import java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1
This commit is contained in:
parent
aa0824129b
commit
5e208f7f0a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz
|
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
10817d699dd7c85b03cfbd8eb820e00b19ddcae7 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz
|
3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||||
|
204
SOURCES/NEWS
204
SOURCES/NEWS
@ -3,6 +3,210 @@ Key:
|
|||||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||||
|
|
||||||
|
New in release OpenJDK 8u372 (2023-04-18):
|
||||||
|
===========================================
|
||||||
|
Live versions of these release notes can be found at:
|
||||||
|
* https://bit.ly/openjdk8u372
|
||||||
|
|
||||||
|
* CVEs
|
||||||
|
- CVE-2023-21930
|
||||||
|
- CVE-2023-21937
|
||||||
|
- CVE-2023-21938
|
||||||
|
- CVE-2023-21939
|
||||||
|
- CVE-2023-21954
|
||||||
|
- CVE-2023-21967
|
||||||
|
- CVE-2023-21968
|
||||||
|
* Security fixes
|
||||||
|
- JDK-8287404: Improve ping times
|
||||||
|
- JDK-8288436: Improve Xalan supports
|
||||||
|
- JDK-8294474: Better AES support
|
||||||
|
- JDK-8295304: Runtime support improvements
|
||||||
|
- JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation
|
||||||
|
- JDK-8296676, JDK-8296622: Improve String platform support
|
||||||
|
- JDK-8296684: Improve String platform support
|
||||||
|
- JDK-8296692: Improve String platform support
|
||||||
|
- JDK-8296700: Improve String platform support
|
||||||
|
- JDK-8296832: Improve Swing platform support
|
||||||
|
- JDK-8297371: Improve UTF8 representation redux
|
||||||
|
- JDK-8298191: Enhance object reclamation process
|
||||||
|
- JDK-8298310: Enhance TLS session negotiation
|
||||||
|
- JDK-8298667: Improved path handling
|
||||||
|
- JDK-8299129: Enhance NameService lookups
|
||||||
|
* New features
|
||||||
|
- JDK-8230305: Cgroups v2: Container awareness
|
||||||
|
* Other changes
|
||||||
|
- JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html
|
||||||
|
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
||||||
|
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
||||||
|
- JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be
|
||||||
|
- JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation
|
||||||
|
- JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java
|
||||||
|
- JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows
|
||||||
|
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
|
||||||
|
- JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB
|
||||||
|
- JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error
|
||||||
|
- JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
|
||||||
|
- JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu
|
||||||
|
- JDK-8156579: Two JavaBeans tests failed
|
||||||
|
- JDK-8156581: Cleanup of ProblemList.txt
|
||||||
|
- JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail
|
||||||
|
- JDK-8177560: @headful key can be removed from the tests for JavaSound
|
||||||
|
- JDK-8196196: Headful tests should not be run in headless mode
|
||||||
|
- JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails
|
||||||
|
- JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp
|
||||||
|
- JDK-8203485: [freetype] text rotated on 180 degrees is too narrow
|
||||||
|
- JDK-8205959: Do not restart close if errno is EINTR
|
||||||
|
- JDK-8216366: Add rationale to PER_CPU_SHARES define
|
||||||
|
- JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
|
||||||
|
- JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes)
|
||||||
|
- JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12
|
||||||
|
- JDK-8229202: Docker reporting causes secondary crashes in error handling
|
||||||
|
- JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
|
||||||
|
- JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation
|
||||||
|
- JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
|
||||||
|
- JDK-8234484: Add ability to configure third port for remote JMX
|
||||||
|
- JDK-8237479: 8230305 causes slowdebug build failure
|
||||||
|
- JDK-8239559: Cgroups: Incorrect detection logic on some systems
|
||||||
|
- JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
|
||||||
|
- JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
|
||||||
|
- JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
|
||||||
|
- JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
|
||||||
|
- JDK-8242468: VS2019 build missing vcruntime140_1.dll
|
||||||
|
- JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
|
||||||
|
- JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
|
||||||
|
- JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
|
||||||
|
- JDK-8245654: Add Certigna Root CA
|
||||||
|
- JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
|
||||||
|
- JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
|
||||||
|
- JDK-8252359: HotSpot Not Identifying it is Running in a Container
|
||||||
|
- JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
|
||||||
|
- JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
|
||||||
|
- JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
|
||||||
|
- JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
