import java-17-openjdk-17.0.6.0.10-3.el8_7
This commit is contained in:
parent
b76ec77e13
commit
28a3146a97
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/openjdk-jdk17u-jdk-17.0.5+8.tar.xz
|
SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
|
||||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
7d985db5968fb24fbeb9ff2cd2819d63ab9ca64e SOURCES/openjdk-jdk17u-jdk-17.0.5+8.tar.xz
|
fc29dd4013a289be075afdcb29c8df29d1349c0d SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
|
||||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||||
|
347
SOURCES/NEWS
347
SOURCES/NEWS
@ -3,6 +3,353 @@ Key:
|
|||||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||||
|
|
||||||
|
New in release OpenJDK 17.0.6 (2023-01-17):
|
||||||
|
===========================================
|
||||||
|
Live versions of these release notes can be found at:
|
||||||
|
* https://bitly.com/openjdk1706
|
||||||
|
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
|
||||||
|
|
||||||
|
* CVEs
|
||||||
|
- CVE-2023-21835
|
||||||
|
- CVE-2023-21843
|
||||||
|
* Security fixes
|
||||||
|
- JDK-8286070: Improve UTF8 representation
|
||||||
|
- JDK-8286496: Improve Thread labels
|
||||||
|
- JDK-8287411: Enhance DTLS performance
|
||||||
|
- JDK-8288516: Enhance font creation
|
||||||
|
- JDK-8289350: Better media supports
|
||||||
|
- JDK-8293554: Enhanced DH Key Exchanges
|
||||||
|
- JDK-8293598: Enhance InetAddress address handling
|
||||||
|
- JDK-8293717: Objective view of ObjectView
|
||||||
|
- JDK-8293734: Improve BMP image handling
|
||||||
|
- JDK-8293742: Better Banking of Sounds
|
||||||
|
- JDK-8295687: Better BMP bounds
|
||||||
|
* Other changes
|
||||||
|
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
||||||
|
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
||||||
|
- JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails
|
||||||
|
- JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails
|
||||||
|
- JDK-8029633: Raw inner class constructor ref should not perform diamond inference
|
||||||
|
- JDK-8030121: java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java fails
|
||||||
|
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
|
||||||
|
- JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails
|
||||||
|
- JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
|
||||||
|
- JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/MultiresolutionIconTest.java
|
||||||
|
- JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout
|
||||||
|
- JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails
|
||||||
|
- JDK-8210558: serviceability/sa/TestJhsdbJstackLock.java fails to find '^\s+- waiting to lock <0x[0-9a-f]+> \(a java\.lang\.Class ...'
|
||||||
|
- JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
|
||||||
|
- JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs
|
||||||
|
- JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos
|
||||||
|
- JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos
|
||||||
|
- JDK-8244670: convert clhsdb "whatis" command from javascript to java
|
||||||
|
- JDK-8251466: test/java/io/File/GetXSpace.java fails on Windows with mapped network drives.
|
||||||
|
- JDK-8255439: System Tray icons get corrupted when Windows scaling changes
|
||||||
|
- JDK-8256811: Delayed/missed jdwp class unloading events
|
||||||
|
- JDK-8257722: Improve "keytool -printcert -jarfile" output
|
||||||
|
- JDK-8262721: Add Tests to verify single iteration loops are properly optimized
|
||||||
|
- JDK-8265489: Stress test times out because of long ObjectSynchronizer::monitors_iterate(...) operation
|
||||||
|
- JDK-8266082: AssertionError in Annotate.fromAnnotations with -Xdoclint
|
||||||
|
- JDK-8266519: Cleanup resolve() leftovers from BarrierSet et al
|
||||||
|
- JDK-8267138: Stray suffix when starting gtests via GTestWrapper.java
|
||||||
|
- JDK-8268033: compiler/intrinsics/bmi/verifycode/BzhiTestI2L.java fails with "fatal error: Not compilable at tier 3: CodeBuffer overflow"
|
||||||
|
- JDK-8268276: Base64 Decoding optimization for x86 using AVX-512
|
||||||
|
- JDK-8268297: jdk/jfr/api/consumer/streaming/TestLatestEvent.java times out
|
||||||
|
- JDK-8268779: ZGC: runtime/InternalApi/ThreadCpuTimesDeadlock.java#id1 failed with "OutOfMemoryError: Java heap space"
|
||||||
|
- JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs
|
||||||
|
- JDK-8269404: Base64 Encoding optimization enhancements for x86 using AVX-512
|
||||||
|
- JDK-8269571: NMT should print total malloc bytes and invocation count
|
||||||
|
- JDK-8269743: test/hotspot/jtreg/vmTestbase/vm/mlvm/meth/stress/jni/nativeAndMH/Test.java crash with small heap (-Xmx50m)
|
||||||
|
- JDK-8270086: ARM32-softfp: Do not load CONSTANT_double using the condy helper methods in the interpreter
|
||||||
|
- JDK-8270155: ARM32: Improve register dump in hs_err
|
||||||
|
- JDK-8270609: [TESTBUG] java/awt/print/Dialog/DialogCopies.java does not show instruction
|
||||||
|
- JDK-8270848: Redundant unsafe opmask register allocation in some instruction patterns.
|
||||||
|
- JDK-8270947: AArch64: C1: use zero_words to initialize all objects
|
||||||
|
- JDK-8271015: Split cds/SharedBaseAddress.java test into smaller parts
|
||||||
|
- JDK-8271834: TestStringDeduplicationAgeThreshold intermittent failures on Shenandoah
|
||||||
|
- JDK-8271956: AArch64: C1 build failed after JDK-8270947
|
||||||
|
- JDK-8272094: compiler/codecache/TestStressCodeBuffers.java crashes with "failed to allocate space for trampoline"
|
||||||
|
- JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64
|
||||||
|
- JDK-8272608: java_lang_System::allow_security_manager() doesn't set its initialization flag
|
||||||
|
- JDK-8272776: NullPointerException not reported
|
||||||
|
- JDK-8272791: java -XX:BlockZeroingLowLimit=1 crashes after 8270947
|
||||||
|
- JDK-8272809: JFR thread sampler SI_KERNEL SEGV in metaspace::VirtualSpaceList::contains
|
||||||
|
- JDK-8273043: [TEST_BUG] Automate NimbusJTreeSelTextColor.java
|
||||||
|
- JDK-8273108: RunThese24H crashes with SEGV in markWord::displaced_mark_helper() after JDK-8268276
|
||||||
|
- JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints
|
||||||
|
- JDK-8273380: ARM32: Default to {ldrexd,strexd} in StubRoutines::atomic_{load|store}_long
|
||||||
|
- JDK-8273459: Update code segment alignment to 64 bytes
|
||||||
|
- JDK-8273497: building.md should link to both md and html
|
||||||
|
- JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
|
||||||
|
- JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12
|
||||||
|
- JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction
|
||||||
|
- JDK-8273880: Zero: Print warnings when unsupported intrinsics are enabled
|
||||||
|
- JDK-8273881: Metaspace: test repeated deallocations
|
||||||
|
- JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java
|
||||||
|
- JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ImageTypes.java & show test UI
|
||||||
|
- JDK-8274160: java/awt/Window/ShapedAndTranslucentWindows/Common.java delay is too high
|
||||||
|
- JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS
|
||||||
|
- JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java
|
||||||
|
- JDK-8274527: Minimal VM build fails after JDK-8273459
|
||||||
|
- JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
|
||||||
|
- JDK-8274903: Zero: Support AsyncGetCallTrace
|
||||||
|
- JDK-8275170: Some jtreg sound tests should be marked with sound keyword
|
||||||
|
- JDK-8275234: java/awt/GraphicsDevice/DisplayModes/CycleDMImage.java is entered twice in ProblemList
|
||||||
|
- JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
||||||
|
- JDK-8275569: Add linux-aarch64 to test-make profiles
|
||||||
|
- JDK-8276108: Wrong instruction generation in aarch64 backend
|
||||||
|
- JDK-8276904: Optional.toString() is unnecessarily expensive
|
||||||
|
- JDK-8277092: TestMetaspaceAllocationMT2.java#ndebug-default fails with "RuntimeException: Committed seems high: NNNN expected at most MMMM"
|
||||||
|
- JDK-8277346: ProblemList 7 serviceability/sa tests on macosx-x64
|
||||||
|
- JDK-8277351: ProblemList runtime/jni/checked/TestPrimitiveArrayCriticalWithBadParam.java on macosx-x64
|
||||||
|
- JDK-8277358: Accelerate CRC32-C
|
||||||
|
- JDK-8277411: C2 fast_unlock intrinsic on AArch64 has unnecessary ownership check
|
||||||
|
- JDK-8277576: ProblemList runtime/ErrorHandling/CreateCoredumpOnCrash.java on macosx-X64
|
||||||
|
- JDK-8277577: ProblemList compiler/onSpinWait/TestOnSpinWaitAArch64DefaultFlags.java on linux-aarch64
|
||||||
|
- JDK-8277578: ProblemList applications/jcstress/acqrel.java on linux-aarch64
|
||||||
|
- JDK-8277866: gc/epsilon/TestMemoryMXBeans.java failed with wrong initial heap size
|
||||||
|
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
|
||||||
|
- JDK-8277928: Fix compilation on macosx-aarch64 after 8276108
|
||||||
|
- JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"
|
||||||
|
- JDK-8278826: Print error if Shenandoah flags are empty (instead of crashing)
|
||||||
|
- JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore
|
||||||
|
- JDK-8279398: jdk/jfr/api/recording/time/TestTimeMultiple.java failed with "RuntimeException: getStopTime() > afterStop"
|
||||||
|
- JDK-8279536: jdk/nio/zipfs/ZipFSOutputStreamTest.java timed out
|
||||||
|
- JDK-8279662: serviceability/sa/ClhsdbScanOops.java can fail due to unexpected GC
|
||||||
|
- JDK-8279941: sun/security/pkcs11/Signature/TestDSAKeyLength.java fails when NSS version detection fails
|
||||||
|
- JDK-8280016: gc/g1/TestShrinkAuxiliaryData30 test fails on large machines
|
||||||
|
- JDK-8280124: Reduce branches decoding latin-1 chars from UTF-8 encoded bytes
|
||||||
|
- JDK-8280234: AArch64 "core" variant does not build after JDK-8270947
|
||||||
|
- JDK-8280391: NMT: Correct NMT tag on CollectedHeap
|
||||||
|
- JDK-8280511: AArch64: Combine shift and negate to a single instruction
|
||||||
|
- JDK-8280554: resourcehogs/serviceability/sa/ClhsdbRegionDetailsScanOopsForG1.java can fail if GC is triggered
|
||||||
|
- JDK-8280555: serviceability/sa/TestObjectMonitorIterate.java is failing due to ObjectMonitor referencing a null Object
|
||||||
|
- JDK-8280872: Reorder code cache segments to improve code density
|
||||||
|
- JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
|
||||||
|
- JDK-8280948: Write a regression test for JDK-4659800
|
||||||
|
- JDK-8281296: Create a regression test for JDK-4515999
|
||||||
|
- JDK-8281744: x86: Use short jumps in TIG::set_vtos_entry_points
|
||||||
|
- JDK-8282049: AArch64: Use ZR for integer zero immediate volatile stores
|
||||||
|
- JDK-8282276: Problem list failing two Robot Screen Capture tests
|
||||||
|
- JDK-8282347: AARCH64: Untaken branch in has_negatives stub
|
||||||
|
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
|
||||||
|
- JDK-8282402: Create a regression test for JDK-4666101
|
||||||
|
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
|
||||||
|
- JDK-8282528: AArch64: Incorrect replicate2L_zero rule
|
||||||
|
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
|
||||||
|
- JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/LoadUnloadGC2.java fails intermittently with exit code 1
|
||||||
|
- JDK-8282730: LdapLoginModule throw NPE from logout method after login failure
|
||||||
|
- JDK-8282777: Create a Regression test for JDK-4515031
|
||||||
|
- JDK-8282857: Create a regression test for JDK-4702690
|
||||||
|
- JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2
|
||||||
|
- JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup
|
||||||
|
- JDK-8283298: Make CodeCacheSegmentSize a product flag
|
||||||
|
- JDK-8283337: Posix signal handler modification warning triggering incorrectly
|
||||||
|
- JDK-8283353: compiler/c2/cr6865031/Test.java and compiler/runtime/Test6826736.java fails on x86_32
|
||||||
|
- JDK-8283383: [macos] a11y : Screen magnifier shows extra characters (0) at the end JButton accessibility name
|
||||||
|
- JDK-8283999: Update JMH devkit to 1.35
|
||||||
|
- JDK-8284533: Improve InterpreterCodelet data footprint
|
||||||
|
- JDK-8284681: compiler/c2/aarch64/TestFarJump.java fails with "RuntimeException: for CodeHeap < 250MB the far jump is expected to be encoded with a single branch instruction"
|
||||||
|
- JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
|
||||||
|
- JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X
|
||||||
|
- JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation
|
||||||
|
- JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
|
||||||
|
- JDK-8284892: java/net/httpclient/http2/TLSConnection.java fails intermittently
|
||||||
|
- JDK-8284980: Test vmTestbase/nsk/stress/except/except010.java times out with -Xcomp -XX:+DeoptimizeALot
|
||||||
|
- JDK-8285093: Introduce UTIL_ARG_WITH
|
||||||
|
- JDK-8285305: Create an automated test for JDK-4495286
|
||||||
|
- JDK-8285373: Create an automated test for JDK-4702233
|
||||||
|
- JDK-8285604: closed sun/java2d/GdiRendering/ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)"
|
||||||
|
- JDK-8285612: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ClippedImages.java
|
||||||
|
- JDK-8285687: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PageRangesDlgTest.java
|
||||||
|
- JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox
|
||||||
|
- JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment
|
||||||
|
- JDK-8285836: sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server"
|
||||||
|
- JDK-8286172: Create an automated test for JDK-4516019
|
||||||
|
- JDK-8286263: compiler/c1/TestPinnedIntrinsics.java failed with "RuntimeException: testCurrentTimeMillis failed with -3"
|
||||||
|
- JDK-8286313: [macos] Voice over reads the boolean value as null in the JTable
|
||||||
|
- JDK-8286452: The array length of testSmallConstArray should be small and const
|
||||||
|
- JDK-8286460: Remove dependence on JAR filename in CDS tests
|
||||||
|
- JDK-8286551: JDK-8286460 causes tests to fail to compile in Tier2
|
||||||
|
- JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
|
||||||
|
- JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray
|
||||||
|
- JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/DropTargetInInternalFrameTest.html times out and fails in Windows
|
||||||
|
- JDK-8286872: Refactor add/modify notification icon (TrayIcon)
|
||||||
|
- JDK-8287011: Improve container information
|
||||||
|
- JDK-8287076: Document.normalizeDocument() produces different results
|
||||||
|
- JDK-8287349: AArch64: Merge LDR instructions to improve C1 OSR performance
|
||||||
|
- JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path
|
||||||
|
- JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative
|
||||||
|
- JDK-8287740: NSAccessibilityShowMenuAction not working for text editors
|
||||||
|
- JDK-8287826: javax/accessibility/4702233/AccessiblePropertiesTest.java fails to compile
|
||||||
|
- JDK-8288132: Update test artifacts in QuoVadis CA interop tests
|
||||||
|
- JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces
|
||||||
|
- JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable
|
||||||
|
- JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding
|
||||||
|
- JDK-8288651: CDS test HelloUnload.java should not use literal string as ClassLoader name
|
||||||
|
- JDK-8289044: ARM32: missing LIR_Assembler::cmove metadata type support
|
||||||
|
- JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output
|
||||||
|
- JDK-8289257: Some custom loader tests failed due to symbol refcount not decremented
|
||||||
|
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
|
||||||
|
- JDK-8289524: Add JFR JIT restart event
|
||||||
|
- JDK-8289559: java/awt/a11y/AccessibleJPopupMenuTest.java test fails with java.lang.NullPointerException
|
||||||
|
- JDK-8289562: Change bugs.java.com and bugreport.java.com URL's to https
|
||||||
|
- JDK-8290207: Missing notice in dom.md
|
||||||
|
- JDK-8290209: jcup.md missing additional text
|
||||||
|
- JDK-8290374: Shenandoah: Remove inaccurate comment on SBS::load_reference_barrier()
|
||||||
|
- JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1
|
||||||
|
- JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure
|
||||||
|
- JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes
|
||||||
|
- JDK-8290687: serviceability/sa/TestClassDump.java could leave files owned by root on macOS
|
||||||
|
- JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI"
|
||||||
|
- JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize
|
||||||
|
- JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses
|
||||||
|
- JDK-8290839: jdk/jfr/event/compiler/TestJitRestart.java failed with "RuntimeException: No JIT restart event found: expected true, was false"
|
||||||
|
- JDK-8290908: misc tests fail: assert(!thread->owns_locks()) failed: must release all locks when leaving VM
|
||||||
|
- JDK-8290920: sspi_bridge.dll not built if BUILD_CRYPTO is false
|
||||||
|
- JDK-8291456: com/sun/jdi/ClassUnloadEventTest.java failed with: Wrong number of class unload events: expected 10 got 4
|
||||||
|
- JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*)
|
||||||
|
- JDK-8291599: Assertion in PhaseIdealLoop::skeleton_predicate_has_opaque after JDK-8289127
|
||||||
|
- JDK-8291650: Add delay to ClassUnloadEventTest before exiting to give time for JVM to send all events before VMDeath
|
||||||
|
- JDK-8291775: C2: assert(r != __null && r->is_Region()) failed: this phi must have a region
|
||||||
|
- JDK-8292083: Detected container memory limit may exceed physical machine memory
|
||||||
|
- JDK-8292158: AES-CTR cipher state corruption with AVX-512
|
||||||
|
- JDK-8292385: assert(ctrl == kit.control()) failed: Control flow was added although the intrinsic bailed out
|
||||||
|
- JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
|
||||||
|
- JDK-8292586: simplify cleanups in NTLMAuthSequence getCredentialsHandle
|
||||||
|
- JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update
|
||||||
|
- JDK-8292695: SIGQUIT and jcmd attaching mechanism does not work with signal chaining library
|
||||||
|
- JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free
|
||||||
|
- JDK-8292816: GPL Classpath exception missing from assemblyprefix.h
|
||||||
|
- JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures
|
||||||
|
- JDK-8292879: com/sun/jdi/ClassUnloadEventTest.java failed due to classes not unloading
|
||||||
|
- JDK-8292880: Improve debuggee logging for com/sun/jdi/ClassUnloadEventTest.java
|
||||||
|
- JDK-8292888: Bump update version for OpenJDK: jdk-17.0.6
|
||||||
|
- JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform
|
||||||
|
- JDK-8292903: enhance round_up_power_of_2 assertion output
|
||||||
|
- JDK-8293010: JDI ObjectReference/referringObjects/referringObjects001 fails: assert(env->is_enabled(JVMTI_EVENT_OBJECT_FREE)) failed: checking
|
||||||
|
- JDK-8293044: C1: Missing access check on non-accessible class
|
||||||
|
- JDK-8293232: Fix race condition in pkcs11 SessionManager
|
||||||
|
- JDK-8293319: [C2 cleanup] Remove unused other_path arg in Parse::adjust_map_after_if
|
||||||
|
- JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
|
||||||
|
- JDK-8293489: Accept CAs with BasicConstraints without pathLenConstraint
|
||||||
|
- JDK-8293535: jdk/javadoc/doclet/testJavaFX/TestJavaFxMode.java fail with jfx
|
||||||
|
- JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
|
||||||
|
- JDK-8293550: Optionally add get-task-allow entitlement to macos binaries
|
||||||
|
- JDK-8293578: Duplicate ldc generated by javac
|
||||||
|
- JDK-8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake"
|
||||||
|
- JDK-8293659: Improve UnsatisfiedLinkError error message to include dlopen error details
|
||||||
|
- JDK-8293672: Update freetype md file
|
||||||
|
- JDK-8293701: jdeps InverseDepsAnalyzer runs into NoSuchElementException: No value present
|
||||||
|
- JDK-8293808: mscapi destroyKeyContainer enhance KeyStoreException: Access is denied exception
|
||||||
|
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
|
||||||
|
- JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent
|
||||||
|
- JDK-8293826: Closed test fails after JDK-8276108 on aarch64
|
||||||
|
- JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening
|
||||||
|
- JDK-8293834: Update CLDR data following tzdata 2022c update
|
||||||
|
- JDK-8293891: gc/g1/mixedgc/TestOldGenCollectionUsage.java (still) assumes that GCs take 1ms minimum
|
||||||
|
- JDK-8293965: Code signing warnings after JDK-8293550
|
||||||
|
- JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
|
||||||
|
- JDK-8294307: ISO 4217 Amendment 173 Update
|
||||||
|
- JDK-8294310: compare.sh fails on macos after JDK-8293550
|
||||||
|
- JDK-8294357: (tz) Update Timezone Data to 2022d
|
||||||
|
- JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode
|
||||||
|
- JDK-8294740: Add cgroups keyword to TestDockerBasic.java
|
||||||
|
- JDK-8294837: unify Windows 2019 version check in os_windows and java_props_md
|
||||||
|
- JDK-8294840: langtools OptionalDependencyTest.java use File.pathSeparator
|
||||||
|
- JDK-8295173: (tz) Update Timezone Data to 2022e
|
||||||
|
- JDK-8295288: Some vm_flags tests associate with a wrong BugID
|
||||||
|
- JDK-8295405: Add cause in a couple of IllegalArgumentException and InvalidParameterException shown by sun/security/pkcs11 tests
|
||||||
|
- JDK-8295412: support latest VS2022 MSC_VER in abstract_vm_version.cpp
|
||||||
|
- JDK-8295419: JFR: Change name of jdk.JitRestart
|
||||||
|
- JDK-8295429: Update harfbuzz md file
|
||||||
|
- JDK-8295469: S390X: Optimized builds are broken
|
||||||
|
- JDK-8295554: Move the "sizecalc.h" to the correct location
|
||||||
|
- JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
|
||||||
|
- JDK-8295714: GHA ::set-output is deprecated and will be removed
|
||||||
|
- JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
|
||||||
|
- JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
|
||||||
|
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
||||||
|
- JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
|
||||||
|
- JDK-8296108: (tz) Update Timezone Data to 2022f
|
||||||
|
- JDK-8296239: ISO 4217 Amendment 174 Update
|
||||||
|
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
||||||
|
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
||||||
|
- JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
|
||||||
|
- JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
|
||||||
|
- JDK-8296715: CLDR v42 update for tzdata 2022f
|
||||||
|
- JDK-8296733: JFR: File Read event for RandomAccessFile::write(byte[]) is incorrect
|
||||||
|
- JDK-8296945: PublicMethodsTest is slow due to dependency verification with debug builds
|
||||||
|
- JDK-8296956: [JVMCI] HotSpotResolvedJavaFieldImpl.getIndex returns wrong value
|
||||||
|
- JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
|
||||||
|
- JDK-8296958: [JVMCI] add API for retrieving ConstantValue attributes
|
||||||
|
- JDK-8296960: [JVMCI] list HotSpotConstantPool.loadReferencedType to ConstantPool
|
||||||
|
- JDK-8296961: [JVMCI] Access to j.l.r.Method/Constructor/Field for ResolvedJavaMethod/ResolvedJavaField
|
||||||
|
- JDK-8296967: [JVMCI] rationalize relationship between getCodeSize and getCode in ResolvedJavaMethod
|
||||||
|
- JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used
|
||||||
|
- JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails again
|
||||||
|
- JDK-8297241: Update sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java
|
||||||
|
- JDK-8297309: Memory leak in ShenandoahFullGC
|
||||||
|
- JDK-8297481: Create a regression test for JDK-4424517
|
||||||
|
- JDK-8297530: java.lang.IllegalArgumentException: Negative length on strings concatenation
|
||||||
|
- JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
|
||||||
|
- JDK-8297656: AArch64: Enable AES/GCM Intrinsics
|
||||||
|
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
||||||
|
- JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6
|
||||||
|
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||||
|
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||||
|
|
||||||
|
Notes on individual issues:
|
||||||
|
===========================
|
||||||
|
|
||||||
|
client-libs/javax.imageio:
|
||||||
|
|
||||||
|
JDK-8295687: Better BMP bounds
|
||||||
|
==============================
|
||||||
|
Loading a linked ICC profile within a BMP image is now disabled by
|
||||||
|
default. To re-enable it, set the new system property
|
||||||
|
`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
|
||||||
|
replaces the old property,
|
||||||
|
`sun.imageio.plugins.bmp.disableLinkedProfiles`.
|
||||||
|
|
||||||
|
client-libs/javax.sound:
|
||||||
|
|
||||||
|
JDK-8293742: Better Banking of Sounds
|
||||||
|
=====================================
|
||||||
|
Previously, the SoundbankReader implementation,
|
||||||
|
`com.sun.media.sound.JARSoundbankReader`, would download a JAR
|
||||||
|
soundbank from a URL. This behaviour is now disabled by default. To
|
||||||
|
re-enable it, set the new system property `jdk.sound.jarsoundbank` to
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
security-libs/java.security:
|
||||||
|
|
||||||
|
JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
|
||||||
|
==========================================================================================================
|
||||||
|
Back in OpenJDK 9, JDK-8015081 changed the Set implementation used to
|
||||||
|
hold principals and credentials so that it rejected null
|
||||||
|
values. Attempts to call add(null), contains(null) or remove(null)
|
||||||
|
were changed to throw a NullPointerException.
|
||||||
|
|
||||||
|
However, the logout() methods in the LoginModule implementations
|
||||||
|
within the JDK were not updated to check for null values, which may
|
||||||
|
occur in the event of a failed login. As a result, a logout() call may
|
||||||
|
throw a NullPointerException.
|
||||||
|
|
||||||
|
The LoginModule implementations have now been updated with such checks
|
||||||
|
and an implementation note added to the specification to suggest that
|
||||||
|
the same change is made in third party modules. Developers of third
|
||||||
|
party modules are advised to verify that their logout() method does not
|
||||||
|
throw a NullPointerException.
|
||||||
|
|
||||||
|
security-libs/javax.net.ssl:
|
||||||
|
|
||||||
|
JDK-8287411: Enhance DTLS performance
|
||||||
|
=====================================
|
||||||
|
The JDK now exchanges DTLS cookies for all handshakes, new and
|
||||||
|
resumed. The previous behaviour can be re-enabled by setting the new
|
||||||
|
system property `jdk.tls.enableDtlsResumeCookie` to `false`.
|
||||||
|
|
||||||
New in release OpenJDK 17.0.5 (2022-10-18):
|
New in release OpenJDK 17.0.5 (2022-10-18):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
|
@ -30,7 +30,7 @@ import java.util.TimeZone;
|
|||||||
|
|
||||||
public class TestTranslations {
|
public class TestTranslations {
|
||||||
|
|
||||||
private static Map<Locale,String[]> KYIV;
|
private static Map<Locale,String[]> KYIV, CIUDAD_JUAREZ;
|
||||||
|
|
||||||
static {
|
static {
|
||||||
Map<Locale,String[]> map = new HashMap<Locale,String[]>();
|
Map<Locale,String[]> map = new HashMap<Locale,String[]>();
|
||||||
@ -44,6 +44,18 @@ public class TestTranslations {
|
|||||||
"Osteurop\u00e4ische Sommerzeit", "OESZ", "OESZ",
|
"Osteurop\u00e4ische Sommerzeit", "OESZ", "OESZ",
|
||||||
"Osteurop\u00e4ische Zeit", "OEZ", "OEZ"});
|
"Osteurop\u00e4ische Zeit", "OEZ", "OEZ"});
|
||||||
KYIV = Collections.unmodifiableMap(map);
|
KYIV = Collections.unmodifiableMap(map);
|
||||||
|
|
||||||
|
map = new HashMap<Locale,String[]>();
|
||||||
|
map.put(Locale.US, new String[] { "Mountain Standard Time", "MST", "MST",
|
||||||
|
"Mountain Daylight Time", "MDT", "MDT",
|
||||||
|
"Mountain Time", "MT", "MT"});
|
||||||
|
map.put(Locale.FRANCE, new String[] { "heure normale des Rocheuses", "UTC\u221207:00", "MST",
|
||||||
|
"heure d\u2019\u00e9t\u00e9 des Rocheuses", "UTC\u221206:00", "MDT",
|
||||||
|
"heure des Rocheuses", "UTC\u221207:00", "MT"});
|
||||||
|
map.put(Locale.GERMANY, new String[] { "Rocky Mountain-Normalzeit", "GMT-07:00", "MST",
|
||||||
|
"Rocky-Mountain-Sommerzeit", "GMT-06:00", "MDT",
|
||||||
|
"Rocky-Mountain-Zeit", "GMT-07:00", "MT"});
|
||||||
|
CIUDAD_JUAREZ = Collections.unmodifiableMap(map);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -53,7 +65,6 @@ public class TestTranslations {
|
|||||||
System.exit(1);
|
System.exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
String localeProvider = args[0];
|
|
||||||
System.out.println("Checking sanity of full zone string set...");
|
System.out.println("Checking sanity of full zone string set...");
|
||||||
boolean invalid = Arrays.stream(Locale.getAvailableLocales())
|
boolean invalid = Arrays.stream(Locale.getAvailableLocales())
|
||||||
.peek(l -> System.out.println("Locale: " + l))
|
.peek(l -> System.out.println("Locale: " + l))
|
||||||
@ -68,9 +79,18 @@ public class TestTranslations {
|
|||||||
System.exit(2);
|
System.exit(2);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (Locale l : KYIV.keySet()) {
|
String localeProvider = args[0];
|
||||||
String[] expected = KYIV.get(l);
|
testZone(localeProvider, KYIV,
|
||||||
for (String id : new String[] { "Europe/Kiev", "Europe/Kyiv", "Europe/Uzhgorod", "Europe/Zaporozhye" }) {
|
new String[] { "Europe/Kiev", "Europe/Kyiv", "Europe/Uzhgorod", "Europe/Zaporozhye" });
|
||||||
|
testZone(localeProvider, CIUDAD_JUAREZ,
|
||||||
|
new String[] { "America/Cambridge_Bay", "America/Ciudad_Juarez" });
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void testZone(String localeProvider, Map<Locale,String[]> exp, String[] ids) {
|
||||||
|
for (Locale l : exp.keySet()) {
|
||||||
|
String[] expected = exp.get(l);
|
||||||
|
System.out.printf("Expected values for %s are %s\n", l, Arrays.toString(expected));
|
||||||
|
for (String id : ids) {
|
||||||
String expectedShortStd = null;
|
String expectedShortStd = null;
|
||||||
String expectedShortDST = null;
|
String expectedShortDST = null;
|
||||||
String expectedShortGen = null;
|
String expectedShortGen = null;
|
||||||
@ -124,7 +144,7 @@ public class TestTranslations {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!expected[6].equals(longGen)) {
|
if (!expected[6].equals(longGen)) {
|
||||||
System.err.printf("Long standard display name for %s in %s was %s, expected %s\n",
|
System.err.printf("Long generic display name for %s in %s was %s, expected %s\n",
|
||||||
id, l, longGen, expected[6]);
|
id, l, longGen, expected[6]);
|
||||||
System.exit(8);
|
System.exit(8);
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,33 @@
|
|||||||
|
diff --git a/make/autoconf/build-aux/pkg.m4 b/make/autoconf/build-aux/pkg.m4
|
||||||
|
index 5f4b22bb27f..1ca9f5b8ffe 100644
|
||||||
|
--- a/make/autoconf/build-aux/pkg.m4
|
||||||
|
+++ b/make/autoconf/build-aux/pkg.m4
|
||||||
|
@@ -179,3 +179,19 @@ else
|
||||||
|
ifelse([$3], , :, [$3])
|
||||||
|
fi[]dnl
|
||||||
|
])# PKG_CHECK_MODULES
|
||||||
|
+
|
||||||
|
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
|
||||||
|
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
|
||||||
|
+dnl -------------------------------------------
|
||||||
|
+dnl Since: 0.28
|
||||||
|
+dnl
|
||||||
|
+dnl Retrieves the value of the pkg-config variable for the given module.
|
||||||
|
+AC_DEFUN([PKG_CHECK_VAR],
|
||||||
|
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
|
||||||
|
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
|
||||||
|
+
|
||||||
|
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
|
||||||
|
+AS_VAR_COPY([$1], [pkg_cv_][$1])
|
||||||
|
+
|
||||||
|
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
|
||||||
|
+])dnl PKG_CHECK_VAR
|
||||||
diff --git a/make/autoconf/lib-sysconf.m4 b/make/autoconf/lib-sysconf.m4
|
diff --git a/make/autoconf/lib-sysconf.m4 b/make/autoconf/lib-sysconf.m4
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 00000000000..b2b1c1787da
|
index 00000000000..f48fc7f7e80
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/make/autoconf/lib-sysconf.m4
|
+++ b/make/autoconf/lib-sysconf.m4
|
||||||
@@ -0,0 +1,84 @@
|
@@ -0,0 +1,87 @@
|
||||||
+#
|
+#
|
||||||
+# Copyright (c) 2021, Red Hat, Inc.
|
+# Copyright (c) 2021, Red Hat, Inc.
