Change log for bouncycastle package in Debian
| 1 → 50 of 50 results | First • Previous • Next • Last |
bouncycastle (1.77-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.77. (Closes: #1049356)
- Fix CVE-2023-33201: potential blind LDAP injection attack.
(Closes: #1040050)
- Fix CVE-2023-33202: potential Denial of Service (DoS) issue within
the Bouncy Castle org.bouncycastle.openssl.PEMParser class.
(Closes: #1056754)
* Update poms to version 1.77.
* Drop bouncycastle-1.72.3.patch. Fixed upstream.
* Remove backward-compatibility.patch. It is time to fix those issues
properly in our reverse-dependencies.
* Refresh the remaining patches.
-- Markus Koschany <email address hidden> Thu, 30 Nov 2023 13:08:45 +0100
Available diffs
- diff from 1.72-2 to 1.77-1 (5.3 MiB)
bouncycastle (1.72-2) unstable; urgency=medium * Applied a PGP fix from the untagged 1.72.3 release (Closes: #1026329) * Standards-Version updated to 4.6.2 -- Emmanuel Bourg <email address hidden> Fri, 06 Jan 2023 09:45:13 +0100
Available diffs
- diff from 1.71-1 to 1.72-2 (6.6 MiB)
- diff from 1.72-1 to 1.72-2 (1.1 KiB)
bouncycastle (1.72-1) unstable; urgency=medium
* New upstream release
- Refreshed the patches
- Updated the Maven poms
- Set the default encoding to UTF-8 when building
* Removed the -java-doc packages
* Standards-Version updated to 4.6.1
* Remove constraints unnecessary since buster (oldstable)
-- Emmanuel Bourg <email address hidden> Thu, 08 Dec 2022 10:33:50 +0100
bouncycastle (1.71-1) unstable; urgency=medium
* New upstream release
- Refreshed the patches
- Made ASN1OutputStream constructor public again (private since BC 1.70)
- Made ContentInfo constructor public again (private since BC 1.70)
* Fixed the name of bctls.jar bcutil.jar in /usr/share/java
* Standards-Version updated to 4.6.0.1
-- Emmanuel Bourg <email address hidden> Tue, 03 May 2022 19:51:47 +0200
Available diffs
- diff from 1.68-5 to 1.71-1 (1.7 MiB)
| Deleted in experimental-release (Reason: None provided.) |
bouncycastle (1.69-1) experimental; urgency=medium
* Team upload.
* New upstream version 1.69
* Add new binary packages: libbcutil-java and libbcutil-java-doc
for the Bouncy Castle ASN.1 Extension and Utility APIs.
Add libbcjmail-java for the Bouncy Castle Jakarta S/MIME API;
upstream does not create a javadoc jar for bcjmail.
* Update debian/watch to retrieve upstream tarball from Github
* Freshen years in debian/copyright
-- tony mancill <email address hidden> Fri, 05 Nov 2021 15:34:18 -0700
bouncycastle (1.68-5) unstable; urgency=medium [ tony mancill ] * Team upload. * Correct pom version in bctls (was 1.65, should be 1.68) * debian/rules: use pkg-info.mk variable in get-orig-pom target [ Jochen Sprickerhof ] * Replace which by command -v -- tony mancill <email address hidden> Thu, 04 Nov 2021 17:13:52 -0700
Available diffs
- diff from 1.68-4 to 1.68-5 (1.2 KiB)
bouncycastle (1.68-4) unstable; urgency=medium * Team upload. * Upload to unstable. * Bump Standards-Version to 4.6.0 * Mark -doc packages Multi-Arch: foreign -- tony mancill <email address hidden> Sun, 10 Oct 2021 15:34:04 -0700
Available diffs
- diff from 1.68-2 to 1.68-4 (2.0 KiB)
| Deleted in experimental-release (Reason: None provided.) |
bouncycastle (1.68-3) experimental; urgency=medium * Team upload. * Add libbctls-java binary package (Closes: #988065) -- tony mancill <email address hidden> Fri, 14 May 2021 08:15:20 -0700
bouncycastle (1.68-2) unstable; urgency=medium * Team upload. * Update poms for upstream version 1.68 (Closes: #988486) -- tony mancill <email address hidden> Thu, 13 May 2021 19:14:07 -0700
Available diffs
- diff from 1.68-1 to 1.68-2 (1.0 KiB)
bouncycastle (1.68-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Restored DEREnumerated, DERInteger and DERObjectIdentifier
(removed in BC 1.67)
- Made DERNull and DEROutputStream public again (private since BC 1.67)
- Restored the getValidDate() method in CertPathValidatorUtilities
(removed in BC 1.68)
-- Emmanuel Bourg <email address hidden> Tue, 19 Jan 2021 09:45:43 +0100
Available diffs
- diff from 1.65-1 to 1.68-1 (825.1 KiB)
- diff from 1.65-2 to 1.68-1 (825.2 KiB)
bouncycastle (1.65-2) unstable; urgency=medium
* Team upload
* Corrected constant time equals (CVE-2020-28052) (Closes: #977683)
Thank you to Salvatore Bonaccorso for the patch.