|
||||||
|
- JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
|
||||||
|
- JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
|
||||||
|
- JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
|
||||||
|
- JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
|
||||||
|
- JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
|
||||||
|
- JDK-8257620: Do not use objc_msgSend_stret to get macOS version
|
||||||
|
- JDK-8262379: Add regression test for JDK-8257746
|
||||||
|
- JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
|
||||||
|
- JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
|
||||||
|
- JDK-8270317: Large Allocation in CipherSuite
|
||||||
|
- JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
||||||
|
- JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
|
||||||
|
- JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
|
||||||
|
- JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
|
||||||
|
- JDK-8280048: Missing comma in copyright header
|
||||||
|
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
|
||||||
|
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
|
||||||
|
- JDK-8282947: JFR: Dump on shutdown live-locks in some conditions
|
||||||
|
- JDK-8283277: ISO 4217 Amendment 171 Update
|
||||||
|
- JDK-8283606: Tests may fail with zh locale on MacOS
|
||||||
|
- JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
|
||||||
|
- JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
|
||||||
|
- JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
|
||||||
|
- JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
|
||||||
|
- JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
|
||||||
|
- JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
|
||||||
|
- JDK-8287109: Distrust.java failed with CertificateExpiredException
|
||||||
|
- JDK-8287463: JFR: Disable TestDevNull.java on Windows
|
||||||
|
- JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
|
||||||
|
- JDK-8289549: ISO 4217 Amendment 172 Update
|
||||||
|
- JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun
|
||||||
|
- JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
|
||||||
|
- JDK-8292083: Detected container memory limit may exceed physical machine memory
|
||||||
|
- JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
|
||||||
|
- JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
|
||||||
|
- JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
|
||||||
|
- JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
|
||||||
|
- JDK-8294307: ISO 4217 Amendment 173 Update
|
||||||
|
- JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features
|
||||||
|
- JDK-8295322: Tests for JDK-8271459 were not backported to 11u
|
||||||
|
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
||||||
|
- JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process
|
||||||
|
- JDK-8296239: ISO 4217 Amendment 174 Update
|
||||||
|
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
||||||
|
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
||||||
|
- JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
|
||||||
|
- JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
|
||||||
|
- JDK-8297329: [8u] hotspot needs to recognise VS2019
|
||||||
|
- JDK-8297739: Bump update version of OpenJDK: 8u372
|
||||||
|
- JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's
|
||||||
|
- JDK-8298027: Remove SCCS id's from awt jtreg tests
|
||||||
|
- JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u
|
||||||
|
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||||
|
- JDK-8299445: EndingDotHostname.java fails because of compilation errors
|
||||||
|
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||||
|
- JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u
|
||||||
|
- JDK-8299804: Fix non-portable code in hotspot shell tests in 8u
|
||||||
|
- JDK-8300014: Some backports placed the tests in the wrong location
|
||||||
|
- JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
|
||||||
|
- JDK-8301122: [8u] Fix unreliable vs2010 download link
|
||||||
|
- JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper
|
||||||
|
- JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig
|
||||||
|
- JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport
|
||||||
|
- JDK-8301550: [8u] Enable additional linux build testing in GitHub
|
||||||
|
- JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors
|
||||||
|
- JDK-8301760: Fix possible leak in SpNegoContext dispose
|
||||||
|
- JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391
|
||||||
|
- JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391
|
||||||
|
- JDK-8304053: Revert os specific stubs for SystemMetrics
|
||||||
|
- JDK-8305113: (tz) Update Timezone Data to 2023c
|
||||||
|
|
||||||
|
Notes on individual issues:
|
||||||
|
===========================
|
||||||
|
|
||||||
|
hotspot:
|
||||||
|
core-libs:
|
||||||
|
|
||||||
|
JDK-8305562: Cgroups v2: Container awareness
|
||||||
|
============================================
|
||||||
|
The HotSpot runtime code as well as the core libraries code in the JDK
|
||||||
|
has been updated in order to detect a cgroup v2 host system when
|
||||||
|
running OpenJDK within a Linux container.
