Update to latest upstream security release.
This commit is contained in:
Severin Gehwolf
parent
2c7d8803fc
commit
b03c6d772c
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,3 +7,4 @@
|
||||
/jdk9-jdk9-jdk-9+181-CPU3.tar.xz
|
||||
/jdk9-jdk9-jdk-9+181-CPU4.tar.xz
|
||||
/jdk-updates-jdk9u-jdk-9.0.1+11.tar.xz
|
||||
/jdk-updates-jdk9u-jdk-9.0.4+11.tar.xz
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
|
||||
# New Version-String scheme-style defines
|
||||
%global majorver 9
|
||||
%global securityver 1
|
||||
%global securityver 4
|
||||
|
||||
# Standard JPackage naming and versioning defines.
|
||||
%global origin openjdk
|
||||
@ -853,7 +853,7 @@ Provides: java-%{javaver}-%{origin}-accessiblity = %{epoch}:%{version}-%{release
|
||||
|
||||
Name: java-%{majorver}-%{origin}
|
||||
Version: %{newjavaver}.%{buildver}
|
||||
Release: 4%{?dist}
|
||||
Release: 1%{?dist}
|
||||
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
|
||||
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
||||
# also included the epoch in their virtual provides. This created a
|
||||
@ -872,7 +872,10 @@ License: ASL 1.1 and ASL 2.0 and GPL+ and GPLv2 and GPLv2 with exceptions and L
|
||||
URL: http://openjdk.java.net/
|
||||
|
||||
# Source from upstrem OpenJDK9 project. To regenerate, use
|
||||
# ./generate_source_tarball.sh jdk9 jdk9 jdk9-%%{buildver}
|
||||
# PROJECT_NAME=jdk-updates REPO_NAME=jdk9u VERSION=jdk-%%{majorver}.%%{minorver}.%%{securityver}+%%{buildver} ./generate_source_tarball.sh
|
||||
#
|
||||
# Example:
|
||||
# PROJECT_NAME=jdk-updates REPO_NAME=jdk9u VERSION=jdk-9.0.4+11 ./generate_source_tarball.sh
|
||||
Source0: jdk-updates-jdk%{majorver}u-jdk-%{newjavaver}+%{buildver}.tar.xz
|
||||
|
||||
# Custom README for -src subpackage
|
||||
@ -1819,6 +1822,9 @@ require "copy_jdk_configs.lua"
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jan 17 2018 Severin Gehwolf <sgehwolf@redhat.com> - 1:9.0.4.11-1
|
||||
- Update to new upstream version 9.0.4+11 (January CPU)
|
||||
|
||||
* Wed Nov 22 2017 jvanek <jvanek@redhat.com> - 1:9.0.1.11-4
|
||||
- added link to cacerts
|
||||
- unlike jdk8, cacert link is absolute link
|
||||
|
||||
110
pr2126-9.patch
110
pr2126-9.patch
@ -1,6 +1,99 @@
|
||||
diff -r bd66ea2fdde3 src/java.base/share/classes/sun/security/util/CurveDB.java
|
||||
--- openjdk/jdk/src/java.base/share/classes/sun/security/util/CurveDB.java Thu Jul 27 18:04:48 2017 +0000
|
||||
+++ openjdk/jdk/src/java.base/share/classes/sun/security/util/CurveDB.java Fri Oct 06 13:18:47 2017 +0200
|
||||
diff --git a/src/java.base/share/classes/sun/security/ssl/NamedGroup.java b/src/java.base/share/classes/sun/security/ssl/NamedGroup.java
|
||||
--- openjdk/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroup.java
|
||||
+++ openjdk/jdk/src/java.base/share/classes/sun/security/ssl/NamedGroup.java
|
||||
@@ -34,57 +34,6 @@
|
||||
//
|
||||
// See sun.security.util.CurveDB for the OIDs
|
||||
|
||||
- // NIST K-163
|
||||
- SECT163_K1(1, NAMED_GROUP_ECDHE, "sect163k1", "1.3.132.0.1", true),
|
||||
-
|
||||
- SECT163_R1(2, NAMED_GROUP_ECDHE, "sect163r1", "1.3.132.0.2", false),
|
||||
-
|
||||
- // NIST B-163
|
||||
- SECT163_R2(3, NAMED_GROUP_ECDHE, "sect163r2", "1.3.132.0.15", true),
|
||||
-
|
||||
- SECT193_R1(4, NAMED_GROUP_ECDHE, "sect193r1", "1.3.132.0.24", false),
|
||||
