Compare commits
146 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
3b7a64c61c | ||
|
f7ce8c82a3 | ||
|
b4e6a520f9 | ||
|
c9b6c1b9f0 | ||
|
e7bdf2e86c | ||
|
6e7911be34 | ||
|
d66bf86c49 | ||
|
3f2f52a2a3 | ||
|
08334d8ce1 | ||
|
f4dcf6aa0f | ||
|
79f3eb8ebc | ||
|
33f0849565 | ||
|
fa0aa4658c | ||
|
c2d24ea271 | ||
|
47c2f1ddce | ||
|
f94bceceab | ||
|
f206f3a913 | ||
|
7d90e62473 | ||
|
742fc4c474 | ||
|
26e1d8bb6d | ||
|
7bc45a5253 | ||
|
624750adb4 | ||
|
fcc7371149 | ||
|
40e63ef0cc | ||
|
4c04ead0c3 | ||
|
fb85c81739 | ||
|
f4cdbe8673 | ||
|
b4e869d71c | ||
|
eaab09411c | ||
|
3c5126e20f | ||
|
d51da6f4c2 | ||
|
48dbe4bbff | ||
|
ed4b79a683 | ||
|
0bb7626ce6 | ||
|
487c5b54b4 | ||
|
aadc529dd1 | ||
|
a0812df57d | ||
|
1b7a9fc8f1 | ||
|
82a565bf80 | ||
|
21e63a4b52 | ||
|
dc05b09f75 | ||
|
d62b3d65d1 | ||
|
b0564c69d6 | ||
|
31a223aed4 | ||
|
461ed378a5 | ||
|
241e828cfe | ||
|
6837909120 | ||
|
62ce7fecfc | ||
|
5deee57a12 | ||
|
68acf88023 | ||
|
28b9940eba | ||
|
18b2f76565 | ||
|
e70d9ec500 | ||
|
fb48b1ebd8 | ||
|
2891e38fa2 | ||
|
f2132d86ba | ||
|
37b7b79aff | ||
|
53cd241c34 | ||
|
37b0e84cf4 | ||
|
619b0b263e | ||
|
e426a3c6f9 | ||
|
e16ee29c24 | ||
|
e79cabf8e2 | ||
|
e3ed81b032 | ||
|
7bc094fb91 | ||
|
e22fd4035f | ||
|
2849b03224 | ||
|
4a0847cae5 | ||
|
825f19b8f0 | ||
|
404b8548a4 | ||
|
a1a350dc3a | ||
|
51bd7e14da | ||
|
3d30d08e0a | ||
|
cd1b221136 | ||
|
ed8c45a36f | ||
|
7ba3ca3fe3 | ||
|
551c2470a9 | ||
|
fbb116c651 | ||
|
c5efa6bf32 | ||
|
7f939719de | ||
|
73660e4cfb | ||
|
ca2c8684b4 | ||
|
b6e8960be7 | ||
|
31af2fd707 | ||
|
b589be7c4e | ||
|
92dbe308db | ||
|
b17bd784ca | ||
|
f1c21a95e3 | ||
|
ff16d76c57 | ||
|
29495176b1 | ||
|
ed681ea347 | ||
|
49dc59a59a | ||
|
30e2db7344 | ||
|
cf132698ce | ||
|
1ed171d1c7 | ||
|
b1f2c50f6a | ||
|
cadeb47ec0 | ||
|
29d5d3d74f | ||
|
4848b860de | ||
|
01a09a2b74 | ||
|
57a00fe359 | ||
|
a64f9d7aa2 | ||
|
05a8506fe4 | ||
|
a3e31f598f | ||
|
f8b9b4d90e | ||
|
02b4241e50 | ||
|
e63e26c813 | ||
|
ad7e0b66c9 | ||
|
c45e4e4277 | ||
|
ed5ef5c69e | ||
|
e0187b47d0 | ||
|
9d47beb6f3 | ||
|
eb30299f93 | ||
|
d252fc5a16 | ||
|
8fe8ade02f | ||
|
e810d7e2c4 | ||
|
a7734237a6 | ||
|
a12c2576b2 | ||
|
0f4f0ca435 | ||
|
76e4b4f5dd | ||
|
c26a916edf | ||
|
82e5b342fd | ||
|
a6c61be805 | ||
|
20d8edbf09 | ||
|
2c7ed40a2c | ||
|
b473268bb0 | ||
|
3a77472506 | ||
|
2fc99891cd | ||
|
8c42f42635 | ||
|
da8c46f7d3 | ||
|
d38ad1131f | ||
|
9e4956444e | ||
|
1f6e6f78cf | ||
|
ff60a6acf5 | ||
|
444e4c150c | ||
|
299a6e37e6 | ||
|
1ea21783a7 | ||
|
7069fae5c0 | ||
|
5a901e2027 | ||
|
110204edec | ||
|
aee972ad11 | ||
|
9c1454ec0e | ||
|
680ace882d | ||
|
5dcc96ae54 | ||
|
30796d51fa | ||
|
a1e75b717d |
29
.gitignore
vendored
29
.gitignore
vendored
@ -1,2 +1,31 @@
|
||||
/jdk-jdk12-jdk-12+33.tar.xz
|
||||
/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
|
||||
/jdk-updates-jdk12u-jdk-12.0.1+12.tar.xz
|
||||
/jdk-jdk13-jdk-13+27.tar.xz
|
||||
/jdk-jdk13-jdk-13+28.tar.xz
|
||||
/jdk-jdk13-jdk-13+33.tar.xz
|
||||
/jdk-updates-jdk13u-jdk-13.0.1+9.tar.xz
|
||||
/jdk-updates-jdk13u-jdk-13.0.2+8.tar.xz
|
||||
/jdk-jdk14-jdk-14+36.tar.xz
|
||||
/jdk-updates-jdk14u-jdk-14.0.1+7.tar.xz
|
||||
/jdk-updates-jdk14u-jdk-14.0.2+12.tar.xz
|
||||
/jdk-jdk15-jdk-15+36.tar.xz
|
||||
/jdk-updates-jdk15u-jdk-15.0.1+9.tar.xz
|
||||
/tapsets-icedtea-3.15.0.tar.xz
|
||||
/jdk-updates-jdk15u-jdk-15.0.2+7.tar.xz
|
||||
/openjdk-jdk16-jdk-16+36.tar.xz
|
||||
/openjdk-jdk16u-jdk-16.0.1+9.tar.xz
|
||||
/openjdk-jdk17-jdk-17+26.tar.xz
|
||||
/openjdk-jdk17-jdk-17+33.tar.xz
|
||||
/openjdk-jdk17-jdk-17+35.tar.xz
|
||||
/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
|
||||
/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
|
||||
/openjdk-jdk-jdk-18+27.tar.xz
|
||||
/openjdk-jdk18-jdk-18+27.tar.xz
|
||||
/openjdk-jdk18-jdk-18+37.tar.xz
|
||||
/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
|
||||
/openjdk-jdk18u-jdk-18.0.1+10.tar.xz
|
||||
/openjdk-jdk18u-jdk-18.0.1.1+2.tar.xz
|
||||
/openjdk-jdk18u-jdk-18.0.2+9.tar.xz
|
||||
/openjdk-jdk19u-jdk-19+36.tar.xz
|
||||
|
65
CheckVendor.java
Normal file
65
CheckVendor.java
Normal file
@ -0,0 +1,65 @@
|
||||
/* CheckVendor -- Check the vendor properties match specified values.
|
||||
Copyright (C) 2020 Red Hat, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public class CheckVendor {
|
||||
|
||||
public static void main(String[] args) {
|
||||
if (args.length < 4) {
|
||||
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL> <VENDOR-VERSION-STRING>");
|
||||
System.exit(1);
|
||||
}
|
||||
|
||||
String vendor = System.getProperty("java.vendor");
|
||||
String expectedVendor = args[0];
|
||||
String vendorURL = System.getProperty("java.vendor.url");
|
||||
String expectedVendorURL = args[1];
|
||||
String vendorBugURL = System.getProperty("java.vendor.url.bug");
|
||||
String expectedVendorBugURL = args[2];
|
||||
String vendorVersionString = System.getProperty("java.vendor.version");
|
||||
String expectedVendorVersionString = args[3];
|
||||
|
||||
if (!expectedVendor.equals(vendor)) {
|
||||
System.err.printf("Invalid vendor %s, expected %s\n",
|
||||
vendor, expectedVendor);
|
||||
System.exit(2);
|
||||
}
|
||||
|
||||
if (!expectedVendorURL.equals(vendorURL)) {
|
||||
System.err.printf("Invalid vendor URL %s, expected %s\n",
|
||||
vendorURL, expectedVendorURL);
|
||||
System.exit(3);
|
||||
}
|
||||
|
||||
if (!expectedVendorBugURL.equals(vendorBugURL)) {
|
||||
System.err.printf("Invalid vendor bug URL %s, expected %s\n",
|
||||
vendorBugURL, expectedVendorBugURL);
|
||||
System.exit(4);
|
||||
}
|
||||
|
||||
if (!expectedVendorVersionString.equals(vendorVersionString)) {
|
||||
System.err.printf("Invalid vendor version string %s, expected %s\n",
|
||||
vendorVersionString, expectedVendorVersionString);
|
||||
System.exit(5);
|
||||
}
|
||||
|
||||
System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
|
||||
vendor, vendorURL, vendorBugURL, vendorVersionString);
|
||||
}
|
||||
}
|
126
NEWS
Normal file
126
NEWS
Normal file
@ -0,0 +1,126 @@
|
||||
Key:
|
||||
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 19.0.0 (2022-09-20):
|
||||
===========================================
|
||||
Major changes are listed below. Some changes may have been backported
|
||||
to earlier releases following their first appearance in OpenJDK 19.
