Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package java-11-openjdk for openSUSE:Factory
checked in at 2022-04-23 00:24:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-11-openjdk (Old)
and /work/SRC/openSUSE:Factory/.java-11-openjdk.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "java-11-openjdk"
Sat Apr 23 00:24:53 2022 rev:54 rq:971204 version:11.0.15.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/java-11-openjdk/java-11-openjdk.changes
2022-03-28 16:59:24.076874830 +0200
+++
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1538/java-11-openjdk.changes
2022-04-23 00:24:55.543739053 +0200
@@ -1,0 +2,315 @@
+Wed Apr 20 15:36:24 UTC 2022 - Fridrich Strba <[email protected]>
+
+- Update to upstream tag jdk-11.0.15+10 (April 2022 CPU)
+ * Security fixes:
+ + JDK-8284920: Incorrect Token type causes XPath expression to
+ return empty result
+ + JDK-8284548: Invalid XPath expression causes
+ StringIndexOutOfBoundsException
+ + JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
+ + JDK-8282397: createTempFile method of java.io.File is failing
+ when called with suffix of spaces character
+ + JDK-8278356: Improve file creation
+ + JDK-8270504, bsc#1198672, CVE-2022-21426: Better Xpath
+ expression handling
+ + JDK-8272594: Better record of recordings
+ + JDK-8277672, bsc#1198674, CVE-2022-21434: Better invocation
+ handler handling
+ + JDK-8282300: Throws NamingException instead of
+ InvalidNameException after JDK-8278972
+ + JDK-8278972, bsc#1198673, CVE-2022-21496: Improve URL supports
+ + JDK-8272261: Improve JFR recording file processing
+ + JDK-8269938: Enhance XML processing passes redux
+ + JDK-8272255: Completely handle MIDI files
+ + JDK-8278805: Enhance BMP image loading
+ + JDK-8278449: Improve keychain support
+ + JDK-8277227: Better identification of OIDs
+ + JDK-8275151, bsc#1198675, CVE-2022-21443: Improved Object
+ Identification
+ + JDK-8274221: More definite BER encodings
+ + JDK-8278798: Improve supported intrinsic
+ * Other changes:
+ + JDK-8283778: 11u GHA: Fix GCC 9 ubuntu package names
+ + JDK-8283018: 11u GHA: Update GCC 9 minor versions
+ + JDK-8275082, bsc#1198671, CVE-2022-21476: Update XML Security
+ for Java to 2.3.0
+ + JDK-8282761: XPathFactoryImpl remove setProperty and
+ getProperty methods
+ + JDK-8283270: [11u] broken JRT_ENTRY_NO_ASYNC after Backport
+ of JDK-8253795
+ + JDK-8275703: System.loadLibrary fails on Big Sur for
+ libraries hidden from filesystem
+ + JDK-8277795: ldap connection timeout not honoured under
+ contention
+ + JDK-8276141: XPathFactory set/getProperty method
+ + JDK-8255410: Add ChaCha20 and Poly1305 support to SunPKCS11
+ provider
+ + JDK-8211333: AArch64: Fix another build failure after
+ JDK-8211029
+ + JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses
+ wrong condition
+ + JDK-8261107: ArrayIndexOutOfBoundsException in the
+ ICC_Profile.getInstance(InputStream)
+ + JDK-8282372: [11] build issue on MacOS/aarch64 12.2.1 using
+ Xcode 13.1: call to 'log2_intptr' is ambiguous
+ + JDK-8214004: Missing space between compiler thread name and
+ task info in hs_err
+ + JDK-8250750: JDK-8247515 fix for OSX pc_to_symbol() lookup
+ fails with some symbols
+ + JDK-8277488: Add expiry exception for Digicert
+ (geotrustglobalca) expiring in May 2022
+ + JDK-8247515: OSX pc_to_symbol() lookup does not work with
