Accepting request 1086543 from Java:Factory
bsc#1210392 and bsc#1211259 OBS-URL: https://build.opensuse.org/request/show/1086543 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/java-17-openjdk?expand=0&rev=22
This commit is contained in:
commit
fa0ef7d245
@ -1491,7 +1491,7 @@
|
||||
+# using the system properties file stored at
|
||||
+# /etc/crypto-policies/back-ends/java.config
|
||||
+#
|
||||
+security.useSystemPropertiesFile=false
|
||||
+security.useSystemPropertiesFile=true
|
||||
+
|
||||
+#
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
|
@ -1,3 +1,21 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu May 11 12:52:16 UTC 2023 - jsilva@suse.com
|
||||
|
||||
- Fix for SG#65673, bsc#1210392:
|
||||
* unsigned-sni-server-name.patch: In SSLSessionImpl, interpret
|
||||
length of SNIServerName as an unsigned byte so that it can
|
||||
have length up to 255 rather than 127.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 11 07:26:21 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Do not install a separate nss.fips.cfg file, since there is
|
||||
now one in the tree and the install happens automatically
|
||||
- Modified patch:
|
||||
* fips.patch
|
||||
+ enable system property file by default, without which the
|
||||
FIPS mode would never get enabled (bsc#1211259)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 26 11:29:03 UTC 2023 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
|
@ -139,8 +139,6 @@ Source10: systemtap-tapset.tar.xz
|
||||
Source11: jconsole.desktop.in
|
||||
# nss configuration file
|
||||
Source12: nss.cfg.in
|
||||
# nss fips configuration file
|
||||
Source13: nss.fips.cfg.in
|
||||
# Ensure we aren't using the limited crypto policy
|
||||
Source14: TestCryptoLevel.java
|
||||
# Ensure ECDSA is working
|
||||
@ -178,6 +176,7 @@ Patch300: JDK-8282944.patch
|
||||
Patch301: JDK-8303509.patch
|
||||
Patch302: disable-doclint-by-default.patch
|
||||
Patch303: alternative-tzdb_dat.patch
|
||||
Patch304: unsigned-sni-server-name.patch
|
||||
#
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: autoconf
|
||||
@ -418,6 +417,7 @@ rm -rvf src/java.desktop/share/native/liblcms/lcms2*
|
||||
%patch301 -p1
|
||||
%patch302 -p1
|
||||
%patch303 -p1
|
||||
%patch304 -p1
|
||||
|
||||
# Extract systemtap tapsets
|
||||
|
||||
@ -452,10 +452,6 @@ done
|
||||
# Setup nss.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE12} > nss.cfg
|
||||
|
||||
# Setup nss.fips.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.fips.cfg
|
||||
sed -i -e "s:@NSS_SECMOD@:sql\:/etc/pki/nssdb:g" nss.fips.cfg
|
||||
|
||||
%build
|
||||
|
||||
%ifarch s390x sparc64 alpha ppc64 ppc64le %{aarch64}
|
||||
@ -517,9 +513,6 @@ export JAVA_HOME=$(pwd)/%{buildoutputdir}/%{imagesdir}/jdk
|
||||
# Install nss.cfg right away as we will be using the JRE above
|
||||
install -m 644 nss.cfg $JAVA_HOME/conf/security/
|
||||
|
||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||
install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
|
||||
|
||||
# Copy tz.properties
|
||||
echo "sun.zoneinfo.dir=%{_datadir}/javazi" >> $JAVA_HOME/conf/tz.properties
|
||||
|
||||
@ -952,8 +945,8 @@ fi
|
||||
%endif
|
||||
|
||||
%config(noreplace) %{_jvmdir}/%{sdkdir}/lib/security/blocked.certs
|
||||
%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
|
||||
%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
|
||||
%{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
|
||||
%{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
|
||||
%{_jvmdir}/%{sdkdir}/lib/security/default.policy
|
||||
%{_jvmdir}/%{sdkdir}/lib/security/public_suffix_list.dat
|
||||
|
||||
|
@ -1,6 +0,0 @@
|
||||
name = NSS-FIPS
|
||||
nssLibraryDirectory = @NSS_LIBDIR@
|
||||
nssSecmodDirectory = @NSS_SECMOD@
|
||||
nssDbMode = readOnly
|
||||
nssModule = fips
|
||||
|
13
unsigned-sni-server-name.patch
Normal file
13
unsigned-sni-server-name.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: jdk17u-jdk-17.0.6-10/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
|
||||
===================================================================
|
||||
--- jdk17u-jdk-17.0.6-10.orig/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
|
||||
+++ jdk17u-jdk-17.0.6-10/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
|
||||
@@ -408,7 +408,7 @@ final class SSLSessionImpl extends Exten
|
||||
} else {
|
||||
requestedServerNames = new ArrayList<>();
|
||||
while (len > 0) {
|
||||
- int l = buf.get();
|
||||
+ int l = Byte.toUnsignedInt(buf.get());
|
||||
b = new byte[l];
|
||||
buf.get(b, 0, l);
|
||||
requestedServerNames.add(new SNIHostName(new String(b)));
|
Loading…
Reference in New Issue
Block a user