From c3614d28f765aa2baa3638839a4ac7cc0b29486d Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 18 Oct 2023 19:26:55 +0000 Subject: [PATCH] import UBI java-11-openjdk-11.0.21.0.9-2.el8 --- .gitignore | 2 +- .java-11-openjdk.metadata | 2 +- ...b09a5c.patch => fips-11u-f93a863b56.patch} | 95 ++++---- SOURCES/java-11-openjdk-portable.specfile | 91 ++++++-- .../jdk8242332-rh2108712-sha3-sunpkcs11.patch | 206 ++++++++---------- .../jdk8312489-max_sig_default_increase.patch | 50 +++++ SPECS/java-11-openjdk.spec | 122 ++++++++--- 7 files changed, 328 insertions(+), 240 deletions(-) rename SOURCES/{fips-11u-b34fb09a5c.patch => fips-11u-f93a863b56.patch} (96%) create mode 100644 SOURCES/jdk8312489-max_sig_default_increase.patch diff --git a/.gitignore b/.gitignore index d0b6103..d0b7eb8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-jdk11u-jdk-11.0.20+8-4curve.tar.xz +SOURCES/openjdk-jdk11u-jdk-11.0.21+9.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index 58dbe67..5b0e718 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -27b1851203504050481d9a2c7b07a3bc39f23908 SOURCES/openjdk-jdk11u-jdk-11.0.20+8-4curve.tar.xz +ddc652d12c849ca56ef68be500ec71bfe88a5a29 SOURCES/openjdk-jdk11u-jdk-11.0.21+9.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/fips-11u-b34fb09a5c.patch b/SOURCES/fips-11u-f93a863b56.patch similarity index 96% rename from SOURCES/fips-11u-b34fb09a5c.patch rename to SOURCES/fips-11u-f93a863b56.patch index 02ce6df..3690cb8 100644 --- a/SOURCES/fips-11u-b34fb09a5c.patch +++ b/SOURCES/fips-11u-f93a863b56.patch @@ -89,7 +89,7 @@ index 3787b12600..dab108a82b 100644 LCMS_CFLAGS:=@LCMS_CFLAGS@ LCMS_LIBS:=@LCMS_LIBS@ diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk -index 4cd656a086..e1fc94b5b4 100644 +index b40d3114b9..0d1d83cf3e 100644 --- a/make/lib/Lib-java.base.gmk +++ b/make/lib/Lib-java.base.gmk @@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true) @@ -401,7 +401,7 @@ index 0000000000..8dcb7d9073 + } +} diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java -index b36510a376..ad5182e1e7 100644 +index 5b9552058b..b46de49211 100644 --- a/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java @@ -32,6 +32,7 @@ import java.net.URL; @@ -412,16 +412,17 @@ index b36510a376..ad5182e1e7 100644 import jdk.internal.misc.SharedSecrets; import jdk.internal.util.StaticProperty; import sun.security.util.Debug; -@@ -47,12 +48,20 @@ import sun.security.jca.*; +@@ -47,6 +48,9 @@ import sun.security.jca.*; * implementation-specific location, which is typically the properties file * {@code conf/security/java.security} in the Java installation directory. * + *

Additional default values of security properties are read from a + * system-specific location, if available.

+ * - * @author Benjamin Renaud - * @since 1.1 - */ + * @implNote If the properties file fails to load, the JDK implementation will + * throw an unspecified error when initializing the {@code Security} class. + * +@@ -56,6 +60,11 @@ import sun.security.jca.*; public final class Security { @@ -433,7 +434,7 @@ index b36510a376..ad5182e1e7 100644 /* Are we debugging? -- for developers */ private static final Debug sdebug = Debug.getInstance("properties"); -@@ -67,6 +76,19 @@ public final class Security { +@@ -70,6 +79,19 @@ public final class Security { } static { @@ -453,26 +454,19 @@ index b36510a376..ad5182e1e7 100644 // doPrivileged here because there are multiple // things in initialize that might require privs. // (the FileInputStream call and the File.exists call, -@@ -83,6 +105,7 @@ public final class Security { +@@ -85,6 +107,7 @@ public final class Security { + private static void initialize() { props = new Properties(); - boolean loadedProps = false; boolean overrideAll = false; + boolean systemSecPropsEnabled = false; // first load the system properties file // to determine the value of security.overridePropertiesFile -@@ -98,6 +121,7 @@ public final class Security { - if (sdebug != null) { - sdebug.println("reading security properties file: " + - propFile); -+ sdebug.println(props.toString()); - } - } catch (IOException e) { - if (sdebug != null) { -@@ -192,6 +216,61 @@ public final class Security { +@@ -105,9 +128,63 @@ public final class Security { } + loadProps(null, extraPropFile, overrideAll); } - ++ + boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false")); + boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH)); + if (sdebug != null) { @@ -492,9 +486,7 @@ index b36510a376..ad5182e1e7 100644 + } + } + -+ // FIPS support depends on the contents of java.security so -+ // ensure it has loaded first -+ if (loadedProps && systemSecPropsEnabled) { ++ if (systemSecPropsEnabled) { + boolean shouldEnable; + String sysProp = System.getProperty("com.redhat.fips"); + if (sysProp == null) { @@ -530,15 +522,19 @@ index b36510a376..ad5182e1e7 100644 + } } - /* +- private static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) { ++ static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) { + InputStream is = null; + try { + if (masterFile != null && masterFile.exists()) { diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java new file mode 100644 -index 0000000000..90f6dd2ebc +index 0000000000..49bf17ea17 --- /dev/null +++ b/src/java.base/share/classes/java/security/SystemConfigurator.java -@@ -0,0 +1,248 @@ +@@ -0,0 +1,231 @@ +/* -+ * Copyright (c) 2019, 2021, Red Hat, Inc. ++ * Copyright (c) 2019, 2023, Red Hat, Inc. + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * @@ -616,26 +612,9 @@ index 0000000000..90f6dd2ebc + * security.useSystemPropertiesFile is true. + */ + static boolean configureSysProps(Properties props) { -+ boolean systemSecPropsLoaded = false; -+ -+ try (BufferedInputStream bis = -+ new BufferedInputStream( -+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) { -+ props.load(bis); -+ systemSecPropsLoaded = true; -+ if (sdebug != null) { -+ sdebug.println("reading system security properties file " + -+ CRYPTO_POLICIES_JAVA_CONFIG); -+ sdebug.println(props.toString()); -+ } -+ } catch (IOException e) { -+ if (sdebug != null) { -+ sdebug.println("unable to load security properties from " + -+ CRYPTO_POLICIES_JAVA_CONFIG); -+ e.printStackTrace(); -+ } -+ } -+ return systemSecPropsLoaded; ++ // now load the system file, if it exists, so its values ++ // will win if they conflict with the earlier values ++ return Security.loadProps(null, CRYPTO_POLICIES_JAVA_CONFIG, false); + } + + /* @@ -1035,7 +1014,7 @@ index e06b2a588c..315a2ce370 100644 candidates = new ProtocolVersion[] { ProtocolVersion.TLS13, diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java -index c50ba93ecf..de2a91a478 100644 +index 2a2b5d7568..891796f19b 100644 --- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java +++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java @@ -27,6 +27,8 @@ package sun.security.ssl; @@ -1046,7 +1025,7 @@ index c50ba93ecf..de2a91a478 100644 +import jdk.internal.misc.SharedSecrets; import sun.security.rsa.SunRsaSignEntries; import static sun.security.util.SecurityConstants.PROVIDER_VER; - import static sun.security.provider.SunEntries.createAliases; + import static sun.security.util.SecurityProviderConstants.*; @@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider { "sun.security.ssl.SSLContextImpl$TLS11Context", null, null); ps("SSLContext", "TLSv1.2", @@ -1062,12 +1041,12 @@ index c50ba93ecf..de2a91a478 100644 + } ps("SSLContext", "TLS", "sun.security.ssl.SSLContextImpl$TLSContext", - (isfips? null : createAliases("SSL")), null); + (isfips? null : List.of("SSL")), null); diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security -index 9af64321c4..957cd78a55 100644 +index c0eed3f884..b03bd9f896 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security -@@ -85,6 +85,14 @@ security.provider.tbd=Apple +@@ -88,6 +88,14 @@ security.provider.tbd=Apple security.provider.tbd=SunPKCS11 #endif @@ -1082,7 +1061,7 @@ index 9af64321c4..957cd78a55 100644 # # A list of preferred providers for specific algorithms. These providers will # be searched for matching algorithms before the list of registered providers. -@@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false +@@ -301,6 +309,11 @@ policy.ignoreIdentityScope=false # keystore.type=pkcs12 @@ -1094,7 +1073,7 @@ index 9af64321c4..957cd78a55 100644 # # Controls compatibility mode for JKS and PKCS12 keystore types. # -@@ -335,6 +348,13 @@ package.definition=sun.misc.,\ +@@ -338,6 +351,13 @@ package.definition=sun.misc.,\ # security.overridePropertiesFile=true @@ -1405,7 +1384,7 @@ index 0000000000..b848a1fd78 + } +} diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java -index cf7cd19b68..69cda46f85 100644 +index ffbd671246..bdaad67e06 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -26,6 +26,9 @@ @@ -1427,7 +1406,7 @@ index cf7cd19b68..69cda46f85 100644 import sun.security.util.Debug; import sun.security.util.ResourcesMgr; import static sun.security.util.SecurityConstants.PROVIDER_VER; -@@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; +@@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; */ public final class SunPKCS11 extends AuthProvider { @@ -1457,7 +1436,7 @@ index cf7cd19b68..69cda46f85 100644 private static final long serialVersionUID = -1354835039035306505L; static final Debug debug = Debug.getInstance("sunpkcs11"); -@@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider { +@@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider { // request multithreaded access first initArgs.flags = CKF_OS_LOCKING_OK; PKCS11 tmpPKCS11; @@ -1474,7 +1453,7 @@ index cf7cd19b68..69cda46f85 100644 } catch (PKCS11Exception e) { if (debug != null) { debug.println("Multi-threaded initialization failed: " + e); -@@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider { +@@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider { initArgs.flags = 0; } tmpPKCS11 = PKCS11.getInstance(library, @@ -1483,7 +1462,7 @@ index cf7cd19b68..69cda46f85 100644 } p11 = tmpPKCS11; -@@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider { +@@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider { if (nssModule != null) { nssModule.setProvider(this); } diff --git a/SOURCES/java-11-openjdk-portable.specfile b/SOURCES/java-11-openjdk-portable.specfile index 4fd5ec5..91f1806 100644 --- a/SOURCES/java-11-openjdk-portable.specfile +++ b/SOURCES/java-11-openjdk-portable.specfile @@ -339,7 +339,7 @@ # New Version-String scheme-style defines %global featurever 11 %global interimver 0 -%global updatever 20 +%global updatever 21 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -367,7 +367,7 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif @@ -378,14 +378,21 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver b34fb09a5c +%global fipsver f93a863b56 +# Define JDK versions +%global javaver %{featurever} +%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} +# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames +%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) +# The tag used to create the OpenJDK tarball +%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 8 +%global buildver 9 %global rpmrelease 1 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -400,15 +407,6 @@ # for techpreview, using 1, so slowdebugs can have 0 %global priority %( printf '%08d' 1 ) %endif -%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} - -# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames -%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) - -# The tag used to create the OpenJDK tarball -%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} - -%global javaver %{featurever} # Define milestone (EA for pre-releases, GA for releases) # Release will be (where N is usually a number starting at 1): @@ -568,7 +566,7 @@ URL: http://openjdk.java.net/ # to regenerate source0 (jdk) run update_package.sh # update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives -Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz +Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (6.x). @@ -671,11 +669,11 