bouncycastle-pkix-1.64-3.3.1<>,Q`p9|S7F׶4=-oۅ~ORU@kg@D<!nk!=Riot|S4#& XBQբc˸jip|dATgrk߯+. EN*{R36|>))N^`=q Bf[(r˃ 9 A)F!U>g;ظJ lq/.Ee6n8{ xq)NCXXڲJ1sv~%>>=?<d  atx  4 > H \ a h|(89:HF8G8H8I8X8Y8\9(]9<^9b:c:d;8e;=f;@l;Bu;Tv;hwMIThttps://www.suse.com/Development/Libraries/Javahttps://www.bouncycastle.orglinuxnoarchA큤```є`]?0b044a203e33ec2ab06bd20242d2367559e06cddac5566ab6922e7793b40d22d6bf0c9181a98f1de795ff462241aa69a635ddff624fbefab3300bf03f5a6b88a446d6679fb5729b48e3f048f7ddb3687af142a08278fc86a03b6e41846ab3e2e350235c743e4278cd2e4af9edc1eab4b35b2984de0c5d80b9ca9174d8fed646arootrootrootrootrootrootrootrootrootrootbouncycastle-1.64-3.3.1.src.rpmbouncycastle-pkixmvn(org.bouncycastle:bcpkix-jdk15)mvn(org.bouncycastle:bcpkix-jdk15:pom:)mvn(org.bouncycastle:bcpkix-jdk15on)mvn(org.bouncycastle:bcpkix-jdk15on:pom:)mvn(org.bouncycastle:bcpkix-jdk16)mvn(org.bouncycastle:bcpkix-jdk16:pom:)@@    bouncycastlejava-headlessjavapackages-filesystemrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1.643.0.4-14.6.0-14.0-15.2-14.14.1`]µ]@]@]@]@[P}@[d@ZYY4Y@VU@V*!@U hT!Tpmonreal@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comfstrba@suse.comtchvatal@suse.comabergmann@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.compcervinka@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.com- Security fix: [bsc#1186328, CVE-2020-15522] * Fixes a timing issue within the EC math library * Blind the inversion when normalizing - Add bouncycastle-CVE-2020-15522.patch- Fix arch dependent macros in noarch package [bsc#1109539]- Update pom files with those from Maven repository.- Version update to 1.64 [bsc#1153385, CVE-2019-17359] [bsc#1096291, CVE-2018-1000180][bsc#1100694, CVE-2018-1000613] * Security Advisory: - CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. * Defects Fixed: - OpenSSH: Fixed padding in generated Ed25519 private keys. - GOST3410-2012-512 now uses the GOST3411-2012-256 as its KDF digest. - Validation of headers in PemReader now looks for tailing dashes in header. - Some compatibility issues around the signature encryption algorithm field in CMS SignedData and the GOST algorithms have been addressed. * Additional Features and Functionality: - PKCS12 key stores containing only certificates can now be created without the need to provide passwords. - BCJSSE: Initial support for AlgorithmConstraints; protocol versions and cipher suites. - BCJSSE: Initial support for 'jdk.tls.disabledAlgorithms'; protocol versions and cipher suites. - BCJSSE: Add SecurityManager check to access session context. - BCJSSE: Improved SunJSSE compatibility of the NULL_SESSION. - BCJSSE: SSLContext algorithms updated for SunJSSE compatibility (default enabled protocols). - The digest functions Haraka-256 and Haraka-512 have been added to the provider and the light-weight API - XMSS/XMSS^MT key management now allows for allocating subsets of the private key space using the extraKeyShard() method. Use of StateAwareSignature is now deprecated. - Support for Java 11's NamedParameterSpec class has been added (using reflection) to the EC and EdEC KeyPairGenerator implementations.- Version update to 1.63 * Defects Fixed: - The ASN.1 parser would throw a large object exception for some objects which could be safely parsed. - GOST3412-2015 CTR mode was unusable at the JCE level. - The DSTU MACs were failing to reset fully on doFinal(). - The DSTU MACs would throw an exception if the key was a multiple of the size as the MAC's underlying buffer size. - EdEC and QTESLA were not previously usable with the post Java 9 module structure. - ECNR was not correctly bounds checking the input and could produce invalid signatures. - ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character). - TLS: Fix X448 support in JcaTlsCrypto. - Fixed