Accepting request 1286769 from Java:packages

1.81

OBS-URL: https://build.opensuse.org/request/show/1286769
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bouncycastle?expand=0&rev=45

bcjmail-jdk18on-1.78.1.pom

@@ -1,52 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>org.bouncycastle</groupId>
-  <artifactId>bcjmail-jdk18on</artifactId>
-  <packaging>jar</packaging>
-  <name>Bouncy Castle Jakarta S/MIME API</name>
-  <version>1.78.1</version>
-  <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed.</description>
-  <url>https://www.bouncycastle.org/java.html</url>
-  <licenses>
-    <license>
-      <name>Bouncy Castle Licence</name>
-      <url>https://www.bouncycastle.org/licence.html</url>
-      <distribution>repo</distribution>
-    </license>
-  </licenses>
-  <scm>
-    <url>https://github.com/bcgit/bc-java</url>
-  </scm>
-  <issueManagement>
-     <system>GitHub</system>
-     <url>https://github.com/bcgit/bc-java/issues</url>
-  </issueManagement>
-  <developers>
-    <developer>
-      <id>feedback-crypto</id>
-      <name>The Legion of the Bouncy Castle Inc.</name>
-      <email>feedback-crypto@bouncycastle.org</email>
-    </developer>
-  </developers>
-  <dependencies>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
-  </dependencies>
-</project>

bcjmail-jdk18on-1.81.pom

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.bouncycastle</groupId>
+  <artifactId>bcjmail-jdk18on</artifactId>
+  <packaging>jar</packaging>
+  <name>Bouncy Castle JavaMail Jakarta S/MIME APIs</name>
+  <version>1.81</version>
+  <description>The Bouncy Castle Java APIs for doing S/MIME with the Jakarta Mail APIs. The APIs are designed primarily to be used in conjunction with the BC Java provider.</description>
+  <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url>
+  <licenses>
+    <license>
+      <name>Bouncy Castle Licence</name>
+      <url>https://www.bouncycastle.org/licence.html</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+  <scm>
+    <url>https://github.com/bcgit/bc-java</url>
+  </scm>
+  <issueManagement>
+     <system>GitHub</system>
+     <url>https://github.com/bcgit/bc-java/issues</url>
+  </issueManagement>
+  <developers>
+    <developer>
+      <id>feedback-crypto</id>
+      <name>The Legion of the Bouncy Castle Inc.</name>
+      <email>feedback-crypto@bouncycastle.org</email>
+    </developer>
+  </developers>
+  <dependencies>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk18on</artifactId>
+      <version>[1.81,1.82)</version>
+      <type>jar</type>
+    </dependency>
+  </dependencies>
+</project>

bcmail-jdk18on-1.78.1.pom

@@ -1,52 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>org.bouncycastle</groupId>
-  <artifactId>bcmail-jdk18on</artifactId>
-  <packaging>jar</packaging>
-  <name>Bouncy Castle S/MIME API</name>
-  <version>1.78.1</version>
-  <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
-  <url>https://www.bouncycastle.org/java.html</url>
-  <licenses>
-    <license>
-      <name>Bouncy Castle Licence</name>
-      <url>https://www.bouncycastle.org/licence.html</url>
-      <distribution>repo</distribution>
-    </license>
-  </licenses>
-  <scm>
-    <url>https://github.com/bcgit/bc-java</url>
-  </scm>
-  <issueManagement>
-     <system>GitHub</system>
-     <url>https://github.com/bcgit/bc-java/issues</url>
-  </issueManagement>
-  <developers>
-    <developer>
-      <id>feedback-crypto</id>
-      <name>The Legion of the Bouncy Castle Inc.</name>
-      <email>feedback-crypto@bouncycastle.org</email>
-    </developer>
-  </developers>
-  <dependencies>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
-  </dependencies>
-</project>