|
||||||
|
|
||||||
|
Since the 8u202 release of OpenJDK, the container detection code
|
||||||
|
recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later
|
||||||
|
releases, both versions of the underlying cgroups pseudo filesystem
|
||||||
|
will be detected and corresponding container limits applied to the
|
||||||
|
OpenJDK runtime.
|
||||||
|
|
||||||
|
Without this enhancement, OpenJDK would not apply container resource
|
||||||
|
limits when running on a cgroup v2 Linux host system, but would use
|
||||||
|
the underlying hosts' resource limits instead.
|
||||||
|
|
||||||
|
client-libs/javax.swing:
|
||||||
|
|
||||||
|
JDK-8296832: Improve Swing platform support
|
||||||
|
===========================================
|
||||||
|
Earlier OpenJDK releases would always render HTML object tags embedded in
|
||||||
|
Swing HTML components. With this release, rendering only occurs when the
|
||||||
|
new system property "swing.html.object" is set to true. By default, it
|
||||||
|
is set to false.
|
||||||
|
|
||||||
|
core-svc/javax.management:
|
||||||
|
|
||||||
|
JDK-8234484: Added Ability to Configure Third Port for Remote JMX
|
||||||
|
=================================================================
|
||||||
|
A local access port can now be configured for JMX connections by
|
||||||
|
setting the property `com.sun.management.jmxremote.local.port`. This
|
||||||
|
local port was previously selected at random, which could lead to port
|
||||||
|
collisions. The property works in the same way as the existing
|
||||||
|
properties for configuring the remote access port
|
||||||
|
(`com.sun.management.jmxremote.port`) and the RMI port
|
||||||
|
(`com.sun.management.jmxremote.rmi.port`)
|
||||||
|
|
||||||
|
security-libs/java.security:
|
||||||
|
|
||||||
|
JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
|
||||||
|
==========================================================
|
||||||
|
The following root certificate has been added to the cacerts truststore:
|
||||||
|
|
||||||
|
Name: Certigna (Dhimyotis)
|
||||||
|
Alias Name: certignarootca
|
||||||
|
Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
|
||||||
|
|
||||||
New in release OpenJDK 8u362 (2023-01-17):
|
New in release OpenJDK 8u362 (2023-01-17):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
|
@ -0,0 +1,167 @@
|
|||||||
|
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
|
||||||
|
Author: Alexey Bakhtin <abakhtin@openjdk.org>
|
||||||
|
Date: Tue Apr 4 10:29:11 2023 +0000
|
||||||
|
|
||||||
|
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||||
|
|
||||||
|
Reviewed-by: andrew, mbalao
|
||||||
|
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
|
||||||
|
|
||||||
|
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||||
|
index a79e97d7c74..5378446b97b 100644
|
||||||
|
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||||
|
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||||
|
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
@Override
|
||||||
|
protected void engineInitVerify(PublicKey publicKey)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
- if (!(publicKey instanceof RSAPublicKey)) {
|
||||||
|
+ if (publicKey instanceof RSAPublicKey) {
