Update to shenandoah-jdk8u372-b07 (GA)

Update release notes for shenandoah-8u372-b07.
Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07
Update generate_tarball.sh to add support for passing a boot JDK to the configure run
Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
Drop JDK-8275535/RH2053256 patch which is now upstream
Include JDK-8271199 backport early ahead of 8u382 (RH2175317)
Drop hack for difference in local and portable build version
Replace local copies of JDK portable binaries with build dependencies
Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild.
Remove duplicate use of README.md inside the *-src package (it is no longer about sources)
Use portable build on x86_32 now one is available

** This tarball is embargoed until 2023-04-18 @ 1pm PT. **

Resolves: rhbz#2185182
Resolves: rhbz#2189329
Resolves: rhbz#2188023
This commit is contained in:
Andrew Hughes 2023-04-28 01:59:00 +01:00
parent ffd213c8a0
commit 345ac01c22
9 changed files with 2917 additions and 159 deletions

1
.gitignore vendored
View File

@ -282,3 +282,4 @@
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.ppc64le.tar.xz /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.ppc64le.tar.xz
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz

204
NEWS
View File

@ -3,6 +3,210 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u372 (2023-04-18):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u372
* CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
* Security fixes
- JDK-8287404: Improve ping times
- JDK-8288436: Improve Xalan supports
- JDK-8294474: Better AES support
- JDK-8295304: Runtime support improvements
- JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation
- JDK-8296676, JDK-8296622: Improve String platform support
- JDK-8296684: Improve String platform support
- JDK-8296692: Improve String platform support
- JDK-8296700: Improve String platform support
- JDK-8296832: Improve Swing platform support
- JDK-8297371: Improve UTF8 representation redux
- JDK-8298191: Enhance object reclamation process
- JDK-8298310: Enhance TLS session negotiation
- JDK-8298667: Improved path handling
- JDK-8299129: Enhance NameService lookups
* New features
- JDK-8230305: Cgroups v2: Container awareness
* Other changes
- JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
- JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be
- JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation
- JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java
- JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
- JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB
- JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error
- JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
- JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu
- JDK-8156579: Two JavaBeans tests failed
- JDK-8156581: Cleanup of ProblemList.txt
- JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail
- JDK-8177560: @headful key can be removed from the tests for JavaSound
- JDK-8196196: Headful tests should not be run in headless mode
- JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails
- JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp
- JDK-8203485: [freetype] text rotated on 180 degrees is too narrow
- JDK-8205959: Do not restart close if errno is EINTR
- JDK-8216366: Add rationale to PER_CPU_SHARES define
- JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
- JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes)
- JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12
- JDK-8229202: Docker reporting causes secondary crashes in error handling
- JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
- JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation
- JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
- JDK-8234484: Add ability to configure third port for remote JMX
- JDK-8237479: 8230305 causes slowdebug build failure
- JDK-8239559: Cgroups: Incorrect detection logic on some systems
- JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
- JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
- JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
- JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
- JDK-8242468: VS2019 build missing vcruntime140_1.dll
- JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
- JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
- JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
- JDK-8245654: Add Certigna Root CA
- JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
- JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
- JDK-8252359: HotSpot Not Identifying it is Running in a Container
- JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
- JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
- JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
- JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
- JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
- JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
- JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
- JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
- JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
- JDK-8257620: Do not use objc_msgSend_stret to get macOS version
- JDK-8262379: Add regression test for JDK-8257746
- JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
- JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
- JDK-8270317: Large Allocation in CipherSuite
- JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
- JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
- JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
- JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
- JDK-8280048: Missing comma in copyright header
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
- JDK-8282947: JFR: Dump on shutdown live-locks in some conditions
- JDK-8283277: ISO 4217 Amendment 171 Update
- JDK-8283606: Tests may fail with zh locale on MacOS
- JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
- JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
- JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
- JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
- JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
- JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
- JDK-8287109: Distrust.java failed with CertificateExpiredException
- JDK-8287463: JFR: Disable TestDevNull.java on Windows
- JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
- JDK-8289549: ISO 4217 Amendment 172 Update
- JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun
- JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
- JDK-8292083: Detected container memory limit may exceed physical machine memory
- JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
- JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
- JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
- JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
- JDK-8294307: ISO 4217 Amendment 173 Update
- JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features
- JDK-8295322: Tests for JDK-8271459 were not backported to 11u
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
- JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process
- JDK-8296239: ISO 4217 Amendment 174 Update
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
- JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
- JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
- JDK-8297329: [8u] hotspot needs to recognise VS2019
- JDK-8297739: Bump update version of OpenJDK: 8u372
- JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's
- JDK-8298027: Remove SCCS id's from awt jtreg tests
- JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- JDK-8299445: EndingDotHostname.java fails because of compilation errors
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u
- JDK-8299804: Fix non-portable code in hotspot shell tests in 8u
- JDK-8300014: Some backports placed the tests in the wrong location
- JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
- JDK-8301122: [8u] Fix unreliable vs2010 download link
- JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper
- JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig
- JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport
- JDK-8301550: [8u] Enable additional linux build testing in GitHub
- JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors
- JDK-8301760: Fix possible leak in SpNegoContext dispose
- JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391
- JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391
- JDK-8304053: Revert os specific stubs for SystemMetrics
- JDK-8305113: (tz) Update Timezone Data to 2023c
Notes on individual issues:
===========================
hotspot:
core-libs:
JDK-8305562: Cgroups v2: Container awareness
============================================
The HotSpot runtime code as well as the core libraries code in the JDK
has been updated in order to detect a cgroup v2 host system when
running OpenJDK within a Linux container.
Since the 8u202 release of OpenJDK, the container detection code
recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later
releases, both versions of the underlying cgroups pseudo filesystem
will be detected and corresponding container limits applied to the
OpenJDK runtime.
Without this enhancement, OpenJDK would not apply container resource
limits when running on a cgroup v2 Linux host system, but would use
the underlying hosts' resource limits instead.
client-libs/javax.swing:
JDK-8296832: Improve Swing platform support
===========================================
Earlier OpenJDK releases would always render HTML object tags embedded in
Swing HTML components. With this release, rendering only occurs when the
new system property "swing.html.object" is set to true. By default, it
is set to false.
core-svc/javax.management:
JDK-8234484: Added Ability to Configure Third Port for Remote JMX
=================================================================
A local access port can now be configured for JMX connections by
setting the property `com.sun.management.jmxremote.local.port`. This
local port was previously selected at random, which could lead to port
collisions. The property works in the same way as the existing
properties for configuring the remote access port
(`com.sun.management.jmxremote.port`) and the RMI port
(`com.sun.management.jmxremote.rmi.port`)
security-libs/java.security:
JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
==========================================================
The following root certificate has been added to the cacerts truststore:
Name: Certigna (Dhimyotis)
Alias Name: certignarootca
Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
New in release OpenJDK 8u362 (2023-01-17): New in release OpenJDK 8u362 (2023-01-17):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:

