í«îÛ    bouncycastle-mail-1.64-3.3.1                                                        Ž­è         <   >     ,     è            ê          ì          Gä‰ `°Òp¯ž9Û|‚
ïÿR`TDƒlÂû‹6>ÐÍYðKŸdÝP`<PÈ8F)ü—Äï7êyØOH4qB©°óÛÈÙ½ñ
8›ïÎ§x±’k(œàW½Ðß®!æc¹+Læ€Žf.R’F†5ŽP’ª“ØÑøqSÛ«§ö$gçY©0XÝ•3½žÉáñR1vûX.Ó‘BPãg(ô„žÓbØ¹E,wû4ñéª¶¸§9š$OB•ëFxØpæÁ¬‹Ô Æá<îî8±™O+ÊíÃ=Œ-sª]­¸6ÍSDpL€bY
~{a+V*«ÿ{ä`ŠENò‹iûÜ}Q›-‡Ç¯…n-Ü_ç·Ú½,°5ÿqÿ¶   >   ÿÿÿÀ       Ž­è       >  =    ?     =      d            è           é           ê           ì   	        í   	   8     î     x     ï     |     ñ     „     ò     ˆ     ó     ¡     ö     Â     ÷     Æ     ø   	  Ü     ü     ÷     ý          þ               $          8     	     B     
     L          `          e          l          €          ™          ²          Ô          è          à                     ¨     (     Ð     8     Ø     9          :     h     F     8¼     G     8Ð     H     8ä     I     8ø     X     9      Y     9     \     9H     ]     9\     ^     9©     b     :(     c     :Ñ     d     ;X     e     ;]     f     ;`     l     ;b     u     ;t     v     ;ˆ     w     <h     x     <|     y     <     z     <°     “     <À     Æ     <Ä     ä     <Ê     å     =   C bouncycastle-mail 1.64 3.3.1 Bouncy Castle S/MIME API The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar
contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in
conjunction with a JCE/JCA provider such as the one provided with the Bouncy
Castle Cryptography APIs. The JavaMail API and the Java activation framework
will also be needed.  `°Òsheep28  îSUSE Linux Enterprise 15 SUSE LLC <https://www.suse.com/> MIT https://www.suse.com/ Development/Libraries/Java https://www.bouncycastle.org linux noarch     Ø      –  é  
¤Aí¤¤¤          `°Ñë`°Ññ`°Ñ `°Ñë]¨?®5f08939640f7af4e25294337caa8bcf3bdc9ec174071fb64e603a63d8fdb9bcc  6bf0c9181a98f1de795ff462241aa69a635ddff624fbefab3300bf03f5a6b88a ffaf1f1077066c1c0275aea8bf6af38b91d61fbd2685291b5576d35de0a9a564 4749d41f03c0031a5204c0922e77c46df43bfb54e4eb9a87a952ee3876daa4d2                   €        root root root root root root root root root root bouncycastle-1.64-3.3.1.src.rpm   ÿÿÿÿ    ÿÿÿÿÿÿÿÿÿÿÿÿbouncycastle-mail mvn(org.bouncycastle:bcmail-jdk15) mvn(org.bouncycastle:bcmail-jdk15:pom:) mvn(org.bouncycastle:bcmail-jdk15on) mvn(org.bouncycastle:bcmail-jdk15on:pom:) mvn(org.bouncycastle:bcmail-jdk16) mvn(org.bouncycastle:bcmail-jdk16:pom:)          @   @   
  
  
  
bouncycastle bouncycastle-pkix java-headless javapackages-filesystem rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsXz) 1.64 1.64   3.0.4-1 4.6.0-1 4.0-1 5.2-1 4.14.1  `§ À]ÂµÀ]¡À@]Ÿ@]Ÿ@]Š@[P}@[d@ZúËÀY»ÀÀY±4ÀYÞ@VÈU@V*!@U	hÀTç!ÀTÙòÀpmonreal@suse.com pmonrealgonzalez@suse.com pmonrealgonzalez@suse.com pmonrealgonzalez@suse.com pmonrealgonzalez@suse.com fstrba@suse.com tchvatal@suse.com abergmann@suse.com fstrba@suse.com fstrba@suse.com fstrba@suse.com pcervinka@suse.com tchvatal@suse.com tchvatal@suse.com tchvatal@suse.com tchvatal@suse.com tchvatal@suse.com - Security fix: [bsc#1186328, CVE-2020-15522]
  * Fixes a timing issue within the EC math library
  * Blind the inversion when normalizing
- Add bouncycastle-CVE-2020-15522.patch - Fix arch dependent macros in noarch package [bsc#1109539] - Update pom files with those from Maven repository. - Version update to 1.64 [bsc#1153385, CVE-2019-17359]
  [bsc#1096291, CVE-2018-1000180][bsc#1100694, CVE-2018-1000613]
  * Security Advisory:
  - CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced
    a regression that can cause an OutOfMemoryError to occur on
    parsing ASN.1 data.