|
||||||
|
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
|
||||||
|
+ isPublicKeyValid(rsaPubKey);
|
||||||
|
+ this.pubKey = rsaPubKey;
|
||||||
|
+ this.privKey = null;
|
||||||
|
+ resetDigest();
|
||||||
|
+ } else {
|
||||||
|
throw new InvalidKeyException("key must be RSAPublicKey");
|
||||||
|
}
|
||||||
|
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
|
||||||
|
- this.privKey = null;
|
||||||
|
- resetDigest();
|
||||||
|
}
|
||||||
|
|
||||||
|
// initialize for signing. See JCA doc
|
||||||
|
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
@Override
|
||||||
|
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
- if (!(privateKey instanceof RSAPrivateKey)) {
|
||||||
|
+ if (privateKey instanceof RSAPrivateKey) {
|
||||||
|
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
|
||||||
|
+ isPrivateKeyValid(rsaPrivateKey);
|
||||||
|
+ this.privKey = rsaPrivateKey;
|
||||||
|
+ this.pubKey = null;
|
||||||
|
+ this.random =
|
||||||
|
+ (random == null ? JCAUtil.getSecureRandom() : random);
|
||||||
|
+ resetDigest();
|
||||||
|
+ } else {
|
||||||
|
throw new InvalidKeyException("key must be RSAPrivateKey");
|
||||||
|
}
|
||||||
|
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
|
||||||
|
- this.pubKey = null;
|
||||||
|
- this.random =
|
||||||
|
- (random == null? JCAUtil.getSecureRandom() : random);
|
||||||
|
- resetDigest();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Validate the specified RSAPrivateKey
|
||||||
|
+ */
|
||||||
|
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
|
||||||
|
+ try {
|
||||||
|
+ if (prKey instanceof RSAPrivateCrtKey) {
|
||||||
|
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
|
||||||
|
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
|
||||||
|
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||||
|
+ crtKey.getModulus().bitLength(),
|
||||||
|
+ crtKey.getPublicExponent());
|
||||||
|
+ } else {
|
||||||
|
+ throw new InvalidKeyException(
|
||||||
|
+ "Some of the CRT-specific components are not available");
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||||
|
+ prKey.getModulus().bitLength(),
|
||||||
|
+ null);
|
||||||
|
+ }
|
||||||
|
+ } catch (InvalidKeyException ikEx) {
|
||||||
|
+ throw ikEx;
|
||||||
|
+ } catch (Exception e) {
|
||||||
|
+ throw new InvalidKeyException(
|
||||||
|
+ "Can not access private key components", e);
|
||||||
|
+ }
|
||||||
|
+ isValid(prKey);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Validate the specified RSAPublicKey
|
||||||
|
+ */
|
||||||
|
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
|
||||||
|
+ try {
|
||||||
|
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||||
|
+ pKey.getModulus().bitLength(),
|
||||||
|
+ pKey.getPublicExponent());
|
||||||
|
+ } catch (InvalidKeyException ikEx) {
|
||||||
|
+ throw ikEx;
|
||||||
|
+ } catch (Exception e) {
|
||||||
|
+ throw new InvalidKeyException(
|
||||||
|
+ "Can not access public key components", e);
|
||||||
|
+ }
|
||||||
|
+ isValid(pKey);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Validate the specified RSAKey and its associated parameters against
|
||||||
|
* internal signature parameters.