* Bump Standards-Version to 4.5.1
* Use https URLs in copyright, control and watch
* Use debhelper-compat 13
* Set Rules-Requires-Root: no in debian/control
-- tony mancill <email address hidden> Sun, 03 Jan 2021 18:39:32 -0800
bouncycastle (1.65-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
- Restored the DERBoolean class (removed in BC 1.63)
- Restored the getEncoded() method in ECPoint (removed in BC 1.64)
- Build depend on junit4 instead of junit
* Track and download the new releases from the upstream Git repository
* Standards-Version updated to 4.5.0
* Switch to debhelper level 12
-- Emmanuel Bourg <email address hidden> Mon, 11 May 2020 00:05:37 +0200
Available diffs
- diff from 1.61-1 to 1.65-1 (10.1 MiB)
bouncycastle (1.61-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Standards-Version updated to 4.4.0
* Use salsa.debian.org Vcs-* URLs
* Removed Brian Thomason from the uploaders
-- Emmanuel Bourg <email address hidden> Mon, 15 Jul 2019 09:49:44 +0200
Available diffs
- diff from 1.60-1 to 1.61-1 (938.2 KiB)
| Published in stretch-release |
bouncycastle (1.56-1+deb9u2) stretch-security; urgency=high * Team upload. * Fix CVE-2018-1000180. (Closes: #900843) -- Markus Koschany <email address hidden> Wed, 13 Jun 2018 00:25:10 +0200
bouncycastle (1.60-1) unstable; urgency=medium * Team upload. * New upstream version 1.60. * Drop CVE-2018-1000180 patches. Fixed upstream. * Declare compliance with Debian Policy 4.1.5. -- Markus Koschany <email address hidden> Sat, 07 Jul 2018 21:05:35 +0200
Available diffs
- diff from 1.59-2 to 1.60-1 (1.0 MiB)
bouncycastle (1.59-2) unstable; urgency=high
* Team upload.
* Fix CVE-2018-1000180.
Thanks to Salvatore Bonaccorso for the report. (Closes: #900843)
* Declare compliance with Debian Policy 4.1.4.
-- Markus Koschany <email address hidden> Tue, 12 Jun 2018 22:38:03 +0200
Available diffs
- diff from 1.59-1 to 1.59-2 (1.6 KiB)
| Superseded in stretch-release |
bouncycastle (1.56-1+deb9u1) stretch-security; urgency=medium * CVE-2017-13098 -- Moritz Mühlenhoff <email address hidden> Tue, 12 Dec 2017 23:45:55 +0100
bouncycastle (1.59-1) unstable; urgency=medium * Team upload. * New upstream version 1.59. * Drop CVE-2017-13098.patch. Fixed upstream. * Use compat level 11. * Declare compliance with Debian Policy 4.1.3. -- Markus Koschany <email address hidden> Tue, 16 Jan 2018 21:49:11 +0100
Available diffs
- diff from 1.58-1 to 1.59-1 (282.4 KiB)
bouncycastle (1.58-1) unstable; urgency=high
* Team upload.
* New upstream version 1.58.
* Declare compliance with Debian Policy 4.1.2.
* Apply CVE-2017-13098.patch and fix CVE-2017-13098.
Thanks to Salvatore Bonaccorso for the report. (Closes: #884241)
-- Markus Koschany <email address hidden> Sun, 17 Dec 2017 20:32:38 +0100
Available diffs
- diff from 1.57-1 to 1.58-1 (1.6 MiB)
bouncycastle (1.57-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Standards-Version updated to 4.0.0
* Removed the test libraries from the upstream tarball
-- Emmanuel Bourg <email address hidden> Tue, 27 Jun 2017 15:56:28 +0200
Available diffs
- diff from 1.56-1 to 1.57-1 (11.7 MiB)
| Published in jessie-release |
bouncycastle (1.49+dfsg-3+deb8u2) jessie-security; urgency=high
* Team upload.
