������bouncycastle-pkix-1.64-3.3.1����������������������������������������������������������������������<���>�������,���������������������������������������������������Q������`�p9|����S7F�4=-o��ۅ~OR�U@�kg@�D<�!nk�!=�R�io���t|S4#�&
XBQբc�˸j��ip|dATgr��k�߯+.
E�N�*��{R36|>�))N^`=q�B�f[(r�˃�9�A)F�!U>g�;ظJ l�q/.Ee6n8{� xq)�N�C�X��XڲJ1sv~%����>��������������������>��=����?������<�������d��������������������������������������������������������������� �������������� ���a��������������t��������������x�������������������������������������������������������������������������������� �������������������������������������������������������������� ���������������4������� �������>�������
�������H���������������\���������������a�������
�������h���������������|����������������������������������������������������������������������������������������������������������������(��������������8��������������9��������������:�������H�������F������8�������G������8�������H������8�������I������8�������X������8�������Y������8�������\������9(�������]������9<�������^������9�������b������:��������c������:�������d������;8�������e������;=�������f������;@�������l������;B�������u������;T�������v������;h�������w�������MIT�https://www.suse.com/�Development/Libraries/Java�https://www.bouncycastle.org�linux�noarch�������������������A큤����������```є`]?0b044a203e33ec2ab06bd20242d2367559e06cddac5566ab6922e7793b40d22d��6bf0c9181a98f1de795ff462241aa69a635ddff624fbefab3300bf03f5a6b88a�446d6679fb5729b48e3f048f7ddb3687af142a08278fc86a03b6e41846ab3e2e�350235c743e4278cd2e4af9edc1eab4b35b2984de0c5d80b9ca9174d8fed646a���������������������������root�root�root�root�root�root�root�root�root�root�bouncycastle-1.64-3.3.1.src.rpm�������bouncycastle-pkix�mvn(org.bouncycastle:bcpkix-jdk15)�mvn(org.bouncycastle:bcpkix-jdk15:pom:)�mvn(org.bouncycastle:bcpkix-jdk15on)�mvn(org.bouncycastle:bcpkix-jdk15on:pom:)�mvn(org.bouncycastle:bcpkix-jdk16)�mvn(org.bouncycastle:bcpkix-jdk16:pom:)��������@���@����
���
���
���
bouncycastle�java-headless�javapackages-filesystem�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�1.64���3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.1�`]µ]@]�@]�@]�@[P}@[�d@ZYY4Y�@VU@V*!@U hT!Tpmonreal@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�fstrba@suse.com�tchvatal@suse.com�abergmann@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�pcervinka@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�- Security fix: [bsc#1186328, CVE-2020-15522]
* Fixes a timing issue within the EC math library
* Blind the inversion when normalizing
- Add bouncycastle-CVE-2020-15522.patch�- Fix arch dependent macros in noarch package [bsc#1109539]�- Update pom files with those from Maven repository.�- Version update to 1.64 [bsc#1153385, CVE-2019-17359]
[bsc#1096291, CVE-2018-1000180][bsc#1100694, CVE-2018-1000613]
* Security Advisory:
- CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced
a regression that can cause an OutOfMemoryError to occur on
parsing ASN.1 data.
* Defects Fixed:
- OpenSSH: Fixed padding in generated Ed25519 private keys.
- GOST3410-2012-512 now uses the GOST3411-2012-256 as its KDF digest.
- Validation of headers in PemReader now looks for tailing dashes in header.
- Some compatibility issues around the signature encryption algorithm
field in CMS SignedData and the GOST algorithms have been addressed.
* Additional Features and Functionality:
- PKCS12 key stores containing only certificates can now be created
without the need to provide passwords.
- BCJSSE: Initial support for AlgorithmConstraints; protocol versions
and cipher suites.
- BCJSSE: Initial support for 'jdk.tls.disabledAlgorithms'; protocol
versions and cipher suites.
