From 4ade273625cea25c9fec3f1ede1010e19afcefc13065b699eec5d563cd8d0733 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 20 Mar 2024 07:24:27 +0000 Subject: [PATCH 1/4] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-22-openjdk?expand=0&rev=5 --- java-22-openjdk.spec | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/java-22-openjdk.spec b/java-22-openjdk.spec index 480a8ff..9591fd5 100644 --- a/java-22-openjdk.spec +++ b/java-22-openjdk.spec @@ -100,6 +100,9 @@ %global package_version %{featurever}.%{interimver}.%{?updatever:%{updatever}}%{!?updatever:0}.%{?patchver:%{patchver}}%{!?patchver:0}~%{buildver} %endif %global NSS_LIBDIR %(pkg-config --variable=libdir nss) +%if 0%{?gcc_version} < 7 +%global with_gcc 7 +%endif %bcond_with zero %if ! %{with zero} %global with_systemtap 1 @@ -178,6 +181,8 @@ BuildRequires: desktop-file-utils BuildRequires: fdupes BuildRequires: fontconfig-devel BuildRequires: freetype2-devel +BuildRequires: gcc%{?with_gcc} +BuildRequires: gcc%{?with_gcc}-c++ BuildRequires: giflib-devel BuildRequires: hicolor-icon-theme BuildRequires: java-ca-certificates @@ -231,13 +236,6 @@ Provides: jre1.7.x Provides: jre1.8.x Provides: jre1.9.x %endif -%if 0%{?suse_version} < 1500 -BuildRequires: gcc7 -BuildRequires: gcc7-c++ -%else -BuildRequires: gcc >= 7 -BuildRequires: gcc-c++ >= 7 -%endif %if %{with_system_lcms} BuildRequires: liblcms2-devel %endif @@ -450,11 +448,11 @@ mkdir -p %{buildoutputdir} pushd %{buildoutputdir} bash ../configure \ -%if 0%{?suse_version} < 1500 - CPP=cpp-7 \ - CXX=g++-7 \ - CC=gcc-7 \ - NM=gcc-nm-7 \ +%if 0%{?with_gcc} + CPP="cpp-%{with_gcc}" \ + CXX="g++-%{with_gcc}" \ + CC="gcc-%{with_gcc}" \ + NM="gcc-nm-%{with_gcc}" \ %endif %if %{is_release} --with-version-pre="" \ From 601774ab5f42e20f3a0657c4686dce5932952c8ffdf902d30ae148b0f5dc61d0 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Thu, 18 Apr 2024 04:36:48 +0000 Subject: [PATCH 2/4] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-22-openjdk?expand=0&rev=7 --- PStack-808293.patch | 4 +- disable-doclint-by-default.patch | 6 +- fips.patch | 302 ++++++++++++++--------------- java-22-openjdk.spec | 5 +- java-atk-wrapper-security.patch | 4 +- jdk-22+36.tar.gz | 3 - jdk-22+8.tar.gz | 3 + loadAssistiveTechnologies.patch | 2 +- memory-limits.patch | 2 +- multiple-pkcs11-library-init.patch | 14 +- reproducible-properties.patch | 2 +- system-pcsclite.patch | 48 ++--- zero-ranges.patch | 2 +- 13 files changed, 198 insertions(+), 199 deletions(-) delete mode 100644 jdk-22+36.tar.gz create mode 100644 jdk-22+8.tar.gz diff --git a/PStack-808293.patch b/PStack-808293.patch index b88fc3e..f4688e3 100644 --- a/PStack-808293.patch +++ b/PStack-808293.patch @@ -1,6 +1,6 @@ --- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/PStack.java +++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/tools/PStack.java -@@ -101,7 +101,8 @@ public class PStack extends Tool { +@@ -101,7 +101,8 @@ public void run(PrintStream out, Debugger dbg) { if (jthread != null) { jthread.printThreadInfoOn(out); } @@ -10,7 +10,7 @@ ClosestSymbol sym = f.closestSymbolToPC(); Address pc = f.pc(); out.print(pc + "\t"); -@@ -183,10 +184,19 @@ public class PStack extends Tool { +@@ -183,10 +184,19 @@ public void run(PrintStream out, Debugger dbg) { } } } diff --git a/disable-doclint-by-default.patch b/disable-doclint-by-default.patch index 72c0d28..2ef2c49 100644 --- a/disable-doclint-by-default.patch +++ b/disable-doclint-by-default.patch @@ -1,6 +1,6 @@ --- a/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/toolkit/BaseConfiguration.java +++ b/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/toolkit/BaseConfiguration.java -@@ -795,7 +795,7 @@ public abstract class BaseConfiguration { +@@ -631,7 +631,7 @@ public void initDocLint(List opts, Set customTagNames) { } } else { // no -Xmsgs options of any kind, use default @@ -11,7 +11,7 @@ if (!customTagNames.isEmpty()) { --- a/test/langtools/jdk/javadoc/tool/doclint/DocLintTest.java +++ b/test/langtools/jdk/javadoc/tool/doclint/DocLintTest.java -@@ -150,12 +150,12 @@ public class DocLintTest { +@@ -150,12 +150,12 @@ void run() throws Exception { files = List.of(new TestJFO("Test.java", code)); test(List.of(htmlVersion), @@ -28,7 +28,7 @@ // test(List.of("-Xdoclint:none"), // Main.Result.OK, -@@ -178,8 +178,8 @@ public class DocLintTest { +@@ -178,8 +178,8 @@ void run() throws Exception { EnumSet.of(Message.DL_WRN14)); test(List.of(htmlVersion, rawDiags, "-private"), diff --git a/fips.patch b/fips.patch index 297680f..eece66e 100644 --- a/fips.patch +++ b/fips.patch @@ -1,6 +1,6 @@ ---- jdk22u-jdk-22-36/make/autoconf/build-aux/pkg.m4 2024-03-15 16:05:55.017767821 +0100 -+++ jdk22u-jdk-22-36/make/autoconf/build-aux/pkg.m4 2024-03-15 16:08:34.387868998 +0100 -@@ -179,3 +179,19 @@ +--- a/make/autoconf/build-aux/pkg.m4 ++++ b/make/autoconf/build-aux/pkg.m4 +@@ -179,3 +179,19 @@ else ifelse([$3], , :, [$3]) fi[]dnl ])# PKG_CHECK_MODULES @@ -20,26 +20,8 @@ + +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])dnl PKG_CHECK_VAR ---- jdk22u-jdk-22-36/make/autoconf/libraries.m4 2024-03-15 16:05:55.017767821 +0100 -+++ jdk22u-jdk-22-36/make/autoconf/libraries.m4 2024-03-15 16:08:34.387868998 +0100 -@@ -35,6 +35,7 @@ - m4_include([lib-x11.m4]) - - m4_include([lib-tests.m4]) -+m4_include([lib-sysconf.m4]) - - ################################################################################ - # Determine which libraries are needed for this configuration -@@ -128,6 +129,7 @@ - LIB_SETUP_X11 - - LIB_TESTS_SETUP_GTEST -+ LIB_SETUP_SYSCONF_LIBS - - BASIC_JDKLIB_LIBS="" - BASIC_JDKLIB_LIBS_TARGET="" ---- jdk22u-jdk-22-36/make/autoconf/lib-sysconf.m4 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/make/autoconf/lib-sysconf.m4 2024-03-15 16:08:34.387868998 +0100 +--- /dev/null ++++ b/make/autoconf/lib-sysconf.m4 @@ -0,0 +1,87 @@ +# +# Copyright (c) 2021, Red Hat, Inc. @@ -128,9 +110,27 @@ + AC_SUBST(USE_SYSCONF_NSS) + AC_SUBST(NSS_LIBDIR) +]) ---- jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:05:55.017767821 +0100 -+++ jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:11:32.251315250 +0100 -@@ -830,6 +830,11 @@ +--- a/make/autoconf/libraries.m4 ++++ b/make/autoconf/libraries.m4 +@@ -35,6 +35,7 @@ m4_include([lib-std.m4]) + m4_include([lib-x11.m4]) + + m4_include([lib-tests.m4]) ++m4_include([lib-sysconf.m4]) + + ################################################################################ + # Determine which libraries are needed for this configuration +@@ -134,6 +135,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], + LIB_SETUP_X11 + + LIB_TESTS_SETUP_GTEST ++ LIB_SETUP_SYSCONF_LIBS + + BASIC_JDKLIB_LIBS="" + BASIC_JDKLIB_LIBS_TARGET="" +--- a/make/autoconf/spec.gmk.in ++++ b/make/autoconf/spec.gmk.in +@@ -873,6 +873,11 @@ PANDOC_MARKDOWN_FLAG := @PANDOC_MARKDOWN_FLAG@ # Libraries # @@ -139,12 +139,12 @@ +NSS_CFLAGS:=@NSS_CFLAGS@ +NSS_LIBDIR:=@NSS_LIBDIR@ + - USE_EXTERNAL_LCMS := @USE_EXTERNAL_LCMS@ - LCMS_CFLAGS := @LCMS_CFLAGS@ - LCMS_LIBS := @LCMS_LIBS@ ---- jdk22u-jdk-22-36/make/modules/java.base/Gendata.gmk 2024-03-15 16:05:55.097767871 +0100 -+++ jdk22u-jdk-22-36/make/modules/java.base/Gendata.gmk 2024-03-15 16:08:34.387868998 +0100 -@@ -98,3 +98,17 @@ + USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@ + LCMS_CFLAGS:=@LCMS_CFLAGS@ + LCMS_LIBS:=@LCMS_LIBS@ +--- a/make/modules/java.base/Gendata.gmk ++++ b/make/modules/java.base/Gendata.gmk +@@ -98,3 +98,17 @@ $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS_JDK) $(GENDATA_JAVA_SECURITY_SRC) $(REST TARGETS += $(GENDATA_JAVA_SECURITY) ################################################################################ @@ -162,12 +162,13 @@ +TARGETS += $(GENDATA_NSS_FIPS_CFG) + +################################################################################ ---- jdk22u-jdk-22-36/make/modules/java.base/Lib.gmk 2024-03-15 16:05:55.101101207 +0100 -+++ jdk22u-jdk-22-36/make/modules/java.base/Lib.gmk 2024-03-15 16:08:34.387868998 +0100 -@@ -165,6 +165,29 @@ +--- a/make/modules/java.base/Lib.gmk ++++ b/make/modules/java.base/Lib.gmk +@@ -163,6 +163,29 @@ ifeq ($(call isTargetOsType, unix), true) + endif endif - ################################################################################ ++################################################################################ +# Create the systemconf library + +LIBSYSTEMCONF_CFLAGS := @@ -190,12 +191,11 @@ + +TARGETS += $(BUILD_LIBSYSTEMCONF) + -+################################################################################ + ################################################################################ # Create the symbols file for static builds. - ifeq ($(STATIC_BUILD), true) ---- jdk22u-jdk-22-36/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java 2024-03-15 16:05:55.677768239 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java 2024-03-15 16:08:34.387868998 +0100 +--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java ++++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java @@ -31,6 +31,7 @@ import java.security.PrivilegedAction; import java.util.HashMap; @@ -215,7 +215,7 @@ @java.io.Serial private static final long serialVersionUID = 6812507587804302833L; -@@ -147,6 +152,7 @@ +@@ -147,6 +152,7 @@ public Void run() { void putEntries() { // reuse attribute map and reset before each reuse HashMap attrs = new HashMap<>(3); @@ -223,7 +223,7 @@ attrs.put("SupportedModes", "ECB"); attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" + "|OAEPWITHMD5ANDMGF1PADDING" -@@ -439,6 +444,7 @@ +@@ -439,6 +445,7 @@ void putEntries() { psA("KeyPairGenerator", "DiffieHellman", "com.sun.crypto.provider.DHKeyPairGenerator", null); @@ -231,7 +231,7 @@ /* * Algorithm parameter generation engines -@@ -447,6 +453,7 @@ +@@ -447,6 +454,7 @@ void putEntries() { "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", null); @@ -239,7 +239,7 @@ /* * Key Agreement engines */ -@@ -456,6 +463,7 @@ +@@ -456,6 +464,7 @@ void putEntries() { psA("KeyAgreement", "DiffieHellman", "com.sun.crypto.provider.DHKeyAgreement", attrs); @@ -247,7 +247,7 @@ /* * Algorithm Parameter engines -@@ -651,6 +659,7 @@ +@@ -651,6 +660,7 @@ void putEntries() { ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_256"); @@ -255,7 +255,7 @@ // PBKDF2 psA("SecretKeyFactory", "PBKDF2WithHmacSHA1", "com.sun.crypto.provider.PBKDF2Core$HmacSHA1", -@@ -782,6 +790,7 @@ +@@ -782,6 +792,7 @@ void putEntries() { "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator", List.of("SunTls12RsaPremasterSecret"), null); } @@ -263,8 +263,8 @@ // Return the instance of this class or create one if needed. static SunJCE getInstance() { ---- jdk22u-jdk-22-36/src/java.base/share/classes/java/security/Security.java 2024-03-15 16:05:55.704434923 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/java/security/Security.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/java.base/share/classes/java/security/Security.java ++++ b/src/java.base/share/classes/java/security/Security.java @@ -34,6 +34,7 @@ import jdk.internal.access.JavaSecurityPropertiesAccess; import jdk.internal.event.EventHelper; @@ -285,7 +285,7 @@ /* Are we debugging? -- for developers */ private static final Debug sdebug = Debug.getInstance("properties"); -@@ -75,6 +81,19 @@ +@@ -75,6 +81,19 @@ private static class ProviderProperty { } static { @@ -305,7 +305,7 @@ // doPrivileged here because there are multiple // things in initialize that might require privs. // (the FileInputStream call and the File.exists call, -@@ -96,6 +115,7 @@ +@@ -96,6 +115,7 @@ public Properties getInitialProperties() { private static void initialize() { props = new Properties(); boolean overrideAll = false; @@ -313,7 +313,7 @@ // first load the system properties file // to determine the value of security.overridePropertiesFile -@@ -116,6 +136,61 @@ +@@ -116,6 +136,61 @@ private static void initialize() { } loadProps(null, extraPropFile, overrideAll); } @@ -375,7 +375,7 @@ initialSecurityProperties = (Properties) props.clone(); if (sdebug != null) { for (String key : props.stringPropertyNames()) { -@@ -126,7 +201,7 @@ +@@ -126,7 +201,7 @@ private static void initialize() { } @@ -384,8 +384,8 @@ InputStream is = null; try { if (masterFile != null && masterFile.exists()) { ---- jdk22u-jdk-22-36/src/java.base/share/classes/java/security/SystemConfigurator.java 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/java/security/SystemConfigurator.java 2024-03-15 16:08:34.391202334 +0100 +--- /dev/null ++++ b/src/java.base/share/classes/java/security/SystemConfigurator.java @@ -0,0 +1,232 @@ +/* + * Copyright (c) 2019, 2021, Red Hat, Inc. @@ -619,8 +619,8 @@ + } + } +} ---- jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java 2024-03-15 16:08:34.391202334 +0100 +--- /dev/null ++++ b/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2020, Red Hat, Inc. @@ -653,8 +653,8 @@ + boolean isSystemFipsEnabled(); + boolean isPlainKeySupportEnabled(); +} ---- jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java 2024-03-15 16:05:55.727768271 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java ++++ b/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java @@ -43,6 +43,7 @@ import java.io.PrintWriter; import java.io.RandomAccessFile; @@ -663,7 +663,7 @@ import java.security.Signature; /** A repository of "shared secrets", which are a mechanism for -@@ -90,6 +91,7 @@ +@@ -90,6 +91,7 @@ public class SharedSecrets { private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess; private static JavaxCryptoSpecAccess javaxCryptoSpecAccess; private static JavaTemplateAccess javaTemplateAccess; @@ -671,7 +671,7 @@ public static void setJavaUtilCollectionAccess(JavaUtilCollectionAccess juca) { javaUtilCollectionAccess = juca; -@@ -537,4 +539,15 @@ +@@ -537,4 +539,15 @@ private static void ensureClassInitialized(Class c) { MethodHandles.lookup().ensureInitialized(c); } catch (IllegalAccessException e) {} } @@ -687,9 +687,9 @@ + return javaSecuritySystemConfiguratorAccess; + } } ---- jdk22u-jdk-22-36/src/java.base/share/classes/module-info.java 2024-03-15 16:05:55.744434949 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/module-info.java 2024-03-15 16:08:34.391202334 +0100 -@@ -168,6 +168,7 @@ +--- a/src/java.base/share/classes/module-info.java ++++ b/src/java.base/share/classes/module-info.java +@@ -158,6 +158,7 @@ java.naming, java.rmi, jdk.charsets, @@ -697,8 +697,8 @@ jdk.jartool, jdk.jlink, jdk.jfr, ---- jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/ec/SunEC.java 2024-03-15 16:05:55.754434955 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/ec/SunEC.java 2024-03-15 16:08:34.397869005 +0100 +--- a/src/java.base/share/classes/sun/security/ec/SunEC.java ++++ b/src/java.base/share/classes/sun/security/ec/SunEC.java @@ -34,6 +34,7 @@ import java.util.HashMap; import java.util.List; @@ -707,7 +707,7 @@ import sun.security.ec.ed.EdDSAKeyFactory; import sun.security.ec.ed.EdDSAKeyPairGenerator; import sun.security.ec.ed.EdDSASignature; -@@ -50,6 +51,10 @@ +@@ -50,6 +51,10 @@ public final class SunEC extends Provider { private static final long serialVersionUID = -2279741672933606418L; @@ -718,7 +718,7 @@ private static class ProviderServiceA extends ProviderService { ProviderServiceA(Provider p, String type, String algo, String cn, HashMap attrs) { -@@ -240,6 +245,7 @@ +@@ -240,6 +245,7 @@ void putEntries() { putXDHEntries(); putEdDSAEntries(); @@ -726,7 +726,7 @@ /* * Signature engines */ -@@ -318,6 +324,7 @@ +@@ -318,6 +324,7 @@ void putEntries() { putService(new ProviderService(this, "KeyAgreement", "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS)); } @@ -734,7 +734,7 @@ private void putXDHEntries() { -@@ -333,6 +340,7 @@ +@@ -333,6 +340,7 @@ private void putXDHEntries() { "X448", "sun.security.ec.XDHKeyFactory.X448", ATTRS)); @@ -742,7 +742,7 @@ putService(new ProviderService(this, "KeyPairGenerator", "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS)); putService(new ProviderServiceA(this, "KeyPairGenerator", -@@ -351,6 +359,7 @@ +@@ -351,6 +359,7 @@ private void putXDHEntries() { "X448", "sun.security.ec.XDHKeyAgreement.X448", ATTRS)); } @@ -750,7 +750,7 @@ private void putEdDSAEntries() { -@@ -364,6 +373,7 @@ +@@ -364,6 +373,7 @@ private void putEdDSAEntries() { putService(new ProviderServiceA(this, "KeyFactory", "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS)); @@ -758,7 +758,7 @@ putService(new ProviderService(this, "KeyPairGenerator", "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS)); putService(new ProviderServiceA(this, "KeyPairGenerator", -@@ -379,6 +389,7 @@ +@@ -379,6 +389,7 @@ private void putEdDSAEntries() { "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS)); putService(new ProviderServiceA(this, "Signature", "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS)); @@ -766,8 +766,8 @@ } } ---- jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/provider/SunEntries.java 2024-03-15 16:05:55.754434955 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/provider/SunEntries.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/java.base/share/classes/sun/security/provider/SunEntries.java ++++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -38,6 +38,7 @@ import java.util.Iterator; import java.util.LinkedHashSet; @@ -787,7 +787,7 @@ // the default algo used by SecureRandom class for new SecureRandom() calls public static final String DEF_SECURE_RANDOM_ALGO; -@@ -102,6 +107,7 @@ +@@ -102,6 +107,7 @@ public final class SunEntries { // common attribute map HashMap attrs = new HashMap<>(3); @@ -795,7 +795,7 @@ /* * SecureRandom engines */ -@@ -186,6 +192,8 @@ +@@ -186,6 +192,8 @@ public final class SunEntries { add(p, "Signature", "SHA3-512withDSAinP1363Format", "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); @@ -804,7 +804,7 @@ attrs.clear(); attrs.put("ImplementedIn", "Software"); addWithAlias(p, "Signature", "HSS/LMS", "sun.security.provider.HSS", attrs); -@@ -196,9 +204,11 @@ +@@ -196,9 +204,11 @@ public final class SunEntries { attrs.put("ImplementedIn", "Software"); attrs.put("KeySize", "2048"); // for DSA KPG and APG only @@ -816,7 +816,7 @@ /* * Algorithm Parameter Generator engines -@@ -213,6 +223,7 @@ +@@ -213,6 +223,7 @@ public final class SunEntries { addWithAlias(p, "AlgorithmParameters", "DSA", "sun.security.provider.DSAParameters", attrs); @@ -824,7 +824,7 @@ /* * Key factories */ -@@ -251,6 +262,7 @@ +@@ -251,6 +262,7 @@ public final class SunEntries { "sun.security.provider.SHA3$SHA384", attrs); addWithAlias(p, "MessageDigest", "SHA3-512", "sun.security.provider.SHA3$SHA512", attrs); @@ -832,8 +832,8 @@ /* * Certificates ---- jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java 2024-03-15 16:05:55.757768290 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java ++++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java @@ -27,6 +27,7 @@ import java.util.