pool/java-22-openjdk
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1168901 from Java:Factory

Browse Source 
April 2024 CPU

OBS-URL: https://build.opensuse.org/request/show/1168901
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/java-22-openjdk?expand=0&rev=2
This commit is contained in:
Ana Guerrero 2024-04-18 20:13:44 +00:00 committed by Git OBS Bridge
commit d26773b617
14 changed files with 339 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
PStack-808293.patch
View File

@ -1,6 +1,6 @@
--- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/PStack.java
+++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/PStack.java
@@ -101,7 +101,8 @@ public class PStack extends Tool {
@@ -101,7 +101,8 @@ public void run(PrintStream out, Debugger dbg) {
if (jthread != null) {
jthread.printThreadInfoOn(out);
}
@ -10,7 +10,7 @@
ClosestSymbol sym = f.closestSymbolToPC();
Address pc = f.pc();
out.print(pc + "\t");
@@ -183,10 +184,19 @@ public class PStack extends Tool {
@@ -183,10 +184,19 @@ public void run(PrintStream out, Debugger dbg) {
}
}
}

6
disable-doclint-by-default.patch
View File

@ -1,6 +1,6 @@
--- a/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/toolkit/BaseConfiguration.java
+++ b/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/toolkit/BaseConfiguration.java
@@ -795,7 +795,7 @@ public abstract class BaseConfiguration {
@@ -631,7 +631,7 @@ public void initDocLint(List<String> opts, Set<String> customTagNames) {
}
} else {
// no -Xmsgs options of any kind, use default
@ -11,7 +11,7 @@
if (!customTagNames.isEmpty()) {
--- a/test/langtools/jdk/javadoc/tool/doclint/DocLintTest.java
+++ b/test/langtools/jdk/javadoc/tool/doclint/DocLintTest.java
@@ -150,12 +150,12 @@ public class DocLintTest {
@@ -150,12 +150,12 @@ void run() throws Exception {
files = List.of(new TestJFO("Test.java", code));
test(List.of(htmlVersion),
@ -28,7 +28,7 @@
// test(List.of("-Xdoclint:none"),
// Main.Result.OK,
@@ -178,8 +178,8 @@ public class DocLintTest {
@@ -178,8 +178,8 @@ void run() throws Exception {
EnumSet.of(Message.DL_WRN14));
test(List.of(htmlVersion, rawDiags, "-private"),