field reduction for secp128r1 custom curve. - Fixed unsigned multiplications in X448 field squaring. - Some issues over subset Name Constraint validation in the CertPath analyser - TimeStampResponse.getEncoded() could throw an exception if the TimeStampToken was null. - Unnecessary memory usage in the ARGON2 implementation has been removed. - Param-Z in the GOST-28147 algorithm was not resolving correctly. - It is now possible to specify different S-Box parameters for the GOST 28147-89 MAC. * Additional Features and Functionality: - QTESLA is now updated with the round 2 changes. Note: the security catergories, and in some cases key generation and signatures, have changed. The round 1 version is now moved to org.bouncycastle.pqc.crypto.qteslarnd1, this package will be deleted in 1.64. Please keep in mind that QTESLA may continue to evolve. - Support has been added for generating Ed25519/Ed448 signed certificates. - A method for recovering the message/digest value from an ECNR signature has been added. - Support for the ZUC-128 and ZUC-256 ciphers and MACs has been added to the provider and the lightweight API. - Support has been added for ChaCha20-Poly1305 AEAD mode from RFC 7539. - Improved performance for multiple ECDSA verifications using same public key. - Support for PBKDF2withHmacSM3 has been added to the BC provider. - The S/MIME API has been fixed to avoid unnecessary delays due to DNS resolution of a hosts name in internal MimeMessage preparation. - The valid path for EST services has been updated to cope with the characters used in the Aruba clearpass EST implementation. - Version update to 1.62 * Defects Fixed: - DTLS: Fixed infinite loop on IO exceptions. - DTLS: Retransmission timers now properly apply to flights monolithically. - BCJSSE: setEnabledCipherSuites ignores unsupported cipher suites. - BCJSSE: SSLSocket implementations store passed-in 'host' before connecting. - BCJSSE: Handle SSLEngine closure prior to handshake. - BCJSSE: Provider now configurable using security config under Java 11 and later. - EdDSA verifiers now reject overly long signatures. - XMSS/XMSS^MT OIDs now using the values defined in RFC 8391. - XMSS/XMSS^MT keys now encoded with OID at start. - An error causing valid paths to be rejected due to DN based name constraints has been fixed in the CertPath API. - Name constraint resolution now includes special handling of serial numbers. - Cipher implementations now handle ByteBuffer usage where the ByteBuffer has no backing array. - CertificateFactory now enforces presence of PEM headers when required. - A performance issue with RSA key pair generation that was introduced in 1.61 has been mostly eliminated. * Additional Features and Functionality: - Builders for X509 certificates and CRLs now support replace and remove extension methods. - DTLS: Added server-side support for HelloVerifyRequest. - DTLS: Added support for an overall handshake timeout. - DTLS: Added support for the heartbeat extension (RFC 6520). - DTLS: Improve record seq. behaviour in HelloVerifyRequest scenarios. - TLS: BasicTlsPSKIdentity now reusable (returns cloned array from getPSK). - BCJSSE: Improved ALPN support, including selectors from Java 9. - Lightweight RSADigestSigner now support use of NullDigest. - SM2Engine now supports C1C3C2 mode. - SHA256withSM2 now added to provider. - BCJSSE: Added support for ALPN selectors (including in BC extension API for earlier JDKs). - BCJSSE: Support 'SSL' algorithm for SSLContext (alias for 'TLS'). - The BLAKE2xs XOF has been added to the lightweight API. - Utility classes added to support journaling of SecureRandom and algorithms to allow persistance and later resumption. - PGP SexprParser now handles some unprotected key types. - NONEwithRSA support added