import java-17-openjdk-17.0.2.0.8-15.el8
This commit is contained in:
parent
806b0e8864
commit
d8bb67f343
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/openjdk-jdk17u-17usec.17.0.3+5-220408.tar.xz
|
||||
SOURCES/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
|
||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
15b13a23d8a862fc881ab110858c0054cf34180e SOURCES/openjdk-jdk17u-17usec.17.0.3+5-220408.tar.xz
|
||||
47c1e3a97ba6f63908c2a9f55e1514b52f0b8333 SOURCES/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
|
||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
204
SOURCES/NEWS
204
SOURCES/NEWS
@ -3,210 +3,6 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 17.0.3 (2022-04-19):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk1703
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.3.txt
|
||||
|
||||
* Security fixes
|
||||
- JDK-8269938: Enhance XML processing passes redux
|
||||
- JDK-8270504, CVE-2022-21426: Better XPath expression handling
|
||||
- JDK-8272255: Completely handle MIDI files
|
||||
- JDK-8272261: Improve JFR recording file processing
|
||||
- JDK-8272588: Enhanced recording parsing
|
||||
- JDK-8272594: Better record of recordings
|
||||
- JDK-8274221: More definite BER encodings
|
||||
- JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0
|
||||
- JDK-8275151, CVE-2022-21443: Improved Object Identification
|
||||
- JDK-8277227: Better identification of OIDs
|
||||
- JDK-8277233, CVE-2022-21449: Improve ECDSA signature support
|
||||
- JDK-8277672, CVE-2022-21434: Better invocation handler handling
|
||||
- JDK-8278356: Improve file creation
|
||||
- JDK-8278449: Improve keychain support
|
||||
- JDK-8278798: Improve supported intrinsic
|
||||
- JDK-8278805: Enhance BMP image loading
|
||||
- JDK-8278972, CVE-2022-21496: Improve URL supports
|
||||
- JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
|
||||
* Other changes
|
||||
- JDK-8177814: jdk/editpad is not in jdk TEST.groups
|
||||
- JDK-8186670: Implement _onSpinWait() intrinsic for AArch64
|
||||
- JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java and NonGregorianFormatTest fail intermittently
|
||||
- JDK-8225559: assertion error at TransTypes.visitApply
|
||||
- JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful
|
||||
- JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/6318524/bug6318524.java never fails
|
||||
- JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a test
|
||||
- JDK-8247980: Exclusive execution of java/util/stream tests slows down tier1
|
||||
- JDK-8251216: Implement MD5 intrinsics on AArch64
|
||||
- JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/TestDescription.java fails with "ERROR: DebuggeeSleepingThread: ThreadDeath lost"
|
||||
- JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt"
|
||||
- JDK-8263567: gtests don't terminate the VM safely
|
||||
- JDK-8265150: AsyncGetCallTrace crashes on ResourceMark
|
||||
- JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups
|
||||
- JDK-8269032: Stringdedup tests are failing if the ergonomically select GC does not support it
|
||||
- JDK-8269037: jsig/Testjsig.java doesn't have to be restricted to linux only
|
||||
- JDK-8269087: CheckSegmentedCodeCache test fails in an emulated-client VM
|
||||
- JDK-8269175: [macosx-aarch64] wrong CPU speed in hs_err file
|
||||
- JDK-8269206: A small typo in comment in test/lib/sun/hotspot/WhiteBox.java
|
||||
- JDK-8269523: runtime/Safepoint/TestAbortOnVMOperationTimeout.java failed when expecting 'VM operation took too long'
|
||||
- JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java fails with Address already in use error
|
||||
- JDK-8269849: vmTestbase/gc/gctests/PhantomReference/phantom002/TestDescription.java failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects"
|
||||
- JDK-8270117: Broken jtreg link in "Building the JDK" page
|
||||
- JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor
|
||||
- JDK-8271056: C2: "assert(no_dead_loop) failed: dead loop detected" due to cmoving identity
|
||||
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
- JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty
|
||||
- JDK-8271506: Add ResourceHashtable support for deleting selected entries
|
||||
- JDK-8271721: Split gc/g1/TestMixedGCLiveThreshold into separate tests
|
||||
- JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
|
||||
- JDK-8272327: Shenandoah: Avoid enqueuing duplicate string candidates
|
||||
- JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
|
||||
- JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
|
||||
- JDK-8272553: several hotspot runtime/CommandLine tests don't check exit code
|
||||
- JDK-8272600: (test) Use native "sleep" in Basic.java
|
||||
- JDK-8272866: java.util.random package summary contains incorrect mixing function in table
|
||||
- JDK-8272996: JNDI DNS provider fails to resolve SRV entries when IPV6 stack is enabled
|
||||
- JDK-8273162: AbstractSplittableWithBrineGenerator does not create a random salt
|
||||
- JDK-8273277: C2: Move conditional negation into rc_predicate
|
||||
- JDK-8273341: Update Siphash to version 1.0
|
||||
