import java-1.8.0-openjdk-1.8.0.282.b08-2.el8_3

This commit is contained in:
CentOS Sources 2021-01-21 05:01:19 -05:00 committed by Andrew Lukoshko
commit 5703cd5929
47 changed files with 12350 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -0,0 +1,2 @@
de58a4f646ca65cafbd2166d7d08eb330adaf4e6 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

57
SOURCES/CheckVendor.java Normal file
View File

@ -0,0 +1,57 @@
/* CheckVendor -- Check the vendor properties match specified values.
Copyright (C) 2020 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @test
*/
public class CheckVendor {
public static void main(String[] args) {
if (args.length < 3) {
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL>");
System.exit(1);
}
String vendor = System.getProperty("java.vendor");
String expectedVendor = args[0];
String vendorURL = System.getProperty("java.vendor.url");
String expectedVendorURL = args[1];
String vendorBugURL = System.getProperty("java.vendor.url.bug");
String expectedVendorBugURL = args[2];
if (!expectedVendor.equals(vendor)) {
System.err.printf("Invalid vendor %s, expected %s\n",
vendor, expectedVendor);
System.exit(2);
}
if (!expectedVendorURL.equals(vendorURL)) {
System.err.printf("Invalid vendor URL %s, expected %s\n",
vendorURL, expectedVendorURL);
System.exit(3);
}
if (!expectedVendorBugURL.equals(vendorBugURL)) {
System.err.printf("Invalid vendor bug URL%s, expected %s\n",
vendorBugURL, expectedVendorBugURL);
System.exit(4);
}
System.err.printf("Vendor information verified as %s, %s, %s\n",
vendor, vendorURL, vendorBugURL);
}
}

863
SOURCES/NEWS Normal file
View File

@ -0,0 +1,863 @@
Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u282 (2021-01-19):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u282
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
* Security fixes
- JDK-8247619: Improve Direct Buffering of Characters
* Other changes
- JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
- JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
- JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
- JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
- JDK-8030350: Enable additional compiler warnings for GCC
- JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
- JDK-8036122: Fix warning 'format not a string literal'
- JDK-8039279: Move awt tests to openjdk repository
- JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
- JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
- JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
- JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
- JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
- JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
- JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
- JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
- JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
- JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
- JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
- JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
- JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
- JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
- JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
- JDK-8051440: move tests about maximizing undecorated to OpenJDK
- JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
- JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
- JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
- JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
- JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
- JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
- JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
- JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
- JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
- JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
- JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
- JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
- JDK-8062808: Turn on the -Wreturn-type warning
- JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
- JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
- JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
- JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
- JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
- JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
- JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
- JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
- JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
- JDK-8068275: Some tests failed after JDK-8063104
- JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
- JDK-8074807: Fix some tests unnecessary using internal API
- JDK-8076315: move 4 manual functional swing tests to regression suite
- JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
- JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
- JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
- JDK-8148916: Mark bug6400879.java as intermittently failing
- JDK-8148983: Fix extra comma in changes for JDK-8148916
- JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
- JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
- JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
- JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
- JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
- JDK-8165808: Add release barriers when allocating objects with concurrent collection
- JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
- JDK-8166583: Add oopDesc::klass_or_null_acquire()
- JDK-8166663: Simplify oops_on_card_seq_iterate_careful
- JDK-8166862: CMS needs klass_or_null_acquire
- JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
- JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
- JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
- JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
- JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
- JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
- JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
- JDK-8207766: [testbug] Adapt tests for Aix.
- JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
- JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
- JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
- JDK-8217362: Emergency dump does not work when disk=false is set
- JDK-8217766: Container Support doesn't work for some Join Controllers combinations
- JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
- JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
- JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
- JDK-8220657: JFR.dump does not work when filename is set
- JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
- JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
- JDK-8221710: [TESTBUG] more configurable parameters for docker testing
- JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
- JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
- JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
- JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
- JDK-8229868: Update Apache Santuario TPRM version
- JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
- JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
- JDK-8232114: JVM crashed at imjpapi.dll in native code
- JDK-8233548: Update CUP to v0.11b
- JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
- JDK-8234339: replace JLI_StrTok in java_md_solinux.c
- JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
- JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
- JDK-8242335: Additional Tests for RSASSA-PSS
- JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
- JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
- JDK-8245400: Upgrade to LittleCMS 2.11
- JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
- JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
- JDK-8249176: Update GlobalSignR6CA test certificates
- JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
- JDK-8250636: iso8601_time returns incorrect offset part on MacOS
- JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
- JDK-8250928: JFR: Improve hash algorithm for stack traces
- JDK-8251365: Build failure on AIX after 8250636
- JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
- JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
- JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
- JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
- JDK-8252497: Incorrect numeric currency code for ROL
- JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
- JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
- JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
- JDK-8253036: Support building the Zero assembler port on AArch64
- JDK-8253284: Zero OrderAccess barrier mappings are incorrect
- JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
- JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
- JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
- JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
- JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
- JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
- JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
- JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
- JDK-8255003: Build failures on Solaris
- JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
- JDK-8255269: Unsigned overflow in g1Policy.cpp
- JDK-8255603: Memory/Performance regression after JDK-8210985
- JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
- JDK-8256618: Zero: Linux x86_32 build still fails
- JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
- JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
- JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
- JDK-8258630: Add expiry exception for QuoVadis root certificate
* AArch64 port
- Fix AArch64 build failure after JDK-8062808 backport
* Shenandoah
- Fix racy update of code roots
Notes on individual issues:
===========================
security-libs/javax.xml.crypto:
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
===========================================================================
The XML Signature implementation in the `java.xml.crypto` module has
been updated to version 2.1.3 of Apache Santuario. New features
include:
* Added support for embedding elliptic curve public keys in the
KeyValue element
New in release OpenJDK 8u275 (2020-11-05):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u275
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
* Regression fixes
- JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
- JDK-8223940: Private key not supported by chosen signature algorithm
- JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
- JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
New in release OpenJDK 8u272 (2020-10-20):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u272
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
* New features
- JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
* Security fixes
- JDK-8233624: Enhance JNI linkage
- JDK-8236196: Improve string pooling
- JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
- JDK-8237995, CVE-2020-14782: Enhance certificate processing
- JDK-8240124: Better VM Interning
- JDK-8241114, CVE-2020-14792: Better range handling
- JDK-8242680, CVE-2020-14796: Improved URI Support
- JDK-8242685, CVE-2020-14797: Better Path Validation
- JDK-8242695, CVE-2020-14798: Enhanced buffer support
- JDK-8243302: Advanced class supports
- JDK-8244136, CVE-2020-14803: Improved Buffer supports
- JDK-8244479: Further constrain certificates
- JDK-8244955: Additional Fix for JDK-8240124
- JDK-8245407: Enhance zoning of times
- JDK-8245412: Better class definitions
- JDK-8245417: Improve certificate chain handling
- JDK-8248574: Improve jpeg processing
- JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
- JDK-8253019: Enhanced JPEG decoding
* Other changes
- JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
- JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
- JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
- JDK-8025886: replace [[ and == bash extensions in regtest
- JDK-8026236: Add PrimeTest for BigInteger
- JDK-8031625: javadoc problems referencing inner class constructors
- JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
- JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
- JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
- JDK-8046274: Removing dependency on jakarta-regexp
- JDK-8048933: -XX:+TraceExceptions output should include the message
- JDK-8057003: Large reference arrays cause extremely long synchronization times
- JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
- JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
- JDK-8062947: Fix exception message to correctly represent LDAP connection failure
- JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
- JDK-8075774: Small readability and performance improvements for zipfs
- JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
- JDK-8078334: Mark regression tests using randomness
- JDK-8078880: Mark a few more intermittently failuring security-libs
- JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
- JDK-8132206: move ScanTest.java into OpenJDK
- JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
- JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
- JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
- JDK-8144539: Update PKCS11 tests to run with security manager
- JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
- JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
- JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
- JDK-8151788: NullPointerException from ntlm.Client.type3
- JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
- JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
- JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
- JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
- JDK-8154313: Generated javadoc scattered all over the place
- JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
- JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
- JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
- JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
- JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
- JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
- JDK-8166148: Fix for JDK-8165936 broke solaris builds
- JDK-8167300: Scheduling failures during gcm should be fatal
- JDK-8167615: Opensource unit/regression tests for JavaSound
- JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
- JDK-8169925: PKCS #11 Cryptographic Token Interface license
- JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
- JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
- JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
- JDK-8177628: Opensource unit/regression tests for ImageIO
- JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
- JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
- JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
- JDK-8184762: ZapStackSegments should use optimized memset
- JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
- JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
- JDK-8193137: Nashorn crashes when given an empty script file
- JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
- JDK-8194298: Add support for per Socket configuration of TCP keepalive
- JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
- JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
- JDK-8201633: Problems with AES-GCM native acceleration
- JDK-8203357: Container Metrics
- JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
- JDK-8210147: adjust some WSAGetLastError usages in windows network coding
- JDK-8211049: Second parameter of "initialize" method is not used
- JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
- JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
- JDK-8214862: assert(proj != __null) at compile.cpp:3251
- JDK-8216283: Allow shorter method sampling interval than 10 ms
- JDK-8217606: LdapContext#reconnect always opens a new connection
- JDK-8217647: JFR: recordings on 32-bit systems unreadable
- JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
- JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
- JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
- JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
- JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
- JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
- JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
- JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
- JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
- JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
- JDK-8224217: RecordingInfo should use textual representation of path
- JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
- JDK-8226575: OperatingSystemMXBean should be made container aware
- JDK-8226697: Several tests which need the @key headful keyword are missing it.
- JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
- JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
- JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
- JDK-8230303: JDB hangs when running monitor command
- JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
- JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
- JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
- JDK-8233097: Fontmetrics for large Fonts has zero width
- JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
- JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
- JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
- JDK-8235325: build failure on Linux after 8235243
- JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
- JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
- JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
- JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
- JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
- JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
- JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
- JDK-8238898: Missing hash characters for header on license file
- JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
- JDK-8239819: XToolkit: Misread of screen information memory
- JDK-8240295: hs_err elapsed time in seconds is not accurate enough
- JDK-8240676: Meet not symmetric failure when running lucene on jdk8
- JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
- JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
- JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
- JDK-8243138: Enhance BaseLdapServer to support starttls extended request
- JDK-8243320: Add SSL root certificates to Oracle Root CA program
- JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
- JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
- JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
- JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
- JDK-8245467: Remove 8u TLSv1.2 implementation files
- JDK-8245469: Remove DTLS protocol implementation
- JDK-8245470: Fix JDK8 compatibility issues
- JDK-8245471: Revert JDK-8148188
- JDK-8245472: Backport JDK-8038893 to JDK8
- JDK-8245473: OCSP stapling support
- JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
- JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
- JDK-8245477: Adjust TLS tests location
- JDK-8245653: Remove 8u TLS tests
- JDK-8245681: Add TLSv1.3 regression test from 11.0.7
- JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
- JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
- JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
- JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
- JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
- JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
- JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
- JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
- JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
- JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
- JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
- JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
- JDK-8251341: Minimal Java specification change
- JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
- JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
- JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
- JDK-8252573: 8u: Windows build failed after 8222079 backport
- JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
- JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
- JDK-8254937: Revert JDK-8148854 for 8u272
Notes on individual issues:
===========================
core-svc/java.lang.management:
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
============================================================================================
When executing in a container, or other virtualized operating
environment, the following `OperatingSystemMXBean` methods in this
release return container specific information, if
available. Otherwise, they return host specific data:
* getFreePhysicalMemorySize()
* getTotalPhysicalMemorySize()
* getFreeSwapSpaceSize()
* getTotalSwapSpaceSize()
* getSystemCpuLoad()
security-libs/java.security:
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
========================================================================
The Entrust root certificate has been added to the cacerts truststore:
Alias Name: entrustrootcag4
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
=========================================================
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
Alias Name: sslrootrsaca
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
Alias Name: sslrootevrsaca
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
Alias Name: sslrooteccca
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
security-libs/javax.crypto:pkcs11:
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
=======================================================================
The SunPKCS11 provider has been updated with support for PKCS#11
v2.40. This version adds support for more algorithms such as the
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
digests, and RSASSA-PSS signatures when the corresponding PKCS11
mechanisms are supported by the underlying PKCS11 library.
security-libs/javax.security:
JDK-8242059: Support for canonicalize in krb5.conf
==================================================
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
canonicalization is requested by clients in TGT requests to KDC
services (AS protocol). Otherwise, and by default, it is not
requested.
The new default behavior is different from previous releases where
name canonicalization was always requested by clients in TGT requests
to KDC services (provided that support for RFC 6806[1] was not
explicitly disabled with the *sun.security.krb5.disableReferrals*
system or security properties).
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
[1]: https://tools.ietf.org/html/rfc6806
security-libs/javax.xml.crypto:
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
=====================================================================
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
New features include:
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
in RFC 6931.
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
============================================================================================================
The upgrade to the Apache Santuario libraries (see above) introduced
an issue where XML signature using Base64 encoding resulted in
appending `&#xd` or `&#13` to the encoded output. This behavioural
change was made in the Apache Santuario codebase to comply with RFC
2045. The Santuario team has adopted a position of keeping their
libraries compliant with RFC 2045.
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
data in a format without `&#xd` or `&#13`.
Therefore a new system property, specific to the 8 update stream,
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
available to fall back to the legacy Base64 encoded format.
Users can set this flag in one of two ways:
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
This new system property is disabled by default. It has no effect on
default behaviour nor when
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
is set.
Later JDK family versions will only support the recommended property:
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
====================================================================
Following JDK's update to tzdata2020b, the long-obsolete files
pacificnew and systemv have been removed. As a result, the
"US/Pacific-New" zone name declared in the pacificnew data file is no
longer available for use.
Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
New in release OpenJDK 8u265 (2020-07-27):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u265
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
* Bug fixes
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
New in release OpenJDK 8u262 (2020-07-14):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/oj8u262
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
* New features
- JDK-8223147: JFR Backport
* Security fixes
- JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
- JDK-8230613: Better ASCII conversions
- JDK-8231800: Better listing of arrays
- JDK-8232014: Expand DTD support
- JDK-8233255: Better Swing Buttons
- JDK-8234032: Improve basic calendar services
- JDK-8234042: Better factory production of certificates
- JDK-8234418: Better parsing with CertificateFactory
- JDK-8234836: Improve serialization handling
- JDK-8236191: Enhance OID processing
- JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
- JDK-8238002, CVE-2020-14581: Better matrix operations
- JDK-8238804: Enhance key handling process
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- JDK-8238843: Enhanced font handing
- JDK-8238920, CVE-2020-14583: Better Buffer support
- JDK-8238925: Enhance WAV file playback
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
- JDK-8240482: Improved WAV file playback
- JDK-8241379: Update JCEKS support
- JDK-8241522: Manifest improved jar headers redux
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
* Other changes
- JDK-4949105: Access Bridge lacks html tags parsing
- JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
- JDK-8003209: JFR events for network utilization
- JDK-8030680: 292 cleanup from default method code assessment
- JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
- JDK-8037866: Replace the Fun class in tests with lambdas
- JDK-8041626: Shutdown tracing event
- JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
- JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
- JDK-8076475: Misuses of strncpy/strncat
- JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
- JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
- JDK-8146612: C2: Precedence edges specification violated
- JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
- JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
- JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
- JDK-8165675: Trace event for thread park has incorrect unit for timeout
- JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
- JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
- JDK-8176182: 4 security tests are not run
- JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
- JDK-8178910: Problemlist sample tests
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
- JDK-8183925: Decouple crash protection from watcher thread
- JDK-8191393: Random crashes during cfree+0x1c
- JDK-8195817: JFR.stop should require name of recording
- JDK-8195818: JFR.start should increase autogenerated name by one
- JDK-8195819: Remove recording=x from jcmd JFR.check output
- JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
- JDK-8199712: Flight Recorder
- JDK-8202578: Revisit location for class unload events
- JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
- JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
- JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
- JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
- JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
- JDK-8203929: Limit amount of data for JFR.dump
- JDK-8205516: JFR tool
- JDK-8207392: [PPC64] Implement JFR profiling
- JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
- JDK-8209960: -Xlog:jfr* doesn't work with the JFR
- JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
- JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
- JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
- JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
- JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
- JDK-8213421: Line number information for execution samples always 0
- JDK-8213617: JFR should record the PID of the recorded process
- JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
- JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
- JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
- JDK-8213966: The ZGC JFR events should be marked as experimental
- JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
- JDK-8214750: Unnecessary <p> tags in jfr classes
- JDK-8214896: JFR Tool left files behind
- JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
- JDK-8214925: JFR tool fails to execute
- JDK-8215175: Inconsistencies in JFR event metadata
- JDK-8215237: jdk.jfr.Recording javadoc does not compile
- JDK-8215284: Reduce noise induced by periodic task getFileSize()
- JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
- JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
- JDK-8215771: The jfr tool should pretty print reference chains
- JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
- JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
- JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
- JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
- JDK-8216578: Remove unused/obsolete method in JFR code
- JDK-8216995: Clean up JFR command line processing
- JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
- JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
- JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
- JDK-8220293: Deadlock in JFR string pool
- JDK-8223689: Add JFR Thread Sampling Support
- JDK-8223690: Add JFR BiasedLock Event Support
- JDK-8223691: Add JFR G1 Region Type Change Event Support
- JDK-8223692: Add JFR G1 Heap Summary Event Support
- JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
- JDK-8224475: JTextPane does not show images in HTML rendering
- JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
- JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
- JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
- JDK-8226779: [TESTBUG] Test JFR API from Java agent
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
- JDK-8227269: Slow class loading when running with JDWP
- JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
- JDK-8229366: JFR backport allows unchecked writing to memory
- JDK-8229401: Fix JFR code cache test failures
- JDK-8229708: JFR backport code does not initialize
- JDK-8229873: 8229401 broke jdk8u-jfr-incubator
- JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
- JDK-8229899: Make java.io.File.isInvalid() less racy
- JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
- JDK-8230597: Update GIFlib library to the 5.2.1
- JDK-8230707: JFR related tests are failing
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
- JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
- JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
- JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
- JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
- JDK-8231995: two jtreg tests failed after 8229366 is fixed
- JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
- JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
- JDK-8233880: Support compilers with multi-digit major version numbers
- JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
- JDK-8236008: Some backup files were accidentally left in the hotspot tree
- JDK-8236074: Missed package-info
- JDK-8236174: Should update javadoc since tags
- JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
- JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
- JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
- JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
- JDK-8238589: Necessary code cleanup in JFR for JDK8u
- JDK-8238590: Enable JFR by default during compilation in 8u
- JDK-8239055: Wrong implementation of VMState.hasListener
- JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
- JDK-8239479: minimal1 and zero builds are failing
- JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
- JDK-8239867: correct over use of INCLUDE_JFR macro
- JDK-8240375: Disable JFR by default for July 2020 release
- JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
- JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
- JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
- JDK-8241750: x86_32 build failure after JDK-8227269
- JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
- JDK-8242788: Non-PCH build is broken after JDK-8191393
- JDK-8242883: Incomplete backport of JDK-8078268: backport test part
- JDK-8243059: Build fails when --with-vendor-name contains a comma
- JDK-8243474: [TESTBUG] removed three tests of 0 bytes
- JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
- JDK-8244461: [JDK 8u] Build fails with glibc 2.32
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
- JDK-8244777: ClassLoaderStats VM Op uses constant hash value
- JDK-8244843: JapanEraNameCompatTest fails
- JDK-8245167: Top package in method profiling shows null in JMC
- JDK-8246223: Windows build fails after JDK-8227269
- JDK-8246703: [TESTBUG] Add test for JDK-8233197
- JDK-8248399: Build installs jfr binary when JFR is disabled
- JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
Notes on individual issues:
===========================
hotspot/jfr:
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
=========================================================
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
JFR is a low-overhead framework to collect and provide data helpful to
troubleshoot the performance of the OpenJDK runtime and of Java
applications. It consists of a new API to define custom events under
the jdk.jfr namespace and a JMX interface to interact with the
framework. The recording can also be initiated with the application
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
the +XX:EnableTracing feature introduced in JEP 167, providing a more
efficient way to retrieve the same information. For compatibility
reasons, +XX:EnableTracing is still accepted, however no data will be
printed.
While JFR is not built by default upstream, it is included in Red Hat
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
hotspot/runtime:
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
=========================================================================================
JFR will be disabled with a warning message if it is enabled during
CDS dumping. The user will see the following warning message:
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
if JFR is enabled during CDS dumping such as in the following command
line:
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
security-libs/java.security:
JDK-8244167: Removal of Comodo Root CA Certificate
==================================================
The following expired Comodo root CA certificate was removed from the
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
JDK-8244166: Removal of DocuSign Root CA Certificate
====================================================
The following expired DocuSign root CA certificate was removed from
the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
security-libs/javax.crypto:pkcs11:
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
============================================================================================================================
The SunPKCS11 security provider can now be initialized with NSS when
FIPS-enabled external modules are configured in the Security Modules
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
throw a RuntimeException with the message: "FIPS flag set for
non-internal module" when such a library was configured for NSS in
non-FIPS mode.
This change allows the JDK to work properly with recent NSS releases
on GNU/Linux operating systems when the system-wide FIPS policy is
turned on.
Further information can be found in JDK-8238555.
New in release OpenJDK 8u252 (2020-04-14):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/oj8u252
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
* Security fixes
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- JDK-8225603: Enhancement for big integers
- JDK-8227542: Manifest improved jar headers
- JDK-8231415, CVE-2020-2773: Better signatures in XML
- JDK-8233250: Better X11 rendering
- JDK-8233410: Better Build Scripting
- JDK-8234027: Better JCEKS key support
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
- JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
* Other changes
- JDK-8005819: Support cross-realm MSSFU
- JDK-8022263: use same Clang warnings on BSD as on Linux
- JDK-8038631: Create wrapper for awt.Robot with additional functionality
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
- JDK-8068184: Fix for JDK-8032832 caused a deadlock
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
- JDK-8132130: some docs cleanup
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
- JDK-8144446: Automate the Marlin crash test
- JDK-8144526: Remove Marlin logging use of deleted internal API
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
- JDK-8144654: Improve Marlin logging
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
- JDK-8166976: TestCipherPBECons has wrong @run line
- JDK-8167409: Invalid value passed to critical JNI function
- JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
- JDK-8191227: issues with unsafe handle resolution
- JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
- JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
- JDK-8215756: Memory leaks in the AWT on macOS
- JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
- JDK-8229022: BufferedReader performance can be improved by using StringBuilder
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
- JDK-8229872: (fs) Increase buffer size used with getmntent
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
- JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
- JDK-8235904: Infinite loop when rendering huge lines
- JDK-8236179: C1 register allocation error with T_ADDRESS
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
- JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
- JDK-8241296: Segfault in JNIHandleBlock::oops_do()
- JDK-8241307: Marlin renderer should not be the default in 8u252
Notes on individual issues:
===========================
hotspot/svc:
JDK-8174881: Binary format for HPROF updated
============================================
When dumping the heap in binary format, HPROF format 1.0.2 is always
used now. Previously, format 1.0.1 was used for heaps smaller than
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
serviceability agent.
security-libs/java.security:
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
====================================================================================
The SunRsaSign and SunJCE providers have been enhanced with support
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
signature and OAEP using FIPS 180-4 digest algorithms. New
constructors and methods have been added to relevant JCA/JCE classes
under the `java.security.spec` and `javax.crypto.spec` packages for
supporting additional RSASSA-PSS parameters.
security-libs/javax.crypto:
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
============================================================
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
security-libs/javax.security:
JDK-8227564: Allow SASL Mechanisms to Be Restricted
===================================================
A security property named `jdk.sasl.disabledMechanisms` has been added
that can be used to disable SASL mechanisms. Any disabled mechanism
will be ignored if it is specified in the `mechanisms` argument of
`Sasl.createSaslClient` or the `mechanism` argument of
`Sasl.createSaslServer`. The default value for this security property
is empty, which means that no mechanisms are disabled out-of-the-box.

