Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package bouncycastle for openSUSE:Factory checked in at 2026-04-18 21:34:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bouncycastle (Old) and /work/SRC/openSUSE:Factory/.bouncycastle.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bouncycastle" Sat Apr 18 21:34:08 2026 rev:48 rq:1347331 version:1.84 Changes: -------- --- /work/SRC/openSUSE:Factory/bouncycastle/bouncycastle.changes 2025-12-18 18:29:06.943726263 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bouncycastle.changes 2026-04-18 21:34:15.084371641 +0200 @@ -1,0 +2,86 @@ +Thu Apr 16 13:49:52 UTC 2026 - Pedro Monreal <[email protected]> + +- Update to 1.84: + * Security Fixes: + - CVE-2025-14813: GOSTCTR implementation unable to process more than + 255 blocks correctly. (bsc#1262225) + - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java. + (bsc#1262226) + - CVE-2026-3505: Unbounded PGP AEAD chunk size leads to pre-auth + resource exhaustion. (bsc#1262232) + - CVE-2026-5588: PKIX draft CompositeVerifier accepts empty signature + sequence as valid. (bsc#1262228) + - CVE-2026-5598: Non-constant time comparisons risk private key + leakage in FrodoKEM. (bsc#1262227) + * Additional Features and Functionality: + - In line with JVM changes, KEM support has been backported to + Java 17. + - BCJSSE: Configurable (client) early key_share groups via + BCSSLParameters.earlyKeyShares or + 'org.bouncycastle.jsse.client.earlyKeyShares' system property. + - BCJSSE: Support for curveSM2MLKEM768 hybrid NamedGroup in TLS + 1.3 per draft-yang-tls-hybrid-sm2-mlkem-03. + - BCJSSE: Log when default cipher suites are disabled. + - BCJSSE: Experimental support for ShangMi crypto in TLS 1.3 per + RFC 8998 (not enabled by default). + - CMS: Added CMSAuthEnvelopedDataStreamGenerator.open taking an + explicit content type. + - HKDF: Provider support for HKDFParameterSpec.Expand. + - Added initial support for RFC 9380 (Hashing to Elliptic Curves); + see org.bouncycastle.crypto.hash2curve . + - PKCS12: Added default max iteration count of 5,000,000 (configurable + via 'org.bouncycastle.pkcs12.max_it_count' property). + - TLS: Use javax.crypto.KEM API (when available) to access ML-KEM + implementation (incl. hybrids). + - A new KeyStore, PKCS12-PBMAC1, has been added which defaults to + using PBMAC1 and supports RFC 9879. + - A new property 'org.bouncycastle.asn1.max_cons_depth' has been added + to allow setting of the maximum nesting for SETs/SEQUENCESs in ASN.1. + Default is 32. + - A new property 'org.bouncycastle.asn1.max_limit' has been added + to allow setting of the stream size of ASN.1 encodings. The value can + be either in bytes, or appended with k (1 kilobyte blocks), m (1 + megabyte blocks), or g (1 gigabyte blocks). + - Added NTRU+ support to the lightweight PQC API and the BCPQC provider. + - Added SM4 key wrap/unwrap mode, SM2 key exchange, and logging to SM2Signer. + - OpenPGP: Added encryption-key filtering by purpose, a new OpenPGPKey + constructor, KeyPassphraseProvider-based passphrase change, wildcard + (anonymous) recipient handling, and Web-of-Trust methods for + third-party signature chains and delegations. + - CMSSignedDataStreamGenerator can now support the generation of DER/DL + encoded SignedData objects (note memory restrictions still apply). + - It is now possible to add extra digest alorithm IDs to + CMSSignedDataStreamGenerator when required. + * Defects Fixed: + - Random numbers being generated for DSTU4145 signature calculations + were 1 bit shorter than they could be. The code has been corrected + to allow the generated numbers to occupy the full numeric range available. + - HKDF implementation has been corrected to use multiple IKMs if available. + - CompositePublic/PrivateKey builders had an issue identifying brainpool + and EdDSA curves from the algorithm names due to an error in the OID + mapping table. This has been fixed. + - S/MIME: Fix AuthEnveloped support for AES192/GCM and AES256/GCM. + - CMS: Use implicit tag for AuthEnvelopedData.authEncryptedContentInfo.encryptedContent. + - Fixed Strings.split to handle delimiters at position 0. + - Fixed FrodoKEM error sampling to be constant-time. + - Fixed PKIXNameConstraintValidator to treat a DNS name as intersecting itself. + - Fixed PKCS12 key stores not calling getInstance with the original provider + (which was forcing provider registration). + - A resource leak due to the SMIMESigned constructor leaving background + threads hanging on MessagingException has been fixed. + - OpenPGP: Fixed an issue where a custom signature creation time was + ignored when generating message signatures. + - OpenPGP: Fixed SKESK encoding for