  * Defects Fixed:
  - OpenSSH: Fixed padding in generated Ed25519 private keys.
  - GOST3410-2012-512 now uses the GOST3411-2012-256 as its KDF digest.
  - Validation of headers in PemReader now looks for tailing dashes in header.
  - Some compatibility issues around the signature encryption algorithm
    field in CMS SignedData and the GOST algorithms have been addressed.
  * Additional Features and Functionality:
  - PKCS12 key stores containing only certificates can now be created
    without the need to provide passwords.
  - BCJSSE: Initial support for AlgorithmConstraints; protocol versions
    and cipher suites.
  - BCJSSE: Initial support for 'jdk.tls.disabledAlgorithms'; protocol
    versions and cipher suites.
  - BCJSSE: Add SecurityManager check to access session context.
  - BCJSSE: Improved SunJSSE compatibility of the NULL_SESSION.
  - BCJSSE: SSLContext algorithms updated for SunJSSE compatibility
    (default enabled protocols).
  - The digest functions Haraka-256 and Haraka-512 have been added to
    the provider and the light-weight API
  - XMSS/XMSS^MT key management now allows for allocating subsets of the
    private key space using the extraKeyShard() method. Use of
    StateAwareSignature is now deprecated.
  - Support for Java 11's NamedParameterSpec class has been added
    (using reflection) to the EC and EdEC KeyPairGenerator implementations. - Version update to 1.63
  * Defects Fixed:
  - The ASN.1 parser would throw a large object exception for some objects
    which could be safely parsed.
  - GOST3412-2015 CTR mode was unusable at the JCE level.
  - The DSTU MACs were failing to reset fully on doFinal().
  - The DSTU MACs would throw an exception if the key was a multiple of the
    size as the MAC's underlying buffer size.
  - EdEC and QTESLA were not previously usable with the post Java 9 module structure.
  - ECNR was not correctly bounds checking the input and could produce invalid signatures.
  - ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character).
  - TLS: Fix X448 support in JcaTlsCrypto.
  - Fixed field reduction for secp128r1 custom curve.
  - Fixed unsigned multiplications in X448 field squaring.
  - Some issues over subset Name Constraint validation in the CertPath analyser
  - TimeStampResponse.getEncoded() could throw an exception if the TimeStampToken was null.
  - Unnecessary memory usage in the ARGON2 implementation has been removed.
  - Param-Z in the GOST-28147 algorithm was not resolving correctly.
  - It is now possible to specify different S-Box parameters for the GOST 28147-89 MAC.
  * Additional Features and Functionality:
  - QTESLA is now updated with the round 2 changes. Note: the security catergories,
    and in some cases key generation and signatures, have changed. The round 1 version is
    now moved to org.bouncycastle.pqc.crypto.qteslarnd1, this package will be deleted in
    1.64. Please keep in mind that QTESLA may continue to evolve.
  - Support has been added for generating Ed25519/Ed448 signed certificates.
  - A method for recovering the message/digest value from an ECNR signature has been added.
  - Support for the ZUC-128 and ZUC-256 ciphers and MACs has been added to the provider
    and the lightweight API.
  - Support has been added for ChaCha20-Poly1305 AEAD mode from RFC 7539.
  - Improved performance for multiple ECDSA verifications using same public key.
  - Support for PBKDF2withHmacSM3 has been added to the BC provider.
  - The S/MIME API has been fixed to avoid unnecessary delays due to DNS resolution of a
    hosts name in internal MimeMessage preparation.
  - The valid path for EST services has been updated to cope with the characters used in
    the Aruba clearpass EST implementation.
- Version update to 1.62
  * Defects Fixed:
  - DTLS: Fixed infinite loop on IO exceptions.
  - DTLS: Retransmission timers now properly apply to flights monolithically.
  - BCJSSE: setEnabledCipherSuites ignores unsupported cipher suites.
  - BCJSSE: SSLSocket implementations store passed-in 'host' before connecting.
  - BCJSSE: Handle SSLEngine closure prior to handshake.
  - BCJSSE: Provider now configurable using security config under Java 11 and later.
  - EdDSA verifiers now reject overly long signatures.
  - XMSS/XMSS^MT OIDs now using the values defined in RFC 8391.
  - XMSS/XMSS^MT keys now encoded with OID at start.
