bouncycastle (1.80-3) unstable; urgency=medium
* Team upload.
* Backport the fix for EncryptionOperationNotPossibleException with jasypt.
(Closes: #1100227)
-- Julien Plissonneau Duquène <sre4ever@free.fr> Fri, 11 Apr 2025 14:03:01 +0000
bouncycastle (1.80-2) unstable; urgency=medium
* libbcutil-java now depends on libbcprov-java
* Added relocations for the jdk15on, jdk15to18 and jdk18on artifacts
-- Emmanuel Bourg <ebourg@apache.org> Tue, 04 Mar 2025 08:29:30 +0100
bouncycastle (1.80-1) unstable; urgency=medium
* New upstream release (Closes: #1070655, #1094311)
- Refreshed the patches
- Updated the Maven poms
* Run the Java 8+ build file instead of the Java 5+ one (Closes: #1032164)
* No longer build the javadoc
* Standards-Version updated to 4.7.2
-- Emmanuel Bourg <ebourg@apache.org> Mon, 03 Mar 2025 20:15:23 +0100
bouncycastle (1.77-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.77. (Closes: #1049356)
- Fix CVE-2023-33201: potential blind LDAP injection attack.
(Closes: #1040050)
- Fix CVE-2023-33202: potential Denial of Service (DoS) issue within
the Bouncy Castle org.bouncycastle.openssl.PEMParser class.
(Closes: #1056754)
* Update poms to version 1.77.
* Drop bouncycastle-1.72.3.patch. Fixed upstream.
* Remove backward-compatibility.patch. It is time to fix those issues
properly in our reverse-dependencies.
* Refresh the remaining patches.
-- Markus Koschany <apo@debian.org> Thu, 30 Nov 2023 13:08:45 +0100
bouncycastle (1.72-2) unstable; urgency=medium
* Applied a PGP fix from the untagged 1.72.3 release (Closes: #1026329)
* Standards-Version updated to 4.6.2
-- Emmanuel Bourg <ebourg@apache.org> Fri, 06 Jan 2023 09:45:13 +0100
bouncycastle (1.72-1) unstable; urgency=medium
* New upstream release
- Refreshed the patches
- Updated the Maven poms
- Set the default encoding to UTF-8 when building
* Removed the -java-doc packages
* Standards-Version updated to 4.6.1
* Remove constraints unnecessary since buster (oldstable)
-- Emmanuel Bourg <ebourg@apache.org> Thu, 08 Dec 2022 10:33:50 +0100
bouncycastle (1.71-1) unstable; urgency=medium
* New upstream release
- Refreshed the patches
- Made ASN1OutputStream constructor public again (private since BC 1.70)
- Made ContentInfo constructor public again (private since BC 1.70)
* Fixed the name of bctls.jar bcutil.jar in /usr/share/java
* Standards-Version updated to 4.6.0.1
-- Emmanuel Bourg <ebourg@apache.org> Tue, 03 May 2022 19:51:47 +0200
bouncycastle (1.69-1) experimental; urgency=medium
* Team upload.
* New upstream version 1.69
* Add new binary packages: libbcutil-java and libbcutil-java-doc
for the Bouncy Castle ASN.1 Extension and Utility APIs.
Add libbcjmail-java for the Bouncy Castle Jakarta S/MIME API;
upstream does not create a javadoc jar for bcjmail.
* Update debian/watch to retrieve upstream tarball from Github
* Freshen years in debian/copyright
-- tony mancill <tmancill@debian.org> Fri, 05 Nov 2021 15:34:18 -0700
bouncycastle (1.68-5) unstable; urgency=medium
[ tony mancill ]
* Team upload.
* Correct pom version in bctls (was 1.65, should be 1.68)
* debian/rules: use pkg-info.mk variable in get-orig-pom target
[ Jochen Sprickerhof ]
* Replace which by command -v
-- tony mancill <tmancill@debian.org> Thu, 04 Nov 2021 17:13:52 -0700
bouncycastle (1.68-4) unstable; urgency=medium
* Team upload.
* Upload to unstable.
* Bump Standards-Version to 4.6.0
* Mark -doc packages Multi-Arch: foreign
-- tony mancill <tmancill@debian.org> Sun, 10 Oct 2021 15:34:04 -0700
bouncycastle (1.68-3) experimental; urgency=medium
* Team upload.
* Add libbctls-java binary package (Closes: #988065)
-- tony mancill <tmancill@debian.org> Fri, 14 May 2021 08:15:20 -0700
bouncycastle (1.68-2) unstable; urgency=medium
* Team upload.