bcmail-jdk18on-1.81.pom

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.bouncycastle</groupId>
+  <artifactId>bcmail-jdk18on</artifactId>
+  <packaging>jar</packaging>
+  <name>Bouncy Castle JavaMail S/MIME APIs</name>
+  <version>1.81</version>
+  <description>The Bouncy Castle Java APIs for doing S/MIME with JavaMail. The APIs are designed primarily to be used in conjunction with the BC Java provider.</description>
+  <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url>
+  <licenses>
+    <license>
+      <name>Bouncy Castle Licence</name>
+      <url>https://www.bouncycastle.org/licence.html</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+  <scm>
+    <url>https://github.com/bcgit/bc-java</url>
+  </scm>
+  <issueManagement>
+     <system>GitHub</system>
+     <url>https://github.com/bcgit/bc-java/issues</url>
+  </issueManagement>
+  <developers>
+    <developer>
+      <id>feedback-crypto</id>
+      <name>The Legion of the Bouncy Castle Inc.</name>
+      <email>feedback-crypto@bouncycastle.org</email>
+    </developer>
+  </developers>
+  <dependencies>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk18on</artifactId>
+      <version>[1.81,1.82)</version>
+      <type>jar</type>
+    </dependency>
+  </dependencies>
+</project>

bcpg-jdk18on-1.81.pom

@@ -4,10 +4,10 @@
   <groupId>org.bouncycastle</groupId>
   <artifactId>bcpg-jdk18on</artifactId>
   <packaging>jar</packaging>
-  <name>Bouncy Castle OpenPGP API</name>
-  <version>1.78.1</version>
-  <description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
-  <url>https://www.bouncycastle.org/java.html</url>
+  <name>Bouncy Castle OpenPGP APIs</name>
+  <version>1.81</version>
+  <description>The Bouncy Castle Java APIs for the OpenPGP Protocol. The APIs are designed primarily to be used in conjunction with the BC Java provider but may also be used with other providers providing cryptographic services.</description>
+  <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url>
   <licenses>
     <license>
       <name>Bouncy Castle Licence</name>
@@ -38,13 +38,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.78.1</version>
+      <version>[1.81,1.82)</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.78.1</version>
+      <version>[1.81,1.82)</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcpkix-jdk18on-1.81.pom

@@ -5,9 +5,9 @@
   <artifactId>bcpkix-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name>
-  <version>1.78.1</version>
-  <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
-  <url>https://www.bouncycastle.org/java.html</url>
+  <version>1.81</version>
+  <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs are designed primarily to be used in conjunction with the BC Java provider but may also be used with other providers providing cryptographic services.</description>
+  <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url>
   <licenses>
     <license>
       <name>Bouncy Castle Licence</name>
@@ -30,16 +30,10 @@
     </developer>
   </developers>
   <dependencies>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.78.1</version>
+      <version>[1.81,1.82)</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcprov-jdk18on-1.81.pom

@@ -5,9 +5,9 @@
   <artifactId>bcprov-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle Provider</name>
-  <version>1.78.1</version>
-  <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.</description>
-  <url>https://www.bouncycastle.org/java.html</url>
+  <version>1.81</version>
+  <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains the JCA/JCE provider and low-level API for the BC Java version 1.81 for Java 8 and later.</description>
+  <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url>
   <licenses>
     <license>
       <name>Bouncy Castle Licence</name>

bctls-jdk18on-1.81.pom

@@ -4,10 +4,10 @@
   <groupId>org.bouncycastle</groupId>
   <artifactId>bctls-jdk18on</artifactId>
   <packaging>jar</packaging>
-  <name>Bouncy Castle JSSE provider and TLS/DTLS API</name>
-  <version>1.78.1</version>
-  <description>The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.</description>
-  <url>https://www.bouncycastle.org/java.html</url>
+  <name>Bouncy Castle TLS/JSSE APIs</name>
+  <version>1.81</version>
+  <description>The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC Java provider but may also be used with other providers providing cryptographic services.</description>
+  <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url>
   <licenses>
     <license>
       <name>Bouncy Castle Licence</name>
@@ -30,16 +30,10 @@
     </developer>
   </developers>
   <dependencies>
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.78.1</version>
-      <type>jar</type>
-    </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.78.1</version>
+      <version>[1.81,1.82)</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcutil-jdk18on-1.81.pom

