rpms/java-11-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:a9
Branches Tags
rpms:c8
rpms:c9
rpms:a8-portable
rpms:c9s
rpms:c8s
rpms:c10s
rpms:c9-bootstrap
rpms:a9
rpms:c9-beta
rpms:c8-beta
rpms:imports/c9/java-11-openjdk-11.0.25.0.9-3.el9
rpms:imports/c9/java-11-openjdk-11.0.25.0.9-2.el9
rpms:imports/c8/java-11-openjdk-11.0.25.0.9-2.el8
rpms:imports/c9/java-11-openjdk-11.0.24.0.8-2.el9
rpms:imports/c8/java-11-openjdk-11.0.24.0.8-3.el8
rpms:imports/c8/java-11-openjdk-11.0.23.0.9-3.el8
rpms:imports/c9/java-11-openjdk-11.0.23.0.9-3.el9
rpms:imports/c9/java-11-openjdk-11.0.22.0.7-2.el9
rpms:imports/c8/java-11-openjdk-11.0.22.0.7-2.el8
rpms:imports/c9/java-11-openjdk-11.0.21.0.9-2.el9
rpms:imports/c8/java-11-openjdk-11.0.21.0.9-2.el8
rpms:imports/c8/java-11-openjdk-11.0.20.0.8-3.el8
rpms:imports/c9/java-11-openjdk-11.0.20.0.8-3.el9
rpms:imports/c9/java-11-openjdk-11.0.20.0.8-2.el9
rpms:imports/c8/java-11-openjdk-11.0.20.0.8-2.el8
rpms:imports/c8/java-11-openjdk-11.0.19.0.7-4.el8
rpms:changed/a9/java-11-openjdk-11.0.19.0.7-4.el9.alma
rpms:imports/c9/java-11-openjdk-11.0.19.0.7-4.el9
rpms:imports/c8/java-11-openjdk-11.0.19.0.7-1.el8_7
rpms:imports/c9/java-11-openjdk-11.0.19.0.7-1.el9_1
rpms:imports/c9-beta/java-11-openjdk-11.0.18.0.9-0.3.ea.el9
rpms:imports/c8-beta/java-11-openjdk-11.0.18.0.9-0.3.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.18.0.10-3.el8
rpms:imports/c8/java-11-openjdk-11.0.18.0.10-2.el8_7
rpms:imports/c9/java-11-openjdk-11.0.18.0.10-2.el9_1
rpms:imports/c8s/java-11-openjdk-11.0.18.0.9-0.3.ea.el8
rpms:imports/c9/java-11-openjdk-11.0.17.0.8-1.el9_1
rpms:imports/c9/java-11-openjdk-11.0.16.1.1-3.el9
rpms:imports/c8s/java-11-openjdk-11.0.17.0.8-2.el8
rpms:imports/c8s/java-11-openjdk-11.0.17.0.7-0.2.ea.el8
rpms:imports/c8/java-11-openjdk-11.0.17.0.8-1.el8_7
rpms:imports/c8/java-11-openjdk-11.0.16.1.1-3.el8
rpms:imports/c8/java-11-openjdk-11.0.17.0.8-2.el8_6
rpms:imports/c9/java-11-openjdk-11.0.17.0.8-2.el9_0
rpms:imports/c9-beta/java-11-openjdk-11.0.16.0.8-2.el9
rpms:imports/c8-beta/java-11-openjdk-11.0.16.0.8-2.el8
rpms:imports/c9/java-11-openjdk-11.0.16.1.1-1.el9_0
rpms:imports/c8/java-11-openjdk-11.0.16.1.1-1.el8_6
rpms:imports/c9/java-11-openjdk-11.0.16.0.8-1.el9_0
rpms:imports/c8/java-11-openjdk-11.0.16.0.8-1.el8_6
rpms:imports/c9/java-11-openjdk-11.0.15.0.10-1.el9_0
rpms:imports/c9/java-11-openjdk-11.0.14.1.1-6.el9
rpms:imports/c8s/java-11-openjdk-11.0.15.0.10-3.el8
rpms:imports/c8s/java-11-openjdk-11.0.15.0.8-0.1.ea.el8
rpms:imports/c8/java-11-openjdk-11.0.15.0.10-2.el8_6
rpms:imports/c8/java-11-openjdk-11.0.14.1.1-6.el8
rpms:imports/c8/java-11-openjdk-11.0.15.0.9-2.el8_5
rpms:imports/c9-beta/java-11-openjdk-11.0.14.1.1-6.el9
rpms:imports/c8-beta/java-11-openjdk-11.0.14.0.9-6.el8
rpms:imports/c8s/java-11-openjdk-11.0.14.1.1-6.el8
rpms:imports/c8/java-11-openjdk-11.0.14.1.1-2.el8_5
rpms:imports/c8/java-11-openjdk-11.0.14.0.9-2.el8_5
rpms:imports/c8/java-11-openjdk-11.0.13.0.8-4.el8_5
rpms:imports/c9-beta/java-11-openjdk-11.0.12.0.7-3.el9
rpms:imports/c9-beta/java-11-openjdk-11.0.12.0.7-2.el9
rpms:imports/c8/java-11-openjdk-11.0.13.0.8-3.el8_5
rpms:imports/c8/java-11-openjdk-11.0.12.0.7-4.el8
rpms:imports/c8s/java-11-openjdk-11.0.13.0.8-3.el8
rpms:imports/c8/java-11-openjdk-11.0.13.0.8-1.el8_4
rpms:imports/c8s/java-11-openjdk-11.0.13.0.7-0.1.ea.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.12.0.7-4.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.9.11-7.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.8.3-0.1.ea.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.5.10-3.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.3.7-3.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.7-4.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.2-0.0.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.1-0.3.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.1-0.2.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.1-0.1.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.11.0.9-5.el8
rpms:imports/c8/java-11-openjdk-11.0.12.0.7-0.el8_4
rpms:imports/c8/java-11-openjdk-11.0.11.0.9-2.el8_4
rpms:imports/c8/java-11-openjdk-11.0.11.0.9-0.el8_3
rpms:imports/c8/java-11-openjdk-11.0.10.0.9-8.el8
rpms:imports/c8/java-11-openjdk-11.0.10.0.9-4.el8_3
..
compare: rpms:c8
Branches Tags
rpms:c9
rpms:a8-portable
rpms:c8
rpms:c9s
rpms:c8s
rpms:c10s
rpms:c9-bootstrap
rpms:a9
rpms:c9-beta
rpms:c8-beta
rpms:imports/c9/java-11-openjdk-11.0.25.0.9-3.el9
rpms:imports/c9/java-11-openjdk-11.0.25.0.9-2.el9
rpms:imports/c8/java-11-openjdk-11.0.25.0.9-2.el8
rpms:imports/c9/java-11-openjdk-11.0.24.0.8-2.el9
rpms:imports/c8/java-11-openjdk-11.0.24.0.8-3.el8
rpms:imports/c8/java-11-openjdk-11.0.23.0.9-3.el8
rpms:imports/c9/java-11-openjdk-11.0.23.0.9-3.el9
rpms:imports/c9/java-11-openjdk-11.0.22.0.7-2.el9
rpms:imports/c8/java-11-openjdk-11.0.22.0.7-2.el8
rpms:imports/c9/java-11-openjdk-11.0.21.0.9-2.el9
rpms:imports/c8/java-11-openjdk-11.0.21.0.9-2.el8
rpms:imports/c8/java-11-openjdk-11.0.20.0.8-3.el8
rpms:imports/c9/java-11-openjdk-11.0.20.0.8-3.el9
rpms:imports/c9/java-11-openjdk-11.0.20.0.8-2.el9
rpms:imports/c8/java-11-openjdk-11.0.20.0.8-2.el8
rpms:imports/c8/java-11-openjdk-11.0.19.0.7-4.el8
rpms:changed/a9/java-11-openjdk-11.0.19.0.7-4.el9.alma
rpms:imports/c9/java-11-openjdk-11.0.19.0.7-4.el9
rpms:imports/c8/java-11-openjdk-11.0.19.0.7-1.el8_7
rpms:imports/c9/java-11-openjdk-11.0.19.0.7-1.el9_1
rpms:imports/c9-beta/java-11-openjdk-11.0.18.0.9-0.3.ea.el9
rpms:imports/c8-beta/java-11-openjdk-11.0.18.0.9-0.3.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.18.0.10-3.el8
rpms:imports/c8/java-11-openjdk-11.0.18.0.10-2.el8_7
rpms:imports/c9/java-11-openjdk-11.0.18.0.10-2.el9_1
rpms:imports/c8s/java-11-openjdk-11.0.18.0.9-0.3.ea.el8
rpms:imports/c9/java-11-openjdk-11.0.17.0.8-1.el9_1
rpms:imports/c9/java-11-openjdk-11.0.16.1.1-3.el9
rpms:imports/c8s/java-11-openjdk-11.0.17.0.8-2.el8
rpms:imports/c8s/java-11-openjdk-11.0.17.0.7-0.2.ea.el8
rpms:imports/c8/java-11-openjdk-11.0.17.0.8-1.el8_7
rpms:imports/c8/java-11-openjdk-11.0.16.1.1-3.el8
rpms:imports/c8/java-11-openjdk-11.0.17.0.8-2.el8_6
rpms:imports/c9/java-11-openjdk-11.0.17.0.8-2.el9_0
rpms:imports/c9-beta/java-11-openjdk-11.0.16.0.8-2.el9
rpms:imports/c8-beta/java-11-openjdk-11.0.16.0.8-2.el8
rpms:imports/c9/java-11-openjdk-11.0.16.1.1-1.el9_0
rpms:imports/c8/java-11-openjdk-11.0.16.1.1-1.el8_6
rpms:imports/c9/java-11-openjdk-11.0.16.0.8-1.el9_0
rpms:imports/c8/java-11-openjdk-11.0.16.0.8-1.el8_6
rpms:imports/c9/java-11-openjdk-11.0.15.0.10-1.el9_0
rpms:imports/c9/java-11-openjdk-11.0.14.1.1-6.el9
rpms:imports/c8s/java-11-openjdk-11.0.15.0.10-3.el8
rpms:imports/c8s/java-11-openjdk-11.0.15.0.8-0.1.ea.el8
rpms:imports/c8/java-11-openjdk-11.0.15.0.10-2.el8_6
rpms:imports/c8/java-11-openjdk-11.0.14.1.1-6.el8
rpms:imports/c8/java-11-openjdk-11.0.15.0.9-2.el8_5
rpms:imports/c9-beta/java-11-openjdk-11.0.14.1.1-6.el9
rpms:imports/c8-beta/java-11-openjdk-11.0.14.0.9-6.el8
rpms:imports/c8s/java-11-openjdk-11.0.14.1.1-6.el8
rpms:imports/c8/java-11-openjdk-11.0.14.1.1-2.el8_5
rpms:imports/c8/java-11-openjdk-11.0.14.0.9-2.el8_5
rpms:imports/c8/java-11-openjdk-11.0.13.0.8-4.el8_5
rpms:imports/c9-beta/java-11-openjdk-11.0.12.0.7-3.el9
rpms:imports/c9-beta/java-11-openjdk-11.0.12.0.7-2.el9
rpms:imports/c8/java-11-openjdk-11.0.13.0.8-3.el8_5
rpms:imports/c8/java-11-openjdk-11.0.12.0.7-4.el8
rpms:imports/c8s/java-11-openjdk-11.0.13.0.8-3.el8
rpms:imports/c8/java-11-openjdk-11.0.13.0.8-1.el8_4
rpms:imports/c8s/java-11-openjdk-11.0.13.0.7-0.1.ea.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.12.0.7-4.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.9.11-7.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.8.3-0.1.ea.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.5.10-3.el8
rpms:imports/c8-beta/java-11-openjdk-11.0.3.7-3.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.7-4.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.2-0.0.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.1-0.3.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.1-0.2.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.12.0.1-0.1.ea.el8
rpms:imports/c8s/java-11-openjdk-11.0.11.0.9-5.el8
rpms:imports/c8/java-11-openjdk-11.0.12.0.7-0.el8_4
rpms:imports/c8/java-11-openjdk-11.0.11.0.9-2.el8_4
rpms:imports/c8/java-11-openjdk-11.0.11.0.9-0.el8_3
rpms:imports/c8/java-11-openjdk-11.0.10.0.9-8.el8
rpms:imports/c8/java-11-openjdk-11.0.10.0.9-4.el8_3

