diff options
author | Max Rees <maxcrees@me.com> | 2020-05-04 12:37:39 -0500 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2020-05-04 22:51:42 -0500 |
commit | 28fdd34de44edcf8d1a08cc45cd564099e9268fc (patch) | |
tree | 1e7dcb7d13c610594926f65a399b237b653fcead | |
parent | 13df4b4fac8068b1c833c4cff3c49feacc53b26e (diff) | |
download | packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.tar.gz packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.tar.bz2 packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.tar.xz packages-28fdd34de44edcf8d1a08cc45cd564099e9268fc.zip |
user/openjdk8: [CVE] bump to 8.252.09 (#269)
* Bootstrap using openjdk8. Note that it will need to be manually
installed when building now...
* Cherrypick patch changes from Alpine:
icedtea-jdk-tls-nist-curves.patch was integrated upstream, and
icedtea-hotspot-musl.patch was rebased for 8u232.
https://git.alpinelinux.org/aports/commit/community/openjdk8?id=04ec13ca9caa9a436001be92e674f230b9894894
* Rebase patches for 8u252-ga:
In particular, icedtea-jdk-getmntent-buffer.patch is dropped since
upstream takes a new approach by allocating a buffer according to the
length of the longest line in mtab.
https://bugs.openjdk.java.net/browse/JDK-8229872
* Use private variables (_) where applicable
-rw-r--r-- | user/openjdk8/APKBUILD | 126 | ||||
-rw-r--r-- | user/openjdk8/icedtea-hotspot-musl.patch | 4 | ||||
-rw-r--r-- | user/openjdk8/icedtea-jdk-getmntent-buffer.patch | 88 | ||||
-rw-r--r-- | user/openjdk8/icedtea-jdk-includes.patch | 23 | ||||
-rw-r--r-- | user/openjdk8/icedtea-jdk-musl.patch | 32 | ||||
-rw-r--r-- | user/openjdk8/icedtea-jdk-tls-nist-curves.patch | 47 |
6 files changed, 97 insertions, 223 deletions
diff --git a/user/openjdk8/APKBUILD b/user/openjdk8/APKBUILD index 4ad8f07a0..db3ccf6b1 100644 --- a/user/openjdk8/APKBUILD +++ b/user/openjdk8/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=openjdk8 -_icedteaver=3.11.0 +_icedteaver=3.16.0 # pkgver is <JDK version>.<JDK update>.<JDK build> # Check https://icedtea.classpath.org/wiki/Main_Page when updating -pkgver=8.201.08 +pkgver=8.252.09 pkgrel=0 pkgdesc="Libre Java development kit for Java 8" url="https://icedtea.classpath.org/" @@ -13,7 +13,7 @@ license="GPL-2.0-only" depends="$pkgname-jre java-cacerts" makedepends="bash findutils libarchive-tools zip file util-linux libxslt autoconf automake linux-headers sed xz coreutils - openjdk7 ca-certificates libjpeg-turbo-dev cmd:which + ca-certificates libjpeg-turbo-dev cmd:which nss-dev nss-static cups-dev giflib-dev libpng-dev libxt-dev lcms2-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev libxrender-dev alsa-lib-dev freetype-dev fontconfig-dev @@ -29,7 +29,7 @@ ppc64) _jarch=ppc64 *) _jarch="$CARCH";; esac -_bootstrap_java_home="/usr/lib/jvm/java-1.7-openjdk" +_bootstrap_java_home="/usr/lib/jvm/java-1.8-openjdk" _java_home="/usr/lib/jvm/java-1.8-openjdk" _jrelib="$_java_home/jre/lib/$_jarch" @@ -62,14 +62,58 