* Update poms for upstream version 1.68 (Closes: #988486)
-- tony mancill <tmancill@debian.org> Thu, 13 May 2021 19:14:07 -0700
bouncycastle (1.68-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Restored DEREnumerated, DERInteger and DERObjectIdentifier
(removed in BC 1.67)
- Made DERNull and DEROutputStream public again (private since BC 1.67)
- Restored the getValidDate() method in CertPathValidatorUtilities
(removed in BC 1.68)
-- Emmanuel Bourg <ebourg@apache.org> Tue, 19 Jan 2021 09:45:43 +0100
bouncycastle (1.65-2) unstable; urgency=medium
* Team upload
* Corrected constant time equals (CVE-2020-28052) (Closes: #977683)
Thank you to Salvatore Bonaccorso for the patch.
* Bump Standards-Version to 4.5.1
* Use https URLs in copyright, control and watch
* Use debhelper-compat 13
* Set Rules-Requires-Root: no in debian/control
-- tony mancill <tmancill@debian.org> Sun, 03 Jan 2021 18:39:32 -0800
bouncycastle (1.65-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
- Restored the DERBoolean class (removed in BC 1.63)
- Restored the getEncoded() method in ECPoint (removed in BC 1.64)
- Build depend on junit4 instead of junit
* Track and download the new releases from the upstream Git repository
* Standards-Version updated to 4.5.0
* Switch to debhelper level 12
-- Emmanuel Bourg <ebourg@apache.org> Mon, 11 May 2020 00:05:37 +0200
bouncycastle (1.61-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Standards-Version updated to 4.4.0
* Use salsa.debian.org Vcs-* URLs
* Removed Brian Thomason from the uploaders
-- Emmanuel Bourg <ebourg@apache.org> Mon, 15 Jul 2019 09:49:44 +0200
bouncycastle (1.60-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.60.
* Drop CVE-2018-1000180 patches. Fixed upstream.
* Declare compliance with Debian Policy 4.1.5.
-- Markus Koschany <apo@debian.org> Sat, 07 Jul 2018 21:05:35 +0200
bouncycastle (1.59-2) unstable; urgency=high
* Team upload.
* Fix CVE-2018-1000180.
Thanks to Salvatore Bonaccorso for the report. (Closes: #900843)
* Declare compliance with Debian Policy 4.1.4.
-- Markus Koschany <apo@debian.org> Tue, 12 Jun 2018 22:38:03 +0200
bouncycastle (1.59-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.59.
* Drop CVE-2017-13098.patch. Fixed upstream.
* Use compat level 11.
* Declare compliance with Debian Policy 4.1.3.
-- Markus Koschany <apo@debian.org> Tue, 16 Jan 2018 21:49:11 +0100
bouncycastle (1.58-1) unstable; urgency=high
* Team upload.
* New upstream version 1.58.
* Declare compliance with Debian Policy 4.1.2.
* Apply CVE-2017-13098.patch and fix CVE-2017-13098.
Thanks to Salvatore Bonaccorso for the report. (Closes: #884241)
-- Markus Koschany <apo@debian.org> Sun, 17 Dec 2017 20:32:38 +0100
bouncycastle (1.57-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Standards-Version updated to 4.0.0
* Removed the test libraries from the upstream tarball
-- Emmanuel Bourg <ebourg@apache.org> Tue, 27 Jun 2017 15:56:28 +0200
bouncycastle (1.56-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Build with the DH sequencer instead of CDBS
* Switch to debhelper level 10
-- Emmanuel Bourg <ebourg@apache.org> Fri, 06 Jan 2017 17:34:39 +0100
bouncycastle (1.55-2) unstable; urgency=medium
* Team upload.
* Refresh POMs with debian/rules get-orig-pom target so versioned paths
reflect the current version the current version. (Closes: #845291)
-- tony mancill <tmancill@debian.org> Wed, 23 Nov 2016 12:46:41 -0800
bouncycastle (1.55-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
-- Emmanuel Bourg <ebourg@apache.org> Fri, 09 Sep 2016 23:14:59 +0200
bouncycastle (1.54-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Refreshed the patches
- Restored the getObjectId() method in AlgorithmIdentifier
to preserve the backward compatibility.
- libbcprov-java 1.54 breaks libcanl-java << 2.3.0~
* Standards-Version updated to 3.9.8 (no changes)
* Use a secure Vcs-Git URL
-- Emmanuel Bourg <ebourg@apache.org> Thu, 28 Apr 2016 23:59:53 +0200
bouncycastle (1.51-4) unstable; urgency=medium
* Team upload.
* Switch back from gnumail to libmail-java.