*; @@ -853,7 +853,7 @@ private void add(Provider p, String type, String algo, String cn, List aliases, HashMap attrs) { services.add(new Provider.Service(p, type, algo, cn, -@@ -63,6 +68,8 @@ +@@ -63,6 +68,8 @@ public SunRsaSignEntries(Provider p) { add(p, "KeyFactory", "RSA", "sun.security.rsa.RSAKeyFactory$Legacy", getAliases("PKCS1"), null); @@ -862,7 +862,7 @@ add(p, "KeyPairGenerator", "RSA", "sun.security.rsa.RSAKeyPairGenerator$Legacy", getAliases("PKCS1"), null); -@@ -92,13 +99,18 @@ +@@ -92,13 +99,18 @@ public SunRsaSignEntries(Provider p) { "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs); addA(p, "Signature", "SHA3-512withRSA", "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs); @@ -881,12 +881,13 @@ addA(p, "AlgorithmParameters", "RSASSA-PSS", "sun.security.rsa.PSSParameters", null); } ---- jdk22u-jdk-22-36/src/java.base/share/conf/security/java.security 2024-03-15 16:05:55.771101632 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/conf/security/java.security 2024-03-15 16:08:34.391202334 +0100 -@@ -86,6 +86,17 @@ +--- a/src/java.base/share/conf/security/java.security ++++ b/src/java.base/share/conf/security/java.security +@@ -85,6 +85,17 @@ security.provider.tbd=Apple + #endif security.provider.tbd=SunPKCS11 - # ++# +# Security providers used when FIPS mode support is active +# +fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg @@ -897,14 +898,14 @@ +fips.provider.6=SunRsaSign +fips.provider.7=XMLDSig + -+# + # # A list of preferred providers for specific algorithms. These providers will # be searched for matching algorithms before the list of registered providers. - # Entries containing errors (parsing, etc) will be ignored. Use the -@@ -296,6 +307,47 @@ +@@ -295,6 +306,47 @@ policy.ignoreIdentityScope=false + # keystore.type=pkcs12 - # ++# +# Default keystore type used when global crypto-policies are set to FIPS. +# +fips.keystore.type=pkcs12 @@ -945,26 +946,25 @@ +# +fips.nssdb.pin=pin: + -+# + # # Controls compatibility mode for JKS and PKCS12 keystore types. # - # When set to 'true', both JKS and PKCS12 keystore types support loading -@@ -333,6 +385,13 @@ +@@ -336,6 +388,13 @@ package.definition=sun.misc.,\ + # security.overridePropertiesFile=true - # ++# +# Determines whether this properties file will be appended to +# using the system properties file stored at +# /etc/crypto-policies/back-ends/java.config +# +security.useSystemPropertiesFile=true + -+# + # # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. - # ---- jdk22u-jdk-22-36/src/java.base/share/conf/security/nss.fips.cfg.in 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/conf/security/nss.fips.cfg.in 2024-03-15 16:08:34.391202334 +0100 +--- /dev/null ++++ b/src/java.base/share/conf/security/nss.fips.cfg.in @@ -0,0 +1,8 @@ +name = NSS-FIPS +nssLibraryDirectory = @NSS_LIBDIR@ @@ -974,9 +974,9 @@ + +attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true } + ---- jdk22u-jdk-22-36/src/java.base/share/lib/security/default.policy 2024-03-15 16:05:55.777768303 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/lib/security/default.policy 2024-03-15 16:10:36.574613233 +0100 -@@ -134,6 +134,7 @@ +--- a/src/java.base/share/lib/security/default.policy ++++ b/src/java.base/share/lib/security/default.policy +@@ -134,6 +134,7 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" { permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.access"; permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; @@ -984,7 +984,7 @@ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; -@@ -141,6 +142,8 @@ +@@ -141,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" { permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; @@ -993,8 +993,8 @@ permission java.security.SecurityPermission "putProviderProperty.*"; permission java.security.SecurityPermission "clearProviderProperties.*"; permission java.security.SecurityPermission "removeProviderProperty.*"; ---- jdk22u-jdk-22-36/src/java.base/share/native/libsystemconf/systemconf.c 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/src/java.base/share/native/libsystemconf/systemconf.c 2024-03-15 16:08:34.391202334 +0100 +--- /dev/null ++++ b/src/java.base/share/native/libsystemconf/systemconf.c @@ -0,0 +1,236 @@ +/* + * Copyright (c) 2021, Red Hat, Inc. @@ -1232,8 +1232,8 @@ +} + +#endif ---- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java 2024-03-15 16:08:34.391202334 +0100 +--- /dev/null ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java @@ -0,0 +1,457 @@ +/* + * Copyright (c) 2021, Red Hat, Inc. @@ -1692,8 +1692,8 @@ + } + } +} ---- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java 2024-03-15 16:08:34.391202334 +0100 +--- /dev/null ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2022, Red Hat, Inc. @@ -1845,8 +1845,8 @@ + } +} \ No newline at end of file ---- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java 2024-03-15 16:05:55.394434726 +0100 -+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java @@ -37,6 +37,8 @@ import javax.crypto.interfaces.*; import javax.crypto.spec.*; @@ -1856,7 +1856,7 @@ import sun.security.rsa.RSAUtil.KeyType; import sun.security.rsa.RSAPublicKeyImpl; import sun.security.rsa.RSAPrivateCrtKeyImpl; -@@ -72,6 +74,9 @@ +@@ -72,6 +74,9 @@ abstract class P11Key implements Key, Length { @Serial private static final long serialVersionUID = -2575874101938349339L; @@ -1866,7 +1866,7 @@ private static final String PUBLIC = "public"; private static final String PRIVATE = "private"; private static final String SECRET = "secret"; -@@ -395,8 +400,10 @@ +@@ -401,8 +406,10 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm, new CK_ATTRIBUTE(CKA_EXTRACTABLE), }); @@ -1879,7 +1879,7 @@ return switch (algorithm) { case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm, -@@ -448,7 +455,8 @@ +@@ -454,7 +461,8 @@ private static class P11SecretKey extends P11Key implements SecretKey { public String getFormat() { token.ensureValid(); @@ -1889,8 +1889,8 @@ return null; } else { return "RAW"; ---- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2024-03-15 16:05:55.394434726 +0100 -+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -26,6 +26,9 @@ package sun.security.pkcs11; @@ -1914,7 +1914,7 @@ import static sun.security.util.SecurityProviderConstants.getAliases; import sun.security.pkcs11.Secmod.*; -@@ -65,6 +70,39 @@ +@@ -65,6 +70,39 @@ public final class SunPKCS11 extends AuthProvider { @Serial private static final long serialVersionUID = -1354835039035306505L; @@ -1954,7 +1954,7 @@ static final Debug debug = Debug.getInstance("sunpkcs11"); // the PKCS11 object through which we make the native calls @SuppressWarnings("serial") // Type of field is not Serializable; -@@ -123,6 +161,29 @@ +@@ -123,6 +161,29 @@ public Provider configure(String configArg) throws InvalidParameterException { return AccessController.doPrivileged(new PrivilegedExceptionAction<>() { @Override public SunPKCS11 run() throws Exception { @@ -1984,7 +1984,7 @@ return new SunPKCS11(new Config(newConfigName)); } }); -@@ -325,9 +386,19 @@ +@@ -336,9 +397,19 @@ private static T checkNull(T obj) { // request multithreaded access first initArgs.flags = CKF_OS_LOCKING_OK; PKCS11 tmpPKCS11; @@ -2006,7 +2006,7 @@ } catch (PKCS11Exception e) { if (debug != null) { debug.println("Multi-threaded initialization failed: " + e); -@@ -342,8 +413,9 @@ +@@ -353,8 +424,9 @@ private static T checkNull(T obj) { } else { initArgs.flags = 0; } @@ -2018,7 +2018,7 @@ } p11 = tmpPKCS11; -@@ -1389,11 +1461,52 @@ +@@ -1400,11 +1472,52 @@ private static final class P11Service extends Service { } @Override @@ -2071,7 +2071,7 @@ try { return newInstance0(param); } catch (PKCS11Exception e) { -@@ -1750,6 +1863,9 @@ +@@ -1761,6 +1874,9 @@ public void logout() throws LoginException { try { session = token.getOpSession(); p11.C_Logout(session.id()); @@ -2081,8 +2081,8 @@ if (debug != null) { debug.println("logout succeeded"); } ---- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java 2024-03-15 16:05:55.394434726 +0100 -+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java @@ -33,6 +33,7 @@ import java.security.