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 # need to be reviewed & pushed to the appropriate # updates tree of OpenJDK. ############################################# -Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch +Patch2002: jdk8242332-rh2108712-sha3-sunpkcs11.patch ############################################# # -# Patches appearing in 11.0.20 +# Patches appearing in 11.0.21 # # This section includes patches which are present # in the listed OpenJDK 11u release and should be @@ -683,6 +681,18 @@ Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch # and used by this RPM. ############################################# +############################################# +# +# Patches appearing in 11.0.22 +# +# This section includes patches which are present +# in the listed OpenJDK 8u release and should be +# able to be removed once that release is out +# and used by this RPM. +############################################# +# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar +Patch2000: jdk8312489-max_sig_default_increase.patch + ############################################# # # Portable build specific patches @@ -749,17 +759,17 @@ BuildRequires: libjpeg-devel BuildRequires: libpng-devel %else # Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h -Provides: bundled(freetype) = 2.12.1 +Provides: bundled(freetype) = 2.13.0 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.1 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h -Provides: bundled(harfbuzz) = 7.0.1 +Provides: bundled(harfbuzz) = 7.2.0 # Version in src/java.desktop/share/native/liblcms/lcms2.h Provides: bundled(lcms2) = 2.15.0 # Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h Provides: bundled(libjpeg) = 6b # Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h -Provides: bundled(libpng) = 1.6.37 +Provides: bundled(libpng) = 1.6.39 # We link statically against libstdc++ to increase portability BuildRequires: libstdc++-static %endif @@ -955,12 +965,16 @@ pushd %{top_level_dir_name} %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 +# JDK-8312489 backport, coming in 11.0.22 +%patch2000 -p1 # PKCS11 SHA3 backport -%patch2001 -p1 +%patch2002 -p1 +# alt-java +%patch600 -p1 +# RSA default +%patch1003 -p1 popd # openjdk -%patch600 -%patch1003 # Extract systemtap tapsets %if %{with_systemtap} @@ -1648,6 +1662,37 @@ done %{_jvmdir}/%{miscportablearchive}.sha256sum %changelog +* Wed Oct 11 2023 Andrew Hughes - 1:11.0.21.0.9-1 +- Update to jdk-11.0.21+9 (GA) +- Update release notes to 11.0.21+9 +- Switch to GA mode for release +- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2 +- Bump freetype version to 2.13.0 following JDK-8306881 +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** + +* Thu Oct 05 2023 Andrew Hughes - 1:11.0.21.0.1-0.1.ea +- Update to jdk-11.0.21+1 (EA) +- Update release notes to 11.0.21+1 +- Switch to EA mode +- Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246 +- Re-generate SHA3 patch following backport of JDK-8242151 +- Bump libpng version to 1.6.39 following JDK-8305815 +- Bump HarfBuzz version to 7.2.0 following JDK-8307301 +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Apply all patches using -p1 + +* Tue Sep 05 2023 Andrew Hughes - 1:11.0.20.1.1-1 +- Update to jdk-11.0.20.1+1 (GA) +- Update release notes to 11.0.20.1+1 +- Add backport of JDK-8312489 already upstream in 11.0.22 (see OPENJDK-2095) +- Add backport of JDK-8243210 already upstream in 11.0.21 (see RH2229269) +- Update openjdk_news script to specify subdirectory last +- Add missing discover_trees script required by openjdk_news +- Update README.md to match the version in later RHEL releases +- Resolves: rhbz#2236589 + * Fri Jul 14 2023 Andrew Hughes - 1:11.0.20.0.8-1 - Update to jdk-11.0.20.0+8 (GA) - Update release notes to 11.0.20.0+8 diff --git a/SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch b/SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch index a6192a4..cc28540 100644 --- a/SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch +++ b/SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch @@ -1,11 +1,11 @@ -commit 81c2107a9188680f7c35ebc7697b292d5972436e +commit b8711800e3cd9132ad2b195c82cf816210feb77d Author: Andrew Hughes -Date: Mon Feb 27 13:22:43 2023 +0000 +Date: Thu Oct 5 03:13:01 2023 +0100 Backport 78be334c3817a1b5840922a9bf1339a40dcc5185 diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java -index 92ecb9adc0c..a5848c96aad 100644 +index b5cc3b05f1..7e235c90dd 100644 --- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java +++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java @@ -155,6 +155,14 @@ public enum KnownOIDs { @@ -24,7 +24,7 @@ index 92ecb9adc0c..a5848c96aad 100644 SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"), SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"), diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java -index 32c089fd96d..7d5c0c7e299 100644 +index 32c089fd96..7d5c0c7e29 100644 --- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java +++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java @@ -168,4 +168,22 @@ public class SignatureUtil { @@ -51,7 +51,7 @@ index 32c089fd96d..7d5c0c7e299 100644 + } } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java -index 41fe61b8a16..daf0bc9f69c 100644 +index 41fe61b8a1..daf0bc9f69 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java @@ -1,5 +1,5 @@ @@ -93,7 +93,7 @@ index 41fe61b8a16..daf0bc9f69c 100644 break; default: diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java -index 926414608cb..f343e6025e1 100644 +index 926414608c..f343e6025e 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java @@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -428,7 +428,7 @@ index 926414608cb..f343e6025e1 100644 - } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java -index c88e4a6ace5..29b26651c39 100644 +index c88e4a6ace..29b26651c3 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java @@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -465,7 +465,7 @@ index c88e4a6ace5..29b26651c39 