Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package java-11-openjdk for openSUSE:Factory
checked in at 2023-10-19 22:47:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-11-openjdk (Old)
and /work/SRC/openSUSE:Factory/.java-11-openjdk.new.1945 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "java-11-openjdk"
Thu Oct 19 22:47:27 2023 rev:67 rq:1118622 version:11.0.21.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/java-11-openjdk/java-11-openjdk.changes
2023-09-25 20:01:20.646138985 +0200
+++
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1945/java-11-openjdk.changes
2023-10-19 22:49:55.476101257 +0200
@@ -1,0 +2,358 @@
+Wed Oct 18 11:32:34 UTC 2023 - Andreas Schwab <[email protected]>
+
+- Configure with --with-native-debug-symbols=internal to enable
+ generation of debuginfo packages
+
+-------------------------------------------------------------------
+Wed Oct 18 11:01:50 UTC 2023 - Fridrich Strba <[email protected]>
+
+- Upgrade to upstrem tag jdk-11.0.21+9 (October 2023 CPU)
+ * Security fixes:
+ + JDK-8242330: Arrays should be cloned in several JAAS Callback
+ classes
+ + JDK-8284910: Buffer clean in PasswordCallback
+ + JDK-8286503: Enhance security classes
+ + JDK-8296581: Better system proxy support
+ + JDK-8297856: Improve handling of Bidi characters
+ + JDK-8309966, CVE-2023-22081, bsc#1216374: Enhanced TLS
+ connections
+ + JDK-8305815: Update Libpng to 1.6.39
+ + JDK-8306881: Update FreeType to 2.13.0
+ * Other fixes:
+ + JDK-6176679: Application freezes when copying an animated gif
+ image to the system clipboard
+ + JDK-8023980: JCE doesn't provide any class to handle RSA
+ private key in PKCS#1
+ + JDK-8155246: Throw error if default java.security file is
+ missing
+ + JDK-8158880: test/java/time/tck/java/time/format/
+ /TCKDateTimeFormatterBuilder.java fail with zh_CN locale
+ + JDK-8168261: Use server cipher suites preference by default
+ + JDK-8181383: com/sun/jdi/OptionTest.java fails intermittently
+ with bind failed: Address already in use
+ + JDK-8201516: DebugNonSafepoints generates incorrect
+ information
+ + JDK-8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
+ failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
+ + JDK-8211343: nsk_jvmti_parseoptions should handle multiple
+ suboptions
+ + JDK-8212045: Add back the tests that were removed from
+ HashesTest.java and AddExportsTest.java
+ + JDK-8216059: nsk_jvmti_parseoptions still has dependency on
+ tilde separator
+ + JDK-8217237: HttpClient does not deal well with multi-valued
+ WWW-Authenticate challenge headers
+ + JDK-8217395: Update langtools shell tests to use ${EXE_SUFFIX}
+ + JDK-8217612: (CL)HSDB cannot show some JVM flags
+ + JDK-8217850: CompressedClassSpaceSizeInJmapHeap fails after
+ JDK-8217612
+ + JDK-8218471: generate-unsafe-access-tests.sh does not
+ correctly invoke build.tools.spp.Spp
+ + JDK-8219628: [TESTBUG] javadoc/doclet/InheritDocForUserTags
+ fails with -othervm
+ + JDK-8220410: sun/security/tools/jarsigner/warnings/
+ /NoTimestampTest.java failed with missing expected output
+ + JDK-8221372: Test vmTestbase/nsk/jvmti/GetThreadState/
+ /thrstat001/TestDescription.java times out
+ + JDK-8222323: ChildAlwaysOnTopTest.java fails with
+ "RuntimeException: Failed to unset alwaysOnTop"
+ + JDK-8223573: Replace wildcard address with loopback or local
+ host in tests - part 4
+ + JDK-8223714: HTTPSetAuthenticatorTest could be made more
+ resilient
+ + JDK-8223783: sun/net/www/http/HttpClient/MultiThreadTest.java
+ sometimes detect threads+1 connections
+ + JDK-8223856: Replace wildcard address with loopback or local
+ host in tests - part 8
+ + JDK-8224617: (fs) java/nio/file/FileStore/Basic.java found
+ filesystem twice
+ + JDK-8224729: Cleanups in sun/security/provider/certpath/ldap/
+ /LDAPCertStoreImpl.java
+ + JDK-8224768: Test ActalisCA.java fails
+ + JDK-8225012: sanity/client/SwingSet/src/ToolTipDemoTest.java
+ fails on Windows
+ + JDK-8226221: Update PKCS11 tests to use NSS 3.46 libs
+ + JDK-8228341: SignTwice.java fails intermittently on Windows
+ + JDK-8228403: SignTwice.java failed with
+ java.io.FileNotFoundException: File name too long
+ + JDK-8229147: Linux os::create_thread() overcounts guardpage
+ size with newer glibc (>=2.27)
+ + JDK-8229333: java/io/File/SetLastModified.java timed out
+ + JDK-8229338: clean up
+ test/jdk/java/util/RandomAccess/Basic.java
+ + JDK-8229348: java/net/DatagramSocket/
+ /UnreferencedDatagramSockets.java fails intermittently
+ + JDK-8229481: sun/net/www/protocol/https/
+ /ChunkedOutputStream.java failed with a SSLException
+ + JDK-8229912: [TESTBUG] java/net/Socks/SocksIPv6Test fails
+ without IPv6
+ + JDK-8230132: java/net/NetworkInterface/
+ /NetworkInterfaceRetrievalTests.java to skip Teredo Tunneling
+ Pseudo-Interface
+ + JDK-8231037: java/net/InetAddress/ptr/Lookup.java fails
+ intermittently due to reverse lookup failed
+ + JDK-8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java
+ fails on SLES11 using mozilla-nss-3.14
+ + JDK-8231516: network QuickAckTest.java failed due to
+ "SocketException: maximum number of DatagramSockets reached"
+ + JDK-8232101: (sctp) Add minimal sanity tests for SCTP
+ + JDK-8232195: Enable BigInteger tests: DivisionOverflow,
+ SymmetricRangeTests and StringConstructorOverflow
+ + JDK-8232840: java/math/BigInteger/largeMemory/
+ /SymmetricRangeTests.java fails due to "OutOfMemoryError:
+ Requested array size exceeds VM limit"
+ + JDK-8232922: Add java/math/BigInteger/largeMemory/
+ /SymmetricRangeTests.java to ProblemList-Xcomp
+ + JDK-8234808: jdb quoted option parsing broken
+ + JDK-8236045: [TESTBUG] MismatchedWhiteBox test fails with
+ missing WhiteBox$WhiteBoxPermission.class
+ + JDK-8237183: Bug ID missing for test in patch which fixed
+ JDK-8230665