-- Markus Koschany <apo@debian.org> Fri, 11 Dec 2015 17:43:42 +0100
bouncycastle (1.51-3) unstable; urgency=medium
* Team upload.
* No change rebuild with original sources included.
-- Markus Koschany <apo@debian.org> Sun, 06 Dec 2015 02:49:15 +0100
bouncycastle (1.51-2) unstable; urgency=medium
* Team upload.
* Upload to unstable. (Closes: #799007)
* The new upstream release 1.51 fixes CVE-2015-7940. (Closes: #802671)
* Declare compliance with Debian Policy 3.9.6.
* Vcs-Browser: Use https.
* Add fix-encoding.patch.
This prevents an error when creating javadoc which would otherwise lead to
empty -doc packages. Drop 01_build.patch because it once tried to
accomplish the same but it is obsolete now.
Thanks to dean for the report. (Closes: #798343)
-- Markus Koschany <apo@debian.org> Sun, 06 Dec 2015 00:34:19 +0100
bouncycastle (1.49+dfsg-3) unstable; urgency=medium
* Replaced the dependency on libgnumail-java with libmail-java
* Standards-Version updated to 3.9.6 (no changes)
* Switch to debhelper level 9
* Use XZ compression for the upstream tarball
* Moved the package to Git
-- Emmanuel Bourg <ebourg@apache.org> Wed, 22 Oct 2014 13:41:01 +0200
bouncycastle (1.51-1) experimental; urgency=medium
* New upstream release
- Refreshed the patches
- Updated the Maven poms
* Standards-Version updated to 3.9.5 (no changes)
* Switch to debhelper level 9
* Use XZ compression for the upstream tarball
-- Emmanuel Bourg <ebourg@apache.org> Thu, 07 Aug 2014 14:07:58 +0200
bouncycastle (1.49+dfsg-2) unstable; urgency=low
* Upload to unstable
* debian/control: Specified the packages broken by this version.
This completes the transition to Bouncy Castle >= 1.47 (Closes: #687694)
-- Emmanuel Bourg <ebourg@apache.org> Mon, 09 Sep 2013 10:41:55 +0200
bouncycastle (1.49+dfsg-1) experimental; urgency=low
* New upstream release
* Updated the Maven poms
* Use canonical URLs in the Vcs-* fields
* Added the missing dependencies between the packages:
- libbcpkix-java depends on libbcprov-java
- libbcpg-java depends on libbcprov-java
- libbcmail-java depends on libbcprov-java and libbcpkix-java
* Added the Classpath attribute in the manifests
* Added the upstream changelog
* Removed the -gcj packages
* debian/orig-tar.sh: Exclude Eclipse project file
* debian/orig-tar.sh: Exclude the prebuilt CLDC classes
* debian/rules:
- Use the CDBS Ant class
- Updated the download URL for the poms
- Use uppercase names for the constants
- Removed the duplicate constants
* debian/copyright: Updated to follow the Copyright Format 1.0
* The documentation is now registered with doc-base
* Moved the documentation in the libbcprov-java-doc package
* Improved the description of the documentation packages
* Removed the debian/*.dirs files
-- Emmanuel Bourg <ebourg@apache.org> Mon, 15 Jul 2013 19:26:52 +0200
bouncycastle (1.48+dfsg-2) unstable; urgency=low
* Removed the dependency on the Activation Framework (libgnujaf-java)
* Enabled the hardening for the -gcj packages
* Upload to unstable
-- Emmanuel Bourg <ebourg@apache.org> Fri, 17 May 2013 00:10:32 +0200
bouncycastle (1.48+dfsg-1) experimental; urgency=low
* Team upload.
* New upstream release (Closes: #701698)
- Fixes the Lucky 13 attack on CBC-mode encryption in TLS
CVE-2013-0169, CVE-2013-1624 (Closes: #699885)
* Added the bcpkix packages (Closes: #675819)
* Removed the bctsp packages (the TSP API is now included in bcpkix)
* Updated Standards-Version to 3.9.4: no changes needed.
* Removed the DMUA flag
* Refreshed the patches
* Removed "Suggests: java-virtual-machine" on the libbcpg-java-gcj package
-- Emmanuel Bourg <ebourg@apache.org> Fri, 29 Mar 2013 12:52:23 +0100
bouncycastle (1.46+dfsg-7) unstable; urgency=low
* Team upload.
* Updated Standards-Version to 3.9.3: no changes needed.
* As per Java Policy, remove "Depends: default-jre | java2-runtime"
and "Suggests: java-virtual-machine" from library packages:
only programs need explicit depends on runtime.