direct-S2K-encrypted messages. + * Additional Notes: + - DSA was recently deprecated by NIST and several users have requested + that we move to an RSA signing certificate for provider signing + instead of our current DSA one. We are grateful to report that Oracle + have been very supportive of this and issued us a second RSA certificate + based on a new RSA key for signing providers. Providers signed with the + previous DSA key will continue to work as before. + - This will be the last release which will recognise Dilithium and + SphincsPlus in the BC provider, the Kyber wrapper (which is just ML-KEM) + will also be removed. The algorithms won't be deleted in 1.85, but will + only be accessible via the low-level APIs and deleted in a later release. + +------------------------------------------------------------------- Old: ---- bcjmail-jdk18on-1.83.pom bcmail-jdk18on-1.83.pom bcpg-jdk18on-1.83.pom bcpkix-jdk18on-1.83.pom bcprov-jdk18on-1.83.pom bctls-jdk18on-1.83.pom bcutil-jdk18on-1.83.pom r1rv83.tar.gz New: ---- bcjmail-jdk18on-1.84.pom bcmail-jdk18on-1.84.pom bcpg-jdk18on-1.84.pom bcpkix-jdk18on-1.84.pom bcprov-jdk18on-1.84.pom bctls-jdk18on-1.84.pom bcutil-jdk18on-1.84.pom r1rv84.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bouncycastle.spec ++++++ --- /var/tmp/diff_new_pack.YnRrek/_old 2026-04-18 21:34:19.604555298 +0200 +++ /var/tmp/diff_new_pack.YnRrek/_new 2026-04-18 21:34:19.612555623 +0200 @@ -1,7 +1,7 @@ # # spec file for package bouncycastle # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %global ver_major 1 -%global ver_minor 83 +%global ver_minor 84 #%%global ver_micro 1 %global gittag r%{ver_major}rv%{ver_minor}%{?ver_micro:v%{ver_micro}} %global archivever jdk18on-%{ver_major}.%{ver_minor}%{?ver_micro:0%{ver_micro}} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.YnRrek/_old 2026-04-18 21:34:20.000571389 +0200 +++ /var/tmp/diff_new_pack.YnRrek/_new 2026-04-18 21:34:20.048573339 +0200 @@ -1,6 +1,6 @@ -mtime: 1765879815 -commit: b9a6238172860cf3ae84a0753ab14895c534b0d3e4fef344ae978c0b5e7794a0 +mtime: 1776349843 +commit: ded791bd0a9f8637d3dba60e9db7c35e2c62a9c430687911f45995431f309de8 url: https://src.opensuse.org/java-packages/bouncycastle.git -revision: b9a6238172860cf3ae84a0753ab14895c534b0d3e4fef344ae978c0b5e7794a0 +revision: ded791bd0a9f8637d3dba60e9db7c35e2c62a9c430687911f45995431f309de8 projectscmsync: https://src.opensuse.org/java-packages/_ObsPrj ++++++ bcjmail-jdk18on-1.83.pom -> bcjmail-jdk18on-1.84.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bcjmail-jdk18on-1.83.pom 2025-12-18 18:29:06.843722063 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bcjmail-jdk18on-1.84.pom 2026-04-18 21:34:14.984367578 +0200 @@ -5,7 +5,7 @@ <artifactId>bcjmail-jdk18on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle JavaMail Jakarta S/MIME APIs</name> - <version>1.83</version> + <version>1.84</version> <description>The Bouncy Castle Java APIs for doing S/MIME with the Jakarta Mail APIs. The APIs are designed primarily to be used in conjunction with the BC Java provider for Java 1.8 and later.</description> <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url> <licenses> @@ -33,7 +33,7 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk18on</artifactId> - <version>1.83</version> + <version>1.84</version> <type>jar</type> </dependency> </dependencies> ++++++ bcmail-jdk18on-1.83.pom -> bcmail-jdk18on-1.84.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bcmail-jdk18on-1.83.pom 2025-12-18 18:29:06.859722736 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bcmail-jdk18on-1.84.pom 2026-04-18 21:34:14.996368066 +0200 @@ -5,7 +5,7 @@ <artifactId>bcmail-jdk18on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle JavaMail S/MIME APIs</name> - <version>1.83</version> + <version>1.84</version> <description>The Bouncy Castle Java APIs for doing S/MIME with JavaMail. The APIs are designed primarily to be used in conjunction with the BC Java provider for Java 1.8 and later.</description> <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url> <licenses> @@ -33,7 +33,7 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk18on</artifactId> - <version>1.83</version> + <version>1.84</version> <type>jar</type> </dependency> </dependencies> ++++++ bcpg-jdk18on-1.83.pom -> bcpg-jdk18on-1.84.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bcpg-jdk18on-1.83.pom 2025-12-18 18:29:06.867723071 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bcpg-jdk18on-1.84.pom 2026-04-18 21:34:15.016368879 +0200 @@ -5,7 +5,7 @@ <artifactId>bcpg-jdk18on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle OpenPGP APIs</name> - <version>1.83</version> + <version>1.84</version> <description>The Bouncy Castle Java APIs for the OpenPGP Protocol. The APIs are designed primarily to be used in conjunction with the BC Java provider but may also be used with other providers providing cryptographic services. This jar is designed to work best with Java 1.8 and later.