|
||||
|
||||
The full list of changes in 19u can be found at:
|
||||
- * https://builds.shipilev.net/backports-monitor/release-notes-19.txt
|
||||
|
||||
NEW FEATURES
|
||||
============
|
||||
|
||||
Language Features
|
||||
=================
|
||||
|
||||
Pattern Matching for switch
|
||||
===========================
|
||||
https://openjdk.org/jeps/406
|
||||
https://openjdk.org/jeps/420
|
||||
https://openjdk.org/jeps/427
|
||||
|
||||
Enhance the Java programming language with pattern matching for
|
||||
`switch` expressions and statements, along with extensions to the
|
||||
language of patterns. Extending pattern matching to `switch` allows an
|
||||
expression to be tested against a number of patterns, each with a
|
||||
specific action, so that complex data-oriented queries can be
|
||||
expressed concisely and safely.
|
||||
|
||||
This was a preview feature (http://openjdk.java.net/jeps/12) in
|
||||
OpenJDK 17 (JEP 406) and saw a second preview in OpenJDK 18 (JEP 420).
|
||||
It reaches its third preview (JEP 427) in OpenJDK 19.
|
||||
|
||||
Record Patterns
|
||||
===============
|
||||
https://openjdk.org/jeps/405
|
||||
|
||||
Enhance the Java programming language with record patterns to
|
||||
deconstruct record values. Record patterns and type patterns can be
|
||||
nested to enable a powerful, declarative, and composable form of data
|
||||
navigation and processing.
|
||||
|
||||
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
|
||||
in OpenJDK 19 (JEP 405)
|
||||
|
||||
Library Features
|
||||
================
|
||||
|
||||
Vector API
|
||||
==========
|
||||
https://openjdk.org/jeps/338
|
||||
https://openjdk.org/jeps/414
|
||||
https://openjdk.org/jeps/417
|
||||
https://openjdk.org/jeps/426
|
||||
|
||||
Introduce an API to express vector computations that reliably compile
|
||||
at runtime to optimal vector hardware instructions on supported CPU
|
||||
architectures and thus achieve superior performance to equivalent
|
||||
scalar computations.
|
||||
|
||||
This is an incubation feature (https://openjdk.java.net/jeps/11)
|
||||
introduced in OpenJDK 16 (JEP 338). A second round of incubation took
|
||||
place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third and
|
||||
OpenJDK 19 sees its fourth (JEP 426).
|
||||
|
||||
Foreign Function & Memory API
|
||||
=============================
|
||||
https://openjdk.org/jeps/412
|
||||
https://openjdk.org/jeps/419
|
||||
https://openjdk.org/jeps/424
|
||||
|
||||
Introduce an API by which Java programs can interoperate with code and
|
||||
data outside of the Java runtime. By efficiently invoking foreign
|
||||
functions (i.e., code outside the JVM), and by safely accessing
|
||||
foreign memory (i.e., memory not managed by the JVM), the API enables
|
||||
Java programs to call native libraries and process native data without
|
||||
the brittleness and danger of JNI.
|
||||
|
||||
This API is now a preview feature (http://openjdk.java.net/jeps/12).
|
||||
It was first introduced in incubation
|
||||
(https://openjdk.java.net/jeps/11) in OpenJDK 17 (JEP 412), and is an
|
||||
evolution of the Foreign Memory Access API (OpenJDK 14 through 16) and
|
||||
Foreign Linker API (OpenJDK 16) (see release notes for
|
||||
java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP
|
||||
419) before its inclusion as a preview in OpenJDK 19 (JEP 424).
|
||||
|
||||
Virtual Threads
|
||||
===============
|
||||
https://openjdk.org/jeps/425
|
||||
|
||||
Introduce virtual threads to the Java Platform. Virtual threads are
|
||||
lightweight threads that dramatically reduce the effort of writing,
|
||||
maintaining, and observing high-throughput concurrent applications.
|
||||
|
||||
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
|
||||
in OpenJDK 19 (JEP 425)
|
||||
|
||||
Structured Concurrency
|
||||
======================
|
||||
https://openjdk.org/jeps/428
|
||||
|
||||
Simplify multithreaded programming by introducing an API for
|
||||
structured concurrency. Structured concurrency treats multiple tasks
|
||||
running in different threads as a single unit of work, thereby
|
||||
streamlining error handling and cancellation, improving reliability,
|
||||
and enhancing observability.
|
||||
|
||||
This is an incubation feature (https://openjdk.java.net/jeps/11)
|
||||
introduced in OpenJDK 19 (JEP 428).
|
||||
|
||||
Ports
|
||||
=====
|
||||
|
||||
Linux/RISC-V Port
|
||||
=================
|
||||
https://openjdk.org/jeps/422
|
||||
|
||||
RISC-V is a free and open-source RISC instruction set architecture
|
||||
(ISA) designed originally at the University of California, Berkeley,
|
||||
and now developed collaboratively under the sponsorship of RISC-V
|
||||
International. It is already supported by a wide range of language
|
||||
toolchains. With the increasing availability of RISC-V hardware, a
|
||||
port of the JDK would be valuable.
|
13
README.md
13
README.md
@ -1,3 +1,12 @@
|
||||
# java-latest-openjdk
|
||||
Rolling release of (usually) STSs OpenJDK
|
||||
OpenJDK has release cadence of 6 months, but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbor them. Currently it is build of OpenJDK 12. LTSs will go also as separate packages.
|
||||
|
||||
The java-latest-openjdk package
|
||||
JDK12 is current release of Java platform. It is bringing many cool improvements - https://openjdk.java.net/projects/jdk/12/ and is landing to your Fedora. Where it will be maintained for f28 and newer. Unluckily, this package is STS (short term support) version. Between individual LTS there will be always several STS. Again, please see announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html and See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf . So this is rolling release of all STSs to come. Its fate during the release of fresh LTS is yet to be decided. You will always be allowed to install LTS in fedora build root, alongside with latest STS via alternatives.
|
||||
|
||||
|
||||
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
|
||||
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1557371#c0
|
||||
https://fedoraproject.org/wiki/Changes/java-openjdk-10
|
||||
https://fedoraproject.org/wiki/Changes/java-11-openjdk-TechPreview
|
||||
|
84
TestSecurityProperties.java
Normal file
84
TestSecurityProperties.java
Normal file
@ -0,0 +1,84 @@
|
||||
/* TestSecurityProperties -- Ensure system security properties can be used to
|
||||
enable the crypto policies.
|
||||
Copyright (C) 2022 Red Hat, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.security.Security;
|
||||
import java.util.Properties;
|
||||
|
||||
public class TestSecurityProperties {
|
||||
// JDK 11
|
||||
private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
|
||||
// JDK 8
|
||||
private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
|
||||
|
||||
private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config";
|
||||
|
||||
private static final String MSG_PREFIX = "DEBUG: ";
|
||||
|
||||
public static void main(String[] args) {
|
||||
if (args.length == 0) {
|
||||
System.err.println("TestSecurityProperties <true|false>");
|
||||
System.err.println("Invoke with 'true' if system security properties should be enabled.");
|
||||
System.err.println("Invoke with 'false' if system security properties should be disabled.");
|
||||
System.exit(1);
|
||||
}
|
||||
boolean enabled = Boolean.valueOf(args[0]);
|
||||
System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled);
|
||||
Properties jdkProps = new Properties();
|
||||
loadProperties(jdkProps);
|
||||
if (enabled) {
|
||||
loadPolicy(jdkProps);
|
||||
}
|
||||
for (Object key: jdkProps.keySet()) {
|
||||
String sKey = (String)key;
|
||||
String securityVal = Security.getProperty(sKey);
|
||||
String jdkSecVal = jdkProps.getProperty(sKey);
|
||||
if (!securityVal.equals(jdkSecVal)) {
|
||||
String msg = "Expected value '" + jdkSecVal + "' for key '" +
|
||||
sKey + "'" + " but got value '" + securityVal + "'";
|
||||
throw new RuntimeException("Test failed! " + msg);
|
||||
} else {
|
||||
System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected.");
|
||||
}
|
||||
}
|
||||
System.out.println("TestSecurityProperties PASSED!");
|
||||
}
|
||||
|
||||
private static void loadProperties(Properties props) {
|
||||
String javaVersion = System.getProperty("java.version");
|
||||
System.out.println(MSG_PREFIX + "Java version is " + javaVersion);
|
||||
String propsFile = JDK_PROPS_FILE_JDK_11;
|
||||
if (javaVersion.startsWith("1.8.0")) {
|
||||
propsFile = JDK_PROPS_FILE_JDK_8;
|
||||
}
|
||||
try (FileInputStream fin = new FileInputStream(propsFile)) {
|
||||
props.load(fin);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Test failed!", e);
|
||||
}
|
||||
}
|
||||
|
||||
private static void loadPolicy(Properties props) {
|
||||
try (FileInputStream fin = new FileInputStream(POLICY_FILE)) {
|
||||
props.load(fin);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Test failed!", e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
35
TestTranslations.java
Normal file
35
TestTranslations.java
Normal file
@ -0,0 +1,35 @@
|
||||
/* TestTranslations -- Ensure translations are available for new timezones
|
||||
Copyright (C) 2022 Red Hat, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Locale;
|
||||
import java.util.ResourceBundle;
|
||||
|
||||
import sun.util.resources.LocaleData;
|
||||
import sun.util.locale.provider.LocaleProviderAdapter;
|
||||
|
||||
public class TestTranslations {
|
||||
public static void main(String[] args) {
|
||||
for (String zone : args) {
|
||||
System.out.printf("Translations for %s\n", zone);
|
||||
for (Locale l : Locale.getAvailableLocales()) {
|
||||
ResourceBundle bundle = new LocaleData(LocaleProviderAdapter.Type.JRE).getTimeZoneNames(l);
|
||||
System.out.printf("Locale: %s, language: %s, translations: %s\n", l, l.getDisplayLanguage(), Arrays.toString(bundle.getStringArray(zone)));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