+ core files
+ + JDK-8254085: javax/swing/text/Caret/
+ /TestCaretPositionJTextPane.java failed with
+ "RuntimeException: Wrong caret position"
+ + JDK-8247272: SA ELF file support has never worked for 64-bit
+ causing address to symbol name mapping to fail
+ + JDK-8233986: ProblemList javax/swing/plaf/basic/BasicTextUI/
+ /8001470/bug8001470.java for windows-x64
+ + JDK-8274524: SSLSocket.close() hangs if it is called during
+ the ssl handshake
+ + JDK-8255239: The timezone of the hs_err_pid log file is
+ corrupted in Japanese locale
+ + JDK-8272541: Incorrect overflow test in Toom-Cook branch of
+ BigInteger multiplication
+ + JDK-8254072: AArch64: Get rid of --disable-warnings-as-errors
+ on Windows+ARM64 build
+ + JDK-8262894: [macos_aarch64] SIGBUS in Assembler::ld_st2
+ + JDK-8266889: [macosx-aarch64] Crash with SIGBUS in
+ MarkActivationClosure::do_code_blob during
+ vmTestbase/nsk/jvmti/.../bi04t002 test run
+ + JDK-8241004: NMT tests fail on unaligned thread size with
+ debug build
+ + JDK-8253795: Implementation of JEP 391: macOS/AArch64 Port
+ + JDK-8280414: Memory leak in DefaultProxySelector
+ + JDK-8280526: x86_32 Math.sqrt performance regression with
+ -XX:UseSSE={0,1}
+ + JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0
+ + JDK-8281520: JFR: A wrong parameter is passed to the
+ constructor of LeakKlassWriter
+ + JDK-8281599: test/lib/jdk/test/lib/KnownOIDs.java is
+ redundant since JDK-8268801
+ + JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java
+ and NonGregorianFormatTest fail intermittently
+ + JDK-8281061: [s390] JFR runs into assertions while validating
+ interpreter frames
+ + JDK-8280155: [PPC64, s390] frame size checks are not yet
+ correct
+ + JDK-8279924: [PPC64, s390] implement
+ frame::is_interpreted_frame_valid checks
+ + JDK-8261205: AssertionError: Cannot add metadata to an
+ intersection type
+ + JDK-8277992: Add fast jdk_svc subtests to jdk:tier3
+ + JDK-8216969: ParseException thrown for certain months with
+ russian locale
+ + JDK-8278381: [GCC 11] Address::make_raw() does not initialize
+ rspec
+ + JDK-8264650: Cross-compilation to macos/aarch64
+ + JDK-8256321: Some "inactive" color profiles use the wrong
+ profile class
+ + JDK-8280999: array_bounds should be array-bounds after 8278507
+ + JDK-8177814: jdk/editpad is not in jdk TEST.groups
+ + JDK-8279702: [macosx] ignore xcodebuild warnings on M1
+ + JDK-8280786: Build failure on Solaris after 8262392
+ + JDK-8218546: Unable to connect to https://google.com using
+ java.net.HttpClient
+ + JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java
+ fails with release VMs after JDK-8262134
+ + JDK-8279833: Loop optimization issue in
+ String.encodeUTF8_UTF16
+ + JDK-8273277: C2: Move conditional negation into rc_predicate
+ + JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/
+ /TestDescription.java fails with "ERROR:
+ DebuggeeSleepingThread: ThreadDeath lost"
+ + JDK-8236210: javac generates wrong annotation for fields
+ generated from record components
+ + JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful
+ + JDK-8270874: JFrame paint artifacts when dragged from
+ standard monitor to HiDPI monitor
+ + JDK-8271202: C1: assert(false) failed: live_in set of first
+ block must be empty
+ + JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend
+ fun with loop
+ + JDK-8275610: C2: Object field load floats above its null
+ check resulting in a segfault
+ + JDK-8266421: Deadlock in Sound System
+ + JDK-8274795: AArch64: avoid spilling and restoring r18 in
+ macro assembler
+ + JDK-8232533: G1 uses only a single thread for pretouching the
+ java heap
+ + JDK-8273933: [TESTBUG] Test must run without preallocated
+ exceptions
+ + JDK-8268542: serviceability/logging/TestFullNames.java tests
+ only 1st test case
+ + JDK-8251998: remove usage of PropertyResolvingWrapper in
+ vmTestbase/jit/t
+ + JDK-8273438: Enable parallelism in
+ vmTestbase/metaspace/stressHierarchy tests
+ + JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict
+ tests
+ + JDK-8273341: Update Siphash to version 1.0
+ + JDK-8278871: [JVMCI] assert((uint)reason < 2*
+ _trap_hist_limit) failed: oob
+ + JDK-8275326: C2: assert(no_dead_loop) failed: dead loop
+ detected
+ + JDK-8251127: clean up FileInstaller $test.src $cwd in
+ remaining vmTestbase_vm_compiler tests
+ + JDK-8252005: narrow disabling of allowSmartActionArgs in
+ vmTestbase
+ + JDK-8279998: PPC64 debug builds fail with "untested:
+ RangeCheckStub: predicate_failed_trap_id"
+ + JDK-8193277: SimpleFileObject inconsistency between getName
+ and getShortName
+ + JDK-8225559: assertion error at TransTypes.visitApply
+ + JDK-8220634: SymLinkArchiveTest should handle not being able
+ to create symlinks
+ + JDK-8214026: Canonicalized archive paths appearing in
+ diagnostics
+ + JDK-8251126: nsk.share.GoldChecker should read golden file
+ from ${test.src}
+ + JDK-8237798: rewrite vmTestbase/jit/tiered from shell to java
+ + JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed
+ with "guarantee(false) failed: wrong number of expression
+ stack elements during deopt"
+ + JDK-8210194: [TESTBUG] jvmti_FollowRefObjects.cpp missing
+ initializer for member
+ _jvmtiHeapCallbacks::heap_reference_callback
+ + JDK-8277441: CompileQueue::add fails with
+ assert(_last->next() == __null) failed: not last
+ + JDK-8273704: DrawStringWithInfiniteXform.java failed :
+ drawString with InfiniteXform transform takes long time
+ + JDK-8277328: jdk/jshell/CommandCompletionTest.java failures
+ on Windows
+ + JDK-8251132: make main classes public in vmTestbase/jit tests
+ + JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/
+ /bug6364882.java failures
+ + JDK-8273634: [TEST_BUG] Improve javax/swing/text/
+ /ParagraphView/6364882/bug6364882.java
+ + JDK-8249019: clean up FileInstaller $test.src $cwd in
+ vmTestbase_vm_compiler tests
+ + JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed
+ "assert(m != __null) failed: NULL mirror"
+ + JDK-8279300: [arm32] SIGILL when running
+ GetObjectSizeIntrinsicsTest
+ + JDK-8273682: Upgrade Jline to 3.20.0
+ + JDK-8256154: Some TestNG tests require default constructors
+ + JDK-8237787: rewrite vmTestbase/vm/compiler/CodeCacheInfo*
++++ 118 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/java-11-openjdk/java-11-openjdk.changes
++++ and
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1538/java-11-openjdk.changes
Old:
----
jdk-11.0.14.1+1.tar.gz
New:
----
jdk-11.0.15+10.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ java-11-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.7oIm7J/_old 2022-04-23 00:24:59.031740912 +0200
