Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package java-17-openjdk for openSUSE:Factory
checked in at 2024-07-15 19:50:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/java-17-openjdk (Old)
and /work/SRC/openSUSE:Factory/.java-17-openjdk.new.17339 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "java-17-openjdk"
Mon Jul 15 19:50:00 2024 rev:35 rq:1187550 version:17.0.12.0~6
Changes:
--------
--- /work/SRC/openSUSE:Factory/java-17-openjdk/java-17-openjdk.changes
2024-06-07 15:06:07.105787296 +0200
+++
/work/SRC/openSUSE:Factory/.java-17-openjdk.new.17339/java-17-openjdk.changes
2024-07-15 19:50:37.782670788 +0200
@@ -1,0 +2,6 @@
+Thu Jul 4 09:18:00 UTC 2024 - Fridrich Strba <[email protected]>
+
+- Require file for posttrans phase of the headless subpackage
+ (bsc#1227298)
+
+-------------------------------------------------------------------
Old:
----
jdk-17.0.11+9.tar.gz
New:
----
jdk-17.0.12+6.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ java-17-openjdk.spec ++++++
--- /var/tmp/diff_new_pack.pnbe1C/_old 2024-07-15 19:50:39.758743609 +0200
+++ /var/tmp/diff_new_pack.pnbe1C/_new 2024-07-15 19:50:39.758743609 +0200
@@ -21,7 +21,7 @@
%global jit_arches %{ix86} x86_64 ppc64 ppc64le %{aarch64} %{arm} s390x riscv64
%global debug 0
%global make make
-%global is_release 1
+%global is_release 0
%global buildoutputdir build
# Convert an absolute path to a relative path. Each symbolic link is
# specified relative to the directory in which it is installed so that
@@ -33,8 +33,8 @@
# Standard JPackage naming and versioning defines.
%global featurever 17
%global interimver 0
-%global updatever 11
-%global buildver 9
+%global updatever 12
+%global buildver 6
%global openjdk_repo jdk17u
%global openjdk_tag
jdk-%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}+%{buildver}
%global openjdk_dir
%{openjdk_repo}-jdk-%{featurever}.%{interimver}.%{updatever}%{?patchver:.%{patchver}}-%{buildver}
