diff --git a/.gitignore b/.gitignore index d48532f..4d98fe3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ SOURCES/class-rewriter.tar.gz -SOURCES/openjdk-icedtea-2.6.13.tar.xz +SOURCES/openjdk-icedtea-2.6.14.tar.xz SOURCES/pulseaudio.tar.gz SOURCES/systemtap-tapset-2.6.12.tar.xz diff --git a/.java-1.7.0-openjdk.metadata b/.java-1.7.0-openjdk.metadata index 47d6837..cb81db5 100644 --- a/.java-1.7.0-openjdk.metadata +++ b/.java-1.7.0-openjdk.metadata @@ -1,4 +1,4 @@ fcc167de17354efb6e52cb387eb3e7dbb0316b53 SOURCES/class-rewriter.tar.gz -924f474065a61e5bf5b026dba47565a6ca70bbdd SOURCES/openjdk-icedtea-2.6.13.tar.xz +2266979c7c17fb465fd0064cf8f7d150037fe1b9 SOURCES/openjdk-icedtea-2.6.14.tar.xz fb72b6b1f4735ad9b5799d0b5058b0b1dec67b17 SOURCES/pulseaudio.tar.gz 5ea75731a73ec4766b00024c1803d1f86c0af090 SOURCES/systemtap-tapset-2.6.12.tar.xz diff --git a/SOURCES/8076221-pr2809.patch b/SOURCES/8076221-pr2809.patch new file mode 100644 index 0000000..b1974ed --- /dev/null +++ b/SOURCES/8076221-pr2809.patch @@ -0,0 +1,576 @@ +# HG changeset patch +# User xuelei +# Date 1453868482 0 +# Wed Jan 27 04:21:22 2016 +0000 +# Node ID 8d589911411743fa38badf69c10aa067eaa996b7 +# Parent ceb95f0d38d7ab09762dd7ff33bb855f3088a6b5 +8076221, PR2809: Disable RC4 cipher suites +Reviewed-by: wetmore + +diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux +--- openjdk/jdk/src/share/lib/security/java.security-linux ++++ openjdk/jdk/src/share/lib/security/java.security-linux +@@ -556,7 +556,7 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ ++jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) +diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx +--- openjdk/jdk/src/share/lib/security/java.security-macosx ++++ openjdk/jdk/src/share/lib/security/java.security-macosx +@@ -561,7 +561,7 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ ++jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) +diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris +--- openjdk/jdk/src/share/lib/security/java.security-solaris ++++ openjdk/jdk/src/share/lib/security/java.security-solaris +@@ -560,7 +560,7 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ ++jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) +diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows +--- openjdk/jdk/src/share/lib/security/java.security-windows ++++ openjdk/jdk/src/share/lib/security/java.security-windows +@@ -561,7 +561,7 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ ++jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) +diff --git a/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +@@ -0,0 +1,362 @@ ++/* ++ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.io.BufferedInputStream; ++import java.io.BufferedOutputStream; ++import java.io.IOException; ++import java.io.InputStream; ++import java.io.OutputStream; ++import java.security.NoSuchAlgorithmException; ++import java.security.Security; ++import java.util.concurrent.TimeUnit; ++import javax.net.ssl.SSLContext; ++import javax.net.ssl.SSLHandshakeException; ++import javax.net.ssl.SSLServerSocket; ++import javax.net.ssl.SSLServerSocketFactory; ++import javax.net.ssl.SSLSocket; ++import javax.net.ssl.SSLSocketFactory; ++ ++/** ++ * @test ++ * @bug 8076221 ++ * @summary Check if weak cipher suites are disabled ++ * @run main/othervm DisabledAlgorithms default ++ * @run main/othervm DisabledAlgorithms empty ++ */ ++public class DisabledAlgorithms { ++ ++ private static final String pathToStores = ++ "../../../../sun/security/ssl/etc"; ++ private static final String keyStoreFile = "keystore"; ++ private static final String trustStoreFile = "truststore"; ++ private static final String passwd = "passphrase"; ++ ++ private static final String keyFilename = ++ System.getProperty("test.src", "./") + "/" + pathToStores + ++ "/" + keyStoreFile; ++ ++ private static final String trustFilename = ++ System.getProperty("test.src", "./") + "/" + pathToStores + ++ "/" + trustStoreFile; ++ ++ // supported RC4 cipher suites ++ // it does not contain KRB5 cipher suites because they need a KDC ++ private static final String[] rc4_ciphersuites = new String[] { ++ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", ++ "TLS_ECDHE_RSA_WITH_RC4_128_SHA", ++ "SSL_RSA_WITH_RC4_128_SHA", ++ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", ++ "TLS_ECDH_RSA_WITH_RC4_128_SHA", ++ "SSL_RSA_WITH_RC4_128_MD5", ++ "TLS_ECDH_anon_WITH_RC4_128_SHA", ++ "SSL_DH_anon_WITH_RC4_128_MD5" ++ }; ++ ++ public static void main(String[] args) throws Exception { ++ if (args.length < 1) { ++ throw new RuntimeException("No parameters specified"); ++ } ++ ++ System.setProperty("javax.net.ssl.keyStore", keyFilename); ++ System.setProperty("javax.net.ssl.keyStorePassword", passwd); ++ System.setProperty("javax.net.ssl.trustStore", trustFilename); ++ System.setProperty("javax.net.ssl.trustStorePassword", passwd); ++ ++ switch (args[0]) { ++ case "default": ++ // use default jdk.tls.disabledAlgorithms ++ System.out.println("jdk.tls.disabledAlgorithms = " ++ + Security.getProperty("jdk.tls.disabledAlgorithms")); ++ ++ // check if RC4 cipher suites can't be used by default ++ checkFailure(rc4_ciphersuites); ++ break; ++ case "empty": ++ // reset jdk.tls.disabledAlgorithms ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ System.out.println("jdk.tls.disabledAlgorithms = " ++ + Security.getProperty("jdk.tls.disabledAlgorithms")); ++ ++ // check if RC4 cipher suites can be used ++ // if jdk.tls.disabledAlgorithms is empty ++ checkSuccess(rc4_ciphersuites); ++ break; ++ default: ++ throw new RuntimeException("Wrong parameter: " + args[0]); ++ } ++ } ++ ++ /* ++ * Checks if that specified cipher suites cannot be used. ++ */ ++ private static void checkFailure(String[] ciphersuites) throws Exception { ++ try (SSLServer server = SSLServer.init(ciphersuites)) { ++ startNewThread(server); ++ while (!server.isRunning()) { ++ sleep(); ++ } ++ ++ int port = server.getPort(); ++ for (String ciphersuite : ciphersuites) { ++ try (SSLClient client = SSLClient.init(port, ciphersuite)) { ++ client.connect(); ++ throw new RuntimeException("Expected SSLHandshakeException " ++ + "not thrown"); ++ } catch (SSLHandshakeException e) { ++ System.out.println("Expected exception on client side: " ++ + e); ++ } ++ } ++ ++ server.stop(); ++ while (server.isRunning()) { ++ sleep(); ++ } ++ ++ if (!server.sslError()) { ++ throw new RuntimeException("Expected SSL exception " ++ + "not thrown on server side"); ++ } ++ } ++ ++ } ++ ++ /* ++ * Checks if specified cipher suites can be used. ++ */ ++ private static void checkSuccess(String[] ciphersuites) throws Exception { ++ try (SSLServer server = SSLServer.init(ciphersuites)) { ++ startNewThread(server); ++ while (!server.isRunning()) { ++ sleep(); ++ } ++ ++ int port = server.getPort(); ++ for (String ciphersuite : ciphersuites) { ++ try (SSLClient client = SSLClient.init(port, ciphersuite)) { ++ client.connect(); ++ String negotiated = client.getNegotiatedCipherSuite(); ++ System.out.println("Negotiated cipher suite: " ++ + negotiated); ++ if (!negotiated.equals(ciphersuite)) { ++ throw new RuntimeException("Unexpected cipher suite: " ++ + negotiated); ++ } ++ } ++ } ++ ++ server.stop(); ++ while (server.isRunning()) { ++ sleep(); ++ } ++ ++ if (server.error()) { ++ throw new RuntimeException("Unexpected error on server side"); ++ } ++ } ++ ++ } ++ ++ private static Thread startNewThread(SSLServer server) { ++ Thread serverThread = new Thread(server, "SSL server thread"); ++ serverThread.setDaemon(true); ++ serverThread.start(); ++ return serverThread; ++ } ++ ++ private static void sleep() { ++ try { ++ TimeUnit.MILLISECONDS.sleep(50); ++ } catch (InterruptedException e) { ++ // do nothing ++ } ++ } ++ ++ static class SSLServer implements Runnable, AutoCloseable { ++ ++ private final SSLServerSocket ssocket; ++ private volatile boolean stopped = false; ++ private volatile boolean running = false; ++ private volatile boolean sslError = false; ++ private volatile boolean otherError = false; ++ ++ private SSLServer(SSLServerSocket ssocket) { ++ this.ssocket = ssocket; ++ } ++ ++ @Override ++ public void run() { ++ System.out.println("Server: started"); ++ running = true; ++ while (!stopped) { ++ try (SSLSocket socket = (SSLSocket) ssocket.accept()) { ++ System.out.println("Server: accepted client connection"); ++ InputStream in = socket.getInputStream(); ++ OutputStream out = socket.getOutputStream(); ++ int b = in.read(); ++ if (b < 0) { ++ throw new IOException("Unexpected EOF"); ++ } ++ System.out.println("Server: send data: " + b); ++ out.write(b); ++ out.flush(); ++ socket.getSession().invalidate(); ++ } catch (SSLHandshakeException e) { ++ System.out.println("Server: run: " + e); ++ sslError = true; ++ } catch (IOException e) { ++ if (!stopped) { ++ System.out.println("Server: run: " + e); ++ e.printStackTrace(); ++ otherError = true; ++ } ++ } ++ } ++ ++ System.out.println("Server: finished"); ++ running = false; ++ } ++ ++ int getPort() { ++ return ssocket.getLocalPort(); ++ } ++ ++ String[] getEnabledCiperSuites() { ++ return ssocket.getEnabledCipherSuites(); ++ } ++ ++ boolean isRunning() { ++ return running; ++ } ++ ++ boolean sslError() { ++ return sslError; ++ } ++ ++ boolean error() { ++ return sslError || otherError; ++ } ++ ++ void stop() { ++ stopped = true; ++ if (!ssocket.isClosed()) { ++ try { ++ ssocket.close(); ++ } catch (IOException e) { ++ System.out.println("Server: close: " + e); ++ } ++ } ++ } ++ ++ @Override ++ public void close() { ++ stop(); ++ } ++ ++ static SSLServer init(String[] ciphersuites) ++ throws IOException { ++ SSLServerSocketFactory ssf = (SSLServerSocketFactory) ++ SSLServerSocketFactory.getDefault(); ++ SSLServerSocket ssocket = (SSLServerSocket) ++ ssf.createServerSocket(0); ++ ++ if (ciphersuites != null) { ++ System.out.println("Server: enable cipher suites: " ++ + java.util.Arrays.toString(ciphersuites)); ++ ssocket.setEnabledCipherSuites(ciphersuites); ++ } ++ ++ return new SSLServer(ssocket); ++ } ++ } ++ ++ static class SSLClient implements AutoCloseable { ++ ++ private final SSLSocket socket; ++ ++ private SSLClient(SSLSocket socket) { ++ this.socket = socket; ++ } ++ ++ void connect() throws IOException { ++ System.out.println("Client: connect to server"); ++ try ( ++ BufferedInputStream bis = new BufferedInputStream( ++ socket.getInputStream()); ++ BufferedOutputStream bos = new BufferedOutputStream( ++ socket.getOutputStream())) { ++ bos.write('x'); ++ bos.flush(); ++ ++ int read = bis.read(); ++ if (read < 0) { ++ throw new IOException("Client: couldn't read a response"); ++ } ++ socket.getSession().invalidate(); ++ } ++ } ++ ++ String[] getEnabledCiperSuites() { ++ return socket.getEnabledCipherSuites(); ++ } ++ ++ String getNegotiatedCipherSuite() { ++ return socket.getSession().getCipherSuite(); ++ } ++ ++ @Override ++ public void close() throws Exception { ++ if (!socket.isClosed()) { ++ try { ++ socket.close(); ++ } catch (IOException e) { ++ System.out.println("Client: close: " + e); ++ } ++ } ++ } ++ ++ static SSLClient init(int port) ++ throws NoSuchAlgorithmException, IOException { ++ return init(port, null); ++ } ++ ++ static SSLClient init(int port, String ciphersuite) ++ throws NoSuchAlgorithmException, IOException { ++ SSLContext context = SSLContext.getDefault(); ++ SSLSocketFactory ssf = (SSLSocketFactory) ++ context.getSocketFactory(); ++ SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port); ++ ++ if (ciphersuite != null) { ++ System.out.println("Client: enable cipher suite: " ++ + ciphersuite); ++ socket.setEnabledCipherSuites(new String[] { ciphersuite }); ++ } ++ ++ return new SSLClient(socket); ++ } ++ ++ } ++ ++ ++} +diff --git a/test/sun/security/krb5/auto/SSL.java b/test/sun/security/krb5/auto/SSL.java +--- openjdk/jdk/test/sun/security/krb5/auto/SSL.java ++++ openjdk/jdk/test/sun/security/krb5/auto/SSL.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -40,6 +40,7 @@ + import java.net.InetAddress; + import javax.net.ssl.*; + import java.security.Principal; ++import java.security.Security; + import java.util.Date; + import sun.security.jgss.GSSUtil; + import sun.security.krb5.PrincipalName; +@@ -54,6 +55,9 @@ + private static volatile int port; + + public static void main(String[] args) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + krb5Cipher = args[0]; + +diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java +--- openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -36,7 +36,7 @@ + */ + + import java.io.*; +-import java.net.*; ++import java.security.Security; + import javax.net.ssl.*; + + public class CipherSuiteOrder { +@@ -198,6 +198,10 @@ + volatile Exception clientException = null; + + public static void main(String[] args) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ + String keyFilename = + System.getProperty("test.src", "./") + "/" + pathToStores + + "/" + keyStoreFile; +diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java +--- openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java +@@ -103,10 +103,10 @@ + import java.security.Security; + import java.security.KeyStore; + import java.security.KeyFactory; ++import java.security.Security; + import java.security.cert.Certificate; + import java.security.cert.CertificateFactory; + import java.security.spec.PKCS8EncodedKeySpec; +-import java.security.spec.