diff --git a/.gitignore b/.gitignore index 5c871f6..b1986d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ SOURCES/class-rewriter.tar.gz -SOURCES/openjdk-icedtea-2.6.16.tar.xz +SOURCES/openjdk-icedtea-2.6.17.tar.xz SOURCES/pulseaudio.tar.gz SOURCES/systemtap-tapset-2.6.12.tar.xz diff --git a/.java-1.7.0-openjdk.metadata b/.java-1.7.0-openjdk.metadata index 0433659..01c6984 100644 --- a/.java-1.7.0-openjdk.metadata +++ b/.java-1.7.0-openjdk.metadata @@ -1,4 +1,4 @@ fcc167de17354efb6e52cb387eb3e7dbb0316b53 SOURCES/class-rewriter.tar.gz -471e8bbdcb35c648638449e5567ac683ac9518bf SOURCES/openjdk-icedtea-2.6.16.tar.xz +5e36158f5a97afc1eb3a88294388795f1050c5a8 SOURCES/openjdk-icedtea-2.6.17.tar.xz fb72b6b1f4735ad9b5799d0b5058b0b1dec67b17 SOURCES/pulseaudio.tar.gz 5ea75731a73ec4766b00024c1803d1f86c0af090 SOURCES/systemtap-tapset-2.6.12.tar.xz diff --git a/SOURCES/8076221-pr2809.patch b/SOURCES/8076221-pr2809.patch deleted file mode 100644 index d643ff0..0000000 --- a/SOURCES/8076221-pr2809.patch +++ /dev/null @@ -1,600 +0,0 @@ -# HG changeset patch -# User xuelei -# Date 1453868482 0 -# Wed Jan 27 04:21:22 2016 +0000 -# Node ID 8d589911411743fa38badf69c10aa067eaa996b7 -# Parent ceb95f0d38d7ab09762dd7ff33bb855f3088a6b5 -8076221, PR2809: Disable RC4 cipher suites -Reviewed-by: wetmore - -diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux ---- openjdk.orig/jdk/src/share/lib/security/java.security-linux -+++ openjdk/jdk/src/share/lib/security/java.security-linux -@@ -556,8 +556,8 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ -- EC keySize < 224, RC4_40, 3DES_EDE_CBC -+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ -+ EC keySize < 224, 3DES_EDE_CBC - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) - # processing in JSSE implementation. -diff --git openjdk.orig/jdk/src/share/lib/security/java.security-macosx openjdk/jdk/src/share/lib/security/java.security-macosx ---- openjdk.orig/jdk/src/share/lib/security/java.security-macosx -+++ openjdk/jdk/src/share/lib/security/java.security-macosx -@@ -561,8 +561,8 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ -- EC keySize < 224, RC4_40, 3DES_EDE_CBC -+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ -+ EC keySize < 224, 3DES_EDE_CBC - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) - # processing in JSSE implementation. -diff --git openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris ---- openjdk.orig/jdk/src/share/lib/security/java.security-solaris -+++ openjdk/jdk/src/share/lib/security/java.security-solaris -@@ -560,8 +560,8 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ -- EC keySize < 224, RC4_40, 3DES_EDE_CBC -+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ -+ EC keySize < 224, 3DES_EDE_CBC - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) - # processing in JSSE implementation. -diff --git openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows ---- openjdk.orig/jdk/src/share/lib/security/java.security-windows -+++ openjdk/jdk/src/share/lib/security/java.security-windows -@@ -561,8 +561,8 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ -- EC keySize < 224, RC4_40, 3DES_EDE_CBC -+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ -+ EC keySize < 224, 3DES_EDE_CBC - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) - # processing in JSSE implementation. -diff --git openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java -@@ -0,0 +1,362 @@ -+/* -+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+import java.io.BufferedInputStream; -+import java.io.BufferedOutputStream; -+import java.io.IOException; -+import java.io.InputStream; -+import java.io.OutputStream; -+import java.security.NoSuchAlgorithmException; -+import java.security.Security; -+import java.util.concurrent.TimeUnit; -+import javax.net.ssl.SSLContext; -+import javax.net.ssl.SSLHandshakeException; -+import javax.net.ssl.SSLServerSocket; -+import javax.net.ssl.SSLServerSocketFactory; -+import javax.net.ssl.SSLSocket; -+import javax.net.ssl.SSLSocketFactory; -+ -+/** -+ * @test -+ * @bug 8076221 -+ * @summary Check if weak cipher suites are disabled -+ * @run main/othervm DisabledAlgorithms default -+ * @run main/othervm DisabledAlgorithms empty -+ */ -+public class DisabledAlgorithms { -+ -+ private static final String pathToStores = -+ "../../../../sun/security/ssl/etc"; -+ private static final String keyStoreFile = "keystore"; -+ private static final String trustStoreFile = "truststore"; -+ private static final String passwd = "passphrase"; -+ -+ private static final String keyFilename = -+ System.getProperty("test.src", "./") + "/" + pathToStores + -+ "/" + keyStoreFile; -+ -+ private static final String trustFilename = -+ System.getProperty("test.src", "./") + "/" + pathToStores + -+ "/" + trustStoreFile; -+ -+ // supported RC4 cipher suites -+ // it does not contain KRB5 cipher suites because they need a KDC -+ private static final String[] rc4_ciphersuites = new String[] { -+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", -+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA", -+ "SSL_RSA_WITH_RC4_128_SHA", -+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", -+ "TLS_ECDH_RSA_WITH_RC4_128_SHA", -+ "SSL_RSA_WITH_RC4_128_MD5", -+ "TLS_ECDH_anon_WITH_RC4_128_SHA", -+ "SSL_DH_anon_WITH_RC4_128_MD5" -+ }; -+ -+ public static void main(String[] args) throws Exception { -+ if (args.length < 1) { -+ throw new RuntimeException("No parameters specified"); -+ } -+ -+ System.setProperty("javax.net.ssl.keyStore", keyFilename); -+ System.setProperty("javax.net.ssl.keyStorePassword", passwd); -+ System.setProperty("javax.net.ssl.trustStore", trustFilename); -+ System.setProperty("javax.net.ssl.trustStorePassword", passwd); -+ -+ switch (args[0]) { -+ case "default": -+ // use default jdk.tls.disabledAlgorithms -+ System.out.println("jdk.tls.disabledAlgorithms = " -+ + Security.getProperty("jdk.tls.disabledAlgorithms")); -+ -+ // check if RC4 cipher suites can't be used by default -+ checkFailure(rc4_ciphersuites); -+ break; -+ case "empty": -+ // reset jdk.tls.disabledAlgorithms -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ System.out.println("jdk.tls.disabledAlgorithms = " -+ + Security.getProperty("jdk.tls.disabledAlgorithms")); -+ -+ // check if RC4 cipher suites can be used -+ // if jdk.tls.disabledAlgorithms is empty -+ checkSuccess(rc4_ciphersuites); -+ break; -+ default: -+ throw new RuntimeException("Wrong parameter: " + args[0]); -+ } -+ } -+ -+ /* -+ * Checks if that specified cipher suites cannot be used. -+ */ -+ private static void checkFailure(String[] ciphersuites) throws Exception { -+ try (SSLServer server = SSLServer.init(ciphersuites)) { -+ startNewThread(server); -+ while (!server.isRunning()) { -+ sleep(); -+ } -+ -+ int port = server.getPort(); -+ for (String ciphersuite : ciphersuites) { -+ try (SSLClient client = SSLClient.init(port, ciphersuite)) { -+ client.connect(); -+ throw new RuntimeException("Expected SSLHandshakeException " -+ + "not thrown"); -+ } catch (SSLHandshakeException e) { -+ System.out.println("Expected exception on client side: " -+ + e); -+ } -+ } -+ -+ server.stop(); -+ while (server.isRunning()) { -+ sleep(); -+ } -+ -+ if (!server.sslError()) { -+ throw new RuntimeException("Expected SSL exception " -+ + "not thrown on server side"); -+ } -+ } -+ -+ } -+ -+ /* -+ * Checks if specified cipher suites can be used. -+ */ -+ private static void checkSuccess(String[] ciphersuites) throws Exception { -+ try (SSLServer server = SSLServer.init(ciphersuites)) { -+ startNewThread(server); -+ while (!server.isRunning()) { -+ sleep(); -+ } -+ -+ int port = server.getPort(); -+ for (String ciphersuite : ciphersuites) { -+ try (SSLClient client = SSLClient.init(port, ciphersuite)) { -+ client.connect(); -+ String negotiated = client.getNegotiatedCipherSuite(); -+ System.out.println("Negotiated cipher suite: " -+ + negotiated); -+ if (!negotiated.equals(ciphersuite)) { -+ throw new RuntimeException("Unexpected cipher suite: " -+ + negotiated); -+ } -+ } -+ } -+ -+ server.stop(); -+ while (server.isRunning()) { -+ sleep(); -+ } -+ -+ if (server.error()) { -+ throw new RuntimeException("Unexpected error on server side"); -+ } -+ } -+ -+ } -+ -+ private static Thread startNewThread(SSLServer server) { -+ Thread serverThread = new Thread(server, "SSL server thread"); -+ serverThread.setDaemon(true); -+ serverThread.start(); -+ return serverThread; -+ } -+ -+ private static void sleep() { -+ try { -+ TimeUnit.MILLISECONDS.sleep(50); -+ } catch (InterruptedException e) { -+ // do nothing -+ } -+ } -+ -+ static class SSLServer implements Runnable, AutoCloseable { -+ -+ private final SSLServerSocket ssocket; -+ private volatile boolean stopped = false; -+ private volatile boolean running = false; -+ private volatile boolean sslError = false; -+ private volatile boolean otherError = false; -+ -+ private SSLServer(SSLServerSocket ssocket) { -+ this.ssocket = ssocket; -+ } -+ -+ @Override -+ public void run() { -+ System.out.println("Server: started"); -+ running = true; -+ while (!stopped) { -+ try (SSLSocket socket = (SSLSocket) ssocket.accept()) { -+ System.out.println("Server: accepted client connection"); -+ InputStream in = socket.getInputStream(); -+ OutputStream out = socket.getOutputStream(); -+ int b = in.read(); -+ if (b < 0) { -+ throw new IOException("Unexpected EOF"); -+ } -+ System.out.println("Server: send data: " + b); -+ out.write(b); -+ out.flush(); -+ socket.getSession().invalidate(); -+ } catch (SSLHandshakeException e) { -+ System.out.println("Server: run: " + e); -+ sslError = true; -+ } catch (IOException e) { -+ if (!stopped) { -+ System.out.println("Server: run: " + e); -+ e.printStackTrace(); -+ otherError = true; -+ } -+ } -+ } -+ -+ System.out.println("Server: finished"); -+ running = false; -+ } -+ -+ int getPort() { -+ return ssocket.getLocalPort(); -+ } -+ -+ String[] getEnabledCiperSuites() { -+ return ssocket.getEnabledCipherSuites(); -+ } -+ -+ boolean isRunning() { -+ return running; -+ } -+ -+ boolean sslError() { -+ return sslError; -+ } -+ -+ boolean error() { -+ return sslError || otherError; -+ } -+ -+ void stop() { -+ stopped = true; -+ if (!ssocket.isClosed()) { -+ try { -+ ssocket.close(); -+ } catch (IOException e) { -+ System.out.println("Server: close: " + e); -+ } -+ } -+ } -+ -+ @Override -+ public void close() { -+ stop(); -+ } -+ -+ static SSLServer init(String[] ciphersuites) -+ throws IOException { -+ SSLServerSocketFactory ssf = (SSLServerSocketFactory) -+ SSLServerSocketFactory.getDefault(); -+ SSLServerSocket ssocket = (SSLServerSocket) -+ ssf.createServerSocket(0); -+ -+ if (ciphersuites != null) { -+ System.out.println("Server: enable cipher suites: " -+ + java.util.Arrays.toString(ciphersuites)); -+ ssocket.setEnabledCipherSuites(ciphersuites); -+ } -+ -+ return new SSLServer(ssocket); -+ } -+ } -+ -+ static class SSLClient implements AutoCloseable { -+ -+ private final SSLSocket socket; -+ -+ private SSLClient(SSLSocket socket) { -+ this.socket = socket; -+ } -+ -+ void connect() throws IOException { -+ System.out.println("Client: connect to server"); -+ try ( -+ BufferedInputStream bis = new BufferedInputStream( -+ socket.getInputStream()); -+ BufferedOutputStream bos = new BufferedOutputStream( -+ socket.getOutputStream())) { -+ bos.write('x'); -+ bos.flush(); -+ -+ int read = bis.read(); -+ if (read < 0) { -+ throw new IOException("Client: couldn't read a response"); -+ } -+ socket.getSession().invalidate(); -+ } -+ } -+ -+ String[] getEnabledCiperSuites() { -+ return socket.getEnabledCipherSuites(); -+ } -+ -+ String getNegotiatedCipherSuite() { -+ return socket.getSession().getCipherSuite(); -+ } -+ -+ @Override -+ public void close() throws Exception { -+ if (!socket.isClosed()) { -+ try { -+ socket.close(); -+ } catch (IOException e) { -+ System.out.println("Client: close: " + e); -+ } -+ } -+ } -+ -+ static SSLClient init(int port) -+ throws NoSuchAlgorithmException, IOException { -+ return init(port, null); -+ } -+ -+ static SSLClient init(int port, String ciphersuite) -+ throws NoSuchAlgorithmException, IOException { -+ SSLContext context = SSLContext.getDefault(); -+ SSLSocketFactory ssf = (SSLSocketFactory) -+ context.getSocketFactory(); -+ SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port); -+ -+ if (ciphersuite != null) { -+ System.out.println("Client: enable cipher suite: " -+ + ciphersuite); -+ socket.setEnabledCipherSuites(new String[] { ciphersuite }); -+ } -+ -+ return new SSLClient(socket); -+ } -+ -+ } -+ -+ -+} -diff --git openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java openjdk/jdk/test/sun/security/krb5/auto/SSL.java ---- openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java -+++ openjdk/jdk/test/sun/security/krb5/auto/SSL.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -40,6 +40,7 @@ - import java.net.InetAddress; - import javax.net.ssl.*; - import java.security.Principal; -+import java.security.Security; - import java.util.Date; - import sun.security.jgss.GSSUtil; - import sun.security.krb5.PrincipalName; -@@ -54,6 +55,9 @@ - private static volatile int port; - - public static void main(String[] args) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - krb5Cipher = args[0]; - -diff --git openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java ---- openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java -+++ openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java -@@ -95,12 +95,9 @@ - allGood &= testEngOnlyDisabled(DES_CS_LIST_NAMES); - - // Disabled RC4 tests -- /* -- RC4 is not yet disabled, as 8076221 has not been backported - allGood &= testDefaultCase(RC4_CS_LIST); - allGood &= testEngAddDisabled(RC4_CS_LIST_NAMES, RC4_CS_LIST); - allGood &= testEngOnlyDisabled(RC4_CS_LIST_NAMES); -- */ - - if (allGood) { - System.err.println("All tests passed"); -diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java ---- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java -+++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -36,7 +36,7 @@ - */ - - import java.io.*; --import java.net.*; -+import java.security.Security; - import javax.net.ssl.*; - - public class CipherSuiteOrder { -@@ -198,6 +198,10 @@ - volatile Exception clientException = null; - - public static void main(String[] args) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; -diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java ---- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java -+++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java -@@ -103,10 +103,10 @@ - import java.security.Security; - import java.security.KeyStore; - import java.security.KeyFactory; -+import java.security.Security; - import java.security.cert.Certificate; - import java.security.cert.CertificateFactory; - import java.security.spec.PKCS8EncodedKeySpec; --import java.security.spec.*; - import java.security.interfaces.*; - import sun.misc.BASE64Decoder; - -diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java ---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -622,6 +622,9 @@ - } - - public static void main(String args[]) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - CheckStatus cs; - -diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java ---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java -@@ -33,6 +33,8 @@ - * The code could certainly be tightened up a lot. - * - * @author Brad Wetmore -+ * -+ * @run main/othervm ConnectionTest - */ - - import javax.net.ssl.*; -@@ -672,6 +674,10 @@ - } - - public static void main(String args[]) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ - ConnectionTest ct = new ConnectionTest(); - ct.test(); - } -diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java ---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java -@@ -180,6 +180,9 @@ - } - - public static void main(String args[]) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - LargeBufs test; - -diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java ---- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java -+++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java -@@ -37,7 +37,7 @@ - */ - - import java.io.*; --import java.net.*; -+import java.security.Security; - import javax.net.ssl.*; - - public class GenericStreamCipher { -@@ -165,6 +165,10 @@ - volatile Exception clientException = null; - - public static void main(String[] args) throws Exception { -+ // reset the security property to make sure that the algorithms -+ // and keys used in this test are not disabled. -+ Security.setProperty("jdk.tls.disabledAlgorithms", ""); -+ - String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; diff --git a/SOURCES/abrt_friendly_hs_log_jdk7.patch b/SOURCES/abrt_friendly_hs_log_jdk7.patch deleted file mode 100644 index dba02bd..0000000 --- a/SOURCES/abrt_friendly_hs_log_jdk7.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- openjdk/hotspot/src/share/vm/utilities/vmError.cpp 2012-02-02 16:17:24.476664897 +0100 -+++ openjdk/hotspot/src/share/vm/utilities/vmError.cpp 2012-02-02 16:17:24.476664897 +0100 -@@ -929,6 +929,7 @@ - } - } - -+ /* - if (fd == -1) { - const char *cwd = os::get_current_directory(buffer, sizeof(buffer)); - size_t len = strlen(cwd); -@@ -938,6 +939,24 @@ - os::file_separator(), os::current_process_id()); - fd = open(buffer, O_RDWR | O_CREAT | O_EXCL, 0666); - } -+ */ -+ -+ if (fd == -1) { -+ const char * tmpdir = os::get_temp_directory(); -+ // try temp directory if it exists. -+ if (tmpdir != NULL && tmpdir[0] != '\0') { -+ jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u", -+ tmpdir, os::file_separator(), os::current_process_id()); -+ // if mkdir() failed, hs_err will be created in temporary directory -+ if (!mkdir(buffer, 0700)) { // only read+execute flags are needed -+ // but we need to write into the directory too -+ jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u%shs_error.log", -+ tmpdir, os::file_separator(), os::current_process_id(), -+ os::file_separator()); -+ fd = open(buffer, O_WRONLY | O_CREAT | O_EXCL, 0444); // read-only file -+ } -+ } -+ } - - if (fd == -1) { - const char * tmpdir = os::get_temp_directory(); diff --git a/SOURCES/java-1.7.0-openjdk-accessible-toolkit.patch b/SOURCES/java-1.7.0-openjdk-accessible-toolkit.patch deleted file mode 100644 index 222dcfb..0000000 --- a/SOURCES/java-1.7.0-openjdk-accessible-toolkit.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java openjdk/jdk/src/share/classes/java/awt/Toolkit.java ---- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500 -+++ openjdk/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500 -@@ -871,7 +871,11 @@ - return null; - } - }); -- loadAssistiveTechnologies(); -+ try { -+ loadAssistiveTechnologies(); -+ } catch ( AWTError error) { -+ // ignore silently -+ } - } finally { - // Make sure to always re-enable the JIT. - java.lang.Compiler.enable(); diff --git a/SOURCES/java-1.7.0-openjdk-debugdocs.patch b/SOURCES/java-1.7.0-openjdk-debugdocs.patch deleted file mode 100644 index 8a130e4..0000000 --- a/SOURCES/java-1.7.0-openjdk-debugdocs.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- oldMakefile 2008-07-02 17:48:01.000000000 -0400 -+++ openjdk/Makefile 2008-07-02 17:48:09.000000000 -0400 -@@ -199,19 +199,19 @@ - - create_fresh_product_bootdir: FRC - $(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \ -- GENERATE_DOCS=false \ -+ GENERATE_DOCS=true \ - BOOT_CYCLE_SETTINGS= \ - build_product_image - - create_fresh_debug_bootdir: FRC - $(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \ -- GENERATE_DOCS=false \ -+ GENERATE_DOCS=true \ - BOOT_CYCLE_DEBUG_SETTINGS= \ - build_debug_image - - create_fresh_fastdebug_bootdir: FRC - $(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \ -- GENERATE_DOCS=false \ -+ GENERATE_DOCS=true \ - BOOT_CYCLE_DEBUG_SETTINGS= \ - build_fastdebug_image - -@@ -262,7 +262,7 @@ - $(MAKE) \ - ALT_OUTPUTDIR=$(ABS_OUTPUTDIR)/$(REL_JDK_OUTPUTDIR) \ - DEBUG_NAME=$(DEBUG_NAME) \ -- GENERATE_DOCS=false \ -+ GENERATE_DOCS=true \ - $(if $(findstring true,$(BUILD_INSTALL)),BUILD_INSTALL_BUNDLES=true,) \ - CREATE_DEBUGINFO_BUNDLES=true \ - $(BOOT_CYCLE_DEBUG_SETTINGS) \ - diff --git a/SOURCES/java-1.7.0-openjdk-debuginfo.patch b/SOURCES/java-1.7.0-openjdk-debuginfo.patch deleted file mode 100644 index 11776ef..0000000 --- a/SOURCES/java-1.7.0-openjdk-debuginfo.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openjdk/hotspot/build/linux/makefiles/saproc.make_back 2009-12-14 13:35:46.000000000 +0100 -+++ openjdk/hotspot/make/linux/makefiles/saproc.make 2009-12-14 13:36:47.000000000 +0100 -@@ -95,6 +95,7 @@ - $(ALT_SAINCDIR) \ - $(SASRCFILES) \ - $(SA_LFLAGS) \ -+ -g \ - $(SA_DEBUG_CFLAGS) \ - $(EXTRA_CFLAGS) \ - -o $@ \ ---- openjdk/hotspot/build/linux/makefiles/jsig.make_back 2009-12-14 13:34:56.000000000 +0100 -+++ openjdk/hotspot/make/linux/makefiles/jsig.make 2009-12-14 13:35:31.000000000 +0100 -@@ -59,6 +59,7 @@ - $(LIBJSIG): $(JSIGSRCDIR)/jsig.c $(LIBJSIG_MAPFILE) - @echo Making signal interposition lib... - $(QUIETLY) $(CC) $(SYMFLAG) $(ARCHFLAG) $(SHARED_FLAG) $(PICFLAG) \ -+ -g \ - $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl - $(QUIETLY) [ -f $(LIBJSIG_G) ] || { ln -s $@ $(LIBJSIG_G); } - ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) diff --git a/SOURCES/java-1.7.0-openjdk-freetype-check-fix.patch b/SOURCES/java-1.7.0-openjdk-freetype-check-fix.patch deleted file mode 100644 index 15c2d67..0000000 --- a/SOURCES/java-1.7.0-openjdk-freetype-check-fix.