pool/bouncycastle
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 624022 from Java:packages

Browse Source 
- Version update to 1.60 bsc#1100694:
  * CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code
  * Release notes:
    http://www.bouncycastle.org/releasenotes.html

- Version update to 1.59:
  * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
    signature on verification (boo#1095722).
  * CVE-2016-1000339: Fix AESEngine key information leak via lookup
    table accesses (boo#1095853).
  * CVE-2016-1000340: Fix carry propagation bugs in the
    implementation of squaring for several raw math classes
    (boo#1095854).
  * CVE-2016-1000341: Fix DSA signature generation vulnerability to
    timing attack (boo#1095852).
  * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
    signature on verification (boo#1095850).
  * CVE-2016-1000343: Fix week default settings for private DSA key
    pair generation (boo#1095849).
  * CVE-2016-1000344: Remove DHIES from the provider to disable the
    unsafe usage of ECB mode (boo#1096026).
  * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
    attack (boo#1096025).
  * CVE-2016-1000346: Fix other party DH public key validation
    (boo#1096024).
  * CVE-2016-1000352: Remove ECIES from the provider to disable the
    unsafe usage of ECB mode (boo#1096022).
- bumb target to 1.6

OBS-URL: https://build.opensuse.org/request/show/624022
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bouncycastle?expand=0&rev=20
This commit is contained in:
Dominique Leuenberger 2018-07-28 10:37:11 +00:00 committed by Git OBS Bridge
commit f74afc4ce8
5 changed files with 37 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bcprov-jdk15on-1.59.pom → bcprov-jdk15on-1.60.pom
View File

@ -5,7 +5,7 @@
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
<packaging>jar</packaging> <packaging>jar</packaging>
<name>Bouncy Castle Provider</name> <name>Bouncy Castle Provider</name>
<version>1.59</version> <version>1.60</version>
<description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.</description> <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.</description>
<url>http://www.bouncycastle.org/java.html</url> <url>http://www.bouncycastle.org/java.html</url>
<licenses> <licenses>

3
bcprov-jdk15on-159.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1277950662009c57575ad11f696a2824e6c8866f8f1331dd9b7b180b8697c91a
size 9065780

3
bcprov-jdk15on-160.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:92c042beb96bffec0890778ab036ac14d16f35da2ef21eaef8d8d23f340ee686
size 9207686

33
bouncycastle.changes
View File

@ -1,9 +1,38 @@
-------------------------------------------------------------------
Thu Jul 19 10:24:12 UTC 2018 - tchvatal@suse.com
- Version update to 1.60 bsc#1100694:
* CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code
* Release notes:
http://www.bouncycastle.org/releasenotes.html
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 11 12:32:43 UTC 2018 - abergmann@suse.com Mon Jun 11 12:32:43 UTC 2018 - abergmann@suse.com
- Version update to 1.59: - Version update to 1.59:
* CVE-2017-13098: Fix against Bleichenbacher oracle when not * CVE-2017-13098: Fix against Bleichenbacher oracle when not
using the lightweight APIs (boo#1072697). using the lightweight APIs (boo#1072697).
* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
signature on verification (boo#1095722).
* CVE-2016-1000339: Fix AESEngine key information leak via lookup
table accesses (boo#1095853).
* CVE-2016-1000340: Fix carry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).
* CVE-2016-1000341: Fix DSA signature generation vulnerability to
timing attack (boo#1095852).
* CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
signature on verification (boo#1095850).
* CVE-2016-1000343: Fix week default settings for private DSA key
pair generation (boo#1095849).
* CVE-2016-1000344: Remove DHIES from the provider to disable the
unsafe usage of ECB mode (boo#1096026).
* CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
attack (boo#1096025).
* CVE-2016-1000346: Fix other party DH public key validation
(boo#1096024).
* CVE-2016-1000352: Remove ECIES from the provider to disable the
unsafe usage of ECB mode (boo#1096022).
* Release notes: * Release notes:
http://www.bouncycastle.org/releasenotes.html http://www.bouncycastle.org/releasenotes.html
- Removed patch: - Removed patch:
@ -95,7 +124,7 @@ Wed Aug 28 08:25:18 UTC 2013 - mvyskocil@suse.com
------------------------------------------------------------------- -------------------------------------------------------------------
Fri May 18 12:39:28 UTC 2012 - mvyskocil@suse.cz Fri May 18 12:39:28 UTC 2012 - mvyskocil@suse.cz
- bumb target to 1.6 - bumb target to 1.6
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 16 14:19:33 UTC 2012 - mvyskocil@suse.cz Mon Jan 16 14:19:33 UTC 2012 - mvyskocil@suse.cz

4
bouncycastle.spec
View File

@ -16,8 +16,8 @@
# #
%define ver 1.59 %define ver 1.60
%define shortver 159 %define shortver 160
%define archivever jdk15on-%{shortver} %define archivever jdk15on-%{shortver}
%define classname org.bouncycastle.jce.provider.BouncyCastleProvider %define classname org.bouncycastle.jce.provider.BouncyCastleProvider
Name: bouncycastle Name: bouncycastle