8
SOURCES/README.md Normal file
View File

@ -0,0 +1,8 @@
Package of LTS OpenJDK 8
OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages.
JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives.
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf

View File

@ -0,0 +1,72 @@
/* TestCryptoLevel -- Ensure unlimited crypto policy is in use.
Copyright (C) 2012 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.security.PermissionCollection;
public class TestCryptoLevel
{
public static void main(String[] args)
throws NoSuchFieldException, ClassNotFoundException,
IllegalAccessException, InvocationTargetException
{
Class<?> cls = null;
Method def = null, exempt = null;
try
{
cls = Class.forName("javax.crypto.JceSecurity");
}
catch (ClassNotFoundException ex)
{
System.err.println("Running a non-Sun JDK.");
System.exit(0);
}
try
{
def = cls.getDeclaredMethod("getDefaultPolicy");
exempt = cls.getDeclaredMethod("getExemptPolicy");
}
catch (NoSuchMethodException ex)
{
System.err.println("Running IcedTea with the original crypto patch.");
System.exit(0);
}
def.setAccessible(true);
exempt.setAccessible(true);
PermissionCollection defPerms = (PermissionCollection) def.invoke(null);
PermissionCollection exemptPerms = (PermissionCollection) exempt.invoke(null);
Class<?> apCls = Class.forName("javax.crypto.CryptoAllPermission");
Field apField = apCls.getDeclaredField("INSTANCE");
apField.setAccessible(true);
Permission allPerms = (Permission) apField.get(null);
if (defPerms.implies(allPerms) && (exemptPerms == null || exemptPerms.implies(allPerms)))
{
System.err.println("Running with the unlimited policy.");
System.exit(0);
}
else
{
System.err.println("WARNING: Running with a restricted crypto policy.");
System.exit(-1);
}
}
}

49
SOURCES/TestECDSA.java Normal file
View File

@ -0,0 +1,49 @@
/* TestECDSA -- Ensure ECDSA signatures are working.
Copyright (C) 2016 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
/**
* @test
*/
public class TestECDSA {
public static void main(String[] args) throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
KeyPair key = keyGen.generateKeyPair();
byte[] data = "This is a string to sign".getBytes("UTF-8");
Signature dsa = Signature.getInstance("NONEwithECDSA");
dsa.initSign(key.getPrivate());
dsa.update(data);
byte[] sig = dsa.sign();
System.out.println("Signature: " + new BigInteger(1, sig).toString(16));
Signature dsaCheck = Signature.getInstance("NONEwithECDSA");
dsaCheck.initVerify(key.getPublic());
dsaCheck.update(data);
boolean success = dsaCheck.verify(sig);
if (!success) {
throw new RuntimeException("Test failed. Signature verification error");
}
System.out.println("Test passed.");
}
}

1558
SOURCES/config.guess vendored Normal file

File diff suppressed because it is too large Load Diff

1788
SOURCES/config.sub vendored Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,131 @@
#!/bin/sh
ZIP_SRC=openjdk/jdk/src/share/native/java/util/zip/zlib
JPEG_SRC=openjdk/jdk/src/share/native/sun/awt/image/jpeg
GIF_SRC=openjdk/jdk/src/share/native/sun/awt/giflib
PNG_SRC=openjdk/jdk/src/share/native/sun/awt/libpng
LCMS_SRC=openjdk/jdk/src/share/native/sun/java2d/cmm/lcms
echo "Removing built-in libs (they will be linked)"
echo "Removing zlib"
if [ ! -d ${ZIP_SRC} ]; then
echo "${ZIP_SRC} does not exist. Refusing to proceed."
exit 1
fi
rm -rvf ${ZIP_SRC}
echo "Removing libjpeg"
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
exit 1
fi
rm -vf ${JPEG_SRC}/jcomapi.c
rm -vf ${JPEG_SRC}/jdapimin.c
rm -vf ${JPEG_SRC}/jdapistd.c
rm -vf ${JPEG_SRC}/jdcoefct.c
rm -vf ${JPEG_SRC}/jdcolor.c
rm -vf ${JPEG_SRC}/jdct.h
rm -vf ${JPEG_SRC}/jddctmgr.c
rm -vf ${JPEG_SRC}/jdhuff.c
rm -vf ${JPEG_SRC}/jdhuff.h
rm -vf ${JPEG_SRC}/jdinput.c
rm -vf ${JPEG_SRC}/jdmainct.c
rm -vf ${JPEG_SRC}/jdmarker.c
rm -vf ${JPEG_SRC}/jdmaster.c
rm -vf ${JPEG_SRC}/jdmerge.c
rm -vf ${JPEG_SRC}/jdphuff.c
rm -vf ${JPEG_SRC}/jdpostct.c
rm -vf ${JPEG_SRC}/jdsample.c
rm -vf ${JPEG_SRC}/jerror.c
rm -vf ${JPEG_SRC}/jerror.h
rm -vf ${JPEG_SRC}/jidctflt.c
rm -vf ${JPEG_SRC}/jidctfst.c
rm -vf ${JPEG_SRC}/jidctint.c
rm -vf ${JPEG_SRC}/jidctred.c
rm -vf ${JPEG_SRC}/jinclude.h
rm -vf ${JPEG_SRC}/jmemmgr.c
rm -vf ${JPEG_SRC}/jmemsys.h
rm -vf ${JPEG_SRC}/jmemnobs.c
rm -vf ${JPEG_SRC}/jmorecfg.h
rm -vf ${JPEG_SRC}/jpegint.h
rm -vf ${JPEG_SRC}/jpeglib.h
rm -vf ${JPEG_SRC}/jquant1.c
rm -vf ${JPEG_SRC}/jquant2.c
rm -vf ${JPEG_SRC}/jutils.c
rm -vf ${JPEG_SRC}/jcapimin.c
rm -vf ${JPEG_SRC}/jcapistd.c
rm -vf ${JPEG_SRC}/jccoefct.c
rm -vf ${JPEG_SRC}/jccolor.c
rm -vf ${JPEG_SRC}/jcdctmgr.c
rm -vf ${JPEG_SRC}/jchuff.c
rm -vf ${JPEG_SRC}/jchuff.h
rm -vf ${JPEG_SRC}/jcinit.c
rm -vf ${JPEG_SRC}/jconfig.h
rm -vf ${JPEG_SRC}/jcmainct.c
rm -vf ${JPEG_SRC}/jcmarker.c
rm -vf ${JPEG_SRC}/jcmaster.c
rm -vf ${JPEG_SRC}/jcparam.c
rm -vf ${JPEG_SRC}/jcphuff.c
rm -vf ${JPEG_SRC}/jcprepct.c
rm -vf ${JPEG_SRC}/jcsample.c
rm -vf ${JPEG_SRC}/jctrans.c
rm -vf ${JPEG_SRC}/jdtrans.c
rm -vf ${JPEG_SRC}/jfdctflt.c
rm -vf ${JPEG_SRC}/jfdctfst.c
rm -vf ${JPEG_SRC}/jfdctint.c
rm -vf ${JPEG_SRC}/jversion.h
rm -vf ${JPEG_SRC}/README
echo "Removing giflib"
if [ ! -d ${GIF_SRC} ]; then
echo "${GIF_SRC} does not exist. Refusing to proceed."
exit 1
fi
rm -rvf ${GIF_SRC}
echo "Removing libpng"
if [ ! -d ${PNG_SRC} ]; then
echo "${PNG_SRC} does not exist. Refusing to proceed."
exit 1
fi
rm -rvf ${PNG_SRC}
echo "Removing lcms"
if [ ! -d ${LCMS_SRC} ]; then
echo "${LCMS_SRC} does not exist. Refusing to proceed."
exit 1
fi
# temporary change to move bundled LCMS
if [ ! true ]; then
rm -vf ${LCMS_SRC}/cmsalpha.c
rm -vf ${LCMS_SRC}/cmscam02.c
rm -vf ${LCMS_SRC}/cmscgats.c
rm -vf ${LCMS_SRC}/cmscnvrt.c
rm -vf ${LCMS_SRC}/cmserr.c
rm -vf ${LCMS_SRC}/cmsgamma.c
rm -vf ${LCMS_SRC}/cmsgmt.c
rm -vf ${LCMS_SRC}/cmshalf.c
rm -vf ${LCMS_SRC}/cmsintrp.c
rm -vf ${LCMS_SRC}/cmsio0.c
rm -vf ${LCMS_SRC}/cmsio1.c
rm -vf ${LCMS_SRC}/cmslut.c
rm -vf ${LCMS_SRC}/cmsmd5.c
rm -vf ${LCMS_SRC}/cmsmtrx.c
rm -vf ${LCMS_SRC}/cmsnamed.c
rm -vf ${LCMS_SRC}/cmsopt.c
rm -vf ${LCMS_SRC}/cmspack.c
rm -vf ${LCMS_SRC}/cmspcs.c
rm -vf ${LCMS_SRC}/cmsplugin.c
rm -vf ${LCMS_SRC}/cmsps2.c
rm -vf ${LCMS_SRC}/cmssamp.c
rm -vf ${LCMS_SRC}/cmssm.c
rm -vf ${LCMS_SRC}/cmstypes.c
rm -vf ${LCMS_SRC}/cmsvirt.c
rm -vf ${LCMS_SRC}/cmswtpnt.c
rm -vf ${LCMS_SRC}/cmsxform.c
rm -vf ${LCMS_SRC}/lcms2.h
rm -vf ${LCMS_SRC}/lcms2_internal.h
rm -vf ${LCMS_SRC}/lcms2_plugin.h
fi

View File

@ -0,0 +1,10 @@
[Desktop Entry]
Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
Comment=Monitor and manage OpenJDK applications
Exec=_SDKBINDIR_/jconsole
Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-tools-jconsole-JConsole
Categories=Development;Profiling;Java;
Version=1.0