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up openjdk/jdk/make/common/shared/Sanity.gmk.sav openjdk/jdk/make/common/shared/Sanity.gmk ---- openjdk/jdk/make/common/shared/Sanity.gmk.sav 2012-02-14 16:12:48.000000000 -0500 -+++ openjdk/jdk/make/common/shared/Sanity.gmk 2012-03-07 17:31:26.153840755 -0500 -@@ -814,12 +814,12 @@ ifdef OPENJDK - @(($(CD) $(BUILDDIR)/tools/freetypecheck && $(MAKE)) || \ - $(ECHO) "Failed to build freetypecheck." ) > $@ - -- sane-freetype: $(TEMPDIR)/freetypeinfo -- @if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \ -- $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \ -- " or higher is required. \n" \ -- "`$(CAT) $<` \n" >> $(ERROR_FILE) ; \ -- fi -+# sane-freetype: $(TEMPDIR)/freetypeinfo -+# @if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \ -+# $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \ -+# " or higher is required. \n" \ -+# "`$(CAT) $<` \n" >> $(ERROR_FILE) ; \ -+# fi - else - #do nothing (cross-compiling) - sane-freetype: diff --git a/SOURCES/java-1.7.0-openjdk-java-access-bridge-security.patch b/SOURCES/java-1.7.0-openjdk-java-access-bridge-security.patch deleted file mode 100644 index bd59cad..0000000 --- a/SOURCES/java-1.7.0-openjdk-java-access-bridge-security.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux ---- openjdk/jdk/src/share/lib/security/java.security-linux -+++ openjdk/jdk/src/share/lib/security/java.security-linux -@@ -168,6 +168,8 @@ - com.sun.org.glassfish.,\ - jdk.xml.internal.,\ - oracle.jrockit.jfr.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - org.jcp.xml.dsig.internal. - # - # List of comma-separated packages that start with or equal this string -@@ -211,6 +213,8 @@ - com.sun.org.glassfish.,\ - jdk.xml.internal.,\ - oracle.jrockit.jfr.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - org.jcp.xml.dsig.internal. - # - # Determines whether this properties file can be appended to diff --git a/SOURCES/java-1.7.0-openjdk-java-access-bridge-tck.patch b/SOURCES/java-1.7.0-openjdk-java-access-bridge-tck.patch deleted file mode 100644 index 36a23c0..0000000 --- a/SOURCES/java-1.7.0-openjdk-java-access-bridge-tck.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java.orig 2008-05-22 11:27:00.000000000 -0400 -+++ java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java 2008-05-22 11:28:02.000000000 -0400 -@@ -34,6 +34,9 @@ - import javax.accessibility.AccessibleRole; - import javax.accessibility.AccessibleText; - import javax.accessibility.AccessibleEditableText; -+import java.security.PrivilegedAction; -+import java.security.AccessController; -+ - - public class JavaBridge { - -@@ -332,7 +335,11 @@ - System.err.println ("Java Accessibility Bridge for GNOME loaded.\n"); - - // Not sure what kind of arguments should be sent to ORB -- String vm_rev = System.getProperty("java.version"); -+ String vm_rev = (String) AccessController.doPrivileged(new PrivilegedAction() { -+ public java.lang.Object run() { -+ return System.getProperty("java.version"); -+ } -+ }); - - if (vm_rev.compareTo("1.4.0") < 0) { - System.err.println("WARNING: Java Accessibility Bridge " + diff --git a/SOURCES/jdk8076221-pr2809-disable_rc4_cipher_suites.patch b/SOURCES/jdk8076221-pr2809-disable_rc4_cipher_suites.patch new file mode 100644 index 0000000..5aa43ff --- /dev/null +++ b/SOURCES/jdk8076221-pr2809-disable_rc4_cipher_suites.patch @@ -0,0 +1,600 @@ +# HG changeset patch +# User xuelei +# Date 1453868482 0 +# Wed Jan 27 04:21:22 2016 +0000 +# Node ID 8d589911411743fa38badf69c10aa067eaa996b7 +# Parent ceb95f0d38d7ab09762dd7ff33bb855f3088a6b5 +8076221, PR2809: Disable RC4 cipher suites +Reviewed-by: wetmore + +diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux +--- openjdk.orig/jdk/src/share/lib/security/java.security-linux ++++ openjdk/jdk/src/share/lib/security/java.security-linux +@@ -556,8 +556,8 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC, anon, NULL + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. +diff --git openjdk.orig/jdk/src/share/lib/security/java.security-macosx openjdk/jdk/src/share/lib/security/java.security-macosx +--- openjdk.orig/jdk/src/share/lib/security/java.security-macosx ++++ openjdk/jdk/src/share/lib/security/java.security-macosx +@@ -561,8 +561,8 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC, anon, NULL + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. +diff --git openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris +--- openjdk.orig/jdk/src/share/lib/security/java.security-solaris ++++ openjdk/jdk/src/share/lib/security/java.security-solaris +@@ -560,8 +560,8 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC, anon, NULL + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. +diff --git openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows +--- openjdk.orig/jdk/src/share/lib/security/java.security-windows ++++ openjdk/jdk/src/share/lib/security/java.security-windows +@@ -561,8 +561,8 @@ + # + # Example: + # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +-jdk.tls.disabledAlgorithms=SSLv3, DES, MD5withRSA, DH keySize < 1024, \ +- EC keySize < 224, RC4_40, 3DES_EDE_CBC, anon, NULL ++jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ ++ EC keySize < 224, 3DES_EDE_CBC, anon, NULL + + # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) + # processing in JSSE implementation. +diff --git openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +@@ -0,0 +1,362 @@ ++/* ++ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.io.BufferedInputStream; ++import java.io.BufferedOutputStream; ++import java.io.IOException; ++import java.io.InputStream; ++import java.io.OutputStream; ++import java.security.NoSuchAlgorithmException; ++import java.security.Security; ++import java.util.concurrent.TimeUnit; ++import javax.net.ssl.SSLContext; ++import javax.net.ssl.SSLHandshakeException; ++import javax.net.ssl.SSLServerSocket; ++import javax.net.ssl.SSLServerSocketFactory; ++import javax.net.ssl.SSLSocket; ++import javax.net.ssl.SSLSocketFactory; ++ ++/** ++ * @test ++ * @bug 8076221 ++ * @summary Check if weak cipher suites are disabled ++ * @run main/othervm DisabledAlgorithms default ++ * @run main/othervm DisabledAlgorithms empty ++ */ ++public class DisabledAlgorithms { ++ ++ private static final String pathToStores = ++ "../../../../sun/security/ssl/etc"; ++ private static final String keyStoreFile = "keystore"; ++ private static final String trustStoreFile = "truststore"; ++ private static final String passwd = "passphrase"; ++ ++ private static final String keyFilename = ++ System.getProperty("test.src", "./") + "/" + pathToStores + ++ "/" + keyStoreFile; ++ ++ private static final String trustFilename = ++ System.getProperty("test.src", "./") + "/" + pathToStores + ++ "/" + trustStoreFile; ++ ++ // supported RC4 cipher suites ++ // it does not contain KRB5 cipher suites because they need a KDC ++ private static final String[] rc4_ciphersuites = new String[] { ++ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", ++ "TLS_ECDHE_RSA_WITH_RC4_128_SHA", ++ "SSL_RSA_WITH_RC4_128_SHA", ++ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", ++ "TLS_ECDH_RSA_WITH_RC4_128_SHA", ++ "SSL_RSA_WITH_RC4_128_MD5", ++ "TLS_ECDH_anon_WITH_RC4_128_SHA", ++ "SSL_DH_anon_WITH_RC4_128_MD5" ++ }; ++ ++ public static void main(String[] args) throws Exception { ++ if (args.length < 1) { ++ throw new RuntimeException("No parameters specified"); ++ } ++ ++ System.setProperty("javax.net.ssl.keyStore", keyFilename); ++ System.setProperty("javax.net.ssl.keyStorePassword", passwd); ++ System.setProperty("javax.net.ssl.trustStore", trustFilename); ++ System.setProperty("javax.net.ssl.trustStorePassword", passwd); ++ ++ switch (args[0]) { ++ case "default": ++ // use default jdk.tls.disabledAlgorithms ++ System.out.println("jdk.tls.disabledAlgorithms = " ++ + Security.getProperty("jdk.tls.disabledAlgorithms")); ++ ++ // check if RC4 cipher suites can't be used by default ++ checkFailure(rc4_ciphersuites); ++ break; ++ case "empty": ++ // reset jdk.tls.disabledAlgorithms ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ System.out.println("jdk.tls.disabledAlgorithms = " ++ + Security.getProperty("jdk.tls.disabledAlgorithms")); ++ ++ // check if RC4 cipher suites can be used ++ // if jdk.tls.disabledAlgorithms is empty ++ checkSuccess(rc4_ciphersuites); ++ break; ++ default: ++ throw new RuntimeException("Wrong parameter: " + args[0]); ++ } ++ } ++ ++ /* ++ * Checks if that specified cipher suites cannot be used. ++ */ ++ private static void checkFailure(String[] ciphersuites) throws Exception { ++ try (SSLServer server = SSLServer.init(ciphersuites)) { ++ startNewThread(server); ++ while (!server.isRunning()) { ++ sleep(); ++ } ++ ++ int port = server.getPort(); ++ for (String ciphersuite : ciphersuites) { ++ try (SSLClient client = SSLClient.init(port, ciphersuite)) { ++ client.connect(); ++ throw new RuntimeException("Expected SSLHandshakeException " ++ + "not thrown"); ++ } catch (SSLHandshakeException e) { ++ System.out.println("Expected exception on client side: " ++ + e); ++ } ++ } ++ ++ server.stop(); ++ while (server.isRunning()) { ++ sleep(); ++ } ++ ++ if (!server.sslError()) { ++ throw new RuntimeException("Expected SSL exception " ++ + "not thrown on server side"); ++ } ++ } ++ ++ } ++ ++ /* ++ * Checks if specified cipher suites can be used. ++ */ ++ private static void checkSuccess(String[] ciphersuites) throws Exception { ++ try (SSLServer server = SSLServer.init(ciphersuites)) { ++ startNewThread(server); ++ while (!server.isRunning()) { ++ sleep(); ++ } ++ ++ int port = server.getPort(); ++ for (String ciphersuite : ciphersuites) { ++ try (SSLClient client = SSLClient.init(port, ciphersuite)) { ++ client.connect(); ++ String negotiated = client.getNegotiatedCipherSuite(); ++ System.out.println("Negotiated cipher suite: " ++ + negotiated); ++ if (!negotiated.equals(ciphersuite)) { ++ throw new RuntimeException("Unexpected cipher suite: " ++ + negotiated); ++ } ++ } ++ } ++ ++ server.stop(); ++ while (server.isRunning()) { ++ sleep(); ++ } ++ ++ if (server.error()) { ++ throw new RuntimeException("Unexpected