No commits in common. "a9" and "c8" have entirely different histories.
a9 ... c8

8 changed files with 1462 additions and 2057 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

2
.java-11-openjdk.metadata
View File

@ -1,2 +1,2 @@
aa30c8827f7ced0a1fa9a9c226884f7c79101e86 SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz 5fd3e49485572a2ac8c350503d872a624c59ddb2 SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

95
SOURCES/fips-11u-b34fb09a5c.patch → SOURCES/fips-11u-f93a863b56.patch
View File

@ -89,7 +89,7 @@ index 3787b12600..dab108a82b 100644
LCMS_CFLAGS:=@LCMS_CFLAGS@ LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@ LCMS_LIBS:=@LCMS_LIBS@
diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
index 4cd656a086..e1fc94b5b4 100644 index b40d3114b9..0d1d83cf3e 100644
--- a/make/lib/Lib-java.base.gmk --- a/make/lib/Lib-java.base.gmk
+++ b/make/lib/Lib-java.base.gmk +++ b/make/lib/Lib-java.base.gmk
@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true) @@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true)
@ -401,7 +401,7 @@ index 0000000000..8dcb7d9073
+ } + }
+} +}
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
index b36510a376..ad5182e1e7 100644 index 5b9552058b..b46de49211 100644
--- a/src/java.base/share/classes/java/security/Security.java --- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java
@@ -32,6 +32,7 @@ import java.net.URL; @@ -32,6 +32,7 @@ import java.net.URL;
@ -412,16 +412,17 @@ index b36510a376..ad5182e1e7 100644
import jdk.internal.misc.SharedSecrets; import jdk.internal.misc.SharedSecrets;
import jdk.internal.util.StaticProperty; import jdk.internal.util.StaticProperty;
import sun.security.util.Debug; import sun.security.util.Debug;
@@ -47,12 +48,20 @@ import sun.security.jca.*; @@ -47,6 +48,9 @@ import sun.security.jca.*;
* implementation-specific location, which is typically the properties file * implementation-specific location, which is typically the properties file
* {@code conf/security/java.security} in the Java installation directory. * {@code conf/security/java.security} in the Java installation directory.
* *
+ * <p>Additional default values of security properties are read from a + * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p> + * system-specific location, if available.</p>
+ * + *
* @author Benjamin Renaud * @implNote If the properties file fails to load, the JDK implementation will
* @since 1.1 * throw an unspecified error when initializing the {@code Security} class.
*/ *
@@ -56,6 +60,11 @@ import sun.security.jca.*;
public final class Security { public final class Security {
@ -433,7 +434,7 @@ index b36510a376..ad5182e1e7 100644
/* Are we debugging? -- for developers */ /* Are we debugging? -- for developers */
private static final Debug sdebug = private static final Debug sdebug =
Debug.getInstance("properties"); Debug.getInstance("properties");
@@ -67,6 +76,19 @@ public final class Security { @@ -70,6 +79,19 @@ public final class Security {
} }
static { static {
@ -453,26 +454,19 @@ index b36510a376..ad5182e1e7 100644
// doPrivileged here because there are multiple // doPrivileged here because there are multiple
// things in initialize that might require privs. // things in initialize that might require privs.
// (the FileInputStream call and the File.exists call, // (the FileInputStream call and the File.exists call,
@@ -83,6 +105,7 @@ public final class Security { @@ -85,6 +107,7 @@ public final class Security {
private static void initialize() {
props = new Properties(); props = new Properties();
boolean loadedProps = false;
boolean overrideAll = false; boolean overrideAll = false;
+ boolean systemSecPropsEnabled = false; + boolean systemSecPropsEnabled = false;
// first load the system properties file // first load the system properties file
// to determine the value of security.overridePropertiesFile // to determine the value of security.overridePropertiesFile
@@ -98,6 +121,7 @@ public final class Security { @@ -105,9 +128,63 @@ public final class Security {
if (sdebug != null) {
sdebug.println("reading security properties file: " +
propFile);
+ sdebug.println(props.toString());
} }
} catch (IOException e) { loadProps(null, extraPropFile, overrideAll);
if (sdebug != null) {
@@ -192,6 +216,61 @@ public final class Security {
} }
} +
+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false")); + boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH)); + boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
+ if (sdebug != null) { + if (sdebug != null) {
@ -492,9 +486,7 @@ index b36510a376..ad5182e1e7 100644
+ } + }
+ } + }
+ +
+ // FIPS support depends on the contents of java.security so + if (systemSecPropsEnabled) {
+ // ensure it has loaded first
+ if (loadedProps && systemSecPropsEnabled) {
+ boolean shouldEnable; + boolean shouldEnable;
+ String sysProp = System.getProperty("com.redhat.fips"); + String sysProp = System.getProperty("com.redhat.fips");
+ if (sysProp == null) { + if (sysProp == null) {
@ -530,15 +522,19 @@ index b36510a376..ad5182e1e7 100644
+ } + }
} }
/* - private static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
+ static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
InputStream is = null;
try {
if (masterFile != null && masterFile.exists()) {
diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
new file mode 100644 new file mode 100644
index 0000000000..90f6dd2ebc index 0000000000..49bf17ea17
--- /dev/null --- /dev/null
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java +++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,248 @@ @@ -0,0 +1,231 @@
+/* +/*
+ * Copyright (c) 2019, 2021, Red Hat, Inc. + * Copyright (c) 2019, 2023, Red Hat, Inc.
+ * + *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * + *
@ -616,26 +612,9 @@ index 0000000000..90f6dd2ebc
+ * security.useSystemPropertiesFile is true. + * security.useSystemPropertiesFile is true.
+ */ + */
+ static boolean configureSysProps(Properties props) { + static boolean configureSysProps(Properties props) {
+ boolean systemSecPropsLoaded = false; + // now load the system file, if it exists, so its values
+ + // will win if they conflict with the earlier values
+ try (BufferedInputStream bis = + return Security.loadProps(null, CRYPTO_POLICIES_JAVA_CONFIG, false);
+ new BufferedInputStream(
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
+ props.load(bis);
+ systemSecPropsLoaded = true;
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load security properties from " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ e.printStackTrace();
+ }
+ }
+ return systemSecPropsLoaded;
+ } + }
+ +
+ /* + /*
@ -1035,7 +1014,7 @@ index e06b2a588c..315a2ce370 100644
candidates = new ProtocolVersion[] { candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
index c50ba93ecf..de2a91a478 100644 index 2a2b5d7568..891796f19b 100644
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java --- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java +++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
@@ -27,6 +27,8 @@ package sun.security.ssl; @@ -27,6 +27,8 @@ package sun.security.ssl;
@ -1046,7 +1025,7 @@ index c50ba93ecf..de2a91a478 100644
+import jdk.internal.misc.SharedSecrets; +import jdk.internal.misc.SharedSecrets;
import sun.security.rsa.SunRsaSignEntries; import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases; import static sun.security.util.SecurityProviderConstants.*;
@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider { @@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null); "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2", ps("SSLContext", "TLSv1.2",
@ -1062,12 +1041,12 @@ index c50ba93ecf..de2a91a478 100644
+ } + }
ps("SSLContext", "TLS", ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext", "sun.security.ssl.SSLContextImpl$TLSContext",
(isfips? null : createAliases("SSL")), null); (isfips? null : List.of("SSL")), null);
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 9af64321c4..957cd78a55 100644 index c0eed3f884..b03bd9f896 100644
--- a/src/java.base/share/conf/security/java.security --- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security
@@ -85,6 +85,14 @@ security.provider.tbd=Apple @@ -88,6 +88,14 @@ security.provider.tbd=Apple
security.provider.tbd=SunPKCS11 security.provider.tbd=SunPKCS11
#endif #endif
@ -1082,7 +1061,7 @@ index 9af64321c4..957cd78a55 100644
# #
# A list of preferred providers for specific algorithms. These providers will # A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers. # be searched for matching algorithms before the list of registered providers.
@@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false @@ -301,6 +309,11 @@ policy.ignoreIdentityScope=false
# #
keystore.type=pkcs12 keystore.type=pkcs12
@ -1094,7 +1073,7 @@ index 9af64321c4..957cd78a55 100644
# #
# Controls compatibility mode for JKS and PKCS12 keystore types. # Controls compatibility mode for JKS and PKCS12 keystore types.
# #
@@ -335,6 +348,13 @@ package.definition=sun.misc.,\ @@ -338,6 +351,13 @@ package.definition=sun.misc.,\
# #
security.overridePropertiesFile=true security.overridePropertiesFile=true
@ -1405,7 +1384,7 @@ index 0000000000..b848a1fd78
+ } + }
+} +}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index cf7cd19b68..69cda46f85 100644 index ffbd671246..bdaad67e06 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@ @@ -26,6 +26,9 @@
@ -1427,7 +1406,7 @@ index cf7cd19b68..69cda46f85 100644
import sun.security.util.Debug; import sun.security.util.Debug;
import sun.security.util.ResourcesMgr; import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
@@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
*/ */
public final class SunPKCS11 extends AuthProvider { public final class SunPKCS11 extends AuthProvider {
@ -1457,7 +1436,7 @@ index cf7cd19b68..69cda46f85 100644
private static final long serialVersionUID = -1354835039035306505L; private static final long serialVersionUID = -1354835039035306505L;
static final Debug debug = Debug.getInstance("sunpkcs11"); static final Debug debug = Debug.getInstance("sunpkcs11");
@@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider { @@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider {
// request multithreaded access first // request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK; initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11; PKCS11 tmpPKCS11;
@ -1474,7 +1453,7 @@ index cf7cd19b68..69cda46f85 100644
} catch (PKCS11Exception e) { } catch (PKCS11Exception e) {
if (debug != null) { if (debug != null) {
debug.println("Multi-threaded initialization failed: " + e); debug.println("Multi-threaded initialization failed: " + e);
@@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider { @@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider {
initArgs.flags = 0; initArgs.flags = 0;
} }
tmpPKCS11 = PKCS11.getInstance(library, tmpPKCS11 = PKCS11.getInstance(library,
@ -1483,7 +1462,7 @@ index cf7cd19b68..69cda46f85 100644
} }
p11 = tmpPKCS11; p11 = tmpPKCS11;
@@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider { @@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider {
if (nssModule != null) { if (nssModule != null) {
nssModule.setProvider(this); nssModule.setProvider(this);
} }

