-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-0554 2011-03-03 00:37:47 --------------------------------------------------------------------------------
Name : bouncycastle Product : Fedora EPEL 6 Version : 1.46 Release : 1.el6 URL : http://www.bouncycastle.org/ Summary : Bouncy Castle Crypto Package for Java Description : The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.
-------------------------------------------------------------------------------- Update Information:
Release Notes - Java APIs 1.X - Version 1.46
* Bug * [BJA-60] - JCE EC keypairs to be serializable * [BJA-151] - RFC3280/CertpathValidator infinite loop crashes as StackOverFlowError * [BJA-197] - Add a binary to PEM converter * [BJA-226] - PKCS12 KeyStore should write using DEROutputStream, not BEROutputStream * [BJA-227] - AccessControlException trying to put provider properties during initialisation * [BJA-228] - Extra array copy in BEROctetStringGenerator * [BJA-240] - Adding an identifier to PKCSObjectIdentifiers * [BJA-241] - AccessControlException creating instance of org.bouncycastle.jce.provider.symmetric.AESMappings in provider constructor * [BJA-242] - Parsing ESSCertIDv2 fails if Algorithm Identifier is id_sha256 * [BJA-244] - Unprintable characters in DSAParametersGenerator.java * [BJA-249] - Incorrect fetching of CRLs for specified time * [BJA-255] - Incompatibility between TimeStampToken#validate and RFC 3161 * [BJA-259] - Tag number check is missing in `asn1.cms.ContentInfo` parser * [BJA-260] - ECPoint calculation not correct * [BJA-268] - Can't validate SMIME message (generated by BC) * [BJA-271] - The method isRevoked in class X509CRLObject is not thread-safe * [BJA-272] - Checking revocation reason on CRL without extensions produces NPE * [BJA-276] - PGPUtil.getDecoderStream() and streams larger 2GB * [BJA-277] - Implementation of RFC 5746 * [BJA-280] - Incomplete ISO-9796-1 padding causes verification issues * [BJA-283] - In OpenPGP API, encoding and decoding is not working for a sub-key * [BJA-284] - org.bouncycastle.asn1.DERGeneralizedTim.getDate() returns incorrect date when time string carries fractional seconds * [BJA-286] - PEMWriter writeObject does not encrypt KeyPair objects when asked * [BJA-288] - -org.bouncycastle.asn1.DERGeneralizedTim.getDate() returns incorrect date when time string carries fractional seconds with 2 decimal point * [BJA-289] - error constructing MAC: java.security.NoSuchAlgorithmException * [BJA-290] - java.io.EOFException: premature end of stream in PartialInputStream * [BJA-293] - BufferedBlockCipher.doFinal() does not call reset() in the case that it throws DataLengthException. This leaves Cipher object unusable. * [BJA-300] - PSSSigner gives incorrect result when MGF digest and content digest are not the same * [BJA-302] - SignerLocation DirectoryString parsing * [BJA-304] - Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance * [BJA-305] - PEMReader class cannot read private keys generated by OpenSSL 1.0.0 * [BJA-306] - Exception encoding CMSSignedData/SignerInfo with version set to 3 * [BJA-309] - X509Name SN defaultLookup binds to SerialNumber instead of SurName * [BJA-311] - SMIMEGenerator.extractHeaders uses setHeader instead of addHeader and thus removes headers occuring multiple times * [BJA-313] - PEMReader using specific Provider problematic / useless with Sun's default Provider * [BJA-314] - Regression regarding Certificate Path Validation algorithm with CRL check enabled * [BJA-317] - Cannot open this item.Your digital id name cannot be found by the underlying security system * [BJA-319] - It is not possible to pass an IV to the init method of ISO9797Alg3Mac * [BJA-320] - Base64.decode(byte[] in) throws ArrayIndexOutOfBoundsException when bytevalue exceeds 127 * [BJA-326] - Finding a generator in DHParametersHelper
* Improvement * [BJA-189] - Change the signature of CMSEnvelopedDataStreamGenerator method: private OutputStream open(OutputStream out, String encryptionOID, KeyGenerator keyGen, Provider provider) from private to protected / public * [BJA-221] - ESSCertIDv2 update for RFC 3161 * [BJA-237] - SubjectKeyIdentifierStructure constructor throws CertificateParsingException instead of InvalidKeyException * [BJA-238] - Request to update bzip2 classes to ASL 2.0 license * [BJA-243] - Improve high-level support for PKCS#8 keys * [BJA-248] - RFE: New addSigner variants for CMSSignedDataStreamGenerator * [BJA-258] - SignerId and key usage * [BJA-261] - extra attributes required in manifest for BC jars to stop dialog boxes. * [BJA-262] - TimeStampRequest requires a provider to support RIPEMD algorithms * [BJA-263] - Failing decryption on mail from MS Outlook 2010 beta * [BJA-266] - In the j2me version J2ME lcrypto-j2me-145.tar.gz lcrypto-j2me-145.zip * [BJA-287] - Make OSGi Bundle out of the JARs * [BJA-295] - Addition of algorithms for X.509 cert and PKCS #10 request generation * [BJA-298] - Kept geting "Checksum validation failed, no checksums available from the repository" * [BJA-327] - Validate TimeStampToken by public key
* New Feature * [BJA-2] - Certificate Management Protocol (CMP) * [BJA-155] - TLS: Access to the master secret, client random, server random * [BJA-231] - TLS client side authentication * [BJA-250] - Method for generating custom TimeStampResponse failure message * [BJA-291] - Add support for EC cipher suites in TLS client (RFC 4492) * [BJA-294] - Add support for DEFLATE compression to TLS * [BJA-297] - Support for RFC 5544 - Syntax binding for documents with time stamps. * [BJA-303] - ResponderID getters * [BJA-310] - Add support for ECDSA_fixed_ECDH authentication to TLS client * [BJA-312] - Support for LDSSecurityObject V1 * [BJA-324] - Stream processing of TimeStampedData documents (TSD, RFC 5544)
* Task * [BJA-239] - TLS Record Padding
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #663136 - bouncycastle 1.45 incompatible with openssl 1.0. https://bugzilla.redhat.com/show_bug.cgi?id=663136 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update bouncycastle' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------