error on server side"); ++ } ++ } ++ ++ } ++ ++ private static Thread startNewThread(SSLServer server) { ++ Thread serverThread = new Thread(server, "SSL server thread"); ++ serverThread.setDaemon(true); ++ serverThread.start(); ++ return serverThread; ++ } ++ ++ private static void sleep() { ++ try { ++ TimeUnit.MILLISECONDS.sleep(50); ++ } catch (InterruptedException e) { ++ // do nothing ++ } ++ } ++ ++ static class SSLServer implements Runnable, AutoCloseable { ++ ++ private final SSLServerSocket ssocket; ++ private volatile boolean stopped = false; ++ private volatile boolean running = false; ++ private volatile boolean sslError = false; ++ private volatile boolean otherError = false; ++ ++ private SSLServer(SSLServerSocket ssocket) { ++ this.ssocket = ssocket; ++ } ++ ++ @Override ++ public void run() { ++ System.out.println("Server: started"); ++ running = true; ++ while (!stopped) { ++ try (SSLSocket socket = (SSLSocket) ssocket.accept()) { ++ System.out.println("Server: accepted client connection"); ++ InputStream in = socket.getInputStream(); ++ OutputStream out = socket.getOutputStream(); ++ int b = in.read(); ++ if (b < 0) { ++ throw new IOException("Unexpected EOF"); ++ } ++ System.out.println("Server: send data: " + b); ++ out.write(b); ++ out.flush(); ++ socket.getSession().invalidate(); ++ } catch (SSLHandshakeException e) { ++ System.out.println("Server: run: " + e); ++ sslError = true; ++ } catch (IOException e) { ++ if (!stopped) { ++ System.out.println("Server: run: " + e); ++ e.printStackTrace(); ++ otherError = true; ++ } ++ } ++ } ++ ++ System.out.println("Server: finished"); ++ running = false; ++ } ++ ++ int getPort() { ++ return ssocket.getLocalPort(); ++ } ++ ++ String[] getEnabledCiperSuites() { ++ return ssocket.getEnabledCipherSuites(); ++ } ++ ++ boolean isRunning() { ++ return running; ++ } ++ ++ boolean sslError() { ++ return sslError; ++ } ++ ++ boolean error() { ++ return sslError || otherError; ++ } ++ ++ void stop() { ++ stopped = true; ++ if (!ssocket.isClosed()) { ++ try { ++ ssocket.close(); ++ } catch (IOException e) { ++ System.out.println("Server: close: " + e); ++ } ++ } ++ } ++ ++ @Override ++ public void close() { ++ stop(); ++ } ++ ++ static SSLServer init(String[] ciphersuites) ++ throws IOException { ++ SSLServerSocketFactory ssf = (SSLServerSocketFactory) ++ SSLServerSocketFactory.getDefault(); ++ SSLServerSocket ssocket = (SSLServerSocket) ++ ssf.createServerSocket(0); ++ ++ if (ciphersuites != null) { ++ System.out.println("Server: enable cipher suites: " ++ + java.util.Arrays.toString(ciphersuites)); ++ ssocket.setEnabledCipherSuites(ciphersuites); ++ } ++ ++ return new SSLServer(ssocket); ++ } ++ } ++ ++ static class SSLClient implements AutoCloseable { ++ ++ private final SSLSocket socket; ++ ++ private SSLClient(SSLSocket socket) { ++ this.socket = socket; ++ } ++ ++ void connect() throws IOException { ++ System.out.println("Client: connect to server"); ++ try ( ++ BufferedInputStream bis = new BufferedInputStream( ++ socket.getInputStream()); ++ BufferedOutputStream bos = new BufferedOutputStream( ++ socket.getOutputStream())) { ++ bos.write('x'); ++ bos.flush(); ++ ++ int read = bis.read(); ++ if (read < 0) { ++ throw new IOException("Client: couldn't read a response"); ++ } ++ socket.getSession().invalidate(); ++ } ++ } ++ ++ String[] getEnabledCiperSuites() { ++ return socket.getEnabledCipherSuites(); ++ } ++ ++ String getNegotiatedCipherSuite() { ++ return socket.getSession().getCipherSuite(); ++ } ++ ++ @Override ++ public void close() throws Exception { ++ if (!socket.isClosed()) { ++ try { ++ socket.close(); ++ } catch (IOException e) { ++ System.out.println("Client: close: " + e); ++ } ++ } ++ } ++ ++ static SSLClient init(int port) ++ throws NoSuchAlgorithmException, IOException { ++ return init(port, null); ++ } ++ ++ static SSLClient init(int port, String ciphersuite) ++ throws NoSuchAlgorithmException, IOException { ++ SSLContext context = SSLContext.getDefault(); ++ SSLSocketFactory ssf = (SSLSocketFactory) ++ context.getSocketFactory(); ++ SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port); ++ ++ if (ciphersuite != null) { ++ System.out.println("Client: enable cipher suite: " ++ + ciphersuite); ++ socket.setEnabledCipherSuites(new String[] { ciphersuite }); ++ } ++ ++ return new SSLClient(socket); ++ } ++ ++ } ++ ++ ++} +diff --git openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java openjdk/jdk/test/sun/security/krb5/auto/SSL.java +--- openjdk.orig/jdk/test/sun/security/krb5/auto/SSL.java ++++ openjdk/jdk/test/sun/security/krb5/auto/SSL.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -40,6 +40,7 @@ + import java.net.InetAddress; + import javax.net.ssl.*; + import java.security.Principal; ++import java.security.Security; + import java.util.Date; + import sun.security.jgss.GSSUtil; + import sun.security.krb5.PrincipalName; +@@ -54,6 +55,9 @@ + private static volatile int port; + + public static void main(String[] args) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + krb5Cipher = args[0]; + +diff --git openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java +--- openjdk.orig/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java ++++ openjdk/jdk/test/sun/security/ssl/CipherSuite/NoDesRC4CiphSuite.java +@@ -95,12 +95,9 @@ + allGood &= testEngOnlyDisabled(DES_CS_LIST_NAMES); + + // Disabled RC4 tests +- /* +- RC4 is not yet disabled, as 8076221 has not been backported + allGood &= testDefaultCase(RC4_CS_LIST); + allGood &= testEngAddDisabled(RC4_CS_LIST_NAMES, RC4_CS_LIST); + allGood &= testEngOnlyDisabled(RC4_CS_LIST_NAMES); +- */ + + if (allGood) { + System.err.println("All tests passed"); +diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java +--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -36,7 +36,7 @@ + */ + + import java.io.*; +-import java.net.*; ++import java.security.Security; + import javax.net.ssl.*; + + public class CipherSuiteOrder { +@@ -198,6 +198,10 @@ + volatile Exception clientException = null; + + public static void main(String[] args) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ + String keyFilename = + System.getProperty("test.src", "./") + "/" + pathToStores + + "/" + keyStoreFile; +diff --git openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java +--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java ++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java +@@ -103,10 +103,10 @@ + import java.security.Security; + import java.security.KeyStore; + import java.security.KeyFactory; ++import java.security.Security; + import java.security.cert.Certificate; + import java.security.cert.CertificateFactory; + import java.security.spec.PKCS8EncodedKeySpec; +-import java.security.spec.*; + import java.security.interfaces.*; + import sun.misc.BASE64Decoder; + +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -622,6 +622,9 @@ + } + + public static void main(String args[]) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + CheckStatus cs; + +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java +@@ -33,6 +33,8 @@ + * The code could certainly be tightened up a lot. + * + * @author Brad Wetmore ++ * ++ * @run main/othervm ConnectionTest + */ + + import javax.net.ssl.*; +@@ -672,6 +674,10 @@ + } + + public static void main(String args[]) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ + ConnectionTest ct = new ConnectionTest(); + ct.test(); + } +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java +@@ -180,6 +180,9 @@ + } + + public static void main(String args[]) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + LargeBufs test; + +diff --git openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java +--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java ++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java +@@ -37,7 +37,7 @@ + */ + + import java.io.*; +-import java.net.*; ++import java.security.Security; + import javax.net.ssl.*; + + public class GenericStreamCipher { +@@ -165,6 +165,10 @@ + volatile Exception clientException = null; + + public static void main(String[] args) throws Exception { ++ // reset the security property to make sure that the algorithms ++ // and keys used in this test are not disabled. ++ Security.setProperty("jdk.tls.disabledAlgorithms", ""); ++ + String keyFilename = + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + keyStoreFile; diff --git a/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch b/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch new file mode 100644 index 0000000..8165340 --- /dev/null +++ b/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch @@ -0,0 +1,28 @@ +diff --git a/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java +--- openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java ++++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java +@@ -168,20 +168,10 @@ + "contains no supported elliptic curves"); + } + } else { // default curves +- int[] ids; +- if (requireFips) { +- ids = new int[] { +- // only NIST curves in FIPS mode +- 23, 24, 25, 9, 10, 11, 12, 13, 14, +- }; +- } else { +- ids = new int[] { +- // NIST curves first +- 23, 24, 25, 9, 10, 11, 12, 13, 14, +- // non-NIST curves +- 22, +- }; +- } ++ int[] ids = new int[] { ++ // NSS currently only supports these three NIST curves ++ 23, 24, 25 ++ }; + + idList = new ArrayList<>(ids.length); + for (int curveId : ids) { diff --git a/SOURCES/pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch b/SOURCES/pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch new file mode 100644 index 0000000..6cab1d1 --- /dev/null +++ b/SOURCES/pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch @@ -0,0 +1,220 @@ +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java +@@ -87,8 +87,8 @@ + // name of the key algorithm, currently either RSA or DSA + private final String keyAlgorithm; + +- // mechanism id +- private final long mechanism; ++ // mechanism ++ private final CK_MECHANISM mechanism; + + // digest algorithm OID, if we encode RSA signature ourselves + private final ObjectIdentifier digestOID; +@@ -138,11 +138,62 @@ + super(); + this.token = token; + this.algorithm = algorithm; +- this.mechanism = mechanism; ++ CK_MECHANISM ckMechanism = new CK_MECHANISM(mechanism); ++ final CK_RSA_PKCS_PSS_PARAMS mechParams; + byte[] buffer = null; + ObjectIdentifier digestOID = null; + MessageDigest md = null; + switch ((int)mechanism) { ++ case (int)CKM_SHA1_RSA_PKCS_PSS: ++ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); ++ mechParams.hashAlg = CKM_SHA_1; ++ mechParams.mgf = CKG_MGF1_SHA1; ++ mechParams.sLen = 20; ++ ckMechanism = new CK_MECHANISM(mechanism, mechParams); ++ this.keyAlgorithm = "RSA"; ++ this.type = T_UPDATE; ++ buffer = new byte[1]; ++ break; ++ case (int)CKM_SHA224_RSA_PKCS_PSS: ++ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); ++ mechParams.hashAlg = CKM_SHA224; ++ mechParams.mgf = CKG_MGF1_SHA224; ++ mechParams.sLen = 28; ++ ckMechanism = new CK_MECHANISM(mechanism, mechParams); ++ this.keyAlgorithm = "RSA"; ++ this.type = T_UPDATE; ++ buffer = new byte[1]; ++ break; ++ case (int)CKM_SHA256_RSA_PKCS_PSS: ++ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); ++ mechParams.hashAlg = CKM_SHA256; ++ mechParams.mgf = CKG_MGF1_SHA256; ++ mechParams.sLen = 32; ++ ckMechanism = new CK_MECHANISM(mechanism, mechParams); ++ this.keyAlgorithm = "RSA"; ++ this.type = T_UPDATE; ++ buffer = new byte[1]; ++ break; ++ case (int)CKM_SHA384_RSA_PKCS_PSS: ++ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); ++ mechParams.hashAlg = CKM_SHA384; ++ mechParams.mgf = CKG_MGF1_SHA384; ++ mechParams.sLen = 48; ++ ckMechanism = new CK_MECHANISM(mechanism, mechParams); ++ this.keyAlgorithm = "RSA"; ++ this.type = T_UPDATE; ++ buffer = new byte[1]; ++ break; ++ case (int)CKM_SHA512_RSA_PKCS_PSS: ++ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); ++ mechParams.hashAlg = CKM_SHA512; ++ mechParams.mgf = CKG_MGF1_SHA512; ++ mechParams.sLen = 64; ++ ckMechanism = new CK_MECHANISM(mechanism, mechParams); ++ this.keyAlgorithm = "RSA"; ++ this.type = T_UPDATE; ++ buffer = new byte[1]; ++ break; + case (int)CKM_MD2_RSA_PKCS: + case (int)CKM_MD5_RSA_PKCS: + case (int)CKM_SHA1_RSA_PKCS: +@@ -232,6 +283,7 @@ + default: + throw new ProviderException("Unknown mechanism: " + mechanism); + } ++ this.mechanism = ckMechanism; + this.buffer = buffer; + this.digestOID = digestOID; + this.md = md; +@@ -314,10 +366,10 @@ + } + if (mode == M_SIGN) { + token.p11.C_SignInit(session.id(), +- new CK_MECHANISM(mechanism), p11Key.keyID); ++ mechanism, p11Key.keyID); + } else { + token.p11.C_VerifyInit(session.id(), +- new CK_MECHANISM(mechanism), p11Key.keyID); ++ mechanism, p11Key.keyID); + } + initialized = true; + } catch (PKCS11Exception e) { +@@ -399,7 +451,8 @@ + } else if (algorithm.equals("SHA512withRSA")) { + encodedLength = 83; + } else { +- throw new ProviderException("Unknown signature algo: " + algorithm); ++ encodedLength = 0; ++ //throw new ProviderException("Unknown signature algo: " + algorithm); + } + if (encodedLength > maxDataSize) { + throw new InvalidKeyException +@@ -568,7 +621,7 @@ + if (type == T_DIGEST) { + digest = md.digest(); + } else { // T_RAW +- if (mechanism == CKM_DSA) { ++ if (mechanism.mechanism == CKM_DSA) { + if (bytesProcessed != buffer.length) { + throw new SignatureException + ("Data for RawDSA must be exactly 20 bytes long"); +@@ -588,7 +641,7 @@ + signature = token.p11.C_Sign(session.id(), digest); + } else { // RSA + byte[] data = encodeSignature(digest); +- if (mechanism == CKM_RSA_X_509) { ++ if (mechanism.mechanism == CKM_RSA_X_509) { + data = pkcs1Pad(data); + } + signature = token.p11.C_Sign(session.id(), data); +@@ -623,7 +676,7 @@ + if (type == T_DIGEST) { + digest = md.digest(); + } else { // T_RAW +- if (mechanism == CKM_DSA) { ++ if (mechanism.mechanism == CKM_DSA) { + if (bytesProcessed != buffer.length) { + throw new SignatureException + ("Data for RawDSA must be exactly 20 bytes long"); +@@ -643,7 +696,7 @@ + token.p11.C_Verify(session.id(), digest, signature); + } else { // RSA + byte[] data = encodeSignature(digest); +- if (mechanism == CKM_RSA_X_509) { ++ if (mechanism.mechanism == CKM_RSA_X_509) { + data = pkcs1Pad(data); + } + token.p11.C_Verify(session.id(), data, signature); +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java +@@ -729,6 +729,16 @@ + d(SIG, "SHA512withRSA", P11Signature, + s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), + m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); ++ d(SIG, "SHA1withRSAandMGF1", P11Signature, ++ m(CKM_SHA1_RSA_PKCS_PSS)); ++ d(SIG, "SHA224withRSAandMGF1", P11Signature, ++ m(CKM_SHA224_RSA_PKCS_PSS)); ++ d(SIG, "SHA256withRSAandMGF1", P11Signature, ++ m(CKM_SHA256_RSA_PKCS_PSS)); ++ d(SIG, "SHA384withRSAandMGF1", P11Signature, ++ m(CKM_SHA384_RSA_PKCS_PSS)); ++ d(SIG, "SHA512withRSAandMGF1", P11Signature, ++ m(CKM_SHA512_RSA_PKCS_PSS)); + + d(KG, "SunTlsRsaPremasterSecret", + "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Token.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Token.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java +@@ -377,6 +377,10 @@ + return keyStore; + } + ++ CK_MECHANISM_INFO getMechanismInfo(CK_MECHANISM mechanism) throws PKCS11Exception { ++ return getMechanismInfo(mechanism.mechanism); ++ } ++ + CK_MECHANISM_INFO getMechanismInfo(long mechanism) throws PKCS11Exception { + CK_MECHANISM_INFO result = mechInfoMap.get(mechanism); + if (result == null) { +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java +@@ -116,6 +116,10 @@ + init(mechanism, params); + } + ++ public CK_MECHANISM(long mechanism, CK_RSA_PKCS_PSS_PARAMS params) { ++ init(mechanism, params); ++ } ++ + public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) { + init(mechanism, params); + } +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java +@@ -458,6 +458,12 @@ + public static final long CKM_SHA384_RSA_PKCS = 0x00000041L; + public static final long CKM_SHA512_RSA_PKCS = 0x00000042L; + ++ // v2.30 ++ public static final long CKM_SHA256_RSA_PKCS_PSS = 0x00000043L; ++ public static final long CKM_SHA384_RSA_PKCS_PSS = 0x00000044L; ++ public static final long CKM_SHA512_RSA_PKCS_PSS = 0x00000045L; ++ ++ + public static final long CKM_RC2_KEY_GEN = 0x00000100L; + public static final long CKM_RC2_ECB = 0x00000101L; + public static final long CKM_RC2_CBC = 0x00000102L; +@@ -919,6 +925,10 @@ + + /* The following MGFs are defined */ + public static final long CKG_MGF1_SHA1 = 0x00000001L; ++ public static final long CKG_MGF1_SHA256 = 0x00000002L; ++ public static final long CKG_MGF1_SHA384 = 0x00000003L; ++ public static final long CKG_MGF1_SHA512 = 0x00000004L; ++ + // new for v2.20 amendment 3 + public static final long CKG_MGF1_SHA224 = 0x00000005L; + diff --git a/SOURCES/pr3393-rh1273760.patch b/SOURCES/pr3393-rh1273760.patch deleted file mode 100644 index cb0764a..0000000 --- a/SOURCES/pr3393-rh1273760.patch +++ /dev/null @@ -1,220 +0,0 @@ -diff --git a/src/share/classes/sun/security/pkcs11/P11Signature.java b/src/share/classes/sun/security/pkcs11/P11Signature.java ---- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java -@@ -87,8 +87,8 @@ - // name of the key algorithm, currently either RSA or DSA - private final String keyAlgorithm; - -- // mechanism id -- private final long mechanism; -+ // mechanism -+ private final CK_MECHANISM mechanism; - - // digest algorithm OID, if we encode RSA signature ourselves - private final ObjectIdentifier digestOID; -@@ -138,11 +138,62 @@ - super(); - this.token = token; - this.algorithm = algorithm; -- this.mechanism = mechanism; -+ CK_MECHANISM ckMechanism = new CK_MECHANISM(mechanism); -+ final CK_RSA_PKCS_PSS_PARAMS mechParams; - byte[] buffer = null; - ObjectIdentifier digestOID = null; - MessageDigest md = null; - switch ((int)mechanism) { -+ case (int)CKM_SHA1_RSA_PKCS_PSS: -+ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); -+ mechParams.hashAlg = CKM_SHA_1; -+ mechParams.mgf = CKG_MGF1_SHA1; -+ mechParams.sLen = 20; -+ ckMechanism = new CK_MECHANISM(mechanism, mechParams); -+ this.keyAlgorithm = "RSA"; -+ this.type = T_UPDATE; -+ buffer = new byte[1]; -+ break; -+ case (int)CKM_SHA224_RSA_PKCS_PSS: -+ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); -+ mechParams.hashAlg = CKM_SHA224; -+ mechParams.mgf = CKG_MGF1_SHA224; -+ mechParams.sLen = 28; -+ ckMechanism = new CK_MECHANISM(mechanism, mechParams); -+ this.keyAlgorithm = "RSA"; -+ this.type = T_UPDATE; -+ buffer = new byte[1]; -+ break; -+ case (int)CKM_SHA256_RSA_PKCS_PSS: -+ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); -+ mechParams.hashAlg = CKM_SHA256; -+ mechParams.mgf = CKG_MGF1_SHA256; -+ mechParams.sLen = 32; -+ ckMechanism = new CK_MECHANISM(mechanism, mechParams); -+ this.keyAlgorithm = "RSA"; -+ this.type = T_UPDATE; -+ buffer = new byte[1]; -+ break; -+ case (int)CKM_SHA384_RSA_PKCS_PSS: -+ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); -+ mechParams.hashAlg = CKM_SHA384; -+ mechParams.mgf = CKG_MGF1_SHA384; -+ mechParams.sLen = 48; -+ ckMechanism = new CK_MECHANISM(mechanism, mechParams); -+ this.keyAlgorithm = "RSA"; -+ this.type = T_UPDATE; -+ buffer = new byte[1]; -+ break; -+ case (int)CKM_SHA512_RSA_PKCS_PSS: -+ mechParams = new CK_RSA_PKCS_PSS_PARAMS(); -+ mechParams.hashAlg = CKM_SHA512; -+ mechParams.mgf = CKG_MGF1_SHA512; -+ mechParams.sLen = 64; -+ ckMechanism = new CK_MECHANISM(mechanism, mechParams); -+ this.keyAlgorithm = "RSA"; -+ this.type = T_UPDATE; -+ buffer = new byte[1]; -+ break; - case (int)CKM_MD2_RSA_PKCS: - case (int)CKM_MD5_RSA_PKCS: - case (int)CKM_SHA1_RSA_PKCS: -@@ -232,6 +283,7 @@ - default: - throw new ProviderException("Unknown mechanism: " + mechanism); - } -+ this.mechanism = ckMechanism; - this.buffer = buffer; - this.digestOID = digestOID; - this.md = md; -@@ -309,10 +361,10 @@ - } - if (mode == M_SIGN) { - token.p11.C_SignInit(session.id(), -- new CK_MECHANISM(mechanism), p11Key.keyID); -+ mechanism, p11Key.keyID); - } else { - token.p11.C_VerifyInit(session.id(), -- new CK_MECHANISM(mechanism), p11Key.keyID); -+ mechanism, p11Key.keyID); - } - initialized = true; - } catch (PKCS11Exception e) { -@@ -350,7 +402,8 @@ - } else if (algorithm.equals("SHA512withRSA")) { - encodedLength = 83; - } else { -- throw new ProviderException("Unknown signature algo: " + algorithm); -+ encodedLength = 0; -+ //throw new ProviderException("Unknown signature algo: " + algorithm); - } - if (encodedLength > maxDataSize) { - throw new InvalidKeyException -@@ -523,7 +576,7 @@ - if (type == T_DIGEST) { - digest = md.digest(); - } else { // T_RAW -- if (mechanism == CKM_DSA) { -+ if (mechanism.mechanism == CKM_DSA) { - if (bytesProcessed != buffer.length) { - throw new SignatureException - ("Data for RawDSA must be exactly 20 bytes long"); -@@ -543,7 +596,7 @@ - signature = token.p11.C_Sign(session.id(), digest); - } else { // RSA - byte[] data = encodeSignature(digest); -- if (mechanism == CKM_RSA_X_509) { -+ if (mechanism.mechanism == CKM_RSA_X_509) { - data = pkcs1Pad(data); - } - signature = token.p11.C_Sign(session.id(), data); -@@ -578,7 +631,7 @@ - if (type == T_DIGEST) { - digest = md.digest(); - } else { // T_RAW -- if (mechanism == CKM_DSA) { -+ if (mechanism.mechanism == CKM_DSA) { - if (bytesProcessed != buffer.length) { - throw new SignatureException - ("Data for RawDSA must be exactly 20 bytes long"); -@@ -598,7 +651,7 @@ - token.p11.C_Verify(session.id(), digest, signature); - } else { // RSA - byte[] data = encodeSignature(digest); -- if (mechanism == CKM_RSA_X_509) { -+ if (mechanism.mechanism == CKM_RSA_X_509) { - data = pkcs1Pad(data); - } - token.p11.C_Verify(session.id(), data, signature); -diff --git a/src/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/share/classes/sun/security/pkcs11/SunPKCS11.java ---- openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java -@@ -729,6 +729,16 @@ - d(SIG, "SHA512withRSA", P11Signature, - s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), - m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); -+ d(SIG, "SHA1withRSAandMGF1", P11Signature, -+ m(CKM_SHA1_RSA_PKCS_PSS)); -+ d(SIG, "SHA224withRSAandMGF1", P11Signature, -+ m(CKM_SHA224_RSA_PKCS_PSS)); -+ d(SIG, "SHA256withRSAandMGF1", P11Signature, -+ m(CKM_SHA256_RSA_PKCS_PSS)); -+ d(SIG, "SHA384withRSAandMGF1", P11Signature, -+ m(CKM_SHA384_RSA_PKCS_PSS)); -+ d(SIG, "SHA512withRSAandMGF1", P11Signature, -+ m(CKM_SHA512_RSA_PKCS_PSS)); - - /* - * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the -diff --git a/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java b/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java ---- openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java -@@ -112,6 +112,10 @@ - init(mechanism, params); - } - -+ public CK_MECHANISM(long mechanism, CK_RSA_PKCS_PSS_PARAMS params) { -+ init(mechanism, params); -+ } -+ - public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) { - init(mechanism, params); - } -diff --git a/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java b/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java ---- openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java -@@ -458,6 +458,12 @@ - public static final long CKM_SHA384_RSA_PKCS = 0x00000041L; - public static final long CKM_SHA512_RSA_PKCS = 0x00000042L; - -+ // v2.30 -+ public static final long CKM_SHA256_RSA_PKCS_PSS = 0x00000043L; -+ public static final long CKM_SHA384_RSA_PKCS_PSS = 0x00000044L; -+ public static final long CKM_SHA512_RSA_PKCS_PSS = 0x00000045L; -+ -+ - public static final long CKM_RC2_KEY_GEN = 0x00000100L; - public static final long CKM_RC2_ECB = 0x00000101L; - public static final long CKM_RC2_CBC = 0x00000102L; -@@ -911,6 +917,10 @@ - - /* The following MGFs are defined */ - public static final long CKG_MGF1_SHA1 = 0x00000001L; -+ public static final long CKG_MGF1_SHA256 = 0x00000002L; -+ public static final long CKG_MGF1_SHA384 = 0x00000003L; -+ public static final long CKG_MGF1_SHA512 = 0x00000004L; -+ - // new for v2.20 amendment 3 - public static final long CKG_MGF1_SHA224 = 0x00000005L; - -diff --git a/src/share/classes/sun/security/pkcs11/Token.java b/src/share/classes/sun/security/pkcs11/Token.java ---- openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Token.java -@@ -377,6 +377,10 @@ - return keyStore; - } - -+ CK_MECHANISM_INFO getMechanismInfo(CK_MECHANISM mechanism) throws PKCS11Exception { -+ return getMechanismInfo(mechanism.mechanism); -+ } -+ - CK_MECHANISM_INFO getMechanismInfo(long mechanism) throws PKCS11Exception { - CK_MECHANISM_INFO result = mechInfoMap.get(mechanism); - if (result == null) { diff --git a/SOURCES/pulse-soundproperties.patch b/SOURCES/pulse-soundproperties.patch deleted file mode 100644 index 271a323..0000000 --- a/SOURCES/pulse-soundproperties.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- openjdk/jdk/src/share/lib/sound.properties 2008-08-28 04:15:18.000000000 -0400 -+++ openjdk/jdk/src/share/lib/sound.properties 2008-10-03 16:59:21.000000000 -0400 -@@ -37,3 +37,13 @@ - # Specify the default Receiver by provider and name: - # javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1 - # -+ -+# javax.sound.sampled.Clip=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider -+# javax.sound.sampled.Port=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider -+# javax.sound.sampled.SourceDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider -+# javax.sound.sampled.TargetDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider -+ -+javax.sound.sampled.Clip=com.sun.media.sound.DirectAudioDeviceProvider -+javax.sound.sampled.Port=com.sun.media.sound.PortMixerProvider -+javax.sound.sampled.SourceDataLine=com.sun.media.sound.DirectAudioDeviceProvider -+javax.sound.sampled.TargetDataLine=com.sun.media.sound.DirectAudioDeviceProvider diff --git a/SOURCES/rh1022017.patch b/SOURCES/rh1022017.patch deleted file mode 100644 index 8165340..0000000 --- a/SOURCES/rh1022017.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff --git a/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java ---- openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java -+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java -@@ -168,20 +168,10 @@ - "contains no supported elliptic curves"); - } - } else { // default curves -- int[] ids; -- if (requireFips) { -- ids = new int[] { -- // only NIST curves in FIPS mode -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- }; -- } else { -- ids = new int[] { -- // NIST curves first -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- // non-NIST curves -- 22, -- }; -- } -+ int[] ids = new int[] { -+ // NSS currently only supports these three NIST curves -+ 23, 24, 25 -+ }; - - idList = new ArrayList<>(ids.length); - for (int curveId : ids) { diff --git a/SOURCES/rh1648241-abrt_friendly_hs_log_jdk7.patch b/SOURCES/rh1648241-abrt_friendly_hs_log_jdk7.patch new file mode 100644 index 0000000..dba02bd --- /dev/null +++ b/SOURCES/rh1648241-abrt_friendly_hs_log_jdk7.patch @@ -0,0 +1,35 @@ +--- openjdk/hotspot/src/share/vm/utilities/vmError.cpp 2012-02-02 16:17:24.476664897 +0100 ++++ openjdk/hotspot/src/share/vm/utilities/vmError.cpp 2012-02-02 16:17:24.476664897 +0100 +@@ -929,6 +929,7 @@ + } + } + ++ /* + if (fd == -1) { + const char *cwd = os::get_current_directory(buffer, sizeof(buffer)); + size_t len = strlen(cwd); +@@ -938,6 +939,24 @@ + os::file_separator(), os::current_process_id()); + fd = open(buffer, O_RDWR | O_CREAT | O_EXCL, 0666); + } ++ */ ++ ++ if (fd == -1) { ++ const char * tmpdir = os::get_temp_directory(); ++ // try temp directory if it exists. ++ if (tmpdir != NULL && tmpdir[0] != '\0') { ++ jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u", ++ tmpdir, os::file_separator(), os::current_process_id()); ++ // if mkdir() failed, hs_err will be created in temporary directory ++ if (!mkdir(buffer, 0700)) { // only read+execute flags are needed ++ // but we need to write into the directory too ++ jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u%shs_error.log", ++ tmpdir, os::file_separator(), os::current_process_id(), ++ os::file_separator()); ++ fd = open(buffer, O_WRONLY | O_CREAT | O_EXCL, 0444); // read-only file ++ } ++ } ++ } + + if (fd == -1) { + const char * tmpdir = os::get_temp_directory(); diff --git a/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch new file mode 100644 index 0000000..222dcfb --- /dev/null +++ b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch @@ -0,0 +1,16 @@ +diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java openjdk/jdk/src/share/classes/java/awt/Toolkit.java +--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500 ++++ openjdk/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500 +@@ -871,7 +871,11 @@ + return null; + } + }); +- loadAssistiveTechnologies(); ++ try { ++ loadAssistiveTechnologies(); ++ } catch ( AWTError error) { ++ // ignore silently ++ } + } finally { + // Make sure to always re-enable the JIT. + java.lang.Compiler.enable(); diff --git a/SOURCES/rh1648254-javadoc_generated_during_all_variants_of_buid.patch b/SOURCES/rh1648254-javadoc_generated_during_all_variants_of_buid.patch new file mode 100644 index 0000000..8a130e4 --- /dev/null +++ b/SOURCES/rh1648254-javadoc_generated_during_all_variants_of_buid.patch @@ -0,0 +1,35 @@ +--- oldMakefile 2008-07-02 17:48:01.000000000 -0400 ++++ openjdk/Makefile 2008-07-02 17:48:09.000000000 -0400 +@@ -199,19 +199,19 @@ + + create_fresh_product_bootdir: FRC + $(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \ +- GENERATE_DOCS=false \ ++ GENERATE_DOCS=true \ + BOOT_CYCLE_SETTINGS= \ + build_product_image + + create_fresh_debug_bootdir: FRC + $(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \ +- GENERATE_DOCS=false \ ++ GENERATE_DOCS=true \ + BOOT_CYCLE_DEBUG_SETTINGS= \ + build_debug_image + + create_fresh_fastdebug_bootdir: FRC + $(MAKE) ALT_OUTPUTDIR=$(ABS_BOOTDIR_OUTPUTDIR) \ +- GENERATE_DOCS=false \ ++ GENERATE_DOCS=true \ + BOOT_CYCLE_DEBUG_SETTINGS= \ + build_fastdebug_image + +@@ -262,7 +262,7 @@ + $(MAKE) \ + ALT_OUTPUTDIR=$(ABS_OUTPUTDIR)/$(REL_JDK_OUTPUTDIR) \ + DEBUG_NAME=$(DEBUG_NAME) \ +- GENERATE_DOCS=false \ ++ GENERATE_DOCS=true \ + $(if $(findstring true,$(BUILD_INSTALL)),BUILD_INSTALL_BUNDLES=true,) \ + CREATE_DEBUGINFO_BUNDLES=true \ + $(BOOT_CYCLE_DEBUG_SETTINGS) \ + diff --git a/SOURCES/rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch b/SOURCES/rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch new file mode 100644 index 0000000..11776ef --- /dev/null +++ b/SOURCES/rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch @@ -0,0 +1,20 @@ +--- openjdk/hotspot/build/linux/makefiles/saproc.make_back 2009-12-14 13:35:46.000000000 +0100 ++++ openjdk/hotspot/make/linux/makefiles/saproc.make 2009-12-14 13:36:47.000000000 +0100 +@@ -95,6 +95,7 @@ + $(ALT_SAINCDIR) \ + $(SASRCFILES) \ + $(SA_LFLAGS) \ ++ -g \ + $(SA_DEBUG_CFLAGS) \ + $(EXTRA_CFLAGS) \ + -o $@ \ +--- openjdk/hotspot/build/linux/makefiles/jsig.make_back 2009-12-14 13:34:56.000000000 +0100 ++++ openjdk/hotspot/make/linux/makefiles/jsig.make 2009-12-14 13:35:31.000000000 +0100 +@@ -59,6 +59,7 @@ + $(LIBJSIG): $(JSIGSRCDIR)/jsig.c $(LIBJSIG_MAPFILE) + @echo Making signal interposition lib... + $(QUIETLY) $(CC) $(SYMFLAG) $(ARCHFLAG) $(SHARED_FLAG) $(PICFLAG) \ ++ -g \ + $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl + $(QUIETLY) [ -f $(LIBJSIG_G) ] || { ln -s $@ $(LIBJSIG_G); } + ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) diff --git a/SOURCES/rh1648643-comment_out_freetype_check.patch b/SOURCES/rh1648643-comment_out_freetype_check.patch new file mode 