|
||||||
|
*/
|
||||||
|
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||||
|
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||||
|
try {
|
||||||
|
AlgorithmParameterSpec keyParams = rsaKey.getParams();
|
||||||
|
// validate key parameters
|
||||||
|
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
}
|
||||||
|
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
|
||||||
|
}
|
||||||
|
- return rsaKey;
|
||||||
|
} catch (SignatureException e) {
|
||||||
|
throw new InvalidKeyException(e);
|
||||||
|
}
|
||||||
|
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||||
|
index 6b219937981..b3c1fae9672 100644
|
||||||
|
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||||
|
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||||
|
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
|
||||||
|
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
|
||||||
|
// check all CRT-specific components are available, if any one
|
||||||
|
// missing, return a non-CRT key instead
|
||||||
|
- if ((key.getPublicExponent().signum() == 0) ||
|
||||||
|
- (key.getPrimeExponentP().signum() == 0) ||
|
||||||
|
- (key.getPrimeExponentQ().signum() == 0) ||
|
||||||
|
- (key.getPrimeP().signum() == 0) ||
|
||||||
|
- (key.getPrimeQ().signum() == 0) ||
|
||||||
|
- (key.getCrtCoefficient().signum() == 0)) {
|
||||||
|
+ if (checkComponents(key)) {
|
||||||
|
+ return key;
|
||||||
|
+ } else {
|
||||||
|
return new RSAPrivateKeyImpl(
|
||||||
|
key.algid,
|
||||||
|
key.getModulus(),
|
||||||
|
- key.getPrivateExponent()
|
||||||
|
- );
|
||||||
|
- } else {
|
||||||
|
- return key;
|
||||||
|
+ key.getPrivateExponent());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Validate if all CRT-specific components are available.
|
||||||
|
+ */
|
||||||
|
+ static boolean checkComponents(RSAPrivateCrtKey key) {
|
||||||
|
+ return !((key.getPublicExponent().signum() == 0) ||
|
||||||
|
+ (key.getPrimeExponentP().signum() == 0) ||
|
||||||
|
+ (key.getPrimeExponentQ().signum() == 0) ||
|
||||||
|
+ (key.getPrimeP().signum() == 0) ||
|
||||||
|
+ (key.getPrimeQ().signum() == 0) ||
|
||||||
|
+ (key.getCrtCoefficient().signum() == 0));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Generate a new key from the specified type and components.
|
||||||
|
* Returns a CRT key if possible and a non-CRT key otherwise.
|
@ -1,26 +0,0 @@
|
|||||||
diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
|
||||||
index cf4becb7db..4ab2ac0a31 100644
|
|
||||||
--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
|
||||||
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
|
||||||
@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
|
||||||
ctx = getLdapCtxFromUrl(
|
|
||||||
r.getDomainName(), url, new LdapURL(u), env);
|
|
||||||
return ctx;
|
|
||||||
+ } catch (AuthenticationException e) {
|
|
||||||
+ // do not retry on a different endpoint to avoid blocking
|
|
||||||
+ // the user if authentication credentials are wrong.
|
|
||||||
+ throw e;
|
|
||||||
} catch (NamingException e) {
|
|
||||||
// try the next element
|
|
||||||
lastException = e;
|
|
||||||
@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
|
||||||
for (String u : urls) {
|
|
||||||
try {
|
|
||||||
return getUsingURL(u, env);
|
|
||||||
+ } catch (AuthenticationException e) {
|
|
||||||
+ // do not retry on a different URL to avoid blocking
|
|
||||||
+ // the user if authentication credentials are wrong.
|
|
||||||
+ throw e;
|
|
||||||
} catch (NamingException e) {
|
|
||||||
ex = e;
