Accepting request 1082715 from home:pmonrealgonzalez:branches:Java:packages

- Update to version 1.73:
  * Defects Fixed:
    - BCJSSE: Instantiating a JSSE provider in some contexts could
      cause an AccessControl exception.
    - The EC key pair generator can generate out of range private
      keys when used with SM2. A specific SM2KeyPairGenerator has
      been added to the low-level API and is used by
      KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has
      been updated to check for out of range keys as well..
    - The attached signature type byte was still present in Falcon
      signatures as well as the detached signature byte.
    - There was an off-by-one error in engineGetOutputSize() for ECIES.
    - The method for invoking read() internally in BCPGInputStream
      could result in inconsistent behaviour if the class was extended.
    - Fixed a rounding issue with FF1 Format Preserving Encryption
      algorithm for certain radices.
    - Fixed RFC3394WrapEngine handling of 64 bit keys.
    - Internal buffer for blake2sp was too small and could result in
      an ArrayIndexOutOfBoundsException.
    - JCA PSS Signatures using SHAKE128 and SHAKE256 now support
      encoding of algorithm parameters.
    - PKCS10CertificationRequest now checks for empty extension
      parameters.
    - Parsing errors in the processing of PGP Armored Data now throw
      an explicit exception ArmoredInputException.
    - PGP AEAD streams could occassionally be truncated.
    - The ESTService class now supports processing of chunked HTTP data.
    - A constructed ASN.1 OCTET STRING with a single member would
      sometimes be re-encoded as a definite-length OCTET STRING. The
      encoding has been adjusted to preserve the BER status of the object.

OBS-URL: https://build.opensuse.org/request/show/1082715
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=92

bcjmail-jdk18on-1.73.pom

@@ -5,7 +5,7 @@
   <artifactId>bcjmail-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle Jakarta S/MIME API</name>
-  <version>1.72</version>
+  <version>1.73</version>
   <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,19 +33,19 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
     <dependency>

bcmail-jdk18on-1.73.pom

@@ -5,7 +5,7 @@
   <artifactId>bcmail-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle S/MIME API</name>
-  <version>1.72</version>
+  <version>1.73</version>
   <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,19 +33,19 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcpg-jdk18on-1.73.pom

@@ -5,7 +5,7 @@
   <artifactId>bcpg-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle OpenPGP API</name>
-  <version>1.72</version>
+  <version>1.73</version>
   <description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -38,7 +38,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcpkix-jdk18on-1.73.pom

@@ -5,7 +5,7 @@
   <artifactId>bcpkix-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name>
-  <version>1.72</version>
+  <version>1.73</version>
   <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,13 +33,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcprov-jdk18on-1.73.pom

@@ -5,7 +5,7 @@
   <artifactId>bcprov-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle Provider</name>
-  <version>1.72</version>
+  <version>1.73</version>
   <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>

bctls-jdk18on-1.73.pom

@@ -5,7 +5,7 @@
   <artifactId>bctls-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle JSSE provider and TLS/DTLS API</name>
-  <version>1.72</version>
+  <version>1.73</version>
   <description>The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,13 +33,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcutil-jdk18on-1.73.pom

@@ -5,7 +5,7 @@
   <artifactId>bcutil-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle ASN.1 Extension and Utility APIs</name>
-  <version>1.72</version>
+  <version>1.73</version>
   <description>The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,7 +33,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.72</version>
+      <version>1.73</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bouncycastle.changes