@@ -5,9 +5,9 @@
   <artifactId>bcutil-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle ASN.1 Extension and Utility APIs</name>
-  <version>1.78.1</version>
-  <description>The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.</description>
-  <url>https://www.bouncycastle.org/java.html</url>
+  <version>1.81</version>
+  <description>The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for Java 8 and later.</description>
+  <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url>
   <licenses>
     <license>
       <name>Bouncy Castle Licence</name>
@@ -33,7 +33,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.78.1</version>
+      <version>[1.81,1.82)</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bouncycastle-char-literal.patch

@@ -0,0 +1,11 @@
+--- bc-java-r1v81/pg/src/main/java/org/bouncycastle/bcpg/ArmoredOutputStream.java	2025-06-18 16:53:17.839002101 +0200
++++ bc-java-r1v81/pg/src/main/java/org/bouncycastle/bcpg/ArmoredOutputStream.java	2025-06-18 16:53:25.752560133 +0200
+@@ -619,7 +619,7 @@
+ 
+             if (comment.length() > availableCommentCharsPerLine)
+             {
+-                comment = comment.substring(0, availableCommentCharsPerLine - 1) + '…';
++                comment = comment.substring(0, availableCommentCharsPerLine - "…".length()) + "…";
+             }
+             addComment(comment);
+             return this;

bouncycastle-notests.patch

@@ -1,7 +1,7 @@
-Index: bc-java-r1rv78/ant/bc+-build.xml
+Index: bc-java-r1rv79/ant/bc+-build.xml
 ===================================================================
---- bc-java-r1rv78.orig/ant/bc+-build.xml
-+++ bc-java-r1rv78/ant/bc+-build.xml
+--- bc-java-r1rv79.orig/ant/bc+-build.xml
++++ bc-java-r1rv79/ant/bc+-build.xml
 @@ -280,7 +280,7 @@
  
      </target>
@@ -11,7 +11,7 @@ Index: bc-java-r1rv78/ant/bc+-build.xml
  
      <target name="build-lw" depends="initMacros">
          <!--
-@@ -935,149 +935,6 @@
+@@ -964,148 +964,6 @@
  
      </target>
  
@@ -98,7 +98,7 @@ Index: bc-java-r1rv78/ant/bc+-build.xml
 -        <property name="test.target.src.dir" value="${test.target.dir}/src" />
 -
 -        <mkdir dir="${basedir}/${build.dir}/${target.prefix}" />
--        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed" printsummary="${junit.printsummary}">
+-        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed" printsummary="${junit.printsummary}" maxmemory="${junit.maxmemory}">
 -            <classpath>
 -                <path refid="project.classpath" /> 
 -                <fileset dir="${artifacts.jars.dir}">
@@ -157,7 +157,6 @@ Index: bc-java-r1rv78/ant/bc+-build.xml
 -            <report format="frames" todir="${artifacts.reports.html.dir}" />
 -        </junitreport>
 -    </target>
--
+ 
      <target name="javadoc-libraries" depends="javadoc-util, javadoc-pkix, javadoc-mail, javadoc-jmail, javadoc-pg" />
  
