Compare commits
No commits in common. "c8-beta" and "c8" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz
|
||||
SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz
|
||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
99b83c6bd4a99a9763594c4e3f661b983af6e031 SOURCES/openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz
|
||||
5fd3e49485572a2ac8c350503d872a624c59ddb2 SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz
|
||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
4254
SOURCES/NEWS
4254
SOURCES/NEWS
File diff suppressed because it is too large
Load Diff
39
SOURCES/README.md
Normal file
39
SOURCES/README.md
Normal file
@ -0,0 +1,39 @@
|
||||
OpenJDK 11 is a Long-Term Support (LTS) release of the Java platform.
|
||||
|
||||
For a list of major changes from OpenJDK 8 (java-1.8.0-openjdk), see
|
||||
the upstream release page for OpenJDK 11 and the preceding interim
|
||||
releases:
|
||||
|
||||
* 9: https://openjdk.org/projects/jdk9/
|
||||
* 10: https://openjdk.java.net/projects/jdk/10/
|
||||
* 11: https://openjdk.java.net/projects/jdk/11/
|
||||
|
||||
# Rebuilding the OpenJDK package
|
||||
|
||||
The OpenJDK packages are now created from a single build which is then
|
||||
packaged for different major versions of Red Hat Enterprise Linux
|
||||
(RHEL). This allows the OpenJDK team to focus their efforts on the
|
||||
development and testing of this single build, rather than having
|
||||
multiple builds which only differ by the platform they were built on.
|
||||
|
||||
This does make rebuilding the package slightly more complicated than a
|
||||
normal package. Modifications should be made to the
|
||||
`java-11-openjdk-portable.specfile` file, which can be found with this
|
||||
README file in the source RPM or installed in the documentation tree
|
||||
by the `java-11-openjdk-headless` RPM.
|
||||
|
||||
Once the modified `java-11-openjdk-portable` RPMs are built, they
|
||||
should be installed and will produce a number of tarballs in the
|
||||
`/usr/lib/jvm` directory. The `java-11-openjdk` RPMs can then be
|
||||
built, which will use these tarballs to create the usual RPMs found in
|
||||
RHEL. The `java-11-openjdk-portable` RPMs can be uninstalled once the
|
||||
desired final RPMs are produced.
|
||||
|
||||
Note that the `java-11-openjdk.spec` file has a hard requirement on
|
||||
the exact version of java-11-openjdk-portable to use, so this will
|
||||
need to be modified if the version or rpmrelease values are changed in
|
||||
`java-11-openjdk-portable.specfile`.
|
||||
|
||||
To reduce the number of RPMs involved, the `fastdebug` and `slowdebug`
|
||||
builds may be disabled using `--without fastdebug` and `--without
|
||||
slowdebug`.
|
@ -1,5 +1,5 @@
|
||||
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
|
||||
index a73c0f38181..80710886ed8 100644
|
||||
index 16e906bdc6..1a352e5a32 100644
|
||||
--- a/make/autoconf/libraries.m4
|
||||
+++ b/make/autoconf/libraries.m4
|
||||
@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
|
||||
@ -74,10 +74,10 @@ index a73c0f38181..80710886ed8 100644
|
||||
+ AC_SUBST(USE_SYSCONF_NSS)
|
||||
+])
|
||||
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
|
||||
index 0ae23b93167..a242acc1234 100644
|
||||
index 3787b12600..dab108a82b 100644
|
||||
--- a/make/autoconf/spec.gmk.in
|
||||
+++ b/make/autoconf/spec.gmk.in
|
||||
@@ -826,6 +826,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
|
||||
@@ -848,6 +848,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
|
||||
# Libraries
|
||||
#
|
||||
|
||||
@ -89,10 +89,10 @@ index 0ae23b93167..a242acc1234 100644
|
||||
LCMS_CFLAGS:=@LCMS_CFLAGS@
|
||||
LCMS_LIBS:=@LCMS_LIBS@
|
||||
diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
|
||||
index a529768f39e..daf9c947172 100644
|
||||
index b40d3114b9..0d1d83cf3e 100644
|
||||
--- a/make/lib/Lib-java.base.gmk
|
||||
+++ b/make/lib/Lib-java.base.gmk
|
||||
@@ -178,6 +178,31 @@ ifeq ($(OPENJDK_TARGET_OS_TYPE), unix)
|
||||
@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true)
