Update to jdk-17.0.6.0+10
Update release notes to 17.0.6.0+10 Switch to GA mode for release
This commit is contained in:
parent
c2337eae1b
commit
4b568ec7cc
|
@ -34,3 +34,4 @@
|
||||||
/openjdk-jdk17u-jdk-17.0.5+8.tar.xz
|
/openjdk-jdk17u-jdk-17.0.5+8.tar.xz
|
||||||
/openjdk-jdk17u-jdk-17.0.6+1.tar.xz
|
/openjdk-jdk17u-jdk-17.0.6+1.tar.xz
|
||||||
/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
|
/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
|
||||||
|
/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
|
||||||
|
|
48
NEWS
48
NEWS
|
@ -9,6 +9,21 @@ Live versions of these release notes can be found at:
|
||||||
* https://bitly.com/openjdk1706
|
* https://bitly.com/openjdk1706
|
||||||
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
|
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
|
||||||
|
|
||||||
|
* CVEs
|
||||||
|
- CVE-2023-21835
|
||||||
|
- CVE-2023-21843
|
||||||
|
* Security fixes
|
||||||
|
- JDK-8286070: Improve UTF8 representation
|
||||||
|
- JDK-8286496: Improve Thread labels
|
||||||
|
- JDK-8287411: Enhance DTLS performance
|
||||||
|
- JDK-8288516: Enhance font creation
|
||||||
|
- JDK-8289350: Better media supports
|
||||||
|
- JDK-8293554: Enhanced DH Key Exchanges
|
||||||
|
- JDK-8293598: Enhance InetAddress address handling
|
||||||
|
- JDK-8293717: Objective view of ObjectView
|
||||||
|
- JDK-8293734: Improve BMP image handling
|
||||||
|
- JDK-8293742: Better Banking of Sounds
|
||||||
|
- JDK-8295687: Better BMP bounds
|
||||||
* Other changes
|
* Other changes
|
||||||
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
||||||
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
||||||
|
@ -252,10 +267,12 @@ Live versions of these release notes can be found at:
|
||||||
- JDK-8295554: Move the "sizecalc.h" to the correct location
|
- JDK-8295554: Move the "sizecalc.h" to the correct location
|
||||||
- JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
|
- JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
|
||||||
- JDK-8295714: GHA ::set-output is deprecated and will be removed
|
- JDK-8295714: GHA ::set-output is deprecated and will be removed
|
||||||
|
- JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
|
||||||
- JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
|
- JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
|
||||||
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
||||||
- JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
|
- JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
|
||||||
- JDK-8296108: (tz) Update Timezone Data to 2022f
|
- JDK-8296108: (tz) Update Timezone Data to 2022f
|
||||||
|
- JDK-8296239: ISO 4217 Amendment 174 Update
|
||||||
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
||||||
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
||||||
- JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
|
- JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
|
||||||
|
@ -278,10 +295,33 @@ Live versions of these release notes can be found at:
|
||||||
- JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
|
- JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
|
||||||
- JDK-8297656: AArch64: Enable AES/GCM Intrinsics
|
- JDK-8297656: AArch64: Enable AES/GCM Intrinsics
|
||||||
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
||||||
|
- JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6
|
||||||
|
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||||
|
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||||
|
|
||||||
Notes on individual issues:
|
Notes on individual issues:
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
|
client-libs/javax.imageio:
|
||||||
|
|
||||||
|
JDK-8295687: Better BMP bounds
|
||||||
|
==============================
|
||||||
|
Loading a linked ICC profile within a BMP image is now disabled by
|
||||||
|
default. To re-enable it, set the new system property
|
||||||
|
`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
|
||||||
|
replaces the old property,
|
||||||
|
`sun.imageio.plugins.bmp.disableLinkedProfiles`.
|
||||||
|
|
||||||
|
client-libs/javax.sound:
|
||||||
|
|
||||||
|
JDK-8293742: Better Banking of Sounds
|
||||||
|
=====================================
|
||||||
|
Previously, the SoundbankReader implementation,
|
||||||
|
`com.sun.media.sound.JARSoundbankReader`, would download a JAR
|
||||||
|
soundbank from a URL. This behaviour is now disabled by default. To
|
||||||
|
re-enable it, set the new system property `jdk.sound.jarsoundbank` to
|
||||||
|
`true`.