View File

@ -1,8 +1,34 @@
Package of LTS OpenJDK 8 OpenJDK 8 is a Long-Term Support (LTS) release of the Java platform.
OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages.
JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives. For a list of major changes in OpenJDK 8 (java-1.8.0-openjdk), see the
upstream release page: https://openjdk.org/projects/jdk8/features
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html # Rebuilding the OpenJDK package
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf
The OpenJDK packages are now created from a single build which is then
packaged for different major versions of Red Hat Enterprise Linux
(RHEL). This allows the OpenJDK team to focus their efforts on the
development and testing of this single build, rather than having
multiple builds which only differ by the platform they were built on.
This does make rebuilding the package slightly more complicated than a
normal package. Modifications should be made to the
`java-1.8.0-openjdk-portable.specfile` file, which can be found with
this README file in the source RPM or installed in the documentation
tree by the `java-1.8.0-openjdk-headless` RPM.
Once the modified `java-1.8.0-openjdk-portable` RPMs are built, they
should be installed and will produce a number of tarballs in the
`/usr/lib/jvm` directory. The `java-1.8.0-openjdk` RPMs can then be
built, which will use these tarballs to create the usual RPMs found in
RHEL. The `java-1.8.0-openjdk-portable` RPMs can be uninstalled once
the desired final RPMs are produced.
Note that the `java-1.8.0-openjdk.spec` file has a hard requirement on
the exact version of java-1.8.0-openjdk-portable to use, so this will
need to be modified if the version or rpmrelease values are changed in
`java-1.8.0-openjdk-portable.specfile`.
To reduce the number of RPMs involved, the `fastdebug` and `slowdebug`
builds may be disabled using `--without fastdebug` and `--without
slowdebug`.

