import java-1.8.0-openjdk-1.8.0.362.b08-3.el8
This commit is contained in:
parent
30e53b70b2
commit
1f775fe62e
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u345-b01-4curve.tar.xz
|
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
|
||||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
d02d3af23d61532c9695fb83f73126ab0b82f5d1 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u345-b01-4curve.tar.xz
|
71e5a111b66d7a8e4234d35117e0fd663d39f9ce SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
|
||||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||||
|
357
SOURCES/NEWS
357
SOURCES/NEWS
@ -3,6 +3,359 @@ Key:
|
|||||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||||
|
|
||||||
|
New in release OpenJDK 8u362 (2023-01-17):
|
||||||
|
===========================================
|
||||||
|
Live versions of these release notes can be found at:
|
||||||
|
* https://bit.ly/openjdk8u362
|
||||||
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u362.html
|
||||||
|
|
||||||
|
* CVEs
|
||||||
|
- CVE-2023-21830
|
||||||
|
- CVE-2023-21843
|
||||||
|
* Security fixes
|
||||||
|
- JDK-8285021: Improve CORBA communication
|
||||||
|
- JDK-8286496: Improve Thread labels
|
||||||
|
- JDK-8288516: Enhance font creation
|
||||||
|
- JDK-8289350: Better media supports
|
||||||
|
- JDK-8293554: Enhanced DH Key Exchanges
|
||||||
|
- JDK-8293598: Enhance InetAddress address handling
|
||||||
|
- JDK-8293717: Objective view of ObjectView
|
||||||
|
- JDK-8293734: Improve BMP image handling
|
||||||
|
- JDK-8293742: Better Banking of Sounds
|
||||||
|
- JDK-8295687: Better BMP bounds
|
||||||
|
* Other changes
|
||||||
|
- JDK-6885993: Named Thread: introduce print() and print_on(outputStream* st) methods
|
||||||
|
- JDK-7124218: [TEST_BUG] [macosx] Space should select cell in the JTable
|
||||||
|
- JDK-8054066: com/sun/jdi/DoubleAgentTest.java fails with timeout
|
||||||
|
- JDK-8067941: [TESTBUG] Fix tests for OS with 64K page size.
|
||||||
|
- JDK-8071530: Update OS detection code to reflect Windows 10 version change
|
||||||
|
- JDK-8073464: GC workers do not have thread names
|
||||||
|
- JDK-8079255: [TEST_BUG] [macosx] Test closed/java/awt/Robot/RobotWheelTest/RobotWheelTest fails for Mac only
|
||||||
|
- JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails
|
||||||
|
- JDK-8148005: One byte may be corrupted by get_datetime_string()
|
||||||
|
- JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
|
||||||
|
- JDK-8159720: Failure of C2 compilation with tiered prevents some C1 compilations
|
||||||
|
- JDK-8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
|
||||||
|
- JDK-8197859: VS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp
|
||||||
|
- JDK-8206456: [TESTBUG] docker jtreg tests fail on systems without cpuset.effective_cpus / cpuset.effective_mems
|
||||||
|
- JDK-8221529: [TESTBUG] Docker tests use old/deprecated image on AArch64
|
||||||
|
- JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137
|
||||||
|
- JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS
|
||||||
|
- JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows
|
||||||
|
- JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
|
||||||
|
- JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
|
||||||
|
- JDK-8265527: tools/javac/diags/CheckExamples.java fails after JDK-8078024 8u backport
|
||||||
|
- JDK-8269039: Disable SHA-1 Signed JARs
|
||||||
|
- JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0
|
||||||
|
- JDK-8270344: Session resumption errors
|
||||||
|
- JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
|
||||||
|
- JDK-8273176: handle latest VS2019 in abstract_vm_version
|
||||||
|
- JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
|
||||||
|
- JDK-8274840: Update OS detection code to recognize Windows 11
|
||||||
|
- JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
|
||||||
|
- JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
|
||||||
|
- JDK-8283277: ISO 4217 Amendment 171 Update
|
||||||
|
- JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode
|
||||||
|
- JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer
|
||||||
|
- JDK-8284622: Update versions of some Github Actions used in JDK workflow
|
||||||
|
- JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled
|
||||||
|
- JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041)
|
||||||
|
- JDK-8289549: ISO 4217 Amendment 172 Update
|
||||||
|
- JDK-8292762: Remove .jcheck directories from jdk8u subcomponents
|
||||||
|
- JDK-8293181: Bump update version of OpenJDK: 8u362
|
||||||
|
- JDK-8293461: Add a test for JDK-8290832
|
||||||
|
- JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening
|
||||||
|
- JDK-8294307: ISO 4217 Amendment 173 Update
|
||||||
|
- JDK-8294357: (tz) Update Timezone Data to 2022d
|
||||||
|
- JDK-8294863: Enable partial tier1 testing in GHA for JDK8
|
||||||
|
- JDK-8295164: JDK 8 jdi tests should not use tasklist command on Windows
|
||||||
|
- JDK-8295173: (tz) Update Timezone Data to 2022e
|
||||||
|
- JDK-8295288: Some vm_flags tests associate with a wrong BugID
|
||||||
|
- JDK-8295714: GHA ::set-output is deprecated and will be removed
|
||||||
|
- JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
|
||||||
|
- JDK-8295915: Problemlist compiler/rtm failures specific to 8u
|
||||||
|
- JDK-8295950: Enable langtools/tier1 in GHA for 8u
|
||||||
|
- JDK-8296108: (tz) Update Timezone Data to 2022f
|
||||||
|
- JDK-8296239: ISO 4217 Amendment 174 Update
|
||||||
|
- JDK-8296555: Enable hotspot/tier1 for 64-bit builds in GHA for 8u
|
||||||
|
- JDK-8296715: CLDR v42 update for tzdata 2022f
|
||||||
|
- JDK-8296959: Fix hotspot shell tests of 8u on multilib systems
|
||||||
|
- JDK-8297141: Fix hotspot/test/runtime/SharedArchiveFile/DefaultUseWithClient.java for 8u
|
||||||
|
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
||||||
|
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||||
|
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||||
|
|
||||||
|
Notes on individual issues:
|
||||||
|
===========================
|
||||||
|
|
||||||
|
client-libs/javax.imageio:
|
||||||
|
|
||||||
|
JDK-8295687: Better BMP bounds
|
||||||
|
==============================
|
||||||
|
Loading a linked ICC profile within a BMP image is now disabled by
|
||||||
|
default. To re-enable it, set the new system property
|
||||||
|
`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
|
||||||
|
replaces the old property,
|
||||||
|
`sun.imageio.plugins.bmp.disableLinkedProfiles`.
|
||||||
|
|
||||||
|
client-libs/javax.sound:
|
||||||
|
|
||||||
|
JDK-8293742: Better Banking of Sounds
|
||||||
|
=====================================
|
||||||
|
Previously, the SoundbankReader implementation,
|
||||||
|
`com.sun.media.sound.JARSoundbankReader`, would download a JAR
|
||||||
|
soundbank from a URL. This behaviour is now disabled by default. To
|
||||||
|
re-enable it, set the new system property `jdk.sound.jarsoundbank` to
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
hotspot/runtime:
|
||||||
|
|
||||||
|
JDK-8274840: Release Now Recognises Windows 11
|
||||||
|
==============================================
|
||||||
|
This release now correctly sets the `os.name` property to `Windows
|
||||||
|
11`, as would be expected.
|
||||||
|
|
||||||
|
other-libs/corba:idl:
|
||||||
|
|
||||||
|
JDK-8285021: Improve CORBA communication
|
||||||
|
========================================
|
||||||
|
The JDK's CORBA implementation now refuses by default to deserialize
|
||||||
|
objects, unless they have the "IOR:" prefix. The previous behaviour
|
||||||
|
can be re-enabled by setting the new property
|
||||||
|
`com.sun.CORBA.ORBAllowDeserializeObject` to `true`.
|
||||||
|
|
||||||
|
security-libs/java.security:
|
||||||
|
|
||||||
|
JDK-8269039: Disabled SHA-1 Signed JARs
|
||||||
|
=======================================
|
||||||
|
JARs signed with SHA-1 algorithms are now restricted by default and
|
||||||
|
treated as if they were unsigned. This applies to the algorithms used
|
||||||
|
to digest, sign, and optionally timestamp the JAR. It also applies to
|
||||||
|
the signature and digest algorithms of the certificates in the
|
||||||
|
certificate chain of the code signer and the Timestamp Authority, and
|
||||||
|
any CRLs or OCSP responses that are used to verify if those
|
||||||
|
certificates have been revoked. These restrictions also apply to
|
||||||
|
signed JCE providers.
|
||||||
|
|
||||||
|
To reduce the compatibility risk for JARs that have been previously
|
||||||
|
timestamped, there is one exception to this policy:
|
||||||
|
|
||||||
|
- Any JAR signed with SHA-1 algorithms and timestamped prior to
|
||||||
|
January 01, 2019 will not be restricted.
|
||||||
|
|
||||||
|
This exception may be removed in a future JDK release. To determine if
|
||||||
|
your signed JARs are affected by this change, run:
|
||||||
|
|
||||||
|
$ jarsigner -verify -verbose -certs`
|
||||||
|
|
||||||
|
on the signed JAR, and look for instances of "SHA1" or "SHA-1" and
|
||||||
|
"disabled" and a warning that the JAR will be treated as unsigned in
|
||||||
|
the output.
