunJSSE. - BCJSSE: Support export of keying material via extension API. - (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266. - (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3. - (D)TLS (low-level API): Add support for raw public keys per RFC 7250. OBS-URL: https://build.opensuse.org/request/show/1030002 OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=87 --- ...k18on-1.71.pom => bcjmail-jdk18on-1.72.pom | 17 ++-- ...dk18on-1.71.pom => bcmail-jdk18on-1.72.pom | 8 +- ...-jdk18on-1.71.pom => bcpg-jdk18on-1.72.pom | 8 +- ...dk18on-1.71.pom => bcpkix-jdk18on-1.72.pom | 6 +- ...dk18on-1.71.pom => bcprov-jdk18on-1.72.pom | 2 +- ...jdk18on-1.71.pom => bctls-jdk18on-1.72.pom | 6 +- ...dk18on-1.71.pom => bcutil-jdk18on-1.72.pom | 4 +- bouncycastle-javadoc.patch | 16 ++-- bouncycastle.changes | 85 +++++++++++++++++++ bouncycastle.spec | 2 +- r1rv71.tar.gz | 3 - r1rv72.tar.gz | 3 + 12 files changed, 121 insertions(+), 39 deletions(-) rename bcjmail-jdk18on-1.71.pom => bcjmail-jdk18on-1.72.pom (82%) rename bcmail-jdk18on-1.71.pom => bcmail-jdk18on-1.72.pom (93%) rename bcpg-jdk18on-1.71.pom => bcpg-jdk18on-1.72.pom (89%) rename bcpkix-jdk18on-1.71.pom => bcpkix-jdk18on-1.72.pom (94%) rename bcprov-jdk18on-1.71.pom => bcprov-jdk18on-1.72.pom (97%) rename bctls-jdk18on-1.71.pom => bctls-jdk18on-1.72.pom (93%) rename bcutil-jdk18on-1.71.pom => bcutil-jdk18on-1.72.pom (95%) delete mode 100644 r1rv71.tar.gz create mode 100644 r1rv72.tar.gz diff --git a/bcjmail-jdk18on-1.71.pom b/bcjmail-jdk18on-1.72.pom similarity index 82% rename from bcjmail-jdk18on-1.71.pom rename to bcjmail-jdk18on-1.72.pom index ecf1697..62f957c 100644 --- a/bcjmail-jdk18on-1.71.pom +++ b/bcjmail-jdk18on-1.72.pom @@ -5,7 +5,7 @@ bcjmail-jdk18on jar Bouncy Castle Jakarta S/MIME API - 1.71 + 1.72 The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed. https://www.bouncycastle.org/java.html @@ -33,29 +33,24 @@ org.bouncycastle bcprov-jdk18on - 1.71 + 1.72 jar org.bouncycastle bcutil-jdk18on - 1.71 + 1.72 jar org.bouncycastle bcpkix-jdk18on - 1.71 + 1.72 jar - jakarta.mail - jakarta.mail-api - [2.0,3.0) - - - jakarta.activation - jakarta.activation-api + com.sun.mail + jakarta.mail [2.0,3.0) diff --git a/bcmail-jdk18on-1.71.pom b/bcmail-jdk18on-1.72.pom similarity index 93% rename from bcmail-jdk18on-1.71.pom rename to bcmail-jdk18on-1.72.pom index 03e1247..05fd83f 100644 --- a/bcmail-jdk18on-1.71.pom +++ b/bcmail-jdk18on-1.72.pom @@ -5,7 +5,7 @@ bcmail-jdk18on jar Bouncy Castle S/MIME API - 1.71 + 1.72 The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. https://www.bouncycastle.org/java.html @@ -33,19 +33,19 @@ org.bouncycastle bcprov-jdk18on - 1.71 + 1.72 jar org.bouncycastle bcutil-jdk18on - 1.71 + 1.72 jar org.bouncycastle bcpkix-jdk18on - 1.71 + 1.72 jar diff --git a/bcpg-jdk18on-1.71.pom b/bcpg-jdk18on-1.72.pom similarity index 89% rename from bcpg-jdk18on-1.71.pom rename to bcpg-jdk18on-1.72.pom index 27ef3f2..d37909f 100644 --- a/bcpg-jdk18on-1.71.pom +++ b/bcpg-jdk18on-1.72.pom @@ -5,7 +5,7 @@ bcpg-jdk18on jar Bouncy Castle OpenPGP API - 1.71 + 1.72 The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. https://www.bouncycastle.org/java.html @@ -15,8 +15,8 @@ repo - Apache Software License, Version 1.1 - https://www.apache.org/licenses/LICENSE-1.1 + Apache Software License, Version 2.0 + https://www.apache.org/licenses/LICENSE-2.0 repo @@ -38,7 +38,7 @@ org.bouncycastle bcprov-jdk18on - 1.71 + 1.72 jar diff --git a/bcpkix-jdk18on-1.71.pom b/bcpkix-jdk18on-1.72.pom similarity index 94% rename from bcpkix-jdk18on-1.71.pom rename to bcpkix-jdk18on-1.72.pom index 6435473..70bb063 100644 --- a/bcpkix-jdk18on-1.71.pom +++ b/bcpkix-jdk18on-1.72.pom @@ -5,7 +5,7 @@ bcpkix-jdk18on jar Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs - 1.71 + 1.72 The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. https://www.bouncycastle.org/java.html @@ -33,13 +33,13 @@ org.bouncycastle bcprov-jdk18on - 1.71 + 1.72 jar org.bouncycastle bcutil-jdk18on - 1.71 + 1.72 jar diff --git a/bcprov-jdk18on-1.71.pom b/bcprov-jdk18on-1.72.pom similarity index 97% rename from bcprov-jdk18on-1.71.pom rename to bcprov-jdk18on-1.72.pom index f6ded61..257c90a 100644 --- a/bcprov-jdk18on-1.71.pom +++ b/bcprov-jdk18on-1.72.pom @@ -5,7 +5,7 @@ bcprov-jdk18on jar Bouncy Castle Provider - 1.71 + 1.72 The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. https://www.bouncycastle.org/java.html diff --git a/bctls-jdk18on-1.71.pom b/bctls-jdk18on-1.72.pom similarity index 93% rename from bctls-jdk18on-1.71.pom rename to bctls-jdk18on-1.72.pom index 0113d33..8910ee3 100644 --- a/bctls-jdk18on-1.71.pom +++ b/bctls-jdk18on-1.72.pom @@ -5,7 +5,7 @@ bctls-jdk18on jar Bouncy Castle JSSE provider and TLS/DTLS API - 1.71 + 1.72 The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE. https://www.bouncycastle.org/java.html @@ -33,13 +33,13 @@ org.bouncycastle bcprov-jdk18on - 1.71 + 1.72 jar org.bouncycastle bcutil-jdk18on - 1.71 + 1.72 jar diff --git a/bcutil-jdk18on-1.71.pom b/bcutil-jdk18on-1.72.pom similarity index 95% rename from bcutil-jdk18on-1.71.pom rename to bcutil-jdk18on-1.72.pom index 877792d..afd9d9d 100644 --- a/bcutil-jdk18on-1.71.pom +++ b/bcutil-jdk18on-1.72.pom @@ -5,7 +5,7 @@ bcutil-jdk18on jar Bouncy Castle ASN.1 Extension and Utility APIs - 1.71 + 1.72 The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up. https://www.bouncycastle.org/java.html @@ -33,7 +33,7 @@ org.bouncycastle bcprov-jdk18on - 1.71 + 1.72 jar diff --git a/bouncycastle-javadoc.patch b/bouncycastle-javadoc.patch index 00118b1..699f8bb 100644 --- a/bouncycastle-javadoc.patch +++ b/bouncycastle-javadoc.patch @@ -1,6 +1,8 @@ ---- bc-java-r1v60/ant/bc+-build.xml 2018-07-02 00:14:10.000000000 +0200 -+++ bc-java-r1v60/ant/bc+-build.xml 2018-11-19 18:49:26.961265967 +0100 -@@ -106,7 +106,7 @@ +Index: bc-java-r1rv72/ant/bc+-build.xml +=================================================================== +--- bc-java-r1rv72.orig/ant/bc+-build.xml ++++ bc-java-r1rv72/ant/bc+-build.xml +@@ -120,7 +120,7 @@ -@@ -143,7 +143,7 @@ +@@ -157,7 +157,7 @@ - -@@ -219,8 +219,8 @@ +@@ -241,8 +241,8 @@ @@ -29,7 +31,7 @@ windowtitle="Bouncy Castle Library ${release.name} API Specification" header="<b>Bouncy Castle Cryptography Library ${release.name}</b>"> -@@ -284,7 +284,7 @@ +@@ -310,7 +310,7 @@ + +- Update to version 1.72: + * Defects Fixed: + - There were parameter errors in XMSS^MT OIDs for + XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have + been fixed. + - There was an error in Merkle tree construction for the + Evidence Records (ERS) implementation which could result in + invalid roots been timestamped. ERS now produces an + ArchiveTimeStamp for each data object/group with an associated + reduced hash tree. The reduced hash tree is now calculated as + a simple path to the root of the tree for each record. + - OpenPGP will now ignore signatures marked as non-exportable + on encoding. + - A tagging calculation error in GCMSIV which could result in + incorrect tags has been fixed. + - Issues around Java 17 which could result in failing tests + have been addressed. + * Additional Features and Functionality: + - BCJSSE: TLS 1.3 is now enabled by default where no explicit + protocols are supplied (e.g. "TLS" or "Default" SSLContext + algorithms, or SSLContext.getDefault() method). + - BCJSSE: Rewrite SSLEngine implementation to improve compatibility + with SunJSSE. + - BCJSSE: Support export of keying material via extension API. + - (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266. + - (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are + offered now. Earlier versions are still supported if explicitly + enabled. Users may need to check they are offering suitable + cipher suites for TLS 1.3. + - (D)TLS (low-level API): Add support for raw public keys