rpms/java-11-openjdk
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to jdk-11.0.21+9 (GA)

Browse Source 
Sync the copy of the portable specfile with the latest update
Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246
Re-generate SHA3 patch following backport of JDK-8242151
Bump libpng version to 1.6.39 following JDK-8305815
Bump HarfBuzz version to 7.2.0 following JDK-8307301
Bump freetype version to 2.13.0 following JDK-8306881
Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal
Update bug URL for RHEL to point to the Red Hat customer portal
Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
Apply all patches using -p1
Drop local backport of JDK-8243210 which is upstream from 11.0.21+2
Add missing JFR alternative ghost
Move jcmd to the headless package

** This tarball is embargoed until 2023-10-17 @ 1pm PT. **

Resolves: RHEL-12216
Resolves: RHEL-13523
Resolves: RHEL-13524
Resolves: RHEL-3475
Resolves: RHEL-13534
Resolves: RHEL-3493
This commit is contained in:
Andrew Hughes 2023-10-05 03:16:34 +01:00
parent af7e5f6479
commit b76fabc930
8 changed files with 276 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -148,3 +148,6 @@
/openjdk-jdk11u-jdk-11.0.20+7-4curve.tar.xz
/openjdk-jdk11u-jdk-11.0.20+8-4curve.tar.xz
/openjdk-jdk11u-jdk-11.0.20.1+1-4curve.tar.xz
/openjdk-jdk11u-jdk-11.0.21+1.tar.xz
/openjdk-jdk11u-jdk-11.0.21+8.tar.xz
/openjdk-jdk11u-jdk-11.0.21+9.tar.xz

95
fips-11u-b34fb09a5c.patch → fips-11u-f93a863b56.patch
View File

@ -89,7 +89,7 @@ index 3787b12600..dab108a82b 100644
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
index 4cd656a086..e1fc94b5b4 100644
index b40d3114b9..0d1d83cf3e 100644
--- a/make/lib/Lib-java.base.gmk
+++ b/make/lib/Lib-java.base.gmk
@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true)
@ -401,7 +401,7 @@ index 0000000000..8dcb7d9073
+ }
+}
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
index b36510a376..ad5182e1e7 100644
index 5b9552058b..b46de49211 100644
--- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java
@@ -32,6 +32,7 @@ import java.net.URL;
@ -412,16 +412,17 @@ index b36510a376..ad5182e1e7 100644
import jdk.internal.misc.SharedSecrets;
import jdk.internal.util.StaticProperty;
import sun.security.util.Debug;
@@ -47,12 +48,20 @@ import sun.security.jca.*;
@@ -47,6 +48,9 @@ import sun.security.jca.*;
* implementation-specific location, which is typically the properties file
* {@code conf/security/java.security} in the Java installation directory.
*
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
+ *
* @author Benjamin Renaud
* @since 1.1
*/
* @implNote If the properties file fails to load, the JDK implementation will
* throw an unspecified error when initializing the {@code Security} class.
*
@@ -56,6 +60,11 @@ import sun.security.jca.*;
public final class Security {
@ -433,7 +434,7 @@ index b36510a376..ad5182e1e7 100644
/* Are we debugging? -- for developers */
private static final Debug sdebug =
Debug.getInstance("properties");
@@ -67,6 +76,19 @@ public final class Security {
@@ -70,6 +79,19 @@ public final class Security {
}
static {
@ -453,26 +454,19 @@ index b36510a376..ad5182e1e7 100644
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call,
@@ -83,6 +105,7 @@ public final class Security {
@@ -85,6 +107,7 @@ public final class Security {
private static void initialize() {
props = new Properties();
boolean loadedProps = false;
boolean overrideAll = false;
+ boolean systemSecPropsEnabled = false;
// first load the system properties file
// to determine the value of security.overridePropertiesFile
@@ -98,6 +121,7 @@ public final class Security {
if (sdebug != null) {
sdebug.println("reading security properties file: " +
propFile);
+ sdebug.println(props.toString());
}
} catch (IOException e) {
if (sdebug != null) {
@@ -192,6 +216,61 @@ public final class Security {
@@ -105,9 +128,63 @@ public final class Security {
}
loadProps(null, extraPropFile, overrideAll);
}
+
+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
+ if (sdebug != null) {
@ -492,9 +486,7 @@ index b36510a376..ad5182e1e7 100644
+ }
+ }
+
+ // FIPS support depends on the contents of java.security so
+ // ensure it has loaded first
+ if (loadedProps && systemSecPropsEnabled) {
+ if (systemSecPropsEnabled) {
+ boolean shouldEnable;
+ String sysProp = System.getProperty("com.redhat.fips");
+ if (sysProp == null) {
@ -530,15 +522,19 @@ index b36510a376..ad5182e1e7 100644
+ }
}
/*
- private static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
+ static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
InputStream is = null;
try {
if (masterFile != null && masterFile.exists()) {
diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
new file mode 100644
index 0000000000..90f6dd2ebc
index 0000000000..49bf17ea17
--- /dev/null
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,248 @@
@@ -0,0 +1,231 @@
+/*
+ * Copyright (c) 2019, 2021, Red Hat, Inc.
+ * Copyright (c) 2019, 2023, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
@ -616,26 +612,9 @@ index 0000000000..90f6dd2ebc
+ * security.useSystemPropertiesFile is true.
+ */
+ static boolean configureSysProps(Properties props) {
+ boolean systemSecPropsLoaded = false;
+
+ try (BufferedInputStream bis =
+ new BufferedInputStream(
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
+ props.load(bis);
+ systemSecPropsLoaded = true;
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load security properties from " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ e.printStackTrace();
+ }
+ }
+ return systemSecPropsLoaded;
+ // now load the system file, if it exists, so its values
+ // will win if they conflict with the earlier values
+ return Security.loadProps(null, CRYPTO_POLICIES_JAVA_CONFIG, false);
+ }
+
+ /*
@ -1035,7 +1014,7 @@ index e06b2a588c..315a2ce370 100644
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
index c50ba93ecf..de2a91a478 100644
index 2a2b5d7568..891796f19b 100644
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
@@ -27,6 +27,8 @@ package sun.security.ssl;
@ -1046,7 +1025,7 @@ index c50ba93ecf..de2a91a478 100644
+import jdk.internal.misc.SharedSecrets;
import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases;
import static sun.security.util.SecurityProviderConstants.*;
@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2",
@ -1062,12 +1041,12 @@ index c50ba93ecf..de2a91a478 100644
+ }
ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext",
(isfips? null : createAliases("SSL")), null);
(isfips? null : List.of("SSL")), null);
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 9af64321c4..957cd78a55 100644
index c0eed3f884..b03bd9f896 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -85,6 +85,14 @@ security.provider.tbd=Apple
@@ -88,6 +88,14 @@ security.provider.tbd=Apple
security.provider.tbd=SunPKCS11
#endif
@ -1082,7 +1061,7 @@ index 9af64321c4..957cd78a55 100644
#
# A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers.
@@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false
@@ -301,6 +309,11 @@ policy.ignoreIdentityScope=false
#
keystore.type=pkcs12
@ -1094,7 +1073,7 @@ index 9af64321c4..957cd78a55 100644
#
# Controls compatibility mode for JKS and PKCS12 keystore types.
#
@@ -335,6 +348,13 @@ package.definition=sun.misc.,\
@@ -338,6 +351,13 @@ package.definition=sun.misc.,\
#
security.overridePropertiesFile=true
@ -1405,7 +1384,7 @@ index 0000000000..b848a1fd78
+ }
+}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index cf7cd19b68..69cda46f85 100644
index ffbd671246..bdaad67e06 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
@ -1427,7 +1406,7 @@ index cf7cd19b68..69cda46f85 100644
import sun.security.util.Debug;
import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
@@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
*/
public final class SunPKCS11 extends AuthProvider {
@ -1457,7 +1436,7 @@ index cf7cd19b68..69cda46f85 100644
private static final long serialVersionUID = -1354835039035306505L;
static final Debug debug = Debug.getInstance("sunpkcs11");
@@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider {
@@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider {
// request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11;
@ -1474,7 +1453,7 @@ index cf7cd19b68..69cda46f85 100644
} catch (PKCS11Exception e) {
if (debug != null) {
debug.println("Multi-threaded initialization failed: " + e);
@@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider {
@@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider {
initArgs.flags = 0;
}
tmpPKCS11 = PKCS11.getInstance(library,
@ -1483,7 +1462,7 @@ index cf7cd19b68..69cda46f85 100644
}
p11 = tmpPKCS11;
@@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider {
@@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider {
if (nssModule != null) {
nssModule.setProvider(this);
}