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
Signed by "CN="Signer""
|
||||||
|
Digest algorithm: SHA-1 (disabled)
|
||||||
|
Signature algorithm: SHA1withRSA (disabled), 2048-bit key
|
||||||
|
|
||||||
|
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
|
||||||
|
|
||||||
|
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
|
||||||
|
|
||||||
|
JARs affected by these new restrictions should be replaced or
|
||||||
|
re-signed with stronger algorithms.
|
||||||
|
|
||||||
|
Users can, *at their own risk*, remove these restrictions by modifying
|
||||||
|
the `java.security` configuration file (or override it by using the
|
||||||
|
`java.security.properties` system property) and removing "SHA1 usage
|
||||||
|
SignedJAR & denyAfter 2019-01-01" from the
|
||||||
|
`jdk.certpath.disabledAlgorithms` security property and "SHA1
|
||||||
|
denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security
|
||||||
|
property.
|
||||||
|
|
||||||
|
New in release OpenJDK 8u352 (2022-10-18):
|
||||||
|
===========================================
|
||||||
|
Live versions of these release notes can be found at:
|
||||||
|
* https://bit.ly/openjdk8u352
|
||||||
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u352.txt
|
||||||
|
|
||||||
|
* Security fixes
|
||||||
|
- JDK-8282252: Improve BigInteger/Decimal validation
|
||||||
|
- JDK-8285662: Better permission resolution
|
||||||
|
- JDK-8286511: Improve macro allocation
|
||||||
|
- JDK-8286519: Better memory handling
|
||||||
|
- JDK-8286526, CVE-2022-21619: Improve NTLM support
|
||||||
|
- JDK-8286533, CVE-2022-21626: Key X509 usages
|
||||||
|
- JDK-8286910, CVE-2022-21624: Improve JNDI lookups
|
||||||
|
- JDK-8286918, CVE-2022-21628: Better HttpServer service
|
||||||
|
- JDK-8288508: Enhance ECDSA usage
|
||||||
|
* Other changes
|
||||||
|
- JDK-7131823: bug in GIFImageReader
|
||||||
|
- JDK-7186258: InetAddress$Cache should replace currentTimeMillis with nanoTime for more precise and accurate
|
||||||
|
- JDK-8028265: Add legacy tz tests to OpenJDK
|
||||||
|
- JDK-8039955: [TESTBUG] jdk/lambda/LambdaTranslationTest1 - java.lang.AssertionError: expected [d:1234.000000] but found [d:1234,000000]
|
||||||
|
- JDK-8049228: Improve multithreaded scalability of InetAddress cache
|
||||||
|
- JDK-8071507: (ref) Clear phantom reference as soft and weak references do
|
||||||
|
- JDK-8087283: Add support for the XML Signature here() function to the JDK XPath implementation
|
||||||
|
- JDK-8130895: Test javax/swing/system/6799345/TestShutdown.java fails on Solaris11 Sparcv9
|
||||||
|
- JDK-8136354: [TEST_BUG] Test java/awt/image/RescaleOp/RescaleAlphaTest.java with Bad action for script
|
||||||
|
- JDK-8139668: Generate README-build.html from markdown
|
||||||
|
- JDK-8143847: Remove REF_CLEANER reference category
|
||||||
|
- JDK-8147862: Null check too late in sun.net.httpserver.ServerImpl
|
||||||
|
- JDK-8150669: C1 intrinsic for Class.isPrimitive
|
||||||
|
- JDK-8155742: [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows
|
||||||
|
- JDK-8173339: AArch64: Fix minimum stack size computations
|
||||||
|
- JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load
|
||||||
|
- JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing
|
||||||
|
- JDK-8178832: (ref) jdk.lang.ref.disableClearBeforeEnqueue property is ignored
|
||||||
|
- JDK-8183107: PKCS11 regression regarding checkKeySize
|
||||||
|
- JDK-8193780: (ref) Remove the undocumented "jdk.lang.ref.disableClearBeforeEnqueue" system property
|
||||||
|
- JDK-8194873: right ALT key hotkeys no longer work in Swing components
|
||||||
|
- JDK-8201793: (ref) Reference object should not support cloning
|
||||||
|
- JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount()
|
||||||
|
- JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures.
|
||||||
|
- JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit
|
||||||
|
- JDK-8235218: Minimal VM is broken after JDK-8173361
|
||||||
|
- JDK-8235385: Crash on aarch64 JDK due to long offset
|
||||||
|
- JDK-8245263: Enable TLSv1.3 by default on JDK 8u for Client roles
|
||||||
|
- JDK-8254178: Remove .hgignore
|
||||||
|
- JDK-8254318: Remove .hgtags
|
||||||
|
- JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version
|
||||||
|
- JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
|
||||||
|
- JDK-8280963: Incorrect PrintFlags formatting on Windows
|
||||||
|
- JDK-8282538: PKCS11 tests fail on CentOS Stream 9
|
||||||
|
- JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee
|
||||||
|
- JDK-8285400: Add '@apiNote' to the APIs defined in Java SE 8 MR 3
|
||||||
|
- JDK-8285497: Add system property for Java SE specification maintenance version
|
||||||
|
- JDK-8287132: Retire Runtime.runFinalizersOnExit so that it always throws UOE
|
||||||
|
- JDK-8287508: The tests added to jdk-8 by 8235385 are to be ported to jdk-11
|
||||||
|
- JDK-8287521: Bump update version of OpenJDK: 8u352
|
||||||
|
- JDK-8288763: Pack200 extraction failure with invalid size
|
||||||
|
- JDK-8288865: [aarch64] LDR instructions must use legitimized addresses
|
||||||
|
- JDK-8290000: Bump macOS GitHub actions to macOS 11
|
||||||
|
- JDK-8292579: (tz) Update Timezone Data to 2022c
|
||||||
|
- JDK-8292688: Support Security properties in security.testlibrary.Proc
|
||||||
|
|
||||||
|
Notes on individual issues:
|
||||||
|
===========================
|
||||||
|
|
||||||
|
core-libs/java.lang:
|
||||||
|
|
||||||
|
JDK-8201793: (ref) Reference object should not support cloning
|
||||||
|
==============================================================
|
||||||
|
`java.lang.ref.Reference::clone` method always throws
|
||||||
|
`CloneNotSupportedException`. `Reference` objects cannot be
|
||||||
|
meaningfully cloned. To create a new Reference object, call the
|
||||||
|
constructor to create a `Reference` object with the same referent and
|
||||||
|
reference queue instead.
|
||||||
|
|
||||||
|
JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing
|
||||||
|
===============================================================================================
|
||||||
|
`java.lang.ref.Reference.enqueue` method clears the reference object
|
||||||
|
before it is added to the registered queue. When the `enqueue` method
|
||||||
|
is called, the reference object is cleared and `get()` method will
|
||||||
|
return null in OpenJDK 8u352.
|
||||||
|
|
||||||
|
Typically when a reference object is enqueued, it is expected that the
|
||||||
|
reference object is cleared explicitly via the `clear` method to avoid
|
||||||
|
memory leak because its referent is no longer referenced. In other
|
||||||
|
words the `get` method is expected not to be called in common cases
|
||||||
|
once the `enqueue`method is called. In the case when the `get` method
|
||||||
|
from an enqueued reference object and existing code attempts to access
|
||||||
|
members of the referent, `NullPointerException` may be thrown. Such
|
||||||
|
code will need to be updated.
|
||||||
|
|
||||||
|
JDK-8071507: (ref) Clear phantom reference as soft and weak references do
|
||||||
|
=========================================================================
|
||||||
|
This enhancement changes phantom references to be automatically
|
||||||
|
cleared by the garbage collector as soft and weak references.
|
||||||
|
|
||||||
|
An object becomes phantom reachable after it has been finalized. This
|
||||||
|
change may cause the phantom reachable objects to be GC'ed earlier -
|
||||||
|
previously the referent is kept alive until PhantomReference objects
|
||||||
|
are GC'ed or cleared by the application. This potential behavioral
|
||||||
|
change might only impact existing code that would depend on
|
||||||
|
PhantomReference being enqueued rather than when the referent be freed
|
||||||
|
from the heap.
|
||||||
|
|
||||||
|
core-libs/java.net:
|
||||||
|
|
||||||
|
JDK-8286918: Better HttpServer service
|
||||||
|
======================================
|
||||||
|
The HttpServer can be optionally configured with a maximum connection
|
||||||
|
limit by setting the jdk.httpserver.maxConnections system property. A
|
||||||
|
value of 0 or a negative integer is ignored and considered to
|
||||||
|
represent no connection limit. In the case of a positive integer
|
||||||
|
value, any newly accepted connections will be first checked against
|
||||||
|
the current count of established connections and, if the configured
|
||||||
|
limit has been reached, then the newly accepted connection will be
|
||||||
|
closed immediately.
|
||||||
|
|
||||||
|
core-libs/java.net:
|
||||||
|
|
||||||
|
JDK-8286918: Better HttpServer service
|
||||||
|
======================================
|
||||||
|
The HttpServer can be optionally configured with a maximum connection
|
||||||
|
limit by setting the jdk.httpserver.maxConnections system property. A
|
||||||
|
value of 0 or a negative integer is ignored and considered to
|
||||||
|
represent no connection limit. In the case of a positive integer
|
||||||
|
value, any newly accepted connections will be first checked against
|
||||||
|
the current count of established connections and, if the configured
|
||||||
|
limit has been reached, then the newly accepted connection will be
|
||||||
|
closed immediately.
|
||||||
|
|
||||||
|
security-libs/javax.net.ssl:
|
||||||
|
|
||||||
|
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
|
||||||
|
================================================================
|
||||||
|
The TLSv1.3 implementation is now enabled by default for client roles
|
||||||
|
in 8u352. It has been enabled by default for server roles since 8u272.
|
||||||
|
|
||||||
|
Note that TLS 1.3 is not directly compatible with previous
|
||||||
|
versions. Enabling it on the client may introduce compatibility issues
|
||||||
|
on either the server or the client side. Here are some more details on
|
||||||
|
potential compatibility issues that you should be aware of:
|
||||||
|
|
||||||
|
* TLS 1.3 uses a half-close policy, while TLS 1.2 and prior versions
|
||||||
|
use a duplex-close policy. For applications that depend on the
|
||||||
|
duplex-close policy, there may be compatibility issues when
|
||||||
|
upgrading to TLS 1.3.
|
||||||
|
|
||||||
|
* The signature_algorithms_cert extension requires that pre-defined
|
||||||
|
signature algorithms are used for certificate authentication. In
|
||||||
|
practice, however, an application may use non-supported signature
|
||||||
|
algorithms.
|
||||||
|
|
||||||
|
* The DSA signature algorithm is not supported in TLS 1.3. If a server
|
||||||
|
is configured to only use DSA certificates, it cannot upgrade to TLS
|
||||||
|
1.3.
|
||||||
|
|
||||||
|
* The supported cipher suites for TLS 1.3 are not the same as TLS 1.2
|
||||||
|
and prior versions. If an application hard-codes cipher suites which
|
||||||
|
are no longer supported, it may not be able to use TLS 1.3 without
|
||||||
|
modifying the application code.
