daf896ac30
- Version update to 1.64 [bsc#1153385, CVE-2019-17359]
[bsc#1096291, CVE-2018-1000180][bsc#1100694, CVE-2018-1000613]
* Security Advisory:
- CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced
a regression that can cause an OutOfMemoryError to occur on
parsing ASN.1 data.
* Defects Fixed:
- OpenSSH: Fixed padding in generated Ed25519 private keys.
- GOST3410-2012-512 now uses the GOST3411-2012-256 as its KDF digest.
- Validation of headers in PemReader now looks for tailing dashes in header.
- Some compatibility issues around the signature encryption algorithm
field in CMS SignedData and the GOST algorithms have been addressed.
* Additional Features and Functionality:
- PKCS12 key stores containing only certificates can now be created
without the need to provide passwords.
- BCJSSE: Initial support for AlgorithmConstraints; protocol versions
and cipher suites.
- BCJSSE: Initial support for 'jdk.tls.disabledAlgorithms'; protocol
versions and cipher suites.
- BCJSSE: Add SecurityManager check to access session context.
- BCJSSE: Improved SunJSSE compatibility of the NULL_SESSION.
- BCJSSE: SSLContext algorithms updated for SunJSSE compatibility
(default enabled protocols).
- The digest functions Haraka-256 and Haraka-512 have been added to
the provider and the light-weight API
- XMSS/XMSS^MT key management now allows for allocating subsets of the
private key space using the extraKeyShard() method. Use of
StateAwareSignature is now deprecated.
- Support for Java 11's NamedParameterSpec class has been added
(using reflection) to the EC and EdEC KeyPairGenerator implementations.
OBS-URL: https://build.opensuse.org/request/show/737444
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=51
46 lines
1.6 KiB
XML
46 lines
1.6 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<project>
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<groupId>org.bouncycastle</groupId>
|
|
<artifactId>bcpg-jdk15on</artifactId>
|
|
<packaging>jar</packaging>
|
|
<name>Bouncy Castle OpenPGP API</name>
|
|
<version>1.64</version>
|
|
<description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
|
|
<url>https://www.bouncycastle.org/java.html</url>
|
|
<licenses>
|
|
<license>
|
|
<name>Bouncy Castle Licence</name>
|
|
<url>https://www.bouncycastle.org/licence.html</url>
|
|
<distribution>repo</distribution>
|
|
</license>
|
|
<license>
|
|
<name>Apache Software License, Version 1.1</name>
|
|
<url>https://www.apache.org/licenses/LICENSE-1.1</url>
|
|
<distribution>repo</distribution>
|
|
</license>
|
|
</licenses>
|
|
<scm>
|
|
<url>https://github.com/bcgit/bc-java</url>
|
|
</scm>
|
|
<issueManagement>
|
|
<system>GitHub</system>
|
|
<url>https://github.com/bcgit/bc-java/issues</url>
|
|
</issueManagement>
|
|
<developers>
|
|
<developer>
|
|
<id>feedback-crypto</id>
|
|
<name>The Legion of the Bouncy Castle Inc.</name>
|
|
<email>feedback-crypto@bouncycastle.org</email>
|
|
</developer>
|
|
</developers>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>org.bouncycastle</groupId>
|
|
<artifactId>bcprov-jdk15on</artifactId>
|
|
<version>1.64</version>
|
|
<type>jar</type>
|
|
</dependency>
|
|
</dependencies>
|
|
</project>
|