294
fips.patch
View File

@ -1,6 +1,6 @@
--- jdk22u-jdk-22-36/make/autoconf/build-aux/pkg.m4 2024-03-15 16:05:55.017767821 +0100
+++ jdk22u-jdk-22-36/make/autoconf/build-aux/pkg.m4 2024-03-15 16:08:34.387868998 +0100
@@ -179,3 +179,19 @@
--- a/make/autoconf/build-aux/pkg.m4
+++ b/make/autoconf/build-aux/pkg.m4
@@ -179,3 +179,19 @@ else
ifelse([$3], , :, [$3])
fi[]dnl
])# PKG_CHECK_MODULES
@ -20,26 +20,8 @@
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
--- jdk22u-jdk-22-36/make/autoconf/libraries.m4 2024-03-15 16:05:55.017767821 +0100
+++ jdk22u-jdk-22-36/make/autoconf/libraries.m4 2024-03-15 16:08:34.387868998 +0100
@@ -35,6 +35,7 @@
m4_include([lib-x11.m4])
m4_include([lib-tests.m4])
+m4_include([lib-sysconf.m4])
################################################################################
# Determine which libraries are needed for this configuration
@@ -128,6 +129,7 @@
LIB_SETUP_X11
LIB_TESTS_SETUP_GTEST
+ LIB_SETUP_SYSCONF_LIBS
BASIC_JDKLIB_LIBS=""
BASIC_JDKLIB_LIBS_TARGET=""
--- jdk22u-jdk-22-36/make/autoconf/lib-sysconf.m4 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/make/autoconf/lib-sysconf.m4 2024-03-15 16:08:34.387868998 +0100
--- /dev/null
+++ b/make/autoconf/lib-sysconf.m4
@@ -0,0 +1,87 @@
+#
+# Copyright (c) 2021, Red Hat, Inc.
@ -128,9 +110,27 @@
+ AC_SUBST(USE_SYSCONF_NSS)
+ AC_SUBST(NSS_LIBDIR)
+])
--- jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:05:55.017767821 +0100
+++ jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:11:32.251315250 +0100
@@ -830,6 +830,11 @@
--- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4
@@ -35,6 +35,7 @@ m4_include([lib-std.m4])
m4_include([lib-x11.m4])
m4_include([lib-tests.m4])
+m4_include([lib-sysconf.m4])
################################################################################
# Determine which libraries are needed for this configuration
@@ -128,6 +129,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
LIB_SETUP_X11
LIB_TESTS_SETUP_GTEST
+ LIB_SETUP_SYSCONF_LIBS
BASIC_JDKLIB_LIBS=""
BASIC_JDKLIB_LIBS_TARGET=""
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
@@ -831,6 +831,11 @@ PANDOC_MARKDOWN_FLAG := @PANDOC_MARKDOWN_FLAG@
# Libraries
#
@ -142,9 +142,9 @@
USE_EXTERNAL_LCMS := @USE_EXTERNAL_LCMS@
LCMS_CFLAGS := @LCMS_CFLAGS@
LCMS_LIBS := @LCMS_LIBS@
--- jdk22u-jdk-22-36/make/modules/java.base/Gendata.gmk 2024-03-15 16:05:55.097767871 +0100
+++ jdk22u-jdk-22-36/make/modules/java.base/Gendata.gmk 2024-03-15 16:08:34.387868998 +0100
@@ -98,3 +98,17 @@
--- a/make/modules/java.base/Gendata.gmk
+++ b/make/modules/java.base/Gendata.gmk
@@ -98,3 +98,17 @@ $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS_JDK) $(GENDATA_JAVA_SECURITY_SRC) $(REST
TARGETS += $(GENDATA_JAVA_SECURITY)
################################################################################
@ -162,12 +162,13 @@
+TARGETS += $(GENDATA_NSS_FIPS_CFG)
+
+################################################################################
--- jdk22u-jdk-22-36/make/modules/java.base/Lib.gmk 2024-03-15 16:05:55.101101207 +0100
+++ jdk22u-jdk-22-36/make/modules/java.base/Lib.gmk 2024-03-15 16:08:34.387868998 +0100
@@ -165,6 +165,29 @@
--- a/make/modules/java.base/Lib.gmk
+++ b/make/modules/java.base/Lib.gmk
@@ -164,6 +164,29 @@ ifeq ($(call isTargetOsType, unix), true)
endif
endif
################################################################################
+################################################################################
+# Create the systemconf library
+
+LIBSYSTEMCONF_CFLAGS :=
@ -190,12 +191,11 @@
+
+TARGETS += $(BUILD_LIBSYSTEMCONF)
+
+################################################################################
################################################################################
# Create the symbols file for static builds.
ifeq ($(STATIC_BUILD), true)
--- jdk22u-jdk-22-36/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java 2024-03-15 16:05:55.677768239 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java 2024-03-15 16:08:34.387868998 +0100
--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -31,6 +31,7 @@
import java.security.PrivilegedAction;
import java.util.HashMap;
@ -215,7 +215,7 @@
@java.io.Serial
private static final long serialVersionUID = 6812507587804302833L;
@@ -147,6 +152,7 @@
@@ -147,6 +152,7 @@ public Void run() {
void putEntries() {
// reuse attribute map and reset before each reuse
HashMap<String, String> attrs = new HashMap<>(3);
@ -223,7 +223,7 @@
attrs.put("SupportedModes", "ECB");
attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ "|OAEPWITHMD5ANDMGF1PADDING"
@@ -439,6 +444,7 @@
@@ -439,6 +445,7 @@ void putEntries() {
psA("KeyPairGenerator", "DiffieHellman",
"com.sun.crypto.provider.DHKeyPairGenerator",
null);
@ -231,7 +231,7 @@
/*
* Algorithm parameter generation engines
@@ -447,6 +453,7 @@
@@ -447,6 +454,7 @@ void putEntries() {
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
null);
@ -239,7 +239,7 @@
/*
* Key Agreement engines
*/
@@ -456,6 +463,7 @@
@@ -456,6 +464,7 @@ void putEntries() {
psA("KeyAgreement", "DiffieHellman",
"com.sun.crypto.provider.DHKeyAgreement",
attrs);
@ -247,7 +247,7 @@
/*
* Algorithm Parameter engines
@@ -651,6 +659,7 @@
@@ -651,6 +660,7 @@ void putEntries() {
ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_256");
@ -255,7 +255,7 @@
// PBKDF2
psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
@@ -782,6 +790,7 @@
@@ -782,6 +792,7 @@ void putEntries() {
"com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
List.of("SunTls12RsaPremasterSecret"), null);
}
@ -263,8 +263,8 @@
// Return the instance of this class or create one if needed.
static SunJCE getInstance() {
--- jdk22u-jdk-22-36/src/java.base/share/classes/java/security/Security.java 2024-03-15 16:05:55.704434923 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/java/security/Security.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java
@@ -34,6 +34,7 @@
import jdk.internal.access.JavaSecurityPropertiesAccess;
import jdk.internal.event.EventHelper;
@ -285,7 +285,7 @@
/* Are we debugging? -- for developers */