+ + JDK-8238157: security/infra/java/security/cert/
+ /CertPathValidator/certification/AmazonCA.java test failures
+ because of revocation date
+ + JDK-8239007: java/math/BigInteger/largeMemory/ tests should
+ be disabled on 32-bit platforms
+ + JDK-8239264: Clearup the legacy ObjectIdentifier constructor
+ from int array
+ + JDK-8239333: Mark test AmazonCA.java with intermittent key
+ + JDK-8239537: cgroup MetricsTester testMemorySubsystem fails
+ sometimes when testing memory.kmem.tcp.usage_in_bytes
+ + JDK-8240193: loadLibrary("osxsecurity") should not be removed
+ + JDK-8241097: java/math/BigInteger/largeMemory/
+ /SymmetricRangeTests.java requires -XX:+CompactStrings
+ + JDK-8242151: Improve OID mapping and reuse among JDK security
+ providers for aliases registration
+ + JDK-8242897: KeyFactory.generatePublic( x509Spec ) failed
+ with java.security.InvalidKeyException
+ + JDK-8243210: ClhsdbScanOops fails with NullPointerException
+ in FileMapHeader.inCopiedVtableSpace
+ + JDK-8244078: ProcessTools executeTestJvm and
+ createJavaProcessBuilder have inconsistent handling of
+ test.*.opts
+ + JDK-8247895: SHA1PRNGReseed.java is calling setSeed(0)
+ + JDK-8247968: test/jdk/javax/crypto/SecretKeyFactory/
+ /security.properties has wrong header
+ + JDK-8248001: javadoc generates invalid HTML pages whose
+ ftp:// links are broken
+ + JDK-8249699: java/io/ByteArrayOutputStream/MaxCapacity.java
+ should use @requires instead of @ignore
+ + JDK-8251517: [TESTBUG] com/sun/net/httpserver/bugs/
+ /B6393710.java does not scale socket timeout
+ + JDK-8252530: Fix inconsistencies in hotspot whitebox
+ + JDK-8254350: CompletableFuture.get may swallow
+ InterruptedException
+ + JDK-8255348: NPE in PKIXCertPathValidator event logging code
+ + JDK-8257993: vmTestbase/nsk/jvmti/RedefineClasses/
+ /StressRedefine/TestDescription.java crash intermittently
+ + JDK-8259796: timed CompletableFuture.get may swallow
+ InterruptedException
+ + JDK-8260274: Cipher.init(int, key) does not use highest
+ priority provider for random bytes
+ + JDK-8260878: com/sun/jdi/JdbOptions.java fails without jfr
+ + JDK-8260934: java/lang/StringBuilder/HugeCapacity.java fails
+ without Compact Strings
+ + JDK-8263970: Manual test javax/swing/JTextField/
+ /JapaneseReadingAttributes/JapaneseReadingAttributes.java
+ failed
+ + JDK-8265980: Fix systemDictionary and loaderConstraints
+ printing
+ + JDK-8268457: XML Transformer outputs Unicode supplementary
+ character incorrectly to HTML
+ + JDK-8268464: Remove dependancy of TestHttpsServer,
+ HttpTransaction, HttpCallback from
+ open/test/jdk/sun/net/www/protocol/https/ tests
+ + JDK-8269091: javax/sound/sampled/Clip/SetPositionHang.java
+ failed with ArrayIndexOutOfBoundsException: Array index out of
+ range: -4
+ + JDK-8270331: [TESTBUG] Error: Not a test or directory
+ containing tests: java/awt/print/PrinterJob/InitToBlack.java
+ + JDK-8271838: AmazonCA.java interop test fails
+ + JDK-8273807: Zero: Drop incorrect test block from
+ compiler/startup/NumCompilerThreadsCheck.java
+ + JDK-8274205: Handle KDC_ERR_SVC_UNAVAILABLE error code from
+ KDC
+ + JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/
+ /SurrogateTest.java test
+ + JDK-8275234: java/awt/GraphicsDevice/DisplayModes/
+ /CycleDMImage.java is entered twice in ProblemList
+ + JDK-8275303: sun/java2d/pipe/InterpolationQualityTest.java
+ fails with D3D basic render driver
+ + JDK-8276651: java/lang/ProcessHandle tests fail with
+ "RuntimeException: Input/output error" in
+ java.lang.ProcessHandleImpl$Info.info0
+ + JDK-8277353: java/security/MessageDigest/
+ /ThreadSafetyTest.java test times out
+ + JDK-8279536: jdk/nio/zipfs/ZipFSOutputStreamTest.java timed
+ out
+ + JDK-8283756: (zipfs) ZipFSOutputStreamTest.testOutputStream
+ should only check inflated bytes
+ + JDK-8284524: Create an automated test for JDK-4422362
+ + JDK-8284767: Create an automated test for JDK-4422535
+ + JDK-8284772: GHA: Use GCC Major Version Dependencies Only
+ + JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java
+ failed with Default Button not pressed for L&F:
+ com.sun.java.swing.plaf.motif.MotifLookAndFeel
+ + JDK-8286172: Create an automated test for JDK-4516019
+ + JDK-8286481: Exception printed to stdout on Windows when
+ storing transparent image in clipboard
+ + JDK-8286620: Create regression test for verifying setMargin()
+ of JRadioButton
+ + JDK-8289508: Improve test coverage for XPath Axes: ancestor,
+ ancestor-or-self, preceding, and preceding-sibling
+ + JDK-8289748: C2 compiled code crashes with SIGFPE with
+ -XX:+StressLCM and -XX:+StressGCM
+ + JDK-8291444: GHA builds/tests won't run manually if disabled
+ from automatic running
+ + JDK-8291830: jvmti/RedefineClasses/StressRedefine failed:
+ assert(!is_null(v)) failed: narrow klass value can never be
+ zero
+ + JDK-8292033: Move jdk.X509Certificate event logic to JCA layer
+ + JDK-8292297: Fix up loading of override java.security
+ properties file
+ + JDK-8292443: Weak CAS VarHandle/Unsafe tests should test
+ always-failing cases
+ + JDK-8293180: JQuery UI license file not updated
+ + JDK-8293562: KeepAliveCache Blocks Threads while Closing
+ Connections
+ + JDK-8293657: sun/management/jmxremote/bootstrap/
+ /RmiBootstrapTest.java#id1 failed with "SSLHandshakeException:
+ Remote host terminated the handshake"
+ + JDK-8293858: Change PKCS7 code to use default SecureRandom
+ impl instead of SHA1PRNG
+ + JDK-8295737: macOS: Print content cut off when width > height
+ with portrait orientation
+ + JDK-8295894: Remove SECOM certificate that is expiring in
+ September 2023
+ + JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java
+ fails intermittently on a VM
+ + JDK-8297437: javadoc cannot link to old docs (with old style
+ anchors)
+ + JDK-8297523: Various GetPrimitiveArrayCritical miss result -