|
||||||
|
|
||||||
security-libs/java.security:
|
security-libs/java.security:
|
||||||
|
|
||||||
JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
|
JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
|
||||||
|
@ -302,6 +342,14 @@ the same change is made in third party modules. Developers of third
|
||||||
party modules are advised to verify that their logout() method does not
|
party modules are advised to verify that their logout() method does not
|
||||||
throw a NullPointerException.
|
throw a NullPointerException.
|
||||||
|
|
||||||
|
security-libs/javax.net.ssl:
|
||||||
|
|
||||||
|
JDK-8287411: Enhance DTLS performance
|
||||||
|
=====================================
|
||||||
|
The JDK now exchanges DTLS cookies for all handshakes, new and
|
||||||
|
resumed. The previous behaviour can be re-enabled by setting the new
|
||||||
|
system property `jdk.tls.enableDtlsResumeCookie` to `false`.
|
||||||
|
|
||||||
New in release OpenJDK 17.0.5 (2022-10-18):
|
New in release OpenJDK 17.0.5 (2022-10-18):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
|
|
|
@ -2644,7 +2644,7 @@ index 00000000000..55bbba98b7a
|
||||||
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||||
+
|
+
|
||||||
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
|
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
|
||||||
index b22f26947af..3ee2ce6ea88 100644
|
index b22f26947af..02bea84e210 100644
|
||||||
--- a/src/java.base/share/lib/security/default.policy
|
--- a/src/java.base/share/lib/security/default.policy
|
||||||
+++ b/src/java.base/share/lib/security/default.policy
|
+++ b/src/java.base/share/lib/security/default.policy
|
||||||
@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
|
@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
|
||||||
|
@ -2663,6 +2663,15 @@ index b22f26947af..3ee2ce6ea88 100644
|
||||||
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
||||||
permission java.lang.RuntimePermission
|
permission java.lang.RuntimePermission
|
||||||
"accessClassInPackage.sun.security.*";
|
"accessClassInPackage.sun.security.*";
|
||||||
|
@@ -140,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
||||||
|
permission java.util.PropertyPermission "os.name", "read";
|
||||||
|
permission java.util.PropertyPermission "os.arch", "read";
|
||||||
|
permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
|
||||||
|
+ permission java.util.PropertyPermission "fips.nssdb.path", "read,write";
|
||||||
|
+ permission java.util.PropertyPermission "fips.nssdb.pin", "read";
|
||||||
|
permission java.security.SecurityPermission "putProviderProperty.*";
|
||||||
|
permission java.security.SecurityPermission "clearProviderProperties.*";
|
||||||
|
permission java.security.SecurityPermission "removeProviderProperty.*";
|
||||||
diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c
|
diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 00000000000..ddf9befe5bc
|
index 00000000000..ddf9befe5bc
|
||||||
|
@ -4120,7 +4129,7 @@ index 262cfc062ad..72b64f72c0a 100644
|
||||||
Provider p = sun;
|
Provider p = sun;
|
||||||
if (p == null) {
|
if (p == null) {
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
index aa35e8fa668..f4d7c9cc201 100644
|
index aa35e8fa668..1855e5631bd 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
@@ -26,6 +26,9 @@
|
@@ -26,6 +26,9 @@
|
||||||
|
@ -4186,7 +4195,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
private static final long serialVersionUID = -1354835039035306505L;
|
private static final long serialVersionUID = -1354835039035306505L;
|
||||||
|
|
||||||
static final Debug debug = Debug.getInstance("sunpkcs11");
|
static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||||
@@ -115,6 +153,18 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -115,6 +153,29 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
return AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
|
return AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
|
||||||
@Override
|
@Override
|
||||||
public SunPKCS11 run() throws Exception {
|
public SunPKCS11 run() throws Exception {
|
||||||
|
@ -4197,15 +4206,26 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
+ * fips.nssdb.path System property after expansion.
|
+ * fips.nssdb.path System property after expansion.
|
||||||
+ * Security properties expansion is unsupported.
|
+ * Security properties expansion is unsupported.