|
||||||
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
@ -38,8 +62,10 @@ index 00000000000..b2b1c1787da
|
|||||||
+ #
|
+ #
|
||||||
+ # Check for the NSS library
|
+ # Check for the NSS library
|
||||||
+ #
|
+ #
|
||||||
|
+ AC_MSG_CHECKING([for NSS library directory])
|
||||||
|
+ PKG_CHECK_VAR(NSS_LIBDIR, nss, libdir, [AC_MSG_RESULT([$NSS_LIBDIR])], [AC_MSG_RESULT([not found])])
|
||||||
+
|
+
|
||||||
+ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
|
+ AC_MSG_CHECKING([whether to link the system NSS library with the System Configurator (libsysconf)])
|
||||||
+
|
+
|
||||||
+ # default is not available
|
+ # default is not available
|
||||||
+ DEFAULT_SYSCONF_NSS=no
|
+ DEFAULT_SYSCONF_NSS=no
|
||||||
@ -87,6 +113,7 @@ index 00000000000..b2b1c1787da
|
|||||||
+ fi
|
+ fi
|
||||||
+ fi
|
+ fi
|
||||||
+ AC_SUBST(USE_SYSCONF_NSS)
|
+ AC_SUBST(USE_SYSCONF_NSS)
|
||||||
|
+ AC_SUBST(NSS_LIBDIR)
|
||||||
+])
|
+])
|
||||||
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
|
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
|
||||||
index a65d91ee974..a8f054c1397 100644
|
index a65d91ee974..a8f054c1397 100644
|
||||||
@ -109,20 +136,43 @@ index a65d91ee974..a8f054c1397 100644
|
|||||||
BASIC_JDKLIB_LIBS=""
|
BASIC_JDKLIB_LIBS=""
|
||||||
if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then
|
if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then
|
||||||
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
|
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
|
||||||
index c2c9c4adf3a..9d105b37acf 100644
|
index d557549adb3..1cb44bd2595 100644
|
||||||
--- a/make/autoconf/spec.gmk.in
|
--- a/make/autoconf/spec.gmk.in
|
||||||
+++ b/make/autoconf/spec.gmk.in
|
+++ b/make/autoconf/spec.gmk.in
|
||||||
@@ -836,6 +836,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
|
@@ -840,6 +840,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
|
||||||
# Libraries
|
# Libraries
|
||||||
#
|
#
|
||||||
|
|
||||||
+USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
|
+USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
|
||||||
+NSS_LIBS:=@NSS_LIBS@
|
+NSS_LIBS:=@NSS_LIBS@
|
||||||
+NSS_CFLAGS:=@NSS_CFLAGS@
|
+NSS_CFLAGS:=@NSS_CFLAGS@
|
||||||
|
+NSS_LIBDIR:=@NSS_LIBDIR@
|
||||||
+
|
+
|
||||||
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
|
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
|
||||||
LCMS_CFLAGS:=@LCMS_CFLAGS@
|
LCMS_CFLAGS:=@LCMS_CFLAGS@
|
||||||
LCMS_LIBS:=@LCMS_LIBS@
|
LCMS_LIBS:=@LCMS_LIBS@
|
||||||
|
diff --git a/make/modules/java.base/Gendata.gmk b/make/modules/java.base/Gendata.gmk
|
||||||
|
index 4b894eeae4a..51567071aa8 100644
|
||||||
|
--- a/make/modules/java.base/Gendata.gmk
|
||||||
|
+++ b/make/modules/java.base/Gendata.gmk
|
||||||
|
@@ -98,3 +98,17 @@ $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS_JDK) $(GENDATA_JAVA_SECURITY_SRC) $(REST
|
||||||
|
TARGETS += $(GENDATA_JAVA_SECURITY)
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
+
|
||||||
|
+GENDATA_NSS_FIPS_CFG_SRC := $(TOPDIR)/src/java.base/share/conf/security/nss.fips.cfg.in
|
||||||
|
+GENDATA_NSS_FIPS_CFG := $(SUPPORT_OUTPUTDIR)/modules_conf/java.base/security/nss.fips.cfg
|
||||||
|
+
|
||||||
|
+$(GENDATA_NSS_FIPS_CFG): $(GENDATA_NSS_FIPS_CFG_SRC)
|
||||||
|
+ $(call LogInfo, Generating nss.fips.cfg)
|
||||||
|
+ $(call MakeTargetDir)
|
||||||
|
+ $(call ExecuteWithLog, $(SUPPORT_OUTPUTDIR)/gensrc/java.base/_$(@F), \
|
||||||
|
+ ( $(SED) -e 's:@NSS_LIBDIR@:$(NSS_LIBDIR):g' $< ) > $@ \
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+TARGETS += $(GENDATA_NSS_FIPS_CFG)
|
||||||
|
+
|
||||||
|
+################################################################################
|
||||||
diff --git a/make/modules/java.base/Lib.gmk b/make/modules/java.base/Lib.gmk
|
diff --git a/make/modules/java.base/Lib.gmk b/make/modules/java.base/Lib.gmk
|
||||||
index 5658ff342e5..c8bc5bde1e1 100644
|
index 5658ff342e5..c8bc5bde1e1 100644
|
||||||
--- a/make/modules/java.base/Lib.gmk
|
--- a/make/modules/java.base/Lib.gmk
|
||||||
@ -1771,7 +1821,7 @@ index f6d3638c3dd..a1ee182d913 100644
|
|||||||
+ }
|
+ }
|
||||||
}
|
}
|
||||||
diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
|
diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
|
||||||
index 63bb580eb3a..dbbf11bbb22 100644
|
index 9faee9cae36..27f43550aa4 100644
|
||||||
--- a/src/java.base/share/classes/module-info.java
|
--- a/src/java.base/share/classes/module-info.java
|
||||||
+++ b/src/java.base/share/classes/module-info.java
|
+++ b/src/java.base/share/classes/module-info.java
|
||||||
@@ -152,6 +152,8 @@ module java.base {
|
@@ -152,6 +152,8 @@ module java.base {
|
||||||
@ -2193,18 +2243,6 @@ index ca79f25cc44..225517ac69b 100644
|
|||||||
addA(p, "AlgorithmParameters", "RSASSA-PSS",
|
addA(p, "AlgorithmParameters", "RSASSA-PSS",
|
||||||
"sun.security.rsa.PSSParameters", null);
|
"sun.security.rsa.PSSParameters", null);
|
||||||
}
|
}
|
||||||
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
|
|
||||||
index 6ffdfeda18d..82e896170f0 100644
|
|
||||||
--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
|
|
||||||
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
|
|
||||||
@@ -32,6 +32,7 @@ import java.security.cert.*;
|
|
||||||
import java.util.*;
|
|
||||||
import java.util.concurrent.locks.ReentrantLock;
|
|
||||||
import javax.net.ssl.*;
|
|
||||||
+import jdk.internal.access.SharedSecrets;
|
|
||||||
import sun.security.action.GetPropertyAction;
|
|
||||||
import sun.security.provider.certpath.AlgorithmChecker;
|
|
||||||
import sun.security.validator.Validator;
|
|
||||||
diff --git a/src/java.base/share/classes/sun/security/util/PBEUtil.java b/src/java.base/share/classes/sun/security/util/PBEUtil.java
|
diff --git a/src/java.base/share/classes/sun/security/util/PBEUtil.java b/src/java.base/share/classes/sun/security/util/PBEUtil.java
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 00000000000..dc8bc72fccb
|
index 00000000000..dc8bc72fccb
|
||||||
@ -2509,7 +2547,7 @@ index 00000000000..dc8bc72fccb
|
|||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
|
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
|
||||||
index 6d91e3f8e4e..f357b630460 100644
|
index 63be286686d..b0a589c3fb4 100644
|
||||||
--- a/src/java.base/share/conf/security/java.security
|
--- a/src/java.base/share/conf/security/java.security
|
||||||
+++ b/src/java.base/share/conf/security/java.security
|
+++ b/src/java.base/share/conf/security/java.security
|
||||||
@@ -79,6 +79,16 @@ security.provider.tbd=Apple
|
@@ -79,6 +79,16 @@ security.provider.tbd=Apple
|
||||||
@ -2529,7 +2567,7 @@ index 6d91e3f8e4e..f357b630460 100644
|
|||||||
#
|
#
|
||||||
# A list of preferred providers for specific algorithms. These providers will
|
# A list of preferred providers for specific algorithms. These providers will
|
||||||
# be searched for matching algorithms before the list of registered providers.
|
# be searched for matching algorithms before the list of registered providers.
|
||||||
@@ -289,6 +299,11 @@ policy.ignoreIdentityScope=false
|
@@ -289,6 +299,47 @@ policy.ignoreIdentityScope=false
|
||||||
#
|
#
|
||||||
keystore.type=pkcs12
|
keystore.type=pkcs12
|
||||||
|
|
||||||
@ -2537,11 +2575,47 @@ index 6d91e3f8e4e..f357b630460 100644
|
|||||||
+# Default keystore type used when global crypto-policies are set to FIPS.
|
+# Default keystore type used when global crypto-policies are set to FIPS.
|
||||||
+#
|
+#
|
||||||
+fips.keystore.type=pkcs12
|
+fips.keystore.type=pkcs12
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Location of the NSS DB keystore (PKCS11) in FIPS mode.
|
||||||
|
+#
|
||||||
|
+# The syntax for this property is identical to the 'nssSecmodDirectory'
|
||||||
|
+# attribute available in the SunPKCS11 NSS configuration file. Use the
|
||||||
|
+# 'sql:' prefix to refer to an SQLite DB.
|
||||||
|
+#
|
||||||
|
+# If the system property fips.nssdb.path is also specified, it supersedes
|
||||||
|
+# the security property value defined here.
|
||||||
|
+#
|
||||||
|
+# Note: the default value for this property points to an NSS DB that might be
|
||||||
|
+# readable by multiple operating system users and unsuitable to store keys.
|
||||||
|
+#
|
||||||
|
+fips.nssdb.path=sql:/etc/pki/nssdb
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# PIN for the NSS DB keystore (PKCS11) in FIPS mode.
|
||||||
|
+#
|
||||||
|
+# Values must take any of the following forms:
|
||||||
|
+# 1) pin:<value>
|
||||||
|
+# Value: clear text PIN value.
|
||||||
|
+# 2) env:<value>
|
||||||
|
+# Value: environment variable containing the PIN value.
|
||||||
|
+# 3) file:<value>
|
||||||
|
+# Value: path to a file containing the PIN value in its first
|
||||||
|
+# line.
|
||||||
|
+#
|
||||||
|
+# If the system property fips.nssdb.pin is also specified, it supersedes
|
||||||
|
+# the security property value defined here.
|
||||||
|
+#
|
||||||
|
+# When used as a system property, UTF-8 encoded values are valid. When
|
||||||
|
+# used as a security property (such as in this file), encode non-Basic
|
||||||
|
+# Latin Unicode characters with \uXXXX.
|
||||||
|
+#
|
||||||
|
+fips.nssdb.pin=pin:
|
||||||
+
|
+
|
||||||
#
|
#
|
||||||
# Controls compatibility mode for JKS and PKCS12 keystore types.
|
# Controls compatibility mode for JKS and PKCS12 keystore types.
|
||||||
#
|
#
|
||||||
@@ -326,6 +341,13 @@ package.definition=sun.misc.,\
|
@@ -326,6 +377,13 @@ package.definition=sun.misc.,\
|
||||||
#
|
#
|
||||||
security.overridePropertiesFile=true
|
security.overridePropertiesFile=true
|
||||||
|
|
||||||
@ -2555,8 +2629,22 @@ index 6d91e3f8e4e..f357b630460 100644
|
|||||||
#
|
#
|
||||||
# Determines the default key and trust manager factory algorithms for
|
# Determines the default key and trust manager factory algorithms for
|
||||||
# the javax.net.ssl package.
|
# the javax.net.ssl package.
|
||||||
|
diff --git a/src/java.base/share/conf/security/nss.fips.cfg.in b/src/java.base/share/conf/security/nss.fips.cfg.in
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..55bbba98b7a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/java.base/share/conf/security/nss.fips.cfg.in
|
||||||
|
@@ -0,0 +1,8 @@
|
||||||
|
+name = NSS-FIPS
|
||||||
|
+nssLibraryDirectory = @NSS_LIBDIR@
|
||||||
|
+nssSecmodDirectory = ${fips.nssdb.path}
|
||||||
|
+nssDbMode = readWrite
|
||||||
|
+nssModule = fips
|
||||||
|
+
|
||||||
|
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||||
|
+
|
||||||
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
|
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
|
||||||
index b22f26947af..3ee2ce6ea88 100644
|
index b22f26947af..02bea84e210 100644
|
||||||
--- a/src/java.base/share/lib/security/default.policy
|
--- a/src/java.base/share/lib/security/default.policy
|
||||||
+++ b/src/java.base/share/lib/security/default.policy
|
+++ b/src/java.base/share/lib/security/default.policy
|
||||||
@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
|
@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
|
||||||
@ -2575,6 +2663,15 @@ index b22f26947af..3ee2ce6ea88 100644
|
|||||||
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
||||||
permission java.lang.RuntimePermission
|
permission java.lang.RuntimePermission
|
||||||
"accessClassInPackage.sun.security.*";
|
"accessClassInPackage.sun.security.*";
|
||||||
|
@@ -140,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
||||||
|
permission java.util.PropertyPermission "os.name", "read";
|
||||||
|
permission java.util.PropertyPermission "os.arch", "read";
|
||||||
|
permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
|
||||||
|
+ permission java.util.PropertyPermission "fips.nssdb.path", "read,write";
|
||||||
|
+ permission java.util.PropertyPermission "fips.nssdb.pin", "read";
|
||||||
|
permission java.security.SecurityPermission "putProviderProperty.*";
|
||||||
|
permission java.security.SecurityPermission "clearProviderProperties.*";
|
||||||
|
permission java.security.SecurityPermission "removeProviderProperty.*";
|
||||||
diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c
|
diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 00000000000..ddf9befe5bc
|
index 00000000000..ddf9befe5bc
|
||||||
@ -2819,10 +2916,10 @@ index 00000000000..ddf9befe5bc
|
|||||||
+#endif
|
+#endif
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 00000000000..8cfa2734d4e
|
index 00000000000..d3f0bffb821
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
||||||
@@ -0,0 +1,461 @@
|
@@ -0,0 +1,457 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2021, Red Hat, Inc.
|
+ * Copyright (c) 2021, Red Hat, Inc.
|
||||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
@ -2897,9 +2994,6 @@ index 00000000000..8cfa2734d4e
|
|||||||
+ private static volatile Provider sunECProvider = null;
|
+ private static volatile Provider sunECProvider = null;
|
||||||
+ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
|
+ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
|
||||||
+
|
+
|
||||||
+ private static volatile KeyFactory DHKF = null;
|
|
||||||
+ private static final ReentrantLock DHKFLock = new ReentrantLock();
|
|
||||||
+
|
|
||||||
+ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
|
+ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
|
||||||
+ throws PKCS11Exception {
|
+ throws PKCS11Exception {
|
||||||
+ long keyID = -1;
|
+ long keyID = -1;
|
||||||
@ -3144,8 +3238,7 @@ index 00000000000..8cfa2734d4e
|
|||||||
+ CKA_PRIVATE_EXPONENT, CKA_PRIME_1, CKA_PRIME_2,
|
+ CKA_PRIVATE_EXPONENT, CKA_PRIME_1, CKA_PRIME_2,
|
||||||
+ CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT);
|
+ CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT);
|
||||||
+ RSAPrivateKey rsaPKey = RSAPrivateCrtKeyImpl.newKey(
|
+ RSAPrivateKey rsaPKey = RSAPrivateCrtKeyImpl.newKey(
|
||||||
+ RSAUtil.KeyType.RSA, "PKCS#8", plainExportedKey
|
+ RSAUtil.KeyType.RSA, "PKCS#8", plainExportedKey);
|
||||||
+ );
|
|
||||||
+ CK_ATTRIBUTE attr;
|
+ CK_ATTRIBUTE attr;
|
||||||
+ if ((attr = sensitiveAttrs.get(CKA_PRIVATE_EXPONENT)) != null) {
|
+ if ((attr = sensitiveAttrs.get(CKA_PRIVATE_EXPONENT)) != null) {
|
||||||
+ attr.pValue = rsaPKey.getPrivateExponent().toByteArray();
|
+ attr.pValue = rsaPKey.getPrivateExponent().toByteArray();
|
||||||
@ -3284,6 +3377,162 @@ index 00000000000..8cfa2734d4e
|
|||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..f8d505ca815
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java
|
||||||
|
@@ -0,0 +1,149 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (c) 2022, Red Hat, Inc.
|
||||||
|
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
+ *
|
||||||
|
+ * This code is free software; you can redistribute it and/or modify it
|
||||||
|
+ * under the terms of the GNU General Public License version 2 only, as
|
||||||
|
+ * published by the Free Software Foundation. Oracle designates this
|
||||||
|
+ * particular file as subject to the "Classpath" exception as provided
|
||||||
|
+ * by Oracle in the LICENSE file that accompanied this code.
|
||||||
|
+ *
|
||||||
|
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
+ * accompanied this code).