* Fix CVE-2015-6644:
An information disclosure vulnerability was discovered in Bouncy Castle, a
Java library which consists of various cryptographic algorithms. The
Galois/Counter mode (GCM) implementation was missing a boundary check that
could enable a local application to gain access to user's private
information.
-- Markus Koschany <email address hidden> Mon, 10 Apr 2017 20:44:53 +0200
bouncycastle (1.56-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Build with the DH sequencer instead of CDBS
* Switch to debhelper level 10
-- Emmanuel Bourg <email address hidden> Fri, 06 Jan 2017 17:34:39 +0100
Available diffs
- diff from 1.55-2 to 1.56-1 (436.5 KiB)
bouncycastle (1.55-2) unstable; urgency=medium
* Team upload.
* Refresh POMs with debian/rules get-orig-pom target so versioned paths
reflect the current version the current version. (Closes: #845291)
-- tony mancill <email address hidden> Wed, 23 Nov 2016 12:46:41 -0800
Available diffs
bouncycastle (1.55-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
-- Emmanuel Bourg <email address hidden> Fri, 09 Sep 2016 23:14:59 +0200
Available diffs
- diff from 1.54-1ubuntu1 (in Ubuntu) to 1.55-1 (546.5 KiB)
bouncycastle (1.54-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Restored the getObjectId() method in AlgorithmIdentifier
to preserve the backward compatibility.
- libbcprov-java 1.54 breaks libcanl-java << 2.3.0~
* Standards-Version updated to 3.9.8 (no changes)
* Use a secure Vcs-Git URL
-- Emmanuel Bourg <email address hidden> Thu, 28 Apr 2016 23:59:53 +0200
| Published in wheezy-release |
bouncycastle (1.44+dfsg-3.1+deb7u1) wheezy-security; urgency=high
* Team upload.
* CVE-2015-7940: fix invalid curve attack as described in
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
Thanks to Peter Dettman and Raphaël Hertzog for the patches.
(Closes: #802671)
-- Markus Koschany <email address hidden> Sun, 13 Dec 2015 22:38:29 +0100
| Superseded in jessie-release |
bouncycastle (1.49+dfsg-3+deb8u1) jessie-security; urgency=high
* Team upload.
* CVE-2015-7940: fix invalid curve attack as described in
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
(Closes: #802671)
-- Markus Koschany <email address hidden> Sun, 13 Dec 2015 22:16:20 +0100
bouncycastle (1.51-4) unstable; urgency=medium * Team upload. * Switch back from gnumail to libmail-java. -- Markus Koschany <email address hidden> Fri, 11 Dec 2015 17:43:42 +0100
bouncycastle (1.51-3) unstable; urgency=medium * Team upload. * No change rebuild with original sources included. -- Markus Koschany <email address hidden> Sun, 06 Dec 2015 02:49:15 +0100
bouncycastle (1.51-2) unstable; urgency=medium
* Team upload.
* Upload to unstable. (Closes: #799007)
* The new upstream release 1.51 fixes CVE-2015-7940. (Closes: #802671)
* Declare compliance with Debian Policy 3.9.6.
* Vcs-Browser: Use https.
* Add fix-encoding.patch.
This prevents an error when creating javadoc which would otherwise lead to
empty -doc packages. Drop 01_build.patch because it once tried to
accomplish the same but it is obsolete now.
Thanks to dean for the report. (Closes: #798343)
-- Markus Koschany <email address hidden> Sun, 06 Dec 2015 00:34:19 +0100
| Superseded in stretch-release |
| Superseded in experimental-release |
| Superseded in jessie-release |
| Superseded in sid-release |
bouncycastle (1.49+dfsg-3) unstable; urgency=medium * Replaced the dependency on libgnumail-java with libmail-java * Standards-Version updated to 3.9.6 (no changes) * Switch to debhelper level 9 * Use XZ compression for the upstream tarball * Moved the package to Git -- Emmanuel Bourg <email address hidden> Wed, 22 Oct 2014 13:41:01 +0200
| Deleted in experimental-release (Reason: None provided.) |
bouncycastle (1.51-1) experimental; urgency=medium
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Standards-Version updated to 3.9.5 (no changes)
* Switch to debhelper level 9
* Use XZ compression for the upstream tarball
-- Emmanuel Bourg <email address hidden> Thu, 07 Aug 2014 14:07:58 +0200
bouncycastle (1.49+dfsg-2) unstable; urgency=low
* Upload to unstable
* debian/control: Specified the packages broken by this version.