465
SOURCES/java-11-openjdk-portable.specfile
View File

@ -1,4 +1,4 @@
# debug_package %%{nil} is portable-jdks specific ## debug_package %%{nil} is portable-jdks specific
%define debug_package %{nil} %define debug_package %{nil}
# RPM conditionals so as to be able to dynamically produce # RPM conditionals so as to be able to dynamically produce
@ -25,7 +25,7 @@
# Enable static library builds by default. # Enable static library builds by default.
%bcond_without staticlibs %bcond_without staticlibs
# Remove build artifacts by default # Remove build artifacts by default
%bcond_with artifacts %bcond_without artifacts
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK # Build a fresh libjvm.so for use in a copy of the bootstrap JDK
%bcond_without fresh_libjvm %bcond_without fresh_libjvm
# Build with system libraries # Build with system libraries
@ -147,6 +147,8 @@
%global zgc_arches x86_64 %global zgc_arches x86_64
# Set of architectures for which alt-java has SSB mitigation # Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64 %global ssbd_arches x86_64
# Architecture on which we run Java only tests
%global jdk_test_arch x86_64
# Set of architectures where we verify backtraces with gdb # Set of architectures where we verify backtraces with gdb
# s390x fails on RHEL 7 so we exclude it there # s390x fails on RHEL 7 so we exclude it there
%if (0%{?rhel} > 0 && 0%{?rhel} < 8) %if (0%{?rhel} > 0 && 0%{?rhel} < 8)
@ -330,9 +332,8 @@
%global stapinstall %{nil} %global stapinstall %{nil}
%endif %endif
# always off for portable builds
%ifarch %{systemtap_arches} %ifarch %{systemtap_arches}
%global with_systemtap 0 %global with_systemtap 1
%else %else
%global with_systemtap 0 %global with_systemtap 0
%endif %endif
@ -340,7 +341,7 @@
# New Version-String scheme-style defines # New Version-String scheme-style defines
%global featurever 11 %global featurever 11
%global interimver 0 %global interimver 0
%global updatever 19 %global updatever 25
%global patchver 0 %global patchver 0
# buildjdkver is usually same as %%{featurever}, # buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1, # but in time of bootstrap of next jdk, it is featurever-1,
@ -368,7 +369,7 @@
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora}
%else %else
%if 0%{?rhel} %if 0%{?rhel}
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component} %global oj_vendor_bug_url https://access.redhat.com/support/cases/
%else %else
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
%endif %endif
@ -379,15 +380,22 @@
# Define IcedTea version used for SystemTap tapsets and desktop file # Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598 %global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches # Define current Git revision for the FIPS support patches
%global fipsver b34fb09a5c %global fipsver f93a863b56
# Define JDK versions
%global javaver %{featurever}
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
# Standard JPackage naming and versioning defines # Standard JPackage naming and versioning defines
%global origin openjdk %global origin openjdk
%global origin_nice OpenJDK %global origin_nice OpenJDK
%global top_level_dir_name %{origin} %global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup %global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 7 %global buildver 9
%global rpmrelease 2 %global rpmrelease 1
#%%global tagsuffix %%{nil} #%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk %if %is_system_jdk
@ -401,15 +409,6 @@
# for techpreview, using 1, so slowdebugs can have 0 # for techpreview, using 1, so slowdebugs can have 0
%global priority %( printf '%08d' 1 ) %global priority %( printf '%08d' 1 )
%endif %endif
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
%global javaver %{featurever}
# Define milestone (EA for pre-releases, GA for releases) # Define milestone (EA for pre-releases, GA for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
@ -444,9 +443,9 @@
%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} %define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}}
# portable only declarations # portable only declarations
%global jreimage jre %global jreimage jre
%define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.jre.;g" | sed "s;openjdkportable;el;g") %define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jre;g")
%define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.jdk.;g" | sed "s;openjdkportable;el;g") %define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jdk;g")
%define staticlibsportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.static-libs.;g" | sed "s;openjdkportable;el;g") %define staticlibsportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.static-libs;g")
%define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz} %define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz}
%define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz} %define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz}
%define staticlibsportablearchive() %{expand:%{staticlibsportablenameimpl -- %%{1}}.tar.xz} %define staticlibsportablearchive() %{expand:%{staticlibsportablenameimpl -- %%{1}}.tar.xz}
@ -455,9 +454,9 @@
# Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on # Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on
# top of the JDK archive # top of the JDK archive
%define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} %define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}}
%define docportablename() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable.docs.;g" | sed "s;openjdkportable;el;g") %define docportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.docs;g")
%define docportablearchive() %{docportablename}.tar.xz %define docportablearchive() %{docportablename}.tar.xz
%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable.misc.;g" | sed "s;openjdkportable;el;g") %define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.misc;g")
%define miscportablearchive() %{miscportablename}.tar.xz %define miscportablearchive() %{miscportablename}.tar.xz
################################################################# #################################################################
@ -502,20 +501,6 @@
%global alternatives_requires %{_sbindir}/alternatives %global alternatives_requires %{_sbindir}/alternatives
%endif %endif
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
# but currently systemtap doesn't support that, so we have to
# use the root tapset dir for now. To distinguish between 64
# and 32 bit architectures we place the tapsets under the arch
# specific dir (note that systemtap will only pickup the tapset
# for the primary arch for now). Systemtap uses the machine name
# aka target_cpu as architecture specific directory name.
%global tapsetroot /usr/share/systemtap
%global tapsetdirttapset %{tapsetroot}/tapset/
%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
%endif
# Portables have no repo (requires/provides), but these are awesome for orientation in spec # Portables have no repo (requires/provides), but these are awesome for orientation in spec
# Also scriptlets are happily missing and files are handled old fashion # Also scriptlets are happily missing and files are handled old fashion
# not-duplicated requires/provides/obsoletes for normal/debug packages # not-duplicated requires/provides/obsoletes for normal/debug packages
@ -583,13 +568,12 @@ URL: http://openjdk.java.net/
# to regenerate source0 (jdk) run update_package.sh # to regenerate source0 (jdk) run update_package.sh
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives # update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
# Use 'icedtea_sync.sh' to update the following # Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x). # They are based on code contained in the IcedTea project (6.x).
# Systemtap tapsets. Zipped up to keep it small. # Systemtap tapsets. Zipped up to keep it small.
# Disabled in portables Source8: tapsets-icedtea-%{icedteaver}.tar.xz
#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea # Desktop files. Adapted from IcedTea
# Disabled in portables # Disabled in portables
@ -687,21 +671,17 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
# need to be reviewed & pushed to the appropriate # need to be reviewed & pushed to the appropriate
# updates tree of OpenJDK. # updates tree of OpenJDK.
############################################# #############################################
Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch Patch2002: jdk8242332-rh2108712-sha3-sunpkcs11.patch
############################################# #############################################
# #
# Patches appearing in 11.0.20 # Patches appearing in 11.0.23
# #
# This section includes patches which are present # This section includes patches which are present
# in the listed OpenJDK 11u release and should be # in the listed OpenJDK 8u release and should be
# able to be removed once that release is out # able to be removed once that release is out
# and used by this RPM. # and used by this RPM.
############################################# #############################################
# JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
Patch2002: jdk8274864-remove_amman_cairo_hacks.patch
# JDK-8305113: (tz) Update Timezone Data to 2023c
Patch2003: jdk8305113-tzdata2023c.patch
############################################# #############################################
# #
@ -748,10 +728,6 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
%ifarch %{zero_arches} %ifarch %{zero_arches}
BuildRequires: libffi-devel BuildRequires: libffi-devel
%endif %endif
# 2023c required as of JDK-8305113
#BuildRequires: tzdata-java >= 2023c
# Temporarily lowering requirement until https://errata.devel.redhat.com/advisory/112353 ships
BuildRequires: tzdata-java >= 2022g
# cacerts build requirement in portable mode # cacerts build requirement in portable mode
BuildRequires: ca-certificates BuildRequires: ca-certificates
# Earlier versions have a bug in tree vectorization on PPC # Earlier versions have a bug in tree vectorization on PPC
@ -769,19 +745,22 @@ BuildRequires: harfbuzz-devel
BuildRequires: lcms2-devel BuildRequires: lcms2-devel
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
BuildRequires: libpng-devel BuildRequires: libpng-devel
BuildRequires: zlib-devel
%else %else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h # Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.12.1 Provides: bundled(freetype) = 2.13.2
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1 Provides: bundled(giflib) = 5.2.2
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 4.4.1 Provides: bundled(harfbuzz) = 8.2.2
