rpms
/
java-latest-openjdk
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: rpms:f30
Branches Tags
rpms:rawhide
rpms:main-riscv64
rpms:f40-jdk20
rpms:f37
rpms:main
rpms:f35
rpms:f36
rpms:f33
rpms:f33-riscv64-jdk12
rpms:f33-riscv64
rpms:f34
rpms:epel7
rpms:epel8
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:epel8-playground
rpms:f28
...
pull from: rpms:rawhide
Branches Tags
rpms:main-riscv64
rpms:f40-jdk20
rpms:f37
rpms:main
rpms:rawhide
rpms:f35
rpms:f36
rpms:f33
rpms:f33-riscv64-jdk12
rpms:f33-riscv64
rpms:f34
rpms:epel7
rpms:epel8
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:epel8-playground
rpms:f28

142 Commits
f30 ... rawhide

Author SHA1 Message Date
Andrew Hughes 3b7a64c61c Switch buildjdkver back to being featurever, now java-19-openjdk is available in the buildroot 2022-08-30 04:44:18 +01:00
Andrew John Hughes f7ce8c82a3 Switch to static builds, reducing system dependencies and making build more portable 2022-08-29 20:47:29 +01:00
Andrew Hughes b4e6a520f9 Update to RC version of OpenJDK 19 
Update release notes to 19.0.0
Rebase FIPS patches from fips-19u branch
Need to include the '.S' suffix in debuginfo checks after JDK-8284661
Add patch to provide translations for Europe/Kyiv added in tzdata2022b
Add test to ensure timezones can be translated
Remove references to sample directory removed by JDK-8284999
 2022-08-29 14:23:46 +01:00
Andrew Hughes c9b6c1b9f0 Update to jdk-18.0.2 release 
Update release notes to 18.0.2
Drop JDK-8282004 patch which is now upstreamed under JDK-8282231
Exclude x86 where java_arches is undefined, in order to unbreak build
 2022-07-22 16:05:26 +01:00
Jiri e7bdf2e86c moved to build only on %%{java_arches} 
-- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch:  %%{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was  backported proeprly (with i686 included)
- https://bugzilla.redhat.com/show_bug.cgi?id=2104125
 2022-07-22 12:27:35 +02:00
Fedora Release Engineering 6e7911be34 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2022-07-21 15:06:36 +00:00
Andrew Hughes d66bf86c49 Try to build on x86 again by creating a husk of a JDK which does not depend on itself 2022-07-19 01:30:25 +01:00
Andrew Hughes 3f2f52a2a3 Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable 2022-07-17 02:42:37 +01:00
Andrew Hughes 08334d8ce1 Explicitly require crypto-policies during build and runtime for system security properties 2022-07-14 01:11:57 +01:00
Jiri f4dcf6aa0f Replaced binaries and .so files with bash-stubs on i686 
in preparation of the removal on that architecture
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
 2022-07-13 20:07:30 +02:00
Andrew Hughes 79f3eb8ebc Make use of the vendor version string to store our version & release rather than an upstream release date 2022-07-13 18:16:33 +01:00
FeRD (Frank Dana) 33f0849565 Add additional javadoc & javadoczip alternatives 
Create additional alternatives linked from the javadocdir, named:
  * java-%{origin} / java-%{origin}.zip
  * java-%{javaver} / java-%{javaver}.zip
  * java-%{javaver}-%{origin} / java-%{javaver}-%{origin}.zip
 2022-07-12 08:12:54 -04:00
Andrew Hughes fa0aa4658c Update to jdk-18.0.1.1 interim release 
Update release notes to actually reflect OpenJDK 18 and subsequent releases 18.0.1 & 18.0.1.1
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350
 2022-07-11 15:19:26 +01:00
Andrew Hughes c2d24ea271 Include a test in the RPM to check the build has the correct vendor information. 
Fix issue where CheckVendor.java test erroneously passes when it should fail.
Add proper quoting so '&' is not treated as a special character by the shell.
 2022-07-09 02:13:33 +01:00
Andrew Hughes 47c2f1ddce Fix whitespace in spec file 2022-07-08 02:44:46 +01:00
Andrew Hughes f94bceceab Sequence spec file sections as they are run by rpmbuild (build, install then test) 2022-07-08 02:41:34 +01:00
Andrew Hughes f206f3a913 Turn on system security properties as part of the build's install section 
Move cacerts replacement to install section and retain original of this and tzdb.dat
Run tests on the installed image, rather than the build image
Introduce variables to refer to the static library installation directories
Use relative symlinks so they work within the image
Run debug symbols check during build stage, before the install strips them
 2022-07-08 02:38:51 +01:00
Stephan Bergmann 7d90e62473 Fix flatpak builds 
...after 19065a8b01585a1aa5f22e38e99fc0c47c597074 "Temporarily move x86 to use
Zero in order to get a working build":

When building the

>       if ${run_bootstrap} ; then

branch for suffix='' and loop='-main', the second

>           buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}

uses the JDK (`$(pwd)/${bootinstalldir}/images/%{jdkimage}`) from the installjdk
on the previous line.  But installjdk does

> 	rm ${imagepath}/lib/tzdb.dat
> 	ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat

which made that JDK's tzdb.dat link to /app/share/javazi-1.8/tzdb.dat in a
flatpak build (rather than the usual /usr/share/javazi-1.8/tzdb.dat in a non-
flatpak build) which is not present at build-time (but will be present at
runtime in at least the LibreOffice flatpak, which bundles tzdata-java built for
the flatpak /app prefix).  So using that JDK's compiler during the build kept
failing due to java.io.FileNotFoundException for its lib/tzdb.dat.

(This was not an issue prior to 19065a8b01585a1aa5f22e38e99fc0c47c597074, as
installjdk's modification of lib/tzdb.dat used to be done only for the "Final
setup on the main image" at the very end of the build, not during the build for
JDKs that are themselves used later during the build.)

The easiest workaround for this issue appears to be to just not bootstrap_build
in the flatpak case, avoiding the situation that a JDK whose lib/tzdb.dat has
been modified through installjdk is used during the build.
 2022-07-07 20:37:19 +01:00
Francisco Ferrari Bihurriet 742fc4c474 RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode 
Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see:
https://docs.oracle.com/en/java/javase/17/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9__PKCS11-ATTRIBUTES-CONFIGURATION
 2022-07-01 02:05:02 +01:00
Stephan Bergmann 26e1d8bb6d Fix flatpak builds (catering for their uncompressed manual pages) 
...see
<https://docs.fedoraproject.org/en-US/flatpak/troubleshooting/#_uncompressed_manual_pages>
for details
 2022-06-30 01:55:18 +01:00
Andrew John Hughes 7bc45a5253 Update FIPS support to bring in latest changes 
* RH2023467: Enable FIPS keys export
* RH2094027: SunEC runtime permission for FIPS
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together

Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
Minor sync-ups with java-17-openjdk spec file
 2022-06-24 17:41:21 +01:00
Andrew John Hughes 624750adb4 Exclude s390x from the gdb test on RHEL 7 where we see failures with the portable build 2022-05-25 09:59:33 +01:00
Jiri Vanek fcc7371149 updated to CPU jdk-18.0.1+10 sources 2022-04-28 11:59:03 +02:00
Jiri Vanek 40e63ef0cc updated to CPU jdk-18.0.1 sources 2022-04-27 18:36:10 +02:00
Andrew John Hughes 4c04ead0c3 Add missing ChangeLog entry for previous commit 2022-04-10 22:23:34 +01:00
Jiri Vanek fb85c81739 removed hardcoded /usr/lib/jvm by %{_jvmdir} to make rpmlint happy 2022-04-05 16:04:27 +02:00
Andrew John Hughes f4cdbe8673 Automatically turn off building a fresh HotSpot first, if the bootstrap JDK is not the same major version as that being built 2022-03-28 15:09:43 +01:00
Jiri b4e869d71c Updated generate_source_tarball.sh to match current sources 2022-03-24 13:18:38 +01:00
Jiri eaab09411c Removed ages unused update_package.sh 2022-03-24 13:18:12 +01:00
Jiri Vanek 3c5126e20f set build jdk to 18 
as ga is 1, set vendor_version_string to 22.3
 2022-03-21 12:48:15 +01:00
Jiri Vanek d51da6f4c2 replaced tabs by sets of spaces to make rpmlint happy 2022-03-21 12:47:11 +01:00
Andrew John Hughes 48dbe4bbff Update to RC version of OpenJDK 18 
* Add new slave jwebserver and corresponding manpage
- Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
- Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory
- Disable HotSpot-only pre-build which is incompatible with the boot JDK being a different major version to that being built
- Rebase FIPS patches from fips-18u branch and simplify by using a single patch from that repository
- Detect NSS at runtime for FIPS detection
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
 2022-03-16 05:20:49 +00:00
Andrew John Hughes ed4b79a683 Reinstate JIT builds on x86_32. 
Add JDK-8282004 to fix missing CALL effects on x86_32.
 2022-02-17 01:57:58 +00:00
Severin Gehwolf 0bb7626ce6 Re-enable gdb backtrace check on formerly disabled arches. 2022-02-08 15:35:20 +01:00
Andrew John Hughes 487c5b54b4 Temporarily move x86 to use Zero in order to get a working build 
Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
 2022-02-05 01:48:07 +00:00
Andrew John Hughes aadc529dd1 Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64) 
Need to support noarch for creating source RPMs for non-scratch builds.
 2022-01-24 18:50:55 +00:00
Andrew John Hughes a0812df57d January 2022 security update to jdk 17.0.2+8 
Set LTS designator on RHEL, excluding Fedora & EPEL.
Rename libsvml.so to libjsvml.so following JDK-8276025
Remove JDK-8276572 patch which is now upstream.
Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
 2022-01-24 14:30:58 +00:00
Andrew John Hughes 1b7a9fc8f1 Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent 2022-01-24 02:17:42 +00:00
Fedora Release Engineering 82a565bf80 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2022-01-20 13:40:37 +00:00
Andrew John Hughes 21e63a4b52 Sync gdb test with java-1.8.0-openjdk and improve architecture restrictions. 
Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
 2022-01-19 00:37:12 +00:00
Andrew John Hughes dc05b09f75 Fix FIPS issues in native code and with initialisation of java.security.Security 2022-01-13 01:12:07 +00:00
Jiri Vanek d62b3d65d1 Storing and restoring alterntives during update manually 
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE

The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family

Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
 2021-12-13 18:18:06 +01:00
Jiri Vanek b0564c69d6 family extracted to globals 2021-12-13 18:15:09 +01:00
Jiri Vanek 31a223aed4 Providing proper provides for javadoc-zip subpk 
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
 2021-12-09 11:56:47 +01:00
Jiri Vanek 461ed378a5 Removing tabs in whitespaced specfile for rpmlint 2021-12-09 11:50:27 +01:00
Andrew John Hughes 241e828cfe Handle Fedora in distro conditionals that currently only pertain to RHEL. 2021-11-29 01:43:48 +00:00
Jiri Vanek 6837909120 Patch syslookup.c so it actually has some code to be compiled into libsyslookup 
Related: rhbz#2013846
 2021-11-08 14:49:39 +01:00
Severin Gehwolf 62ce7fecfc Use 'sql:' prefix in nss.fips.cfg 
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.