private static final Debug sdebug =
Debug.getInstance("properties");
@@ -75,6 +81,19 @@
@@ -75,6 +81,19 @@ private static class ProviderProperty {
}
static {
@ -305,7 +305,7 @@
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call,
@@ -96,6 +115,7 @@
@@ -96,6 +115,7 @@ public Properties getInitialProperties() {
private static void initialize() {
props = new Properties();
boolean overrideAll = false;
@ -313,7 +313,7 @@
// first load the system properties file
// to determine the value of security.overridePropertiesFile
@@ -116,6 +136,61 @@
@@ -116,6 +136,61 @@ private static void initialize() {
}
loadProps(null, extraPropFile, overrideAll);
}
@ -375,7 +375,7 @@
initialSecurityProperties = (Properties) props.clone();
if (sdebug != null) {
for (String key : props.stringPropertyNames()) {
@@ -126,7 +201,7 @@
@@ -126,7 +201,7 @@ private static void initialize() {
}
@ -384,8 +384,8 @@
InputStream is = null;
try {
if (masterFile != null && masterFile.exists()) {
--- jdk22u-jdk-22-36/src/java.base/share/classes/java/security/SystemConfigurator.java 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/java/security/SystemConfigurator.java 2024-03-15 16:08:34.391202334 +0100
--- /dev/null
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 2019, 2021, Red Hat, Inc.
@ -619,8 +619,8 @@
+ }
+ }
+}
--- jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java 2024-03-15 16:08:34.391202334 +0100
--- /dev/null
+++ b/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2020, Red Hat, Inc.
@ -653,8 +653,8 @@
+ boolean isSystemFipsEnabled();
+ boolean isPlainKeySupportEnabled();
+}
--- jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java 2024-03-15 16:05:55.727768271 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
+++ b/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
@@ -43,6 +43,7 @@
import java.io.PrintWriter;
import java.io.RandomAccessFile;
@ -663,7 +663,7 @@
import java.security.Signature;
/** A repository of "shared secrets", which are a mechanism for
@@ -90,6 +91,7 @@
@@ -90,6 +91,7 @@ public class SharedSecrets {
private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess;
private static JavaxCryptoSpecAccess javaxCryptoSpecAccess;
private static JavaTemplateAccess javaTemplateAccess;
@ -671,7 +671,7 @@
public static void setJavaUtilCollectionAccess(JavaUtilCollectionAccess juca) {
javaUtilCollectionAccess = juca;
@@ -537,4 +539,15 @@
@@ -537,4 +539,15 @@ private static void ensureClassInitialized(Class<?> c) {
MethodHandles.lookup().ensureInitialized(c);
} catch (IllegalAccessException e) {}
}
@ -687,8 +687,8 @@
+ return javaSecuritySystemConfiguratorAccess;
+ }
}
--- jdk22u-jdk-22-36/src/java.base/share/classes/module-info.java 2024-03-15 16:05:55.744434949 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/module-info.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/java.base/share/classes/module-info.java
+++ b/src/java.base/share/classes/module-info.java
@@ -168,6 +168,7 @@
java.naming,
java.rmi,
@ -697,8 +697,8 @@
jdk.jartool,
jdk.jlink,
jdk.jfr,
--- jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/ec/SunEC.java 2024-03-15 16:05:55.754434955 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/ec/SunEC.java 2024-03-15 16:08:34.397869005 +0100
--- a/src/java.base/share/classes/sun/security/ec/SunEC.java
+++ b/src/java.base/share/classes/sun/security/ec/SunEC.java
@@ -34,6 +34,7 @@
import java.util.HashMap;
import java.util.List;
@ -707,7 +707,7 @@
import sun.security.ec.ed.EdDSAKeyFactory;
import sun.security.ec.ed.EdDSAKeyPairGenerator;
import sun.security.ec.ed.EdDSASignature;
@@ -50,6 +51,10 @@
@@ -50,6 +51,10 @@ public final class SunEC extends Provider {
private static final long serialVersionUID = -2279741672933606418L;
@ -718,7 +718,7 @@
private static class ProviderServiceA extends ProviderService {
ProviderServiceA(Provider p, String type, String algo, String cn,
HashMap<String, String> attrs) {
@@ -240,6 +245,7 @@
@@ -240,6 +245,7 @@ void putEntries() {
putXDHEntries();
putEdDSAEntries();
@ -726,7 +726,7 @@
/*
* Signature engines
*/
@@ -318,6 +324,7 @@
@@ -318,6 +324,7 @@ void putEntries() {
putService(new ProviderService(this, "KeyAgreement",
"ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
}
@ -734,7 +734,7 @@
private void putXDHEntries() {
@@ -333,6 +340,7 @@
@@ -333,6 +340,7 @@ private void putXDHEntries() {
"X448", "sun.security.ec.XDHKeyFactory.X448",
ATTRS));
@ -742,7 +742,7 @@
putService(new ProviderService(this, "KeyPairGenerator",
"XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
putService(new ProviderServiceA(this, "KeyPairGenerator",
@@ -351,6 +359,7 @@
@@ -351,6 +359,7 @@ private void putXDHEntries() {
"X448", "sun.security.ec.XDHKeyAgreement.X448",
ATTRS));
}
@ -750,7 +750,7 @@
private void putEdDSAEntries() {
@@ -364,6 +373,7 @@
@@ -364,6 +373,7 @@ private void putEdDSAEntries() {
putService(new ProviderServiceA(this, "KeyFactory",
"Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS));
@ -758,7 +758,7 @@
putService(new ProviderService(this, "KeyPairGenerator",
"EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
putService(new ProviderServiceA(this, "KeyPairGenerator",
@@ -379,6 +389,7 @@
@@ -379,6 +389,7 @@ private void putEdDSAEntries() {
"Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
putService(new ProviderServiceA(this, "Signature",
"Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
@ -766,8 +766,8 @@
}
}
--- jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/provider/SunEntries.java 2024-03-15 16:05:55.754434955 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/provider/SunEntries.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/java.base/share/classes/sun/security/provider/SunEntries.java
+++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java
@@ -38,6 +38,7 @@
import java.util.Iterator;
import java.util.LinkedHashSet;
@ -787,7 +787,7 @@
// the default algo used by SecureRandom class for new SecureRandom() calls
public static final String DEF_SECURE_RANDOM_ALGO;
@@ -102,6 +107,7 @@
@@ -102,6 +107,7 @@ public final class SunEntries {