|
||||||
|
|
||||||
|
* The TLS 1.3 session resumption and key update behaviors are
|
||||||
|
different from TLS 1.2 and prior versions. The compatibility should
|
||||||
|
be minimal, but it could be a risk if an application depends on the
|
||||||
|
handshake details of the TLS protocols.
|
||||||
|
|
||||||
|
The TLS 1.3 protocol can be disabled by using the jdk.tls.client.protocols
|
||||||
|
system property:
|
||||||
|
|
||||||
|
java -Djdk.tls.client.protocols="TLSv1.2" ...
|
||||||
|
|
||||||
|
Alternatively, an application can explicitly set the enabled protocols
|
||||||
|
with the javax.net.ssl APIs e.g.
|
||||||
|
|
||||||
|
sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"});
|
||||||
|
|
||||||
|
or:
|
||||||
|
|
||||||
|
SSLParameters params = sslSocket.getSSLParameters();
|
||||||
|
params.setProtocols(new String[] {"TLSv1.2"});
|
||||||
|
sslSocket.setSSLParameters(params);
|
||||||
|
|
||||||
New in release OpenJDK 8u345 (2022-08-01):
|
New in release OpenJDK 8u345 (2022-08-01):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
@ -32,7 +385,7 @@ versions of OpenJDK 8. As a result, we have reverted this change in
|
|||||||
New in release OpenJDK 8u342 (2022-07-19):
|
New in release OpenJDK 8u342 (2022-07-19):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
* https://bitly.com/openjdk8u342
|
* https://bit.ly/openjdk8u342
|
||||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt
|
||||||
|
|
||||||
* Security fixes
|
* Security fixes
|
||||||
@ -212,7 +565,7 @@ Live versions of these release notes can be found at:
|
|||||||
New in release OpenJDK 8u322 (2022-01-18):
|
New in release OpenJDK 8u322 (2022-01-18):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
* https://bitly.com/openjdk8u322
|
* https://bit.ly/openjdk8u322
|
||||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
|
||||||
|
|
||||||
* Security fixes
|
* Security fixes
|
||||||
|
@ -1,3 +1,20 @@
|
|||||||
|
/* TestSecurityProperties -- Ensure system security properties can be used to
|
||||||
|
enable the crypto policies.
|
||||||
|
Copyright (C) 2022 Red Hat, Inc.
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU Affero General Public License as
|
||||||
|
published by the Free Software Foundation, either version 3 of the
|
||||||
|
License, or (at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU Affero General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Affero General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
|
160
SOURCES/TestTranslations.java
Normal file
160
SOURCES/TestTranslations.java
Normal file
@ -0,0 +1,160 @@
|
|||||||
|
/* TestTranslations -- Ensure translations are available for new timezones
|
||||||
|
Copyright (C) 2022 Red Hat, Inc.
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU Affero General Public License as
|
||||||
|
published by the Free Software Foundation, either version 3 of the
|
||||||
|
License, or (at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU Affero General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Affero General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import java.text.DateFormatSymbols;
|
||||||
|
|
||||||
|
import java.time.ZoneId;
|
||||||
|
import java.time.format.TextStyle;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Locale;
|
||||||
|
import java.util.Objects;
|
||||||
|
import java.util.TimeZone;
|
||||||
|
|
||||||
|
public class TestTranslations {
|
||||||
|
|
||||||
|
private static Map<Locale,String[]> KYIV, CIUDAD_JUAREZ;
|
||||||
|
|
||||||
|
static {
|
||||||
|
Map<Locale,String[]> map = new HashMap<Locale,String[]>();
|
||||||
|
map.put(Locale.US, new String[] { "Eastern European Time", "GMT+02:00", "EET",
|
||||||
|
"Eastern European Summer Time", "GMT+03:00", "EEST",
|
||||||
|
"Eastern European Time", "GMT+02:00", "EET"});
|
||||||
|
map.put(Locale.FRANCE, new String[] { "Heure d'Europe de l'Est", "UTC+02:00", "EET",
|
||||||
|
"Heure d'\u00e9t\u00e9 d'Europe de l'Est", "UTC+03:00", "EEST",
|
||||||
|
"Heure d'Europe de l'Est", "UTC+02:00", "EET"});
|
||||||
|
map.put(Locale.GERMANY, new String[] { "Osteurop\u00e4ische Zeit", "OEZ", "OEZ",
|
||||||
|
"Osteurop\u00e4ische Sommerzeit", "OESZ", "OESZ",
|
||||||
|
"Osteurop\u00e4ische Zeit", "OEZ", "OEZ"});
|
||||||
|
KYIV = Collections.unmodifiableMap(map);
|
||||||
|
|
||||||
|
map = new HashMap<Locale,String[]>();
|
||||||
|
map.put(Locale.US, new String[] { "Mountain Standard Time", "MST", "MST",
|
||||||
|
"Mountain Daylight Time", "MDT", "MDT",
|
||||||
|
"Mountain Time", "MT", "MT"});
|
||||||
|
map.put(Locale.FRANCE, new String[] { "Heure normale des Rocheuses", "UTC\u221207:00", "MST",
|
||||||
|
"Heure avanc\u00e9e des Rocheuses", "UTC\u221206:00", "MDT",
|
||||||
|
"Rocheuses", "UTC\u221207:00", "MT"});
|
||||||
|
map.put(Locale.GERMANY, new String[] { "Rocky Mountains Normalzeit", "GMT-07:00", "MST",
|
||||||
|
"Rocky Mountains Sommerzeit", "GMT-06:00", "MDT",
|
||||||
|
"Zeitzone Mountain", "GMT-07:00", "MT"});
|
||||||
|
CIUDAD_JUAREZ = Collections.unmodifiableMap(map);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
if (args.length < 1) {
|
||||||
|
System.err.println("Test must be started with the name of the locale provider.");
|
||||||
|
System.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
System.out.println("Checking sanity of full zone string set...");
|
||||||
|
boolean invalid = Arrays.stream(Locale.getAvailableLocales())
|
||||||
|
.peek(l -> System.out.println("Locale: " + l))
|
||||||
|
.map(l -> DateFormatSymbols.getInstance(l).getZoneStrings())
|
||||||
|
.flatMap(zs -> Arrays.stream(zs))
|
||||||
|
.flatMap(names -> Arrays.stream(names))
|
||||||
|
.filter(name -> Objects.isNull(name) || name.isEmpty())
|
||||||
|
.findAny()
|
||||||
|
.isPresent();
|
||||||
|
if (invalid) {
|
||||||
|
System.err.println("Zone string for a locale returned null or empty string");
|
||||||
|
System.exit(2);
|
||||||
|
}
|
||||||
|
|
||||||
|
String localeProvider = args[0];
|
||||||
|
testZone(localeProvider, KYIV,
|
||||||
|
new String[] { "Europe/Kiev", "Europe/Kyiv", "Europe/Uzhgorod", "Europe/Zaporozhye" });
|
||||||
|
testZone(localeProvider, CIUDAD_JUAREZ,
|
||||||
|
new String[] { "America/Cambridge_Bay", "America/Ciudad_Juarez" });
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void testZone(String localeProvider, Map<Locale,String[]> exp, String[] ids) {
|
||||||
|
for (Locale l : exp.keySet()) {
|
||||||
|
String[] expected = exp.get(l);
|
||||||
|
System.out.printf("Expected values for %s are %s\n", l, Arrays.toString(expected));
|
||||||
|
for (String id : ids) {
|
||||||
|
String expectedShortStd = null;
|
||||||
|
String expectedShortDST = null;
|
||||||
|
String expectedShortGen = null;
|
||||||
|
|
||||||
|
System.out.printf("Checking locale %s for %s...\n", l, id);
|
||||||
|
|
||||||
|
if ("JRE".equals(localeProvider)) {
|
||||||
|
expectedShortStd = expected[2];
|
||||||
|
expectedShortDST = expected[5];
|
||||||
|
expectedShortGen = expected[8];
|
||||||
|
} else if ("CLDR".equals(localeProvider)) {
|
||||||
|
expectedShortStd = expected[1];
|
||||||
|
expectedShortDST = expected[4];
|
||||||
|
expectedShortGen = expected[7];
|
||||||
|
} else {
|
||||||
|
System.err.printf("Invalid locale provider %s\n", localeProvider);
|
||||||
|
System.exit(3);
|
||||||
|
}
|
||||||
|
System.out.printf("Locale Provider is %s, using short values %s, %s and %s\n",
|
||||||
|
localeProvider, expectedShortStd, expectedShortDST, expectedShortGen);
|
||||||
|
|
||||||
|
String longStd = TimeZone.getTimeZone(id).getDisplayName(false, TimeZone.LONG, l);
|
||||||
|
String shortStd = TimeZone.getTimeZone(id).getDisplayName(false, TimeZone.SHORT, l);
|
||||||
|
String longDST = TimeZone.getTimeZone(id).getDisplayName(true, TimeZone.LONG, l);
|
||||||
|
String shortDST = TimeZone.getTimeZone(id).getDisplayName(true, TimeZone.SHORT, l);
|
||||||
|
String longGen = ZoneId.of(id).getDisplayName(TextStyle.FULL, l);
|
||||||
|
String shortGen = ZoneId.of(id).getDisplayName(TextStyle.SHORT, l);
|
||||||
|
|
||||||
|
if (!expected[0].equals(longStd)) {
|
||||||
|
System.err.printf("Long standard display name for %s in %s was %s, expected %s\n",
|
||||||
|
id, l, longStd, expected[0]);
|
||||||
|
System.exit(4);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!expectedShortStd.equals(shortStd)) {
|
||||||
|
System.err.printf("Short standard display name for %s in %s was %s, expected %s\n",
|
||||||
|
id, l, shortStd, expectedShortStd);
|
||||||
|
System.exit(5);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!expected[3].equals(longDST)) {
|
||||||
|
System.err.printf("Long DST display name for %s in %s was %s, expected %s\n",
|
||||||
|
id, l, longDST, expected[3]);
|
||||||
|
System.exit(6);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!expectedShortDST.equals(shortDST)) {
|
||||||
|
System.err.printf("Short DST display name for %s in %s was %s, expected %s\n",
|
||||||
|
id, l, shortDST, expectedShortDST);
|
||||||
|
System.exit(7);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!expected[6].equals(longGen)) {
|
||||||
|
System.err.printf("Long generic display name for %s in %s was %s, expected %s\n",
|
||||||
|
id, l, longGen, expected[6]);
|
||||||
|
System.exit(8);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!expectedShortGen.equals(shortGen)) {
