rpms/java-17-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update FIPS support to bring in latest changes

Browse Source 
* RH2104724: Avoid import/export of DH private keys
* RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
* Build the systemconf library on all platforms
* RH2048582: Support PKCS#12 keystores
* RH2020290: Support TLS 1.3 in FIPS mode

Resolves: rhbz#2104725
Resolves: rhbz#2117758
Resolves: rhbz#2115164
Resolves: rhbz#2029665
This commit is contained in:
Andrew Hughes 2022-08-29 15:04:26 +01:00
parent aa8a052ae2
commit 674cdfbcb9
2 changed files with 2512 additions and 568 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3059
fips-17u-f8142a23d0a.patch → fips-17u-0bd5ca9ccc5.patch
View File

File diff suppressed because it is too large Load Diff

21
java-17-openjdk.spec
View File

@ -345,7 +345,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file # Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598 %global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches # Define current Git revision for the FIPS support patches
%global fipsver f8142a23d0a %global fipsver 0bd5ca9ccc5
# Standard JPackage naming and versioning defines # Standard JPackage naming and versioning defines
%global origin openjdk %global origin openjdk
@ -353,7 +353,7 @@
%global top_level_dir_name %{origin} %global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup %global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 1 %global buildver 1
%global rpmrelease 2 %global rpmrelease 3
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk %if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -1343,6 +1343,11 @@ Patch7: jdk8292223-tzdata2022b-kyiv.patch
# RH2094027: SunEC runtime permission for FIPS # RH2094027: SunEC runtime permission for FIPS
# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage # RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
# RH2090378: Revert to disabling system security properties and FIPS mode support together # RH2090378: Revert to disabling system security properties and FIPS mode support together
# RH2104724: Avoid import/export of DH private keys
# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
# Build the systemconf library on all platforms
# RH2048582: Support PKCS#12 keystores
# RH2020290: Support TLS 1.3 in FIPS mode
Patch1001: fips-17u-%{fipsver}.patch Patch1001: fips-17u-%{fipsver}.patch
############################################# #############################################
@ -2572,6 +2577,18 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Mon Aug 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-3
- Update FIPS support to bring in latest changes
- * RH2104724: Avoid import/export of DH private keys
- * RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
- * Build the systemconf library on all platforms
- * RH2048582: Support PKCS#12 keystores
- * RH2020290: Support TLS 1.3 in FIPS mode
- Resolves: rhbz#2104725
- Resolves: rhbz#2117758
- Resolves: rhbz#2115164
- Resolves: rhbz#2029665
* Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2 * Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
- Update to jdk-17.0.4.1+1 - Update to jdk-17.0.4.1+1
- Update release notes to 17.0.4.1+1 - Update release notes to 17.0.4.1+1