diff --git a/java-17-openjdk.changes b/java-17-openjdk.changes index 3d9fec7..cabd0c8 100644 --- a/java-17-openjdk.changes +++ b/java-17-openjdk.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu May 11 12:52:16 UTC 2023 - jsilva@suse.com + +- Fix for SG#65673, bsc#1210392: + * unsigned-sni-server-name.patch: In SSLSessionImpl, interpret + length of SNIServerName as an unsigned byte so that it can + have length up to 255 rather than 127. + ------------------------------------------------------------------- Thu May 11 07:26:21 UTC 2023 - Fridrich Strba diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec index 73f5514..2e68976 100644 --- a/java-17-openjdk.spec +++ b/java-17-openjdk.spec @@ -176,6 +176,7 @@ Patch300: JDK-8282944.patch Patch301: JDK-8303509.patch Patch302: disable-doclint-by-default.patch Patch303: alternative-tzdb_dat.patch +Patch304: unsigned-sni-server-name.patch # BuildRequires: alsa-lib-devel BuildRequires: autoconf @@ -416,6 +417,7 @@ rm -rvf src/java.desktop/share/native/liblcms/lcms2* %patch301 -p1 %patch302 -p1 %patch303 -p1 +%patch304 -p1 # Extract systemtap tapsets diff --git a/unsigned-sni-server-name.patch b/unsigned-sni-server-name.patch new file mode 100644 index 0000000..79c4e25 --- /dev/null +++ b/unsigned-sni-server-name.patch @@ -0,0 +1,13 @@ +Index: jdk17u-jdk-17.0.6-10/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java +=================================================================== +--- jdk17u-jdk-17.0.6-10.orig/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java ++++ jdk17u-jdk-17.0.6-10/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java +@@ -408,7 +408,7 @@ final class SSLSessionImpl extends Exten + } else { + requestedServerNames = new ArrayList<>(); + while (len > 0) { +- int l = buf.get(); ++ int l = Byte.toUnsignedInt(buf.get()); + b = new byte[l]; + buf.get(b, 0, l); + requestedServerNames.add(new SNIHostName(new String(b)));