commit java-17-openjdk for openSUSE:Factory

Source-Sync Fri, 12 May 2023 11:32:53 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package java-17-openjdk for openSUSE:Factory 
checked in at 2023-05-12 20:32:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-17-openjdk (Old)
 and      /work/SRC/openSUSE:Factory/.java-17-openjdk.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "java-17-openjdk"

Fri May 12 20:32:25 2023 rev:22 rq:1086543 version:17.0.7.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/java-17-openjdk/java-17-openjdk.changes  
2023-04-27 19:59:43.713500173 +0200
+++ 
/work/SRC/openSUSE:Factory/.java-17-openjdk.new.1533/java-17-openjdk.changes    
    2023-05-12 20:32:38.424552788 +0200
@@ -1,0 +2,18 @@
+Thu May 11 12:52:16 UTC 2023 - [email protected]
+
+- Fix for SG#65673, bsc#1210392:
+   * unsigned-sni-server-name.patch: In SSLSessionImpl, interpret
+     length of SNIServerName as an unsigned byte so that it can
+     have length up to 255 rather than 127.
+
+-------------------------------------------------------------------
+Thu May 11 07:26:21 UTC 2023 - Fridrich Strba <[email protected]>
+
+- Do not install a separate nss.fips.cfg file, since there is
+  now one in the tree and the install happens automatically
+- Modified patch:
+  * fips.patch
+    + enable system property file by default, without which the
+      FIPS mode would never get enabled (bsc#1211259)
+
+-------------------------------------------------------------------

Old:
----
  nss.fips.cfg.in

New:
----
  unsigned-sni-server-name.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ java-17-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.44uOim/_old  2023-05-12 20:32:39.836560893 +0200
+++ /var/tmp/diff_new_pack.44uOim/_new  2023-05-12 20:32:39.840560916 +0200
@@ -139,8 +139,6 @@
 Source11:       jconsole.desktop.in
 # nss configuration file
 Source12:       nss.cfg.in
-# nss fips configuration file
-Source13:       nss.fips.cfg.in
 # Ensure we aren't using the limited crypto policy
 Source14:       TestCryptoLevel.java
 # Ensure ECDSA is working
@@ -178,6 +176,7 @@
 Patch301:       JDK-8303509.patch
 Patch302:       disable-doclint-by-default.patch
 Patch303:       alternative-tzdb_dat.patch
+Patch304:       unsigned-sni-server-name.patch
 #
 BuildRequires:  alsa-lib-devel
 BuildRequires:  autoconf
@@ -418,6 +417,7 @@
 %patch301 -p1
 %patch302 -p1
 %patch303 -p1
+%patch304 -p1
 
 # Extract systemtap tapsets
 
@@ -452,10 +452,6 @@
 # Setup nss.cfg
 sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE12} > nss.cfg
 
-# Setup nss.fips.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.fips.cfg
-sed -i -e "s:@NSS_SECMOD@:sql\:/etc/pki/nssdb:g" nss.fips.cfg
-
 %build
 
 %ifarch s390x sparc64 alpha ppc64 ppc64le %{aarch64}
@@ -517,9 +513,6 @@
 # Install nss.cfg right away as we will be using the JRE above
 install -m 644 nss.cfg $JAVA_HOME/conf/security/
 
-# Install nss.fips.cfg: NSS configuration for global FIPS mode 
(crypto-policies)
-install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
-
 # Copy tz.properties
 echo "sun.zoneinfo.dir=%{_datadir}/javazi" >> $JAVA_HOME/conf/tz.properties
 
@@ -952,8 +945,8 @@
 %endif
 
 %config(noreplace) %{_jvmdir}/%{sdkdir}/lib/security/blocked.certs
-%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
-%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
+%{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
+%{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
 %{_jvmdir}/%{sdkdir}/lib/security/default.policy
 %{_jvmdir}/%{sdkdir}/lib/security/public_suffix_list.dat
 

++++++ fips.patch ++++++
--- /var/tmp/diff_new_pack.44uOim/_old  2023-05-12 20:32:39.936561467 +0200
+++ /var/tmp/diff_new_pack.44uOim/_new  2023-05-12 20:32:39.940561490 +0200
@@ -1491,7 +1491,7 @@
 +# using the system properties file stored at
 +# /etc/crypto-policies/back-ends/java.config
 +#
-+security.useSystemPropertiesFile=false
++security.useSystemPropertiesFile=true
 +
 +#
  # Determines the default key and trust manager factory algorithms for

++++++ unsigned-sni-server-name.patch ++++++
Index: 
jdk17u-jdk-17.0.6-10/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
===================================================================
--- 
jdk17u-jdk-17.0.6-10.orig/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
+++ 
jdk17u-jdk-17.0.6-10/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
@@ -408,7 +408,7 @@ final class SSLSessionImpl extends Exten
         } else {
             requestedServerNames = new ArrayList<>();
             while (len > 0) {
-                int l = buf.get();
+                int l = Byte.toUnsignedInt(buf.get());
                 b = new byte[l];
                 buf.get(b, 0, l);
                 requestedServerNames.add(new SNIHostName(new String(b)));

commit java-17-openjdk for openSUSE:Factory

Reply via email to