Auto sync2gitlab import of java-1.8.0-openjdk-1.8.0.362.b09-3.el8.src.rpm
This commit is contained in:
parent
8e7ece541a
commit
ef629904fd
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@ SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
|
||||
/tapsets-icedtea-3.15.0.tar.xz
|
||||
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz
|
||||
|
2
NEWS
2
NEWS
@ -84,6 +84,8 @@ Live versions of these release notes can be found at:
|
||||
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
||||
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||
- JDK-8300178: JDK-8286496 causes build failure on older GCC
|
||||
- JDK-8300225: JDK-8288516 causes build failure on Windows + VS2010
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
@ -313,7 +313,7 @@
|
||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||
%global shenandoah_project openjdk
|
||||
%global shenandoah_repo shenandoah-jdk8u
|
||||
%global openjdk_revision jdk8u362-b08
|
||||
%global openjdk_revision jdk8u362-b09
|
||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||
# Define old aarch64/jdk8u tree variables for compatibility
|
||||
%global project %{shenandoah_project}
|
||||
@ -323,6 +323,8 @@
|
||||
%global icedteaver 3.15.0
|
||||
# Define current Git revision for the FIPS support patches
|
||||
%global fipsver 6d1aade0648
|
||||
# Define current Git revision for the cacerts patch
|
||||
%global cacertsver 8139f2361c2
|
||||
|
||||
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
|
||||
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
|
||||
@ -1354,7 +1356,7 @@ Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
|
||||
Patch1003: rh1582504-rsa_default_for_keytool.patch
|
||||
|
||||
# Crypto policy and FIPS support patches
|
||||
# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips
|
||||
# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips
|
||||
# as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch
|
||||
# Diff is limited to src and make subdirectories to exclude .github changes
|
||||
# Fixes currently included:
|
||||
@ -1393,8 +1395,10 @@ Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_t
|
||||
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
|
||||
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
|
||||
# RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds
|
||||
# Must be applied after crypto policy patch as it also changes java.security
|
||||
Patch539: pr2888-rh2055274-support_system_cacerts.patch
|
||||
# Must be applied after the FIPS patch as it also changes java.security
|
||||
# Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts
|
||||
# as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch
|
||||
Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch
|
||||
# enable build of speculative store bypass hardened alt-java
|
||||
Patch600: rh1750419-redhat_alt_java.patch
|
||||
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
|
||||
@ -2690,6 +2694,12 @@ cjc.mainProgram(args)
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jan 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-3
|
||||
- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue
|
||||
- Update to shenandoah-jdk8u352-b09 (GA)
|
||||
- Update release notes for shenandoah-8u352-b09.
|
||||
- Resolves: rhbz#2162715
|
||||
|
||||
* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b08-3
|
||||
- Update to shenandoah-jdk8u352-b08 (GA)
|
||||
- Update release notes for shenandoah-8u352-b08.
|
||||
|
@ -1,5 +1,5 @@
|
||||
diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||
index e7b4763db53..e8ec8467e6a 100644
|
||||
index e7b4763db53..0005e56f528 100644
|
||||
--- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||
+++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||
@@ -31,6 +31,7 @@ import java.security.*;
|
||||
@ -19,16 +19,17 @@ index e7b4763db53..e8ec8467e6a 100644
|
||||
*/
|
||||
private static final class TrustStoreDescriptor {
|
||||
private static final String fileSep = File.separator;
|
||||
@@ -76,7 +77,7 @@ final class TrustStoreManager {
|
||||
@@ -76,7 +77,8 @@ final class TrustStoreManager {
|
||||
GetPropertyAction.privilegedGetProperty("java.home") +
|
||||
fileSep + "lib" + fileSep + "security";
|
||||
private static final String defaultStore =
|
||||
- defaultStorePath + fileSep + "cacerts";
|
||||
+ KeyStoreUtil.getCacertsKeyStoreFile().getPath();
|
||||
+ AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
||||
+ KeyStoreUtil.getCacertsKeyStorePath());
|
||||
private static final String jsseDefaultStore =
|
||||
defaultStorePath + fileSep + "jssecacerts";
|
||||
|
||||
@@ -139,6 +140,10 @@ final class TrustStoreManager {
|
||||
@@ -139,6 +141,10 @@ final class TrustStoreManager {
|
||||
String storePropPassword = System.getProperty(
|
||||
"javax.net.ssl.trustStorePassword", "");
|
||||
|
||||
@ -39,117 +40,56 @@ index e7b4763db53..e8ec8467e6a 100644
|
||||
String temporaryName = "";
|
||||
File temporaryFile = null;
|
||||
long temporaryTime = 0L;
|
||||
@@ -146,21 +151,22 @@ final class TrustStoreManager {
|
||||
String[] fileNames =
|
||||
new String[] {storePropName, defaultStore};
|
||||
for (String fileName : fileNames) {
|
||||
- File f = new File(fileName);
|
||||
- if (f.isFile() && f.canRead()) {
|
||||
- temporaryName = fileName;;
|
||||
- temporaryFile = f;
|
||||
- temporaryTime = f.lastModified();
|
||||
-
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
- // Not break, the file is inaccessible.