View File

@ -53,29 +53,58 @@ if [ "x$1" = "xhelp" ] ; then
echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})" echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})" echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)" echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)" echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)" echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)"
echo "JCONSOLE_JS_PATCH - the path to a patch to fix non-availiability of jconsole.js (optional; defaults to ${JCONSOLE_JS_PATCH_DEFAULT})" echo "JCONSOLE_JS_PATCH - the path to a patch to fix non-availiability of jconsole.js (optional; defaults to ${JCONSOLE_JS_PATCH_DEFAULT})"
echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run"
exit 1; exit 1;
fi fi
if [ "x$VERSION" = "x" ] ; then if [ "x$VERSION" = "x" ] ; then
echo "No VERSION specified" echo "No VERSION specified"
exit -2 exit 2
fi fi
echo "Version: ${VERSION}" echo "Version: ${VERSION}"
NUM_VER=${VERSION##jdk-}
RELEASE_VER=${NUM_VER%%+*}
BUILD_VER=${NUM_VER##*+}
MAJOR_VER=${RELEASE_VER%%.*}
echo "Major version is ${MAJOR_VER}, release ${RELEASE_VER}, build ${BUILD_VER}"
if [ "x$BOOT_JDK" = "x" ] ; then
echo "No boot JDK specified".
BOOT_JDK=/usr/lib/jvm/java-${MAJOR_VER}-openjdk;
echo -n "Checking for ${BOOT_JDK}...";
if [ -d ${BOOT_JDK} -a -x ${BOOT_JDK}/bin/java ] ; then
echo "Boot JDK found at ${BOOT_JDK}";
else
echo "Not found";
PREV_VER=$((${MAJOR_VER} - 1));
BOOT_JDK=/usr/lib/jvm/java-${PREV_VER}-openjdk;
echo -n "Checking for ${BOOT_JDK}...";
if [ -d ${BOOT_JDK} -a -x ${BOOT_JDK}/bin/java ] ; then
echo "Boot JDK found at ${BOOT_JDK}";
else
echo "Not found";
exit 4;
fi
fi
else
echo "Boot JDK: ${BOOT_JDK}";
fi
# REPO_NAME is only needed when we default on REPO_ROOT and FILE_NAME_ROOT # REPO_NAME is only needed when we default on REPO_ROOT and FILE_NAME_ROOT
if [ "x$FILE_NAME_ROOT" = "x" -o "x$REPO_ROOT" = "x" ] ; then if [ "x$FILE_NAME_ROOT" = "x" -o "x$REPO_ROOT" = "x" ] ; then
if [ "x$PROJECT_NAME" = "x" ] ; then if [ "x$PROJECT_NAME" = "x" ] ; then
echo "No PROJECT_NAME specified" echo "No PROJECT_NAME specified"
exit -1 exit 1
fi fi
echo "Project name: ${PROJECT_NAME}" echo "Project name: ${PROJECT_NAME}"
if [ "x$REPO_NAME" = "x" ] ; then if [ "x$REPO_NAME" = "x" ] ; then
echo "No REPO_NAME specified" echo "No REPO_NAME specified"
exit -3 exit 3
fi fi
echo "Repository name: ${REPO_NAME}" echo "Repository name: ${REPO_NAME}"
fi fi
@ -112,6 +141,7 @@ echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
echo -e "\tREPO_ROOT: ${REPO_ROOT}" echo -e "\tREPO_ROOT: ${REPO_ROOT}"
echo -e "\tPR3822: ${PR3822}" echo -e "\tPR3822: ${PR3822}"
echo -e "\tJCONSOLE_JS_PATCH: ${JCONSOLE_JS_PATCH}" echo -e "\tJCONSOLE_JS_PATCH: ${JCONSOLE_JS_PATCH}"
echo -e "\tBOOT_JDK: ${BOOT_JDK}"
mkdir "${FILE_NAME_ROOT}" mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}" pushd "${FILE_NAME_ROOT}"
@ -166,11 +196,29 @@ popd
# Generate .src-rev so build has knowledge of the revision the tarball was created from # Generate .src-rev so build has knowledge of the revision the tarball was created from
mkdir build mkdir build
pushd build pushd build
sh ${PWD}/../openjdk/configure sh ${PWD}/../openjdk/configure --with-boot-jdk=${BOOT_JDK}
make store-source-revision make store-source-revision
popd popd
rm -rf build rm -rf build
# Remove commit checks
echo "Removing $(find openjdk -name '.jcheck' -print)"
find openjdk -name '.jcheck' -print0 | xargs -0 rm -r
# Remove history and GHA
echo "find openjdk -name '.hgtags'"
find openjdk -name '.hgtags' -exec rm -v '{}' '+'
echo "find openjdk -name '.hgignore'"
find openjdk -name '.hgignore' -exec rm -v '{}' '+'
echo "find openjdk -name '.gitattributes'"
find openjdk -name '.gitattributes' -exec rm -v '{}' '+'
echo "find openjdk -name '.gitignore'"
find openjdk -name '.gitignore' -exec rm -v '{}' '+'
echo "find openjdk -name '.git'"
find openjdk -name '.git' -exec rm -rv '{}' '+'
echo "find openjdk -name '.github'"
find openjdk -name '.github' -exec rm -rv '{}' '+'
echo "Compressing remaining forest" echo "Compressing remaining forest"
if [ "X$COMPRESSION" = "Xxz" ] ; then if [ "X$COMPRESSION" = "Xxz" ] ; then
SWITCH=cJf SWITCH=cJf