View File

@ -0,0 +1,115 @@
diff -ruN jdk8/common/autoconf/libraries.m4 jdk8/common/autoconf/libraries.m4
--- jdk8/common/autoconf/libraries.m4 2013-11-14 20:08:01.845065585 -0500
+++ jdk8/common/autoconf/libraries.m4 2013-11-14 20:10:56.186553066 -0500
@@ -676,6 +676,47 @@
###############################################################################
#
+ # Check for the png library
+ #
+
+ AC_ARG_WITH(libpng, [AS_HELP_STRING([--with-libpng],
+ [use libpng from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])])
+
+ AC_CHECK_LIB(png, png_sig_cmp,
+ [ LIBPNG_FOUND=yes ],
+ [ LIBPNG_FOUND=no ])
+
+ AC_MSG_CHECKING([for which libpng to use])
+
+ # default is bundled
+ DEFAULT_LIBPNG=bundled
+
+ #
+ # if user didn't specify, use DEFAULT_LIBPNG
+ #
+ if test "x${with_libpng}" = "x"; then
+ with_libpng=${DEFAULT_libpng}
+ fi
+
+
+ if test "x${with_libpng}" = "xbundled"; then
+ USE_EXTERNAL_LIBPNG=false
+ AC_MSG_RESULT([bundled])
+ elif test "x${with_libpng}" = "xsystem"; then
+ if test "x${LIBPNG_FOUND}" = "xyes"; then
+ USE_EXTERNAL_LIBPNG=true
+ AC_MSG_RESULT([system])
+ else
+ AC_MSG_RESULT([system not found])
+ AC_MSG_ERROR([--with-libpng=system specified, but no libpng found!])
+ fi
+ else
+ AC_MSG_ERROR([Invalid value of --with-libpng: ${with_libpng}, use 'system' or 'bundled'])
+ fi
+ AC_SUBST(USE_EXTERNAL_LIBPNG)
+
+ ###############################################################################
+ #
# Check for the zlib library
#
diff -ruN jdk8/common/autoconf/spec.gmk.in jdk8/common/autoconf/spec.gmk.in
--- jdk8/common/autoconf/spec.gmk.in 2013-10-31 19:24:33.000000000 -0400
+++ jdk8/common/autoconf/spec.gmk.in 2013-11-14 21:10:56.365976518 -0500
@@ -548,6 +548,7 @@
ENABLE_JFR=@ENABLE_JFR@
ENABLE_INTREE_EC=@ENABLE_INTREE_EC@
USE_EXTERNAL_LIBJPEG:=@USE_EXTERNAL_LIBJPEG@
+USE_EXTERNAL_LIBPNG:=@USE_EXTERNAL_LIBPNG@
USE_EXTERNAL_LIBGIF:=@USE_EXTERNAL_LIBGIF@
USE_EXTERNAL_LIBZ:=@USE_EXTERNAL_LIBZ@
LIBZIP_CAN_USE_MMAP:=@LIBZIP_CAN_USE_MMAP@
diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.gmk
--- jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 20:08:01.845065585 -0500
+++ jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 20:14:10.791982343 -0500
@@ -1183,7 +1183,6 @@
ifndef BUILD_HEADLESS_ONLY
LIBSPLASHSCREEN_DIRS := \
- $(JDK_TOPDIR)/src/share/native/sun/awt/libpng \
$(JDK_TOPDIR)/src/share/native/sun/awt/splashscreen
ifeq ($(USE_EXTERNAL_LIBGIF), true)
@@ -1200,6 +1199,13 @@
LIBJPEG_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/jpeg
endif
+ ifeq ($(USE_EXTERNAL_LIBPNG), true)
+ LIBPNG_LDFLAGS := -lpng
+ else
+ LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/share/native/sun/awt/image/libpng
+ LIBPNG_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/libpng
+ endif
+
ifneq ($(OPENJDK_TARGET_OS), macosx)
LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/awt/splashscreen
else
@@ -1263,12 +1269,12 @@
LANG := C, \
OPTIMIZATION := LOW, \
CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) \
- $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS), \
+ $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS) $(LIBPNG_CFLAGS), \
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsplashscreen/mapfile-vers, \
LDFLAGS := $(LDFLAGS_JDKLIB) \
$(call SET_SHARED_LIBRARY_ORIGIN), \
LDFLAGS_SUFFIX := $(LIBSPLASHSCREEN_LDFLAGS_SUFFIX) \
- $(LIBZ) $(GIFLIB_LDFLAGS) $(LIBJPEG_LDFLAGS), \
+ $(LIBZ) $(GIFLIB_LDFLAGS) $(LIBJPEG_LDFLAGS) $(LIBPNG_LDFLAGS), \
LDFLAGS_SUFFIX_solaris := -lc, \
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
diff -ruN jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c
--- jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c 2013-10-31 19:44:18.000000000 -0400
+++ jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c 2013-11-14 20:14:41.363892797 -0500
@@ -25,8 +25,7 @@
#include "splashscreen_impl.h"
-#include "../libpng/png.h"
-
+#include <png.h>
#include <setjmp.h>
#define SIG_BYTES 8

View File

@ -0,0 +1,68 @@
diff --git openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk openjdk/jdk/make/lib/Awt2dLibraries.gmk
--- openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk
+++ openjdk/jdk/make/lib/Awt2dLibraries.gmk
@@ -665,18 +665,35 @@
endif
endif
+LIBLCMS_DIR := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms
+
+ifeq ($(USE_EXTERNAL_LCMS), true)
+ # If we're using an external library, we'll just need the wrapper part.
+ # By including it explicitely, all other files will be excluded.
+ BUILD_LIBLCMS_INCLUDE_FILES := LCMS.c
+ BUILD_LIBLCMS_HEADERS :=
+else
+ BUILD_LIBLCMS_INCLUDE_FILES :=
+ # If we're using the bundled library, we'll need to include it in the
+ # include path explicitly. Otherwise the system headers will be used.
+ BUILD_LIBLCMS_HEADERS := -I$(LIBLCMS_DIR)
+endif
+
# TODO: Update awt lib path when awt is converted
$(eval $(call SetupNativeCompilation,BUILD_LIBLCMS, \
LIBRARY := lcms, \
OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
- SRC := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms, \
+ SRC := $(LIBLCMS_DIR), \
+ INCLUDE_FILES := $(BUILD_LIBLCMS_INCLUDE_FILES), \
LANG := C, \
OPTIMIZATION := HIGHEST, \
CFLAGS := $(filter-out -xc99=%none, $(CFLAGS_JDKLIB)) \
-DCMS_DONT_USE_FAST_FLOOR \
$(SHARED_LIBRARY_FLAGS) \
-I$(JDK_TOPDIR)/src/share/native/sun/java2d \
- -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug, \
+ -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug \
+ $(BUILD_LIBLCMS_HEADERS) \
+ $(LCMS_CFLAGS), \
CFLAGS_solaris := -xc99=no_lib, \
CFLAGS_windows := -DCMS_IS_WINDOWS_, \
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \
@@ -684,10 +701,10 @@
$(call SET_SHARED_LIBRARY_ORIGIN), \
LDFLAGS_solaris := /usr/lib$(OPENJDK_TARGET_CPU_ISADIR)/libm.so.2, \
LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \
- LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc, \
- LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm, \
- LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm, \
- LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm,\
+ LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc $(LCMS_LIBS), \
+ LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm $(LCMS_LIBS), \
+ LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm $(LCMS_LIBS), \
+ LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm $(LCMS_LIBS),\
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
-D "JDK_FNAME=lcms.dll" \
diff --git openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
@@ -30,7 +30,7 @@
#include "jni_util.h"
#include "Trace.h"
#include "Disposer.h"
-#include "lcms2.h"
+#include <lcms2.h>
#include "jlong.h"

View File

@ -0,0 +1,50 @@
diff -ruN openjdk/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4
--- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500
+++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500
@@ -676,6 +676,46 @@
###############################################################################
#
+ # Check for the lcms2 library
+ #
+
+ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms],
+ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])])
+
+ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile,
+ [ LCMS_FOUND=yes ],
+ [ LCMS_FOUND=no ])
+
+ AC_MSG_CHECKING([for which lcms to use])
+
+ DEFAULT_LCMS=bundled
+
+ #
+ # If user didn't specify, use DEFAULT_LCMS
+ #
+ if test "x${with_lcms}" = "x"; then
+ with_lcms=${DEFAULT_LCMS}
+ fi
+
+ if test "x${with_lcms}" = "xbundled"; then
+ USE_EXTERNAL_LCMS=false
+ AC_MSG_RESULT([bundled])
+ elif test "x${with_lcms}" = "xsystem"; then
+ if test "x${LCMS_FOUND}" = "xyes"; then
+ USE_EXTERNAL_LCMS=true
+ AC_MSG_RESULT([system])
+ else
+ AC_MSG_RESULT([system not found])
+ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!])
+ fi
+ else
+ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled'])
+ fi
+
+ AC_SUBST(USE_EXTERNAL_LCMS)
+
+ ###############################################################################
+ #
# Check for the png library
#

View File

@ -0,0 +1,228 @@
diff -ruN jdk8/common/autoconf/libraries.m4 jdk8/common/autoconf/libraries.m4
--- jdk8/common/autoconf/libraries.m4 2013-10-31 19:24:33.000000000 -0400
+++ jdk8/common/autoconf/libraries.m4 2013-11-14 21:55:20.249903347 -0500
@@ -601,12 +601,42 @@
#
USE_EXTERNAL_LIBJPEG=true
- AC_CHECK_LIB(jpeg, main, [],
- [ USE_EXTERNAL_LIBJPEG=false
- AC_MSG_NOTICE([Will use jpeg decoder bundled with the OpenJDK source])
- ])
+ AC_ARG_WITH(libjpeg, [AS_HELP_STRING([--with-libjpeg],
+ [use libjpeg from build system or OpenJDK sources (system, bundled) @<:@bundled@:>@])])
+
+ AC_CHECK_LIB(jpeg, jpeg_destroy_compress,
+ [ LIBJPEG_FOUND=yes ],
+ [ LIBJPEG_FOUND=no ])
+
+ AC_MSG_CHECKING([for which libjpeg to use])
+
+ # default is bundled
+ DEFAULT_LIBJPEG=bundled
+
+ #
+ # if user didn't specify, use DEFAULT_LIBJPEG
+ #
+ if test "x${with_libjpeg}" = "x"; then
+ with_libjpeg=${DEFAULT_LIBJPEG}
+ fi
+
+ if test "x${with_libjpeg}" = "xbundled"; then
+ USE_EXTERNAL_LIBJPEG=false
+ AC_MSG_RESULT([bundled])
+ elif test "x${with_libjpeg}" = "xsystem"; then
+ if test "x${LIBJPEG_FOUND}" = "xyes"; then
+ USE_EXTERNAL_LIBJPEG=true
+ AC_MSG_RESULT([system])
+ else
+ AC_MSG_RESULT([system not found])
+ AC_MSG_ERROR([--with-libjpeg=system specified, but no libjpeg found])
+ fi
+ else
+ AC_MSG_ERROR([Invalid use of --with-libjpeg: ${with_libjpeg}, use 'system' or 'bundled'])
+ fi
AC_SUBST(USE_EXTERNAL_LIBJPEG)
+
###############################################################################
#
# Check for the gif library
diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.gmk
--- jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-10-31 19:44:18.000000000 -0400
+++ jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 21:56:01.020796703 -0500
@@ -693,17 +693,17 @@
##########################################################################################
ifdef OPENJDK
- BUILD_LIBJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers
+ BUILD_LIBJAVAJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers
else
- BUILD_LIBJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers-closed
- BUILD_LIBJPEG_CLOSED_SRC := $(JDK_TOPDIR)/src/closed/share/native/sun/awt/image/jpeg
- BUILD_LIBJPEG_CLOSED_INCLUDES := -I$(BUILD_LIBJPEG_CLOSED_SRC)
+ BUILD_LIBJAVAJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers-closed
+ BUILD_LIBJAVAJPEG_CLOSED_SRC := $(JDK_TOPDIR)/src/closed/share/native/sun/awt/image/jpeg
+ BUILD_LIBJAVAJPEG_CLOSED_INCLUDES := -I$(BUILD_LIBJPEG_CLOSED_SRC)
endif
-BUILD_LIBJPEG_REORDER :=
+BUILD_LIBJAVAJPEG_REORDER :=
ifeq ($(OPENJDK_TARGET_OS), solaris)
ifneq ($(OPENJDK_TARGET_CPU), x86_64)
- BUILD_LIBJPEG_REORDER := $(JDK_TOPDIR)/make/mapfiles/libjpeg/reorder-$(OPENJDK_TARGET_CPU)
+ BUILD_LIBJAVAJPEG_REORDER := $(JDK_TOPDIR)/make/mapfiles/libjpeg/reorder-$(OPENJDK_TARGET_CPU)
endif
endif
@@ -718,37 +718,38 @@
# $(shell $(EXPR) $(CC_MAJORVER) \> 4 \| \
# \( $(CC_MAJORVER) = 4 \& $(CC_MINORVER) \>= 3 \) )
# ifeq ($(CC_43_OR_NEWER), 1)
-# BUILD_LIBJPEG_CFLAGS_linux += -Wno-clobbered
+# BUILD_LIBJAVAJPEG_CFLAGS_linux += -Wno-clobbered
# endif
#endif
-$(eval $(call SetupNativeCompilation,BUILD_LIBJPEG, \
- LIBRARY := jpeg, \
+$(eval $(call SetupNativeCompilation,BUILD_LIBJAVAJPEG, \
+ LIBRARY := javajpeg, \
OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
- SRC := $(BUILD_LIBJPEG_CLOSED_SRC) \
+ SRC := $(BUILD_LIBJAVAJPEG_CLOSED_SRC) \
$(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg, \
LANG := C, \
OPTIMIZATION := HIGHEST, \
CFLAGS := $(CFLAGS_JDKLIB) \
- $(BUILD_LIBJPEG_CLOSED_INCLUDES) \
+ $(BUILD_LIBJAVAJPEG_CLOSED_INCLUDES) \
-I$(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg, \
- MAPFILE := $(BUILD_LIBJPEG_MAPFILE), \
- LDFLAGS := $(LDFLAGS_JDKLIB) \
+ MAPFILE := $(BUILD_LIBJAVAJPEG_MAPFILE), \
+ LDFLAGS := $(subst -Xlinker --as-needed,, \
+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) -ljpeg \
$(call SET_SHARED_LIBRARY_ORIGIN), \
LDFLAGS_windows := $(WIN_JAVA_LIB) jvm.lib, \
LDFLAGS_SUFFIX := $(LDFLAGS_JDKLIB_SUFFIX), \
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
- -D "JDK_FNAME=jpeg.dll" \
- -D "JDK_INTERNAL_NAME=jpeg" \
+ -D "JDK_FNAME=javajpeg.dll" \
+ -D "JDK_INTERNAL_NAME=javajpeg" \
-D "JDK_FTYPE=0x2L", \
- REORDER := $(BUILD_LIBJPEG_REORDER), \
- OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libjpeg, \
+ REORDER := $(BUILD_LIBJAVAJPEG_REORDER), \
+ OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libjavajpeg, \
DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
-$(BUILD_LIBJPEG): $(BUILD_LIBJAVA)
+$(BUILD_LIBJAVAJPEG): $(BUILD_LIBJAVA)
-BUILD_LIBRARIES += $(BUILD_LIBJPEG)
+BUILD_LIBRARIES += $(BUILD_LIBJAVAJPEG)
##########################################################################################
@@ -1127,7 +1128,6 @@
ifndef BUILD_HEADLESS_ONLY
LIBSPLASHSCREEN_DIRS := \
- $(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg \
$(JDK_TOPDIR)/src/share/native/sun/awt/libpng \
$(JDK_TOPDIR)/src/share/native/sun/awt/splashscreen
@@ -1138,6 +1138,13 @@
GIFLIB_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/giflib
endif
+ ifeq ($(USE_EXTERNAL_LIBJPEG), true)
+ LIBJPEG_LDFLAGS := -ljpeg
+ else
+ LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg
+ LIBJPEG_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/jpeg
+ endif
+
ifneq ($(OPENJDK_TARGET_OS), macosx)
LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/awt/splashscreen
else
@@ -1193,11 +1200,13 @@
EXCLUDE_FILES := imageioJPEG.c jpegdecoder.c pngtest.c, \
LANG := C, \
OPTIMIZATION := LOW, \
- CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) $(GIFLIB_CFLAGS), \
+ CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) \
+ $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS), \
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsplashscreen/mapfile-vers, \
LDFLAGS := $(LDFLAGS_JDKLIB) \
$(call SET_SHARED_LIBRARY_ORIGIN), \
- LDFLAGS_SUFFIX := $(LIBSPLASHSCREEN_LDFLAGS_SUFFIX) $(LIBZ) $(GIFLIB_LDFLAGS), \
+ LDFLAGS_SUFFIX := $(LIBSPLASHSCREEN_LDFLAGS_SUFFIX) \
+ $(LIBZ) $(GIFLIB_LDFLAGS) $(LIBJPEG_LDFLAGS), \
LDFLAGS_SUFFIX_solaris := -lc, \
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
diff -ruN jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java
--- jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java 2013-10-31 19:44:18.000000000 -0400
+++ jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java 2013-11-14 21:55:20.250903340 -0500
@@ -89,7 +89,7 @@
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
- System.loadLibrary("jpeg");
+ System.loadLibrary("javajpeg");
return null;
}
});
diff -ruN jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java
--- jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java 2013-10-31 19:44:18.000000000 -0400
+++ jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java 2013-11-14 21:55:20.250903340 -0500
@@ -179,7 +179,7 @@
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
- System.loadLibrary("jpeg");
+ System.loadLibrary("javajpeg");
return null;
}
});
diff -ruN jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java
--- jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java 2013-10-31 19:44:18.000000000 -0400
+++ jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java 2013-11-14 21:55:20.251903376 -0500
@@ -56,7 +56,7 @@
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
- System.loadLibrary("jpeg");
+ System.loadLibrary("javajpeg");
return null;
}
});
diff -ruN jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c
--- jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c 2013-10-31 19:44:18.000000000 -0400
+++ jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c 2013-11-14 21:55:20.251903376 -0500
@@ -25,7 +25,6 @@
#include "splashscreen_impl.h"
-#include "jinclude.h"
#include "jpeglib.h"
#include "jerror.h"
@@ -107,11 +106,11 @@
if (cinfo->src == NULL) { /* first time for this JPEG object? */
cinfo->src = (struct jpeg_source_mgr *)
(*cinfo->mem->alloc_small) ((j_common_ptr) cinfo,
- JPOOL_PERMANENT, SIZEOF(stream_source_mgr));
+ JPOOL_PERMANENT, sizeof(stream_source_mgr));
src = (stream_src_ptr) cinfo->src;
src->buffer = (JOCTET *)
(*cinfo->mem->alloc_small) ((j_common_ptr) cinfo,
- JPOOL_PERMANENT, INPUT_BUF_SIZE * SIZEOF(JOCTET));
+ JPOOL_PERMANENT, INPUT_BUF_SIZE * sizeof(JOCTET));
}
src = (stream_src_ptr) cinfo->src;