Resolves: RHBZ#2019555
 2021-11-05 14:28:40 +01:00
Andrew John Hughes 5deee57a12 Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. 2021-11-03 21:39:17 +00:00
Andrew John Hughes 68acf88023 Sync desktop files with upstream IcedTea release 3.15.0 using new script 2021-11-01 13:46:13 +00:00
Andrew John Hughes 28b9940eba Restructure the build so a minimal initial build is then used for the final build (with docs) 
This reduces pressure on the system JDK and ensures the JDK being built can do a full build
 2021-10-26 16:35:41 +01:00
Andrew John Hughes 18b2f76565 Minor cosmetic improvements to make spec more comparable between variants 2021-10-26 02:11:32 +01:00
Andrew John Hughes e70d9ec500 Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@ 
Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
 2021-10-21 16:36:06 +01:00
Petra Mikova fb48b1ebd8 October CPU 2021 update 2021-10-21 14:41:20 +02:00
Andrew John Hughes 2891e38fa2 Add FIPS patch to allow plain key import. 
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
 2021-10-10 23:10:57 +01:00
Andrew John Hughes f2132d86ba Add patch to login to the NSS software token when in FIPS mode. 
Fix unused function compiler warning found in systemconf.c
Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
 2021-10-01 02:13:43 +01:00
Andrew John Hughes 37b7b79aff Update release notes to document the major changes between OpenJDK 11 & 17. 2021-09-27 02:43:04 +01:00
Andrew John Hughes 53cd241c34 Add patch to disable non-FIPS crypto in the SUN and SunEC security providers. 2021-09-16 02:11:23 +01:00
Andrew John Hughes 37b0e84cf4 Update to jdk-17+35, also known as jdk-17-ga. 
Switch to GA mode.
 2021-09-15 00:07:30 +01:00
Andrew John Hughes 619b0b263e Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. 
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
 2021-09-08 04:41:40 +01:00
Andrew John Hughes e426a3c6f9 Support the FIPS mode crypto policy (RH1655466) 
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
 2021-09-06 01:15:24 +01:00
Jiri Vanek e16ee29c24 alternatives creation moved to posttrans 
- Thus fixing the old reisntall issue:
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
 2021-08-31 18:26:42 +02:00
Andrew John Hughes e79cabf8e2 Update to jdk-17+33, including JDWP fix and July 2021 CPU 
Resolves: rhbz#1972529
 2021-07-30 06:27:26 +01:00
Fedora Release Engineering e3ed81b032 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-07-22 08:57:38 +00:00
Andrew John Hughes 7bc094fb91 Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. 
Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
 2021-07-07 07:02:16 +01:00
Petra Mikova e22fd4035f Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch 
It makes the SunPKCS provider show up again
Resolves: rhbz#1971120
 2021-06-28 18:04:36 +02:00
Severin Gehwolf 2849b03224 Add PR3695 to allow the system crypto policy to be turned off. 
- Adds patch from java-11-openjdk so as to be able to properly
  toggle the system crypto policy
- Fixes test TestSecurityProperties.java which was failing
 2021-06-24 18:37:35 +02:00
Severin Gehwolf 4a0847cae5 Update buildjdkver to 17 2021-06-24 14:39:12 +02:00
Petra Mikova 825f19b8f0 Fix bogus date in changelog to get rid of the warning 2021-06-21 14:11:16 +02:00
Petra Mikova 404b8548a4 Update to JDK 17 
Change path to version-number.conf
Bump sources to 17.0.0+26
Change vendor_version_string
Set is_ga to 0, as this is early access build
removed rmid binary from files and from slaves
removed JAVAC_FLAGS=-g from make command, as it breaks the build since JDK-8258407
add lib/libsyslookup.so to files
renamed lib/security/blacklisted.certs to lib/security/blocked.certs
add lib/libsvml.so for intel
skip debuginfo check for libsyslookup.so on s390x
 2021-06-18 20:11:48 +02:00
Jiri Vanek a1a350dc3a removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction 2021-05-07 15:04:52 +02:00
Jiri 51bd7e14da Disable copy-jdk-configs for Flatpak builds 2021-04-30 08:22:12 +02:00
Jiri 3d30d08e0a Adapted to rpm 4.17 and cjc 4.0 
As rpm 4.17 dropped arg from varaibale table, cjc now have to be sued as
module. cjc 4.0 was converted to module
 2021-04-30 08:21:21 +02:00
Petra Mikova cd1b221136 Add forgotten changelog 2021-04-26 12:04:21 +02:00
Petra Mikova ed8c45a36f April CPU update 
Generated new sources and removed obsoleted patch
 2021-04-21 16:38:36 +02:00
Severin Gehwolf 7ba3ca3fe3 Perform static library build on a separate source tree with bundled image libraries 
Make static library build optional
Ported from java-11-openjdk. Work of Andrew Hughes.
 2021-03-11 19:03:35 +01:00
Jiri 551c2470a9 bumped buildjdkver to build by itself - 16 2021-03-09 14:06:19 +01:00
Jiri fbb116c651 fixed suggests of wrong pcsc-lite-devel%{?_isa} to correct pcsc-lite-libs%{?_isa} 2021-03-09 10:09:20 +01:00
Andrew John Hughes c5efa6bf32 Update to jdk-16.0.0.0+36 
Update tarball generation script to use git following OpenJDK's move to github
Update tarball generation script to use PR3823 which handles JDK-8235710 changes
Use upstream default for version-pre rather than setting it to "ea" or ""
Drop libsunec.so which is no longer generated, thanks to JDK-8235710
Drop unnecessary compiler flags, dating back to work on GCC 6 & 10
Adapt RH1750419 alt-java patch to still apply after some variable re-naming in the makefiles
Update filever to remove any trailing zeros, as in the OpenJDK build, and use for source filename
Use system harfbuzz now this is supported.
Pass SOURCE_DATE_EPOCH to build for reproducible builds
 2021-02-23 17:04:55 +00:00
Andrew John Hughes 7f939719de Hardcode /usr/sbin/alternatives for Flatpak builds 
/usr/sbin/alternatives is not under the Flatpak build's %{_prefix},
which is set to /app.

(See <https://pagure.io/packaging-committee/issue/848> "Clarify the
use of path macros with respect to build dependencies").

Found when trying to do a LibreOffice Flatpak build from RHEL RPM
specs, which includes java-1.8.0-openjdk among its components.
 2021-02-19 03:26:43 +00:00
Fedora Release Engineering 73660e4cfb - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-01-26 14:43:13 +00:00
Andrew John Hughes ca2c8684b4 Update to jdk-15.0.2.0+7 
Add release notes for 15.0.1.0 & 15.0.2.0
Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
Still use 15.0.x rather than 15.0.x.0 for file naming, as the trailing zero is omitted from tags.
Cleanup debug package descriptions and version number placement.
Remove unused patch files.
 2021-01-22 13:25:56 +00:00
Andrew John Hughes b6e8960be7 Use -march=i686 for x86 builds if -fcf-protection is detected (needs CMOV) 2021-01-19 17:40:54 +00:00
Tom Stellard 31af2fd707 Add BuildRequires: make 
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
 2021-01-05 15:34:04 +00:00
Jiri Vanek b589be7c4e Fixed typo in variable 2021-01-04 12:07:04 +01:00
Jiri 92dbe308db fixed missing condition for fastdebug packages being counted as debug ones 2020-12-22 11:02:38 +01:00
Jiri b17bd784ca removed lib-style provides for fastdebug_suffix_unquoted 2020-12-20 16:16:02 +01:00
Jiri f1c21a95e3 Added few missing majorver into descriptions 2020-12-20 12:52:49 +01:00
Jiri ff16d76c57 many cosmetic changes taken from more maintained jdk11 
- introduced debug_arches, bootstrap_arches, systemtap_arches, fastdebug_arches, sa_arches, share_arches, shenandoah_arches, zgc_arches
  instead of various hardcoded ifarches
- updated systemtap
- added requires excludes for debug pkgs
- removed redundant logic around jsa files
- added runtime requires of lksctp-tools and libXcomposite%
- added and used Source15 TestSecurityProperties.java, but is made always positive as jdk15 now does not honor system policies
- s390x excluded form fastdebug build
 2020-12-20 09:15:28 +01:00
Jiri Vanek 29495176b1 Added checks and restrictions around alt-java 2020-12-17 15:00:23 +01:00
Jiri Vanek ed681ea347 Fixed not-including fastdebugbuild in case of --without fastdebug 2020-12-10 15:53:10 +01:00
Jiri Vanek 49dc59a59a moved wrongly placed icenses to acompany other ones 
this bad placement was killng parallel-installability and thus having bad impact to leapp if used
 2020-12-10 15:53:10 +01:00
Jiri 30e2db7344 Redeffined linux -> __linux__ and __x86_64 -> __x86_64__; should be backported to jdk11 and jdk8 2020-12-10 09:39:34 +01:00
Jiri cf132698ce Fixes comment for speculative store bypass patch 2020-12-07 19:54:31 +01:00
Jiri 1ed171d1c7 Replaced alt-java palceholder by real pathced alt-java 
- added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch
- no longer copying of java->alt-java as it is created by  patch600
 2020-12-07 19:37:12 +01:00
Jiri b1f2c50f6a Create a copy of java as alt-java with alternatives and man pages 
- java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there...
 2020-11-23 23:16:42 +01:00
Petra Mikova cadeb47ec0 October CPU 2020 update 2020-10-29 14:07:16 +01:00
Severin Gehwolf 29d5d3d74f Fix directory ownership of static-libs sub-package 2020-10-22 12:01:01 +02:00
Jiri Vanek 4848b860de Build static-libs-image and add resulting files via -static-libs sub-package. 2020-10-13 14:36:31 +02:00
Petra Mikova 01a09a2b74 Add support for fastdebug builds on 64 bit architectures 2020-09-23 18:25:16 +02:00
Severin Gehwolf 57a00fe359 Update for JDK 15 GA 2020-09-15 18:00:52 +02:00
Petra Mikova a64f9d7aa2 Update to OpenJDK 15 
- Update to jdk 15.0.0.36 tag
- Modify rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
- Update vendor version string to 20.9
- Remove jjs binaries from files after JEP 372: Nashorn removal
- Remove rmic binaries from files after JDK-8225319
 2020-09-03 14:54:00 +02:00
Severin Gehwolf 05a8506fe4 Disable LTO for passing debuginfo check 2020-07-27 15:19:12 +02:00
Petra Mikova a3e31f598f July 2020 CPU 
Update to 14.0.2+12 sources
Remove upstreamed patches jdk8237879-make_4_3_build_fixes.patch, jdk8235833-posixplatform_cpp_should_not_include_sysctl_h.patch, jdk8243059-build_fails_when_with_vendor_contains_comma.patch
 2020-07-22 17:02:04 +02:00
Petra Mikova f8b9b4d90e Fix changes in Provides from system_jdk support. 
Re-introduce java-openjdk-src & java-openjdk-demo for system_jdk builds.
Fix accidental renaming of java-openjdk-devel to java-devel-openjdk.
 2020-07-09 17:40:06 +02:00
Petra Mikova 02b4241e50 Update generate_source_tarball script to new icedtea patch 2020-05-26 13:03:07 +02:00
Petra Mikova e63e26c813 Add patch for jdk8235833 to fix build issues in rawhide 2020-05-20 10:34:01 +02:00
Jiri ad7e0b66c9 Moved vendor_version_string to better place 2020-04-23 16:45:29 +02:00
Severin Gehwolf c45e4e4277 Fix vendor version string 2020-04-23 11:49:13 +02:00
Petra Mikova ed5ef5c69e CPU update to OpenJDK 14.0.1+7 2020-04-20 14:02:15 +02:00
Jiri e0187b47d0 Fxing build failure caused by "," in value of vendor property 
Removing the comma is fixing the build, trying with $(COMMA)
 2020-04-17 20:33:28 +02:00
Jiri 9d47beb6f3 Added --with-vendor id and url family of switches 2020-04-08 19:07:33 +02:00
Petra Mikova eb30299f93 Uploaded new src tarball 2020-04-08 13:42:33 +02:00
Petra Mikova d252fc5a16 Bump buildjdkver to 14 2020-03-31 12:10:25 +02:00
Petra Mikova 8fe8ade02f Remove s390x workaround 
The bug was fixed in new release of gcc10
 2020-03-27 10:54:32 +01:00
Petra Mikova e810d7e2c4 Fix devel postinstall script 
Removed a whitespace, causing failure of postinstall script
 2020-03-24 10:34:19 +01:00
Petra Mikova a7734237a6 Update to OpenJDK 14 
- update to jdk 14+36 ea build
- remove JDK-8224851 patch, as OpenJDK 14 already contains it
- removed pack200 and unpack200 binaries, slaves, manpages and libunpack.so library
- added listings for jpackage binary, manpages and added slave records to alternatives

Replace pr3755 patch with pr3782 from icedtea14

Replace all occurences in the generate_source_tarball.sh script.