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x icedtea-jdk-fix-libjvm-load.patch icedtea-jdk-musl.patch icedtea-jdk-includes.patch - icedtea-jdk-getmntent-buffer.patch icedtea-autoconf-config.patch - icedtea-jdk-tls-nist-curves.patch remove-gawk.patch " builddir="$srcdir/icedtea-$_icedteaver" # secfixes: +# 8.252.09-r0: +# - CVE-2019-2602 +# - CVE-2019-2684 +# - CVE-2019-2698 +# - CVE-2019-2745 +# - CVE-2019-2762 +# - CVE-2019-2766 +# - CVE-2019-2769 +# - CVE-2019-2786 +# - CVE-2019-2816 +# - CVE-2019-2842 +# - CVE-2019-2894 +# - CVE-2019-2933 +# - CVE-2019-2945 +# - CVE-2019-2949 +# - CVE-2019-2958 +# - CVE-2019-2962 +# - CVE-2019-2964 +# - CVE-2019-2973 +# - CVE-2019-2975 +# - CVE-2019-2978 +# - CVE-2019-2981 +# - CVE-2019-2983 +# - CVE-2019-2987 +# - CVE-2019-2988 +# - CVE-2019-2989 +# - CVE-2019-2992 +# - CVE-2019-2999 +# - CVE-2019-7317 +# - CVE-2020-2583 +# - CVE-2020-2590 +# - CVE-2020-2593 +# - CVE-2020-2601 +# - CVE-2020-2604 +# - CVE-2020-2654 +# - CVE-2020-2659 +# - CVE-2020-2754 +# - CVE-2020-2755 +# - CVE-2020-2756 +# - CVE-2020-2757 +# - CVE-2020-2773 +# - CVE-2020-2781 +# - CVE-2020-2800 +# - CVE-2020-2803 +# - CVE-2020-2805 +# - CVE-2020-2830 # 8.201.08-r0: # - CVE-2019-2422 # - CVE-2019-2426 @@ -102,22 +146,22 @@ unpack() { } prepare() { - ver_u="$(sed -En 's/^\s*JDK_UPDATE_VERSION\s*=\s*(\S+).*/\1/p' acinclude.m4)" - ver_b="$(sed -En 's/^\s*BUILD_VERSION\s*=\s*b(\S+).*/\1/p' acinclude.m4)" - [ "${pkgver#*.}" = "$ver_u.$ver_b" ] \ - || die "Version mismatch, source is 8.$ver_u.$ver_b, but abuild defines $pkgver!" + _ver_u="$(sed -En 's/^\s*JDK_UPDATE_VERSION\s*=\s*(\S+).*/\1/p' acinclude.m4)" + _ver_b="$(sed -En 's/^\s*BUILD_VERSION\s*=\s*b(\S+).*/\1/p' acinclude.m4)" + [ "${pkgver#*.}" = "$_ver_u.$_ver_b" ] \ + || die "Version mismatch, source is 8.$_ver_u.$_ver_b, but abuild defines $pkgver!" # Busybox sha256 does not support longopts. sed -e "s/--check/-c/g" -i Makefile.am - for patch in $source; do - case $patch in + for _patch in $source; do + case $_patch in icedtea-*.patch) - cp ../$patch patches + cp ../$_patch patches ;; *.patch) - msg "Applying patch $patch" - patch -p1 -i "$srcdir"/$patch + msg "Applying patch $_patch" + patch -p1 -i "$srcdir"/$_patch ;; esac done @@ -134,10 +178,10 @@ build() { fi DISTRIBUTION_PATCHES="" - for patch in $source; do - case $patch in + for _patch in $source; do + case $_patch in icedtea-*.patch) - DISTRIBUTION_PATCHES="$DISTRIBUTION_PATCHES patches/$patch" + DISTRIBUTION_PATCHES="$DISTRIBUTION_PATCHES patches/$_patch" ;; esac done @@ -200,7 +244,7 @@ jrelib() { pkgdesc="OpenJDK 8 Java Runtime (class libraries)" depends="" - for file in jre/lib/images \ + for _file in jre/lib/images \ jre/lib/*.jar \ jre/lib/security \ jre/lib/ext/*.jar \ @@ -209,9 +253,9 @@ jrelib() { jre/THIRD_PARTY_README \ jre/LICENSE; do - dir=${file%/*} - mkdir -p "$subpkgdir"/$_java_home/$dir - mv "$pkgdir"/$_java_home/$file "$subpkgdir"/$_java_home/$dir + _dir=${_file%/*} + mkdir -p "$subpkgdir"/$_java_home/$_dir + mv "$pkgdir"/$_java_home/$_file "$subpkgdir"/$_java_home/$_dir done } @@ -219,7 +263,7 @@ jre() { pkgdesc="OpenJDK 8 Java Runtime" mkdir -p "$subpkgdir" - for file in jre/bin/policytool \ + for _file in jre/bin/policytool \ bin/appletviewer \ bin/policytool \ jre/lib/$_jarch/libawt_xawt.so \ @@ -228,9 +272,9 @@ jre() { jre/lib/$_jarch/libjsoundalsa.so \ jre/lib/$_jarch/libsplashscreen.so; do - dir=${file%/*} - mkdir -p "$subpkgdir"/$_java_home/$dir - mv "$pkgdir"/$_java_home/$file "$subpkgdir"/$_java_home/$dir + _dir=${_file%/*} + mkdir -p "$subpkgdir"/$_java_home/$_dir + mv "$pkgdir"/$_java_home/$_file "$subpkgdir"/$_java_home/$_dir done } @@ -244,9 +288,9 @@ jrebase() { mv "$pkgdir"/$_java_home/lib/$_jarch/jli \ "$subpkgdir"/$_java_home/lib/$_jarch/ - for file in java orbd rmid servertool unpack200 keytool \ + for _file in java orbd rmid servertool unpack200 keytool \ pack200 rmiregistry tnameserv; do - mv "$pkgdir"/$_java_home/bin/$file "$subpkgdir"/$_java_home/bin/ + mv "$pkgdir"/$_java_home/bin/$_file "$subpkgdir"/$_java_home/bin/ done # Rest of the jre subdir (which were not taken by -jre subpkg). @@ -269,24 +313,22 @@ demos() { "$subpkgdir"/$_java_home/ } -sha512sums="a71c9318d49077f8ae27f5c3e0b61df0709eded241f557c886f6b93aa98c13ad78f713d1286da286989bf62866dfff7538ad783eb804a705a160cbc096dea851 icedtea-3.11.0.tar.xz -fc3faa7d7b9531f10c40241d89c36854043921f6f1a0851f284bcab36fc54fb0bb8cf8365dd4b2fb22b3ee8ddb8ed4a79e0807f79cb95b4b00f164993f1acc0b openjdk-3.11.0.tar.xz -9b8a44dda0bbfba8dc0d659e0fabf22e84b9931518e4b199a238faa103cbc4ed814c97f0f38f0aed263846b46fc7eab4500ba9759503373083e12cb8b5b364b5 corba-3.11.0.tar.xz -9eba0f6ada2ae8adc1791a91ceb4fba9bd06aee0626cd1b4310ff16c7c8006045fed5fb7f109e490395b70695be4e6bfd6f1f5cbcdb095fb17abf123012a03de jaxp-3.11.0.tar.xz -ce5f0c2aced1af59f002dc9dc6cba4b9332167e9e019a3040267901ef7f325e05b8c99ed1f276b88ddb4e43cdd1b0c456e0c4dc2222ae6b3800c0502ffa840de jaxws-3.11.0.tar.xz -411508ed91f14ae1c51ea54de72a943db222ff572f3991631fe1a1fa97f9bb42da1e01ca98893f7236b4b44bae2917fc3f8622d7f94a085be30d437451acd272 jdk-3.11.0.tar.xz -363c376848870c6c28415967561c4b151f1256c38a315fabc69c90425f5255224182045349a00c9433db52c416b7ebffedaa4825c980460541a3f9338adbaa5e langtools-3.11.0.tar.xz -13fa35f4a4fe01b3da4efb8476c0cb3482a36596eb422f2ad958a4c51efc286962ac3123a75853e84c4db477ac064a0fd3ee5e03f1ea0ec4f7e2c8ac07aa2d0e hotspot-3.11.0.tar.xz -2b46a8599d530a351522420cae8ac780cd2e64a6d7adbff87397a178f12f0a992bccd0f56435582dbd10be2157d4a4540c41b3dca488566162eed680102e58a9 nashorn-3.11.0.tar.xz -c0776ff52e11a353fee29419319cd9e1fc4e5bb922832547616e8499fd52852a935a6a6fb93b49a67ab7b3fd2f7a63320f917e354cc7123220139e80694a7b5a icedtea-hotspot-musl.patch +sha512sums="67964f283b5a220ded7c86141ac359fc51f41077686d3e68568a9f303d2e5e6d62472bef2d6f5f9d53897a55589c84d3212983194607b9a6704192752f8ad2ac icedtea-3.16.0.tar.xz +76b32457958c2cdbb0006629bb41652286a1a9bfbda862665eddf822d4653d4858f9f2565e849b0e49f031b7667be73be8fe8c71abc65e1795eb570a96d1fd1e