# Version in src/java.desktop/share/native/liblcms/lcms2.h # Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.12.0 Provides: bundled(lcms2) = 2.16.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h # Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h # Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.37 Provides: bundled(libpng) = 1.6.43
# Version in src/java.base/share/native/libzip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
# We link statically against libstdc++ to increase portability # We link statically against libstdc++ to increase portability
BuildRequires: libstdc++-static BuildRequires: libstdc++-static
%endif %endif
@ -971,21 +950,20 @@ sh %{SOURCE12} %{top_level_dir_name}
# Patch the JDK # Patch the JDK
pushd %{top_level_dir_name} pushd %{top_level_dir_name}
%patch1 -p1 %patch -P1 -p1
%patch3 -p1 %patch -P3 -p1
# Add crypto policy and FIPS support # Add crypto policy and FIPS support
%patch1001 -p1 %patch -P1001 -p1
# nss.cfg PKCS11 support; must come last as it also alters java.security # nss.cfg PKCS11 support; must come last as it also alters java.security
%patch1000 -p1 %patch -P1000 -p1
# PKCS11 SHA3 backport # PKCS11 SHA3 backport
%patch2001 -p1 %patch -P2002 -p1
# tzdata update # alt-java
%patch2002 -p1 %patch -P600 -p1
%patch2003 -p1 # RSA default
%patch -P1003 -p1
popd # openjdk popd # openjdk
%patch600
%patch1003
# Extract systemtap tapsets # Extract systemtap tapsets
%if %{with_systemtap} %if %{with_systemtap}
@ -999,18 +977,8 @@ cp -r tapset tapset%{fastdebug_suffix}
for suffix in %{build_loop} ; do for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do for file in "tapset"$suffix/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` sed -i -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1 sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $file
sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2
# TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86}
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE
%else
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE
%endif
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
done done
done done
# systemtap tapsets ends # systemtap tapsets ends
@ -1097,9 +1065,6 @@ function buildjdk() {
bash ${top_dir_abs_src_path}/configure \ bash ${top_dir_abs_src_path}/configure \
%ifarch %{zero_arches} %ifarch %{zero_arches}
--with-jvm-variants=zero \ --with-jvm-variants=zero \
%endif
%ifarch %{ppc64le}
--with-jobs=1 \
%endif %endif
--with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \ --with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \
--with-version-build=%{buildver} \ --with-version-build=%{buildver} \
@ -1140,11 +1105,81 @@ function buildjdk() {
popd popd
} }
function stripjdk() {
local outputdir=${1}
local jdkimagepath=${outputdir}/images/%{jdkimage}
local jreimagepath=${outputdir}/images/%{jreimage}
local jmodimagepath=${outputdir}/images/jmods
local supportdir=${outputdir}/support
local modulefile=lib/modules
if [ "x$suffix" = "x" ] ; then
# Keep the unstripped version for consumption by RHEL RPMs
cp -a ${jdkimagepath}{,.unstripped}
# Strip libraries and executables
for file in $(find ${jdkimagepath} ${jreimagepath} ${supportdir} -type f | grep -v '\.o$' | grep -v '\.debuginfo$' | grep -v '\.class$' ) ; do
if file ${file} | grep -q 'ELF'; then
noextfile=${file/.so/};
objcopy --only-keep-debug ${file} ${noextfile}.debuginfo;
objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file};
strip -g ${file};
fi
done
# Rebuild jmod files against the stripped binaries
if [ ! -d ${supportdir} ] ; then
echo "Support directory missing.";
exit 15
fi
echo "Rebuilding jmod files against the stripped binaries"
for cmd in $(find ${supportdir}/jmods -name '*.jmod.cmdline') ; do
jmod=$(cat ${cmd} | sed -r 's|.*support/(.*$)|\1|');
echo "Rebuilding ${jmod} against stripped binaries...";
echo "Removing old jmod ${jmod}...";
rm -vf ${jmod}
rm -vf ${jdkimagepath}/jmods/$(basename ${jmod});
echo "Executing $(cat ${cmd})...";
cat ${cmd} | sh -s ;
echo "Moving jmod to image and image/jmods...";
cp -v ${supportdir}/${jmod} ${jmodimagepath};
mv -v ${supportdir}/${jmod} ${jdkimagepath}/jmods;
done
echo "Rebuilding images with stripped modules..."
for image in %{jdkimage} %{jreimage} ; do
outdir=${outputdir}/images/${image};
jlink=${supportdir}/images/${image}.cmdline;
echo "Running ${jlink}..."
if [ ! -f ${jlink} ]; then
echo "Cannot find JLINK command: ${jlink}"
echo "Supportdir images contains:"
ls -ali ${supportdir}/images
exit 16
fi
# Backup the existing image as it contains files not generated by jlink
mv ${outdir}{,.bak}
# Regenerate the image using the command generated using the initial build
cat ${jlink} | sh -s;
# Move the new jmods and module file from the new image to the old one
if [ -e ${outdir}.bak/jmods ]; then
rm -rf ${outdir}.bak/jmods;
mv -vf ${outdir}/jmods ${outdir}.bak;
fi
# ... and move the modulefile too...
mv -vf ${outdir}/${modulefile} ${outdir}.bak/$(dirname ${modulefile});
# Restore the original image
rm -rf ${outdir};
mv -vf ${outdir}{.bak,};
done
fi
}
function installjdk() { function installjdk() {
local outputdir=${1} local outputdir=${1}
local installdir=${2} local installdir=${2}
local jdkimagepath=${installdir}/images/%{jdkimage} local jdkimagepath=${installdir}/images/%{jdkimage}
local jreimagepath=${installdir}/images/%{jreimage} local jreimagepath=${installdir}/images/%{jreimage}
local unstripped=${jdkimagepath}.unstripped
echo "Installing build from ${outputdir} to ${installdir}..." echo "Installing build from ${outputdir} to ${installdir}..."
mkdir -p ${installdir} mkdir -p ${installdir}
@ -1160,7 +1195,7 @@ function installjdk() {
rm -rf ${outputdir} rm -rf ${outputdir}
%endif %endif
for imagepath in ${jdkimagepath} ${jreimagepath} ; do for imagepath in ${jdkimagepath} ${jreimagepath} ${unstripped}; do
if [ -d ${imagepath} ] ; then if [ -d ${imagepath} ] ; then
# the build (erroneously) removes read permissions from some jars # the build (erroneously) removes read permissions from some jars
@ -1210,6 +1245,7 @@ function packagejdk() {
local bundledir=$(pwd)/${1}/bundles local bundledir=$(pwd)/${1}/bundles
local packagesdir=$(pwd)/${2} local packagesdir=$(pwd)/${2}
local srcdir=$(pwd)/%{top_level_dir_name} local srcdir=$(pwd)/%{top_level_dir_name}
local tapsetdir=$(pwd)/tapset
echo "Packaging build from ${imagesdir} to ${packagesdir}..." echo "Packaging build from ${imagesdir} to ${packagesdir}..."
mkdir -p ${packagesdir} mkdir -p ${packagesdir}
@ -1227,15 +1263,16 @@ function packagejdk() {
jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
staticname=%{staticlibsportablename -- "$nameSuffix"} staticname=%{staticlibsportablename -- "$nameSuffix"}
staticarchive=${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} staticarchive=${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}
debugarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
if [ "x$suffix" = "x" ] ; then
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"} unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
# We only use docs for the release build
docname=%{docportablename} # Keep the unstripped version for consumption by RHEL RPMs
docarchive=${packagesdir}/%{docportablearchive} mv %{jdkimage}.unstripped ${jdkname}
built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip tar -cJf ${unstrippedarchive} ${jdkname}
# These are from the source tree so no debug variants genchecksum ${unstrippedarchive}
miscname=%{miscportablename} mv ${jdkname} %{jdkimage}.unstripped
miscarchive=${packagesdir}/%{miscportablearchive} fi
# Rename directories for packaging # Rename directories for packaging
mv %{jdkimage} ${jdkname} mv %{jdkimage} ${jdkname}
@ -1243,19 +1280,14 @@ function packagejdk() {
# Release images have external debug symbols # Release images have external debug symbols
if [ "x$suffix" = "x" ] ; then if [ "x$suffix" = "x" ] ; then
# Keep the unstripped version for consumption by RHEL RPMs debugarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
tar -cJf ${unstrippedarchive} ${jdkname} # We only use docs for the release build
genchecksum ${unstrippedarchive} docname=%{docportablename}
docarchive=${packagesdir}/%{docportablearchive}
# Strip the files built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
for file in $(find ${jdkname} ${jrename} -type f) ; do # These are from the source tree so no debug variants
if file ${file} | grep -q 'ELF'; then miscname=%{miscportablename}
noextfile=${file/.so/}; miscarchive=${packagesdir}/%{miscportablearchive}
objcopy --only-keep-debug ${file} ${noextfile}.debuginfo;
objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file};
strip -g ${file};
fi
done
tar -cJf ${debugarchive} $(find ${jdkname} -name \*.debuginfo) tar -cJf ${debugarchive} $(find ${jdkname} -name \*.debuginfo)
genchecksum ${debugarchive} genchecksum ${debugarchive}
@ -1271,6 +1303,9 @@ function packagejdk() {
cp -av ${srcdir}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png ${miscname} cp -av ${srcdir}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png ${miscname}
done done
cp -a ${srcdir}/src/sample ${miscname} cp -a ${srcdir}/src/sample ${miscname}
%if %{with_systemtap}
cp -a ${tapsetdir}* ${miscname}
%endif
tar -cJf ${miscarchive} ${miscname} tar -cJf ${miscarchive} ${miscname}
genchecksum ${miscarchive} genchecksum ${miscarchive}
fi fi
@ -1349,10 +1384,12 @@ for suffix in %{build_loop} ; do
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols} buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols}
installjdk ${bootbuilddir} ${bootinstalldir} installjdk ${bootbuilddir} ${bootinstalldir}
buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols}
stripjdk ${builddir}
installjdk ${builddir} ${installdir} installjdk ${builddir} ${installdir}
%{!?with_artifacts:rm -rf ${bootinstalldir}} %{!?with_artifacts:rm -rf ${bootinstalldir}}
else else
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols}
stripjdk ${builddir}
installjdk ${builddir} ${installdir} installjdk ${builddir} ${installdir}
fi fi
packagejdk ${installdir} ${packagesdir} packagejdk ${installdir} ${packagesdir}
@ -1384,6 +1421,9 @@ export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
$JAVA_HOME//bin/java -XX:+UseShenandoahGC -version $JAVA_HOME//bin/java -XX:+UseShenandoahGC -version
%endif %endif
# Only test on one architecture (the fastest) for Java only tests
%ifarch %{jdk_test_arch}
# Check unlimited policy has been used # Check unlimited policy has been used
$JAVA_HOME/bin/javac -d . %{SOURCE13} $JAVA_HOME/bin/javac -d . %{SOURCE13}
$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel $JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel
@ -1428,6 +1468,13 @@ readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