Mark the builds as ga, as OpenJDK 14 was released today
 2020-03-19 10:43:21 +01:00
Petra Mikova a12c2576b2 Fix make 4.3 build issues 
JDK-8237879 causes build issues because of changes in make
 2020-03-13 07:26:59 +01:00
Petra Mikova 0f4f0ca435 Fix build issues with GCC10 
Added workaround for build failure on s390x
Added patch from jdk14 for build issues with aarch64
Added -fcommon switch to be able to build with GCC10
 2020-03-02 13:58:39 +01:00
Petra Mikova 76e4b4f5dd Fix release broken by last rpmdev-specbump 2020-02-04 09:53:36 +01:00
Fedora Release Engineering c26a916edf - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-29 05:55:24 +00:00
Petra Mikova 82e5b342fd CPU sources update to 13.0.2+8 tag 
Removed obsoleted patches and uploaded new tarball
 2020-01-18 13:38:53 +01:00
Petra Mikova a6c61be805 Renamed patches according to the convention 2019-10-25 14:36:08 +02:00
Petra Mikova 20d8edbf09 Create new section for the patches that will be upstreamed in 13.0.2 2019-10-25 14:00:33 +02:00
Petra Mikova 2c7ed40a2c Add shenandoah patches that did not make it to 13.0.1.9 
Also changed hardcoded version of source for macro
 2019-10-25 13:12:18 +02:00
Petra Mikova b473268bb0 Updated to October 2019 CPU sources 2019-10-22 20:45:42 +02:00
Petra Mikova 3a77472506 Changed rpmrelease to 3, replaced previously missed occurences of PR3681 with PR3755 2019-10-21 08:38:32 +02:00
Petra Mikova 2fc99891cd Synced up patches and generate tarball script 
Removed pr2126 and regenerated sources with the updated script
 2019-10-16 15:49:17 +02:00
Andrew Hughes 8c42f42635 Switch to in-tree SunEC code, dropping NSS runtime dependencies and patches to link against it. 2019-10-16 15:47:28 +02:00
Andrew Hughes da8c46f7d3 Drop unnecessary build requirement on gtk3-devel, as OpenJDK searches for Gtk+ at runtime. 
Add missing build requirement for libXrender-devel, previously masked by Gtk3+ dependency
Add missing build requirement for libXrandr-devel, previously masked by Gtk3+ dependency
fontconfig build requirement should be fontconfig-devel, previously masked by Gtk3+ dependency
 2019-10-16 15:45:14 +02:00
Andrew Hughes d38ad1131f Obsolete javadoc-slowdebug and javadoc-slowdebug-zip packages via javadoc and javadoc-zip respectively. 2019-10-16 15:43:13 +02:00
Severin Gehwolf 9e4956444e Don't produce unnecessary things for the debug variant 
This speeds up the build as no bootcycle image build is
being performed for the slowdebug variant. Also don't
produce a javadoc or javadoc-zip package for the slowdebug
variant as that is pointless.
 2019-10-16 15:39:51 +02:00
Severin Gehwolf 1f6e6f78cf Fix vendor version for JDK 13 2019-09-30 11:00:44 +02:00
Petra Mikova ff60a6acf5 Updated to 13+33 sources 2019-08-14 13:06:39 +02:00
Severin Gehwolf 444e4c150c Fix bootjdkver macro 
After the JDK 13 rebase, java-latest-openjdk RPM installs into
/usr/lib/jvm/java-13-openjdk and NOT /usr/lib/jvm/java-12-openjdk.

This macro update fixes it.

Additionally fix the Release field which rpmdev-bumpspec mangled
for the F31 mass rebuild.
 2019-07-26 15:40:39 +02:00
Fedora Release Engineering 299a6e37e6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-25 10:02:30 +00:00
Petra Mikova 1ea21783a7 Removed jhsdb manpage for s390x arch 2019-07-12 09:06:02 +02:00
Petra Mikova 7069fae5c0 Update to 13+28 sources 2019-07-11 13:33:16 +02:00
Petra Mikova 5a901e2027 Backported patch related to ea designator from ojdk11 2019-07-11 11:50:53 +02:00
Petra Mikova 110204edec Update of the package to OpenJDK 13 
Adapted patches, spec and uploaded new sources
 2019-07-09 10:59:30 +02:00
Petra Mikova aee972ad11 Fixed requires/provides for non-system jdk (backport of RHBZ#1702324) 2019-05-22 16:51:13 +02:00
pmikova 9c1454ec0e Updated sources to the latest CPU 2019-04-18 13:58:43 +02:00
23 changed files with 6554 additions and 2037 deletions
Show Stats Expand all files Collapse all files

29
.gitignore vendored
View File

@ -1,2 +1,31 @@
/jdk-jdk12-jdk-12+33.tar.xz
/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
/jdk-updates-jdk12u-jdk-12.0.1+12.tar.xz
/jdk-jdk13-jdk-13+27.tar.xz
/jdk-jdk13-jdk-13+28.tar.xz
/jdk-jdk13-jdk-13+33.tar.xz
/jdk-updates-jdk13u-jdk-13.0.1+9.tar.xz
/jdk-updates-jdk13u-jdk-13.0.2+8.tar.xz
/jdk-jdk14-jdk-14+36.tar.xz
/jdk-updates-jdk14u-jdk-14.0.1+7.tar.xz
/jdk-updates-jdk14u-jdk-14.0.2+12.tar.xz
/jdk-jdk15-jdk-15+36.tar.xz
/jdk-updates-jdk15u-jdk-15.0.1+9.tar.xz
/tapsets-icedtea-3.15.0.tar.xz
/jdk-updates-jdk15u-jdk-15.0.2+7.tar.xz
/openjdk-jdk16-jdk-16+36.tar.xz
/openjdk-jdk16u-jdk-16.0.1+9.tar.xz
/openjdk-jdk17-jdk-17+26.tar.xz
/openjdk-jdk17-jdk-17+33.tar.xz
/openjdk-jdk17-jdk-17+35.tar.xz
/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
/openjdk-jdk-jdk-18+27.tar.xz
/openjdk-jdk18-jdk-18+27.tar.xz
/openjdk-jdk18-jdk-18+37.tar.xz
/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
/openjdk-jdk18u-jdk-18.0.1+10.tar.xz
/openjdk-jdk18u-jdk-18.0.1.1+2.tar.xz
/openjdk-jdk18u-jdk-18.0.2+9.tar.xz
/openjdk-jdk19u-jdk-19+36.tar.xz

65
CheckVendor.java Normal file
View File

@ -0,0 +1,65 @@
/* CheckVendor -- Check the vendor properties match specified values.
Copyright (C) 2020 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @test
*/
public class CheckVendor {
public static void main(String[] args) {
if (args.length < 4) {
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL> <VENDOR-VERSION-STRING>");
System.exit(1);
}
String vendor = System.getProperty("java.vendor");
String expectedVendor = args[0];
String vendorURL = System.getProperty("java.vendor.url");
String expectedVendorURL = args[1];
String vendorBugURL = System.getProperty("java.vendor.url.bug");
String expectedVendorBugURL = args[2];
String vendorVersionString = System.getProperty("java.vendor.version");
String expectedVendorVersionString = args[3];
if (!expectedVendor.equals(vendor)) {
System.err.printf("Invalid vendor %s, expected %s\n",
vendor, expectedVendor);
System.exit(2);
}
if (!expectedVendorURL.equals(vendorURL)) {
System.err.printf("Invalid vendor URL %s, expected %s\n",
vendorURL, expectedVendorURL);
System.exit(3);
}
if (!expectedVendorBugURL.equals(vendorBugURL)) {
System.err.printf("Invalid vendor bug URL %s, expected %s\n",
vendorBugURL, expectedVendorBugURL);
System.exit(4);
}
if (!expectedVendorVersionString.equals(vendorVersionString)) {
System.err.printf("Invalid vendor version string %s, expected %s\n",
vendorVersionString, expectedVendorVersionString);
System.exit(5);
}
System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
vendor, vendorURL, vendorBugURL, vendorVersionString);
}
}

126
NEWS Normal file
View File

@ -0,0 +1,126 @@
Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 19.0.0 (2022-09-20):
===========================================
Major changes are listed below. Some changes may have been backported
to earlier releases following their first appearance in OpenJDK 19.
The full list of changes in 19u can be found at:
- * https://builds.shipilev.net/backports-monitor/release-notes-19.txt
NEW FEATURES
============
Language Features
=================
Pattern Matching for switch
===========================
https://openjdk.org/jeps/406
https://openjdk.org/jeps/420
https://openjdk.org/jeps/427
Enhance the Java programming language with pattern matching for
`switch` expressions and statements, along with extensions to the
language of patterns. Extending pattern matching to `switch` allows an
expression to be tested against a number of patterns, each with a
specific action, so that complex data-oriented queries can be
expressed concisely and safely.
This was a preview feature (http://openjdk.java.net/jeps/12) in
OpenJDK 17 (JEP 406) and saw a second preview in OpenJDK 18 (JEP 420).
It reaches its third preview (JEP 427) in OpenJDK 19.
Record Patterns
===============
https://openjdk.org/jeps/405
Enhance the Java programming language with record patterns to
deconstruct record values. Record patterns and type patterns can be
nested to enable a powerful, declarative, and composable form of data
navigation and processing.
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
in OpenJDK 19 (JEP 405)
Library Features
================
Vector API
==========
https://openjdk.org/jeps/338
https://openjdk.org/jeps/414
https://openjdk.org/jeps/417
https://openjdk.org/jeps/426
Introduce an API to express vector computations that reliably compile
at runtime to optimal vector hardware instructions on supported CPU
architectures and thus achieve superior performance to equivalent
scalar computations.
This is an incubation feature (https://openjdk.java.net/jeps/11)
introduced in OpenJDK 16 (JEP 338). A second round of incubation took
place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third and
OpenJDK 19 sees its fourth (JEP 426).
Foreign Function & Memory API
=============================
https://openjdk.org/jeps/412
https://openjdk.org/jeps/419
https://openjdk.org/jeps/424
Introduce an API by which Java programs can interoperate with code and
data outside of the Java runtime. By efficiently invoking foreign
functions (i.e., code outside the JVM), and by safely accessing
foreign memory (i.e., memory not managed by the JVM), the API enables
Java programs to call native libraries and process native data without
the brittleness and danger of JNI.
This API is now a preview feature (http://openjdk.java.net/jeps/12).
It was first introduced in incubation
(https://openjdk.java.net/jeps/11) in OpenJDK 17 (JEP 412), and is an
evolution of the Foreign Memory Access API (OpenJDK 14 through 16) and
Foreign Linker API (OpenJDK 16) (see release notes for
java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP
419) before its inclusion as a preview in OpenJDK 19 (JEP 424).
Virtual Threads
===============
https://openjdk.org/jeps/425
Introduce virtual threads to the Java Platform. Virtual threads are
lightweight threads that dramatically reduce the effort of writing,
maintaining, and observing high-throughput concurrent applications.
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
in OpenJDK 19 (JEP 425)
Structured Concurrency
======================
https://openjdk.org/jeps/428
Simplify multithreaded programming by introducing an API for
structured concurrency. Structured concurrency treats multiple tasks
running in different threads as a single unit of work, thereby
streamlining error handling and cancellation, improving reliability,
and enhancing observability.
This is an incubation feature (https://openjdk.java.net/jeps/11)
introduced in OpenJDK 19 (JEP 428).
Ports
=====
Linux/RISC-V Port
=================
https://openjdk.org/jeps/422
RISC-V is a free and open-source RISC instruction set architecture
(ISA) designed originally at the University of California, Berkeley,
and now developed collaboratively under the sponsorship of RISC-V
International. It is already supported by a wide range of language
toolchains. With the increasing availability of RISC-V hardware, a
port of the JDK would be valuable.

