OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=439

2023-11-14 06:28:06 +00:00 · 2023-11-14 06:28:06 +00:00 · 1e962eac2b
commit 1e962eac2b
parent 9661b553cc
3 changed files with 22 additions and 0 deletions
--- a/bsc1211968.patch
+++ b/bsc1211968.patch
@ -0,0 +1,15 @@
+--- openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java	2023-11-14 07:18:11.483931806 +0100
+++ openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java	2023-11-14 07:20:21.018138340 +0100
+@@ -253,11 +253,7 @@
+         static {
+             String property = GetPropertyAction.privilegedGetProperty(
+                     "jdk.tls.ephemeralDHKeySize");
+-            if (property == null || property.isEmpty()) {
+-                useLegacyEphemeralDHKeys = false;
+-                useSmartEphemeralDHKeys = false;
+-                customizedDHKeySize = -1;
+-            } else if ("matched".equals(property)) {
+            if (property == null || property.isEmpty() || "matched".equals(property)) {
+                 useLegacyEphemeralDHKeys = false;
+                 useSmartEphemeralDHKeys = true;
+                 customizedDHKeySize = -1;
--- a/java-1_8_0-openjdk.changes
+++ b/java-1_8_0-openjdk.changes
@ -56,6 +56,10 @@ Tue Nov 14 06:00:16 UTC 2023 - Fridrich Strba <fstrba@suse.com>
    + JDK-8315135: Memory leak in the native implementation of
      Pack200.Unpacker.unpack()
    + JDK-8317040: Exclude cleaner test failing on older releases
+- Added patch:
+  * bsc1211968.patch
+    + fix bsc#1211968: SLES12SP5 vulnerable to CVE-2015-4000
+      (Logjam)?

 -------------------------------------------------------------------
 Mon Jul 31 05:52:03 UTC 2023 - Fridrich Strba <fstrba@suse.com>
--- a/java-1_8_0-openjdk.spec
+++ b/java-1_8_0-openjdk.spec
@ -172,6 +172,8 @@ Source3:        https://icedtea.classpath.org/download/drops/icedtea8/%{icedtea_
 # nss fips configuration file
 Source17:       nss.fips.cfg.in
 # RPM/distribution specific patches
+# bsc#1211968
+Patch1:         bsc1211968.patch
 # RHBZ 1015432
 Patch2:         1015432.patch
 # Restrict access to java-atk-wrapper classes
@ -508,6 +510,7 @@ sh autogen.sh

 make patch %{?_smp_mflags}

+patch -p0 -i %{PATCH1}
 patch -p0 -i %{PATCH2}
 patch -p0 -i %{PATCH3}
 patch -p0 -i %{PATCH12}