* Force a Build-Depends on default-jdk (>= 1:1.6) to indicate that this
package needs some classes (like java.security.spec.ECFieldF2m) which
are not available in GCJ classpath (Closes: #678904).
* Remove Build-Depends on quilt and debian/README.source file
since we already use quilt (3.0) source format.
-- Damien Raude-Morvan <drazzib@debian.org> Sat, 18 Aug 2012 12:04:18 +0200
bouncycastle (1.46+dfsg-6) unstable; urgency=low
* Now building for Java 1.5 rather than 1.6 (Closes: #678904)
-- Brian Thomason <brian.thomason@eucalyptus.com> Wed, 01 Aug 2012 16:32:19 +0000
bouncycastle (1.46+dfsg-5) unstable; urgency=low
* Compile using jdk16.xml rather than jdk14.xml as the latter exludes classes
* Pass unicode flag to javac targets as comments in the files prevent them from
being compiled as ASCII
-- Brian Thomason <brian.thomason@eucalyptus.com> Tue, 22 May 2012 15:23:21 +0000
bouncycastle (1.46+dfsg-4) unstable; urgency=low
* Disabled optimizations on sparc (Closes: #652117)
-- Brian Thomason <brian.thomason@eucalyptus.com> Tue, 03 Apr 2012 22:00:48 +0000
bouncycastle (1.46+dfsg-3) unstable; urgency=low
* Disabled tests as they will fail as a known issue of the security certs
having expired. Upstream has been informed and should fix for the next
upstream release. This should fix the building of bouncycastle on certain
platforms that were previously failing.
-- Brian Thomason <brian.thomason@eucalyptus.com> Mon, 12 Mar 2012 16:14:47 -0400
bouncycastle (1.46+dfsg-2) unstable; urgency=low
[ by sponsor Steffen Moeller ]
* Transition from experimental to unstable.
* Removal of Michael from uploaders (Closes: #653997).
* Added DMUA for Brian
-- Brian Thomason <brian.thomason@eucalyptus.com> Sat, 04 Feb 2012 19:19:27 +0100
bouncycastle (1.46+dfsg-1) experimental; urgency=low
[ by sponsor Steffen Moeller ]
* Merging Ubuntu changes with what is in pkg-java
* Removing Michael Koch from uploaders, adding Brian
-- Brian Thomason <brian.thomason@eucalyptus.com> Tue, 10 Jan 2012 13:15:54 +0100
bouncycastle (1.46+dfsg-0ubuntu1) precise; urgency=low
* New upstream release
* Updated Standards-Version to 3.9.2
* Changed source format to 3.0 (quilt)
* Changed Section to Java
-- Brian Thomason <brian.thomason@eucalyptus.com> Tue, 06 Dec 2011 20:53:23 +0000
bouncycastle (1.44+dfsg-2ubuntu2) oneiric; urgency=low
* Deployment of Maven artifacts:
- debian/rules: retrieve source POM's and install
- debian/control: Build-depend on maven-repo-helper
- debian/poms/*: versioned POM's from repo1.maven.org
- debian/lib[bcprov|bcmail|bcpg|bctsp].poms; POM lists
for deployment to maven-repo
- debian/maven.rules: Transform rules for POM deployment
-- James Page <james.page@ubuntu.com> Wed, 29 Jun 2011 16:36:43 +0100
bouncycastle (1.44+dfsg-3) unstable; urgency=low
* Team upload.
[Niels Thykier]
* Changed the section of the gcj packages to java.
* Replaced B-D on default-jdk-builddep with gcj-native-helper
and default-jdk.
[tony mancill]
* Apply patch to deploy maven artifacts. (Closes: #632183)
Thanks to James Page.
* All Recommends on *-gcj packages downgraded to Suggests.
(Closes: #585062)
* Bumped Standards-Versions 3.9.2 - no changes required.
-- tony mancill <tmancill@debian.org> Sun, 10 Jul 2011 16:27:31 -0700
bouncycastle (1.44+dfsg-2ubuntu1) maverick; urgency=low
* Merge from debian. Remaining changes:
- debian/rules: Enable test suite
- debian/control: Build-depend on ant-optional (needed for test suite)
- debian/control: Only suggest libbcprov-java-gcj on selected
architectures, build libbcprov-java architecture "any" to have it work
-- Thierry Carrez <thierry.carrez@ubuntu.com> Thu, 03 Jun 2010 15:51:05 +0200
bouncycastle (1.44+dfsg-2) unstable; urgency=low
[ Thierry Carrez ]
* debian/control: depend on java2-runtime-headless instead of java2-runtime
[ Torsten Werner ]
* Remove Charles from Uploaders list. (Closes: #569476)
-- Torsten Werner <twerner@debian.org> Thu, 11 Feb 2010 22:13:38 +0100
bouncycastle (1.44+dfsg-1) unstable; urgency=low
* Upload as new upstream release.
