Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package java-11-openjdk for openSUSE:Factory
checked in at 2021-09-20 23:32:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-11-openjdk (Old)
and /work/SRC/openSUSE:Factory/.java-11-openjdk.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "java-11-openjdk"
Mon Sep 20 23:32:13 2021 rev:48 rq:919449 version:11.0.12.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/java-11-openjdk/java-11-openjdk.changes
2021-08-28 22:29:00.525967907 +0200
+++
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1899/java-11-openjdk.changes
2021-09-20 23:32:56.455157843 +0200
@@ -1,0 +2,15 @@
+Thu Sep 16 06:16:11 UTC 2021 - Fridrich Strba <[email protected]>
+
+- Added patch:
+ * fips.patch
+ + implement FIPS support in OpenJDK
+
+-------------------------------------------------------------------
+Mon Sep 13 12:46:09 UTC 2021 - Fridrich Strba <[email protected]>
+
+- Modified patch:
+ * nss-security-provider.patch
+ + revert recent changes making NSS provider the default one
+ + fixes bsc#1190252
+
+-------------------------------------------------------------------
New:
----
fips.patch
nss.fips.cfg.in
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ java-11-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.ORoHOS/_old 2021-09-20 23:32:58.919160887 +0200
+++ /var/tmp/diff_new_pack.ORoHOS/_new 2021-09-20 23:32:58.923160892 +0200
@@ -169,7 +169,9 @@
# Desktop files. Adapted from IcedTea.
Source11: jconsole.desktop.in
# nss configuration file
-Source13: nss.cfg.in
+Source12: nss.cfg.in
+# nss fips configuration file
+Source13: nss.fips.cfg.in
# Ensure we aren't using the limited crypto policy
Source14: TestCryptoLevel.java
# Ensure ECDSA is working
@@ -220,6 +222,7 @@
Patch16: missing-return.patch
Patch17: nss-security-provider.patch
Patch18: keytool-default-rsa.patch
+Patch19: fips.patch
#
Patch20: loadAssistiveTechnologies.patch
#
@@ -271,7 +274,7 @@
BuildRequires: libpng-devel
BuildRequires: libtool
BuildRequires: libxslt
-BuildRequires: mozilla-nss-devel
+BuildRequires: mozilla-nss-devel >= 3.53
BuildRequires: pkgconfig
BuildRequires: unzip
BuildRequires: update-desktop-files
@@ -545,6 +548,7 @@
%patch16 -p1
%patch17 -p1
%patch18 -p1
+%patch19 -p1
%patch20 -p1
@@ -608,7 +612,11 @@
done
# Setup nss.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.cfg
+sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE12} > nss.cfg
+
+# Setup nss.fips.cfg
+sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.fips.cfg
+sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
@@ -662,6 +670,7 @@
%endif
--disable-keep-packaged-modules \
--with-debug-level=%{debugbuild} \
+ --enable-sysconf-nss \
--with-zlib=system \
--with-libjpeg=system \
--with-giflib=system \
@@ -710,7 +719,10 @@
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/conf/security/
- # Copy tz.properties
+# Install nss.fips.cfg: NSS configuration for global FIPS mode
(crypto-policies)
+install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
+
+# Copy tz.properties
echo "sun.zoneinfo.dir=%{_datadir}/javazi" >> $JAVA_HOME/conf/tz.properties
%if %{with_pulseaudio}
@@ -1332,6 +1344,7 @@
%{_jvmdir}/%{sdkdir}/lib/librmi.so
%{_jvmdir}/%{sdkdir}/lib/libsctp.so
%{_jvmdir}/%{sdkdir}/lib/libsunec.so
+%{_jvmdir}/%{sdkdir}/lib/libsystemconf.so
%{_jvmdir}/%{sdkdir}/lib/libunpack.so
%{_jvmdir}/%{sdkdir}/lib/libverify.so
%{_jvmdir}/%{sdkdir}/lib/libzip.so
@@ -1345,6 +1358,7 @@
%config(noreplace) %{_jvmdir}/%{sdkdir}/lib/security/blacklisted.certs
%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
+%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
%{_jvmdir}/%{sdkdir}/lib/security/default.policy
%{_jvmdir}/%{sdkdir}/lib/security/public_suffix_list.dat
++++++ config.guess ++++++
++++ 2202 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/java-11-openjdk/config.guess
++++ and /work/SRC/openSUSE:Factory/.java-11-openjdk.new.1899/config.guess
++++++ config.sub ++++++
++++ 3133 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/java-11-openjdk/config.sub
++++ and /work/SRC/openSUSE:Factory/.java-11-openjdk.new.1899/config.sub
++++++ fips.patch ++++++
++++ 859 lines (skipped)
++++++ nss-security-provider.patch ++++++
--- /var/tmp/diff_new_pack.ORoHOS/_old 2021-09-20 23:32:59.147161168 +0200
+++ /var/tmp/diff_new_pack.ORoHOS/_new 2021-09-20 23:32:59.151161174 +0200
@@ -1,10 +1,10 @@
--- openjdk/src/java.base/share/conf/security/java.security 2021-03-16
07:15:49.798093653 +0100
+++ openjdk/src/java.base/share/conf/security/java.security 2021-03-16
11:38:01.416893125 +0100
-@@ -60,6 +60,7 @@
+@@ -83,6 +83,7 @@
+ #ifndef solaris
+ security.provider.tbd=SunPKCS11
+ #endif
++#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
+
#
- # List of providers and their preference orders (see above):
- #
-+security.provider.tbd=SunPKCS11 ${java.home}/conf/security/nss.cfg
- #ifdef solaris
- security.provider.tbd=OracleUcrypto
- security.provider.tbd=SunPKCS11
${java.home}/conf/security/sunpkcs11-solaris.cfg
+ # A list of preferred providers for specific algorithms. These providers will
++++++ nss.fips.cfg.in ++++++
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = @NSS_SECMOD@
nssDbMode = readOnly
nssModule = fips