File diff suppressed because it is too large Load Diff

View File

@ -132,7 +132,7 @@
# Set of architectures where we verify backtraces with gdb # Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches} %global gdb_arches %{jit_arches} %{zero_arches}
# Set of architectures for which we have a portable build # Set of architectures for which we have a portable build
%global portable_build_arches %{aarch64} %{power64} x86_64 %global portable_build_arches %{aarch64} %{ix86} %{power64} x86_64
# By default, we build a debug build during main build on JIT architectures # By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug} %if %{with slowdebug}
@ -338,7 +338,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk %global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u %global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u362-b09 %global openjdk_revision jdk8u372-b07
%global shenandoah_revision shenandoah-%{openjdk_revision} %global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility # Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project} %global project %{shenandoah_project}
@ -354,15 +354,11 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 4 %global rpmrelease 2
# Settings used by the portable build # Settings used by the portable build
%global portablerelease 4 %global portablerelease 2
%global portablesuffix el7openjdkportable %global portablesuffix el8
%global portablebuilddir /builddir/build/BUILD %global portablebuilddir /builddir/build/BUILD
# Temporary override until we have the portable version in sync
# b09 only contains some build fixes for RHEL 6 & Windows
%global portablebuildver b08
%global portableversion %{javaver}.%{updatever}.%{portablebuildver}
# Define milestone (EA for pre-releases, GA ("fcs") for releases) # Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
@ -845,6 +841,8 @@ exit 0
%license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE %license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE
%license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README %license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS %doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/README.md
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/java-1.%{majorver}.0-openjdk-portable.specfile
%dir %{_jvmdir}/%{sdkdir -- %{?1}} %dir %{_jvmdir}/%{sdkdir -- %{?1}}
%{_jvmdir}/%{jrelnk -- %{?1}} %{_jvmdir}/%{jrelnk -- %{?1}}
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security %dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security
@ -1190,7 +1188,6 @@ exit 0
%define files_src() %{expand: %define files_src() %{expand:
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc README.md
%{_jvmdir}/%{sdkdir -- %{?1}}/src.zip %{_jvmdir}/%{sdkdir -- %{?1}}/src.zip
} }
@ -1404,9 +1401,6 @@ URL: http://openjdk.java.net/
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} # where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
# Custom README for -src subpackage
Source2: README.md
# Release notes # Release notes
Source7: NEWS Source7: NEWS
@ -1443,70 +1437,22 @@ Source17: nss.fips.cfg.in
# Ensure translations are available for new timezones # Ensure translations are available for new timezones
Source18: TestTranslations.java Source18: TestTranslations.java
Source20: repackReproduciblePolycies.sh Source21: repackReproduciblePolycies.sh
# New versions of config files with aarch64 support. This is not upstream yet. # New versions of config files with aarch64 support. This is not upstream yet.
Source100: config.guess Source100: config.guess
Source101: config.sub Source101: config.sub
# TODO: Portable packages are not yet available in buildroot # Include portable spec and instructions on how to rebuild
# Temporarily add them as sources Source19: README.md
Source20: java-1.%{majorver}.0-openjdk-portable.specfile
# aarch64
Source1000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.aarch64.tar.xz
Source1002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.aarch64.tar.xz
Source1003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.aarch64.tar.xz
Source1004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.aarch64.tar.xz
Source1006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.aarch64.tar.xz
# ppc64le
Source2000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.ppc64le.tar.xz
Source2002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.ppc64le.tar.xz
Source2003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.ppc64le.tar.xz
Source2004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.ppc64le.tar.xz
Source2006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.ppc64le.tar.xz