- JDK-8273351: bad tag in jdk.random module-info.java
|
||||
- JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/bug6302464.java fails on macOS12
|
||||
- JDK-8273381: Assert in PtrQueueBufferAllocatorTest.stress_free_list_allocator_vm
|
||||
- JDK-8273387: remove some unreferenced gtk-related functions
|
||||
- JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict tests
|
||||
- JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests
|
||||
- JDK-8273526: Extend the OSContainer API pids controller with pids.current
|
||||
- JDK-8273634: [TEST_BUG] Improve javax/swing/text/ParagraphView/6364882/bug6364882.java
|
||||
- JDK-8273655: content-types.properties files are missing some common types
|
||||
- JDK-8273682: Upgrade Jline to 3.20.0
|
||||
- JDK-8273704: DrawStringWithInfiniteXform.java failed : drawString with InfiniteXform transform takes long time
|
||||
- JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails due to wrong data size with TieredStopAtLevel=2,3
|
||||
- JDK-8273933: [TESTBUG] Test must run without preallocated exceptions
|
||||
- JDK-8273967: gtest os.dll_address_to_function_and_library_name_vm fails on macOS12
|
||||
- JDK-8273972: Multi-core choke point in CMM engine (LCMSTransform.doTransform)
|
||||
- JDK-8274130: C2: MulNode::Ideal chained transformations may act on wrong nodes
|
||||
- JDK-8274171: java/nio/file/Files/probeContentType/Basic.java failed on "Content type" mismatches
|
||||
- JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/bug6364882.java failures
|
||||
- JDK-8274471: Add support for RSASSA-PSS in OCSP Response
|
||||
- JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
|
||||
- JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
|
||||
- JDK-8274562: (fs) UserDefinedFileAttributeView doesn't correctly determine if supported when using OverlayFS
|
||||
- JDK-8274658: ISO 4217 Amendment 170 Update
|
||||
- JDK-8274714: Incorrect verifier protected access error message
|
||||
- JDK-8274750: java/io/File/GetXSpace.java failed: '/dev': 191488 != 190976
|
||||
- JDK-8274753: ZGC: SEGV in MetaspaceShared::link_shared_classes
|
||||
- JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler
|
||||
- JDK-8274935: dumptime_table has stale entry
|
||||
- JDK-8274944: AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info
|
||||
- JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected
|
||||
- JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions
|
||||
- JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime
|
||||
- JDK-8275586: Zero: Simplify interpreter initialization
|
||||
- JDK-8275608: runtime/Metaspace/elastic/TestMetaspaceAllocationMT2 too slow
|
||||
- JDK-8275610: C2: Object field load floats above its null check resulting in a segfault
|
||||
- JDK-8275643: C2's unaryOp vector intrinsic does not properly handle LongVector.neg
|
||||
- JDK-8275645: [JVMCI] avoid unaligned volatile reads on AArch64
|
||||
- JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
|
||||
- JDK-8275687: runtime/CommandLine/PrintTouchedMethods test shouldn't catch RuntimeException
|
||||
- JDK-8275800: Redefinition leaks MethodData::_extra_data_lock
|
||||
- JDK-8275847: Scheduling fails with "too many D-U pinch points" on small method
|
||||
- JDK-8275874: [JVMCI] only support aligned reads in c2v_readFieldValue
|
||||
- JDK-8276057: Update JMH devkit to 1.33
|
||||
- JDK-8276141: XPathFactory set/getProperty method
|
||||
- JDK-8276177: nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here"
|
||||
- JDK-8276314: [JVMCI] check alignment of call displacement during code installation
|
||||
- JDK-8276623: JDK-8275650 accidentally pushed "out" file
|
||||
- JDK-8276654: element-list order is non deterministic
|
||||
- JDK-8276662: Scalability bottleneck in SymbolTable::lookup_common()
|
||||
- JDK-8276764: Enable deterministic file content ordering for Jar and Jmod
|
||||
- JDK-8276766: Enable jar and jmod to produce deterministic timestamped content
|
||||
- JDK-8276841: Add support for Visual Studio 2022
|
||||
- JDK-8277069: [REDO] JDK-8276743 Make openjdk build Zip Archive generation "reproducible"
|
||||
- JDK-8277137: Set OnSpinWaitInst/OnSpinWaitInstCount defaults to "isb"/1 for Arm Neoverse N1
|
||||
- JDK-8277180: Intrinsify recursive ObjectMonitor locking for C2 x64 and A64
|
||||
- JDK-8277299: STACK_OVERFLOW in Java_sun_awt_shell_Win32ShellFolder2_getIconBits
|
||||
- JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows
|
||||
- JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for
|
||||
- JDK-8277383: VM.metaspace optionally show chunk freelist details
|
||||
- JDK-8277385: Zero: Enable CompactStrings support
|
||||
- JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last
|
||||
- JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop
|
||||
- JDK-8277449: compiler/vectorapi/TestLongVectorNeg.java fails with release VMs
|
||||
- JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
|
||||
- JDK-8277497: Last column cell in the JTable row is read as empty cell
|
||||
- JDK-8277503: compiler/onSpinWait/TestOnSpinWaitAArch64DefaultFlags.java failed with "OnSpinWaitInst with the expected value 'isb' not found."