84
TestSecurityProperties.java Normal file
View File

@ -0,0 +1,84 @@
/* TestSecurityProperties -- Ensure system security properties can be used to
enable the crypto policies.
Copyright (C) 2022 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
import java.io.File;
import java.io.FileInputStream;
import java.security.Security;
import java.util.Properties;
public class TestSecurityProperties {
// JDK 11
private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
// JDK 8
private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config";
private static final String MSG_PREFIX = "DEBUG: ";
public static void main(String[] args) {
if (args.length == 0) {
System.err.println("TestSecurityProperties <true|false>");
System.err.println("Invoke with 'true' if system security properties should be enabled.");
System.err.println("Invoke with 'false' if system security properties should be disabled.");
System.exit(1);
}
boolean enabled = Boolean.valueOf(args[0]);
System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled);
Properties jdkProps = new Properties();
loadProperties(jdkProps);
if (enabled) {
loadPolicy(jdkProps);
}
for (Object key: jdkProps.keySet()) {
String sKey = (String)key;
String securityVal = Security.getProperty(sKey);
String jdkSecVal = jdkProps.getProperty(sKey);
if (!securityVal.equals(jdkSecVal)) {
String msg = "Expected value '" + jdkSecVal + "' for key '" +
sKey + "'" + " but got value '" + securityVal + "'";
throw new RuntimeException("Test failed! " + msg);
} else {
System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected.");
}
}
System.out.println("TestSecurityProperties PASSED!");
}
private static void loadProperties(Properties props) {
String javaVersion = System.getProperty("java.version");
System.out.println(MSG_PREFIX + "Java version is " + javaVersion);
String propsFile = JDK_PROPS_FILE_JDK_11;
if (javaVersion.startsWith("1.8.0")) {
propsFile = JDK_PROPS_FILE_JDK_8;
}
try (FileInputStream fin = new FileInputStream(propsFile)) {
props.load(fin);
} catch (Exception e) {
throw new RuntimeException("Test failed!", e);
}
}
private static void loadPolicy(Properties props) {
try (FileInputStream fin = new FileInputStream(POLICY_FILE)) {
props.load(fin);
} catch (Exception e) {
throw new RuntimeException("Test failed!", e);
}
}
}

35
TestTranslations.java Normal file
View File

@ -0,0 +1,35 @@
/* TestTranslations -- Ensure translations are available for new timezones
Copyright (C) 2022 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
import java.util.Arrays;
import java.util.Locale;
import java.util.ResourceBundle;
import sun.util.resources.LocaleData;
import sun.util.locale.provider.LocaleProviderAdapter;
public class TestTranslations {
public static void main(String[] args) {
for (String zone : args) {
System.out.printf("Translations for %s\n", zone);
for (Locale l : Locale.getAvailableLocales()) {
ResourceBundle bundle = new LocaleData(LocaleProviderAdapter.Type.JRE).getTimeZoneNames(l);
System.out.printf("Locale: %s, language: %s, translations: %s\n", l, l.getDisplayLanguage(), Arrays.toString(bundle.getStringArray(zone)));
}
}
}
}

3688
fips-19u-d95bb40c7c8.patch Normal file
View File

File diff suppressed because it is too large Load Diff

66
generate_source_tarball.sh Normal file → Executable file
View File

@ -3,13 +3,13 @@
#
# Example:
# When used from local repo set REPO_ROOT pointing to file:// with your repo
# if your local repo follows upstream forests conventions, you may be enough by setting OPENJDK_URL
# if you wont to use local copy of patch PR2126 set path to it to PR2126 variable
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
# If you want to use a local copy of patch PR3788, set the path to it in the PR3788 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=jdk
# REPO_NAME=jdk
# VERSION=tip
# PROJECT_NAME=openjdk
# REPO_NAME=jdk18u
# VERSION=jdk-18.0.1+10
# or to eg prepare systemtap:
# icedtea7's jstack and other tapsets
# VERSION=6327cf1cea9e
@ -26,17 +26,19 @@
# level folder, name is created, based on parameter
#
if [ ! "x$PR2126" = "x" ] ; then
if [ ! -f "$PR2126" ] ; then
echo "You have specified PR2126 as $PR2126 but it does not exists. exiting"
if [ ! "x$PR3823" = "x" ] ; then
if [ ! -f "$PR3823" ] ; then
echo "You have specified PR3823 as $PR3823 but it does not exist. Exiting"
exit 1
fi
fi
set -e
OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# Corresponding IcedTea version
ICEDTEA_VERSION=13.0
if [ "x$1" = "xhelp" ] ; then
echo -e "Behaviour may be specified by setting the following variables:\n"
@ -46,9 +48,8 @@ if [ "x$1" = "xhelp" ] ; then
echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
echo "PR2126 - the path to the PR2126 patch to apply (optional; downloaded if unavailable)"
echo "PR3823 - the path to the PR3823 patch to apply (optional; downloaded if unavailable)"
exit 1;
fi
@ -91,7 +92,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "x$REPO_ROOT" = "x" ] ; then
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
@ -108,7 +109,7 @@ else
mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT} openjdk -r ${VERSION}
git clone -b ${VERSION} ${REPO_ROOT} openjdk
popd
fi
pushd "${FILE_NAME_ROOT}"
@ -116,21 +117,40 @@ pushd "${FILE_NAME_ROOT}"
pushd openjdk
echo "Removing EC source code we don't build"
CRYPTO_PATH=src/jdk.crypto.ec/share/native/libsunec/impl
rm -vrf $CRYPTO_PATH
rm -vf ${CRYPTO_PATH}/ec2.h
rm -vf ${CRYPTO_PATH}/ec2_163.c
rm -vf ${CRYPTO_PATH}/ec2_193.c
rm -vf ${CRYPTO_PATH}/ec2_233.c
rm -vf ${CRYPTO_PATH}/ec2_aff.c
rm -vf ${CRYPTO_PATH}/ec2_mont.c
rm -vf ${CRYPTO_PATH}/ecp_192.c
rm -vf ${CRYPTO_PATH}/ecp_224.c
echo "Syncing EC list with NSS"
if [ "x$PR2126" = "x" ] ; then
# orriginally for 8:
# get pr2126.patch (from http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=8d2c9a898f50) from most correct tag
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2126)
# there is currnetly no "upstram version of this patch, hardcoding custom version
PR2126="../../pr2126-synchronise_elliptic_curves_in_sun_security_ec_namedcurve_with_those_listed_by_nss.patch"
if [ "x$PR3823" = "x" ] ; then
# get PR3823.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
# Do not push it or publish it
echo "PR3823 not found. Downloading..."
wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/pr3823.patch
echo "Applying ${PWD}/pr3823.patch"
patch -Np1 < pr3823.patch
rm pr3823.patch
else
echo "Applying ${PR3823}"
patch -Np1 < $PR3823
fi;
echo "Applying ${PR2126}"
patch -Np1 < $PR2126
find . -name '*.orig' -exec rm -vf '{}' ';'
popd
fi
# Generate .src-rev so build has knowledge of the revision the tarball was created from
mkdir build
pushd build
sh ${PWD}/../openjdk/configure
make store-source-revision
popd
rm -rf build
echo "Compressing remaining forest"
if [ "X$COMPRESSION" = "Xxz" ] ; then
SWITCH=cJf
@ -141,5 +161,3 @@ pushd "${FILE_NAME_ROOT}"
mv ${FILE_NAME_ROOT}.tar.${COMPRESSION} ..
popd
echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."

192
icedtea_sync.sh Executable file
View File

@ -0,0 +1,192 @@
#!/bin/bash
# Copyright (C) 2019 Red Hat, Inc.
# Written by Andrew John Hughes <gnu.andrew@redhat.com>.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ICEDTEA_USE_VCS=true
ICEDTEA_VERSION=3.15.0
ICEDTEA_URL=https://icedtea.classpath.org/download/source
ICEDTEA_SIGNING_KEY=CFDA0F9B35964222
ICEDTEA_HG_URL=https://icedtea.classpath.org/hg/icedtea11
set -e
RPM_DIR=${PWD}
if [ ! -f ${RPM_DIR}/jconsole.desktop.in ] ; then
echo "Not in RPM source tree.";
exit 1;
fi
if test "x${TMPDIR}" = "x"; then
TMPDIR=/tmp;
fi
WORKDIR=${TMPDIR}/it.sync
echo "Using working directory ${WORKDIR}"
mkdir ${WORKDIR}
pushd ${WORKDIR}
if test "x${WGET}" = "x"; then
WGET=$(which wget);
if test "x${WGET}" = "x"; then
echo "wget not found";
exit 1;
fi
fi
if test "x${TAR}" = "x"; then
TAR=$(which tar)
if test "x${TAR}" = "x"; then
echo "tar not found";
exit 2;
fi
fi
echo "Dependencies:";
echo -e "\tWGET: ${WGET}";
echo -e "\tTAR: ${TAR}\n";
if test "x${ICEDTEA_USE_VCS}" = "xtrue"; then
echo "Mode: Using VCS";
if test "x${GREP}" = "x"; then
GREP=$(which grep);
if test "x${GREP}" = "x"; then
echo "grep not found";
exit 3;
fi
fi
if test "x${CUT}" = "x"; then
CUT=$(which cut);
if test "x${CUT}" = "x"; then
echo "cut not found";
exit 4;
fi
fi
if test "x${TR}" = "x"; then
TR=$(which tr);
if test "x${TR}" = "x"; then
echo "tr not found";
exit 5;
fi
fi
if test "x${HG}" = "x"; then
HG=$(which hg);
if test "x${HG}" = "x"; then
echo "hg not found";
exit 6;
fi
fi
echo "Dependencies:";
echo -e "\tGREP: ${GREP}";
echo -e "\tCUT: ${CUT}";
echo -e "\tTR: ${TR}";
echo -e "\tHG: ${HG}";
echo "Checking out repository from VCS...";
${HG} clone ${ICEDTEA_HG_URL} icedtea
echo "Obtaining version from configure.ac...";
ROOT_VER=$(${GREP} '^AC_INIT' icedtea/configure.ac|${CUT} -d ',' -f 2|${TR} -d '[][:space:]')
echo "Root version from configure: ${ROOT_VER}";
VCS_REV=$(${HG} log -R icedtea --template '{node|short}' -r tip)
echo "VCS revision: ${VCS_REV}";
ICEDTEA_VERSION="${ROOT_VER}-${VCS_REV}"
echo "Creating icedtea-${ICEDTEA_VERSION}";
mkdir icedtea-${ICEDTEA_VERSION}
echo "Copying required files from checkout to icedtea-${ICEDTEA_VERSION}";
# Commented out for now as IcedTea 6's jconsole.desktop.in is outdated
#cp -a icedtea/jconsole.desktop.in ../icedtea-${ICEDTEA_VERSION}
cp -a ${RPM_DIR}/jconsole.desktop.in icedtea-${ICEDTEA_VERSION}
cp -a icedtea/tapset icedtea-${ICEDTEA_VERSION}
rm -rf icedtea
else
echo "Mode: Using tarball";
if test "x${ICEDTEA_VERSION}" = "x"; then
echo "No IcedTea version specified for tarball download.";
exit 3;
fi
if test "x${CHECKSUM}" = "x"; then
CHECKSUM=$(which sha256sum)
if test "x${CHECKSUM}" = "x"; then
echo "sha256sum not found";
exit 4;
fi
fi
if test "x${PGP}" = "x"; then
PGP=$(which gpg)
if test "x${PGP}" = "x"; then
echo "gpg not found";
exit 5;
fi
fi
echo "Dependencies:";
echo -e "\tCHECKSUM: ${CHECKSUM}";
echo -e "\tPGP: ${PGP}\n";
echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
exit 6;
fi
echo "Downloading IcedTea release tarball...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
echo "Downloading IcedTea tarball signature...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
echo "Downloading IcedTea tarball checksums...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
echo "Verifying checksums...";
${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
echo "Checking signature...";
${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
echo "Extracting files...";
${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
icedtea-${ICEDTEA_VERSION}/tapset \
icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
rm -vf icedtea-${ICEDTEA_VERSION}.sha256
fi
echo "Replacing desktop files...";
mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in ${RPM_DIR}
echo "Creating new tapset tarball...";
mv -v icedtea-${ICEDTEA_VERSION} openjdk
${TAR} cJf ${RPM_DIR}/tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
rm -rvf openjdk
popd
rm -rf ${WORKDIR}