// common attribute map
HashMap<String, String> attrs = new HashMap<>(3);
@ -795,7 +795,7 @@
/*
* SecureRandom engines
*/
@@ -186,6 +192,8 @@
@@ -186,6 +192,8 @@ public final class SunEntries {
add(p, "Signature", "SHA3-512withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
@ -804,7 +804,7 @@
attrs.clear();
attrs.put("ImplementedIn", "Software");
addWithAlias(p, "Signature", "HSS/LMS", "sun.security.provider.HSS", attrs);
@@ -196,9 +204,11 @@
@@ -196,9 +204,11 @@ public final class SunEntries {
attrs.put("ImplementedIn", "Software");
attrs.put("KeySize", "2048"); // for DSA KPG and APG only
@ -816,7 +816,7 @@
/*
* Algorithm Parameter Generator engines
@@ -213,6 +223,7 @@
@@ -213,6 +223,7 @@ public final class SunEntries {
addWithAlias(p, "AlgorithmParameters", "DSA",
"sun.security.provider.DSAParameters", attrs);
@ -824,7 +824,7 @@
/*
* Key factories
*/
@@ -251,6 +262,7 @@
@@ -251,6 +262,7 @@ public final class SunEntries {
"sun.security.provider.SHA3$SHA384", attrs);
addWithAlias(p, "MessageDigest", "SHA3-512",
"sun.security.provider.SHA3$SHA512", attrs);
@ -832,8 +832,8 @@
/*
* Certificates
--- jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java 2024-03-15 16:05:55.757768290 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
+++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
@@ -27,6 +27,7 @@
import java.util.*;
@ -853,7 +853,7 @@
private void add(Provider p, String type, String algo, String cn,
List<String> aliases, HashMap<String, String> attrs) {
services.add(new Provider.Service(p, type, algo, cn,
@@ -63,6 +68,8 @@
@@ -63,6 +68,8 @@ public SunRsaSignEntries(Provider p) {
add(p, "KeyFactory", "RSA",
"sun.security.rsa.RSAKeyFactory$Legacy",
getAliases("PKCS1"), null);
@ -862,7 +862,7 @@
add(p, "KeyPairGenerator", "RSA",
"sun.security.rsa.RSAKeyPairGenerator$Legacy",
getAliases("PKCS1"), null);
@@ -92,13 +99,18 @@
@@ -92,13 +99,18 @@ public SunRsaSignEntries(Provider p) {
"sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
addA(p, "Signature", "SHA3-512withRSA",
"sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
@ -881,12 +881,13 @@
addA(p, "AlgorithmParameters", "RSASSA-PSS",
"sun.security.rsa.PSSParameters", null);
}
--- jdk22u-jdk-22-36/src/java.base/share/conf/security/java.security 2024-03-15 16:05:55.771101632 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/conf/security/java.security 2024-03-15 16:08:34.391202334 +0100
@@ -86,6 +86,17 @@
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -85,6 +85,17 @@ security.provider.tbd=Apple
#endif
security.provider.tbd=SunPKCS11
#
+#
+# Security providers used when FIPS mode support is active
+#
+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
@ -897,14 +898,14 @@
+fips.provider.6=SunRsaSign
+fips.provider.7=XMLDSig
+
+#
#
# A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers.
# Entries containing errors (parsing, etc) will be ignored. Use the
@@ -296,6 +307,47 @@
@@ -295,6 +306,47 @@ policy.ignoreIdentityScope=false
#
keystore.type=pkcs12
#
+#
+# Default keystore type used when global crypto-policies are set to FIPS.
+#
+fips.keystore.type=pkcs12
@ -945,26 +946,25 @@
+#
+fips.nssdb.pin=pin:
+
+#
#
# Controls compatibility mode for JKS and PKCS12 keystore types.
#
# When set to 'true', both JKS and PKCS12 keystore types support loading
@@ -333,6 +385,13 @@
@@ -336,6 +388,13 @@ package.definition=sun.misc.,\
#
security.overridePropertiesFile=true
#
+#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=true
+
+#
#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
#
--- jdk22u-jdk-22-36/src/java.base/share/conf/security/nss.fips.cfg.in 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/conf/security/nss.fips.cfg.in 2024-03-15 16:08:34.391202334 +0100
--- /dev/null
+++ b/src/java.base/share/conf/security/nss.fips.cfg.in
@@ -0,0 +1,8 @@
+name = NSS-FIPS
+nssLibraryDirectory = @NSS_LIBDIR@
@ -974,9 +974,9 @@
+
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
+
--- jdk22u-jdk-22-36/src/java.base/share/lib/security/default.policy 2024-03-15 16:05:55.777768303 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/lib/security/default.policy 2024-03-15 16:10:36.574613233 +0100
@@ -134,6 +134,7 @@
--- a/src/java.base/share/lib/security/default.policy
+++ b/src/java.base/share/lib/security/default.policy
@@ -134,6 +134,7 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.access";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*";
@ -984,7 +984,7 @@
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
@@ -141,6 +142,8 @@
@@ -141,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
@ -993,8 +993,8 @@
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.SecurityPermission "clearProviderProperties.*";
permission java.security.SecurityPermission "removeProviderProperty.*";
--- jdk22u-jdk-22-36/src/java.base/share/native/libsystemconf/systemconf.c 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/src/java.base/share/native/libsystemconf/systemconf.c 2024-03-15 16:08:34.391202334 +0100
--- /dev/null
+++ b/src/java.base/share/native/libsystemconf/systemconf.c
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@ -1232,8 +1232,8 @@
+}
+
+#endif
--- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java 2024-03-15 16:08:34.391202334 +0100
--- /dev/null
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
@@ -0,0 +1,457 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@ -1692,8 +1692,8 @@
+ }
+ }
+}
--- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java 2024-03-15 16:08:34.391202334 +0100
--- /dev/null
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 2022, Red Hat, Inc.
@ -1845,8 +1845,8 @@
+ }
+}
\ No newline at end of file
--- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java 2024-03-15 16:05:55.394434726 +0100
+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
@@ -37,6 +37,8 @@
import javax.crypto.interfaces.*;
import javax.crypto.spec.*;
@ -1856,7 +1856,7 @@
import sun.security.rsa.RSAUtil.KeyType;
import sun.security.rsa.RSAPublicKeyImpl;
import sun.security.rsa.RSAPrivateCrtKeyImpl;
@@ -72,6 +74,9 @@
