From a0812df57ddb9d58e947f1f7430563a8e7821d1f Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Mon, 24 Jan 2022 14:29:45 +0000 Subject: [PATCH] January 2022 security update to jdk 17.0.2+8 Set LTS designator on RHEL, excluding Fedora & EPEL. Rename libsvml.so to libjsvml.so following JDK-8276025 Remove JDK-8276572 patch which is now upstream. Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java --- .gitignore | 1 + NEWS | 377 ++++++++++++++++++ java-latest-openjdk.spec | 32 +- ...e_libsyslookup_causes_tooling_issues.patch | 21 - rh1995150-disable_non-fips_crypto.patch | 315 +++++++-------- rh1996182-login_to_nss_software_token.patch | 6 +- sources | 2 +- 7 files changed, 558 insertions(+), 196 deletions(-) delete mode 100644 jdk8276572-fake_libsyslookup_causes_tooling_issues.patch diff --git a/.gitignore b/.gitignore index 1cf80ea..2bc3036 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /openjdk-jdk17-jdk-17+35.tar.xz /openjdk-jdk17u-jdk-17.0.1+12.tar.xz /tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz +/openjdk-jdk17u-jdk-17.0.2+8.tar.xz diff --git a/NEWS b/NEWS index 9d37ff9..78938f4 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,383 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 17.0.2 (2022-01-18): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk1702 + * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt + +* Security fixes + - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside + - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization + - JDK-8268488: More valuable DerValues + - JDK-8268494: Better inlining of inlined interfaces + - JDK-8268512: More content for ContentInfo + - JDK-8268813, CVE-2022-21283: Better String matching + - JDK-8269151: Better construction of EncryptedPrivateKeyInfo + - JDK-8269944: Better HTTP transport redux + - JDK-8270386, CVE-2022-21291: Better verification of scan methods + - JDK-8270392, CVE-2022-21293: Improve String constructions + - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps + - JDK-8270492, CVE-2022-21282: Better resolution of URIs + - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management + - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities + - JDK-8270952, CVE-2022-21277: Improve TIFF file handling + - JDK-8271962: Better TrueType font loading + - JDK-8271968: Better canonical naming + - JDK-8271987: Manifest improved manifest entries + - JDK-8272014, CVE-2022-21305: Better array indexing + - JDK-8272026, CVE-2022-21340: Verify Jar Verification + - JDK-8272236, CVE-2022-21341: Improve serial forms for transport + - JDK-8272272: Enhance jcmd communication + - JDK-8272462: Enhance image handling + - JDK-8273290: Enhance sound handling + - JDK-8273756, CVE-2022-21360: Enhance BMP image support + - JDK-8273838, CVE-2022-21365: Enhanced BMP processing + - JDK-8274096, CVE-2022-21366: Improve decoding of image files +* Other changes + - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException + - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing + - JDK-8140241: (fc) Data transfer from FileChannel to itself causes hang in case of overlap + - JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java fails intermittently + - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream + - JDK-8214761: Bug in parallel Kahan summation implementation + - JDK-8223923: C2: Missing interference with mismatched unsafe accesses + - JDK-8233020: (fs) UnixFileSystemProvider should use StaticProperty.userDir(). + - JDK-8238649: Call new Win32 API SetThreadDescription in os::set_native_thread_name + - JDK-8244675: assert(IncrementalInline || (_late_inlines.length() == 0 && !has_mh_late_inlines())) + - JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled + - JDK-8261579: AArch64: Support for weaker memory ordering in Atomic + - JDK-8262031: Create implementation for NSAccessibilityNavigableStaticText protocol + - JDK-8262095: NPE in Flow$FlowAnalyzer.visitApply: Cannot invoke getThrownTypes because tree.meth.type is null + - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert + - JDK-8263364: sun/net/www/http/KeepAliveStream/KeepAliveStreamCloseWithWrongContentLength.java wedged in getInputStream + - JDK-8263375: Support stack watermarks in Zero VM + - JDK-8263773: Reenable German localization for builds at Oracle + - JDK-8264286: Create implementation for NSAccessibilityColumn protocol peer + - JDK-8264287: Create implementation for NSAccessibilityComboBox protocol peer + - JDK-8264291: Create implementation for NSAccessibilityCell protocol peer + - JDK-8264292: Create implementation for NSAccessibilityList protocol peer + - JDK-8264293: Create implementation for NSAccessibilityMenu protocol peer + - JDK-8264294: Create implementation for NSAccessibilityMenuBar protocol peer + - JDK-8264295: Create implementation for NSAccessibilityMenuItem protocol peer + - JDK-8264296: Create implementation for NSAccessibilityPopUpButton protocol peer + - JDK-8264297: Create implementation for NSAccessibilityProgressIndicator protocol peer + - JDK-8264298: Create implementation for NSAccessibilityRow protocol peer + - JDK-8264303: Create implementation for NSAccessibilityTabGroup protocol peer + - JDK-8266239: Some duplicated javac command-line options have repeated effect + - JDK-8266510: Nimbus JTree default tree cell renderer does not use selected text color + - JDK-8266988: compiler/jvmci/compilerToVM/IsMatureTest.java fails with Unexpected isMature state for multiple times invoked method: expected false to equal true + - JDK-8267256: Extend minimal retry for loopback connections on Windows to PlainSocketImpl + - JDK-8267385: Create NSAccessibilityElement implementation for JavaComponentAccessibility + - JDK-8267387: Create implementation for NSAccessibilityOutline protocol + - JDK-8267388: Create implementation for NSAccessibilityTable protocol + - JDK-8268284: javax/swing/JComponent/7154030/bug7154030.java fails with "Exception: Failed to hide opaque button" + - JDK-8268294: Reusing HttpClient in a WebSocket.Listener hangs. + - JDK-8268361: Fix the infinite loop in next_line + - JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML + - JDK-8268464: Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests + - JDK-8268626: Remove native pre-jdk9 support for jtreg failure handler + - JDK-8268860: Windows-Aarch64 build is failing in GitHub actions + - JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc + - JDK-8268885: duplicate checkcast when destination type is not first type of intersection type + - JDK-8268893: jcmd to trim the glibc heap + - JDK-8268894: forged ASTs can provoke an AIOOBE at com.sun.tools.javac.jvm.ClassWriter::writePosition + - JDK-8268927: Windows: link error: unresolved external symbol "int __cdecl convert_to_unicode(char const *,wchar_t * *)" + - JDK-8269031: linux x86_64 check for binutils 2.25 or higher after 8265783 + - JDK-8269113: Javac throws when compiling switch (null) + - JDK-8269216: Useless initialization in com/sun/crypto/provider/PBES2Parameters.java + - JDK-8269269: [macos11] SystemIconTest fails with ClassCastException + - JDK-8269280: (bf) Replace StringBuffer in *Buffer.toString() + - JDK-8269481: SctpMultiChannel never releases own file descriptor + - JDK-8269637: javax/swing/JFileChooser/FileSystemView/SystemIconTest.java fails on windows + - JDK-8269656: The test test/langtools/tools/javac/versions/Versions.java has duplicate test cycles + - JDK-8269687: pauth_aarch64.hpp include name is incorrect + - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0 + - JDK-8269924: Shenandoah: Introduce weak/strong marking asserts + - JDK-8269951: [macos] Focus not painted in JButton when setBorderPainted(false) is invoked + - JDK-8270110: Shenandoah: Add test for JDK-8269661 + - JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to run in all LaFs, including Aqua on macOS + - JDK-8270171: Shenandoah: Cleanup TestStringDedup and TestStringDedupStress tests + - JDK-8270290: NTLM authentication fails if HEAD request is used + - JDK-8270317: Large Allocation in CipherSuite + - JDK-8270320: JDK-8270110 committed invalid copyright headers + - JDK-8270517: Add Zero support for LoongArch + - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS + - JDK-8270886: Crash in PhaseIdealLoop::verify_strip_mined_scheduling + - JDK-8270893: IndexOutOfBoundsException while reading large TIFF file + - JDK-8270901: Typo PHASE_CPP in CompilerPhaseType + - JDK-8270946: X509CertImpl.getFingerprint should not return the empty String + - JDK-8271071: accessibility of a table on macOS lacks cell navigation + - JDK-8271121: ZGC: stack overflow (segv) when -Xlog:gc+start=debug + - JDK-8271142: package help is not displayed for missing X11/extensions/Xrandr.h + - JDK-8271170: Add unit test for what jpackage app launcher puts in the environment + - JDK-8271215: Fix data races in G1PeriodicGCTask + - JDK-8271254: javac generates unreachable code when using empty semicolon statement + - JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with "lists don't have the same size expected" + - JDK-8271308: (fc) FileChannel.transferTo() transfers no more than Integer.MAX_VALUE bytes in one call + - JDK-8271315: Redo: Nimbus JTree renderer properties persist across L&F changes + - JDK-8271323: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -XX:TieredStopAtLevel=1 + - JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop + - JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java + - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity + - JDK-8271463: Updating RE Configs for Upcoming CPU Release 17.0.2 on master branch for jdk17u-cpu and jdk17u-cpu-open repos. + - JDK-8271490: [ppc] [s390]: Crash in JavaThread::pd_get_top_frame_for_profiling + - JDK-8271560: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java still fails due to "An established connection was aborted by the software in your host machine" + - JDK-8271567: AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions + - JDK-8271600: C2: CheckCastPP which should closely follow Allocate is sunk of a loop + - JDK-8271605: Update JMH devkit to 1.32 + - JDK-8271718: Crash when during color transformation the color profile is replaced + - JDK-8271722: [TESTBUG] gc/g1/TestMixedGCLiveThreshold.java can fail if G1 Full GC uses >1 workers + - JDK-8271855: [TESTBUG] Wrong weakCompareAndSet assumption in UnsafeIntrinsicsTest + - JDK-8271862: C2 intrinsic for Reference.refersTo() is often not used + - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. + - JDK-8271895: UnProblemList javax/swing/JComponent/7154030/bug7154030.java in JDK18 + - JDK-8271954: C2: assert(false) failed: Bad graph detected in build_loop_late + - JDK-8272047: java/nio/channels/FileChannel/Transfer2GPlus.java failed with Unexpected transfer size: 2147418112 + - JDK-8272095: ProblemList java/nio/channels/FileChannel/Transfer2GPlus.java on linux-aarch64 + - JDK-8272114: Unused _last_state in osThread_windows + - JDK-8272170: Missing memory barrier when checking active state for regions + - JDK-8272305: several hotspot runtime/modules don't check exit codes + - JDK-8272318: Improve performance of HeapDumpAllTest + - JDK-8272328: java.library.path is not set properly by Windows jpackage app launcher + - JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions + - JDK-8272345: macos doesn't check `os::set_boot_path()` result + - JDK-8272369: java/io/File/GetXSpace.java failed with "RuntimeException: java.nio.file.NoSuchFileException: /run/user/0" + - JDK-8272391: Undeleted debug information + - JDK-8272413: Incorrect num of element count calculation for vector cast + - JDK-8272473: Parsing epoch seconds at a DST transition with a non-UTC parser is wrong + - JDK-8272562: C2: assert(false) failed: Bad graph detected in build_loop_late + - JDK-8272570: C2: crash in PhaseCFG::global_code_motion + - JDK-8272574: C2: assert(false) failed: Bad graph detected in build_loop_late + - JDK-8272639: jpackaged applications using microphone on mac + - JDK-8272703: StressSeed should be set via FLAG_SET_ERGO + - JDK-8272720: Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit + - JDK-8272783: Epsilon: Refactor tests to improve performance + - JDK-8272836: Limit run time for java/lang/invoke/LFCaching tests + - JDK-8272838: Move CriticalJNI tests out of tier1 + - JDK-8272846: Move some runtime/Metaspace/elastic/ tests out of tier1 + - JDK-8272850: Drop zapping values in the Zap* option descriptions + - JDK-8272854: split runtime/CommandLine/PrintTouchedMethods.java test + - JDK-8272856: DoubleFlagWithIntegerValue uses G1GC-only flag + - JDK-8272859: Javadoc external links should only have feature version number in URL + - JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test groups + - JDK-8272970: Parallelize runtime/InvocationTests/ + - JDK-8272973: Incorrect compile command used by TestIllegalArrayCopyBeforeInfiniteLoop + - JDK-8273021: C2: Improve Add and Xor ideal optimizations + - JDK-8273026: Slow LoginContext.login() on multi threading application + - JDK-8273135: java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java crashes in liblcms.dylib with NULLSeek+0x7 + - JDK-8273165: GraphKit::combine_exception_states fails with "matching stack sizes" assert + - JDK-8273176: handle latest VS2019 in abstract_vm_version + - JDK-8273229: Update OS detection code to recognize Windows Server 2022 + - JDK-8273234: extended 'for' with expression of type tvar causes the compiler to crash + - JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on Windows 32bit + - JDK-8273278: Support XSLT on GraalVM Native Image--deterministic bytecode generation in XSLT + - JDK-8273308: PatternMatchTest.java fails on CI + - JDK-8273314: Add tier4 test groups + - JDK-8273315: Parallelize and increase timeouts for java/foreign/TestMatrix.java test + - JDK-8273318: Some containers/docker/TestJFREvents.java configs are running out of memory + - JDK-8273333: Zero should warn about unimplemented -XX:+LogTouchedMethods + - JDK-8273335: compiler/blackhole tests should not run with interpreter-only VMs + - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817 + - JDK-8273359: CI: ciInstanceKlass::get_canonical_holder() doesn't respect instance size + - JDK-8273361: InfoOptsTest is failing in tier1 + - JDK-8273373: Zero: Cannot invoke JVM in primordial threads on Zero + - JDK-8273375: Remove redundant 'new String' calls after concatenation in java.desktop + - JDK-8273376: Zero: Disable vtable/itableStub gtests + - JDK-8273378: Shenandoah: Remove the remaining uses of os::is_MP + - JDK-8273408: java.lang.AssertionError: typeSig ERROR on generated class property of record + - JDK-8273416: C2: assert(false) failed: bad AD file after JDK-8252372 with UseSSE={0,1} + - JDK-8273440: Zero: Disable runtime/Unsafe/InternalErrorTest.java + - JDK-8273450: Fix the copyright header of SVML files + - JDK-8273451: Remove unreachable return in mutexLocker::wait + - JDK-8273483: Zero: Clear pending JNI exception check in native method handler + - JDK-8273486: Zero: Handle DiagnoseSyncOnValueBasedClasses VM option + - JDK-8273487: Zero: Handle "zero" variant in runtime tests + - JDK-8273489: Zero: Handle UseHeavyMonitors on all monitorenter paths + - JDK-8273498: compiler/c2/Test7179138_1.java timed out + - JDK-8273505: runtime/cds/appcds/loaderConstraints/DynamicLoaderConstraintsTest.java#default-cl crashed with SIGSEGV in MetaspaceShared::link_shared_classes + - JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java failure + - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated + - JDK-8273592: Backout JDK-8271868 + - JDK-8273593: [REDO] Warn user when using mac-sign option with unsigned app-image. + - JDK-8273595: tools/jpackage tests do not work on apt-based Linux distros like Debian + - JDK-8273606: Zero: SPARC64 build fails with si_band type mismatch + - JDK-8273614: Shenandoah: intermittent timeout with ConcurrentGCBreakpoint tests + - JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F + - JDK-8273646: Add openssl from path variable also in to Default System Openssl Path in OpensslArtifactFetcher + - JDK-8273678: TableAccessibility and TableRowAccessibility miss autorelease + - JDK-8273695: Safepoint deadlock on VMOperation_lock + - JDK-8273790: Potential cyclic dependencies between Gregorian and CalendarSystem + - JDK-8273806: compiler/cpuflags/TestSSE4Disabled.java should test for CPU feature explicitly + - JDK-8273807: Zero: Drop incorrect test block from compiler/startup/NumCompilerThreadsCheck.java + - JDK-8273808: Cleanup AddFontsToX11FontPath + - JDK-8273826: Correct Manifest file name and NPE checks + - JDK-8273887: [macos] java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java timed out + - JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral + - JDK-8273902: Memory leak in OopStorage due to bug in OopHandle::release() + - JDK-8273924: ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add() + - JDK-8273935: (zipfs) Files.getFileAttributeView() throws UOE instead of returning null when view not supported + - JDK-8273958: gtest/MetaspaceGtests executes unnecessary tests in debug builds + - JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file path contains '+' character + - JDK-8273965: some testlibrary_tests/ir_framework tests fail when c1 disabled + - JDK-8273968: JCK javax_xml tests fail in CI + - JDK-8274056: JavaAccessibilityUtilities leaks JNI objects + - JDK-8274074: SIGFPE with C2 compiled code with -XX:+StressGCM + - JDK-8274083: Update testing docs to mention tiered testing + - JDK-8274087: Windows DLL path not set