%endif %endif
%else
# Just run a basic java -version test on other architectures
$JAVA_HOME/bin/java -version
%endif
# Release builds strip the debug symbols into external .debuginfo files # Release builds strip the debug symbols into external .debuginfo files
if [ "x$suffix" = "x" ] ; then if [ "x$suffix" = "x" ] ; then
so_suffix="debuginfo" so_suffix="debuginfo"
@ -1527,12 +1574,10 @@ for suffix in %{build_loop} ; do
nameSuffix=`echo "$suffix"| sed s/-/./` nameSuffix=`echo "$suffix"| sed s/-/./`
fi fi
# These definitions should match those in installjdk # These definitions should match those in packagejdk
jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}
jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
staticarchive=${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} staticarchive=${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}
debugarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
mkdir -p $RPM_BUILD_ROOT%{_jvmdir} mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
@ -1547,22 +1592,22 @@ for suffix in %{build_loop} ; do
%endif %endif
if [ "x$suffix" = "x" ] ; then if [ "x$suffix" = "x" ] ; then
# These definitions should match those in packagejdk
debugarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
docarchive=${packagesdir}/%{docportablearchive}
miscarchive=${packagesdir}/%{miscportablearchive}
mv ${debugarchive} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${debugarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${debugarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${debugarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${unstrippedarchive} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${unstrippedarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${unstrippedarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${unstrippedarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
fi
done
# These definitions should match those in installjdk
# Install outside the loop as there are no debug variants
docarchive=${packagesdir}/%{docportablearchive}
miscarchive=${packagesdir}/%{miscportablearchive}
mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
fi
done
# To show sha in the build log # To show sha in the build log
for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do
@ -1581,6 +1626,8 @@ done
# placeholder # placeholder
%endif %endif
%if %{include_normal_build}
%files devel %files devel
%{_jvmdir}/%{jdkportablearchive -- %%{nil}} %{_jvmdir}/%{jdkportablearchive -- %%{nil}}
%{_jvmdir}/%{jdkportablearchive -- .debuginfo} %{_jvmdir}/%{jdkportablearchive -- .debuginfo}
@ -1597,6 +1644,16 @@ done
%{_jvmdir}/%{jdkportablearchive -- .unstripped} %{_jvmdir}/%{jdkportablearchive -- .unstripped}
%{_jvmdir}/%{jdkportablearchive -- .unstripped}.sha256sum %{_jvmdir}/%{jdkportablearchive -- .unstripped}.sha256sum
%files docs
%{_jvmdir}/%{docportablearchive}
%{_jvmdir}/%{docportablearchive}.sha256sum
%files misc
%{_jvmdir}/%{miscportablearchive}
%{_jvmdir}/%{miscportablearchive}.sha256sum
%endif
%if %{include_debug_build} %if %{include_debug_build}
%files slowdebug %files slowdebug
@ -1633,15 +1690,177 @@ done
%endif %endif
%files docs
%{_jvmdir}/%{docportablearchive}
%{_jvmdir}/%{docportablearchive}.sha256sum
%files misc
%{_jvmdir}/%{miscportablearchive}
%{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog %changelog
* Thu Oct 10 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.25.0.9-1
- Update to jdk-11.0.25+9 (GA)
- Update release notes to 11.0.25+9
- Switch to GA mode for release
- Resolves: OPENJDK-3090
- ** This tarball is embargoed until 2024-10-15 @ 1pm PT. **
* Mon Oct 07 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.25.0.8-0.2.ea
- Updated NEWS
- Using %bcond_without artifacts
* Wed Oct 02 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.25.0.8-0.1.ea
- Update to jdk-11.0.25+8 (EA)
- Update release notes to 11.0.25+8
* Thu Sep 26 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.25.0.7-0.1.ea
- Update to jdk-11.0.25+7 (EA)
- Update release notes to 11.0.25+7
* Thu Sep 12 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.25.0.6-0.1.ea
- Update to jdk-11.0.25+6 (EA)
- Update release notes to 11.0.25+6
* Thu Sep 05 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.25.0.5-0.1.ea
- Update to jdk-11.0.25+5 (EA)
- Update release notes to 11.0.25+5
- Switch to EA mode
- Bump giflib version to 5.2.2 following JDK-8328999
- Bump libpng version to 1.6.43 following JDK-8329004
* Mon Aug 26 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.24.0.8-6
- Add missing modulefile in stripjdk
- Skip `.o` and others in stripping loop
- Resolves: OPENJDK-3056
* Tue Aug 20 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.24.0.8-5
- Limit Java only tests to one 'jdk_test_arch'
- Resolves: OPENJDK-3184
* Mon Aug 19 2024 Antonio Vieiro <avieirov@redhat.com> - 1:11.0.24.0.8-4
- Rebuild the lib/modules jimage against the updated jmods
- Resolves: OPENJDK-3056
* Fri Jul 26 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.24.0.8-2
- Drop unneeded tzdata-java build dependency following 3e3cf8fa2df7bac2f6a60a0ddd596ec39228a3e1
- Resolves: OPENJDK-3192
* Fri Jul 26 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.24.0.8-2
- Move unstripped, misc and doc tarball handling into normal build / no suffix blocks
- Resolves: OPENJDK-3217
* Wed Jul 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.24.0.8-2
- Adjusted DTLS & RPATH NEWS entries to match OpenJDK 17 & 21 release notes
* Wed Jul 10 2024 Anton Bobrov <abobrov@redhat.com> - 1:11.0.24.0.8-1
- Update to jdk-11.0.24+8 (GA)
- Update release notes to 11.0.24+8
- Switch to GA mode for release
- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. **
* Mon Jun 24 2024 Anton Bobrov <abobrov@redhat.com> - 1:11.0.24.0.6-0.2.ea
- Add zlib build required or bundled version (1.3.1), depending on system_libs setting
- Related: OPENJDK-3066
* Thu Jun 06 2024 Anton Bobrov <abobrov@redhat.com> - 1:11.0.24.0.6-0.1.ea
- Update to jdk-11.0.24+6 (EA)
- Update release notes to 11.0.24+6
- Switch to EA mode
- Update LCMS to 2.16 (JDK-8321489)
- Improve VCS exclusion in generate_source_tarball.sh script
- Bring outdated patch macros in the spec file up to date
* Thu Apr 18 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.23.0.9-3
- Sync release notes with upstream version: https://bit.ly/openjdk11023
* Thu Apr 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.23.0.9-2
- Fix 11.0.22 release date in NEWS
* Wed Apr 10 2024 Anton Bobrov <abobrov@redhat.com> - 1:11.0.23.0.9-1
- Update to jdk-11.0.23+9 (GA)
- Update release notes to 11.0.23+9
- Switch to GA mode for release
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
- Speed up PPC build by removing ppc64le --with-jobs=1 workaround
- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
* Thu Mar 21 2024 Anton Bobrov <abobrov@redhat.com> - 1:11.0.23.0.1-0.1.ea
- Update to jdk-11.0.23+1 (EA)
- Update release notes to 11.0.23+1
- Switch to EA mode
* Wed Jan 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.22.0.7-1
- Update to jdk-11.0.22+7 (GA)
- Update release notes to 11.0.22+7
- Switch to GA mode for release
- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. **
* Mon Jan 08 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.22.0.6-0.1.ea
- Update to jdk-11.0.22+6 (EA)
- Update release notes to 11.0.22+6
* Thu Jan 04 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.22.0.1-0.1.ea
- Update to jdk-11.0.22+1 (EA)
- Update release notes to 11.0.22+1
- Switch to EA mode
- Drop local copy of JDK-8312489 which is now included upstream
* Wed Oct 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.21.0.9-1
- Update to jdk-11.0.21+9 (GA)
- Update release notes to 11.0.21+9
- Switch to GA mode for release
- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2
- Bump freetype version to 2.13.0 following JDK-8306881
- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. **
* Thu Oct 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.21.0.1-0.1.ea
- Update to jdk-11.0.21+1 (EA)
- Update release notes to 11.0.21+1
- Switch to EA mode
- Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246
- Re-generate SHA3 patch following backport of JDK-8242151
- Bump libpng version to 1.6.39 following JDK-8305815
- Bump HarfBuzz version to 7.2.0 following JDK-8307301
- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal
- Update bug URL for RHEL to point to the Red Hat customer portal
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Apply all patches using -p1
* Tue Sep 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.1.1-1
- Update to jdk-11.0.20.1+1 (GA)
- Update release notes to 11.0.20.1+1
- Add backport of JDK-8312489 already upstream in 11.0.22 (see OPENJDK-2095)
- Add backport of JDK-8243210 already upstream in 11.0.21 (see RH2229269)
- Update openjdk_news script to specify subdirectory last
- Add missing discover_trees script required by openjdk_news
- Update README.md to match the version in later RHEL releases
- Resolves: rhbz#2236589
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.8-1
- Update to jdk-11.0.20.0+8 (GA)
- Update release notes to 11.0.20.0+8
- Switch to GA mode for release
- Bump bundled HarfBuzz version to 7.0.1 as in jdk-11.0.20+7
- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.3.ea
- Determine path of output jmod path from command rather than guessing
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.3.ea
- Rebuild jmods using the stripped binaries in release builds
- Fix trailing '.' in tarball name
- Make sure the unstripped JDK is customised by the installjdk function
- Resolves: OPENJDK-1975
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.2.ea
- Re-enable SystemTap support and perform only substitutions possible without final NVR available
- Include tapsets in the miscellaneous tarball
- Drop unused globals for tapset installation
* Fri Jun 30 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.2.ea
- Bump bundled LCMS version to 2.15 as in jdk-11.0.20+1.
* Fri Jun 30 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.1.ea
- Update to jdk-11.0.20+1 (EA)
- Update release notes to 11.0.20+1
- Switch to EA mode
- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 11.0.20+1
- Bump tzdata requirement to 2023c now it is available in the buildroot
* Mon Apr 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.19.0.7-2 * Mon Apr 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.19.0.7-2
- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8 - Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
- Remove use of devtoolset (RHEL 8 native compilers should be sufficient) - Remove use of devtoolset (RHEL 8 native compilers should be sufficient)