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License version
|
||||||
|
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ *
|
||||||
|
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
+ * or visit www.oracle.com if you need additional information or have any
|
||||||
|
+ * questions.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+package sun.security.pkcs11;
|
||||||
|
+
|
||||||
|
+import java.io.BufferedReader;
|
||||||
|
+import java.io.ByteArrayInputStream;
|
||||||
|
+import java.io.InputStream;
|
||||||
|
+import java.io.InputStreamReader;
|
||||||
|
+import java.io.IOException;
|
||||||
|
+import java.nio.charset.StandardCharsets;
|
||||||
|
+import java.nio.file.Files;
|
||||||
|
+import java.nio.file.Path;
|
||||||
|
+import java.nio.file.Paths;
|
||||||
|
+import java.nio.file.StandardOpenOption;
|
||||||
|
+import java.security.ProviderException;
|
||||||
|
+
|
||||||
|
+import javax.security.auth.callback.Callback;
|
||||||
|
+import javax.security.auth.callback.CallbackHandler;
|
||||||
|
+import javax.security.auth.callback.PasswordCallback;
|
||||||
|
+import javax.security.auth.callback.UnsupportedCallbackException;
|
||||||
|
+
|
||||||
|
+import sun.security.util.Debug;
|
||||||
|
+import sun.security.util.SecurityProperties;
|
||||||
|
+
|
||||||
|
+final class FIPSTokenLoginHandler implements CallbackHandler {
|
||||||
|
+
|
||||||
|
+ private static final String FIPS_NSSDB_PIN_PROP = "fips.nssdb.pin";
|
||||||
|
+
|
||||||
|
+ private static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||||
|
+
|
||||||
|
+ public void handle(Callback[] callbacks)
|
||||||
|
+ throws IOException, UnsupportedCallbackException {
|
||||||
|
+ if (!(callbacks[0] instanceof PasswordCallback)) {
|
||||||
|
+ throw new UnsupportedCallbackException(callbacks[0]);
|
||||||
|
+ }
|
||||||
|
+ PasswordCallback pc = (PasswordCallback)callbacks[0];
|
||||||
|
+ pc.setPassword(getFipsNssdbPin());
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private static char[] getFipsNssdbPin() throws ProviderException {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("FIPS: Reading NSS DB PIN for token...");
|
||||||
|
+ }
|
||||||
|
+ String pinProp = SecurityProperties
|
||||||
|
+ .privilegedGetOverridable(FIPS_NSSDB_PIN_PROP);
|
||||||
|
+ if (pinProp != null && !pinProp.isEmpty()) {
|
||||||
|
+ String[] pinPropParts = pinProp.split(":", 2);
|
||||||
|
+ if (pinPropParts.length < 2) {
|
||||||
|
+ throw new ProviderException("Invalid " + FIPS_NSSDB_PIN_PROP +
|
||||||
|
+ " property value.");
|
||||||
|
+ }
|
||||||
|
+ String prefix = pinPropParts[0].toLowerCase();
|
||||||
|
+ String value = pinPropParts[1];
|
||||||
|
+ String pin = null;
|
||||||
|
+ if (prefix.equals("env")) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("FIPS: PIN value from the '" + value +
|
||||||
|
+ "' environment variable.");
|
||||||
|
+ }
|
||||||
|
+ pin = System.getenv(value);
|
||||||
|
+ } else if (prefix.equals("file")) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("FIPS: PIN value from the '" + value +
|
||||||
|
+ "' file.");
|
||||||
|
+ }
|
||||||
|
+ pin = getPinFromFile(Paths.get(value));
|
||||||
|
+ } else if (prefix.equals("pin")) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("FIPS: PIN value from the " +
|
||||||
|
+ FIPS_NSSDB_PIN_PROP + " property.");
|
||||||
|
+ }
|
||||||
|
+ pin = value;
|
||||||
|
+ } else {
|
||||||
|
+ throw new ProviderException("Unsupported prefix for " +
|
||||||
|
+ FIPS_NSSDB_PIN_PROP + ".");
|
||||||
|
+ }
|
||||||
|
+ if (pin != null && !pin.isEmpty()) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("FIPS: non-empty PIN.");
|
||||||
|
+ }
|
||||||
|
+ /*
|
||||||
|
+ * C_Login in libj2pkcs11 receives the PIN in a char[] and
|
||||||
|
+ * discards the upper byte of each char, before passing
|
||||||
|
+ * the value to the NSS Software Token. However, the
|
||||||
|
+ * NSS Software Token accepts any UTF-8 PIN value. Thus,
|
||||||
|
+ * expand the PIN here to account for later truncation.
|
||||||
|
+ */
|
||||||
|
+ byte[] pinUtf8 = pin.getBytes(StandardCharsets.UTF_8);
|
||||||
|
+ char[] pinChar = new char[pinUtf8.length];
|
||||||
|
+ for (int i = 0; i < pinChar.length; i++) {
|
||||||
|
+ pinChar[i] = (char)(pinUtf8[i] & 0xFF);
|
||||||
|
+ }
|
||||||
|
+ return pinChar;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("FIPS: empty PIN.");
|
||||||
|
+ }
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * This method extracts the token PIN from the first line of a password
|
||||||
|
+ * file in the same way as NSS modutil. See for example the -newpwfile
|
||||||
|
+ * argument used to change the password for an NSS DB.
|
||||||
|
+ */
|
||||||
|
+ private static String getPinFromFile(Path f) throws ProviderException {
|
||||||
|
+ try (InputStream is =
|
||||||
|
+ Files.newInputStream(f, StandardOpenOption.READ)) {
|
||||||
|
+ /*
|
||||||
|
+ * SECU_FilePasswd in NSS (nss/cmd/lib/secutil.c), used by modutil,
|
||||||
|
+ * reads up to 4096 bytes. In addition, the NSS Software Token
|
||||||
|
+ * does not accept PINs longer than 500 bytes (see SFTK_MAX_PIN
|
||||||
|
+ * in nss/lib/softoken/pkcs11i.h).
|
||||||
|
+ */
|
||||||
|
+ BufferedReader in =
|
||||||
|
+ new BufferedReader(new InputStreamReader(
|
||||||
|
+ new ByteArrayInputStream(is.readNBytes(4096)),
|
||||||
|
+ StandardCharsets.UTF_8));
|
||||||
|
+ return in.readLine();
|
||||||
|
+ } catch (IOException ioe) {
|
||||||
|
+ throw new ProviderException("Error reading " + FIPS_NSSDB_PIN_PROP +
|
||||||
|
+ " from the '" + f + "' file.", ioe);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
\ No newline at end of file
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||||
index 9b69072280e..5696b904979 100644
|
index 9b69072280e..5696b904979 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||||
@ -3597,7 +3846,7 @@ index 00000000000..ae4262703e6
|
|||||||
+
|
+
|
||||||
+}
|
+}
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
|
||||||
index c98960f7fcc..c14319a5356 100644
|
index 8d1b8ccb0ae..950ed20cf62 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
|
||||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
|
||||||
@@ -31,6 +31,7 @@ import java.security.*;
|
@@ -31,6 +31,7 @@ import java.security.*;
|
||||||
@ -3608,7 +3857,7 @@ index c98960f7fcc..c14319a5356 100644
|
|||||||
import javax.crypto.spec.*;
|
import javax.crypto.spec.*;
|
||||||
|
|
||||||
import static sun.security.pkcs11.TemplateManager.*;
|
import static sun.security.pkcs11.TemplateManager.*;
|
||||||
@@ -193,6 +194,128 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
@@ -194,6 +195,128 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||||
return p11Key;
|
return p11Key;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3737,7 +3986,7 @@ index c98960f7fcc..c14319a5356 100644
|
|||||||
static void fixDESParity(byte[] key, int offset) {
|
static void fixDESParity(byte[] key, int offset) {
|
||||||
for (int i = 0; i < 8; i++) {
|
for (int i = 0; i < 8; i++) {
|
||||||
int b = key[offset] & 0xfe;
|
int b = key[offset] & 0xfe;
|
||||||
@@ -319,6 +442,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
@@ -320,6 +443,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||||
keySpec = new SecretKeySpec(keyBytes, "DESede");
|
keySpec = new SecretKeySpec(keyBytes, "DESede");
|
||||||
return engineGenerateSecret(keySpec);
|
return engineGenerateSecret(keySpec);
|
||||||
}
|
}
|
||||||
@ -3747,7 +3996,7 @@ index c98960f7fcc..c14319a5356 100644
|
|||||||
}
|
}
|
||||||
throw new InvalidKeySpecException
|
throw new InvalidKeySpecException
|
||||||
("Unsupported spec: " + keySpec.getClass().getName());
|
("Unsupported spec: " + keySpec.getClass().getName());
|
||||||
@@ -372,6 +498,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
@@ -373,6 +499,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||||
// see JCE spec
|
// see JCE spec
|
||||||
protected SecretKey engineTranslateKey(SecretKey key)
|
protected SecretKey engineTranslateKey(SecretKey key)
|
||||||
throws InvalidKeyException {
|
throws InvalidKeyException {
|
||||||
@ -3880,7 +4129,7 @@ index 262cfc062ad..72b64f72c0a 100644
|
|||||||
Provider p = sun;
|
Provider p = sun;
|
||||||
if (p == null) {
|
if (p == null) {
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
index 112b639aa96..3e170b4c115 100644
|
index aa35e8fa668..1855e5631bd 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
@@ -26,6 +26,9 @@
|
@@ -26,6 +26,9 @@
|
||||||
@ -3893,7 +4142,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
|
||||||
import java.security.*;
|
import java.security.*;
|
||||||
@@ -42,6 +45,7 @@ import javax.security.auth.callback.PasswordCallback;
|
@@ -42,10 +45,12 @@ import javax.security.auth.callback.PasswordCallback;
|
||||||
|
|
||||||
import com.sun.crypto.provider.ChaCha20Poly1305Parameters;
|
import com.sun.crypto.provider.ChaCha20Poly1305Parameters;
|
||||||
|
|
||||||
@ -3901,7 +4150,12 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
import jdk.internal.misc.InnocuousThread;
|
import jdk.internal.misc.InnocuousThread;
|
||||||
import sun.security.util.Debug;
|
import sun.security.util.Debug;
|
||||||
import sun.security.util.ResourcesMgr;
|
import sun.security.util.ResourcesMgr;
|
||||||
@@ -62,6 +66,37 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.*;
|
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||||
|
+import sun.security.util.SecurityProperties;
|
||||||
|
import static sun.security.util.SecurityProviderConstants.getAliases;
|
||||||
|
|
||||||
|
import sun.security.pkcs11.Secmod.*;
|
||||||
|
@@ -62,6 +67,39 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.*;
|
||||||
*/
|
*/
|
||||||
public final class SunPKCS11 extends AuthProvider {
|
public final class SunPKCS11 extends AuthProvider {
|
||||||
|
|
||||||
@ -3935,11 +4189,43 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
+ fipsImportKey = fipsImportKeyTmp;
|
+ fipsImportKey = fipsImportKeyTmp;
|
||||||
+ fipsExportKey = fipsExportKeyTmp;
|
+ fipsExportKey = fipsExportKeyTmp;
|
||||||
+ }
|
+ }
|
||||||
|
+
|
||||||
|
+ private static final String FIPS_NSSDB_PATH_PROP = "fips.nssdb.path";
|
||||||
+
|
+
|
||||||
private static final long serialVersionUID = -1354835039035306505L;
|
private static final long serialVersionUID = -1354835039035306505L;
|
||||||
|
|
||||||
static final Debug debug = Debug.getInstance("sunpkcs11");
|
static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||||
@@ -320,10 +355,19 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -115,6 +153,29 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
return AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
|
||||||
|
@Override
|
||||||
|
public SunPKCS11 run() throws Exception {
|
||||||
|
+ if (systemFipsEnabled) {
|
||||||
|
+ /*
|
||||||
|
+ * The nssSecmodDirectory attribute in the SunPKCS11
|
||||||
|
+ * NSS configuration file takes the value of the
|
||||||
|
+ * fips.nssdb.path System property after expansion.
|
||||||
|
+ * Security properties expansion is unsupported.
|
||||||
|
+ */
|
||||||
|
+ String nssdbPath =
|
||||||
|
+ SecurityProperties.privilegedGetOverridable(
|
||||||
|
+ FIPS_NSSDB_PATH_PROP);
|
||||||
|
+ if (System.getSecurityManager() != null) {
|
||||||
|
+ AccessController.doPrivileged(
|
||||||
|
+ (PrivilegedAction<Void>) () -> {
|
||||||
|
+ System.setProperty(
|
||||||
|
+ FIPS_NSSDB_PATH_PROP,
|
||||||
|
+ nssdbPath);
|
||||||
|
+ return null;
|
||||||
|
+ });
|
||||||
|
+ } else {
|
||||||
|
+ System.setProperty(
|
||||||
|
+ FIPS_NSSDB_PATH_PROP, nssdbPath);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
return new SunPKCS11(new Config(newConfigName));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
@@ -320,10 +381,19 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
// request multithreaded access first
|
// request multithreaded access first
|
||||||
initArgs.flags = CKF_OS_LOCKING_OK;
|
initArgs.flags = CKF_OS_LOCKING_OK;
|
||||||
PKCS11 tmpPKCS11;
|
PKCS11 tmpPKCS11;
|
||||||
@ -3960,7 +4246,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
} catch (PKCS11Exception e) {
|
} catch (PKCS11Exception e) {
|
||||||
if (debug != null) {
|
if (debug != null) {
|
||||||
debug.println("Multi-threaded initialization failed: " + e);
|
debug.println("Multi-threaded initialization failed: " + e);
|
||||||
@@ -339,11 +383,12 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -339,11 +409,12 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
initArgs.flags = 0;
|
initArgs.flags = 0;
|
||||||
}
|
}
|
||||||
tmpPKCS11 = PKCS11.getInstance(library,
|
tmpPKCS11 = PKCS11.getInstance(library,
|
||||||
@ -3975,32 +4261,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
if (p11Info.cryptokiVersion.major < 2) {
|
if (p11Info.cryptokiVersion.major < 2) {
|
||||||
throw new ProviderException("Only PKCS#11 v2.0 and later "
|
throw new ProviderException("Only PKCS#11 v2.0 and later "
|
||||||
+ "supported, library version is v" + p11Info.cryptokiVersion);
|
+ "supported, library version is v" + p11Info.cryptokiVersion);
|
||||||
@@ -379,6 +424,24 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -417,14 +488,19 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
if (nssModule != null) {
|
|
||||||
nssModule.setProvider(this);
|
|
||||||
}
|
|
||||||
+ if (systemFipsEnabled) {
|
|
||||||
+ // The NSS Software Token in FIPS 140-2 mode requires a user
|
|
||||||
+ // login for most operations. See sftk_fipsCheck. The NSS DB
|
|
||||||
+ // (/etc/pki/nssdb) PIN is empty.
|
|
||||||
+ Session session = null;
|
|
||||||
+ try {
|
|
||||||
+ session = token.getOpSession();
|
|
||||||
+ p11.C_Login(session.id(), CKU_USER, new char[] {});
|
|
||||||
+ } catch (PKCS11Exception p11e) {
|
|
||||||
+ if (debug != null) {
|
|
||||||
+ debug.println("Error during token login: " +
|
|
||||||
+ p11e.getMessage());
|
|
||||||
+ }
|
|
||||||
+ throw p11e;
|
|
||||||
+ } finally {
|
|
||||||
+ token.releaseSession(session);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
} catch (Exception e) {
|
|
||||||
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
|
|
||||||
throw new UnsupportedOperationException
|
|
||||||
@@ -417,14 +480,19 @@ public final class SunPKCS11 extends AuthProvider {
|
|
||||||
final String className;
|
final String className;
|
||||||
final List<String> aliases;
|
final List<String> aliases;
|
||||||
final int[] mechanisms;
|
final int[] mechanisms;
|
||||||
@ -4021,7 +4282,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
}
|
}
|
||||||
private P11Service service(Token token, int mechanism) {
|
private P11Service service(Token token, int mechanism) {
|
||||||
return new P11Service
|
return new P11Service
|
||||||
@@ -458,18 +526,29 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -458,18 +534,29 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
|
||||||
private static void d(String type, String algorithm, String className,
|
private static void d(String type, String algorithm, String className,
|
||||||
int[] m) {
|
int[] m) {
|
||||||
@ -4054,7 +4315,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static void register(Descriptor d) {
|
private static void register(Descriptor d) {
|
||||||
@@ -525,6 +604,7 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -525,6 +612,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
String P11Cipher = "sun.security.pkcs11.P11Cipher";
|
String P11Cipher = "sun.security.pkcs11.P11Cipher";
|
||||||
String P11RSACipher = "sun.security.pkcs11.P11RSACipher";
|
String P11RSACipher = "sun.security.pkcs11.P11RSACipher";
|
||||||
String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher";
|
String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher";
|
||||||
@ -4062,7 +4323,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
String P11Signature = "sun.security.pkcs11.P11Signature";
|
String P11Signature = "sun.security.pkcs11.P11Signature";
|
||||||
String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature";
|
String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature";
|
||||||
|
|
||||||
@@ -587,6 +667,30 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -587,6 +675,30 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(MAC, "SslMacSHA1", P11Mac,
|
d(MAC, "SslMacSHA1", P11Mac,
|
||||||
m(CKM_SSL3_SHA1_MAC));
|
m(CKM_SSL3_SHA1_MAC));
|
||||||
|
|
||||||
@ -4093,7 +4354,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
d(KPG, "RSA", P11KeyPairGenerator,
|
d(KPG, "RSA", P11KeyPairGenerator,
|
||||||
getAliases("PKCS1"),
|
getAliases("PKCS1"),
|
||||||
m(CKM_RSA_PKCS_KEY_PAIR_GEN));
|
m(CKM_RSA_PKCS_KEY_PAIR_GEN));
|
||||||
@@ -685,6 +789,66 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -685,6 +797,66 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(SKF, "ChaCha20", P11SecretKeyFactory,
|
d(SKF, "ChaCha20", P11SecretKeyFactory,
|
||||||
m(CKM_CHACHA20_POLY1305));
|
m(CKM_CHACHA20_POLY1305));
|
||||||
|
|
||||||
@ -4160,7 +4421,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
// XXX attributes for Ciphers (supported modes, padding)
|
// XXX attributes for Ciphers (supported modes, padding)
|
||||||
dA(CIP, "ARCFOUR", P11Cipher,
|
dA(CIP, "ARCFOUR", P11Cipher,
|
||||||
m(CKM_RC4));
|
m(CKM_RC4));
|
||||||
@@ -754,6 +918,46 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -754,6 +926,46 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
|
d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
|
||||||
m(CKM_RSA_X_509));
|
m(CKM_RSA_X_509));
|
||||||
|
|
||||||
@ -4207,7 +4468,7 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
d(SIG, "RawDSA", P11Signature,
|
d(SIG, "RawDSA", P11Signature,
|
||||||
List.of("NONEwithDSA"),
|
List.of("NONEwithDSA"),
|
||||||
m(CKM_DSA));
|
m(CKM_DSA));
|
||||||
@@ -1144,9 +1348,21 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1144,9 +1356,21 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
if (ds == null) {
|
if (ds == null) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -4229,7 +4490,60 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
supportedAlgs.put(d, integerMech);
|
supportedAlgs.put(d, integerMech);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -1244,6 +1460,8 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1220,11 +1444,52 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
+ @SuppressWarnings("removal")
|
||||||
|
public Object newInstance(Object param)
|
||||||
|
throws NoSuchAlgorithmException {
|
||||||
|
if (token.isValid() == false) {
|
||||||
|
throw new NoSuchAlgorithmException("Token has been removed");
|
||||||
|
}
|
||||||
|
+ if (systemFipsEnabled && !token.fipsLoggedIn &&
|
||||||
|
+ !getType().equals("KeyStore")) {
|
||||||
|
+ /*
|
||||||
|
+ * The NSS Software Token in FIPS 140-2 mode requires a
|
||||||
|
+ * user login for most operations. See sftk_fipsCheck
|
||||||
|
+ * (nss/lib/softoken/fipstokn.c). In case of a KeyStore
|
||||||
|
+ * service, let the caller perform the login with
|
||||||
|
+ * KeyStore::load. Keytool, for example, does this to pass a
|
||||||
|
+ * PIN from either the -srcstorepass or -deststorepass
|
||||||
|
+ * argument. In case of a non-KeyStore service, perform the
|
||||||
|
+ * login now with the PIN available in the fips.nssdb.pin
|
||||||
|
+ * property.