*; import javax.security.auth.login.LoginException; @@ -2101,7 +2101,7 @@ // need to be serializable to allow SecureRandom to be serialized @Serial private static final long serialVersionUID = 2541527649100571747L; -@@ -125,6 +129,10 @@ +@@ -125,6 +129,10 @@ final class Token implements Serializable { // flag indicating whether we are logged in private volatile boolean loggedIn; @@ -2112,7 +2112,7 @@ // time we last checked login status private long lastLoginCheck; -@@ -242,9 +250,14 @@ +@@ -242,9 +250,14 @@ boolean isLoggedInNow(Session session) throws PKCS11Exception { // call provider.login() if not void ensureLoggedIn(Session session) throws PKCS11Exception, LoginException { if (!isLoggedIn(session)) { @@ -2127,25 +2127,8 @@ // return whether this token object is valid (i.e. token not removed) // returns value from last check, does not perform new check ---- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java 2024-03-15 16:05:55.397768062 +0100 -+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java 2024-03-15 16:08:34.391202334 +0100 -@@ -216,6 +216,14 @@ - } - - /** -+ * Constructor taking the error code from the RV enum and -+ * extra info for error message. -+ */ -+ public PKCS11Exception(RV errorEnum, String extraInfo) { -+ this(errorEnum.value, extraInfo); -+ } -+ -+ /** - * Constructor taking the error code (the CKR_* constants in PKCS#11) and - * extra info for error message. - */ ---- jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java 2024-03-15 16:05:55.397768062 +0100 -+++ jdk22u-jdk-22-36/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java 2024-03-15 16:08:34.391202334 +0100 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java @@ -49,6 +49,9 @@ import java.io.File; @@ -2156,7 +2139,7 @@ import java.util.*; import java.security.AccessController; -@@ -174,19 +177,44 @@ +@@ -174,19 +177,44 @@ public CK_VERSION getVersion() { return version; } @@ -2201,7 +2184,7 @@ if (omitInitialize == false) { try { pkcs11.C_Initialize(pInitArgs); -@@ -1976,4 +2004,194 @@ +@@ -1976,4 +2004,194 @@ public synchronized void C_GenerateRandom(long hSession, byte[] randomData) super.C_GenerateRandom(hSession, randomData); } } @@ -2396,8 +2379,25 @@ + } +} } ---- jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/NssdbPin.java 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/NssdbPin.java 2024-03-15 16:08:34.397869005 +0100 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java +@@ -215,6 +215,14 @@ private static String lookup(long errorCode) { + return res; + } + ++ /** ++ * Constructor taking the error code from the RV enum and ++ * extra info for error message. ++ */ ++ public PKCS11Exception(RV errorEnum, String extraInfo) { ++ this(errorEnum.value, extraInfo); ++ } ++ + /** + * Constructor taking the error code (the CKR_* constants in PKCS#11) and + * extra info for error message. +--- /dev/null ++++ b/test/jdk/sun/security/pkcs11/fips/NssdbPin.java @@ -0,0 +1,349 @@ +/* + * Copyright (c) 2022, Red Hat, Inc. @@ -2748,8 +2748,8 @@ + "2nd line with garbage"); + } +} ---- jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java 1970-01-01 01:00:00.000000000 +0100 -+++ jdk22u-jdk-22-36/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java 2024-03-15 16:08:34.397869005 +0100 +--- /dev/null ++++ b/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2022, Red Hat, Inc. diff --git a/java-22-openjdk.spec b/java-22-openjdk.spec index 9591fd5..a17ebfa 100644 --- a/java-22-openjdk.spec +++ b/java-22-openjdk.spec @@ -33,8 +33,8 @@ # Standard JPackage naming and versioning defines. %global featurever 22 %global interimver 0 -#global updatever 0 -%global buildver 36 +#global updatever 1 +%global buildver 8 %global openjdk_repo jdk22u %global openjdk_tag jdk-%{featurever}%{?updatever:.%{interimver}.%{updatever}}%{?patchver:.%{patchver}}+%{buildver} %global openjdk_dir %{openjdk_repo}-jdk-%{featurever}%{?updatever:.%{interimver}.%{updatever}}%{?patchver:.%{patchver}}-%{buildver} @@ -923,7 +923,6 @@ fi %{_jvmdir}/%{sdkdir}/lib/libsystemconf.so %ifarch x86_64 %{_jvmdir}/%{sdkdir}/lib/libjsvml.so -%{_jvmdir}/%{sdkdir}/lib/libsimdsort.so %endif %{_jvmdir}/%{sdkdir}/lib/libsyslookup.so %{_jvmdir}/%{sdkdir}/lib/libverify.so diff --git a/java-atk-wrapper-security.patch b/java-atk-wrapper-security.patch index 38309e4..ec95039 100644 --- a/java-atk-wrapper-security.patch +++ b/java-atk-wrapper-security.patch @@ -1,6 +1,6 @@ --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security -@@ -307,6 +307,8 @@ keystore.type.compat=true +@@ -313,6 +313,8 @@ keystore.type.compat=true # package.access=sun.misc.,\ sun.reflect.,\ @@ -9,7 +9,7 @@ # # List of comma-separated packages that start with or equal this string -@@ -319,6 +321,8 @@ package.access=sun.misc.,\ +@@ -325,6 +327,8 @@ package.access=sun.misc.,\ # package.definition=sun.misc.,\ sun.reflect.,\ diff --git a/jdk-22+36.tar.gz b/jdk-22+36.tar.gz deleted file mode 100644 index 44d84b2..0000000 --- a/jdk-22+36.