100644 index 0000000..15c2d67 --- /dev/null +++ b/SOURCES/rh1648643-comment_out_freetype_check.patch @@ -0,0 +1,22 @@ +diff -up openjdk/jdk/make/common/shared/Sanity.gmk.sav openjdk/jdk/make/common/shared/Sanity.gmk +--- openjdk/jdk/make/common/shared/Sanity.gmk.sav 2012-02-14 16:12:48.000000000 -0500 ++++ openjdk/jdk/make/common/shared/Sanity.gmk 2012-03-07 17:31:26.153840755 -0500 +@@ -814,12 +814,12 @@ ifdef OPENJDK + @(($(CD) $(BUILDDIR)/tools/freetypecheck && $(MAKE)) || \ + $(ECHO) "Failed to build freetypecheck." ) > $@ + +- sane-freetype: $(TEMPDIR)/freetypeinfo +- @if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \ +- $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \ +- " or higher is required. \n" \ +- "`$(CAT) $<` \n" >> $(ERROR_FILE) ; \ +- fi ++# sane-freetype: $(TEMPDIR)/freetypeinfo ++# @if [ "`$(CAT) $< | $(GREP) Fail`" != "" ]; then \ ++# $(ECHO) "ERROR: FreeType version " $(REQUIRED_FREETYPE_VERSION) \ ++# " or higher is required. \n" \ ++# "`$(CAT) $<` \n" >> $(ERROR_FILE) ; \ ++# fi + else + #do nothing (cross-compiling) + sane-freetype: diff --git a/SOURCES/rh1648644-java_access_bridge_privlidged_security.patch b/SOURCES/rh1648644-java_access_bridge_privlidged_security.patch new file mode 100644 index 0000000..bd59cad --- /dev/null +++ b/SOURCES/rh1648644-java_access_bridge_privlidged_security.patch @@ -0,0 +1,21 @@ +diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux +--- openjdk/jdk/src/share/lib/security/java.security-linux ++++ openjdk/jdk/src/share/lib/security/java.security-linux +@@ -168,6 +168,8 @@ + com.sun.org.glassfish.,\ + jdk.xml.internal.,\ + oracle.jrockit.jfr.,\ ++ org.GNOME.Accessibility.,\ ++ org.GNOME.Bonobo.,\ + org.jcp.xml.dsig.internal. + # + # List of comma-separated packages that start with or equal this string +@@ -211,6 +213,8 @@ + com.sun.org.glassfish.,\ + jdk.xml.internal.,\ + oracle.jrockit.jfr.,\ ++ org.GNOME.Accessibility.,\ ++ org.GNOME.Bonobo.,\ + org.jcp.xml.dsig.internal. + # + # Determines whether this properties file can be appended to diff --git a/SOURCES/rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch b/SOURCES/rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch new file mode 100644 index 0000000..36a23c0 --- /dev/null +++ b/SOURCES/rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch @@ -0,0 +1,25 @@ +--- java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java.orig 2008-05-22 11:27:00.000000000 -0400 ++++ java-access-bridge-1.22.0/bridge/org/GNOME/Accessibility/JavaBridge.java 2008-05-22 11:28:02.000000000 -0400 +@@ -34,6 +34,9 @@ + import javax.accessibility.AccessibleRole; + import javax.accessibility.AccessibleText; + import javax.accessibility.AccessibleEditableText; ++import java.security.PrivilegedAction; ++import java.security.AccessController; ++ + + public class JavaBridge { + +@@ -332,7 +335,11 @@ + System.err.println ("Java Accessibility Bridge for GNOME loaded.\n"); + + // Not sure what kind of arguments should be sent to ORB +- String vm_rev = System.getProperty("java.version"); ++ String vm_rev = (String) AccessController.doPrivileged(new PrivilegedAction() { ++ public java.lang.Object run() { ++ return System.getProperty("java.version"); ++ } ++ }); + + if (vm_rev.compareTo("1.4.0") < 0) { + System.err.println("WARNING: Java Accessibility Bridge " + diff --git a/SOURCES/rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch b/SOURCES/rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch new file mode 100644 index 0000000..271a323 --- /dev/null +++ b/SOURCES/rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch @@ -0,0 +1,16 @@ +--- openjdk/jdk/src/share/lib/sound.properties 2008-08-28 04:15:18.000000000 -0400 ++++ openjdk/jdk/src/share/lib/sound.properties 2008-10-03 16:59:21.000000000 -0400 +@@ -37,3 +37,13 @@ + # Specify the default Receiver by provider and name: + # javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1 + # ++ ++# javax.sound.sampled.Clip=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider ++# javax.sound.sampled.Port=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider ++# javax.sound.sampled.SourceDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider ++# javax.sound.sampled.TargetDataLine=org.classpath.icedtea.pulseaudio.PulseAudioMixerProvider ++ ++javax.sound.sampled.Clip=com.sun.media.sound.DirectAudioDeviceProvider ++javax.sound.sampled.Port=com.sun.media.sound.PortMixerProvider ++javax.sound.sampled.SourceDataLine=com.sun.media.sound.DirectAudioDeviceProvider ++javax.sound.sampled.TargetDataLine=com.sun.media.sound.DirectAudioDeviceProvider diff --git a/SOURCES/rh1649777-add_rhino_support_jdk7.patch b/SOURCES/rh1649777-add_rhino_support_jdk7.patch new file mode 100644 index 0000000..bd8ab68 --- /dev/null +++ b/SOURCES/rh1649777-add_rhino_support_jdk7.patch @@ -0,0 +1,157 @@ +diff -ur openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile +--- openjdk.orig/jdk/make/com/sun/Makefile 2012-02-14 16:12:48.000000000 -0500 ++++ openjdk/jdk/make/com/sun/Makefile 2012-02-22 14:25:10.327518016 -0500 +@@ -31,13 +31,6 @@ + PRODUCT = sun + include $(BUILDDIR)/common/Defs.gmk + +-ifndef OPENJDK +- ORG_EXISTS := $(call DirExists,$(CLOSED_SRC)/share/classes/sun/org,,) +- ifneq ("$(ORG_EXISTS)", "") +- SCRIPT_SUBDIR = script +- endif +-endif +- + # jarsigner is part of JRE + SUBDIRS = java security net/ssl jarsigner + +@@ -45,7 +38,7 @@ + SUBDIRS_desktop = image + SUBDIRS_enterprise = crypto/provider jndi \ + org rowset net/httpserver +-SUBDIRS_misc = $(SCRIPT_SUBDIR) tracing nio demo ++SUBDIRS_misc = script tracing nio demo + + # Omit mirror since it's built with the apt tool. + SUBDIRS_tools = tools +diff -ur openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile +--- openjdk.orig/jdk/make/com/sun/script/Makefile 2012-02-14 16:12:48.000000000 -0500 ++++ openjdk/jdk/make/com/sun/script/Makefile 2012-02-22 14:10:53.325225237 -0500 +@@ -31,6 +31,8 @@ + + AUTO_FILES_JAVA_DIRS = com/sun/script + ++OTHER_JAVACFLAGS = -classpath $(RHINO_JAR) ++ + # + # Files that need to be copied + # +diff -ur openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk +--- openjdk.orig/jdk/make/common/Release.gmk 2012-02-14 16:12:48.000000000 -0500 ++++ openjdk/jdk/make/common/Release.gmk 2012-02-22 14:10:53.325225237 -0500 +@@ -766,6 +766,7 @@ + $(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar + $(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar + $(CP) $(JSSE_JAR) $(JRE_IMAGE_DIR)/lib/jsse.jar ++ $(CP) $(RHINO_JAR) $(JRE_IMAGE_DIR)/lib/rhino.jar + ifneq ($(JFR_JAR),) + $(CP) $(JFR_JAR) $(JRE_IMAGE_DIR)/lib/jfr.jar + endif +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2012-02-22 14:10:53.325225237 -0500 +@@ -24,7 +24,7 @@ + */ + + package com.sun.script.javascript; +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + import javax.script.*; + import java.util.*; + +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2012-02-22 14:10:53.325225237 -0500 +@@ -26,7 +26,7 @@ + package com.sun.script.javascript; + + import javax.script.Invocable; +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + + /** + * This class implements Rhino-like JavaAdapter to help implement a Java +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2012-02-22 14:10:53.326225216 -0500 +@@ -25,7 +25,7 @@ + + package com.sun.script.javascript; + +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + import java.util.*; + + /** +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2012-02-22 14:10:53.326225216 -0500 +@@ -26,7 +26,7 @@ + package com.sun.script.javascript; + + import java.util.*; +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + + /** + * This class prevents script access to certain sensitive classes. +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2012-02-22 14:10:53.326225216 -0500 +@@ -25,7 +25,7 @@ + + package com.sun.script.javascript; + import javax.script.*; +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + + /** + * Represents compiled JavaScript code. +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2012-02-22 14:10:53.326225216 -0500 +@@ -26,7 +26,7 @@ + package com.sun.script.javascript; + import javax.script.*; + import java.util.*; +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + import com.sun.script.util.*; + + /** +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2012-02-22 14:10:53.327225198 -0500 +@@ -26,7 +26,7 @@ + package com.sun.script.javascript; + import com.sun.script.util.*; + import javax.script.*; +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + import java.lang.reflect.Method; + import java.io.*; + import java.security.*; +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2012-02-22 14:10:53.327225198 -0500 +@@ -25,7 +25,7 @@ + + package com.sun.script.javascript; + +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + import javax.script.*; + import java.security.AccessControlContext; + +diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java +--- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2012-02-14 16:12:49.000000000 -0500 ++++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2012-02-22 14:10:53.327225198 -0500 +@@ -27,7 +27,7 @@ + + import java.lang.reflect.*; + import static sun.security.util.SecurityConstants.*; +-import sun.org.mozilla.javascript.internal.*; ++import sun.org.mozilla.javascript.*; + + /** + * This wrap factory is used for security reasons. JSR 223 script diff --git a/SOURCES/rhino.patch b/SOURCES/rhino.patch deleted file mode 100644 index bd8ab68..0000000 --- a/SOURCES/rhino.patch +++ /dev/null @@ -1,157 +0,0 @@ -diff -ur openjdk.orig/jdk/make/com/sun/Makefile openjdk/jdk/make/com/sun/Makefile ---- openjdk.orig/jdk/make/com/sun/Makefile 2012-02-14 16:12:48.000000000 -0500 -+++ openjdk/jdk/make/com/sun/Makefile 2012-02-22 14:25:10.327518016 -0500 -@@ -31,13 +31,6 @@ - PRODUCT = sun - include $(BUILDDIR)/common/Defs.gmk - --ifndef OPENJDK -- ORG_EXISTS := $(call DirExists,$(CLOSED_SRC)/share/classes/sun/org,,) -- ifneq ("$(ORG_EXISTS)", "") -- SCRIPT_SUBDIR = script -- endif --endif -- - # jarsigner is part of JRE - SUBDIRS = java security net/ssl jarsigner - -@@ -45,7 +38,7 @@ - SUBDIRS_desktop = image - SUBDIRS_enterprise = crypto/provider jndi \ - org rowset net/httpserver --SUBDIRS_misc = $(SCRIPT_SUBDIR) tracing nio demo -+SUBDIRS_misc = script tracing nio demo - - # Omit mirror since it's built with the apt tool. - SUBDIRS_tools = tools -diff -ur openjdk.orig/jdk/make/com/sun/script/Makefile openjdk/jdk/make/com/sun/script/Makefile ---- openjdk.orig/jdk/make/com/sun/script/Makefile 2012-02-14 16:12:48.000000000 -0500 -+++ openjdk/jdk/make/com/sun/script/Makefile 2012-02-22 14:10:53.325225237 -0500 -@@ -31,6 +31,8 @@ - - AUTO_FILES_JAVA_DIRS = com/sun/script - -+OTHER_JAVACFLAGS = -classpath $(RHINO_JAR) -+ - # - # Files that need to be copied - # -diff -ur openjdk.orig/jdk/make/common/Release.gmk openjdk/jdk/make/common/Release.gmk ---- openjdk.orig/jdk/make/common/Release.gmk 2012-02-14 16:12:48.000000000 -0500 -+++ openjdk/jdk/make/common/Release.gmk 2012-02-22 14:10:53.325225237 -0500 -@@ -766,6 +766,7 @@ - $(CP) $(RT_JAR) $(JRE_IMAGE_DIR)/lib/rt.jar - $(CP) $(RESOURCES_JAR) $(JRE_IMAGE_DIR)/lib/resources.jar - $(CP) $(JSSE_JAR) $(JRE_IMAGE_DIR)/lib/jsse.jar -+ $(CP) $(RHINO_JAR) $(JRE_IMAGE_DIR)/lib/rhino.jar - ifneq ($(JFR_JAR),) - $(CP) $(JFR_JAR) $(JRE_IMAGE_DIR)/lib/jfr.jar - endif -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/ExternalScriptable.java 2012-02-22 14:10:53.325225237 -0500 -@@ -24,7 +24,7 @@ - */ - - package com.sun.script.javascript; --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - import javax.script.