Update FIPS support to bring in latest changes

* RH2104724: Avoid import/export of DH private keys * RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode * Build the systemconf library on all platforms * RH2048582: Support PKCS#12 keystores * RH2020290: Support TLS 1.3 in FIPS mode Resolves: rhbz#2104725 Resolves: rhbz#2117758 Resolves: rhbz#2115164 Resolves: rhbz#2029665
2022-08-29 15:04:26 +01:00 · 2022-08-29 15:04:26 +01:00 · 674cdfbcb9
commit 674cdfbcb9
parent aa8a052ae2
2 changed files with 2512 additions and 568 deletions
--- a/fips-17u-0bd5ca9ccc5.patch
+++ b/fips-17u-0bd5ca9ccc5.patch
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@ -345,7 +345,7 @@
 # Define IcedTea version used for SystemTap tapsets and desktop file
 %global icedteaver      6.0.0pre00-c848b93a8598
 # Define current Git revision for the FIPS support patches
-%global fipsver f8142a23d0a
+%global fipsver 0bd5ca9ccc5

 # Standard JPackage naming and versioning defines
 %global origin          openjdk
@ -353,7 +353,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        1
-%global rpmrelease      2
+%global rpmrelease      3
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -1343,6 +1343,11 @@ Patch7: jdk8292223-tzdata2022b-kyiv.patch
 # RH2094027: SunEC runtime permission for FIPS
 # RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
 # RH2090378: Revert to disabling system security properties and FIPS mode support together
+# RH2104724: Avoid import/export of DH private keys
+# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
+# Build the systemconf library on all platforms
+# RH2048582: Support PKCS#12 keystores
+# RH2020290: Support TLS 1.3 in FIPS mode
 Patch1001: fips-17u-%{fipsver}.patch

 #############################################
@ -2572,6 +2577,18 @@ cjc.mainProgram(args)
 %endif

 %changelog
+* Mon Aug 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-3
+- Update FIPS support to bring in latest changes
+- * RH2104724: Avoid import/export of DH private keys
+- * RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
+- * Build the systemconf library on all platforms
+- * RH2048582: Support PKCS#12 keystores
+- * RH2020290: Support TLS 1.3 in FIPS mode
+- Resolves: rhbz#2104725
+- Resolves: rhbz#2117758
+- Resolves: rhbz#2115164
+- Resolves: rhbz#2029665
+
 * Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
 - Update to jdk-17.0.4.1+1
 - Update release notes to 17.0.4.1+1