|
||||||
|
System.err.printf("Short generic display name for %s in %s was %s, expected %s\n",
|
||||||
|
id, l, shortGen, expectedShortGen);
|
||||||
|
System.exit(9);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -11,7 +11,7 @@ index 151e5a109f8..a8761b500e0 100644
|
|||||||
LIB_SETUP_ON_WINDOWS
|
LIB_SETUP_ON_WINDOWS
|
||||||
|
|
||||||
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
|
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
|
||||||
index e77ce854dc5..ec6e9b27ca5 100644
|
index 71fabf4dbb3..17f4f50673d 100644
|
||||||
--- a/common/autoconf/generated-configure.sh
|
--- a/common/autoconf/generated-configure.sh
|
||||||
+++ b/common/autoconf/generated-configure.sh
|
+++ b/common/autoconf/generated-configure.sh
|
||||||
@@ -651,6 +651,9 @@ LLVM_CONFIG
|
@@ -651,6 +651,9 @@ LLVM_CONFIG
|
||||||
@ -124,7 +124,7 @@ index e77ce854dc5..ec6e9b27ca5 100644
|
|||||||
#
|
#
|
||||||
# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
|
# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
@@ -49290,6 +49351,157 @@ fi
|
@@ -49304,6 +49365,157 @@ fi
|
||||||
LIBS="$save_LIBS"
|
LIBS="$save_LIBS"
|
||||||
|
|
||||||
|
|
||||||
@ -1532,7 +1532,7 @@ index ffee2c1603b..98119479823 100644
|
|||||||
"FIPS mode: KeyStore must be " +
|
"FIPS mode: KeyStore must be " +
|
||||||
"from provider " + SunJSSE.cryptoProvider.getName());
|
"from provider " + SunJSSE.cryptoProvider.getName());
|
||||||
diff --git a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
diff --git a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||||
index cd0e9e98df9..fba760187c0 100644
|
index 820e10164fc..6fe2c29389f 100644
|
||||||
--- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
--- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||||
+++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
+++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||||
@@ -31,6 +31,7 @@ import java.security.*;
|
@@ -31,6 +31,7 @@ import java.security.*;
|
||||||
@ -1627,8 +1627,8 @@ index cd0e9e98df9..fba760187c0 100644
|
|||||||
+ };
|
+ };
|
||||||
+ }
|
+ }
|
||||||
return new ProtocolVersion[]{
|
return new ProtocolVersion[]{
|
||||||
|
ProtocolVersion.TLS13,
|
||||||
ProtocolVersion.TLS12,
|
ProtocolVersion.TLS12,
|
||||||
ProtocolVersion.TLS11,
|
|
||||||
diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
|
diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
|
||||||
index 2845dc37938..52337a7b6cf 100644
|
index 2845dc37938..52337a7b6cf 100644
|
||||||
--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
|
--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
|
||||||
@ -1659,7 +1659,7 @@ index 2845dc37938..52337a7b6cf 100644
|
|||||||
"sun.security.ssl.SSLContextImpl$TLSContext");
|
"sun.security.ssl.SSLContextImpl$TLSContext");
|
||||||
if (isfips == false) {
|
if (isfips == false) {
|
||||||
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
|
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
|
||||||
index d3d64b3facd..bfe0c593adb 100644
|
index 7a93d4e6b59..681a24b905d 100644
|
||||||
--- a/jdk/src/share/lib/security/java.security-aix
|
--- a/jdk/src/share/lib/security/java.security-aix
|
||||||
+++ b/jdk/src/share/lib/security/java.security-aix
|
+++ b/jdk/src/share/lib/security/java.security-aix
|
||||||
@@ -287,6 +287,13 @@ package.definition=sun.,\
|
@@ -287,6 +287,13 @@ package.definition=sun.,\
|
||||||
@ -1677,7 +1677,7 @@ index d3d64b3facd..bfe0c593adb 100644
|
|||||||
# Determines the default key and trust manager factory algorithms for
|
# Determines the default key and trust manager factory algorithms for
|
||||||
# the javax.net.ssl package.
|
# the javax.net.ssl package.
|
||||||
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
|
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
|
||||||
index db610d4bfbb..9d1c8fe8a8e 100644
|
index 145a84f94cf..789c19a8cba 100644
|
||||||
--- a/jdk/src/share/lib/security/java.security-linux
|
--- a/jdk/src/share/lib/security/java.security-linux
|
||||||
+++ b/jdk/src/share/lib/security/java.security-linux
|
+++ b/jdk/src/share/lib/security/java.security-linux
|
||||||
@@ -75,6 +75,14 @@ security.provider.7=com.sun.security.sasl.Provider
|
@@ -75,6 +75,14 @@ security.provider.7=com.sun.security.sasl.Provider
|
||||||
@ -1722,7 +1722,7 @@ index db610d4bfbb..9d1c8fe8a8e 100644
|
|||||||
# Determines the default key and trust manager factory algorithms for
|
# Determines the default key and trust manager factory algorithms for
|
||||||
# the javax.net.ssl package.
|
# the javax.net.ssl package.
|
||||||
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
|
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
|
||||||
index a919ba3d5cd..19047c61097 100644
|
index 35fa140d7a5..d4da666af3b 100644
|
||||||
--- a/jdk/src/share/lib/security/java.security-macosx
|
--- a/jdk/src/share/lib/security/java.security-macosx
|
||||||
+++ b/jdk/src/share/lib/security/java.security-macosx
|
+++ b/jdk/src/share/lib/security/java.security-macosx
|
||||||
@@ -290,6 +290,13 @@ package.definition=sun.,\
|
@@ -290,6 +290,13 @@ package.definition=sun.,\
|
||||||
@ -1740,7 +1740,7 @@ index a919ba3d5cd..19047c61097 100644
|
|||||||
# Determines the default key and trust manager factory algorithms for
|
# Determines the default key and trust manager factory algorithms for
|
||||||
# the javax.net.ssl package.
|
# the javax.net.ssl package.
|
||||||
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
|
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
|
||||||
index 86265ba5fb6..7eda556ae13 100644
|
index f79ba37ddb9..300132384a1 100644
|
||||||
--- a/jdk/src/share/lib/security/java.security-solaris
|
--- a/jdk/src/share/lib/security/java.security-solaris
|
||||||
+++ b/jdk/src/share/lib/security/java.security-solaris
|
+++ b/jdk/src/share/lib/security/java.security-solaris
|
||||||
@@ -288,6 +288,13 @@ package.definition=sun.,\
|
@@ -288,6 +288,13 @@ package.definition=sun.,\
|
||||||
@ -1758,7 +1758,7 @@ index 86265ba5fb6..7eda556ae13 100644
|
|||||||
# Determines the default key and trust manager factory algorithms for
|
# Determines the default key and trust manager factory algorithms for
|
||||||
# the javax.net.ssl package.
|
# the javax.net.ssl package.
|
||||||
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
|
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
|
||||||
index 9b4bda23cbe..dfa1a669aa9 100644
|
index d70503ce95f..64db5a5cd1e 100644
|
||||||
--- a/jdk/src/share/lib/security/java.security-windows
|
--- a/jdk/src/share/lib/security/java.security-windows
|
||||||
+++ b/jdk/src/share/lib/security/java.security-windows
|
+++ b/jdk/src/share/lib/security/java.security-windows
|
||||||
@@ -290,6 +290,13 @@ package.definition=sun.,\
|
@@ -290,6 +290,13 @@ package.definition=sun.,\
|
@ -1,125 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User mbalao
|
|
||||||
# Date 1529971845 -28800
|
|
||||||
# Tue Jun 26 08:10:45 2018 +0800
|
|
||||||
# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc
|
|
||||||
# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff
|
|
||||||
8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
|
|
||||||
Reviewed-by: valeriep, weijun
|
|
||||||
|
|
||||||
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
|
|
||||||
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
|
|
||||||
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
|
|
||||||
@@ -197,7 +197,7 @@
|
|
||||||
|
|
||||||
if (configDir != null) {
|
|
||||||
String configDirPath = null;
|
|
||||||
- String sqlPrefix = "sql:/";
|
|
||||||
+ String sqlPrefix = "sql:";
|
|
||||||
if (!configDir.startsWith(sqlPrefix)) {
|
|
||||||
configDirPath = configDir;
|
|
||||||
} else {
|
|
||||||
diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
|
|
||||||
--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
|
|
||||||
@@ -69,9 +69,14 @@
|
|
||||||
int res = 0;
|
|
||||||
FPTR_Initialize initialize =
|
|
||||||
(FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize");
|
|
||||||
+ #ifdef SECMOD_DEBUG
|
|
||||||
+ FPTR_GetError getError =
|
|
||||||
+ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError");
|
|
||||||
+ #endif // SECMOD_DEBUG
|
|
||||||
unsigned int flags = 0x00;
|
|
||||||
const char *configDir = NULL;
|
|
||||||
const char *functionName = NULL;
|
|
||||||
+ const char *configFile = NULL;
|
|
||||||
|
|
||||||
/* If we cannot initialize, exit now */
|
|
||||||
if (initialize == NULL) {
|
|
||||||
@@ -97,13 +102,18 @@
|
|
||||||
flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag
|
|
||||||
}
|
|
||||||
|
|
||||||
+ configFile = "secmod.db";
|
|
||||||
+ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) {
|
|
||||||
+ configFile = "pkcs11.txt";
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* If the NSS_Init function is requested then call NSS_Initialize to
|
|
||||||
* open the Cert, Key and Security Module databases, read only.
|
|
||||||
*/
|
|
||||||
if (strcmp("NSS_Init", functionName) == 0) {
|
|
||||||
flags = flags | 0x01; // NSS_INIT_READONLY flag
|
|
||||||
- res = initialize(configDir, "", "", "secmod.db", flags);
|
|
||||||
+ res = initialize(configDir, "", "", configFile, flags);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If the NSS_InitReadWrite function is requested then call
|
|
||||||
@@ -111,7 +121,7 @@
|
|
||||||
* read/write.