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:19cbda061fa41860fa2251f0994e7792c06aec63c8d0ae650353c850be5a8a4c -size 111988154 diff --git a/jdk-22+8.tar.gz b/jdk-22+8.tar.gz new file mode 100644 index 0000000..7a59358 --- /dev/null +++ b/jdk-22+8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3abc5e4cb673dd241e2471481cd2724e83242124ebe3ef36f132d05803dda876 +size 112306180 diff --git a/loadAssistiveTechnologies.patch b/loadAssistiveTechnologies.patch index 9634872..4eebc8e 100644 --- a/loadAssistiveTechnologies.patch +++ b/loadAssistiveTechnologies.patch @@ -1,6 +1,6 @@ --- a/src/java.desktop/share/classes/java/awt/Toolkit.java +++ b/src/java.desktop/share/classes/java/awt/Toolkit.java -@@ -602,7 +602,11 @@ public abstract class Toolkit { +@@ -598,7 +598,11 @@ public static synchronized Toolkit getDefaultToolkit() { toolkit = new HeadlessToolkit(toolkit); } if (!GraphicsEnvironment.isHeadless()) { diff --git a/memory-limits.patch b/memory-limits.patch index e48da58..25208be 100644 --- a/memory-limits.patch +++ b/memory-limits.patch @@ -1,6 +1,6 @@ --- a/src/hotspot/share/gc/shared/gc_globals.hpp +++ b/src/hotspot/share/gc/shared/gc_globals.hpp -@@ -596,7 +596,7 @@ +@@ -589,7 +589,7 @@ "Initial heap size (in bytes); zero means use ergonomics") \ constraint(InitialHeapSizeConstraintFunc,AfterErgo) \ \ diff --git a/multiple-pkcs11-library-init.patch b/multiple-pkcs11-library-init.patch index 970098b..772b2bf 100644 --- a/multiple-pkcs11-library-init.patch +++ b/multiple-pkcs11-library-init.patch @@ -1,6 +1,6 @@ ---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java 2023-04-01 12:03:26.147543172 +0200 -+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java 2023-04-01 12:03:45.455660866 +0200 -@@ -52,6 +52,7 @@ +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java +@@ -52,6 +52,7 @@ final class Config { static final int ERR_HALT = 1; static final int ERR_IGNORE_ALL = 2; static final int ERR_IGNORE_LIB = 3; @@ -8,7 +8,7 @@ // same as allowSingleThreadedModules but controlled via a system property // and applied to all providers. if set to false, no SunPKCS11 instances -@@ -1037,6 +1038,7 @@ +@@ -1037,6 +1038,7 @@ private void parseHandleStartupErrors(String keyword) throws IOException { handleStartupErrors = switch (val) { case "ignoreAll" -> ERR_IGNORE_ALL; case "ignoreMissingLibrary" -> ERR_IGNORE_LIB; @@ -16,9 +16,9 @@ case "halt" -> ERR_HALT; default -> throw excToken("Invalid value for handleStartupErrors:"); }; ---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2023-04-01 12:03:26.147543172 +0200 -+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java 2023-04-01 12:07:19.664979695 +0200 -@@ -184,26 +184,37 @@ +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +@@ -184,26 +184,37 @@ private static T checkNull(T obj) { String nssLibraryDirectory = config.getNssLibraryDirectory(); String nssSecmodDirectory = config.getNssSecmodDirectory(); boolean nssOptimizeSpace = config.getNssOptimizeSpace(); diff --git a/reproducible-properties.patch b/reproducible-properties.patch index e5eb718..db542da 100644 --- a/reproducible-properties.patch +++ b/reproducible-properties.patch @@ -1,6 +1,6 @@ --- a/src/java.base/share/classes/java/util/Properties.java +++ b/src/java.base/share/classes/java/util/Properties.java -@@ -955,7 +955,7 @@ public class Properties extends Hashtable { +@@ -955,7 +955,7 @@ private static void writeDateComment(BufferedWriter bw) throws IOException { if (sysPropVal != null && !sysPropVal.isEmpty()) { writeComments(bw, sysPropVal); } else { diff --git a/system-pcsclite.patch b/system-pcsclite.patch index 052f181..84780af 100644 --- a/system-pcsclite.patch +++ b/system-pcsclite.patch @@ -1,6 +1,6 @@ ---- jdk22u-jdk-22-36/make/autoconf/lib-bundled.m4 2024-03-15 16:01:46.767610222 +0100 -+++ jdk22u-jdk-22-36/make/autoconf/lib-bundled.m4 2024-03-15 16:01:55.957616058 +0100 -@@ -41,6 +41,7 @@ +--- a/make/autoconf/lib-bundled.m4 ++++ b/make/autoconf/lib-bundled.m4 +@@ -41,6 +41,7 @@ AC_DEFUN_ONCE([LIB_SETUP_BUNDLED_LIBS], LIB_SETUP_ZLIB LIB_SETUP_LCMS LIB_SETUP_HARFBUZZ @@ -8,7 +8,7 @@ ]) ################################################################################ -@@ -309,3 +310,41 @@ +@@ -309,3 +310,41 @@ AC_DEFUN_ONCE([LIB_SETUP_HARFBUZZ], AC_SUBST(HARFBUZZ_CFLAGS) AC_SUBST(HARFBUZZ_LIBS) ]) @@ -50,19 +50,19 @@ + + AC_SUBST(USE_EXTERNAL_PCSCLITE) +]) ---- jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:01:46.767610222 +0100 -+++ jdk22u-jdk-22-36/make/autoconf/spec.gmk.in 2024-03-15 16:03:08.207661924 +0100 -@@ -813,6 +813,7 @@ +--- a/make/autoconf/spec.gmk.in ++++ b/make/autoconf/spec.gmk.in +@@ -805,6 +805,7 @@ TAR_SUPPORTS_TRANSFORM := @TAR_SUPPORTS_TRANSFORM@ # Build setup - USE_EXTERNAL_LIBJPEG := @USE_EXTERNAL_LIBJPEG@ - USE_EXTERNAL_LIBGIF := @USE_EXTERNAL_LIBGIF@ + USE_EXTERNAL_LIBJPEG:=@USE_EXTERNAL_LIBJPEG@ + USE_EXTERNAL_LIBGIF:=@USE_EXTERNAL_LIBGIF@ +USE_EXTERNAL_LIBPCSCLITE:=@USE_EXTERNAL_LIBPCSCLITE@ - USE_EXTERNAL_LIBZ := @USE_EXTERNAL_LIBZ@ - LIBZ_CFLAGS := @LIBZ_CFLAGS@ - LIBZ_LIBS := @LIBZ_LIBS@ ---- jdk22u-jdk-22-36/make/modules/java.smartcardio/Lib.gmk 2024-03-15 16:01:46.850943608 +0100 -+++ jdk22u-jdk-22-36/make/modules/java.smartcardio/Lib.gmk 2024-03-15 16:01:55.957616058 +0100 -@@ -30,12 +30,12 @@ + USE_EXTERNAL_LIBZ:=@USE_EXTERNAL_LIBZ@ + LIBZ_CFLAGS:=@LIBZ_CFLAGS@ + LIBZ_LIBS:=@LIBZ_LIBS@ +--- a/make/modules/java.smartcardio/Lib.gmk ++++ b/make/modules/java.smartcardio/Lib.gmk +@@ -30,12 +30,12 @@ include LibCommon.gmk $(eval $(call SetupJdkLibrary, BUILD_LIBJ2PCSC, \ NAME := j2pcsc, \ CFLAGS := $(CFLAGS_JDKLIB), \ @@ -78,8 +78,8 @@ LIBS_windows := winscard.lib, \ )) ---- jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c 2024-03-15 16:01:47.044277064 +0100 -+++ jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c 2024-03-15 16:01:55.957616058 +0100 +--- a/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c ++++ b/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.c @@ -36,6 +36,7 @@ #include "pcsc_md.h" @@ -88,7 +88,7 @@ void *hModule; FPTR_SCardEstablishContext scardEstablishContext; FPTR_SCardConnect scardConnect; -@@ -47,6 +48,7 @@ +@@ -47,6 +48,7 @@ FPTR_SCardListReaders scardListReaders; FPTR_SCardBeginTransaction scardBeginTransaction; FPTR_SCardEndTransaction scardEndTransaction; FPTR_SCardControl scardControl; @@ -96,7 +96,7 @@ /* * Throws a Java Exception by name -@@ -75,6 +77,7 @@ +@@ -75,6 +77,7 @@ static void throwIOException(JNIEnv *env, const char *msg) throwByName(env, "java/io/IOException", msg); } @@ -104,7 +104,7 @@ static void *findFunction(JNIEnv *env, void *hModule, char *functionName) { void *fAddress = dlsym(hModule, functionName); if (fAddress == NULL) { -@@ -85,9 +88,11 @@ +@@ -85,9 +88,11 @@ static void *findFunction(JNIEnv *env, void *hModule, char *functionName) { } return fAddress; } @@ -116,14 +116,14 @@ const char *libName = (*env)->GetStringUTFChars(env, jLibName, NULL); if (libName == NULL) { throwNullPointerException(env, "PCSC library name is null"); -@@ -141,4 +146,5 @@ +@@ -141,4 +146,5 @@ JNIEXPORT void JNICALL Java_sun_security_smartcardio_PlatformPCSC_initialize #else scardControl = (FPTR_SCardControl) findFunction(env, hModule, "SCardControl132"); #endif // __APPLE__ +#endif } ---- jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h 2024-03-15 16:01:47.044277064 +0100 -+++ jdk22u-jdk-22-36/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h 2024-03-15 16:01:55.960949394 +0100 +--- a/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h ++++ b/src/java.smartcardio/unix/native/libj2pcsc/pcsc_md.h @@ -23,6 +23,8 @@ * questions. */ @@ -133,7 +133,7 @@ typedef LONG (*FPTR_SCardEstablishContext)(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, -@@ -111,3 +113,41 @@ +@@ -111,3 +113,41 @@ extern FPTR_SCardListReaders scardListReaders; extern FPTR_SCardBeginTransaction scardBeginTransaction; extern FPTR_SCardEndTransaction scardEndTransaction; extern FPTR_SCardControl scardControl; diff --git a/zero-ranges.patch b/zero-ranges.patch index 406aae8..b0c8ca0 100644 --- a/zero-ranges.patch +++ b/zero-ranges.patch @@ -1,6 +1,6 @@ --- a/src/hotspot/cpu/zero/globals_zero.hpp +++ b/src/hotspot/cpu/zero/globals_zero.hpp -@@ -52,9 +52,9 @@ define_pd_global(intx, InitArrayShortSize, 0); +@@ -54,9 +54,9 @@ define_pd_global(intx, InitArrayShortSize, 0); #define DEFAULT_STACK_SHADOW_PAGES (5 LP64_ONLY(+1) DEBUG_ONLY(+3)) #define DEFAULT_STACK_RESERVED_PAGES (0) From 19560ca567231e01af143e8c4357225b9e04e9cb15ef3d1306ae55da700676fa Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Thu, 18 Apr 2024 04:56:46 +0000 Subject: [PATCH 3/4] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-22-openjdk?expand=0&rev=8 --- fips.patch | 18 +++++++++--------- java-22-openjdk.spec | 3 ++- jdk-22+8.tar.gz | 3 --- jdk-22.0.1+8.tar.gz | 3 +++ memory-limits.patch | 2 +- system-pcsclite.patch | 12 ++++++------ 6 files changed, 21 insertions(+), 20 deletions(-) delete mode 100644 jdk-22+8.tar.gz create mode 100644 jdk-22.0.1+8.tar.gz diff --git a/fips.patch b/fips.patch index eece66e..927c24a 100644 --- a/fips.patch +++ b/fips.patch @@ -120,7 +120,7 @@ ################################################################################ # Determine which libraries are needed for this configuration -@@ -134,6 +135,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], +@@ -128,6 +129,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], LIB_SETUP_X11 LIB_TESTS_SETUP_GTEST @@ -130,7 +130,7 @@ BASIC_JDKLIB_LIBS_TARGET="" --- a/make/autoconf/spec.gmk.in +++ b/make/autoconf/spec.gmk.in -@@ -873,6 +873,11 @@ PANDOC_MARKDOWN_FLAG := @PANDOC_MARKDOWN_FLAG@ +@@ -831,6 +831,11 @@ PANDOC_MARKDOWN_FLAG := @PANDOC_MARKDOWN_FLAG@ # Libraries # @@ -139,9 +139,9 @@ +NSS_CFLAGS:=@NSS_CFLAGS@ +NSS_LIBDIR:=@NSS_LIBDIR@ + - USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@ - LCMS_CFLAGS:=@LCMS_CFLAGS@ - LCMS_LIBS:=@LCMS_LIBS@ + USE_EXTERNAL_LCMS := @USE_EXTERNAL_LCMS@ + LCMS_CFLAGS := @LCMS_CFLAGS@ + LCMS_LIBS := @LCMS_LIBS@ --- a/make/modules/java.base/Gendata.gmk +++ b/make/modules/java.base/Gendata.gmk @@ -98,3 +98,17 @@ $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS_JDK) $(GENDATA_JAVA_SECURITY_SRC) $(REST @@ -164,7 +164,7 @@ +################################################################################ --- a/make/modules/java.base/Lib.gmk +++ b/make/modules/java.base/Lib.gmk -@@ -163,6 +163,29 @@ ifeq ($(call isTargetOsType, unix), true) +@@ -164,6 +164,29 @@ ifeq ($(call isTargetOsType, unix), true) endif endif @@ -689,7 +689,7 @@ } --- a/src/java.base/share/classes/module-info.java +++ b/src/java.base/share/classes/module-info.java -@@ -158,6 +158,7 @@ +@@ -168,6 +168,7 @@ java.naming, java.rmi, jdk.charsets, @@ -1866,7 +1866,7 @@ private static final String PUBLIC = "public"; private static final String PRIVATE = "private"; private static final String SECRET = "secret"; -@@ -401,8 +406,10 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm, +@@ -395,8 +400,10 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm, new CK_ATTRIBUTE(CKA_EXTRACTABLE), }); @@ -1879,7 +1879,7 @@ return switch (algorithm) { case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm, -@@ -454,7 +461,8 @@ private static class P11SecretKey extends P11Key implements SecretKey { +@@ -448,7 +455,8 @@ private static class P11SecretKey extends P11Key implements SecretKey { public String getFormat() { token.ensureValid(); diff --git a/java-22-openjdk.spec b/java-22-openjdk.spec index a17ebfa..b27fbce 100644 --- a/java-22-openjdk.spec +++ b/java-22-openjdk.spec @@ -33,7 +33,7 @@ # Standard JPackage naming and versioning defines. %global featurever 22 %global interimver 0 -#global updatever 1 +%global updatever 1 %global buildver 8 %global openjdk_repo jdk22u %global openjdk_tag jdk-%{featurever}%{?updatever:.%{interimver}.%{updatever}}%{?patchver:.%{patchver}}+%{buildver} @@ -923,6 +923,7 @@ fi %{_jvmdir}/%{sdkdir}/lib/libsystemconf.so %ifarch x86_64 %{_jvmdir}/%{sdkdir}/lib/libjsvml.so +%{_jvmdir}/%{sdkdir}/lib/libsimdsort.so %endif %{_jvmdir}/%{sdkdir}/lib/libsyslookup.so %{_jvmdir}/%{sdkdir}/lib/libverify.so diff --git a/jdk-22+8.tar.gz b/jdk-22+8.tar.gz deleted file mode 100644 index 7a59358..0000000 --- a/jdk-22+8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3abc5e4cb673dd241e2471481cd2724e83242124ebe3ef36f132d05803dda876 -size 112306180 diff --git a/jdk-22.0.1+8.tar.gz b/jdk-22.0.1+8.tar.gz new file mode 100644 index 0000000..1913907 --- /dev/null +++ b/jdk-22.0.1+8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0cfb7f2799384df43a9832df638f31c9be33a4a8650f8478f35272ee70dd7173 +size 112015695 diff --git a/memory-limits.patch b/memory-limits.patch index 25208be..211f03a 100644 --- a/memory-limits.patch +++ b/memory-limits.patch @@ -1,6 +1,6 @@ --- a/src/hotspot/share/gc/shared/gc_globals.hpp +++ b/src/hotspot/share/gc/shared/gc_globals.hpp -@@ -589,7 +589,7 @@ +@@ -591,7 +591,7 @@ "Initial heap size (in bytes); zero means use ergonomics") \ constraint(InitialHeapSizeConstraintFunc,AfterErgo) \ \ diff --git a/system-pcsclite.patch b/system-pcsclite.patch index 84780af..e195ffc 100644 --- a/system-pcsclite.patch +++ b/system-pcsclite.patch @@ -52,14 +52,14 @@ +]) --- a/make/autoconf/spec.gmk.in +++ b/make/autoconf/spec.gmk.in -@@ -805,6 +805,7 @@ TAR_SUPPORTS_TRANSFORM := @TAR_SUPPORTS_TRANSFORM@ +@@ -814,6 +814,7 @@ TAR_SUPPORTS_TRANSFORM := @TAR_SUPPORTS_TRANSFORM@ # Build setup - USE_EXTERNAL_LIBJPEG:=@USE_EXTERNAL_LIBJPEG@ - USE_EXTERNAL_LIBGIF:=@USE_EXTERNAL_LIBGIF@ + USE_EXTERNAL_LIBJPEG := @USE_EXTERNAL_LIBJPEG@ + USE_EXTERNAL_LIBGIF := @USE_EXTERNAL_LIBGIF@ +USE_EXTERNAL_LIBPCSCLITE:=@USE_EXTERNAL_LIBPCSCLITE@ - USE_EXTERNAL_LIBZ:=@USE_EXTERNAL_LIBZ@ - LIBZ_CFLAGS:=@LIBZ_CFLAGS@ - LIBZ_LIBS:=@LIBZ_LIBS@ + USE_EXTERNAL_LIBZ := @USE_EXTERNAL_LIBZ@ + LIBZ_CFLAGS := @LIBZ_CFLAGS@ + LIBZ_LIBS := @LIBZ_LIBS@ --- a/make/modules/java.smartcardio/Lib.gmk +++ b/make/modules/java.smartcardio/Lib.gmk @@ -30,12 +30,12 @@ include LibCommon.gmk From d725d66e00f44da90f3fc1d50ccc1acf91e1b68dbcd21365cc9e0674a237a594 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Thu, 18 Apr 2024 15:00:35 +0000 