100644 break; case (int)CKM_SSL3_MD5_MAC: diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java -index 26eaa4735f1..905b6ea9562 100644 +index 1419be3754..18e00a544b 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java @@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec; @@ -738,7 +738,7 @@ index 26eaa4735f1..905b6ea9562 100644 // see JCA spec diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java -index e3af106d05a..e49edf32c29 100644 +index e3af106d05..e49edf32c2 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java @@ -51,8 +51,15 @@ import sun.security.util.KeyUtil; @@ -970,111 +970,88 @@ index e3af106d05a..e49edf32c29 100644 // return RSASignature.decodeSignature(digestOID, signature); // } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java -index cf7cd19b689..7a8bcffb92c 100644 +index ffbd671246..d191831dab 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java -@@ -550,6 +550,18 @@ public final class SunPKCS11 extends AuthProvider { - d(MD, "SHA-512/256", P11Digest, - s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"), +@@ -546,6 +546,14 @@ public final class SunPKCS11 extends AuthProvider { + m(CKM_SHA512_224)); + dA(MD, "SHA-512/256", P11Digest, m(CKM_SHA512_256)); -+ d(MD, "SHA3-224", P11Digest, -+ s("2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7"), ++ dA(MD, "SHA3-224", P11Digest, + m(CKM_SHA3_224)); -+ d(MD, "SHA3-256", P11Digest, -+ s("2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8"), ++ dA(MD, "SHA3-256", P11Digest, + m(CKM_SHA3_256)); -+ d(MD, "SHA3-384", P11Digest, -+ s("2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9"), ++ dA(MD, "SHA3-384", P11Digest, + m(CKM_SHA3_384)); -+ d(MD, "SHA3-512", P11Digest, -+ s("2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10"), ++ dA(MD, "SHA3-512", P11Digest, + m(CKM_SHA3_512)); d(MAC, "HmacMD5", P11MAC, m(CKM_MD5_HMAC)); -@@ -574,7 +586,18 @@ public final class SunPKCS11 extends AuthProvider { - d(MAC, "HmacSHA512/256", P11MAC, - s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"), +@@ -563,7 +571,14 @@ public final class SunPKCS11 extends AuthProvider { + m(CKM_SHA512_224_HMAC)); + dA(MAC, "HmacSHA512/256", P11MAC, m(CKM_SHA512_256_HMAC)); - -+ d(MAC, "HmacSHA3-224", P11MAC, -+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"), ++ dA(MAC, "HmacSHA3-224", P11MAC, + m(CKM_SHA3_224_HMAC)); -+ d(MAC, "HmacSHA3-256", P11MAC, -+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"), ++ dA(MAC, "HmacSHA3-256", P11MAC, + m(CKM_SHA3_256_HMAC)); -+ d(MAC, "HmacSHA3-384", P11MAC, -+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"), ++ dA(MAC, "HmacSHA3-384", P11MAC, + m(CKM_SHA3_384_HMAC)); -+ d(MAC, "HmacSHA3-512", P11MAC, -+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"), ++ dA(MAC, "HmacSHA3-512", P11MAC, + m(CKM_SHA3_512_HMAC)); d(MAC, "SslMacMD5", P11MAC, m(CKM_SSL3_MD5_MAC)); d(MAC, "SslMacSHA1", P11MAC, -@@ -604,6 +627,41 @@ public final class SunPKCS11 extends AuthProvider { +@@ -595,6 +610,30 @@ public final class SunPKCS11 extends AuthProvider { m(CKM_BLOWFISH_KEY_GEN)); d(KG, "ChaCha20", P11KeyGenerator, m(CKM_CHACHA20_KEY_GEN)); + d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1 + m(CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA1", P11KeyGenerator, -+ s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"), ++ dA(KG, "HmacSHA1", P11KeyGenerator, + m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA224", P11KeyGenerator, -+ s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"), ++ dA(KG, "HmacSHA224", P11KeyGenerator, + m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA256", P11KeyGenerator, -+ s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"), ++ dA(KG, "HmacSHA256", P11KeyGenerator, + m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA384", P11KeyGenerator, -+ s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"), ++ dA(KG, "HmacSHA384", P11KeyGenerator, + m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA512", P11KeyGenerator, -+ s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"), ++ dA(KG, "HmacSHA512", P11KeyGenerator, + m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA512/224", P11KeyGenerator, -+ s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"), ++ dA(KG, "HmacSHA512/224", P11KeyGenerator, + m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA512/256", P11KeyGenerator, -+ s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"), ++ dA(KG, "HmacSHA512/256", P11KeyGenerator, + m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA3-224", P11KeyGenerator, -+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"), ++ dA(KG, "HmacSHA3-224", P11KeyGenerator, + m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA3-256", P11KeyGenerator, -+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"), ++ dA(KG, "HmacSHA3-256", P11KeyGenerator, + m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA3-384", P11KeyGenerator, -+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"), ++ dA(KG, "HmacSHA3-384", P11KeyGenerator, + m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); -+ d(KG, "HmacSHA3-512", P11KeyGenerator, -+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"), ++ dA(KG, "HmacSHA3-512", P11KeyGenerator, + m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); // register (Secret)KeyFactories if there are any mechanisms // for a particular algorithm that we support -@@ -747,13 +805,40 @@ public final class SunPKCS11 extends AuthProvider { - d(SIG, "SHA512withDSA", P11Signature, - s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"), +@@ -725,37 +764,77 @@ public final class SunPKCS11 extends AuthProvider { + m(CKM_DSA_SHA384)); + dA(SIG, "SHA512withDSA", P11Signature, m(CKM_DSA_SHA512)); -+ d(SIG, "SHA3-224withDSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.5", "OID.2.16.840.1.101.3.4.3.5"), ++ dA(SIG, "SHA3-224withDSA", P11Signature, + m(CKM_DSA_SHA3_224)); -+ d(SIG, "SHA3-256withDSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.6", "OID.2.16.840.1.101.3.4.3.6"), ++ dA(SIG, "SHA3-256withDSA", P11Signature, + m(CKM_DSA_SHA3_256)); -+ d(SIG, "SHA3-384withDSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.7", "OID.2.16.840.1.101.3.4.3.7"), ++ dA(SIG, "SHA3-384withDSA", P11Signature, + m(CKM_DSA_SHA3_384)); -+ d(SIG, "SHA3-512withDSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.8", "OID.2.16.840.1.101.3.4.3.8"), ++ dA(SIG, "SHA3-512withDSA", P11Signature, + m(CKM_DSA_SHA3_512)); d(SIG, "RawDSAinP1363Format", P11Signature, - s("NONEwithDSAinP1363Format"), + List.of("NONEwithDSAinP1363Format"), m(CKM_DSA)); d(SIG, "DSAinP1363Format", P11Signature, - s("SHA1withDSAinP1363Format"), + List.of("SHA1withDSAinP1363Format"), m(CKM_DSA_SHA1, CKM_DSA)); - + d(SIG, "SHA224withDSAinP1363Format", P11Signature, @@ -1095,36 +1072,27 @@ index cf7cd19b689..7a8bcffb92c 100644 + m(CKM_DSA_SHA3_512)); d(SIG, "NONEwithECDSA", P11Signature, m(CKM_ECDSA)); - d(SIG, "SHA1withECDSA", P11Signature, -@@ -761,28 +846,49 @@ public final class SunPKCS11 extends AuthProvider { + dA(SIG, "SHA1withECDSA", P11Signature, m(CKM_ECDSA_SHA1, CKM_ECDSA)); - d(SIG, "SHA224withECDSA", P11Signature, - s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"), + dA(SIG, "SHA224withECDSA", P11Signature, - m(CKM_ECDSA)); + m(CKM_ECDSA_SHA224, CKM_ECDSA)); - d(SIG, "SHA256withECDSA", P11Signature, - s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"), + dA(SIG, "SHA256withECDSA", P11Signature, - m(CKM_ECDSA)); + m(CKM_ECDSA_SHA256, CKM_ECDSA)); - d(SIG, "SHA384withECDSA", P11Signature, - s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"), + dA(SIG, "SHA384withECDSA", P11Signature, - m(CKM_ECDSA)); + m(CKM_ECDSA_SHA384, CKM_ECDSA)); - d(SIG, "SHA512withECDSA", P11Signature, - s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"), + dA(SIG, "SHA512withECDSA", P11Signature, - m(CKM_ECDSA)); + m(CKM_ECDSA_SHA512, CKM_ECDSA)); -+ d(SIG, "SHA3-224withECDSA", P11Signature, -+ s("1.2.840.10045.4.3.9", "OID.1.2.840.10045.4.3.9"), ++ dA(SIG, "SHA3-224withECDSA", P11Signature, + m(CKM_ECDSA_SHA3_224, CKM_ECDSA)); -+ d(SIG, "SHA3-256withECDSA", P11Signature, -+ s("1.2.840.10045.4.3.10", "OID.1.2.840.10045.4.3.10"), ++ dA(SIG, "SHA3-256withECDSA", P11Signature, + m(CKM_ECDSA_SHA3_256, CKM_ECDSA)); -+ d(SIG, "SHA3-384withECDSA", P11Signature, -+ s("1.2.840.10045.4.3.11", "OID.1.2.840.10045.4.3.11"), ++ dA(SIG, "SHA3-384withECDSA", P11Signature, + m(CKM_ECDSA_SHA3_384, CKM_ECDSA)); -+ d(SIG, "SHA3-512withECDSA", P11Signature, -+ s("1.2.840.10045.4.3.12", "OID.1.2.840.10045.4.3.12"), ++ dA(SIG, "SHA3-512withECDSA", P11Signature, + m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); d(SIG, "NONEwithECDSAinP1363Format", P11Signature, m(CKM_ECDSA)); @@ -1151,29 +1119,25 @@ index cf7cd19b689..7a8bcffb92c 100644 + d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature, + m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); + - d(SIG, "MD2withRSA", P11Signature, - s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"), + dA(SIG, "MD2withRSA", P11Signature, m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); -@@ -805,6 +911,18 @@ public final class SunPKCS11 extends AuthProvider { - d(SIG, "SHA512withRSA", P11Signature, - s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), + dA(SIG, "MD5withRSA", P11Signature, +@@ -770,6 +849,14 @@ public final class SunPKCS11 extends AuthProvider { + m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + dA(SIG, "SHA512withRSA", P11Signature, m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); -+ d(SIG, "SHA3-224withRSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.13", "OID.2.16.840.1.101.3.4.3.13"), ++ dA(SIG, "SHA3-224withRSA", P11Signature, + m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); -+ d(SIG, "SHA3-256withRSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.14", "OID.2.16.840.1.101.3.4.3.14"), ++ dA(SIG, "SHA3-256withRSA", P11Signature, + m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); -+ d(SIG, "SHA3-384withRSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.15", "OID.2.16.840.1.101.3.4.3.15"), ++ dA(SIG, "SHA3-384withRSA", P11Signature, + m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); -+ d(SIG, "SHA3-512withRSA", P11Signature, -+ s("2.16.840.1.101.3.4.3.16", "OID.2.16.840.1.101.3.4.3.16"), ++ dA(SIG, "SHA3-512withRSA", P11Signature, + m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); - d(SIG, "RSASSA-PSS", P11PSSSignature, - s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"), + dA(SIG, "RSASSA-PSS", P11PSSSignature, m(CKM_RSA_PKCS_PSS)); -@@ -818,6 +936,14 @@ public final class SunPKCS11 extends AuthProvider { + d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature, +@@ -782,6 +869,14 @@ public final class SunPKCS11 extends AuthProvider { m(CKM_SHA384_RSA_PKCS_PSS)); d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature, m(CKM_SHA512_RSA_PKCS_PSS)); @@ -1189,7 +1153,7 @@ index cf7cd19b689..7a8bcffb92c 100644 d(KG, "SunTlsRsaPremasterSecret", "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java -index e077943bbc2..cb04b95304d 100644 +index e077943bbc..cb04b95304 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java @@ -1,5 +1,5 @@ @@ -1215,7 +1179,7 @@ index e077943bbc2..cb04b95304d 100644 diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java new file mode 100644 -index 00000000000..d6707028d96 +index 0000000000..d6707028d9 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java @@ -0,0 +1,84 @@ @@ -1304,7 +1268,7 @@ index 00000000000..d6707028d96 + } +} diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java -index b61d10beece..78b7d857e8e 100644 +index b61d10beec..78b7d857e8 100644 --- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java +++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java @@ -23,7 +23,7 @@ @@ -1336,7 +1300,7 @@ index b61d10beece..78b7d857e8e 100644 test("ARCFOUR", 1024, p, TestResult.TBD); } else if (p.getName().equals("SunPKCS11-NSS")) { diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java -index 59af327c1f2..64c42a6dd06 100644 +index 