-     <!--

bouncycastle.changes

@@ -1,3 +1,180 @@
+-------------------------------------------------------------------
+Wed Jun 18 15:04:37 UTC 2025 - Fridrich Strba <fstrba@suse.com>
+
+- Added patch:
+  * bouncycastle-char-literal.patch
+    + Somehow, during the build, one unicode character become too
+      long for being a char literal. Consider it as string then.
+
+-------------------------------------------------------------------
+Wed Jun 18 07:36:53 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.81:
+  * Defects Fixed:
+    - A potention NullPointerException in the KEM KDF KemUtil class
+      has been removed.
+    - Overlapping input/output buffers in doFinal could result in
+      data corruption.
+    - Fixed Grain-128AEAD decryption incorrectly handle MAC verification.
+    - Add configurable header validation to prevent malicious header
+      injection in PGP cleartext signed messages; Fix signature packet
+      encoding issues in PGPSignature.join() and embedded signatures
+      while phasing out legacy format.
+    - Fixed ParallelHash initialization stall when using block size B=0.
+    - The PRF from the PBKDF2 function was been lost when PBMAC1 was
+      initialized from protectionAlgorithm. This has been fixed.
+    - The lowlevel DigestFactory was cloning MD5 when being asked
+      to clone SHA1.
+  * Additional Features and Functionality:
+    - XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/
+    - Further support has been added for generation and use of PGP V6 keys
+    - Additional validation has been added for armored headers in Cleartext
+      Signed Messages.
+    - The PQC signature algorithm proposal Mayo has been added to the
+      low-level API and the BCPQC provider.
+    - The PQC signature algorithm proposal Snova has been added to the
+      low-level API and the BCPQC provider.
+    - Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs.
+    - The Falcon implementation has been updated to the latest draft.
+    - Support has been added for generating keys which encode as seed-only
+      and expanded-key-only for ML-KEM and ML-DSA private keys.
+    - Private key encoding of ML-DSA and ML-KEM private keys now follows
+      the latest IETF draft.
+    - The Ascon family of algorithms has been updated to the initial draft
+      of SP 800-232. Some additional optimisation work has been done.
+    - Support for ML-DSA's external-mu calculation and signing has been
+      added to the BC provider.
+    - CMS now supports ML-DSA for SignedData generation.
+    - Introduce high-level OpenPGP API for message creation/consumption
+      and certificate evaluation.
+    - Added JDK21 KEM API implementation for HQC algorithm.
+    - BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks.
+    - BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-agreement-05).
+    - BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-mlkem-00).
+    - BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order
+      (BCSSLParameters.useNamedGroupsOrder).
+
+-------------------------------------------------------------------
+Mon Feb  3 21:14:42 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.80:
+  * Defects Fixed:
+    - A splitting issue for ML-KEM led to an incorrect size for kemct
+      in KEMRecipientInfos. This has been fixed.
+    - The PKCS12 KeyStore has been adjusted to prevent accidental doubling
+      of the Oracle trusted certificate attribute (results in an IOException
+      when used with the JVM PKCS12 implementation).
+    - The SignerInfoGenerator copy constructor was ignoring the certHolder field.
+    - The getAlgorithm() method return value for a CompositePrivateKey was
+      not consistent with the corresponding getAlgorithm() return value for
+      the CompositePrivateKey. This has been fixed.
+    - The international property files were missing from the bcjmail distribution.
+    - Issues with ElephantEngine failing on processing large/multi-block messages
+      have been addressed.
+    - GCFB mode now fully resets on a reset.
+    - The lightweight algorithm contestants: Elephant, ISAP, PhotonBeetle,
+      Xoodyak now support the use of the AEADParameters class and provide
+      accurate update/doFinal output lengths.
+    - An unnecessary downcast in CertPathValidatorUtilities was resulting
+      in the ignoring of URLs for FTP based CRLs.
+    - A regression in the OpenPGP API could cause NoSuchAlgorithmException
+      to be thrown when attempting to use SHA-256 in some contexts.
+    - EtsiTs1029411TypesAuthorization was missing an extension field.
+    - Interoperability issues with single depth LMS keys have been addressed.
+  * Additional Features and Functionality:
+    - CompositeSignatures now updated to draft-ietf-lamps-pq-composite-sigs-03.
+    - ML-KEM, ML-DSA, SLH-DSA, and Composite private keys now use raw encodings
+      as per the latest drafts from IETF 121: draft-ietf-lamps-kyber-certificates-06,
+      draft-ietf-lamps-dilithium-certificates-05, and draft-ietf-lamps-x509-slhdsa.
+    - Initial support has been added for RFC 9579 PBMAC1 in the PKCS API.
+    - Support has been added for EC-JPAKE to the lightweight API.
+    - Support has been added for the direct construction of S/MIME AuthEnvelopedData
+      objects, via the SMIMEAuthEnvelopedData class.
+    - An override "org.bouncycastle.asn1.allow_wrong_oid_enc" property has been
+      added to disable new OID encoding checks (use with caution).
+    - Support has been added for the PBEParemeterSpec.getParameterSpec()