3688
fips-19u-d95bb40c7c8.patch
Normal file
3688
fips-19u-d95bb40c7c8.patch
Normal file
File diff suppressed because it is too large
Load Diff
163
generate_source_tarball.sh
Executable file
163
generate_source_tarball.sh
Executable file
@ -0,0 +1,163 @@
|
||||
#!/bin/bash
|
||||
# Generates the 'source tarball' for JDK projects.
|
||||
#
|
||||
# Example:
|
||||
# When used from local repo set REPO_ROOT pointing to file:// with your repo
|
||||
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
|
||||
# If you want to use a local copy of patch PR3788, set the path to it in the PR3788 variable
|
||||
#
|
||||
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
|
||||
# PROJECT_NAME=openjdk
|
||||
# REPO_NAME=jdk18u
|
||||
# VERSION=jdk-18.0.1+10
|
||||
# or to eg prepare systemtap:
|
||||
# icedtea7's jstack and other tapsets
|
||||
# VERSION=6327cf1cea9e
|
||||
# REPO_NAME=icedtea7-2.6
|
||||
# PROJECT_NAME=release
|
||||
# OPENJDK_URL=http://icedtea.classpath.org/hg/
|
||||
# TO_COMPRESS="*/tapset"
|
||||
#
|
||||
# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
|
||||
|
||||
# This script creates a single source tarball out of the repository
|
||||
# based on the given tag and removes code not allowed in fedora/rhel. For
|
||||
# consistency, the source tarball will always contain 'openjdk' as the top
|
||||
# level folder, name is created, based on parameter
|
||||
#
|
||||
|
||||
if [ ! "x$PR3823" = "x" ] ; then
|
||||
if [ ! -f "$PR3823" ] ; then
|
||||
echo "You have specified PR3823 as $PR3823 but it does not exist. Exiting"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
OPENJDK_URL_DEFAULT=https://github.com
|
||||
COMPRESSION_DEFAULT=xz
|
||||
# Corresponding IcedTea version
|
||||
ICEDTEA_VERSION=13.0
|
||||
|
||||
if [ "x$1" = "xhelp" ] ; then
|
||||
echo -e "Behaviour may be specified by setting the following variables:\n"
|
||||
echo "VERSION - the version of the specified OpenJDK project"
|
||||
echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)"
|
||||
echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)"
|
||||
echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
|
||||
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
|
||||
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
|
||||
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
|
||||
echo "PR3823 - the path to the PR3823 patch to apply (optional; downloaded if unavailable)"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
|
||||
if [ "x$VERSION" = "x" ] ; then
|
||||
echo "No VERSION specified"
|
||||
exit -2
|
||||
fi
|
||||
echo "Version: ${VERSION}"
|
||||
|
||||
# REPO_NAME is only needed when we default on REPO_ROOT and FILE_NAME_ROOT
|
||||
if [ "x$FILE_NAME_ROOT" = "x" -o "x$REPO_ROOT" = "x" ] ; then
|
||||
if [ "x$PROJECT_NAME" = "x" ] ; then
|
||||
echo "No PROJECT_NAME specified"
|
||||
exit -1
|
||||
fi
|
||||
echo "Project name: ${PROJECT_NAME}"
|
||||
if [ "x$REPO_NAME" = "x" ] ; then
|
||||
echo "No REPO_NAME specified"
|
||||
exit -3
|
||||
fi
|
||||
echo "Repository name: ${REPO_NAME}"
|
||||
fi
|
||||
|
||||
if [ "x$OPENJDK_URL" = "x" ] ; then
|
||||
OPENJDK_URL=${OPENJDK_URL_DEFAULT}
|
||||
echo "No OpenJDK URL specified; defaulting to ${OPENJDK_URL}"
|
||||
else
|
||||
echo "OpenJDK URL: ${OPENJDK_URL}"
|
||||
fi
|
||||
|
||||
if [ "x$COMPRESSION" = "x" ] ; then
|
||||
# rhel 5 needs tar.gz
|
||||
COMPRESSION=${COMPRESSION_DEFAULT}
|
||||
fi
|
||||
echo "Creating a tar.${COMPRESSION} archive"
|
||||
|
||||
if [ "x$FILE_NAME_ROOT" = "x" ] ; then
|
||||
FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
|
||||
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
|
||||
fi
|
||||
if [ "x$REPO_ROOT" = "x" ] ; then
|
||||
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
|
||||
echo "No repository root specified; default to ${REPO_ROOT}"
|
||||
fi;
|
||||
|
||||
if [ "x$TO_COMPRESS" = "x" ] ; then
|
||||
TO_COMPRESS="openjdk"
|
||||
echo "No to be compressed targets specified, ; default to ${TO_COMPRESS}"
|
||||
fi;
|
||||
|
||||
if [ -d ${FILE_NAME_ROOT} ] ; then
|
||||
echo "exists exists exists exists exists exists exists "
|
||||
echo "reusing reusing reusing reusing reusing reusing "
|
||||
echo ${FILE_NAME_ROOT}
|
||||
else
|
||||
mkdir "${FILE_NAME_ROOT}"
|
||||
pushd "${FILE_NAME_ROOT}"
|
||||
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
|
||||
git clone -b ${VERSION} ${REPO_ROOT} openjdk
|
||||
popd
|
||||
fi
|
||||
pushd "${FILE_NAME_ROOT}"
|
||||
if [ -d openjdk/src ]; then
|
||||
pushd openjdk
|
||||
echo "Removing EC source code we don't build"
|
||||
CRYPTO_PATH=src/jdk.crypto.ec/share/native/libsunec/impl
|
||||
rm -vf ${CRYPTO_PATH}/ec2.h
|
||||
rm -vf ${CRYPTO_PATH}/ec2_163.c
|
||||
rm -vf ${CRYPTO_PATH}/ec2_193.c
|
||||
rm -vf ${CRYPTO_PATH}/ec2_233.c
|
||||
rm -vf ${CRYPTO_PATH}/ec2_aff.c
|
||||
rm -vf ${CRYPTO_PATH}/ec2_mont.c
|
||||
rm -vf ${CRYPTO_PATH}/ecp_192.c
|
||||
rm -vf ${CRYPTO_PATH}/ecp_224.c
|
||||
|
||||
echo "Syncing EC list with NSS"
|
||||
if [ "x$PR3823" = "x" ] ; then
|
||||
# get PR3823.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
|
||||
# Do not push it or publish it
|
||||
echo "PR3823 not found. Downloading..."
|
||||
wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/pr3823.patch
|
||||
echo "Applying ${PWD}/pr3823.patch"
|
||||
patch -Np1 < pr3823.patch
|
||||
rm pr3823.patch
|
||||
else
|
||||
echo "Applying ${PR3823}"
|
||||
patch -Np1 < $PR3823
|
||||
fi;
|
||||
find . -name '*.orig' -exec rm -vf '{}' ';'
|
||||
popd
|
||||
fi
|
||||
|
||||
# Generate .src-rev so build has knowledge of the revision the tarball was created from
|
||||
mkdir build
|
||||
pushd build
|
||||
sh ${PWD}/../openjdk/configure
|
||||
make store-source-revision
|
||||
popd
|
||||
rm -rf build
|
||||
|
||||
echo "Compressing remaining forest"
|
||||
if [ "X$COMPRESSION" = "Xxz" ] ; then
|
||||
SWITCH=cJf
|
||||
else
|
||||
SWITCH=czf
|
||||
fi
|
||||
tar --exclude-vcs -$SWITCH ${FILE_NAME_ROOT}.tar.${COMPRESSION} $TO_COMPRESS
|
||||
mv ${FILE_NAME_ROOT}.tar.${COMPRESSION} ..
|
||||
popd
|
||||
echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
|
192
icedtea_sync.sh
Executable file
192
icedtea_sync.sh
Executable file
@ -0,0 +1,192 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (C) 2019 Red Hat, Inc.