206
SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch
View File

@ -1,11 +1,11 @@
commit 81c2107a9188680f7c35ebc7697b292d5972436e commit b8711800e3cd9132ad2b195c82cf816210feb77d
Author: Andrew Hughes <gnu.andrew@redhat.com> Author: Andrew Hughes <gnu.andrew@redhat.com>
Date: Mon Feb 27 13:22:43 2023 +0000 Date: Thu Oct 5 03:13:01 2023 +0100
Backport 78be334c3817a1b5840922a9bf1339a40dcc5185 Backport 78be334c3817a1b5840922a9bf1339a40dcc5185
diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
index 92ecb9adc0c..a5848c96aad 100644 index b5cc3b05f1..7e235c90dd 100644
--- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java --- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java
+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java +++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
@@ -155,6 +155,14 @@ public enum KnownOIDs { @@ -155,6 +155,14 @@ public enum KnownOIDs {
@ -24,7 +24,7 @@ index 92ecb9adc0c..a5848c96aad 100644
SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"), SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"), SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
index 32c089fd96d..7d5c0c7e299 100644 index 32c089fd96..7d5c0c7e29 100644
--- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java --- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java
+++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java +++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
@@ -168,4 +168,22 @@ public class SignatureUtil { @@ -168,4 +168,22 @@ public class SignatureUtil {
@ -51,7 +51,7 @@ index 32c089fd96d..7d5c0c7e299 100644
+ } + }
} }
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
index 41fe61b8a16..daf0bc9f69c 100644 index 41fe61b8a1..daf0bc9f69 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -93,7 +93,7 @@ index 41fe61b8a16..daf0bc9f69c 100644
break; break;
default: default:
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
index 926414608cb..f343e6025e1 100644 index 926414608c..f343e6025e 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
@@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@ -428,7 +428,7 @@ index 926414608cb..f343e6025e1 100644
- -
} }
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
index c88e4a6ace5..29b26651c39 100644 index c88e4a6ace..29b26651c3 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
@@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@ -465,7 +465,7 @@ index c88e4a6ace5..29b26651c39 100644
break; break;
case (int)CKM_SSL3_MD5_MAC: case (int)CKM_SSL3_MD5_MAC:
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
index 26eaa4735f1..905b6ea9562 100644 index 1419be3754..18e00a544b 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
@@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec; @@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec;
@ -738,7 +738,7 @@ index 26eaa4735f1..905b6ea9562 100644
// see JCA spec // see JCA spec
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
index e3af106d05a..e49edf32c29 100644 index e3af106d05..e49edf32c2 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
@@ -51,8 +51,15 @@ import sun.security.util.KeyUtil; @@ -51,8 +51,15 @@ import sun.security.util.KeyUtil;
@ -970,111 +970,88 @@ index e3af106d05a..e49edf32c29 100644
// return RSASignature.decodeSignature(digestOID, signature); // return RSASignature.decodeSignature(digestOID, signature);
// } // }
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index cf7cd19b689..7a8bcffb92c 100644 index ffbd671246..d191831dab 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -550,6 +550,18 @@ public final class SunPKCS11 extends AuthProvider { @@ -546,6 +546,14 @@ public final class SunPKCS11 extends AuthProvider {
d(MD, "SHA-512/256", P11Digest, m(CKM_SHA512_224));
s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"), dA(MD, "SHA-512/256", P11Digest,
m(CKM_SHA512_256)); m(CKM_SHA512_256));
+ d(MD, "SHA3-224", P11Digest, + dA(MD, "SHA3-224", P11Digest,
+ s("2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7"),
+ m(CKM_SHA3_224)); + m(CKM_SHA3_224));
+ d(MD, "SHA3-256", P11Digest, + dA(MD, "SHA3-256", P11Digest,
+ s("2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8"),
+ m(CKM_SHA3_256)); + m(CKM_SHA3_256));
+ d(MD, "SHA3-384", P11Digest, + dA(MD, "SHA3-384", P11Digest,
+ s("2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9"),
+ m(CKM_SHA3_384)); + m(CKM_SHA3_384));
+ d(MD, "SHA3-512", P11Digest, + dA(MD, "SHA3-512", P11Digest,
+ s("2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10"),
+ m(CKM_SHA3_512)); + m(CKM_SHA3_512));
d(MAC, "HmacMD5", P11MAC, d(MAC, "HmacMD5", P11MAC,
m(CKM_MD5_HMAC)); m(CKM_MD5_HMAC));
@@ -574,7 +586,18 @@ public final class SunPKCS11 extends AuthProvider { @@ -563,7 +571,14 @@ public final class SunPKCS11 extends AuthProvider {
d(MAC, "HmacSHA512/256", P11MAC, m(CKM_SHA512_224_HMAC));
s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"), dA(MAC, "HmacSHA512/256", P11MAC,
m(CKM_SHA512_256_HMAC)); m(CKM_SHA512_256_HMAC));
- -
+ d(MAC, "HmacSHA3-224", P11MAC, + dA(MAC, "HmacSHA3-224", P11MAC,
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
+ m(CKM_SHA3_224_HMAC)); + m(CKM_SHA3_224_HMAC));
+ d(MAC, "HmacSHA3-256", P11MAC, + dA(MAC, "HmacSHA3-256", P11MAC,
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
+ m(CKM_SHA3_256_HMAC)); + m(CKM_SHA3_256_HMAC));
+ d(MAC, "HmacSHA3-384", P11MAC, + dA(MAC, "HmacSHA3-384", P11MAC,
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
+ m(CKM_SHA3_384_HMAC)); + m(CKM_SHA3_384_HMAC));
+ d(MAC, "HmacSHA3-512", P11MAC, + dA(MAC, "HmacSHA3-512", P11MAC,
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
+ m(CKM_SHA3_512_HMAC)); + m(CKM_SHA3_512_HMAC));
d(MAC, "SslMacMD5", P11MAC, d(MAC, "SslMacMD5", P11MAC,
m(CKM_SSL3_MD5_MAC)); m(CKM_SSL3_MD5_MAC));
d(MAC, "SslMacSHA1", P11MAC, d(MAC, "SslMacSHA1", P11MAC,
@@ -604,6 +627,41 @@ public final class SunPKCS11 extends AuthProvider { @@ -595,6 +610,30 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_BLOWFISH_KEY_GEN)); m(CKM_BLOWFISH_KEY_GEN));
d(KG, "ChaCha20", P11KeyGenerator, d(KG, "ChaCha20", P11KeyGenerator,
m(CKM_CHACHA20_KEY_GEN)); m(CKM_CHACHA20_KEY_GEN));
+ d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1 + d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1
+ m(CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA1", P11KeyGenerator, + dA(KG, "HmacSHA1", P11KeyGenerator,
+ s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
+ m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA224", P11KeyGenerator, + dA(KG, "HmacSHA224", P11KeyGenerator,
+ s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
+ m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA256", P11KeyGenerator, + dA(KG, "HmacSHA256", P11KeyGenerator,
+ s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
+ m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA384", P11KeyGenerator, + dA(KG, "HmacSHA384", P11KeyGenerator,
+ s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
+ m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA512", P11KeyGenerator, + dA(KG, "HmacSHA512", P11KeyGenerator,
+ s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
+ m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA512/224", P11KeyGenerator, + dA(KG, "HmacSHA512/224", P11KeyGenerator,
+ s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"),
+ m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA512/256", P11KeyGenerator, + dA(KG, "HmacSHA512/256", P11KeyGenerator,
+ s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
+ m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-224", P11KeyGenerator, + dA(KG, "HmacSHA3-224", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
+ m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-256", P11KeyGenerator, + dA(KG, "HmacSHA3-256", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
+ m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-384", P11KeyGenerator, + dA(KG, "HmacSHA3-384", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
+ m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ d(KG, "HmacSHA3-512", P11KeyGenerator, + dA(KG, "HmacSHA3-512", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
+ m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
// register (Secret)KeyFactories if there are any mechanisms // register (Secret)KeyFactories if there are any mechanisms
// for a particular algorithm that we support // for a particular algorithm that we support
@@ -747,13 +805,40 @@ public final class SunPKCS11 extends AuthProvider { @@ -725,37 +764,77 @@ public final class SunPKCS11 extends AuthProvider {
d(SIG, "SHA512withDSA", P11Signature, m(CKM_DSA_SHA384));
s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"), dA(SIG, "SHA512withDSA", P11Signature,
m(CKM_DSA_SHA512)); m(CKM_DSA_SHA512));
+ d(SIG, "SHA3-224withDSA", P11Signature, + dA(SIG, "SHA3-224withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.5", "OID.2.16.840.1.101.3.4.3.5"),
+ m(CKM_DSA_SHA3_224)); + m(CKM_DSA_SHA3_224));
+ d(SIG, "SHA3-256withDSA", P11Signature, + dA(SIG, "SHA3-256withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.6", "OID.2.16.840.1.101.3.4.3.6"),
+ m(CKM_DSA_SHA3_256)); + m(CKM_DSA_SHA3_256));
+ d(SIG, "SHA3-384withDSA", P11Signature, + dA(SIG, "SHA3-384withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.7", "OID.2.16.840.1.101.3.4.3.7"),
+ m(CKM_DSA_SHA3_384)); + m(CKM_DSA_SHA3_384));
+ d(SIG, "SHA3-512withDSA", P11Signature, + dA(SIG, "SHA3-512withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.8", "OID.2.16.840.1.101.3.4.3.8"),
+ m(CKM_DSA_SHA3_512)); + m(CKM_DSA_SHA3_512));
d(SIG, "RawDSAinP1363Format", P11Signature, d(SIG, "RawDSAinP1363Format", P11Signature,
s("NONEwithDSAinP1363Format"), List.of("NONEwithDSAinP1363Format"),
m(CKM_DSA)); m(CKM_DSA));
d(SIG, "DSAinP1363Format", P11Signature, d(SIG, "DSAinP1363Format", P11Signature,
s("SHA1withDSAinP1363Format"), List.of("SHA1withDSAinP1363Format"),
m(CKM_DSA_SHA1, CKM_DSA)); m(CKM_DSA_SHA1, CKM_DSA));
- -
+ d(SIG, "SHA224withDSAinP1363Format", P11Signature, + d(SIG, "SHA224withDSAinP1363Format", P11Signature,
@ -1095,36 +1072,27 @@ index cf7cd19b689..7a8bcffb92c 100644
+ m(CKM_DSA_SHA3_512)); + m(CKM_DSA_SHA3_512));
d(SIG, "NONEwithECDSA", P11Signature, d(SIG, "NONEwithECDSA", P11Signature,
m(CKM_ECDSA)); m(CKM_ECDSA));
d(SIG, "SHA1withECDSA", P11Signature, dA(SIG, "SHA1withECDSA", P11Signature,
@@ -761,28 +846,49 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_ECDSA_SHA1, CKM_ECDSA)); m(CKM_ECDSA_SHA1, CKM_ECDSA));
d(SIG, "SHA224withECDSA", P11Signature, dA(SIG, "SHA224withECDSA", P11Signature,
s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA224, CKM_ECDSA)); + m(CKM_ECDSA_SHA224, CKM_ECDSA));
d(SIG, "SHA256withECDSA", P11Signature, dA(SIG, "SHA256withECDSA", P11Signature,
s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA256, CKM_ECDSA)); + m(CKM_ECDSA_SHA256, CKM_ECDSA));
d(SIG, "SHA384withECDSA", P11Signature, dA(SIG, "SHA384withECDSA", P11Signature,
s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA384, CKM_ECDSA)); + m(CKM_ECDSA_SHA384, CKM_ECDSA));
d(SIG, "SHA512withECDSA", P11Signature, dA(SIG, "SHA512withECDSA", P11Signature,
s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA512, CKM_ECDSA)); + m(CKM_ECDSA_SHA512, CKM_ECDSA));