105
generate_source_tarball.sh
View File

@ -4,7 +4,6 @@
# Example:
# When used from local repo set REPO_ROOT pointing to file:// with your repo
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
# If you want to use a local copy of patch GH001, set the path to it in the GH001 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=openjdk
@ -26,26 +25,10 @@
# level folder, name is created, based on parameter
#
if [ ! "x$GH001" = "x" ] ; then
if [ ! -f "$GH001" ] ; then
echo "You have specified GH001 as $GH001 but it does not exist. Exiting"
exit 1
fi
fi
if [ ! "x$GH003" = "x" ] ; then
if [ ! -f "$GH003" ] ; then
echo "You have specified GH003 as $GH003 but it does not exist. Exiting"
exit 1
fi
fi
set -e
OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# Corresponding IcedTea version
ICEDTEA_VERSION=6.0
if [ "x$1" = "xhelp" ] ; then
echo -e "Behaviour may be specified by setting the following variables:\n"
@ -56,9 +39,7 @@ if [ "x$1" = "xhelp" ] ; then
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
echo "GH001 - the path to the ECC code patch, GH001, to apply (optional; downloaded if unavailable)"
echo "GH003 - the path to the ECC test patch, GH003, to apply (optional; downloaded if unavailable)"
echo "TO_COMPRESS - what part of clone to pack (default is ${VERSION})"
echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run"
exit 1;
fi
@ -135,8 +116,8 @@ if [ "x$REPO_ROOT" = "x" ] ; then
fi;
if [ "x$TO_COMPRESS" = "x" ] ; then
TO_COMPRESS="openjdk"
echo "No targets to be compressed specified, ; default to ${TO_COMPRESS}"
TO_COMPRESS="${VERSION}"
echo "No targets to be compressed specified ; default to ${TO_COMPRESS}"
fi;
echo -e "Settings:"
@ -148,8 +129,6 @@ echo -e "\tCOMPRESSION: ${COMPRESSION}"
echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
echo -e "\tREPO_ROOT: ${REPO_ROOT}"
echo -e "\tTO_COMPRESS: ${TO_COMPRESS}"
echo -e "\tGH001: ${GH001}"
echo -e "\tGH003: ${GH003}"
echo -e "\tBOOT_JDK: ${BOOT_JDK}"
if [ -d ${FILE_NAME_ROOT} ] ; then
@ -160,81 +139,41 @@ else
mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
git clone -b ${VERSION} ${REPO_ROOT} openjdk
git clone -b ${VERSION} ${REPO_ROOT} ${VERSION}
popd
fi
pushd "${FILE_NAME_ROOT}"
# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
if [ -d openjdk/test ] ; then
if [ -d ${VERSION}/test ] ; then
echo "Removing langtools test case with non-Free license"
rm -vf openjdk/test/langtools/tools/javadoc/api/basic/taglets/UnderlineTaglet.java
fi
if [ -d openjdk/src ]; then
pushd openjdk
echo "Removing EC source code we don't build"
CRYPTO_PATH=src/jdk.crypto.ec/share/native/libsunec/impl
rm -vf ${CRYPTO_PATH}/ec2.h
rm -vf ${CRYPTO_PATH}/ec2_163.c
rm -vf ${CRYPTO_PATH}/ec2_193.c
rm -vf ${CRYPTO_PATH}/ec2_233.c
rm -vf ${CRYPTO_PATH}/ec2_aff.c
rm -vf ${CRYPTO_PATH}/ec2_mont.c
rm -vf ${CRYPTO_PATH}/ecp_192.c
rm -vf ${CRYPTO_PATH}/ecp_224.c
echo "Syncing EC list with NSS"
if [ "x$GH001" = "x" ] ; then
# get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
# Do not push it or publish it
echo "GH001 not found. Downloading..."
wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh001-4curve.patch
echo "Applying ${PWD}/gh001-4curve.patch"
git apply --stat --apply -v -p1 gh001-4curve.patch
rm gh001-4curve.patch
else
echo "Applying ${GH001}"
git apply --stat --apply -v -p1 $GH001
fi;
if [ "x$GH003" = "x" ] ; then
# get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
echo "GH003 not found. Downloading..."
wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh003-4curve.patch
echo "Applying ${PWD}/gh003-4curve.patch"
git apply --stat --apply -v -p1 gh003-4curve.patch
rm gh003-4curve.patch
else
echo "Applying ${GH003}"
git apply --stat --apply -v -p1 $GH003
fi;
find . -name '*.orig' -exec rm -vf '{}' ';' || echo "No .orig files found. This is suspicious, but may happen."
popd
rm -vf ${VERSION}/test/langtools/tools/javadoc/api/basic/taglets/UnderlineTaglet.java
fi
# Generate .src-rev so build has knowledge of the revision the tarball was created from
mkdir build
pushd build
sh ${PWD}/../openjdk/configure --with-boot-jdk=${BOOT_JDK}
sh ${PWD}/../${VERSION}/configure --with-boot-jdk=${BOOT_JDK}
make store-source-revision
popd
rm -rf build
# Remove commit checks
echo "Removing $(find openjdk -name '.jcheck' -print)"
find openjdk -name '.jcheck' -print0 | xargs -0 rm -r
echo "Removing $(find ${VERSION} -name '.jcheck' -print)"
find ${VERSION} -name '.jcheck' -print0 | xargs -0 rm -r
# Remove history and GHA
echo "find openjdk -name '.hgtags'"
find openjdk -name '.hgtags' -exec rm -v '{}' '+'
echo "find openjdk -name '.hgignore'"
find openjdk -name '.hgignore' -exec rm -v '{}' '+'
echo "find openjdk -name '.gitattributes'"
find openjdk -name '.gitattributes' -exec rm -v '{}' '+'
echo "find openjdk -name '.gitignore'"
find openjdk -name '.gitignore' -exec rm -v '{}' '+'
echo "find openjdk -name '.git'"
find openjdk -name '.git' -exec rm -rv '{}' '+'
echo "find openjdk -name '.github'"
find openjdk -name '.github' -exec rm -rv '{}' '+'
echo "find ${VERSION} -name '.hgtags'"
find ${VERSION} -name '.hgtags' -exec rm -v '{}' '+'
echo "find ${VERSION} -name '.hgignore'"
find ${VERSION} -name '.hgignore' -exec rm -v '{}' '+'
echo "find ${VERSION} -name '.gitattributes'"
find ${VERSION} -name '.gitattributes' -exec rm -v '{}' '+'
echo "find ${VERSION} -name '.gitignore'"
find ${VERSION} -name '.gitignore' -exec rm -v '{}' '+'
echo "find ${VERSION} -name '.git'"
find ${VERSION} -name '.git' -exec rm -rv '{}' '+'
echo "find ${VERSION} -name '.github'"
find ${VERSION} -name '.github' -exec rm -rv '{}' '+'
echo "Compressing remaining forest"
if [ "X$COMPRESSION" = "Xxz" ] ; then
@ -242,7 +181,7 @@ pushd "${FILE_NAME_ROOT}"
else
SWITCH=czf
fi
TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
TARBALL_NAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} $TO_COMPRESS
mv ${TARBALL_NAME} ..
popd