</description> <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url> <licenses> @@ -38,13 +38,13 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk18on</artifactId> - <version>1.83</version> + <version>1.84</version> <type>jar</type> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcutil-jdk18on</artifactId> - <version>1.83</version> + <version>1.84</version> <type>jar</type> </dependency> </dependencies> ++++++ bcpkix-jdk18on-1.83.pom -> bcpkix-jdk18on-1.84.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bcpkix-jdk18on-1.83.pom 2025-12-18 18:29:06.887723912 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bcpkix-jdk18on-1.84.pom 2026-04-18 21:34:15.024369204 +0200 @@ -5,7 +5,7 @@ <artifactId>bcpkix-jdk18on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name> - <version>1.83</version> + <version>1.84</version> <description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for Java 1.8 and later. The APIs are designed primarily to be used in conjunction with the BC Java provider but may also be used with other providers providing cryptographic services.</description> <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url> <licenses> @@ -33,7 +33,7 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcutil-jdk18on</artifactId> - <version>1.83</version> + <version>1.84</version> <type>jar</type> </dependency> </dependencies> ++++++ bcprov-jdk18on-1.83.pom -> bcprov-jdk18on-1.84.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bcprov-jdk18on-1.83.pom 2025-12-18 18:29:06.895724247 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bcprov-jdk18on-1.84.pom 2026-04-18 21:34:15.028369367 +0200 @@ -5,8 +5,8 @@ <artifactId>bcprov-jdk18on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle Provider</name> - <version>1.83</version> - <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains the JCA/JCE provider and low-level API for the BC Java version 1.83 for Java 1.8 and later.</description> + <version>1.84</version> + <description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains the JCA/JCE provider and low-level API for the BC Java version 1.84 for Java 1.8 and later.</description> <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url> <licenses> <license> ++++++ bctls-jdk18on-1.83.pom -> bctls-jdk18on-1.84.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bctls-jdk18on-1.83.pom 2025-12-18 18:29:06.907724751 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bctls-jdk18on-1.84.pom 2026-04-18 21:34:15.036369691 +0200 @@ -5,7 +5,7 @@ <artifactId>bctls-jdk18on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle TLS/JSSE APIs</name> - <version>1.83</version> + <version>1.84</version> <description>The Bouncy Castle Java APIs for the TLS, including a JSSE provider (except in Java 4). The APIs are designed primarily to be used in conjunction with the BC Java provider but may also be used with other providers providing cryptographic services. This jar is designed to best work with Java 1.8 and later.</description> <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url> <licenses> @@ -33,7 +33,7 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcutil-jdk18on</artifactId> - <version>1.83</version> + <version>1.84</version> <type>jar</type> </dependency> </dependencies> ++++++ bcutil-jdk18on-1.83.pom -> bcutil-jdk18on-1.84.pom ++++++ --- /work/SRC/openSUSE:Factory/bouncycastle/bcutil-jdk18on-1.83.pom 2025-12-18 18:29:06.915725088 +0100 +++ /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/bcutil-jdk18on-1.84.pom 2026-04-18 21:34:15.040369854 +0200 @@ -5,7 +5,7 @@ <artifactId>bcutil-jdk18on</artifactId> <packaging>jar</packaging> <name>Bouncy Castle ASN.1 Extension and Utility APIs</name> - <version>1.83</version> + <version>1.84</version> <description>The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for Java 1.8 and later.</description> <url>https://www.bouncycastle.org/download/bouncy-castle-java/</url> <licenses> @@ -33,7 +33,7 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk18on</artifactId> - <version>1.83</version> + <version>1.84</version> <type>jar</type> </dependency> </dependencies> ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-04-16 19:51:01.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ r1rv83.tar.gz -> r1rv84.tar.gz ++++++ /work/SRC/openSUSE:Factory/bouncycastle/r1rv83.tar.gz /work/SRC/openSUSE:Factory/.bouncycastle.new.11940/r1rv84.tar.gz differ: char 15, line 1