59af327c1f..64c42a6dd0 100644 --- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java +++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java @@ -23,7 +23,7 @@ @@ -1421,7 +1385,7 @@ index 59af327c1f2..64c42a6dd06 100644 mac.reset(); diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java -index 5cad8859840..7e045232e3a 100644 +index 5cad885984..7e045232e3 100644 --- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java +++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java @@ -1,5 +1,5 @@ @@ -1514,7 +1478,7 @@ index 5cad8859840..7e045232e3a 100644 } } diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java -index 7ced00630cc..a7a72e8ea3d 100644 +index 7ced00630c..a7a72e8ea3 100644 --- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java @@ -1,5 +1,5 @@ @@ -1574,7 +1538,7 @@ index 7ced00630cc..a7a72e8ea3d 100644 byte[] d1 = md.digest(data); diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java -index ea7909bc397..268f698276b 100644 +index ea7909bc39..268f698276 100644 --- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java @@ -1,5 +1,5 @@ @@ -1655,7 +1619,7 @@ index ea7909bc397..268f698276b 100644 private static void check(byte[] d1, byte[] d2) throws Exception { diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java -index b931c8564b2..ace601c7233 100644 +index b931c8564b..ace601c723 100644 --- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java @@ -1,5 +1,5 @@ @@ -1744,7 +1708,7 @@ index b931c8564b2..ace601c7233 100644 MessageDigest mdCopy0 = (MessageDigest) mdObj.clone(); diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java -index 26eeacffed9..f5de994779c 100644 +index 26eeacffed..f5de994779 100644 --- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java +++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java @@ -23,7 +23,7 @@ @@ -1770,7 +1734,7 @@ index 26eeacffed9..f5de994779c 100644 sig.update(t); byte[] signature = sig.sign(); diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java -index ccd66599fb0..a2fa7294977 100644 +index ccd66599fb..a2fa729497 100644 --- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java @@ -1,5 +1,5 @@ @@ -1816,7 +1780,7 @@ index ccd66599fb0..a2fa7294977 100644 PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java -index 2e4fedbf1d5..f1c0492b5fc 100644 +index 2e4fedbf1d..f1c0492b5f 100644 --- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java @@ -1,5 +1,5 @@ @@ -1910,7 +1874,7 @@ index 2e4fedbf1d5..f1c0492b5fc 100644 System.out.println("test#4: pass"); } diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java -index 42ca7fa203d..8c132ca7e4f 100644 +index 42ca7fa203..8c132ca7e4 100644 --- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java +++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java @@ -23,312 +23,13 @@ @@ -2242,7 +2206,7 @@ index 42ca7fa203d..8c132ca7e4f 100644 new Random().nextBytes(data); sig.initSign(privateKey); diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java -index 3c3edb5aa6a..11147022771 100644 +index 3c3edb5aa6..1114702277 100644 --- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java @@ -1,5 +1,5 @@ @@ -2263,7 +2227,7 @@ index 3c3edb5aa6a..11147022771 100644 * @library /test/lib .. diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java new file mode 100644 -index 00000000000..b8ea9863327 +index 0000000000..b8ea986332 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java @@ -0,0 +1,98 @@ @@ -2366,7 +2330,7 @@ index 00000000000..b8ea9863327 + } +} diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java -index 3a6dbe345e9..4c1f7284bbc 100644 +index 3a6dbe345e..4c1f7284bb 100644 --- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java @@ -1,5 +1,5 @@ @@ -2424,7 +2388,7 @@ index 3a6dbe345e9..4c1f7284bbc 100644 hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1); diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java new file mode 100644 -index 00000000000..516b17972e5 +index 0000000000..516b17972e --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java @@ -0,0 +1,140 @@ @@ -2569,7 +2533,7 @@ index 00000000000..516b17972e5 + } +} diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java -index 222f8a2a5ed..3161de6fc50 100644 +index 222f8a2a5e..3161de6fc5 100644 --- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java +++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java @@ -1,5 +1,5 @@ @@ -2664,7 +2628,7 @@ index 222f8a2a5ed..3161de6fc50 100644 } } diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java -index f469ca17b65..7e5a012a5ec 100644 +index f469ca17b6..7e5a012a5e 100644 --- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java +++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java @@ -22,8 +22,8 @@ @@ -2697,7 +2661,7 @@ index f469ca17b65..7e5a012a5ec 100644 kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt -index 49778ea954c..576b1dc4d69 100644 +index 49778ea954..576b1dc4d6 100644 --- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt +++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt @@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib} diff --git a/SOURCES/jdk8312489-max_sig_default_increase.patch b/SOURCES/jdk8312489-max_sig_default_increase.patch new file mode 100644 index 0000000..e0c4eeb --- /dev/null +++ b/SOURCES/jdk8312489-max_sig_default_increase.patch @@ -0,0 +1,50 @@ +commit 50074a04e62f91faa080b831d9ce343396ead252 +Author: Andrew John Hughes +Date: Tue Sep 5 20:48:42 2023 +0000 + + 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar + + Backport-of: e47a84f23dd2608c6f5748093eefe301fb5bf750 + +diff --git a/src/java.base/share/classes/java/util/jar/JarFile.java b/src/java.base/share/classes/java/util/jar/JarFile.java +index cb7e308e0d..cce897c0d3 100644 +--- a/src/java.base/share/classes/java/util/jar/JarFile.java ++++ b/src/java.base/share/classes/java/util/jar/JarFile.java +@@ -809,7 +809,9 @@ class JarFile extends ZipFile { + throw new IOException("Unsupported size: " + uncompressedSize + + " for JarEntry " + ze.getName() + + ". Allowed max size: " + +- SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes"); ++ SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " + ++ "You can use the jdk.jar.maxSignatureFileSize " + ++ "system property to increase the default value."); + } + int len = (int)uncompressedSize; + int bytesRead; +diff --git a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java +index cb477fc134..a766b8249f 100644 +--- a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java ++++ b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java +@@ -852,16 +852,16 @@ public class SignatureFileVerifier { + * the maximum allowed number of bytes for the signature-related files + * in a JAR file. + */ +- Integer tmp = GetIntegerAction.privilegedGetProperty( +- "jdk.jar.maxSignatureFileSize", 8000000); ++ int tmp = GetIntegerAction.privilegedGetProperty( ++ "jdk.jar.maxSignatureFileSize", 16000000); + if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { + if (debug != null) { +- debug.println("Default signature file size 8000000 bytes " + +- "is used as the specified size for the " + +- "jdk.jar.maxSignatureFileSize system property " + ++ debug.println("The default signature file size of 16000000 bytes " + ++ "will be used for the jdk.jar.maxSignatureFileSize " + ++ "system property since the specified value " + + "is out of range: " + tmp); + } +- tmp = 8000000; ++ tmp = 16000000; + } + return tmp; + } diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 926f25a..b3d1619 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -109,8 +109,7 @@ # similarly for other %%{_jvmdir}/{jre,java} and %%{_javadocdir}/{java,java-zip} %define is_release_build() %( if [ "%{?1}" == "%{debug_suffix_unquoted}" -o "%{?1}" == "%{fastdebug_suffix_unquoted}" ]; then echo "0" ; else echo "1"; fi ) -# while JDK is a techpreview(is_system_jdk=0), some provides are turned off. Once jdk stops to be an techpreview, move it to 1 -# as sytem JDK, we mean any JDK which can run whole system java stack without issues (like bytecode issues, module issues, dependencies...) +# Indicates whether this is the default JDK on this version of RHEL %global is_system_jdk 0 %global aarch64 aarch64 arm64 armv8 @@ -331,7 +330,7 @@ # New Version-String scheme-style defines %global featurever 11 %global interimver 0 -%global updatever 20 +%global updatever 21 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -359,7 +358,7 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif @@ -370,15 +369,23 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver b34fb09a5c +%global fipsver f93a863b56 +# Define JDK versions +%global javaver %{featurever} +%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} +# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames +%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) +# The tag used to create the OpenJDK tarball +%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 8 -%global rpmrelease 3 +%global buildver 9 +# rpmrelease numbering must start at 2 to be later than the 8.6 RPM +%global rpmrelease 2 # Settings used by the portable build %global portablerelease 1 %global portablesuffix el8 @@ -394,18 +401,9 @@ %global combiver $( expr 20 '*' %{patchver} + %{buildver} ) %global priority %( printf '%02d%02d%02d%02d' %{featurever} %{interimver} %{updatever} %{combiver} ) %else -# for techpreview, using 1, so slowdebugs can have 0 +# for non-default, using 1, so slowdebugs can have 0 %global priority %( printf '%08d' 1 ) %endif -%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} - -# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames -%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) - -# The tag used to create the OpenJDK tarball -%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} - -%global javaver %{featurever} # Define milestone (EA for pre-releases, GA for releases) # Release will be (where N is usually a number starting at 1): @@ -564,6 +562,7 @@ alternatives \\ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\ --slave %{_jvmdir}/jre jre %{_jvmdir}/%{sdkdir -- %{?1}} \\ --slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\ + --slave %{_bindir}/jcmd jcmd %{sdkbindir -- %{?1}}/jcmd \\ --slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\ --slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\ --slave %{_bindir}/pack200 pack200 %{jrebindir -- %{?1}}/pack200 \\ @@ -574,6 +573,8 @@ alternatives \\ %{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/%{alt_java_name}.1$ext %{alt_java_name}.1$ext \\ %{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jcmd.1$ext jcmd.1$ext \\ + %{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/jjs.1$ext jjs.1$ext \\ %{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/keytool.1$ext keytool.1$ext \\ @@ -673,7 +674,6 @@ alternatives \\ --slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\ --slave %{_bindir}/javadoc javadoc %{sdkbindir -- %{?1}}/javadoc \\ --slave %{_bindir}/javap javap %{sdkbindir -- %{?1}}/javap \\ - --slave %{_bindir}/jcmd jcmd %{sdkbindir -- %{?1}}/jcmd \\ --slave %{_bindir}/jconsole jconsole %{sdkbindir -- %{?1}}/jconsole \\ --slave %{_bindir}/jdb jdb %{sdkbindir -- %{?1}}/jdb \\ --slave %{_bindir}/jdeps jdeps %{sdkbindir -- %{?1}}/jdeps \\ @@ -700,8 +700,6 @@ alternatives \\ %{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/javap.1$ext javap.1$ext \\ %{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1$ext \\ - --slave %{_mandir}/man1/jcmd.1$ext jcmd.1$ext \\ - %{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/jconsole.1$ext jconsole.1$ext \\ %{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/jdb.1$ext jdb.1$ext \\ @@ -839,6 +837,7 @@ exit 0 %dir %{_jvmdir}/%{sdkdir -- %{?1}}/bin %{_jvmdir}/%{sdkdir -- %{?1}}/bin/java %{_jvmdir}/%{sdkdir -- %{?1}}/bin/%{alt_java_name} +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jcmd %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jjs %{_jvmdir}/%{sdkdir -- %{?1}}/bin/keytool %{_jvmdir}/%{sdkdir -- %{?1}}/bin/pack200 @@ -905,6 +904,7 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/jfr/profile.jfc %{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/pack200-%{uniquesuffix -- %{?1}}.1* @@ -950,10 +950,11 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/security %if %is_system_jdk %if %{is_release_build -- %{?1}} +# RHEL-11313; alternatives not owned by packages %ghost %{_bindir}/java -%ghost %{_bindir}/%{alt_java_name} %ghost %{_jvmdir}/jre -# https://bugzilla.redhat.com/show_bug.cgi?id=1312019 +%ghost %{_bindir}/%{alt_java_name} +%ghost %{_bindir}/jcmd %ghost %{_bindir}/jjs %ghost %{_bindir}/keytool %ghost %{_bindir}/pack200 @@ -979,7 +980,6 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/javadoc %{_jvmdir}/%{sdkdir -- %{?1}}/bin/javap %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jconsole -%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jcmd %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdb %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeps %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeprscan @@ -1018,7 +1018,6 @@ exit 0 %{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jdb-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jdeps-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jinfo-%{uniquesuffix -- %{?1}}.1* @@ -1038,9 +1037,9 @@ exit 0 %endif %if %is_system_jdk %if %{is_release_build -- %{?1}} +# RHEL-11313; alternatives not owned by packages %ghost %{_bindir}/javac %ghost %{_jvmdir}/java -%ghost %{_jvmdir}/%{alt_java_name} %ghost %{_bindir}/jaotc %ghost %{_bindir}/jlink %ghost %{_bindir}/jmod @@ -1049,11 +1048,11 @@ exit 0 %ghost %{_bindir}/jarsigner %ghost %{_bindir}/javadoc %ghost %{_bindir}/javap -%ghost %{_bindir}/jcmd %ghost %{_bindir}/jconsole %ghost %{_bindir}/jdb %ghost %{_bindir}/jdeps %ghost %{_bindir}/jdeprscan +%ghost %{_bindir}/jfr %ghost %{_bindir}/jimage %ghost %{_bindir}/jinfo %ghost %{_bindir}/jmap @@ -1311,7 +1310,7 @@ URL: http://openjdk.java.net/ # to regenerate source0 (jdk) run update_package.sh # update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives -Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz +Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (6.x). @@ -1424,11 +1423,11 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 # need to be reviewed & pushed to the appropriate # updates tree of OpenJDK. ############################################# -Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch +Patch2002: jdk8242332-rh2108712-sha3-sunpkcs11.patch ############################################# # -# Patches appearing in 11.0.20 +# Patches appearing in 11.0.21 # # This section includes patches which are present # in the listed OpenJDK 11u release and should be @@ -1436,6 +1435,18 @@ Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch # and used by this RPM. ############################################# +############################################# +# +# Patches appearing in 11.0.22 +# +# This section includes patches which are present +# in the listed OpenJDK 8u release and should be +# able to be removed once that release is out +# and used by this RPM. +############################################# +# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar +Patch2000: jdk8312489-max_sig_default_increase.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: alsa-lib-devel @@ -1501,17 +1512,17 @@ BuildRequires: libjpeg-devel BuildRequires: libpng-devel %else # Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h -Provides: bundled(freetype) = 2.12.1 +Provides: bundled(freetype) = 2.13.0 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.1 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h -Provides: bundled(harfbuzz) = 7.0.1 +Provides: bundled(harfbuzz) = 7.2.0 # Version in src/java.desktop/share/native/liblcms/lcms2.h Provides: bundled(lcms2) = 2.15.0 # Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h Provides: bundled(libjpeg) = 6b # Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h -Provides: bundled(libpng) = 1.6.37 +Provides: bundled(libpng) = 1.6.39 %endif # this is always built, also during debug-only build @@ -1863,12 +1874,16 @@ pushd %{top_level_dir_name} %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 +# JDK-8312489 backport, coming in 11.0.22 +%patch2000 -p1 # PKCS11 SHA3 backport -%patch2001 -p1 +%patch2002 -p1 +# alt-java +%patch600 -p1 +# RSA default +%patch1003 -p1 popd # openjdk -%patch600 -%patch1003 # Prepare desktop files # The _X_ syntax indicates variables that are replaced by make upstream @@ -2489,6 +2504,41 @@ end %endif %changelog +* Fri Oct 13 2023 Andrew Hughes - 1:11.0.21.0.9-2 +- Update to jdk-11.0.21+9 (GA) +- Sync the copy of the portable specfile with the latest update +- Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246 +- Re-generate SHA3 patch following backport of JDK-8242151 +- Bump libpng version to 1.6.39 following JDK-8305815 +- Bump HarfBuzz version to 7.2.0 following JDK-8307301 +- Bump freetype version to 2.13.0 following JDK-8306881 +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Apply all patches using -p1 +- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2 +- Add missing JFR alternative ghost +- Move jcmd to the headless package +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** +- Resolves: RHEL-12222 +- Resolves: RHEL-13546 +- Resolves: RHEL-13553 +- Resolves: RHEL-13559 +- Resolves: RHEL-13566 +- Resolves: RHEL-13572 + +* Fri Sep 08 2023 Andrew Hughes - 1:11.0.20.1.1-2 +- Bump release number so we are newer than 8.6 +- Related: rhbz#2236589 + +* Tue Sep 05 2023 Andrew Hughes - 1:11.0.20.1.1-1 +- Update to jdk-11.0.20.1+1 (GA) +- Add backport of JDK-8312489 already upstream in 11.0.22 (see OPENJDK-2095) +- Add backport of JDK-8243210 already upstream in 11.0.21 (see RH2229269) +- Update openjdk_news script to specify subdirectory last +- Add missing discover_trees script required by openjdk_news +- Resolves: rhbz#2236589 + * Thu Jul 20 2023 Andrew Hughes - 1:11.0.20.0.8-3 - Fix tzdata requirement copy-and-paste error that led to two BuildRequires and no Requires - Resolves: rhbz#2224411