* Add debian/orig-tar.sh script and use it in watch file.
This now removes the RFCs comming with the upstream tarball.
(Closes: #554456)
-- Michael Koch <konqueror@gmx.de> Thu, 05 Nov 2009 08:16:03 +0100
bouncycastle (1.44-1) unstable; urgency=low
* New upstream release.
-- Michael Koch <konqueror@gmx.de> Sun, 25 Oct 2009 21:04:40 +0100
bouncycastle (1.43-1) unstable; urgency=low
[ Dominik Smatana ]
* Fixed broken debian/watch
[ Michael Koch ]
* New upstream version.
* Build-Depends on debhelper >= 7.
* Let all packages Depends on ${misc:Depends}.
* Move all -java packages to section 'java'.
* Replaces java-gcj-compat with default-jre-headless.
* Added debian/README.source.
* Updated Standards-Version to 3.8.3.
-- Michael Koch <konqueror@gmx.de> Tue, 22 Sep 2009 08:23:30 +0200
bouncycastle (1.39-2) unstable; urgency=low
* Build-Depends on default-jdk-builddep. Closes: #477847
-- Michael Koch <konqueror@gmx.de> Wed, 30 Apr 2008 04:35:02 -0100
bouncycastle (1.39-1) unstable; urgency=low
* New upstream release.
* Fixed watch file to match upstream version correctly.
* Removed '-1' part in Build-Depends.
-- Michael Koch <konqueror@gmx.de> Sat, 12 Apr 2008 13:49:12 +0200
bouncycastle (1.38-1) unstable; urgency=low
* New upstream release.
* Updated Standards-Version to 3.7.3.
* Added Homepage, Vcs-Svn and Vcs-Browser fields.
-- Michael Koch <konqueror@gmx.de> Sat, 29 Dec 2007 17:03:04 +0100
bouncycastle (1.37-2) unstable; urgency=low
* Fix dependency of targets to make it possible to build arch:dep packages
only. Closes: #440669.
-- Michael Koch <konqueror@gmx.de> Mon, 15 Oct 2007 20:26:02 +0200
bouncycastle (1.37-1) unstable; urgency=low
* New upstream release. Closes: #430560, #430562.
* Replaced ${Source-Version} bei ${source:Version}
* Added myself to Uploaders.
-- Michael Koch <konqueror@gmx.de> Sun, 15 Jul 2007 19:22:07 +0200
bouncycastle (1.33-4) unstable; urgency=low
* Rebuild the database of security providers in the postrm,
not in the prerm.
-- Matthias Klose <doko@debian.org> Sat, 10 Feb 2007 12:02:19 +0100
bouncycastle (1.33-3) unstable; urgency=low
* Merge from Ubuntu:
- Build -gcj packages.
- Install the docs in an api subdir (not apidoc).
-- Matthias Klose <doko@debian.org> Wed, 3 Jan 2007 14:29:42 +0100
bouncycastle (1.33-2.1) unstable; urgency=medium
* NMU
* Register org.bouncycastle.jce.provider.BouncyCastleProvider
as security provider for classpath based runtimes.
* Install bcprov.jar in /usr/share/java/gcj-endorsed as well.
* Closes: #394680.
-- Matthias Klose <doko@debian.org> Sun, 22 Oct 2006 14:57:44 +0000
bouncycastle (1.33-2) unstable; urgency=low
* Move clean target dependencies to Build-Depends
* Make pkg-java-maintainers the primary maintainer
* Update to standards version 3.7.2
-- Charles Fry <cfry@debian.org> Wed, 5 Jul 2006 12:32:16 -0400
bouncycastle (1.33-1) unstable; urgency=low
* New upstream release
* Generate bcmail, bctsp, and bcpg in addition to bcprov
-- Charles Fry <debian@frogcircus.org> Mon, 8 May 2006 11:46:32 -0400
bouncycastle (1.32-1) unstable; urgency=low
* New upstream release
* Add build dependencies on ant, use java-gcj-compat-dev (thanks to Matthias
Klose <doko@ubuntu.com>)
-- Charles Fry <debian@frogcircus.org> Thu, 20 Apr 2006 22:15:18 -0400
bouncycastle (1.30-1) unstable; urgency=low
* Initial release (Closes: #234048)
-- Charles Fry <debian@frogcircus.org> Mon, 19 Sep 2005 08:02:36 -0400