+++ /var/tmp/diff_new_pack.7oIm7J/_new 2022-04-23 00:24:59.039740916 +0200
@@ -37,10 +37,9 @@
# Standard JPackage naming and versioning defines.
%global featurever 11
%global interimver 0
-%global updatever 14
-%global patchver 1
-%global datever 2022-02-08
-%global buildver 1
+%global updatever 15
+%global datever 2022-04-19
+%global buildver 10
%global openjdk_repo jdk11u
%global openjdk_tag
jdk-%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}+%{buildver}
%global openjdk_dir
%{openjdk_repo}-jdk-%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}-%{buildver}
@@ -120,9 +119,9 @@
%endif
%global with_system_harfbuzz 1
%if %{is_release}
-%global package_version
%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}
+%global package_version
%{featurever}.%{interimver}.%{updatever}.%{?patchver:%{patchver}}%{!?patchver:0}
%else
-%global package_version
%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}~%{buildver}
+%global package_version
%{featurever}.%{interimver}.%{updatever}.%{?patchver:%{patchver}}%{!?patchver:0}~%{buildver}
%endif
%global NSS_LIBDIR %(pkg-config --variable=libdir nss)
%bcond_with zero
@@ -628,7 +627,7 @@
--with-version-feature=%{featurever} \
--with-version-interim=%{interimver} \
--with-version-update=%{updatever} \
- --with-version-patch=%{patchver} \
+ --with-version-patch=%{?patchver:%{patchver}}%{!?patchver:0} \
--with-version-date=%{datever} \
--with-version-build=%{buildver} \
%if %{is_release}
++++++ fips.patch ++++++
--- /var/tmp/diff_new_pack.7oIm7J/_old 2022-04-23 00:24:59.167740985 +0200
+++ /var/tmp/diff_new_pack.7oIm7J/_new 2022-04-23 00:24:59.171740986 +0200
@@ -1,6 +1,6 @@
---- a/make/autoconf/libraries.m4 2022-01-19 07:14:06.470777835 +0100
-+++ b/make/autoconf/libraries.m4 2022-01-19 07:14:30.810908184 +0100
-@@ -101,6 +101,7 @@
+--- a/make/autoconf/libraries.m4
++++ b/make/autoconf/libraries.m4
+@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
LIB_SETUP_LIBFFI
LIB_SETUP_BUNDLED_LIBS
LIB_SETUP_MISC_LIBS
@@ -8,7 +8,7 @@
LIB_SETUP_SOLARIS_STLPORT
LIB_TESTS_SETUP_GRAALUNIT
-@@ -223,3 +224,62 @@
+@@ -223,3 +224,62 @@ AC_DEFUN_ONCE([LIB_SETUP_SOLARIS_STLPORT],
fi
])
@@ -71,9 +71,9 @@
+ fi
+ AC_SUBST(USE_SYSCONF_NSS)
+])
---- a/make/autoconf/spec.gmk.in 2022-01-19 07:14:06.470777835 +0100
-+++ b/make/autoconf/spec.gmk.in 2022-01-19 07:14:30.810908184 +0100
-@@ -824,6 +824,10 @@
+--- a/make/autoconf/spec.gmk.in
++++ b/make/autoconf/spec.gmk.in
+@@ -827,6 +827,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
# Libraries
#
@@ -84,12 +84,13 @@
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
---- a/make/lib/Lib-java.base.gmk 2022-01-19 07:14:06.522778112 +0100
-+++ b/make/lib/Lib-java.base.gmk 2022-01-19 07:14:30.810908184 +0100
-@@ -179,6 +179,31 @@
+--- a/make/lib/Lib-java.base.gmk
++++ b/make/lib/Lib-java.base.gmk
+@@ -178,6 +178,31 @@ ifeq ($(OPENJDK_TARGET_OS_TYPE), unix)
+ endif
endif
-
################################################################################
++################################################################################
+# Create the systemconf library
+
+LIBSYSTEMCONF_CFLAGS :=
@@ -114,12 +115,11 @@
+ TARGETS += $(BUILD_LIBSYSTEMCONF)
+endif
+
-+################################################################################
