Update generate_source_tarball.sh script to use the PR3751 patch and retain the secp256k1 curve.
Regenerate source tarball using the updated script and add the -'4curve' suffix. PR3751 includes the changes in the PR1834/RH1022017 patch which is removed.
This commit is contained in:
parent
ae98effbfe
commit
c82830aa65
1
.gitignore
vendored
1
.gitignore
vendored
@ -20,3 +20,4 @@
|
|||||||
/shenandoah-jdk11-shenandoah-jdk-11.0.4+11.tar.xz
|
/shenandoah-jdk11-shenandoah-jdk-11.0.4+11.tar.xz
|
||||||
/shenandoah-jdk11-shenandoah-jdk-11.0.5+1.tar.xz
|
/shenandoah-jdk11-shenandoah-jdk-11.0.5+1.tar.xz
|
||||||
/shenandoah-jdk11-shenandoah-jdk-11.0.5+2.tar.xz
|
/shenandoah-jdk11-shenandoah-jdk-11.0.5+2.tar.xz
|
||||||
|
/shenandoah-jdk11-shenandoah-jdk-11.0.5+2-4curve.tar.xz
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
# Example:
|
# Example:
|
||||||
# When used from local repo set REPO_ROOT pointing to file:// with your repo
|
# When used from local repo set REPO_ROOT pointing to file:// with your repo
|
||||||
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
|
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
|
||||||
# If you want to use a local copy of patch PR3681, set the path to it in the PR3681 variable
|
# If you want to use a local copy of patch PR3751, set the path to it in the PR3751 variable
|
||||||
#
|
#
|
||||||
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
|
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
|
||||||
# PROJECT_NAME=jdk
|
# PROJECT_NAME=jdk
|
||||||
@ -26,9 +26,9 @@
|
|||||||
# level folder, name is created, based on parameter
|
# level folder, name is created, based on parameter
|
||||||
#
|
#
|
||||||
|
|
||||||
if [ ! "x$PR3681" = "x" ] ; then
|
if [ ! "x$PR3751" = "x" ] ; then
|
||||||
if [ ! -f "$PR3681" ] ; then
|
if [ ! -f "$PR3751" ] ; then
|
||||||
echo "You have specified PR3681 as $PR3681 but it does not exist. Exiting"
|
echo "You have specified PR3751 as $PR3751 but it does not exist. Exiting"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -48,7 +48,7 @@ if [ "x$1" = "xhelp" ] ; then
|
|||||||
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
|
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
|
||||||
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
|
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
|
||||||
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
|
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
|
||||||
echo "PR3681 - the path to the PR3681 patch to apply (optional; downloaded if unavailable)"
|
echo "PR3751 - the path to the PR3751 patch to apply (optional; downloaded if unavailable)"
|
||||||
exit 1;
|
exit 1;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -126,18 +126,17 @@ pushd "${FILE_NAME_ROOT}"
|
|||||||
rm -vf ${CRYPTO_PATH}/ecp_224.c
|
rm -vf ${CRYPTO_PATH}/ecp_224.c
|
||||||
|
|
||||||
echo "Syncing EC list with NSS"
|
echo "Syncing EC list with NSS"
|
||||||
if [ "x$PR3681" = "x" ] ; then
|
if [ "x$PR3751" = "x" ] ; then
|
||||||
# orriginally for 8:
|
# get pr3751.patch (from http://icedtea.classpath.org/hg/icedtea11) from most correct tag
|
||||||
# get pr3681.patch (from http://icedtea.classpath.org/hg/icedtea11) from most correct tag
|
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3751)
|
||||||
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3681)
|
echo "PR3751 not found. Downloading..."
|
||||||
echo "PR3681 not found. Downloading..."