|
|
||||||
*/
|
|
||||||
} else if (strcmp("NSS_InitReadWrite", functionName) == 0) {
|
|
||||||
- res = initialize(configDir, "", "", "secmod.db", flags);
|
|
||||||
+ res = initialize(configDir, "", "", configFile, flags);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If the NSS_NoDB_Init function is requested then call
|
|
||||||
@@ -137,6 +147,13 @@
|
|
||||||
(*env)->ReleaseStringUTFChars(env, jConfigDir, configDir);
|
|
||||||
}
|
|
||||||
dprintf1("-res: %d\n", res);
|
|
||||||
+ #ifdef SECMOD_DEBUG
|
|
||||||
+ if (res == -1) {
|
|
||||||
+ if (getError != NULL) {
|
|
||||||
+ dprintf1("-NSS error: %d\n", getError());
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ #endif // SECMOD_DEBUG
|
|
||||||
|
|
||||||
return (res == 0) ? JNI_TRUE : JNI_FALSE;
|
|
||||||
}
|
|
||||||
diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
|
|
||||||
--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
|
|
||||||
+++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
|
|
||||||
@@ -34,6 +34,10 @@
|
|
||||||
const char *certPrefix, const char *keyPrefix,
|
|
||||||
const char *secmodName, unsigned int flags);
|
|
||||||
|
|
||||||
+#ifdef SECMOD_DEBUG
|
|
||||||
+typedef int (*FPTR_GetError)(void);
|
|
||||||
+#endif //SECMOD_DEBUG
|
|
||||||
+
|
|
||||||
// in secmod.h
|
|
||||||
//extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
|
|
||||||
// PRBool recurse);
|
|
||||||
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
|
|
||||||
new file mode 100644
|
|
||||||
--- /dev/null
|
|
||||||
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
|
|
||||||
@@ -0,0 +1,4 @@
|
|
||||||
+library=
|
|
||||||
+name=NSS Internal PKCS #11 Module
|
|
||||||
+parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
|
|
||||||
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
|
|
||||||
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
|
|
||||||
--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
|
|
||||||
+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
|
|
||||||
@@ -55,7 +55,7 @@
|
|
||||||
|
|
||||||
DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
|
|
||||||
if (useSqlite) {
|
|
||||||
- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
|
|
||||||
+ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR);
|
|
||||||
} else {
|
|
||||||
System.setProperty("pkcs11test.nss.db", DBDIR);
|
|
||||||
}
|
|
||||||
@@ -67,6 +67,7 @@
|
|
||||||
if (useSqlite) {
|
|
||||||
copyFile("key4.db", BASE, DBDIR);
|
|
||||||
copyFile("cert9.db", BASE, DBDIR);
|
|
||||||
+ copyFile("pkcs11.txt", BASE, DBDIR);
|
|
||||||
} else {
|
|
||||||
copyFile("secmod.db", BASE, DBDIR);
|
|
||||||
copyFile("key3.db", BASE, DBDIR);
|
|
@ -1,18 +1,16 @@
|
|||||||
commit c28417b0f421b80cd7efa339a3cce5609aafc880
|
|
||||||
Author: Andrew John Hughes <andrew@openjdk.org>
|
|
||||||
Date: Mon Apr 18 20:04:49 2022 +0100
|
|
||||||
|
|
||||||
Support security.systemCACerts security property which can be disabled with -Djava.security.disableSystemCACerts=true
|
|
||||||
|
|
||||||
PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
|
|
||||||
PR3575: System cacerts database handling should not affect jssecacerts
|
|
||||||
RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds
|
|
||||||
|
|
||||||
diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||||
index e7b4763db53..4b38d1f9465 100644
|
index e7b4763db53..e8ec8467e6a 100644
|
||||||
--- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
--- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||||
+++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
+++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||||
@@ -68,7 +68,7 @@ final class TrustStoreManager {
|
@@ -31,6 +31,7 @@ import java.security.*;
|
||||||
|
import java.security.cert.*;
|
||||||
|
import java.util.*;
|
||||||
|
import sun.security.action.*;
|
||||||
|
+import sun.security.tools.KeyStoreUtil;
|
||||||
|
import sun.security.validator.TrustStoreUtil;
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -68,7 +69,7 @@ final class TrustStoreManager {
|
||||||
* The preference of the default trusted KeyStore is:
|
* The preference of the default trusted KeyStore is:
|
||||||
* javax.net.ssl.trustStore
|
* javax.net.ssl.trustStore
|
||||||
* jssecacerts
|
* jssecacerts
|
||||||
@ -21,35 +19,29 @@ index e7b4763db53..4b38d1f9465 100644
|
|||||||
*/
|
*/
|
||||||
private static final class TrustStoreDescriptor {
|
private static final class TrustStoreDescriptor {
|
||||||
private static final String fileSep = File.separator;
|
private static final String fileSep = File.separator;
|
||||||
@@ -79,6 +79,11 @@ final class TrustStoreManager {
|
@@ -76,7 +77,7 @@ final class TrustStoreManager {
|
||||||
defaultStorePath + fileSep + "cacerts";
|
GetPropertyAction.privilegedGetProperty("java.home") +
|
||||||
|
fileSep + "lib" + fileSep + "security";
|
||||||
|
private static final String defaultStore =
|
||||||
|
- defaultStorePath + fileSep + "cacerts";
|
||||||
|
+ KeyStoreUtil.getCacertsKeyStoreFile().getPath();
|
||||||
private static final String jsseDefaultStore =
|
private static final String jsseDefaultStore =
|
||||||
defaultStorePath + fileSep + "jssecacerts";
|
defaultStorePath + fileSep + "jssecacerts";
|
||||||
+ /* Check system cacerts DB */
|
|
||||||
+ private static final boolean systemStoreOff =
|
|
||||||
+ privilegedGetBooleanProperty("java.security.disableSystemCACerts");
|
|
||||||
+ private static final String systemStore = (systemStoreOff ? defaultStore :
|
|
||||||
+ privilegedGetSecurityProperty("security.systemCACerts"));
|
|
||||||
|
|
||||||
// the trust store name
|
@@ -139,6 +140,10 @@ final class TrustStoreManager {
|
||||||
private final String storeName;
|
|
||||||
@@ -139,28 +144,35 @@ final class TrustStoreManager {
|
|
||||||
String storePropPassword = System.getProperty(
|
String storePropPassword = System.getProperty(
|
||||||
"javax.net.ssl.trustStorePassword", "");
|
"javax.net.ssl.trustStorePassword", "");
|
||||||
|
|
||||||
+ if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
|
+ if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
|
||||||
+ SSLLogger.fine("System store disabled: " + systemStoreOff);
|
+ SSLLogger.fine("Default store: " + defaultStore);
|
||||||
+ SSLLogger.fine("System store: " + systemStore);
|
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
String temporaryName = "";
|
String temporaryName = "";
|
||||||
File temporaryFile = null;
|
File temporaryFile = null;
|
||||||
long temporaryTime = 0L;
|
long temporaryTime = 0L;
|
||||||
if (!"NONE".equals(storePropName)) {
|
@@ -146,21 +151,22 @@ final class TrustStoreManager {
|
||||||
String[] fileNames =
|
String[] fileNames =
|
||||||
- new String[] {storePropName, defaultStore};
|
new String[] {storePropName, defaultStore};
|
||||||
+ new String[] {storePropName,
|
|
||||||
+ systemStore, defaultStore};
|
|
||||||
for (String fileName : fileNames) {
|
for (String fileName : fileNames) {
|
||||||
- File f = new File(fileName);
|
- File f = new File(fileName);
|
||||||
- if (f.isFile() && f.canRead()) {
|
- if (f.isFile() && f.canRead()) {
|
||||||
@ -84,62 +76,69 @@ index e7b4763db53..4b38d1f9465 100644
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@@ -390,4 +402,31 @@ final class TrustStoreManager {
|
|
||||||
return TrustStoreUtil.getTrustedCerts(ks);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ private static String privilegedGetSecurityProperty(final String prop) {
|
|
||||||
+ if (System.getSecurityManager() == null) {
|
|
||||||
+ return Security.getProperty(prop);
|
|
||||||
+ } else {
|
|
||||||
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
|
|
||||||
+ @Override
|
|
||||||
+ public String run() {
|
|
||||||
+ return Security.getProperty(prop);
|
|
||||||
+ }
|
|
||||||
+ });
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /**
|
|
||||||
+ * Returns {@code true} if the {@code System} property is present and set to @{code "true"}.
|
|
||||||
+ *
|
|
||||||
+ * @param prop the name of the property to check.
|
|
||||||
+ * @return true if the property is present and set to {@code "true"}.
|
|
||||||
+ */
|
|
||||||
+ private static boolean privilegedGetBooleanProperty(final String prop) {
|
|
||||||
+ if (System.getSecurityManager() == null) {
|
|
||||||
+ return Boolean.getBoolean(prop);
|
|
||||||
+ } else {
|
|
||||||
+ return AccessController.doPrivileged(new GetBooleanAction(prop));
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||||
index fcc77786da1..639fc220b6b 100644
|
index fcc77786da1..f554f83a8b4 100644
|
||||||
--- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
--- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||||
+++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
+++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||||
@@ -34,6 +34,7 @@ import java.io.InputStreamReader;
|
@@ -33,7 +33,10 @@ import java.io.InputStreamReader;
|
||||||
|
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
|
|
||||||
|
+import java.security.AccessController;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
+import java.security.PrivilegedAction;
|
||||||
+import java.security.Security;
|
+import java.security.Security;
|
||||||
|
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.text.Collator;
|
import java.text.Collator;
|
||||||
@@ -103,9 +104,18 @@ public class KeyStoreUtil {
|
@@ -54,6 +57,33 @@ public class KeyStoreUtil {
|
||||||
throws Exception
|
|
||||||
{
|
private static final String JKS = "jks";
|
||||||
String sep = File.separator;
|
|
||||||
- File file = new File(System.getProperty("java.home") + sep
|
+ private static final String PROP_NAME = "security.systemCACerts";
|
||||||
- + "lib" + sep + "security" + sep
|
+
|
||||||
- + "cacerts");
|
+ /**
|
||||||
|
+ * Returns the value of the security property propName, which can be overridden
|
||||||
|
+ * by a system property of the same name
|
||||||
|
+ *
|
||||||
|
+ * @param propName the name of the system or security property
|
||||||
|
+ * @return the value of the system or security property
|
||||||
|
+ */
|
||||||
|
+ @SuppressWarnings("removal")
|
||||||
|
+ public static String privilegedGetOverridable(String propName) {
|
||||||
|
+ if (System.getSecurityManager() == null) {
|
||||||
|
+ return getOverridableProperty(propName);
|
||||||
|
+ } else {
|
||||||
|
+ return AccessController.doPrivileged((PrivilegedAction<String>) () -> getOverridableProperty(propName));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private static String getOverridableProperty(String propName) {
|
||||||
|
+ String val = System.getProperty(propName);
|
||||||
|
+ if (val == null) {
|
||||||
|
+ return Security.getProperty(propName);
|
||||||
|
+ } else {
|
||||||
|
+ return val;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Returns true if the certificate is self-signed, false otherwise.