|
||||
- JDK-8277762: Allow configuration of HOTSPOT_BUILD_USER
|
||||
- JDK-8277777: [Vector API] assert(r->is_XMMRegister()) failed: must be in x86_32.ad
|
||||
- JDK-8277795: ldap connection timeout not honoured under contention
|
||||
- JDK-8277846: Implement fast-path for ASCII-compatible CharsetEncoders on ppc64
|
||||
- JDK-8277919: OldObjectSample event causing bloat in the class constant pool in JFR recording
|
||||
- JDK-8277992: Add fast jdk_svc subtests to jdk:tier3
|
||||
- JDK-8278016: Add compiler tests to tier{2,3}
|
||||
- JDK-8278020: ~13% variation in Renaissance-Scrabble
|
||||
- JDK-8278080: Add --with-cacerts-src='user cacerts folder' to enable deterministic cacerts generation
|
||||
- JDK-8278099: two sun/security/pkcs11/Signature tests failed with AssertionError
|
||||
- JDK-8278104: C1 should support the compiler directive 'BreakAtExecute'
|
||||
- JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx
|
||||
- JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx
|
||||
- JDK-8278163: --with-cacerts-src variable resolved after GenerateCacerts recipe setup
|
||||
- JDK-8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux
|
||||
- JDK-8278185: Custom JRE cannot find non-ASCII named module inside
|
||||
- JDK-8278239: vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine failed with EXCEPTION_ACCESS_VIOLATION at 0x000000000000000d
|
||||
- JDK-8278241: Implement JVM SpinPause on linux-aarch64
|
||||
- JDK-8278309: [windows] use of uninitialized OSThread::_state
|
||||
- JDK-8278344: sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output
|
||||
- JDK-8278346: java/nio/file/Files/probeContentType/Basic.java fails on Linux SLES15 machine
|
||||
- JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
|
||||
- JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT
|
||||
- JDK-8278389: SuspendibleThreadSet::_suspend_all should be volatile/atomic
|
||||
- JDK-8278526: [macos] Screen reader reads SwingSet2 JTable row selection as null, dimmed row for last column
|
||||
- JDK-8278604: SwingSet2 table demo does not have accessible description set for images
|
||||
- JDK-8278627: Shenandoah: TestHeapDump test failed
|
||||
- JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134
|
||||
- JDK-8278822: Bump update version for OpenJDK: jdk-17.0.3
|
||||
- JDK-8278824: Uneven work distribution when scanning heap roots in G1
|
||||
- JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob
|
||||
- JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
|
||||
- JDK-8278987: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in __write_sample_info__
|
||||
- JDK-8279011: JFR: JfrChunkWriter incorrectly handles int64_t chunk size as size_t
|
||||
- JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0
|
||||
- JDK-8279124: VM does not handle SIGQUIT during initialization
|
||||
- JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers
|
||||
- JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest
|
||||
- JDK-8279379: GHA: Print tests that are in error
|
||||
- JDK-8279385: [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java after 8278344
|
||||
- JDK-8279412: [JVMCI] failed speculations list must outlive any nmethod that refers to it
|
||||
- JDK-8279445: Update JMH devkit to 1.34
|
||||
- JDK-8279453: Disable tools/jar/ReproducibleJar.java on 32-bit platforms
|
||||
- JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT
|
||||
- JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition
|
||||
- JDK-8279695: [TESTBUG] modify compiler/loopopts/TestSkeletonPredicateNegation.java to run on C1 also
|
||||
- JDK-8279702: [macosx] ignore xcodebuild warnings on M1
|
||||
- JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16
|
||||
- JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks
|
||||
- JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id"
|
||||
- JDK-8280002: jmap -histo may leak stream
|
||||
- JDK-8280155: [PPC64, s390] frame size checks are not yet correct
|
||||
- JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
|
||||
- JDK-8280414: Memory leak in DefaultProxySelector
|
||||
- JDK-8280526: x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1}
|
||||
- JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames
|
||||
- JDK-8281460: Let ObjectMonitor have its own NMT category
|
||||
- JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX
|
||||
- JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
|
||||
- JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
|
||||
- JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
|
||||
- JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8274791: Support for RSASSA-PSS in OCSP Response
|
||||
====================================================
|
||||
An OCSP response signed with the RSASSA-PSS algorithm is now supported.