|
||||
endif
|
||||
endif
|
||||
|
||||
@ -125,7 +125,7 @@ index a529768f39e..daf9c947172 100644
|
||||
# Create the symbols file for static builds.
|
||||
|
||||
diff --git a/make/nb_native/nbproject/configurations.xml b/make/nb_native/nbproject/configurations.xml
|
||||
index fb07d54c1f0..c5813e2b7aa 100644
|
||||
index fb07d54c1f..c5813e2b7a 100644
|
||||
--- a/make/nb_native/nbproject/configurations.xml
|
||||
+++ b/make/nb_native/nbproject/configurations.xml
|
||||
@@ -2950,6 +2950,9 @@
|
||||
@ -151,7 +151,7 @@ index fb07d54c1f0..c5813e2b7aa 100644
|
||||
ex="false"
|
||||
tool="3"
|
||||
diff --git a/make/scripts/compare_exceptions.sh.incl b/make/scripts/compare_exceptions.sh.incl
|
||||
index 6327040964d..6b3780123b6 100644
|
||||
index 6327040964..6b3780123b 100644
|
||||
--- a/make/scripts/compare_exceptions.sh.incl
|
||||
+++ b/make/scripts/compare_exceptions.sh.incl
|
||||
@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "x86_64" ];
|
||||
@ -172,7 +172,7 @@ index 6327040964d..6b3780123b6 100644
|
||||
./lib/libzip.so
|
||||
diff --git a/src/java.base/linux/native/libsystemconf/systemconf.c b/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
new file mode 100644
|
||||
index 00000000000..8dcb7d9073f
|
||||
index 0000000000..8dcb7d9073
|
||||
--- /dev/null
|
||||
+++ b/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
@@ -0,0 +1,224 @@
|
||||
@ -401,7 +401,7 @@ index 00000000000..8dcb7d9073f
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
|
||||
index b36510a376b..ad5182e1e7c 100644
|
||||
index 5b9552058b..b46de49211 100644
|
||||
--- a/src/java.base/share/classes/java/security/Security.java
|
||||
+++ b/src/java.base/share/classes/java/security/Security.java
|
||||
@@ -32,6 +32,7 @@ import java.net.URL;
|
||||
@ -412,16 +412,17 @@ index b36510a376b..ad5182e1e7c 100644
|
||||
import jdk.internal.misc.SharedSecrets;
|
||||
import jdk.internal.util.StaticProperty;
|
||||
import sun.security.util.Debug;
|
||||
@@ -47,12 +48,20 @@ import sun.security.jca.*;
|
||||
@@ -47,6 +48,9 @@ import sun.security.jca.*;
|
||||
* implementation-specific location, which is typically the properties file
|
||||
* {@code conf/security/java.security} in the Java installation directory.
|
||||
*
|
||||
+ * <p>Additional default values of security properties are read from a
|
||||
+ * system-specific location, if available.</p>
|
||||
+ *
|
||||
* @author Benjamin Renaud
|
||||
* @since 1.1
|
||||
*/
|
||||
* @implNote If the properties file fails to load, the JDK implementation will
|
||||
* throw an unspecified error when initializing the {@code Security} class.
|
||||
*
|
||||
@@ -56,6 +60,11 @@ import sun.security.jca.*;
|
||||
|
||||
public final class Security {
|
||||
|
||||
@ -433,7 +434,7 @@ index b36510a376b..ad5182e1e7c 100644
|
||||
/* Are we debugging? -- for developers */
|
||||
private static final Debug sdebug =
|
||||
Debug.getInstance("properties");
|
||||
@@ -67,6 +76,19 @@ public final class Security {
|
||||
@@ -70,6 +79,19 @@ public final class Security {
|
||||
}
|
||||
|
||||
static {
|
||||
@ -453,26 +454,19 @@ index b36510a376b..ad5182e1e7c 100644
|
||||
// doPrivileged here because there are multiple
|
||||
// things in initialize that might require privs.