|
||||
# Written by Andrew John Hughes <gnu.andrew@redhat.com>.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
ICEDTEA_USE_VCS=true
|
||||
|
||||
ICEDTEA_VERSION=3.15.0
|
||||
ICEDTEA_URL=https://icedtea.classpath.org/download/source
|
||||
ICEDTEA_SIGNING_KEY=CFDA0F9B35964222
|
||||
|
||||
ICEDTEA_HG_URL=https://icedtea.classpath.org/hg/icedtea11
|
||||
|
||||
set -e
|
||||
|
||||
RPM_DIR=${PWD}
|
||||
if [ ! -f ${RPM_DIR}/jconsole.desktop.in ] ; then
|
||||
echo "Not in RPM source tree.";
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if test "x${TMPDIR}" = "x"; then
|
||||
TMPDIR=/tmp;
|
||||
fi
|
||||
WORKDIR=${TMPDIR}/it.sync
|
||||
|
||||
echo "Using working directory ${WORKDIR}"
|
||||
mkdir ${WORKDIR}
|
||||
pushd ${WORKDIR}
|
||||
|
||||
if test "x${WGET}" = "x"; then
|
||||
WGET=$(which wget);
|
||||
if test "x${WGET}" = "x"; then
|
||||
echo "wget not found";
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "x${TAR}" = "x"; then
|
||||
TAR=$(which tar)
|
||||
if test "x${TAR}" = "x"; then
|
||||
echo "tar not found";
|
||||
exit 2;
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Dependencies:";
|
||||
echo -e "\tWGET: ${WGET}";
|
||||
echo -e "\tTAR: ${TAR}\n";
|
||||
|
||||
if test "x${ICEDTEA_USE_VCS}" = "xtrue"; then
|
||||
echo "Mode: Using VCS";
|
||||
|
||||
if test "x${GREP}" = "x"; then
|
||||
GREP=$(which grep);
|
||||
if test "x${GREP}" = "x"; then
|
||||
echo "grep not found";
|
||||
exit 3;
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "x${CUT}" = "x"; then
|
||||
CUT=$(which cut);
|
||||
if test "x${CUT}" = "x"; then
|
||||
echo "cut not found";
|
||||
exit 4;
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "x${TR}" = "x"; then
|
||||
TR=$(which tr);
|
||||
if test "x${TR}" = "x"; then
|
||||
echo "tr not found";
|
||||
exit 5;
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "x${HG}" = "x"; then
|
||||
HG=$(which hg);
|
||||
if test "x${HG}" = "x"; then
|
||||
echo "hg not found";
|
||||
exit 6;
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Dependencies:";
|
||||
echo -e "\tGREP: ${GREP}";
|
||||
echo -e "\tCUT: ${CUT}";
|
||||
echo -e "\tTR: ${TR}";
|
||||
echo -e "\tHG: ${HG}";
|
||||
|
||||
echo "Checking out repository from VCS...";
|
||||
${HG} clone ${ICEDTEA_HG_URL} icedtea
|
||||
|
||||
echo "Obtaining version from configure.ac...";
|
||||
ROOT_VER=$(${GREP} '^AC_INIT' icedtea/configure.ac|${CUT} -d ',' -f 2|${TR} -d '[][:space:]')
|
||||
echo "Root version from configure: ${ROOT_VER}";
|
||||
|
||||
VCS_REV=$(${HG} log -R icedtea --template '{node|short}' -r tip)
|
||||
echo "VCS revision: ${VCS_REV}";
|
||||
|
||||
ICEDTEA_VERSION="${ROOT_VER}-${VCS_REV}"
|
||||
echo "Creating icedtea-${ICEDTEA_VERSION}";
|
||||
mkdir icedtea-${ICEDTEA_VERSION}
|
||||
echo "Copying required files from checkout to icedtea-${ICEDTEA_VERSION}";
|
||||
# Commented out for now as IcedTea 6's jconsole.desktop.in is outdated
|
||||
#cp -a icedtea/jconsole.desktop.in ../icedtea-${ICEDTEA_VERSION}
|
||||
cp -a ${RPM_DIR}/jconsole.desktop.in icedtea-${ICEDTEA_VERSION}
|
||||
cp -a icedtea/tapset icedtea-${ICEDTEA_VERSION}
|
||||
|
||||
rm -rf icedtea
|
||||
else
|
||||
echo "Mode: Using tarball";
|
||||
|
||||
if test "x${ICEDTEA_VERSION}" = "x"; then
|
||||
echo "No IcedTea version specified for tarball download.";
|
||||
exit 3;
|
||||
fi
|
||||
|
||||
if test "x${CHECKSUM}" = "x"; then
|
||||
CHECKSUM=$(which sha256sum)
|
||||
if test "x${CHECKSUM}" = "x"; then
|
||||
echo "sha256sum not found";
|
||||
exit 4;
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "x${PGP}" = "x"; then
|
||||
PGP=$(which gpg)
|
||||
if test "x${PGP}" = "x"; then
|
||||
echo "gpg not found";
|
||||
exit 5;
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Dependencies:";
|
||||
echo -e "\tCHECKSUM: ${CHECKSUM}";
|
||||
echo -e "\tPGP: ${PGP}\n";
|
||||
|
||||
echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
|
||||
if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
|
||||
echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
|
||||
exit 6;
|
||||
fi
|
||||
|
||||
echo "Downloading IcedTea release tarball...";
|
||||
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
|
||||
echo "Downloading IcedTea tarball signature...";
|
||||
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
|
||||
echo "Downloading IcedTea tarball checksums...";
|
||||
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
|
||||
|
||||
echo "Verifying checksums...";
|
||||
${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
|
||||
|
||||
echo "Checking signature...";
|
||||
${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
|
||||
|
||||
echo "Extracting files...";
|
||||
${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
|
||||
icedtea-${ICEDTEA_VERSION}/tapset \
|
||||
icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in
|
||||
|
||||
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
|
||||
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
|
||||
rm -vf icedtea-${ICEDTEA_VERSION}.sha256
|
||||
fi
|
||||
|
||||
echo "Replacing desktop files...";
|
||||
mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in ${RPM_DIR}
|
||||
|
||||
echo "Creating new tapset tarball...";
|
||||
mv -v icedtea-${ICEDTEA_VERSION} openjdk
|
||||
${TAR} cJf ${RPM_DIR}/tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
|
||||
|
||||
rm -rvf openjdk
|
||||
|
||||
popd
|
||||
rm -rf ${WORKDIR}
|
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,8 @@
|
||||
[Desktop Entry]
|
||||
Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@
|
||||
Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@
|
||||
Exec=@JAVA_HOME@/jconsole
|
||||
Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
|
||||
Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
|
||||
Comment=Monitor and manage OpenJDK applications
|
||||
Exec=_SDKBINDIR_/jconsole
|
||||
Icon=java-@JAVA_VER@-@JAVA_VENDOR@
|
||||
Terminal=false
|
||||
Type=Application
|
||||
StartupWMClass=sun-tools-jconsole-JConsole
|
||||
|
132
jdk8292223-tzdata2022b-kyiv.patch
Normal file
132
jdk8292223-tzdata2022b-kyiv.patch
Normal file
@ -0,0 +1,132 @@
|
||||
diff --git a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
|
||||
index 8759aab3995..11ccbf73839 100644
|
||||
--- a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
|
||||
+++ b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
|
||||
@@ -847,6 +847,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
|
||||
{"Europe/Kirov", new String[] {"Kirov Standard Time", "GMT+03:00",
|
||||
"Kirov Daylight Time", "GMT+03:00",
|
||||
"Kirov Time", "GMT+03:00"}},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
|
||||
index f007c1a8d3b..617268e4cf3 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
|
||||
index 386414e16e6..14c5d89b9c5 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
|
||||
index d23f5fd49e6..44117125619 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
|
||||
index b4f57d4568c..efa818f3865 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
|
||||
index 1a10a9f96dc..7c0565461ad 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
|
||||
index 9a2d9e5c57c..8a2c805997f 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
|
||||
index de5e5c82daa..e3c06417f09 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
|
||||
index b53de4d8c89..3e46b6a063e 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
|
||||
index 7797cda19d5..590908409a8 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
|
||||
@@ -825,6 +825,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
||||
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
|
||||
index 2cd10554853..23c5f180b6d 100644
|
||||
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
|
||||
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
|
||||
@@ -827,6 +827,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
|
||||
{"Europe/Jersey", GMTBST},
|
||||
{"Europe/Kaliningrad", EET},
|
||||
{"Europe/Kiev", EET},
|
||||
+ {"Europe/Kyiv", EET},
|
||||
{"Europe/Lisbon", WET},
|
||||
{"Europe/Ljubljana", CET},
|
||||
{"Europe/London", GMTBST},
|
8
nss.fips.cfg.in
Normal file
8
nss.fips.cfg.in
Normal file
@ -0,0 +1,8 @@
|
||||
name = NSS-FIPS
|
||||
nssLibraryDirectory = @NSS_LIBDIR@
|
||||
nssSecmodDirectory = sql:/etc/pki/nssdb
|
||||
nssDbMode = readOnly
|
||||
nssModule = fips
|
||||
|
||||
attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||
|
76
openjdk_news.sh
Executable file
76
openjdk_news.sh
Executable file
@ -0,0 +1,76 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (C) 2022 Red Hat, Inc.