@@ -284,6 +284,7 @@
Requires: mozilla-nss
# Post requires update-alternatives to install tool update-alternatives.
Requires(post): update-alternatives
+Requires(posttrans): file
Requires(posttrans): java-ca-certificates
# Postun requires update-alternatives to uninstall tool update-alternatives.
Requires(postun): update-alternatives
++++++ fips.patch ++++++
--- /var/tmp/diff_new_pack.pnbe1C/_old 2024-07-15 19:50:39.858747294 +0200
+++ /var/tmp/diff_new_pack.pnbe1C/_new 2024-07-15 19:50:39.862747441 +0200
@@ -130,7 +130,7 @@
if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
-@@ -841,6 +841,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
+@@ -844,6 +844,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
# Libraries
#
@@ -1417,7 +1417,7 @@
+}
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
-@@ -83,6 +83,17 @@ security.provider.tbd=Apple
+@@ -82,6 +82,17 @@ security.provider.tbd=Apple
#endif
security.provider.tbd=SunPKCS11
@@ -1435,7 +1435,7 @@
#
# A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers.
-@@ -293,6 +304,47 @@ policy.ignoreIdentityScope=false
+@@ -292,6 +303,47 @@ policy.ignoreIdentityScope=false
#
keystore.type=pkcs12
@@ -1483,7 +1483,7 @@
#
# Controls compatibility mode for JKS and PKCS12 keystore types.
#
-@@ -330,6 +382,13 @@ package.definition=sun.misc.,\
+@@ -329,6 +381,13 @@ package.definition=sun.misc.,\
#
security.overridePropertiesFile=true
@@ -1510,7 +1510,7 @@
+
--- a/src/java.base/share/lib/security/default.policy
+++ b/src/java.base/share/lib/security/default.policy
-@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
+@@ -123,6 +123,7 @@ grant codeBase "jrt:/jdk.charsets" {
grant codeBase "jrt:/jdk.crypto.ec" {
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*";
@@ -1518,7 +1518,7 @@
permission java.lang.RuntimePermission "loadLibrary.sunec";
permission java.security.SecurityPermission "putProviderProperty.SunEC";
permission java.security.SecurityPermission
"clearProviderProperties.SunEC";
-@@ -130,6 +131,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
+@@ -132,6 +133,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
grant codeBase "jrt:/jdk.crypto.cryptoki" {
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.crypto.provider";
@@ -1526,7 +1526,7 @@
permission java.lang.RuntimePermission
"accessClassInPackage.jdk.internal.misc";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*";
-@@ -140,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
+@@ -142,6 +144,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission
"jdk.crypto.KeyAgreement.legacyKDF", "read";
@@ -2408,31 +2408,21 @@
private static final long serialVersionUID = -2575874101938349339L;
private static final String PUBLIC = "public";
-@@ -139,9 +144,7 @@ abstract class P11Key implements Key, Length {
- this.tokenObject = tokenObject;
- this.sensitive = sensitive;
- this.extractable = extractable;
-- char[] tokenLabel = this.token.tokenInfo.label;
-- isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
-- && tokenLabel[2] == 'S');
-+ isNSS = P11Util.isNSS(this.token);
- boolean extractKeyInfo = (!DISABLE_NATIVE_KEYS_EXTRACTION && isNSS &&
- extractable && !tokenObject);
- this.keyIDHolder = new NativeKeyHolder(this, keyID, session,
-@@ -395,8 +398,10 @@ abstract class P11Key implements Key, Length {
+@@ -393,9 +398,10 @@ abstract class P11Key implements Key, Length {
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
});
-- boolean keySensitive = (attrs[0].getBoolean() ||
-- attrs[1].getBoolean() || !attrs[2].getBoolean());
+- boolean keySensitive =
+- (attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
+- attrs[1].getBoolean() || !attrs[2].getBoolean();
+ boolean exportable = plainKeySupportEnabled &&
!algorithm.equals("DH");
+ boolean keySensitive = (!exportable &&
-+ (attrs[0].getBoolean() ||
-+ attrs[1].getBoolean() || !attrs[2].getBoolean()));
++ ((attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
++ attrs[1].getBoolean() || !attrs[2].getBoolean()));
switch (algorithm) {
case "RSA":
-@@ -451,7 +456,8 @@ abstract class P11Key implements Key, Length {
+@@ -450,7 +456,8 @@ abstract class P11Key implements Key, Length {
public String getFormat() {
token.ensureValid();
@@ -2863,7 +2853,7 @@
/**
* Collection of static utility methods.
-@@ -40,10 +44,106 @@ public final class P11Util {
+@@ -40,6 +44,93 @@ public final class P11Util {
private static volatile Provider sun, sunRsaSign, sunJce;
@@ -2957,19 +2947,6 @@
private P11Util() {
// empty
}
-
-+ static boolean isNSS(Token token) {
-+ char[] tokenLabel = token.tokenInfo.label;
-+ if (tokenLabel != null && tokenLabel.length >= 3) {
-+ return (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
-+ && tokenLabel[2] == 'S');
-+ }
-+ return false;
-+ }
-+
- static Provider getSunProvider() {
- Provider p = sun;
- if (p == null) {
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
@@ -5877,4 +5854,7 @@
+ }
+ }
+}
+--
+2.45.2
+
++++++ jdk-17.0.11+9.tar.gz -> jdk-17.0.12+6.tar.gz ++++++
/work/SRC/openSUSE:Factory/java-17-openjdk/jdk-17.0.11+9.tar.gz
/work/SRC/openSUSE:Factory/.java-17-openjdk.new.17339/jdk-17.0.12+6.tar.gz
differ: char 13, line 1