*; + import java.security.interfaces.*; + import sun.misc.BASE64Decoder; + +diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java +--- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -622,6 +622,9 @@ + } + + public static void main(String args[]) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + CheckStatus cs; + +diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java +--- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java +@@ -33,6 +33,8 @@ + * The code could certainly be tightened up a lot. + * + * @author Brad Wetmore ++ * ++ * @run main/othervm ConnectionTest + */ + + import javax.net.ssl.*; +@@ -672,6 +674,10 @@ + } + + public static void main(String args[]) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ + ConnectionTest ct = new ConnectionTest(); + ct.test(); + } +diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java +--- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java +@@ -180,6 +180,9 @@ + } + + public static void main(String args[]) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + LargeBufs test; + +diff --git a/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java b/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java +--- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java +@@ -37,7 +37,7 @@ + */ + + import java.io.*; +-import java.net.*; ++import java.security.Security; + import javax.net.ssl.*; + + public class GenericStreamCipher { +@@ -165,6 +165,10 @@ + volatile Exception clientException = null; + + public static void main(String[] args) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ + String keyFilename = + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + keyStoreFile; diff --git a/SOURCES/8197981.patch b/SOURCES/8197981.patch deleted file mode 100644 index e0aab7b..0000000 --- a/SOURCES/8197981.patch +++ /dev/null @@ -1,32 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1518667645 0 -# Thu Feb 15 04:07:25 2018 +0000 -# Node ID ce3abb5889fb01808cab7489e83c1dc448743b70 -# Parent ad6e76e3c6a67082d22cadf07549b5dfdae2e4a5 -8197981: Missing return statement in __sync_val_compare_and_swap_8 -Summary: Fix issue discovered by -Wreturn-type on systems without LP64. -Reviewed-by: aph - -diff --git a/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp b/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp ---- openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp -+++ openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp -@@ -548,6 +548,7 @@ - long long unsigned int oldval, - long long unsigned int newval) { - ShouldNotCallThis(); -+ return 0; - } - }; - #endif // !_LP64 -diff --git a/src/os_cpu/linux_zero/vm/os_linux_zero.cpp b/src/os_cpu/linux_zero/vm/os_linux_zero.cpp ---- openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp -+++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp -@@ -504,6 +504,7 @@ - long long unsigned int oldval, - long long unsigned int newval) { - ShouldNotCallThis(); -+ return 0; - } - }; - #endif // !_LP64 diff --git a/SOURCES/pr2809.patch b/SOURCES/pr2809.patch deleted file mode 100644 index 73f3a5b..0000000 --- a/SOURCES/pr2809.patch +++ /dev/null @@ -1,576 +0,0 @@ -# HG changeset patch -# User xuelei -# Date 1453868482 0 -# Wed Jan 27 04:21:22 2016 +0000 -# Node ID 8d589911411743fa38badf69c10aa067eaa996b7 -# Parent ceb95f0d38d7ab09762dd7ff33bb855f3088a6b5 -8076221, PR2809: Disable RC4 cipher suites -Reviewed-by: wetmore - -diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux ---- openjdk/jdk/src/share/lib/security/java.security-linux -+++ openjdk/jdk/src/share/lib/security/java.security-linux -@@ -556,7 +556,7 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) -diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx ---- openjdk/jdk/src/share/lib/security/java.security-macosx -+++ openjdk/jdk/src/share/lib/security/java.security-macosx -@@ -561,7 +561,7 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) -diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris ---- openjdk/jdk/src/share/lib/security/java.security-solaris -+++ openjdk/jdk/src/share/lib/security/java.security-solaris -@@ -560,7 +560,7 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) -diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows ---- openjdk/jdk/src/share/lib/security/java.security-windows -+++ openjdk/jdk/src/share/lib/security/java.security-windows -@@ -561,7 +561,7 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) -diff --git a/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java -@@ -0,0 +1,362 @@ -+/* -+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+import java.io.BufferedInputStream; -+import java.io.BufferedOutputStream; -+import java.io.IOException; -+import java.io.InputStream; -+import java.io.OutputStream; -+import java.security.NoSuchAlgorithmException; -+import java.security.Security; -+import java.util.concurrent.TimeUnit; -+import javax.net.ssl.SSLContext; -+import javax.net.ssl.SSLHandshakeException; -+import javax.net.ssl.SSLServerSocket; -+import javax.net.ssl.SSLServerSocketFactory; -+import javax.net.ssl.SSLSocket; -+import javax.net.ssl.SSLSocketFactory; -+ -+/** -+ * @test -+ * @bug 8076221 -+ * @summary Check if weak cipher suites are disabled -+ * @run main/othervm DisabledAlgorithms default -+ * @run main/othervm DisabledAlgorithms empty -+ */ -+public class DisabledAlgorithms { -+ -+ private static final String pathToStores = -+ "../../../../sun/security/ssl/etc"; -+ private static final String keyStoreFile = "keystore"; -+ private static final String trustStoreFile = "truststore"; -+ private static final String passwd = "passphrase"; -+ -+ private static final String keyFilename = -+ System.getProperty("test.src", "./") + "/" + pathToStores + -+ "/" + keyStoreFile; -+ -+ private static final String trustFilename = -+ System.getProperty("test.src", "./") + "/" + pathToStores + -+ "/" + trustStoreFile; -+ -+ // supported RC4 cipher suites -+ // it does not contain KRB5 cipher suites because they need a KDC -+ private static final String[] rc4_ciphersuites = new String[] { -+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", -+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA", -+ "SSL_RSA_WITH_RC4_128_SHA", -+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", -+ "TLS_ECDH_RSA_WITH_RC4_128_SHA", -+ "SSL_RSA_WITH_RC4_128_MD5", -+ "TLS_ECDH_anon_WITH_RC4_128_SHA", -+ "SSL_DH_anon_WITH_RC4_128_MD5" -+ }; -+ -+ public static void main(String[] args) throws Exception { -+ if (args.length < 1) { -+ throw new RuntimeException("No parameters specified"); -+ } -+ -+ System.setProperty("javax.net.ssl.keyStore", keyFilename); -+ System.setProperty("javax.net.ssl.keyStorePassword", passwd); -+ System.setProperty("javax.net.ssl.trustStore", trustFilename); -+ System.setProperty("javax.net.ssl.trustStorePassword", passwd); -+ -+ switch (args[0]) { -+ case "default": -+ // use default jdk.tls.disabledAlgorithms -+ System.out.println("jdk.tls.disabledAlgorithms = " -+ + Security.getProperty("jdk.tls.disabledAlgorithms")); -+ -+ // check if RC4 cipher suites can't be used by default -+ checkFailure(rc4_ciphersuites); -+ break; -+ case "empty": -+ // reset jdk.tls.disabledAlgorithms -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ System.out.println("jdk.tls.disabledAlgorithms = " -+ + Security.getProperty("jdk.tls.disabledAlgorithms")); -+ -+ // check if RC4 cipher suites can be used -+ // if jdk.tls.disabledAlgorithms is empty -+ checkSuccess(rc4_ciphersuites); -+ break; -+ default: -+ throw new RuntimeException("Wrong parameter: " + args[0]); -+ } -+ } -+ -+ /* -+ * Checks if that specified cipher suites cannot be used. -+ */ -+ private static void checkFailure(String[] ciphersuites) throws Exception { -+ try (SSLServer server = SSLServer.init(ciphersuites)) { -+ startNewThread(server); -+ while (!server.isRunning()) { -+ sleep(); -+ } -+ -+ int port = server.getPort(); -+ for (String ciphersuite : ciphersuites) { -+ try (SSLClient client = SSLClient.init(port, ciphersuite)) { -+ client.connect(); -+ throw new RuntimeException("Expected SSLHandshakeException " -+ + "not thrown"); -+ } catch (SSLHandshakeException e) { -+ System.out.println("Expected exception on client side: " -+ + e); -+ } -+ } -+ -+ server.stop(); -+ while (server.isRunning()) { -+ sleep(); -+ } -+ -+ if (!server.sslError()) { -+ throw new RuntimeException("Expected SSL exception " -+ + "not thrown on