  - An error causing valid paths to be rejected due to DN based name constraints
    has been fixed in the CertPath API.
  - Name constraint resolution now includes special handling of serial numbers.
  - Cipher implementations now handle ByteBuffer usage where the ByteBuffer has
    no backing array.
  - CertificateFactory now enforces presence of PEM headers when required.
  - A performance issue with RSA key pair generation that was introduced in 1.61
    has been mostly eliminated.
  * Additional Features and Functionality:
  - Builders for X509 certificates and CRLs now support replace and remove extension methods.
  - DTLS: Added server-side support for HelloVerifyRequest.
  - DTLS: Added support for an overall handshake timeout.
  - DTLS: Added support for the heartbeat extension (RFC 6520).
  - DTLS: Improve record seq. behaviour in HelloVerifyRequest scenarios.
  - TLS: BasicTlsPSKIdentity now reusable (returns cloned array from getPSK).
  - BCJSSE: Improved ALPN support, including selectors from Java 9.
  - Lightweight RSADigestSigner now support use of NullDigest.
  - SM2Engine now supports C1C3C2 mode.
  - SHA256withSM2 now added to provider.
  - BCJSSE: Added support for ALPN selectors (including in BC extension API for earlier JDKs).
  - BCJSSE: Support 'SSL' algorithm for SSLContext (alias for 'TLS').
  - The BLAKE2xs XOF has been added to the lightweight API.
  - Utility classes added to support journaling of SecureRandom and algorithms to allow
    persistance and later resumption.
  - PGP SexprParser now handles some unprotected key types.
  - NONEwithRSA support added to lightweight RSADigestSigner.
  - Support for the Ethereum flavor of IES has been added to the lightweight API.
- Version update to 1.61
  * Defects Fixed:
  - Use of EC named curves could be lost if keys were constructed.
    via a key factory and algorithm parameters.
  - RFC3211WrapEngine would not properly handle messages longer than 127 bytes.
  - The JCE implementations for RFC3211 would not return null AlgorithmParameters.
  - TLS: Don't check CCS status for hello_request.
  - TLS: Tolerate unrecognized hash algorithms.
  - TLS: Tolerate unrecognized SNI types.
  - Incompatibility issue in ECIES-KEM encryption in cofactor fixed.
  - Issue with XMSS/XMSSMT private key loading which could result in invalid signatures fixed.
  - StateAwareSignature.isSigningCapable() now returns false when the
    key has reached it's maximum number of signatures.
  - The McEliece KeyPairGenerator was failing to initialize the underlying
    class if a SecureRandom was explicitly passed.
  - The McEliece cipher would sometimes report the wrong value on a call
    to Cipher.getOutputSize(int).
  - CSHAKEDigest.leftEncode() was using the wrong endianness for multi byte values.
  - Some ciphers, such as CAST6, were missing AlgorithmParameters implementations.
  - An issue with the default "m" parameter for 1024 bit Diffie-Hellman keys which
    could result in an exception on key pair generation has been fixed.
  - The SPHINCS256 implementation is now more tolerant of parameters wrapped with a
    SecureRandom and will not throw an exception if it receives one.
  - A regression in PGPUtil.writeFileToLiteralData() which could cause corrupted
    literal data has been fixed.
  - Several parsing issues related to the processing of CMP PKIPublicationInfo.
  - The ECGOST curves for id-tc26-gost-3410-12-256-paramSetA and
    id-tc26-gost-3410-12-512-paramSetC had incorrect co-factors.
  * Additional Features and Functionality:
  - The qTESLA signature algorithm has been added to PQC light-weight API and the PQC provider.
  - The password hashing function, Argon2 has been added to the lightweight API.
  - BCJSSE: Added support for endpoint ID validation (HTTPS, LDAP, LDAPS).
  - BCJSSE: Added support for 'useCipherSuitesOrder' parameter.
  - BCJSSE: Added support for ALPN.
  - BCJSSE: Various changes for improved compatibility with SunJSSE.
  - BCJSSE: Provide default extended key/trust managers.
  - TLS: Added support for TLS 1.2 features from RFC 8446.
  - TLS: Removed support for EC point compression.
  - TLS: Removed support for record compression.
  - TLS: Updated to RFC 7627 from draft-ietf-tls-session-hash-04.
  - TLS: Improved certificate sig. alg. checks.
  - TLS: Finalised support for RFC 8442 cipher suites.
  - Support has been added to the main Provider for the Ed25519 and Ed448 signature algorithms.
  - Support has been added to the main Provider for the X25519 and X448 key agreement algorithms.
  - Utility classes have been added for handling OpenSSH keys.
