Overview

File _patchinfo of Package patchinfo.37066

<patchinfo incident="37066">
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for bouncycastle, jsch, ed25519-java</summary>
  <description>This update for bouncycastle, jsch and ed25519-java fixes the following issues:

bouncycastle was updated from version 1.78 to 1.79:

- Bugfixes to address issues with:
  * Ed25519 signatures
  * Elephant cipher handling of large messages
  * CMSSignedData signer replacement
  * ERSInputStreamData hashing
  * CRL loading
  * EC curve name lookups
  * PhotonBeetle and Xoodyak digest resetting
  * OCSP caching
  * Java 21 provider service handling
  * CMS version calculation
  * Incorrect PGP armored output version strings
  * PGP algorithm lookups

- New Features and Functionalities:
  * Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA.
  * The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA
    (including pre-hash) have been added to the BC provider and the lightweight API.
  * A new spec, ContextParameterSpec, has been added to support
    signature contexts for ML-DSA and SLH-DSA.
  * BCJSSE: Added support for security property
    "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).
  * BCJSSE: Added support for signature_algorithms_cert configuration via
    "org.bouncycastle.jsse.client.SignatureSchemesCert" and
    "org.bouncycastle.jsse.server.SignatureSchemesCert" system properties
    or BCSSLParameters property "SignatureSchemesCert".
  * BCJSSE: Added support for boolean system property
    "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default).
  * (D)TLS: Removed redundant verification of self-generated RSA signatures.
  * CompositePrivateKeys now support the latest revision of the composite
    signature draft.
  * Delta Certificates now support the latest revision of the delta
    certificate extension draft.
  * A general KeyIdentifier class, encapsulating both PGP KeyID and the
    PGP key fingerprint has been added to the PGP API.
  * Support for the LibrePGP PreferredEncryptionModes signature subpacket
    has been added to the PGP API.
  * Support for Version 6 signatures, including salts, has been added to the PGP API.
  * Support for the PreferredKeyServer signature supacket has been added to the PGP API.
  * Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)",
    has been added to the CMS API.
  * Support for the Argon2 S2K has been added to the PGP API.
  * The system property "org.bouncycastle.pemreader.lax" has been introduced
    for situations where the BC PEM parsing is now too strict.
  * The system property "org.bouncycastle.ec.disable_f2m" has been introduced
    to allow F2m EC support to be disabled.

jsch was updated from version 0.2.15 to 0.2.22:

- Key changes across these versions:
  * Authentication and logging improvements
  * Date handling improvements using java.time classes
  * DHGEX prime modulus enforcement
  * Expanded KEX algorithm support, this requires Bouncy Castle
  * Fixed a GSSAPI authentication issue
  * Fixed possible rekeying timeouts
  * Fixed SignatureECDSAN private key handling
  * Improved handling of negated patterns
  * Introduction of JSchProxyException
  * Modernized fingerprint output
  * More accurate ext-info logging
  * PBKDF2 algorithm additions (SHA512/256 &amp; SHA512/224)

ed25519-java:

- Fixed minor build issues

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places