correctly. + - JDK-8274145: C2: condition incorrectly made redundant with dominating main loop exit condition + - JDK-8274205: Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC + - JDK-8274215: Remove globalsignr2ca root from 17.0.2 + - JDK-8274242: Implement fast-path for ASCII-compatible CharsetEncoders on x86 + - JDK-8274265: Suspicious string concatenation in logTestUtils.inline.hpp + - JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork is deprecated + - JDK-8274325: C4819 warning at vm_version_x86.cpp on Windows after JDK-8234160 + - JDK-8274326: [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m + - JDK-8274329: Fix non-portable HotSpot code in MethodMatcher::parse_method_pattern + - JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed "assert(m != __null) failed: NULL mirror" + - JDK-8274347: Passing a *nested* switch expression as a parameter causes an NPE during compile + - JDK-8274349: ForkJoinPool.commonPool() does not work with 1 CPU + - JDK-8274381: missing CAccessibility definitions in JNI code + - JDK-8274383: JNI call of getAccessibleSelection on a wrong thread + - JDK-8274401: C2: GraphKit::load_array_element bypasses Access API + - JDK-8274406: RunThese30M.java failed "assert(!LCA_orig->dominates(pred_block) || early->dominates(pred_block)) failed: early is high enough" + - JDK-8274407: (tz) Update Timezone Data to 2021c + - JDK-8274435: EXCEPTION_ACCESS_VIOLATION in BFSClosure::closure_impl + - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b + - JDK-8274468: TimeZoneTest.java fails with tzdata2021b + - JDK-8274501: c2i entry barriers read int as long on AArch64 + - JDK-8274521: jdk/jfr/event/gc/detailed/TestGCLockerEvent.java fails when other GC is selected + - JDK-8274522: java/lang/management/ManagementFactory/MXBeanException.java test fails with Shenandoah + - JDK-8274523: java/lang/management/MemoryMXBean/MemoryTest.java test should handle Shenandoah + - JDK-8274550: c2i entry barriers read int as long on PPC + - JDK-8274560: JFR: Add test for OldObjectSample event when using Shenandoah + - JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test + - JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with NoSuchElementException after JDK-8271287 + - JDK-8274716: JDWP Spec: the description for the Dispose command confuses suspend with resume. + - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily + - JDK-8274770: [PPC64] resolve_jobject needs a generic implementation to support load barriers + - JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently fails on weak memory model platform + - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST + - JDK-8274840: Update OS detection code to recognize Windows 11 + - JDK-8274848: LambdaMetaFactory::metafactory on REF_invokeSpecial impl method has incorrect behavior + - JDK-8274851: [ppc64] Port zgc to linux on ppc64le + - JDK-8274942: AssertionError at jdk.compiler/com.sun.tools.javac.util.Assert.error(Assert.java:155) + - JDK-8275008: gtest build failure due to stringop-overflow warning with gcc11 + - JDK-8275049: [ZGC] missing null check in ZNMethod::log_register + - JDK-8275051: Shenandoah: Correct ordering of requested gc cause and gc request flag + - JDK-8275071: [macos] A11y cursor gets stuck when combobox is closed + - JDK-8275104: IR framework does not handle client VM builds correctly + - JDK-8275110: Correct RE Configs for CPU Release 17.0.2 on master branch for jdk17u-cpu and jdk17u-cpu-open repos. + - JDK-8275131: Exceptions after a touchpad gesture on macOS + - JDK-8275141: recover corrupted line endings for the version-numbers.conf + - JDK-8275145: file.encoding system property has an incorrect value on Windows + - JDK-8275226: Shenandoah: Relax memory constraint for worker claiming tasks/ranges + - JDK-8275302: unexpected compiler error: cast, intersection types and sealed + - JDK-8275426: PretouchTask num_chunks calculation can overflow + - JDK-8275604: Zero: Reformat opclabels_data + - JDK-8275666: serviceability/jvmti/GetObjectSizeClass.java shouldn't have vm.flagless + - JDK-8275703: System.loadLibrary fails on Big Sur for libraries hidden from filesystem + - JDK-8275720: CommonComponentAccessibility.createWithParent isWrapped causes mem leak + - JDK-8275766: (tz) Update Timezone Data to 2021e + - JDK-8275809: crash in [CommonComponentAccessibility getCAccessible:withEnv:] + - JDK-8275811: Incorrect instance to dispose + - JDK-8275819: [TableRowAccessibility accessibilityChildren] method is ineffective + - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e + - JDK-8275863: Use encodeASCII for ASCII-compatible DoubleByte encodings + - JDK-8275872: Sync J2DBench run and analyze Makefile targets with build.xml + - JDK-8276025: Hotspot's libsvml.so may conflict with user dependency + - JDK-8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance + - JDK-8276076: Updating RE Configs for BUILD REQUEST 17.0.2+3 + - JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle rounding correctly + - JDK-8276112: Inconsistent scalar replacement debug info at safepoints + - JDK-8276122: Change openjdk project in jcheck to jdk-updates + - JDK-8276130: Fix Github Actions of JDK17u to account for update version scheme + - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test + - JDK-8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32 + - JDK-8276201: Shenandoah: Race results degenerated GC to enter wrong entry point + - JDK-8276205: Shenandoah: CodeCache_lock should always be held for initializing code cache iteration + - JDK-8276306: jdk/jshell/CustomInputToolBuilder.java fails intermittently on storage acquisition + - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766 + - JDK-8276550: Use SHA256 hash in build.tools.depend.Depend + - JDK-8276572: Fake libsyslookup.so library causes tooling issues + - JDK-8276774: Cookie stored in CookieHandler not sent