to lightweight RSADigestSigner. - Support for the Ethereum flavor of IES has been added to the lightweight API. - Version update to 1.61 * Defects Fixed: - Use of EC named curves could be lost if keys were constructed. via a key factory and algorithm parameters. - RFC3211WrapEngine would not properly handle messages longer than 127 bytes. - The JCE implementations for RFC3211 would not return null AlgorithmParameters. - TLS: Don't check CCS status for hello_request. - TLS: Tolerate unrecognized hash algorithms. - TLS: Tolerate unrecognized SNI types. - Incompatibility issue in ECIES-KEM encryption in cofactor fixed. - Issue with XMSS/XMSSMT private key loading which could result in invalid signatures fixed. - StateAwareSignature.isSigningCapable() now returns false when the key has reached it's maximum number of signatures. - The McEliece KeyPairGenerator was failing to initialize the underlying class if a SecureRandom was explicitly passed. - The McEliece cipher would sometimes report the wrong value on a call to Cipher.getOutputSize(int). - CSHAKEDigest.leftEncode() was using the wrong endianness for multi byte values. - Some ciphers, such as CAST6, were missing AlgorithmParameters implementations. - An issue with the default "m" parameter for 1024 bit Diffie-Hellman keys which could result in an exception on key pair generation has been fixed. - The SPHINCS256 implementation is now more tolerant of parameters wrapped with a SecureRandom and will not throw an exception if it receives one. - A regression in PGPUtil.writeFileToLiteralData() which could cause corrupted literal data has been fixed. - Several parsing issues related to the processing of CMP PKIPublicationInfo. - The ECGOST curves for id-tc26-gost-3410-12-256-paramSetA and id-tc26-gost-3410-12-512-paramSetC had incorrect co-factors. * Additional Features and Functionality: - The qTESLA signature algorithm has been added to PQC light-weight API and the PQC provider. - The password hashing function, Argon2 has been added to the lightweight API. - BCJSSE: Added support for endpoint ID validation (HTTPS, LDAP, LDAPS). - BCJSSE: Added support for 'useCipherSuitesOrder' parameter. - BCJSSE: Added support for ALPN. - BCJSSE: Various changes for improved compatibility with SunJSSE. - BCJSSE: Provide default extended key/trust managers. - TLS: Added support for TLS 1.2 features from RFC 8446. - TLS: Removed support for EC point compression. - TLS: Removed support for record compression. - TLS: Updated to RFC 7627 from draft-ietf-tls-session-hash-04. - TLS: Improved certificate sig. alg. checks. - TLS: Finalised support for RFC 8442 cipher suites. - Support has been added to the main Provider for the Ed25519 and Ed448 signature algorithms. - Support has been added to the main Provider for the X25519 and X448 key agreement algorithms. - Utility classes have been added for handling OpenSSH keys. - Support for processing messages built using GPG and Curve25519 has been added to the OpenPGP API. - The provider now recognises the standard SM3 OID. - A new API for directly parsing and creating S/MIME documents has been added to the PKIX API. - SM2 in public key cipher mode has been added to the provider API. - The BCFKSLoadStoreParameter has been extended to allow the use of certificates and digital signatures for verifying the integrity of BCFKS key stores.