Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package java-17-openjdk for openSUSE:Factory
checked in at 2021-09-17 23:25:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-17-openjdk (Old)
and /work/SRC/openSUSE:Factory/.java-17-openjdk.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "java-17-openjdk"
Fri Sep 17 23:25:57 2021 rev:3 rq:919651 version:17.0.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/java-17-openjdk/java-17-openjdk.changes
2021-09-14 21:15:09.744450541 +0200
+++
/work/SRC/openSUSE:Factory/.java-17-openjdk.new.1899/java-17-openjdk.changes
2021-09-17 23:26:13.989251247 +0200
@@ -1,0 +2,7 @@
+Thu Sep 16 06:16:11 UTC 2021 - Fridrich Strba <fst...@suse.com>
+
+- Added patch:
+ * fips.patch
+ + implement FIPS support in OpenJDK
+
+-------------------------------------------------------------------
@@ -4 +11,9 @@
-- jdk-17+35 is official release of OpenJDK 17
+- jdk-17+35 is official release of OpenJDK 17 (jsc#SLE-18742)
+
+-------------------------------------------------------------------
+Mon Sep 13 12:46:09 UTC 2021 - Fridrich Strba <fst...@suse.com>
+
+- Modified patch:
+ * nss-security-provider.patch
+ + revert recent changes making NSS provider the default one
+ + fixes bsc#1190252
New:
----
fips.patch
nss.fips.cfg.in
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ java-17-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.ONNMFh/_old 2021-09-17 23:26:15.985253027 +0200
+++ /var/tmp/diff_new_pack.ONNMFh/_new 2021-09-17 23:26:15.993253034 +0200
@@ -158,7 +158,9 @@
# Desktop files. Adapated from IcedTea.
Source11: jconsole.desktop.in
# nss configuration file
-Source13: nss.cfg.in
+Source12: nss.cfg.in
+# nss fips configuration file
+Source13: nss.fips.cfg.in
# Ensure we aren't using the limited crypto policy
Source14: TestCryptoLevel.java
# Ensure ECDSA is working
@@ -208,6 +210,7 @@
Patch16: system-crypto-policy.patch
Patch17: nss-security-provider.patch
+Patch18: fips.patch
#
Patch20: loadAssistiveTechnologies.patch
#
@@ -249,7 +252,7 @@
BuildRequires: libpng-devel
BuildRequires: libtool
BuildRequires: libxslt
-BuildRequires: mozilla-nss-devel
+BuildRequires: mozilla-nss-devel >= 3.53
BuildRequires: pkgconfig
BuildRequires: unzip
BuildRequires: update-desktop-files
@@ -499,6 +502,7 @@
%patch16 -p1
%patch17 -p1
+%patch18 -p1
%patch20 -p1
@@ -549,7 +553,11 @@
done
# Setup nss.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.cfg
+sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE12} > nss.cfg
+
+# Setup nss.fips.cfg
+sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.fips.cfg
+sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
@@ -588,6 +596,7 @@
--disable-keep-packaged-modules \
--with-debug-level=%{debugbuild} \
--with-native-debug-symbols=internal \
+ --enable-sysconf-nss \
--with-zlib=system \
--with-libjpeg=system \
--with-giflib=system \
@@ -617,6 +626,9 @@
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/conf/security/
+# Install nss.fips.cfg: NSS configuration for global FIPS mode
(crypto-policies)
+install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
+
# Copy tz.properties
echo "sun.zoneinfo.dir=%{_datadir}/javazi" >> $JAVA_HOME/conf/tz.properties
@@ -1221,6 +1233,7 @@
%{_jvmdir}/%{sdkdir}/lib/libprefs.so
%{_jvmdir}/%{sdkdir}/lib/librmi.so
%{_jvmdir}/%{sdkdir}/lib/libsctp.so
+%{_jvmdir}/%{sdkdir}/lib/libsystemconf.so
%ifarch x86_64
%{_jvmdir}/%{sdkdir}/lib/libsvml.so
%endif
@@ -1240,6 +1253,7 @@
%config(noreplace) %{_jvmdir}/%{sdkdir}/lib/security/blocked.certs
%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
+%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
%{_jvmdir}/%{sdkdir}/lib/security/default.policy
%{_jvmdir}/%{sdkdir}/lib/security/public_suffix_list.dat
++++++ fips.patch ++++++
++++ 774 lines (skipped)
++++++ nss-security-provider.patch ++++++
--- /var/tmp/diff_new_pack.ONNMFh/_old 2021-09-17 23:26:16.257253270 +0200
+++ /var/tmp/diff_new_pack.ONNMFh/_new 2021-09-17 23:26:16.257253270 +0200
@@ -1,10 +1,10 @@
--- openjdk/src/java.base/share/conf/security/java.security 2021-03-16
07:15:49.798093653 +0100
+++ openjdk/src/java.base/share/conf/security/java.security 2021-03-16
11:38:01.416893125 +0100
-@@ -60,6 +60,7 @@
+@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
+ security.provider.tbd=Apple
+ #endif
+ security.provider.tbd=SunPKCS11
++#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
+
#
- # List of providers and their preference orders (see above):
- #
-+security.provider.tbd=SunPKCS11 ${java.home}/conf/security/nss.cfg
- security.provider.tbd=SUN
- security.provider.tbd=SunRsaSign
- security.provider.tbd=SunEC
+ # A list of preferred providers for specific algorithms. These providers will
++++++ nss.fips.cfg.in ++++++
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = @NSS_SECMOD@
nssDbMode = readOnly
nssModule = fips
