commit java-21-openjdk for openSUSE:Factory

Source-Sync Thu, 08 Feb 2024 10:02:40 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package java-21-openjdk for openSUSE:Factory 
checked in at 2024-02-08 19:01:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-21-openjdk (Old)
 and      /work/SRC/openSUSE:Factory/.java-21-openjdk.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "java-21-openjdk"

Thu Feb  8 19:01:45 2024 rev:8 rq:1144979 version:21.0.2.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/java-21-openjdk/java-21-openjdk.changes  
2024-01-25 18:39:49.519703109 +0100
+++ 
/work/SRC/openSUSE:Factory/.java-21-openjdk.new.1815/java-21-openjdk.changes    
    2024-02-08 19:01:53.026470934 +0100
@@ -1,0 +2,16 @@
+Wed Feb  7 13:59:23 UTC 2024 - Fridrich Strba <fst...@suse.com>
+
+- Recommend mozilla-nss-sysinit in order to have available the
+  /etc/pki/nssdb directory and its content, required in fips mode
+  (bsc#1219662)
+- Do not install our crafted nss.fips.cfg file, but use the one that
+  the build produces with our fips.patch applied
+- Removed patch:
+  * nss-security-provider.patch
+    + this DISABLED nss security provider was not used for years and
+      is largely rendered obsolete by the NSS-FIPS provider
+- Modified patch:
+  * fips.patch
+    + adapt to the removal of the nss security provider
+
+-------------------------------------------------------------------

Old:
----
  nss-security-provider.patch
  nss.cfg.in
  nss.fips.cfg.in

BETA DEBUG BEGIN:
  Old:- Removed patch:
  * nss-security-provider.patch
    + this DISABLED nss security provider was not used for years and
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ java-21-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.ElPYwW/_old  2024-02-08 19:01:54.074509326 +0100
+++ /var/tmp/diff_new_pack.ElPYwW/_new  2024-02-08 19:01:54.074509326 +0100
@@ -134,10 +134,6 @@
 Source10:       systemtap-tapset.tar.xz
 # Desktop files. Adapated from IcedTea.
 Source11:       jconsole.desktop.in
-# nss configuration file
-Source12:       nss.cfg.in
-# nss fips configuration file
-Source13:       nss.fips.cfg.in
 # Ensure we aren't using the limited crypto policy
 Source14:       TestCryptoLevel.java
 # Ensure ECDSA is working
@@ -163,8 +159,7 @@
 # Fix: implicit-pointer-decl
 Patch13:        implicit-pointer-decl.patch
 Patch15:        system-pcsclite.patch
-Patch17:        nss-security-provider.patch
-Patch18:        fips.patch
+Patch16:        fips.patch
 #
 Patch20:        loadAssistiveTechnologies.patch
 #
@@ -282,6 +277,7 @@
 Requires(posttrans): java-ca-certificates
 # Postun requires update-alternatives to uninstall tool update-alternatives.
 Requires(postun): update-alternatives
+Recommends:     mozilla-nss-sysinit
 Recommends:     tzdata-java8
 Obsoletes:      %{name}-accessibility
 %if 0%{?suse_version} > 1315 || 0%{?java_bootstrap}
@@ -404,8 +400,7 @@
 %patch15 -p1
 %endif
 
-%patch17 -p1
-%patch18 -p1
+%patch16 -p1
 
 %patch20 -p1
 
@@ -444,13 +439,6 @@
     sed -i -e s:@VERSION@:%{javaver}:g $OUTPUT_FILE
 done
 
-# Setup nss.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE12} > nss.cfg
-
-# Setup nss.fips.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE13} > nss.fips.cfg
-sed -i -e "s:@NSS_SECMOD@:sql\:%{_sysconfdir}/pki/nssdb:g" nss.fips.cfg
-
 %build
 
 %ifarch s390x sparc64 alpha ppc64 ppc64le %{aarch64}
@@ -519,12 +507,6 @@
 
 export JAVA_HOME=$(pwd)/%{buildoutputdir}/%{imagesdir}/jdk
 
-# Install nss.cfg right away as we will be using the JRE above
-install -m 644 nss.cfg $JAVA_HOME/conf/security/
-
-# Install nss.fips.cfg: NSS configuration for global FIPS mode 
(crypto-policies)
-# install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
-
 # Copy tz.properties
 echo "sun.zoneinfo.dir=%{_datadir}/javazi" >> $JAVA_HOME/conf/tz.properties
 
@@ -966,7 +948,6 @@
 %{_jvmdir}/%{sdkdir}/lib/*/classes*.jsa
 
 %config(noreplace) %{_jvmdir}/%{sdkdir}/lib/security/blocked.certs
-%config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.cfg
 %config(noreplace) %{_jvmdir}/%{sdkdir}/conf/security/nss.fips.cfg
 %{_jvmdir}/%{sdkdir}/lib/security/default.policy
 %{_jvmdir}/%{sdkdir}/lib/security/public_suffix_list.dat

++++++ fips.patch ++++++
--- /var/tmp/diff_new_pack.ElPYwW/_old  2024-02-08 19:01:54.178513137 +0100
+++ /var/tmp/diff_new_pack.ElPYwW/_new  2024-02-08 19:01:54.182513283 +0100
@@ -1983,8 +1983,8 @@
 --- a/src/java.base/share/conf/security/java.security
 +++ b/src/java.base/share/conf/security/java.security
 @@ -86,6 +86,17 @@ security.provider.tbd=Apple
+ #endif
  security.provider.tbd=SunPKCS11
- #security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
  
 +#
 +# Security providers used when FIPS mode support is active

commit java-21-openjdk for openSUSE:Factory

Reply via email to