- BCJSSE: Add SecurityManager check to access session context.
- BCJSSE: Improved SunJSSE compatibility of the NULL_SESSION.
- BCJSSE: SSLContext algorithms updated for SunJSSE compatibility
(default enabled protocols).
- The digest functions Haraka-256 and Haraka-512 have been added to
the provider and the light-weight API
- XMSS/XMSS^MT key management now allows for allocating subsets of the
private key space using the extraKeyShard() method. Use of
StateAwareSignature is now deprecated.
- Support for Java 11's NamedParameterSpec class has been added
(using reflection) to the EC and EdEC KeyPairGenerator implementations.�- Version update to 1.63
* Defects Fixed:
- The ASN.1 parser would throw a large object exception for some objects
which could be safely parsed.
- GOST3412-2015 CTR mode was unusable at the JCE level.
- The DSTU MACs were failing to reset fully on doFinal().
- The DSTU MACs would throw an exception if the key was a multiple of the
size as the MAC's underlying buffer size.
- EdEC and QTESLA were not previously usable with the post Java 9 module structure.
- ECNR was not correctly bounds checking the input and could produce invalid signatures.
- ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character).
- TLS: Fix X448 support in JcaTlsCrypto.
- Fixed field reduction for secp128r1 custom curve.
- Fixed unsigned multiplications in X448 field squaring.
- Some issues over subset Name Constraint validation in the CertPath analyser
- TimeStampResponse.getEncoded() could throw an exception if the TimeStampToken was null.
- Unnecessary memory usage in the ARGON2 implementation has been removed.
- Param-Z in the GOST-28147 algorithm was not resolving correctly.
- It is now possible to specify different S-Box parameters for the GOST 28147-89 MAC.
* Additional Features and Functionality:
- QTESLA is now updated with the round 2 changes. Note: the security catergories,
and in some cases key generation and signatures, have changed. The round 1 version is
now moved to org.bouncycastle.pqc.crypto.qteslarnd1, this package will be deleted in
1.64. Please keep in mind that QTESLA may continue to evolve.
- Support has been added for generating Ed25519/Ed448 signed certificates.
- A method for recovering the message/digest value from an ECNR signature has been added.
- Support for the ZUC-128 and ZUC-256 ciphers and MACs has been added to the provider
and the lightweight API.
- Support has been added for ChaCha20-Poly1305 AEAD mode from RFC 7539.
- Improved performance for multiple ECDSA verifications using same public key.
- Support for PBKDF2withHmacSM3 has been added to the BC provider.
- The S/MIME API has been fixed to avoid unnecessary delays due to DNS resolution of a
hosts name in internal MimeMessage preparation.
- The valid path for EST services has been updated to cope with the characters used in
the Aruba clearpass EST implementation.
- Version update to 1.62
* Defects Fixed:
- DTLS: Fixed infinite loop on IO exceptions.
- DTLS: Retransmission timers now properly apply to flights monolithically.
- BCJSSE: setEnabledCipherSuites ignores unsupported cipher suites.
- BCJSSE: SSLSocket implementations store passed-in 'host' before connecting.
- BCJSSE: Handle SSLEngine closure prior to handshake.
- BCJSSE: Provider now configurable using security config under Java 11 and later.
- EdDSA verifiers now reject overly long signatures.
- XMSS/XMSS^MT OIDs now using the values defined in RFC 8391.
- XMSS/XMSS^MT keys now encoded with OID at start.
- An error causing valid paths to be rejected due to DN based name constraints
has been fixed in the CertPath API.
- Name constraint resolution now includes special handling of serial numbers.
- Cipher implementations now handle ByteBuffer usage where the ByteBuffer has
no backing array.
- CertificateFactory now enforces presence of PEM headers when required.
- A performance issue with RSA key pair generation that was introduced in 1.61
has been mostly eliminated.