  - Support for processing messages built using GPG and Curve25519 has been added to the OpenPGP API.
  - The provider now recognises the standard SM3 OID.
  - A new API for directly parsing and creating S/MIME documents has been added to the PKIX API.
  - SM2 in public key cipher mode has been added to the provider API.
  - The BCFKSLoadStoreParameter has been extended to allow the use of certificates and digital
    signatures for verifying the integrity of BCFKS key stores. - Package also the bcpkix bcpg bcmail bctls artifacts in separate
  sub-packages
- Revert to building with source/target 6, since it is still
  possible
- Added patch:
  * bouncycastle-javadoc.patch
    + fix javadoc build - Version update to 1.60 bsc#1100694:
  * CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code
  * CVE-2018-1000180: issue around primality tests for RSA key pair generation
    if done using only the low-level API [bsc#1096291]
  * Release notes:
    http://www.bouncycastle.org/releasenotes.html - Version update to 1.59:
  * CVE-2017-13098: Fix against Bleichenbacher oracle when not
    using the lightweight APIs (boo#1072697).
  * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
    signature on verification (boo#1095722).
  * CVE-2016-1000339: Fix AESEngine key information leak via lookup
    table accesses (boo#1095853).
  * CVE-2016-1000340: Fix carry propagation bugs in the
    implementation of squaring for several raw math classes
    (boo#1095854).
  * CVE-2016-1000341: Fix DSA signature generation vulnerability to
    timing attack (boo#1095852).
  * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
    signature on verification (boo#1095850).
  * CVE-2016-1000343: Fix week default settings for private DSA key
    pair generation (boo#1095849).
  * CVE-2016-1000344: Remove DHIES from the provider to disable the
    unsafe usage of ECB mode (boo#1096026).
  * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
    attack (boo#1096025).
  * CVE-2016-1000346: Fix other party DH public key validation
    (boo#1096024).
  * CVE-2016-1000352: Remove ECIES from the provider to disable the
    unsafe usage of ECB mode (boo#1096022).
  * Release notes:
    http://www.bouncycastle.org/releasenotes.html
- Removed patch:
  * ambiguous-reseed.patch - Build with source and target 8 to prepare for a possible removal
  of 1.6 compatibility - Version update to 1.58
- Added patch:
  * ambiguous-reseed.patch
    + Upstream fix for an ambiguous overload - Set java source and target to 1.6 to allow building with jdk9 - New build dependency: javapackages-local
- Fixed requires
- Spec file cleaned - Version update to 1.54:
  * No obvious changelog to be found
