Auto sync2gitlab import of java-1.8.0-openjdk-1.8.0.362.b09-3.el8.src.rpm

This commit is contained in:
CentOS Sources 2023-03-02 06:10:17 +00:00
parent 8e7ece541a
commit ef629904fd
5 changed files with 68 additions and 125 deletions

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz /openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
/tapsets-icedtea-3.15.0.tar.xz /tapsets-icedtea-3.15.0.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz

2
NEWS
View File

@ -84,6 +84,8 @@ Live versions of these release notes can be found at:
- JDK-8297804: (tz) Update Timezone Data to 2022g - JDK-8297804: (tz) Update Timezone Data to 2022g
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- JDK-8300178: JDK-8286496 causes build failure on older GCC
- JDK-8300225: JDK-8288516 causes build failure on Windows + VS2010
Notes on individual issues: Notes on individual issues:
=========================== ===========================

View File

@ -313,7 +313,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk %global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u %global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u362-b08 %global openjdk_revision jdk8u362-b09
%global shenandoah_revision shenandoah-%{openjdk_revision} %global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility # Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project} %global project %{shenandoah_project}
@ -323,6 +323,8 @@
%global icedteaver 3.15.0 %global icedteaver 3.15.0
# Define current Git revision for the FIPS support patches # Define current Git revision for the FIPS support patches
%global fipsver 6d1aade0648 %global fipsver 6d1aade0648
# Define current Git revision for the cacerts patch
%global cacertsver 8139f2361c2
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 # e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) %global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
@ -1354,7 +1356,7 @@ Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
Patch1003: rh1582504-rsa_default_for_keytool.patch Patch1003: rh1582504-rsa_default_for_keytool.patch
# Crypto policy and FIPS support patches # Crypto policy and FIPS support patches
# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips # Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips
# as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch # as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch
# Diff is limited to src and make subdirectories to exclude .github changes # Diff is limited to src and make subdirectories to exclude .github changes
# Fixes currently included: # Fixes currently included:
@ -1393,8 +1395,10 @@ Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_t
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) # PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts # PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
# RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds # RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds
# Must be applied after crypto policy patch as it also changes java.security # Must be applied after the FIPS patch as it also changes java.security
Patch539: pr2888-rh2055274-support_system_cacerts.patch # Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts
# as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch
Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch
# enable build of speculative store bypass hardened alt-java # enable build of speculative store bypass hardened alt-java
Patch600: rh1750419-redhat_alt_java.patch Patch600: rh1750419-redhat_alt_java.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
@ -2690,6 +2694,12 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Tue Jan 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-3
- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue
- Update to shenandoah-jdk8u352-b09 (GA)
- Update release notes for shenandoah-8u352-b09.
- Resolves: rhbz#2162715
* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b08-3 * Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b08-3
- Update to shenandoah-jdk8u352-b08 (GA) - Update to shenandoah-jdk8u352-b08 (GA)
- Update release notes for shenandoah-8u352-b08. - Update release notes for shenandoah-8u352-b08.