|
||||
# Written by Andrew John Hughes <gnu.andrew@redhat.com>, 2012-2022
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
OLD_RELEASE=$1
|
||||
NEW_RELEASE=$2
|
||||
SUBDIR=$3
|
||||
REPO=$4
|
||||
SCRIPT_DIR=$(dirname ${0})
|
||||
|
||||
if test "x${SUBDIR}" = "x"; then
|
||||
echo "No subdirectory specified; using .";
|
||||
SUBDIR=".";
|
||||
fi
|
||||
|
||||
if test "x$REPO" = "x"; then
|
||||
echo "No repository specified; using ${PWD}"
|
||||
REPO=${PWD}
|
||||
fi
|
||||
|
||||
if test x${TMPDIR} = x; then
|
||||
TMPDIR=/tmp;
|
||||
fi
|
||||
|
||||
echo "Repository: ${REPO}"
|
||||
|
||||
if [ -e ${REPO}/.git ] ; then
|
||||
TYPE=git;
|
||||
elif [ -e ${REPO}/.hg ] ; then
|
||||
TYPE=hg;
|
||||
else
|
||||
echo "No Mercurial or Git repository detected.";
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
|
||||
echo "ERROR: Need to specify old and new release";
|
||||
exit 2;
|
||||
fi
|
||||
|
||||
echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
|
||||
rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
|
||||
for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
|
||||
do
|
||||
if test "x$TYPE" = "xhg"; then
|
||||
hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
|
||||
egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])# - JDK-\1#'| \
|
||||
sed 's#^[o:| ]*summary:\W*# - #' >> ${TMPDIR}/fixes2;
|
||||
hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
|
||||
egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})# - JDK-\1#' >> ${TMPDIR}/fixes3;
|
||||
else
|
||||
git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
|
||||
sed -r 's#^([0-9])# - JDK-\1#' >> ${TMPDIR}/fixes2;
|
||||
touch ${TMPDIR}/fixes3 ; # unused
|
||||
fi
|
||||
done
|
||||
|
||||
sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
|
||||
rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
|
||||
|
||||
echo "In ${TMPDIR}/fixes:"
|
||||
cat ${TMPDIR}/fixes
|
@ -1,649 +0,0 @@
|
||||
diff --git a/make/autoconf/jdk-options.m4 b/make/autoconf/jdk-options.m4
|
||||
--- a/make/autoconf/jdk-options.m4
|
||||
+++ b/make/autoconf/jdk-options.m4
|
||||
@@ -267,9 +267,10 @@
|
||||
#
|
||||
AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
|
||||
[
|
||||
+ AC_REQUIRE([LIB_SETUP_MISC_LIBS])
|
||||
AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
|
||||
|
||||
- if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
|
||||
+ if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
|
||||
ENABLE_INTREE_EC=true
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
|
||||
--- a/make/autoconf/libraries.m4
|
||||
+++ b/make/autoconf/libraries.m4
|
||||
@@ -178,6 +178,48 @@
|
||||
AC_SUBST(LIBDL)
|
||||
LIBS="$save_LIBS"
|
||||
|
||||
+ ###############################################################################
|
||||
+ #
|
||||
+ # Check for the NSS libraries
|
||||
+ #
|
||||
+
|
||||
+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
|
||||
+
|
||||
+ # default is bundled
|
||||
+ DEFAULT_SYSTEM_NSS=no
|
||||
+
|
||||
+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
|
||||
+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
|
||||
+ [
|
||||
+ case "${enableval}" in
|
||||
+ yes)
|
||||
+ system_nss=yes
|
||||
+ ;;
|
||||
+ *)
|
||||
+ system_nss=no
|
||||
+ ;;
|
||||
+ esac
|
||||
+ ],
|
||||
+ [
|
||||
+ system_nss=${DEFAULT_SYSTEM_NSS}
|
||||
+ ])
|
||||
+ AC_MSG_RESULT([$system_nss])
|
||||
+
|
||||
+ if test "x${system_nss}" = "xyes"; then
|
||||
+ PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
|
||||
+ PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no])
|
||||
+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then
|
||||
+ NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl";
|
||||
+ USE_EXTERNAL_NSS=true
|
||||
+ else
|
||||
+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
|
||||
+ fi
|
||||
+ else
|
||||
+ USE_EXTERNAL_NSS=false
|
||||
+ fi
|
||||
+ AC_SUBST(USE_EXTERNAL_NSS)
|
||||
+
|
||||
+
|
||||
# Control if libzip can use mmap. Available for purposes of overriding.
|
||||
LIBZIP_CAN_USE_MMAP=true
|
||||
AC_SUBST(LIBZIP_CAN_USE_MMAP)
|
||||
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
|
||||
--- a/make/autoconf/spec.gmk.in
|
||||
+++ b/make/autoconf/spec.gmk.in
|
||||
@@ -795,6 +795,10 @@
|
||||
# Libraries
|
||||
#
|
||||
|
||||
+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
|
||||
+NSS_LIBS:=@NSS_LIBS@
|
||||
+NSS_CFLAGS:=@NSS_CFLAGS@
|
||||
+
|
||||
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
|
||||
LCMS_CFLAGS:=@LCMS_CFLAGS@
|
||||
LCMS_LIBS:=@LCMS_LIBS@
|
||||
diff --git a/make/lib/Lib-jdk.crypto.ec.gmk b/make/lib/Lib-jdk.crypto.ec.gmk
|
||||
--- a/make/lib/Lib-jdk.crypto.ec.gmk
|
||||
+++ b/make/lib/Lib-jdk.crypto.ec.gmk
|
||||
@@ -28,19 +28,26 @@
|
||||
################################################################################
|
||||
|
||||
ifeq ($(ENABLE_INTREE_EC), true)
|
||||
+ ifeq ($(USE_EXTERNAL_NSS), true)
|
||||
+ BUILD_LIBSUNEC_CFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
|
||||
+ BUILD_LIBSUNEC_CXXFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
|
||||
+ endif
|
||||
+
|
||||
$(eval $(call SetupJdkLibrary, BUILD_LIBSUNEC, \
|
||||
NAME := sunec, \
|
||||
TOOLCHAIN := TOOLCHAIN_LINK_CXX, \
|
||||
OPTIMIZATION := LOW, \
|
||||
- CFLAGS := $(CFLAGS_JDKLIB) \
|
||||
+ CFLAGS := $(BUILD_LIBSUNEC_CFLAGS_JDKLIB) $(CFLAGS_JDKLIB) \
|
||||
-DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B, \
|
||||
- CXXFLAGS := $(CXXFLAGS_JDKLIB), \
|
||||
+ CXXFLAGS := $(BUILD_LIBSUNEC_CXXFLAGS_JDKLIB) $(CXXFLAGS_JDKLIB), \
|
||||
DISABLED_WARNINGS_gcc := sign-compare implicit-fallthrough unused-value, \
|
||||
DISABLED_WARNINGS_clang := sign-compare, \
|
||||
DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \
|
||||
- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
|
||||
+ LDFLAGS := $(subst -Xlinker --as-needed,, \
|
||||
+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \
|
||||
LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
|
||||
LIBS := $(LIBCXX), \
|
||||
+ LIBS_linux := -lc $(NSS_LIBS), \
|
||||
))
|
||||
|
||||
TARGETS += $(BUILD_LIBSUNEC)
|
||||
diff --git a/src/java.base/unix/native/include/jni_md.h b/src/java.base/unix/native/include/jni_md.h
|
||||
--- a/src/java.base/unix/native/include/jni_md.h
|
||||
+++ b/src/java.base/unix/native/include/jni_md.h
|
||||
@@ -41,6 +41,11 @@
|
||||
#define JNIEXPORT
|
||||
#define JNIIMPORT
|
||||
#endif
|
||||
+#if (defined(__GNUC__)) || __has_attribute(unused)
|
||||
+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
|
||||
+#else
|
||||
+ #define UNUSED(x) UNUSED_ ## x
|
||||
+#endif
|
||||
|
||||
#define JNICALL
|
||||
|
||||
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
||||
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
||||
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
||||
@@ -61,6 +61,7 @@
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
public Void run() {
|
||||
System.loadLibrary("sunec"); // check for native library
|
||||
+ initialize();
|
||||
return null;
|
||||
}
|
||||
});
|
||||
@@ -293,6 +294,11 @@
|
||||
"ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Initialize the native code.
|
||||
+ */
|
||||
+ private static native void initialize();
|
||||
+
|
||||
private void putXDHEntries() {
|
||||
|
||||
HashMap<String, String> ATTRS = new HashMap<>(1);
|
||||
diff --git a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
|
||||
--- a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
|
||||
+++ b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
|
||||
@@ -25,7 +25,11 @@
|
||||
|
||||
#include <jni.h>
|
||||
#include "jni_util.h"
|
||||
+#ifdef SYSTEM_NSS
|
||||
+#include "ecc_impl.h"
|
||||
+#else
|
||||
#include "impl/ecc_impl.h"
|
||||
+#endif
|
||||
#include "sun_security_ec_ECDHKeyAgreement.h"
|
||||
#include "sun_security_ec_ECKeyPairGenerator.h"
|
||||
#include "sun_security_ec_ECDSASignature.h"
|
||||
@@ -33,6 +37,13 @@
|
||||
#define INVALID_PARAMETER_EXCEPTION \
|
||||
"java/security/InvalidParameterException"
|
||||
#define KEY_EXCEPTION "java/security/KeyException"
|
||||
+#define INTERNAL_ERROR "java/lang/InternalError"
|
||||
+
|
||||
+#ifdef SYSTEM_NSS
|
||||
+#define SYSTEM_UNUSED(x) UNUSED(x)
|
||||
+#else
|
||||
+#define SYSTEM_UNUSED(x) x
|
||||
+#endif
|
||||
|
||||
extern "C" {
|
||||
|
||||
@@ -55,8 +66,13 @@
|
||||
/*
|
||||
* Deep free of the ECParams struct
|
||||
*/
|
||||
-void FreeECParams(ECParams *ecparams, jboolean freeStruct)
|
||||
+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
|
||||
{
|
||||
+#ifdef SYSTEM_NSS
|
||||
+ // Needs to be freed using the matching method to the one
|
||||
+ // that allocated it. PR_TRUE means the memory is zeroed.
