Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package java-11-openjdk for openSUSE:Factory
checked in at 2022-02-03 23:16:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-11-openjdk (Old)
and /work/SRC/openSUSE:Factory/.java-11-openjdk.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "java-11-openjdk"
Thu Feb 3 23:16:27 2022 rev:51 rq:950245 version:11.0.14.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/java-11-openjdk/java-11-openjdk.changes
2021-11-09 23:54:12.351940253 +0100
+++
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1898/java-11-openjdk.changes
2022-02-03 23:17:12.548316797 +0100
@@ -1,0 +2,698 @@
+Mon Jan 31 08:38:39 UTC 2022 - Fridrich Strba <fst...@suse.com>
+
+- Update to upstream tag jdk-11.0.14+9 (January 2022 CPU)
+ * New features
+ + JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
+ * Security fixes
+ + JDK-8217375: jarsigner breaks old signature with long lines
+ in manifest
+ + JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if
+ zip has dir named "." inside
+ + JDK-8264934, CVE-2022-21248, bnc#1194926: Enhance cross VM serialization
+ + JDK-8268488: More valuable DerValues
+ + JDK-8268494: Better inlining of inlined interfaces
+ + JDK-8268512: More content for ContentInfo
+ + JDK-8268795: Enhance digests of Jar files
+ + JDK-8268801: Improve PKCS attribute handling
+ + JDK-8268813, CVE-2022-21283, bnc#1194937: Better String matching
+ + JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ + JDK-8269944: Better HTTP transport redux
+ + JDK-8270386, CVE-2022-21291, bsc#1194925: Better verification
+ of scan methods
+ + JDK-8270392, CVE-2022-21293, bsc#1194935: Improve String
+ constructions
+ + JDK-8270416, CVE-2022-21294, bsc#1194934: Enhance construction
+ of Identity maps
+ + JDK-8270492, CVE-2022-21282, bsc#1194933: Better resolution of
+ URIs
+ + JDK-8270498, CVE-2022-21296, bsc#1194932: Improve SAX Parser
+ configuration management
+ + JDK-8270646, CVE-2022-21299, bsc#1194931: Improved scanning of
+ XML entities
+ + JDK-8270952, CVE-2022-21277, bsc#1194930: Improve TIFF file
+ handling
+ + JDK-8271962: Better TrueType font loading
+ + JDK-8271968: Better canonical naming
+ + JDK-8271987: Manifest improved manifest entries
+ + JDK-8272014, CVE-2022-21305, bsc#1194939: Better array
+ indexing
+ + JDK-8272026, CVE-2022-21340, bsc#1194940: Verify Jar
+ Verification
+ + JDK-8272236, CVE-2022-21341, bsc#1194941: Improve serial forms
+ for transport
+ + JDK-8272272: Enhance jcmd communication
+ + JDK-8272462: Enhance image handling
+ + JDK-8273290: Enhance sound handling
+ + JDK-8273756, CVE-2022-21360, bsc#1194929: Enhance BMP image
+ support
+ + JDK-8273838, CVE-2022-21365, bsc#1194928: Enhanced BMP
+ processing
+ + JDK-8274096, CVE-2022-21366, bsc#1194927: Improve decoding of
+ image files
+ + JDK-8279541: Improve HarfBuzz
+ * Other changes
+ + JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/
+ /ChoiceKeyEventReaction.html fails
+ + JDK-7105119: [TEST_BUG] [macosx] In test
+ UIDefaults.toString() must be called with the invokeLater()
+ + JDK-7151826: [TEST_BUG] [macosx] The test
+ javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
+ + JDK-7179006: [macosx] Print-to-file doesn't work: printing to
+ the default printer instead
+ + JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/
+ /bug4726194.java fails on MacOSX
+ + JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong
+ number of thread end events
+ + JDK-8039261: [TEST_BUG]: There is not a minimal security
+ level in Java Preferences and the TestApplet.html is blocked.
+ + JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/
+ /AltTabCrashTest.java fails with exception
+ + JDK-8075909: [TEST_BUG] The regression-swing case failed as
+ it does not have the 'Open' button when select 'subdir' folder
+ with NimbusLAF
+ + JDK-8078219: Verify lack of @test tag in files in java/net
+ test directory
+ + JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails
+ with "RuntimeException: Process terminated prematurely"
+ + JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/
+ /ThreadMXBeanStateTest.java timed out intermittently
+ + JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails
+ intermittently
+ + JDK-8131745: java/lang/management/ThreadMXBean/
+ /AllThreadIds.java still fails intermittently
+ + JDK-8136517: [macosx] Test java/awt/Focus/8073453/
+ /AWTFocusTransitionTest.java fails on MacOSX
+ + JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/
+ /4251579/bug4251579.java failure due to timing
+ + JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/
+ /Test6541987.java fails
+ + JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/
+ /bug4760494.java leaves key pressed
+ + JDK-8159904: [TEST_BUG] Failure on solaris of
+ java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
+ + JDK-8163086: java/awt/Window/TranslucentJAppletTest/
+ /TranslucentJAppletTest.java fails
+ + JDK-8165828: [TEST_BUG] The reg case: javax/swing/plaf/metal/
+ /MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look
+ and Feel
+ + JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not
+ fired! on Windows
+ + JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException:
+ Default button is not pressed
+ + JDK-8169959: javax/swing/JTable/6263446/bug6263446.java:
+ Table should be editing
+ + JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/
+ /7156657/bug7156657.java fails on OS X
+ + JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails
+ on Windows
+ + JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java
+ fails intermittently
+ + JDK-8179880: Refactor javax/security shell tests to plain
+ java tests
+ + JDK-8180568: Refactor javax/crypto shell tests to plain java
+ tests
+ + JDK-8180569: Refactor sun/security/krb5/ shell tests to plain
+ java tests
+ + JDK-8180571: Refactor sun/security/pkcs11 shell tests to
+ plain java tests and fix failures
+ + JDK-8180573: Refactor sun/security/tools shell tests to plain
+ java tests
+ + JDK-8187649: ArrayIndexOutOfBoundsException in
+ java.util.JapaneseImperialCalendar
+ + JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes)
+ leads to a negative initial size for ByteArrayOutputStream
+ + JDK-8195703: BasicJDWPConnectionTest.java: 'App exited
+ unexpectedly with 2'
+ + JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java
+ fails
+ + JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java
+ fails
+ + JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/
+ /NoEventsTest.java fails on Windows
+ + JDK-8197811: Test java/awt/Choice/PopupPosTest/
+ /PopupPosTest.java fails on Windows
+ + JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java
+ fails on mac
+ + JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java
+ fails on mac
+ + JDK-8198619: java/awt/Focus/FocusTraversalPolicy/
+ /ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java
+ fails on mac
+ + JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/
+ /EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java
+ fails on mac
+ + JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/
+ /SubMenuShowTest/SubMenuShowTest.html fails on mac
+ + JDK-8199138: Add RISC-V support to Zero
+ + JDK-8199529: javax/swing/text/Utilities/8142966/
+ /SwingFontMetricsTest.java fails on windows
+ + JDK-8201224: Make string buffer size dynamic in
+ mlvmJvmtiUtils.c
+ + JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/