This completes the transition to Bouncy Castle >= 1.47 (Closes: #687694)
-- Emmanuel Bourg <email address hidden> Mon, 09 Sep 2013 10:41:55 +0200
Available diffs
- diff from 1.48+dfsg-2 to 1.49+dfsg-2 (687.9 KiB)
| Deleted in experimental-release (Reason: None provided.) |
bouncycastle (1.49+dfsg-1) experimental; urgency=low
* New upstream release
* Updated the Maven poms
* Use canonical URLs in the Vcs-* fields
* Added the missing dependencies between the packages:
- libbcpkix-java depends on libbcprov-java
- libbcpg-java depends on libbcprov-java
- libbcmail-java depends on libbcprov-java and libbcpkix-java
* Added the Classpath attribute in the manifests
* Added the upstream changelog
* Removed the -gcj packages
* debian/orig-tar.sh: Exclude Eclipse project file
* debian/orig-tar.sh: Exclude the prebuilt CLDC classes
* debian/rules:
- Use the CDBS Ant class
- Updated the download URL for the poms
- Use uppercase names for the constants
- Removed the duplicate constants
* debian/copyright: Updated to follow the Copyright Format 1.0
* The documentation is now registered with doc-base
* Moved the documentation in the libbcprov-java-doc package
* Improved the description of the documentation packages
* Removed the debian/*.dirs files
-- Emmanuel Bourg <email address hidden> Mon, 15 Jul 2013 19:26:52 +0200
| Superseded in sid-release |
bouncycastle (1.48+dfsg-2) unstable; urgency=low * Removed the dependency on the Activation Framework (libgnujaf-java) * Enabled the hardening for the -gcj packages * Upload to unstable -- Emmanuel Bourg <email address hidden> Fri, 17 May 2013 00:10:32 +0200
Available diffs
- diff from 1.46+dfsg-7 to 1.48+dfsg-2 (2.8 MiB)
| Deleted in experimental-release (Reason: None provided.) |
bouncycastle (1.48+dfsg-1) experimental; urgency=low
* Team upload.
* New upstream release (Closes: #701698)
- Fixes the Lucky 13 attack on CBC-mode encryption in TLS
CVE-2013-0169, CVE-2013-1624 (Closes: #699885)
* Added the bcpkix packages (Closes: #675819)
* Removed the bctsp packages (the TSP API is now included in bcpkix)
* Updated Standards-Version to 3.9.4: no changes needed.
* Removed the DMUA flag
* Refreshed the patches
* Removed "Suggests: java-virtual-machine" on the libbcpg-java-gcj package
-- Emmanuel Bourg <email address hidden> Fri, 29 Mar 2013 12:52:23 +0100
bouncycastle (1.44+dfsg-3.1) testing; urgency=low
* Target upload for testing to enable maven artifacts and fix up
FTBFS in a number of other rbd's.
-- James Page <email address hidden> Wed, 15 Aug 2012 08:59:20 +0100
| Superseded in sid-release |
bouncycastle (1.46+dfsg-7) unstable; urgency=low
* Team upload.
* Updated Standards-Version to 3.9.3: no changes needed.
* As per Java Policy, remove "Depends: default-jre | java2-runtime"
and "Suggests: java-virtual-machine" from library packages:
only programs need explicit depends on runtime.
* Force a Build-Depends on default-jdk (>= 1:1.6) to indicate that this
package needs some classes (like java.security.spec.ECFieldF2m) which
are not available in GCJ classpath (Closes: #678904).
* Remove Build-Depends on quilt and debian/README.source file
since we already use quilt (3.0) source format.
