From 1e962eac2b7e0a12115ec550d2853bf79cbcf3eddeb643b0dd6adc26308e3af1 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Tue, 14 Nov 2023 06:28:06 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=439

---
 bsc1211968.patch           | 15 +++++++++++++++
 java-1_8_0-openjdk.changes |  4 ++++
 java-1_8_0-openjdk.spec    |  3 +++
 3 files changed, 22 insertions(+)
 create mode 100644 bsc1211968.patch

diff --git a/bsc1211968.patch b/bsc1211968.patch
new file mode 100644
index 0000000..853cc57
--- /dev/null
+++ b/bsc1211968.patch
@@ -0,0 +1,15 @@
+--- openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java	2023-11-14 07:18:11.483931806 +0100
++++ openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java	2023-11-14 07:20:21.018138340 +0100
+@@ -253,11 +253,7 @@
+         static {
+             String property = GetPropertyAction.privilegedGetProperty(
+                     "jdk.tls.ephemeralDHKeySize");
+-            if (property == null || property.isEmpty()) {
+-                useLegacyEphemeralDHKeys = false;
+-                useSmartEphemeralDHKeys = false;
+-                customizedDHKeySize = -1;
+-            } else if ("matched".equals(property)) {
++            if (property == null || property.isEmpty() || "matched".equals(property)) {
+                 useLegacyEphemeralDHKeys = false;
+                 useSmartEphemeralDHKeys = true;
+                 customizedDHKeySize = -1;
diff --git a/java-1_8_0-openjdk.changes b/java-1_8_0-openjdk.changes
index 90b9cf8..37b90f9 100644
--- a/java-1_8_0-openjdk.changes
+++ b/java-1_8_0-openjdk.changes
@@ -56,6 +56,10 @@ Tue Nov 14 06:00:16 UTC 2023 - Fridrich Strba <fstrba@suse.com>
     + JDK-8315135: Memory leak in the native implementation of
       Pack200.Unpacker.unpack()
     + JDK-8317040: Exclude cleaner test failing on older releases
+- Added patch:
+  * bsc1211968.patch
+    + fix bsc#1211968: SLES12SP5 vulnerable to CVE-2015-4000
+      (Logjam)?
 
 -------------------------------------------------------------------
 Mon Jul 31 05:52:03 UTC 2023 - Fridrich Strba <fstrba@suse.com>
diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec
index d5f9a8b..4e7eb0b 100644
--- a/java-1_8_0-openjdk.spec
+++ b/java-1_8_0-openjdk.spec
@@ -172,6 +172,8 @@ Source3:        https://icedtea.classpath.org/download/drops/icedtea8/%{icedtea_
 # nss fips configuration file
 Source17:       nss.fips.cfg.in
 # RPM/distribution specific patches
+# bsc#1211968
+Patch1:         bsc1211968.patch
 # RHBZ 1015432
 Patch2:         1015432.patch
 # Restrict access to java-atk-wrapper classes
@@ -508,6 +510,7 @@ sh autogen.sh
 
 make patch %{?_smp_mflags}
 
+patch -p0 -i %{PATCH1}
 patch -p0 -i %{PATCH2}
 patch -p0 -i %{PATCH3}
 patch -p0 -i %{PATCH12}