94
java-11-openjdk-portable.specfile
View File

@ -339,7 +339,7 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
%global updatever 20
%global updatever 21
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
@ -367,7 +367,7 @@
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora}
%else
%if 0%{?rhel}
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component}
%global oj_vendor_bug_url https://access.redhat.com/support/cases/
%else
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
%endif
@ -378,14 +378,21 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver b34fb09a5c
%global fipsver f93a863b56
# Define JDK versions
%global javaver %{featurever}
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
# Standard JPackage naming and versioning defines
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
%global buildver 9
%global rpmrelease 1
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
@ -400,15 +407,6 @@
# for techpreview, using 1, so slowdebugs can have 0
%global priority %( printf '%08d' 1 )
%endif
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
%global javaver %{featurever}
# Define milestone (EA for pre-releases, GA for releases)
# Release will be (where N is usually a number starting at 1):
@ -568,7 +566,7 @@ URL: http://openjdk.java.net/
# to regenerate source0 (jdk) run update_package.sh
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz
Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x).
@ -671,11 +669,11 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
# need to be reviewed & pushed to the appropriate
# updates tree of OpenJDK.
#############################################
Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch
Patch2002: jdk8242332-rh2108712-sha3-sunpkcs11.patch
#############################################
#
# Patches appearing in 11.0.20
# Patches appearing in 11.0.21
#
# This section includes patches which are present
# in the listed OpenJDK 11u release and should be
@ -683,6 +681,18 @@ Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch
# and used by this RPM.
#############################################
#############################################
#
# Patches appearing in 11.0.22
#
# This section includes patches which are present
# in the listed OpenJDK 8u release and should be
# able to be removed once that release is out
# and used by this RPM.
#############################################
# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
Patch2000: jdk8312489-max_sig_default_increase.patch
#############################################
#
# Portable build specific patches
@ -749,17 +759,17 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.12.1
Provides: bundled(freetype) = 2.13.0
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 7.0.1
Provides: bundled(harfbuzz) = 7.2.0
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.15.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.37
Provides: bundled(libpng) = 1.6.39
# We link statically against libstdc++ to increase portability
BuildRequires: libstdc++-static
%endif
@ -955,12 +965,16 @@ pushd %{top_level_dir_name}
%patch1001 -p1
# nss.cfg PKCS11 support; must come last as it also alters java.security
%patch1000 -p1
# JDK-8312489 backport, coming in 11.0.22
%patch2000 -p1
# PKCS11 SHA3 backport
%patch2001 -p1
%patch2002 -p1
# alt-java
%patch600 -p1
# RSA default
%patch1003 -p1
popd # openjdk
%patch600
%patch1003
# Extract systemtap tapsets
%if %{with_systemtap}
@ -1648,6 +1662,40 @@ done
%{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog
* Wed Feb 12 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.21.0.9-1
- Update to jdk-11.0.21+9 (GA)
- Update release notes to 11.0.21+9
- Switch to GA mode for release
- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2
- Bump freetype version to 2.13.0 following JDK-8306881
- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. **
* Wed Feb 12 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.21.0.1-0.1.ea
- Update to jdk-11.0.21+1 (EA)
- Update release notes to 11.0.21+1
- Switch to EA mode
- Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246
- Re-generate SHA3 patch following backport of JDK-8242151
- Bump libpng version to 1.6.39 following JDK-8305815
- Bump HarfBuzz version to 7.2.0 following JDK-8307301
- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal
- Update bug URL for RHEL to point to the Red Hat customer portal
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Apply all patches using -p1
* Thu May 02 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.1.1-2
- Bump rpmrelease to rebuild for CentOS 9
* Tue Sep 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.1.1-1
- Update to jdk-11.0.20.1+1 (GA)
- Update release notes to 11.0.20.1+1
- Add backport of JDK-8312489 already upstream in 11.0.22 (see OPENJDK-2095)
- Add backport of JDK-8243210 already upstream in 11.0.21 (see RH2229269)
- Update openjdk_news script to specify subdirectory last
- Add missing discover_trees script required by openjdk_news
- Update README.md to match the version in later RHEL releases
- Resolves: rhbz#2236589
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.8-1
- Update to jdk-11.0.20.0+8 (GA)
- Update release notes to 11.0.20.0+8