+ NULL check
+ + JDK-8297587: Upgrade JLine to 3.22.0
+ + JDK-8297681: Unnecessary color conversion during
+ 4BYTE_ABGR_PRE to INT_ARGB_PRE blit
+ + JDK-8297730: C2: Arraycopy intrinsic throws incorrect
+ exception
+ + JDK-8297887: Update Siphash
+ + JDK-8297923: java.awt.ScrollPane broken after multiple scroll
+ up/down
+ + JDK-8297955: LDAP CertStore should use LdapName and not
+ String for DNs
+ + JDK-8298921: Create a regression test for JDK-8139581
+ + JDK-8298974: Add ftcolor.c to imported freetype sources
+ + JDK-8299424: containers/docker/TestMemoryWithCgroupV1.java
+ fails on SLES12 ppc64le when testing Memory and Swap Limit
+ + JDK-8299658: C1 compilation crashes in
+ LinearScan::resolve_exception_edge
+ + JDK-8299713: Test javax/swing/JTableHeader/6889007/
+ /bug6889007.java failed: Wrong type of cursor
+ + JDK-8300098: java/util/concurrent/ConcurrentHashMap/
+ /ConcurrentAssociateTest.java fails with internal timeout when
+ executed with TieredCompilation1/3
+ + JDK-8300659: Refactor TestMemoryAwareness to use WhiteBox api
+ for host values
+ + JDK-8300751: [17u] Remove duplicate entry in javac.properties
+ + JDK-8301269: Update Commons BCEL to Version 6.7.0
+ + JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic
+ called with negative character argument
+ + JDK-8301700: Increase the default TLS Diffie-Hellman group
+ size from 1024-bit to 2048-bit
+ + JDK-8301959: Compile command in
+ compiler.loopopts.TestRemoveEmptyCountedLoop does not work
+ + JDK-8302161: Upgrade jQuery UI to version 1.13.2
+ + JDK-8302182: Update Public Suffix List to 88467c9
+ + JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during
+ unrolling
+ + JDK-8303809: Dispose context in SPNEGO NegotiatorImpl
+ + JDK-8304054: Linux: NullPointerException from
+ FontConfiguration.getVersion in case no fonts are installed
+ + JDK-8304498: JShell does not switch to raw mode when there is
+ no /bin/test
+ + JDK-8304867: Explicitly disable dtrace for ppc builds
+ + JDK-8305074: ProblemList
+ javax/net/ssl/DTLS/RespondToRetransmit.java
+ + JDK-8305421: Work around JDK-8305420 in CDSJDITest.java
+ + JDK-8305763: Parsing a URI with an underscore goes through a
+ silent exception, negatively impacting performance
+ + JDK-8305766: ProblemList runtime/CompressedOops/
+ /CompressedClassPointers.java
+ + JDK-8305950: Have -XshowSettings option display tzdata version
+ + JDK-8306133: Open source few AWT Drag & Drop related tests
+ + JDK-8306137: Open source several AWT ScrollPane related tests
+ + JDK-8306484: Open source several AWT Choice jtreg tests
+ + JDK-8306636: Disable compiler/c2/Test6905845.java with
+ -XX:TieredStopAtLevel=3
+ + JDK-8306638: Open source some AWT tests related to
+ datatransfer and Toolkit
+ + JDK-8306682: Open source a few more AWT Choice tests
+ + JDK-8306718: Optimize and opensource some old AWT tests
+ + JDK-8306954: Open source five Focus related tests
+ + JDK-8306955: Open source several JComboBox jtreg tests
+ + JDK-8307078: Opensource and clean up five more AWT Focus
+ related tests
+ + JDK-8307080: Open source some more JComboBox jtreg tests
+ + JDK-8307128: Open source some drag and drop tests 4
+ + JDK-8307133: Open source some JTable jtreg tests
++++ 61 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/java-11-openjdk/java-11-openjdk.changes
++++ and
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1945/java-11-openjdk.changes
Old:
----
jdk-11.0.20.1+1.tar.gz
New:
----
jdk-11.0.21+9.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ java-11-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.4jEyf6/_old 2023-10-19 22:49:58.896225301 +0200
+++ /var/tmp/diff_new_pack.4jEyf6/_new 2023-10-19 22:49:58.900225447 +0200
@@ -20,6 +20,7 @@
%{!?arm6:%global arm6 armv3l armv4b armv4l armv4tl armv5b armv5l armv5teb
armv5tel armv5tejl armv6l armv6hl}
%global jit_arches %{ix86} x86_64 ppc64 ppc64le %{aarch64} %{arm} s390x
%global debug 0
+%global make make
%if 0%{?suse_version} > 1500
%global add_back_javaee_modules 0
%else
@@ -37,9 +38,8 @@
# Standard JPackage naming and versioning defines.
%global featurever 11
%global interimver 0
-%global updatever 20
-%global patchver 1
-%global buildver 1
+%global updatever 21
+%global buildver 9
%global openjdk_repo jdk11u
%global openjdk_tag
jdk-%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}+%{buildver}
%global openjdk_dir
%{openjdk_repo}-jdk-%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}-%{buildver}
@@ -345,9 +345,9 @@
# java.io.FileNotFoundException: /usr/lib64/libnss3.so
#was bnc#634793
Requires: mozilla-nss
-Requires(post): java-ca-certificates
# Post requires update-alternatives to install tool update-alternatives.
Requires(post): update-alternatives
+Requires(posttrans):java-ca-certificates
# Postun requires update-alternatives to uninstall tool update-alternatives.
Requires(postun):update-alternatives
Recommends: tzdata-java8
@@ -579,12 +579,17 @@
EXTRA_CPP_FLAGS="-Wno-error"
%ifarch ppc64 ppc64le ppc
-EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
+EXTRA_CFLAGS="${EXTRA_CFLAGS} -fno-strict-aliasing"
%endif
%if 0%{?suse_version} >= 1330
-EXTRA_CFLAGS="$EXTRA_CFLAGS -Wno-error -std=gnu++98
-fno-delete-null-pointer-checks -fno-lifetime-dse -fpermissive"
-EXTRA_CPP_FLAGS="$EXTRA_CPP_FLAGS -Wno-error -std=gnu++98
-fno-delete-null-pointer-checks -fno-lifetime-dse"
+EXTRA_CFLAGS="${EXTRA_CFLAGS} -fno-delete-null-pointer-checks
-fno-lifetime-dse -fpermissive"
+EXTRA_CPP_FLAGS="${EXTRA_CPP_FLAGS} -std=gnu++98
-fno-delete-null-pointer-checks -fno-lifetime-dse"
+%endif
+
+%ifarch %{ix86}
+EXTRA_CFLAGS="${EXTRA_CFLAGS} -mstackrealign -mincoming-stack-boundary=2
-mpreferred-stack-boundary=4"
+EXTRA_CPP_FLAGS="${EXTRA_CPP_FLAGS} -mstackrealign -mincoming-stack-boundary=2
-mpreferred-stack-boundary=4"