|
||||
|
||||
New in release OpenJDK 17.0.2 (2022-01-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
26
SOURCES/jdk8275535-rh2053256-ldap_auth.patch
Normal file
26
SOURCES/jdk8275535-rh2053256-ldap_auth.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
index 70903206ea0..09956084cf9 100644
|
||||
--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
@@ -189,6 +189,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
ctx = getLdapCtxFromUrl(
|
||||
r.getDomainName(), url, new LdapURL(u), env);
|
||||
return ctx;
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different endpoint to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
// try the next element
|
||||
lastException = e;
|
||||
@@ -241,6 +245,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
for (String u : urls) {
|
||||
try {
|
||||
return getUsingURL(u, env);
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different URL to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
ex = e;
|
||||
}
|
@ -1,96 +0,0 @@
|
||||
From 722bf5b20de2ee64e0fdabb2f5e5fa89e043e3f1 Mon Sep 17 00:00:00 2001
|
||||
From: Christoph Langer <clanger@openjdk.org>
|
||||
Date: Fri, 8 Apr 2022 14:06:47 +0200
|
||||
Subject: [PATCH] 8284548: Unexpected StringIndexOutOfBoundsException can occur
|
||||
for invalid XPath expressions after JDK-8270504
|
||||
|
||||
---
|
||||
.../apache/xpath/internal/compiler/Lexer.java | 4 +-
|
||||
.../javax/xml/jaxp/XPath/InvalidXPath.java | 53 +++++++++++++++++++
|
||||
2 files changed, 54 insertions(+), 3 deletions(-)
|
||||
create mode 100644 test/jdk/javax/xml/jaxp/XPath/InvalidXPath.java
|
||||
|
||||
diff --git openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java
|
||||
index 54595e2d036..b7b3f419eb2 100644
|
||||
--- openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java
|
||||
+++ openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java
|
||||
@@ -24,7 +24,6 @@ import com.sun.org.apache.xalan.internal.res.XSLMessages;
|
||||
import com.sun.org.apache.xml.internal.utils.PrefixResolver;
|
||||
import com.sun.org.apache.xpath.internal.res.XPATHErrorResources;
|
||||
import java.util.List;
|
||||
-import java.util.Objects;
|
||||
import javax.xml.transform.TransformerException;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityManager.Limit;
|
||||
@@ -451,8 +450,7 @@ class Lexer
|
||||
* @return the next char
|
||||
*/
|
||||
private char peekNext(String s, int index) {
|
||||
- Objects.checkIndex(index, s.length());
|
||||
- if (s.length() > index) {
|
||||
+ if (index >= 0 && index < s.length() - 1) {
|
||||
return s.charAt(index + 1);
|
||||
}
|
||||
return 0;
|
||||
diff --git openjdk.orig/test/jdk/javax/xml/jaxp/XPath/InvalidXPath.java openjdk/test/jdk/javax/xml/jaxp/XPath/InvalidXPath.java
|
||||
new file mode 100644
|
||||
index 00000000000..478f4212d5b
|
||||
--- /dev/null
|
||||
+++ openjdk/test/jdk/javax/xml/jaxp/XPath/InvalidXPath.java
|
||||
@@ -0,0 +1,53 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2022, SAP SE. All rights reserved.
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
+ * This code is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License version 2 only, as
|
||||
+ * published by the Free Software Foundation.
|
||||
+ *
|
||||
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||
+ * accompanied this code).
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License version
|
||||
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+ *
|
||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
+ * or visit www.oracle.com if you need additional information or have any
|
||||
+ * questions.