|
||||||
|
*/
|
||||||
|
@@ -96,20 +126,38 @@ public class KeyStoreUtil {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Returns the path to the cacerts DB
|
||||||
|
+ */
|
||||||
|
+ public static File getCacertsKeyStoreFile()
|
||||||
|
+ {
|
||||||
|
+ String sep = File.separator;
|
||||||
+ File file = null;
|
+ File file = null;
|
||||||
+ /* Check system cacerts DB first */
|
+ /* Check system cacerts DB first, preferring system property over security property */
|
||||||
+ String systemDB = Security.getProperty("security.systemCACerts");
|
+ String systemDB = privilegedGetOverridable(PROP_NAME);
|
||||||
+ boolean systemStoreOff = Boolean.getBoolean("java.security.disableSystemCACerts");
|
+ if (systemDB != null && !"".equals(systemDB)) {
|
||||||
+ if (!systemStoreOff && systemDB != null && !"".equals(systemDB)) {
|
|
||||||
+ file = new File(systemDB);
|
+ file = new File(systemDB);
|
||||||
+ }
|
+ }
|
||||||
+ if (file == null || !file.exists()) {
|
+ if (file == null || !file.exists()) {
|
||||||
@ -147,9 +146,31 @@ index fcc77786da1..639fc220b6b 100644
|
|||||||
+ + "lib" + sep + "security" + sep
|
+ + "lib" + sep + "security" + sep
|
||||||
+ + "cacerts");
|
+ + "cacerts");
|
||||||
+ }
|
+ }
|
||||||
if (!file.exists()) {
|
+ if (file.exists()) {
|
||||||
return null;
|
+ return file;
|
||||||
}
|
+ }
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Returns the keystore with the configured CA certificates.
|
||||||
|
*/
|
||||||
|
public static KeyStore getCacertsKeyStore()
|
||||||
|
throws Exception
|
||||||
|
{
|
||||||
|
- String sep = File.separator;
|
||||||
|
- File file = new File(System.getProperty("java.home") + sep
|
||||||
|
- + "lib" + sep + "security" + sep
|
||||||
|
- + "cacerts");
|
||||||
|
- if (!file.exists()) {
|
||||||
|
- return null;
|
||||||
|
- }
|
||||||
|
KeyStore caks = null;
|
||||||
|
+ File file = getCacertsKeyStoreFile();
|
||||||
|
+ if (file == null) { return null; }
|
||||||
|
try (FileInputStream fis = new FileInputStream(file)) {
|
||||||
|
caks = KeyStore.getInstance(JKS);
|
||||||
|
caks.load(fis, null);
|
||||||
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
|
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
|
||||||
index bfe0c593adb..093bc09bf95 100644
|
index bfe0c593adb..093bc09bf95 100644
|
||||||
--- a/jdk/src/share/lib/security/java.security-aix
|
--- a/jdk/src/share/lib/security/java.security-aix
|
||||||
|
@ -1,66 +0,0 @@
|
|||||||
diff --git a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
|
|
||||||
--- openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
|
|
||||||
+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
|
|
||||||
@@ -1,5 +1,6 @@
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
+ * Copyright (c) 2014 Red Hat Inc.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
@@ -61,13 +62,13 @@
|
|
||||||
|
|
||||||
private static void checkKeySize(int keysize)
|
|
||||||
throws InvalidParameterException {
|
|
||||||
- boolean supported = ((keysize == 2048) || (keysize == 3072) ||
|
|
||||||
+ boolean supported = ((keysize == 2048) || (keysize == 3072) || (keysize == 4096) ||
|
|
||||||
((keysize >= 512) && (keysize <= 1024) && ((keysize & 0x3F) == 0)));
|
|
||||||
|
|
||||||
if (!supported) {
|
|
||||||
throw new InvalidParameterException(
|
|
||||||
"DH key size must be multiple of 64 and range " +
|
|
||||||
- "from 512 to 1024 (inclusive), or 2048, 3072. " +
|
|
||||||
+ "from 512 to 1024 (inclusive), or 2048, 3072, 4096. " +
|
|
||||||
"The specific key size " + keysize + " is not supported");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
|
|
||||||
--- openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
|
|
||||||
+++ openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
|
|
||||||
@@ -1,5 +1,6 @@
|
|
||||||
/*
|
|
||||||
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
+ * Copyright (c) 2014 Red Hat Inc.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
@@ -58,7 +59,7 @@
|
|
||||||
*/
|
|
||||||
private enum Sizes {
|
|
||||||
two56(256), three84(384), five12(512), seven68(768), ten24(1024),
|
|
||||||
- twenty48(2048);
|
|
||||||
+ twenty48(2048), forty96(4096);
|
|
||||||
|
|
||||||
private final int intSize;
|
|
||||||
private final BigInteger bigIntValue;
|
|
||||||
@@ -130,6 +131,19 @@
|
|
||||||
kp = kpg.generateKeyPair();
|
|
||||||
checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
|
|
||||||
|
|
||||||
+ kpg.initialize(Sizes.forty96.getIntSize());
|
|
||||||
+ kp = kpg.generateKeyPair();
|
|
||||||
+ checkKeyPair(kp, Sizes.forty96, Sizes.twenty48);
|
|
||||||
+
|
|
||||||
+ publicKey = (DHPublicKey)kp.getPublic();
|
|
||||||
+ p = publicKey.getParams().getP();
|
|
||||||
+ g = publicKey.getParams().getG();
|
|
||||||
+
|
|
||||||
+ // test w/ all values specified
|
|
||||||
+ kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
|
|
||||||
+ kp = kpg.generateKeyPair();
|
|
||||||
+ checkKeyPair(kp, Sizes.forty96, Sizes.ten24);
|
|
||||||
+
|
|
||||||
System.out.println("OK");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
@ -23,6 +23,8 @@
|
|||||||
%bcond_with artifacts
|
%bcond_with artifacts
|
||||||
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
|
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
|
||||||
%bcond_without fresh_libjvm
|
%bcond_without fresh_libjvm
|
||||||
|
# Build with system libraries
|
||||||
|
%bcond_with system_libs
|
||||||
|
|
||||||
# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
|
# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
|
||||||
%if %{with fresh_libjvm}
|
%if %{with fresh_libjvm}
|
||||||
@ -31,6 +33,16 @@
|
|||||||
%global build_hotspot_first 0
|
%global build_hotspot_first 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{with system_libs}