@@ -1,3 +1,109 @@
+-------------------------------------------------------------------
+Tue Apr 25 10:26:27 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to version 1.73:
+  * Defects Fixed:
+    - BCJSSE: Instantiating a JSSE provider in some contexts could
+      cause an AccessControl exception.
+    - The EC key pair generator can generate out of range private
+      keys when used with SM2. A specific SM2KeyPairGenerator has
+      been added to the low-level API and is used by
+      KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has
+      been updated to check for out of range keys as well..
+    - The attached signature type byte was still present in Falcon
+      signatures as well as the detached signature byte.
+    - There was an off-by-one error in engineGetOutputSize() for ECIES.
+    - The method for invoking read() internally in BCPGInputStream
+      could result in inconsistent behaviour if the class was extended.
+    - Fixed a rounding issue with FF1 Format Preserving Encryption
+      algorithm for certain radices.
+    - Fixed RFC3394WrapEngine handling of 64 bit keys.
+    - Internal buffer for blake2sp was too small and could result in
+      an ArrayIndexOutOfBoundsException.
+    - JCA PSS Signatures using SHAKE128 and SHAKE256 now support
+      encoding of algorithm parameters.
+    - PKCS10CertificationRequest now checks for empty extension
+      parameters.
+    - Parsing errors in the processing of PGP Armored Data now throw
+      an explicit exception ArmoredInputException.
+    - PGP AEAD streams could occassionally be truncated.
+    - The ESTService class now supports processing of chunked HTTP data.
+    - A constructed ASN.1 OCTET STRING with a single member would
+      sometimes be re-encoded as a definite-length OCTET STRING. The
+      encoding has been adjusted to preserve the BER status of the object.
+    - PKIXCertPathReviewer could fail if the trust anchor was also
+      included in the certificate store being used for path analysis.
+    - UTF-8 parsing of an array range ignored the provided length.
+    - IPAddress has been written to provide stricter checking and
+      avoid the use of Integer.parseInt().
+    - A Java 7 class snuck into the Java 5 to Java 8 build.
+  * Additional Features and Functionality:
+    - The Rainbow NIST Post Quantum Round-3 Candidate has been added to
+      the low-level API and the BCPQC provider (level 3 and level 5
+      parameter sets only).
+    - The GeMSS NIST Post Quantum Round-3 Candidate has been added to
+      the low-level API.
+    - The org.bouncycastle.rsa.max_mr_tests property check has been
+      added to allow capping of MR tests done on RSA moduli.
+    - Significant performance improvements in PQC algorithms,
+      especially BIKE, CMCE, Frodo, HQC, Picnic.
+    - EdDSA verification now conforms to the recommendations of Taming
+      the many EdDSAs, in particular cofactored verification. As a side
+      benefit, Pornin's basis reduction is now used for EdDSA
+      verification, giving a significant performance boost.
+    - Major performance improvements for Anomalous Binary (Koblitz) Curves.
+    - The lightweight Cryptography finalists Ascon, ISAP, Elephant,
+      PhotonBeetle, Sparkle, and Xoodyak have been added to the
+      light-weight cryptography API.
+    - BLAKE2bp and BLAKE2sp have been added to the light-weight
+      cryptography API.
+    - Support has been added for X.509, Section 9.8, hybrid certificates
+      and CRLs using alternate public keys and alternate signatures.
+    - The property "org.bouncycastle.emulate.oracle" has been added to
+      signal the provider should return algorithm names on some algorithms
+      in the same manner as the Oracle JCE provider.
+    - An extra replaceSigners method has been added to CMSSignedData
+      which allows for specifying the digest algorithm IDs to be used
+      in the new CMSSignedData object.
+    - Parsing and re-encoding of ASN.1 PEM data has been further
+      optimized to prevent unecessary conversions between basic encoding,
+      definite length, and DER.
+    - Support has been added for KEM ciphers in CMS in accordance with
+      draft-ietf-lamps-cms-kemri
+    - Support has been added for certEncr in CRMF to allow issuing of
+      certificates for KEM public keys.
+    - Further speedups have been made to CRC24.
+    - GCMParameterSpec constructor caching has been added to improve
+      performance for JVMs that have the class available.
+    - The PGPEncrytedDataGenerator now supports injecting the session
+      key to be used for PGP PBE encrypted data.
+    - The CRMF CertificateRequestMessageBuilder now supports optional
+      attributes.
+    - Improvements to the s calculation in JPAKE.
+    - A general purpose PQCOtherInfoGenerator has been added which
+      supports all Kyber and NTRU.
+    - An implementation of HPKE (RFC 9180 - Hybrid Public Key
+      Encryption) has been added to the light-weight cryptography API.
+  * Security Advisories:
+    - The PQC implementations have now been subject to formal review for
+      secret leakage and side channels, there were issues in BIKE, Falcon,
+      Frodo, HQC which have now been fixed. Some weak positives also
+      showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last
+      set has been ignored as the algorithms will either be updated if
+      they reappear in the Signature Round, or deleted, as is already the
+      case for SIKE (it is now in the legacy package). Details on the
+      group responsible for the testing can be found in the CONTRIBUTORS
+      file.
+    - For at least some ECIES variants (e.g. when using CBC) there is
+      an issue with potential malleability of a nonce (implying silent
+      malleability of the plaintext) that must be sent alongside the
+      ciphertext but is outside the IES integrity check. For this reason
+      the automatic generation of nonces with IED is now disabled and
+      they have to be passed in using an IESParameterSpec. The current
+      advice is to agree on a nonce between parties and then rely on the
+      use of the ephemeral key component to allow the nonce (rather the
+      so called nonce) usage to be extended.
+
 -------------------------------------------------------------------
 Wed Oct 19 12:09:48 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 

bouncycastle.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package bouncycastle
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 %global ver_major 1
-%global ver_minor 72
+%global ver_minor 73
 %global gittag r%{ver_major}rv%{ver_minor}
 %global archivever jdk18on-%{ver_major}%{ver_minor}
 %global classname org.bouncycastle.jce.provider.BouncyCastleProvider

r1rv72.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4c8062c5b5f6d9e19f1fc21ceb20f8fe0170fdb4c135051c82faa5ef5b7cb00b
-size 380374879

r1rv73.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d26563a1a005fc8e856545f2e90950628d724c8b444e0cbd0baf7daf907d38fb
+size 20087104