View File

@ -0,0 +1,148 @@
# HG changeset patch
# User sgehwolf
# Date 1525714161 -3600
# Mon May 07 18:29:21 2018 +0100
# Node ID afb31413c73cbc06420fdb447aa90a7a38258904
# Parent bcbc64dfb629c5f188bbf59b8f986ad95963ed60
8143245, PR3548: Zero build requires disabled warnings
Reviewed-by: dholmes, coleenp
diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hotspot/make/linux/makefiles/zeroshark.make
--- openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make
+++ openjdk/hotspot/make/linux/makefiles/zeroshark.make
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
# Copyright 2007, 2008 Red Hat, Inc.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
@@ -29,12 +29,7 @@
ifeq ($(JVM_VARIANT_ZEROSHARK), true)
WARNING_FLAGS += -Wno-undef
endif
-# Suppress some warning flags that are normally turned on for hotspot,
-# because some of the zero code has not been updated accordingly.
-WARNING_FLAGS += -Wno-return-type \
- -Wno-format-nonliteral -Wno-format-security \
- -Wno-maybe-uninitialized
-
+
# If FDLIBM_CFLAGS is non-empty it holds CFLAGS needed to be passed to
# the compiler so as to be able to produce optimized objects
diff --git openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
--- openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
+++ openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
@@ -102,7 +102,7 @@
return result;
default:
ShouldNotReachHere();
- return result; // silence compiler warnings
+ return NULL_WORD; // silence compiler warnings
}
}
diff --git openjdk.orig/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp openjdk/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp
--- openjdk.orig/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp
+++ openjdk/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright 2007, 2008, 2010 Red Hat, Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
@@ -62,7 +62,7 @@
}
void InterpreterRuntime::SignatureHandlerGeneratorBase::push(BasicType type) {
- ffi_type *ftype;
+ ffi_type *ftype = NULL;
switch (type) {
case T_VOID:
ftype = &ffi_type_void;
diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
--- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
+++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2007, 2008, 2009, 2010 Red Hat, Inc.
+ * Copyright 2016 Red Hat, Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -61,6 +61,7 @@
frame os::get_sender_for_C_frame(frame* fr) {
ShouldNotCallThis();
+ return frame(NULL, NULL); // silence compile warning.
}
frame os::current_frame() {
@@ -98,16 +99,19 @@
address os::Linux::ucontext_get_pc(ucontext_t* uc) {
ShouldNotCallThis();
+ return NULL; // silence compile warnings
}
ExtendedPC os::fetch_frame_from_context(void* ucVoid,
intptr_t** ret_sp,
intptr_t** ret_fp) {
ShouldNotCallThis();
+ return NULL; // silence compile warnings
}
frame os::fetch_frame_from_context(void* ucVoid) {
ShouldNotCallThis();
+ return frame(NULL, NULL); // silence compile warnings
}
extern "C" JNIEXPORT int
@@ -247,11 +251,16 @@
}
#endif // !PRODUCT
- const char *fmt = "caught unhandled signal %d";
char buf[64];
- sprintf(buf, fmt, sig);
+ sprintf(buf, "caught unhandled signal %d", sig);
+
+// Silence -Wformat-security warning for fatal()
+PRAGMA_DIAG_PUSH
+PRAGMA_FORMAT_NONLITERAL_IGNORED
fatal(buf);
+PRAGMA_DIAG_POP
+ return true; // silence compiler warnings
}
void os::Linux::init_thread_fpu_state(void) {
@@ -260,6 +269,7 @@
int os::Linux::get_fpu_control_word() {
ShouldNotCallThis();
+ return -1; // silence compile warnings
}
void os::Linux::set_fpu_control_word(int fpu) {
diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp openjdk/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp
--- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp
+++ openjdk/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright 2007, 2008, 2009, 2010 Red Hat, Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
@@ -110,6 +110,7 @@
void* ucontext,
bool isInJava) {
ShouldNotCallThis();
+ return false; // silence compile warning
}
bool pd_get_top_frame_for_profiling(frame* fr_addr,

View File

@ -0,0 +1,125 @@
# HG changeset patch
# User mbalao
# Date 1529971845 -28800
# Tue Jun 26 08:10:45 2018 +0800
# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc
# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff
8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Reviewed-by: valeriep, weijun
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
@@ -197,7 +197,7 @@
if (configDir != null) {
String configDirPath = null;
- String sqlPrefix = "sql:/";
+ String sqlPrefix = "sql:";
if (!configDir.startsWith(sqlPrefix)) {
configDirPath = configDir;
} else {
diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
+++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
@@ -69,9 +69,14 @@
int res = 0;
FPTR_Initialize initialize =
(FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize");
+ #ifdef SECMOD_DEBUG
+ FPTR_GetError getError =
+ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError");
+ #endif // SECMOD_DEBUG
unsigned int flags = 0x00;
const char *configDir = NULL;
const char *functionName = NULL;
+ const char *configFile = NULL;
/* If we cannot initialize, exit now */
if (initialize == NULL) {
@@ -97,13 +102,18 @@
flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag
}
+ configFile = "secmod.db";
+ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) {
+ configFile = "pkcs11.txt";
+ }
+
/*
* If the NSS_Init function is requested then call NSS_Initialize to
* open the Cert, Key and Security Module databases, read only.
*/
if (strcmp("NSS_Init", functionName) == 0) {
flags = flags | 0x01; // NSS_INIT_READONLY flag
- res = initialize(configDir, "", "", "secmod.db", flags);
+ res = initialize(configDir, "", "", configFile, flags);
/*
* If the NSS_InitReadWrite function is requested then call
@@ -111,7 +121,7 @@
* read/write.
*/
} else if (strcmp("NSS_InitReadWrite", functionName) == 0) {
- res = initialize(configDir, "", "", "secmod.db", flags);
+ res = initialize(configDir, "", "", configFile, flags);
/*
* If the NSS_NoDB_Init function is requested then call
@@ -137,6 +147,13 @@
(*env)->ReleaseStringUTFChars(env, jConfigDir, configDir);
}
dprintf1("-res: %d\n", res);
+ #ifdef SECMOD_DEBUG
+ if (res == -1) {
+ if (getError != NULL) {
+ dprintf1("-NSS error: %d\n", getError());
+ }
+ }
+ #endif // SECMOD_DEBUG
return (res == 0) ? JNI_TRUE : JNI_FALSE;
}
diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
+++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
@@ -34,6 +34,10 @@
const char *certPrefix, const char *keyPrefix,
const char *secmodName, unsigned int flags);
+#ifdef SECMOD_DEBUG
+typedef int (*FPTR_GetError)(void);
+#endif //SECMOD_DEBUG
+
// in secmod.h
//extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
// PRBool recurse);
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
@@ -0,0 +1,4 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
@@ -55,7 +55,7 @@
DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
if (useSqlite) {
- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
+ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR);
} else {
System.setProperty("pkcs11test.nss.db", DBDIR);
}
@@ -67,6 +67,7 @@
if (useSqlite) {
copyFile("key4.db", BASE, DBDIR);
copyFile("cert9.db", BASE, DBDIR);
+ copyFile("pkcs11.txt", BASE, DBDIR);
} else {
copyFile("secmod.db", BASE, DBDIR);
copyFile("key3.db", BASE, DBDIR);

View File

@ -0,0 +1,58 @@
# HG changeset patch
# User andrew
# Date 1526122977 -3600
# Sat May 12 12:02:57 2018 +0100
# Node ID 00ccc73498628a51a45301322e64ce2ad06e49be
# Parent aecf9f48f7b5c6148b62713a6b746301435b57cc
PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
--- openjdk.orig///common/autoconf/flags.m4
+++ openjdk///common/autoconf/flags.m4
@@ -402,6 +402,21 @@
AC_SUBST($2CXXSTD_CXXFLAG)
fi
+ #
+ # NOTE: check for -mstackrealign needs to be below potential addition of -m32
+ #
+ if test "x$OPENJDK_TARGET_CPU" = xx86 && test "x$OPENJDK_TARGET_OS" = xmacosx -o \
+ "x$OPENJDK_TARGET_OS" = xlinux; then
+ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned.
+ # While waiting for a better solution, the current workaround is to use -mstackrealign
+ # This is also required on Linux systems which use libraries compiled with SSE instructions
+ REALIGN_CFLAG="-mstackrealign"
+ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
+ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
+ )
+ AC_SUBST([REALIGN_CFLAG])
+ fi
+
if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then
AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags])
fi
diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/autoconf/hotspot-spec.gmk.in
--- openjdk.orig///common/autoconf/hotspot-spec.gmk.in
+++ openjdk///common/autoconf/hotspot-spec.gmk.in
@@ -112,7 +112,8 @@
RC:=@HOTSPOT_RC@
EXTRA_CFLAGS=@LEGACY_EXTRA_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \
+ $(REALIGN_CFLAG)
EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@
EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@
EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@
diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in
--- openjdk.orig///common/autoconf/spec.gmk.in
+++ openjdk///common/autoconf/spec.gmk.in
@@ -366,6 +366,7 @@
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@
+REALIGN_CFLAG=@REALIGN_CFLAG@
CXXSTD_CXXFLAG=@CXXSTD_CXXFLAG@
CXX:=@FIXPATH@ @CCACHE@ @CXX@

View File

@ -0,0 +1,20 @@
# HG changeset patch
# User andrew
# Date 1526489197 -3600
# Wed May 16 17:46:37 2018 +0100
# Node ID 64e87a408afd2b56d59dad73dee28d4b99463810
# Parent 00ccc73498628a51a45301322e64ce2ad06e49be
PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
--- openjdk.orig///common/autoconf/flags.m4
+++ openjdk///common/autoconf/flags.m4
@@ -401,6 +401,8 @@
FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
)
+ CFLAGS_JDK="${CFLAGS_JDK} ${REALIGN_CFLAG}"
+ CXXFLAGS_JDK="${CXXFLAGS_JDK} ${REALIGN_CFLAG}"
AC_SUBST([REALIGN_CFLAG])
fi

