rpms
/
java-1.8.0-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import java-1.8.0-openjdk-1.8.0.362.b09-3.el8

This commit is contained in:
CentOS Sources 2023-03-02 06:09:28 +00:00 committed by Stepan Oksanichenko
parent 80fe41a62e
commit 9c8f0b2b5b
5 changed files with 68 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

2
.java-1.8.0-openjdk.metadata
View File

@ -1,2 +1,2 @@
71e5a111b66d7a8e4234d35117e0fd663d39f9ce SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
10817d699dd7c85b03cfbd8eb820e00b19ddcae7 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

2
SOURCES/NEWS
View File

@ -84,6 +84,8 @@ Live versions of these release notes can be found at:
- JDK-8297804: (tz) Update Timezone Data to 2022g
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- JDK-8300178: JDK-8286496 causes build failure on older GCC
- JDK-8300225: JDK-8288516 causes build failure on Windows + VS2010
Notes on individual issues:
===========================

170
SOURCES/pr2888-rh2055274-support_system_cacerts.patch → SOURCES/pr2888-rh2055274-support_system_cacerts-8139f2361c2.patch
View File

@ -1,5 +1,5 @@
diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
index e7b4763db53..e8ec8467e6a 100644
index e7b4763db53..0005e56f528 100644
--- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
+++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
@@ -31,6 +31,7 @@ import java.security.*;
@ -19,16 +19,17 @@ index e7b4763db53..e8ec8467e6a 100644
*/
private static final class TrustStoreDescriptor {
private static final String fileSep = File.separator;
@@ -76,7 +77,7 @@ final class TrustStoreManager {
@@ -76,7 +77,8 @@ final class TrustStoreManager {
GetPropertyAction.privilegedGetProperty("java.home") +
fileSep + "lib" + fileSep + "security";
private static final String defaultStore =
- defaultStorePath + fileSep + "cacerts";
+ KeyStoreUtil.getCacertsKeyStoreFile().getPath();
+ AccessController.doPrivileged((PrivilegedAction<String>) () ->
+ KeyStoreUtil.getCacertsKeyStorePath());
private static final String jsseDefaultStore =
defaultStorePath + fileSep + "jssecacerts";
@@ -139,6 +140,10 @@ final class TrustStoreManager {
@@ -139,6 +141,10 @@ final class TrustStoreManager {
String storePropPassword = System.getProperty(
"javax.net.ssl.trustStorePassword", "");
@ -39,117 +40,56 @@ index e7b4763db53..e8ec8467e6a 100644
String temporaryName = "";
File temporaryFile = null;
long temporaryTime = 0L;
@@ -146,21 +151,22 @@ final class TrustStoreManager {
String[] fileNames =
new String[] {storePropName, defaultStore};
for (String fileName : fileNames) {
- File f = new File(fileName);
- if (f.isFile() && f.canRead()) {
- temporaryName = fileName;;
- temporaryFile = f;
- temporaryTime = f.lastModified();
-
- break;
- }
-
- // Not break, the file is inaccessible.
- if (SSLLogger.isOn &&
+ if (fileName != null && !"".equals(fileName)) {
+ File f = new File(fileName);
+ if (f.isFile() && f.canRead()) {
+ temporaryName = fileName;;
+ temporaryFile = f;
+ temporaryTime = f.lastModified();
+
+ break;
+ }
+ // Not break, the file is inaccessible.
+ if (SSLLogger.isOn &&
@@ -160,7 +166,7 @@ final class TrustStoreManager {
SSLLogger.isOn("trustmanager")) {
- SSLLogger.fine(
- "Inaccessible trust store: " +
SSLLogger.fine(
"Inaccessible trust store: " +
- storePropName);
+ SSLLogger.fine(
+ "Inaccessible trust store: " +
+ fileName);
+ }
+ fileName);
}
}
} else {
diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
index fcc77786da1..f554f83a8b4 100644
index fcc77786da1..3a4388964cc 100644
--- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
+++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
@@ -33,7 +33,10 @@ import java.io.InputStreamReader;
@@ -41,6 +41,8 @@ import java.text.Collator;
import java.util.Locale;
import java.util.ResourceBundle;
import java.net.URL;
+import java.security.AccessController;
import java.security.KeyStore;
+import java.security.PrivilegedAction;
+import java.security.Security;
import java.security.cert.X509Certificate;
import java.text.Collator;
@@ -54,6 +57,33 @@ public class KeyStoreUtil {
+import sun.security.util.SecurityProperties;
+
/**
* <p> This class provides several utilities to <code>KeyStore</code>.
*
@@ -54,6 +56,8 @@ public class KeyStoreUtil {
private static final String JKS = "jks";
+ private static final String PROP_NAME = "security.systemCACerts";
+
+ /**
+ * Returns the value of the security property propName, which can be overridden
+ * by a system property of the same name
+ *
+ * @param propName the name of the system or security property
+ * @return the value of the system or security property
+ */
+ @SuppressWarnings("removal")
+ public static String privilegedGetOverridable(String propName) {
+ if (System.getSecurityManager() == null) {
+ return getOverridableProperty(propName);
+ } else {
+ return AccessController.doPrivileged((PrivilegedAction<String>) () -> getOverridableProperty(propName));
+ }
+ }
+
+ private static String getOverridableProperty(String propName) {
+ String val = System.getProperty(propName);