%endif
mkdir -p %{buildoutputdir}
@@ -611,6 +616,7 @@
%endif
--disable-keep-packaged-modules \
--with-debug-level=%{debugbuild} \
+ --with-native-debug-symbols=internal \
--enable-sysconf-nss \
--with-zlib=system \
--with-libjpeg=system \
@@ -630,8 +636,8 @@
%ifarch x86_64
--with-jvm-features=zgc,shenandoahgc \
%endif
- --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
- --with-extra-cflags="$EXTRA_CFLAGS" \
+ --with-extra-cxxflags="${EXTRA_CPP_FLAGS}" \
+ --with-extra-cflags="${EXTRA_CFLAGS}" \
--disable-javac-server
# The combination of FULL_DEBUG_SYMBOLS=0 and ALT_OBJCOPY=/does_not_exist
@@ -639,7 +645,7 @@
# STRIP_POLICY=none says don't do any stripping. DEBUG_BINARIES=true says
# ignore all the other logic about which debug options and just do '-g'.
-make \
+%{make} \
JAVAC_FLAGS=-g \
LOG=trace \
DEBUG_BINARIES=true \
@@ -1014,7 +1020,7 @@
fi
# remove the default empty cacert file, if it's installed
-if [ 0`stat -c "%{s}" %{cacerts} 2>/dev/null` = "032" ] ; then
+if [ 0`stat -c "%%s" %{cacerts} 2>/dev/null` = "032" ] ; then
rm -f %{cacerts}
fi
++++++ adlc-parser.patch ++++++
--- /var/tmp/diff_new_pack.4jEyf6/_old 2023-10-19 22:49:58.996228929 +0200
+++ /var/tmp/diff_new_pack.4jEyf6/_new 2023-10-19 22:49:59.000229074 +0200
@@ -1,10 +1,22 @@
---- jdk10/src/hotspot/share/adlc/formsopt.cpp 2014-07-03 21:56:12.000000000
+0200
-+++ jdk10/src/hotspot/share/adlc/formsopt.cpp 2014-07-14 11:43:21.900408570
+0200
-@@ -347,6 +347,7 @@
+--- a/src/hotspot/share/adlc/formsopt.cpp
++++ b/src/hotspot/share/adlc/formsopt.cpp
+@@ -427,6 +427,11 @@ void AllocClass::output(FILE *fp) { // Write info
to output files
+ //==============================Frame
Handling=================================
+
//------------------------------FrameForm--------------------------------------
+ FrameForm::FrameForm() {
++ _sync_stack_slots = NULL;
++ _inline_cache_reg = NULL;
++ _interpreter_method_oop_reg = NULL;
++ _interpreter_frame_pointer_reg = NULL;
++ _cisc_spilling_operand_name = NULL;
+ _frame_pointer = NULL;
+ _c_frame_pointer = NULL;
+ _alignment = NULL;
+@@ -438,7 +443,6 @@ FrameForm::FrameForm() {
+ _c_calling_convention = NULL;
_return_value = NULL;
_c_return_value = NULL;
- _interpreter_frame_pointer_reg = NULL;
-+ _cisc_spilling_operand_name = NULL;
+- _interpreter_frame_pointer_reg = NULL;
}
FrameForm::~FrameForm() {
++++++ config.guess ++++++
--- /var/tmp/diff_new_pack.4jEyf6/_old 2023-10-19 22:49:59.020229799 +0200
+++ /var/tmp/diff_new_pack.4jEyf6/_new 2023-10-19 22:49:59.024229945 +0200
@@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale
-timestamp='2023-07-20'
+timestamp='2023-08-22'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -155,6 +155,9 @@
set_cc_for_build
cat <<-EOF > "$dummy.c"
+ #if defined(__ANDROID__)
+ LIBC=android
+ #else
#include <features.h>
#if defined(__UCLIBC__)
LIBC=uclibc
@@ -169,6 +172,7 @@
LIBC=musl
#endif
#endif
+ #endif
EOF
cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' |
sed 's, ,,g'`
eval "$cc_set_libc"
@@ -904,7 +908,7 @@
fi
;;
*:FreeBSD:*:*)
- UNAME_PROCESSOR=`/usr/bin/uname -p`
+ UNAME_PROCESSOR=`uname -p`
case $UNAME_PROCESSOR in
amd64)
UNAME_PROCESSOR=x86_64 ;;
++++++ config.sub ++++++
--- /var/tmp/diff_new_pack.4jEyf6/_old 2023-10-19 22:49:59.036230379 +0200
+++ /var/tmp/diff_new_pack.4jEyf6/_new 2023-10-19 22:49:59.040230525 +0200
@@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale
-timestamp='2023-07-31'
+timestamp='2023-09-19'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -1181,7 +1181,7 @@
case $cpu in
1750a | 580 \
| a29k \
- | aarch64 | aarch64_be \
+ | aarch64 | aarch64_be | aarch64c | arm64ec \
| abacus \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 |
alpha64ev6[78] \
@@ -1200,6 +1200,7 @@
| d10v | d30v | dlx | dsp16xx \
| e2k | elxsi | epiphany \
| f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
+ | javascript \
| h8300 | h8500 \
| hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
@@ -1284,11 +1285,12 @@
# Decode manufacturer-specific aliases for certain operating systems.
-if test x$basic_os != x
+if test x"$basic_os" != x
then
# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just
# set os.
+obj=
case $basic_os in
gnu/linux*)
kernel=linux
@@ -1488,10 +1490,16 @@
os=eabi
;;
*)
- os=elf
+ os=
+ obj=elf
;;
esac
;;
+ aout* | coff* | elf* | pe*)
+ # These are machine code file formats, not OSes
+ obj=$os
+ os=
+ ;;
*)
# No normalization, but not necessarily accepted, that comes
below.