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * @test
|
||||
+ * @bug 8284548
|
||||
+ * @summary Test whether the expected exception is thrown when
|
||||
+ * trying to compile an invalid XPath expression.
|
||||
+ * @run main InvalidXPath
|
||||
+ */
|
||||
+
|
||||
+import javax.xml.xpath.XPathExpressionException;
|
||||
+import javax.xml.xpath.XPathFactory;
|
||||
+
|
||||
+public class InvalidXPath {
|
||||
+
|
||||
+ public static void main(String... args) {
|
||||
+ // define an invalid XPath expression
|
||||
+ final String invalidXPath = ">>";
|
||||
+
|
||||
+ // expect XPathExpressionException when the invalid XPath expression is compiled
|
||||
+ try {
|
||||
+ XPathFactory.newInstance().newXPath().compile(invalidXPath);
|
||||
+ } catch (XPathExpressionException e) {
|
||||
+ System.out.println("Caught expected exception: " + e.getClass().getName() +
|
||||
+ "(" + e.getMessage() + ").");
|
||||
+ } catch (Exception e) {
|
||||
+ System.out.println("Caught unexpected exception: " + e.getClass().getName() +
|
||||
+ "(" + e.getMessage() + ")!");
|
||||
+ throw e;
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
--
|
||||
2.35.1.windows.2
|
||||
|
@ -1,102 +0,0 @@
|
||||
From 0d3aea2f11df585b491ae5c07de9f66679601d58 Mon Sep 17 00:00:00 2001
|
||||
From: Anton Kozlov <akozlov@azul.com>
|
||||
Date: Fri, 15 Apr 2022 14:07:52 +0300
|
||||
Subject: [PATCH] 8284920: Incorrect Token type causes XPath expression to
|
||||
return empty result
|
||||
|
||||
Reviewed-by:
|
||||
---
|
||||
.../com/sun/org/apache/xpath/internal/compiler/Lexer.java | 4 ++--
|
||||
.../com/sun/org/apache/xpath/internal/compiler/Token.java | 4 ++--
|
||||
.../org/apache/xpath/internal/compiler/XPathParser.java | 8 ++++----
|
||||
3 files changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java
|
||||
index b7b3f419eb2..41b58da8e99 100644
|
||||
--- openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java
|
||||
+++ openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Lexer.java
|
||||
@@ -360,7 +360,7 @@ class Lexer
|
||||
|
||||
addToTokenQueue(pat.substring(i, i + 1));
|
||||
break;
|
||||
- case Token.COLON :
|
||||
+ case Token.COLON_CHAR:
|
||||
if (i>0)
|
||||
{
|
||||
if (posOfNSSep == (i - 1))
|
||||
@@ -615,7 +615,7 @@ class Lexer
|
||||
resetTokenMark(tokPos + 1);
|
||||
}
|
||||
|
||||
- if (m_processor.lookahead(Token.COLON, 1))
|
||||
+ if (m_processor.lookahead(Token.COLON_CHAR, 1))
|
||||
{
|
||||
tokPos += 2;
|
||||
}
|
||||
diff --git openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Token.java openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Token.java
|
||||
index 8c4fee146c6..7bce14e5770 100644
|
||||
--- openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Token.java
|
||||
+++ openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/Token.java
|
||||
@@ -45,10 +45,9 @@ public final class Token {
|
||||
static final char LPAREN = '(';
|
||||
static final char RPAREN = ')';
|
||||
static final char COMMA = ',';
|
||||
- static final char DOT = '.';
|
||||
static final char AT = '@';
|
||||
static final char US = '_';
|
||||
- static final char COLON = ':';
|
||||
+ static final char COLON_CHAR = ':';
|
||||
static final char SQ = '\'';
|
||||
static final char DQ = '"';
|
||||
static final char DOLLAR = '$';
|
||||
@@ -58,6 +57,7 @@ public final class Token {
|
||||
static final String DIV = "div";
|
||||
static final String MOD = "mod";
|
||||
static final String QUO = "quo";
|
||||
+ static final String DOT = ".";
|
||||
static final String DDOT = "..";
|
||||
static final String DCOLON = "::";
|
||||
static final String ATTR = "attribute";
|
||||
diff --git openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/XPathParser.java openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/XPathParser.java
|
||||
index c3f9e1494be..22192fd06f6 100644
|
||||
--- openjdk.orig/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/XPathParser.java
|
||||
+++ openjdk/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/compiler/XPathParser.java
|
||||
@@ -1413,7 +1413,7 @@ public class XPathParser
|
||||
|
||||
matchFound = true;
|
||||
}
|
||||
- else if (lookahead(Token.LPAREN, 1) || (lookahead(Token.COLON, 1) && lookahead(Token.LPAREN, 3)))
|
||||