+ if (val == null) {
+ return Security.getProperty(propName);
+ } else {
+ return val;
+ }
+ }
+ private static final String SYSTEM_CA_CERTS_PROP = "security.systemCACerts";
+
/**
* Returns true if the certificate is self-signed, false otherwise.
*/
@@ -96,20 +126,38 @@ public class KeyStoreUtil {
@@ -96,16 +100,30 @@ public class KeyStoreUtil {
}
}
+ /**
+ * Returns the path to the cacerts DB
+ */
+ public static File getCacertsKeyStoreFile()
+ public static String getCacertsKeyStorePath()
+ {
+ // Check system DB first, preferring system property over security one
+ String systemDB = SecurityProperties
+ .privilegedGetOverridable(SYSTEM_CA_CERTS_PROP);
+ if (systemDB != null && !"".equals(systemDB) &&
+ (new File(systemDB)).isFile()) {
+ return systemDB;
+ }
+ String sep = File.separator;
+ File file = null;
+ /* Check system cacerts DB first, preferring system property over security property */
+ String systemDB = privilegedGetOverridable(PROP_NAME);
+ if (systemDB != null && !"".equals(systemDB)) {
+ file = new File(systemDB);
+ }
+ if (file == null || !file.exists()) {
+ file = new File(System.getProperty("java.home") + sep
+ + "lib" + sep + "security" + sep
+ + "cacerts");
+ }
+ if (file.exists()) {
+ return file;
+ }
+ return null;
+ return System.getProperty("java.home") + sep
+ + "lib" + sep + "security" + sep + "cacerts";
+ }
+
/**
@ -162,27 +102,21 @@ index fcc77786da1..f554f83a8b4 100644
- File file = new File(System.getProperty("java.home") + sep
- + "lib" + sep + "security" + sep
- + "cacerts");
- if (!file.exists()) {
- return null;
- }
KeyStore caks = null;
+ File file = getCacertsKeyStoreFile();
+ if (file == null) { return null; }
try (FileInputStream fis = new FileInputStream(file)) {
caks = KeyStore.getInstance(JKS);
caks.load(fis, null);
+ File file = new File(getCacertsKeyStorePath());
if (!file.exists()) {
return null;
}
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
index bfe0c593adb..093bc09bf95 100644
index 681a24b905d..ecb8bc43a6c 100644
--- a/jdk/src/share/lib/security/java.security-aix
+++ b/jdk/src/share/lib/security/java.security-aix
@@ -294,6 +294,13 @@ security.overridePropertiesFile=true
@@ -294,6 +294,12 @@ security.overridePropertiesFile=true
#
security.useSystemPropertiesFile=false
+#
+# Specifies the system certificate store
+# This property may be disabled using
+# -Djava.security.disableSystemCACerts=true
+# This property may be disabled using an empty value
+#
+security.systemCACerts=${java.home}/lib/security/cacerts
+
@ -190,17 +124,16 @@ index bfe0c593adb..093bc09bf95 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
index 9d1c8fe8a8e..16c9281cc1f 100644
index 789c19a8cba..2546fdec9b2 100644
--- a/jdk/src/share/lib/security/java.security-linux
+++ b/jdk/src/share/lib/security/java.security-linux
@@ -307,6 +307,13 @@ security.overridePropertiesFile=true
@@ -307,6 +307,12 @@ security.overridePropertiesFile=true
#
security.useSystemPropertiesFile=false
+#
+# Specifies the system certificate store
+# This property may be disabled using
+# -Djava.security.disableSystemCACerts=true
+# This property may be disabled using an empty value
+#
+security.systemCACerts=${java.home}/lib/security/cacerts
+
@ -208,17 +141,16 @@ index 9d1c8fe8a8e..16c9281cc1f 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index 19047c61097..43e034cdeaf 100644
index d4da666af3b..1a20027c02b 100644
--- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true
@@ -297,6 +297,12 @@ security.overridePropertiesFile=true
#
security.useSystemPropertiesFile=false
+#
+# Specifies the system certificate store
+# This property may be disabled using
+# -Djava.security.disableSystemCACerts=true
+# This property may be disabled using an empty value
+#
+security.systemCACerts=${java.home}/lib/security/cacerts
+
@ -226,17 +158,16 @@ index 19047c61097..43e034cdeaf 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index 7eda556ae13..325937e97fb 100644
index 300132384a1..6299e0a3c7b 100644
--- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris
@@ -295,6 +295,13 @@ security.overridePropertiesFile=true
@@ -295,6 +295,12 @@ security.overridePropertiesFile=true
#
security.useSystemPropertiesFile=false
+#
+# Specifies the system certificate store
+# This property may be disabled using
+# -Djava.security.disableSystemCACerts=true
+# This property may be disabled using an empty value
+#
+security.systemCACerts=${java.home}/lib/security/cacerts
+
@ -244,17 +175,16 @@ index 7eda556ae13..325937e97fb 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index dfa1a669aa9..92ef777e065 100644
index 64db5a5cd1e..823994f3466 100644
--- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true
@@ -297,6 +297,12 @@ security.overridePropertiesFile=true
#
security.useSystemPropertiesFile=false
+#
+# Specifies the system certificate store
+# This property may be disabled using
+# -Djava.security.disableSystemCACerts=true
+# This property may be disabled using an empty value
+#
+security.systemCACerts=${java.home}/lib/security/cacerts
+