@@ -72,6 +74,9 @@ abstract class P11Key implements Key, Length {
@Serial
private static final long serialVersionUID = -2575874101938349339L;
@ -1866,7 +1866,7 @@
private static final String PUBLIC = "public";
private static final String PRIVATE = "private";
private static final String SECRET = "secret";
@@ -395,8 +400,10 @@
@@ -395,8 +400,10 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm,
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
});
@ -1879,7 +1879,7 @@
return switch (algorithm) {
case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm,
@@ -448,7 +455,8 @@
@@ -448,7 +455,8 @@ private static class P11SecretKey extends P11Key implements SecretKey {
public String getFormat() {
token.ensureValid();
@ -1889,8 +1889,8 @@
return null;
} else {
return "RAW";
--- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2024-03-15 16:05:55.394434726 +0100
+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
package sun.security.pkcs11;
@ -1914,7 +1914,7 @@
import static sun.security.util.SecurityProviderConstants.getAliases;
import sun.security.pkcs11.Secmod.*;
@@ -65,6 +70,39 @@
@@ -65,6 +70,39 @@ public final class SunPKCS11 extends AuthProvider {
@Serial
private static final long serialVersionUID = -1354835039035306505L;
@ -1954,7 +1954,7 @@
static final Debug debug = Debug.getInstance("sunpkcs11");
// the PKCS11 object through which we make the native calls
@SuppressWarnings("serial") // Type of field is not Serializable;
@@ -123,6 +161,29 @@
@@ -123,6 +161,29 @@ public Provider configure(String configArg) throws InvalidParameterException {
return AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
@Override
public SunPKCS11 run() throws Exception {
@ -1984,7 +1984,7 @@
return new SunPKCS11(new Config(newConfigName));
}
});
@@ -325,9 +386,19 @@
@@ -336,9 +397,19 @@ private static <T> T checkNull(T obj) {
// request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11;
@ -2006,7 +2006,7 @@
} catch (PKCS11Exception e) {
if (debug != null) {
debug.println("Multi-threaded initialization failed: " + e);
@@ -342,8 +413,9 @@
@@ -353,8 +424,9 @@ private static <T> T checkNull(T obj) {
} else {
initArgs.flags = 0;
}
@ -2018,7 +2018,7 @@
}
p11 = tmpPKCS11;
@@ -1389,11 +1461,52 @@
@@ -1400,11 +1472,52 @@ private static final class P11Service extends Service {
}
@Override
@ -2071,7 +2071,7 @@
try {
return newInstance0(param);
} catch (PKCS11Exception e) {
@@ -1750,6 +1863,9 @@
@@ -1761,6 +1874,9 @@ public void logout() throws LoginException {
try {
session = token.getOpSession();
p11.C_Logout(session.id());
@ -2081,8 +2081,8 @@
if (debug != null) {
debug.println("logout succeeded");
}
--- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java 2024-03-15 16:05:55.394434726 +0100
+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
@@ -33,6 +33,7 @@
import java.security.*;
import javax.security.auth.login.LoginException;
@ -2101,7 +2101,7 @@
// need to be serializable to allow SecureRandom to be serialized
@Serial
private static final long serialVersionUID = 2541527649100571747L;
@@ -125,6 +129,10 @@
@@ -125,6 +129,10 @@ final class Token implements Serializable {
// flag indicating whether we are logged in
private volatile boolean loggedIn;
@ -2112,7 +2112,7 @@
// time we last checked login status
private long lastLoginCheck;
@@ -242,9 +250,14 @@
@@ -242,9 +250,14 @@ boolean isLoggedInNow(Session session) throws PKCS11Exception {
// call provider.login() if not
void ensureLoggedIn(Session session) throws PKCS11Exception, LoginException {
if (!isLoggedIn(session)) {
@ -2127,25 +2127,8 @@
// return whether this token object is valid (i.e. token not removed)
// returns value from last check, does not perform new check
--- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java 2024-03-15 16:05:55.397768062 +0100
+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java 2024-03-15 16:08:34.391202334 +0100
@@ -216,6 +216,14 @@
}
/**
+ * Constructor taking the error code from the RV enum and
+ * extra info for error message.
+ */
+ public PKCS11Exception(RV errorEnum, String extraInfo) {
+ this(errorEnum.value, extraInfo);
+ }
+
+ /**
* Constructor taking the error code (the CKR_* constants in PKCS#11) and
* extra info for error message.
*/
--- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java 2024-03-15 16:05:55.397768062 +0100
+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java 2024-03-15 16:08:34.391202334 +0100
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
@@ -49,6 +49,9 @@
import java.io.File;
@ -2156,7 +2139,7 @@
import java.util.*;
import java.security.AccessController;
@@ -174,19 +177,44 @@
@@ -174,19 +177,44 @@ public CK_VERSION getVersion() {
return version;
}
@ -2201,7 +2184,7 @@
if (omitInitialize == false) {
try {
pkcs11.C_Initialize(pInitArgs);
@@ -1976,4 +2004,194 @@
@@ -1976,4 +2004,194 @@ public synchronized void C_GenerateRandom(long hSession, byte[] randomData)
super.C_GenerateRandom(hSession, randomData);
}
}
@ -2396,8 +2379,25 @@
+ }
+}
}
--- jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/NssdbPin.java 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/NssdbPin.java 2024-03-15 16:08:34.397869005 +0100
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java
@@ -215,6 +215,14 @@ private static String lookup(long errorCode) {
return res;
}
+ /**
+ * Constructor taking the error code from the RV enum and
+ * extra info for error message.
+ */
+ public PKCS11Exception(RV errorEnum, String extraInfo) {
+ this(errorEnum.value, extraInfo);
+ }
+
/**
* Constructor taking the error code (the CKR_* constants in PKCS#11) and
* extra info for error message.
--- /dev/null
+++ b/test/jdk/sun/security/pkcs11/fips/NssdbPin.java
@@ -0,0 +1,349 @@
+/*
+ * Copyright (c) 2022, Red Hat, Inc.
@ -2748,8 +2748,8 @@
+ "2nd line with garbage");
+ }
+}
--- jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java 1970-01-01 01:00:00.000000000 +0100
+++ jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java 2024-03-15 16:08:34.397869005 +0100
--- /dev/null
+++ b/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2022, Red Hat, Inc.