|
|
||||||
}
|
|
@ -326,7 +326,7 @@
|
|||||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||||
%global shenandoah_project openjdk
|
%global shenandoah_project openjdk
|
||||||
%global shenandoah_repo shenandoah-jdk8u
|
%global shenandoah_repo shenandoah-jdk8u
|
||||||
%global openjdk_revision jdk8u362-b09
|
%global openjdk_revision jdk8u372-b07
|
||||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||||
# Define old aarch64/jdk8u tree variables for compatibility
|
# Define old aarch64/jdk8u tree variables for compatibility
|
||||||
%global project %{shenandoah_project}
|
%global project %{shenandoah_project}
|
||||||
@ -347,7 +347,7 @@
|
|||||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||||
# eg jdk8u60-b27 -> b27
|
# eg jdk8u60-b27 -> b27
|
||||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||||
%global rpmrelease 2
|
%global rpmrelease 1
|
||||||
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
@ -1493,8 +1493,6 @@ Patch600: rh1750419-redhat_alt_java.patch
|
|||||||
Patch111: jdk8218811-perfMemory_linux.patch
|
Patch111: jdk8218811-perfMemory_linux.patch
|
||||||
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
|
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
|
||||||
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
|
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
|
||||||
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
|
||||||
Patch113: jdk8275535-rh2053256-ldap_auth.patch
|
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
@ -1542,13 +1540,15 @@ Patch581: jdk8257794-remove_broken_assert.patch
|
|||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
# Patches appearing in 8u362
|
# Patches appearing in 8u382
|
||||||
#
|
#
|
||||||
# This section includes patches which are present
|
# This section includes patches which are present
|
||||||
# in the listed OpenJDK 8u release and should be
|
# in the listed OpenJDK 8u release and should be
|
||||||
# able to be removed once that release is out
|
# able to be removed once that release is out
|
||||||
# and used by this RPM.
|
# and used by this RPM.
|
||||||
#############################################
|
#############################################
|
||||||
|
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||||
|
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
@ -1618,8 +1618,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
|
|||||||
%ifarch %{zero_arches}
|
%ifarch %{zero_arches}
|
||||||
BuildRequires: libffi-devel
|
BuildRequires: libffi-devel
|
||||||
%endif
|
%endif
|
||||||
# 2022g required as of JDK-8297804
|
# 2023c required as of JDK-8305113
|
||||||
BuildRequires: tzdata-java >= 2022g
|
BuildRequires: tzdata-java >= 2023c
|
||||||
# Earlier versions have a bug in tree vectorization on PPC
|
# Earlier versions have a bug in tree vectorization on PPC
|
||||||
BuildRequires: gcc >= 4.8.3-8
|
BuildRequires: gcc >= 4.8.3-8
|
||||||
|
|
||||||
@ -1932,7 +1932,6 @@ sh %{SOURCE12}
|
|||||||
%patch111
|
%patch111
|
||||||
%patch112
|
%patch112
|
||||||
%patch581
|
%patch581
|
||||||
%patch113
|
|
||||||
|
|
||||||
pushd %{top_level_dir_name}
|
pushd %{top_level_dir_name}
|
||||||
# Add crypto policy and FIPS support
|
# Add crypto policy and FIPS support
|
||||||
@ -1941,6 +1940,8 @@ pushd %{top_level_dir_name}
|
|||||||
%patch1000 -p1
|
%patch1000 -p1
|
||||||
# cacerts patch; must follow FIPS patch as it also alters java.security
|
# cacerts patch; must follow FIPS patch as it also alters java.security
|
||||||
%patch539 -p1
|
%patch539 -p1
|
||||||
|
# 8u382 fix
|
||||||
|
%patch2001 -p1
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# RPM-only fixes
|
# RPM-only fixes
|
||||||
@ -2720,6 +2721,19 @@ cjc.mainProgram(args)
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-1
|
||||||
|
- Update to shenandoah-jdk8u372-b07 (GA)
|
||||||
|
- Update release notes for shenandoah-8u372-b07.
|
||||||
|
- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07
|
||||||
|
- Reintroduce jconsole-plugin.patch from RHEL 9
|
||||||
|
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
|
||||||
|
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
|
||||||
|
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
|
||||||
|
- Drop JDK-8275535/RH2053256 patch which is now upstream
|
||||||
|
- Include JDK-8271199 backport early ahead of 8u382 (RH2175317)
|
||||||
|
- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. **
|
||||||
|
- Resolves: rhbz#2185182
|
||||||
|
|
||||||
* Tue Jan 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-2
|
* Tue Jan 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-2
|
||||||
- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue
|
- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue
|
||||||
- Update to shenandoah-jdk8u352-b09 (GA)
|
- Update to shenandoah-jdk8u352-b09 (GA)
|
||||||
|
Loading…
Reference in New Issue
Block a user