;;
@@ -1510,12 +1518,15 @@
# system, and we'll never get to this point.
kernel=
+obj=
case $cpu-$vendor in
score-*)
- os=elf
+ os=
+ obj=elf
;;
spu-*)
- os=elf
+ os=
+ obj=elf
;;
*-acorn)
os=riscix1.2
@@ -1525,28 +1536,35 @@
os=gnu
;;
arm*-semi)
- os=aout
+ os=
+ obj=aout
;;
c4x-* | tic4x-*)
- os=coff
+ os=
+ obj=coff
;;
c8051-*)
- os=elf
+ os=
+ obj=elf
;;
clipper-intergraph)
os=clix
;;
hexagon-*)
- os=elf
+ os=
+ obj=elf
;;
tic54x-*)
- os=coff
+ os=
+ obj=coff
;;
tic55x-*)
- os=coff
+ os=
+ obj=coff
;;
tic6x-*)
- os=coff
+ os=
+ obj=coff
;;
# This must come before the *-dec entry.
pdp10-*)
@@ -1568,19 +1586,24 @@
os=sunos3
;;
m68*-cisco)
- os=aout
+ os=
+ obj=aout
;;
mep-*)
- os=elf
+ os=
+ obj=elf
;;
mips*-cisco)
- os=elf
+ os=
+ obj=elf
;;
mips*-*)
- os=elf
+ os=
+ obj=elf
;;
or32-*)
- os=coff
+ os=
+ obj=coff
;;
*-tti) # must be before sparc entry or we get the wrong os.
os=sysv3
@@ -1589,7 +1612,8 @@
os=sunos4.1.1
;;
pru-*)
- os=elf
+ os=
+ obj=elf
;;
*-be)
os=beos
@@ -1670,10 +1694,12 @@
os=uxpv
;;
*-rom68k)
- os=coff
+ os=
+ obj=coff
;;
*-*bug)
- os=coff
+ os=
+ obj=coff
;;
*-apple)
os=macos
@@ -1691,7 +1717,8 @@
fi
-# Now, validate our (potentially fixed-up) OS.
+# Now, validate our (potentially fixed-up) individual pieces (OS, OBJ).
+
case $os in
# Sometimes we do "kernel-libc", so those need to count as OSes.
musl* | newlib* | relibc* | uclibc*)
@@ -1702,6 +1729,9 @@
# VxWorks passes extra cpu info in the 4th filed.
simlinux | simwindows | spe)
;;
+ # See `case $cpu-$os` validation below
+ ghcjs)
+ ;;
# Now accept the basic system types.
# The portable systems comes first.
# Each alternative MUST end in a * to match a version number.
@@ -1719,11 +1749,11 @@
| mirbsd* | netbsd* | dicos* | openedition* | ose* \
| bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \
| ekkobsd* | freebsd* | riscix* | lynxos* | os400* \
- | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
- | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
+ | bosx* | nextstep* | cxux* | oabi* \
+ | ptx* | ecoff* | winnt* | domain* | vsta* \
| udi* | lites* | ieee* | go32* | aux* | hcos* \
| chorusrdb* | cegcc* | glidix* | serenity* \
- | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
+ | cygwin* | msys* | moss* | proelf* | rtems* \
| midipix* | mingw32* | mingw64* | mint* \
| uxpv* | beos* | mpeix* | udk* | moxiebox* \
| interix* | uwin* | mks* | rhapsody* | darwin* \
@@ -1747,60 +1777,95 @@
kernel* | msvc* )
# Restricted further below
;;
+ '')
+ if test x"$obj" = x
+ then
+ echo "Invalid configuration '$1': Blank OS only allowed
with explicit machine code file format" 1>&2
+ fi
+ ;;
*)
echo "Invalid configuration '$1': OS '$os' not recognized" 1>&2
exit 1
;;
esac
+case $obj in
+ aout* | coff* | elf* | pe*)
+ ;;
+ '')
+ # empty is fine
+ ;;
+ *)
+ echo "Invalid configuration '$1': Machine code format '$obj'
not recognized" 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we handle the constraint that a (synthetic) cpu and os are
+# valid only in combination with each other and nowhere else.
+case $cpu-$os in
+ # The "javascript-unknown-ghcjs" triple is used by GHC; we
+ # accept it here in order to tolerate that, but reject any
+ # variations.
+ javascript-ghcjs)
+ ;;
+ javascript-* | *-ghcjs)
+ echo "Invalid configuration '$1': cpu '$cpu' is not valid with
os '$os$obj'" 1>&2
+ exit 1
+ ;;
+esac
+
# As a final step for OS-related things, validate the OS-kernel combination
# (given a valid OS), if there is a kernel.
-case $kernel-$os in
- linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
- | linux-musl* | linux-relibc* | linux-uclibc* | linux-mlibc*
)
+case $kernel-$os-$obj in
+ linux-gnu*- | linux-dietlibc*- | linux-android*- | linux-newlib*- \
+ | linux-musl*- | linux-relibc*- | linux-uclibc*- |
linux-mlibc*- )
;;
- uclinux-uclibc* )
+ uclinux-uclibc*- )
;;
- managarm-mlibc* | managarm-kernel* )
+ managarm-mlibc*- | managarm-kernel*- )
;;
- windows*-gnu* | windows*-msvc*)
+ windows*-msvc*-)
;;
- -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* | -mlibc* )
+ -dietlibc*- | -newlib*- | -musl*- | -relibc*- | -uclibc*- | -mlibc*- )
# These are just libc implementations, not actual OSes, and thus
# require a kernel.
echo "Invalid configuration '$1': libc '$os' needs explicit
kernel." 1>&2
exit 1
;;
- -kernel* )
+ -kernel*- )
echo "Invalid configuration '$1': '$os' needs explicit kernel."
1>&2
exit 1
;;
- *-kernel* )
+ *-kernel*- )
echo "Invalid configuration '$1': '$kernel' does not support
'$os'." 1>&2
exit 1
;;
- *-msvc* )
+ *-msvc*- )
echo "Invalid configuration '$1': '$os' needs 'windows'." 1>&2
exit 1
;;
- kfreebsd*-gnu* | kopensolaris*-gnu*)
+ kfreebsd*-gnu*- | kopensolaris*-gnu*-)
;;
- vxworks-simlinux | vxworks-simwindows | vxworks-spe)
+ vxworks-simlinux- | vxworks-simwindows- | vxworks-spe-)
;;
- nto-qnx*)
+ nto-qnx*-)
;;
- os2-emx)
+ os2-emx-)
;;
- *-eabi* | *-gnueabi*)
+ *-eabi*- | *-gnueabi*-)
;;
- none-coff* | none-elf*)
+ none--*)
# None (no kernel, i.e. freestanding / bare metal),
- # can be paired with an output format "OS"
+ # can be paired with an machine code file format
;;
- -*)
+ -*-)
# Blank kernel with real OS is always fine.
;;
- *-*)
+ --*)
+ # Blank kernel and OS with real machine code file format is
always fine.
