From e17cf6e6b9e3bc8594ad6703888a7aed3cd038a8295c5559d265d796da1fe8e6 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 29 Jul 2020 05:46:14 +0000 Subject: [PATCH] Accepting request 823216 from home:pmonrealgonzalez:branches:Java:packages - Version update to 1.66 * Defects Fixed: - EdDSA verifiers now reset correctly after rejecting overly long signatures. - BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. - qTESLA-I verifier would reject some valid signatures. - qTESLA verifiers now reject overly long signatures. - PGP regression caused failure to preserve existing version header when headers were reset. - PKIXNameConstraintValidator had a bad cast preventing use of multiple OtherName constraints. - Serialisation of the non-CRT RSA Private Key could cause a NullPointerException. - An extra 4 bytes was included in the start of HSS public key encodings. - CMS with Ed448 using a direct signature was using id-shake256-len rather than id-shake256. - Use of GCMParameterSpec could cause an AccessControlException under some circumstances. - DTLS: Fixed high-latency HelloVerifyRequest handshakes. - An encoding bug for rightEncoded() in KMAC has been fixed. - For a few values the cSHAKE implementation would add unnecessary pad bytes where the N and S strings produced encoded data that was block aligned. - There were a few circumstances where Argon2BytesGenerator might hit an unexpected null. These have been removed. * Additional Features and Functionality - The qTESLA signature algorithm has been updated to v2.8 (20191108). - BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension. - Support has been added for "ocsp.enable", "ocsp.responderURL" and PKIXRevocationChecker for users of Java 8 and later. - Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator. - BCJSSE: Now supports system property 'jsse.enableFFDHE' - BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' OBS-URL: https://build.opensuse.org/request/show/823216 OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=60 --- ...dk15on-1.65.pom => bcmail-jdk15on-1.66.pom | 8 +-- ...-jdk15on-1.65.pom => bcpg-jdk15on-1.66.pom | 6 +-- ...dk15on-1.65.pom => bcpkix-jdk15on-1.66.pom | 6 +-- ...dk15on-1.65.pom => bcprov-jdk15on-1.66.pom | 4 +- ...jdk15on-1.65.pom => bctls-jdk15on-1.66.pom | 4 +- bouncycastle.changes | 51 +++++++++++++++++++ bouncycastle.spec | 6 +-- r1rv65.tar.gz | 3 -- r1rv66.tar.gz | 3 ++ 9 files changed, 71 insertions(+), 20 deletions(-) rename bcmail-jdk15on-1.65.pom => bcmail-jdk15on-1.66.pom (77%) rename bcpg-jdk15on-1.65.pom => bcpg-jdk15on-1.66.pom (83%) rename bcpkix-jdk15on-1.65.pom => bcpkix-jdk15on-1.66.pom (84%) rename bcprov-jdk15on-1.65.pom => bcprov-jdk15on-1.66.pom (94%) rename bctls-jdk15on-1.65.pom => bctls-jdk15on-1.66.pom (95%) delete mode 100644 r1rv65.tar.gz create mode 100644 r1rv66.tar.gz diff --git a/bcmail-jdk15on-1.65.pom b/bcmail-jdk15on-1.66.pom similarity index 77% rename from bcmail-jdk15on-1.65.pom rename to bcmail-jdk15on-1.66.pom index 3ab803e..7e62b4e 100644 --- a/bcmail-jdk15on-1.65.pom +++ b/bcmail-jdk15on-1.66.pom @@ -5,8 +5,8 @@ bcmail-jdk15on jar Bouncy Castle S/MIME API - 1.65 - The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. + 1.66 + The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. http://www.bouncycastle.org/java.html @@ -33,13 +33,13 @@ org.bouncycastle bcprov-jdk15on - 1.65 + 1.66 jar org.bouncycastle bcpkix-jdk15on - 1.65 + 1.66 jar diff --git a/bcpg-jdk15on-1.65.pom b/bcpg-jdk15on-1.66.pom similarity index 83% rename from bcpg-jdk15on-1.65.pom rename to bcpg-jdk15on-1.66.pom index 2bfe805..22a5756 100644 --- a/bcpg-jdk15on-1.65.pom +++ b/bcpg-jdk15on-1.66.pom @@ -5,8 +5,8 @@ bcpg-jdk15on jar Bouncy Castle OpenPGP API - 1.65 - The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. + 1.66 + The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. http://www.bouncycastle.org/java.html @@ -38,7 +38,7 @@ org.bouncycastle bcprov-jdk15on - 1.65 + 1.66 jar diff --git a/bcpkix-jdk15on-1.65.pom b/bcpkix-jdk15on-1.66.pom similarity index 84% rename from bcpkix-jdk15on-1.65.pom rename to bcpkix-jdk15on-1.66.pom index 197e262..bf78f69 100644 --- a/bcpkix-jdk15on-1.65.pom +++ b/bcpkix-jdk15on-1.66.pom @@ -5,8 +5,8 @@ bcpkix-jdk15on jar Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs - 1.65 - The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. + 1.66 + The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. http://www.bouncycastle.org/java.html @@ -33,7 +33,7 @@ org.bouncycastle bcprov-jdk15on - 1.65 + 1.66 jar diff --git a/bcprov-jdk15on-1.65.pom b/bcprov-jdk15on-1.66.pom similarity index 94% rename from bcprov-jdk15on-1.65.pom rename to bcprov-jdk15on-1.66.pom index d574355..563a0d5 100644 --- a/bcprov-jdk15on-1.65.pom +++ b/bcprov-jdk15on-1.66.pom @@ -5,8 +5,8 @@ bcprov-jdk15on jar Bouncy Castle Provider - 1.65 - The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8. + 1.66 + The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. http://www.bouncycastle.org/java.html diff --git a/bctls-jdk15on-1.65.pom b/bctls-jdk15on-1.66.pom similarity index 95% rename from bctls-jdk15on-1.65.pom rename to bctls-jdk15on-1.66.pom index 6583871..e1c8bb2 100644 --- a/bctls-jdk15on-1.65.pom +++ b/bctls-jdk15on-1.66.pom @@ -5,7 +5,7 @@ bctls-jdk15on jar Bouncy Castle JSSE provider and TLS/DTLS API - 1.65 + 1.66 The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE. http://www.bouncycastle.org/java.html @@ -33,7 +33,7 @@ org.bouncycastle bcprov-jdk15on - 1.65 + 1.66 jar diff --git a/bouncycastle.changes b/bouncycastle.changes index a85e279..95aa50c 100644 --- a/bouncycastle.changes +++ b/bouncycastle.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Tue Jul 28 18:50:39 UTC 2020 - Pedro Monreal + +- Version update to 1.66 + * Defects Fixed: + - EdDSA verifiers now reset correctly after rejecting overly long signatures. + - BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. + - qTESLA-I verifier would reject some valid signatures. + - qTESLA verifiers now reject overly long signatures. + - PGP regression caused failure to preserve existing version header when + headers were reset. + - PKIXNameConstraintValidator had a bad cast preventing use of multiple + OtherName constraints. + - Serialisation of the non-CRT RSA Private Key could cause a NullPointerException. + - An extra 4 bytes was included in the start of HSS public key encodings. + - CMS with Ed448 using a direct signature was using id-shake256-len + rather than id-shake256. + - Use of GCMParameterSpec could cause an AccessControlException under + some circumstances. + - DTLS: Fixed high-latency HelloVerifyRequest handshakes. + - An encoding bug for rightEncoded() in KMAC has been fixed. + - For a few values the cSHAKE implementation would add unnecessary pad bytes + where the N and S strings produced encoded data that was block aligned. + - There were a few circumstances where Argon2BytesGenerator might hit an + unexpected null. These have been removed. + * Additional Features and Functionality + - The qTESLA signature algorithm has been updated to v2.8 (20191108). + - BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension. + - Support has been added for "ocsp.enable", "ocsp.responderURL" and + PKIXRevocationChecker for users of Java 8 and later. + - Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator. + - BCJSSE: Now supports system property 'jsse.enableFFDHE' + - BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' + and 'jdk.tls.server.SignatureSchemes'. + - Multi-release support has been added for Java 11 XECKeys. + - Multi-release support has been added for Java 15 EdECKeys. + - The MiscPEMGenerator will now output general PrivateKeyInfo structures. + - A new property "org.bouncycastle.pkcs8.v1_info_only" has been added to + make the provider only produce version 1 PKCS8 PrivateKeyInfo structures. + - The PKIX CertPathBuilder will now take the target certificate from the target + constraints if a specific certificate is given to the selector. + - BCJSSE: A range of ARIA and CAMELLIA cipher suites added to supported list. + - BCJSSE: Now supports the PSS signature schemes from RFC 8446 (TLS 1.2 onwards). + - Performance of the Base64 encoder has been improved. + - The PGPPublicKey class will now include direct key signatures when checking + for key expiry times. + * NOTES: + - The qTESLA update breaks compatibility with previous versions. + Private keys now include a hash of the public key at the end, + and signatures are no longer interoperable with previous versions. + ------------------------------------------------------------------- Wed Apr 29 09:28:03 UTC 2020 - Pedro Monreal Gonzalez diff --git a/bouncycastle.spec b/bouncycastle.spec index 36d256f..efa11ad 100644 --- a/bouncycastle.spec +++ b/bouncycastle.spec @@ -16,9 +16,9 @@ # -%global ver 1.65 -%global shortver 165 -%global gittag r1rv65 +%global ver 1.66 +%global shortver 166 +%global gittag r1rv66 %global archivever jdk15on-%{shortver} %global classname org.bouncycastle.jce.provider.BouncyCastleProvider Name: bouncycastle diff --git a/r1rv65.tar.gz b/r1rv65.tar.gz deleted file mode 100644 index 065c92c..0000000 --- a/r1rv65.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e6419d3958b7d873e9a437105c65cb67603a6e56b6dc8facf3fbef046f64135f -size 55288564 diff --git a/r1rv66.tar.gz b/r1rv66.tar.gz new file mode 100644 index 0000000..ab4ea5a --- /dev/null +++ b/r1rv66.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2c1c7f41e65af6ca2249a4e655ec7f2a8377e73c17470d0c9d3545825e190198 +size 55409179