- SECT193_R2(5, NAMED_GROUP_ECDHE, "sect193r2", "1.3.132.0.25", false),
|
||||
-
|
||||
- // NIST K-233
|
||||
- SECT233_K1(6, NAMED_GROUP_ECDHE, "sect233k1", "1.3.132.0.26", true),
|
||||
-
|
||||
- // NIST B-233
|
||||
- SECT233_R1(7, NAMED_GROUP_ECDHE, "sect233r1", "1.3.132.0.27", true),
|
||||
-
|
||||
- SECT239_K1(8, NAMED_GROUP_ECDHE, "sect239k1", "1.3.132.0.3", false),
|
||||
-
|
||||
- // NIST K-283
|
||||
- SECT283_K1(9, NAMED_GROUP_ECDHE, "sect283k1", "1.3.132.0.16", true),
|
||||
-
|
||||
- // NIST B-283
|
||||
- SECT283_R1(10, NAMED_GROUP_ECDHE, "sect283r1", "1.3.132.0.17", true),
|
||||
-
|
||||
- // NIST K-409
|
||||
- SECT409_K1(11, NAMED_GROUP_ECDHE, "sect409k1", "1.3.132.0.36", true),
|
||||
-
|
||||
- // NIST B-409
|
||||
- SECT409_R1(12, NAMED_GROUP_ECDHE, "sect409r1", "1.3.132.0.37", true),
|
||||
-
|
||||
- // NIST K-571
|
||||
- SECT571_K1(13, NAMED_GROUP_ECDHE, "sect571k1", "1.3.132.0.38", true),
|
||||
-
|
||||
- // NIST B-571
|
||||
- SECT571_R1(14, NAMED_GROUP_ECDHE, "sect571r1", "1.3.132.0.39", true),
|
||||
-
|
||||
- SECP160_K1(15, NAMED_GROUP_ECDHE, "secp160k1", "1.3.132.0.9", false),
|
||||
- SECP160_R1(16, NAMED_GROUP_ECDHE, "secp160r1", "1.3.132.0.8", false),
|
||||
- SECP160_R2(17, NAMED_GROUP_ECDHE, "secp160r2", "1.3.132.0.30", false),
|
||||
- SECP192_K1(18, NAMED_GROUP_ECDHE, "secp192k1", "1.3.132.0.31", false),
|
||||
-
|
||||
- // NIST P-192
|
||||
- SECP192_R1(19, NAMED_GROUP_ECDHE, "secp192r1", "1.2.840.10045.3.1.1", true),
|
||||
-
|
||||
- SECP224_K1(20, NAMED_GROUP_ECDHE, "secp224k1", "1.3.132.0.32", false),
|
||||
- // NIST P-224
|
||||
- SECP224_R1(21, NAMED_GROUP_ECDHE, "secp224r1", "1.3.132.0.33", true),
|
||||
-
|
||||
- SECP256_K1(22, NAMED_GROUP_ECDHE, "secp256k1", "1.3.132.0.10", false),
|
||||
-
|
||||
// NIST P-256
|
||||
SECP256_R1(23, NAMED_GROUP_ECDHE, "secp256r1", "1.2.840.10045.3.1.7", true),
|
||||
|
||||
diff --git a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
||||
--- openjdk/jdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
||||
+++ openjdk/jdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
||||
@@ -116,12 +116,6 @@
|
||||
NamedGroup.SECP256_R1,
|
||||
NamedGroup.SECP384_R1,
|
||||
NamedGroup.SECP521_R1,
|
||||
- NamedGroup.SECT283_K1,
|
||||
- NamedGroup.SECT283_R1,
|
||||
- NamedGroup.SECT409_K1,
|
||||
- NamedGroup.SECT409_R1,
|
||||
- NamedGroup.SECT571_K1,
|
||||
- NamedGroup.SECT571_R1,
|
||||
|
||||
// FFDHE 2048
|
||||
NamedGroup.FFDHE_2048,
|
||||
@@ -136,15 +130,6 @@
|
||||
NamedGroup.SECP256_R1,
|
||||
NamedGroup.SECP384_R1,
|
||||
NamedGroup.SECP521_R1,
|
||||
- NamedGroup.SECT283_K1,
|
||||
- NamedGroup.SECT283_R1,
|
||||
- NamedGroup.SECT409_K1,
|
||||
- NamedGroup.SECT409_R1,
|
||||
- NamedGroup.SECT571_K1,
|
||||
- NamedGroup.SECT571_R1,
|
||||
-
|
||||
- // non-NIST curves
|
||||
- NamedGroup.SECP256_K1,
|
||||
|
||||
// FFDHE 2048
|
||||
NamedGroup.FFDHE_2048,
|
||||
diff --git a/src/java.base/share/classes/sun/security/util/CurveDB.java b/src/java.base/share/classes/sun/security/util/CurveDB.java
|
||||
--- openjdk/jdk/src/java.base/share/classes/sun/security/util/CurveDB.java
|
||||
+++ openjdk/jdk/src/java.base/share/classes/sun/security/util/CurveDB.java
|
||||
@@ -168,114 +168,6 @@
|
||||
Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
|
||||
|
||||
@ -552,9 +645,9 @@ diff -r bd66ea2fdde3 src/java.base/share/classes/sun/security/util/CurveDB.java