- Package also the bcpkix bcpg bcmail bctls artifacts in separate sub-packages - Revert to building with source/target 6, since it is still possible - Added patch: * bouncycastle-javadoc.patch + fix javadoc build- Version update to 1.60 bsc#1100694: * CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code * CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API [bsc#1096291] * Release notes: http://www.bouncycastle.org/releasenotes.html- Version update to 1.59: * CVE-2017-13098: Fix against Bleichenbacher oracle when not using the lightweight APIs (boo#1072697). * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of signature on verification (boo#1095722). * CVE-2016-1000339: Fix AESEngine key information leak via lookup table accesses (boo#1095853). * CVE-2016-1000340: Fix carry propagation bugs in the implementation of squaring for several raw math classes (boo#1095854). * CVE-2016-1000341: Fix DSA signature generation vulnerability to timing attack (boo#1095852). * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of signature on verification (boo#1095850). * CVE-2016-1000343: Fix week default settings for private DSA key pair generation (boo#1095849). * CVE-2016-1000344: Remove DHIES from the provider to disable the unsafe usage of ECB mode (boo#1096026). * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle attack (boo#1096025). * CVE-2016-1000346: Fix other party DH public key validation (boo#1096024). * CVE-2016-1000352: Remove ECIES from the provider to disable the unsafe usage of ECB mode (boo#1096022). * Release notes: http://www.bouncycastle.org/releasenotes.html - Removed patch: * ambiguous-reseed.patch- Build with source and target 8 to prepare for a possible removal of 1.6 compatibility- Version update to 1.58 - Added patch: * ambiguous-reseed.patch + Upstream fix for an ambiguous overload- Set java source and target to 1.6 to allow building with jdk9- New build dependency: javapackages-local - Fixed requires - Spec file cleaned- Version update to 1.54: * No obvious changelog to be found * Fixes bnc#967521 CVE-2015-7575- Version update to 1.53 (latest upstream) * No obvious changelog * Fixes bnc#951727 CVE-2015-7940- Fix build with new javapackages-tools- Disable tests on obs as they hang- Version bump to 1.50 to match Fedora - Cleanup with spec-cleanersheep28 16222008481.64-3.3.11.641.641.641.641.641.64bcpkix.jarbouncycastle-pkixLICENSE.htmlbouncycastle-bcpkix.xmlbcpkix.pom/usr/share/java//usr/share/licenses//usr/share/licenses/bouncycastle-pkix//usr/share/maven-metadata//usr/share/maven-poms/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:19826/SUSE_SLE-15-SP2_Update/683c8f4b56035a45a1c98f5265c093a2-bouncycastle.SUSE_SLE-15-SP2_Updatedrpmxz5noarch-suse-linuxgzip ERROR: Stdin has more than one entry--rest ignored (Zip archive data, at least v1.0 to extract Java archive data (JAR))directoryHTML document, ASCII textASCII textXML 1.0 document, ASCII text, with very long linesPPPPPPRRZx,A Putf-89896f97be9922a12e9de8bbb7764e95a1ba193f68f013cb5da1b18019ee314af? 7zXZ !t/ ]"k%{?ݥ$7_\q57SgFb. Mi,^>\G_mpaM'ŀ@;{Vob+a|;Ti3.D 9/{X)A3{:Gʥ}z\%u-DF',¤5gm u"q{c41wGvoh SI4֋mgn3΢Ҭ0jƸ47o E*py} 8麯 }7\hG5wfpF}!K"p+ǏKUO9wtk[ P`Oy nH(%]?ՇU|c'1vɧis_gz6? ePft1ڪԱdt؆Zxł}VբPA.Xaޠ[ yԙ2jV"CkPZPR9 !3m5SBt\#uo+QgDJwIo?Rn ּ0JǓѨuϜb}d-Gj) N(/ \T|k@uv䷢G;y\+|J3jk|ZA ̍DF6Ǐ34۲d$KPl8'[Rӗ zu~ 4 fACFo` q*)AܦIT Do//zjM~ -w!(n?;.zHXD95l+ŃO UQ İo* `Na3s|oВE]# " ONc"H8VBe BMY A=ԧ+{"yFl!_o l>A0܌b,8hQ;pz0]' |>lIm#s>9^ڽc=oZQXNI_J[1֚D4=ZhN\0ċh>.!iG^Uz|uQx<MԖ:ec%l~H;;#Bv;+˜3n#7p'oڋ%qaNy-sk&A~ Ǜ].omTaO{Mx|kʸ 2|Z=װR-<* WċOP-uDTqlqCA5C7PS.^Yo1 qLE-c!sc)qF.spk˖d}."v]/#2".P>QVTe]`^BLrH3cA4>u{1t4Φ'MTbi|_ ${ɺPaLجwGMvhORXgwh-@/"t8V"dҫmTmR8B4g{ R!A--p ` Zv@׎V6P|4ƄqERPRbz2Brku\Hz$!K; ZO'PK' pC̔T#AJ?^2äV;[MEm'1tbÅuF EtZi.wǛR2& \&7z;dKԹWfT10l [OVcG/ƙjWE] $"n3ԱC3I^2e~``m_YdsQ6^7٩qYoM柵׀Oeq|!P-C*+07d2:>D/њnW/JYx_~wKÏS(J-.ڸ.c]}l1[l9A9KAF1QoP?'qSm-W l]@|4DGF|X#Mzo*CXkjy/Kzx*Z^DܭDt݋ä'&sL IZ? _Y;]VU wd+/b&FKL{U KV揨=,xI)-ɲӗ91r3T/pLY}~9rQZm!*y <&eɊȲפp':lm<nr>q7ueW2 l䰡mȝqȜ뻻!tMAWc;l<51je8^c ^\VM,%8L9=xcȾ O{Y;.^(Ğ2z\GӖst <;#q3|§1nusf&MT}a|uyhv?tj) t}.nJѡ`&' ҧ5I&g OrOM Dn#"z:-C)ZbHK\‚HARL=s?{Ԩ#iZ~/:/6֘1)dPn9-B0iy$gi܅34zK+=YYYJ}^8}>Ƙh<6QaAn_5 YZ