2384
java-latest-openjdk.spec
View File

File diff suppressed because it is too large Load Diff

8
jconsole.desktop.in
View File

@ -1,8 +1,8 @@
[Desktop Entry]
Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@
Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@
Exec=@JAVA_HOME@/jconsole
Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
Comment=Monitor and manage OpenJDK applications
Exec=_SDKBINDIR_/jconsole
Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-tools-jconsole-JConsole

132
jdk8292223-tzdata2022b-kyiv.patch Normal file
View File

@ -0,0 +1,132 @@
diff --git a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
index 8759aab3995..11ccbf73839 100644
--- a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
+++ b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
@@ -847,6 +847,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
{"Europe/Kirov", new String[] {"Kirov Standard Time", "GMT+03:00",
"Kirov Daylight Time", "GMT+03:00",
"Kirov Time", "GMT+03:00"}},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
index f007c1a8d3b..617268e4cf3 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
index 386414e16e6..14c5d89b9c5 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
index d23f5fd49e6..44117125619 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
index b4f57d4568c..efa818f3865 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
index 1a10a9f96dc..7c0565461ad 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
index 9a2d9e5c57c..8a2c805997f 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
index de5e5c82daa..e3c06417f09 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
index b53de4d8c89..3e46b6a063e 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
index 7797cda19d5..590908409a8 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
@@ -825,6 +825,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
index 2cd10554853..23c5f180b6d 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
@@ -827,6 +827,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
{"Europe/Jersey", GMTBST},
{"Europe/Kaliningrad", EET},
{"Europe/Kiev", EET},
+ {"Europe/Kyiv", EET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},

8
nss.fips.cfg.in Normal file
View File

@ -0,0 +1,8 @@
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly
nssModule = fips
attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }

76
openjdk_news.sh Executable file
View File

@ -0,0 +1,76 @@
#!/bin/bash
# Copyright (C) 2022 Red Hat, Inc.
# Written by Andrew John Hughes <gnu.andrew@redhat.com>, 2012-2022
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
OLD_RELEASE=$1
NEW_RELEASE=$2
SUBDIR=$3
REPO=$4
SCRIPT_DIR=$(dirname ${0})
if test "x${SUBDIR}" = "x"; then
echo "No subdirectory specified; using .";
SUBDIR=".";
fi
if test "x$REPO" = "x"; then
echo "No repository specified; using ${PWD}"
REPO=${PWD}
fi
if test x${TMPDIR} = x; then
TMPDIR=/tmp;
fi
echo "Repository: ${REPO}"
if [ -e ${REPO}/.git ] ; then
TYPE=git;
elif [ -e ${REPO}/.hg ] ; then
TYPE=hg;
else
echo "No Mercurial or Git repository detected.";
exit 1;
fi
if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
echo "ERROR: Need to specify old and new release";
exit 2;
fi
echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
do
if test "x$TYPE" = "xhg"; then
hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])# - JDK-\1#'| \
sed 's#^[o:| ]*summary:\W*# - #' >> ${TMPDIR}/fixes2;
hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})# - JDK-\1#' >> ${TMPDIR}/fixes3;
else
git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
sed -r 's#^([0-9])# - JDK-\1#' >> ${TMPDIR}/fixes2;
touch ${TMPDIR}/fixes3 ; # unused
fi
done
sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
echo "In ${TMPDIR}/fixes:"
cat ${TMPDIR}/fixes