View File

@ -0,0 +1,343 @@
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp
@@ -2659,7 +2659,7 @@
if (ResizeOldPLAB && CMSOldPLABResizeQuicker) {
size_t multiple = _num_blocks[word_sz]/(CMSOldPLABToleranceFactor*CMSOldPLABNumRefills*n_blks);
n_blks += CMSOldPLABReactivityFactor*multiple*n_blks;
- n_blks = MIN2(n_blks, CMSOldPLABMax);
+ n_blks = MIN2(n_blks, (size_t)CMSOldPLABMax);
}
assert(n_blks > 0, "Error");
_cfls->par_get_chunk_of_blocks(word_sz, n_blks, fl);
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
@@ -957,7 +957,7 @@
if (free_percentage < desired_free_percentage) {
size_t desired_capacity = (size_t)(used() / ((double) 1 - desired_free_percentage));
assert(desired_capacity >= capacity(), "invalid expansion size");
- size_t expand_bytes = MAX2(desired_capacity - capacity(), MinHeapDeltaBytes);
+ size_t expand_bytes = MAX2(desired_capacity - capacity(), (size_t)MinHeapDeltaBytes);
if (PrintGCDetails && Verbose) {
size_t desired_capacity = (size_t)(used() / ((double) 1 - desired_free_percentage));
gclog_or_tty->print_cr("\nFrom compute_new_size: ");
@@ -6577,7 +6577,7 @@
HeapWord* curAddr = _markBitMap.startWord();
while (curAddr < _markBitMap.endWord()) {
size_t remaining = pointer_delta(_markBitMap.endWord(), curAddr);
- MemRegion chunk(curAddr, MIN2(CMSBitMapYieldQuantum, remaining));
+ MemRegion chunk(curAddr, MIN2((size_t)CMSBitMapYieldQuantum, remaining));
_markBitMap.clear_large_range(chunk);
if (ConcurrentMarkSweepThread::should_yield() &&
!foregroundGCIsActive() &&
@@ -6875,7 +6875,7 @@
return;
}
// Double capacity if possible
- size_t new_capacity = MIN2(_capacity*2, MarkStackSizeMax);
+ size_t new_capacity = MIN2(_capacity*2, (size_t)MarkStackSizeMax);
// Do not give up existing stack until we have managed to
// get the double capacity that we desired.
ReservedSpace rs(ReservedSpace::allocation_align_size_up(
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp
@@ -3902,7 +3902,7 @@
// of things to do) or totally (at the very end).
size_t target_size;
if (partially) {
- target_size = MIN2((size_t)_task_queue->max_elems()/3, GCDrainStackTargetSize);
+ target_size = MIN2((size_t)(_task_queue->max_elems()/3), (size_t) GCDrainStackTargetSize);
} else {
target_size = 0;
}
@@ -4706,7 +4706,7 @@
// The > 0 check is to deal with the prev and next live bytes which
// could be 0.
if (*hum_bytes > 0) {
- bytes = MIN2(HeapRegion::GrainBytes, *hum_bytes);
+ bytes = MIN2(HeapRegion::GrainBytes, (size_t)*hum_bytes);
*hum_bytes -= bytes;
}
return bytes;
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
@@ -1729,7 +1729,7 @@
verify_region_sets_optional();
- size_t expand_bytes = MAX2(word_size * HeapWordSize, MinHeapDeltaBytes);
+ size_t expand_bytes = MAX2(word_size * HeapWordSize, (size_t)MinHeapDeltaBytes);
ergo_verbose1(ErgoHeapSizing,
"attempt heap expansion",
ergo_format_reason("allocation request failed")
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp
@@ -117,7 +117,7 @@
return reserved_size() - committed_size();
}
-size_t G1PageBasedVirtualSpace::addr_to_page_index(char* addr) const {
+uintptr_t G1PageBasedVirtualSpace::addr_to_page_index(char* addr) const {
return (addr - _low_boundary) / _page_size;
}
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp
@@ -38,7 +38,7 @@
_cancel(false),
_empty(true),
_dropped(0) {
- _nqueues = MAX2(ParallelGCThreads, (size_t)1);
+ _nqueues = MAX2(ParallelGCThreads, (uintx)1);
_queues = NEW_C_HEAP_ARRAY(G1StringDedupWorkerQueue, _nqueues, mtGC);
for (size_t i = 0; i < _nqueues; i++) {
new (_queues + i) G1StringDedupWorkerQueue(G1StringDedupWorkerQueue::default_segment_size(), _max_cache_size, _max_size);
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
@@ -120,7 +120,7 @@
};
G1StringDedupEntryCache::G1StringDedupEntryCache(size_t max_size) :
- _nlists(MAX2(ParallelGCThreads, (size_t)1)),
+ _nlists(MAX2(ParallelGCThreads, (uintx)1)),
_max_list_length(0),
_cached(PaddedArray<G1StringDedupEntryList, mtGC>::create_unfreeable((uint)_nlists)),
_overflowed(PaddedArray<G1StringDedupEntryList, mtGC>::create_unfreeable((uint)_nlists)) {
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
@@ -109,7 +109,7 @@
if (FLAG_IS_DEFAULT(G1HeapRegionSize)) {
size_t average_heap_size = (initial_heap_size + max_heap_size) / 2;
region_size = MAX2(average_heap_size / HeapRegionBounds::target_number(),
- (uintx) HeapRegionBounds::min_size());
+ HeapRegionBounds::min_size());
}
int region_size_log = log2_long((jlong) region_size);
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
@@ -194,7 +194,7 @@
const size_t num_overflow_elems = of_stack->size();
const size_t space_available = queue->max_elems() - queue->size();
const size_t num_take_elems = MIN3(space_available / 4,
- ParGCDesiredObjsFromOverflowList,
+ (size_t)ParGCDesiredObjsFromOverflowList,
num_overflow_elems);
// Transfer the most recent num_take_elems from the overflow
// stack to our work queue.
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
@@ -910,8 +910,8 @@
void PSParallelCompact::initialize_dead_wood_limiter()
{
const size_t max = 100;
- _dwl_mean = double(MIN2(ParallelOldDeadWoodLimiterMean, max)) / 100.0;
- _dwl_std_dev = double(MIN2(ParallelOldDeadWoodLimiterStdDev, max)) / 100.0;
+ _dwl_mean = double(MIN2((size_t)ParallelOldDeadWoodLimiterMean, max)) / 100.0;
+ _dwl_std_dev = double(MIN2((size_t)ParallelOldDeadWoodLimiterStdDev, max)) / 100.0;
_dwl_first_term = 1.0 / (sqrt(2.0 * M_PI) * _dwl_std_dev);
DEBUG_ONLY(_dwl_initialized = true;)
_dwl_adjustment = normal_distribution(1.0);
diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp
--- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp
+++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp
@@ -385,7 +385,7 @@
uintx calculated_size = NewSize + OldSize;
double shrink_factor = (double) MaxHeapSize / calculated_size;
uintx smaller_new_size = align_size_down((uintx)(NewSize * shrink_factor), _gen_alignment);
- FLAG_SET_ERGO(uintx, NewSize, MAX2(young_gen_size_lower_bound(), smaller_new_size));
+ FLAG_SET_ERGO(uintx, NewSize, MAX2(young_gen_size_lower_bound(), (size_t)smaller_new_size));
_initial_gen0_size = NewSize;
// OldSize is already aligned because above we aligned MaxHeapSize to
@@ -433,7 +433,7 @@
// yield a size that is too small) and bound it by MaxNewSize above.
// Ergonomics plays here by previously calculating the desired
// NewSize and MaxNewSize.
- max_new_size = MIN2(MAX2(max_new_size, NewSize), MaxNewSize);
+ max_new_size = MIN2(MAX2(max_new_size, (size_t)NewSize), (size_t)MaxNewSize);
}
assert(max_new_size > 0, "All paths should set max_new_size");
@@ -455,24 +455,23 @@
// lower limit.
_min_gen0_size = NewSize;
desired_new_size = NewSize;
- max_new_size = MAX2(max_new_size, NewSize);
+ max_new_size = MAX2(max_new_size, (size_t)NewSize);
} else if (FLAG_IS_ERGO(NewSize)) {
// If NewSize is set ergonomically, we should use it as a lower
// limit, but use NewRatio to calculate the initial size.
_min_gen0_size = NewSize;
desired_new_size =
- MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), NewSize);
- max_new_size = MAX2(max_new_size, NewSize);
+ MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), (size_t)NewSize);
+ max_new_size = MAX2(max_new_size, (size_t)NewSize);
} else {
// For the case where NewSize is the default, use NewRatio
// to size the minimum and initial generation sizes.
// Use the default NewSize as the floor for these values. If
// NewRatio is overly large, the resulting sizes can be too
// small.
- _min_gen0_size = MAX2(scale_by_NewRatio_aligned(_min_heap_byte_size), NewSize);
+ _min_gen0_size = MAX2(scale_by_NewRatio_aligned(_min_heap_byte_size), (size_t)NewSize);
desired_new_size =
- MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), NewSize);
- }
+ MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), (size_t)NewSize); }
assert(_min_gen0_size > 0, "Sanity check");
_initial_gen0_size = desired_new_size;
@@ -573,7 +572,7 @@
} else {
// It's been explicitly set on the command line. Use the
// OldSize and then determine the consequences.
- _min_gen1_size = MIN2(OldSize, _min_heap_byte_size - _min_gen0_size);
+ _min_gen1_size = MIN2((size_t)OldSize, _min_heap_byte_size - _min_gen0_size);
_initial_gen1_size = OldSize;
// If the user has explicitly set an OldSize that is inconsistent
diff --git openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp openjdk/hotspot/src/share/vm/memory/metaspace.cpp
--- openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp
+++ openjdk/hotspot/src/share/vm/memory/metaspace.cpp
@@ -1482,7 +1482,7 @@
void MetaspaceGC::post_initialize() {
// Reset the high-water mark once the VM initialization is done.
- _capacity_until_GC = MAX2(MetaspaceAux::committed_bytes(), MetaspaceSize);
+ _capacity_until_GC = MAX2(MetaspaceAux::committed_bytes(), (size_t)MetaspaceSize);
}
bool MetaspaceGC::can_expand(size_t word_size, bool is_class) {
@@ -1542,7 +1542,7 @@
(size_t)MIN2(min_tmp, double(MaxMetaspaceSize));
// Don't shrink less than the initial generation size
minimum_desired_capacity = MAX2(minimum_desired_capacity,
- MetaspaceSize);
+ (size_t)MetaspaceSize);
if (PrintGCDetails && Verbose) {
gclog_or_tty->print_cr("\nMetaspaceGC::compute_new_size: ");
@@ -1600,7 +1600,7 @@
const double max_tmp = used_after_gc / minimum_used_percentage;
size_t maximum_desired_capacity = (size_t)MIN2(max_tmp, double(MaxMetaspaceSize));
maximum_desired_capacity = MAX2(maximum_desired_capacity,
- MetaspaceSize);
+ (size_t)MetaspaceSize);
if (PrintGCDetails && Verbose) {
gclog_or_tty->print_cr(" "
" maximum_free_percentage: %6.2f"
@@ -3361,7 +3361,7 @@
// on the medium chunk list. The next chunk will be small and progress
// from there. This size calculated by -version.
_first_class_chunk_word_size = MIN2((size_t)MediumChunk*6,
- (CompressedClassSpaceSize/BytesPerWord)*2);
+ (size_t)(CompressedClassSpaceSize/BytesPerWord)*2);
_first_class_chunk_word_size = align_word_size_up(_first_class_chunk_word_size);
// Arbitrarily set the initial virtual space to a multiple
// of the boot class loader size.
diff --git openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp
--- openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp
+++ openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp
@@ -250,13 +250,13 @@
size_t init_sz = 0;
if (TLABSize > 0) {
- init_sz = TLABSize / HeapWordSize;
+ init_sz = (size_t)(TLABSize / HeapWordSize);
} else if (global_stats() != NULL) {
// Initial size is a function of the average number of allocating threads.
unsigned nof_threads = global_stats()->allocating_threads_avg();
- init_sz = (Universe::heap()->tlab_capacity(myThread()) / HeapWordSize) /
- (nof_threads * target_refills());
+ init_sz = (size_t)((Universe::heap()->tlab_capacity(myThread()) / HeapWordSize) /
+ (nof_threads * target_refills()));
init_sz = align_object_size(init_sz);
}
init_sz = MIN2(MAX2(init_sz, min_size()), max_size());
diff --git openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp
--- openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp
+++ openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp
@@ -48,7 +48,7 @@
const size_t beg_index = size_t(index);
assert(beg_index < len || len == 0, "index too large");
- const size_t stride = MIN2(len - beg_index, ObjArrayMarkingStride);
+ const size_t stride = MIN2(len - beg_index, (size_t)ObjArrayMarkingStride);
const size_t end_index = beg_index + stride;
T* const base = (T*)a->base();
T* const beg = base + beg_index;
@@ -82,7 +82,7 @@
const size_t beg_index = size_t(index);
assert(beg_index < len || len == 0, "index too large");
- const size_t stride = MIN2(len - beg_index, ObjArrayMarkingStride);
+ const size_t stride = MIN2(len - beg_index, (size_t)ObjArrayMarkingStride);
const size_t end_index = beg_index + stride;
T* const base = (T*)a->base();
T* const beg = base + beg_index;
diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp
--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp
+++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp
@@ -1289,7 +1289,7 @@
// NewSize was set on the command line and it is larger than
// preferred_max_new_size.
if (!FLAG_IS_DEFAULT(NewSize)) { // NewSize explicitly set at command-line
- FLAG_SET_ERGO(uintx, MaxNewSize, MAX2(NewSize, preferred_max_new_size));
+ FLAG_SET_ERGO(uintx, MaxNewSize, MAX2((size_t)NewSize, preferred_max_new_size));
} else {
FLAG_SET_ERGO(uintx, MaxNewSize, preferred_max_new_size);
}
@@ -1314,8 +1314,8 @@
// Unless explicitly requested otherwise, make young gen
// at least min_new, and at most preferred_max_new_size.
if (FLAG_IS_DEFAULT(NewSize)) {
- FLAG_SET_ERGO(uintx, NewSize, MAX2(NewSize, min_new));
- FLAG_SET_ERGO(uintx, NewSize, MIN2(preferred_max_new_size, NewSize));
+ FLAG_SET_ERGO(uintx, NewSize, MAX2((size_t)NewSize, min_new));
+ FLAG_SET_ERGO(uintx, NewSize, MIN2(preferred_max_new_size, (size_t)NewSize));
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
tty->print_cr("CMS ergo set NewSize: " SIZE_FORMAT, NewSize);
@@ -1325,7 +1325,7 @@
// so it's NewRatio x of NewSize.
if (FLAG_IS_DEFAULT(OldSize)) {
if (max_heap > NewSize) {
- FLAG_SET_ERGO(uintx, OldSize, MIN2(NewRatio*NewSize, max_heap - NewSize));
+ FLAG_SET_ERGO(uintx, OldSize, MIN2((size_t)(NewRatio*NewSize), max_heap - NewSize));
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize);
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
@@ -41,7 +41,7 @@
}
size_t G1CMObjArrayProcessor::process_array_slice(objArrayOop obj, HeapWord* start_from, size_t remaining) {
- size_t words_to_scan = MIN2(remaining, ObjArrayMarkingStride);
+ size_t words_to_scan = MIN2(remaining, (size_t) ObjArrayMarkingStride);
if (remaining > ObjArrayMarkingStride) {
push_array_slice(start_from + ObjArrayMarkingStride);
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
@@ -150,5 +150,5 @@
return value;
}
- return (size_t)1 << (log2_intptr(value) + 1);
+ return (size_t)1 << (log2_intptr((uintptr_t) value) + 1);
}

5
SOURCES/nss.cfg.in Normal file
View File

@ -0,0 +1,5 @@
name = NSS
nssLibraryDirectory = @NSS_LIBDIR@
nssDbMode = noDb
attributes = compatibility
handleStartupErrors = ignoreMultipleInitialisation

6
SOURCES/nss.fips.cfg.in Normal file
View File

@ -0,0 +1,6 @@
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = @NSS_SECMOD@
nssDbMode = readOnly
nssModule = fips

View File

@ -0,0 +1,10 @@
[Desktop Entry]
Name=OpenJDK @JAVA_VER@ for @target_cpu@ Policy Tool (@OPENJDK_VER@)
Comment=Manage OpenJDK policy files
Exec=_JREBINDIR_/policytool
Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-security-tools-PolicyTool
Categories=Settings;Java;
Version=1.0

View File

@ -0,0 +1,302 @@
# HG changeset patch
# User mikael
# Date 1426870964 25200
# Fri Mar 20 10:02:44 2015 -0700
# Node ID ee13ce369705a700b867f8c77423580b7b22cc13
# Parent 7847ccfb240b35ed0dd328f0404b713b20e0905a
8074839: Resolve disabled warnings for libunpack and the unpack200 binary
Reviewed-by: dholmes, ksrini
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
@@ -63,7 +63,7 @@
bytes res;
res.ptr = ptr + beg;
res.len = end - beg;
- assert(res.len == 0 || inBounds(res.ptr) && inBounds(res.limit()-1));
+ assert(res.len == 0 || (inBounds(res.ptr) && inBounds(res.limit()-1)));
return res;
}
// building C strings inside byte buffers:
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
@@ -292,7 +292,7 @@
if (uPtr->aborting()) {
THROW_IOE(uPtr->get_abort_message());
- return false;
+ return null;
}
// We have fetched all the files.
@@ -310,7 +310,7 @@
JNIEXPORT jlong JNICALL
Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
unpacker* uPtr = get_unpacker(env, pObj, false);
- CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0);
size_t consumed = uPtr->input_consumed();
free_unpacker(env, pObj, uPtr);
return consumed;
@@ -320,6 +320,7 @@
Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj,
jstring pProp, jstring pValue) {
unpacker* uPtr = get_unpacker(env, pObj);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, false);
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
CHECK_EXCEPTION_RETURN_VALUE(prop, false);
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
@@ -142,31 +142,28 @@
return progname;
}
-static const char* usage_lines[] = {
- "Usage: %s [-opt... | --option=value]... x.pack[.gz] y.jar\n",
- "\n",
- "Unpacking Options\n",
- " -H{h}, --deflate-hint={h} override transmitted deflate hint: true, false, or keep (default)\n",
- " -r, --remove-pack-file remove input file after unpacking\n",
- " -v, --verbose increase program verbosity\n",
- " -q, --quiet set verbosity to lowest level\n",
- " -l{F}, --log-file={F} output to the given log file, or '-' for standard output (default)\n",
- " -?, -h, --help print this message\n",
- " -V, --version print program version\n",
- " -J{X} Java VM argument (ignored)\n",
- null
-};
+#define USAGE_HEADER "Usage: %s [-opt... | --option=value]... x.pack[.gz] y.jar\n"
+#define USAGE_OPTIONS \
+ "\n" \
+ "Unpacking Options\n" \
+ " -H{h}, --deflate-hint={h} override transmitted deflate hint: true, false, or keep (default)\n" \
+ " -r, --remove-pack-file remove input file after unpacking\n" \
+ " -v, --verbose increase program verbosity\n" \
+ " -q, --quiet set verbosity to lowest level\n" \
+ " -l{F}, --log-file={F} output to the given log file, or '-' for standard output (default)\n" \
+ " -?, -h, --help print this message\n" \
+ " -V, --version print program version\n" \
+ " -J{X} Java VM argument (ignored)\n"
static void usage(unpacker* u, const char* progname, bool full = false) {
// WinMain does not set argv[0] to the progrname
progname = (progname != null) ? nbasename(progname) : "unpack200";
- for (int i = 0; usage_lines[i] != null; i++) {
- fprintf(u->errstrm, usage_lines[i], progname);
- if (!full) {
- fprintf(u->errstrm,
- "(For more information, run %s --help .)\n", progname);
- break;
- }
+
+ fprintf(u->errstrm, USAGE_HEADER, progname);
+ if (full) {
+ fprintf(u->errstrm, USAGE_OPTIONS);
+ } else {
+ fprintf(u->errstrm, "(For more information, run %s --help .)\n", progname);
}
}
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
@@ -222,9 +222,9 @@
}
#ifdef PRODUCT
- char* string() { return 0; }
+ const char* string() { return NULL; }
#else
- char* string(); // see far below
+ const char* string(); // see far below
#endif
};
@@ -715,13 +715,13 @@
// Now we can size the whole archive.
// Read everything else into a mega-buffer.
rp = hdr.rp;
- int header_size_0 = (int)(rp - input.base()); // used-up header (4byte + 3int)
- int header_size_1 = (int)(rplimit - rp); // buffered unused initial fragment
- int header_size = header_size_0+header_size_1;
+ size_t header_size_0 = (rp - input.base()); // used-up header (4byte + 3int)
+ size_t header_size_1 = (rplimit - rp); // buffered unused initial fragment
+ size_t header_size = header_size_0 + header_size_1;
unsized_bytes_read = header_size_0;
CHECK;
if (foreign_buf) {
- if (archive_size > (size_t)header_size_1) {
+ if (archive_size > header_size_1) {
abort("EOF reading fixed input buffer");
return;
}
@@ -735,7 +735,7 @@
return;
}
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
- (size_t) header_size_0 + archive_size);
+ header_size_0 + archive_size);
CHECK;
assert(input.limit()[0] == 0);
// Move all the bytes we read initially into the real buffer.
@@ -958,13 +958,13 @@
nentries = next_entry;
// place a limit on future CP growth:
- int generous = 0;
+ size_t generous = 0;
generous = add_size(generous, u->ic_count); // implicit name
generous = add_size(generous, u->ic_count); // outer
generous = add_size(generous, u->ic_count); // outer.utf8
generous = add_size(generous, 40); // WKUs, misc
generous = add_size(generous, u->class_count); // implicit SourceFile strings
- maxentries = add_size(nentries, generous);
+ maxentries = (uint)add_size(nentries, generous);
// Note that this CP does not include "empty" entries
// for longs and doubles. Those are introduced when
@@ -982,8 +982,9 @@
}
// Initialize *all* our entries once
- for (int i = 0 ; i < maxentries ; i++)
+ for (uint i = 0 ; i < maxentries ; i++) {
entries[i].outputIndex = REQUESTED_NONE;
+ }
initGroupIndexes();
// Initialize hashTab to a generous power-of-two size.
@@ -3677,21 +3678,22 @@
unpacker* debug_u;
-static bytes& getbuf(int len) { // for debugging only!
+static bytes& getbuf(size_t len) { // for debugging only!
static int bn = 0;
static bytes bufs[8];
bytes& buf = bufs[bn++ & 7];
- while ((int)buf.len < len+10)
+ while (buf.len < len + 10) {
buf.realloc(buf.len ? buf.len * 2 : 1000);
+ }
buf.ptr[0] = 0; // for the sake of strcat
return buf;
}
-char* entry::string() {
+const char* entry::string() {
bytes buf;
switch (tag) {
case CONSTANT_None:
- return (char*)"<empty>";
+ return "<empty>";
case CONSTANT_Signature:
if (value.b.ptr == null)
return ref(0)->string();
@@ -3711,26 +3713,28 @@
break;
default:
if (nrefs == 0) {
- buf = getbuf(20);
- sprintf((char*)buf.ptr, TAG_NAME[tag]);
+ return TAG_NAME[tag];
} else if (nrefs == 1) {
return refs[0]->string();
} else {
- char* s1 = refs[0]->string();
- char* s2 = refs[1]->string();
- buf = getbuf((int)strlen(s1) + 1 + (int)strlen(s2) + 4 + 1);
+ const char* s1 = refs[0]->string();
+ const char* s2 = refs[1]->string();
+ buf = getbuf(strlen(s1) + 1 + strlen(s2) + 4 + 1);
buf.strcat(s1).strcat(" ").strcat(s2);
if (nrefs > 2) buf.strcat(" ...");
}
}
- return (char*)buf.ptr;
+ return (const char*)buf.ptr;
}
void print_cp_entry(int i) {
entry& e = debug_u->cp.entries[i];
- char buf[30];
- sprintf(buf, ((uint)e.tag < CONSTANT_Limit)? TAG_NAME[e.tag]: "%d", e.tag);
- printf(" %d\t%s %s\n", i, buf, e.string());
+
+ if ((uint)e.tag < CONSTANT_Limit) {
+ printf(" %d\t%s %s\n", i, TAG_NAME[e.tag], e.string());
+ } else {
+ printf(" %d\t%d %s\n", i, e.tag, e.string());
+ }
}
void print_cp_entries(int beg, int end) {
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
@@ -209,7 +209,7 @@
byte* rp; // read pointer (< rplimit <= input.limit())
byte* rplimit; // how much of the input block has been read?
julong bytes_read;
- int unsized_bytes_read;
+ size_t unsized_bytes_read;
// callback to read at least one byte, up to available input
typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen);
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
@@ -81,7 +81,7 @@
int assert_failed(const char* p) {
char message[1<<12];
sprintf(message, "@assert failed: %s\n", p);
- fprintf(stdout, 1+message);
+ fprintf(stdout, "%s", 1+message);
breakpoint();
unpack_abort(message);
return 0;
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
@@ -84,7 +84,7 @@
}
// Write data to the ZIP output stream.
-void jar::write_data(void* buff, int len) {
+void jar::write_data(void* buff, size_t len) {
while (len > 0) {
int rc = (int)fwrite(buff, 1, len, jarfp);
if (rc <= 0) {
@@ -323,12 +323,12 @@
// Total number of disks (int)
header64[36] = (ushort)SWAP_BYTES(1);
header64[37] = 0;
- write_data(header64, (int)sizeof(header64));
+ write_data(header64, sizeof(header64));
}
// Write the End of Central Directory structure.
PRINTCR((2, "end-of-directory at %d\n", output_file_offset));
- write_data(header, (int)sizeof(header));
+ write_data(header, sizeof(header));
PRINTCR((2, "writing zip comment\n"));
// Write the comment.
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
@@ -68,8 +68,8 @@
}
// Private Methods
- void write_data(void* ptr, int len);
- void write_data(bytes& b) { write_data(b.ptr, (int)b.len); }
+ void write_data(void* ptr, size_t len);
+ void write_data(bytes& b) { write_data(b.ptr, b.len); }
void add_to_jar_directory(const char* fname, bool store, int modtime,
int len, int clen, uLong crc);
void write_jar_header(const char* fname, bool store, int modtime,

