Accepting request 823216 from home:pmonrealgonzalez:branches:Java:packages

- Version update to 1.66 * Defects Fixed: - EdDSA verifiers now reset correctly after rejecting overly long signatures. - BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. - qTESLA-I verifier would reject some valid signatures. - qTESLA verifiers now reject overly long signatures. - PGP regression caused failure to preserve existing version header when headers were reset. - PKIXNameConstraintValidator had a bad cast preventing use of multiple OtherName constraints. - Serialisation of the non-CRT RSA Private Key could cause a NullPointerException. - An extra 4 bytes was included in the start of HSS public key encodings. - CMS with Ed448 using a direct signature was using id-shake256-len rather than id-shake256. - Use of GCMParameterSpec could cause an AccessControlException under some circumstances. - DTLS: Fixed high-latency HelloVerifyRequest handshakes. - An encoding bug for rightEncoded() in KMAC has been fixed. - For a few values the cSHAKE implementation would add unnecessary pad bytes where the N and S strings produced encoded data that was block aligned. - There were a few circumstances where Argon2BytesGenerator might hit an unexpected null. These have been removed. * Additional Features and Functionality - The qTESLA signature algorithm has been updated to v2.8 (20191108). - BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension. - Support has been added for "ocsp.enable", "ocsp.responderURL" and PKIXRevocationChecker for users of Java 8 and later. - Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator. - BCJSSE: Now supports system property 'jsse.enableFFDHE' - BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' OBS-URL: https://build.opensuse.org/request/show/823216 OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=60
2020-07-29 05:46:14 +00:00 · 2020-07-29 05:46:14 +00:00 · e17cf6e6b9
commit e17cf6e6b9
parent 0c8c1f0bf9
9 changed files with 71 additions and 20 deletions
--- a/bcmail-jdk15on-1.66.pom
+++ b/bcmail-jdk15on-1.66.pom
@ -5,8 +5,8 @@
  <artifactId>bcmail-jdk15on</artifactId>
  <packaging>jar</packaging>
  <name>Bouncy Castle S/MIME API</name>
-  <version>1.65</version>
-  <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
+  <version>1.66</version>
+  <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
  <url>http://www.bouncycastle.org/java.html</url>
  <licenses>
    <license>
@ -33,13 +33,13 @@
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
-      <version>1.65</version>
+      <version>1.66</version>
      <type>jar</type>
    </dependency>
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcpkix-jdk15on</artifactId>
-      <version>1.65</version>
+      <version>1.66</version>
      <type>jar</type>
    </dependency>
  </dependencies>
--- a/bcpg-jdk15on-1.66.pom
+++ b/bcpg-jdk15on-1.66.pom
@ -5,8 +5,8 @@
  <artifactId>bcpg-jdk15on</artifactId>
  <packaging>jar</packaging>
  <name>Bouncy Castle OpenPGP API</name>
-  <version>1.65</version>
-  <description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
+  <version>1.66</version>
+  <description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
  <url>http://www.bouncycastle.org/java.html</url>
  <licenses>
    <license>
@ -38,7 +38,7 @@
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
-      <version>1.65</version>
+      <version>1.66</version>
      <type>jar</type>
    </dependency>
  </dependencies>
--- a/bcpkix-jdk15on-1.66.pom
+++ b/bcpkix-jdk15on-1.66.pom
@ -5,8 +5,8 @@
  <artifactId>bcpkix-jdk15on</artifactId>
  <packaging>jar</packaging>
  <name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name>
-  <version>1.65</version>
-  <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
+  <version>1.66</version>
+  <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
  <url>http://www.bouncycastle.org/java.html</url>
  <licenses>
    <license>
@ -33,7 +33,7 @@
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
-      <version>1.65</version>
+      <version>1.66</version>
      <type>jar</type>
    </dependency>
  </dependencies>
--- a/bcprov-jdk15on-1.66.pom
+++ b/bcprov-jdk15on-1.66.pom
@ -5,8 +5,8 @@
  <artifactId>bcprov-jdk15on</artifactId>
  <packaging>jar</packaging>
  <name>Bouncy Castle Provider</name>
-  <version>1.65</version>
-  <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.</description>
+  <version>1.66</version>
+  <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.</description>
  <url>http://www.bouncycastle.org/java.html</url>
  <licenses>
