Accepting request 1130814 from home:pmonrealgonzalez:branches:Java:packages

- Update to version 1.77:
  * Defects Fixed:
    - Using an unescaped '=' in an X.500 RDN would result in the
      RDN being truncated silently. The issue is now detected and
      an exception is thrown.
    - asn1.eac.CertificateBody was returning certificateEffectiveDate
      from getCertificateExpirationDate(). This has been fixed to
      return certificateExpirationDate.
    - DTLS: Fixed retransmission in response to re-receipt of an
      aggregated ChangeCipherSpec.
    - (D)TLS: Fixed compliance for supported_groups extension.
      Server will no longer negotiate an EC cipher suite using a
      default curve when the ClientHello includes the supported_groups
      extension but it contains no curves in common with the server.
      Similarly, a DH cipher suite will not be negotiated when the
      ClientHello includes supported_groups, containing at least one
      FFDHE group, but none in common with the server.
    - IllegalStateException was being thrown by Ed25519/Ed448 SignatureSpi.
    - TLS: class annotation issues that could occur between the BC
      provider and the TLS API for the GCMParameterSpec class when
      the jars were loaded on the boot class path have been addressed.
    - Attempt to create an ASN.1 OID from a zero length byte array
      is now caught at construction time.
    - Attempt to create an X.509 extension block which is empty will
      now be blocked cause an exception.
    - IES implementation will now accept a null ParameterSpec if no
      nonce is needed.
    - An internal method in Arrays was failing to construct its
      failure message correctly on an error.
    - HSSKeyPublicParameters.generateLMSContext() would fail for a

OBS-URL: https://build.opensuse.org/request/show/1130814
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=101

bcjmail-jdk18on-1.77.pom

@@ -5,7 +5,7 @@
   <artifactId>bcjmail-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle Jakarta S/MIME API</name>
-  <version>1.76</version>
+  <version>1.77</version>
   <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,19 +33,19 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcmail-jdk18on-1.77.pom

@@ -5,7 +5,7 @@
   <artifactId>bcmail-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle S/MIME API</name>
-  <version>1.76</version>
+  <version>1.77</version>
   <description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,19 +33,19 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcpg-jdk18on-1.77.pom

@@ -5,7 +5,7 @@
   <artifactId>bcpg-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle OpenPGP API</name>
-  <version>1.76</version>
+  <version>1.77</version>
   <description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -38,7 +38,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcpkix-jdk18on-1.77.pom

@@ -5,7 +5,7 @@
   <artifactId>bcpkix-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name>
-  <version>1.76</version>
+  <version>1.77</version>
   <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,13 +33,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcprov-jdk18on-1.77.pom

@@ -5,7 +5,7 @@
   <artifactId>bcprov-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle Provider</name>
-  <version>1.76</version>
+  <version>1.77</version>
   <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>

bctls-jdk18on-1.77.pom

@@ -5,7 +5,7 @@
   <artifactId>bctls-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle JSSE provider and TLS/DTLS API</name>
-  <version>1.76</version>
+  <version>1.77</version>
   <description>The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,13 +33,13 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcutil-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bcutil-jdk18on-1.77.pom

@@ -5,7 +5,7 @@
   <artifactId>bcutil-jdk18on</artifactId>
   <packaging>jar</packaging>
   <name>Bouncy Castle ASN.1 Extension and Utility APIs</name>
-  <version>1.76</version>
+  <version>1.77</version>
   <description>The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.</description>
   <url>https://www.bouncycastle.org/java.html</url>
   <licenses>
@@ -33,7 +33,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.76</version>
+      <version>1.77</version>
       <type>jar</type>
     </dependency>
   </dependencies>