if user headers contain cookie + - JDK-8276801: gc/stress/CriticalNativeStress.java fails intermittently with Shenandoah + - JDK-8276805: java/awt/print/PrinterJob/CheckPrivilege.java fails due to disabled SecurityManager + - JDK-8276845: (fs) java/nio/file/spi/SetDefaultProvider.java fails on x86_32 + - JDK-8276846: JDK-8273416 is incomplete for UseSSE=1 + - JDK-8276854: Windows GHA builds fail due to broken Cygwin + - JDK-8276864: Update boot JDKs to 17.0.1 in GHA + - JDK-8276905: Use appropriate macosx_version_minimum value while compiling metal shaders + - JDK-8276927: [ppc64] Port shenandoahgc to linux on ppc64le + - JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify output array sizes + - JDK-8277093: Vector should throw ClassNotFoundException for a missing class of an element + - JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points + - JDK-8277195: missing CAccessibility definition in [CommonComponentAccessibility accessibilityHitTest] + - JDK-8277212: GC accidentally cleans valid megamorphic vtable inline caches + - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE + - JDK-8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint + - JDK-8277981: String Deduplication table is never cleaned up due to bad dead_factor_for_cleanup + +Notes on individual issues: +=========================== + +core-libs/java.io:serialization: + +JDK-8277157: Vector should throw ClassNotFoundException for a missing class of an element +========================================================================================= +`java.util.Vector` is updated to correctly report +`ClassNotFoundException that occurs during deserialization using +`java.io.ObjectInputStream.GetField.get(name, object)` when the class +of an element of the Vector is not found. Without this fix, a +`StreamCorruptedException` is thrown that does not provide information +about the missing class. + +security-libs/java.security: + +JDK-8272535: Removed Google's GlobalSign Root Certificate +========================================================= +The following root certificate from Google has been removed from the +`cacerts` keystore: + +Alias Name: globalsignr2ca [jdk] +Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 + +core-libs/java.io: + +JDK-8275343: file.encoding System Property Has an Incorrect Value on Windows +============================================================================ +The initialization of the `file.encoding` system property on non macOS +platforms has been reverted to align with the behavior on or before +JDK 11. This has been an issue especially on Windows where the system +and user's locales are not the same. + +hotspot/gc: + +JDK-8277533: ZGC: Fixed long Process Non-Strong References times +================================================================ +A bug has been fixed that could cause long "Concurrent Process +Non-Strong References" times with ZGC. The bug blocked the GC from +making significant progress, and caused both latency and throughput +issues for the Java application. + +The long times could be seen in the GC logs when running with `-Xlog:gc*` e.g. + +[17606.140s][info][gc,phases ] GC(719) Concurrent Process Non-Strong References 25781.928ms + +core-libs/java.time: + +JDK-8274857: Update Timezone Data to 2021c +=========================================== +IANA Time Zone Database, on which JDK's Date/Time libraries are based, +has been updated to version 2021c +(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note +that with this update, some of the time zone rules prior to the year +1970 have been modified according to the changes which were introduced +with 2021b. For more detail, refer to the announcement of 2021b +(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html) + New in release OpenJDK 17.0.1 (2021-10-19): =========================================== Live versions of these release notes can be found at: diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec index 8fb8746..4bf463c 100644 --- a/java-latest-openjdk.spec +++ b/java-latest-openjdk.spec @@ -284,7 +284,7 @@ # New Version-String scheme-style defines %global featurever 17 %global interimver 0 -%global updatever 1 +%global updatever 2 %global patchver 0 # If you bump featurever, you must also bump vendor_version_string # Used via new version scheme. JDK 17 was @@ -294,10 +294,15 @@ # but in time of bootstrap of next jdk, it is featurever-1, # and this it is better to change it here, on single place %global buildjdkver 17 -# We don't add any LTS designator for STS packages (this package). -# Neither for Fedora nor EPEL which would have %%{rhel} macro defined. +# We don't add any LTS designator for STS packages (Fedora and EPEL). +# We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined. +%if 0%{?rhel} && !0%{?epel} + %global lts_designator "LTS" + %global lts_designator_zip -%{lts_designator} +%else %global lts_designator "" %global lts_designator_zip "" +%endif # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 @@ -307,8 +312,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 12 -%global rpmrelease 16 +%global buildver 8 +%global rpmrelease 1 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -808,7 +813,7 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so %ifarch %{svml_arches} -%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsvml.so +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libjsvml.so %endif %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsyslookup.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libverify.so @@ -1304,9 +1309,6 @@ Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch # OpenJDK patches in need of upstreaming # ############################################# -# JDK-8276572: Fake libsyslookup.so library causes tooling issues -Patch2000: jdk8276572-fake_libsyslookup_causes_tooling_issues.patch - BuildRequires: autoconf BuildRequires: automake @@ -1721,8 +1723,6 @@ popd # openjdk %patch1015 %patch1016 -%patch2000 - # Extract systemtap tapsets %if %{with_systemtap} tar --strip-components=1 -x -I xz -f %{SOURCE8} @@ -2477,6 +2477,16 @@ cjc.mainProgram(args) %endif %changelog +* Mon Jan 24 2022 Andrew Hughes - 1:17.0.2.0.8-1.rolling +- January 2022 security update to jdk 17.0.2+8 +- Extend LTS check to exclude EPEL. +- Rename libsvml.so to libjsvml.so following JDK-8276025 +- Remove JDK-8276572 patch which is now upstream. +- Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java + +* Mon Jan 24 2022 Severin Gehwolf - 1:17.0.2.0.8-1.rolling +- Set LTS designator. + * Mon Jan 24 2022 Andrew Hughes - 1:17.0.1.0.12-16.rolling - Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent diff --git a/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch b/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch deleted file mode 100644 index dee144b..0000000 --- a/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch +++ /dev/null @@ -1,21 +0,0 @@ -commit a4724332098cd8bff44ee27e9190fd28fa5c1865 -Author: Andrew John Hughes -Date: Fri Nov 5 21:05:42 2021 +0000 - - 8276572: Fake libsyslookup.so library causes tooling issues - - Reviewed-by: shade, mcimadamore - -diff --git openjdk.orig/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c openjdk/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c -index fdf99866786..b1f543bfdb7 100644 ---- openjdk.orig/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c -+++ openjdk/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c -@@ -26,3 +26,8 @@ - // Note: the include below is not strictly required, as dependencies will be pulled using linker flags. - // Adding at least one #include removes unwanted warnings on some platforms. - #include -+ -+// Simple dummy function so this library appears as a normal library to tooling. -+char* syslookup() { -+ return "syslookup"; -+} diff --git a/rh1995150-disable_non-fips_crypto.patch b/rh1995150-disable_non-fips_crypto.patch index b3d0ae7..de06552 100644 --- a/rh1995150-disable_non-fips_crypto.patch +++ b/rh1995150-disable_non-fips_crypto.patch @@ -1,18 +1,18 @@ -diff --git openjdk/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java -index 9d4a794de1a..39e69362458 100644 ---- openjdk/src/java.base/share/classes/module-info.java +diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java +index 63bb580eb3a..238735c0c8c 100644 +--- openjdk.orig/src/java.base/share/classes/module-info.java +++ openjdk/src/java.base/share/classes/module-info.java -@@ -151,6 +151,7 @@ module java.base { - java.management, +@@ -152,6 +152,7 @@ module java.base { java.naming, java.rmi, + jdk.charsets, + jdk.crypto.ec, jdk.jartool, jdk.jlink, jdk.net, -diff --git openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java -index 912cad59714..c5e13c98bd9 100644 ---- openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java +diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java +index 912cad59714..7cb5ebcde51 100644 +--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -30,6 +30,7 @@ import java.net.*; import java.util.*; @@ -52,149 +52,7 @@ index 912cad59714..c5e13c98bd9 100644 - if (NativePRNG.NonBlocking.isAvailable()) { - add(p, "SecureRandom", "NativePRNGNonBlocking", - "sun.security.provider.NativePRNG$NonBlocking", attrs); -+ if (!systemFipsEnabled) { -+ /* -+ * SecureRandom engines -+ */ -+ attrs.put("ThreadSafe", "true"); -+ if (NativePRNG.isAvailable()) { -+ add(p, "SecureRandom", "NativePRNG", -+ "sun.security.provider.NativePRNG", attrs); -+ } -+ if (NativePRNG.Blocking.isAvailable()) { -+ add(p, "SecureRandom", "NativePRNGBlocking", -+ "sun.security.provider.NativePRNG$Blocking", attrs); -+ } -+ if (NativePRNG.NonBlocking.isAvailable()) { -+ add(p, "SecureRandom", "NativePRNGNonBlocking", -+ "sun.security.provider.NativePRNG$NonBlocking", attrs); -+ } -+ attrs.put("ImplementedIn", "Software"); -+ add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs); -+ add(p, "SecureRandom", "SHA1PRNG", -+ "sun.security.provider.SecureRandom", attrs); -+ -+ /* -+ * Signature engines -+ */ -+ attrs.clear(); -+ String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + -+ "|java.security.interfaces.DSAPrivateKey"; -+ attrs.put("SupportedKeyClasses", dsaKeyClasses); -+ attrs.put("ImplementedIn", "Software"); -+ -+ attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures -+ -+ addWithAlias(p, "Signature", "SHA1withDSA", -+ "sun.security.provider.DSA$SHA1withDSA", attrs); -+ addWithAlias(p, "Signature", "NONEwithDSA", -+ "sun.security.provider.DSA$RawDSA", attrs); -+ -+ // for DSA signatures with 224/256-bit digests -+ attrs.put("KeySize", "2048"); -+ -+ addWithAlias(p, "Signature", "SHA224withDSA", -+ "sun.security.provider.DSA$SHA224withDSA", attrs); -+ addWithAlias(p, "Signature", "SHA256withDSA", -+ "sun.security.provider.DSA$SHA256withDSA", attrs); -+ -+ addWithAlias(p, "Signature", "SHA3-224withDSA", -+ "sun.security.provider.DSA$SHA3_224withDSA", attrs); -+ addWithAlias(p, "Signature", "SHA3-256withDSA", -+ "sun.security.provider.DSA$SHA3_256withDSA", attrs); -+ -+ attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests -+ -+ addWithAlias(p, "Signature", "SHA384withDSA", -+ "sun.security.provider.DSA$SHA384withDSA", attrs); -+ addWithAlias(p, "Signature", "SHA512withDSA", -+ "sun.security.provider.DSA$SHA512withDSA", attrs); -+ addWithAlias(p, "Signature", "SHA3-384withDSA", -+ "sun.security.provider.DSA$SHA3_384withDSA", attrs); -+ addWithAlias(p, "Signature", "SHA3-512withDSA", -+ "sun.security.provider.DSA$SHA3_512withDSA", attrs); -+ -+ attrs.remove("KeySize"); -+ -+ add(p, "Signature", "SHA1withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA1withDSAinP1363Format"); -+ add(p, "Signature", "NONEwithDSAinP1363Format", -+ "sun.security.provider.DSA$RawDSAinP1363Format"); -+ add(p, "Signature", "SHA224withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA224withDSAinP1363Format"); -+ add(p, "Signature", "SHA256withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA256withDSAinP1363Format"); -+ add(p, "Signature", "SHA384withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA384withDSAinP1363Format"); -+ add(p, "Signature", "SHA512withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA512withDSAinP1363Format"); -+ add(p, "Signature", "SHA3-224withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA3_224withDSAinP1363Format"); -+ add(p, "Signature", "SHA3-256withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA3_256withDSAinP1363Format"); -+ add(p, "Signature", "SHA3-384withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA3_384withDSAinP1363Format"); -+ add(p, "Signature", "SHA3-512withDSAinP1363Format", -+ "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); -+ /* -+ * Key Pair Generator engines -+ */ -+ attrs.clear(); -+ attrs.put("ImplementedIn", "Software"); -+ attrs.put("KeySize", "2048"); // for DSA KPG and APG only -+ -+ String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; -+ dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); -+ addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); -+ -+ /* -+ * Algorithm Parameter Generator engines -+ */ -+ addWithAlias(p, "AlgorithmParameterGenerator", "DSA", -+ "sun.security.provider.DSAParameterGenerator", attrs); -+ attrs.remove("KeySize"); -+ -+ /* -+ * Algorithm Parameter engines -+ */ -+ addWithAlias(p, "AlgorithmParameters", "DSA", -+ "sun.security.provider.DSAParameters", attrs); -+ -+ /* -+ * Key factories -+ */ -+ addWithAlias(p, "KeyFactory", "DSA", -+ "sun.security.provider.DSAKeyFactory", attrs); -+ -+ /* -+ * Digest engines -+ */ -+ add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs); -+ add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs); -+ addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA", -+ attrs); -+ -+ addWithAlias(p, "MessageDigest", "SHA-224", -+ "sun.security.provider.SHA2$SHA224", attrs); -+ addWithAlias(p, "MessageDigest", "SHA-256", -+ "sun.security.provider.SHA2$SHA256", attrs); -+ addWithAlias(p, "MessageDigest", "SHA-384", -+ "sun.security.provider.SHA5$SHA384", attrs); -+ addWithAlias(p, "MessageDigest", "SHA-512", -+ "sun.security.provider.SHA5$SHA512", attrs); -+ addWithAlias(p, "MessageDigest", "SHA-512/224", -+ "sun.security.provider.SHA5$SHA512_224", attrs); -+ addWithAlias(p, "MessageDigest", "SHA-512/256", -+ "sun.security.provider.SHA5$SHA512_256", attrs); -+ addWithAlias(p, "MessageDigest", "SHA3-224", -+ "sun.security.provider.SHA3$SHA224", attrs); -+ addWithAlias(p, "MessageDigest", "SHA3-256", -+ "sun.security.provider.SHA3$SHA256", attrs); -+ addWithAlias(p, "MessageDigest", "SHA3-384", -+ "sun.security.provider.SHA3$SHA384", attrs); -+ addWithAlias(p, "MessageDigest", "SHA3-512", -+ "sun.security.provider.SHA3$SHA512", attrs); - } +- } - attrs.put("ImplementedIn", "Software"); - add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs); - add(p, "SecureRandom", "SHA1PRNG", @@ -268,30 +126,133 @@ index 912cad59714..c5e13c98bd9 100644 - attrs.clear(); - attrs.put("ImplementedIn", "Software"); - attrs.put("KeySize", "2048"); // for DSA KPG and APG only -- ++ if (!systemFipsEnabled) { ++ /* ++ * SecureRandom engines ++ */ ++ attrs.put("ThreadSafe", "true"); ++ if (NativePRNG.isAvailable()) { ++ add(p, "SecureRandom", "NativePRNG", ++ "sun.security.provider.NativePRNG", attrs); ++ } ++ if (NativePRNG.Blocking.isAvailable()) { ++ add(p, "SecureRandom", "NativePRNGBlocking", ++ "sun.security.provider.NativePRNG$Blocking", attrs); ++ } ++ if (NativePRNG.NonBlocking.isAvailable()) { ++ add(p, "SecureRandom", "NativePRNGNonBlocking", ++ "sun.security.provider.NativePRNG$NonBlocking", attrs); ++ } ++ attrs.put("ImplementedIn", "Software"); ++ add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs); ++ add(p, "SecureRandom", "SHA1PRNG", ++ "sun.security.provider.SecureRandom", attrs); + - String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; - dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); - addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); -- ++ /* ++ * Signature engines ++ */ ++ attrs.clear(); ++ String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + ++ "|java.security.interfaces.DSAPrivateKey"; ++ attrs.put("SupportedKeyClasses", dsaKeyClasses); ++ attrs.put("ImplementedIn", "Software"); ++ ++ attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures ++ ++ addWithAlias(p, "Signature", "SHA1withDSA", ++ "sun.security.provider.DSA$SHA1withDSA", attrs); ++ addWithAlias(p, "Signature", "NONEwithDSA", ++ "sun.security.provider.DSA$RawDSA", attrs); ++ ++ // for DSA signatures with 224/256-bit digests ++ attrs.put("KeySize", "2048"); ++ ++ addWithAlias(p, "Signature", "SHA224withDSA", ++ "sun.security.provider.DSA$SHA224withDSA", attrs); ++ addWithAlias(p, "Signature", "SHA256withDSA", ++ "sun.security.provider.DSA$SHA256withDSA", attrs); ++ ++ addWithAlias(p, "Signature", "SHA3-224withDSA", ++ "sun.security.provider.DSA$SHA3_224withDSA", attrs); ++ addWithAlias(p, "Signature", "SHA3-256withDSA", ++ "sun.security.provider.DSA$SHA3_256withDSA", attrs); ++ ++ attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests ++ ++ addWithAlias(p, "Signature", "SHA384withDSA", ++ "sun.security.provider.DSA$SHA384withDSA", attrs); ++ addWithAlias(p, "Signature", "SHA512withDSA", ++ "sun.security.provider.DSA$SHA512withDSA", attrs); ++ addWithAlias(p, "Signature", "SHA3-384withDSA", ++ "sun.security.provider.DSA$SHA3_384withDSA", attrs); ++ addWithAlias(p, "Signature", "SHA3-512withDSA", ++ "sun.security.provider.DSA$SHA3_512withDSA", attrs); ++ ++ attrs.remove("KeySize"); ++ ++ add(p, "Signature", "SHA1withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA1withDSAinP1363Format"); ++ add(p, "Signature", "NONEwithDSAinP1363Format", ++ "sun.security.provider.DSA$RawDSAinP1363Format"); ++ add(p, "Signature", "SHA224withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA224withDSAinP1363Format"); ++ add(p, "Signature", "SHA256withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA256withDSAinP1363Format"); ++ add(p, "Signature", "SHA384withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA384withDSAinP1363Format"); ++ add(p, "Signature", "SHA512withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA512withDSAinP1363Format"); ++ add(p, "Signature", "SHA3-224withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA3_224withDSAinP1363Format"); ++ add(p, "Signature", "SHA3-256withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA3_256withDSAinP1363Format"); ++ add(p, "Signature", "SHA3-384withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA3_384withDSAinP1363Format"); ++ add(p, "Signature", "SHA3-512withDSAinP1363Format", ++ "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); ++ /* ++ * Key Pair Generator engines ++ */ ++ attrs.clear(); ++ attrs.put("ImplementedIn", "Software"); ++ attrs.put("KeySize", "2048"); // for DSA KPG and APG only + - /* - * Algorithm Parameter Generator engines - */ - addWithAlias(p, "AlgorithmParameterGenerator", "DSA", - "sun.security.provider.DSAParameterGenerator", attrs); - attrs.remove("KeySize"); -- ++ String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; ++ dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); ++ addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); + - /* - * Algorithm Parameter engines - */ - addWithAlias(p, "AlgorithmParameters", "DSA", - "sun.security.provider.DSAParameters", attrs); -- ++ /* ++ * Algorithm Parameter Generator engines ++ */ ++ addWithAlias(p, "AlgorithmParameterGenerator", "DSA", ++ "sun.security.provider.DSAParameterGenerator", attrs); ++ attrs.remove("KeySize"); + - /* - * Key factories - */ - addWithAlias(p, "KeyFactory", "DSA", - "sun.security.provider.DSAKeyFactory", attrs); -- ++ /* ++ * Algorithm Parameter engines ++ */ ++ addWithAlias(p, "AlgorithmParameters", "DSA", ++ "sun.security.provider.DSAParameters", attrs); + - /* - * Digest engines - */ @@ -299,7 +260,12 @@ index 912cad59714..c5e13c98bd9 100644 - add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs); - addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA", - attrs); -- ++ /* ++ * Key factories ++ */ ++ addWithAlias(p, "KeyFactory", "DSA", ++ "sun.security.provider.DSAKeyFactory", attrs); + - addWithAlias(p, "MessageDigest", "SHA-224", - "sun.security.provider.SHA2$SHA224", attrs); - addWithAlias(p, "MessageDigest", "SHA-256", @@ -320,12 +286,41 @@ index 912cad59714..c5e13c98bd9 100644 - "sun.security.provider.SHA3$SHA384", attrs); - addWithAlias(p, "MessageDigest", "SHA3-512", - "sun.security.provider.SHA3$SHA512", attrs); ++ /* ++ * Digest engines ++ */ ++ add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs); ++ add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs); ++ addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA", ++ attrs); ++ ++ addWithAlias(p, "MessageDigest", "SHA-224", ++ "sun.security.provider.SHA2$SHA224", attrs); ++ addWithAlias(p, "MessageDigest", "SHA-256", ++ "sun.security.provider.SHA2$SHA256", attrs); ++ addWithAlias(p, "MessageDigest", "SHA-384", ++ "sun.security.provider.SHA5$SHA384", attrs); ++ addWithAlias(p, "MessageDigest", "SHA-512", ++ "sun.security.provider.SHA5$SHA512", attrs); ++ addWithAlias(p, "MessageDigest", "SHA-512/224", ++ "sun.security.provider.SHA5$SHA512_224", attrs); ++ addWithAlias(p, "MessageDigest", "SHA-512/256", ++ "sun.security.provider.SHA5$SHA512_256", attrs); ++ addWithAlias(p, "MessageDigest", "SHA3-224", ++ "sun.security.provider.SHA3$SHA224", attrs); ++ addWithAlias(p, "MessageDigest", "SHA3-256", ++ "sun.security.provider.SHA3$SHA256", attrs); ++ addWithAlias(p, "MessageDigest", "SHA3-384", ++ "sun.security.provider.SHA3$SHA384", attrs); ++ addWithAlias(p, "MessageDigest", "SHA3-512", ++ "sun.security.provider.SHA3$SHA512", attrs); ++ } /* * Certificates -diff --git openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java -index 8c9e4f9dbe6..9eeb3013e0d 100644 ---- openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java +diff --git openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java +index 8c9e4f9dbe6..883dc04758e 100644 +--- openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java +++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java @@ -38,6 +38,7 @@ import java.util.HashMap; import java.util.Iterator; diff --git a/rh1996182-login_to_nss_software_token.patch b/rh1996182-login_to_nss_software_token.patch index 475c521..96a8204 100644 --- a/rh1996182-login_to_nss_software_token.patch +++ b/rh1996182-login_to_nss_software_token.patch @@ -5,13 +5,13 @@ Date: Sat Aug 28 00:35:44 2021 +0100 RH1996182: Login to the NSS Software Token in FIPS Mode diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java -index 39e69362458..aeb5fc2eb46 100644 +index 238735c0c8c..dbbf11bbb22 100644 --- openjdk.orig/src/java.base/share/classes/module-info.java +++ openjdk/src/java.base/share/classes/module-info.java -@@ -151,6 +151,7 @@ module java.base { - java.management, +@@ -152,6 +152,7 @@ module java.base { java.naming, java.rmi, + jdk.charsets, + jdk.crypto.cryptoki, jdk.crypto.ec, jdk.jartool, diff --git a/sources b/sources index 1824428..22e666f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30 -SHA512 (openjdk-jdk17u-jdk-17.0.1+12.tar.xz) = d9503de1001e42657ddb2600e1141d4169e333f0592ce3ad3c4ce14f817ca73a6bf6fb867e15930150c7b55e8fd4c4cd73d43984979e721df481a9ac7919580c +SHA512 (openjdk-jdk17u-jdk-17.0.2+8.tar.xz) = 03371771574c19c38f9091eaad7c46d1638c95e5a3ab16e5ce540bf0f9dcbf8f60fd3848f75fd6fb5eb5fa35a91ca8a6a7b582ce4cf5c7cd2efe6c0957c98719