95
java-11-openjdk.spec
View File

@ -109,8 +109,7 @@
# similarly for other %%{_jvmdir}/{jre,java} and %%{_javadocdir}/{java,java-zip}
%define is_release_build() %( if [ "%{?1}" == "%{debug_suffix_unquoted}" -o "%{?1}" == "%{fastdebug_suffix_unquoted}" ]; then echo "0" ; else echo "1"; fi )
# while JDK is a techpreview(is_system_jdk=0), some provides are turned off. Once jdk stops to be an techpreview, move it to 1
# as sytem JDK, we mean any JDK which can run whole system java stack without issues (like bytecode issues, module issues, dependencies...)
# Indicates whether this is the default JDK on this version of RHEL
%global is_system_jdk 1
%global aarch64 aarch64 arm64 armv8
@ -331,8 +330,8 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
%global updatever 20
%global patchver 1
%global updatever 21
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
# and this it is better to change it here, on single place
@ -359,7 +358,7 @@
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
%else
%if 0%{?rhel}
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{portablerhel}&component=%{name}
%global oj_vendor_bug_url https://access.redhat.com/support/cases/
%else
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
%endif
@ -370,18 +369,25 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver b34fb09a5c
%global fipsver f93a863b56
# Define JDK versions
%global javaver %{featurever}
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
# Standard JPackage naming and versioning defines
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 1
%global buildver 9
# rpmrelease numbering must start at 2 to be later than the 9.0 RPM
%global rpmrelease 2
# Settings used by the portable build
%global portablerelease 2
%global portablerelease 1
%global portablerhel 9
%global portablesuffix el%{portablerhel}
%global portablebuilddir /builddir/build/BUILD
@ -396,18 +402,9 @@
%global combiver $( expr 20 '*' %{patchver} + %{buildver} )
%global priority %( printf '%02d%02d%02d%02d' %{featurever} %{interimver} %{updatever} %{combiver} )
%else
# for techpreview, using 1, so slowdebugs can have 0
# for non-default, using 1, so slowdebugs can have 0
%global priority %( printf '%08d' 1 )
%endif
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
%global javaver %{featurever}
# Define milestone (EA for pre-releases, GA for releases)
# Release will be (where N is usually a number starting at 1):
@ -566,6 +563,7 @@ alternatives \\
--install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jcmd jcmd %{sdkbindir -- %{?1}}/jcmd \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
--slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\
--slave %{_bindir}/pack200 pack200 %{jrebindir -- %{?1}}/pack200 \\
@ -576,6 +574,8 @@ alternatives \\
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/%{alt_java_name}.1$ext %{alt_java_name}.1$ext \\
%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/jcmd.1$ext jcmd.1$ext \\
%{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/jjs.1$ext jjs.1$ext \\
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/keytool.1$ext keytool.1$ext \\
@ -675,7 +675,6 @@ alternatives \\
--slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\
--slave %{_bindir}/javadoc javadoc %{sdkbindir -- %{?1}}/javadoc \\
--slave %{_bindir}/javap javap %{sdkbindir -- %{?1}}/javap \\
--slave %{_bindir}/jcmd jcmd %{sdkbindir -- %{?1}}/jcmd \\
--slave %{_bindir}/jconsole jconsole %{sdkbindir -- %{?1}}/jconsole \\
--slave %{_bindir}/jdb jdb %{sdkbindir -- %{?1}}/jdb \\
--slave %{_bindir}/jdeps jdeps %{sdkbindir -- %{?1}}/jdeps \\
@ -702,8 +701,6 @@ alternatives \\
%{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/javap.1$ext javap.1$ext \\
%{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/jcmd.1$ext jcmd.1$ext \\
%{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/jconsole.1$ext jconsole.1$ext \\
%{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/jdb.1$ext jdb.1$ext \\
@ -841,6 +838,7 @@ exit 0
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/bin
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/java
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/%{alt_java_name}
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jcmd
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jjs
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/keytool
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/pack200
@ -907,6 +905,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jfr/profile.jfc
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/pack200-%{uniquesuffix -- %{?1}}.1*
@ -952,10 +951,11 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/security
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
# RHEL-11313; alternatives not owned by packages
%ghost %{_bindir}/java
%ghost %{_bindir}/%{alt_java_name}
%ghost %{_jvmdir}/jre
# https://bugzilla.redhat.com/show_bug.cgi?id=1312019
%ghost %{_bindir}/%{alt_java_name}
%ghost %{_bindir}/jcmd
%ghost %{_bindir}/jjs
%ghost %{_bindir}/keytool
%ghost %{_bindir}/pack200
@ -981,7 +981,6 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javadoc
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javap
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jconsole
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jcmd
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdb
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeps
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeprscan
@ -1020,7 +1019,6 @@ exit 0
%{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jdb-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jdeps-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jinfo-%{uniquesuffix -- %{?1}}.1*
@ -1040,9 +1038,9 @@ exit 0
%endif
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
# RHEL-11313; alternatives not owned by packages
%ghost %{_bindir}/javac
%ghost %{_jvmdir}/java
%ghost %{_jvmdir}/%{alt_java_name}
%ghost %{_bindir}/jaotc
%ghost %{_bindir}/jlink
%ghost %{_bindir}/jmod
@ -1051,11 +1049,11 @@ exit 0
%ghost %{_bindir}/jarsigner
%ghost %{_bindir}/javadoc
%ghost %{_bindir}/javap
%ghost %{_bindir}/jcmd
%ghost %{_bindir}/jconsole
%ghost %{_bindir}/jdb
%ghost %{_bindir}/jdeps
%ghost %{_bindir}/jdeprscan
%ghost %{_bindir}/jfr
%ghost %{_bindir}/jimage
%ghost %{_bindir}/jinfo
%ghost %{_bindir}/jmap
@ -1313,7 +1311,7 @@ URL: http://openjdk.java.net/
# to regenerate source0 (jdk) run update_package.sh
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz
Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x).
@ -1437,8 +1435,6 @@ Patch2002: jdk8242332-rh2108712-sha3-sunpkcs11.patch
# able to be removed once that release is out
# and used by this RPM.
#############################################
# JDK-8243210, RH2229269: 8243210: ClhsdbScanOops fails with NullPointerException in FileMapHeader.inCopiedVtableSpace
Patch2001: jdk8243210-npe_in_clhsdbscanoops.patch
#############################################
#
@ -1517,17 +1513,17 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.12.1
Provides: bundled(freetype) = 2.13.0
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 7.0.1
Provides: bundled(harfbuzz) = 7.2.0
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.15.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.37
Provides: bundled(libpng) = 1.6.39
%endif
# this is always built, also during debug-only build
@ -1884,14 +1880,14 @@ pushd %{top_level_dir_name}
%patch1000 -p1
# JDK-8312489 backport, coming in 11.0.22
%patch2000 -p1
# JDK-8243210 backport, coming in 11.0.21
%patch2001 -p1
# PKCS11 SHA3 backport
%patch2002 -p1
# alt-java
%patch600 -p1
# RSA default
%patch1003 -p1
popd # openjdk
%patch600
%patch1003
# Prepare desktop files
# The _X_ syntax indicates variables that are replaced by make upstream
@ -2483,6 +2479,29 @@ require "copy_jdk_configs.lua"
%endif
%changelog
* Fri Oct 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.21.0.9-2
- Update to jdk-11.0.21+9 (GA)
- Sync the copy of the portable specfile with the latest update
- Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246
- Re-generate SHA3 patch following backport of JDK-8242151
- Bump libpng version to 1.6.39 following JDK-8305815
- Bump HarfBuzz version to 7.2.0 following JDK-8307301
- Bump freetype version to 2.13.0 following JDK-8306881
- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal
- Update bug URL for RHEL to point to the Red Hat customer portal
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Apply all patches using -p1
- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2
- Add missing JFR alternative ghost
- Move jcmd to the headless package
- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. **
- Resolves: RHEL-12216
- Resolves: RHEL-13523
- Resolves: RHEL-13524
- Resolves: RHEL-3475
- Resolves: RHEL-13534
- Resolves: RHEL-3493
* Fri Sep 08 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.1.1-2
- Set portablerelease and portablerhel to use the CentOS 9 build
- Resolves: RHEL-35437