+      method where supported by the JVM.
+    - ML-DSA/SLH-DSA now return null for Signature.getParameters() if no context
+      is provided. This allows the algorithms to be used with the existing Java key tool.
+    - HQC has been updated to reflect the reference implementation released on 2024-10-30.
+    - Support has been added to the low-level APIs for the OASIS Shamir Secret
+      Splitting algorithms.
+    - BCJSSE: System property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12"
+      no longer used. FIPS TLS 1.2 GCM suites can now be enabled according to
+      JcaTlsCrypto#getFipsGCMNonceGeneratorFactory (see JavaDoc for details) if
+      done in alignment with FIPS requirements.
+    - Support has been added for OpenPGP V6 PKESK and message encryption.
+    - PGPSecretKey.copyWithNewPassword() now includes AEAD support.
+    - The ASCON family of algorithms have been updated in accordance with the
+      published FIPS SP 800-232 draft.
+
+-------------------------------------------------------------------
+Mon Nov  4 10:49:54 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.79:
+  * Defects Fixed:
+    - Leading zeroes were sometimes dropped from Ed25519 signatures
+      leading to verification errors in the PGP API.
+    - Default version string for Armored Output is now set correctly in 18on build.
+    - The Elephant cipher would fail on large messages.
+    - CMSSignedData.replaceSigners() would re-encode the digest algorithms
+      block, occassionally dropping ones where NULL had been previously
+      added as an algorithm parameter. The method now attempts to only use
+      the original digest algorithm identifiers.
+    - ERSInputStreamData would fail to generate the correct hash if
+      called a second time with a different hash algorithm.
+    - A downcast in the CrlCache which would cause FTP based CRLs to fail
+      to load has been removed.
+    - ECUtil.getNamedCurveOid() now trims curve names of excess space
+      before look up.
+    - The PhotonBeetle and Xoodyak digests did not reset properly after
+      a doFinal() call.
+    - Malformed AlgorithmIdentifiers in CertIDs could cause caching
+      issues in the OCSP cache.
+    - With Java 21 a provider service class will now be returned with
+      a null class name where previously a null would have been returned
+      for a service. This can cause a NullPointerException to be thrown
+      by the BC provider if a non-existant service is requested.
+    - CMS: OtherKeyAttribute.keyAttr now treated as optional.
+    - CMS: EnvelopedData and AuthEnvelopedData could calculate the wrong versions.
+    - The default version header for PGP armored output did not carry
+      the correct version string.
+    - In some situations the algorithm lookup for creating PGPDigestCalculators
+      would fail due to truncation of the algorithm name.
+  * Additional Features and Functionality:
+    - Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA.
+    - The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA
+      (including pre-hash) have been added to the BC provider and the lightweight API.
+    - A new spec, ContextParameterSpec, has been added to support
+      signature contexts for ML-DSA and SLH-DSA.
+    - BCJSSE: Added support for security property
+      "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).
+    - BCJSSE: Added support for signature_algorithms_cert configuration via
+      "org.bouncycastle.jsse.client.SignatureSchemesCert" and
+      "org.bouncycastle.jsse.server.SignatureSchemesCert" system properties
+      or BCSSLParameters property "SignatureSchemesCert".
+    - BCJSSE: Added support for boolean system property
+      "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default).
+    - (D)TLS: Remove redundant verification of self-generated RSA signatures.
+    - CompositePrivateKeys now support the latest revision of the composite
+      signature draft.
+    - Delta Certificates now support the latest revision of the delta
+      certificate extension draft.
+    - A general KeyIdentifier class, encapsulating both PGP KeyID and the
+      PGP key fingerprint has been added to the PGP API.
+    - Support for the LibrePGP PreferredEncryptionModes signature subpacket
+      has been added to the PGP API.
+    - Support for Version 6 signatures, including salts, has been added to the PGP API.
+    - Support for the PreferredKeyServer signature supacket has been added to the PGP API.
+    - Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)",
+      has been added to the CMS API.
+    - Support for the Argon2 S2K has been added to the PGP API.
+    - The system property "org.bouncycastle.pemreader.lax" has been introduced
+      for situations where the BC PEM parsing is now too strict.
+    - The system property "org.bouncycastle.ec.disable_f2m" has been introduced
+      to allow F2m EC support to be disabled.
+  * Rebase bouncycastle-notests.patch
+
 -------------------------------------------------------------------
 Mon Apr 29 16:07:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 
@@ -17,6 +194,7 @@ Mon Apr 29 16:07:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
 Mon Apr 29 06:39:43 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 
 - Update to version 1.78: [bsc#1223252, CVE-2024-30171]
+  [bsc#1224304, CVE-2024-30172] [bsc#1224299, CVE-2024-29857]
   * Security Advisories.
     - CVE-2024-29857: Importing an EC certificate with specially crafted
       F2m parameters can cause high CPU usage during parameter evaluation.