* Additional Features and Functionality:
- Builders for X509 certificates and CRLs now support replace and remove extension methods.
- DTLS: Added server-side support for HelloVerifyRequest.
- DTLS: Added support for an overall handshake timeout.
- DTLS: Added support for the heartbeat extension (RFC 6520).
- DTLS: Improve record seq. behaviour in HelloVerifyRequest scenarios.
- TLS: BasicTlsPSKIdentity now reusable (returns cloned array from getPSK).
- BCJSSE: Improved ALPN support, including selectors from Java 9.
- Lightweight RSADigestSigner now support use of NullDigest.
- SM2Engine now supports C1C3C2 mode.
- SHA256withSM2 now added to provider.
- BCJSSE: Added support for ALPN selectors (including in BC extension API for earlier JDKs).
- BCJSSE: Support 'SSL' algorithm for SSLContext (alias for 'TLS').
- The BLAKE2xs XOF has been added to the lightweight API.
- Utility classes added to support journaling of SecureRandom and algorithms to allow
persistance and later resumption.
- PGP SexprParser now handles some unprotected key types.
- NONEwithRSA support added to lightweight RSADigestSigner.
- Support for the Ethereum flavor of IES has been added to the lightweight API.
- Version update to 1.61
* Defects Fixed:
- Use of EC named curves could be lost if keys were constructed.
via a key factory and algorithm parameters.
- RFC3211WrapEngine would not properly handle messages longer than 127 bytes.
- The JCE implementations for RFC3211 would not return null AlgorithmParameters.
- TLS: Don't check CCS status for hello_request.
- TLS: Tolerate unrecognized hash algorithms.
- TLS: Tolerate unrecognized SNI types.
- Incompatibility issue in ECIES-KEM encryption in cofactor fixed.
- Issue with XMSS/XMSSMT private key loading which could result in invalid signatures fixed.
- StateAwareSignature.isSigningCapable() now returns false when the
key has reached it's maximum number of signatures.
- The McEliece KeyPairGenerator was failing to initialize the underlying
class if a SecureRandom was explicitly passed.
- The McEliece cipher would sometimes report the wrong value on a call
to Cipher.getOutputSize(int).
- CSHAKEDigest.leftEncode() was using the wrong endianness for multi byte values.
- Some ciphers, such as CAST6, were missing AlgorithmParameters implementations.
- An issue with the default "m" parameter for 1024 bit Diffie-Hellman keys which
could result in an exception on key pair generation has been fixed.
- The SPHINCS256 implementation is now more tolerant of parameters wrapped with a
SecureRandom and will not throw an exception if it receives one.
- A regression in PGPUtil.writeFileToLiteralData() which could cause corrupted
literal data has been fixed.
- Several parsing issues related to the processing of CMP PKIPublicationInfo.
- The ECGOST curves for id-tc26-gost-3410-12-256-paramSetA and
id-tc26-gost-3410-12-512-paramSetC had incorrect co-factors.
* Additional Features and Functionality:
- The qTESLA signature algorithm has been added to PQC light-weight API and the PQC provider.
- The password hashing function, Argon2 has been added to the lightweight API.
- BCJSSE: Added support for endpoint ID validation (HTTPS, LDAP, LDAPS).
- BCJSSE: Added support for 'useCipherSuitesOrder' parameter.
- BCJSSE: Added support for ALPN.
- BCJSSE: Various changes for improved compatibility with SunJSSE.
- BCJSSE: Provide default extended key/trust managers.
- TLS: Added support for TLS 1.2 features from RFC 8446.
- TLS: Removed support for EC point compression.
- TLS: Removed support for record compression.
- TLS: Updated to RFC 7627 from draft-ietf-tls-session-hash-04.
- TLS: Improved certificate sig. alg. checks.
- TLS: Finalised support for RFC 8442 cipher suites.
- Support has been added to the main Provider for the Ed25519 and Ed448 signature algorithms.