206
jdk8242332-rh2108712-sha3-sunpkcs11.patch
View File

@ -1,11 +1,11 @@
commit 81c2107a9188680f7c35ebc7697b292d5972436e
commit b8711800e3cd9132ad2b195c82cf816210feb77d
Author: Andrew Hughes <gnu.andrew@redhat.com>
Date: Mon Feb 27 13:22:43 2023 +0000
Date: Thu Oct 5 03:13:01 2023 +0100
Backport 78be334c3817a1b5840922a9bf1339a40dcc5185
diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
index 92ecb9adc0c..a5848c96aad 100644
index b5cc3b05f1..7e235c90dd 100644
--- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java
+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
@@ -155,6 +155,14 @@ public enum KnownOIDs {
@ -24,7 +24,7 @@ index 92ecb9adc0c..a5848c96aad 100644
SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
index 32c089fd96d..7d5c0c7e299 100644
index 32c089fd96..7d5c0c7e29 100644
--- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java
+++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
@@ -168,4 +168,22 @@ public class SignatureUtil {
@ -51,7 +51,7 @@ index 32c089fd96d..7d5c0c7e299 100644
+ }
}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
index 41fe61b8a16..daf0bc9f69c 100644
index 41fe61b8a1..daf0bc9f69 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
@@ -1,5 +1,5 @@
@ -93,7 +93,7 @@ index 41fe61b8a16..daf0bc9f69c 100644
break;
default:
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
index 926414608cb..f343e6025e1 100644
index 926414608c..f343e6025e 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
@@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@ -428,7 +428,7 @@ index 926414608cb..f343e6025e1 100644
-
}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
index c88e4a6ace5..29b26651c39 100644
index c88e4a6ace..29b26651c3 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
@@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@ -465,7 +465,7 @@ index c88e4a6ace5..29b26651c39 100644
break;
case (int)CKM_SSL3_MD5_MAC:
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
index 26eaa4735f1..905b6ea9562 100644
index 1419be3754..18e00a544b 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
@@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec;
@ -738,7 +738,7 @@ index 26eaa4735f1..905b6ea9562 100644
// see JCA spec
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
index e3af106d05a..e49edf32c29 100644
index e3af106d05..e49edf32c2 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
@@ -51,8 +51,15 @@ import sun.security.util.KeyUtil;
@ -970,111 +970,88 @@ index e3af106d05a..e49edf32c29 100644
// return RSASignature.decodeSignature(digestOID, signature);
// }
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index cf7cd19b689..7a8bcffb92c 100644
index ffbd671246..d191831dab 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -550,6 +550,18 @@ public final class SunPKCS11 extends AuthProvider {
d(MD, "SHA-512/256", P11Digest,
s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"),
@@ -546,6 +546,14 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA512_224));
dA(MD, "SHA-512/256", P11Digest,
m(CKM_SHA512_256));
+ d(MD, "SHA3-224", P11Digest,
+ s("2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7"),
+ dA(MD, "SHA3-224", P11Digest,
+ m(CKM_SHA3_224));
+ d(MD, "SHA3-256", P11Digest,
+ s("2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8"),
+ dA(MD, "SHA3-256", P11Digest,
+ m(CKM_SHA3_256));
+ d(MD, "SHA3-384", P11Digest,
+ s("2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9"),
+ dA(MD, "SHA3-384", P11Digest,
+ m(CKM_SHA3_384));
+ d(MD, "SHA3-512", P11Digest,
+ s("2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10"),
+ dA(MD, "SHA3-512", P11Digest,
+ m(CKM_SHA3_512));
d(MAC, "HmacMD5", P11MAC,
m(CKM_MD5_HMAC));
@@ -574,7 +586,18 @@ public final class SunPKCS11 extends AuthProvider {
d(MAC, "HmacSHA512/256", P11MAC,
s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
@@ -563,7 +571,14 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA512_224_HMAC));
dA(MAC, "HmacSHA512/256", P11MAC,
m(CKM_SHA512_256_HMAC));
-
+ d(MAC, "HmacSHA3-224", P11MAC,
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
+ dA(MAC, "HmacSHA3-224", P11MAC,
+ m(CKM_SHA3_224_HMAC));
+ d(MAC, "HmacSHA3-256", P11MAC,
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
+ dA(MAC, "HmacSHA3-256", P11MAC,
+ m(CKM_SHA3_256_HMAC));
+ d(MAC, "HmacSHA3-384", P11MAC,
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
+ dA(MAC, "HmacSHA3-384", P11MAC,
+ m(CKM_SHA3_384_HMAC));
+ d(MAC, "HmacSHA3-512", P11MAC,
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
+ dA(MAC, "HmacSHA3-512", P11MAC,
+ m(CKM_SHA3_512_HMAC));
d(MAC, "SslMacMD5", P11MAC,
m(CKM_SSL3_MD5_MAC));
d(MAC, "SslMacSHA1", P11MAC,
@@ -604,6 +627,41 @@ public final class SunPKCS11 extends AuthProvider {
@@ -595,6 +610,30 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_BLOWFISH_KEY_GEN));
d(KG, "ChaCha20", P11KeyGenerator,
m(CKM_CHACHA20_KEY_GEN));
+ d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1
+ m(CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA1", P11KeyGenerator,
+ s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
+ dA(KG, "HmacSHA1", P11KeyGenerator,
+ m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA224", P11KeyGenerator,
+ s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
+ dA(KG, "HmacSHA224", P11KeyGenerator,
+ m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA256", P11KeyGenerator,
+ s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
+ dA(KG, "HmacSHA256", P11KeyGenerator,
+ m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA384", P11KeyGenerator,
+ s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
+ dA(KG, "HmacSHA384", P11KeyGenerator,
+ m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA512", P11KeyGenerator,
+ s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
+ dA(KG, "HmacSHA512", P11KeyGenerator,
+ m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA512/224", P11KeyGenerator,
+ s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"),
+ dA(KG, "HmacSHA512/224", P11KeyGenerator,
+ m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA512/256", P11KeyGenerator,