|
||||||
|
%global system_libs 1
|
||||||
|
%global link_type system
|
||||||
|
%global jpeg_lib |libjavajpeg[.]so.*
|
||||||
|
%else
|
||||||
|
%global system_libs 0
|
||||||
|
%global link_type bundled
|
||||||
|
%global jpeg_lib |libjpeg[.]so.*
|
||||||
|
%endif
|
||||||
|
|
||||||
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
|
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
|
||||||
# This fixes detailed NMT and other tools which need minimal debug info.
|
# This fixes detailed NMT and other tools which need minimal debug info.
|
||||||
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
|
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
|
||||||
@ -150,11 +162,15 @@
|
|||||||
# Build and test slowdebug first as it provides the best diagnostics
|
# Build and test slowdebug first as it provides the best diagnostics
|
||||||
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
|
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
|
||||||
|
|
||||||
|
%if 0%{?flatpak}
|
||||||
|
%global bootstrap_build false
|
||||||
|
%else
|
||||||
%ifarch %{bootstrap_arches}
|
%ifarch %{bootstrap_arches}
|
||||||
%global bootstrap_build true
|
%global bootstrap_build true
|
||||||
%else
|
%else
|
||||||
%global bootstrap_build false
|
%global bootstrap_build false
|
||||||
%endif
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
%global bootstrap_targets images
|
%global bootstrap_targets images
|
||||||
%global release_targets images docs-zip
|
%global release_targets images docs-zip
|
||||||
@ -265,7 +281,7 @@
|
|||||||
# New Version-String scheme-style defines
|
# New Version-String scheme-style defines
|
||||||
%global majorver 8
|
%global majorver 8
|
||||||
|
|
||||||
# Standard JPackage naming and versioning defines.
|
# Standard JPackage naming and versioning defines
|
||||||
%global origin openjdk
|
%global origin openjdk
|
||||||
%global origin_nice OpenJDK
|
%global origin_nice OpenJDK
|
||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
@ -297,7 +313,7 @@
|
|||||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||||
%global shenandoah_project openjdk
|
%global shenandoah_project openjdk
|
||||||
%global shenandoah_repo shenandoah-jdk8u
|
%global shenandoah_repo shenandoah-jdk8u
|
||||||
%global openjdk_revision jdk8u345-b01
|
%global openjdk_revision jdk8u362-b08
|
||||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||||
# Define old aarch64/jdk8u tree variables for compatibility
|
# Define old aarch64/jdk8u tree variables for compatibility
|
||||||
%global project %{shenandoah_project}
|
%global project %{shenandoah_project}
|
||||||
@ -306,7 +322,7 @@
|
|||||||
# Define IcedTea version used for SystemTap tapsets and desktop files
|
# Define IcedTea version used for SystemTap tapsets and desktop files
|
||||||
%global icedteaver 3.15.0
|
%global icedteaver 3.15.0
|
||||||
# Define current Git revision for the FIPS support patches
|
# Define current Git revision for the FIPS support patches
|
||||||
%global fipsver 8e8bbf0ff74
|
%global fipsver 6d1aade0648
|
||||||
|
|
||||||
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
|
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
|
||||||
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
|
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
|
||||||
@ -316,7 +332,7 @@
|
|||||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||||
# eg jdk8u60-b27 -> b27
|
# eg jdk8u60-b27 -> b27
|
||||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||||
%global rpmrelease 2
|
%global rpmrelease 3
|
||||||
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
@ -356,8 +372,7 @@
|
|||||||
# as to why some libraries *cannot* be excluded. In particular,
|
# as to why some libraries *cannot* be excluded. In particular,
|
||||||
# these are:
|
# these are:
|
||||||
# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so
|
# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so
|
||||||
%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
|
%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*%{jpeg_lib}|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
|
||||||
|
|
||||||
%global __provides_exclude ^(%{_privatelibs})$
|
%global __provides_exclude ^(%{_privatelibs})$
|
||||||
%global __requires_exclude ^(%{_privatelibs})$
|
%global __requires_exclude ^(%{_privatelibs})$
|
||||||
|
|
||||||
@ -781,6 +796,7 @@ exit 0
|
|||||||
%{_jvmdir}/%{jrelnk -- %{?1}}
|
%{_jvmdir}/%{jrelnk -- %{?1}}
|
||||||
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security
|
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/security/cacerts
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/security/cacerts
|
||||||
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/security/cacerts.upstream
|
||||||
%dir %{_jvmdir}/%{jredir -- %{?1}}
|
%dir %{_jvmdir}/%{jredir -- %{?1}}
|
||||||
%dir %{_jvmdir}/%{jredir -- %{?1}}/bin
|
%dir %{_jvmdir}/%{jredir -- %{?1}}/bin
|
||||||
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib
|
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib
|
||||||
@ -863,7 +879,11 @@ exit 0
|
|||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjaas_unix.so
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjaas_unix.so
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjava.so
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjava.so
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjava_crw_demo.so
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjava_crw_demo.so
|
||||||
|
%if %{system_libs}
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjavajpeg.so
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjavajpeg.so
|
||||||
|
%else
|
||||||
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjpeg.so
|
||||||
|
%endif
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjdwp.so
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjdwp.so
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjsdt.so
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjsdt.so
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjsig.so
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjsig.so
|
||||||
@ -904,6 +924,7 @@ exit 0
|
|||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/rt.jar
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/rt.jar
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/sound.properties
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/sound.properties
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/tzdb.dat
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/tzdb.dat
|
||||||
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/tzdb.dat.upstream
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/management-agent.jar
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/management-agent.jar
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/management/*
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/management/*
|
||||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/cmm/*
|
%{_jvmdir}/%{jredir -- %{?1}}/lib/cmm/*
|
||||||
@ -1104,9 +1125,8 @@ Provides: java%{?1} = %{epoch}:%{javaver}
|
|||||||
Requires: ca-certificates
|
Requires: ca-certificates
|
||||||
# Require javapackages-filesystem for ownership of /usr/lib/jvm/
|
# Require javapackages-filesystem for ownership of /usr/lib/jvm/
|
||||||
Requires: javapackages-filesystem
|
Requires: javapackages-filesystem
|
||||||
# Require zoneinfo data provided by tzdata-java subpackage.
|
# 2022g required as of JDK-8297804
|
||||||
# 2022a required as of JDK-8283350 in 8u342
|
Requires: tzdata-java >= 2022g
|
||||||
Requires: tzdata-java >= 2022a
|
|
||||||
# for support of kernel stream control
|
# for support of kernel stream control
|
||||||
# libsctp.so.1 is being `dlopen`ed on demand
|
# libsctp.so.1 is being `dlopen`ed on demand
|
||||||
Requires: lksctp-tools%{?_isa}
|
Requires: lksctp-tools%{?_isa}
|
||||||
@ -1303,6 +1323,9 @@ Source16: CheckVendor.java
|
|||||||
# nss fips configuration file
|
# nss fips configuration file
|
||||||
Source17: nss.fips.cfg.in
|
Source17: nss.fips.cfg.in
|
||||||
|
|
||||||
|
# Ensure translations are available for new timezones
|
||||||
|
Source18: TestTranslations.java
|
||||||
|
|
||||||
Source20: repackReproduciblePolycies.sh
|
Source20: repackReproduciblePolycies.sh
|
||||||
|
|
||||||
# New versions of config files with aarch64 support. This is not upstream yet.
|
# New versions of config files with aarch64 support. This is not upstream yet.
|
||||||
@ -1361,8 +1384,6 @@ Patch1001: fips-8u-%{fipsver}.patch
|
|||||||
#############################################
|
#############################################
|
||||||
# PR2737: Allow multiple initialization of PKCS11 libraries
|
# PR2737: Allow multiple initialization of PKCS11 libraries
|
||||||
Patch5: pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch
|
Patch5: pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch
|
||||||
# PR2095, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure (sync with IcedTea 2.x)
|
|
||||||
Patch504: rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch
|
|
||||||
# Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions
|
# Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions
|
||||||
Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch
|
Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch
|
||||||
# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
|
# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
|
||||||
@ -1422,14 +1443,12 @@ Patch202: jdk8035341-allow_using_system_installed_libpng.patch
|
|||||||
# 8042159: Allow using a system-installed lcms2
|
# 8042159: Allow using a system-installed lcms2
|
||||||
Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
|
Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
|
||||||
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
|
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
|
||||||
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
|
|
||||||
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
|
|
||||||
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
|
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
|
||||||
Patch581: jdk8257794-remove_broken_assert.patch
|
Patch581: jdk8257794-remove_broken_assert.patch
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
# Patches appearing in 8u332
|
# Patches appearing in 8u362
|
||||||
#
|
#
|
||||||
# This section includes patches which are present
|
# This section includes patches which are present
|
||||||
# in the listed OpenJDK 8u release and should be
|
# in the listed OpenJDK 8u release and should be
|
||||||
@ -1480,12 +1499,8 @@ BuildRequires: desktop-file-utils
|
|||||||
BuildRequires: elfutils-devel
|
BuildRequires: elfutils-devel
|
||||||
BuildRequires: fontconfig-devel
|
BuildRequires: fontconfig-devel
|
||||||
BuildRequires: freetype-devel
|
BuildRequires: freetype-devel
|
||||||
BuildRequires: giflib-devel
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: gdb
|
BuildRequires: gdb
|
||||||
BuildRequires: lcms2-devel
|
|
||||||
BuildRequires: libjpeg-devel
|
|
||||||
BuildRequires: libpng-devel
|
|
||||||
BuildRequires: libxslt
|
BuildRequires: libxslt
|
||||||
BuildRequires: libX11-devel
|
BuildRequires: libX11-devel
|
||||||
BuildRequires: libXext-devel
|
BuildRequires: libXext-devel
|
||||||
@ -1508,8 +1523,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
|
|||||||
%ifarch %{zero_arches}
|
%ifarch %{zero_arches}
|
||||||
BuildRequires: libffi-devel
|
BuildRequires: libffi-devel
|
||||||
%endif
|
%endif
|
||||||
# 2022a required as of JDK-8283350 in 8u342
|
# 2022g required as of JDK-8297804
|
||||||
BuildRequires: tzdata-java >= 2022a
|
BuildRequires: tzdata-java >= 2022g
|
||||||
# Earlier versions have a bug in tree vectorization on PPC
|
# Earlier versions have a bug in tree vectorization on PPC
|
||||||
BuildRequires: gcc >= 4.8.3-8
|
BuildRequires: gcc >= 4.8.3-8
|
||||||
|
|
||||||
@ -1517,6 +1532,24 @@ BuildRequires: gcc >= 4.8.3-8
|
|||||||
BuildRequires: systemtap-sdt-devel
|
BuildRequires: systemtap-sdt-devel
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{system_libs}
|
||||||
|
BuildRequires: giflib-devel
|
||||||
|
BuildRequires: lcms2-devel
|
||||||
|
BuildRequires: libjpeg-devel
|
||||||
|
BuildRequires: libpng-devel
|
||||||
|
%else
|
||||||
|
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
|
||||||
|
Provides: bundled(giflib) = 5.2.1
|
||||||
|
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
|
||||||
|
Provides: bundled(lcms2) = 2.10.0
|
||||||
|
# Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h
|
||||||
|
Provides: bundled(libjpeg) = 6b
|
||||||
|
# Version in jdk/src/share/native/sun/awt/libpng/png.h
|
||||||
|
Provides: bundled(libpng) = 1.6.37
|
||||||
|
# We link statically against libstdc++ to increase portability
|
||||||
|
BuildRequires: libstdc++-static
|
||||||
|
%endif
|
||||||
|
|
||||||
# this is always built, also during debug-only build
|
# this is always built, also during debug-only build
|
||||||
# when it is built in debug-only this package is just placeholder
|
# when it is built in debug-only this package is just placeholder
|
||||||
%{java_rpo %{nil}}
|
%{java_rpo %{nil}}
|
||||||
@ -1805,14 +1838,18 @@ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/
|
|||||||
|
|
||||||
# OpenJDK patches
|
# OpenJDK patches
|
||||||
|
|
||||||
|
%if %{system_libs}
|
||||||
# Remove libraries that are linked
|
# Remove libraries that are linked
|
||||||
sh %{SOURCE12}
|
sh %{SOURCE12}
|
||||||
|
%endif
|
||||||
|
|
||||||
# System library fixes
|
# System library fixes
|
||||||
|
%if %{system_libs}
|
||||||
%patch201
|
%patch201
|
||||||
%patch202
|
%patch202
|
||||||
%patch203
|
%patch203
|
||||||
%patch204
|
%patch204
|
||||||
|
%endif
|
||||||
|
|
||||||
%patch1
|
%patch1
|
||||||
%patch3
|
%patch3
|
||||||
@ -1830,14 +1867,12 @@ sh %{SOURCE12}
|
|||||||
|
|
||||||
# Upstreamable fixes
|
# Upstreamable fixes
|
||||||
%patch502
|
%patch502
|
||||||
%patch504
|
|
||||||
%patch512
|
%patch512
|
||||||
%patch523
|
%patch523
|
||||||
%patch528
|
%patch528
|
||||||
%patch571
|
%patch571
|
||||||
%patch574
|
%patch574
|
||||||
%patch112
|
%patch112
|
||||||
%patch580
|
|
||||||
%patch581
|
%patch581
|
||||||
%patch113
|
%patch113
|
||||||
|
|
||||||
@ -1918,6 +1953,7 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
|
|||||||
sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %{security_file}
|
sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %{security_file}
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
# How many CPU's do we have?
|
# How many CPU's do we have?
|
||||||
export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
|
export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
|
||||||
export NUM_PROC=${NUM_PROC:-1}
|
export NUM_PROC=${NUM_PROC:-1}
|
||||||
@ -1954,12 +1990,20 @@ function buildjdk() {
|
|||||||
local buildjdk=${2}
|
local buildjdk=${2}
|
||||||
local maketargets="${3}"
|
local maketargets="${3}"
|
||||||
local debuglevel=${4}
|
local debuglevel=${4}
|
||||||
|
local link_opt=${5}
|
||||||
|
|
||||||
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
|
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
|
||||||
# Variable used in hs_err hook on build failures
|
# Variable used in hs_err hook on build failures
|
||||||
local top_builddir_abs_path=$(pwd)/${outputdir}
|
local top_builddir_abs_path=$(pwd)/${outputdir}
|
||||||
|
|
||||||
echo "Using output directory: ${outputdir}";
|
echo "Using output directory: ${outputdir}";
|
||||||
|
|
||||||
|
if [ "x${link_opt}" = "xbundled" ] ; then
|
||||||
|
libc_link_opt="static";
|
||||||
|
else
|
||||||
|
libc_link_opt="dynamic";
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Checking build JDK ${buildjdk} is operational..."