|
||||||
+ */
|
+ */
|
||||||
+ System.setProperty(
|
+ String nssdbPath =
|
||||||
+ FIPS_NSSDB_PATH_PROP,
|
|
||||||
+ SecurityProperties.privilegedGetOverridable(
|
+ SecurityProperties.privilegedGetOverridable(
|
||||||
+ FIPS_NSSDB_PATH_PROP));
|
+ FIPS_NSSDB_PATH_PROP);
|
||||||
|
+ if (System.getSecurityManager() != null) {
|
||||||
|
+ AccessController.doPrivileged(
|
||||||
|
+ (PrivilegedAction<Void>) () -> {
|
||||||
|
+ System.setProperty(
|
||||||
|
+ FIPS_NSSDB_PATH_PROP,
|
||||||
|
+ nssdbPath);
|
||||||
|
+ return null;
|
||||||
|
+ });
|
||||||
|
+ } else {
|
||||||
|
+ System.setProperty(
|
||||||
|
+ FIPS_NSSDB_PATH_PROP, nssdbPath);
|
||||||
|
+ }
|
||||||
+ }
|
+ }
|
||||||
return new SunPKCS11(new Config(newConfigName));
|
return new SunPKCS11(new Config(newConfigName));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@@ -320,10 +370,19 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -320,10 +381,19 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
// request multithreaded access first
|
// request multithreaded access first
|
||||||
initArgs.flags = CKF_OS_LOCKING_OK;
|
initArgs.flags = CKF_OS_LOCKING_OK;
|
||||||
PKCS11 tmpPKCS11;
|
PKCS11 tmpPKCS11;
|
||||||
|
@ -4226,7 +4246,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
} catch (PKCS11Exception e) {
|
} catch (PKCS11Exception e) {
|
||||||
if (debug != null) {
|
if (debug != null) {
|
||||||
debug.println("Multi-threaded initialization failed: " + e);
|
debug.println("Multi-threaded initialization failed: " + e);
|
||||||
@@ -339,11 +398,12 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -339,11 +409,12 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
initArgs.flags = 0;
|
initArgs.flags = 0;
|
||||||
}
|
}
|
||||||
tmpPKCS11 = PKCS11.getInstance(library,
|
tmpPKCS11 = PKCS11.getInstance(library,
|
||||||
|
@ -4241,7 +4261,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
if (p11Info.cryptokiVersion.major < 2) {
|
if (p11Info.cryptokiVersion.major < 2) {
|
||||||
throw new ProviderException("Only PKCS#11 v2.0 and later "
|
throw new ProviderException("Only PKCS#11 v2.0 and later "
|
||||||
+ "supported, library version is v" + p11Info.cryptokiVersion);
|
+ "supported, library version is v" + p11Info.cryptokiVersion);
|
||||||
@@ -417,14 +477,19 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -417,14 +488,19 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
final String className;
|
final String className;
|
||||||
final List<String> aliases;
|
final List<String> aliases;
|
||||||
final int[] mechanisms;
|
final int[] mechanisms;
|
||||||
|
@ -4262,7 +4282,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
}
|
}
|
||||||
private P11Service service(Token token, int mechanism) {
|
private P11Service service(Token token, int mechanism) {
|
||||||
return new P11Service
|
return new P11Service
|
||||||
@@ -458,18 +523,29 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -458,18 +534,29 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
|
||||||
private static void d(String type, String algorithm, String className,
|
private static void d(String type, String algorithm, String className,
|
||||||
int[] m) {
|
int[] m) {
|
||||||
|
@ -4295,7 +4315,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void register(Descriptor d) {
|
private static void register(Descriptor d) {
|
||||||
@@ -525,6 +601,7 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -525,6 +612,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
String P11Cipher = "sun.security.pkcs11.P11Cipher";
|
String P11Cipher = "sun.security.pkcs11.P11Cipher";
|
||||||
String P11RSACipher = "sun.security.pkcs11.P11RSACipher";
|
String P11RSACipher = "sun.security.pkcs11.P11RSACipher";
|
||||||
String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher";
|
String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher";
|
||||||
|
@ -4303,7 +4323,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
String P11Signature = "sun.security.pkcs11.P11Signature";
|
String P11Signature = "sun.security.pkcs11.P11Signature";
|
||||||
String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature";
|
String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature";
|
||||||
|
|
||||||
@@ -587,6 +664,30 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -587,6 +675,30 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(MAC, "SslMacSHA1", P11Mac,