|
||||
// (the FileInputStream call and the File.exists call,
|
||||
@@ -83,6 +105,7 @@ public final class Security {
|
||||
@@ -85,6 +107,7 @@ public final class Security {
|
||||
private static void initialize() {
|
||||
props = new Properties();
|
||||
boolean loadedProps = false;
|
||||
boolean overrideAll = false;
|
||||
+ boolean systemSecPropsEnabled = false;
|
||||
|
||||
// first load the system properties file
|
||||
// to determine the value of security.overridePropertiesFile
|
||||
@@ -98,6 +121,7 @@ public final class Security {
|
||||
if (sdebug != null) {
|
||||
sdebug.println("reading security properties file: " +
|
||||
propFile);
|
||||
+ sdebug.println(props.toString());
|
||||
}
|
||||
} catch (IOException e) {
|
||||
if (sdebug != null) {
|
||||
@@ -192,6 +216,61 @@ public final class Security {
|
||||
@@ -105,9 +128,63 @@ public final class Security {
|
||||
}
|
||||
loadProps(null, extraPropFile, overrideAll);
|
||||
}
|
||||
|
||||
+
|
||||
+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
|
||||
+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
|
||||
+ if (sdebug != null) {
|
||||
@ -492,9 +486,7 @@ index b36510a376b..ad5182e1e7c 100644
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ // FIPS support depends on the contents of java.security so
|
||||
+ // ensure it has loaded first
|
||||
+ if (loadedProps && systemSecPropsEnabled) {
|
||||
+ if (systemSecPropsEnabled) {
|
||||
+ boolean shouldEnable;
|
||||
+ String sysProp = System.getProperty("com.redhat.fips");
|
||||
+ if (sysProp == null) {
|
||||
@ -530,15 +522,19 @@ index b36510a376b..ad5182e1e7c 100644
|
||||
+ }
|
||||
}
|
||||
|
||||
/*
|
||||
- private static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
|
||||
+ static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
|
||||
InputStream is = null;
|
||||
try {
|
||||
if (masterFile != null && masterFile.exists()) {
|
||||
diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
new file mode 100644
|
||||
index 00000000000..90f6dd2ebc0
|
||||
index 0000000000..49bf17ea17
|
||||
--- /dev/null
|
||||
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
@@ -0,0 +1,248 @@
|
||||
@@ -0,0 +1,231 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2019, 2021, Red Hat, Inc.
|
||||
+ * Copyright (c) 2019, 2023, Red Hat, Inc.
|
||||
+ *
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
@ -616,26 +612,9 @@ index 00000000000..90f6dd2ebc0
|
||||
+ * security.useSystemPropertiesFile is true.
|
||||
+ */
|
||||
+ static boolean configureSysProps(Properties props) {
|
||||
+ boolean systemSecPropsLoaded = false;
|
||||
+
|
||||
+ try (BufferedInputStream bis =
|
||||
+ new BufferedInputStream(
|
||||
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
|
||||
+ props.load(bis);
|
||||
+ systemSecPropsLoaded = true;
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("reading system security properties file " +
|
||||
+ CRYPTO_POLICIES_JAVA_CONFIG);
|
||||
+ sdebug.println(props.toString());
|
||||
+ }
|
||||
+ } catch (IOException e) {
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("unable to load security properties from " +
|
||||
+ CRYPTO_POLICIES_JAVA_CONFIG);
|
||||
+ e.printStackTrace();
|
||||
+ }
|
||||
+ }
|
||||
+ return systemSecPropsLoaded;
|
||||
+ // now load the system file, if it exists, so its values
|
||||
+ // will win if they conflict with the earlier values
|
||||
+ return Security.loadProps(null, CRYPTO_POLICIES_JAVA_CONFIG, false);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
@ -787,7 +766,7 @@ index 00000000000..90f6dd2ebc0
|
||||
+}
|
||||
diff --git a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
|
||||
new file mode 100644
|
||||
index 00000000000..21bc6d0b591
|
||||
index 0000000000..21bc6d0b59
|
||||
--- /dev/null
|
||||
+++ b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
|
||||
@@ -0,0 +1,31 @@
|
||||
@ -823,7 +802,7 @@ index 00000000000..21bc6d0b591
|
||||
+ boolean isPlainKeySupportEnabled();
|
||||
+}
|
||||
diff --git a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
|
||||
index 688ec9f0915..8489b940c43 100644
|
||||
index 688ec9f091..8489b940c4 100644