# s390x
Source3000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.s390x.tar.xz
Source3002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.s390x.tar.xz
Source3003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.s390x.tar.xz
# x86_64
Source4000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.x86_64.tar.xz
Source4002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.x86_64.tar.xz
Source4003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.x86_64.tar.xz
Source4004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.x86_64.tar.xz
Source4006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.x86_64.tar.xz
# Setup variables to reference correct sources # Setup variables to reference correct sources
%ifarch %{aarch64} %global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz
%global releasezip %{SOURCE1000} %global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz
%global docszip %{SOURCE1002} %global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz
%global misczip %{SOURCE1003} %global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
%global slowdebugzip %{SOURCE1004} %global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
%global fastdebugzip %{SOURCE1006}
%endif
%ifarch %{ppc64le}
%global releasezip %{SOURCE2000}
%global docszip %{SOURCE2002}
%global misczip %{SOURCE2003}
%global slowdebugzip %{SOURCE2004}
%global fastdebugzip %{SOURCE2006}
%endif
%ifarch s390x
%global releasezip %{SOURCE3000}
%global docszip %{SOURCE3002}
%global misczip %{SOURCE3003}
%global slowdebugzip %{nil}
%global fastdebugzip %{nil}
%endif
%ifarch x86_64
%global releasezip %{SOURCE4000}
%global docszip %{SOURCE4002}
%global misczip %{SOURCE4003}
%global slowdebugzip %{SOURCE4004}
%global fastdebugzip %{SOURCE4006}
%endif
############################################ ############################################
# #
@ -1575,8 +1521,6 @@ Patch600: rh1750419-redhat_alt_java.patch
Patch111: jdk8218811-perfMemory_linux.patch Patch111: jdk8218811-perfMemory_linux.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
Patch113: jdk8275535-rh2053256-ldap_auth.patch
############################################# #############################################
# #
@ -1624,13 +1568,15 @@ Patch581: jdk8257794-remove_broken_assert.patch
############################################# #############################################
# #
# Patches appearing in 8u362 # Patches appearing in 8u382
# #
# This section includes patches which are present # This section includes patches which are present
# in the listed OpenJDK 8u release and should be # in the listed OpenJDK 8u release and should be
# able to be removed once that release is out # able to be removed once that release is out
# and used by this RPM. # and used by this RPM.
############################################# #############################################
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
############################################# #############################################
# #
@ -1697,12 +1643,17 @@ BuildRequires: unzip
# For definitions and macros like jvmdir # For definitions and macros like jvmdir
BuildRequires: javapackages-filesystem BuildRequires: javapackages-filesystem
%ifarch %{portable_build_arches} %ifarch %{portable_build_arches}
# TODO: Portable packages are not yet available in buildroot %if %{include_normal_build}
#BuildRequires: %{name}-portable-unstripped = %{VERSION} BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
#BuildRequires: %{name}-portable-docs = %{VERSION} %endif
#BuildRequires: %{name}-portable-misc = %{VERSION} %if %{include_fastdebug_build}
#BuildRequires: %{name}-portable-devel-fastdebug = %{VERSION} BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
#BuildRequires: %{name}-portable-devel-slowdebug = %{VERSION} %endif
%if %{include_debug_build}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
%endif
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
%else %else
# Require a boot JDK which doesn't fail due to RH1482244 # Require a boot JDK which doesn't fail due to RH1482244
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
@ -1712,8 +1663,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
BuildRequires: libffi BuildRequires: libffi
BuildRequires: libffi-devel BuildRequires: libffi-devel
%endif %endif
# 2022g required as of JDK-8297804 # 2023c required as of JDK-8305113
BuildRequires: tzdata-java >= 2022g BuildRequires: tzdata-java >= 2023c
# Earlier versions have a bug in tree vectorization on PPC # Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8 BuildRequires: gcc >= 4.8.3-8
@ -1982,8 +1933,6 @@ fi
# For old patches # For old patches
ln -s %{top_level_dir_name} jdk8 ln -s %{top_level_dir_name} jdk8