per RFC 7250. + - CryptoServicesRegistrar now has a setServicesConstraints() method + on it which can be used to selectively turn off algorithms. + - The NIST PQC Alternate Candidate, Picnic, has been added to the low + level API and the BCPQC provider. + - SPHINCS+ has been upgraded to the latest submission, SPHINCS+ 3.1 + and support for Haraka has been added. + - Evidence records now support timestamp renewal and hash renewal. + - The SIKE Alternative Candidate NIST Post Quantum Algorithm has + been added to the low-level PQC API. + - The NTRU Round 3 Finalist Candidate NIST Post Quantum Algorithm + has been added to the low-level API and the BCPQC provider. + - The Falcon Finalist NIST Post Quantum Algorithm has been added to + the low-level API and the BCPQC provider. + - The CRYSTALS-Kyber Finalist NIST Post Quantum Algorithm has been + added to the low-level API and the BCPQC provider. + - Argon2 Support has been added to the OpenPGP API. + - XDH IES has now been added to the BC provider. + - The OpenPGP API now supports AEAD encryption and decryption. + - The NTRU Prime Alternative Candidate NIST Post Quantum Algorithms + have been added to the low-level API and the BCPQC provider. + - The CRYSTALS-Dilithium Finalist NIST Post Quantum Algorithm has + been added to the low-level API and the BCPQC provider. + - The BIKE NIST Post Quantum Alternative/Round-4 Candidate has been + added to the low-level API and the BCPQC provider. + - The HQC NIST Post Quantum Alternative/Round-4 Candidate has been + added to the low-level API and the BCPQC provider. + - Grain128AEAD has been added to the lightweight API. + - A fast version of CRC24 has been added for use with the PGP API. + - Some additional methods and fields have been exposed in the + PGPOnePassSignature class to (hopefully) make it easier to + deal with nested signatures. + - CMP support classes have been updated to reflect the latest + editions to the the draft RFC "Lightweight Certificate Management + Protocol (CMP) Profile". + - Support has been added to the PKCS#12 implementation for the + Oracle trusted certificate attribute. + - Performance of our BZIP2 classes has been improved. + * Notes: + - Keep in mind the PQC algorithms are still under development and + we are still at least a year and a half away from published standards. + This means the algorithms may still change so by all means experiment, + but do not use the PQC algoritms for anything long term. + - The legacy "Rainbow" and "McEliece" implementations have been + removed from the BCPQC provider. The underlying classes are + still present if required. Other legacy algorithm implementations + can be found under the org.bouncycastle.pqc.legacy package. + * Security Notes: + - The PQC SIKE algorithm is provided for research purposes only. + It should now be regarded as broken. The SIKE implementation + will be withdrawn in BC 1.73. + * Rebase bouncycastle-javadoc.patch + ------------------------------------------------------------------- Fri Apr 22 21:24:48 UTC 2022 - Anton Shvetz diff --git a/bouncycastle.spec b/bouncycastle.spec index 71062b9..c6d50d0 100644 --- a/bouncycastle.spec +++ b/bouncycastle.spec @@ -17,7 +17,7 @@ %global ver_major 1 -%global ver_minor 71 +%global ver_minor 72 %global gittag r%{ver_major}rv%{ver_minor} %global archivever jdk18on-%{ver_major}%{ver_minor} %global classname org.bouncycastle.jce.provider.BouncyCastleProvider diff --git a/r1rv71.tar.gz b/r1rv71.tar.gz deleted file mode 100644 index 16b4e5c..0000000 --- a/r1rv71.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:820a26bef40a3f402b55f94d51b85b33384268fb4235ad8f907ab09e0b840747 -size 117684695 diff --git a/r1rv72.tar.gz b/r1rv72.tar.gz new file mode 100644 index 0000000..ed6c07f --- /dev/null +++ b/r1rv72.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4c8062c5b5f6d9e19f1fc21ceb20f8fe0170fdb4c135051c82faa5ef5b7cb00b +size 380374879