649
pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk12.patch
View File

@ -1,649 +0,0 @@
diff --git a/make/autoconf/jdk-options.m4 b/make/autoconf/jdk-options.m4
--- a/make/autoconf/jdk-options.m4
+++ b/make/autoconf/jdk-options.m4
@@ -267,9 +267,10 @@
#
AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
[
+ AC_REQUIRE([LIB_SETUP_MISC_LIBS])
AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
- if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
+ if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
ENABLE_INTREE_EC=true
AC_MSG_RESULT([yes])
else
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
--- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4
@@ -178,6 +178,48 @@
AC_SUBST(LIBDL)
LIBS="$save_LIBS"
+ ###############################################################################
+ #
+ # Check for the NSS libraries
+ #
+
+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
+
+ # default is bundled
+ DEFAULT_SYSTEM_NSS=no
+
+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
+ [
+ case "${enableval}" in
+ yes)
+ system_nss=yes
+ ;;
+ *)
+ system_nss=no
+ ;;
+ esac
+ ],
+ [
+ system_nss=${DEFAULT_SYSTEM_NSS}
+ ])
+ AC_MSG_RESULT([$system_nss])
+
+ if test "x${system_nss}" = "xyes"; then
+ PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
+ PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no])
+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then
+ NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl";
+ USE_EXTERNAL_NSS=true
+ else
+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
+ fi
+ else
+ USE_EXTERNAL_NSS=false
+ fi
+ AC_SUBST(USE_EXTERNAL_NSS)
+
+
# Control if libzip can use mmap. Available for purposes of overriding.
LIBZIP_CAN_USE_MMAP=true
AC_SUBST(LIBZIP_CAN_USE_MMAP)
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
@@ -795,6 +795,10 @@
# Libraries
#
+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
+NSS_LIBS:=@NSS_LIBS@
+NSS_CFLAGS:=@NSS_CFLAGS@
+
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
diff --git a/make/lib/Lib-jdk.crypto.ec.gmk b/make/lib/Lib-jdk.crypto.ec.gmk
--- a/make/lib/Lib-jdk.crypto.ec.gmk
+++ b/make/lib/Lib-jdk.crypto.ec.gmk
@@ -28,19 +28,26 @@
################################################################################
ifeq ($(ENABLE_INTREE_EC), true)
+ ifeq ($(USE_EXTERNAL_NSS), true)
+ BUILD_LIBSUNEC_CFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+ BUILD_LIBSUNEC_CXXFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+ endif
+
$(eval $(call SetupJdkLibrary, BUILD_LIBSUNEC, \
NAME := sunec, \
TOOLCHAIN := TOOLCHAIN_LINK_CXX, \
OPTIMIZATION := LOW, \
- CFLAGS := $(CFLAGS_JDKLIB) \
+ CFLAGS := $(BUILD_LIBSUNEC_CFLAGS_JDKLIB) $(CFLAGS_JDKLIB) \
-DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B, \
- CXXFLAGS := $(CXXFLAGS_JDKLIB), \
+ CXXFLAGS := $(BUILD_LIBSUNEC_CXXFLAGS_JDKLIB) $(CXXFLAGS_JDKLIB), \
DISABLED_WARNINGS_gcc := sign-compare implicit-fallthrough unused-value, \
DISABLED_WARNINGS_clang := sign-compare, \
DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \
- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
+ LDFLAGS := $(subst -Xlinker --as-needed,, \
+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \
LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
LIBS := $(LIBCXX), \
+ LIBS_linux := -lc $(NSS_LIBS), \
))
TARGETS += $(BUILD_LIBSUNEC)
diff --git a/src/java.base/unix/native/include/jni_md.h b/src/java.base/unix/native/include/jni_md.h
--- a/src/java.base/unix/native/include/jni_md.h
+++ b/src/java.base/unix/native/include/jni_md.h
@@ -41,6 +41,11 @@
#define JNIEXPORT
#define JNIIMPORT
#endif
+#if (defined(__GNUC__)) || __has_attribute(unused)
+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
+#else
+ #define UNUSED(x) UNUSED_ ## x
+#endif
#define JNICALL
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
@@ -61,6 +61,7 @@
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("sunec"); // check for native library
+ initialize();
return null;
}
});
@@ -293,6 +294,11 @@
"ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
}
+ /**
+ * Initialize the native code.
+ */
+ private static native void initialize();
+
private void putXDHEntries() {
HashMap<String, String> ATTRS = new HashMap<>(1);
diff --git a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
--- a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
+++ b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
@@ -25,7 +25,11 @@
#include <jni.h>
#include "jni_util.h"
+#ifdef SYSTEM_NSS
+#include "ecc_impl.h"
+#else
#include "impl/ecc_impl.h"
+#endif
#include "sun_security_ec_ECDHKeyAgreement.h"
#include "sun_security_ec_ECKeyPairGenerator.h"
#include "sun_security_ec_ECDSASignature.h"
@@ -33,6 +37,13 @@
#define INVALID_PARAMETER_EXCEPTION \
"java/security/InvalidParameterException"
#define KEY_EXCEPTION "java/security/KeyException"
+#define INTERNAL_ERROR "java/lang/InternalError"
+
+#ifdef SYSTEM_NSS
+#define SYSTEM_UNUSED(x) UNUSED(x)
+#else
+#define SYSTEM_UNUSED(x) x
+#endif
extern "C" {
@@ -55,8 +66,13 @@
/*
* Deep free of the ECParams struct
*/
-void FreeECParams(ECParams *ecparams, jboolean freeStruct)
+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
{
+#ifdef SYSTEM_NSS
+ // Needs to be freed using the matching method to the one
+ // that allocated it. PR_TRUE means the memory is zeroed.
+ PORT_FreeArena(ecparams->arena, PR_TRUE);
+#else
// Use B_FALSE to free the SECItem->data element, but not the SECItem itself
// Use B_TRUE to free both
@@ -70,6 +86,7 @@
SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
if (freeStruct)
free(ecparams);
+#endif
}
jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
@@ -139,7 +156,7 @@
*/
JNIEXPORT jobjectArray
JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
{
ECPrivateKey *privKey = NULL; // contains both public and private values
ECParams *ecparams = NULL;
@@ -171,8 +188,17 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
+#else
if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
jSeedLength, 0) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -219,10 +245,15 @@
}
if (privKey) {
FreeECParams(&privKey->ecParams, false);
+#ifndef SYSTEM_NSS
+ // The entire ECPrivateKey is allocated in the arena
+ // when using system NSS, so only the in-tree version
+ // needs to clear these manually.
SECITEM_FreeItem(&privKey->version, B_FALSE);
SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
free(privKey);
+#endif
}
if (pSeedBuffer) {
@@ -240,7 +271,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
{
jbyte* pDigestBuffer = NULL;
jint jDigestLength = env->GetArrayLength(digest);
@@ -299,8 +330,18 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+ != SECSuccess) {
+#else
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -349,7 +390,7 @@
*/
JNIEXPORT jboolean
JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
{
jboolean isValid = false;
@@ -406,9 +447,10 @@
cleanup:
{
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+ }
if (pubKey.publicValue.data)
env->ReleaseByteArrayElements(publicKey,
@@ -434,7 +476,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
{
jbyteArray jSecret = NULL;
ECParams *ecparams = NULL;
@@ -510,9 +552,10 @@
env->ReleaseByteArrayElements(publicKey,
(jbyte *) publicValue_item.data, JNI_ABORT);
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+ }
if (ecparams)
FreeECParams(ecparams, true);
@@ -521,4 +564,28 @@
return jSecret;
}
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_initialize
+ (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+ if (RNG_RNGInit() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+}
+
+JNIEXPORT void
+JNICALL JNI_OnUnload
+ (JavaVM *vm, void *reserved)
+{
+#ifdef SYSTEM_NSS
+ RNG_RNGShutdown();
+ SECOID_Shutdown();
+#endif
+}
+
} /* extern "C" */
diff --git a/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
new file mode 100644
--- /dev/null
+++ b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
@@ -0,0 +1,298 @@
+/*
+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* *********************************************************************
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * Dr Vipul Gupta <vipul.gupta@sun.com> and
+ * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Last Modified Date from the Original Code: May 2017
+ *********************************************************************** */
+
+#ifndef _ECC_IMPL_H
+#define _ECC_IMPL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <sys/types.h>
+
+#ifdef SYSTEM_NSS
+#include <secitem.h>
+#include <secerr.h>
+#include <keythi.h>
+#ifdef LEGACY_NSS
+#include <softoken.h>
+#else
+#include <blapi.h>
+#endif
+#else
+#include "ecl-exp.h"
+#endif
+
+/*
+ * Multi-platform definitions
+ */
+#ifdef __linux__
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum { B_FALSE, B_TRUE } boolean_t;
+#endif /* __linux__ */
+
+#ifdef _ALLBSD_SOURCE
+#include <stdint.h>
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#endif /* _ALLBSD_SOURCE */
+
+#ifdef AIX
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+#endif /* AIX */
+
+#ifdef _WIN32
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#define strdup _strdup /* Replace POSIX name with ISO C++ name */
+#endif /* _WIN32 */
+
+#ifndef _KERNEL
+#include <stdlib.h>
+#endif /* _KERNEL */
+
+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
+#define EC_MIN_KEY_LEN 112 /* min key length in bits */
+#define EC_MAX_KEY_LEN 571 /* max key length in bits */
+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
+
+/*
+ * Various structures and definitions from NSS are here.
+ */
+
+#ifndef SYSTEM_NSS
+#ifdef _KERNEL
+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
+#define PORT_Alloc(n, f) kmem_alloc((n), (f))
+#else
+#define PORT_ArenaAlloc(a, n, f) malloc((n))
+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) calloc(1, (n))
+#define PORT_Alloc(n, f) malloc((n))
+#endif
+
+#define PORT_NewArena(b) (char *)12345
+#define PORT_ArenaMark(a) NULL
+#define PORT_ArenaUnmark(a, b)
+#define PORT_ArenaRelease(a, m)
+#define PORT_FreeArena(a, b)
+#define PORT_Strlen(s) strlen((s))
+#define PORT_SetError(e)
+
+#define PRBool boolean_t
+#define PR_TRUE B_TRUE
+#define PR_FALSE B_FALSE
+
+#ifdef _KERNEL
+#define PORT_Assert ASSERT
+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
+#else
+#define PORT_Assert assert
+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
+#endif
+
+#endif
+
+#define CHECK_OK(func) if (func == NULL) goto cleanup
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+#ifndef SYSTEM_NSS
+typedef enum {
+ siBuffer = 0,
+ siClearDataBuffer = 1,
+ siCipherDataBuffer = 2,
+ siDERCertBuffer = 3,
+ siEncodedCertBuffer = 4,
+ siDERNameBuffer = 5,
+ siEncodedNameBuffer = 6,
+ siAsciiNameString = 7,
+ siAsciiString = 8,
+ siDEROID = 9,
+ siUnsignedInteger = 10,
+ siUTCTime = 11,
+ siGeneralizedTime = 12
+} SECItemType;
+
+typedef struct SECItemStr SECItem;
+
+struct SECItemStr {
+ SECItemType type;
+ unsigned char *data;
+ unsigned int len;
+};
+
+typedef SECItem SECKEYECParams;
+
+typedef enum { ec_params_explicit,
+ ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+ ec_field_GF2m
+} ECFieldType;
+
+struct ECFieldIDStr {
+ int size; /* field size in bits */
+ ECFieldType type;
+ union {
+ SECItem prime; /* prime p for (GFp) */
+ SECItem poly; /* irreducible binary polynomial for (GF2m) */
+ } u;
+ int k1; /* first coefficient of pentanomial or
+ * the only coefficient of trinomial
+ */
+ int k2; /* two remaining coefficients of pentanomial */
+ int k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+ SECItem a; /* contains octet stream encoding of
+ * field element (X9.62 section 4.3.3)
+ */
+ SECItem b;
+ SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+typedef void PRArenaPool;
+
+struct ECParamsStr {
+ PRArenaPool * arena;
+ ECParamsType type;
+ ECFieldID fieldID;
+ ECCurve curve;
+ SECItem base;
+ SECItem order;
+ int cofactor;
+ SECItem DEREncoding;
+ ECCurveName name;
+ SECItem curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* elliptic curve point encoded as
+ * octet stream.
+ */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* encoded ec point */
+ SECItem privateValue; /* private big integer */
+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef enum _SECStatus {
+ SECBufferTooSmall = -3,
+ SECWouldBlock = -2,
+ SECFailure = -1,
+ SECSuccess = 0
+} SECStatus;
+#endif
+
+#ifdef _KERNEL
+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
+#else
+/*
+ This function is no longer required because the random bytes are now
+ supplied by the caller. Force a failure.
+*/
+#ifndef SYSTEM_NSS
+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
+#endif
+#endif
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
+#define MP_TO_SEC_ERROR(err)
+
+#define SECITEM_TO_MPINT(it, mp) \
+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
+
+extern int ecc_knzero_random_generator(uint8_t *, size_t);
+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
+
+#ifdef SYSTEM_NSS
+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
+#else
+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
+
+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
+ int);
+extern void SECITEM_FreeItem(SECItem *, boolean_t);
+
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
+ const unsigned char* random, int randomlen, int);
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
+ const unsigned char* random, int randomlen, int, int timing);
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
+ const SECItem *, int);
+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
+ SECItem *, int);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _ECC_IMPL_H */

687
pr2126-synchronise_elliptic_curves_in_sun_security_ec_namedcurve_with_those_listed_by_nss.patch
View File