cp %{SOURCE2} .
# replace outdated configure guess script # replace outdated configure guess script
# #
# the configure macro will do this too, but it also passes a few flags not # the configure macro will do this too, but it also passes a few flags not
@ -2028,7 +1977,6 @@ sh %{SOURCE12}
%patch111 %patch111
%patch112 %patch112
%patch581 %patch581
%patch113
pushd %{top_level_dir_name} pushd %{top_level_dir_name}
# Add crypto policy and FIPS support # Add crypto policy and FIPS support
@ -2037,6 +1985,8 @@ pushd %{top_level_dir_name}
%patch1000 -p1 %patch1000 -p1
# cacerts patch; must follow FIPS patch as it also alters java.security # cacerts patch; must follow FIPS patch as it also alters java.security
%patch539 -p1 %patch539 -p1
# 8u382 fix
%patch2001 -p1
popd popd
# RPM-only fixes # RPM-only fixes
@ -2322,7 +2272,7 @@ for suffix in %{build_loop} ; do
mkdir -p $(dirname ${installdir}) mkdir -p $(dirname ${installdir})
mv %{name}* ${installdir} mv %{name}* ${installdir}
# Fix build paths in ELF files so it looks like we built them # Fix build paths in ELF files so it looks like we built them
portablenvr="%{name}-portable-%{portableversion}-%{portablerelease}.%{portablesuffix}.%{_arch}" portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}"
for file in $(find ${installdir} -type f) ; do for file in $(find ${installdir} -type f) ; do
if file ${file} | grep -q 'ELF'; then if file ${file} | grep -q 'ELF'; then
%{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file} %{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file}
@ -2534,7 +2484,7 @@ for suffix in %{build_loop} ; do
miscdir=%{top_level_dir_name}/jdk/src/solaris/classes/sun/awt/X11 miscdir=%{top_level_dir_name}/jdk/src/solaris/classes/sun/awt/X11
%endif %endif
# Install release notes # Install release notes and rebuild instructions
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
install -d -m 755 ${commondocdir} install -d -m 755 ${commondocdir}
%ifarch %{portable_build_arches} %ifarch %{portable_build_arches}
@ -2542,6 +2492,7 @@ for suffix in %{build_loop} ; do
%else %else
cp -a %{SOURCE7} ${commondocdir} cp -a %{SOURCE7} ${commondocdir}
%endif %endif
cp -a %{SOURCE19} %{SOURCE20} ${commondocdir}
# Install the jdk # Install the jdk
pushd ${jdk_image} pushd ${jdk_image}
@ -2605,11 +2556,10 @@ if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation # Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
cp -a ${docdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} cp -a ${docdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip
%ifarch %{portable_build_arches} %ifarch %{portable_build_arches}
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{portablebuildver}-docs.zip
cp -a ${docdir}/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip cp -a ${docdir}/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
%else %else
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
%endif %endif
fi fi
@ -2658,7 +2608,7 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
| sed 's|^|%dir |' \ | sed 's|^|%dir |' \
>> %{name}-demo.files"$suffix" >> %{name}-demo.files"$suffix"
bash %{SOURCE20} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver} bash %{SOURCE21} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver}
# https://bugzilla.redhat.com/show_bug.cgi?id=1183793 # https://bugzilla.redhat.com/show_bug.cgi?id=1183793
touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/security/java.security touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/security/java.security
@ -2900,6 +2850,24 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
- Update to shenandoah-jdk8u372-b07 (GA)
- Update release notes for shenandoah-8u372-b07.
- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
- Drop JDK-8275535/RH2053256 patch which is now upstream
- Include JDK-8271199 backport early ahead of 8u382 (RH2175317)
- Drop hack for difference in local and portable build version
- Replace local copies of JDK portable binaries with build dependencies
- Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild.
- Remove duplicate use of README.md inside the *-src package (it is no longer about sources)
- Use portable build on x86_32 now one is available
- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. **
- Resolves: rhbz#2185182
- Resolves: rhbz#2189329
* Tue Feb 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-4 * Tue Feb 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-4
- Drop use of portable build on s390x due to libffi compatibility issue (needs libffi.so.6) - Drop use of portable build on s390x due to libffi compatibility issue (needs libffi.so.6)
- Related: rhbz#2150202 - Related: rhbz#2150202

