bouncycastle-pkix-1.64-lp152.2.3.1<>,P؉`u/=„ Chz 7@w1.p-/[N!u,NN 6IFJ@AQ® &jbF[WLk@zYj r|#>n1% H)~"FLإ6W(΢A1,9>OOB?FŤ`OfLTzj^tn sь%R!(?Rx|dY 5=Pzk ǡEdNsN ׀ԛ֦Ҽh?#nEV)t$g@K6XΕU7,Z>>=?=|d % gx|    * 4 H M Th~(89:F9G9(H9<I9PX9XY9t\9]9^:b:c;-d;e;f;l;u;v;w<x<y<z==,=0=6=xCbouncycastle-pkix1.64lp152.2.3.1Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIsThe Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.`ucloud114openSUSE Leap 15.2openSUSEMIThttp://bugs.opensuse.orgDevelopment/Libraries/Javahttps://www.bouncycastle.orglinuxnoarchA큤`>`G``>] edcfa449bc3efd201f9586a8d2fe4282eb7abee27362d5ac55356e10c624d45b6bf0c9181a98f1de795ff462241aa69a635ddff624fbefab3300bf03f5a6b88a446d6679fb5729b48e3f048f7ddb3687af142a08278fc86a03b6e41846ab3e2e350235c743e4278cd2e4af9edc1eab4b35b2984de0c5d80b9ca9174d8fed646arootrootrootrootrootrootrootrootrootrootbouncycastle-1.64-lp152.2.3.1.src.rpmbouncycastle-pkixmvn(org.bouncycastle:bcpkix-jdk15)mvn(org.bouncycastle:bcpkix-jdk15:pom:)mvn(org.bouncycastle:bcpkix-jdk15on)mvn(org.bouncycastle:bcpkix-jdk15on:pom:)mvn(org.bouncycastle:bcpkix-jdk16)mvn(org.bouncycastle:bcpkix-jdk16:pom:)@@    bouncycastlejava-headlessjavapackages-filesystemrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1.643.0.4-14.6.0-14.0-15.2-14.14.1`]µ]@]@]@]@[P}@[d@ZYY4Y@VU@V*!@U hT!TPedro Monreal Pedro Monreal Gonzalez Pedro Monreal Gonzalez Pedro Monreal Gonzalez Pedro Monreal Gonzalez Fridrich Strba tchvatal@suse.comabergmann@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.compcervinka@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.com- Security fix: [bsc#1186328, CVE-2020-15522] * Fixes a timing issue within the EC math library * Blind the inversion when normalizing - Add bouncycastle-CVE-2020-15522.patch- Fix arch dependent macros in noarch package [bsc#1109539]- Update pom files with those from Maven repository.- Version update to 1.64 [bsc#1153385, CVE-2019-17359] [bsc#1096291, CVE-2018-1000180][bsc#1100694, CVE-2018-1000613] * Security Advisory: - CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. * Defects Fixed: - OpenSSH: Fixed padding in generated Ed25519 private keys. - GOST3410-2012-512 now uses the GOST3411-2012-256 as its KDF digest. - Validation of headers in PemReader now looks for tailing dashes in header. - Some compatibility issues around the signature encryption algorithm field in CMS SignedData and the GOST algorithms have been addressed. * Additional Features and Functionality: - PKCS12 key stores containing only certificates can now be created without the need to provide passwords. - BCJSSE: Initial support for AlgorithmConstraints; protocol versions and cipher suites. - BCJSSE: Initial support for 'jdk.tls.disabledAlgorithms'; protocol versions and cipher suites. - BCJSSE: Add SecurityManager check to access session context. - BCJSSE: Improved SunJSSE compatibility of the NULL_SESSION. - BCJSSE: SSLContext algorithms updated for SunJSSE compatibility (default enabled protocols). - The digest functions Haraka-256 and Haraka-512 have been added to the provider and the light-weight API - XMSS/XMSS^MT key management now allows for allocating subsets of the private key space using the extraKeyShard() method. Use of StateAwareSignature is now deprecated. - Support for Java 11's NamedParameterSpec class has been added (using reflection) to the EC and EdEC KeyPairGenerator implementations.