diff --git a/.gitignore b/.gitignore index 1c38f29..5c871f6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ SOURCES/class-rewriter.tar.gz -SOURCES/openjdk-icedtea-2.6.15.tar.xz +SOURCES/openjdk-icedtea-2.6.16.tar.xz SOURCES/pulseaudio.tar.gz SOURCES/systemtap-tapset-2.6.12.tar.xz diff --git a/.java-1.7.0-openjdk.metadata b/.java-1.7.0-openjdk.metadata index 3a0325c..0433659 100644 --- a/.java-1.7.0-openjdk.metadata +++ b/.java-1.7.0-openjdk.metadata @@ -1,4 +1,4 @@ fcc167de17354efb6e52cb387eb3e7dbb0316b53 SOURCES/class-rewriter.tar.gz -188bfc6b3e6213881947670dcdab15d7f7d6502f SOURCES/openjdk-icedtea-2.6.15.tar.xz +471e8bbdcb35c648638449e5567ac683ac9518bf SOURCES/openjdk-icedtea-2.6.16.tar.xz fb72b6b1f4735ad9b5799d0b5058b0b1dec67b17 SOURCES/pulseaudio.tar.gz 5ea75731a73ec4766b00024c1803d1f86c0af090 SOURCES/systemtap-tapset-2.6.12.tar.xz diff --git a/SOURCES/8076221-pr2809.patch b/SOURCES/8076221-pr2809.patch index 40efc26..d643ff0 100644 --- a/SOURCES/8076221-pr2809.patch +++ b/SOURCES/8076221-pr2809.patch @@ -10,51 +10,59 @@ Reviewed-by: wetmore diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux --- openjdk.orig/jdk/src/share/lib/security/java.security-linux +++ openjdk/jdk/src/share/lib/security/java.security-linux -@@ -556,7 +556,7 @@ +@@ -556,8 +556,8 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. diff --git openjdk.orig/jdk/src/share/lib/security/java.security-macosx openjdk/jdk/src/share/lib/security/java.security-macosx --- openjdk.orig/jdk/src/share/lib/security/java.security-macosx +++ openjdk/jdk/src/share/lib/security/java.security-macosx -@@ -561,7 +561,7 @@ +@@ -561,8 +561,8 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. diff --git openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris --- openjdk.orig/jdk/src/share/lib/security/java.security-solaris +++ openjdk/jdk/src/share/lib/security/java.security-solaris -@@ -560,7 +560,7 @@ +@@ -560,8 +560,8 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. diff --git openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows --- openjdk.orig/jdk/src/share/lib/security/java.security-windows +++ openjdk/jdk/src/share/lib/security/java.security-windows -@@ -561,7 +561,7 @@ +@@ -561,8 +561,8 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \ -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. diff --git openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java new file mode 100644 --- /dev/null @@ -422,7 +430,7 @@ new file mode 100644 + + +} -diff --git openjdk.orig/test/sun/security/krb5/auto/SSL.java openjdk/test/sun/security/krb5/auto/SSL.java +diff --git openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java openjdk/jdk/test/sun/security/krb5/auto/SSL.java --- openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java +++ openjdk/jdk/test/sun/security/krb5/auto/SSL.java @@ -1,5 +1,5 @@ @@ -450,7 +458,23 @@ diff --git openjdk.orig/test/sun/security/krb5/auto/SSL.java openjdk/test/sun/se krb5Cipher = args[0]; -diff --git openjdk.orig/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java +diff --git openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java +--- openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java ++++ openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java +@@ -95,12 +95,9 @@ + allGood &= testEngOnlyDisabled(DES_CS_LIST_NAMES); + + // Disabled RC4 tests +- /* +- RC4 is not yet disabled, as 8076221 has not been backported + allGood &= testDefaultCase(RC4_CS_LIST); + allGood &= testEngAddDisabled(RC4_CS_LIST_NAMES, RC4_CS_LIST); + allGood &= testEngOnlyDisabled(RC4_CS_LIST_NAMES); +- */ + + if (allGood) { + System.err.println("All tests passed"); +diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java --- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java +++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java @@ -1,5 +1,5 @@ @@ -480,7 +504,7 @@ diff --git openjdk.orig/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/Clien String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile; -diff --git openjdk.orig/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java +diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java --- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java +++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java @@ -103,10 +103,10 @@ @@ -495,7 +519,7 @@ diff --git openjdk.orig/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKey import java.security.interfaces.*; import sun.misc.BASE64Decoder; -diff --git openjdk.orig/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java --- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java +++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java @@ -1,5 +1,5 @@ @@ -515,7 +539,7 @@ diff --git openjdk.orig/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/Ch CheckStatus cs; -diff --git openjdk.orig/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java --- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java +++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java @@ -33,6 +33,8 @@ @@ -538,7 +562,7 @@ diff --git openjdk.orig/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/Co ConnectionTest ct = new ConnectionTest(); ct.test(); } -diff --git openjdk.orig/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java --- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java +++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java @@ -180,6 +180,9 @@ @@ -551,7 +575,7 @@ diff --git openjdk.orig/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/La LargeBufs test; -diff --git openjdk.orig/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java --- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java +++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java @@ -37,7 +37,7 @@ diff --git a/SPECS/java-1.7.0-openjdk.spec b/SPECS/java-1.7.0-openjdk.spec index 9228fae..267d056 100644 --- a/SPECS/java-1.7.0-openjdk.spec +++ b/SPECS/java-1.7.0-openjdk.spec @@ -5,7 +5,7 @@ # conflicting) files in the -debuginfo package %undefine _missing_build_ids_terminate_build -%global icedtea_version 2.6.15 +%global icedtea_version 2.6.16 %global hg_tag icedtea-{icedtea_version} %global aarch64 aarch64 arm64 armv8 @@ -159,8 +159,8 @@ # Standard JPackage naming and versioning defines. %global origin openjdk %global top_level_dir_name %{origin} -%global updatever 191 -%global buildver 01 +%global updatever 201 +%global buildver 00 # Keep priority on 7digits in case updatever>9 %global priority 1700%{updatever} %global javaver 1.7.0 @@ -205,7 +205,7 @@ Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever} -Release: %{icedtea_version}.5%{?dist} +Release: %{icedtea_version}.1%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons, # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1502,6 +1502,11 @@ exit 0 %{_jvmdir}/%{jredir}/lib/accessibility.properties %changelog +* Mon Oct 22 2018 Andrew Hughes - 1:1.7.0.201-2.6.16.1 +- Bump to 2.6.16 and u201b00. +- Update 8076221/PR2809 (disable RC4) to apply after 8208350 (disable DES) +- Resolves: rhbz#1633817 + * Sun Jul 22 2018 Andrew Hughes - 1:1.7.0.191-2.6.15.5 - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249