|
||||||
|
+ */
|
||||||
|
+ try {
|
||||||
|
+ if (System.getSecurityManager() != null) {
|
||||||
|
+ try {
|
||||||
|
+ AccessController.doPrivileged(
|
||||||
|
+ (PrivilegedExceptionAction<Void>) () -> {
|
||||||
|
+ token.ensureLoggedIn(null);
|
||||||
|
+ return null;
|
||||||
|
+ });
|
||||||
|
+ } catch (PrivilegedActionException pae) {
|
||||||
|
+ Exception e = pae.getException();
|
||||||
|
+ if (e instanceof LoginException le) {
|
||||||
|
+ throw le;
|
||||||
|
+ } else if (e instanceof PKCS11Exception p11e) {
|
||||||
|
+ throw p11e;
|
||||||
|
+ } else {
|
||||||
|
+ throw new RuntimeException(e);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ token.ensureLoggedIn(null);
|
||||||
|
+ }
|
||||||
|
+ } catch (PKCS11Exception | LoginException e) {
|
||||||
|
+ throw new ProviderException("FIPS: error during the Token" +
|
||||||
|
+ " login required for the " + getType() +
|
||||||
|
+ " service.", e);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
try {
|
||||||
|
return newInstance0(param);
|
||||||
|
} catch (PKCS11Exception e) {
|
||||||
|
@@ -1244,6 +1509,8 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
} else if (algorithm.endsWith("GCM/NoPadding") ||
|
} else if (algorithm.endsWith("GCM/NoPadding") ||
|
||||||
algorithm.startsWith("ChaCha20-Poly1305")) {
|
algorithm.startsWith("ChaCha20-Poly1305")) {
|
||||||
return new P11AEADCipher(token, algorithm, mechanism);
|
return new P11AEADCipher(token, algorithm, mechanism);
|
||||||
@ -4238,6 +4552,63 @@ index 112b639aa96..3e170b4c115 100644
|
|||||||
} else {
|
} else {
|
||||||
return new P11Cipher(token, algorithm, mechanism);
|
return new P11Cipher(token, algorithm, mechanism);
|
||||||
}
|
}
|
||||||
|
@@ -1579,6 +1846,9 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
try {
|
||||||
|
session = token.getOpSession();
|
||||||
|
p11.C_Logout(session.id());
|
||||||
|
+ if (systemFipsEnabled) {
|
||||||
|
+ token.fipsLoggedIn = false;
|
||||||
|
+ }
|
||||||
|
if (debug != null) {
|
||||||
|
debug.println("logout succeeded");
|
||||||
|
}
|
||||||
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
|
||||||
|
index 9858a5faedf..e63585486d9 100644
|
||||||
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
|
||||||
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
|
||||||
|
@@ -33,6 +33,7 @@ import java.lang.ref.*;
|
||||||
|
import java.security.*;
|
||||||
|
import javax.security.auth.login.LoginException;
|
||||||
|
|
||||||
|
+import jdk.internal.access.SharedSecrets;
|
||||||
|
import sun.security.jca.JCAUtil;
|
||||||
|
|
||||||
|
import sun.security.pkcs11.wrapper.*;
|
||||||
|
@@ -48,6 +49,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.*;
|
||||||
|
*/
|
||||||
|
class Token implements Serializable {
|
||||||
|
|
||||||
|
+ private static final boolean systemFipsEnabled = SharedSecrets
|
||||||
|
+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
|
||||||
|
+
|
||||||
|
// need to be serializable to allow SecureRandom to be serialized
|
||||||
|
private static final long serialVersionUID = 2541527649100571747L;
|
||||||
|
|
||||||
|
@@ -114,6 +118,10 @@ class Token implements Serializable {
|
||||||
|
// flag indicating whether we are logged in
|
||||||
|
private volatile boolean loggedIn;
|
||||||
|
|
||||||
|
+ // Flag indicating the login status for the NSS Software Token in FIPS mode.
|
||||||
|
+ // This Token is never asynchronously removed. Used from SunPKCS11.
|
||||||
|
+ volatile boolean fipsLoggedIn;
|
||||||
|
+
|
||||||
|
// time we last checked login status
|
||||||
|
private long lastLoginCheck;
|
||||||
|
|
||||||
|
@@ -232,7 +240,12 @@ class Token implements Serializable {
|
||||||
|
// call provider.login() if not
|
||||||
|
void ensureLoggedIn(Session session) throws PKCS11Exception, LoginException {
|
||||||
|
if (isLoggedIn(session) == false) {
|
||||||
|
- provider.login(null, null);
|
||||||
|
+ if (systemFipsEnabled) {
|
||||||
|
+ provider.login(null, new FIPSTokenLoginHandler());
|
||||||
|
+ fipsLoggedIn = true;
|
||||||
|
+ } else {
|
||||||
|
+ provider.login(null, null);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java
|
||||||
index 88ff8a71fc3..47a2f97eddf 100644
|
index 88ff8a71fc3..47a2f97eddf 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java
|
||||||
@ -4877,7 +5248,7 @@ index 5c0aacd1a67..5fbf8addcba 100644
|
|||||||
+}
|
+}
|
||||||
}
|
}
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
|
||||||
index d22844cfba8..9e02958b4b0 100644
|
index 0d65ee26805..38fd4aff1f3 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
|
||||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
|
||||||
@@ -1104,17 +1104,6 @@ public interface PKCS11Constants {
|
@@ -1104,17 +1104,6 @@ public interface PKCS11Constants {
|
||||||
@ -4939,7 +5310,7 @@ index d22844cfba8..9e02958b4b0 100644
|
|||||||
+ /* (CKM_NSS + 32) */ = 0xCE534370L;
|
+ /* (CKM_NSS + 32) */ = 0xCE534370L;
|
||||||
}
|
}
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c
|
diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c
|
||||||
index 666c5eb9b3b..5523dafcdb4 100644
|
index d941b574cc7..e2de13648be 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c
|
--- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c
|
||||||
+++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c
|
+++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c
|
||||||
@@ -1515,6 +1515,10 @@ CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam,
|
@@ -1515,6 +1515,10 @@ CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam,
|
@ -1,26 +0,0 @@
|
|||||||
diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
|
||||||
index 70903206ea0..09956084cf9 100644
|
|
||||||
--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
|
||||||
+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
|
||||||
@@ -189,6 +189,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
|
||||||
ctx = getLdapCtxFromUrl(
|
|
||||||
r.getDomainName(), url, new LdapURL(u), env);
|
|
||||||
return ctx;
|
|
||||||
+ } catch (AuthenticationException e) {
|
|
||||||
+ // do not retry on a different endpoint to avoid blocking
|
|
||||||
+ // the user if authentication credentials are wrong.
|
|
||||||
+ throw e;
|
|
||||||
} catch (NamingException e) {
|
|
||||||
// try the next element
|
|
||||||
lastException = e;
|
|
||||||
@@ -241,6 +245,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
|
||||||
for (String u : urls) {
|
|
||||||
try {
|
|
||||||
return getUsingURL(u, env);
|
|
||||||
+ } catch (AuthenticationException e) {
|
|
||||||
+ // do not retry on a different URL to avoid blocking
|
|
||||||
+ // the user if authentication credentials are wrong.
|
|
||||||
+ throw e;
|
|
||||||
} catch (NamingException e) {
|
|
||||||
ex = e;
|
|
||||||
}
|
|
@ -1,51 +0,0 @@
|
|||||||
diff --git a/make/data/cldr/common/bcp47/timezone.xml b/make/data/cldr/common/bcp47/timezone.xml
|
|
||||||
index 41ff6d236c8..e703020dcdd 100644
|
|
||||||
--- a/make/data/cldr/common/bcp47/timezone.xml
|
|
||||||
+++ b/make/data/cldr/common/bcp47/timezone.xml
|
|
||||||
@@ -393,7 +393,7 @@ For terms of use, see http://www.unicode.org/copyright.html
|
|
||||||
<type name="tvfun" description="Funafuti, Tuvalu" alias="Pacific/Funafuti"/>
|
|
||||||
<type name="twtpe" description="Taipei, Taiwan" alias="Asia/Taipei ROC"/>
|
|
||||||
<type name="tzdar" description="Dar es Salaam, Tanzania" alias="Africa/Dar_es_Salaam"/>
|
|
||||||
- <type name="uaiev" description="Kiev, Ukraine" alias="Europe/Kiev"/>
|
|
||||||
+ <type name="uaiev" description="Kyiv, Ukraine" alias="Europe/Kiev Europe/Kyiv"/>
|
|
||||||
<type name="uaozh" description="Zaporizhia (Zaporozhye), Ukraine" alias="Europe/Zaporozhye"/>
|
|
||||||
<type name="uasip" description="Simferopol, Ukraine" alias="Europe/Simferopol"/>
|
|
||||||
<type name="uauzh" description="Uzhhorod (Uzhgorod), Ukraine" alias="Europe/Uzhgorod"/>
|
|
||||||
diff --git a/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java b/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java
|
|
||||||
index eb56c087ad6..e398af3c151 100644
|
|
||||||
--- a/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java
|
|
||||||
+++ b/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java
|
|
||||||
@@ -23,7 +23,7 @@
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @test
|
|
||||||
- * @bug 8181157 8202537 8234347 8236548 8261279
|
|
||||||
+ * @bug 8181157 8202537 8234347 8236548 8261279 8293834
|
|
||||||
* @modules jdk.localedata
|
|
||||||
* @summary Checks CLDR time zone names are generated correctly at runtime
|
|
||||||
* @run testng/othervm -Djava.locale.providers=CLDR TimeZoneNamesTest
|
|
||||||
@@ -102,6 +102,24 @@ public class TimeZoneNamesTest {
|
|
||||||
"UTC+04:00",
|
|
||||||
"heure : Astrakhan",
|
|
||||||
"UTC+04:00"},
|
|
||||||
+ {"Europe/Kyiv", Locale.US, "Eastern European Standard Time",
|
|
||||||
+ "GMT+02:00",
|
|
||||||
+ "Eastern European Summer Time",
|
|
||||||
+ "GMT+03:00",
|
|
||||||
+ "Eastern European Time",
|
|
||||||
+ "GMT+02:00"},
|
|
||||||
+ {"Europe/Kyiv", Locale.FRANCE, "heure normale d\u2019Europe de l\u2019Est",
|
|
||||||
+ "UTC+02:00",
|
|
||||||
+ "heure d\u2019\u00e9t\u00e9 d\u2019Europe de l\u2019Est",
|
|
||||||
+ "UTC+03:00",
|
|
||||||
+ "heure d\u2019Europe de l\u2019Est",
|
|
||||||
+ "UTC+02:00"},
|
|
||||||
+ {"Europe/Kyiv", Locale.GERMANY, "Osteurop\u00e4ische Normalzeit",
|
|
||||||
+ "OEZ",
|
|
||||||
+ "Osteurop\u00e4ische Sommerzeit",
|
|
||||||
+ "OESZ",
|
|
||||||
+ "Osteurop\u00e4ische Zeit",
|
|
||||||
+ "OEZ"},
|
|
||||||
{"Europe/Saratov", Locale.US, "Saratov Standard Time",
|
|
||||||
"GMT+04:00",
|
|
||||||
"Saratov Daylight Time",
|
|
@ -1,303 +0,0 @@
|
|||||||
commit 3d93fdc583ed1c03ecf355b64d41c5f5fe4c07ce
|
|
||||||
Author: Goetz Lindenmaier <goetz@openjdk.org>
|
|
||||||
Date: Wed Oct 5 07:13:43 2022 +0000
|
|
||||||
|
|
||||||
8294357: (tz) Update Timezone Data to 2022d
|
|
||||||
|
|
||||||
Backport-of: f01573368f905f27d26f1d07d9cfd26dcc736a54
|
|
||||||
|
|
||||||
diff --git a/make/data/tzdata/VERSION b/make/data/tzdata/VERSION
|
|
||||||
index decb8716b22..889d0e6dad7 100644
|
|
||||||
--- a/make/data/tzdata/VERSION
|
|
||||||
+++ b/make/data/tzdata/VERSION
|
|
||||||
@@ -21,4 +21,4 @@
|
|
||||||
# or visit www.oracle.com if you need additional information or have any
|
|
||||||
# questions.
|
|
||||||
#
|
|
||||||
-tzdata2022c
|
|
||||||
+tzdata2022d
|
|
||||||
diff --git a/make/data/tzdata/asia b/make/data/tzdata/asia
|
|
||||||
index 3a150b0f36b..f9df7432947 100644
|
|
||||||
--- a/make/data/tzdata/asia
|
|
||||||
+++ b/make/data/tzdata/asia
|
|
||||||
@@ -3398,10 +3398,6 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
|
|
||||||
# The winter time in 2015 started on October 23 at 01:00.
|
|
||||||
# https://wafa.ps/ar_page.aspx?id=CgpCdYa670694628582aCgpCdY
|
|
||||||
# http://www.palestinecabinet.gov.ps/portal/meeting/details/27583
|
|
||||||
-#
|
|
||||||
-# From Paul Eggert (2019-04-10):
|
|
||||||
-# For now, guess spring-ahead transitions are at 00:00 on the Saturday
|
|
||||||
-# preceding March's last Sunday (i.e., Sat>=24).
|
|
||||||
|
|
||||||
# From P Chan (2021-10-18):
|
|
||||||
# http://wafa.ps/Pages/Details/34701
|
|
||||||
@@ -3418,6 +3414,18 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
|
|
||||||
# From Heba Hamad (2022-03-10):
|
|
||||||
# summer time will begin in Palestine from Sunday 03-27-2022, 00:00 AM.
|
|
||||||
|
|
||||||
+# From Heba Hamad (2022-08-30):
|
|
||||||
+# winter time will begin in Palestine from Saturday 10-29, 02:00 AM by
|
|
||||||
+# 60 minutes backwards. Also the state of Palestine adopted the summer
|
|
||||||
+# and winter time for the years: 2023,2024,2025,2026 ...
|
|
||||||
+# https://mm.icann.org/pipermail/tz/attachments/20220830/9f024566/Time-0001.pdf
|
|
||||||
+# (2022-08-31): ... the Saturday before the last Sunday in March and October
|
|
||||||
+# at 2:00 AM ,for the years from 2023 to 2026.
|
|
||||||
+# (2022-09-05): https://mtit.pna.ps/Site/New/1453
|
|
||||||
+#
|
|
||||||
+# From Paul Eggert (2022-08-31):
|
|
||||||
+# For now, assume that this rule will also be used after 2026.
|
|
||||||
+
|
|
||||||
# Rule NAME FROM TO - IN ON AT SAVE LETTER/S
|
|
||||||
Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
|
|
||||||
Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 -
|
|
||||||
@@ -3448,14 +3456,16 @@ Rule Palestine 2013 only - Sep 27 0:00 0 -
|
|
||||||
Rule Palestine 2014 only - Oct 24 0:00 0 -
|
|
||||||
Rule Palestine 2015 only - Mar 28 0:00 1:00 S
|
|
||||||
Rule Palestine 2015 only - Oct 23 1:00 0 -
|
|
||||||
-Rule Palestine 2016 2018 - Mar Sat>=24 1:00 1:00 S
|
|
||||||
-Rule Palestine 2016 2018 - Oct Sat>=24 1:00 0 -
|
|
||||||
+Rule Palestine 2016 2018 - Mar Sat<=30 1:00 1:00 S
|
|
||||||
+Rule Palestine 2016 2018 - Oct Sat<=30 1:00 0 -
|
|
||||||
Rule Palestine 2019 only - Mar 29 0:00 1:00 S
|
|
||||||
-Rule Palestine 2019 only - Oct Sat>=24 0:00 0 -
|
|
||||||
-Rule Palestine 2020 2021 - Mar Sat>=24 0:00 1:00 S
|
|
||||||
+Rule Palestine 2019 only - Oct Sat<=30 0:00 0 -
|
|
||||||
+Rule Palestine 2020 2021 - Mar Sat<=30 0:00 1:00 S
|
|
||||||
Rule Palestine 2020 only - Oct 24 1:00 0 -
|
|
||||||
-Rule Palestine 2021 max - Oct Fri>=23 1:00 0 -
|
|
||||||
-Rule Palestine 2022 max - Mar Sun>=25 0:00 1:00 S
|
|
||||||
+Rule Palestine 2021 only - Oct 29 1:00 0 -
|
|
||||||
+Rule Palestine 2022 only - Mar 27 0:00 1:00 S
|
|
||||||
+Rule Palestine 2022 max - Oct Sat<=30 2:00 0 -
|
|
||||||
+Rule Palestine 2023 max - Mar Sat<=30 2:00 1:00 S
|
|
||||||
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
|
|
||||||
diff --git a/make/data/tzdata/backward b/make/data/tzdata/backward
|
|
||||||
index d4a29e8cf29..7765d99aedf 100644
|
|
||||||
--- a/make/data/tzdata/backward
|
|
||||||
+++ b/make/data/tzdata/backward
|
|
||||||
@@ -113,6 +113,8 @@ Link Etc/UTC Etc/UCT
|
|
||||||
Link Europe/London Europe/Belfast
|
|
||||||
Link Europe/Kyiv Europe/Kiev
|
|
||||||
Link Europe/Chisinau Europe/Tiraspol
|
|
||||||
+Link Europe/Kyiv Europe/Uzhgorod
|
|
||||||
+Link Europe/Kyiv Europe/Zaporozhye
|
|
||||||
Link Europe/London GB
|
|
||||||
Link Europe/London GB-Eire
|
|
||||||
Link Etc/GMT GMT+0
|
|
||||||
diff --git a/make/data/tzdata/europe b/make/data/tzdata/europe
|
|
||||||
index 879b5337536..accc845dbaf 100644
|
|
||||||
--- a/make/data/tzdata/europe
|
|
||||||
+++ b/make/data/tzdata/europe
|
|
||||||
@@ -2638,10 +2638,14 @@ Zone Europe/Simferopol 2:16:24 - LMT 1880
|
|
||||||
# From Alexander Krivenyshev (2014-03-17):
|
|
||||||
# time change at 2:00 (2am) on March 30, 2014
|
|
||||||
# https://vz.ru/news/2014/3/17/677464.html
|
|
||||||
-# From Paul Eggert (2014-03-30):
|
|
||||||
-# Simferopol and Sevastopol reportedly changed their central town clocks
|
|
||||||
-# late the previous day, but this appears to have been ceremonial
|
|
||||||
-# and the discrepancies are small enough to not worry about.