*; - import java.util.*; - -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JavaAdapter.java 2012-02-22 14:10:53.325225237 -0500 -@@ -26,7 +26,7 @@ - package com.sun.script.javascript; - - import javax.script.Invocable; --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - - /** - * This class implements Rhino-like JavaAdapter to help implement a Java -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/JSAdapter.java 2012-02-22 14:10:53.326225216 -0500 -@@ -25,7 +25,7 @@ - - package com.sun.script.javascript; - --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - import java.util.*; - - /** -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoClassShutter.java 2012-02-22 14:10:53.326225216 -0500 -@@ -26,7 +26,7 @@ - package com.sun.script.javascript; - - import java.util.*; --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - - /** - * This class prevents script access to certain sensitive classes. -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoCompiledScript.java 2012-02-22 14:10:53.326225216 -0500 -@@ -25,7 +25,7 @@ - - package com.sun.script.javascript; - import javax.script.*; --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - - /** - * Represents compiled JavaScript code. -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngineFactory.java 2012-02-22 14:10:53.326225216 -0500 -@@ -26,7 +26,7 @@ - package com.sun.script.javascript; - import javax.script.*; - import java.util.*; --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - import com.sun.script.util.*; - - /** -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoScriptEngine.java 2012-02-22 14:10:53.327225198 -0500 -@@ -26,7 +26,7 @@ - package com.sun.script.javascript; - import com.sun.script.util.*; - import javax.script.*; --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - import java.lang.reflect.Method; - import java.io.*; - import java.security.*; -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoTopLevel.java 2012-02-22 14:10:53.327225198 -0500 -@@ -25,7 +25,7 @@ - - package com.sun.script.javascript; - --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - import javax.script.*; - import java.security.AccessControlContext; - -diff -ur openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java ---- openjdk.orig/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2012-02-14 16:12:49.000000000 -0500 -+++ openjdk/jdk/src/share/classes/com/sun/script/javascript/RhinoWrapFactory.java 2012-02-22 14:10:53.327225198 -0500 -@@ -27,7 +27,7 @@ - - import java.lang.reflect.*; - import static sun.security.util.SecurityConstants.*; --import sun.org.mozilla.javascript.internal.*; -+import sun.org.mozilla.javascript.*; - - /** - * This wrap factory is used for security reasons. JSR 223 script diff --git a/SPECS/java-1.7.0-openjdk.spec b/SPECS/java-1.7.0-openjdk.spec index 267d056..f407ea1 100644 --- a/SPECS/java-1.7.0-openjdk.spec +++ b/SPECS/java-1.7.0-openjdk.spec @@ -5,8 +5,9 @@ # conflicting) files in the -debuginfo package %undefine _missing_build_ids_terminate_build -%global icedtea_version 2.6.16 -%global hg_tag icedtea-{icedtea_version} +%global icedtea_version 2.6.17 +%global icedtea_snapshot %{nil} +%global hg_tag icedtea-%{icedtea_version}%{icedtea_snapshot} %global aarch64 aarch64 arm64 armv8 #sometimes we need to distinguish big and little endian PPC64 @@ -159,8 +160,8 @@ # Standard JPackage naming and versioning defines. %global origin openjdk %global top_level_dir_name %{origin} -%global updatever 201 -%global buildver 00 +%global updatever 211 +%global buildver 02 # Keep priority on 7digits in case updatever>9 %global priority 1700%{updatever} %global javaver 1.7.0 @@ -205,7 +206,7 @@ Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever} -Release: %{icedtea_version}.1%{?dist} +Release: %{icedtea_version}%{icedtea_snapshot}.1%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons, # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -236,7 +237,7 @@ URL: http://openjdk.java.net/ # Source from upstream IcedTea 2.x project. To regenerate, use # VERSION=icedtea-${icedtea_version} FILE_NAME_ROOT=openjdk-${VERSION} # REPO_ROOT= generate_source_tarball.sh -Source0: openjdk-icedtea-%{icedtea_version}.tar.xz +Source0: openjdk-icedtea-%{icedtea_version}%{icedtea_snapshot}.tar.xz # README file # This source is under maintainer's/java-team's control @@ -283,31 +284,31 @@ Source20: repackReproduciblePolycies.sh # RPM/distribution specific patches # Allow TCK to pass with access bridge wired in -Patch1: java-1.7.0-openjdk-java-access-bridge-tck.patch +Patch1: rh1648645-java_access_bridge_loading_java_version_privileged_tck.patch # Disable access to access-bridge packages by untrusted apps -Patch3: java-1.7.0-openjdk-java-access-bridge-security.patch +Patch3: rh1648644-java_access_bridge_privlidged_security.patch # Ignore AWTError when assistive technologies are loaded -Patch4: java-1.7.0-openjdk-accessible-toolkit.patch +Patch4: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Build docs even in debug -Patch5: java-1.7.0-openjdk-debugdocs.patch +Patch5: rh1648254-javadoc_generated_during_all_variants_of_buid.patch # Add debuginfo where missing -Patch6: %{name}-debuginfo.patch +Patch6: rh1648259-libsaproc_libjsig_compiled_with_g_to_provide_correct_debuginfo.patch # # OpenJDK specific patches # # Add rhino support -Patch100: rhino.patch +Patch100: rh1649777-add_rhino_support_jdk7.patch -Patch106: %{name}-freetype-check-fix.patch +Patch106: rh1648643-comment_out_freetype_check.patch # allow to create hs_pid.log in tmp (in 700 permissions) if working directory is unwritable -Patch200: abrt_friendly_hs_log_jdk7.patch +Patch200: rh1648241-abrt_friendly_hs_log_jdk7.patch # # Optional component packages @@ -315,17 +316,17 @@ Patch200: abrt_friendly_hs_log_jdk7.patch # Make the ALSA based mixer the default when building with the pulseaudio based # mixer -Patch300: pulse-soundproperties.patch +Patch300: rh1649760-make_alsa_based_mixer_default_when_pulseaudio_build.patch # Make the curves reported by Java's SSL implementation match those of NSS -Patch400: rh1022017.patch +Patch400: pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch # Temporary patches # 8076221, PR2809: Backport "8076221: Disable RC4 cipher suites" (will appear in 2.7.0) -Patch500: 8076221-pr2809.patch +Patch500: jdk8076221-pr2809-disable_rc4_cipher_suites.patch # PR3393, RH1273760: Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider (will appear in 2.7.0) -Patch501: pr3393-rh1273760.patch +Patch501: pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch # End of tmp patches BuildRequires: autoconf @@ -858,7 +859,9 @@ sed -i -e s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g $JAVA_HOME/jre/lib/security/nss.cfg # Build pulseaudio and install it to JDK build location %if %{with_pulseaudio} pushd pulseaudio -make JAVA_HOME=$JAVA_HOME -f Makefile.pulseaudio +# IT_CFLAGS="-g" is needed so that debug info symbols get produced. +# See RHBZ#1657863. +make JAVA_HOME=$JAVA_HOME -f Makefile.pulseaudio IT_CFLAGS="-g" cp -pPRf build/native/libpulse-java.so $JAVA_HOME/jre/lib/%{archinstall}/ cp -pPRf build/pulse-java.jar $JAVA_HOME/jre/lib/ext/ popd @@ -1502,6 +1505,24 @@ exit 0 %{_jvmdir}/%{jredir}/lib/accessibility.properties %changelog +* Wed Feb 27 2019 Severin Gehwolf - 1:1.7.0.211-2.6.17.1 +- Produce debug symbols for libpulse-java.so +- Set IT_CFLAGS=-g so that debug symbols for the pulse audio +- native library are being produced. This is needed to fix +- rpmdiff errors of missing .debug_info in pulse-java.so.debug. +- Resolves: rhbz#1661577 + +* Mon Feb 25 2019 Andrew Hughes - 1:1.7.0.211-2.6.17.0 +- Bump to 2.6.17. +- Adjust jdk8076221-pr2809-disable_rc4_cipher_suites.patch to apply after 8211883 +- Regenerate pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch against current sources +- Resolves: rhbz#1661577 + +* Thu Feb 21 2019 Andrew Hughes - 1:1.7.0.201-2.6.17pre01.0 +- Bump to 2.6.17pre01. +- Add support for icedtea_snapshot so we can build pre-releases. +- Resolves: rhbz#1661577 + * Mon Oct 22 2018 Andrew Hughes - 1:1.7.0.201-2.6.16.1 - Bump to 2.6.16 and u201b00. - Update 8076221/PR2809 (disable RC4) to apply after 8208350 (disable DES) @@ -1605,7 +1626,7 @@ exit 0 - Resolves: rhbz#1528233 * Wed Feb 14 2018 Andrew Hughes - 1:1.7.0.171-2.6.13.1 -- Extend pr3393-rh1273760.patch so Token.getMechanismInfo can handle CK_MECHANISM +- Extend pr3393-rh1273760-support_rsaandmgf1_with_sha_in_pkcs11.patch so Token.getMechanismInfo can handle CK_MECHANISM - Fix missing return statement in hotspot/src/cpu/aarch64/vm/vm_version_aarch64.cpp - Resolves: rhbz#1528233 @@ -1620,7 +1641,7 @@ exit 0 * Tue Feb 13 2018 Andrew Hughes - 1:1.7.0.171-2.6.13.1 - Bump to 2.6.13 and u171b01. -- Update java-1.7.0-openjdk-java-access-bridge-security.patch to apply after 8186080 +- Update rh1648644-java_access_bridge_privlidged_security.patch to apply after 8186080 - Drop PR3497 AArch64 patch now applied upstream. - Update RC4 patch (8076221/PR2809) to apply after 8148108 (DH lower limit increase) - Resolves: rhbz#1528233 @@ -2090,7 +2111,7 @@ exit 0 * Fri Jan 09 2015 Andrew Hughes - 1:1.7.0.75-2.5.4.0 - Bump to 2.5.4 using OpenJDK 7u75 b13. - Bump AArch64 port to 2.6.0pre17. -- Fix abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs. +- Fix rh1648241-rh1648241-abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs. - Remove OpenJDK 8 / AArch64 version of PStack patch as this is no longer needed. - Resolves: rhbz#1180298