View File

@ -1,5 +1,5 @@
diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
index e7b4763db53..e8ec8467e6a 100644 index e7b4763db53..0005e56f528 100644
--- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java --- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
+++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java +++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
@@ -31,6 +31,7 @@ import java.security.*; @@ -31,6 +31,7 @@ import java.security.*;
@ -19,16 +19,17 @@ index e7b4763db53..e8ec8467e6a 100644
*/ */
private static final class TrustStoreDescriptor { private static final class TrustStoreDescriptor {
private static final String fileSep = File.separator; private static final String fileSep = File.separator;
@@ -76,7 +77,7 @@ final class TrustStoreManager { @@ -76,7 +77,8 @@ final class TrustStoreManager {
GetPropertyAction.privilegedGetProperty("java.home") + GetPropertyAction.privilegedGetProperty("java.home") +
fileSep + "lib" + fileSep + "security"; fileSep + "lib" + fileSep + "security";
private static final String defaultStore = private static final String defaultStore =
- defaultStorePath + fileSep + "cacerts"; - defaultStorePath + fileSep + "cacerts";
+ KeyStoreUtil.getCacertsKeyStoreFile().getPath(); + AccessController.doPrivileged((PrivilegedAction<String>) () ->
+ KeyStoreUtil.getCacertsKeyStorePath());
private static final String jsseDefaultStore = private static final String jsseDefaultStore =
defaultStorePath + fileSep + "jssecacerts"; defaultStorePath + fileSep + "jssecacerts";
@@ -139,6 +140,10 @@ final class TrustStoreManager { @@ -139,6 +141,10 @@ final class TrustStoreManager {
String storePropPassword = System.getProperty( String storePropPassword = System.getProperty(
"javax.net.ssl.trustStorePassword", ""); "javax.net.ssl.trustStorePassword", "");
@ -39,117 +40,56 @@ index e7b4763db53..e8ec8467e6a 100644
String temporaryName = ""; String temporaryName = "";
File temporaryFile = null; File temporaryFile = null;
long temporaryTime = 0L; long temporaryTime = 0L;
@@ -146,21 +151,22 @@ final class TrustStoreManager { @@ -160,7 +166,7 @@ final class TrustStoreManager {
String[] fileNames =
new String[] {storePropName, defaultStore};
for (String fileName : fileNames) {
- File f = new File(fileName);
- if (f.isFile() && f.canRead()) {
- temporaryName = fileName;;
- temporaryFile = f;
- temporaryTime = f.lastModified();
-
- break;
- }
-
- // Not break, the file is inaccessible.
- if (SSLLogger.isOn &&
+ if (fileName != null && !"".equals(fileName)) {
+ File f = new File(fileName);
+ if (f.isFile() && f.canRead()) {
+ temporaryName = fileName;;
+ temporaryFile = f;
+ temporaryTime = f.lastModified();
+
+ break;
+ }
+ // Not break, the file is inaccessible.
+ if (SSLLogger.isOn &&
SSLLogger.isOn("trustmanager")) { SSLLogger.isOn("trustmanager")) {
- SSLLogger.fine( SSLLogger.fine(
- "Inaccessible trust store: " + "Inaccessible trust store: " +
- storePropName); - storePropName);
+ SSLLogger.fine(
+ "Inaccessible trust store: " +
+ fileName); + fileName);
+ }
} }
} }
} else { } else {
diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
index fcc77786da1..f554f83a8b4 100644 index fcc77786da1..3a4388964cc 100644
--- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java --- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
+++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java +++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
@@ -33,7 +33,10 @@ import java.io.InputStreamReader; @@ -41,6 +41,8 @@ import java.text.Collator;
import java.util.Locale;
import java.util.ResourceBundle;
import java.net.URL; +import sun.security.util.SecurityProperties;
+
+import java.security.AccessController; /**
import java.security.KeyStore; * <p> This class provides several utilities to <code>KeyStore</code>.
+import java.security.PrivilegedAction; *
+import java.security.Security; @@ -54,6 +56,8 @@ public class KeyStoreUtil {
import java.security.cert.X509Certificate;
import java.text.Collator;
@@ -54,6 +57,33 @@ public class KeyStoreUtil {
private static final String JKS = "jks"; private static final String JKS = "jks";
+ private static final String PROP_NAME = "security.systemCACerts"; + private static final String SYSTEM_CA_CERTS_PROP = "security.systemCACerts";