|
|
||||||
+# From Tim Parenti (2022-07-01), per Paul Eggert (2014-03-30):
|
|
||||||
+# The clocks at the railway station in Simferopol were put forward from 22:00
|
|
||||||
+# to 24:00 the previous day in a "symbolic ceremony"; however, per
|
|
||||||
+# contemporaneous news reports, "ordinary Crimeans [made] the daylight savings
|
|
||||||
+# time switch at 2am" on Sunday.
|
|
||||||
+# https://www.business-standard.com/article/pti-stories/crimea-to-set-clocks-to-russia-time-114033000014_1.html
|
|
||||||
+# https://www.reuters.com/article/us-ukraine-crisis-crimea-time/crimea-switches-to-moscow-time-amid-incorporation-frenzy-idUKBREA2S0LT20140329
|
|
||||||
+# https://www.bbc.com/news/av/world-europe-26806583
|
|
||||||
2:00 EU EE%sT 2014 Mar 30 2:00
|
|
||||||
4:00 - MSK 2014 Oct 26 2:00s
|
|
||||||
3:00 - MSK
|
|
||||||
@@ -3774,8 +3778,8 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents.
|
|
||||||
# US colleague David Cochrane) are still trying to get more
|
|
||||||
# information upon these local deviations from Kiev rules.
|
|
||||||
#
|
|
||||||
-# From Paul Eggert (2022-02-08):
|
|
||||||
-# For now, assume that Ukraine's other three zones followed the same rules,
|
|
||||||
+# From Paul Eggert (2022-08-27):
|
|
||||||
+# For now, assume that Ukraine's zones all followed the same rules,
|
|
||||||
# except that Crimea switched to Moscow time in 1994 as described elsewhere.
|
|
||||||
|
|
||||||
# From Igor Karpov, who works for the Ukrainian Ministry of Justice,
|
|
||||||
@@ -3845,21 +3849,7 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents.
|
|
||||||
# * Ukrainian Government's Resolution of 20.03.1992, No. 139.
|
|
||||||
# http://www.uazakon.com/documents/date_8u/pg_grcasa.htm
|
|
||||||
|
|
||||||
-# From Paul Eggert (2022-04-12):
|
|
||||||
-# As is usual in tzdb, Ukrainian zones use the most common English spellings.
|
|
||||||
-# In particular, tzdb's name Europe/Kyiv uses the most common spelling in
|
|
||||||
-# English for Ukraine's capital. Although tzdb's former name was Europe/Kiev,
|
|
||||||
-# "Kyiv" is now more common due to widespread reporting of the current conflict.
|
|
||||||
-# Conversely, tzdb continues to use the names Europe/Uzhgorod and
|
|
||||||
-# Europe/Zaporozhye; this is similar to tzdb's use of Europe/Prague, which is
|
|
||||||
-# certainly wrong as a transliteration of the Czech "Praha".
|
|
||||||
-# English-language spelling of Ukrainian names is in flux, and
|
|
||||||
-# some day "Uzhhorod" or "Zaporizhzhia" may become substantially more
|
|
||||||
-# common in English; in the meantime, do not change these
|
|
||||||
-# English spellings as that means less disruption for our users.
|
|
||||||
-
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-# This represents most of Ukraine. See above for the spelling of "Kyiv".
|
|
||||||
Zone Europe/Kyiv 2:02:04 - LMT 1880
|
|
||||||
2:02:04 - KMT 1924 May 2 # Kyiv Mean Time
|
|
||||||
2:00 - EET 1930 Jun 21
|
|
||||||
@@ -3869,34 +3859,6 @@ Zone Europe/Kyiv 2:02:04 - LMT 1880
|
|
||||||
2:00 1:00 EEST 1991 Sep 29 3:00
|
|
||||||
2:00 C-Eur EE%sT 1996 May 13
|
|
||||||
2:00 EU EE%sT
|
|
||||||
-# Transcarpathia used CET 1990/1991.
|
|
||||||
-# "Uzhhorod" is the transliteration of the Rusyn/Ukrainian pronunciation, but
|
|
||||||
-# "Uzhgorod" is more common in English.
|
|
||||||
-Zone Europe/Uzhgorod 1:29:12 - LMT 1890 Oct
|
|
||||||
- 1:00 - CET 1940
|
|
||||||
- 1:00 C-Eur CE%sT 1944 Oct
|
|
||||||
- 1:00 1:00 CEST 1944 Oct 26
|
|
||||||
- 1:00 - CET 1945 Jun 29
|
|
||||||
- 3:00 Russia MSK/MSD 1990
|
|
||||||
- 3:00 - MSK 1990 Jul 1 2:00
|
|
||||||
- 1:00 - CET 1991 Mar 31 3:00
|
|
||||||
- 2:00 - EET 1992 Mar 20
|
|
||||||
- 2:00 C-Eur EE%sT 1996 May 13
|
|
||||||
- 2:00 EU EE%sT
|
|
||||||
-# Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991.
|
|
||||||
-# "Zaporizhzhia" is the transliteration of the Ukrainian name, but
|
|
||||||
-# "Zaporozh'ye" is more common in English. Use the common English
|
|
||||||
-# spelling, except omit the apostrophe as it is not allowed in
|
|
||||||
-# portable Posix file names.
|
|
||||||
-Zone Europe/Zaporozhye 2:20:40 - LMT 1880
|
|
||||||
- 2:20 - +0220 1924 May 2
|
|
||||||
- 2:00 - EET 1930 Jun 21
|
|
||||||
- 3:00 - MSK 1941 Aug 25
|
|
||||||
- 1:00 C-Eur CE%sT 1943 Oct 25
|
|
||||||
- 3:00 Russia MSK/MSD 1991 Mar 31 2:00
|
|
||||||
- 2:00 E-Eur EE%sT 1992 Mar 20
|
|
||||||
- 2:00 C-Eur EE%sT 1996 May 13
|
|
||||||
- 2:00 EU EE%sT
|
|
||||||
|
|
||||||
# Vatican City
|
|
||||||
# See Europe/Rome.
|
|
||||||
diff --git a/make/data/tzdata/southamerica b/make/data/tzdata/southamerica
|
|
||||||
index 13ec081c7e0..3c0e0e2061c 100644
|
|
||||||
--- a/make/data/tzdata/southamerica
|
|
||||||
+++ b/make/data/tzdata/southamerica
|
|
||||||
@@ -1332,8 +1332,14 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914
|
|
||||||
# for America/Santiago will start on midnight of September 11th;
|
|
||||||
# and will end on April 1st, 2023. Magallanes region (America/Punta_Arenas)
|
|
||||||
# will keep UTC -3 "indefinitely"... This is because on September 4th
|
|
||||||
-# we will have a voting whether to approve a new Constitution....
|
|
||||||
-# https://www.interior.gob.cl/noticias/2022/08/09/comunicado-el-proximo-sabado-10-de-septiembre-los-relojes-se-deben-adelantar-una-hora/
|
|
||||||
+# we will have a voting whether to approve a new Constitution.
|
|
||||||
+#
|
|
||||||
+# From Eduardo Romero Urra (2022-08-17):
|
|
||||||
+# https://www.diariooficial.interior.gob.cl/publicaciones/2022/08/13/43327/01/2172567.pdf
|
|
||||||
+#
|
|
||||||
+# From Paul Eggert (2022-08-17):
|
|
||||||
+# Although the presidential decree stops at fall 2026, assume that
|
|
||||||
+# similar DST rules will continue thereafter.
|
|
||||||
|
|
||||||
# Rule NAME FROM TO - IN ON AT SAVE LETTER/S
|
|
||||||
Rule Chile 1927 1931 - Sep 1 0:00 1:00 -
|
|
||||||
diff --git a/make/data/tzdata/zone.tab b/make/data/tzdata/zone.tab
|
|
||||||
index 51b65fa273c..ee025196e50 100644
|
|
||||||
--- a/make/data/tzdata/zone.tab
|
|
||||||
+++ b/make/data/tzdata/zone.tab
|
|
||||||
@@ -424,8 +424,6 @@ TV -0831+17913 Pacific/Funafuti
|
|
||||||
TW +2503+12130 Asia/Taipei
|
|
||||||
TZ -0648+03917 Africa/Dar_es_Salaam
|
|
||||||
UA +5026+03031 Europe/Kyiv Ukraine (most areas)
|
|
||||||
-UA +4837+02218 Europe/Uzhgorod Transcarpathia
|
|
||||||
-UA +4750+03510 Europe/Zaporozhye Zaporozhye and east Lugansk
|
|
||||||
UG +0019+03225 Africa/Kampala
|
|
||||||
UM +2813-17722 Pacific/Midway Midway Islands
|
|
||||||
UM +1917+16637 Pacific/Wake Wake Island
|
|
||||||
diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
|
|
||||||
index 15c2f0d1275..6f6e190efcd 100644
|
|
||||||
--- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
|
|
||||||
+++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
|
|
||||||
@@ -574,12 +574,8 @@ public final class ZoneInfoFile {
|
|
||||||
// we can then pass in the dom = -1, dow > 0 into ZoneInfo
|
|
||||||
//
|
|
||||||
// hacking, assume the >=24 is the result of ZRB optimization for
|
|
||||||
- // "last", it works for now. From tzdata2020d this hacking
|
|
||||||
- // will not work for Asia/Gaza and Asia/Hebron which follow
|
|
||||||
- // Palestine DST rules.
|
|
||||||
- if (dom < 0 || dom >= 24 &&
|
|
||||||
- !(zoneId.equals("Asia/Gaza") ||
|
|
||||||
- zoneId.equals("Asia/Hebron"))) {
|
|
||||||
+ // "last", it works for now.
|
|
||||||
+ if (dom < 0 || dom >= 24) {
|
|
||||||
params[1] = -1;
|
|
||||||
params[2] = toCalendarDOW[dow];
|
|
||||||
} else {
|
|
||||||
@@ -601,7 +597,6 @@ public final class ZoneInfoFile {
|
|
||||||
params[7] = 0;
|
|
||||||
} else {
|
|
||||||
// hacking: see comment above
|
|
||||||
- // No need of hacking for Asia/Gaza and Asia/Hebron from tz2021e
|
|
||||||
if (dom < 0 || dom >= 24) {
|
|
||||||
params[6] = -1;
|
|
||||||
params[7] = toCalendarDOW[dow];
|
|
||||||
diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION
|
|
||||||
index c32bee39fba..71470168456 100644
|
|
||||||
--- a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION
|
|
||||||
+++ b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION
|
|
||||||
@@ -1 +1 @@
|
|
||||||
-tzdata2022c
|
|
||||||
+tzdata2022d
|
|
||||||
diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt b/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt
|
|
||||||
index a5e6428a3f5..e3ce742f887 100644
|
|
||||||
--- a/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt
|
|
||||||
+++ b/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt
|
|
||||||
@@ -183,6 +183,8 @@ Link Etc/UTC Etc/UCT
|
|
||||||
Link Europe/London Europe/Belfast
|
|
||||||
Link Europe/Kyiv Europe/Kiev
|
|
||||||
Link Europe/Chisinau Europe/Tiraspol
|
|
||||||
+Link Europe/Kyiv Europe/Uzhgorod
|
|
||||||
+Link Europe/Kyiv Europe/Zaporozhye
|
|
||||||
Link Europe/London GB
|
|
||||||
Link Europe/London GB-Eire
|
|
||||||
Link Etc/GMT GMT+0
|
|
||||||
diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt
|
|
||||||
index fc148537f1f..b3823958ae4 100644
|
|
||||||
--- a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt
|
|
||||||
+++ b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt
|
|
||||||
@@ -163,11 +163,9 @@ Europe/Simferopol MSK
|
|
||||||
Europe/Sofia EET EEST
|
|
||||||
Europe/Tallinn EET EEST
|
|
||||||
Europe/Tirane CET CEST
|
|
||||||
-Europe/Uzhgorod EET EEST
|
|
||||||
Europe/Vienna CET CEST
|
|
||||||
Europe/Vilnius EET EEST
|
|
||||||
Europe/Warsaw CET CEST
|
|
||||||
-Europe/Zaporozhye EET EEST
|
|
||||||
Europe/Zurich CET CEST
|
|
||||||
HST HST
|
|
||||||
MET MET MEST
|
|
||||||
diff --git a/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java b/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java
|
|
||||||
index 7b50c342a0d..a7d14f1aa21 100644
|
|
||||||
--- a/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java
|
|
||||||
+++ b/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java
|
|
||||||
@@ -176,11 +176,12 @@ public class TestZoneInfo310 {
|
|
||||||
* save time in IANA tzdata. This bug is tracked via JDK-8223388.
|
|
||||||
*
|
|
||||||
* These are the zones/rules that employ negative DST in vanguard
|
|
||||||
- * format (as of 2019a):
|
|
||||||
+ * format (as of 2019a), Palestine added in 2022d:
|
|
||||||
*
|
|
||||||
* - Rule "Eire"
|
|
||||||
* - Rule "Morocco"
|
|
||||||
* - Rule "Namibia"
|
|
||||||
+ * - Rule "Palestine"
|
|
||||||
* - Zone "Europe/Prague"
|
|
||||||
*
|
|
||||||
* Tehran/Iran rule has rules beyond 2037, in which javazic assumes
|
|
||||||
@@ -196,6 +197,8 @@ public class TestZoneInfo310 {
|
|
||||||
zid.equals("Europe/Dublin") || // uses "Eire" rule
|
|
||||||
zid.equals("Europe/Prague") ||
|
|
||||||
zid.equals("Asia/Tehran") || // last rule mismatch
|
|
||||||
+ zid.equals("Asia/Gaza") || // uses "Palestine" rule
|
|
||||||
+ zid.equals("Asia/Hebron") || // uses "Palestine" rule
|
|
||||||
zid.equals("Iran")) { // last rule mismatch
|
|
||||||
continue;
|
|
||||||
}
|
|
@ -1,420 +0,0 @@
|
|||||||
commit d159a377e0243bd2c80593689fd7cd20b2b578f7
|
|
||||||
Author: duke <duke@openjdk.org>
|
|
||||||
Date: Fri Oct 14 03:37:19 2022 +0000
|
|
||||||
|
|
||||||
Backport 21407dec0156301871a83328615e4d975c4287c4
|
|
||||||
|
|
||||||
diff --git a/make/data/tzdata/VERSION b/make/data/tzdata/VERSION
|
|
||||||
index 889d0e6dad7..b8cb36e69f4 100644
|
|
||||||
--- a/make/data/tzdata/VERSION
|
|
||||||
+++ b/make/data/tzdata/VERSION
|
|
||||||
@@ -21,4 +21,4 @@
|
|
||||||
# or visit www.oracle.com if you need additional information or have any
|
|
||||||
# questions.
|
|
||||||
#
|
|
||||||
-tzdata2022d
|
|
||||||
+tzdata2022e
|
|
||||||
diff --git a/make/data/tzdata/asia b/make/data/tzdata/asia
|
|
||||||
index f9df7432947..5b2337fd0b6 100644
|
|
||||||
--- a/make/data/tzdata/asia
|
|
||||||
+++ b/make/data/tzdata/asia
|
|
||||||
@@ -2254,6 +2254,17 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u
|
|
||||||
# From the Arabic version, it seems to say it would be at midnight
|
|
||||||
# (assume 24:00) on the last Thursday in February, starting from 2022.
|
|
||||||
|
|
||||||
+# From Issam Al-Zuwairi (2022-10-05):
|
|
||||||
+# The Council of Ministers in Jordan decided Wednesday 5th October 2022,
|
|
||||||
+# that daylight saving time (DST) will be throughout the year....
|
|
||||||
+#
|
|
||||||
+# From Brian Inglis (2022-10-06):
|
|
||||||
+# https://petra.gov.jo/Include/InnerPage.jsp?ID=45567&lang=en&name=en_news
|
|
||||||
+#
|
|
||||||
+# From Paul Eggert (2022-10-05):
|
|
||||||
+# Like Syria, model this as a transition from EEST +03 (DST) to plain +03
|
|
||||||
+# (non-DST) at the point where DST would otherwise have ended.