View File

@ -0,0 +1,74 @@
# HG changeset patch
# User andrew
# Date 1352129932 0
# Node ID e9c857dcb964dbfa5eef3a3590244cb4d999cf7a
# Parent 1406789608b76d0906881979335d685855f44190
Allow multiple PKCS11 library initialisation to be a non-critical error.
diff -r 1406789608b7 -r e9c857dcb964 src/share/classes/sun/security/pkcs11/Config.java
--- jdk8/jdk/src/share/classes/sun/security/pkcs11/Config.java Tue Oct 30 13:05:14 2012 +0000
+++ jdk8/jdk/src/share/classes/sun/security/pkcs11/Config.java Mon Nov 05 15:38:52 2012 +0000
@@ -52,6 +52,7 @@
static final int ERR_HALT = 1;
static final int ERR_IGNORE_ALL = 2;
static final int ERR_IGNORE_LIB = 3;
+ static final int ERR_IGNORE_MULTI_INIT = 4;
// same as allowSingleThreadedModules but controlled via a system property
// and applied to all providers. if set to false, no SunPKCS11 instances
@@ -980,6 +981,8 @@
handleStartupErrors = ERR_IGNORE_LIB;
} else if (val.equals("halt")) {
handleStartupErrors = ERR_HALT;
+ } else if (val.equals("ignoreMultipleInitialisation")) {
+ handleStartupErrors = ERR_IGNORE_MULTI_INIT;
} else {
throw excToken("Invalid value for handleStartupErrors:");
}
diff -r 1406789608b7 -r e9c857dcb964 src/share/classes/sun/security/pkcs11/SunPKCS11.java
--- jdk8/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java Tue Oct 30 13:05:14 2012 +0000
+++ jdk8/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java Mon Nov 05 15:38:52 2012 +0000
@@ -168,26 +168,37 @@
String nssLibraryDirectory = config.getNssLibraryDirectory();
String nssSecmodDirectory = config.getNssSecmodDirectory();
boolean nssOptimizeSpace = config.getNssOptimizeSpace();
+ int errorHandling = config.getHandleStartupErrors();
if (secmod.isInitialized()) {
if (nssSecmodDirectory != null) {
String s = secmod.getConfigDir();
if ((s != null) &&
(s.equals(nssSecmodDirectory) == false)) {
- throw new ProviderException("Secmod directory "
- + nssSecmodDirectory
- + " invalid, NSS already initialized with "
- + s);
+ String msg = "Secmod directory " + nssSecmodDirectory
+ + " invalid, NSS already initialized with " + s;
+ if (errorHandling == Config.ERR_IGNORE_MULTI_INIT ||
+ errorHandling == Config.ERR_IGNORE_ALL) {
+ throw new UnsupportedOperationException(msg);
+ } else {
+ throw new ProviderException(msg);
+ }
}
}
if (nssLibraryDirectory != null) {
String s = secmod.getLibDir();
if ((s != null) &&
(s.equals(nssLibraryDirectory) == false)) {
- throw new ProviderException("NSS library directory "
+ String msg = "NSS library directory "
+ nssLibraryDirectory
+ " invalid, NSS already initialized with "
- + s);
+ + s;
+ if (errorHandling == Config.ERR_IGNORE_MULTI_INIT ||
+ errorHandling == Config.ERR_IGNORE_ALL) {
+ throw new UnsupportedOperationException(msg);
+ } else {
+ throw new ProviderException(msg);
+ }
}
}
} else {

View File

@ -0,0 +1,63 @@
# HG changeset patch
# User andrew
# Date 1459487045 -3600
# Fri Apr 01 06:04:05 2016 +0100
# Node ID 3334efeacd8327a14b7d2f392f4546e3c29c594b
# Parent 6b81fd2227d14226f2121f2d51b464536925686e
PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
PR3575: System cacerts database handling should not affect jssecacerts
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
@@ -72,7 +72,7 @@
* The preference of the default trusted KeyStore is:
* javax.net.ssl.trustStore
* jssecacerts
- * cacerts
+ * cacerts (system and local)
*/
private static final class TrustStoreDescriptor {
private static final String fileSep = File.separator;
@@ -83,6 +83,10 @@
defaultStorePath + fileSep + "cacerts";
private static final String jsseDefaultStore =
defaultStorePath + fileSep + "jssecacerts";
+ /* Check system cacerts DB: /etc/pki/java/cacerts */
+ private static final String systemStore =
+ fileSep + "etc" + fileSep + "pki" +
+ fileSep + "java" + fileSep + "cacerts";
// the trust store name
private final String storeName;
@@ -146,7 +150,8 @@
long temporaryTime = 0L;
if (!"NONE".equals(storePropName)) {
String[] fileNames =
- new String[] {storePropName, defaultStore};
+ new String[] {storePropName,
+ systemStore, defaultStore};
for (String fileName : fileNames) {
File f = new File(fileName);
if (f.isFile() && f.canRead()) {
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
@@ -108,9 +108,14 @@
throws Exception
{
String sep = File.separator;
- File file = new File(System.getProperty("java.home") + sep
- + "lib" + sep + "security" + sep
- + "cacerts");
+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
+ File file = new File(sep + "etc" + sep + "pki" + sep
+ + "java" + sep + "cacerts");
+ if (!file.exists()) {
+ file = new File(System.getProperty("java.home") + sep
+ + "lib" + sep + "security" + sep
+ + "cacerts");
+ }
if (!file.exists()) {
return null;
}

View File

@ -0,0 +1,140 @@
# HG changeset patch
# User andrew
# Date 1464316115 -3600
# Fri May 27 03:28:35 2016 +0100
# Node ID 794541fbbdc323f7da8a5cee75611f977eee66ee
# Parent 0be28a33e12dfc9ae1e4be381530643f691d351a
PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
Summary: Add -systemlineendings option to keytool to allow system line endings to be used again.
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
@@ -35,6 +35,7 @@
import java.util.Base64;
+import sun.security.action.GetPropertyAction;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key;
@@ -74,6 +75,14 @@
* @author Hemma Prafullchandra
*/
public class PKCS10 {
+
+ private static final byte[] sysLineEndings;
+
+ static {
+ sysLineEndings =
+ AccessController.doPrivileged(new GetPropertyAction("line.separator")).getBytes();
+ }
+
/**
* Constructs an unsigned PKCS #10 certificate request. Before this
* request may be used, it must be encoded and signed. Then it
@@ -303,13 +312,39 @@
*/
public void print(PrintStream out)
throws IOException, SignatureException {
+ print(out, false);
+ }
+
+ /**
+ * Prints an E-Mailable version of the certificate request on the print
+ * stream passed. The format is a common base64 encoded one, supported
+ * by most Certificate Authorities because Netscape web servers have
+ * used this for some time. Some certificate authorities expect some
+ * more information, in particular contact information for the web
+ * server administrator.
+ *
+ * @param out the print stream where the certificate request
+ * will be printed.
+ * @param systemLineEndings true if the request should be terminated
+ * using the system line endings.
+ * @exception IOException when an output operation failed
+ * @exception SignatureException when the certificate request was
+ * not yet signed.
+ */
+ public void print(PrintStream out, boolean systemLineEndings)
+ throws IOException, SignatureException {
+ byte[] lineEndings;
+
if (encoded == null)
throw new SignatureException("Cert request was not signed");
+ if (systemLineEndings)
+ lineEndings = sysLineEndings;
+ else
+ lineEndings = new byte[] {'\r', '\n'}; // CRLF
- byte[] CRLF = new byte[] {'\r', '\n'};
out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
- out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(encoded));
+ out.println(Base64.getMimeEncoder(64, lineEndings).encodeToString(encoded));
out.println("-----END NEW CERTIFICATE REQUEST-----");
}
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
@@ -126,6 +126,7 @@
private String infilename = null;
private String outfilename = null;
private String srcksfname = null;
+ private boolean systemLineEndings = false;
// User-specified providers are added before any command is called.
// However, they are not removed before the end of the main() method.
@@ -188,7 +189,7 @@
CERTREQ("Generates.a.certificate.request",
ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME,
STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
- PROVIDERARG, PROVIDERPATH, V, PROTECTED),
+ PROVIDERARG, PROVIDERPATH, SYSTEMLINEENDINGS, V, PROTECTED),
CHANGEALIAS("Changes.an.entry.s.alias",
ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS,
STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
@@ -321,6 +322,7 @@
STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
STOREPASS("storepass", "<arg>", "keystore.password"),
STORETYPE("storetype", "<storetype>", "keystore.type"),
+ SYSTEMLINEENDINGS("systemlineendings", null, "system.line.endings"),
TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
V("v", null, "verbose.output"),
VALIDITY("validity", "<valDays>", "validity.number.of.days");
@@ -561,6 +563,8 @@
protectedPath = true;
} else if (collator.compare(flags, "-srcprotected") == 0) {
srcprotectedPath = true;
+ } else if (collator.compare(flags, "-systemlineendings") == 0) {
+ systemLineEndings = true;
} else {
System.err.println(rb.getString("Illegal.option.") + flags);
tinyHelp();
@@ -1464,7 +1468,7 @@
// Sign the request and base-64 encode it
request.encodeAndSign(subject, signature);
- request.print(out);
+ request.print(out, systemLineEndings);
checkWeak(rb.getString("the.generated.certificate.request"), request);
}
@@ -4544,4 +4548,3 @@
return new Pair<>(a,b);
}
}
-
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
@@ -168,6 +168,8 @@
"keystore password"}, //-storepass
{"keystore.type",
"keystore type"}, //-storetype
+ {"system.line.endings",
+ "use system line endings rather than CRLF to terminate output"}, //-systemlineendings
{"trust.certificates.from.cacerts",
"trust certificates from cacerts"}, //-trustcacerts
{"verbose.output",

View File

@ -0,0 +1,164 @@
# HG changeset patch
# User andrew
# Date 1467652889 -3600
# Mon Jul 04 18:21:29 2016 +0100
# Node ID a4541d1d8609cadb08d3e31b40b9184ff32dd6c3
# Parent bc6eab2038c603afb2eb2b4644f3b900c8fd0c46
PR3083, RH1346460: Regression in SSL debug output without an ECC provider
Summary: Return null rather than throwing an exception when there's no ECC provider.
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
+++ openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
@@ -121,7 +121,7 @@
private static void ensureCurveIsSupported(ECParameterSpec ecSpec)
throws InvalidAlgorithmParameterException {
- AlgorithmParameters ecParams = ECUtil.getECParameters(null);
+ AlgorithmParameters ecParams = ECUtil.getECParameters(null, true);
byte[] encodedParams;
try {
ecParams.init(ecSpec);
diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java openjdk/jdk/src/share/classes/sun/security/util/Debug.java
--- openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java
+++ openjdk/jdk/src/share/classes/sun/security/util/Debug.java
@@ -73,6 +73,7 @@
System.err.println("certpath PKIX CertPathBuilder and");
System.err.println(" CertPathValidator debugging");
System.err.println("combiner SubjectDomainCombiner debugging");
+ System.err.println("ecc Elliptic Curve Cryptography debugging");
System.err.println("gssloginconfig");
System.err.println(" GSS LoginConfigImpl debugging");
System.err.println("configfile JAAS ConfigFile loading");
diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
--- openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java
+++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
@@ -41,6 +41,9 @@
public final class ECUtil {
+ /* Are we debugging ? */
+ private static final Debug debug = Debug.getInstance("ecc");
+
// Used by SunPKCS11 and SunJSSE.
public static ECPoint decodePoint(byte[] data, EllipticCurve curve)
throws IOException {
@@ -90,6 +93,10 @@
}
public static AlgorithmParameters getECParameters(Provider p) {
+ return getECParameters(p, false);
+ }
+
+ public static AlgorithmParameters getECParameters(Provider p, boolean throwException) {
try {
if (p != null) {
return AlgorithmParameters.getInstance("EC", p);
@@ -97,13 +104,21 @@
return AlgorithmParameters.getInstance("EC");
} catch (NoSuchAlgorithmException nsae) {
- throw new RuntimeException(nsae);
+ if (throwException) {
+ throw new RuntimeException(nsae);
+ } else {
+ // ECC provider is optional so just return null
+ if (debug != null) {
+ debug.println("Provider unavailable: " + nsae);
+ }
+ return null;
+ }
}
}
public static byte[] encodeECParameterSpec(Provider p,
ECParameterSpec spec) {
- AlgorithmParameters parameters = getECParameters(p);
+ AlgorithmParameters parameters = getECParameters(p, true);
try {
parameters.init(spec);
@@ -122,11 +137,16 @@
public static ECParameterSpec getECParameterSpec(Provider p,
ECParameterSpec spec) {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(spec);
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
}
@@ -135,34 +155,49 @@
byte[] params)
throws IOException {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
parameters.init(params);
try {
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
}
public static ECParameterSpec getECParameterSpec(Provider p, String name) {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(new ECGenParameterSpec(name));
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
}
public static ECParameterSpec getECParameterSpec(Provider p, int keySize) {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(new ECKeySizeParameterSpec(keySize));
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
@@ -171,11 +206,16 @@
public static String getCurveName(Provider p, ECParameterSpec spec) {
ECGenParameterSpec nameSpec;
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(spec);
nameSpec = parameters.getParameterSpec(ECGenParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}

View File

@ -0,0 +1,158 @@
# HG changeset patch
# User andrew
# Date 1478057514 0
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
PR3183: Support Fedora/RHEL system crypto policy
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/classes/java/security/Security.java
--- openjdk/jdk/src/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
@@ -43,6 +43,9 @@
* implementation-specific location, which is typically the properties file
* {@code lib/security/java.security} in the Java installation directory.
*
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
+ *
* @author Benjamin Renaud
*/
@@ -52,6 +55,10 @@
private static final Debug sdebug =
Debug.getInstance("properties");
+ /* System property file*/
+ private static final String SYSTEM_PROPERTIES =
+ "/etc/crypto-policies/back-ends/java.config";
+
/* The java.security properties */
private static Properties props;
@@ -93,6 +100,7 @@
if (sdebug != null) {
sdebug.println("reading security properties file: " +
propFile);
+ sdebug.println(props.toString());
}
} catch (IOException e) {
if (sdebug != null) {
@@ -114,6 +122,31 @@
}
if ("true".equalsIgnoreCase(props.getProperty
+ ("security.useSystemPropertiesFile"))) {
+
+ // now load the system file, if it exists, so its values
+ // will win if they conflict with the earlier values
+ try (BufferedInputStream bis =
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+ props.load(bis);
+ loadedProps = true;
+
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ SYSTEM_PROPERTIES);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println
+ ("unable to load security properties from " +
+ SYSTEM_PROPERTIES);
+ e.printStackTrace();
+ }
+ }
+ }
+
+ if ("true".equalsIgnoreCase(props.getProperty
("security.overridePropertiesFile"))) {
String extraPropFile = System.getProperty
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-aix
--- openjdk/jdk/src/share/lib/security/java.security-aix Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-aix Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-linux
--- openjdk/jdk/src/share/lib/security/java.security-linux Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-linux Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=true
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-macosx
--- openjdk/jdk/src/share/lib/security/java.security-macosx Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-macosx Wed Nov 02 03:31:54 2016 +0000
@@ -279,6 +279,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-solaris
--- openjdk/jdk/src/share/lib/security/java.security-solaris Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-solaris Wed Nov 02 03:31:54 2016 +0000
@@ -278,6 +278,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-windows
--- openjdk/jdk/src/share/lib/security/java.security-windows Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-windows Wed Nov 02 03:31:54 2016 +0000
@@ -279,6 +279,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#