+ /FollowReferences/followref003/TestDescription.java fails with
+ "Location mismatch" errors
+ + JDK-8204161: [TESTBUG] auto failed with the "Applet thread
+ threw exception: java.lang.UnsupportedOperationException"
+ exception
+ + JDK-8206085: Refactor
+ langtools/tools/javac/versions/Versions.java
+ + JDK-8207936: TestZipFile failed with java.lang.AssertionError
+ exception
+ + JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
+ + JDK-8209611: use C++ compiler for hotspot tests
+ + JDK-8210182: Remove macros for C compilation from vmTestBase
+ but non jvmti
+ + JDK-8210198: Clean up JNI_ENV_ARG for
+ vmTestbase/jvmti/Get[A-F] tests
+ + JDK-8210205: build fails on AIX in hotspot cpp tests (for
+ example getstacktr001.cpp)
+ + JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/
+ /jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION
+ on windows-x86
+ + JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java
+ back to tier1
+ + JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros
+ for vmTestbase/jvmti[A-N] tests
+ + JDK-8210392: assert(Compile::current()->live_nodes() <
+ Compile::current()->max_node_limit()) failed: Live Node limit
+ exceeded limit
+ + JDK-8210395: Add doc to SecurityTools.java
+ + JDK-8210429: Clean up JNI_ENV_ARG for
+ vmTestbase/jvmti/Get[G-Z] tests
+ + JDK-8210481: Remove #ifdef cplusplus from vmTestbase
+ + JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros
+ for vmTestbase/jvmti[N-R] tests
+ + JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros
+ for vmTestbase/jvmti[R-U] tests
+ + JDK-8210689: Remove the multi-line old C style for string
+ literals
+ + JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros
+ for vmTestbase/jvmti/unit tests
+ + JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
+ + JDK-8210920: Native C++ tests are not using CXXFLAGS
+ + JDK-8210984: [TESTBUG] hs203t003 fails with "# ERROR:
+ hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti,
+ thread)"
+ + JDK-8211036: Remove the NSK_STUB macros from vmTestbase for
+ non jvmti
++++ 501 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/java-11-openjdk/java-11-openjdk.changes
++++ and
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1898/java-11-openjdk.changes
Old:
----
jdk-11.0.13+8.tar.gz
riscv64-zero.patch
New:
----
jdk-11.0.14+9.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ java-11-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.9DVEi4/_old 2022-02-03 23:17:16.548289493 +0100
+++ /var/tmp/diff_new_pack.9DVEi4/_new 2022-02-03 23:17:16.552289466 +0100
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,13 +33,13 @@
# Standard JPackage naming and versioning defines.
%global featurever 11
%global interimver 0
-%global updatever 13
+%global updatever 14
%global patchver 0
-%global datever 2021-10-19
-%global buildver 8
+%global datever 2022-01-18
+%global buildver 9
%global openjdk_repo jdk11u
-%global openjdk_tag jdk-11.0.13+8
-%global openjdk_dir jdk11u-jdk-11.0.13-8
+%global openjdk_tag
jdk-%{featurever}.%{interimver}.%{updatever}+%{buildver}
+%global openjdk_dir
%{openjdk_repo}-jdk-%{featurever}.%{interimver}.%{updatever}-%{buildver}
# JavaEE modules
%global java_atk_wrapper_version 0.33.2
%global java_activation_repository activation
@@ -238,8 +238,7 @@
#
Patch500: activation-module.patch
Patch501: annotation-module.patch
-#
-Patch600: riscv64-zero.patch
+
BuildRequires: alsa-lib-devel
BuildRequires: autoconf
BuildRequires: automake
@@ -529,6 +528,7 @@
%patch16 -p1
%patch17 -p1
%patch18 -p1
+
%patch19 -p1
%patch20 -p1
@@ -558,8 +558,6 @@
%patch500
%patch501
-%patch600 -p1
-
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -1314,7 +1312,7 @@
%{_jvmdir}/%{sdkdir}/lib/*/libjvm.so
%{_jvmdir}/%{sdkdir}/lib/*/Xusage.txt
-%config(noreplace) %{_jvmdir}/%{sdkdir}/lib/security/blacklisted.certs