|
echo "Checking build JDK ${buildjdk} is operational..."
|
||||||
${buildjdk}/bin/java -version
|
${buildjdk}/bin/java -version
|
||||||
echo "Using make targets: ${maketargets}"
|
echo "Using make targets: ${maketargets}"
|
||||||
@ -1990,12 +2034,14 @@ function buildjdk() {
|
|||||||
--with-debug-level=${debuglevel} \
|
--with-debug-level=${debuglevel} \
|
||||||
--disable-sysconf-nss \
|
--disable-sysconf-nss \
|
||||||
--enable-unlimited-crypto \
|
--enable-unlimited-crypto \
|
||||||
--with-zlib=system \
|
--with-zlib=${link_opt} \
|
||||||
--with-libjpeg=system \
|
--with-giflib=${link_opt} \
|
||||||
--with-giflib=system \
|
%if %{with system_libs}
|
||||||
--with-libpng=system \
|
--with-libjpeg=${link_opt} \
|
||||||
--with-lcms=system \
|
--with-libpng=${link_opt} \
|
||||||
--with-stdc++lib=dynamic \
|
--with-lcms=${link_opt} \
|
||||||
|
%endif
|
||||||
|
--with-stdc++lib=${libc_link_opt} \
|
||||||
--with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
|
--with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
|
||||||
--with-extra-cflags="$EXTRA_CFLAGS" \
|
--with-extra-cflags="$EXTRA_CFLAGS" \
|
||||||
--with-extra-asflags="$EXTRA_ASFLAGS" \
|
--with-extra-asflags="$EXTRA_ASFLAGS" \
|
||||||
@ -2064,8 +2110,13 @@ function installjdk() {
|
|||||||
${imagepath}/jre/lib/security/java.security
|
${imagepath}/jre/lib/security/java.security
|
||||||
|
|
||||||
# Use system-wide tzdata
|
# Use system-wide tzdata
|
||||||
rm ${imagepath}/jre/lib/tzdb.dat
|
mv ${imagepath}/jre/lib/tzdb.dat{,.upstream}
|
||||||
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/jre/lib/tzdb.dat
|
ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/jre/lib/tzdb.dat
|
||||||
|
|
||||||
|
# Rename OpenJDK cacerts database
|
||||||
|
mv ${imagepath}/jre/lib/security/cacerts{,.upstream}
|
||||||
|
# Install cacerts symlink needed by some apps which hard-code the path
|
||||||
|
ln -sv %{cacerts_file} ${imagepath}/jre/lib/security
|
||||||
|
|
||||||
# add alt-java man page
|
# add alt-java man page
|
||||||
pushd ${imagepath}
|
pushd ${imagepath}
|
||||||
@ -2101,6 +2152,7 @@ builddir=%{buildoutputdir -- $suffix}
|
|||||||
bootbuilddir=boot${builddir}
|
bootbuilddir=boot${builddir}
|
||||||
installdir=%{installoutputdir -- $suffix}
|
installdir=%{installoutputdir -- $suffix}
|
||||||
bootinstalldir=boot${installdir}
|
bootinstalldir=boot${installdir}
|
||||||
|
link_opt="%{link_type}"
|
||||||
|
|
||||||
# Debug builds don't need same targets as release for
|
# Debug builds don't need same targets as release for
|
||||||
# build speed-up. We also avoid bootstrapping these
|
# build speed-up. We also avoid bootstrapping these
|
||||||
@ -2114,13 +2166,13 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if ${run_bootstrap} ; then
|
if ${run_bootstrap} ; then
|
||||||
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
|
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
|
||||||
installjdk ${bootbuilddir} ${bootinstalldir}
|
installjdk ${bootbuilddir} ${bootinstalldir}
|
||||||
buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
|
buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
|
||||||
installjdk ${builddir} ${installdir}
|
installjdk ${builddir} ${installdir}
|
||||||
%{!?with_artifacts:rm -rf ${bootinstalldir}}
|
%{!?with_artifacts:rm -rf ${bootinstalldir}}
|
||||||
else
|
else
|
||||||
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
|
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
|
||||||
installjdk ${builddir} ${installdir}
|
installjdk ${builddir} ${installdir}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -2151,10 +2203,6 @@ export SEC_DEBUG="-Djava.security.debug=properties"
|
|||||||
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
|
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
|
||||||
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
|
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
|
||||||
|
|
||||||
# Check correct vendor values have been set
|
|
||||||
$JAVA_HOME/bin/javac -d . %{SOURCE16}
|
|
||||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
|
|
||||||
|
|
||||||
# Check java launcher has no SSB mitigation
|
# Check java launcher has no SSB mitigation
|
||||||
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
|
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
|
||||||
|
|
||||||
@ -2165,6 +2213,13 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
|
|||||||
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# Check correct vendor values have been set
|
||||||
|
$JAVA_HOME/bin/javac -d . %{SOURCE16}
|
||||||
|
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
|
||||||
|
|
||||||
|
# Check translations are available for new timezones
|
||||||
|
$JAVA_HOME/bin/javac -d . %{SOURCE18}
|
||||||
|
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
|
||||||
|
|
||||||
# Check debug symbols are present and can identify code
|
# Check debug symbols are present and can identify code
|
||||||
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
|
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
|
||||||
@ -2635,6 +2690,65 @@ cjc.mainProgram(args)
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b08-3
|
||||||
|
- Update to shenandoah-jdk8u352-b08 (GA)
|
||||||
|
- Update release notes for shenandoah-8u352-b08.
|
||||||
|
- Fix broken links and missing release notes in older releases.
|
||||||
|
- Drop RH1163501 patch which is not upstream or in 11, 17 & 19 packages and seems obsolete
|
||||||
|
- Patch was broken by inclusion of "JDK-8293554: Enhanced DH Key Exchanges"
|
||||||
|
- Patch was added for a specific corner case of a 4096-bit DH key on a Fedora host that no longer exists
|
||||||
|
- Fedora now appears to be using RSA and the JDK now supports ECC in preference to large DH keys
|
||||||
|
- Resolves: rhbz#2160111
|
||||||
|
|
||||||
|
* Wed Jan 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b07-0.3.ea
|
||||||
|
- Update to shenandoah-jdk8u362-b07 (EA)
|
||||||
|
- Update release notes for shenandoah-8u362-b07.
|
||||||
|
- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
|
||||||
|
- Drop tzdata patches for 2022d & 2022e (JDK-8294357 & JDK-8295173) which are now upstream
|
||||||
|
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
|
||||||
|
- Drop JDK-8255559/RH2124390 patch which is now upstream
|
||||||
|
- Resolves: rhbz#2150193
|
||||||
|
|
||||||
|
* Tue Jan 10 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b01-0.3.ea
|
||||||
|
- Update to shenandoah-jdk8u362-b01 (EA)
|
||||||
|
- Update release notes for shenandoah-8u362-b01.
|
||||||
|
- Switch to EA mode for 8u362 pre-release builds.
|
||||||
|
- Drop JDK-8195607/PR3776/RH1760437 now this is upstream
|
||||||
|
- Related: rhbz#2150193
|
||||||
|
|
||||||
|
* Thu Nov 10 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b08-3
|
||||||
|
- Add backport of JDK-8255559 to fix file descriptor leak in XML code
|
||||||
|
- Resolves: rhbz#2124390
|
||||||
|
|
||||||
|
* Wed Oct 19 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b08-2
|
||||||
|
- Update to shenandoah-jdk8u352-b08 (GA)
|
||||||
|
- Update release notes for shenandoah-8u352-b08.
|
||||||
|
- Switch to GA mode for final release.
|
||||||
|
- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
|
||||||
|
- Add test to ensure timezones can be translated
|
||||||
|
- Resolves: rhbz#2133695
|
||||||
|
|
||||||
|
* Wed Oct 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b07-0.2.ea
|
||||||
|
- Update to shenandoah-jdk8u352-b07 (EA)
|
||||||
|
- Update release notes for shenandoah-8u352-b07.
|
||||||
|
- Switch to EA mode for 8u352 pre-release builds.
|
||||||
|
- Rebase FIPS patch against 8u352-b07
|
||||||
|
- Resolves: rhbz#2130612
|
||||||
|
|
||||||
|
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.345.b01-5
|
||||||
|
- Switch to static builds, reducing system dependencies and making build more portable
|
||||||
|
- Resolves: rhbz#2048542
|
||||||
|
|
||||||
|
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.345.b01-4
|
||||||
|
- Sync system cacerts support with RHEL 9, disabling using -Dsecurity.systemCACerts=
|
||||||
|
- Move cacerts replacement to install section and retain original of this and tzdb.dat
|
||||||
|
- Related: rhbz#2055274
|
||||||
|
|
||||||
|
* Mon Aug 29 2022 Stephan Bergmann <sbergman@redhat.com> - 1:1.8.0.345.b01-3
|
||||||
|
- Disable copy-jdk-configs for Flatpak builds
|
||||||
|
- Fix flatpak builds by exempting them from bootstrap
|
||||||
|
- Resolves: rhbz#2102733
|
||||||
|
|
||||||
* Wed Aug 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.345.b01-2
|
* Wed Aug 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.345.b01-2
|
||||||
- Update to shenandoah-jdk8u345-b01 (GA)
|
- Update to shenandoah-jdk8u345-b01 (GA)
|
||||||
- Update release notes for 8u345-b01.
|
- Update release notes for 8u345-b01.
|
||||||
|
Loading…
Reference in New Issue
Block a user