Re: Why no JNDI de-ser killswitch

2021-12-14 Thread Bernd Eckenfels
That policy to not comment on security issues is really frustrating. Or even worse are there other reasons I get ignored? Anyway, i got a note on Twitter that 17 and 8(April) backport has a specific system property already: ➜

[jdk18] RFR: 8278744: KeyStore:getAttributes() not returning unmodifiable Set

2021-12-14 Thread Weijun Wang
Make the return value of `PKCS12KeyStore::engineGetAttributes` immutable. Gather the `getAttributes()` value into a new `HashSet` and then make it immutable. This ensures the final result itself is not mutable and it also will not change even if the internal `entry.attributes` is modified.

Withdrawn: 8255266: 2021-11-27 public suffix list update v 3c213aa

2021-12-14 Thread Weijun Wang
On Wed, 1 Dec 2021 17:03:24 GMT, Weijun Wang wrote: > Update Public Suffix List data to the latest version at > https://github.com/publicsuffix/list. This pull request has been closed without being integrated. - PR: https://git.openjdk.java.net/jdk/pull/6643

Re: [jdk18] RFR: 8278744: KeyStore:getAttributes() not returning unmodifiable Set

2021-12-14 Thread Sean Mullan
On Tue, 14 Dec 2021 15:24:58 GMT, Weijun Wang wrote: > Make the return value of `PKCS12KeyStore::engineGetAttributes` immutable. > Gather the `getAttributes()` value into a new `HashSet` and then make it > immutable. This ensures the final result itself is not mutable and it also > will not ch

[jdk18] Integrated: 8278744: KeyStore:getAttributes() not returning unmodifiable Set

2021-12-14 Thread Weijun Wang
On Tue, 14 Dec 2021 15:24:58 GMT, Weijun Wang wrote: > Make the return value of `PKCS12KeyStore::engineGetAttributes` immutable. > Gather the `getAttributes()` value into a new `HashSet` and then make it > immutable. This ensures the final result itself is not mutable and it also > will not ch

RFR: 8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"

2021-12-14 Thread Valerie Peng
Can someone help review this small fix? NSS returns PKCS11 CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its token keys. So this fix is to add special handling for NSS token secret keys. There is already an existing regression test which detects this and disabled in Pro