+ s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
+ dA(KG, "HmacSHA512/256", P11KeyGenerator,
+ m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-224", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
+ dA(KG, "HmacSHA3-224", P11KeyGenerator,
+ m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-256", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
+ dA(KG, "HmacSHA3-256", P11KeyGenerator,
+ m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-384", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
+ dA(KG, "HmacSHA3-384", P11KeyGenerator,
+ m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-512", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
+ dA(KG, "HmacSHA3-512", P11KeyGenerator,
+ m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
// register (Secret)KeyFactories if there are any mechanisms
// for a particular algorithm that we support
@@ -747,13 +805,40 @@ public final class SunPKCS11 extends AuthProvider {
d(SIG, "SHA512withDSA", P11Signature,
s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"),
@@ -725,37 +764,77 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_DSA_SHA384));
dA(SIG, "SHA512withDSA", P11Signature,
m(CKM_DSA_SHA512));
+ d(SIG, "SHA3-224withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.5", "OID.2.16.840.1.101.3.4.3.5"),
+ dA(SIG, "SHA3-224withDSA", P11Signature,
+ m(CKM_DSA_SHA3_224));
+ d(SIG, "SHA3-256withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.6", "OID.2.16.840.1.101.3.4.3.6"),
+ dA(SIG, "SHA3-256withDSA", P11Signature,
+ m(CKM_DSA_SHA3_256));
+ d(SIG, "SHA3-384withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.7", "OID.2.16.840.1.101.3.4.3.7"),
+ dA(SIG, "SHA3-384withDSA", P11Signature,
+ m(CKM_DSA_SHA3_384));
+ d(SIG, "SHA3-512withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.8", "OID.2.16.840.1.101.3.4.3.8"),
+ dA(SIG, "SHA3-512withDSA", P11Signature,
+ m(CKM_DSA_SHA3_512));
d(SIG, "RawDSAinP1363Format", P11Signature,
s("NONEwithDSAinP1363Format"),
List.of("NONEwithDSAinP1363Format"),
m(CKM_DSA));
d(SIG, "DSAinP1363Format", P11Signature,
s("SHA1withDSAinP1363Format"),
List.of("SHA1withDSAinP1363Format"),
m(CKM_DSA_SHA1, CKM_DSA));
-
+ d(SIG, "SHA224withDSAinP1363Format", P11Signature,
@ -1095,36 +1072,27 @@ index cf7cd19b689..7a8bcffb92c 100644
+ m(CKM_DSA_SHA3_512));
d(SIG, "NONEwithECDSA", P11Signature,
m(CKM_ECDSA));
d(SIG, "SHA1withECDSA", P11Signature,
@@ -761,28 +846,49 @@ public final class SunPKCS11 extends AuthProvider {
dA(SIG, "SHA1withECDSA", P11Signature,
m(CKM_ECDSA_SHA1, CKM_ECDSA));
d(SIG, "SHA224withECDSA", P11Signature,
s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
dA(SIG, "SHA224withECDSA", P11Signature,
- m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA224, CKM_ECDSA));
d(SIG, "SHA256withECDSA", P11Signature,
s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
dA(SIG, "SHA256withECDSA", P11Signature,
- m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA256, CKM_ECDSA));
d(SIG, "SHA384withECDSA", P11Signature,
s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
dA(SIG, "SHA384withECDSA", P11Signature,
- m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA384, CKM_ECDSA));
d(SIG, "SHA512withECDSA", P11Signature,
s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
dA(SIG, "SHA512withECDSA", P11Signature,
- m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA512, CKM_ECDSA));
+ d(SIG, "SHA3-224withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.9", "OID.1.2.840.10045.4.3.9"),
+ dA(SIG, "SHA3-224withECDSA", P11Signature,
+ m(CKM_ECDSA_SHA3_224, CKM_ECDSA));
+ d(SIG, "SHA3-256withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.10", "OID.1.2.840.10045.4.3.10"),
+ dA(SIG, "SHA3-256withECDSA", P11Signature,
+ m(CKM_ECDSA_SHA3_256, CKM_ECDSA));
+ d(SIG, "SHA3-384withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.11", "OID.1.2.840.10045.4.3.11"),
+ dA(SIG, "SHA3-384withECDSA", P11Signature,
+ m(CKM_ECDSA_SHA3_384, CKM_ECDSA));
+ d(SIG, "SHA3-512withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.12", "OID.1.2.840.10045.4.3.12"),
+ dA(SIG, "SHA3-512withECDSA", P11Signature,
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
d(SIG, "NONEwithECDSAinP1363Format", P11Signature,
m(CKM_ECDSA));
@ -1151,29 +1119,25 @@ index cf7cd19b689..7a8bcffb92c 100644
+ d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature,
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
+
d(SIG, "MD2withRSA", P11Signature,
s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
dA(SIG, "MD2withRSA", P11Signature,
m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
@@ -805,6 +911,18 @@ public final class SunPKCS11 extends AuthProvider {
d(SIG, "SHA512withRSA", P11Signature,
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
dA(SIG, "MD5withRSA", P11Signature,
@@ -770,6 +849,14 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
dA(SIG, "SHA512withRSA", P11Signature,
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-224withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.13", "OID.2.16.840.1.101.3.4.3.13"),
+ dA(SIG, "SHA3-224withRSA", P11Signature,
+ m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-256withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.14", "OID.2.16.840.1.101.3.4.3.14"),
+ dA(SIG, "SHA3-256withRSA", P11Signature,
+ m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-384withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.15", "OID.2.16.840.1.101.3.4.3.15"),
+ dA(SIG, "SHA3-384withRSA", P11Signature,
+ m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-512withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.16", "OID.2.16.840.1.101.3.4.3.16"),
+ dA(SIG, "SHA3-512withRSA", P11Signature,
+ m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "RSASSA-PSS", P11PSSSignature,
s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"),
dA(SIG, "RSASSA-PSS", P11PSSSignature,
m(CKM_RSA_PKCS_PSS));
@@ -818,6 +936,14 @@ public final class SunPKCS11 extends AuthProvider {
d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature,