bouncycastle.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package bouncycastle
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,10 +17,10 @@
 
 
 %global ver_major 1
-%global ver_minor 78
-%global ver_micro 1
-%global gittag r%{ver_major}rv%{ver_minor}%{?ver_micro:v%{ver_micro}}
-%global archivever jdk18on-%{ver_major}%{ver_minor}%{?ver_micro:0%{ver_micro}}
+%global ver_minor 81
+#%%global ver_micro 1
+%global gittag r%{ver_major}v%{ver_minor}%{?ver_micro:v%{ver_micro}}
+%global archivever jdk18on-%{ver_major}.%{ver_minor}%{?ver_micro:0%{ver_micro}}
 %global classname org.bouncycastle.jce.provider.BouncyCastleProvider
 Name:           bouncycastle
 Version:        %{ver_major}.%{ver_minor}%{?ver_micro:.%{ver_micro}}
@@ -43,6 +43,7 @@ Patch0:         bouncycastle-javadoc.patch
 # PATCH-FIX-OPENSUSE Add OSGi manifests to the distributed jars
 Patch1:         bouncycastle-osgi.patch
 Patch2:         bouncycastle-notests.patch
+Patch3:         bouncycastle-char-literal.patch
 BuildRequires:  ant
 BuildRequires:  ant-junit
 BuildRequires:  fdupes
@@ -161,6 +162,7 @@ touch %{buildroot}%{_sysconfdir}/java/security/security.d/2000-%{classname}
 
 install -dm 0755 %{buildroot}%{_javadir}
 install -dm 0755 %{buildroot}%{_mavenpomdir}
+
 for bc in bcprov bcpkix bcpg bcmail bctls bcutil bcjmail ; do
   install -pm 0644 build/artifacts/jdk1.8/jars/$bc-%{archivever}.jar %{buildroot}%{_javadir}/$bc.jar
   %{mvn_install_pom} %{_sourcedir}/$bc-jdk18on-%{version}.pom %{buildroot}%{_mavenpomdir}/$bc.pom

r1v81.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:839bc1736435aa77816a132883513c1b0e92ae6804770ff6b9a9e3717c2ea0c7
+size 47999131