diff --git a/bcjmail-jdk18on-1.76.pom b/bcjmail-jdk18on-1.77.pom
similarity index 93%
rename from bcjmail-jdk18on-1.76.pom
rename to bcjmail-jdk18on-1.77.pom
index 3dcb306..293c17b 100644
--- a/bcjmail-jdk18on-1.76.pom
+++ b/bcjmail-jdk18on-1.77.pom
@@ -5,7 +5,7 @@
bcjmail-jdk18on
jar
Bouncy Castle Jakarta S/MIME API
- 1.76
+ 1.77
The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed.
https://www.bouncycastle.org/java.html
@@ -33,19 +33,19 @@
org.bouncycastle
bcprov-jdk18on
- 1.76
+ 1.77
jar
org.bouncycastle
bcutil-jdk18on
- 1.76
+ 1.77
jar
org.bouncycastle
bcpkix-jdk18on
- 1.76
+ 1.77
jar
diff --git a/bcmail-jdk18on-1.76.pom b/bcmail-jdk18on-1.77.pom
similarity index 93%
rename from bcmail-jdk18on-1.76.pom
rename to bcmail-jdk18on-1.77.pom
index 07a296e..612b59e 100644
--- a/bcmail-jdk18on-1.76.pom
+++ b/bcmail-jdk18on-1.77.pom
@@ -5,7 +5,7 @@
bcmail-jdk18on
jar
Bouncy Castle S/MIME API
- 1.76
+ 1.77
The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.
https://www.bouncycastle.org/java.html
@@ -33,19 +33,19 @@
org.bouncycastle
bcprov-jdk18on
- 1.76
+ 1.77
jar
org.bouncycastle
bcutil-jdk18on
- 1.76
+ 1.77
jar
org.bouncycastle
bcpkix-jdk18on
- 1.76
+ 1.77
jar
diff --git a/bcpg-jdk18on-1.76.pom b/bcpg-jdk18on-1.77.pom
similarity index 96%
rename from bcpg-jdk18on-1.76.pom
rename to bcpg-jdk18on-1.77.pom
index b2f8df1..a571e39 100644
--- a/bcpg-jdk18on-1.76.pom
+++ b/bcpg-jdk18on-1.77.pom
@@ -5,7 +5,7 @@
bcpg-jdk18on
jar
Bouncy Castle OpenPGP API
- 1.76
+ 1.77
The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
https://www.bouncycastle.org/java.html
@@ -38,7 +38,7 @@
org.bouncycastle
bcprov-jdk18on
- 1.76
+ 1.77
jar
diff --git a/bcpkix-jdk18on-1.76.pom b/bcpkix-jdk18on-1.77.pom
similarity index 94%
rename from bcpkix-jdk18on-1.76.pom
rename to bcpkix-jdk18on-1.77.pom
index 99adc73..226fc51 100644
--- a/bcpkix-jdk18on-1.76.pom
+++ b/bcpkix-jdk18on-1.77.pom
@@ -5,7 +5,7 @@
bcpkix-jdk18on
jar
Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs
- 1.76
+ 1.77
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
https://www.bouncycastle.org/java.html
@@ -33,13 +33,13 @@
org.bouncycastle
bcprov-jdk18on
- 1.76
+ 1.77
jar
org.bouncycastle
bcutil-jdk18on
- 1.76
+ 1.77
jar
diff --git a/bcprov-jdk18on-1.76.pom b/bcprov-jdk18on-1.77.pom
similarity index 97%
rename from bcprov-jdk18on-1.76.pom
rename to bcprov-jdk18on-1.77.pom
index a6df938..fa057b9 100644
--- a/bcprov-jdk18on-1.76.pom
+++ b/bcprov-jdk18on-1.77.pom
@@ -5,7 +5,7 @@
bcprov-jdk18on
jar
Bouncy Castle Provider
- 1.76
+ 1.77
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.
https://www.bouncycastle.org/java.html
diff --git a/bctls-jdk18on-1.76.pom b/bctls-jdk18on-1.77.pom
similarity index 93%
rename from bctls-jdk18on-1.76.pom
rename to bctls-jdk18on-1.77.pom
index 2b3f652..6f82a4d 100644
--- a/bctls-jdk18on-1.76.pom
+++ b/bctls-jdk18on-1.77.pom
@@ -5,7 +5,7 @@
bctls-jdk18on
jar
Bouncy Castle JSSE provider and TLS/DTLS API
- 1.76
+ 1.77
The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.
https://www.bouncycastle.org/java.html
@@ -33,13 +33,13 @@
org.bouncycastle
bcprov-jdk18on
- 1.76
+ 1.77
jar
org.bouncycastle
bcutil-jdk18on
- 1.76
+ 1.77
jar
diff --git a/bcutil-jdk18on-1.76.pom b/bcutil-jdk18on-1.77.pom
similarity index 95%
rename from bcutil-jdk18on-1.76.pom
rename to bcutil-jdk18on-1.77.pom
index 7b77788..477c5e5 100644
--- a/bcutil-jdk18on-1.76.pom
+++ b/bcutil-jdk18on-1.77.pom
@@ -5,7 +5,7 @@
bcutil-jdk18on
jar
Bouncy Castle ASN.1 Extension and Utility APIs
- 1.76
+ 1.77
The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.