View File

@ -0,0 +1,167 @@
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
Author: Alexey Bakhtin <abakhtin@openjdk.org>
Date: Tue Apr 4 10:29:11 2023 +0000
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Reviewed-by: andrew, mbalao
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
index a79e97d7c74..5378446b97b 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitVerify(PublicKey publicKey)
throws InvalidKeyException {
- if (!(publicKey instanceof RSAPublicKey)) {
+ if (publicKey instanceof RSAPublicKey) {
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
+ isPublicKeyValid(rsaPubKey);
+ this.pubKey = rsaPubKey;
+ this.privKey = null;
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPublicKey");
}
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
- this.privKey = null;
- resetDigest();
}
// initialize for signing. See JCA doc
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
throws InvalidKeyException {
- if (!(privateKey instanceof RSAPrivateKey)) {
+ if (privateKey instanceof RSAPrivateKey) {
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
+ isPrivateKeyValid(rsaPrivateKey);
+ this.privKey = rsaPrivateKey;
+ this.pubKey = null;
+ this.random =
+ (random == null ? JCAUtil.getSecureRandom() : random);
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPrivateKey");
}
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
- this.pubKey = null;
- this.random =
- (random == null? JCAUtil.getSecureRandom() : random);
- resetDigest();
}
/**
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
}
}
+ /**
+ * Validate the specified RSAPrivateKey
+ */
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
+ try {
+ if (prKey instanceof RSAPrivateCrtKey) {
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ crtKey.getModulus().bitLength(),
+ crtKey.getPublicExponent());
+ } else {
+ throw new InvalidKeyException(
+ "Some of the CRT-specific components are not available");
+ }
+ } else {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ prKey.getModulus().bitLength(),
+ null);
+ }
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access private key components", e);
+ }
+ isValid(prKey);
+ }
+
+ /**
+ * Validate the specified RSAPublicKey
+ */
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
+ try {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ pKey.getModulus().bitLength(),
+ pKey.getPublicExponent());
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access public key components", e);
+ }
+ isValid(pKey);
+ }
+
/**
* Validate the specified RSAKey and its associated parameters against
* internal signature parameters.
*/
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
try {
AlgorithmParameterSpec keyParams = rsaKey.getParams();
// validate key parameters
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
}
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
}
- return rsaKey;
} catch (SignatureException e) {
throw new InvalidKeyException(e);
}
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
index 6b219937981..b3c1fae9672 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
// check all CRT-specific components are available, if any one
// missing, return a non-CRT key instead
- if ((key.getPublicExponent().signum() == 0) ||
- (key.getPrimeExponentP().signum() == 0) ||
- (key.getPrimeExponentQ().signum() == 0) ||
- (key.getPrimeP().signum() == 0) ||
- (key.getPrimeQ().signum() == 0) ||
- (key.getCrtCoefficient().signum() == 0)) {
+ if (checkComponents(key)) {
+ return key;
+ } else {
return new RSAPrivateKeyImpl(
key.algid,
key.getModulus(),
- key.getPrivateExponent()
- );
- } else {
- return key;
+ key.getPrivateExponent());
}
}
+ /**
+ * Validate if all CRT-specific components are available.
+ */
+ static boolean checkComponents(RSAPrivateCrtKey key) {
+ return !((key.getPublicExponent().signum() == 0) ||
+ (key.getPrimeExponentP().signum() == 0) ||
+ (key.getPrimeExponentQ().signum() == 0) ||
+ (key.getPrimeP().signum() == 0) ||
+ (key.getPrimeQ().signum() == 0) ||
+ (key.getCrtCoefficient().signum() == 0));
+ }
+
/**
* Generate a new key from the specified type and components.
* Returns a CRT key if possible and a non-CRT key otherwise.

View File

@ -1,26 +0,0 @@
diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
index cf4becb7db..4ab2ac0a31 100644
--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
ctx = getLdapCtxFromUrl(
r.getDomainName(), url, new LdapURL(u), env);
return ctx;
+ } catch (AuthenticationException e) {
+ // do not retry on a different endpoint to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
// try the next element
lastException = e;
@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
for (String u : urls) {
try {
return getUsingURL(u, env);
+ } catch (AuthenticationException e) {
+ // do not retry on a different URL to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
ex = e;
}