server side"); -+ } -+ } -+ -+ } -+ -+ /* -+ * Checks if specified cipher suites can be used. -+ */ -+ private static void checkSuccess(String[] ciphersuites) throws Exception { -+ try (SSLServer server = SSLServer.init(ciphersuites)) { -+ startNewThread(server); -+ while (!server.isRunning()) { -+ sleep(); -+ } -+ -+ int port = server.getPort(); -+ for (String ciphersuite : ciphersuites) { -+ try (SSLClient client = SSLClient.init(port, ciphersuite)) { -+ client.connect(); -+ String negotiated = client.getNegotiatedCipherSuite(); -+ System.out.println("Negotiated cipher suite: " -+ + negotiated); -+ if (!negotiated.equals(ciphersuite)) { -+ throw new RuntimeException("Unexpected cipher suite: " -+ + negotiated); -+ } -+ } -+ } -+ -+ server.stop(); -+ while (server.isRunning()) { -+ sleep(); -+ } -+ -+ if (server.error()) { -+ throw new RuntimeException("Unexpected error on server side"); -+ } -+ } -+ -+ } -+ -+ private static Thread startNewThread(SSLServer server) { -+ Thread serverThread = new Thread(server, "SSL server thread"); -+ serverThread.setDaemon(true); -+ serverThread.start(); -+ return serverThread; -+ } -+ -+ private static void sleep() { -+ try { -+ TimeUnit.MILLISECONDS.sleep(50); -+ } catch (InterruptedException e) { -+ // do nothing -+ } -+ } -+ -+ static class SSLServer implements Runnable, AutoCloseable { -+ -+ private final SSLServerSocket ssocket; -+ private volatile boolean stopped = false; -+ private volatile boolean running = false; -+ private volatile boolean sslError = false; -+ private volatile boolean otherError = false; -+ -+ private SSLServer(SSLServerSocket ssocket) { -+ this.ssocket = ssocket; -+ } -+ -+ @Override -+ public void run() { -+ System.out.println("Server: started"); -+ running = true; -+ while (!stopped) { -+ try (SSLSocket socket = (SSLSocket) ssocket.accept()) { -+ System.out.println("Server: accepted client connection"); -+ InputStream in = socket.getInputStream(); -+ OutputStream out = socket.getOutputStream(); -+ int b = in.read(); -+ if (b < 0) { -+ throw new IOException("Unexpected EOF"); -+ } -+ System.out.println("Server: send data: " + b); -+ out.write(b); -+ out.flush(); -+ socket.getSession().invalidate(); -+ } catch (SSLHandshakeException e) { -+ System.out.println("Server: run: " + e); -+ sslError = true; -+ } catch (IOException e) { -+ if (!stopped) { -+ System.out.println("Server: run: " + e); -+ e.printStackTrace(); -+ otherError = true; -+ } -+ } -+ } -+ -+ System.out.println("Server: finished"); -+ running = false; -+ } -+ -+ int getPort() { -+ return ssocket.getLocalPort(); -+ } -+ -+ String[] getEnabledCiperSuites() { -+ return ssocket.getEnabledCipherSuites(); -+ } -+ -+ boolean isRunning() { -+ return running; -+ } -+ -+ boolean sslError() { -+ return sslError; -+ } -+ -+ boolean error() { -+ return sslError || otherError; -+ } -+ -+ void stop() { -+ stopped = true; -+ if (!ssocket.isClosed()) { -+ try { -+ ssocket.close(); -+ } catch (IOException e) { -+ System.out.println("Server: close: " + e); -+ } -+ } -+ } -+ -+ @Override -+ public void close() { -+ stop(); -+ } -+ -+ static SSLServer init(String[] ciphersuites) -+ throws IOException { -+ SSLServerSocketFactory ssf = (SSLServerSocketFactory) -+ SSLServerSocketFactory.getDefault(); -+ SSLServerSocket ssocket = (SSLServerSocket) -+ ssf.createServerSocket(0); -+ -+ if (ciphersuites != null) { -+ System.out.println("Server: enable cipher suites: " -+ + java.util.Arrays.toString(ciphersuites)); -+ ssocket.setEnabledCipherSuites(ciphersuites); -+ } -+ -+ return new SSLServer(ssocket); -+ } -+ } -+ -+ static class SSLClient implements AutoCloseable { -+ -+ private final SSLSocket socket; -+ -+ private SSLClient(SSLSocket socket) { -+ this.socket = socket; -+ } -+ -+ void connect() throws IOException { -+ System.out.println("Client: connect to server"); -+ try ( -+ BufferedInputStream bis = new BufferedInputStream( -+ socket.getInputStream()); -+ BufferedOutputStream bos = new BufferedOutputStream( -+ socket.getOutputStream())) { -+ bos.write('x'); -+ bos.flush(); -+ -+ int read = bis.read(); -+ if (read < 0) { -+ throw new IOException("Client: couldn't read a response"); -+ } -+ socket.getSession().invalidate(); -+ } -+ } -+ -+ String[] getEnabledCiperSuites() { -+ return socket.getEnabledCipherSuites(); -+ } -+ -+ String getNegotiatedCipherSuite() { -+ return