|
||||
specCollection = Collections.unmodifiableCollection(oidMap.values());
|
||||
}
|
||||
}
|
||||
diff -r bd66ea2fdde3 test/sun/security/ec/TestEC.java
|
||||
--- openjdk/jdk/test/sun/security/ec/TestEC.java Thu Jul 27 18:04:48 2017 +0000
|
||||
+++ openjdk/jdk/test/sun/security/ec/TestEC.java Fri Oct 06 13:18:47 2017 +0200
|
||||
diff --git a/test/sun/security/ec/TestEC.java b/test/sun/security/ec/TestEC.java
|
||||
--- openjdk/jdk/test/sun/security/ec/TestEC.java
|
||||
+++ openjdk/jdk/test/sun/security/ec/TestEC.java
|
||||
@@ -35,8 +35,8 @@
|
||||
* @library ../pkcs11/sslecc
|
||||
* @library ../../../java/security/testlibrary
|
||||
@ -567,8 +660,8 @@ diff -r bd66ea2fdde3 test/sun/security/ec/TestEC.java
|
||||
|
||||
import java.security.NoSuchProviderException;
|
||||
diff -r bd66ea2fdde3 test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
|
||||
--- openjdk/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jul 27 18:04:48 2017 +0000
|
||||
+++ openjdk/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Fri Oct 06 13:18:47 2017 +0200
|
||||
--- openjdk/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jul 27 18:04:48 2017 +0000
|
||||
+++ openjdk/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Fri Oct 06 13:18:47 2017 +0200
|
||||
@@ -34,9 +34,9 @@
|
||||
* @library ..
|
||||
* @library ../../../../java/security/testlibrary
|
||||
@ -580,4 +673,3 @@ diff -r bd66ea2fdde3 test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
|
||||
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
|
||||
* ClientJSSEServerJSSE sm policy
|
||||
*/
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- jdk9/jdk/src/java.base/share/conf/security/java.security
|
||||
+++ jdk9/jdk/src/java.base/share/conf/security/java.security
|
||||
@@ -67,7 +67,6 @@
|
||||
--- openjdk/jdk/src/java.base/share/conf/security/java.security.orig 2018-01-18 12:22:46.148339081 +0100
|
||||
+++ openjdk/jdk/src/java.base/share/conf/security/java.security 2018-01-18 12:25:12.225469321 +0100
|
||||
@@ -66,7 +66,6 @@
|
||||
#endif
|
||||
security.provider.tbd=SUN
|
||||
security.provider.tbd=SunRsaSign
|
||||
@ -8,13 +8,12 @@
|
||||
security.provider.tbd=SunJSSE
|
||||
security.provider.tbd=SunJCE
|
||||
security.provider.tbd=SunJGSS
|
||||
@@ -676,7 +675,7 @@
|
||||
@@ -681,7 +680,7 @@
|
||||
# Example:
|
||||
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
|
||||
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
|
||||
- EC keySize < 224
|
||||
+ EC, ECDHE, ECDH
|
||||
- EC keySize < 224, DES40_CBC, RC4_40
|
||||
+ EC, ECDHE, ECDH, DES40_CBC, RC4_40
|
||||
|
||||
#
|
||||
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
|
||||
# processing in JSSE implementation.
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (jdk-updates-jdk9u-jdk-9.0.1+11.tar.xz) = 561efb301f67a118018df57b312209cbe5d9a6088221a7a0a1d343e29af2437b81c4c22ae6cc2ebd22c2c569937e1df0ced4d46c8387b2f5b0d5f558e64be618
|
||||
SHA512 (jdk-updates-jdk9u-jdk-9.0.4+11.tar.xz) = 88e07166a2b0b447489b0b33ae45da1184f57ee8ca108e2b9d2d356e00003111512f5b7af2d364219c6478ecede9e8bd5f9ee51669e8a73a7572b5451d075634
|
||||
SHA512 (systemtap-tapset-3.6.0pre02.tar.xz) = 848f42ef7ca751e723fd50e3a6da14c0965ad4da37ea3331568658e27497b7a7e4b9aad3dedd264ad0bb5566c37a92302b905f10258a4e2c89dc4ba609e55481
|
||||
|
||||
Loading…
Reference in New Issue
Block a user