@ -1,687 +0,0 @@
diff --git a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
--- openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
+++ openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
@@ -180,72 +180,6 @@
// Elliptic Curves (RFC 4492)
//
// See sun.security.util.CurveDB for the OIDs
- // NIST K-163
- SECT163_K1 (0x0001, "sect163k1", "1.3.132.0.1", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT163_R1 (0x0002, "sect163r1", "1.3.132.0.2", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-163
- SECT163_R2 (0x0003, "sect163r2", "1.3.132.0.15", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT193_R1 (0x0004, "sect193r1", "1.3.132.0.24", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT193_R2 (0x0005, "sect193r2", "1.3.132.0.25", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-233
- SECT233_K1 (0x0006, "sect233k1", "1.3.132.0.26", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-233
- SECT233_R1 (0x0007, "sect233r1", "1.3.132.0.27", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT239_K1 (0x0008, "sect239k1", "1.3.132.0.3", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-283
- SECT283_K1 (0x0009, "sect283k1", "1.3.132.0.16", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-283
- SECT283_R1 (0x000A, "sect283r1", "1.3.132.0.17", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-409
- SECT409_K1 (0x000B, "sect409k1", "1.3.132.0.36", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-409
- SECT409_R1 (0x000C, "sect409r1", "1.3.132.0.37", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-571
- SECT571_K1 (0x000D, "sect571k1", "1.3.132.0.38", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-571
- SECT571_R1 (0x000E, "sect571r1", "1.3.132.0.39", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP160_K1 (0x000F, "secp160k1", "1.3.132.0.9", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP160_R1 (0x0010, "secp160r1", "1.3.132.0.8", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP160_R2 (0x0011, "secp160r2", "1.3.132.0.30", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP192_K1 (0x0012, "secp192k1", "1.3.132.0.31", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST P-192
- SECP192_R1 (0x0013, "secp192r1", "1.2.840.10045.3.1.1", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP224_K1 (0x0014, "secp224k1", "1.3.132.0.32", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- // NIST P-224
- SECP224_R1 (0x0015, "secp224r1", "1.3.132.0.33", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP256_K1 (0x0016, "secp256k1", "1.3.132.0.10", false,
- ProtocolVersion.PROTOCOLS_TO_12),
// NIST P-256
SECP256_R1 (0x0017, "secp256r1", "1.2.840.10045.3.1.7", true,
@@ -116,12 +116,6 @@
NamedGroup.SECP256_R1,
NamedGroup.SECP384_R1,
NamedGroup.SECP521_R1,
- NamedGroup.SECT283_K1,
- NamedGroup.SECT283_R1,
- NamedGroup.SECT409_K1,
- NamedGroup.SECT409_R1,
- NamedGroup.SECT571_K1,
- NamedGroup.SECT571_R1,
// FFDHE 2048
NamedGroup.FFDHE_2048,
@@ -136,15 +130,6 @@
NamedGroup.SECP256_R1,
NamedGroup.SECP384_R1,
NamedGroup.SECP521_R1,
- NamedGroup.SECT283_K1,
- NamedGroup.SECT283_R1,
- NamedGroup.SECT409_K1,
- NamedGroup.SECT409_R1,
- NamedGroup.SECT571_K1,
- NamedGroup.SECT571_R1,
-
- // non-NIST curves
- NamedGroup.SECP256_K1,
// FFDHE 2048
NamedGroup.FFDHE_2048,
diff --git a/src/java.base/share/classes/sun/security/util/CurveDB.java b/src/java.base/share/classes/sun/security/util/CurveDB.java
--- openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
+++ openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
@@ -168,114 +168,6 @@
Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
/* SEC2 prime curves */
- add("secp112r1", "1.3.132.0.6", P,
- "DB7C2ABF62E35E668076BEAD208B",
- "DB7C2ABF62E35E668076BEAD2088",
- "659EF8BA043916EEDE8911702B22",
- "09487239995A5EE76B55F9C2F098",
- "A89CE5AF8724C0A23E0E0FF77500",
- "DB7C2ABF62E35E7628DFAC6561C5",
- 1, nameSplitPattern);
-
- add("secp112r2", "1.3.132.0.7", P,
- "DB7C2ABF62E35E668076BEAD208B",
- "6127C24C05F38A0AAAF65C0EF02C",
- "51DEF1815DB5ED74FCC34C85D709",
- "4BA30AB5E892B4E1649DD0928643",
- "adcd46f5882e3747def36e956e97",
- "36DF0AAFD8B8D7597CA10520D04B",
- 4, nameSplitPattern);
-
- add("secp128r1", "1.3.132.0.28", P,
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
- "E87579C11079F43DD824993C2CEE5ED3",
- "161FF7528B899B2D0C28607CA52C5B86",
- "CF5AC8395BAFEB13C02DA292DDED7A83",
- "FFFFFFFE0000000075A30D1B9038A115",
- 1, nameSplitPattern);
-
- add("secp128r2", "1.3.132.0.29", P,
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
- "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
- "5EEEFCA380D02919DC2C6558BB6D8A5D",
- "7B6AA5D85E572983E6FB32A7CDEBC140",
- "27B6916A894D3AEE7106FE805FC34B44",
- "3FFFFFFF7FFFFFFFBE0024720613B5A3",
- 4, nameSplitPattern);
-
- add("secp160k1", "1.3.132.0.9", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
- "0000000000000000000000000000000000000000",
- "0000000000000000000000000000000000000007",
- "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
- "938CF935318FDCED6BC28286531733C3F03C4FEE",
- "0100000000000000000001B8FA16DFAB9ACA16B6B3",
- 1, nameSplitPattern);
-
- add("secp160r1", "1.3.132.0.8", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
- "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
- "4A96B5688EF573284664698968C38BB913CBFC82",
- "23A628553168947D59DCC912042351377AC5FB32",
- "0100000000000000000001F4C8F927AED3CA752257",
- 1, nameSplitPattern);
-
- add("secp160r2", "1.3.132.0.30", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
- "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
- "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
- "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
- "0100000000000000000000351EE786A818F3A1A16B",
- 1, nameSplitPattern);
-
- add("secp192k1", "1.3.132.0.31", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
- "000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000003",
- "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
- "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
- "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
- 1, nameSplitPattern);
-
- add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
- "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
- "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
- 1, nameSplitPattern);
-
- add("secp224k1", "1.3.132.0.32", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
- "00000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000000000000000000000000005",
- "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
- "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
- "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
- 1, nameSplitPattern);
-
- add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
- "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
- 1, nameSplitPattern);
-
- add("secp256k1", "1.3.132.0.10", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
- "0000000000000000000000000000000000000000000000000000000000000000",
- "0000000000000000000000000000000000000000000000000000000000000007",
- "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
- "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
- 1, nameSplitPattern);
-
add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
@@ -303,435 +195,6 @@
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
1, nameSplitPattern);
- /* ANSI X9.62 prime curves */
- add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
- "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
- "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
- "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
- 1, nameSplitPattern);
-
- add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
- "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
- "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
- "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
- 1, nameSplitPattern);
-
- add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
- "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
- "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
- 1, nameSplitPattern);
-
- add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
- "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
- "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
- "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
- 1, nameSplitPattern);
-
- add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
- "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
- "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
- 1, nameSplitPattern);
-
- /* SEC2 binary curves */
- add("sect113r1", "1.3.132.0.4", B,
- "020000000000000000000000000201",
- "003088250CA6E7C7FE649CE85820F7",
- "00E8BEE4D3E2260744188BE0E9C723",
- "009D73616F35F4AB1407D73562C10F",
- "00A52830277958EE84D1315ED31886",
- "0100000000000000D9CCEC8A39E56F",
- 2, nameSplitPattern);
-
- add("sect113r2", "1.3.132.0.5", B,
- "020000000000000000000000000201",
- "00689918DBEC7E5A0DD6DFC0AA55C7",
- "0095E9A9EC9B297BD4BF36E059184F",
- "01A57A6A7B26CA5EF52FCDB8164797",
- "00B3ADC94ED1FE674C06E695BABA1D",
- "010000000000000108789B2496AF93",
- 2, nameSplitPattern);
-
- add("sect131r1", "1.3.132.0.22", B,
- "080000000000000000000000000000010D",
- "07A11B09A76B562144418FF3FF8C2570B8",
- "0217C05610884B63B9C6C7291678F9D341",
- "0081BAF91FDF9833C40F9C181343638399",
- "078C6E7EA38C001F73C8134B1B4EF9E150",
- "0400000000000000023123953A9464B54D",
- 2, nameSplitPattern);
-
- add("sect131r2", "1.3.132.0.23", B,
- "080000000000000000000000000000010D",
- "03E5A88919D7CAFCBF415F07C2176573B2",
- "04B8266A46C55657AC734CE38F018F2192",
- "0356DCD8F2F95031AD652D23951BB366A8",
- "0648F06D867940A5366D9E265DE9EB240F",
- "0400000000000000016954A233049BA98F",
- 2, nameSplitPattern);
-
- add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
- "0800000000000000000000000000000000000000C9",
- "000000000000000000000000000000000000000001",
- "000000000000000000000000000000000000000001",
- "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
- "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
- "04000000000000000000020108A2E0CC0D99F8A5EF",
- 2, nameSplitPattern);
-
- add("sect163r1", "1.3.132.0.2", B,
- "0800000000000000000000000000000000000000C9",
- "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
- "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
- "0369979697AB43897789566789567F787A7876A654",
- "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
- "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
- 2, nameSplitPattern);
-
- add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
- "0800000000000000000000000000000000000000C9",
- "000000000000000000000000000000000000000001",
- "020A601907B8C953CA1481EB10512F78744A3205FD",
- "03F0EBA16286A2D57EA0991168D4994637E8343E36",
- "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
- "040000000000000000000292FE77E70C12A4234C33",
- 2, nameSplitPattern);
-
- add("sect193r1", "1.3.132.0.24", B,
- "02000000000000000000000000000000000000000000008001",
- "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
- "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
- "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
- "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
- "01000000000000000000000000C7F34A778F443ACC920EBA49",
- 2, nameSplitPattern);
-
- add("sect193r2", "1.3.132.0.25", B,
- "02000000000000000000000000000000000000000000008001",
- "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
- "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
- "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
- "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
- "010000000000000000000000015AAB561B005413CCD4EE99D5",
- 2, nameSplitPattern);
-
- add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
- "020000000000000000000000000000000000000004000000000000000001",
- "000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000001",
- "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
- "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
- "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
- 4, nameSplitPattern);
-
- add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
- "020000000000000000000000000000000000000004000000000000000001",
- "000000000000000000000000000000000000000000000000000000000001",
- "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
- "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
- "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
- "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
- 2, nameSplitPattern);
-
- add("sect239k1", "1.3.132.0.3", B,
- "800000000000000000004000000000000000000000000000000000000001",
- "000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000001",
- "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
- "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
- "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
- 4, nameSplitPattern);
-
- add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
- "0800000000000000000000000000000000000000000000000000000000000000000010A1",
- "000000000000000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000000000000000001",
- "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
- "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
- 4, nameSplitPattern);
-
- add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
- "0800000000000000000000000000000000000000000000000000000000000000000010A1",
- "000000000000000000000000000000000000000000000000000000000000000000000001",
- "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
- "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
- "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
- 2, nameSplitPattern);
-
- add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
- "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
- "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
- "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
- "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
- 4, nameSplitPattern);
-
- add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
- "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
- "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
- "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
- "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
- "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
- 2, nameSplitPattern);
-
- add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
- "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
- "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
- "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
- 4, nameSplitPattern);
-
- add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
- "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
- "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
- "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
- 2, nameSplitPattern);
-
- /* ANSI X9.62 binary curves */
- add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
- "800000000000000000000000000000000000000000000201",
- "2866537B676752636A68F56554E12640276B649EF7526267",
- "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
- "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
- "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
- "40000000000000000000000004A20E90C39067C893BBB9A5",
- 2, nameSplitPattern);
-
- add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
- "800000000000000000000000000000000000000000000201",
- "401028774D7777C7B7666D1366EA432071274F89FF01E718",
- "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
- "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
- "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
- "20000000000000000000000050508CB89F652824E06B8173",
- 4, nameSplitPattern);
-
- add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
- "800000000000000000000000000000000000000000000201",
- "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
- "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
- "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
- "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
- "155555555555555555555555610C0B196812BFB6288A3EA3",
- 6, nameSplitPattern);
-
- add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
- "800000000000000000000000000000000000000000000000001000000001",
- "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
- "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
- "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
- "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
- "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
- 4, nameSplitPattern);
-
- add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
- "800000000000000000000000000000000000000000000000001000000001",
- "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
- "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
- "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
- "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
- "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
- 6, nameSplitPattern);
-
- add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
- "800000000000000000000000000000000000000000000000001000000001",
- "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
- "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
- "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
- "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
- "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
- 0xA, nameSplitPattern);
-
- add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
- "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
- "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
- "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
- "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
- "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
- "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
- 0x4C, nameSplitPattern);
-
- add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
- "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
- "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
- "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
- "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
- "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
- "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
- 0x2760, nameSplitPattern);
-
- /* ANSI X9.62 binary curves from the 1998 standard but forbidden
- * in the 2005 version of the standard.
- * We don't register them but leave them here for the time being in
- * case we need to support them after all.
- */
-/*
- add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
- "080000000000000000000000000000000000000107",
- "072546B5435234A422E0789675F432C89435DE5242",
- "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
- "07AF69989546103D79329FCC3D74880F33BBE803CB",
- "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
- "0400000000000000000001E60FC8821CC74DAEAFC1",
- 2, nameSplitPattern);
-
- add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
- "080000000000000000000000000000000000000107",
- "0108B39E77C4B108BED981ED0E890E117C511CF072",
- "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
- "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
- "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
- "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
- 2, nameSplitPattern);
-
- add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
- "080000000000000000000000000000000000000107",
- "07A526C63D3E25A256A007699F5447E32AE456B50E",
- "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
- "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
- "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
- "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
- 2, nameSplitPattern);
-
- add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
- "0100000000000000000000000000000000080000000007",
- "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
- "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
- "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
- "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
- "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
- 0xFF6E, nameSplitPattern);
-
- add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
- "010000000000000000000000000000000800000000000000000007",
- "0000000000000000000000000000000000000000000000000000",
- "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
- "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
- "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
- "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
- 0xFE48, nameSplitPattern);
-
- add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
- "010000000000000000000000000000000000000000000000000000010000000000000B",
- "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
- "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
- "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
- "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
- "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
- 0xFF06, nameSplitPattern);
-
- add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
- "010000000000000000000000000000000000000000000000000000000000000000000000000807",
- "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
- "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
- "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
- "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
- "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
- 0xFE2E, nameSplitPattern);
-
- add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
- "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
- "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
- "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
- "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
- "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
- "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
- 0xFF70, nameSplitPattern);
-*/
-
- /*
- * Brainpool curves (RFC 5639)
- * (Twisted curves are not included)
- */
-
- add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P,
- "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
- "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
- "1E589A8595423412134FAA2DBDEC95C8D8675E58",
- "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
- "1667CB477A1A8EC338F94741669C976316DA6321",
- "E95E4A5F737059DC60DF5991D45029409E60FC09",
- 1, nameSplitPattern);
-
- add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P,
- "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
- "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
- "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
- "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
- "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
- "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
- 1, nameSplitPattern);
-
- add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P,
- "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
- "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
- "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
- "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
- "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
- "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
- 1, nameSplitPattern);
-
- add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P,
- "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
- "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
- "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
- "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
- "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
- "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
- 1, nameSplitPattern);
-
- add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P,
- "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
- "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
- "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
- "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
- "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
- "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
- 1, nameSplitPattern);
-
- add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P,
- "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
- "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
- "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
- "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
- "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
- "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
- 1, nameSplitPattern);
-
- add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P,
- "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
- "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
- "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
- "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
- "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
- "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
- 1, nameSplitPattern);
-
specCollection = Collections.unmodifiableCollection(oidMap.values());
}
}
diff --git a/test/jdk/sun/security/ec/TestEC.java b/test/jdk/sun/security/ec/TestEC.java
--- openjdk/test/jdk/sun/security/ec/TestEC.java
+++ openjdk/test/jdk/sun/security/ec/TestEC.java
@@ -35,8 +35,8 @@
* @library ../pkcs11/sslecc
* @library ../../../java/security/testlibrary
* @modules jdk.crypto.cryptoki/sun.security.pkcs11.wrapper
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
- * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1" TestEC
+ * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1" TestEC
*/
import java.security.NoSuchProviderException;
diff -r bd66ea2fdde3 test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
--- openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jul 27 18:04:48 2017 +0000
+++ openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Fri Oct 06 13:18:47 2017 +0200
@@ -34,9 +34,9 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @modules jdk.crypto.cryptoki
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
* ClientJSSEServerJSSE
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
* ClientJSSEServerJSSE sm policy
*/