+
################################################################################
# Create the symbols file for static builds.
- ifeq ($(STATIC_BUILD), true)
---- a/make/nb_native/nbproject/configurations.xml 2022-01-19
07:14:06.526778135 +0100
-+++ b/make/nb_native/nbproject/configurations.xml 2022-01-19
07:14:30.814908206 +0100
+--- a/make/nb_native/nbproject/configurations.xml
++++ b/make/nb_native/nbproject/configurations.xml
@@ -2950,6 +2950,9 @@
<in>LinuxWatchService.c</in>
</df>
@@ -130,21 +130,21 @@
</df>
</df>
<df name="macosx">
-@@ -29300,6 +29303,11 @@
- ex="false"
+@@ -29301,6 +29304,11 @@
tool="0"
flavor2="0">
-+ </item>
+ </item>
+ <item path="../../src/java.base/linux/native/libsystemconf/systemconf.c"
+ ex="false"
+ tool="0"
+ flavor2="0">
- </item>
++ </item>
<item path="../../src/java.base/macosx/native/include/jni_md.h"
ex="false"
---- a/make/scripts/compare_exceptions.sh.incl 2022-01-19 07:14:06.526778135
+0100
-+++ b/make/scripts/compare_exceptions.sh.incl 2022-01-19 07:14:30.814908206
+0100
-@@ -179,6 +179,7 @@
+ tool="3"
+--- a/make/scripts/compare_exceptions.sh.incl
++++ b/make/scripts/compare_exceptions.sh.incl
+@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [
"$OPENJDK_TARGET_CPU" = "x86_64" ];
./lib/libsplashscreen.so
./lib/libsunec.so
./lib/libsunwjdga.so
@@ -152,7 +152,7 @@
./lib/libunpack.so
./lib/libverify.so
./lib/libzip.so
-@@ -289,6 +290,7 @@
+@@ -289,6 +290,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [
"$OPENJDK_TARGET_CPU" = "sparcv9" ]
./lib/libsplashscreen.so
./lib/libsunec.so
./lib/libsunwjdga.so
@@ -160,8 +160,8 @@
./lib/libunpack.so
./lib/libverify.so
./lib/libzip.so
---- a/src/java.base/linux/native/libsystemconf/systemconf.c 1970-01-01
01:00:00.000000000 +0100
-+++ b/src/java.base/linux/native/libsystemconf/systemconf.c 2022-01-19
07:14:30.818908226 +0100
+--- /dev/null
++++ b/src/java.base/linux/native/libsystemconf/systemconf.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@@ -333,9 +333,9 @@
+ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
+ }
+}
---- a/src/java.base/share/classes/java/security/Security.java 2022-01-19
07:14:06.678778949 +0100
-+++ b/src/java.base/share/classes/java/security/Security.java 2022-01-19
07:14:30.818908226 +0100
-@@ -32,6 +32,7 @@
+--- a/src/java.base/share/classes/java/security/Security.java
++++ b/src/java.base/share/classes/java/security/Security.java
+@@ -32,6 +32,7 @@ import java.net.URL;
import jdk.internal.event.EventHelper;
import jdk.internal.event.SecurityPropertyModificationEvent;
@@ -343,7 +343,7 @@
import jdk.internal.misc.SharedSecrets;
import jdk.internal.util.StaticProperty;
import sun.security.util.Debug;
-@@ -74,6 +75,19 @@
+@@ -74,6 +75,19 @@ public final class Security {
}
static {
@@ -363,7 +363,7 @@
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call,
-@@ -193,29 +207,10 @@
+@@ -193,29 +207,10 @@ public final class Security {
}
String disableSystemProps =
System.getProperty("java.security.disableSystemPropertiesFile");
@@ -396,8 +396,8 @@
}
}
---- a/src/java.base/share/classes/java/security/SystemConfigurator.java
1970-01-01 01:00:00.000000000 +0100
-+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
2022-01-19 07:14:30.818908226 +0100
+--- /dev/null
++++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 2019, 2021, Red Hat, Inc.
@@ -635,8 +635,8 @@
+ }
+ }
+}
----
a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
1970-01-01 01:00:00.000000000 +0100
-+++
b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
2022-01-19 07:14:30.818908226 +0100
+--- /dev/null
++++
b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2020, Red Hat, Inc.