|
||||
--- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
|
||||
+++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
|
||||
@@ -36,6 +36,7 @@ import java.io.FilePermission;
|
||||
@ -859,7 +838,7 @@ index 688ec9f0915..8489b940c43 100644
|
||||
+ }
|
||||
}
|
||||
diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
|
||||
index 5460efcf8c5..f08dc2fafc5 100644
|
||||
index 7351627db3..859591890d 100644
|
||||
--- a/src/java.base/share/classes/module-info.java
|
||||
+++ b/src/java.base/share/classes/module-info.java
|
||||
@@ -182,6 +182,7 @@ module java.base {
|
||||
@ -871,7 +850,7 @@ index 5460efcf8c5..f08dc2fafc5 100644
|
||||
jdk.attach,
|
||||
jdk.charsets,
|
||||
diff --git a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
|
||||
index ffee2c1603b..ff3d5e0e4ab 100644
|
||||
index ffee2c1603..ff3d5e0e4a 100644
|
||||
--- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
|
||||
+++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
|
||||
@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
|
||||
@ -910,7 +889,7 @@ index ffee2c1603b..ff3d5e0e4ab 100644
|
||||
"FIPS mode: KeyStore must be " +
|
||||
"from provider " + SunJSSE.cryptoProvider.getName());
|
||||
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||
index de7da5c3379..5c3813dda7b 100644
|
||||
index e06b2a588c..315a2ce370 100644
|
||||
--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||
@@ -31,6 +31,7 @@ import java.security.*;
|
||||
@ -931,6 +910,14 @@ index de7da5c3379..5c3813dda7b 100644
|
||||
- ProtocolVersion.TLS11,
|
||||
- ProtocolVersion.TLS10
|
||||
- );
|
||||
-
|
||||
- serverDefaultProtocols = getAvailableProtocols(
|
||||
- new ProtocolVersion[] {
|
||||
- ProtocolVersion.TLS13,
|
||||
- ProtocolVersion.TLS12,
|
||||
- ProtocolVersion.TLS11,
|
||||
- ProtocolVersion.TLS10
|
||||
- });
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
@ -940,14 +927,7 @@ index de7da5c3379..5c3813dda7b 100644
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ );
|
||||
|
||||
- serverDefaultProtocols = getAvailableProtocols(
|
||||
- new ProtocolVersion[] {
|
||||
- ProtocolVersion.TLS13,
|
||||
- ProtocolVersion.TLS12,
|
||||
- ProtocolVersion.TLS11,
|
||||
- ProtocolVersion.TLS10
|
||||
- });
|
||||
+
|
||||
+ serverDefaultProtocols = getAvailableProtocols(
|
||||
+ new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
@ -973,42 +953,68 @@ index de7da5c3379..5c3813dda7b 100644
|
||||
} else {
|
||||
supportedProtocols = Arrays.asList(
|
||||
ProtocolVersion.TLS13,
|
||||
@@ -620,6 +639,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
|
||||
|
||||
static ProtocolVersion[] getSupportedProtocols() {
|
||||
if (SunJSSE.isFIPS()) {
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ return new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ }
|
||||
return new ProtocolVersion[] {
|
||||
ProtocolVersion.TLS13,
|
||||
ProtocolVersion.TLS12,
|
||||
@@ -949,6 +978,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
|
||||
|
||||
static ProtocolVersion[] getProtocols() {
|
||||
if (SunJSSE.isFIPS()) {
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ return new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ }
|
||||
return new ProtocolVersion[]{
|
||||
ProtocolVersion.TLS13,
|
||||
ProtocolVersion.TLS12,
|
||||
@@ -910,12 +929,23 @@ public abstract class SSLContextImpl extends SSLContextSpi {
|
||||
if (client) {
|
||||
// default client protocols
|
||||
if (SunJSSE.isFIPS()) {
|
||||
- candidates = new ProtocolVersion[] {
|
||||
- ProtocolVersion.TLS13,
|
||||
- ProtocolVersion.TLS12,
|
||||
- ProtocolVersion.TLS11,
|
||||
- ProtocolVersion.TLS10
|
||||
- };
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ candidates = new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ } else {
|
||||
+ candidates = new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS13,
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ }
|
||||
} else {
|
||||
candidates = new ProtocolVersion[] {
|
||||
ProtocolVersion.TLS13,
|
||||
@@ -927,12 +957,23 @@ public abstract class SSLContextImpl extends SSLContextSpi {
|
||||
} else {
|
||||
// default server protocols