140
java-22-openjdk.changes
View File

@ -1,3 +1,143 @@
-------------------------------------------------------------------
Thu Apr 18 14:57:53 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstream tag jdk-22.0.1+8 (April 2024 CPU)
* Security fixes
+ JDK-8315708, CVE-2024-21012, bsc#1222987: Enhance HTTP/2
client usage
+ JDK-8318340: Improve RSA key implementations
+ JDK-8319851, CVE-2024-21011, bsc#1222979: Improve exception
logging
+ JDK-8322122, CVE-2024-21068, bsc#1222983: Enhance generation
of addresses
* Other changes
+ JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently
in timeout
+ JDK-8314275: Incorrect stepping in switch
+ JDK-8317299: safepoint scalarization doesn't keep track of
the depth of the JVM state
+ JDK-8317804: com/sun/jdi/JdwpAllowTest.java fails on Alpine
3.17 / 3.18
+ JDK-8318158: RISC-V: implement roundD/roundF intrinsics
+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java
+ JDK-8318696: Do not use LFS64 symbols on Linux
+ JDK-8319382: com/sun/jdi/JdwpAllowTest.java shows failures on
AIX if prefixLen of mask is larger than 32 in IPv6 case
+ JDK-8320890: [AIX] Find a better way to mimic dl handle
equality
+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older
Windows versions
+ JDK-8321374: Add a configure option to explicitly set
CompanyName property in VersionInfo resource for Windows
exe/dll
+ JDK-8321408: Add Certainly roots R1 and E1
+ JDK-8321480: ISO 4217 Amendment 176 Update
+ JDK-8321489: Update LCMS to 2.16
+ JDK-8321815: Shenandoah: gc state should be synchronized to
java threads only once per safepoint
+ JDK-8321972: test runtime/Unsafe/InternalErrorTest.java
timeout on linux-riscv64 platform
+ JDK-8322092: Bump version numbers for 22.0.1
+ JDK-8322098: os::Linux::print_system_memory_info enhance the
THP output with
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
+ JDK-8322159: ThisEscapeAnalyzer crashes for erroneous code
+ JDK-8322163: runtime/Unsafe/InternalErrorTest.java fails on
Alpine after JDK-8320886
+ JDK-8322417: Console read line with zero out should zero out
when throwing exception
+ JDK-8322725: (tz) Update Timezone Data to 2023d
+ JDK-8322772: Clean up code after JDK-8322417
+ JDK-8322783: prioritize /etc/os-release over
/etc/SuSE-release in hs_err/info output
+ JDK-8322790: RISC-V: Tune costs for shuffles with no
conversion
+ JDK-8322945: Problemlist runtime/CompressedOops/
/CompressedClassPointers.java on AIX
+ JDK-8323021: Shenandoah: Encountered reference count always
attributed to first worker thread
+ JDK-8323065: Unneccesary CodeBlob lookup in
CompiledIC::internal_set_ic_destination
+ JDK-8323086: Shenandoah: Heap could be corrupted by oom
during evacuation
+ JDK-8323154: C2: assert(cmp != nullptr && cmp->Opcode() ==
Op_Cmp(bt)) failed: no exit test
+ JDK-8323170: j2dbench is using outdated javac source/target
to be able to build by itself
+ JDK-8323210: Update the usage of cmsFLAGS_COPY_ALPHA
+ JDK-8323331: fix typo hpage_pdm_size
+ JDK-8323428: Shenandoah: Unused memory in regions compacted
during a full GC should be mangled
+ JDK-8323515: Create test alias "all" for all test roots
+ JDK-8323637: Capture hotspot replay files in GHA
+ JDK-8323657: Compilation of snippet results in VerifyError at
runtime with --release 9 (and above)
+ JDK-8323664: java/awt/font/JNICheck/FreeTypeScalerJNICheck.java
still fails with JNI warning on some Windows configurations
+ JDK-8323675: Race in jdk.javadoc-gendata
+ JDK-8323920: Change milestone to fcs for all releases
+ JDK-8323964: runtime/Thread/ThreadCountLimit.java fails
intermittently on AIX
+ JDK-8324041: ModuleOption.java failed with update release
versioning scheme
+ JDK-8324050: Issue store-store barrier after re-materializing
objects during deoptimization
+ JDK-8324280: RISC-V: Incorrect implementation in
VM_Version::parse_satp_mode
+ JDK-8324347: Enable "maybe-uninitialized" warning for
FreeType 2.13.1
+ JDK-8324598: use mem_unit when working with sysinfo memory
and swap related information
+ JDK-8324637: [aix] Implement support for reporting swap space
in jdk.management
+ JDK-8324647: Invalid test group of lib-test after JDK-8323515
+ JDK-8324659: GHA: Generic jtreg errors are not reported
+ JDK-8324753: [AIX] adjust os_posix after JDK-8318696
+ JDK-8324937: GHA: Avoid multiple test suites per job
+ JDK-8325074: ZGC fails assert(index == 0 ||
is_power_of_2(index)) failed: Incorrect load shift: 11
+ JDK-8325150: (tz) Update Timezone Data to 2024a
+ JDK-8325203: System.exit(0) kills the launched 3rd party
application
+ JDK-8325213: Flags introduced by configure script are not
passed to ADLC build
+ JDK-8325313: Header format error in TestIntrinsicBailOut
after JDK-8317299
+ JDK-8325326: [PPC64] Don't relocate in case of allocation
failure
+ JDK-8325470: [AIX] use fclose after fopen in read_psinfo
+ JDK-8325496: Make TrimNativeHeapInterval a product switch
+ JDK-8325590: Regression in round-tripping UTF-16 strings
after JDK-8311906
+ JDK-8325672: C2: allocate PhaseIdealLoop::_loop_or_ctrl from
C->comp_arena()
+ JDK-8325876: crashes in docker container tests on
Linuxppc64le Power8 machines
+ JDK-8326000: Remove obsolete comments for class
sun.security.ssl.SunJSSE
+ JDK-8326101: [PPC64] Need to bailout cleanly if creation of
stubs fails when code cache is out of space
+ JDK-8326360: Update the Zlib version in
open/src/java.base/share/legal/zlib.md to 1.3
+ JDK-8326638: Crash in
PhaseIdealLoop::remix_address_expressions due to unexpected
Region instead of Loop
+ JDK-8327391: Add SipHash attribution file
- Modified patches:
* PStack-808293.patch
* disable-doclint-by-default.patch
* fips.patch
* java-22-openjdk.spec
* java-atk-wrapper-security.patch
* loadAssistiveTechnologies.patch
* memory-limits.patch
* multiple-pkcs11-library-init.patch
* reproducible-properties.patch
* system-pcsclite.patch
* zero-ranges.patch
+ rediff to apply without fuzz
-------------------------------------------------------------------
Fri Mar 15 14:45:03 UTC 2024 - Fridrich Strba <fstrba@suse.com>