|
|
||||||
+
|
|
||||||
# Rule NAME FROM TO - IN ON AT SAVE LETTER/S
|
|
||||||
Rule Jordan 1973 only - Jun 6 0:00 1:00 S
|
|
||||||
Rule Jordan 1973 1975 - Oct 1 0:00 0 -
|
|
||||||
@@ -2285,11 +2296,12 @@ Rule Jordan 2005 only - Sep lastFri 0:00s 0 -
|
|
||||||
Rule Jordan 2006 2011 - Oct lastFri 0:00s 0 -
|
|
||||||
Rule Jordan 2013 only - Dec 20 0:00 0 -
|
|
||||||
Rule Jordan 2014 2021 - Mar lastThu 24:00 1:00 S
|
|
||||||
-Rule Jordan 2014 max - Oct lastFri 0:00s 0 -
|
|
||||||
-Rule Jordan 2022 max - Feb lastThu 24:00 1:00 S
|
|
||||||
+Rule Jordan 2014 2022 - Oct lastFri 0:00s 0 -
|
|
||||||
+Rule Jordan 2022 only - Feb lastThu 24:00 1:00 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
Zone Asia/Amman 2:23:44 - LMT 1931
|
|
||||||
- 2:00 Jordan EE%sT
|
|
||||||
+ 2:00 Jordan EE%sT 2022 Oct 28 0:00s
|
|
||||||
+ 3:00 - +03
|
|
||||||
|
|
||||||
|
|
||||||
# Kazakhstan
|
|
||||||
@@ -3838,19 +3850,27 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 -
|
|
||||||
# Our brief summary:
|
|
||||||
# https://www.timeanddate.com/news/time/syria-dst-2012.html
|
|
||||||
|
|
||||||
-# From Arthur David Olson (2012-03-27):
|
|
||||||
-# Assume last Friday in March going forward XXX.
|
|
||||||
+# From Steffen Thorsen (2022-10-05):
|
|
||||||
+# Syria is adopting year-round DST, starting this autumn....
|
|
||||||
+# From https://www.enabbaladi.net/archives/607812
|
|
||||||
+# "This [the decision] came after the weekly government meeting today,
|
|
||||||
+# Tuesday 4 October ..."
|
|
||||||
+#
|
|
||||||
+# From Paul Eggert (2022-10-05):
|
|
||||||
+# Like Jordan, model this as a transition from EEST +03 (DST) to plain +03
|
|
||||||
+# (non-DST) at the point where DST would otherwise have ended.
|
|
||||||
|
|
||||||
Rule Syria 2008 only - Apr Fri>=1 0:00 1:00 S
|
|
||||||
Rule Syria 2008 only - Nov 1 0:00 0 -
|
|
||||||
Rule Syria 2009 only - Mar lastFri 0:00 1:00 S
|
|
||||||
Rule Syria 2010 2011 - Apr Fri>=1 0:00 1:00 S
|
|
||||||
-Rule Syria 2012 max - Mar lastFri 0:00 1:00 S
|
|
||||||
-Rule Syria 2009 max - Oct lastFri 0:00 0 -
|
|
||||||
+Rule Syria 2012 2022 - Mar lastFri 0:00 1:00 S
|
|
||||||
+Rule Syria 2009 2022 - Oct lastFri 0:00 0 -
|
|
||||||
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
Zone Asia/Damascus 2:25:12 - LMT 1920 # Dimashq
|
|
||||||
- 2:00 Syria EE%sT
|
|
||||||
+ 2:00 Syria EE%sT 2022 Oct 28 0:00
|
|
||||||
+ 3:00 - +03
|
|
||||||
|
|
||||||
# Tajikistan
|
|
||||||
# From Shanks & Pottenger.
|
|
||||||
diff --git a/make/data/tzdata/europe b/make/data/tzdata/europe
|
|
||||||
index accc845dbaf..2832c4b9763 100644
|
|
||||||
--- a/make/data/tzdata/europe
|
|
||||||
+++ b/make/data/tzdata/europe
|
|
||||||
@@ -3417,7 +3417,7 @@ Zone Europe/Madrid -0:14:44 - LMT 1901 Jan 1 0:00u
|
|
||||||
0:00 Spain WE%sT 1940 Mar 16 23:00
|
|
||||||
1:00 Spain CE%sT 1979
|
|
||||||
1:00 EU CE%sT
|
|
||||||
-Zone Africa/Ceuta -0:21:16 - LMT 1900 Dec 31 23:38:44
|
|
||||||
+Zone Africa/Ceuta -0:21:16 - LMT 1901 Jan 1 0:00u
|
|
||||||
0:00 - WET 1918 May 6 23:00
|
|
||||||
0:00 1:00 WEST 1918 Oct 7 23:00
|
|
||||||
0:00 - WET 1924
|
|
||||||
diff --git a/make/data/tzdata/northamerica b/make/data/tzdata/northamerica
|
|
||||||
index 114cef14cce..ce4ee74582c 100644
|
|
||||||
--- a/make/data/tzdata/northamerica
|
|
||||||
+++ b/make/data/tzdata/northamerica
|
|
||||||
@@ -462,7 +462,7 @@ Rule Chicago 1922 1966 - Apr lastSun 2:00 1:00 D
|
|
||||||
Rule Chicago 1922 1954 - Sep lastSun 2:00 0 S
|
|
||||||
Rule Chicago 1955 1966 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24
|
|
||||||
+Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1920
|
|
||||||
-6:00 Chicago C%sT 1936 Mar 1 2:00
|
|
||||||
-5:00 - EST 1936 Nov 15 2:00
|
|
||||||
@@ -471,7 +471,7 @@ Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24
|
|
||||||
-6:00 Chicago C%sT 1967
|
|
||||||
-6:00 US C%sT
|
|
||||||
# Oliver County, ND switched from mountain to central time on 1992-10-25.
|
|
||||||
-Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48
|
|
||||||
+Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 19:00u
|
|
||||||
-7:00 US M%sT 1992 Oct 25 2:00
|
|
||||||
-6:00 US C%sT
|
|
||||||
# Morton County, ND, switched from mountain to central time on
|
|
||||||
@@ -481,7 +481,7 @@ Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48
|
|
||||||
# Jones, Mellette, and Todd Counties in South Dakota;
|
|
||||||
# but in practice these other counties were already observing central time.
|
|
||||||
# See <http://www.epa.gov/fedrgstr/EPA-IMPACT/2003/October/Day-28/i27056.htm>.
|
|
||||||
-Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21
|
|
||||||
+Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 19:00u
|
|
||||||
-7:00 US M%sT 2003 Oct 26 2:00
|
|
||||||
-6:00 US C%sT
|
|
||||||
|
|
||||||
@@ -498,7 +498,7 @@ Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21
|
|
||||||
# largest city in Mercer County). Google Maps places Beulah's city hall
|
|
||||||
# at 47° 15' 51" N, 101° 46' 40" W, which yields an offset of 6h47'07".
|
|
||||||
|
|
||||||
-Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 12:12:53
|
|
||||||
+Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 19:00u
|
|
||||||
-7:00 US M%sT 2010 Nov 7 2:00
|
|
||||||
-6:00 US C%sT
|
|
||||||
|
|
||||||
@@ -530,7 +530,7 @@ Rule Denver 1921 only - May 22 2:00 0 S
|
|
||||||
Rule Denver 1965 1966 - Apr lastSun 2:00 1:00 D
|
|
||||||
Rule Denver 1965 1966 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04
|
|
||||||
+Zone America/Denver -6:59:56 - LMT 1883 Nov 18 19:00u
|
|
||||||
-7:00 US M%sT 1920
|
|
||||||
-7:00 Denver M%sT 1942
|
|
||||||
-7:00 US M%sT 1946
|
|
||||||
@@ -583,7 +583,7 @@ Rule CA 1950 1966 - Apr lastSun 1:00 1:00 D
|
|
||||||
Rule CA 1950 1961 - Sep lastSun 2:00 0 S
|
|
||||||
Rule CA 1962 1966 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 12:07:02
|
|
||||||
+Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 20:00u
|
|
||||||
-8:00 US P%sT 1946
|
|
||||||
-8:00 CA P%sT 1967
|
|
||||||
-8:00 US P%sT
|
|
||||||
@@ -845,7 +845,7 @@ Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00
|
|
||||||
# Go with the Arizona State Library instead.
|
|
||||||
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 11:31:42
|
|
||||||
+Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 19:00u
|
|
||||||
-7:00 US M%sT 1944 Jan 1 0:01
|
|
||||||
-7:00 - MST 1944 Apr 1 0:01
|
|
||||||
-7:00 US M%sT 1944 Oct 1 0:01
|
|
||||||
@@ -873,7 +873,7 @@ Link America/Phoenix America/Creston
|
|
||||||
# switched four weeks late in 1974.
|
|
||||||
#
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Boise -7:44:49 - LMT 1883 Nov 18 12:15:11
|
|
||||||
+Zone America/Boise -7:44:49 - LMT 1883 Nov 18 20:00u
|
|
||||||
-8:00 US P%sT 1923 May 13 2:00
|
|
||||||
-7:00 US M%sT 1974
|
|
||||||
-7:00 - MST 1974 Feb 3 2:00
|
|
||||||
@@ -945,7 +945,7 @@ Rule Indianapolis 1941 only - Jun 22 2:00 1:00 D
|
|
||||||
Rule Indianapolis 1941 1954 - Sep lastSun 2:00 0 S
|
|
||||||
Rule Indianapolis 1946 1954 - Apr lastSun 2:00 1:00 D
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 12:15:22
|
|
||||||
+Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1920
|
|
||||||
-6:00 Indianapolis C%sT 1942
|
|
||||||
-6:00 US C%sT 1946
|
|
||||||
@@ -965,7 +965,7 @@ Rule Marengo 1951 only - Sep lastSun 2:00 0 S
|
|
||||||
Rule Marengo 1954 1960 - Apr lastSun 2:00 1:00 D
|
|
||||||
Rule Marengo 1954 1960 - Sep lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 12:14:37
|
|
||||||
+Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1951
|
|
||||||
-6:00 Marengo C%sT 1961 Apr 30 2:00
|
|
||||||
-5:00 - EST 1969
|
|
||||||
@@ -989,7 +989,7 @@ Rule Vincennes 1960 only - Oct lastSun 2:00 0 S
|
|
||||||
Rule Vincennes 1961 only - Sep lastSun 2:00 0 S
|
|
||||||
Rule Vincennes 1962 1963 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 12:09:53
|
|
||||||
+Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1946
|
|
||||||
-6:00 Vincennes C%sT 1964 Apr 26 2:00
|
|
||||||
-5:00 - EST 1969
|
|
||||||
@@ -1009,7 +1009,7 @@ Rule Perry 1955 1960 - Sep lastSun 2:00 0 S
|
|
||||||
Rule Perry 1956 1963 - Apr lastSun 2:00 1:00 D
|
|
||||||
Rule Perry 1961 1963 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 12:12:57
|
|
||||||
+Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1946
|
|
||||||
-6:00 Perry C%sT 1964 Apr 26 2:00
|
|
||||||
-5:00 - EST 1967 Oct 29 2:00
|
|
||||||
@@ -1026,7 +1026,7 @@ Rule Pike 1955 1960 - Sep lastSun 2:00 0 S
|
|
||||||
Rule Pike 1956 1964 - Apr lastSun 2:00 1:00 D
|
|
||||||
Rule Pike 1961 1964 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 12:10:53
|
|
||||||
+Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1955
|
|
||||||
-6:00 Pike C%sT 1965 Apr 25 2:00
|
|
||||||
-5:00 - EST 1966 Oct 30 2:00
|
|
||||||
@@ -1048,7 +1048,7 @@ Rule Starke 1955 1956 - Oct lastSun 2:00 0 S
|
|
||||||
Rule Starke 1957 1958 - Sep lastSun 2:00 0 S
|
|
||||||
Rule Starke 1959 1961 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 12:13:30
|
|
||||||
+Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1947
|
|
||||||
-6:00 Starke C%sT 1962 Apr 29 2:00
|
|
||||||
-5:00 - EST 1963 Oct 27 2:00
|
|
||||||
@@ -1064,7 +1064,7 @@ Rule Pulaski 1946 1954 - Sep lastSun 2:00 0 S
|
|
||||||
Rule Pulaski 1955 1956 - Oct lastSun 2:00 0 S
|
|
||||||
Rule Pulaski 1957 1960 - Sep lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35