socket.getSession().getCipherSuite(); -+ } -+ -+ @Override -+ public void close() throws Exception { -+ if (!socket.isClosed()) { -+ try { -+ socket.close(); -+ } catch (IOException e) { -+ System.out.println("Client: close: " + e); -+ } -+ } -+ } -+ -+ static SSLClient init(int port) -+ throws NoSuchAlgorithmException, IOException { -+ return init(port, null); -+ } -+ -+ static SSLClient init(int port, String ciphersuite) -+ throws NoSuchAlgorithmException, IOException { -+ SSLContext context = SSLContext.getDefault(); -+ SSLSocketFactory ssf = (SSLSocketFactory) -+ context.getSocketFactory(); -+ SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port); -+ -+ if (ciphersuite != null) { -+ System.out.println("Client: enable cipher suite: " -+ + ciphersuite); -+ socket.setEnabledCipherSuites(new String[] { ciphersuite }); -+ } -+ -+ return new SSLClient(socket); -+ } -+ -+ } -+ -+ -+} -diff --git a/test/sun/security/krb5/auto/SSL.java b/test/sun/security/krb5/auto/SSL.java ---- openjdk/jdk/test/sun/security/krb5/auto/SSL.java -+++ openjdk/jdk/test/sun/security/krb5/auto/SSL.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -40,6 +40,7 @@ - import java.net.InetAddress; - import javax.net.ssl.*; - import java.security.Principal; -+import java.security.Security; - import java.util.Date; - import sun.security.jgss.GSSUtil; - import sun.security.krb5.PrincipalName; -@@ -54,6 +55,9 @@ - private static volatile int port; - - public static void main(String[] args) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - krb5Cipher = args[0]; - -diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java ---- openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java -+++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -36,7 +36,7 @@ - */ - - import java.io.*; --import java.net.*; -+import java.security.Security; - import javax.net.ssl.*; - - public class CipherSuiteOrder { -@@ -198,6 +198,10 @@ - volatile Exception clientException = null; - - public static void main(String[] args) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; -diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java ---- openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java -+++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java -@@ -103,10 +103,10 @@ - import java.security.Security; - import java.security.KeyStore; - import java.security.KeyFactory; -+import java.security.Security; - import java.security.cert.Certificate; - import java.security.cert.CertificateFactory; - import java.security.spec.PKCS8EncodedKeySpec; --import java.security.spec.*; - import java.security.interfaces.*; - import sun.misc.BASE64Decoder; - -diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java ---- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -622,6 +622,9 @@ - } - - public static void main(String args[]) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - CheckStatus cs; - -diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java ---- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java -@@ -33,6 +33,8 @@ - * The code could certainly be tightened up a lot. - * - * @author Brad Wetmore -+ * -+ * @run main/othervm ConnectionTest - */ - - import javax.net.ssl.*; -@@ -672,6 +674,10 @@ - } - - public static void main(String args[]) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ - ConnectionTest ct = new ConnectionTest(); - ct.test(); - } -diff --git a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java ---- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java -@@ -180,6 +180,9 @@ - } - - public static void main(String args[]) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - LargeBufs test; - -diff --git a/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java b/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java ---- openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java -@@ -37,7 +37,7 @@ - */ - - import java.io.*; --import java.net.*; -+import java.security.Security; - import javax.net.ssl.