+ else if (lookahead(Token.LPAREN, 1) || (lookahead(Token.COLON_CHAR, 1) && lookahead(Token.LPAREN, 3)))
|
||||
{
|
||||
matchFound = FunctionCall();
|
||||
}
|
||||
@@ -1457,7 +1457,7 @@ public class XPathParser
|
||||
|
||||
int opPos = m_ops.getOp(OpMap.MAPINDEX_LENGTH);
|
||||
|
||||
- if (lookahead(Token.COLON, 1))
|
||||
+ if (lookahead(Token.COLON_CHAR, 1))
|
||||
{
|
||||
appendOp(4, OpCodes.OP_EXTFUNCTION);
|
||||
|
||||
@@ -1841,7 +1841,7 @@ public class XPathParser
|
||||
m_ops.setOp(m_ops.getOp(OpMap.MAPINDEX_LENGTH), OpCodes.NODENAME);
|
||||
m_ops.setOp(OpMap.MAPINDEX_LENGTH, m_ops.getOp(OpMap.MAPINDEX_LENGTH) + 1);
|
||||
|
||||
- if (lookahead(Token.COLON, 1))
|
||||
+ if (lookahead(Token.COLON_CHAR, 1))
|
||||
{
|
||||
if (tokenIs(Token.STAR))
|
||||
{
|
||||
@@ -1944,7 +1944,7 @@ public class XPathParser
|
||||
protected void QName() throws TransformerException
|
||||
{
|
||||
// Namespace
|
||||
- if(lookahead(Token.COLON, 1))
|
||||
+ if(lookahead(Token.COLON_CHAR, 1))
|
||||
{
|
||||
m_ops.setOp(m_ops.getOp(OpMap.MAPINDEX_LENGTH), m_queueMark - 1);
|
||||
m_ops.setOp(OpMap.MAPINDEX_LENGTH, m_ops.getOp(OpMap.MAPINDEX_LENGTH) + 1);
|
||||
--
|
||||
2.24.3
|
||||
|
@ -1,6 +1,6 @@
|
||||
name = NSS-FIPS
|
||||
nssLibraryDirectory = @NSS_LIBDIR@
|
||||
nssSecmodDirectory = @NSS_SECMOD@
|
||||
nssSecmodDirectory = sql:/etc/pki/nssdb
|
||||
nssDbMode = readOnly
|
||||
nssModule = fips
|
||||
|
||||
|
99
SOURCES/rh2021263-fips_separate_policy_and_fips_init.patch
Normal file
99
SOURCES/rh2021263-fips_separate_policy_and_fips_init.patch
Normal file
@ -0,0 +1,99 @@
|
||||
commit 0cd8cee94fe0f867b0b39890e00be620af1d9b07
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Tue Jan 18 02:09:27 2022 +0000
|
||||
|
||||
RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
|
||||
|
||||
diff --git openjdk.orig/src/java.base/share/classes/java/security/Security.java openjdk/src/java.base/share/classes/java/security/Security.java
|
||||
index 28ab1846173..f9726741afd 100644
|
||||
--- openjdk.orig/src/java.base/share/classes/java/security/Security.java
|
||||
+++ openjdk/src/java.base/share/classes/java/security/Security.java
|
||||
@@ -61,10 +61,6 @@ public final class Security {
|
||||
private static final Debug sdebug =
|
||||
Debug.getInstance("properties");
|
||||
|
||||
- /* System property file*/
|
||||
- private static final String SYSTEM_PROPERTIES =
|
||||
- "/etc/crypto-policies/back-ends/java.config";
|
||||
-
|
||||
/* The java.security properties */
|
||||
private static Properties props;
|
||||
|
||||
@@ -206,22 +202,36 @@ public final class Security {
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!loadedProps) {
|
||||
+ initializeStatic();
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("unable to load security properties " +
|
||||
+ "-- using defaults");
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
|
||||
if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
|
||||
"true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
|
||||
- if (SystemConfigurator.configure(props)) {
|
||||
- loadedProps = true;
|
||||
+ if (!SystemConfigurator.configureSysProps(props)) {
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("WARNING: System properties could not be loaded.");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
- if (!loadedProps) {
|
||||
- initializeStatic();
|
||||
+ // FIPS support depends on the contents of java.security so
|
||||
+ // ensure it has loaded first
|
||||
+ if (loadedProps) {
|
||||
+ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
|
||||
if (sdebug != null) {
|
||||
- sdebug.println("unable to load security properties " +
|
||||
- "-- using defaults");
|
||||
+ if (fipsEnabled) {
|
||||
+ sdebug.println("FIPS support enabled.");
|
||||
+ } else {
|
||||
+ sdebug.println("FIPS support disabled.");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
-
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
index 874c6221ebe..b7ed41acf0f 100644
|
||||
--- openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
+++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
@@ -76,7 +76,7 @@ final class SystemConfigurator {
|
||||
* java.security.disableSystemPropertiesFile property is not set and
|
||||
* security.useSystemPropertiesFile is true.