  * Fixes bnc#967521 CVE-2015-7575 - Version update to 1.53 (latest upstream)
  * No obvious changelog
  * Fixes bnc#951727 CVE-2015-7940 - Fix build with new javapackages-tools - Disable tests on obs as they hang - Version bump to 1.50 to match Fedora
- Cleanup with spec-cleaner sheep28 1622200848                                             €  €  €  €  €  €1.64-3.3.1 1.64 1.64 1.64 1.64 1.64 1.64                    bcmail.jar bouncycastle-mail LICENSE.html bouncycastle-bcmail.xml bcmail.pom /usr/share/java/ /usr/share/licenses/ /usr/share/licenses/bouncycastle-mail/ /usr/share/maven-metadata/ /usr/share/maven-poms/ -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.suse.de/SUSE:Maintenance:19826/SUSE_SLE-15-SP2_Update/683c8f4b56035a45a1c98f5265c093a2-bouncycastle.SUSE_SLE-15-SP2_Update drpm xz 5 noarch-suse-linux                 gzip ERROR: Stdin has more than one entry--rest ignored (Zip archive data, at least v1.0 to extract Java archive data (JAR)) directory HTML document, ASCII text ASCII text XML 1.0 document, ASCII text, with very long lines                                         P  P  P  P  P  P  R  R  ZßÜ xã,ÛÇAÁP   utf-8 110de6a4ef888564bbee0797e1c5b0e2ee7b0cb82a4f0262857f23160bc98a48        ?   ÿÿü    ý7zXZ  
áû¡ !   t/å£àyz] "ÌkÀ%{?ºÁÝ¥$€7_—\YÊJøU„“ŸÈ‡F'ÕDÚWÇ¸QeüûyôLCAæuÙú—‚!¶Ùå3g§‚S'6Äì.;XxfÌDU•f…^ú£ŸPS;hÇ@"¸- KìŽ˜ä{Ó×3æŒ¾A+ã,B&Ù¹Œ®ç¾J^WfÂ–~•ºÝiW-ŠL¸07 J§Î%U÷ëö%2—ãGÆ$È‰'LH¦
×ë»¶/µV‚í<ÐáÜÄòÀÜÐ¥ËÎëRbÐ­"Ð•AÎ^ªñÇ%,Ñ7µ}%^T@gä´Sá®qô-C-^Ç9ì™q‚(3mVîP–,ÓÞ‰Æ*×Hc]ËçuI<D¶àŸ–ù'ú@¼>½kËq0ª‘k•H^8/–®9ˆbIö“ËQkÚë]3‡i8ºY¨I¢ÕûÁX±RœW¶hrÌ…¼©ñ,h™ntÕ±@+ž£QäXèûN~tB>ý§³ÃË¦"Ë1JäÎ¿Õë2(~fú‰Þ¨ÕG`Zj#÷<­÷¦ÒCod"§.gbÎ[†³Y:¼´ð¼7—Å‹Ã‚l·ã1‘Y"ñ˜–¸è¯M‡ž­?Õ––rk•U Ým¢>¯‡1!xv÷G>¯À´w:Z¾/s¢BgJüîà©¶PÃŠYó.)€m"g­¯L ]»!Ô6B„ƒh¡P©‚ÈÚmŸ;PâV­,uè“-é<ù†vØÎ¢7å=õ mã¬÷„ãìÆ…6¡Ôœg“ð¯±P|P^EÚŒ~{ú6-¡é.æ7&,  Ðíî*×Ÿ«çÏÑøá¯Ô
«+©Lk,ÅÜŠôºKÝp:	[B–8ÉRä„\œ_&®¨Áx%®ƒŠÖ"î°':ÅËÝºLåƒÚö,p9ôÓxîUøÿ+¿NäÐØEÆïû[TZ¦df‚MË`²º÷COš¬ü¾4òÆRÒúJ~ÎrÂ_#Þ9ÞRS…ÕsÝR‡;!~«óðä‹–™
“¾ZFÊ¬GpÔý·D³"dWšQM„3Ý ù´h‹@Ry‚k¯~ª6Ép=q+‡‚~†#¯)¤€§ó Y•ÆÕQðm^<,¿ô1¶%´˜Ø¬{“ÀLç×ZZèúã¹Þá_ç‘LÎžX…\®Ëûd-\÷è#ÐîÙúÞoÅöª\æDNº	n“Û>h,´Šˆò º¯co¥‰0÷û¢Z“»êáoAŠÜ?t¼7:\Ôä<ëÀÖ–Ëý,æŠp	÷A·¤öE¶¤REçcÁÔ 6»‡MÀz¥°>á¢I¹ÝlÍû½Ã4ÎYmÛ–ä+jXø›‰ÕY~Z|°g+¡HÝ	~-?œF•åêô”ýúÓ[g›1¯Ù+ejò]„Yšóm;eÖ†ãmÄ¿Áz~ðKBgäJö€o=÷{i äa©@5aSD@`#ÆN VQ•˜šrn'Îyù‚õ«¯•žsäÐcÂ&ƒk0PÔæùÈ¹	îÃò·pBà¾.i_a¬'I—ô¬#“%¼q:]ˆH9v­á–Vóg™2¥jërmº\¥ä"chÊ˜CúS¹ZaJ¯ãB-é£1‡0ï¯’ø®êiÊ frÑ ¬í¢>Æ”ñíí¨ÅkÄ·Û‚`í´¯Ì^«ššÕˆgÿË+ãÜæÐ’drb£¥îLÑÈÛ\avýqø½¹MÏlÐÍK÷ÑÄ¤zý%ÒØù»ð‚†ž+ oÌéX½«&0Æxh2Ö&Ãš–œð¤„(q	TÜ¶jøZXÌÑp¿‰G’i<nDÚRlhAX’åTöáKÏuú{uzNŒÝßÎX	œêù½YJŽÕŠõ¹o4¾ä!í¤éumS{n–¯§˜àm²úË…èœƒOòŸË&#j&÷cþQì[ñ¡!OBÎúÅÌbt­ép,IDÉïOoûG#@øz1˜Ó¶±ž{+)PÔcDs«ËðÜ&0×0&%¥ÑªIü±ÓÝJÀÕ<ªíây¼z	;`¶E˜}-ò}òp×)šï½¥Ì©§x§Ñøjl_¶YcG‡ƒ„Ìn;5ªó–ûÒLž0íšfn­‘#Ìâµó‘fE›kƒÃ¥g8¾½xÑNV(óÆé6æŠŒµ6¬$:/MÔ/û½J    »qv¢ñAÏ@8¼BK)öÕÑ›ë/‰©Ùîù³¼Í ®ú.  ÛýÛÃ¶éß    
YZ