|
|
||||||
+Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1946
|
|
||||||
-6:00 Pulaski C%sT 1961 Apr 30 2:00
|
|
||||||
-5:00 - EST 1969
|
|
||||||
@@ -1075,7 +1075,7 @@ Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35
|
|
||||||
#
|
|
||||||
# Switzerland County, Indiana, did not observe DST from 1973 through 2005.
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 12:19:44
|
|
||||||
+Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1954 Apr 25 2:00
|
|
||||||
-5:00 - EST 1969
|
|
||||||
-5:00 US E%sT 1973
|
|
||||||
@@ -1111,7 +1111,7 @@ Rule Louisville 1950 1961 - Apr lastSun 2:00 1:00 D
|
|
||||||
Rule Louisville 1950 1955 - Sep lastSun 2:00 0 S
|
|
||||||
Rule Louisville 1956 1961 - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
-Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58
|
|
||||||
+Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1921
|
|
||||||
-6:00 Louisville C%sT 1942
|
|
||||||
-6:00 US C%sT 1946
|
|
||||||
@@ -1145,7 +1145,7 @@ Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58
|
|
||||||
# Federal Register 65, 160 (2000-08-17), pp 50154-50158.
|
|
||||||
# https://www.gpo.gov/fdsys/pkg/FR-2000-08-17/html/00-20854.htm
|
|
||||||
#
|
|
||||||
-Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 12:20:36
|
|
||||||
+Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 18:00u
|
|
||||||
-6:00 US C%sT 1946
|
|
||||||
-6:00 - CST 1968
|
|
||||||
-6:00 US C%sT 2000 Oct 29 2:00
|
|
||||||
@@ -2640,6 +2640,8 @@ Zone America/Dawson -9:17:40 - LMT 1900 Aug 20
|
|
||||||
# longitude they are located at.
|
|
||||||
|
|
||||||
# Rule NAME FROM TO - IN ON AT SAVE LETTER/S
|
|
||||||
+Rule Mexico 1931 only - May 1 23:00 1:00 D
|
|
||||||
+Rule Mexico 1931 only - Oct 1 0:00 0 S
|
|
||||||
Rule Mexico 1939 only - Feb 5 0:00 1:00 D
|
|
||||||
Rule Mexico 1939 only - Jun 25 0:00 0 S
|
|
||||||
Rule Mexico 1940 only - Dec 9 0:00 1:00 D
|
|
||||||
@@ -2656,13 +2658,13 @@ Rule Mexico 2002 max - Apr Sun>=1 2:00 1:00 D
|
|
||||||
Rule Mexico 2002 max - Oct lastSun 2:00 0 S
|
|
||||||
# Zone NAME STDOFF RULES FORMAT [UNTIL]
|
|
||||||
# Quintana Roo; represented by Cancún
|
|
||||||
-Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 0:12:56
|
|
||||||
+Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 6:00u
|
|
||||||
-6:00 - CST 1981 Dec 23
|
|
||||||
-5:00 Mexico E%sT 1998 Aug 2 2:00
|
|
||||||
-6:00 Mexico C%sT 2015 Feb 1 2:00
|
|
||||||
-5:00 - EST
|
|
||||||
# Campeche, Yucatán; represented by Mérida
|
|
||||||
-Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32
|
|
||||||
+Zone America/Merida -5:58:28 - LMT 1922 Jan 1 6:00u
|
|
||||||
-6:00 - CST 1981 Dec 23
|
|
||||||
-5:00 - EST 1982 Dec 2
|
|
||||||
-6:00 Mexico C%sT
|
|
||||||
@@ -2676,23 +2678,21 @@ Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32
|
|
||||||
# See: Inicia mañana Horario de Verano en zona fronteriza, El Universal,
|
|
||||||
# 2016-03-12
|
|
||||||
# http://www.eluniversal.com.mx/articulo/estados/2016/03/12/inicia-manana-horario-de-verano-en-zona-fronteriza
|
|
||||||
-Zone America/Matamoros -6:40:00 - LMT 1921 Dec 31 23:20:00
|
|
||||||
+Zone America/Matamoros -6:30:00 - LMT 1922 Jan 1 6:00u
|
|
||||||
-6:00 - CST 1988
|
|
||||||
-6:00 US C%sT 1989
|
|
||||||
-6:00 Mexico C%sT 2010
|
|
||||||
-6:00 US C%sT
|
|
||||||
# Durango; Coahuila, Nuevo León, Tamaulipas (away from US border)
|
|
||||||
-Zone America/Monterrey -6:41:16 - LMT 1921 Dec 31 23:18:44
|
|
||||||
+Zone America/Monterrey -6:41:16 - LMT 1922 Jan 1 6:00u
|
|
||||||
-6:00 - CST 1988
|
|
||||||
-6:00 US C%sT 1989
|
|
||||||
-6:00 Mexico C%sT
|
|
||||||
# Central Mexico
|
|
||||||
-Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24
|
|
||||||
+Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 7:00u
|
|
||||||
-7:00 - MST 1927 Jun 10 23:00
|
|
||||||
-6:00 - CST 1930 Nov 15
|
|
||||||
- -7:00 - MST 1931 May 1 23:00
|
|
||||||
- -6:00 - CST 1931 Oct
|
|
||||||
- -7:00 - MST 1932 Apr 1
|
|
||||||
+ -7:00 Mexico M%sT 1932 Apr 1
|
|
||||||
-6:00 Mexico C%sT 2001 Sep 30 2:00
|
|
||||||
-6:00 - CST 2002 Feb 20
|
|
||||||
-6:00 Mexico C%sT
|
|
||||||
@@ -2700,35 +2700,29 @@ Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24
|
|
||||||
# This includes the municipalities of Janos, Ascensión, Juárez, Guadalupe,
|
|
||||||
# Práxedis G Guerrero, Coyame del Sotol, Ojinaga, and Manuel Benavides.
|
|
||||||
# (See the 2016-03-12 El Universal source mentioned above.)
|
|
||||||
-Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 0:02:20
|
|
||||||
+Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 7:00u
|
|
||||||
-7:00 - MST 1927 Jun 10 23:00
|
|
||||||
-6:00 - CST 1930 Nov 15
|
|
||||||
- -7:00 - MST 1931 May 1 23:00
|
|
||||||
- -6:00 - CST 1931 Oct
|
|
||||||
- -7:00 - MST 1932 Apr 1
|
|
||||||
+ -7:00 Mexico M%sT 1932 Apr 1
|
|
||||||
-6:00 - CST 1996
|
|
||||||
-6:00 Mexico C%sT 1998
|
|
||||||
-6:00 - CST 1998 Apr Sun>=1 3:00
|
|
||||||
-7:00 Mexico M%sT 2010
|
|
||||||
-7:00 US M%sT
|
|
||||||
# Chihuahua (away from US border)
|
|
||||||
-Zone America/Chihuahua -7:04:20 - LMT 1921 Dec 31 23:55:40
|
|
||||||
+Zone America/Chihuahua -7:04:20 - LMT 1922 Jan 1 7:00u
|
|
||||||
-7:00 - MST 1927 Jun 10 23:00
|
|
||||||
-6:00 - CST 1930 Nov 15
|
|
||||||
- -7:00 - MST 1931 May 1 23:00
|
|
||||||
- -6:00 - CST 1931 Oct
|
|
||||||
- -7:00 - MST 1932 Apr 1
|
|
||||||
+ -7:00 Mexico M%sT 1932 Apr 1
|
|
||||||
-6:00 - CST 1996
|
|
||||||
-6:00 Mexico C%sT 1998
|
|
||||||
-6:00 - CST 1998 Apr Sun>=1 3:00
|
|
||||||
-7:00 Mexico M%sT
|
|
||||||
# Sonora
|
|
||||||
-Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08
|
|
||||||
+Zone America/Hermosillo -7:23:52 - LMT 1922 Jan 1 7:00u
|
|
||||||
-7:00 - MST 1927 Jun 10 23:00
|
|
||||||
-6:00 - CST 1930 Nov 15
|
|
||||||
- -7:00 - MST 1931 May 1 23:00
|
|
||||||
- -6:00 - CST 1931 Oct
|
|
||||||
- -7:00 - MST 1932 Apr 1
|
|
||||||
+ -7:00 Mexico M%sT 1932 Apr 1
|
|
||||||
-6:00 - CST 1942 Apr 24
|
|
||||||
-7:00 - MST 1949 Jan 14
|
|
||||||
-8:00 - PST 1970
|
|
||||||
@@ -2763,24 +2757,20 @@ Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08
|
|
||||||
# Use "Bahia_Banderas" to keep the name to fourteen characters.
|
|
||||||
|
|
||||||
# Mazatlán
|
|
||||||
-Zone America/Mazatlan -7:05:40 - LMT 1921 Dec 31 23:54:20
|
|
||||||
+Zone America/Mazatlan -7:05:40 - LMT 1922 Jan 1 7:00u
|
|
||||||
-7:00 - MST 1927 Jun 10 23:00
|
|
||||||
-6:00 - CST 1930 Nov 15
|
|
||||||
- -7:00 - MST 1931 May 1 23:00
|
|
||||||
- -6:00 - CST 1931 Oct
|
|
||||||
- -7:00 - MST 1932 Apr 1
|
|
||||||
+ -7:00 Mexico M%sT 1932 Apr 1
|
|
||||||
-6:00 - CST 1942 Apr 24
|
|
||||||
-7:00 - MST 1949 Jan 14
|
|
||||||
-8:00 - PST 1970
|
|
||||||
-7:00 Mexico M%sT
|
|
||||||
|
|
||||||
# Bahía de Banderas
|
|
||||||
-Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00
|
|
||||||
+Zone America/Bahia_Banderas -7:01:00 - LMT 1922 Jan 1 7:00u
|
|
||||||
-7:00 - MST 1927 Jun 10 23:00
|
|
||||||
-6:00 - CST 1930 Nov 15
|
|
||||||
- -7:00 - MST 1931 May 1 23:00
|
|
||||||
- -6:00 - CST 1931 Oct
|
|
||||||
- -7:00 - MST 1932 Apr 1
|
|
||||||
+ -7:00 Mexico M%sT 1932 Apr 1
|
|
||||||
-6:00 - CST 1942 Apr 24
|
|
||||||
-7:00 - MST 1949 Jan 14
|
|
||||||
-8:00 - PST 1970
|
|
||||||
@@ -2788,7 +2778,7 @@ Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00
|
|
||||||
-6:00 Mexico C%sT
|
|
||||||
|
|
||||||
# Baja California
|
|
||||||
-Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 0:11:56
|
|
||||||
+Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 7:00u
|
|
||||||
-7:00 - MST 1924
|
|
||||||
-8:00 - PST 1927 Jun 10 23:00
|
|
||||||
-7:00 - MST 1930 Nov 15
|
|
||||||
diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION
|
|
||||||
index 71470168456..0cad939008f 100644
|
|
||||||
--- a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION
|
|
||||||
+++ b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION
|
|
||||||
@@ -1 +1 @@
|
|
||||||
-tzdata2022d
|
|
||||||
+tzdata2022e
|
|
||||||
diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt
|
|
||||||
index b3823958ae4..2f2786f1c69 100644
|
|
||||||
--- a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt
|
|
||||||
+++ b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt
|
|
||||||
@@ -97,9 +97,7 @@ America/Winnipeg CST CDT
|
|
||||||
America/Yakutat AKST AKDT
|
|
||||||
America/Yellowknife MST MDT
|
|
||||||
Antarctica/Macquarie AEST AEDT
|
|
||||||
-Asia/Amman EET EEST
|
|
||||||
Asia/Beirut EET EEST
|
|
||||||
-Asia/Damascus EET EEST
|
|
||||||
Asia/Famagusta EET EEST
|
|
||||||
Asia/Gaza EET EEST
|
|
||||||
Asia/Hebron EET EEST
|
|
@ -1,8 +0,0 @@
|
|||||||
name = NSS-FIPS
|
|
||||||
nssLibraryDirectory = @NSS_LIBDIR@
|
|
||||||
nssSecmodDirectory = sql:/etc/pki/nssdb
|
|
||||||
nssDbMode = readOnly
|
|
||||||
nssModule = fips
|
|
||||||
|
|
||||||
attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
|
||||||
|
|
@ -321,7 +321,7 @@
|
|||||||
# New Version-String scheme-style defines
|
# New Version-String scheme-style defines
|
||||||
%global featurever 17
|
%global featurever 17
|
||||||
%global interimver 0
|
%global interimver 0
|
||||||
%global updatever 5
|
%global updatever 6
|
||||||
%global patchver 0
|
%global patchver 0
|
||||||
# buildjdkver is usually same as %%{featurever},
|
# buildjdkver is usually same as %%{featurever},
|
||||||
# but in time of bootstrap of next jdk, it is featurever-1,
|
# but in time of bootstrap of next jdk, it is featurever-1,
|
||||||
@ -361,15 +361,15 @@
|
|||||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||||
# Define current Git revision for the FIPS support patches
|
# Define current Git revision for the FIPS support patches
|
||||||
%global fipsver 0bd5ca9ccc5
|
%global fipsver 257d544b594
|
||||||
|
|
||||||
# Standard JPackage naming and versioning defines
|
# Standard JPackage naming and versioning defines
|
||||||
%global origin openjdk
|
%global origin openjdk
|
||||||
%global origin_nice OpenJDK
|
%global origin_nice OpenJDK
|
||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||||
%global buildver 8
|
%global buildver 10
|
||||||
%global rpmrelease 1
|
%global rpmrelease 3
|
||||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
||||||
@ -1118,9 +1118,8 @@ Requires: ca-certificates
|
|||||||
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
|
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
|
||||||
Requires: javapackages-filesystem
|
Requires: javapackages-filesystem
|
||||||
# Require zone-info data provided by tzdata-java sub-package
|
# Require zone-info data provided by tzdata-java sub-package
|
||||||
# 2022d required as of JDK-8294357
|
# 2022g required as of JDK-8297804
|
||||||
# Should be bumped to 2022e once available (JDK-8295173)
|
Requires: tzdata-java >= 2022g
|
||||||
Requires: tzdata-java >= 2022d
|
|
||||||
# for support of kernel stream control
|
# for support of kernel stream control
|
||||||
# libsctp.so.1 is being `dlopen`ed on demand
|
# libsctp.so.1 is being `dlopen`ed on demand
|
||||||
Requires: lksctp-tools%{?_isa}
|
Requires: lksctp-tools%{?_isa}
|
||||||
@ -1312,9 +1311,6 @@ Source15: TestSecurityProperties.java
|
|||||||
# Ensure vendor settings are correct
|
# Ensure vendor settings are correct
|
||||||
Source16: CheckVendor.java
|
Source16: CheckVendor.java
|
||||||
|
|
||||||
# nss fips configuration file
|
|
||||||
Source17: nss.fips.cfg.in
|
|
||||||
|
|
||||||
# Ensure translations are available for new timezones
|
# Ensure translations are available for new timezones
|
||||||
Source18: TestTranslations.java
|
Source18: TestTranslations.java
|
||||||
|
|
||||||
@ -1366,6 +1362,10 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
|
|||||||
# Build the systemconf library on all platforms
|
# Build the systemconf library on all platforms
|
||||||
# RH2048582: Support PKCS#12 keystores
|
# RH2048582: Support PKCS#12 keystores
|
||||||
# RH2020290: Support TLS 1.3 in FIPS mode
|
# RH2020290: Support TLS 1.3 in FIPS mode
|
||||||
|
# Add nss.fips.cfg support to OpenJDK tree
|
||||||
|
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||||
|
# Remove forgotten dead code from RH2020290 and RH2104724
|
||||||
|
# OJ1357: Fix issue on FIPS with a SecurityManager in place
|
||||||
Patch1001: fips-17u-%{fipsver}.patch
|
Patch1001: fips-17u-%{fipsver}.patch
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
@ -1373,20 +1373,12 @@ Patch1001: fips-17u-%{fipsver}.patch
|
|||||||
# OpenJDK patches in need of upstreaming
|
# OpenJDK patches in need of upstreaming
|
||||||
#
|
#
|
||||||
#############################################
|
#############################################
|
||||||
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
|
||||||
Patch2000: jdk8275535-rh2053256-ldap_auth.patch
|
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
# OpenJDK patches appearing in 17.0.6
|
# OpenJDK patches appearing in 17.0.6
|
||||||
#
|
#
|
||||||
#############################################
|
#############################################
|
||||||
# JDK-8293834: Update CLDR data following tzdata 2022c update
|
|
||||||
Patch2001: jdk8293834-kyiv_cldr_update.patch
|
|
||||||
# JDK-8294357: (tz) Update Timezone Data to 2022d
|
|
||||||
Patch2002: jdk8294357-tzdata2022d.patch
|
|
||||||
# JDK-8295173: (tz) Update Timezone Data to 2022e
|
|
||||||
Patch2003: jdk8295173-tzdata2022e.patch
|
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -1420,9 +1412,8 @@ BuildRequires: java-17-openjdk-devel
|
|||||||
%ifarch %{zero_arches}
|
%ifarch %{zero_arches}
|
||||||
BuildRequires: libffi-devel
|
BuildRequires: libffi-devel
|
||||||
%endif
|
%endif
|
||||||
# 2022d required as of JDK-8294357
|
# 2022g required as of JDK-8297804
|
||||||
# Should be bumped to 2022e once available (JDK-8295173)
|
BuildRequires: tzdata-java >= 2022g
|
||||||
BuildRequires: tzdata-java >= 2022d
|
|
||||||
# Earlier versions have a bug in tree vectorization on PPC
|
# Earlier versions have a bug in tree vectorization on PPC
|
||||||
BuildRequires: gcc >= 4.8.3-8
|
BuildRequires: gcc >= 4.8.3-8
|
||||||
|
|
||||||
@ -1820,16 +1811,10 @@ pushd %{top_level_dir_name}
|
|||||||
%patch1001 -p1
|
%patch1001 -p1
|
||||||
# nss.cfg PKCS11 support; must come last as it also alters java.security
|
# nss.cfg PKCS11 support; must come last as it also alters java.security
|
||||||
%patch1000 -p1
|
%patch1000 -p1
|
||||||
# tzdata updates targetted for 17.0.6
|
|
||||||
%patch2001 -p1
|
|
||||||
%patch2002 -p1
|
|
||||||
%patch2003 -p1
|
|
||||||
popd # openjdk
|
popd # openjdk
|
||||||
|
|
||||||
%patch600
|
%patch600
|
||||||
|
|
||||||
%patch2000
|
|
||||||
|
|
||||||
# The OpenJDK version file includes the current
|
# The OpenJDK version file includes the current
|
||||||
# upstream version information. For some reason,
|
# upstream version information. For some reason,
|
||||||
# configure does not automatically use the
|
# configure does not automatically use the
|
||||||
@ -1847,8 +1832,7 @@ if [ "x${UPSTREAM_EA_DESIGNATOR}" != "x%{ea_designator}" ] ; then
|
|||||||
echo "WARNING: Designator mismatch";
|
echo "WARNING: Designator mismatch";
|
||||||
echo "Spec file is configured for a %{build_type} build with designator '%{ea_designator}'"
|
echo "Spec file is configured for a %{build_type} build with designator '%{ea_designator}'"
|
||||||
echo "Upstream version-pre setting is '${UPSTREAM_EA_DESIGNATOR}'";
|
echo "Upstream version-pre setting is '${UPSTREAM_EA_DESIGNATOR}'";
|
||||||
# Don't fail at present as upstream are not maintaining the value correctly
|
exit 17
|
||||||
#exit 17
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Extract systemtap tapsets
|
# Extract systemtap tapsets
|
||||||
@ -1900,9 +1884,6 @@ done
|
|||||||
# Setup nss.cfg
|
# Setup nss.cfg
|
||||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
|
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
|
||||||
|
|
||||||
# Setup nss.fips.cfg
|
|
||||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# How many CPU's do we have?
|
# How many CPU's do we have?
|
||||||
export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
|
export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
|
||||||
@ -2036,9 +2017,6 @@ function installjdk() {
|
|||||||
# Install nss.cfg right away as we will be using the JRE above
|
# Install nss.cfg right away as we will be using the JRE above
|
||||||
install -m 644 nss.cfg ${imagepath}/conf/security/
|
install -m 644 nss.cfg ${imagepath}/conf/security/
|
||||||
|
|
||||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
|
||||||
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
|
||||||
|
|
||||||
# Turn on system security properties
|
# Turn on system security properties
|
||||||
sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
|
sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
|
||||||
${imagepath}/conf/security/java.security
|
${imagepath}/conf/security/java.security
|
||||||
@ -2178,10 +2156,14 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
|
|||||||
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Check translations are available for new timezones
|
%if ! 0%{?flatpak}
|
||||||
|
# Check translations are available for new timezones (during flatpak builds, the
|
||||||
|
# tzdb.dat used by this test is not where the test expects it, so this is
|
||||||
|
# disabled for flatpak builds)
|
||||||
$JAVA_HOME/bin/javac -d . %{SOURCE18}
|
$JAVA_HOME/bin/javac -d . %{SOURCE18}
|
||||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
|
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
|
||||||
$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR
|
$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{include_staticlibs}
|
%if %{include_staticlibs}
|
||||||
# Check debug symbols in static libraries (smoke test)
|
# Check debug symbols in static libraries (smoke test)
|
||||||
@ -2638,6 +2620,52 @@ require "copy_jdk_configs.lua"
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Jan 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
|
||||||
|
- Add missing release note for JDK-8295687
|
||||||
|
- Resolves: rhbz#2160111
|
||||||
|
|
||||||
|
* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
|
||||||
|
- Update FIPS support to bring in latest changes
|
||||||
|
- * OJ1357: Fix issue on FIPS with a SecurityManager in place
|
||||||
|
- Related: rhbz#2147473
|
||||||
|
|
||||||
|
* Fri Jan 13 2023 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.6.0.10-3
|
||||||
|
- Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat
|
||||||
|
- Related: rhbz#2160111
|
||||||
|
|
||||||
|
* Wed Jan 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-2
|
||||||
|
- Update to jdk-17.0.6.0+10
|
||||||
|
- Update release notes to 17.0.6.0+10
|
||||||
|
- Switch to GA mode for release
|
||||||
|
- ** This tarball is embargoed until 2023-01-17 @ 1pm PT. **
|
||||||
|
- Related: rhbz#2153010
|
||||||
|
|
||||||
|
* Wed Jan 04 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.2.ea
|
||||||
|
- Update to jdk-17.0.6+9
|
||||||
|
- Update release notes to 17.0.6+9
|
||||||
|
- Drop local copy of JDK-8293834 now this is upstream
|
||||||
|
- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
|
||||||
|
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
|
||||||
|
- Resolves: rhbz#2153010
|
||||||
|
|
||||||
|
* Sat Dec 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.1-0.2.ea
|
||||||
|
- Update to jdk-17.0.6+1
|
||||||
|
- Update release notes to 17.0.6+1
|
||||||
|
- Switch to EA mode for 17.0.6 pre-release builds.
|
||||||
|
- Re-enable EA upstream status check now it is being actively maintained.
|
||||||
|
- Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
|
||||||
|
- Drop JDK-8275535 local patch now this has been accepted and backported upstream
|
||||||
|
- Bump tzdata requirement to 2022e now the package is available in RHEL
|
||||||
|
- Related: rhbz#2153010
|
||||||
|
|
||||||
|
* Wed Nov 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-4
|
||||||
|
- Update FIPS support to bring in latest changes
|
||||||
|
- * Add nss.fips.cfg support to OpenJDK tree
|
||||||
|
- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||||
|
- * Remove forgotten dead code from RH2020290 and RH2104724
|
||||||
|
- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
|
||||||
|
- Resolves: rhbz#2147473
|
||||||
|
|
||||||
* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-1
|
* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-1
|
||||||
- Update to jdk-17.0.5+8 (GA)
|
- Update to jdk-17.0.5+8 (GA)
|
||||||
- Update release notes to 17.0.5+8 (GA)
|
- Update release notes to 17.0.5+8 (GA)
|
||||||
|
Loading…
Reference in New Issue
Block a user