|
||||
- if (SSLLogger.isOn &&
|
||||
+ if (fileName != null && !"".equals(fileName)) {
|
||||
+ File f = new File(fileName);
|
||||
+ if (f.isFile() && f.canRead()) {
|
||||
+ temporaryName = fileName;;
|
||||
+ temporaryFile = f;
|
||||
+ temporaryTime = f.lastModified();
|
||||
+
|
||||
+ break;
|
||||
+ }
|
||||
+ // Not break, the file is inaccessible.
|
||||
+ if (SSLLogger.isOn &&
|
||||
@@ -160,7 +166,7 @@ final class TrustStoreManager {
|
||||
SSLLogger.isOn("trustmanager")) {
|
||||
- SSLLogger.fine(
|
||||
- "Inaccessible trust store: " +
|
||||
SSLLogger.fine(
|
||||
"Inaccessible trust store: " +
|
||||
- storePropName);
|
||||
+ SSLLogger.fine(
|
||||
+ "Inaccessible trust store: " +
|
||||
+ fileName);
|
||||
+ }
|
||||
+ fileName);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||
index fcc77786da1..f554f83a8b4 100644
|
||||
index fcc77786da1..3a4388964cc 100644
|
||||
--- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||
+++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||
@@ -33,7 +33,10 @@ import java.io.InputStreamReader;
|
||||
@@ -41,6 +41,8 @@ import java.text.Collator;
|
||||
import java.util.Locale;
|
||||
import java.util.ResourceBundle;
|
||||
|
||||
import java.net.URL;
|
||||
|
||||
+import java.security.AccessController;
|
||||
import java.security.KeyStore;
|
||||
+import java.security.PrivilegedAction;
|
||||
+import java.security.Security;
|
||||
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.text.Collator;
|
||||
@@ -54,6 +57,33 @@ public class KeyStoreUtil {
|
||||
+import sun.security.util.SecurityProperties;
|
||||
+
|
||||
/**
|
||||
* <p> This class provides several utilities to <code>KeyStore</code>.
|
||||
*
|
||||
@@ -54,6 +56,8 @@ public class KeyStoreUtil {
|
||||
|
||||
private static final String JKS = "jks";
|
||||
|
||||
+ private static final String PROP_NAME = "security.systemCACerts";
|
||||
+
|
||||
+ /**
|
||||
+ * Returns the value of the security property propName, which can be overridden
|
||||
+ * by a system property of the same name
|
||||
+ *
|
||||
+ * @param propName the name of the system or security property
|
||||
+ * @return the value of the system or security property
|
||||
+ */
|
||||
+ @SuppressWarnings("removal")
|
||||
+ public static String privilegedGetOverridable(String propName) {
|
||||
+ if (System.getSecurityManager() == null) {
|
||||
+ return getOverridableProperty(propName);
|
||||
+ } else {
|
||||
+ return AccessController.doPrivileged((PrivilegedAction<String>) () -> getOverridableProperty(propName));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private static String getOverridableProperty(String propName) {
|
||||
+ String val = System.getProperty(propName);
|
||||
+ if (val == null) {
|
||||
+ return Security.getProperty(propName);
|
||||
+ } else {
|
||||
+ return val;
|
||||
+ }
|
||||
+ }
|
||||
+ private static final String SYSTEM_CA_CERTS_PROP = "security.systemCACerts";
|
||||
+
|
||||
/**
|
||||
* Returns true if the certificate is self-signed, false otherwise.