|
||||
+ PORT_FreeArena(ecparams->arena, PR_TRUE);
|
||||
+#else
|
||||
// Use B_FALSE to free the SECItem->data element, but not the SECItem itself
|
||||
// Use B_TRUE to free both
|
||||
|
||||
@@ -70,6 +86,7 @@
|
||||
SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
|
||||
if (freeStruct)
|
||||
free(ecparams);
|
||||
+#endif
|
||||
}
|
||||
|
||||
jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
|
||||
@@ -139,7 +156,7 @@
|
||||
*/
|
||||
JNIEXPORT jobjectArray
|
||||
JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
|
||||
- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
|
||||
+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
|
||||
{
|
||||
ECPrivateKey *privKey = NULL; // contains both public and private values
|
||||
ECParams *ecparams = NULL;
|
||||
@@ -171,8 +188,17 @@
|
||||
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
|
||||
|
||||
// Generate the new keypair (using the supplied seed)
|
||||
+#ifdef SYSTEM_NSS
|
||||
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
|
||||
+ != SECSuccess) {
|
||||
+ ThrowException(env, KEY_EXCEPTION);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
|
||||
+#else
|
||||
if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
|
||||
jSeedLength, 0) != SECSuccess) {
|
||||
+#endif
|
||||
ThrowException(env, KEY_EXCEPTION);
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -219,10 +245,15 @@
|
||||
}
|
||||
if (privKey) {
|
||||
FreeECParams(&privKey->ecParams, false);
|
||||
+#ifndef SYSTEM_NSS
|
||||
+ // The entire ECPrivateKey is allocated in the arena
|
||||
+ // when using system NSS, so only the in-tree version
|
||||
+ // needs to clear these manually.
|
||||
SECITEM_FreeItem(&privKey->version, B_FALSE);
|
||||
SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
|
||||
SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
|
||||
free(privKey);
|
||||
+#endif
|
||||
}
|
||||
|
||||
if (pSeedBuffer) {
|
||||
@@ -240,7 +271,7 @@
|
||||
*/
|
||||
JNIEXPORT jbyteArray
|
||||
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
|
||||
- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
|
||||
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
|
||||
{
|
||||
jbyte* pDigestBuffer = NULL;
|
||||
jint jDigestLength = env->GetArrayLength(digest);
|
||||
@@ -299,8 +330,18 @@
|
||||
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
|
||||
|
||||
// Sign the digest (using the supplied seed)
|
||||
+#ifdef SYSTEM_NSS
|
||||
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
|
||||
+ != SECSuccess) {
|
||||
+ ThrowException(env, KEY_EXCEPTION);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
|
||||
+ != SECSuccess) {
|
||||
+#else
|
||||
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
|
||||
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
|
||||
+#endif
|
||||
ThrowException(env, KEY_EXCEPTION);
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -349,7 +390,7 @@
|
||||
*/
|
||||
JNIEXPORT jboolean
|
||||
JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
|
||||
- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
|
||||
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
|
||||
{
|
||||
jboolean isValid = false;
|
||||
|
||||
@@ -406,9 +447,10 @@
|
||||
|
||||
cleanup:
|
||||
{
|
||||
- if (params_item.data)
|
||||
+ if (params_item.data) {
|
||||
env->ReleaseByteArrayElements(encodedParams,
|
||||
(jbyte *) params_item.data, JNI_ABORT);
|
||||
+ }
|
||||
|
||||
if (pubKey.publicValue.data)
|
||||
env->ReleaseByteArrayElements(publicKey,
|
||||
@@ -434,7 +476,7 @@
|
||||
*/
|
||||
JNIEXPORT jbyteArray
|
||||
JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
|
||||
- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
|
||||
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
|
||||
{
|
||||
jbyteArray jSecret = NULL;
|
||||
ECParams *ecparams = NULL;
|
||||
@@ -510,9 +552,10 @@
|
||||
env->ReleaseByteArrayElements(publicKey,
|
||||
(jbyte *) publicValue_item.data, JNI_ABORT);
|
||||
|
||||
- if (params_item.data)
|
||||
+ if (params_item.data) {
|
||||
env->ReleaseByteArrayElements(encodedParams,
|
||||
(jbyte *) params_item.data, JNI_ABORT);
|
||||
+ }
|
||||
|
||||
if (ecparams)
|
||||
FreeECParams(ecparams, true);
|
||||
@@ -521,4 +564,28 @@
|
||||
return jSecret;
|
||||
}
|
||||
|
||||
+JNIEXPORT void
|
||||
+JNICALL Java_sun_security_ec_SunEC_initialize
|
||||
+ (JNIEnv *env, jclass UNUSED(clazz))
|
||||
+{
|
||||
+#ifdef SYSTEM_NSS
|
||||
+ if (SECOID_Init() != SECSuccess) {
|
||||
+ ThrowException(env, INTERNAL_ERROR);
|
||||
+ }
|
||||
+ if (RNG_RNGInit() != SECSuccess) {
|
||||
+ ThrowException(env, INTERNAL_ERROR);
|
||||
+ }
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+JNIEXPORT void
|
||||
+JNICALL JNI_OnUnload
|
||||
+ (JavaVM *vm, void *reserved)
|
||||
+{
|
||||
+#ifdef SYSTEM_NSS
|
||||
+ RNG_RNGShutdown();
|
||||
+ SECOID_Shutdown();
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
} /* extern "C" */
|
||||
diff --git a/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
|
||||
@@ -0,0 +1,298 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
+ * Use is subject to license terms.
|
||||
+ *
|
||||
+ * This library is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU Lesser General Public
|
||||
+ * License as published by the Free Software Foundation; either
|
||||
+ * version 2.1 of the License, or (at your option) any later version.
|
||||
+ *
|
||||
+ * This library is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ * Lesser General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU Lesser General Public License
|
||||
+ * along with this library; if not, write to the Free Software Foundation,
|
||||
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+ *
|
||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
+ * or visit www.oracle.com if you need additional information or have any
|
||||
+ * questions.
|
||||
+ */
|
||||
+
|
||||
+/* *********************************************************************
|
||||
+ *
|
||||
+ * The Original Code is the Netscape security libraries.
|
||||
+ *
|
||||
+ * The Initial Developer of the Original Code is
|
||||
+ * Netscape Communications Corporation.
|
||||
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
+ * the Initial Developer. All Rights Reserved.
|
||||
+ *
|
||||
+ * Contributor(s):
|
||||
+ * Dr Vipul Gupta <vipul.gupta@sun.com> and
|
||||
+ * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
|
||||
+ *
|
||||
+ * Last Modified Date from the Original Code: May 2017
|
||||
+ *********************************************************************** */
|
||||
+
|
||||
+#ifndef _ECC_IMPL_H
|
||||
+#define _ECC_IMPL_H
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+extern "C" {
|
||||
+#endif
|
||||
+
|
||||
+#include <sys/types.h>
|
||||
+
|
||||
+#ifdef SYSTEM_NSS
|
||||
+#include <secitem.h>
|
||||
+#include <secerr.h>
|
||||
+#include <keythi.h>
|
||||
+#ifdef LEGACY_NSS
|
||||
+#include <softoken.h>
|
||||
+#else
|
||||
+#include <blapi.h>
|
||||
+#endif
|
||||
+#else
|
||||
+#include "ecl-exp.h"
|
||||
+#endif
|
||||
+
|
||||
+/*
|
||||
+ * Multi-platform definitions
|
||||
+ */
|
||||
+#ifdef __linux__
|
||||
+#define B_FALSE FALSE
|
||||
+#define B_TRUE TRUE
|
||||
+typedef unsigned char uint8_t;
|
||||
+typedef unsigned long ulong_t;
|
||||
+typedef enum { B_FALSE, B_TRUE } boolean_t;
|
||||
+#endif /* __linux__ */
|
||||
+
|
||||
+#ifdef _ALLBSD_SOURCE
|
||||
+#include <stdint.h>
|
||||
+#define B_FALSE FALSE
|
||||
+#define B_TRUE TRUE
|
||||
+typedef unsigned long ulong_t;
|
||||
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
||||
+#endif /* _ALLBSD_SOURCE */
|
||||
+
|
||||
+#ifdef AIX
|
||||
+#define B_FALSE FALSE
|
||||
+#define B_TRUE TRUE
|
||||
+typedef unsigned char uint8_t;
|
||||
+typedef unsigned long ulong_t;
|
||||
+#endif /* AIX */
|
||||
+
|
||||
+#ifdef _WIN32
|
||||
+typedef unsigned char uint8_t;
|
||||
+typedef unsigned long ulong_t;
|
||||
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
||||
+#define strdup _strdup /* Replace POSIX name with ISO C++ name */
|
||||
+#endif /* _WIN32 */
|
||||
+
|
||||
+#ifndef _KERNEL
|
||||
+#include <stdlib.h>
|
||||
+#endif /* _KERNEL */
|
||||
+
|
||||
+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
|
||||
+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
|
||||
+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
|
||||
+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
|
||||
+#define EC_MIN_KEY_LEN 112 /* min key length in bits */
|
||||
+#define EC_MAX_KEY_LEN 571 /* max key length in bits */
|
||||
+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
|
||||
+
|
||||
+/*
|
||||
+ * Various structures and definitions from NSS are here.