View File

@ -0,0 +1,143 @@
diff --git openjdk.orig/hotspot/src/share/vm/asm/codeBuffer.cpp openjdk/hotspot/src/share/vm/asm/codeBuffer.cpp
--- openjdk.orig/hotspot/src/share/vm/asm/codeBuffer.cpp
+++ openjdk/hotspot/src/share/vm/asm/codeBuffer.cpp
@@ -977,7 +977,7 @@
for (int n = (int) CodeBuffer::SECT_FIRST; n < (int) CodeBuffer::SECT_LIMIT; n++) {
CodeSection* sect = code_section(n);
if (!sect->is_allocated() || sect->is_empty()) continue;
- xtty->print_cr("<sect index='%d' size='" SIZE_FORMAT "' free='" SIZE_FORMAT "'/>",
+ xtty->print_cr("<sect index='%d' size='" INTX_FORMAT "' free='" INTX_FORMAT "'/>",
n, sect->limit() - sect->start(), sect->limit() - sect->end());
}
xtty->print_cr("</blob>");
diff --git openjdk.orig/hotspot/src/share/vm/code/codeCache.cpp openjdk/hotspot/src/share/vm/code/codeCache.cpp
--- openjdk.orig/hotspot/src/share/vm/code/codeCache.cpp
+++ openjdk/hotspot/src/share/vm/code/codeCache.cpp
@@ -192,7 +192,7 @@
}
if (PrintCodeCacheExtension) {
ResourceMark rm;
- tty->print_cr("code cache extended to [" INTPTR_FORMAT ", " INTPTR_FORMAT "] (" SSIZE_FORMAT " bytes)",
+ tty->print_cr("code cache extended to [" INTPTR_FORMAT ", " INTPTR_FORMAT "] (" INTX_FORMAT " bytes)",
(intptr_t)_heap->low_boundary(), (intptr_t)_heap->high(),
(address)_heap->high() - (address)_heap->low_boundary());
}
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
@@ -598,7 +598,7 @@
" [Table]\n"
" [Memory Usage: " G1_STRDEDUP_BYTES_FORMAT_NS "]\n"
" [Size: " SIZE_FORMAT ", Min: " SIZE_FORMAT ", Max: " SIZE_FORMAT "]\n"
- " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " UINTX_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n"
+ " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " SIZE_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n"
" [Resize Count: " UINTX_FORMAT ", Shrink Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS "), Grow Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS ")]\n"
" [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: " UINT64_FORMAT "]\n"
" [Age Threshold: " UINTX_FORMAT "]",
diff --git openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp openjdk/hotspot/src/share/vm/memory/blockOffsetTable.cpp
--- openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp
+++ openjdk/hotspot/src/share/vm/memory/blockOffsetTable.cpp
@@ -57,7 +57,7 @@
gclog_or_tty->print_cr("BlockOffsetSharedArray::BlockOffsetSharedArray: ");
gclog_or_tty->print_cr(" "
" rs.base(): " INTPTR_FORMAT
- " rs.size(): " INTPTR_FORMAT
+ " rs.size(): " SIZE_FORMAT
" rs end(): " INTPTR_FORMAT,
p2i(rs.base()), rs.size(), p2i(rs.base() + rs.size()));
gclog_or_tty->print_cr(" "
diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp
--- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp
+++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp
@@ -1055,7 +1055,8 @@
size_t expected = msp.scale_by_NewRatio_aligned(initial_heap_size);
assert(msp.initial_gen0_size() == expected, err_msg("%zu != %zu", msp.initial_gen0_size(), expected));
assert(FLAG_IS_ERGO(NewSize) && NewSize == expected,
- err_msg("NewSize should have been set ergonomically to %zu, but was %zu", expected, NewSize));
+ err_msg("NewSize should have been set ergonomically to " SIZE_FORMAT ", but was " UINTX_FORMAT,
+ expected, NewSize));
}
private:
diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp
--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp
+++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp
@@ -1291,14 +1291,14 @@
}
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
- tty->print_cr("CMS ergo set MaxNewSize: " SIZE_FORMAT, MaxNewSize);
+ tty->print_cr("CMS ergo set MaxNewSize: " UINTX_FORMAT, MaxNewSize);
}
// Code along this path potentially sets NewSize and OldSize
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
- tty->print_cr("CMS set min_heap_size: " SIZE_FORMAT
- " initial_heap_size: " SIZE_FORMAT
+ tty->print_cr("CMS set min_heap_size: " UINTX_FORMAT
+ " initial_heap_size: " UINTX_FORMAT
" max_heap: " SIZE_FORMAT,
min_heap_size(), InitialHeapSize, max_heap);
}
@@ -1314,7 +1314,7 @@
FLAG_SET_ERGO(uintx, NewSize, MIN2(preferred_max_new_size, (size_t)NewSize));
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
- tty->print_cr("CMS ergo set NewSize: " SIZE_FORMAT, NewSize);
+ tty->print_cr("CMS ergo set NewSize: " UINTX_FORMAT, NewSize);
}
}
// Unless explicitly requested otherwise, size old gen
@@ -1324,7 +1324,7 @@
FLAG_SET_ERGO(uintx, OldSize, MIN2((size_t)(NewRatio*NewSize), max_heap - NewSize));
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
- tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize);
+ tty->print_cr("CMS ergo set OldSize: " UINTX_FORMAT, OldSize);
}
}
}
@@ -2043,7 +2043,7 @@
if (PrintGCDetails && Verbose) {
// Cannot use gclog_or_tty yet.
- tty->print_cr(" Initial heap size " SIZE_FORMAT, (uintx)reasonable_initial);
+ tty->print_cr(" Initial heap size " SIZE_FORMAT, (size_t)reasonable_initial);
}
FLAG_SET_ERGO(uintx, InitialHeapSize, (uintx)reasonable_initial);
}
@@ -2053,7 +2053,7 @@
set_min_heap_size(MIN2((uintx)reasonable_minimum, InitialHeapSize));
if (PrintGCDetails && Verbose) {
// Cannot use gclog_or_tty yet.
- tty->print_cr(" Minimum heap size " SIZE_FORMAT, min_heap_size());
+ tty->print_cr(" Minimum heap size " UINTX_FORMAT, min_heap_size());
}
}
}
diff --git openjdk.orig/hotspot/src/share/vm/utilities/globalDefinitions.hpp openjdk/hotspot/src/share/vm/utilities/globalDefinitions.hpp
--- openjdk.orig/hotspot/src/share/vm/utilities/globalDefinitions.hpp
+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions.hpp
@@ -1389,12 +1389,21 @@
#define INTPTR_FORMAT_W(width) "%" #width PRIxPTR
+#if defined(S390) && !defined(_LP64)
+#define SSIZE_FORMAT "%z" PRIdPTR
+#define SIZE_FORMAT "%z" PRIuPTR
+#define SIZE_FORMAT_HEX "0x%z" PRIxPTR
+#define SSIZE_FORMAT_W(width) "%" #width "z" PRIdPTR
+#define SIZE_FORMAT_W(width) "%" #width "z" PRIuPTR
+#define SIZE_FORMAT_HEX_W(width) "0x%" #width "z" PRIxPTR
+#else // !S390
#define SSIZE_FORMAT "%" PRIdPTR
#define SIZE_FORMAT "%" PRIuPTR
#define SIZE_FORMAT_HEX "0x%" PRIxPTR
#define SSIZE_FORMAT_W(width) "%" #width PRIdPTR
#define SIZE_FORMAT_W(width) "%" #width PRIuPTR
#define SIZE_FORMAT_HEX_W(width) "0x%" #width PRIxPTR
+#endif // S390
#define INTX_FORMAT "%" PRIdPTR
#define UINTX_FORMAT "%" PRIuPTR

View File

@ -0,0 +1,78 @@
# HG changeset patch
# User andrew
# Date 1545198926 0
# Wed Dec 19 05:55:26 2018 +0000
# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776
# Parent 81f07f6d1f8b7b51b136d3974c61bc8bb513770c
PR3655: Allow use of system crypto policy to be disabled by the user
Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile
diff --git a/src/share/classes/javopenjdk.orig/jdk/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
@@ -122,31 +122,6 @@
}
if ("true".equalsIgnoreCase(props.getProperty
- ("security.useSystemPropertiesFile"))) {
-
- // now load the system file, if it exists, so its values
- // will win if they conflict with the earlier values
- try (BufferedInputStream bis =
- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
- props.load(bis);
- loadedProps = true;
-
- if (sdebug != null) {
- sdebug.println("reading system security properties file " +
- SYSTEM_PROPERTIES);
- sdebug.println(props.toString());
- }
- } catch (IOException e) {
- if (sdebug != null) {
- sdebug.println
- ("unable to load security properties from " +
- SYSTEM_PROPERTIES);
- e.printStackTrace();
- }
- }
- }
-
- if ("true".equalsIgnoreCase(props.getProperty
("security.overridePropertiesFile"))) {
String extraPropFile = System.getProperty
@@ -212,6 +187,33 @@
}
}
+ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+ if (disableSystemProps == null &&
+ "true".equalsIgnoreCase(props.getProperty
+ ("security.useSystemPropertiesFile"))) {
+
+ // now load the system file, if it exists, so its values
+ // will win if they conflict with the earlier values
+ try (BufferedInputStream bis =
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+ props.load(bis);
+ loadedProps = true;
+
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ SYSTEM_PROPERTIES);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println
+ ("unable to load security properties from " +
+ SYSTEM_PROPERTIES);
+ e.printStackTrace();
+ }
+ }
+ }
+
if (!loadedProps) {
initializeStatic();
if (sdebug != null) {

View File

@ -0,0 +1,44 @@
#!/bin/sh
set -e
# https://bugzilla.redhat.com/show_bug.cgi?id=1142153
M=META-INF/MANIFEST.MF
#P=/usr/lib/jvm/java/jre/lib/security/policy
P=$1/lib/security/policy
ERRORS=0
for type in unlimited limited ; do
for f in local_policy.jar US_export_policy.jar ; do
ORIG=$P/$type/$f
echo "processing $f ($ORIG)"
if [ ! -f $ORIG ]; then
echo "File not found! $ORIG"
let ERRORS=$ERRORS+1
continue
fi
d=`mktemp -d`
NW=$d/$f
pushd $d
jar xf $ORIG
cat $M
# sed -i "s/Created-By.*/Created-By: 1.7.0/g" $M
sed -i "s/Created-By.*/Created-By: $2/g" $M
cat $M
find . -exec touch -t 201401010000 {} +
zip -rX $f *
popd
echo "replacing $ORIG"
touch -t 201401010000 $ORIG
md5sum $ORIG
sha256sum $ORIG
echo "by $NW"
md5sum $NW
sha256sum $NW
touch -t 201401010000 $NW
cp $NW $ORIG
md5sum $ORIG
sha256sum $ORIG
touch -t 201401010000 $ORIG
rm -rfv $d
done
done
exit $ERRORS

View File

@ -0,0 +1,66 @@
diff --git a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
--- openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
@@ -1,5 +1,6 @@
/*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -61,13 +62,13 @@
private static void checkKeySize(int keysize)
throws InvalidParameterException {
- boolean supported = ((keysize == 2048) || (keysize == 3072) ||
+ boolean supported = ((keysize == 2048) || (keysize == 3072) || (keysize == 4096) ||
((keysize >= 512) && (keysize <= 1024) && ((keysize & 0x3F) == 0)));
if (!supported) {
throw new InvalidParameterException(
"DH key size must be multiple of 64 and range " +
- "from 512 to 1024 (inclusive), or 2048, 3072. " +
+ "from 512 to 1024 (inclusive), or 2048, 3072, 4096. " +
"The specific key size " + keysize + " is not supported");
}
}
diff --git a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
--- openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
+++ openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -58,7 +59,7 @@
*/
private enum Sizes {
two56(256), three84(384), five12(512), seven68(768), ten24(1024),
- twenty48(2048);
+ twenty48(2048), forty96(4096);
private final int intSize;
private final BigInteger bigIntValue;
@@ -130,6 +131,19 @@
kp = kpg.generateKeyPair();
checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
+ kpg.initialize(Sizes.forty96.getIntSize());
+ kp = kpg.generateKeyPair();
+ checkKeyPair(kp, Sizes.forty96, Sizes.twenty48);
+
+ publicKey = (DHPublicKey)kp.getPublic();
+ p = publicKey.getParams().getP();
+ g = publicKey.getParams().getG();
+
+ // test w/ all values specified
+ kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
+ kp = kpg.generateKeyPair();
+ checkKeyPair(kp, Sizes.forty96, Sizes.ten24);
+
System.out.println("OK");
}

View File

@ -0,0 +1,12 @@
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
@@ -1004,7 +1004,7 @@
}
} else if (command == GENKEYPAIR) {
if (keyAlgName == null) {
- keyAlgName = "DSA";
+ keyAlgName = "RSA";
}
doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName);
kssave = true;

View File

@ -0,0 +1,16 @@
diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java
--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500
+++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500
@@ -883,7 +883,11 @@
return null;
}
});
- loadAssistiveTechnologies();
+ try {
+ loadAssistiveTechnologies();
+ } catch ( AWTError error) {
+ // ignore silently
+ }
}
return toolkit;
}

View File

@ -0,0 +1,12 @@
diff --git a/src/share/vm/runtime/globals.hpp b/src/share/vm/runtime/globals.hpp
--- openjdk/hotspot/src/share/vm/runtime/globals.hpp
+++ openjdk/hotspot/src/share/vm/runtime/globals.hpp
@@ -530,7 +530,7 @@
lp64_product(intx, ObjectAlignmentInBytes, 8, \
"Default object alignment in bytes, 8 is minimum") \
\
- product(bool, AssumeMP, false, \
+ product(bool, AssumeMP, true, \
"Instruct the VM to assume multiple processors are available") \
\
/* UseMembar is theoretically a temp flag used for memory barrier \

View File

@ -0,0 +1,11 @@
diff -r 5b86f66575b7 src/share/lib/security/java.security-linux
--- openjdk/jdk/src/share/lib/security/java.security-linux Tue May 16 13:29:05 2017 -0700
+++ openjdk/jdk/src/share/lib/security/java.security-linux Tue Jun 06 14:05:12 2017 +0200
@@ -74,6 +74,7 @@
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
+#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
#
# Sun Provider SecureRandom seed source.