|
d(MAC, "SslMacSHA1", P11Mac,
|
||||||
m(CKM_SSL3_SHA1_MAC));
|
m(CKM_SSL3_SHA1_MAC));
|
||||||
|
|
||||||
|
@ -4334,7 +4354,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
d(KPG, "RSA", P11KeyPairGenerator,
|
d(KPG, "RSA", P11KeyPairGenerator,
|
||||||
getAliases("PKCS1"),
|
getAliases("PKCS1"),
|
||||||
m(CKM_RSA_PKCS_KEY_PAIR_GEN));
|
m(CKM_RSA_PKCS_KEY_PAIR_GEN));
|
||||||
@@ -685,6 +786,66 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -685,6 +797,66 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(SKF, "ChaCha20", P11SecretKeyFactory,
|
d(SKF, "ChaCha20", P11SecretKeyFactory,
|
||||||
m(CKM_CHACHA20_POLY1305));
|
m(CKM_CHACHA20_POLY1305));
|
||||||
|
|
||||||
|
@ -4401,7 +4421,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
// XXX attributes for Ciphers (supported modes, padding)
|
// XXX attributes for Ciphers (supported modes, padding)
|
||||||
dA(CIP, "ARCFOUR", P11Cipher,
|
dA(CIP, "ARCFOUR", P11Cipher,
|
||||||
m(CKM_RC4));
|
m(CKM_RC4));
|
||||||
@@ -754,6 +915,46 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -754,6 +926,46 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
|
d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
|
||||||
m(CKM_RSA_X_509));
|
m(CKM_RSA_X_509));
|
||||||
|
|
||||||
|
@ -4448,7 +4468,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
d(SIG, "RawDSA", P11Signature,
|
d(SIG, "RawDSA", P11Signature,
|
||||||
List.of("NONEwithDSA"),
|
List.of("NONEwithDSA"),
|
||||||
m(CKM_DSA));
|
m(CKM_DSA));
|
||||||
@@ -1144,9 +1345,21 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1144,9 +1356,21 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
if (ds == null) {
|
if (ds == null) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -4470,7 +4490,13 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
supportedAlgs.put(d, integerMech);
|
supportedAlgs.put(d, integerMech);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -1225,6 +1438,27 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1220,11 +1444,52 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
+ @SuppressWarnings("removal")
|
||||||
|
public Object newInstance(Object param)
|
||||||
|
throws NoSuchAlgorithmException {
|
||||||
if (token.isValid() == false) {
|
if (token.isValid() == false) {
|
||||||
throw new NoSuchAlgorithmException("Token has been removed");
|
throw new NoSuchAlgorithmException("Token has been removed");
|
||||||
}
|
}
|
||||||
|
@ -4488,7 +4514,26 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
+ * property.
|
+ * property.
|
||||||
+ */
|
+ */
|
||||||
+ try {
|
+ try {
|
||||||
+ token.ensureLoggedIn(null);
|
+ if (System.getSecurityManager() != null) {
|
||||||
|
+ try {
|
||||||
|
+ AccessController.doPrivileged(
|
||||||
|
+ (PrivilegedExceptionAction<Void>) () -> {
|
||||||
|
+ token.ensureLoggedIn(null);
|
||||||
|
+ return null;
|
||||||
|
+ });
|
||||||
|
+ } catch (PrivilegedActionException pae) {
|
||||||
|
+ Exception e = pae.getException();
|
||||||
|
+ if (e instanceof LoginException le) {
|
||||||
|
+ throw le;
|
||||||
|
+ } else if (e instanceof PKCS11Exception p11e) {
|
||||||
|
+ throw p11e;
|
||||||
|
+ } else {
|
||||||
|
+ throw new RuntimeException(e);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ token.ensureLoggedIn(null);
|
||||||
|
+ }
|
||||||
+ } catch (PKCS11Exception | LoginException e) {
|
+ } catch (PKCS11Exception | LoginException e) {
|
||||||
+ throw new ProviderException("FIPS: error during the Token" +
|
+ throw new ProviderException("FIPS: error during the Token" +
|
||||||
+ " login required for the " + getType() +
|
+ " login required for the " + getType() +
|
||||||
|
@ -4498,7 +4543,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
try {
|
try {
|
||||||
return newInstance0(param);
|
return newInstance0(param);
|
||||||
} catch (PKCS11Exception e) {
|
} catch (PKCS11Exception e) {
|
||||||
@@ -1244,6 +1478,8 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1244,6 +1509,8 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
} else if (algorithm.endsWith("GCM/NoPadding") ||
|
} else if (algorithm.endsWith("GCM/NoPadding") ||
|
||||||
algorithm.startsWith("ChaCha20-Poly1305")) {
|
algorithm.startsWith("ChaCha20-Poly1305")) {
|
||||||