    <license>
--- a/bctls-jdk15on-1.66.pom
+++ b/bctls-jdk15on-1.66.pom
@ -5,7 +5,7 @@
  <artifactId>bctls-jdk15on</artifactId>
  <packaging>jar</packaging>
  <name>Bouncy Castle JSSE provider and TLS/DTLS API</name>
-  <version>1.65</version>
+  <version>1.66</version>
  <description>The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.</description>
  <url>http://www.bouncycastle.org/java.html</url>
  <licenses>
@ -33,7 +33,7 @@
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
-      <version>1.65</version>
+      <version>1.66</version>
      <type>jar</type>
    </dependency>
  </dependencies>
--- a/bouncycastle.changes
+++ b/bouncycastle.changes
@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Tue Jul 28 18:50:39 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Version update to 1.66
+  * Defects Fixed:
+    - EdDSA verifiers now reset correctly after rejecting overly long signatures.
+    - BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException.
+    - qTESLA-I verifier would reject some valid signatures.
+    - qTESLA verifiers now reject overly long signatures.
+    - PGP regression caused failure to preserve existing version header when
+      headers were reset.
+    - PKIXNameConstraintValidator had a bad cast preventing use of multiple
+      OtherName constraints.
+    - Serialisation of the non-CRT RSA Private Key could cause a NullPointerException.
+    - An extra 4 bytes was included in the start of HSS public key encodings.
+    - CMS with Ed448 using a direct signature was using id-shake256-len
+      rather than id-shake256.
+    - Use of GCMParameterSpec could cause an AccessControlException under
+      some circumstances.
+    - DTLS: Fixed high-latency HelloVerifyRequest handshakes.
+    - An encoding bug for rightEncoded() in KMAC has been fixed.
+    - For a few values the cSHAKE implementation would add unnecessary pad bytes
+      where the N and S strings produced encoded data that was block aligned.
+    - There were a few circumstances where Argon2BytesGenerator might hit an
+      unexpected null. These have been removed.
+  * Additional Features and Functionality
+    - The qTESLA signature algorithm has been updated to v2.8 (20191108).
+    - BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension.
+    - Support has been added for "ocsp.enable", "ocsp.responderURL" and
+      PKIXRevocationChecker for users of Java 8 and later.
+    - Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator.
+    - BCJSSE: Now supports system property 'jsse.enableFFDHE'
+    - BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes'
+      and 'jdk.tls.server.SignatureSchemes'.
+    - Multi-release support has been added for Java 11 XECKeys.
+    - Multi-release support has been added for Java 15 EdECKeys.
+    - The MiscPEMGenerator will now output general PrivateKeyInfo structures.
+    - A new property "org.bouncycastle.pkcs8.v1_info_only" has been added to
+      make the provider only produce version 1 PKCS8 PrivateKeyInfo structures.
+    - The PKIX CertPathBuilder will now take the target certificate from the target
+      constraints if a specific certificate is given to the selector.
+    - BCJSSE: A range of ARIA and CAMELLIA cipher suites added to supported list.
+    - BCJSSE: Now supports the PSS signature schemes from RFC 8446 (TLS 1.2 onwards).
+    - Performance of the Base64 encoder has been improved.
+    - The PGPPublicKey class will now include direct key signatures when checking
+      for key expiry times.
+  * NOTES:
+    - The qTESLA update breaks compatibility with previous versions.
+      Private keys now include a hash of the public key at the end,
+      and signatures are no longer interoperable with previous versions. 
+
 -------------------------------------------------------------------
 Wed Apr 29 09:28:03 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

--- a/bouncycastle.spec
+++ b/bouncycastle.spec
@ -16,9 +16,9 @@
 #


-%global ver  1.65
-%global shortver 165
-%global gittag r1rv65
+%global ver  1.66
+%global shortver 166
+%global gittag r1rv66
 %global archivever jdk15on-%{shortver}
 %global classname org.bouncycastle.jce.provider.BouncyCastleProvider
 Name:           bouncycastle
--- a/r1rv65.tar.gz
+++ b/r1rv65.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e6419d3958b7d873e9a437105c65cb67603a6e56b6dc8facf3fbef046f64135f
-size 55288564
--- a/r1rv66.tar.gz
+++ b/r1rv66.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c1c7f41e65af6ca2249a4e655ec7f2a8377e73c17470d0c9d3545825e190198
+size 55409179