+%config(noreplace) %{_jvmdir}/%{sdkdir}/lib/security/blocked.certs
%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
%{_jvmdir}/%{sdkdir}/lib/security/default.policy
++++++ fips.patch ++++++
--- /var/tmp/diff_new_pack.9DVEi4/_old 2022-02-03 23:17:16.700288455 +0100
+++ /var/tmp/diff_new_pack.9DVEi4/_new 2022-02-03 23:17:16.700288455 +0100
@@ -1,6 +1,6 @@
---- a/make/autoconf/libraries.m4
-+++ b/make/autoconf/libraries.m4
-@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
+--- a/make/autoconf/libraries.m4 2022-01-19 07:14:06.470777835 +0100
++++ b/make/autoconf/libraries.m4 2022-01-19 07:14:30.810908184 +0100
+@@ -101,6 +101,7 @@
LIB_SETUP_LIBFFI
LIB_SETUP_BUNDLED_LIBS
LIB_SETUP_MISC_LIBS
@@ -8,7 +8,7 @@
LIB_SETUP_SOLARIS_STLPORT
LIB_TESTS_SETUP_GRAALUNIT
-@@ -223,3 +224,62 @@ AC_DEFUN_ONCE([LIB_SETUP_SOLARIS_STLPORT],
+@@ -223,3 +224,62 @@
fi
])
@@ -71,9 +71,9 @@
+ fi
+ AC_SUBST(USE_SYSCONF_NSS)
+])
---- a/make/autoconf/spec.gmk.in
-+++ b/make/autoconf/spec.gmk.in
-@@ -828,6 +829,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
+--- a/make/autoconf/spec.gmk.in 2022-01-19 07:14:06.470777835 +0100
++++ b/make/autoconf/spec.gmk.in 2022-01-19 07:14:30.810908184 +0100
+@@ -824,6 +824,10 @@
# Libraries
#
@@ -84,13 +84,12 @@
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
---- a/make/lib/Lib-java.base.gmk
-+++ b/make/lib/Lib-java.base.gmk
-@@ -178,6 +178,31 @@ ifeq ($(OPENJDK_TARGET_OS_TYPE), unix)
- endif
+--- a/make/lib/Lib-java.base.gmk 2022-01-19 07:14:06.522778112 +0100
++++ b/make/lib/Lib-java.base.gmk 2022-01-19 07:14:30.810908184 +0100
+@@ -179,6 +179,31 @@
endif
-+################################################################################
+
################################################################################
+# Create the systemconf library
+
+LIBSYSTEMCONF_CFLAGS :=
@@ -115,11 +114,12 @@
+ TARGETS += $(BUILD_LIBSYSTEMCONF)
+endif
+
-
################################################################################
++################################################################################
# Create the symbols file for static builds.
---- a/make/nb_native/nbproject/configurations.xml
-+++ b/make/nb_native/nbproject/configurations.xml
+ ifeq ($(STATIC_BUILD), true)
+--- a/make/nb_native/nbproject/configurations.xml 2022-01-19
07:14:06.526778135 +0100
++++ b/make/nb_native/nbproject/configurations.xml 2022-01-19
07:14:30.814908206 +0100
@@ -2950,6 +2950,9 @@
<in>LinuxWatchService.c</in>
</df>
@@ -130,21 +130,21 @@
</df>
</df>
<df name="macosx">
-@@ -29301,6 +29304,11 @@
+@@ -29300,6 +29303,11 @@
+ ex="false"
tool="0"
flavor2="0">
- </item>
++ </item>
+ <item path="../../src/java.base/linux/native/libsystemconf/systemconf.c"
+ ex="false"
+ tool="0"
+ flavor2="0">
-+ </item>
+ </item>
<item path="../../src/java.base/macosx/native/include/jni_md.h"
ex="false"
- tool="3"
---- a/make/scripts/compare_exceptions.sh.incl
-+++ b/make/scripts/compare_exceptions.sh.incl
-@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [
"$OPENJDK_TARGET_CPU" = "x86_64" ];
+--- a/make/scripts/compare_exceptions.sh.incl 2022-01-19 07:14:06.526778135
+0100
++++ b/make/scripts/compare_exceptions.sh.incl 2022-01-19 07:14:30.814908206
+0100
+@@ -179,6 +179,7 @@
./lib/libsplashscreen.so
./lib/libsunec.so
./lib/libsunwjdga.so
@@ -152,7 +152,7 @@
./lib/libunpack.so
./lib/libverify.so
./lib/libzip.so
-@@ -289,6 +290,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [
"$OPENJDK_TARGET_CPU" = "sparcv9" ]
+@@ -289,6 +290,7 @@
./lib/libsplashscreen.so
./lib/libsunec.so
./lib/libsunwjdga.so
@@ -160,8 +160,8 @@
./lib/libunpack.so
./lib/libverify.so
./lib/libzip.so
---- /dev/null
-+++ b/src/java.base/linux/native/libsystemconf/systemconf.c
+--- a/src/java.base/linux/native/libsystemconf/systemconf.c 1970-01-01