26
java-22-openjdk.spec
View File

@ -33,8 +33,8 @@
# Standard JPackage naming and versioning defines.
%global featurever 22
%global interimver 0
#global updatever 0
%global buildver 36
%global updatever 1
%global buildver 8
%global openjdk_repo jdk22u
%global openjdk_tag jdk-%{featurever}%{?updatever:.%{interimver}.%{updatever}}%{?patchver:.%{patchver}}+%{buildver}
%global openjdk_dir %{openjdk_repo}-jdk-%{featurever}%{?updatever:.%{interimver}.%{updatever}}%{?patchver:.%{patchver}}-%{buildver}
@ -100,6 +100,9 @@
%global package_version %{featurever}.%{interimver}.%{?updatever:%{updatever}}%{!?updatever:0}.%{?patchver:%{patchver}}%{!?patchver:0}~%{buildver}
%endif
%global NSS_LIBDIR %(pkg-config --variable=libdir nss)
%if 0%{?gcc_version} < 7
%global with_gcc 7
%endif
%bcond_with zero
%if ! %{with zero}
%global with_systemtap 1
@ -178,6 +181,8 @@ BuildRequires: desktop-file-utils
BuildRequires: fdupes
BuildRequires: fontconfig-devel
BuildRequires: freetype2-devel
BuildRequires: gcc%{?with_gcc}
BuildRequires: gcc%{?with_gcc}-c++
BuildRequires: giflib-devel
BuildRequires: hicolor-icon-theme
BuildRequires: java-ca-certificates
@ -231,13 +236,6 @@ Provides: jre1.7.x
Provides: jre1.8.x
Provides: jre1.9.x
%endif
%if 0%{?suse_version} < 1500
BuildRequires: gcc7
BuildRequires: gcc7-c++
%else
BuildRequires: gcc >= 7
BuildRequires: gcc-c++ >= 7
%endif
%if %{with_system_lcms}
BuildRequires: liblcms2-devel
%endif
@ -450,11 +448,11 @@ mkdir -p %{buildoutputdir}
pushd %{buildoutputdir}
bash ../configure \
%if 0%{?suse_version} < 1500
CPP=cpp-7 \
CXX=g++-7 \
CC=gcc-7 \
NM=gcc-nm-7 \
%if 0%{?with_gcc}
CPP="cpp-%{with_gcc}" \
CXX="g++-%{with_gcc}" \
CC="gcc-%{with_gcc}" \
NM="gcc-nm-%{with_gcc}" \
%endif
%if %{is_release}
--with-version-pre="" \

4
java-atk-wrapper-security.patch
View File

@ -1,6 +1,6 @@
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -307,6 +307,8 @@ keystore.type.compat=true
@@ -313,6 +313,8 @@ keystore.type.compat=true
#
package.access=sun.misc.,\
sun.reflect.,\
@ -9,7 +9,7 @@
#
# List of comma-separated packages that start with or equal this string
@@ -319,6 +321,8 @@ package.access=sun.misc.,\
@@ -325,6 +327,8 @@ package.access=sun.misc.,\
#
package.definition=sun.misc.,\
sun.reflect.,\

3
jdk-22+36.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:19cbda061fa41860fa2251f0994e7792c06aec63c8d0ae650353c850be5a8a4c
size 111988154

3
jdk-22.0.1+8.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0cfb7f2799384df43a9832df638f31c9be33a4a8650f8478f35272ee70dd7173
size 112015695

2
loadAssistiveTechnologies.patch
View File

@ -1,6 +1,6 @@
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java
+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java
@@ -602,7 +602,11 @@ public abstract class Toolkit {
@@ -598,7 +598,11 @@ public static synchronized Toolkit getDefaultToolkit() {
toolkit = new HeadlessToolkit(toolkit);
}
if (!GraphicsEnvironment.isHeadless()) {

2
memory-limits.patch
View File

@ -1,6 +1,6 @@
--- a/src/hotspot/share/gc/shared/gc_globals.hpp
+++ b/src/hotspot/share/gc/shared/gc_globals.hpp
@@ -596,7 +596,7 @@
@@ -591,7 +591,7 @@
"Initial heap size (in bytes); zero means use ergonomics") \
constraint(InitialHeapSizeConstraintFunc,AfterErgo) \
\

14
multiple-pkcs11-library-init.patch
View File

@ -1,6 +1,6 @@
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java 2023-04-01 12:03:26.147543172 +0200
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java 2023-04-01 12:03:45.455660866 +0200
@@ -52,6 +52,7 @@
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java
@@ -52,6 +52,7 @@ final class Config {
static final int ERR_HALT = 1;
static final int ERR_IGNORE_ALL = 2;
static final int ERR_IGNORE_LIB = 3;
@ -8,7 +8,7 @@
// same as allowSingleThreadedModules but controlled via a system property
// and applied to all providers. if set to false, no SunPKCS11 instances
@@ -1037,6 +1038,7 @@
@@ -1037,6 +1038,7 @@ private void parseHandleStartupErrors(String keyword) throws IOException {
handleStartupErrors = switch (val) {
case "ignoreAll" -> ERR_IGNORE_ALL;
case "ignoreMissingLibrary" -> ERR_IGNORE_LIB;
@ -16,9 +16,9 @@
case "halt" -> ERR_HALT;
default -> throw excToken("Invalid value for handleStartupErrors:");
};
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2023-04-01 12:03:26.147543172 +0200
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2023-04-01 12:07:19.664979695 +0200
@@ -184,26 +184,37 @@
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -184,26 +184,37 @@ private static <T> T checkNull(T obj) {
String nssLibraryDirectory = config.getNssLibraryDirectory();
String nssSecmodDirectory = config.getNssSecmodDirectory();
boolean nssOptimizeSpace = config.getNssOptimizeSpace();

2
reproducible-properties.patch
View File

@ -1,6 +1,6 @@
--- a/src/java.base/share/classes/java/util/Properties.java
+++ b/src/java.base/share/classes/java/util/Properties.java
@@ -955,7 +955,7 @@ public class Properties extends Hashtable<Object,Object> {
@@ -955,7 +955,7 @@ private static void writeDateComment(BufferedWriter bw) throws IOException {
if (sysPropVal != null && !sysPropVal.isEmpty()) {
writeComments(bw, sysPropVal);
} else {