View File

@ -0,0 +1,25 @@
diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
--- openjdk.orig/jdk/src/share/lib/security/java.security-linux
+++ openjdk/jdk/src/share/lib/security/java.security-linux
@@ -226,7 +226,9 @@
com.sun.activation.registries.,\
jdk.jfr.events.,\
jdk.jfr.internal.,\
- jdk.management.jfr.internal.
+ jdk.management.jfr.internal.,\
+ org.GNOME.Accessibility.,\
+ org.GNOME.Bonobo.
#
# List of comma-separated packages that start with or equal this string
@@ -279,7 +281,9 @@
com.sun.activation.registries.,\
jdk.jfr.events.,\
jdk.jfr.internal.,\
- jdk.management.jfr.internal.
+ jdk.management.jfr.internal.,\
+ org.GNOME.Accessibility.,\
+ org.GNOME.Bonobo.
#
# Determines whether this properties file can be appended to

View File

@ -0,0 +1,16 @@
diff --git openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk openjdk/jdk/make/lib/Awt2dLibraries.gmk
--- openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk
+++ openjdk/jdk/make/lib/Awt2dLibraries.gmk
@@ -891,6 +891,12 @@
BUILD_LIBFONTMANAGER_ExtensionSubtables.cpp_CXXFLAGS := -fno-strict-aliasing
endif
+# Turn off strict overflow with GCC for IndicRearrangementProcessor.cpp
+ifeq ($(OPENJDK_TARGET_OS), linux)
+ BUILD_LIBFONTMANAGER_IndicRearrangementProcessor.cpp_CXXFLAGS := -fno-strict-overflow
+ BUILD_LIBFONTMANAGER_IndicRearrangementProcessor2.cpp_CXXFLAGS := -fno-strict-overflow
+endif
+
# LDFLAGS clarification:
# Filter relevant linker flags disallowing unresolved symbols as we cannot
# build-time decide to which library to link against (libawt_headless or

View File

@ -0,0 +1,208 @@
diff --git a/src/share/classes/javopenjdk.orig/jdk/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
@@ -191,27 +191,7 @@
if (disableSystemProps == null &&
"true".equalsIgnoreCase(props.getProperty
("security.useSystemPropertiesFile"))) {
-
- // now load the system file, if it exists, so its values
- // will win if they conflict with the earlier values
- try (BufferedInputStream bis =
- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
- props.load(bis);
- loadedProps = true;
-
- if (sdebug != null) {
- sdebug.println("reading system security properties file " +
- SYSTEM_PROPERTIES);
- sdebug.println(props.toString());
- }
- } catch (IOException e) {
- if (sdebug != null) {
- sdebug.println
- ("unable to load security properties from " +
- SYSTEM_PROPERTIES);
- e.printStackTrace();
- }
- }
+ loadedProps = loadedProps && SystemConfigurator.configure(props);
}
if (!loadedProps) {
diff --git a/src/share/classes/javopenjdk.orig/jdk/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
new file mode 100644
--- /dev/null
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+
+import java.nio.file.Files;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+
+import java.util.Iterator;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.function.Consumer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import sun.security.util.Debug;
+
+/**
+ * Internal class to align OpenJDK with global crypto-policies.
+ * Called from java.security.Security class initialization,
+ * during startup.
+ *
+ */
+
+class SystemConfigurator {
+
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+
+ private static final String CRYPTO_POLICIES_BASE_DIR =
+ "/etc/crypto-policies";
+
+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+ private static final String CRYPTO_POLICIES_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/config";
+
+ private static final class SecurityProviderInfo {
+ int number;
+ String key;
+ String value;
+ SecurityProviderInfo(int number, String key, String value) {
+ this.number = number;
+ this.key = key;
+ this.value = value;
+ }
+ }
+
+ /*
+ * Invoked when java.security.Security class is initialized, if
+ * java.security.disableSystemPropertiesFile property is not set and
+ * security.useSystemPropertiesFile is true.
+ */
+ static boolean configure(Properties props) {
+ boolean loadedProps = false;
+
+ try (BufferedInputStream bis =
+ new BufferedInputStream(
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
+ props.load(bis);
+ loadedProps = true;
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load security properties from " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ e.printStackTrace();
+ }
+ }
+
+ try {
+ if (enableFips()) {
+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
+ loadedProps = false;
+ // Remove all security providers
+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
+ while (i.hasNext()) {
+ Entry<Object, Object> e = i.next();
+ if (((String) e.getKey()).startsWith("security.provider")) {
+ if (sdebug != null) { sdebug.println("Removing provider: " + e); }
+ i.remove();
+ }
+ }
+ // Add FIPS security providers
+ String fipsProviderValue = null;
+ for (int n = 1;
+ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) {
+ String fipsProviderKey = "security.provider." + n;
+ if (sdebug != null) {
+ sdebug.println("Adding provider " + n + ": " +
+ fipsProviderKey + "=" + fipsProviderValue);
+ }
+ props.put(fipsProviderKey, fipsProviderValue);
+ }
+ loadedProps = true;
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load FIPS configuration");
+ e.printStackTrace();
+ }
+ }
+ return loadedProps;
+ }
+
+ /*
+ * FIPS is enabled only if crypto-policies are set to "FIPS"
+ * and the com.redhat.fips property is true.
+ */
+ private static boolean enableFips() throws Exception {
+ boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (fipsEnabled) {
+ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+ return pattern.matcher(cryptoPoliciesConfig).find();
+ } else {
+ return false;
+ }
+ }
+}
diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
--- openjdk.orig/jdk/src/share/lib/security/java.security-linux
+++ openjdk/jdk/src/share/lib/security/java.security-linux
@@ -77,6 +77,14 @@
#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
#
+# Security providers used when global crypto-policies are set to FIPS.
+#
+fips.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.fips.cfg
+fips.provider.2=sun.security.provider.Sun
+fips.provider.3=sun.security.ec.SunEC
+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
+
+#
# Sun Provider SecureRandom seed source.
#
# Select the primary source of seed data for the "SHA1PRNG" and

View File

@ -0,0 +1,128 @@
diff --git openjdk.orig/jdk/make/CompileLaunchers.gmk openjdk/jdk/make/CompileLaunchers.gmk
--- openjdk.orig/jdk/make/CompileLaunchers.gmk
+++ openjdk/jdk/make/CompileLaunchers.gmk
@@ -255,6 +255,32 @@
endif
endif
+$(eval $(call SetupLauncher,alt-java, \
+ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \
+ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
+ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
+
+$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX): $(BUILD_LAUNCHER_alt-java)
+ $(MKDIR) -p $(@D)
+ $(RM) $@
+ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) $@
+
+$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT): $(BUILD_LAUNCHER_alt-java)
+ $(MKDIR) -p $(@D)
+ $(RM) $@
+ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT) $@
+
+ifeq ($(OPENJDK_TARGET_OS), linux)
+ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX)
+ ifeq ($(ENABLE_DEBUG_SYMBOLS), true)
+ ifneq ($(POST_STRIP_CMD), )
+ ifneq ($(STRIP_POLICY), no_strip)
+ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT)
+ endif
+ endif
+ endif
+endif
+
ifeq ($(OPENJDK_TARGET_OS), windows)
$(eval $(call SetupLauncher,javaw, \
-DJAVAW -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \
diff --git openjdk.orig/jdk/src/share/bin/alt_main.h openjdk/jdk/src/share/bin/alt_main.h
new file mode 100644
--- /dev/null
+++ openjdk/jdk/src/share/bin/alt_main.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#ifdef REDHAT_ALT_JAVA
+
+#include <sys/prctl.h>
+
+
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+# define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+# define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+#ifndef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+#endif
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+
+#ifndef PR_SPEC_NOT_AFFECTED
+# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
+# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
+# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
+# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
+#endif // REDHAT_ALT_JAVA
diff --git openjdk.orig/jdk/src/share/bin/main.c openjdk/jdk/src/share/bin/main.c
--- openjdk.orig/jdk/src/share/bin/main.c
+++ openjdk/jdk/src/share/bin/main.c
@@ -32,6 +32,10 @@
#include "defines.h"
+#if defined(linux) && defined(__x86_64)
+#include "alt_main.h"
+#endif
+
#ifdef _MSC_VER
#if _MSC_VER > 1400 && _MSC_VER < 1600

View File

@ -0,0 +1,52 @@
diff -r 6efbd7b35a10 src/share/classes/java/security/SystemConfigurator.java
--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Mon Mar 02 19:20:17 2020 -0300
@@ -123,6 +123,33 @@
}
props.put(fipsProviderKey, fipsProviderValue);
}
+ // Add other security properties
+ String keystoreTypeValue = (String) props.get("fips.keystore.type");
+ if (keystoreTypeValue != null) {
+ String nonFipsKeystoreType = props.getProperty("keystore.type");
+ props.put("keystore.type", keystoreTypeValue);
+ if (keystoreTypeValue.equals("PKCS11")) {
+ // If keystore.type is PKCS11, javax.net.ssl.keyStore
+ // must be "NONE". See JDK-8238264.
+ System.setProperty("javax.net.ssl.keyStore", "NONE");
+ }
+ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
+ // If no trustStoreType has been set, use the
+ // previous keystore.type under FIPS mode. In
+ // a default configuration, the Trust Store will
+ // be 'cacerts' (JKS type).
+ System.setProperty("javax.net.ssl.trustStoreType",
+ nonFipsKeystoreType);
+ }
+ if (sdebug != null) {
+ sdebug.println("FIPS mode default keystore.type = " +
+ keystoreTypeValue);
+ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
+ System.getProperty("javax.net.ssl.keyStore", ""));
+ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
+ System.getProperty("javax.net.ssl.trustStoreType", ""));
+ }
+ }
loadedProps = true;
}
} catch (Exception e) {
diff -r 6efbd7b35a10 src/share/lib/security/java.security-linux
--- openjdk.orig/jdk/src/share/lib/security/java.security-linux Thu Jan 23 18:22:31 2020 -0300
+++ openjdk/jdk/src/share/lib/security/java.security-linux Mon Mar 02 19:20:17 2020 -0300
@@ -179,6 +179,11 @@
keystore.type=jks
#
+# Default keystore type used when global crypto-policies are set to FIPS.
+#
+fips.keystore.type=PKCS11
+
+#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading

View File

@ -0,0 +1,327 @@
diff -r bbc65dfa59d1 src/share/classes/java/security/SystemConfigurator.java
--- openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Sat Aug 01 23:16:51 2020 -0300
@@ -1,11 +1,13 @@
/*
- * Copyright (c) 2019, Red Hat, Inc.
+ * Copyright (c) 2019, 2020, Red Hat, Inc.
*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
@@ -34,10 +36,10 @@
import java.util.Iterator;
import java.util.Map.Entry;
import java.util.Properties;
-import java.util.function.Consumer;
-import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecuritySystemConfiguratorAccess;
import sun.security.util.Debug;
/**
@@ -47,7 +49,7 @@
*
*/
-class SystemConfigurator {
+final class SystemConfigurator {
private static final Debug sdebug =
Debug.getInstance("properties");
@@ -61,15 +63,16 @@
private static final String CRYPTO_POLICIES_CONFIG =
CRYPTO_POLICIES_BASE_DIR + "/config";
- private static final class SecurityProviderInfo {
- int number;
- String key;
- String value;
- SecurityProviderInfo(int number, String key, String value) {
- this.number = number;
- this.key = key;
- this.value = value;
- }
+ private static boolean systemFipsEnabled = false;
+
+ static {
+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
+ new JavaSecuritySystemConfiguratorAccess() {
+ @Override
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
+ });
}
/*
@@ -128,9 +131,9 @@
String nonFipsKeystoreType = props.getProperty("keystore.type");
props.put("keystore.type", keystoreTypeValue);
if (keystoreTypeValue.equals("PKCS11")) {
- // If keystore.type is PKCS11, javax.net.ssl.keyStore
- // must be "NONE". See JDK-8238264.
- System.setProperty("javax.net.ssl.keyStore", "NONE");
+ // If keystore.type is PKCS11, javax.net.ssl.keyStore
+ // must be "NONE". See JDK-8238264.
+ System.setProperty("javax.net.ssl.keyStore", "NONE");
}
if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
// If no trustStoreType has been set, use the
@@ -144,12 +147,13 @@
sdebug.println("FIPS mode default keystore.type = " +
keystoreTypeValue);
sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
- System.getProperty("javax.net.ssl.keyStore", ""));
+ System.getProperty("javax.net.ssl.keyStore", ""));
sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
System.getProperty("javax.net.ssl.trustStoreType", ""));
}
}
loadedProps = true;
+ systemFipsEnabled = true;
}
} catch (Exception e) {
if (sdebug != null) {
@@ -165,20 +165,37 @@
return loadedProps;
}
+ /**
+ * Returns whether or not global system FIPS alignment is enabled.
+ *
+ * Value is always 'false' before java.security.Security class is
+ * initialized.
+ *
+ * Call from out of this package through SharedSecrets:
+ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ * .isSystemFipsEnabled();
+ *
+ * @return a boolean value indicating whether or not global
+ * system FIPS alignment is enabled.
+ */
+ static boolean isSystemFipsEnabled() {
+ return systemFipsEnabled;
+ }
+
/*
* FIPS is enabled only if crypto-policies are set to "FIPS"
* and the com.redhat.fips property is true.
*/
private static boolean enableFips() throws Exception {
- boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
- if (fipsEnabled) {
- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
- return pattern.matcher(cryptoPoliciesConfig).find();
- } else {
- return false;
- }
+ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (shouldEnable) {
+ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+ return pattern.matcher(cryptoPoliciesConfig).find();
+ } else {
+ return false;
+ }
}
}
diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
new file mode 100644
--- /dev/null
+++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2020, Red Hat, Inc.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.misc;
+
+public interface JavaSecuritySystemConfiguratorAccess {
+ boolean isSystemFipsEnabled();
+}
diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
+++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
@@ -63,6 +63,7 @@
private static JavaObjectInputStreamReadString javaObjectInputStreamReadString;
private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
+ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
@@ -248,4 +249,12 @@
}
return javaxCryptoSealedObjectAccess;
}
+
+ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
+ javaSecuritySystemConfiguratorAccess = jssca;
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
+ return javaSecuritySystemConfiguratorAccess;
+ }
}
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -31,6 +31,7 @@
import java.security.cert.*;
import java.util.*;
import javax.net.ssl.*;
+import sun.misc.SharedSecrets;
import sun.security.action.GetPropertyAction;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.validator.Validator;
@@ -539,20 +540,38 @@
static {
if (SunJSSE.isFIPS()) {
- supportedProtocols = Arrays.asList(
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- );
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ supportedProtocols = Arrays.asList(
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ );
- serverDefaultProtocols = getAvailableProtocols(
- new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- });
+ serverDefaultProtocols = getAvailableProtocols(
+ new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ });
+ } else {
+ supportedProtocols = Arrays.asList(
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ );
+
+ serverDefaultProtocols = getAvailableProtocols(
+ new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ });
+ }
} else {
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
@@ -612,6 +631,16 @@
static ProtocolVersion[] getSupportedProtocols() {
if (SunJSSE.isFIPS()) {
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ return new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ }
return new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
@@ -939,6 +968,16 @@
static ProtocolVersion[] getProtocols() {
if (SunJSSE.isFIPS()) {
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ return new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ }
return new ProtocolVersion[]{
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
@@ -30,6 +30,8 @@
import java.security.*;
+import sun.misc.SharedSecrets;
+
/**
* The JSSE provider.
*
@@ -215,8 +217,13 @@
"sun.security.ssl.SSLContextImpl$TLS11Context");
put("SSLContext.TLSv1.2",
"sun.security.ssl.SSLContextImpl$TLS12Context");
- put("SSLContext.TLSv1.3",
- "sun.security.ssl.SSLContextImpl$TLS13Context");
+ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ put("SSLContext.TLSv1.3",
+ "sun.security.ssl.SSLContextImpl$TLS13Context");
+ }
put("SSLContext.TLS",
"sun.security.ssl.SSLContextImpl$TLSContext");
if (isfips == false) {

View File

@ -0,0 +1,20 @@
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 06:57:19 2020 +0100
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:56:48 2020 -0300
@@ -627,7 +627,7 @@
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
- reset(false);
+ reset(true);
throw new ProviderException("update() failed", e);
}
}
@@ -745,7 +745,7 @@
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
- reset(false);
+ reset(true);
throw new ProviderException("update() failed", e);
}
}

View File

@ -0,0 +1,65 @@
# HG changeset patch
# User andrew
# Date 1608219816 0
# Thu Dec 17 15:43:36 2020 +0000
# Node ID db5d1b28bfce04352b3a48960bf836f6eb20804b
# Parent a2cfa397150e99b813354226d536eb8509b5850b
RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
@@ -30,6 +30,8 @@
import java.util.concurrent.ConcurrentHashMap;
import java.io.*;
import java.net.URL;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecuritySystemConfiguratorAccess;
import sun.security.util.Debug;
import sun.security.util.PropertyExpander;
@@ -69,6 +71,15 @@
}
static {
+ // Initialise here as used by code with system properties disabled
+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
+ new JavaSecuritySystemConfiguratorAccess() {
+ @Override
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
+ });
+
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call,
diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
@@ -39,8 +39,6 @@
import java.util.Properties;
import java.util.regex.Pattern;
-import sun.misc.SharedSecrets;
-import sun.misc.JavaSecuritySystemConfiguratorAccess;
import sun.security.util.Debug;
/**
@@ -66,16 +64,6 @@
private static boolean systemFipsEnabled = false;
- static {
- SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
- new JavaSecuritySystemConfiguratorAccess() {
- @Override
- public boolean isSystemFipsEnabled() {
- return SystemConfigurator.isSystemFipsEnabled();
- }
- });
- }
-
/*
* Invoked when java.security.Security class is initialized, if
* java.security.disableSystemPropertiesFile property is not set and

View File

@ -0,0 +1,37 @@
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp
@@ -78,7 +78,8 @@
size_t num_target_elems = pointer_delta(end, bottom, mapping_granularity_in_bytes);
idx_t bias = (uintptr_t)bottom / mapping_granularity_in_bytes;
address base = create_new_base_array(num_target_elems, target_elem_size_in_bytes);
- initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, log2_intptr(mapping_granularity_in_bytes));
+ initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes,
+ log2_long(mapping_granularity_in_bytes));
}
size_t bias() const { return _bias; }
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
@@ -135,7 +135,7 @@
void BinaryMagnitudeSeq::add(size_t val) {
Atomic::add(val, &_sum);
- int mag = log2_intptr(val) + 1;
+ int mag = log2_long(val) + 1;
// Defensively saturate for product bits:
if (mag < 0) {
diff --git openjdk.orig/hotspot/src/share/vm/runtime/os.cpp openjdk/hotspot/src/share/vm/runtime/os.cpp
--- openjdk.orig/hotspot/src/share/vm/runtime/os.cpp
+++ openjdk/hotspot/src/share/vm/runtime/os.cpp
@@ -1284,7 +1284,7 @@
}
void os::set_memory_serialize_page(address page) {
- int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64);
+ int count = log2_long(sizeof(class JavaThread)) - log2_int(64);
_mem_serialize_page = (volatile int32_t *)page;
// We initialize the serialization page shift count here
// We assume a cache line size of 64 bytes

File diff suppressed because it is too large Load Diff