return new P11AEADCipher(token, algorithm, mechanism);
|
return new P11AEADCipher(token, algorithm, mechanism);
|
||||||
|
@ -4507,7 +4552,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
||||||
} else {
|
} else {
|
||||||
return new P11Cipher(token, algorithm, mechanism);
|
return new P11Cipher(token, algorithm, mechanism);
|
||||||
}
|
}
|
||||||
@@ -1579,6 +1815,9 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1579,6 +1846,9 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
try {
|
try {
|
||||||
session = token.getOpSession();
|
session = token.getOpSession();
|
||||||
p11.C_Logout(session.id());
|
p11.C_Logout(session.id());
|
|
@ -384,14 +384,14 @@
|
||||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||||
# Define current Git revision for the FIPS support patches
|
# Define current Git revision for the FIPS support patches
|
||||||
%global fipsver 72d08e3226f
|
%global fipsver 257d544b594
|
||||||
|
|
||||||
# Standard JPackage naming and versioning defines
|
# Standard JPackage naming and versioning defines
|
||||||
%global origin openjdk
|
%global origin openjdk
|
||||||
%global origin_nice OpenJDK
|
%global origin_nice OpenJDK
|
||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||||
%global buildver 9
|
%global buildver 10
|
||||||
%global rpmrelease 1
|
%global rpmrelease 1
|
||||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
|
@ -418,7 +418,7 @@
|
||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
# - N%%{?extraver}{?dist} for GA releases
|
# - N%%{?extraver}{?dist} for GA releases
|
||||||
%global is_ga 0
|
%global is_ga 1
|
||||||
%if %{is_ga}
|
%if %{is_ga}
|
||||||
%global build_type GA
|
%global build_type GA
|
||||||
%global ea_designator ""
|
%global ea_designator ""
|
||||||
|
@ -554,7 +554,7 @@ ExcludeArch: %{ix86}
|
||||||
|
|
||||||
Name: java-%{javaver}-%{origin}-portable
|
Name: java-%{javaver}-%{origin}-portable
|
||||||
Version: %{newjavaver}.%{buildver}
|
Version: %{newjavaver}.%{buildver}
|
||||||
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
|
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
|
||||||
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
||||||
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
||||||
# also included the epoch in their virtual provides. This created a
|
# also included the epoch in their virtual provides. This created a
|
||||||
|
@ -687,6 +687,7 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
|
||||||
# Add nss.fips.cfg support to OpenJDK tree
|
# Add nss.fips.cfg support to OpenJDK tree
|
||||||
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||||
# Remove forgotten dead code from RH2020290 and RH2104724
|
# Remove forgotten dead code from RH2020290 and RH2104724
|
||||||
|
# OJ1357: Fix issue on FIPS with a SecurityManager in place
|
||||||
Patch1001: fips-17u-%{fipsver}.patch
|
Patch1001: fips-17u-%{fipsver}.patch
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
|
@ -1581,6 +1582,15 @@ done
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 26 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-1
|
||||||
|
- Update to jdk-17.0.6.0+10
|
||||||
|
- Update release notes to 17.0.6.0+10
|
||||||
|
- Switch to GA mode for release
|
||||||
|
|
||||||
|
* Thu Jan 19 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.2.ea
|
||||||
|
- Update FIPS support to bring in latest changes
|
||||||
|
- * OJ1357: Fix issue on FIPS with a SecurityManager in place
|
||||||
|
|
||||||
* Thu Jan 19 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.1.ea
|
* Thu Jan 19 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.1.ea
|
||||||
- Update to jdk-17.0.6+9
|
- Update to jdk-17.0.6+9
|
||||||
- Update release notes to 17.0.6+9
|
- Update release notes to 17.0.6+9
|
||||||
|
|
2
sources
2
sources
|
@ -1,2 +1,2 @@
|
||||||
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
|
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
|
||||||
SHA512 (openjdk-jdk17u-jdk-17.0.6+9.tar.xz) = bad612ec3b5cf9287b4fdfa4ae6618751e9d50e9347c66c87af9d9eba06276ef1c95abb1b72f381bc629d0e7f2a520fdd26cb6d7f782c517a16102c7dd236ca2
|
SHA512 (openjdk-jdk17u-jdk-17.0.6+10.tar.xz) = 2878aae52e2f49146b9631e3b0379370dce1a0a620dc5c5b763d1432b82e705e3aa33a83008391b4845bf0cb493b08179e7ac3419f597fb80fd65df393e12cf1
|
||||||
|
|
Loading…
Reference in New Issue