+ d(SIG, "SHA3-224withECDSA", P11Signature, + dA(SIG, "SHA3-224withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.9", "OID.1.2.840.10045.4.3.9"),
+ m(CKM_ECDSA_SHA3_224, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_224, CKM_ECDSA));
+ d(SIG, "SHA3-256withECDSA", P11Signature, + dA(SIG, "SHA3-256withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.10", "OID.1.2.840.10045.4.3.10"),
+ m(CKM_ECDSA_SHA3_256, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_256, CKM_ECDSA));
+ d(SIG, "SHA3-384withECDSA", P11Signature, + dA(SIG, "SHA3-384withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.11", "OID.1.2.840.10045.4.3.11"),
+ m(CKM_ECDSA_SHA3_384, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_384, CKM_ECDSA));
+ d(SIG, "SHA3-512withECDSA", P11Signature, + dA(SIG, "SHA3-512withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.12", "OID.1.2.840.10045.4.3.12"),
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
d(SIG, "NONEwithECDSAinP1363Format", P11Signature, d(SIG, "NONEwithECDSAinP1363Format", P11Signature,
m(CKM_ECDSA)); m(CKM_ECDSA));
@ -1151,29 +1119,25 @@ index cf7cd19b689..7a8bcffb92c 100644
+ d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature, + d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature,
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
+ +
d(SIG, "MD2withRSA", P11Signature, dA(SIG, "MD2withRSA", P11Signature,
s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
@@ -805,6 +911,18 @@ public final class SunPKCS11 extends AuthProvider { dA(SIG, "MD5withRSA", P11Signature,
d(SIG, "SHA512withRSA", P11Signature, @@ -770,6 +849,14 @@ public final class SunPKCS11 extends AuthProvider {
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
dA(SIG, "SHA512withRSA", P11Signature,
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-224withRSA", P11Signature, + dA(SIG, "SHA3-224withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.13", "OID.2.16.840.1.101.3.4.3.13"),
+ m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-256withRSA", P11Signature, + dA(SIG, "SHA3-256withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.14", "OID.2.16.840.1.101.3.4.3.14"),
+ m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-384withRSA", P11Signature, + dA(SIG, "SHA3-384withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.15", "OID.2.16.840.1.101.3.4.3.15"),
+ m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ d(SIG, "SHA3-512withRSA", P11Signature, + dA(SIG, "SHA3-512withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.16", "OID.2.16.840.1.101.3.4.3.16"),
+ m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "RSASSA-PSS", P11PSSSignature, dA(SIG, "RSASSA-PSS", P11PSSSignature,
s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"),
m(CKM_RSA_PKCS_PSS)); m(CKM_RSA_PKCS_PSS));
@@ -818,6 +936,14 @@ public final class SunPKCS11 extends AuthProvider { d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature,
@@ -782,6 +869,14 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA384_RSA_PKCS_PSS)); m(CKM_SHA384_RSA_PKCS_PSS));
d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature, d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature,
m(CKM_SHA512_RSA_PKCS_PSS)); m(CKM_SHA512_RSA_PKCS_PSS));
@ -1189,7 +1153,7 @@ index cf7cd19b689..7a8bcffb92c 100644
d(KG, "SunTlsRsaPremasterSecret", d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
index e077943bbc2..cb04b95304d 100644 index e077943bbc..cb04b95304 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1215,7 +1179,7 @@ index e077943bbc2..cb04b95304d 100644
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
new file mode 100644 new file mode 100644
index 00000000000..d6707028d96 index 0000000000..d6707028d9
--- /dev/null --- /dev/null
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java +++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
@@ -0,0 +1,84 @@ @@ -0,0 +1,84 @@
@ -1304,7 +1268,7 @@ index 00000000000..d6707028d96
+ } + }
+} +}
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
index b61d10beece..78b7d857e8e 100644 index b61d10beec..78b7d857e8 100644
--- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java --- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java +++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
@@ -23,7 +23,7 @@ @@ -23,7 +23,7 @@
@ -1336,7 +1300,7 @@ index b61d10beece..78b7d857e8e 100644
test("ARCFOUR", 1024, p, TestResult.TBD); test("ARCFOUR", 1024, p, TestResult.TBD);
} else if (p.getName().equals("SunPKCS11-NSS")) { } else if (p.getName().equals("SunPKCS11-NSS")) {
diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
index 59af327c1f2..64c42a6dd06 100644 index 59af327c1f..64c42a6dd0 100644
--- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java --- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
+++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java +++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
@@ -23,7 +23,7 @@ @@ -23,7 +23,7 @@
@ -1421,7 +1385,7 @@ index 59af327c1f2..64c42a6dd06 100644
mac.reset(); mac.reset();
diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
index 5cad8859840..7e045232e3a 100644 index 5cad885984..7e045232e3 100644
--- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java --- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
+++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java +++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1514,7 +1478,7 @@ index 5cad8859840..7e045232e3a 100644
} }
} }
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
index 7ced00630cc..a7a72e8ea3d 100644 index 7ced00630c..a7a72e8ea3 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java --- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1574,7 +1538,7 @@ index 7ced00630cc..a7a72e8ea3d 100644
byte[] d1 = md.digest(data); byte[] d1 = md.digest(data);
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
index ea7909bc397..268f698276b 100644 index ea7909bc39..268f698276 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java --- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1655,7 +1619,7 @@ index ea7909bc397..268f698276b 100644
private static void check(byte[] d1, byte[] d2) throws Exception { private static void check(byte[] d1, byte[] d2) throws Exception {
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
index b931c8564b2..ace601c7233 100644 index b931c8564b..ace601c723 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java --- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1744,7 +1708,7 @@ index b931c8564b2..ace601c7233 100644
MessageDigest mdCopy0 = (MessageDigest) mdObj.clone(); MessageDigest mdCopy0 = (MessageDigest) mdObj.clone();
diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
index 26eeacffed9..f5de994779c 100644 index 26eeacffed..f5de994779 100644
--- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java --- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
+++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java +++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
@@ -23,7 +23,7 @@ @@ -23,7 +23,7 @@
@ -1770,7 +1734,7 @@ index 26eeacffed9..f5de994779c 100644
sig.update(t); sig.update(t);
byte[] signature = sig.sign(); byte[] signature = sig.sign();
diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
index ccd66599fb0..a2fa7294977 100644 index ccd66599fb..a2fa729497 100644
--- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1816,7 +1780,7 @@ index ccd66599fb0..a2fa7294977 100644
PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1", PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1",
new MGF1ParameterSpec("SHA-256"), 32, new MGF1ParameterSpec("SHA-256"), 32,
diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
index 2e4fedbf1d5..f1c0492b5fc 100644 index 2e4fedbf1d..f1c0492b5f 100644
--- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1910,7 +1874,7 @@ index 2e4fedbf1d5..f1c0492b5fc 100644
System.out.println("test#4: pass"); System.out.println("test#4: pass");
} }
diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
index 42ca7fa203d..8c132ca7e4f 100644 index 42ca7fa203..8c132ca7e4 100644
--- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java --- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
+++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java +++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
@@ -23,312 +23,13 @@ @@ -23,312 +23,13 @@
@ -2242,7 +2206,7 @@ index 42ca7fa203d..8c132ca7e4f 100644
new Random().nextBytes(data); new Random().nextBytes(data);
sig.initSign(privateKey); sig.initSign(privateKey);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
index 3c3edb5aa6a..11147022771 100644 index 3c3edb5aa6..1114702277 100644
--- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -2263,7 +2227,7 @@ index 3c3edb5aa6a..11147022771 100644
* @library /test/lib .. * @library /test/lib ..
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
new file mode 100644 new file mode 100644
index 00000000000..b8ea9863327 index 0000000000..b8ea986332
--- /dev/null --- /dev/null
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
@@ -0,0 +1,98 @@ @@ -0,0 +1,98 @@
@ -2366,7 +2330,7 @@ index 00000000000..b8ea9863327
+ } + }
+} +}
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
index 3a6dbe345e9..4c1f7284bbc 100644 index 3a6dbe345e..4c1f7284bb 100644
--- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -2424,7 +2388,7 @@ index 3a6dbe345e9..4c1f7284bbc 100644
hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1); hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
new file mode 100644 new file mode 100644
index 00000000000..516b17972e5 index 0000000000..516b17972e
--- /dev/null --- /dev/null
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
@@ -0,0 +1,140 @@ @@ -0,0 +1,140 @@
@ -2569,7 +2533,7 @@ index 00000000000..516b17972e5
+ } + }
+} +}
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
index 222f8a2a5ed..3161de6fc50 100644 index 222f8a2a5e..3161de6fc5 100644
--- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java --- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
+++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java +++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -2664,7 +2628,7 @@ index 222f8a2a5ed..3161de6fc50 100644
} }
} }
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
index f469ca17b65..7e5a012a5ec 100644 index f469ca17b6..7e5a012a5e 100644
--- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java --- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
+++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java +++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
@@ -22,8 +22,8 @@ @@ -22,8 +22,8 @@
@ -2697,7 +2661,7 @@ index f469ca17b65..7e5a012a5ec 100644
kpg.initialize(512); kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair(); KeyPair kp = kpg.generateKeyPair();
diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
index 49778ea954c..576b1dc4d69 100644 index 49778ea954..576b1dc4d6 100644
--- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt --- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
+++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt +++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
@@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib} @@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib}