20
sources
View File

@ -1,20 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671 SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz) = 2ed16c616189e7872ecf36c82e86b551b1e6efc4d11a93264db856f01191875a82ddaec3363b5f8296ea225a9a8edf4c0e1504ff27d8474088ba0b2f6fc061d5 SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz) = afc1324463883404f22cea3c37177d7b6164fc4cf285d958e7ec21aba976dc306045296eadaa296a31795be6b543ca0b742e0ba074689c3e5a50b9956383934b
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.aarch64.tar.xz) = 7fce6dc8ebceb8e0806da8539f06d126fa4b688c5c9522aa93e9493103fa1bff0608de0edb264ce4a86b25fc9f89973f6a054d72e98529f68c49150395c72b98
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.ppc64le.tar.xz) = 2bac5b118490e76efb843dd4f0a9c96e478c85d46cd765becc7e2525cb39b9e6fde1c58a416cd3ddbc7df078e31ba037e742af6821f8a03bc207f5d4d4e66612
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.s390x.tar.xz) = 9158b158a189f36c9b58a3e24c7e3e24feeaa7e15d3dbca085b4f20689ec2874be5d8b9bebf2b76320f5e934bf16b42daaa743f5b27a7b3bf9ec39f156245b09
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.x86_64.tar.xz) = 7189898f419e83a83e242ed45b2bda70b5c1e69f0fcdfd8bf721f1e99a7cc24220912aa110385466da294bd15c294fc923ce6baf57c84ed2b021e8d56f5c503c
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.aarch64.tar.xz) = 949110664035f93eccd6f47b2d5df7e43bb26ce120c97ec8a56fffd2f6e68d7b6fe368e4661d6bb7669726c24a47ed21985865a2eafc911ddd27def7bd1ae955
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.ppc64le.tar.xz) = 13f5982dd99e99fc88e22cd604575ae7e4430caaee9c86ae7f8ab332d2bbfe4cd97a343da4a9ffe5eb685b00ccdb9cb03d38e2779d279717a3ba32b81608bc54
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.x86_64.tar.xz) = b0ee5f1ab913655860005c0aeac36afcf47811eb1c026b05ef2927695829d4fe6f99f1b038107c99b8d12039122a48d08a5ae1f291804f4b4b5dc19529c8f903
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.aarch64.tar.xz) = 5cfe934f17949d7c4dfbd0f825957039c85d544bd09004e1825f7cca0c5ce34a6dbccc34150bc7d87cee055d538a5ffb435a9accc335000fac7193696d4fe40b
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.ppc64le.tar.xz) = fd5511e78fabb85a1a73a3d8e7dfca50f36852d45e0f598bc9d9813056ea509e539dad0d10546291a7bfadae4ae2b1897cdb635949fb41a195649db757619644
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.s390x.tar.xz) = 41488ef06b28013c96a04ec5c932b2e37ce3580f2beddec70760216e84e6de69206f8ba370788f8e382af2e42380d13c8f598cbc0ef6148bebeb6caed15e6358
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.x86_64.tar.xz) = 7805e8c6647250198e7c41cfa8ef1aec8ed6f6cbf62d816e9bf161b5177fd1f3007bf247205dc2360e5026060eb44921f17111694dc93cafa1ebf4fdde697086
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.aarch64.tar.xz) = f79d6086eec6c751aca4a2ba22ca03a30a24dc8d10a0115fbc5a901e1a9c4fdfb7fc463ff0cdaddba0b9285ef25aa9ab7b1c8c0e772c06e53617741484e010c7
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.ppc64le.tar.xz) = 870a2de374d90d53e2078a930b6df3800001489b1bcd01a8014c227a9dd8be86ae1038a92ae65730ffeba08df88a085ab9b00c337f95e7577593ace3e67ca128
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.x86_64.tar.xz) = 35cef5ec1fdf04e6095c4cc018948e07616102d9f82db11e5ad0c3e0ddd0fbc83d4b2c134d47e6311650a91ee7301c5606b7657486c6a71c4c7982aac103f048
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.aarch64.tar.xz) = 0b83725711408fedf3bae3cfeb4a670312085982699da6510652d2f516729082dae3733e1736815a035a355d55af8c70407196fc8377b0fd8dccc062711d2d0d
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.ppc64le.tar.xz) = d8267a6f30a379181f461ce030a0b325e69dde89cbab7eba82ec8431227f2d982350b60ecf3380cafc1943696a8d17f477baab87b4c9a38a454543f5091841af
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz) = bc80c58e6010f9722c932c4231e90c79b3285c6dc47fcffaeaf76839cd08e7602314d3648568354858c99f4b8163dc1cf3d4bf5e651dea8d715dde286a836c00
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz) = 0e4eed7f8d21473c07c4edd2cd764b659527676d5e8547403db60d2ca52a81567084f444b479bf1fa4f5cb3f863fce811d2be04d6608399f8fd5ab26b5720d00