01:00:00.000000000 +0100
++++ b/src/java.base/linux/native/libsystemconf/systemconf.c 2022-01-19
07:14:30.818908226 +0100
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@@ -333,9 +333,9 @@
+ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
+ }
+}
---- a/src/java.base/share/classes/java/security/Security.java
-+++ b/src/java.base/share/classes/java/security/Security.java
-@@ -32,6 +32,7 @@ import java.net.URL;
+--- a/src/java.base/share/classes/java/security/Security.java 2022-01-19
07:14:06.678778949 +0100
++++ b/src/java.base/share/classes/java/security/Security.java 2022-01-19
07:14:30.818908226 +0100
+@@ -32,6 +32,7 @@
import jdk.internal.event.EventHelper;
import jdk.internal.event.SecurityPropertyModificationEvent;
@@ -343,7 +343,7 @@
import jdk.internal.misc.SharedSecrets;
import jdk.internal.util.StaticProperty;
import sun.security.util.Debug;
-@@ -74,6 +75,19 @@ public final class Security {
+@@ -74,6 +75,19 @@
}
static {
@@ -363,7 +363,7 @@
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call,
-@@ -193,29 +207,10 @@ public final class Security {
+@@ -193,29 +207,10 @@
}
String disableSystemProps =
System.getProperty("java.security.disableSystemPropertiesFile");
@@ -396,8 +396,8 @@
}
}
---- /dev/null
-+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
+--- a/src/java.base/share/classes/java/security/SystemConfigurator.java
1970-01-01 01:00:00.000000000 +0100
++++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
2022-01-19 07:14:30.818908226 +0100
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 2019, 2021, Red Hat, Inc.
@@ -635,8 +635,8 @@
+ }
+ }
+}
---- /dev/null
-+++
b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
+---
a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
1970-01-01 01:00:00.000000000 +0100
++++
b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
2022-01-19 07:14:30.818908226 +0100
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2020, Red Hat, Inc.
@@ -669,9 +669,9 @@
+ boolean isSystemFipsEnabled();
+ boolean isPlainKeySupportEnabled();
+}
---- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-+++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-@@ -76,6 +76,7 @@ public class SharedSecrets {
+--- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
2022-01-19 07:14:06.706779099 +0100
++++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
2022-01-19 07:14:30.818908226 +0100
+@@ -76,6 +76,7 @@
private static JavaIORandomAccessFileAccess javaIORandomAccessFileAccess;
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
private static JavaxCryptoSealedObjectAccess
javaxCryptoSealedObjectAccess;
@@ -679,7 +679,7 @@
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
-@@ -361,4 +362,12 @@ public class SharedSecrets {
+@@ -361,4 +362,12 @@
}
return javaxCryptoSealedObjectAccess;
}
@@ -692,9 +692,9 @@
+ return javaSecuritySystemConfiguratorAccess;
+ }
}
---- a/src/java.base/share/classes/module-info.java
-+++ b/src/java.base/share/classes/module-info.java
-@@ -182,6 +182,7 @@ module java.base {
+--- a/src/java.base/share/classes/module-info.java 2022-01-19
07:14:06.650778799 +0100
++++ b/src/java.base/share/classes/module-info.java 2022-01-19
07:14:30.818908226 +0100
+@@ -182,6 +182,7 @@
java.security.jgss,
java.sql,
java.xml,
@@ -702,9 +702,9 @@
jdk.jartool,
jdk.attach,
jdk.charsets,
---- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-+++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
+--- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
2022-01-19 07:14:06.730779226 +0100
++++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
2022-01-19 07:14:30.818908226 +0100
+@@ -33,8 +33,13 @@
import javax.net.ssl.*;
@@ -718,7 +718,7 @@
X509ExtendedKeyManager keyManager;
boolean isInitialized;
-@@ -62,7 +67,8 @@ abstract class KeyManagerFactoryImpl extends
KeyManagerFactorySpi {