- Version update to 1.63 * Defects Fixed: - The ASN.1 parser would throw a large object exception for some objects which could be safely parsed. - GOST3412-2015 CTR mode was unusable at the JCE level. - The DSTU MACs were failing to reset fully on doFinal(). - The DSTU MACs would throw an exception if the key was a multiple of the size as the MAC's underlying buffer size. - EdEC and QTESLA were not previously usable with the post Java 9 module structure. - ECNR was not correctly bounds checking the input and could produce invalid signatures. - ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character). - TLS: Fix X448 support in JcaTlsCrypto. - Fixed field reduction for secp128r1 custom curve. - Fixed unsigned multiplications in X448 field squaring. - Some issues over subset Name Constraint validation in the CertPath analyser - TimeStampResponse.getEncoded() could throw an exception if the TimeStampToken was null. - Unnecessary memory usage in the ARGON2 implementation has been removed. - Param-Z in the GOST-28147 algorithm was not resolving correctly. - It is now possible to specify different S-Box parameters for the GOST 28147-89 MAC. * Additional Features and Functionality: - QTESLA is now updated with the round 2 changes. Note: the security catergories, and in some cases key generation and signatures, have changed. The round 1 version is now moved to org.bouncycastle.pqc.crypto.qteslarnd1, this package will be deleted in 1.64. Please keep in mind that QTESLA may continue to evolve. - Support has been added for generating Ed25519/Ed448 signed certificates. - A method for recovering the message/digest value from an ECNR signature has been added. - Support for the ZUC-128 and ZUC-256 ciphers and MACs has been added to the provider and the lightweight API. - Support has been added for ChaCha20-Poly1305 AEAD mode from RFC 7539. - Improved performance for multiple ECDSA verifications using same public key. - Support for PBKDF2withHmacSM3 has been added to the BC provider. - The S/MIME API has been fixed to avoid unnecessary delays due to DNS resolution of a hosts name in internal MimeMessage preparation. - The valid path for EST services has been updated to cope with the characters used in the Aruba clearpass EST implementation. - Version update to 1.62 * Defects Fixed: - DTLS: Fixed infinite loop on IO exceptions. - DTLS: Retransmission timers now properly apply to flights monolithically. - BCJSSE: setEnabledCipherSuites ignores unsupported cipher suites. - BCJSSE: SSLSocket implementations store passed-in 'host' before connecting. - BCJSSE: Handle SSLEngine closure prior to handshake. - BCJSSE: Provider now configurable using security config under Java 11 and later. - EdDSA verifiers now reject overly long signatures. - XMSS/XMSS^MT OIDs now using the values defined in RFC 8391. - XMSS/XMSS^MT keys now encoded with OID at start. - An error causing valid paths to be rejected due to DN based name constraints has been fixed in the CertPath API. - Name constraint resolution now includes special handling of serial numbers. - Cipher implementations now handle ByteBuffer usage where the ByteBuffer has no backing array. - CertificateFactory now enforces presence of PEM headers when required. - A performance issue with RSA key pair generation that was introduced in 1.61 has been mostly eliminated. * Additional Features and Functionality: - Builders for X509 certificates and CRLs now support replace and remove extension methods. - DTLS: Added server-side support for HelloVerifyRequest. - DTLS: Added support for an overall handshake timeout. - DTLS: Added support for the heartbeat extension (RFC 6520). - DTLS: Improve record seq. behaviour in HelloVerifyRequest scenarios. - TLS: BasicTlsPSKIdentity now reusable (returns cloned array from getPSK). - BCJSSE: Improved ALPN support, including selectors from Java 9. - Lightweight RSADigestSigner now support use of NullDigest. - SM2Engine now supports C1C3C2 mode. - SHA256withSM2 now added to provider. - BCJSSE: Added support for ALPN selectors (including in BC extension API for earlier JDKs). - BCJSSE: Support 'SSL' algorithm for SSLContext (alias for 'TLS'). - The BLAKE2xs XOF has been added to the lightweight API. - Utility classes added to support journaling of SecureRandom and algorithms to allow persistance and later resumption. - PGP SexprParser now handles some unprotected key types. - NONEwithRSA support added to lightweight