bouncycastle.changes

@@ -1,3 +1,68 @@
+-------------------------------------------------------------------
+Mon Dec  4 13:44:16 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to version 1.77:
+  * Defects Fixed:
+    - Using an unescaped '=' in an X.500 RDN would result in the
+      RDN being truncated silently. The issue is now detected and
+      an exception is thrown.
+    - asn1.eac.CertificateBody was returning certificateEffectiveDate
+      from getCertificateExpirationDate(). This has been fixed to
+      return certificateExpirationDate.
+    - DTLS: Fixed retransmission in response to re-receipt of an
+      aggregated ChangeCipherSpec.
+    - (D)TLS: Fixed compliance for supported_groups extension.
+      Server will no longer negotiate an EC cipher suite using a
+      default curve when the ClientHello includes the supported_groups
+      extension but it contains no curves in common with the server.
+      Similarly, a DH cipher suite will not be negotiated when the
+      ClientHello includes supported_groups, containing at least one
+      FFDHE group, but none in common with the server.
+    - IllegalStateException was being thrown by Ed25519/Ed448 SignatureSpi.
+    - TLS: class annotation issues that could occur between the BC
+      provider and the TLS API for the GCMParameterSpec class when
+      the jars were loaded on the boot class path have been addressed.
+    - Attempt to create an ASN.1 OID from a zero length byte array
+      is now caught at construction time.
+    - Attempt to create an X.509 extension block which is empty will
+      now be blocked cause an exception.
+    - IES implementation will now accept a null ParameterSpec if no
+      nonce is needed.
+    - An internal method in Arrays was failing to construct its
+      failure message correctly on an error.
+    - HSSKeyPublicParameters.generateLMSContext() would fail for a
+      unit depth key.
+  * Additional Features and Functionality:
+    - BCJSSE: Added org.bouncycastle.jsse.client.omitSigAlgsCertExtension
+      and org.bouncycastle.jsse.server.omitSigAlgsCertExtension boolean
+      system properties to control (for client and server resp.) whether
+      the signature_algorithms_cert extension should be omitted if it
+      would be identical to signature_algorithms. Defaults to true, the
+      historical behaviour.
+    - The low-level HPKE API now allows the sender to specify an
+      ephemeral key pair.
+    - Support has been added for the delta-certificate requests in line
+      with the current Chameleon Cert draft from the IETF.
+    - Some accommodation has been added for historical systems to
+      accommodate variations in the SHA-1 digest OID for CMS SignedData.
+    - TLS: the TLS API will now try "RSAwithDigestAndMFG1" as well as
+      the newer RSAPSS algorithm names when used with the JCA.
+    - TLS: RSA key exchange cipher suites are now disabled by default.
+    - Support has been added for PKCS#10 requests to allow certificates
+      using the altSignature/altPublicKey extensions.
+  * Notes:
+    - Kyber and Dilithium have been updated according to the latest
+      draft of the standard. Dilithium-AES and Kyber-AES have now been
+      removed. Kyber now produces 256 bit secrets for all parameter sets
+      (in line with the draft standard).
+    - NTRU has been updated to produce 256 bit secrets in line with Kyber.
+    - SPHINCS+ can now be used to generate certificates in line with
+      those used by (Open Quantum Safe) OQS.
+    - Falcon object idenitifiers are now in line with OQS as well.
+    - PQC CMS SignedData now defaults to SHA-256 for signed attributes
+      rather than SHAKE-256. This is also a compatibility change, but may
+      change further again as the IETF standard for CMS is updated.
+
 -------------------------------------------------------------------
 Wed Oct 18 13:28:47 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

bouncycastle.spec

@@ -17,7 +17,7 @@
 
 
 %global ver_major 1
-%global ver_minor 76
+%global ver_minor 77
 %global gittag r%{ver_major}rv%{ver_minor}
 %global archivever jdk18on-%{ver_major}%{ver_minor}
 %global classname org.bouncycastle.jce.provider.BouncyCastleProvider

r1rv76.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:20524a31378291def8e2d7d387550f4f70f34590e431a425d29b64bd57159866
-size 31256952