88
pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
View File

@ -1,88 +0,0 @@
# HG changeset patch
# User andrew
# Date 1478057514 0
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
PR3183: Support Fedora/RHEL system crypto policy
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
--- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
@@ -43,6 +43,9 @@
* implementation-specific location, which is typically the properties file
* {@code conf/security/java.security} in the Java installation directory.
*
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
+ *
* @author Benjamin Renaud
* @since 1.1
*/
@@ -52,6 +55,10 @@
private static final Debug sdebug =
Debug.getInstance("properties");
+ /* System property file*/
+ private static final String SYSTEM_PROPERTIES =
+ "/etc/crypto-policies/back-ends/java.config";
+
/* The java.security properties */
private static Properties props;
@@ -93,6 +100,7 @@
if (sdebug != null) {
sdebug.println("reading security properties file: " +
propFile);
+ sdebug.println(props.toString());
}
} catch (IOException e) {
if (sdebug != null) {
@@ -114,6 +122,31 @@
}
if ("true".equalsIgnoreCase(props.getProperty
+ ("security.useSystemPropertiesFile"))) {
+
+ // now load the system file, if it exists, so its values
+ // will win if they conflict with the earlier values
+ try (BufferedInputStream bis =
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+ props.load(bis);
+ loadedProps = true;
+
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ SYSTEM_PROPERTIES);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println
+ ("unable to load security properties from " +
+ SYSTEM_PROPERTIES);
+ e.printStackTrace();
+ }
+ }
+ }
+
+ if ("true".equalsIgnoreCase(props.getProperty
("security.overridePropertiesFile"))) {
String extraPropFile = System.getProperty
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security
--- a/src/java.base/share/conf/security/java.security Wed Oct 26 03:51:39 2016 +0100
+++ b/src/java.base/share/conf/security/java.security Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
security.overridePropertiesFile=true
#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=true
+
+#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#

34
remove-intree-libraries.sh
View File

@ -1,24 +1,52 @@
#!/bin/sh
# Arguments: <JDK TREE> <MINIMAL|FULL>
TREE=${1}
TYPE=${2}
ZIP_SRC=src/java.base/share/native/libzip/zlib/
JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
LCMS_SRC=src/java.desktop/share/native/liblcms/
cd openjdk
if test "x${TREE}" = "x"; then
echo "$0 <JDK_TREE> (MINIMAL|FULL)";
exit 1;
fi
if test "x${TYPE}" = "x"; then
TYPE=minimal;
fi
if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
echo "Type must be minimal or full";
exit 2;
fi
echo "Removing in-tree libraries from ${TREE}"
echo "Cleansing operation: ${TYPE}";
cd ${TREE}
echo "Removing built-in libs (they will be linked)"
# On full runs, allow for zlib having already been deleted by minimal
echo "Removing zlib"
if [ ! -d ${ZIP_SRC} ]; then
if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
echo "${ZIP_SRC} does not exist. Refusing to proceed."
exit 1
fi
rm -rvf ${ZIP_SRC}
# Minimal is limited to just zlib so finish here
if test "x${TYPE}" = "xminimal"; then
echo "Finished.";
exit 0;
fi
echo "Removing libjpeg"
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
exit 1
fi

14
rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
View File

@ -1,10 +1,9 @@
diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java
--- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
+++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
@@ -883,9 +883,13 @@
return null;
}
});
diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jun 13 19:37:49 2019 +0200
+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jul 04 10:35:42 2019 +0200
@@ -595,7 +595,11 @@
toolkit = new HeadlessToolkit(toolkit);
}
if (!GraphicsEnvironment.isHeadless()) {
- loadAssistiveTechnologies();
+ try {
@ -15,4 +14,3 @@ diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/
}
}
return toolkit;
}

15
rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
View File

@ -1,11 +1,12 @@
diff -r 5b86f66575b7 src/share/lib/security/java.security-linux
--- openjdk/src/java.base/share/conf/security/java.security Tue May 16 13:29:05 2017 -0700
+++ openjdk/src/java.base/share/conf/security/java.security Tue Jun 06 14:05:12 2017 +0200
@@ -83,6 +83,7 @@
#ifndef solaris
security.provider.tbd=SunPKCS11
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
index 68a9c1a2d08..7aa25eb2cb7 100644
--- openjdk.orig/src/java.base/share/conf/security/java.security
+++ openjdk/src/java.base/share/conf/security/java.security
@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
security.provider.tbd=Apple
#endif
security.provider.tbd=SunPKCS11
+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
#
# A list of preferred providers for specific algorithms. These providers will
# Security providers used when FIPS mode support is active

20
rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
View File

@ -1,13 +1,15 @@
--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100
+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100
@@ -48,8 +48,8 @@
diff --git a/openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
index bacff32efbc..ff7b3dcc81c 100644
--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
@@ -46,8 +46,8 @@ class PlatformPCSC {
private final static String PROP_NAME = "sun.security.smartcardio.library";
private static final String PROP_NAME = "sun.security.smartcardio.library";
- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so";
- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
+ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+ private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
+ private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
PlatformPCSC() {

117
rh1750419-redhat_alt_java.patch Normal file
View File

@ -0,0 +1,117 @@
diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk
index 700ddefda49..2882de68eb2 100644
--- openjdk.orig/make/modules/java.base/Launcher.gmk
+++ openjdk/make/modules/java.base/Launcher.gmk
@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \
OPTIMIZATION := HIGH, \
))
+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
+$(eval $(call SetupBuildLauncher, alt-java, \
+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
+ EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \
+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
+ OPTIMIZATION := HIGH, \
+))
+
ifeq ($(call isTargetOs, windows), true)
$(eval $(call SetupBuildLauncher, javaw, \
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
new file mode 100644
index 00000000000..697df2898ac
--- /dev/null
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#ifdef REDHAT_ALT_JAVA
+
+#include <sys/prctl.h>
+
+
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+# define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+# define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+#ifndef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+#endif
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+
+#ifndef PR_SPEC_NOT_AFFECTED
+# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
+# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
+# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
+# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
+#endif // REDHAT_ALT_JAVA
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
index b734fe2ba78..79dc8307650 100644
--- openjdk.orig/src/java.base/share/native/launcher/main.c
+++ openjdk/src/java.base/share/native/launcher/main.c
@@ -34,6 +34,14 @@
#include "jli_util.h"
#include "jni.h"
+#ifdef REDHAT_ALT_JAVA
+#if defined(__linux__) && defined(__x86_64__)
+#include "alt_main.h"
+#else
+#warning alt-java requested but SSB mitigation not available on this platform.
+#endif
+#endif
+
#ifdef _MSC_VER
#if _MSC_VER > 1400 && _MSC_VER < 1600

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (jdk-jdk12-jdk-12+33.tar.xz) = e2dea9585fe07ae87fb313d090e9850a547e2ba84a7447d42acd0a04874599ef240f7b6ccaa69955cab5d12f646711cb4467e1b24e090af476e9ff708cc168fe
SHA512 (systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz) = cf578221b77d8c7e019f69909bc86c419c5fb5e10bceba9592ff6e7f96887b0a7f07c9cefe90800975247a078785ca190fdec5c2d0f841bb447cee784b570f7d
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-jdk19u-jdk-19+36.tar.xz) = c441e1f7dbabe3e66e062a7f661f953e06c10dd165995e2996e614d32f2333cd4532f45064ba4d098dfc8fa3637448d4dc9869c235d086ef80499a7a262f4ede

70
update_package.sh
View File

@ -1,70 +0,0 @@
#!/bin/bash -x
# this file contains defaults for currently generated source tarballs
set -e
# TAPSET
export PROJECT_NAME="hg"
export REPO_NAME="icedtea8"
export VERSION="9d464368e06d"
export COMPRESSION=xz
export OPENJDK_URL=http://icedtea.classpath.org
export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
export TO_COMPRESS="*/tapset"
# warning, filename and filenameroot creation is duplicated here from generate_source_tarball.sh
CLONED_FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
TAPSET_VERSION=3.2
TAPSET=systemtap_"$TAPSET_VERSION"_tapsets_$CLONED_FILENAME
if [ ! -f ${TAPSET} ] ; then
if [ ! -f ${CLONED_FILENAME} ] ; then
echo "Generating ${CLONED_FILENAME}"
sh ./generate_source_tarball.sh
else
echo "exists exists exists exists exists exists exists "
echo "reusing reusing reusing reusing reusing reusing "
echo ${CLONED_FILENAME}
fi
mv -v $CLONED_FILENAME $TAPSET
else
echo "exists exists exists exists exists exists exists "
echo "reusing reusing reusing reusing reusing reusing "
echo ${TAPSET}
fi
# OpenJDK from Shenandoah project
export PROJECT_NAME="jdk"
export REPO_NAME="jdk12"
# warning, clonning without shenadnaoh suffix, you will clone pure jdk - thus without shenandaoh GC
export VERSION="jdk-12+25"
export COMPRESSION=xz
# unset tapsets overrides
export OPENJDK_URL=""
export TO_COMPRESS=""
# warning, filename and filenameroot creation is duplicated here from generate_source_tarball.sh
export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
if [ ! -f ${FILENAME} ] ; then
echo "Generating ${FILENAME}"
sh ./generate_source_tarball.sh
else
echo "exists exists exists exists exists exists exists "
echo "reusing reusing reusing reusing reusing reusing "
echo ${FILENAME}
fi
set +e
major=`echo $REPO_NAME | sed 's/[a-zA-Z]*//g'`
build=`echo $VERSION | sed 's/.*+//g'`
name_helper=`echo $FILENAME | sed s/$major/'%{majorver}'/g `
name_helper=`echo $name_helper | sed s/$build/'%{buildver}'/g `
echo "align specfile acordingly:"
echo " sed 's/^Source0:.*/Source0: $name_helper/' -i *.spec"
echo " sed 's/^Source8:.*/Source8: $TAPSET/' -i *.spec"
echo " sed 's/^%global buildver.*/%global buildver $build/' -i *.spec"
echo " sed 's/Release:.*/Release: 1%{?dist}/' -i *.spec"
echo "and maybe others...."
echo "you should fedpkg/rhpkg new-sources $TAPSET $FILENAME"
echo "you should fedpkg/rhpkg prep --arch XXXX on all architectures: x86_64 i386 i586 i686 ppc ppc64 ppc64le s390 s390x aarch64 armv7hl"