- Support has been added to the main Provider for the X25519 and X448 key agreement algorithms.
- Utility classes have been added for handling OpenSSH keys.
- Support for processing messages built using GPG and Curve25519 has been added to the OpenPGP API.
- The provider now recognises the standard SM3 OID.
- A new API for directly parsing and creating S/MIME documents has been added to the PKIX API.
- SM2 in public key cipher mode has been added to the provider API.
- The BCFKSLoadStoreParameter has been extended to allow the use of certificates and digital
signatures for verifying the integrity of BCFKS key stores.�- Package also the bcpkix bcpg bcmail bctls artifacts in separate
sub-packages
- Revert to building with source/target 6, since it is still
possible
- Added patch:
* bouncycastle-javadoc.patch
+ fix javadoc build�- Version update to 1.60 bsc#1100694:
* CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code
* CVE-2018-1000180: issue around primality tests for RSA key pair generation
if done using only the low-level API [bsc#1096291]
* Release notes:
http://www.bouncycastle.org/releasenotes.html�- Version update to 1.59:
* CVE-2017-13098: Fix against Bleichenbacher oracle when not
using the lightweight APIs (boo#1072697).
* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
signature on verification (boo#1095722).
* CVE-2016-1000339: Fix AESEngine key information leak via lookup
table accesses (boo#1095853).
* CVE-2016-1000340: Fix carry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).
* CVE-2016-1000341: Fix DSA signature generation vulnerability to
timing attack (boo#1095852).
* CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
signature on verification (boo#1095850).
* CVE-2016-1000343: Fix week default settings for private DSA key
pair generation (boo#1095849).
* CVE-2016-1000344: Remove DHIES from the provider to disable the
unsafe usage of ECB mode (boo#1096026).
* CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
attack (boo#1096025).
* CVE-2016-1000346: Fix other party DH public key validation
(boo#1096024).
* CVE-2016-1000352: Remove ECIES from the provider to disable the
unsafe usage of ECB mode (boo#1096022).
* Release notes:
http://www.bouncycastle.org/releasenotes.html
- Removed patch:
* ambiguous-reseed.patch�- Build with source and target 8 to prepare for a possible removal
of 1.6 compatibility�- Version update to 1.58
- Added patch:
* ambiguous-reseed.patch
+ Upstream fix for an ambiguous overload�- Set java source and target to 1.6 to allow building with jdk9�- New build dependency: javapackages-local
- Fixed requires
- Spec file cleaned�- Version update to 1.54:
* No obvious changelog to be found
* Fixes bnc#967521 CVE-2015-7575�- Version update to 1.53 (latest upstream)
* No obvious changelog
* Fixes bnc#951727 CVE-2015-7940�- Fix build with new javapackages-tools�- Disable tests on obs as they hang�- Version bump to 1.50 to match Fedora
- Cleanup with spec-cleaner�sheep28 1622200848������������������������������������������������������������������������1.64-3.3.1�1.64�1.64�1.64�1.64�1.64�1.64������������������������bcpkix.jar�bouncycastle-pkix�LICENSE.html�bouncycastle-bcpkix.xml�bcpkix.pom�/usr/share/java/�/usr/share/licenses/�/usr/share/licenses/bouncycastle-pkix/�/usr/share/maven-metadata/�/usr/share/maven-poms/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:19826/SUSE_SLE-15-SP2_Update/683c8f4b56035a45a1c98f5265c093a2-bouncycastle.SUSE_SLE-15-SP2_Update�drpm�xz�5�noarch-suse-linux���������������������gzip ERROR: Stdin has more than one entry--rest ignored (Zip archive data, at least v1.0 to extract Java archive data (JAR))�directory�HTML document, ASCII text�ASCII text�XML 1.0 document, ASCII text, with very long lines������������������������������������������P���P���P���P���P���P���R���R���Z��x,�A�P�����utf-8�9896f97be9922a12e9de8bbb7764e95a1ba193f68f013cb5da1b18019ee314af���������?���� ����7zXZ��
���!�����t/ �]�"��k%{?ݥ$�7_\q5�7S�gFb.