|
||||
if (SunJSSE.isFIPS()) {
|
||||
- candidates = new ProtocolVersion[] {
|
||||
- ProtocolVersion.TLS13,
|
||||
- ProtocolVersion.TLS12,
|
||||
- ProtocolVersion.TLS11,
|
||||
- ProtocolVersion.TLS10
|
||||
- };
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ candidates = new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ } else {
|
||||
+ candidates = new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS13,
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ }
|
||||
} else {
|
||||
candidates = new ProtocolVersion[] {
|
||||
ProtocolVersion.TLS13,
|
||||
diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
||||
index c50ba93ecfc..de2a91a478c 100644
|
||||
index 2a2b5d7568..891796f19b 100644
|
||||
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
||||
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
||||
@@ -27,6 +27,8 @@ package sun.security.ssl;
|
||||
@ -1019,7 +1025,7 @@ index c50ba93ecfc..de2a91a478c 100644
|
||||
+import jdk.internal.misc.SharedSecrets;
|
||||
import sun.security.rsa.SunRsaSignEntries;
|
||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
import static sun.security.provider.SunEntries.createAliases;
|
||||
import static sun.security.util.SecurityProviderConstants.*;
|
||||
@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
|
||||
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
|
||||
ps("SSLContext", "TLSv1.2",
|
||||
@ -1035,12 +1041,12 @@ index c50ba93ecfc..de2a91a478c 100644
|
||||
+ }
|
||||
ps("SSLContext", "TLS",
|
||||
"sun.security.ssl.SSLContextImpl$TLSContext",
|
||||
(isfips? null : createAliases("SSL")), null);
|
||||
(isfips? null : List.of("SSL")), null);
|
||||
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
|
||||
index 097517926d1..474fe6f401f 100644
|
||||
index c0eed3f884..b03bd9f896 100644
|
||||
--- a/src/java.base/share/conf/security/java.security
|
||||
+++ b/src/java.base/share/conf/security/java.security
|
||||
@@ -85,6 +85,14 @@ security.provider.tbd=Apple
|
||||
@@ -88,6 +88,14 @@ security.provider.tbd=Apple
|
||||
security.provider.tbd=SunPKCS11
|
||||
#endif
|
||||
|
||||
@ -1055,7 +1061,7 @@ index 097517926d1..474fe6f401f 100644
|
||||
#
|
||||
# A list of preferred providers for specific algorithms. These providers will
|
||||
# be searched for matching algorithms before the list of registered providers.
|
||||
@@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false
|
||||
@@ -301,6 +309,11 @@ policy.ignoreIdentityScope=false
|
||||
#
|
||||
keystore.type=pkcs12
|
||||
|
||||
@ -1067,7 +1073,7 @@ index 097517926d1..474fe6f401f 100644
|
||||
#
|
||||
# Controls compatibility mode for JKS and PKCS12 keystore types.
|
||||
#
|
||||
@@ -335,6 +348,13 @@ package.definition=sun.misc.,\
|
||||
@@ -338,6 +351,13 @@ package.definition=sun.misc.,\
|
||||
#
|
||||
security.overridePropertiesFile=true
|
||||
|
||||
@ -1083,7 +1089,7 @@ index 097517926d1..474fe6f401f 100644
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
||||
new file mode 100644
|
||||
index 00000000000..b848a1fd783
|
||||
index 0000000000..b848a1fd78
|
||||
--- /dev/null
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
||||
@@ -0,0 +1,290 @@
|
||||
@ -1378,7 +1384,7 @@ index 00000000000..b848a1fd783
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
index 099caac605f..977e5332bd1 100644
|
||||
index ffbd671246..bdaad67e06 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
@@ -26,6 +26,9 @@
|
||||
@ -1400,7 +1406,7 @@ index 099caac605f..977e5332bd1 100644
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.ResourcesMgr;
|
||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
@@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
@@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
*/
|
||||
public final class SunPKCS11 extends AuthProvider {
|
||||
|
||||
@ -1430,7 +1436,7 @@ index 099caac605f..977e5332bd1 100644
|
||||
private static final long serialVersionUID = -1354835039035306505L;
|
||||
|
||||
static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||
@@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
// request multithreaded access first
|
||||
initArgs.flags = CKF_OS_LOCKING_OK;