+ ;;
+ *-*-*)
echo "Invalid configuration '$1': Kernel '$kernel' not known to
work with OS '$os'." 1>&2
exit 1
;;
@@ -1884,7 +1949,7 @@
;;
esac
-echo "$cpu-$vendor-${kernel:+$kernel-}$os"
+echo "$cpu-$vendor${kernel:+-$kernel}${os:+-$os}${obj:+-$obj}"
exit
# Local variables:
++++++ fips.patch ++++++
--- /var/tmp/diff_new_pack.4jEyf6/_old 2023-10-19 22:49:59.056231105 +0200
+++ /var/tmp/diff_new_pack.4jEyf6/_new 2023-10-19 22:49:59.056231105 +0200
@@ -1,6 +1,6 @@
---- jdk11u/make/autoconf/libraries.m4 2023-05-10 19:43:58.534273705 +0200
-+++ jdk11u/make/autoconf/libraries.m4 2023-05-11 09:44:31.769353381 +0200
-@@ -101,6 +101,7 @@
+--- a/make/autoconf/libraries.m4
++++ b/make/autoconf/libraries.m4
+@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
LIB_SETUP_LIBFFI
LIB_SETUP_BUNDLED_LIBS
LIB_SETUP_MISC_LIBS
@@ -8,7 +8,7 @@
LIB_SETUP_SOLARIS_STLPORT
LIB_TESTS_SETUP_GRAALUNIT
-@@ -223,3 +224,62 @@
+@@ -223,3 +224,62 @@ AC_DEFUN_ONCE([LIB_SETUP_SOLARIS_STLPORT],
fi
])
@@ -71,9 +71,9 @@
+ fi
+ AC_SUBST(USE_SYSCONF_NSS)
+])
---- jdk11u/make/autoconf/spec.gmk.in 2023-05-10 19:43:58.534273705 +0200
-+++ jdk11u/make/autoconf/spec.gmk.in 2023-05-11 09:44:31.769353381 +0200
-@@ -848,6 +848,10 @@
+--- a/make/autoconf/spec.gmk.in
++++ b/make/autoconf/spec.gmk.in
+@@ -848,6 +848,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
# Libraries
#
@@ -84,12 +84,13 @@
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
---- jdk11u/make/lib/Lib-java.base.gmk 2023-05-10 19:43:58.586273741 +0200
-+++ jdk11u/make/lib/Lib-java.base.gmk 2023-05-11 09:44:31.769353381 +0200
-@@ -179,6 +179,31 @@
+--- a/make/lib/Lib-java.base.gmk
++++ b/make/lib/Lib-java.base.gmk
+@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true)
+ endif
endif
-
################################################################################
++################################################################################
+# Create the systemconf library
+
+LIBSYSTEMCONF_CFLAGS :=
@@ -114,12 +115,11 @@
+ TARGETS += $(BUILD_LIBSYSTEMCONF)
+endif
+
-+################################################################################
+
################################################################################
# Create the symbols file for static builds.
- ifeq ($(STATIC_BUILD), true)
---- jdk11u/make/nb_native/nbproject/configurations.xml 2023-05-10
19:43:58.590273744 +0200
-+++ jdk11u/make/nb_native/nbproject/configurations.xml 2023-05-11
09:44:31.781353376 +0200
+--- a/make/nb_native/nbproject/configurations.xml
++++ b/make/nb_native/nbproject/configurations.xml
@@ -2950,6 +2950,9 @@
<in>LinuxWatchService.c</in>
</df>
@@ -130,21 +130,21 @@
</df>
</df>
<df name="macosx">
-@@ -29300,6 +29303,11 @@
- ex="false"
+@@ -29301,6 +29304,11 @@
tool="0"
flavor2="0">
-+ </item>
+ </item>
+ <item path="../../src/java.base/linux/native/libsystemconf/systemconf.c"
+ ex="false"
+ tool="0"
+ flavor2="0">
- </item>
++ </item>
<item path="../../src/java.base/macosx/native/include/jni_md.h"
ex="false"
---- jdk11u/make/scripts/compare_exceptions.sh.incl 2023-05-10
19:43:58.590273744 +0200
-+++ jdk11u/make/scripts/compare_exceptions.sh.incl 2023-05-11
09:44:31.785353373 +0200
-@@ -179,6 +179,7 @@
+ tool="3"
+--- a/make/scripts/compare_exceptions.sh.incl
++++ b/make/scripts/compare_exceptions.sh.incl
+@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [
"$OPENJDK_TARGET_CPU" = "x86_64" ];
./lib/libsplashscreen.so
./lib/libsunec.so
./lib/libsunwjdga.so
@@ -152,7 +152,7 @@
./lib/libunpack.so
./lib/libverify.so
./lib/libzip.so
-@@ -289,6 +290,7 @@
+@@ -289,6 +290,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [
"$OPENJDK_TARGET_CPU" = "sparcv9" ]
./lib/libsplashscreen.so
./lib/libsunec.so
./lib/libsunwjdga.so
@@ -160,8 +160,8 @@
./lib/libunpack.so
./lib/libverify.so
./lib/libzip.so
---- jdk11u/src/java.base/linux/native/libsystemconf/systemconf.c
1970-01-01 01:00:00.000000000 +0100
-+++ jdk11u/src/java.base/linux/native/libsystemconf/systemconf.c
2023-05-11 09:44:31.785353373 +0200
+--- /dev/null
++++ b/src/java.base/linux/native/libsystemconf/systemconf.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@@ -387,9 +387,9 @@
+ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
+ }
+}
---- jdk11u/src/java.base/share/classes/java/security/Security.java
2023-05-10 19:43:58.770273872 +0200
-+++ jdk11u/src/java.base/share/classes/java/security/Security.java
2023-05-11 09:44:31.785353373 +0200
-@@ -32,6 +32,7 @@
+--- a/src/java.base/share/classes/java/security/Security.java
++++ b/src/java.base/share/classes/java/security/Security.java
+@@ -32,6 +32,7 @@ import java.net.URL;
import jdk.internal.event.EventHelper;
import jdk.internal.event.SecurityPropertyModificationEvent;
@@ -397,9 +397,9 @@
import jdk.internal.misc.SharedSecrets;
import jdk.internal.util.StaticProperty;
import sun.security.util.Debug;
-@@ -47,12 +48,20 @@
- * implementation-specific location, which is typically the properties file
- * {@code conf/security/java.security} in the Java installation directory.
+@@ -50,12 +51,20 @@ import sun.security.jca.*;
+ * @implNote If the properties file fails to load, the JDK implementation will
+ * throw an unspecified error when initializing the {@code Security} class.