*; - - public class GenericStreamCipher { -@@ -165,6 +165,10 @@ - volatile Exception clientException = null; - - public static void main(String[] args) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ - String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; diff --git a/SPECS/java-1.7.0-openjdk.spec b/SPECS/java-1.7.0-openjdk.spec index c80e768..f462c8c 100644 --- a/SPECS/java-1.7.0-openjdk.spec +++ b/SPECS/java-1.7.0-openjdk.spec @@ -5,7 +5,7 @@ # conflicting) files in the -debuginfo package %undefine _missing_build_ids_terminate_build -%global icedtea_version 2.6.13 +%global icedtea_version 2.6.14 %global hg_tag icedtea-{icedtea_version} %global aarch64 aarch64 arm64 armv8 @@ -154,8 +154,8 @@ # Standard JPackage naming and versioning defines. %global origin openjdk -%global updatever 171 -%global buildver 01 +%global updatever 181 +%global buildver 00 # Keep priority on 7digits in case updatever>9 %global priority 1700%{updatever} %global javaver 1.7.0 @@ -194,7 +194,7 @@ Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever} -Release: %{icedtea_version}.2%{?dist} +Release: %{icedtea_version}.5%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons, # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -208,7 +208,18 @@ Epoch: 1 Summary: OpenJDK Runtime Environment Group: Development/Languages -License: ASL 1.1 and ASL 2.0 and GPL+ and GPLv2 and GPLv2 with exceptions and LGPL+ and LGPLv2 and MPLv1.0 and MPLv1.1 and Public Domain and W3C +# HotSpot code is licensed under GPLv2 +# JDK library code is licensed under GPLv2 with the Classpath exception +# The Apache license is used in code taken from Apache projects (primarily JAXP & JAXWS) +# DOM levels 2 & 3 and the XML digital signature schemas are licensed under the W3C Software License +# The JSR166 concurrency code is in the public domain +# The BSD and MIT licenses are used for a number of third-party libraries (see THIRD_PARTY_README) +# The OpenJDK source tree includes the JPEG library (IJG), zlib & libpng (zlib), giflib and LCMS (MIT) +# The test code includes copies of NSS under the Mozilla Public License v2.0 +# The PCSClite headers are under a BSD with advertising license +# The elliptic curve cryptography (ECC) source code is licensed under the LGPLv2.1 or any later version +# JavaScript support is provided by Rhino, which is licensed under MPLv1.1 +License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv1.1 and MPLv2.0 and Public Domain and W3C and zlib URL: http://openjdk.java.net/ # Source from upstream IcedTea 2.x project. To regenerate, use @@ -300,12 +311,10 @@ Patch400: rh1022017.patch # Temporary patches -# PR2809: Backport "8076221: Disable RC4 cipher suites" (will appear in 2.7.0) -Patch500: pr2809.patch +# 8076221, PR2809: Backport "8076221: Disable RC4 cipher suites" (will appear in 2.7.0) +Patch500: 8076221-pr2809.patch # PR3393, RH1273760: Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider (will appear in 2.7.0) Patch501: pr3393-rh1273760.patch -# 8197981: Missing return statement in __sync_val_compare_and_swap_8 -Patch502: 8197981.patch # End of tmp patches BuildRequires: autoconf @@ -420,7 +429,7 @@ Requires: tzdata-java Requires: nss %{NSS_BUILDTIME_VERSION} Requires: nss-softokn %{NSSSOFTOKN_BUILDTIME_VERSION} # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum eforce it, not rpm transaction and so no configs are persisted when pure rpm -u is run. I t may be consiedered as regression -Requires: copy-jdk-configs >= 2.2 +Requires: copy-jdk-configs >= 3.3-9 OrderWithRequires: copy-jdk-configs # Post requires alternatives to install tool alternatives. Requires(post): %{_sbindir}/alternatives @@ -556,7 +565,6 @@ cp %{SOURCE2} . # Temporary fixes %patch500 %patch501 -%patch502 # End of temporary fixes # ECC fix @@ -1478,6 +1486,24 @@ exit 0 %{_jvmdir}/%{jredir}/lib/accessibility.properties %changelog +* Thu Apr 26 2018 Jiri Vanek - 1:1.7.0.181-2.6.14.5 +- added depndence on latest c-j-c who do not have the incorrect jre-abrt handling +- Resolves: rhbz#1559766 + +* Fri Apr 20 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.3 +- Bump release number to an unused one as rhel-7.5-z-java-unsafe-candidate wrongly using .el7 +- Resolves: rhbz#1559766 + +* Fri Apr 20 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.1 +- Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones +- Resolves: rhbz#1559766 + +* Thu Apr 19 2018 Andrew Hughes - 1:1.7.0.181-2.6.14.0 +- Bump to 2.6.14 and u181b00. +- Drop 8197981 Zero 32-bit patch now applied upstream. +- Update RC4 patch (8076221/PR2809) to apply after 8175075 (disable 3DES) +- Resolves: rhbz#1559766 + * Wed Feb 21 2018 Andrew Hughes - 1:1.7.0.171-2.6.13.2 - Remove archflags for now. - Resolves: rhbz#1528233