|
||||
+ */
|
||||
+
|
||||
+#ifndef SYSTEM_NSS
|
||||
+#ifdef _KERNEL
|
||||
+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
|
||||
+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
|
||||
+#define PORT_ArenaGrow(a, b, c, d) NULL
|
||||
+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
|
||||
+#define PORT_Alloc(n, f) kmem_alloc((n), (f))
|
||||
+#else
|
||||
+#define PORT_ArenaAlloc(a, n, f) malloc((n))
|
||||
+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
|
||||
+#define PORT_ArenaGrow(a, b, c, d) NULL
|
||||
+#define PORT_ZAlloc(n, f) calloc(1, (n))
|
||||
+#define PORT_Alloc(n, f) malloc((n))
|
||||
+#endif
|
||||
+
|
||||
+#define PORT_NewArena(b) (char *)12345
|
||||
+#define PORT_ArenaMark(a) NULL
|
||||
+#define PORT_ArenaUnmark(a, b)
|
||||
+#define PORT_ArenaRelease(a, m)
|
||||
+#define PORT_FreeArena(a, b)
|
||||
+#define PORT_Strlen(s) strlen((s))
|
||||
+#define PORT_SetError(e)
|
||||
+
|
||||
+#define PRBool boolean_t
|
||||
+#define PR_TRUE B_TRUE
|
||||
+#define PR_FALSE B_FALSE
|
||||
+
|
||||
+#ifdef _KERNEL
|
||||
+#define PORT_Assert ASSERT
|
||||
+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
|
||||
+#else
|
||||
+#define PORT_Assert assert
|
||||
+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
|
||||
+#endif
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
+#define CHECK_OK(func) if (func == NULL) goto cleanup
|
||||
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
|
||||
+
|
||||
+#ifndef SYSTEM_NSS
|
||||
+typedef enum {
|
||||
+ siBuffer = 0,
|
||||
+ siClearDataBuffer = 1,
|
||||
+ siCipherDataBuffer = 2,
|
||||
+ siDERCertBuffer = 3,
|
||||
+ siEncodedCertBuffer = 4,
|
||||
+ siDERNameBuffer = 5,
|
||||
+ siEncodedNameBuffer = 6,
|
||||
+ siAsciiNameString = 7,
|
||||
+ siAsciiString = 8,
|
||||
+ siDEROID = 9,
|
||||
+ siUnsignedInteger = 10,
|
||||
+ siUTCTime = 11,
|
||||
+ siGeneralizedTime = 12
|
||||
+} SECItemType;
|
||||
+
|
||||
+typedef struct SECItemStr SECItem;
|
||||
+
|
||||
+struct SECItemStr {
|
||||
+ SECItemType type;
|
||||
+ unsigned char *data;
|
||||
+ unsigned int len;
|
||||
+};
|
||||
+
|
||||
+typedef SECItem SECKEYECParams;
|
||||
+
|
||||
+typedef enum { ec_params_explicit,
|
||||
+ ec_params_named
|
||||
+} ECParamsType;
|
||||
+
|
||||
+typedef enum { ec_field_GFp = 1,
|
||||
+ ec_field_GF2m
|
||||
+} ECFieldType;
|
||||
+
|
||||
+struct ECFieldIDStr {
|
||||
+ int size; /* field size in bits */
|
||||
+ ECFieldType type;
|
||||
+ union {
|
||||
+ SECItem prime; /* prime p for (GFp) */
|
||||
+ SECItem poly; /* irreducible binary polynomial for (GF2m) */
|
||||
+ } u;
|
||||
+ int k1; /* first coefficient of pentanomial or
|
||||
+ * the only coefficient of trinomial
|
||||
+ */
|
||||
+ int k2; /* two remaining coefficients of pentanomial */
|
||||
+ int k3;
|
||||
+};
|
||||
+typedef struct ECFieldIDStr ECFieldID;
|
||||
+
|
||||
+struct ECCurveStr {
|
||||
+ SECItem a; /* contains octet stream encoding of
|
||||
+ * field element (X9.62 section 4.3.3)
|
||||
+ */
|
||||
+ SECItem b;
|
||||
+ SECItem seed;
|
||||
+};
|
||||
+typedef struct ECCurveStr ECCurve;
|
||||
+
|
||||
+typedef void PRArenaPool;
|
||||
+
|
||||
+struct ECParamsStr {
|
||||
+ PRArenaPool * arena;
|
||||
+ ECParamsType type;
|
||||
+ ECFieldID fieldID;
|
||||
+ ECCurve curve;
|
||||
+ SECItem base;
|
||||
+ SECItem order;
|
||||
+ int cofactor;
|
||||
+ SECItem DEREncoding;
|
||||
+ ECCurveName name;
|
||||
+ SECItem curveOID;
|
||||
+};
|
||||
+typedef struct ECParamsStr ECParams;
|
||||
+
|
||||
+struct ECPublicKeyStr {
|
||||
+ ECParams ecParams;
|
||||
+ SECItem publicValue; /* elliptic curve point encoded as
|
||||
+ * octet stream.
|
||||
+ */
|
||||
+};
|
||||
+typedef struct ECPublicKeyStr ECPublicKey;
|
||||
+
|
||||
+struct ECPrivateKeyStr {
|
||||
+ ECParams ecParams;
|
||||
+ SECItem publicValue; /* encoded ec point */
|
||||
+ SECItem privateValue; /* private big integer */
|
||||
+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
|
||||
+};
|
||||
+typedef struct ECPrivateKeyStr ECPrivateKey;
|
||||
+
|
||||
+typedef enum _SECStatus {
|
||||
+ SECBufferTooSmall = -3,
|
||||
+ SECWouldBlock = -2,
|
||||
+ SECFailure = -1,
|
||||
+ SECSuccess = 0
|
||||
+} SECStatus;
|
||||
+#endif
|
||||
+
|
||||
+#ifdef _KERNEL
|
||||
+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
|
||||
+#else
|
||||
+/*
|
||||
+ This function is no longer required because the random bytes are now
|
||||
+ supplied by the caller. Force a failure.
|
||||
+*/
|
||||
+#ifndef SYSTEM_NSS
|
||||
+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
|
||||
+#endif
|
||||
+#endif
|
||||
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
|
||||
+#define MP_TO_SEC_ERROR(err)
|
||||
+
|
||||
+#define SECITEM_TO_MPINT(it, mp) \
|
||||
+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
|
||||
+
|
||||
+extern int ecc_knzero_random_generator(uint8_t *, size_t);
|
||||
+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
|
||||
+
|
||||
+#ifdef SYSTEM_NSS
|
||||
+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
|
||||
+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
|
||||
+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
|
||||
+#else
|
||||
+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
|
||||
+
|
||||
+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
|
||||
+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
|
||||
+ int);
|
||||
+extern void SECITEM_FreeItem(SECItem *, boolean_t);
|
||||
+
|
||||
+/* This function has been modified to accept an array of random bytes */
|
||||
+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
|
||||
+ const unsigned char* random, int randomlen, int);
|
||||
+/* This function has been modified to accept an array of random bytes */
|
||||
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
|
||||
+ const unsigned char* random, int randomlen, int, int timing);
|
||||
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
|
||||
+ const SECItem *, int);
|
||||
+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
|
||||
+ SECItem *, int);
|
||||
+#endif
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
+#endif /* _ECC_IMPL_H */
|
@ -1,88 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User andrew
|
||||
# Date 1478057514 0
|
||||
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
|
||||
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
|
||||
PR3183: Support Fedora/RHEL system crypto policy
|
||||
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
|
||||
--- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
|
||||
+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
|
||||
@@ -43,6 +43,9 @@
|
||||
* implementation-specific location, which is typically the properties file
|
||||
* {@code conf/security/java.security} in the Java installation directory.
|
||||
*
|
||||
+ * <p>Additional default values of security properties are read from a
|
||||
+ * system-specific location, if available.</p>
|
||||
+ *
|
||||
* @author Benjamin Renaud
|
||||
* @since 1.1
|
||||
*/
|
||||
@@ -52,6 +55,10 @@
|
||||
private static final Debug sdebug =
|
||||
Debug.getInstance("properties");
|
||||
|
||||
+ /* System property file*/
|
||||
+ private static final String SYSTEM_PROPERTIES =
|
||||
+ "/etc/crypto-policies/back-ends/java.config";
|
||||
+
|
||||
/* The java.security properties */
|
||||
private static Properties props;
|
||||
|
||||
@@ -93,6 +100,7 @@
|
||||
if (sdebug != null) {
|
||||
sdebug.println("reading security properties file: " +
|
||||
propFile);
|
||||
+ sdebug.println(props.toString());
|
||||
}
|
||||
} catch (IOException e) {
|
||||
if (sdebug != null) {
|
||||
@@ -114,6 +122,31 @@
|
||||
}
|
||||
|
||||
if ("true".equalsIgnoreCase(props.getProperty
|
||||
+ ("security.useSystemPropertiesFile"))) {
|
||||
+
|
||||
+ // now load the system file, if it exists, so its values
|
||||
+ // will win if they conflict with the earlier values
|
||||
+ try (BufferedInputStream bis =
|
||||
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
||||
+ props.load(bis);
|
||||
+ loadedProps = true;
|
||||
+
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("reading system security properties file " +
|
||||
+ SYSTEM_PROPERTIES);
|
||||
+ sdebug.println(props.toString());
|
||||
+ }
|
||||
+ } catch (IOException e) {
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println
|
||||
+ ("unable to load security properties from " +
|
||||
+ SYSTEM_PROPERTIES);
|
||||
+ e.printStackTrace();
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if ("true".equalsIgnoreCase(props.getProperty
|
||||
("security.overridePropertiesFile"))) {
|
||||
|
||||
String extraPropFile = System.getProperty
|
||||
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security
|
||||
--- a/src/java.base/share/conf/security/java.security Wed Oct 26 03:51:39 2016 +0100
|
||||
+++ b/src/java.base/share/conf/security/java.security Wed Nov 02 03:31:54 2016 +0000
|
||||
@@ -276,6 +276,13 @@
|
||||
security.overridePropertiesFile=true
|
||||
|
||||
#
|
||||
+# Determines whether this properties file will be appended to
|
||||
+# using the system properties file stored at
|
||||
+# /etc/crypto-policies/back-ends/java.config
|
||||
+#
|
||||
+security.useSystemPropertiesFile=true
|
||||
+
|
||||
+#
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
#
|
@ -1,24 +1,52 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Arguments: <JDK TREE> <MINIMAL|FULL>
|
||||
TREE=${1}
|
||||
TYPE=${2}
|
||||
|
||||
ZIP_SRC=src/java.base/share/native/libzip/zlib/
|
||||
JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
|
||||
GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
|
||||
PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
|
||||
LCMS_SRC=src/java.desktop/share/native/liblcms/
|
||||
|
||||
cd openjdk
|
||||
if test "x${TREE}" = "x"; then
|
||||
echo "$0 <JDK_TREE> (MINIMAL|FULL)";
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if test "x${TYPE}" = "x"; then
|
||||
TYPE=minimal;
|
||||
fi
|
||||
|
||||
if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
|
||||
echo "Type must be minimal or full";
|
||||
exit 2;
|
||||
fi
|
||||
|
||||
echo "Removing in-tree libraries from ${TREE}"
|
||||
echo "Cleansing operation: ${TYPE}";
|
||||
|
||||
cd ${TREE}
|
||||
|
||||
echo "Removing built-in libs (they will be linked)"
|
||||
|
||||
# On full runs, allow for zlib having already been deleted by minimal
|
||||
echo "Removing zlib"
|
||||
if [ ! -d ${ZIP_SRC} ]; then
|
||||
if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
|
||||
echo "${ZIP_SRC} does not exist. Refusing to proceed."