Subject: [PATCH 4/4] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-22-openjdk?expand=0&rev=9 --- java-22-openjdk.changes | 140 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) diff --git a/java-22-openjdk.changes b/java-22-openjdk.changes index a8da46e..8953065 100644 --- a/java-22-openjdk.changes +++ b/java-22-openjdk.changes @@ -1,3 +1,143 @@ +------------------------------------------------------------------- +Thu Apr 18 14:57:53 UTC 2024 - Fridrich Strba + +- Upgrade to upstream tag jdk-22.0.1+8 (April 2024 CPU) + * Security fixes + + JDK-8315708, CVE-2024-21012, bsc#1222987: Enhance HTTP/2 + client usage + + JDK-8318340: Improve RSA key implementations + + JDK-8319851, CVE-2024-21011, bsc#1222979: Improve exception + logging + + JDK-8322122, CVE-2024-21068, bsc#1222983: Enhance generation + of addresses + * Other changes + + JDK-8314164: java/net/HttpURLConnection/ + /HttpURLConnectionExpectContinueTest.java fails intermittently + in timeout + + JDK-8314275: Incorrect stepping in switch + + JDK-8317299: safepoint scalarization doesn't keep track of + the depth of the JVM state + + JDK-8317804: com/sun/jdi/JdwpAllowTest.java fails on Alpine + 3.17 / 3.18 + + JDK-8318158: RISC-V: implement roundD/roundF intrinsics + + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + + JDK-8318696: Do not use LFS64 symbols on Linux + + JDK-8319382: com/sun/jdi/JdwpAllowTest.java shows failures on + AIX if prefixLen of mask is larger than 32 in IPv6 case + + JDK-8320890: [AIX] Find a better way to mimic dl handle + equality + + JDK-8321151: JDK-8294427 breaks Windows L&F on all older + Windows versions + + JDK-8321374: Add a configure option to explicitly set + CompanyName property in VersionInfo resource for Windows + exe/dll + + JDK-8321408: Add Certainly roots R1 and E1 + + JDK-8321480: ISO 4217 Amendment 176 Update + + JDK-8321489: Update LCMS to 2.16 + + JDK-8321815: Shenandoah: gc state should be synchronized to + java threads only once per safepoint + + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java + timeout on linux-riscv64 platform + + JDK-8322092: Bump version numbers for 22.0.1 + + JDK-8322098: os::Linux::print_system_memory_info enhance the + THP output with + /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + + JDK-8322159: ThisEscapeAnalyzer crashes for erroneous code + + JDK-8322163: runtime/Unsafe/InternalErrorTest.java fails on + Alpine after JDK-8320886 + + JDK-8322417: Console read line with zero out should zero out + when throwing exception + + JDK-8322725: (tz) Update Timezone Data to 2023d + + JDK-8322772: Clean up code after JDK-8322417 + + JDK-8322783: prioritize /etc/os-release over + /etc/SuSE-release in hs_err/info output + + JDK-8322790: RISC-V: Tune costs for shuffles with no + conversion + + JDK-8322945: Problemlist runtime/CompressedOops/ + /CompressedClassPointers.java on AIX + + JDK-8323021: Shenandoah: Encountered reference count always + attributed to first worker thread + + JDK-8323065: Unneccesary CodeBlob lookup in + CompiledIC::internal_set_ic_destination + + JDK-8323086: Shenandoah: Heap could be corrupted by oom + during evacuation + + JDK-8323154: C2: assert(cmp != nullptr && cmp->Opcode() == + Op_Cmp(bt)) failed: no exit test + + JDK-8323170: j2dbench is using outdated javac source/target + to be able to build by itself + + JDK-8323210: Update the usage of cmsFLAGS_COPY_ALPHA + + JDK-8323331: fix typo hpage_pdm_size + + JDK-8323428: Shenandoah: Unused memory in regions compacted + during a full GC should be mangled + + JDK-8323515: Create test alias "all" for all test roots + + JDK-8323637: Capture hotspot replay files in GHA + + JDK-8323657: Compilation of snippet results in VerifyError at + runtime with --release 9 (and above) + + JDK-8323664: java/awt/font/JNICheck/FreeTypeScalerJNICheck.java + still fails with JNI warning on some Windows configurations + + JDK-8323675: Race in jdk.javadoc-gendata + + JDK-8323920: Change milestone to fcs for all releases + + JDK-8323964: runtime/Thread/ThreadCountLimit.java fails + intermittently on AIX + + JDK-8324041: ModuleOption.java failed with update release + versioning scheme + + JDK-8324050: Issue store-store barrier after re-materializing + objects during deoptimization + + JDK-8324280: RISC-V: Incorrect implementation in + VM_Version::parse_satp_mode + + JDK-8324347: Enable "maybe-uninitialized" warning for + FreeType 2.13.1 + + JDK-8324598: use mem_unit when working with sysinfo memory + and swap related information + + JDK-8324637: [aix] Implement support for reporting swap space + in jdk.management + + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + + JDK-8324659: GHA: Generic jtreg errors are not reported + + JDK-8324753: [AIX] adjust os_posix after JDK-8318696 + + JDK-8324937: GHA: Avoid multiple test suites per job + + JDK-8325074: ZGC fails assert(index == 0 || + is_power_of_2(index)) failed: Incorrect load shift: 11 + + JDK-8325150: (tz) Update Timezone Data to 2024a + + JDK-8325203: System.exit(0) kills the launched 3rd party + application + + JDK-8325213: Flags introduced by configure script are not + passed to ADLC build + + JDK-8325313: Header format error in TestIntrinsicBailOut + after JDK-8317299 + + JDK-8325326: [PPC64] Don't relocate in case of allocation + failure + + JDK-8325470: [AIX] use fclose after fopen in read_psinfo + + JDK-8325496: Make TrimNativeHeapInterval a product switch + + JDK-8325590: Regression in round-tripping UTF-16 strings + after JDK-8311906 + + JDK-8325672: C2: allocate PhaseIdealLoop::_loop_or_ctrl from + C->comp_arena() + + JDK-8325876: crashes in docker container tests on + Linuxppc64le Power8 machines + + JDK-8326000: Remove obsolete comments for class + sun.security.ssl.SunJSSE + + JDK-8326101: [PPC64] Need to bailout cleanly if creation of + stubs fails when code cache is out of space + + JDK-8326360: Update the Zlib version in + open/src/java.base/share/legal/zlib.md to 1.3 + + JDK-8326638: Crash in + PhaseIdealLoop::remix_address_expressions due to unexpected + Region instead of Loop + + JDK-8327391: Add SipHash attribution file +- Modified patches: + * PStack-808293.patch + * disable-doclint-by-default.patch + * fips.patch + * java-22-openjdk.spec + * java-atk-wrapper-security.patch + * loadAssistiveTechnologies.patch + * memory-limits.patch + * multiple-pkcs11-library-init.patch + * reproducible-properties.patch + * system-pcsclite.patch + * zero-ranges.patch + + rediff to apply without fuzz + ------------------------------------------------------------------- Fri Mar 15 14:45:03 UTC 2024 - Fridrich Strba