https://www.bouncycastle.org/java.html
@@ -33,7 +33,7 @@
org.bouncycastle
bcprov-jdk18on
- 1.76
+ 1.77
jar
diff --git a/bouncycastle.changes b/bouncycastle.changes
index 970c212..120a605 100644
--- a/bouncycastle.changes
+++ b/bouncycastle.changes
@@ -1,3 +1,68 @@
+-------------------------------------------------------------------
+Mon Dec 4 13:44:16 UTC 2023 - Pedro Monreal
+
+- Update to version 1.77:
+ * Defects Fixed:
+ - Using an unescaped '=' in an X.500 RDN would result in the
+ RDN being truncated silently. The issue is now detected and
+ an exception is thrown.
+ - asn1.eac.CertificateBody was returning certificateEffectiveDate
+ from getCertificateExpirationDate(). This has been fixed to
+ return certificateExpirationDate.
+ - DTLS: Fixed retransmission in response to re-receipt of an
+ aggregated ChangeCipherSpec.
+ - (D)TLS: Fixed compliance for supported_groups extension.
+ Server will no longer negotiate an EC cipher suite using a
+ default curve when the ClientHello includes the supported_groups
+ extension but it contains no curves in common with the server.
+ Similarly, a DH cipher suite will not be negotiated when the
+ ClientHello includes supported_groups, containing at least one
+ FFDHE group, but none in common with the server.
+ - IllegalStateException was being thrown by Ed25519/Ed448 SignatureSpi.
+ - TLS: class annotation issues that could occur between the BC
+ provider and the TLS API for the GCMParameterSpec class when
+ the jars were loaded on the boot class path have been addressed.
+ - Attempt to create an ASN.1 OID from a zero length byte array
+ is now caught at construction time.
+ - Attempt to create an X.509 extension block which is empty will
+ now be blocked cause an exception.
+ - IES implementation will now accept a null ParameterSpec if no
+ nonce is needed.
+ - An internal method in Arrays was failing to construct its
+ failure message correctly on an error.
+ - HSSKeyPublicParameters.generateLMSContext() would fail for a
+ unit depth key.
+ * Additional Features and Functionality:
+ - BCJSSE: Added org.bouncycastle.jsse.client.omitSigAlgsCertExtension
+ and org.bouncycastle.jsse.server.omitSigAlgsCertExtension boolean
+ system properties to control (for client and server resp.) whether
+ the signature_algorithms_cert extension should be omitted if it
+ would be identical to signature_algorithms. Defaults to true, the
+ historical behaviour.
+ - The low-level HPKE API now allows the sender to specify an
+ ephemeral key pair.
+ - Support has been added for the delta-certificate requests in line
+ with the current Chameleon Cert draft from the IETF.
+ - Some accommodation has been added for historical systems to
+ accommodate variations in the SHA-1 digest OID for CMS SignedData.
+ - TLS: the TLS API will now try "RSAwithDigestAndMFG1" as well as
+ the newer RSAPSS algorithm names when used with the JCA.
+ - TLS: RSA key exchange cipher suites are now disabled by default.
+ - Support has been added for PKCS#10 requests to allow certificates
+ using the altSignature/altPublicKey extensions.
+ * Notes:
+ - Kyber and Dilithium have been updated according to the latest
+ draft of the standard. Dilithium-AES and Kyber-AES have now been
+ removed. Kyber now produces 256 bit secrets for all parameter sets
+ (in line with the draft standard).
+ - NTRU has been updated to produce 256 bit secrets in line with Kyber.
+ - SPHINCS+ can now be used to generate certificates in line with
+ those used by (Open Quantum Safe) OQS.
+ - Falcon object idenitifiers are now in line with OQS as well.
+ - PQC CMS SignedData now defaults to SHA-256 for signed attributes
+ rather than SHAKE-256. This is also a compatibility change, but may
+ change further again as the IETF standard for CMS is updated.
+
-------------------------------------------------------------------
Wed Oct 18 13:28:47 UTC 2023 - Pedro Monreal
diff --git a/bouncycastle.spec b/bouncycastle.spec
index c7f3e62..bb21533 100644
--- a/bouncycastle.spec
+++ b/bouncycastle.spec
@@ -17,7 +17,7 @@
%global ver_major 1
-%global ver_minor 76
+%global ver_minor 77
%global gittag r%{ver_major}rv%{ver_minor}
%global archivever jdk18on-%{ver_major}%{ver_minor}
%global classname org.bouncycastle.jce.provider.BouncyCastleProvider
diff --git a/r1rv76.tar.gz b/r1rv76.tar.gz
deleted file mode 100644
index 6e0bdf8..0000000
--- a/r1rv76.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:20524a31378291def8e2d7d387550f4f70f34590e431a425d29b64bd57159866
-size 31256952
diff --git a/r1rv77.tar.gz b/r1rv77.tar.gz
new file mode 100644
index 0000000..b265c86
--- /dev/null
+++ b/r1rv77.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:09659ee93ba2143d0db9107ddf515142f1d90e03d82d3e46a16e21e9eafeba84
+size 31402744