RSADigestSigner. - Support for the Ethereum flavor of IES has been added to the lightweight API. - Version update to 1.61 * Defects Fixed: - Use of EC named curves could be lost if keys were constructed. via a key factory and algorithm parameters. - RFC3211WrapEngine would not properly handle messages longer than 127 bytes. - The JCE implementations for RFC3211 would not return null AlgorithmParameters. - TLS: Don't check CCS status for hello_request. - TLS: Tolerate unrecognized hash algorithms. - TLS: Tolerate unrecognized SNI types. - Incompatibility issue in ECIES-KEM encryption in cofactor fixed. - Issue with XMSS/XMSSMT private key loading which could result in invalid signatures fixed. - StateAwareSignature.isSigningCapable() now returns false when the key has reached it's maximum number of signatures. - The McEliece KeyPairGenerator was failing to initialize the underlying class if a SecureRandom was explicitly passed. - The McEliece cipher would sometimes report the wrong value on a call to Cipher.getOutputSize(int). - CSHAKEDigest.leftEncode() was using the wrong endianness for multi byte values. - Some ciphers, such as CAST6, were missing AlgorithmParameters implementations. - An issue with the default "m" parameter for 1024 bit Diffie-Hellman keys which could result in an exception on key pair generation has been fixed. - The SPHINCS256 implementation is now more tolerant of parameters wrapped with a SecureRandom and will not throw an exception if it receives one. - A regression in PGPUtil.writeFileToLiteralData() which could cause corrupted literal data has been fixed. - Several parsing issues related to the processing of CMP PKIPublicationInfo. - The ECGOST curves for id-tc26-gost-3410-12-256-paramSetA and id-tc26-gost-3410-12-512-paramSetC had incorrect co-factors. * Additional Features and Functionality: - The qTESLA signature algorithm has been added to PQC light-weight API and the PQC provider. - The password hashing function, Argon2 has been added to the lightweight API. - BCJSSE: Added support for endpoint ID validation (HTTPS, LDAP, LDAPS). - BCJSSE: Added support for 'useCipherSuitesOrder' parameter. - BCJSSE: Added support for ALPN. - BCJSSE: Various changes for improved compatibility with SunJSSE. - BCJSSE: Provide default extended key/trust managers. - TLS: Added support for TLS 1.2 features from RFC 8446. - TLS: Removed support for EC point compression. - TLS: Removed support for record compression. - TLS: Updated to RFC 7627 from draft-ietf-tls-session-hash-04. - TLS: Improved certificate sig. alg. checks. - TLS: Finalised support for RFC 8442 cipher suites. - Support has been added to the main Provider for the Ed25519 and Ed448 signature algorithms. - Support has been added to the main Provider for the X25519 and X448 key agreement algorithms. - Utility classes have been added for handling OpenSSH keys. - Support for processing messages built using GPG and Curve25519 has been added to the OpenPGP API. - The provider now recognises the standard SM3 OID. - A new API for directly parsing and creating S/MIME documents has been added to the PKIX API. - SM2 in public key cipher mode has been added to the provider API. - The BCFKSLoadStoreParameter has been extended to allow the use of certificates and digital signatures for verifying the integrity of BCFKS key stores.