18
SPECS/java-1.8.0-openjdk.spec
View File

@ -313,7 +313,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u362-b08
%global openjdk_revision jdk8u362-b09
%global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
@ -323,6 +323,8 @@
%global icedteaver 3.15.0
# Define current Git revision for the FIPS support patches
%global fipsver 6d1aade0648
# Define current Git revision for the cacerts patch
%global cacertsver 8139f2361c2
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
@ -1354,7 +1356,7 @@ Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
Patch1003: rh1582504-rsa_default_for_keytool.patch
# Crypto policy and FIPS support patches
# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips
# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips
# as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch
# Diff is limited to src and make subdirectories to exclude .github changes
# Fixes currently included:
@ -1393,8 +1395,10 @@ Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_t
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
# RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds
# Must be applied after crypto policy patch as it also changes java.security
Patch539: pr2888-rh2055274-support_system_cacerts.patch
# Must be applied after the FIPS patch as it also changes java.security
# Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts
# as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch
Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch
# enable build of speculative store bypass hardened alt-java
Patch600: rh1750419-redhat_alt_java.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
@ -2690,6 +2694,12 @@ cjc.mainProgram(args)
%endif
%changelog
* Tue Jan 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-3
- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue
- Update to shenandoah-jdk8u352-b09 (GA)
- Update release notes for shenandoah-8u352-b09.
- Resolves: rhbz#2162715
* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b08-3
- Update to shenandoah-jdk8u352-b08 (GA)
- Update release notes for shenandoah-8u352-b08.