38
system-pcsclite.patch
View File

@ -1,6 +1,6 @@
--- jdk22u-jdk-22-36/make/autoconf/lib-bundled.m4 2024-03-15 16:01:46.767610222 +0100
+++ jdk22u-jdk-22-36/make/autoconf/lib-bundled.m4 2024-03-15 16:01:55.957616058 +0100
@@ -41,6 +41,7 @@
--- a/make/autoconf/lib-bundled.m4
+++ b/make/autoconf/lib-bundled.m4
@@ -41,6 +41,7 @@ AC_DEFUN_ONCE([LIB_SETUP_BUNDLED_LIBS],
LIB_SETUP_ZLIB
LIB_SETUP_LCMS
LIB_SETUP_HARFBUZZ
@ -8,7 +8,7 @@
])
################################################################################
@@ -309,3 +310,41 @@
@@ -309,3 +310,41 @@ AC_DEFUN_ONCE([LIB_SETUP_HARFBUZZ],
AC_SUBST(HARFBUZZ_CFLAGS)
AC_SUBST(HARFBUZZ_LIBS)
])
@ -50,9 +50,9 @@
+
+ AC_SUBST(USE_EXTERNAL_PCSCLITE)
+])
--- jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:01:46.767610222 +0100
+++ jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:03:08.207661924 +0100
@@ -813,6 +813,7 @@
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
@@ -814,6 +814,7 @@ TAR_SUPPORTS_TRANSFORM := @TAR_SUPPORTS_TRANSFORM@
# Build setup
USE_EXTERNAL_LIBJPEG := @USE_EXTERNAL_LIBJPEG@
USE_EXTERNAL_LIBGIF := @USE_EXTERNAL_LIBGIF@
@ -60,9 +60,9 @@
USE_EXTERNAL_LIBZ := @USE_EXTERNAL_LIBZ@
LIBZ_CFLAGS := @LIBZ_CFLAGS@
LIBZ_LIBS := @LIBZ_LIBS@
--- jdk22u-jdk-22-36/make/modules/java.smartcardio/Lib.gmk 2024-03-15 16:01:46.850943608 +0100
+++ jdk22u-jdk-22-36/make/modules/java.smartcardio/Lib.gmk 2024-03-15 16:01:55.957616058 +0100
@@ -30,12 +30,12 @@
--- a/make/modules/java.smartcardio/Lib.gmk
+++ b/make/modules/java.smartcardio/Lib.gmk
@@ -30,12 +30,12 @@ include LibCommon.gmk
$(eval $(call SetupJdkLibrary, BUILD_LIBJ2PCSC, \
NAME := j2pcsc, \
CFLAGS := $(CFLAGS_JDKLIB), \
@ -78,8 +78,8 @@
LIBS_windows := winscard.lib, \
))
--- jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c 2024-03-15 16:01:47.044277064 +0100
+++ jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c 2024-03-15 16:01:55.957616058 +0100
--- a/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c
+++ b/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c
@@ -36,6 +36,7 @@
#include "pcsc_md.h"
@ -88,7 +88,7 @@
void *hModule;
FPTR_SCardEstablishContext scardEstablishContext;
FPTR_SCardConnect scardConnect;
@@ -47,6 +48,7 @@
@@ -47,6 +48,7 @@ FPTR_SCardListReaders scardListReaders;
FPTR_SCardBeginTransaction scardBeginTransaction;
FPTR_SCardEndTransaction scardEndTransaction;
FPTR_SCardControl scardControl;
@ -96,7 +96,7 @@
/*
* Throws a Java Exception by name
@@ -75,6 +77,7 @@
@@ -75,6 +77,7 @@ static void throwIOException(JNIEnv *env, const char *msg)
throwByName(env, "java/io/IOException", msg);
}
@ -104,7 +104,7 @@
static void *findFunction(JNIEnv *env, void *hModule, char *functionName) {
void *fAddress = dlsym(hModule, functionName);
if (fAddress == NULL) {
@@ -85,9 +88,11 @@
@@ -85,9 +88,11 @@ static void *findFunction(JNIEnv *env, void *hModule, char *functionName) {
}
return fAddress;
}
@ -116,14 +116,14 @@
const char *libName = (*env)->GetStringUTFChars(env, jLibName, NULL);
if (libName == NULL) {
throwNullPointerException(env, "PCSC library name is null");
@@ -141,4 +146,5 @@
@@ -141,4 +146,5 @@ JNIEXPORT void JNICALL Java_sun_security_smartcardio_PlatformPCSC_initialize
#else
scardControl = (FPTR_SCardControl) findFunction(env, hModule, "SCardControl132");
#endif // __APPLE__
+#endif
}
--- jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h 2024-03-15 16:01:47.044277064 +0100
+++ jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h 2024-03-15 16:01:55.960949394 +0100
--- a/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h
+++ b/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h
@@ -23,6 +23,8 @@
* questions.
*/
@ -133,7 +133,7 @@
typedef LONG (*FPTR_SCardEstablishContext)(DWORD dwScope,
LPCVOID pvReserved1,
LPCVOID pvReserved2,
@@ -111,3 +113,41 @@
@@ -111,3 +113,41 @@ extern FPTR_SCardListReaders scardListReaders;
extern FPTR_SCardBeginTransaction scardBeginTransaction;
extern FPTR_SCardEndTransaction scardEndTransaction;
extern FPTR_SCardControl scardControl;

2
zero-ranges.patch
View File

@ -1,6 +1,6 @@
--- a/src/hotspot/cpu/zero/globals_zero.hpp
+++ b/src/hotspot/cpu/zero/globals_zero.hpp
@@ -52,9 +52,9 @@ define_pd_global(intx, InitArrayShortSize, 0);
@@ -54,9 +54,9 @@ define_pd_global(intx, InitArrayShortSize, 0);
#define DEFAULT_STACK_SHADOW_PAGES (5 LP64_ONLY(+1) DEBUG_ONLY(+3))
#define DEFAULT_STACK_RESERVED_PAGES (0)