|
||||
exit 1
|
||||
fi
|
||||
rm -rvf ${ZIP_SRC}
|
||||
|
||||
# Minimal is limited to just zlib so finish here
|
||||
if test "x${TYPE}" = "xminimal"; then
|
||||
echo "Finished.";
|
||||
exit 0;
|
||||
fi
|
||||
|
||||
echo "Removing libjpeg"
|
||||
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
|
||||
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
|
||||
echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
|
||||
exit 1
|
||||
fi
|
||||
|
@ -1,10 +1,9 @@
|
||||
diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java
|
||||
--- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
|
||||
+++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
|
||||
@@ -883,9 +883,13 @@
|
||||
return null;
|
||||
}
|
||||
});
|
||||
diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java
|
||||
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jun 13 19:37:49 2019 +0200
|
||||
+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jul 04 10:35:42 2019 +0200
|
||||
@@ -595,7 +595,11 @@
|
||||
toolkit = new HeadlessToolkit(toolkit);
|
||||
}
|
||||
if (!GraphicsEnvironment.isHeadless()) {
|
||||
- loadAssistiveTechnologies();
|
||||
+ try {
|
||||
@ -15,4 +14,3 @@ diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/
|
||||
}
|
||||
}
|
||||
return toolkit;
|
||||
}
|
||||
|
@ -1,11 +1,12 @@
|
||||
diff -r 5b86f66575b7 src/share/lib/security/java.security-linux
|
||||
--- openjdk/src/java.base/share/conf/security/java.security Tue May 16 13:29:05 2017 -0700
|
||||
+++ openjdk/src/java.base/share/conf/security/java.security Tue Jun 06 14:05:12 2017 +0200
|
||||
@@ -83,6 +83,7 @@
|
||||
#ifndef solaris
|
||||
security.provider.tbd=SunPKCS11
|
||||
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
|
||||
index 68a9c1a2d08..7aa25eb2cb7 100644
|
||||
--- openjdk.orig/src/java.base/share/conf/security/java.security
|
||||
+++ openjdk/src/java.base/share/conf/security/java.security
|
||||
@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
|
||||
security.provider.tbd=Apple
|
||||
#endif
|
||||
security.provider.tbd=SunPKCS11
|
||||
+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
|
||||
|
||||
#
|
||||
# A list of preferred providers for specific algorithms. These providers will
|
||||
# Security providers used when FIPS mode support is active
|
||||
|
@ -1,13 +1,15 @@
|
||||
--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100
|
||||
+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100
|
||||
@@ -48,8 +48,8 @@
|
||||
diff --git a/openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
index bacff32efbc..ff7b3dcc81c 100644
|
||||
--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
@@ -46,8 +46,8 @@ class PlatformPCSC {
|
||||
|
||||
private final static String PROP_NAME = "sun.security.smartcardio.library";
|
||||
private static final String PROP_NAME = "sun.security.smartcardio.library";
|
||||
|
||||
- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so";
|
||||
- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
|
||||
+ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
|
||||
+ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
|
||||
private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
|
||||
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
|
||||
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
|
||||
+ private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
|
||||
+ private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
|
||||
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
|
||||
|
||||
PlatformPCSC() {
|
||||
|
117
rh1750419-redhat_alt_java.patch
Normal file
117
rh1750419-redhat_alt_java.patch
Normal file
@ -0,0 +1,117 @@
|
||||
diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk
|
||||
index 700ddefda49..2882de68eb2 100644
|
||||
--- openjdk.orig/make/modules/java.base/Launcher.gmk
|
||||
+++ openjdk/make/modules/java.base/Launcher.gmk
|
||||
@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \
|
||||
OPTIMIZATION := HIGH, \
|
||||
))
|
||||
|
||||
+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
|
||||
+$(eval $(call SetupBuildLauncher, alt-java, \
|
||||
+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
|
||||
+ EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \
|
||||
+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
|
||||
+ OPTIMIZATION := HIGH, \
|
||||
+))
|
||||
+
|
||||
ifeq ($(call isTargetOs, windows), true)
|
||||
$(eval $(call SetupBuildLauncher, javaw, \
|
||||
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
|
||||
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
|
||||
new file mode 100644
|
||||
index 00000000000..697df2898ac
|
||||
--- /dev/null
|
||||
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
+ * This code is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License version 2 only, as
|
||||
+ * published by the Free Software Foundation. Oracle designates this
|
||||
+ * particular file as subject to the "Classpath" exception as provided
|
||||
+ * by Oracle in the LICENSE file that accompanied this code.
|
||||
+ *
|
||||
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||
+ * accompanied this code).
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License version
|
||||
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+ *
|
||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
+ * or visit www.oracle.com if you need additional information or have any
|
||||
+ * questions.
|
||||
+ */
|
||||
+
|
||||
+#ifdef REDHAT_ALT_JAVA
|
||||
+
|
||||
+#include <sys/prctl.h>
|
||||
+
|
||||
+
|
||||
+/* Per task speculation control */
|
||||
+#ifndef PR_GET_SPECULATION_CTRL
|
||||
+# define PR_GET_SPECULATION_CTRL 52
|
||||
+#endif
|
||||
+#ifndef PR_SET_SPECULATION_CTRL
|
||||
+# define PR_SET_SPECULATION_CTRL 53
|
||||
+#endif
|
||||
+/* Speculation control variants */
|
||||
+#ifndef PR_SPEC_STORE_BYPASS
|
||||
+# define PR_SPEC_STORE_BYPASS 0
|
||||
+#endif
|
||||
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
|
||||
+
|
||||
+#ifndef PR_SPEC_NOT_AFFECTED
|
||||
+# define PR_SPEC_NOT_AFFECTED 0
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_PRCTL
|
||||
+# define PR_SPEC_PRCTL (1UL << 0)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_ENABLE
|
||||
+# define PR_SPEC_ENABLE (1UL << 1)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE
|
||||
+# define PR_SPEC_DISABLE (1UL << 2)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_FORCE_DISABLE
|
||||
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE_NOEXEC
|
||||
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||
+#endif
|
||||
+
|
||||
+static void set_speculation() __attribute__((constructor));
|
||||
+static void set_speculation() {
|
||||
+ if ( prctl(PR_SET_SPECULATION_CTRL,
|
||||
+ PR_SPEC_STORE_BYPASS,
|
||||
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
|
||||
+ return;
|
||||
+ }
|
||||
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||
+}
|
||||
+
|
||||
+#endif // REDHAT_ALT_JAVA
|
||||
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
|
||||
index b734fe2ba78..79dc8307650 100644
|
||||
--- openjdk.orig/src/java.base/share/native/launcher/main.c
|
||||
+++ openjdk/src/java.base/share/native/launcher/main.c
|
||||
@@ -34,6 +34,14 @@
|
||||
#include "jli_util.h"
|
||||
#include "jni.h"
|
||||
|
||||
+#ifdef REDHAT_ALT_JAVA
|
||||
+#if defined(__linux__) && defined(__x86_64__)
|
||||
+#include "alt_main.h"
|
||||
+#else
|
||||
+#warning alt-java requested but SSB mitigation not available on this platform.
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
#ifdef _MSC_VER
|
||||
#if _MSC_VER > 1400 && _MSC_VER < 1600
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (jdk-jdk12-jdk-12+33.tar.xz) = e2dea9585fe07ae87fb313d090e9850a547e2ba84a7447d42acd0a04874599ef240f7b6ccaa69955cab5d12f646711cb4467e1b24e090af476e9ff708cc168fe
|
||||
SHA512 (systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz) = cf578221b77d8c7e019f69909bc86c419c5fb5e10bceba9592ff6e7f96887b0a7f07c9cefe90800975247a078785ca190fdec5c2d0f841bb447cee784b570f7d
|
||||
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
|
||||
SHA512 (openjdk-jdk19u-jdk-19+36.tar.xz) = c441e1f7dbabe3e66e062a7f661f953e06c10dd165995e2996e614d32f2333cd4532f45064ba4d098dfc8fa3637448d4dc9869c235d086ef80499a7a262f4ede
|
||||
|
Loading…
Reference in New Issue
Block a user