+
+ /**
+ * Returns the value of the security property propName, which can be overridden
+ * by a system property of the same name
+ *
+ * @param propName the name of the system or security property
+ * @return the value of the system or security property
+ */
+ @SuppressWarnings("removal")
+ public static String privilegedGetOverridable(String propName) {
+ if (System.getSecurityManager() == null) {
+ return getOverridableProperty(propName);
+ } else {
+ return AccessController.doPrivileged((PrivilegedAction<String>) () -> getOverridableProperty(propName));
+ }
+ }
+
+ private static String getOverridableProperty(String propName) {
+ String val = System.getProperty(propName);
+ if (val == null) {
+ return Security.getProperty(propName);
+ } else {
+ return val;
+ }
+ }
+ +
/** /**
* Returns true if the certificate is self-signed, false otherwise. * Returns true if the certificate is self-signed, false otherwise.
*/ */
@@ -96,20 +126,38 @@ public class KeyStoreUtil { @@ -96,16 +100,30 @@ public class KeyStoreUtil {
} }
} }
+ /** + /**
+ * Returns the path to the cacerts DB + * Returns the path to the cacerts DB
+ */ + */
+ public static File getCacertsKeyStoreFile() + public static String getCacertsKeyStorePath()
+ { + {
+ // Check system DB first, preferring system property over security one
+ String systemDB = SecurityProperties
+ .privilegedGetOverridable(SYSTEM_CA_CERTS_PROP);
+ if (systemDB != null && !"".equals(systemDB) &&
+ (new File(systemDB)).isFile()) {
+ return systemDB;
+ }
+ String sep = File.separator; + String sep = File.separator;
+ File file = null; + return System.getProperty("java.home") + sep
+ /* Check system cacerts DB first, preferring system property over security property */ + + "lib" + sep + "security" + sep + "cacerts";
+ String systemDB = privilegedGetOverridable(PROP_NAME);
+ if (systemDB != null && !"".equals(systemDB)) {
+ file = new File(systemDB);
+ }
+ if (file == null || !file.exists()) {
+ file = new File(System.getProperty("java.home") + sep
+ + "lib" + sep + "security" + sep
+ + "cacerts");
+ }
+ if (file.exists()) {
+ return file;
+ }
+ return null;
+ } + }
+ +
/** /**
@ -162,27 +102,21 @@ index fcc77786da1..f554f83a8b4 100644
- File file = new File(System.getProperty("java.home") + sep - File file = new File(System.getProperty("java.home") + sep
- + "lib" + sep + "security" + sep - + "lib" + sep + "security" + sep
- + "cacerts"); - + "cacerts");
- if (!file.exists()) { + File file = new File(getCacertsKeyStorePath());
- return null; if (!file.exists()) {
- } return null;
KeyStore caks = null; }
+ File file = getCacertsKeyStoreFile();
+ if (file == null) { return null; }
try (FileInputStream fis = new FileInputStream(file)) {
caks = KeyStore.getInstance(JKS);
caks.load(fis, null);
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
index bfe0c593adb..093bc09bf95 100644 index 681a24b905d..ecb8bc43a6c 100644
--- a/jdk/src/share/lib/security/java.security-aix --- a/jdk/src/share/lib/security/java.security-aix
+++ b/jdk/src/share/lib/security/java.security-aix +++ b/jdk/src/share/lib/security/java.security-aix
@@ -294,6 +294,13 @@ security.overridePropertiesFile=true @@ -294,6 +294,12 @@ security.overridePropertiesFile=true
# #
security.useSystemPropertiesFile=false security.useSystemPropertiesFile=false
+# +#
+# Specifies the system certificate store +# Specifies the system certificate store
+# This property may be disabled using +# This property may be disabled using an empty value
+# -Djava.security.disableSystemCACerts=true
+# +#
+security.systemCACerts=${java.home}/lib/security/cacerts +security.systemCACerts=${java.home}/lib/security/cacerts
+ +
@ -190,17 +124,16 @@ index bfe0c593adb..093bc09bf95 100644
# Determines the default key and trust manager factory algorithms for # Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package. # the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
index 9d1c8fe8a8e..16c9281cc1f 100644 index 789c19a8cba..2546fdec9b2 100644
--- a/jdk/src/share/lib/security/java.security-linux --- a/jdk/src/share/lib/security/java.security-linux
+++ b/jdk/src/share/lib/security/java.security-linux +++ b/jdk/src/share/lib/security/java.security-linux