|
||||
*/
|
||||
- static boolean configure(Properties props) {
|
||||
+ static boolean configureSysProps(Properties props) {
|
||||
boolean loadedProps = false;
|
||||
|
||||
try (BufferedInputStream bis =
|
||||
@@ -96,11 +96,19 @@ final class SystemConfigurator {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
+ return loadedProps;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Invoked at the end of java.security.Security initialisation
|
||||
+ * if java.security properties have been loaded
|
||||
+ */
|
||||
+ static boolean configureFIPS(Properties props) {
|
||||
+ boolean loadedProps = false;
|
||||
|
||||
try {
|
||||
if (enableFips()) {
|
||||
if (sdebug != null) { sdebug.println("FIPS mode detected"); }
|
||||
- loadedProps = false;
|
||||
// Remove all security providers
|
||||
Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
|
||||
while (i.hasNext()) {
|
213
SOURCES/rh2052829-fips_runtime_nss_detection.patch
Normal file
213
SOURCES/rh2052829-fips_runtime_nss_detection.patch
Normal file
@ -0,0 +1,213 @@
|
||||
commit 090ea0389db5c2e0c8ee13652bccd544b17872c2
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Mon Feb 7 15:33:27 2022 +0000
|
||||
|
||||
RH2051605: Detect NSS at Runtime for FIPS detection
|
||||
|
||||
diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
index caf678a7dd6..8dcb7d9073f 100644
|
||||
--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
+++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
@@ -23,26 +23,37 @@
|
||||
* questions.
|
||||
*/
|
||||
|
||||
-#include <dlfcn.h>
|
||||
#include <jni.h>
|
||||
#include <jni_util.h>
|
||||
+#include "jvm_md.h"
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef SYSCONF_NSS
|
||||
#include <nss3/pk11pub.h>
|
||||
+#else
|
||||
+#include <dlfcn.h>
|
||||
#endif //SYSCONF_NSS
|
||||
|
||||
#include "java_security_SystemConfigurator.h"
|
||||
|
||||
-#define MSG_MAX_SIZE 96
|
||||
+#define MSG_MAX_SIZE 256
|
||||
+#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
|
||||
+
|
||||
+typedef int (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE)(void);
|
||||
|
||||
+static SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE *getSystemFIPSEnabled;
|
||||
static jmethodID debugPrintlnMethodID = NULL;
|
||||
static jobject debugObj = NULL;
|
||||
|
||||
-// Only used when NSS is unavailable and FIPS_ENABLED_PATH is read
|
||||
-#ifndef SYSCONF_NSS
|
||||
-
|
||||
-#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
|
||||
+static void dbgPrint(JNIEnv *env, const char* msg)
|
||||
+{
|
||||
+ jstring jMsg;
|
||||
+ if (debugObj != NULL) {
|
||||
+ jMsg = (*env)->NewStringUTF(env, msg);
|
||||
+ CHECK_NULL(jMsg);
|
||||
+ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
|
||||
+ }
|
||||
+}
|
||||
|
||||
static void throwIOException(JNIEnv *env, const char *msg)
|
||||
{
|
||||
@@ -51,18 +62,61 @@ static void throwIOException(JNIEnv *env, const char *msg)
|
||||
(*env)->ThrowNew(env, cls, msg);
|
||||
}
|
||||
|
||||
-#endif
|
||||
+static void handle_msg(JNIEnv *env, const char* msg, int msg_bytes)
|
||||
+{
|
||||
+ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
|
||||
+ dbgPrint(env, msg);
|
||||
+ } else {
|
||||
+ dbgPrint(env, "systemconf: cannot render message");
|
||||
+ }
|
||||
+}
|
||||
|
||||
-static void dbgPrint(JNIEnv *env, const char* msg)
|
||||
+// Only used when NSS is not linked at build time
|
||||
+#ifndef SYSCONF_NSS
|
||||
+
|
||||
+static void *nss_handle;
|
||||
+
|
||||
+static jboolean loadNSS(JNIEnv *env)
|
||||
{
|
||||
- jstring jMsg;
|
||||
- if (debugObj != NULL) {
|
||||
- jMsg = (*env)->NewStringUTF(env, msg);
|
||||
- CHECK_NULL(jMsg);
|
||||
- (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
|
||||
- }
|
||||
+ char msg[MSG_MAX_SIZE];
|
||||
+ int msg_bytes;
|
||||
+ const char* errmsg;
|
||||
+
|
||||
+ nss_handle = dlopen(JNI_LIB_NAME("nss3"), RTLD_LAZY);
|
||||
+ if (nss_handle == NULL) {
|
||||
+ errmsg = dlerror();
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlopen: %s\n",
|
||||
+ errmsg);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return JNI_FALSE;