@@ -669,9 +669,9 @@
+ boolean isSystemFipsEnabled();
+ boolean isPlainKeySupportEnabled();
+}
---- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
2022-01-19 07:14:06.706779099 +0100
-+++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
2022-01-19 07:14:30.818908226 +0100
-@@ -76,6 +76,7 @@
+--- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
++++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+@@ -76,6 +76,7 @@ public class SharedSecrets {
private static JavaIORandomAccessFileAccess javaIORandomAccessFileAccess;
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
private static JavaxCryptoSealedObjectAccess
javaxCryptoSealedObjectAccess;
@@ -679,7 +679,7 @@
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
-@@ -361,4 +362,12 @@
+@@ -361,4 +362,12 @@ public class SharedSecrets {
}
return javaxCryptoSealedObjectAccess;
}
@@ -692,9 +692,9 @@
+ return javaSecuritySystemConfiguratorAccess;
+ }
}
---- a/src/java.base/share/classes/module-info.java 2022-01-19
07:14:06.650778799 +0100
-+++ b/src/java.base/share/classes/module-info.java 2022-01-19
07:14:30.818908226 +0100
-@@ -182,6 +182,7 @@
+--- a/src/java.base/share/classes/module-info.java
++++ b/src/java.base/share/classes/module-info.java
+@@ -182,6 +182,7 @@ module java.base {
java.security.jgss,
java.sql,
java.xml,
@@ -702,9 +702,9 @@
jdk.jartool,
jdk.attach,
jdk.charsets,
---- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
2022-01-19 07:14:06.730779226 +0100
-+++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
2022-01-19 07:14:30.818908226 +0100
-@@ -33,8 +33,13 @@
+--- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
++++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
import javax.net.ssl.*;
@@ -718,7 +718,7 @@
X509ExtendedKeyManager keyManager;
boolean isInitialized;
-@@ -62,7 +67,8 @@
+@@ -62,7 +67,8 @@ abstract class KeyManagerFactoryImpl extends
KeyManagerFactorySpi {
KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException {
if ((ks != null) && SunJSSE.isFIPS()) {
@@ -728,7 +728,7 @@
throw new KeyStoreException("FIPS mode: KeyStore must be "
+ "from provider " +
SunJSSE.cryptoProvider.getName());
}
-@@ -91,8 +97,8 @@
+@@ -91,8 +97,8 @@ abstract class KeyManagerFactoryImpl extends
KeyManagerFactorySpi {
keyManager = new X509KeyManagerImpl(
Collections.<Builder>emptyList());
} else {
@@ -739,9 +739,9 @@
throw new KeyStoreException(
"FIPS mode: KeyStore must be " +
"from provider " + SunJSSE.cryptoProvider.getName());
---- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
2022-01-19 07:14:06.730779226 +0100
-+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
2022-01-19 07:14:30.818908226 +0100
-@@ -31,6 +31,7 @@
+--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
++++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+@@ -31,6 +31,7 @@ import java.security.*;
import java.security.cert.*;
import java.util.*;
import javax.net.ssl.*;
@@ -749,7 +749,7 @@
import sun.security.action.GetPropertyAction;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.validator.Validator;
-@@ -542,6 +543,23 @@
+@@ -542,6 +543,23 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
static {
if (SunJSSE.isFIPS()) {
@@ -773,7 +773,7 @@
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
-@@ -556,6 +574,7 @@
+@@ -556,6 +574,7 @@ public abstract class SSLContextImpl extends SSLContextSpi
{
ProtocolVersion.TLS11,
ProtocolVersion.TLS10
});
@@ -781,7 +781,7 @@
} else {
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
-@@ -620,6 +639,16 @@
+@@ -620,6 +639,16 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
static ProtocolVersion[] getSupportedProtocols() {
if (SunJSSE.isFIPS()) {
@@ -798,7 +798,7 @@
return new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
-@@ -949,6 +978,16 @@
+@@ -949,6 +978,16 @@ public abstract class SSLContextImpl extends
SSLContextSpi {
static ProtocolVersion[] getProtocols() {
if (SunJSSE.isFIPS()) {
@@ -815,9 +815,9 @@
return new ProtocolVersion[]{
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
---- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
2022-01-19 07:14:06.730779226 +0100
-+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
2022-01-19 07:14:30.818908226 +0100
-@@ -27,6 +27,8 @@
+--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
++++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+@@ -27,6 +27,8 @@ package sun.security.ssl;
import java.security.*;
import java.util.*;
@@ -826,7 +826,7 @@
import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.provider.SunEntries.createAliases;
-@@ -195,8 +197,13 @@
+@@ -195,8 +197,13 @@ public abstract class SunJSSE extends
java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2",
"sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
@@ -840,12 +840,13 @@
ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext",
(isfips? null : createAliases("SSL")), null);
---- a/src/java.base/share/conf/security/java.security 2022-01-19
07:14:06.742779290 +0100
-+++ b/src/java.base/share/conf/security/java.security 2022-01-19
07:14:30.818908226 +0100
-@@ -87,6 +87,14 @@
+--- a/src/java.base/share/conf/security/java.security
++++ b/src/java.base/share/conf/security/java.security
+@@ -86,6 +86,14 @@ security.provider.tbd=SunPKCS11
+ #endif
#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
- #
++#
+# Security providers used when global crypto-policies are set to FIPS.