|
||||
*/
|
||||
@@ -96,20 +126,38 @@ public class KeyStoreUtil {
|
||||
@@ -96,16 +100,30 @@ public class KeyStoreUtil {
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Returns the path to the cacerts DB
|
||||
+ */
|
||||
+ public static File getCacertsKeyStoreFile()
|
||||
+ public static String getCacertsKeyStorePath()
|
||||
+ {
|
||||
+ // Check system DB first, preferring system property over security one
|
||||
+ String systemDB = SecurityProperties
|
||||
+ .privilegedGetOverridable(SYSTEM_CA_CERTS_PROP);
|
||||
+ if (systemDB != null && !"".equals(systemDB) &&
|
||||
+ (new File(systemDB)).isFile()) {
|
||||
+ return systemDB;
|
||||
+ }
|
||||
+ String sep = File.separator;
|
||||
+ File file = null;
|
||||
+ /* Check system cacerts DB first, preferring system property over security property */
|
||||
+ String systemDB = privilegedGetOverridable(PROP_NAME);
|
||||
+ if (systemDB != null && !"".equals(systemDB)) {
|
||||
+ file = new File(systemDB);
|
||||
+ }
|
||||
+ if (file == null || !file.exists()) {
|
||||
+ file = new File(System.getProperty("java.home") + sep
|
||||
+ + "lib" + sep + "security" + sep
|
||||
+ + "cacerts");
|
||||
+ }
|
||||
+ if (file.exists()) {
|
||||
+ return file;
|
||||
+ }
|
||||
+ return null;
|
||||
+ return System.getProperty("java.home") + sep
|
||||
+ + "lib" + sep + "security" + sep + "cacerts";
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
@ -162,27 +102,21 @@ index fcc77786da1..f554f83a8b4 100644
|
||||
- File file = new File(System.getProperty("java.home") + sep
|
||||
- + "lib" + sep + "security" + sep
|
||||
- + "cacerts");
|
||||
- if (!file.exists()) {
|
||||
- return null;
|
||||
- }
|
||||
KeyStore caks = null;
|
||||
+ File file = getCacertsKeyStoreFile();
|
||||
+ if (file == null) { return null; }
|
||||
try (FileInputStream fis = new FileInputStream(file)) {
|
||||
caks = KeyStore.getInstance(JKS);
|
||||
caks.load(fis, null);
|
||||
+ File file = new File(getCacertsKeyStorePath());
|
||||
if (!file.exists()) {
|
||||
return null;
|
||||
}
|
||||
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
|
||||
index bfe0c593adb..093bc09bf95 100644
|
||||
index 681a24b905d..ecb8bc43a6c 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-aix
|
||||
+++ b/jdk/src/share/lib/security/java.security-aix
|
||||
@@ -294,6 +294,13 @@ security.overridePropertiesFile=true
|
||||
@@ -294,6 +294,12 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+# This property may be disabled using an empty value
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -190,17 +124,16 @@ index bfe0c593adb..093bc09bf95 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
|
||||
index 9d1c8fe8a8e..16c9281cc1f 100644
|
||||
index 789c19a8cba..2546fdec9b2 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-linux
|
||||
+++ b/jdk/src/share/lib/security/java.security-linux
|
||||
@@ -307,6 +307,13 @@ security.overridePropertiesFile=true
|
||||
@@ -307,6 +307,12 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+# This property may be disabled using an empty value
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -208,17 +141,16 @@ index 9d1c8fe8a8e..16c9281cc1f 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
|
||||
index 19047c61097..43e034cdeaf 100644
|
||||
index d4da666af3b..1a20027c02b 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-macosx
|
||||
+++ b/jdk/src/share/lib/security/java.security-macosx
|
||||
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true
|
||||
@@ -297,6 +297,12 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+# This property may be disabled using an empty value
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -226,17 +158,16 @@ index 19047c61097..43e034cdeaf 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
|
||||
index 7eda556ae13..325937e97fb 100644
|
||||
index 300132384a1..6299e0a3c7b 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-solaris
|
||||
+++ b/jdk/src/share/lib/security/java.security-solaris
|
||||
@@ -295,6 +295,13 @@ security.overridePropertiesFile=true
|
||||
@@ -295,6 +295,12 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+# This property may be disabled using an empty value
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -244,17 +175,16 @@ index 7eda556ae13..325937e97fb 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
|
||||
index dfa1a669aa9..92ef777e065 100644
|
||||
index 64db5a5cd1e..823994f3466 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-windows
|
||||
+++ b/jdk/src/share/lib/security/java.security-windows
|
||||
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true
|
||||
@@ -297,6 +297,12 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+# This property may be disabled using an empty value
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz) = e112367213834e0653218a099c8a75558b794702591407170e742a3df6bd5b0780cbf87b85e2a125a50d613ae00501d7ee5bd1708d03a75bca615ef83fc8239b
|
||||
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz) = 2ed16c616189e7872ecf36c82e86b551b1e6efc4d11a93264db856f01191875a82ddaec3363b5f8296ea225a9a8edf4c0e1504ff27d8474088ba0b2f6fc061d5
|
||||
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
|
||||
|
Loading…
Reference in New Issue
Block a user