Mi,^�>\G_mpaM�'ŀ@;{Vob+a|�;Ti3.D
9��/{X��)A3{:G�ʥ}z\%u-DF�',¤5gm
�u"q�{��c4�1wGvoh���SI4mgn�3�Ҭ0�jƸ�47o�
�E�*py��}
8麯�}�7\hG5wfp�F}�!K"p�+�ǏKUO9wtk[�P�`Oy
n���H(%]?ՇU|c'�1v�ɧis_g�z6�? ePft1ڪԱdt�؆Zxł}VբPA.Xaޠ[
�y�ԙ2jV"CkPZPR9
�!3m5S���B�t\#uo+QgDJ�wIo�?Rn ּ0JǓѨuϜ�b}d-�Gj) �N(/�\T|k�@uv�䷢G;�y\+�|J3j�k�|Z�A ̍DF6Ǐ34۲d$KPl8'[Rӗ�
zu~���4��f�A��CFo�`
��q*)A�ܦ�IT
Do//z�jM~
-w!�(n?;.zHXD95l+ŃO
��UQ
İ�o�* `Na3s|oВE]#
" ��ONc"H8VB�e�
BM�Y��� A=ԧ+{"yFl!�_o�
l>A���0܌b�,8h��Q;pz�0]'
|>lIm#s>9^ڽc=oZQXNI_J[1�֚D4=�ZhN\0ċh>�.�!i�G^U�z|u�Qx<�MԖ:ec%l~H�;;#�Bv;+˜3n#7p'o�ڋ%����qaNy�-sk&��A~�Ǜ].om�TaO{Mx|�kʸ
2|Z�=װR-<�*�WċOP��-u�DTqlqC��A5C7PS.^Yo1�qL��E-c!sc)�qF.spk˖d}.�"v]/#2".P>QVTe]`^BLr�H3��cA�4>u�{1�t4Φ'M�Tbi|_
�${ɺPaLجw�GMv�h�ORXgwh�-@/���"��t8V"dҫm��TmR8B4g{�� R!A--p��`�Zv@V�6P|4�ƄqE�RPRbz2�Br�k���u\Hz$!K;
ZO�'�PK' pC̔T#��AJ?�^2äV;��[M�E�m�'1t�b��ÅuF EtZi.wǛR2&��
�\&7z;d�KԹW�fT10�l �[OVcG/ƙj�WE]
$�"n3Ա���C3I^2e~��``m_�Y��dsQ6^7٩qYoM柵׀Oeq|!��P-�C*+07d2:>D/�њ�nW/JY�x_~wKÏS�(J-.�ڸ.c]}l1[l9�A�9KAF�1�QoP?�'�qS�m-W�� l]�@|�4�DGF|X#Mz��o*CX�k�jy/Kzx*Z�^Dܭ�Dt�ä��'&sL
I���Z? _Y��;]VU��wd+/b�&FKL{U
KV揨�=,xI)-�ɲ�ӗ91r3T/pLY}~9rQZ��m!*y�� <&eɊȲפp�':�lm<�nr�>q7ueW�2�
l䰡mȝqȜ�뻻!�t�M�AWc;l�<5�1je�8�^c�
^\VM,%8L9=�xcȾ O{�Y;.^(�Ğ2z\��GӖs�t
����<;#q3|§1�nu�sf&MT�}a�|�uyhv�?tj)�t}.�nJ�ѡ`&�'�ҧ5I&g
OrOM �Dn#"z:-C)��ZbHK\���HARL=s?�{�Ԩ#iZ~/:/6֘1)�dP��n9-�B0iy$gi܅�34zK+�=YYYJ������}^8��}>�Ƙh<�6Qa���A��n_5�������
YZ