|
wget http://icedtea.classpath.org/hg/icedtea11/raw-file/tip/patches/pr3751.patch
|
||||||
wget http://icedtea.classpath.org/hg/icedtea11/raw-file/tip/patches/pr3681.patch
|
echo "Applying ${PWD}/pr3751.patch"
|
||||||
echo "Applying ${PWD}/pr3681.patch"
|
patch -Np1 < pr3751.patch
|
||||||
patch -Np1 < pr3681.patch
|
rm pr3751.patch
|
||||||
rm pr3681.patch
|
|
||||||
else
|
else
|
||||||
echo "Applying ${PR3681}"
|
echo "Applying ${PR3751}"
|
||||||
patch -Np1 < $PR3681
|
patch -Np1 < $PR3751
|
||||||
fi;
|
fi;
|
||||||
find . -name '*.orig' -exec rm -vf '{}' ';'
|
find . -name '*.orig' -exec rm -vf '{}' ';'
|
||||||
popd
|
popd
|
||||||
@ -149,8 +148,9 @@ pushd "${FILE_NAME_ROOT}"
|
|||||||
else
|
else
|
||||||
SWITCH=czf
|
SWITCH=czf
|
||||||
fi
|
fi
|
||||||
tar --exclude-vcs -$SWITCH ${FILE_NAME_ROOT}.tar.${COMPRESSION} $TO_COMPRESS
|
TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
|
||||||
mv ${FILE_NAME_ROOT}.tar.${COMPRESSION} ..
|
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} $TO_COMPRESS
|
||||||
|
mv ${TARBALL_NAME} ..
|
||||||
popd
|
popd
|
||||||
echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
|
echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
|
||||||
|
|
||||||
|
@ -223,7 +223,7 @@
|
|||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
%global minorver 0
|
%global minorver 0
|
||||||
%global buildver 2
|
%global buildver 2
|
||||||
%global rpmrelease 1
|
%global rpmrelease 2
|
||||||
#%%global tagsuffix ""
|
#%%global tagsuffix ""
|
||||||
# priority must be 8 digits in total; untill openjdk 1.8 we were using 18..... so when moving to 11 we had to add another digit
|
# priority must be 8 digits in total; untill openjdk 1.8 we were using 18..... so when moving to 11 we had to add another digit
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
@ -995,7 +995,7 @@ URL: http://openjdk.java.net/
|
|||||||
|
|
||||||
# to regenerate source0 (jdk) and source8 (jdk's taspets) run update_package.sh
|
# to regenerate source0 (jdk) and source8 (jdk's taspets) run update_package.sh
|
||||||
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
|
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
|
||||||
Source0: shenandoah-jdk%{majorver}-shenandoah-jdk-%{newjavaver}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
|
Source0: shenandoah-jdk%{majorver}-shenandoah-jdk-%{newjavaver}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz
|
||||||
Source8: systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
|
Source8: systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
|
||||||
|
|
||||||
# Desktop files. Adapted from IcedTea
|
# Desktop files. Adapted from IcedTea
|
||||||
@ -1030,10 +1030,6 @@ Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
|
|||||||
Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
|
Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
|
||||||
# Restrict access to java-atk-wrapper classes
|
# Restrict access to java-atk-wrapper classes
|
||||||
Patch2: rh1648644-java_access_bridge_privileged_security.patch
|
Patch2: rh1648644-java_access_bridge_privileged_security.patch
|
||||||
# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS
|
|
||||||
# Not currently suitable to go upstream as it disables curves
|
|
||||||
# for all providers unconditionally
|
|
||||||
Patch525: rh1022017-reduce_ssl_curves.patch
|
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
@ -1293,7 +1289,6 @@ pushd %{top_level_dir_name}
|
|||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch525 -p1
|
|
||||||
popd # openjdk
|
popd # openjdk
|
||||||
|
|
||||||
%patch1000
|
%patch1000
|
||||||
@ -1833,6 +1828,11 @@ require "copy_jdk_configs.lua"
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 27 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.5.2-0.2.ea
|
||||||
|
- Update generate_source_tarball.sh script to use the PR3751 patch and retain the secp256k1 curve.
|
||||||
|
- Regenerate source tarball using the updated script and add the -'4curve' suffix.
|
||||||
|
- PR3751 includes the changes in the PR1834/RH1022017 patch which is removed.