- Package also the bcpkix bcpg bcmail bctls artifacts in separate sub-packages - Revert to building with source/target 6, since it is still possible - Added patch: * bouncycastle-javadoc.patch + fix javadoc build- Version update to 1.60 bsc#1100694: * CVE-2018-1000613 Use of Externally-ControlledInput to Select Classes or Code * CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API [bsc#1096291] * Release notes: http://www.bouncycastle.org/releasenotes.html- Version update to 1.59: * CVE-2017-13098: Fix against Bleichenbacher oracle when not using the lightweight APIs (boo#1072697). * CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of signature on verification (boo#1095722). * CVE-2016-1000339: Fix AESEngine key information leak via lookup table accesses (boo#1095853). * CVE-2016-1000340: Fix carry propagation bugs in the implementation of squaring for several raw math classes (boo#1095854). * CVE-2016-1000341: Fix DSA signature generation vulnerability to timing attack (boo#1095852). * CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of signature on verification (boo#1095850). * CVE-2016-1000343: Fix week default settings for private DSA key pair generation (boo#1095849). * CVE-2016-1000344: Remove DHIES from the provider to disable the unsafe usage of ECB mode (boo#1096026). * CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle attack (boo#1096025). * CVE-2016-1000346: Fix other party DH public key validation (boo#1096024). * CVE-2016-1000352: Remove ECIES from the provider to disable the unsafe usage of ECB mode (boo#1096022). * Release notes: http://www.bouncycastle.org/releasenotes.html - Removed patch: * ambiguous-reseed.patch- Build with source and target 8 to prepare for a possible removal of 1.6 compatibility- Version update to 1.58 - Added patch: * ambiguous-reseed.patch + Upstream fix for an ambiguous overload- Set java source and target to 1.6 to allow building with jdk9- New build dependency: javapackages-local - Fixed requires - Spec file cleaned- Version update to 1.54: * No obvious changelog to be found * Fixes bnc#967521 CVE-2015-7575- Version update to 1.53 (latest upstream) * No obvious changelog * Fixes bnc#951727 CVE-2015-7940- Fix build with new javapackages-tools- Disable tests on obs as they hang- Version bump to 1.50 to match Fedora - Cleanup with spec-cleanercloud114 16246449811.64-lp152.2.3.11.641.641.641.641.641.64bcpkix.jarbouncycastle-pkixLICENSE.htmlbouncycastle-bcpkix.xmlbcpkix.pom/usr/share/java//usr/share/licenses//usr/share/licenses/bouncycastle-pkix//usr/share/maven-metadata//usr/share/maven-poms/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16608/openSUSE_Leap_15.2_Update/fdc372b7038dd3a0ca59a20ee3d05951-bouncycastle.openSUSE_Leap_15.2_Updatedrpmxz5noarch-suse-linuxgzip ERROR: Stdin has more than one entry--rest ignored (Zip archive data, at least v1.0 to extract Java archive data (JAR))directoryHTML document, ASCII textASCII textXML 1.0 document, ASCII text, with very long linesPPPPPPRR.bՉ-=ysutf-8ee691a676238f538d5a4620abf8de07aabd94ca138f458ae0ae86edd07107e4a? 7zXZ !t/"]"k%f'+ woBغ(X_oᵿ?<洋UVpah5"A^{iJλm ',OuU+†X"([CD0pk+|/,B  v5Rc&3 }>g$'y[hV}Ek\.;,Ȋ9:g\lSX]*3iC*Ёy$KIU ; ]DYڙUJ}<`4]$UCcu_Lvm3E0!^Ux!)\܄87]tn[ᦻI$B.]rtM,IT]b)KJ)A@7+H8O} _]p^(kC>VZ^s_@<␠Oxi^OЮ9I524V.G>73vׁ'lG'ܘӀtvg=g:}v48)Axv#5$aEM@=5S&xjy6l6DF0) vz2 Q?Rʣ~l֬OлzRgzi%oY5nH/=`>f|ӌW긭ϺCD `kg%V)@wfte03_Ɣ jkΝ<|la82e5z2$C=cTi}komg-V;`_Iv8g)ghkpՇbXf?sO頝ْʜ1ͧM`X1Eq# *9ռ2Z'>AYv4v}Z];:_M0y1Rd-;ZdT?r*SoV~j]:W >.V0AKŘ;R[sXw` EX?[}t¾Ɨ_a ET=;E̼7YWgdȫJBbN2"^ڮS4 hH0Fz]>\_Ӑ[ua?y_sH;'J/ݨ| ^DE'=5A{mmj)j jEr6J=~uȠj_!)JS҆+ɴi3E-ז[Р:N+:,*y2KAhw ,_1xU@x|Jk{Ѣ j9!X6Z&wchBaSsL{!ܶP̣iRmU|) û4VQwlb'E;~;>gL`k)T{I4 P15#Xg^]@'?/_k,##^kCYre8'ט[gjtMjC? %Ăb&e mÐU#( s/ۇ%՘AZr+Z@vPO֧ Y332Zzt߅b ҂a|<']#iRH~|;*oWCYlÐ22:9§ {sj3 ^pFRզŮG`zx}t-zH (EIP;je}ּUK+ǧǏMD'nx-{UNq긂K[eW]%؛u6EʜK>mBGʍ+kY! rQAH5{cmB=Q <b|o07)oV9K!\Q;3#3WaǸTDy>+V4sF'C ]G۳gs4cMܷY)"?/|P:En\Vrm. Rg֬㑞VfE?idFn31Px2%@#^>K5 l U>"Nʸa:g1 os.9P{'_ͯ!ӋN9|OnIob ³!Ӌ&ԲlR=e0:𻦜YE9V};d|);4r PM8v,lɕ ;'sQ!W?gix,;aдV +ȫ]&Xh&uFR&΀ A\戱YFعΎ(/c3s'0˳2 ,D5<8unrVZJ Y/Prkt?ǪnjA.̮2,tnƖq O?EVV!ݛ>ſ: ^]fBx,Q&hC9?PG?_XwCZMZ%V4gl>N@,R%17bzoRЩpE!Z GP)%+E\h$aNgt=|,Hwߍ s'n1(fʂpwPE sdmw@pGc>/[_ !EQ[<$x+Iֽ{1b&MC8kÃF Y͹+~"#M:]zۃkEOR&>M`_tF8SEfi?uA 9&\ZfG9[ )2ȨZ`8;/ Q5ƻ"-栾c}i|>uq1kQR7p Yݸ%f(?D.~ PԦ"wCanM0_| Z! @T+޺WSkR;x2.a6x@M2Mm"& .YO$"MYdEyJLJrxEpno.<;y* ߣUhI4fޔ&4WW jN|rDrNm{_M)8Fi֒PTZN?]eRV(!N2м7M:ʇm,//>e&Ih"ZĘ/m۰3?F;SA;lp:FeUx skBeX~VIO^՘ =cS\&JODVwa:zAPDyFvOabJ̀:tE8hB.t,d\T/`c{Չ>pm)}䞔i/cn9*R|RUjKx?69 *:IRq Th0