+#
+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
@@ -853,24 +854,23 @@
+fips.provider.3=SunEC
+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
+
-+#
+ #
# A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers.
- # Entries containing errors (parsing, etc) will be ignored. Use the
-@@ -300,6 +308,11 @@
+@@ -299,6 +307,11 @@ policy.ignoreIdentityScope=false
+ #
keystore.type=pkcs12
- #
++#
+# Default keystore type used when global crypto-policies are set to FIPS.
+#
+fips.keystore.type=PKCS11
+
-+#
+ #
# Controls compatibility mode for JKS and PKCS12 keystore types.
#
- # When set to 'true', both JKS and PKCS12 keystore types support loading
----
a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
1970-01-01 01:00:00.000000000 +0100
-+++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
2022-01-19 07:14:40.350959275 +0100
+--- /dev/null
++++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
@@ -1162,8 +1162,8 @@
+ }
+ }
+}
---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
2022-01-19 07:14:07.066781027 +0100
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
2022-01-19 07:17:44.400170510 +0100
+--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
package sun.security.pkcs11;
@@ -1174,15 +1174,15 @@
import java.util.*;
import java.security.*;
-@@ -41,6 +44,7 @@
- import javax.security.auth.callback.PasswordCallback;
+@@ -43,6 +46,7 @@ import javax.security.auth.callback.PasswordCallback;
+ import com.sun.crypto.provider.ChaCha20Poly1305Parameters;
import jdk.internal.misc.InnocuousThread;
+import jdk.internal.misc.SharedSecrets;
import sun.security.util.Debug;
import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
-@@ -58,6 +62,29 @@
+@@ -60,6 +64,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
*/
public final class SunPKCS11 extends AuthProvider {
@@ -1212,7 +1212,7 @@
private static final long serialVersionUID = -1354835039035306505L;
static final Debug debug = Debug.getInstance("sunpkcs11");
-@@ -326,10 +353,15 @@
+@@ -328,10 +355,15 @@ public final class SunPKCS11 extends AuthProvider {
// request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11;
@@ -1229,7 +1229,7 @@
} catch (PKCS11Exception e) {
if (debug != null) {
debug.println("Multi-threaded initialization failed: " +
e);
-@@ -345,7 +377,7 @@
+@@ -347,7 +379,7 @@ public final class SunPKCS11 extends AuthProvider {
initArgs.flags = 0;
}
tmpPKCS11 = PKCS11.getInstance(library,
@@ -1238,7 +1238,7 @@
}
p11 = tmpPKCS11;
-@@ -385,6 +417,24 @@
+@@ -387,6 +419,24 @@ public final class SunPKCS11 extends AuthProvider {
if (nssModule != null) {
nssModule.setProvider(this);
}
@@ -1263,9 +1263,9 @@
} catch (Exception e) {
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
throw new UnsupportedOperationException
----
a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
2022-01-19 07:14:07.066781027 +0100
-+++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
2022-01-19 07:14:40.354959295 +0100
-@@ -49,6 +49,7 @@
+---
a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
++++
b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
import java.io.File;
import java.io.IOException;
@@ -1273,7 +1273,7 @@
import java.util.*;
import java.security.AccessController;
-@@ -150,17 +151,29 @@
+@@ -150,17 +151,29 @@ public class PKCS11 {
public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
@@ -1304,7 +1304,7 @@
if (omitInitialize == false) {
try {
pkcs11.C_Initialize(pInitArgs);
-@@ -1909,4 +1922,69 @@
+@@ -1909,4 +1922,69 @@ static class SynchronizedPKCS11 extends PKCS11 {
super.C_GenerateRandom(hSession, randomData);
}
}
++++++ jdk-11.0.14.1+1.tar.gz -> jdk-11.0.15+10.tar.gz ++++++
/work/SRC/openSUSE:Factory/java-11-openjdk/jdk-11.0.14.1+1.tar.gz
/work/SRC/openSUSE:Factory/.java-11-openjdk.new.1538/jdk-11.0.15+10.tar.gz
differ: char 13, line 1