|
||||
+ }
|
||||
+ dlerror(); /* Clear errors */
|
||||
+ getSystemFIPSEnabled = (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE*)dlsym(nss_handle, "SECMOD_GetSystemFIPSEnabled");
|
||||
+ if ((errmsg = dlerror()) != NULL) {
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlsym: %s\n",
|
||||
+ errmsg);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return JNI_FALSE;
|
||||
+ }
|
||||
+ return JNI_TRUE;
|
||||
+}
|
||||
+
|
||||
+static void closeNSS(JNIEnv *env)
|
||||
+{
|
||||
+ char msg[MSG_MAX_SIZE];
|
||||
+ int msg_bytes;
|
||||
+ const char* errmsg;
|
||||
+
|
||||
+ if (dlclose(nss_handle) != 0) {
|
||||
+ errmsg = dlerror();
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "closeNSS: dlclose: %s\n",
|
||||
+ errmsg);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ }
|
||||
}
|
||||
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Class: java_security_SystemConfigurator
|
||||
* Method: JNI_OnLoad
|
||||
@@ -104,6 +158,14 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
|
||||
debugObj = (*env)->NewGlobalRef(env, debugObj);
|
||||
}
|
||||
|
||||
+#ifdef SYSCONF_NSS
|
||||
+ getSystemFIPSEnabled = *SECMOD_GetSystemFIPSEnabled;
|
||||
+#else
|
||||
+ if (loadNSS(env) == JNI_FALSE) {
|
||||
+ dbgPrint(env, "libsystemconf: Failed to load NSS library.");
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
return (*env)->GetVersion(env);
|
||||
}
|
||||
|
||||
@@ -119,6 +181,9 @@ JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
|
||||
if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
|
||||
return; /* Should not happen */
|
||||
}
|
||||
+#ifndef SYSCONF_NSS
|
||||
+ closeNSS(env);
|
||||
+#endif
|
||||
(*env)->DeleteGlobalRef(env, debugObj);
|
||||
}
|
||||
}
|
||||
@@ -130,44 +195,30 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
|
||||
char msg[MSG_MAX_SIZE];
|
||||
int msg_bytes;
|
||||
|
||||
-#ifdef SYSCONF_NSS
|
||||
-
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
|
||||
- fips_enabled = SECMOD_GetSystemFIPSEnabled();
|
||||
- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
- " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
|
||||
- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
|
||||
- dbgPrint(env, msg);
|
||||
+ if (getSystemFIPSEnabled != NULL) {
|
||||
+ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
|
||||
+ fips_enabled = (*getSystemFIPSEnabled)();
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
+ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
|
||||
} else {
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
|
||||
- " SECMOD_GetSystemFIPSEnabled return value");
|
||||
- }
|
||||
- return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
|
||||
+ FILE *fe;
|
||||
|
||||
-#else // SYSCONF_NSS
|
||||
-
|
||||
- FILE *fe;
|
||||
-
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
|
||||
- if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
|
||||
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
|
||||
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
|
||||
throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
|
||||
return JNI_FALSE;
|
||||
- }
|
||||
- fips_enabled = fgetc(fe);
|
||||
- fclose(fe);
|
||||
- if (fips_enabled == EOF) {
|
||||
+ }
|
||||
+ fips_enabled = fgetc(fe);
|
||||
+ fclose(fe);
|
||||
+ if (fips_enabled == EOF) {
|
||||
throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
|
||||
return JNI_FALSE;
|
||||
+ }
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
+ " read character is '%c'", fips_enabled);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
|
||||
}
|
||||
- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
- " read character is '%c'", fips_enabled);
|
||||
- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
|
||||
- dbgPrint(env, msg);
|
||||
- } else {
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
|
||||
- " read character");
|
||||
- }
|
||||
- return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
|
||||
-
|
||||
-#endif // SYSCONF_NSS
|
||||
}
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user