-- Damien Raude-Morvan <email address hidden> Sat, 18 Aug 2012 12:04:18 +0200
Available diffs
- diff from 1.46+dfsg-5 to 1.46+dfsg-7 (2.8 KiB)
| Superseded in sid-release |
bouncycastle (1.46+dfsg-6) unstable; urgency=low * Now building for Java 1.5 rather than 1.6 (Closes: #678904) -- Brian Thomason <email address hidden> Wed, 01 Aug 2012 16:32:19 +0000
| Superseded in sid-release |
bouncycastle (1.46+dfsg-5) unstable; urgency=low
* Compile using jdk16.xml rather than jdk14.xml as the latter exludes classes
* Pass unicode flag to javac targets as comments in the files prevent them from
being compiled as ASCII
-- Brian Thomason <email address hidden> Tue, 22 May 2012 15:23:21 +0000
Available diffs
- diff from 1.46+dfsg-4 to 1.46+dfsg-5 (2.0 KiB)
| Superseded in sid-release |
bouncycastle (1.46+dfsg-4) unstable; urgency=low * Disabled optimizations on sparc (Closes: #652117) -- Brian Thomason <email address hidden> Tue, 03 Apr 2012 22:00:48 +0000
Available diffs
- diff from 1.46+dfsg-2 to 1.46+dfsg-4 (877 bytes)
| Superseded in sid-release |
bouncycastle (1.46+dfsg-3) unstable; urgency=low
* Disabled tests as they will fail as a known issue of the security certs
having expired. Upstream has been informed and should fix for the next
upstream release. This should fix the building of bouncycastle on certain
platforms that were previously failing.
-- Brian Thomason <email address hidden> Mon, 12 Mar 2012 16:14:47 -0400
| Superseded in sid-release |
bouncycastle (1.46+dfsg-2) unstable; urgency=low [ by sponsor Steffen Moeller ] * Transition from experimental to unstable. * Removal of Michael from uploaders (Closes: #653997). * Added DMUA for Brian -- Brian Thomason <email address hidden> Sat, 04 Feb 2012 19:19:27 +0100
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
bouncycastle (1.46+dfsg-1) experimental; urgency=low [ by sponsor Steffen Moeller ] * Merging Ubuntu changes with what is in pkg-java * Removing Michael Koch from uploaders, adding Brian -- Brian Thomason <email address hidden> Tue, 10 Jan 2012 13:15:54 +0100
| Superseded in sid-release |
bouncycastle (1.44+dfsg-3) unstable; urgency=low * Team upload. [Niels Thykier] * Changed the section of the gcj packages to java. * Replaced B-D on default-jdk-builddep with gcj-native-helper and default-jdk. [tony mancill] * Apply patch to deploy maven artifacts. (Closes: #632183) Thanks to James Page. * All Recommends on *-gcj packages downgraded to Suggests. (Closes: #585062) * Bumped Standards-Versions 3.9.2 - no changes required. -- tony mancill <email address hidden> Sun, 10 Jul 2011 16:27:31 -0700
bouncycastle (1.44+dfsg-2) unstable; urgency=low [ Thierry Carrez ] * debian/control: depend on java2-runtime-headless instead of java2-runtime [ Torsten Werner ] * Remove Charles from Uploaders list. (Closes: #569476) -- Torsten Werner <email address hidden> Thu, 11 Feb 2010 22:13:38 +0100
bouncycastle (1.44+dfsg-1) unstable; urgency=low
* Upload as new upstream release.
* Add debian/orig-tar.sh script and use it in watch file.
This now removes the RFCs comming with the upstream tarball.
(Closes: #554456)
-- Michael Koch <email address hidden> Thu, 05 Nov 2009 08:16:03 +0100
bouncycastle (1.44-1) unstable; urgency=low * New upstream release. -- Michael Koch <email address hidden> Sun, 25 Oct 2009 21:04:40 +0100
bouncycastle (1.43-1) unstable; urgency=low
[ Dominik Smatana ]
* Fixed broken debian/watch
[ Michael Koch ]
* New upstream version.
* Build-Depends on debhelper >= 7.
* Let all packages Depends on ${misc:Depends}.
* Move all -java packages to section 'java'.
* Replaces java-gcj-compat with default-jre-headless.
* Added debian/README.source.
* Updated Standards-Version to 3.8.3.
-- Michael Koch <email address hidden> Tue, 22 Sep 2009 08:23:30 +0200
bouncycastle (1.39-2) unstable; urgency=low * Build-Depends on default-jdk-builddep. Closes: #477847 -- Michael Koch <email address hidden> Wed, 30 Apr 2008 04:35:02 -0100
| 1 → 50 of 50 results | First • Previous • Next • Last |