|
||||||
|
|
||||||
* Sat Aug 24 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.5.2-0.1.ea
|
* Sat Aug 24 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.5.2-0.1.ea
|
||||||
- Update to shenandoah-jdk-11.0.5+2 (EA)
|
- Update to shenandoah-jdk-11.0.5+2 (EA)
|
||||||
|
|
||||||
|
@ -1,66 +0,0 @@
|
|||||||
diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
||||||
--- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
||||||
+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
|
||||||
@@ -515,50 +515,19 @@
|
|
||||||
}
|
|
||||||
} else { // default groups
|
|
||||||
NamedGroup[] groups;
|
|
||||||
- if (requireFips) {
|
|
||||||
- groups = new NamedGroup[] {
|
|
||||||
- // only NIST curves in FIPS mode
|
|
||||||
- NamedGroup.SECP256_R1,
|
|
||||||
- NamedGroup.SECP384_R1,
|
|
||||||
- NamedGroup.SECP521_R1,
|
|
||||||
- NamedGroup.SECT283_K1,
|
|
||||||
- NamedGroup.SECT283_R1,
|
|
||||||
- NamedGroup.SECT409_K1,
|
|
||||||
- NamedGroup.SECT409_R1,
|
|
||||||
- NamedGroup.SECT571_K1,
|
|
||||||
- NamedGroup.SECT571_R1,
|
|
||||||
+ groups = new NamedGroup[] {
|
|
||||||
+ // only NIST curves in FIPS mode
|
|
||||||
+ NamedGroup.SECP256_R1,
|
|
||||||
+ NamedGroup.SECP384_R1,
|
|
||||||
+ NamedGroup.SECP521_R1,
|
|
||||||
|
|
||||||
- // FFDHE 2048
|
|
||||||
- NamedGroup.FFDHE_2048,
|
|
||||||
- NamedGroup.FFDHE_3072,
|
|
||||||
- NamedGroup.FFDHE_4096,
|
|
||||||
- NamedGroup.FFDHE_6144,
|
|
||||||
- NamedGroup.FFDHE_8192,
|
|
||||||
- };
|
|
||||||
- } else {
|
|
||||||
- groups = new NamedGroup[] {
|
|
||||||
- // NIST curves first
|
|
||||||
- NamedGroup.SECP256_R1,
|
|
||||||
- NamedGroup.SECP384_R1,
|
|
||||||
- NamedGroup.SECP521_R1,
|
|
||||||
- NamedGroup.SECT283_K1,
|
|
||||||
- NamedGroup.SECT283_R1,
|
|
||||||
- NamedGroup.SECT409_K1,
|
|
||||||
- NamedGroup.SECT409_R1,
|
|
||||||
- NamedGroup.SECT571_K1,
|
|
||||||
- NamedGroup.SECT571_R1,
|
|
||||||
-
|
|
||||||
- // non-NIST curves
|
|
||||||
- NamedGroup.SECP256_K1,
|
|
||||||
-
|
|
||||||
- // FFDHE 2048
|
|
||||||
- NamedGroup.FFDHE_2048,
|
|
||||||
- NamedGroup.FFDHE_3072,
|
|
||||||
- NamedGroup.FFDHE_4096,
|
|
||||||
- NamedGroup.FFDHE_6144,
|
|
||||||
- NamedGroup.FFDHE_8192,
|
|
||||||
- };
|
|
||||||
- }
|
|
||||||
+ // FFDHE 2048
|
|
||||||
+ NamedGroup.FFDHE_2048,
|
|
||||||
+ NamedGroup.FFDHE_3072,
|
|
||||||
+ NamedGroup.FFDHE_4096,
|
|
||||||
+ NamedGroup.FFDHE_6144,
|
|
||||||
+ NamedGroup.FFDHE_8192,
|
|
||||||
+ };
|
|
||||||
|
|
||||||
groupList = new ArrayList<>(groups.length);
|
|
||||||
for (NamedGroup group : groups) {
|
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz) = cf578221b77d8c7e019f69909bc86c419c5fb5e10bceba9592ff6e7f96887b0a7f07c9cefe90800975247a078785ca190fdec5c2d0f841bb447cee784b570f7d
|
SHA512 (systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz) = cf578221b77d8c7e019f69909bc86c419c5fb5e10bceba9592ff6e7f96887b0a7f07c9cefe90800975247a078785ca190fdec5c2d0f841bb447cee784b570f7d
|
||||||
SHA512 (shenandoah-jdk11-shenandoah-jdk-11.0.5+2.tar.xz) = bb86dcb406d7f986180a9fc582b0c1eeeb37f71170ea76454151a278d3880ef5994db8fc971dc42f9fc11b12a08d202c1a22e1c5e4d8ce368c47f1e3c5964ea8
|
SHA512 (shenandoah-jdk11-shenandoah-jdk-11.0.5+2-4curve.tar.xz) = 92fb6fbe86c40cfae1d7ad0a66234923a595f368ba3fccdeedef8194a20ddce162c6fd725c35d6be4ccba436c41f8753c2accd4cd82eeebf877504299c7908ea
|
||||||
|
Loading…
Reference in New Issue
Block a user