|
||||
PKCS11 tmpPKCS11;
|
||||
@ -1447,7 +1453,7 @@ index 099caac605f..977e5332bd1 100644
|
||||
} catch (PKCS11Exception e) {
|
||||
if (debug != null) {
|
||||
debug.println("Multi-threaded initialization failed: " + e);
|
||||
@@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
initArgs.flags = 0;
|
||||
}
|
||||
tmpPKCS11 = PKCS11.getInstance(library,
|
||||
@ -1456,7 +1462,7 @@ index 099caac605f..977e5332bd1 100644
|
||||
}
|
||||
p11 = tmpPKCS11;
|
||||
|
||||
@@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
if (nssModule != null) {
|
||||
nssModule.setProvider(this);
|
||||
}
|
||||
@ -1482,7 +1488,7 @@ index 099caac605f..977e5332bd1 100644
|
||||
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
|
||||
throw new UnsupportedOperationException
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
|
||||
index 04a369f453c..f033fe47593 100644
|
||||
index 04a369f453..f033fe4759 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
|
||||
@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
|
2692
SOURCES/java-11-openjdk-portable.specfile
Normal file
2692
SOURCES/java-11-openjdk-portable.specfile
Normal file
File diff suppressed because it is too large
Load Diff
2695
SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch
Normal file
2695
SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,20 +0,0 @@
|
||||
--- openjdk/src/java.base/share/conf/security/java.security
|
||||
+++ openjdk/src/java.base/share/conf/security/java.security
|
||||
@@ -304,6 +304,8 @@
|
||||
#
|
||||
package.access=sun.misc.,\
|
||||
sun.reflect.,\
|
||||
+ org.GNOME.Accessibility.,\
|
||||
+ org.GNOME.Bonobo.,\
|
||||
|
||||
#
|
||||
# List of comma-separated packages that start with or equal this string
|
||||
@@ -316,6 +318,8 @@
|
||||
#
|
||||
package.definition=sun.misc.,\
|
||||
sun.reflect.,\
|
||||
+ org.GNOME.Accessibility.,\
|
||||
+ org.GNOME.Bonobo.,\
|
||||
|
||||
#
|
||||
# Determines whether this properties file can be appended to
|
@ -1,7 +1,8 @@
|
||||
diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
|
||||
--- openjdk/make/launcher/Launcher-java.base.gmk Wed Nov 25 08:27:15 2020 +0100
|
||||
+++ openjdk/make/launcher/Launcher-java.base.gmk Tue Dec 01 12:29:30 2020 +0100
|
||||
@@ -41,6 +41,16 @@
|
||||
diff --git openjdk.orig/make/launcher/Launcher-java.base.gmk openjdk/make/launcher/Launcher-java.base.gmk
|
||||
index a8990dd0ef..320fec6e51 100644
|
||||
--- openjdk.orig/make/launcher/Launcher-java.base.gmk
|
||||
+++ openjdk/make/launcher/Launcher-java.base.gmk
|
||||
@@ -41,6 +41,16 @@ $(eval $(call SetupBuildLauncher, java, \
|
||||
OPTIMIZATION := HIGH, \
|
||||
))
|
||||
|
||||
@ -15,13 +16,14 @@ diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
|
||||
+ OPTIMIZATION := HIGH, \
|
||||
+))
|
||||
+
|
||||
ifeq ($(OPENJDK_TARGET_OS), windows)
|
||||
ifeq ($(call isTargetOs, windows), true)
|
||||
$(eval $(call SetupBuildLauncher, javaw, \
|
||||
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
|
||||
|
||||
diff -r 25e94aa812b2 src/share/bin/alt_main.h
|
||||
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
|
||||
+++ openjdk/src/java.base/share/native/launcher/alt_main.h Tue Jun 02 17:15:28 2020 +0100
|
||||
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
|
||||
new file mode 100644
|
||||
index 0000000000..697df2898a
|
||||
--- /dev/null
|
||||
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
|
||||
@ -96,9 +98,10 @@ diff -r 25e94aa812b2 src/share/bin/alt_main.h
|
||||
+}
|
||||
+
|
||||
+#endif // REDHAT_ALT_JAVA
|
||||
diff -r 25e94aa812b2 src/share/bin/main.c
|
||||
--- openjdk/src/java.base/share/native/launcher/main.c Wed Feb 05 12:20:36 2020 -0300
|
||||
+++ openjdk/src/java.base/share/native/launcher/main.c Tue Jun 02 17:15:28 2020 +0100
|
||||
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
|
||||
index b734fe2ba7..79dc830765 100644
|
||||
--- openjdk.orig/src/java.base/share/native/launcher/main.c
|
||||
+++ openjdk/src/java.base/share/native/launcher/main.c
|
||||
@@ -34,6 +34,14 @@
|
||||
#include "jli_util.h"
|
||||
#include "jni.h"
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user