55
SOURCES/jdk8274864-remove_amman_cairo_hacks.patch
View File

@ -1,55 +0,0 @@
commit b4caafe16f14983e303b7f1fdf3090e5c513ebd8
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Thu Apr 13 15:37:20 2023 +0000
8274864: Remove Amman/Cairo hacks in ZoneInfoFile
Backport-of: ec199072c5867624d66840238cc8828e16ae8da7
diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
index 1dc82561f2..a51490767d 100644
--- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
+++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
@@ -607,34 +607,6 @@ public final class ZoneInfoFile {
params[8] = endRule.secondOfDay * 1000;
params[9] = toSTZTime[endRule.timeDefinition];
dstSavings = (startRule.offsetAfter - startRule.offsetBefore) * 1000;
-
- // Note: known mismatching -> Asia/Amman
- // ZoneInfo : startDayOfWeek=5 <= Thursday
- // startTime=86400000 <= 24 hours
- // This: startDayOfWeek=6
- // startTime=0
- // Similar workaround needs to be applied to Africa/Cairo and
- // its endDayOfWeek and endTime
- // Below is the workarounds, it probably slows down everyone a little
- if (params[2] == 6 && params[3] == 0 &&
- (zoneId.equals("Asia/Amman"))) {
- params[2] = 5;
- params[3] = 86400000;
- }
- // Additional check for startDayOfWeek=6 and starTime=86400000
- // is needed for Asia/Amman;
- if (params[2] == 7 && params[3] == 0 &&
- (zoneId.equals("Asia/Amman"))) {
- params[2] = 6; // Friday
- params[3] = 86400000; // 24h
- }
- //endDayOfWeek and endTime workaround
- if (params[7] == 6 && params[8] == 0 &&
- (zoneId.equals("Africa/Cairo"))) {
- params[7] = 5;
- params[8] = 86400000;
- }
-
} else if (nTrans > 0) { // only do this if there is something in table already
if (lastyear < LASTYEAR) {
// ZoneInfo has an ending entry for 2037
@@ -907,7 +879,6 @@ public final class ZoneInfoFile {
this.dow = dowByte == 0 ? -1 : dowByte;
this.secondOfDay = timeByte == 31 ? in.readInt() : timeByte * 3600;
this.timeDefinition = (data & (3 << 12)) >>> 12;
-
this.standardOffset = stdByte == 255 ? in.readInt() : (stdByte - 128) * 900;
this.offsetBefore = beforeByte == 3 ? in.readInt() : standardOffset + beforeByte * 1800;
this.offsetAfter = afterByte == 3 ? in.readInt() : standardOffset + afterByte * 1800;

1098
SOURCES/jdk8305113-tzdata2023c.patch
View File

File diff suppressed because it is too large Load Diff

1458
SPECS/java-11-openjdk.spec
View File

File diff suppressed because it is too large Load Diff