*
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
@@ -418,7 +418,7 @@
/* Are we debugging? -- for developers */
private static final Debug sdebug =
Debug.getInstance("properties");
-@@ -67,6 +76,19 @@
+@@ -70,6 +79,19 @@ public final class Security {
}
static {
@@ -438,26 +438,19 @@
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call,
-@@ -83,6 +105,7 @@
+@@ -85,6 +107,7 @@ public final class Security {
+ private static void initialize() {
props = new Properties();
- boolean loadedProps = false;
boolean overrideAll = false;
+ boolean systemSecPropsEnabled = false;
// first load the system properties file
// to determine the value of security.overridePropertiesFile
-@@ -98,6 +121,7 @@
- if (sdebug != null) {
- sdebug.println("reading security properties file: " +
- propFile);
-+ sdebug.println(props.toString());
- }
- } catch (IOException e) {
- if (sdebug != null) {
-@@ -192,6 +216,61 @@
+@@ -105,9 +128,63 @@ public final class Security {
}
+ loadProps(null, extraPropFile, overrideAll);
}
-
++
+ boolean sysUseProps =
Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
+ boolean secUseProps =
Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
+ if (sdebug != null) {
@@ -477,9 +470,7 @@
+ }
+ }
+
-+ // FIPS support depends on the contents of java.security so
-+ // ensure it has loaded first
-+ if (loadedProps && systemSecPropsEnabled) {
++ if (systemSecPropsEnabled) {
+ boolean shouldEnable;
+ String sysProp = System.getProperty("com.suse.fips");
+ if (sysProp == null) {
@@ -515,9 +506,13 @@
+ }
}
- /*
---- jdk11u/src/java.base/share/classes/java/security/SystemConfigurator.java
1970-01-01 01:00:00.000000000 +0100
-+++ jdk11u/src/java.base/share/classes/java/security/SystemConfigurator.java
2023-05-11 09:44:31.789353372 +0200
+- private static boolean loadProps(File masterFile, String extraPropFile,
boolean overrideAll) {
++ static boolean loadProps(File masterFile, String extraPropFile, boolean
overrideAll) {
+ InputStream is = null;
+ try {
+ if (masterFile != null && masterFile.exists()) {
+--- /dev/null
++++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,248 @@
+/*
+ * Copyright (c) 2019, 2021, Red Hat, Inc.
@@ -767,8 +762,8 @@
+ }
+ }
+}
----
jdk11u/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
1970-01-01 01:00:00.000000000 +0100
-+++
jdk11u/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
2023-05-11 09:44:31.789353372 +0200
+--- /dev/null
++++
b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2020, Red Hat, Inc.
@@ -801,9 +796,11 @@
+ boolean isSystemFipsEnabled();
+ boolean isPlainKeySupportEnabled();
+}
---- jdk11u/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
2023-05-10 19:43:58.802273893 +0200
-+++ jdk11u/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
2023-05-11 09:44:31.789353372 +0200
-@@ -36,6 +36,7 @@
+diff --git a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+index 688ec9f091..8489b940c4 100644
+--- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
++++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+@@ -36,6 +36,7 @@ import java.io.FilePermission;
import java.io.ObjectInputStream;
import java.io.RandomAccessFile;
import java.security.ProtectionDomain;
@@ -811,7 +808,7 @@
import java.security.Signature;
/** A repository of "shared secrets", which are a mechanism for
-@@ -76,6 +77,7 @@
+@@ -76,6 +77,7 @@ public class SharedSecrets {
private static JavaIORandomAccessFileAccess javaIORandomAccessFileAccess;
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
private static JavaxCryptoSealedObjectAccess
javaxCryptoSealedObjectAccess;
@@ -819,7 +816,7 @@
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
-@@ -361,4 +363,15 @@
+@@ -361,4 +363,15 @@ public class SharedSecrets {
}
return javaxCryptoSealedObjectAccess;
}
@@ -835,9 +832,9 @@
+ return javaSecuritySystemConfiguratorAccess;
+ }
}
---- jdk11u/src/java.base/share/classes/module-info.java 2023-05-10
19:43:58.810273900 +0200
-+++ jdk11u/src/java.base/share/classes/module-info.java 2023-05-11
09:44:31.789353372 +0200
-@@ -182,6 +182,7 @@
+--- a/src/java.base/share/classes/module-info.java
++++ b/src/java.base/share/classes/module-info.java
+@@ -182,6 +182,7 @@ module java.base {
java.security.jgss,
java.sql,
java.xml,
@@ -845,9 +842,9 @@
jdk.jartool,
jdk.attach,
jdk.charsets,
----
jdk11u/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
2023-05-10 19:43:58.826273911 +0200
-+++
jdk11u/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
2023-05-11 09:44:31.789353372 +0200
-@@ -33,8 +33,13 @@
+--- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
++++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
import javax.net.ssl.*;
@@ -861,7 +858,7 @@
X509ExtendedKeyManager keyManager;
boolean isInitialized;
-@@ -62,7 +67,8 @@
+@@ -62,7 +67,8 @@ abstract class KeyManagerFactoryImpl extends
KeyManagerFactorySpi {
KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException {
if ((ks != null) && SunJSSE.isFIPS()) {
@@ -871,7 +868,7 @@
throw new KeyStoreException("FIPS mode: KeyStore must be "
+ "from provider " +
SunJSSE.cryptoProvider.getName());
}
-@@ -91,8 +97,8 @@
+@@ -91,8 +97,8 @@ abstract class KeyManagerFactoryImpl extends
KeyManagerFactorySpi {
keyManager = new X509KeyManagerImpl(
Collections.<Builder>emptyList());
} else {
@@ -882,9 +879,9 @@
throw new KeyStoreException(
"FIPS mode: KeyStore must be " +
"from provider " + SunJSSE.cryptoProvider.getName());
---- jdk11u/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
2023-05-10 19:43:58.830273913 +0200
-+++ jdk11u/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
2023-05-11 09:44:31.793353369 +0200
-@@ -31,6 +31,7 @@
+--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
++++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+@@ -31,6 +31,7 @@ import java.security.*;
import java.security.cert.*;
import java.util.*;
import javax.net.ssl.*;
@@ -892,7 +889,7 @@
import sun.security.action.GetPropertyAction;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.validator.Validator;
-@@ -542,6 +543,23 @@
+@@ -542,6 +543,23 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
static {
if (SunJSSE.isFIPS()) {
@@ -916,7 +913,7 @@
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
-@@ -556,6 +574,7 @@
+@@ -556,6 +574,7 @@ public abstract class SSLContextImpl extends SSLContextSpi
{
ProtocolVersion.TLS11,
ProtocolVersion.TLS10
});
@@ -924,7 +921,7 @@
} else {
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
-@@ -910,12 +929,23 @@
+@@ -910,12 +929,23 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
if (client) {
// default client protocols
if (SunJSSE.isFIPS()) {
@@ -948,7 +945,7 @@
} else {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
-@@ -927,12 +957,23 @@
+@@ -927,12 +957,23 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
} else {
// default server protocols
if (SunJSSE.isFIPS()) {
@@ -972,9 +969,9 @@
} else {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
---- jdk11u/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
2023-05-10 19:43:58.830273913 +0200
-+++ jdk11u/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
2023-05-11 09:44:31.793353369 +0200
-@@ -27,6 +27,8 @@
+--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
++++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+@@ -27,6 +27,8 @@ package sun.security.ssl;
import java.security.*;
import java.util.*;
@@ -982,8 +979,8 @@
+import jdk.internal.misc.SharedSecrets;
import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
- import static sun.security.provider.SunEntries.createAliases;
-@@ -195,8 +197,13 @@
+ import static sun.security.util.SecurityProviderConstants.*;
+@@ -195,8 +197,13 @@ public abstract class SunJSSE extends
java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2",
"sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
@@ -996,13 +993,14 @@
+ }
ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext",
- (isfips? null : createAliases("SSL")), null);
---- jdk11u/src/java.base/share/conf/security/java.security 2023-05-10
19:43:58.842273922 +0200
-+++ jdk11u/src/java.base/share/conf/security/java.security 2023-05-11
09:44:31.793353369 +0200
-@@ -86,6 +86,14 @@
+ (isfips? null : List.of("SSL")), null);