+@@ -62,7 +67,8 @@
KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException {
if ((ks != null) && SunJSSE.isFIPS()) {
@@ -728,7 +728,7 @@
throw new KeyStoreException("FIPS mode: KeyStore must be "
+ "from provider " +
SunJSSE.cryptoProvider.getName());
}
-@@ -91,8 +97,8 @@ abstract class KeyManagerFactoryImpl extends
KeyManagerFactorySpi {
+@@ -91,8 +97,8 @@
keyManager = new X509KeyManagerImpl(
Collections.<Builder>emptyList());
} else {
@@ -739,9 +739,9 @@
throw new KeyStoreException(
"FIPS mode: KeyStore must be " +
"from provider " + SunJSSE.cryptoProvider.getName());
---- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-@@ -31,6 +31,7 @@ import java.security.*;
+--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
2022-01-19 07:14:06.730779226 +0100
++++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
2022-01-19 07:14:30.818908226 +0100
+@@ -31,6 +31,7 @@
import java.security.cert.*;
import java.util.*;
import javax.net.ssl.*;
@@ -749,7 +749,7 @@
import sun.security.action.GetPropertyAction;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.validator.Validator;
-@@ -542,6 +543,23 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
+@@ -542,6 +543,23 @@
static {
if (SunJSSE.isFIPS()) {
@@ -773,7 +773,7 @@
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
-@@ -556,6 +574,7 @@ public abstract class SSLContextImpl extends SSLContextSpi
{
+@@ -556,6 +574,7 @@
ProtocolVersion.TLS11,
ProtocolVersion.TLS10
});
@@ -781,7 +781,7 @@
} else {
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
-@@ -620,6 +639,16 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
+@@ -620,6 +639,16 @@
static ProtocolVersion[] getSupportedProtocols() {
if (SunJSSE.isFIPS()) {
@@ -798,7 +798,7 @@
return new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
-@@ -949,6 +978,16 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
+@@ -949,6 +978,16 @@
static ProtocolVersion[] getProtocols() {
if (SunJSSE.isFIPS()) {
@@ -815,9 +815,9 @@
return new ProtocolVersion[]{
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
---- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-@@ -27,6 +27,8 @@ package sun.security.ssl;
+--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
2022-01-19 07:14:06.730779226 +0100
++++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
2022-01-19 07:14:30.818908226 +0100
+@@ -27,6 +27,8 @@
import java.security.*;
import java.util.*;
@@ -826,7 +826,7 @@
import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases;
-@@ -195,8 +197,13 @@ public abstract class SunJSSE extends
java.security.Provider {
+@@ -195,8 +197,13 @@
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2",
"sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
@@ -840,13 +840,12 @@
ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext",
(isfips? null : createAliases("SSL")), null);
---- a/src/java.base/share/conf/security/java.security
-+++ b/src/java.base/share/conf/security/java.security
-@@ -86,6 +86,14 @@ security.provider.tbd=Apple
- #endif
+--- a/src/java.base/share/conf/security/java.security 2022-01-19
07:14:06.742779290 +0100
++++ b/src/java.base/share/conf/security/java.security 2022-01-19
07:14:30.818908226 +0100
+@@ -87,6 +87,14 @@
#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
-+#
+ #
+# Security providers used when global crypto-policies are set to FIPS.
+#
+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
@@ -854,33 +853,24 @@
+fips.provider.3=SunEC
+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
+
- #
++#
# A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers.
-@@ -299,6 +307,11 @@ policy.ignoreIdentityScope=false
- #
+ # Entries containing errors (parsing, etc) will be ignored. Use the
+@@ -300,6 +308,11 @@
keystore.type=pkcs12
-+#
+ #
+# Default keystore type used when global crypto-policies are set to FIPS.