@@ -782,6 +869,14 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA384_RSA_PKCS_PSS));
d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature,
m(CKM_SHA512_RSA_PKCS_PSS));
@ -1189,7 +1153,7 @@ index cf7cd19b689..7a8bcffb92c 100644
d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
index e077943bbc2..cb04b95304d 100644
index e077943bbc..cb04b95304 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
@@ -1,5 +1,5 @@
@ -1215,7 +1179,7 @@ index e077943bbc2..cb04b95304d 100644
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
new file mode 100644
index 00000000000..d6707028d96
index 0000000000..d6707028d9
--- /dev/null
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
@@ -0,0 +1,84 @@
@ -1304,7 +1268,7 @@ index 00000000000..d6707028d96
+ }
+}
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
index b61d10beece..78b7d857e8e 100644
index b61d10beec..78b7d857e8 100644
--- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
@@ -23,7 +23,7 @@
@ -1336,7 +1300,7 @@ index b61d10beece..78b7d857e8e 100644
test("ARCFOUR", 1024, p, TestResult.TBD);
} else if (p.getName().equals("SunPKCS11-NSS")) {
diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
index 59af327c1f2..64c42a6dd06 100644
index 59af327c1f..64c42a6dd0 100644
--- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
+++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
@@ -23,7 +23,7 @@
@ -1421,7 +1385,7 @@ index 59af327c1f2..64c42a6dd06 100644
mac.reset();
diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
index 5cad8859840..7e045232e3a 100644
index 5cad885984..7e045232e3 100644
--- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
+++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
@@ -1,5 +1,5 @@
@ -1514,7 +1478,7 @@ index 5cad8859840..7e045232e3a 100644
}
}
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
index 7ced00630cc..a7a72e8ea3d 100644
index 7ced00630c..a7a72e8ea3 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
@@ -1,5 +1,5 @@
@ -1574,7 +1538,7 @@ index 7ced00630cc..a7a72e8ea3d 100644
byte[] d1 = md.digest(data);
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
index ea7909bc397..268f698276b 100644
index ea7909bc39..268f698276 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
@@ -1,5 +1,5 @@
@ -1655,7 +1619,7 @@ index ea7909bc397..268f698276b 100644
private static void check(byte[] d1, byte[] d2) throws Exception {
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
index b931c8564b2..ace601c7233 100644
index b931c8564b..ace601c723 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
@@ -1,5 +1,5 @@
@ -1744,7 +1708,7 @@ index b931c8564b2..ace601c7233 100644
MessageDigest mdCopy0 = (MessageDigest) mdObj.clone();
diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
index 26eeacffed9..f5de994779c 100644
index 26eeacffed..f5de994779 100644
--- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
+++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
@@ -23,7 +23,7 @@
@ -1770,7 +1734,7 @@ index 26eeacffed9..f5de994779c 100644
sig.update(t);
byte[] signature = sig.sign();
diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
index ccd66599fb0..a2fa7294977 100644
index ccd66599fb..a2fa729497 100644
--- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
@@ -1,5 +1,5 @@
@ -1816,7 +1780,7 @@ index ccd66599fb0..a2fa7294977 100644
PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1",
new MGF1ParameterSpec("SHA-256"), 32,
diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
index 2e4fedbf1d5..f1c0492b5fc 100644
index 2e4fedbf1d..f1c0492b5f 100644
--- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
@@ -1,5 +1,5 @@
@ -1910,7 +1874,7 @@ index 2e4fedbf1d5..f1c0492b5fc 100644
System.out.println("test#4: pass");
}
diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
index 42ca7fa203d..8c132ca7e4f 100644
index 42ca7fa203..8c132ca7e4 100644
--- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
+++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
@@ -23,312 +23,13 @@
@ -2242,7 +2206,7 @@ index 42ca7fa203d..8c132ca7e4f 100644
new Random().nextBytes(data);
sig.initSign(privateKey);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
index 3c3edb5aa6a..11147022771 100644
index 3c3edb5aa6..1114702277 100644
--- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
@@ -1,5 +1,5 @@
@ -2263,7 +2227,7 @@ index 3c3edb5aa6a..11147022771 100644
* @library /test/lib ..
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
new file mode 100644
index 00000000000..b8ea9863327
index 0000000000..b8ea986332
--- /dev/null
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
@@ -0,0 +1,98 @@
@ -2366,7 +2330,7 @@ index 00000000000..b8ea9863327
+ }
+}
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
index 3a6dbe345e9..4c1f7284bbc 100644
index 3a6dbe345e..4c1f7284bb 100644
--- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
@@ -1,5 +1,5 @@
@ -2424,7 +2388,7 @@ index 3a6dbe345e9..4c1f7284bbc 100644
hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
new file mode 100644
index 00000000000..516b17972e5
index 0000000000..516b17972e
--- /dev/null
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
@@ -0,0 +1,140 @@
@ -2569,7 +2533,7 @@ index 00000000000..516b17972e5
+ }
+}
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
index 222f8a2a5ed..3161de6fc50 100644
index 222f8a2a5e..3161de6fc5 100644
--- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
+++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
@@ -1,5 +1,5 @@
@ -2664,7 +2628,7 @@ index 222f8a2a5ed..3161de6fc50 100644
}
}
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
index f469ca17b65..7e5a012a5ec 100644
index f469ca17b6..7e5a012a5e 100644
--- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
+++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
@@ -22,8 +22,8 @@
@ -2697,7 +2661,7 @@ index f469ca17b65..7e5a012a5ec 100644
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
index 49778ea954c..576b1dc4d69 100644
index 49778ea954..576b1dc4d6 100644
--- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
+++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
@@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib}