+--- a/src/java.base/share/conf/security/java.security
++++ b/src/java.base/share/conf/security/java.security
+@@ -89,6 +89,14 @@ security.provider.tbd=SunPKCS11
+ #endif
#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
- #
++#
+# Security providers used when FIPS mode support is active
+#
+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
@@ -1010,38 +1008,37 @@
+fips.provider.3=SunEC
+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
+
-+#
+ #
# A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers.
- # Entries containing errors (parsing, etc) will be ignored. Use the
-@@ -299,6 +307,11 @@
+@@ -302,6 +310,11 @@ policy.ignoreIdentityScope=false
+ #
keystore.type=pkcs12
- #
++#
+# Default keystore type used when global crypto-policies are set to FIPS.
+#
+fips.keystore.type=PKCS11
+
-+#
+ #
# Controls compatibility mode for JKS and PKCS12 keystore types.
#
- # When set to 'true', both JKS and PKCS12 keystore types support loading
-@@ -336,6 +349,13 @@
+@@ -339,6 +352,13 @@ package.definition=sun.misc.,\
+ #
security.overridePropertiesFile=true
- #
++#
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=true
+
-+#
+ #
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
- #
----
jdk11u/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
1970-01-01 01:00:00.000000000 +0100
-+++
jdk11u/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
2023-05-11 09:44:31.793353369 +0200
+--- /dev/null
++++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@@ -1333,8 +1330,8 @@
+ }
+ }
+}
----
jdk11u/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
2023-05-10 19:43:59.222274190 +0200
-+++
jdk11u/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
2023-05-11 09:44:31.793353369 +0200
+--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
package sun.security.pkcs11;
@@ -1345,7 +1342,7 @@
import java.util.*;
import java.security.*;
-@@ -43,6 +46,8 @@
+@@ -43,6 +46,8 @@ import javax.security.auth.callback.PasswordCallback;
import com.sun.crypto.provider.ChaCha20Poly1305Parameters;
import jdk.internal.misc.InnocuousThread;
@@ -1354,7 +1351,7 @@
import sun.security.util.Debug;
import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
-@@ -60,6 +65,29 @@
+@@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
*/
public final class SunPKCS11 extends AuthProvider {
@@ -1384,7 +1381,7 @@
private static final long serialVersionUID = -1354835039035306505L;
static final Debug debug = Debug.getInstance("sunpkcs11");
-@@ -317,10 +345,15 @@
+@@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider {
// request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11;
@@ -1401,7 +1398,7 @@
} catch (PKCS11Exception e) {
if (debug != null) {
debug.println("Multi-threaded initialization failed: " +
e);
-@@ -336,7 +369,7 @@
+@@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider {
initArgs.flags = 0;
}
tmpPKCS11 = PKCS11.getInstance(library,
@@ -1410,7 +1407,7 @@
}
p11 = tmpPKCS11;
-@@ -376,6 +409,24 @@
+@@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider {
if (nssModule != null) {
nssModule.setProvider(this);
}
@@ -1435,9 +1432,9 @@
} catch (Exception e) {
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
throw new UnsupportedOperationException
----
jdk11u/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
2023-05-10 19:43:59.226274194 +0200
-+++
jdk11u/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
2023-05-11 09:44:31.797353367 +0200
-@@ -49,6 +49,7 @@
+---
a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
++++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
import java.io.File;
import java.io.IOException;
@@ -1445,7 +1442,7 @@
import java.util.*;
import java.security.AccessController;
-@@ -148,19 +149,42 @@
+@@ -148,19 +149,42 @@ public class PKCS11 {
this.pkcs11ModulePath = pkcs11ModulePath;
}
@@ -1488,7 +1485,7 @@
if (omitInitialize == false) {
try {
pkcs11.C_Initialize(pInitArgs);
-@@ -1909,4 +1933,69 @@
+@@ -1909,4 +1933,69 @@ static class SynchronizedPKCS11 extends PKCS11 {
super.C_GenerateRandom(hSession, randomData);
}
}
++++++ jdk-11.0.20.1+1.tar.gz -> jdk-11.0.21+9.tar.gz ++++++
/work/SRC/openSUSE:Factory/java-11-openjdk/jdk-11.0.20.1+1.tar.gz
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1945/jdk-11.0.21+9.tar.gz
differ: char 13, line 1
++++++ nss-security-provider.patch ++++++
--- /var/tmp/diff_new_pack.4jEyf6/_old 2023-10-19 22:49:59.140234152 +0200
+++ /var/tmp/diff_new_pack.4jEyf6/_new 2023-10-19 22:49:59.140234152 +0200
@@ -1,6 +1,6 @@
---- openjdk/src/java.base/share/conf/security/java.security 2021-03-16
07:15:49.798093653 +0100
-+++ openjdk/src/java.base/share/conf/security/java.security 2021-03-16
11:38:01.416893125 +0100
-@@ -83,6 +83,7 @@
+--- a/src/java.base/share/conf/security/java.security
++++ b/src/java.base/share/conf/security/java.security
+@@ -87,6 +87,7 @@ security.provider.tbd=Apple
#ifndef solaris
security.provider.tbd=SunPKCS11
#endif
++++++ reproducible-javadoc-timestamp.patch ++++++
--- /var/tmp/diff_new_pack.4jEyf6/_old 2023-10-19 22:49:59.176235457 +0200
+++ /var/tmp/diff_new_pack.4jEyf6/_new 2023-10-19 22:49:59.180235603 +0200
@@ -1,14 +1,3 @@
-From cf1f86d30b2e9d0b4ada535d16e6e9141dc6bb17 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <[email protected]>
-Date: Fri, 4 Aug 2023 17:43:52 +0200
-Subject: [PATCH] Reproducible javadoc timestamp
-
----
- .../doclets/formats/html/markup/Head.java | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git
a/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/formats/html/markup/Head.java
b/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/formats/html/markup/Head.java
-index 85ee310f0b..3c5260b1a0 100644
---
a/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/formats/html/markup/Head.java
+++
b/src/jdk.javadoc/share/classes/jdk/javadoc/internal/doclets/formats/html/markup/Head.java
@@ -256,6 +256,9 @@ public class Head {
@@ -47,7 +36,4 @@
}
return new Comment(text);
}
---
-2.41.0
-