+#
+fips.keystore.type=PKCS11
+
- #
++#
# Controls compatibility mode for JKS and PKCS12 keystore types.
#
---- a/src/java.base/share/lib/security/default.policy
-+++ b/src/java.base/share/lib/security/default.policy
-@@ -124,6 +124,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
- grant codeBase "jrt:/jdk.crypto.cryptoki" {
- permission java.lang.RuntimePermission
- "accessClassInPackage.com.sun.crypto.provider";
-+ permission java.lang.RuntimePermission
"accessClassInPackage.jdk.internal.misc";
- permission java.lang.RuntimePermission
- "accessClassInPackage.sun.security.*";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
---- /dev/null
-+++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+ # When set to 'true', both JKS and PKCS12 keystore types support loading
+---
a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
1970-01-01 01:00:00.000000000 +0100
++++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
2022-01-19 07:14:40.350959275 +0100
@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@@ -1172,8 +1162,8 @@
+ }
+ }
+}
---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
2022-01-19 07:14:07.066781027 +0100
++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
2022-01-19 07:17:44.400170510 +0100
@@ -26,6 +26,9 @@
package sun.security.pkcs11;
@@ -1184,16 +1174,15 @@
import java.util.*;
import java.security.*;
-@@ -42,6 +45,8 @@ import javax.security.auth.callback.ConfirmationCallback;
+@@ -41,6 +44,7 @@
import javax.security.auth.callback.PasswordCallback;
- import javax.security.auth.callback.TextOutputCallback;
+ import jdk.internal.misc.InnocuousThread;
+import jdk.internal.misc.SharedSecrets;
-+
import sun.security.util.Debug;
import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
-@@ -59,6 +64,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+@@ -58,6 +62,29 @@
*/
public final class SunPKCS11 extends AuthProvider {
@@ -1223,7 +1212,7 @@
private static final long serialVersionUID = -1354835039035306505L;
static final Debug debug = Debug.getInstance("sunpkcs11");
-@@ -314,10 +342,15 @@ public final class SunPKCS11 extends AuthProvider {
+@@ -326,10 +353,15 @@
// request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11;
@@ -1240,7 +1229,7 @@
} catch (PKCS11Exception e) {
if (debug != null) {
debug.println("Multi-threaded initialization failed: " +
e);
-@@ -333,7 +366,7 @@ public final class SunPKCS11 extends AuthProvider {
+@@ -345,7 +377,7 @@
initArgs.flags = 0;
}
tmpPKCS11 = PKCS11.getInstance(library,
@@ -1249,7 +1238,7 @@
}
p11 = tmpPKCS11;
-@@ -373,6 +406,24 @@ public final class SunPKCS11 extends AuthProvider {
+@@ -385,6 +417,24 @@
if (nssModule != null) {
nssModule.setProvider(this);
}
@@ -1274,9 +1263,9 @@
} catch (Exception e) {
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
throw new UnsupportedOperationException
----
a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-+++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
+---
a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
2022-01-19 07:14:07.066781027 +0100
++++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
2022-01-19 07:14:40.354959295 +0100
+@@ -49,6 +49,7 @@
import java.io.File;
import java.io.IOException;
@@ -1284,7 +1273,7 @@
import java.util.*;
import java.security.AccessController;
-@@ -150,16 +151,28 @@ public class PKCS11 {
+@@ -150,17 +151,29 @@
public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
@@ -1298,25 +1287,24 @@
+ boolean nssFipsMode = fipsKeyImporter != null;
if ((pInitArgs != null)
&& ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
-- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
+ if (nssFipsMode) {
+ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
+ fipsKeyImporter);
+ } else {
-+ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
+ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
+ }
- } else {
-- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath,
functionList);
++ } else {
+ if (nssFipsMode) {
+ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
+ functionList, fipsKeyImporter);
-+ } else {
-+ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath,
functionList);
-+ }
+ } else {
+ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath,
functionList);
}
++ }
if (omitInitialize == false) {
try {
-@@ -1909,4 +1922,69 @@ static class SynchronizedPKCS11 extends PKCS11 {
+ pkcs11.C_Initialize(pInitArgs);
+@@ -1909,4 +1922,69 @@
super.C_GenerateRandom(hSession, randomData);
}
}
++++++ jdk-11.0.13+8.tar.gz -> jdk-11.0.14+9.tar.gz ++++++
/work/SRC/openSUSE:Factory/java-11-openjdk/jdk-11.0.13+8.tar.gz
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1898/jdk-11.0.14+9.tar.gz
differ: char 15, line 1
