3034306917
Port FIPS system detection support to OpenJDK 8u Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. Resolves: rhbz#1971696
153 lines
5.0 KiB
Diff
153 lines
5.0 KiB
Diff
diff --git openjdk.orig/common/autoconf/configure.ac openjdk/common/autoconf/configure.ac
|
|
--- openjdk.orig/common/autoconf/configure.ac
|
|
+++ openjdk/common/autoconf/configure.ac
|
|
@@ -212,6 +212,7 @@
|
|
LIB_SETUP_ALSA
|
|
LIB_SETUP_FONTCONFIG
|
|
LIB_SETUP_MISC_LIBS
|
|
+LIB_SETUP_SYSCONF_LIBS
|
|
LIB_SETUP_STATIC_LINK_LIBSTDCPP
|
|
LIB_SETUP_ON_WINDOWS
|
|
|
|
diff --git openjdk.orig/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4
|
|
--- openjdk.orig/common/autoconf/libraries.m4
|
|
+++ openjdk/common/autoconf/libraries.m4
|
|
@@ -1067,3 +1067,63 @@
|
|
BASIC_DEPRECATED_ARG_WITH([dxsdk-include])
|
|
fi
|
|
])
|
|
+
|
|
+################################################################################
|
|
+# Setup system configuration libraries
|
|
+################################################################################
|
|
+AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS],
|
|
+[
|
|
+ ###############################################################################
|
|
+ #
|
|
+ # Check for the NSS library
|
|
+ #
|
|
+
|
|
+ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
|
|
+
|
|
+ # default is not available
|
|
+ DEFAULT_SYSCONF_NSS=no
|
|
+
|
|
+ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss],
|
|
+ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])],
|
|
+ [
|
|
+ case "${enableval}" in
|
|
+ yes)
|
|
+ sysconf_nss=yes
|
|
+ ;;
|
|
+ *)
|
|
+ sysconf_nss=no
|
|
+ ;;
|
|
+ esac
|
|
+ ],
|
|
+ [
|
|
+ sysconf_nss=${DEFAULT_SYSCONF_NSS}
|
|
+ ])
|
|
+ AC_MSG_RESULT([$sysconf_nss])
|
|
+
|
|
+ USE_SYSCONF_NSS=false
|
|
+ if test "x${sysconf_nss}" = "xyes"; then
|
|
+ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no])
|
|
+ if test "x${NSS_FOUND}" = "xyes"; then
|
|
+ AC_MSG_CHECKING([for system FIPS support in NSS])
|
|
+ saved_libs="${LIBS}"
|
|
+ saved_cflags="${CFLAGS}"
|
|
+ CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
|
|
+ LIBS="${LIBS} ${NSS_LIBS}"
|
|
+ AC_LANG_PUSH([C])
|
|
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <nss3/pk11pub.h>]],
|
|
+ [[SECMOD_GetSystemFIPSEnabled()]])],
|
|
+ [AC_MSG_RESULT([yes])],
|
|
+ [AC_MSG_RESULT([no])
|
|
+ AC_MSG_ERROR([System NSS FIPS detection unavailable])])
|
|
+ AC_LANG_POP([C])
|
|
+ CFLAGS="${saved_cflags}"
|
|
+ LIBS="${saved_libs}"
|
|
+ USE_SYSCONF_NSS=true
|
|
+ else
|
|
+ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API
|
|
+ dnl in nss3/pk11pub.h.
|
|
+ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.])
|
|
+ fi
|
|
+ fi
|
|
+ AC_SUBST(USE_SYSCONF_NSS)
|
|
+])
|
|
diff --git openjdk.orig/common/autoconf/spec.gmk.in openjdk/common/autoconf/spec.gmk.in
|
|
--- openjdk.orig/common/autoconf/spec.gmk.in
|
|
+++ openjdk/common/autoconf/spec.gmk.in
|
|
@@ -312,6 +312,10 @@
|
|
ALSA_LIBS:=@ALSA_LIBS@
|
|
ALSA_CFLAGS:=@ALSA_CFLAGS@
|
|
|
|
+USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
|
|
+NSS_LIBS:=@NSS_LIBS@
|
|
+NSS_CFLAGS:=@NSS_CFLAGS@
|
|
+
|
|
PACKAGE_PATH=@PACKAGE_PATH@
|
|
|
|
# Source file for cacerts
|
|
diff --git openjdk.orig/common/bin/compare_exceptions.sh.incl openjdk/common/bin/compare_exceptions.sh.incl
|
|
--- openjdk.orig/common/bin/compare_exceptions.sh.incl
|
|
+++ openjdk/common/bin/compare_exceptions.sh.incl
|
|
@@ -280,6 +280,7 @@
|
|
./jre/lib/i386/libsplashscreen.so
|
|
./jre/lib/i386/libsunec.so
|
|
./jre/lib/i386/libsunwjdga.so
|
|
+./jre/lib/i386/libsystemconf.so
|
|
./jre/lib/i386/libt2k.so
|
|
./jre/lib/i386/libunpack.so
|
|
./jre/lib/i386/libverify.so
|
|
@@ -433,6 +434,7 @@
|
|
./jre/lib/amd64/libsplashscreen.so
|
|
./jre/lib/amd64/libsunec.so
|
|
./jre/lib/amd64/libsunwjdga.so
|
|
+//jre/lib/amd64/libsystemconf.so
|
|
./jre/lib/amd64/libt2k.so
|
|
./jre/lib/amd64/libunpack.so
|
|
./jre/lib/amd64/libverify.so
|
|
@@ -587,6 +589,7 @@
|
|
./jre/lib/sparc/libsplashscreen.so
|
|
./jre/lib/sparc/libsunec.so
|
|
./jre/lib/sparc/libsunwjdga.so
|
|
+./jre/lib/sparc/libsystemconf.so
|
|
./jre/lib/sparc/libt2k.so
|
|
./jre/lib/sparc/libunpack.so
|
|
./jre/lib/sparc/libverify.so
|
|
@@ -741,6 +744,7 @@
|
|
./jre/lib/sparcv9/libsplashscreen.so
|
|
./jre/lib/sparcv9/libsunec.so
|
|
./jre/lib/sparcv9/libsunwjdga.so
|
|
+./jre/lib/sparcv9/libsystemconf.so
|
|
./jre/lib/sparcv9/libt2k.so
|
|
./jre/lib/sparcv9/libunpack.so
|
|
./jre/lib/sparcv9/libverify.so
|
|
diff --git openjdk.orig/common/nb_native/nbproject/configurations.xml openjdk/common/nb_native/nbproject/configurations.xml
|
|
--- openjdk.orig/common/nb_native/nbproject/configurations.xml
|
|
+++ openjdk/common/nb_native/nbproject/configurations.xml
|
|
@@ -53,6 +53,9 @@
|
|
<in>jvmtiEnterTrace.cpp</in>
|
|
</df>
|
|
</df>
|
|
+ <df name="libsystemconf">
|
|
+ <in>systemconf.c</in>
|
|
+ </df>
|
|
</df>
|
|
</df>
|
|
<df name="jdk">
|
|
@@ -12772,6 +12775,11 @@
|
|
tool="0"
|
|
flavor2="0">
|
|
</item>
|
|
+ <item path="../../jdk/src/solaris/native/java/security/systemconf.c"
|
|
+ ex="false"
|
|
+ tool="0"
|
|
+ flavor2="0">
|
|
+ </item>
|
|
<item path="../../jdk/src/share/native/java/util/TimeZone.c"
|
|
ex="false"
|
|
tool="0"
|