23
jdk8243210-npe_in_clhsdbscanoops.patch
View File

@ -1,23 +0,0 @@
commit 9d15f3e6537bf7a5ba081b2a6b7339a601ab7ba5
Author: Thomas Stuefe <stuefe@openjdk.org>
Date: Mon Aug 7 18:13:43 2023 +0000
8243210: ClhsdbScanOops fails with NullPointerException in FileMapHeader.inCopiedVtableSpace
Reviewed-by: clanger
Backport-of: 7f634155b5c4b9f07ab73ceb4c6042ac10dad65e
diff --git a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/memory/FileMapInfo.java b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/memory/FileMapInfo.java
index 307598f47f..ef8258525d 100644
--- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/memory/FileMapInfo.java
+++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/memory/FileMapInfo.java
@@ -121,6 +121,9 @@ public class FileMapInfo {
}
public boolean inCopiedVtableSpace(Address vptrAddress) {
+ if (vptrAddress == null) {
+ return false;
+ }
if (vptrAddress.greaterThan(mdRegionBaseAddress) &&
vptrAddress.lessThanOrEqual(mdRegionEndAddress)) {
return true;

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-jdk11u-jdk-11.0.20.1+1-4curve.tar.xz) = 99b57227c4a0bdfa3f44ccef653608a71ab2a8c6bfa01975cbcf915a07ffc59785297f72fe6a27ed226bfac2a33a8821ac1cf5d0600c4d6b1d7790cf42608ca7
SHA512 (openjdk-jdk11u-jdk-11.0.21+9.tar.xz) = 64b283c3eedf31bdf8498141e2e6cde98f82193208939ab65fa43f41a2e5afa4cb006dbd3ba96db9c43f6738a79a2765c66aa92a652e392342de5322f75eff30