@@ -307,6 +307,13 @@ security.overridePropertiesFile=true @@ -307,6 +307,12 @@ security.overridePropertiesFile=true
# #
security.useSystemPropertiesFile=false security.useSystemPropertiesFile=false
+# +#
+# Specifies the system certificate store +# Specifies the system certificate store
+# This property may be disabled using +# This property may be disabled using an empty value
+# -Djava.security.disableSystemCACerts=true
+# +#
+security.systemCACerts=${java.home}/lib/security/cacerts +security.systemCACerts=${java.home}/lib/security/cacerts
+ +
@ -208,17 +141,16 @@ index 9d1c8fe8a8e..16c9281cc1f 100644
# Determines the default key and trust manager factory algorithms for # Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package. # the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index 19047c61097..43e034cdeaf 100644 index d4da666af3b..1a20027c02b 100644
--- a/jdk/src/share/lib/security/java.security-macosx --- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx +++ b/jdk/src/share/lib/security/java.security-macosx
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true @@ -297,6 +297,12 @@ security.overridePropertiesFile=true
# #
security.useSystemPropertiesFile=false security.useSystemPropertiesFile=false
+# +#
+# Specifies the system certificate store +# Specifies the system certificate store
+# This property may be disabled using +# This property may be disabled using an empty value
+# -Djava.security.disableSystemCACerts=true
+# +#
+security.systemCACerts=${java.home}/lib/security/cacerts +security.systemCACerts=${java.home}/lib/security/cacerts
+ +
@ -226,17 +158,16 @@ index 19047c61097..43e034cdeaf 100644
# Determines the default key and trust manager factory algorithms for # Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package. # the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index 7eda556ae13..325937e97fb 100644 index 300132384a1..6299e0a3c7b 100644
--- a/jdk/src/share/lib/security/java.security-solaris --- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris +++ b/jdk/src/share/lib/security/java.security-solaris
@@ -295,6 +295,13 @@ security.overridePropertiesFile=true @@ -295,6 +295,12 @@ security.overridePropertiesFile=true
# #
security.useSystemPropertiesFile=false security.useSystemPropertiesFile=false
+# +#
+# Specifies the system certificate store +# Specifies the system certificate store
+# This property may be disabled using +# This property may be disabled using an empty value
+# -Djava.security.disableSystemCACerts=true
+# +#
+security.systemCACerts=${java.home}/lib/security/cacerts +security.systemCACerts=${java.home}/lib/security/cacerts
+ +
@ -244,17 +175,16 @@ index 7eda556ae13..325937e97fb 100644
# Determines the default key and trust manager factory algorithms for # Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package. # the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index dfa1a669aa9..92ef777e065 100644 index 64db5a5cd1e..823994f3466 100644
--- a/jdk/src/share/lib/security/java.security-windows --- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows +++ b/jdk/src/share/lib/security/java.security-windows
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true @@ -297,6 +297,12 @@ security.overridePropertiesFile=true
# #
security.useSystemPropertiesFile=false security.useSystemPropertiesFile=false
+# +#
+# Specifies the system certificate store +# Specifies the system certificate store
+# This property may be disabled using +# This property may be disabled using an empty value
+# -Djava.security.disableSystemCACerts=true
+# +#
+security.systemCACerts=${java.home}/lib/security/cacerts +security.systemCACerts=${java.home}/lib/security/cacerts
+ +

View File

@ -1,2 +1,2 @@
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz) = e112367213834e0653218a099c8a75558b794702591407170e742a3df6bd5b0780cbf87b85e2a125a50d613ae00501d7ee5bd1708d03a75bca615ef83fc8239b SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz) = 2ed16c616189e7872ecf36c82e86b551b1e6efc4d11a93264db856f01191875a82ddaec3363b5f8296ea225a9a8edf4c0e1504ff27d8474088ba0b2f6fc061d5
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671 SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671