openjdk-3.16.0.tar.xz +bf90c95f401d4628e32b9a7ea78b7d43944f82882818a81d2ff368f09e49148091bf823d78ed56c343c175fe6d25492d9b78e25b725f218592ea94c4ae285e56 corba-3.16.0.tar.xz +86e8c18741c1f4baca27d784b068765e404a5c2ee6ecb172c826fc1d6192b5776133f103b749839c39154fcaec87a0df95e8fd5bcb56b1e9b811711b296a4836 jaxp-3.16.0.tar.xz +824ef15aa70ec629406fd9b98a69e5699fe8f6a8ab06be00ac546bcda1daf485b20de6ea0310064e000efbaf35b1cebee25bf69033634fdce8434efb3bb16f1d jaxws-3.16.0.tar.xz +9202f88b360637ad474920d8a6f85740e6a425679617ef713efd67778b4c7ca0b3eba7e4fc9d33de0bbd5dacda4862c8a9b63a13880204388b01af29d5fb6a55 jdk-3.16.0.tar.xz +1858bb3b7dd37edd817a52c67a878b48bc9b790623e77d9a6107f54b141638cb101ae3b8df560e3352c9ca2925aa5d493b4924e36a238be5a9628c714cc23642 langtools-3.16.0.tar.xz +19490ccc377fde5dc3d4396425e945f32e121ad0cc4be394b07f8698a7e3805b16fc41e427bab5fa290cb84efc7edb62acf8ca98072176343f5584d692592d2d hotspot-3.16.0.tar.xz +4bf87e7441ac747f133612e1fba5c06946c6731bae76132ffc614b41fcb689fda9d9ceb1e1fee3765765c6109894c85cf0f6e6fa9eb301f9a2d640ea6cd1c16c nashorn-3.16.0.tar.xz +bfbeccc931b9eab04fca94167b7569af26195297130e2effd9175d33b74dec3dc5727fea6e0cbf3cce21ba09641ddd868179544d3fabe8b128baaaccb9c2711c icedtea-hotspot-musl.patch e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch 19459dbb922f5a71cd15b53199481498626a783c24f91d2544d55b7dddd2cdb34a64bbf0226b99548612dd1743af01b3f9ff32c30abbbc90ce727ca2dbbbd1f9 icedtea-hotspot-noagent-musl.patch f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f icedtea-jdk-execinfo.patch 48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec82792f3c9393150a9bd628625ddf7f3e55720ff163fbbb471 icedtea-jdk-fix-libjvm-load.patch -1fbc32ddc528c7c0099dbc1e48f88d29dccf55e7b8997793aa1d3d8408003a1223d898cca4248e1a12d343d3feec5144f875e6cdac8460d763c73ab3ad7e49f9 icedtea-jdk-musl.patch -e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc icedtea-jdk-includes.patch -7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211 icedtea-jdk-getmntent-buffer.patch +17c78db081a85e37721c23e0c0e7cab85e2201a0969bd4858cb90375b97d1703c9bf867f8ac02f6b33f9775b78bae41e38223b7a887918d4a6c9f29b75f3de28 icedtea-jdk-musl.patch +974fb54532b7e7d738f4278187fc6bd9f9b2d99866b94f68a617ee4911c89a3b8cc41ecfdcaefecf9157492d006b1844b6b0b41ac4209d84f9e8d13c9e485dd3 icedtea-jdk-includes.patch 662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167 icedtea-autoconf-config.patch -9ea7ac942baf29cc619bc2e1acd59201b9f6d38f39a517b495d7613aec746459200c81afb57c5fcdcb856f6bc8b33f7566c8593fed07e5c73f43e08f1072d458 icedtea-jdk-tls-nist-curves.patch b0f6d07c6a949acdc8b4a25bf924f134f468e162f01dd440fd4ca80769fb84a0a54210f93efbe88012404fe3db6701aad31cdbc772bc054ad69021c37db5538c remove-gawk.patch" diff --git a/user/openjdk8/icedtea-hotspot-musl.patch b/user/openjdk8/icedtea-hotspot-musl.patch index 6cfb3e606..5d6f688a1 100644 --- a/user/openjdk8/icedtea-hotspot-musl.patch +++ b/user/openjdk8/icedtea-hotspot-musl.patch @@ -82,8 +82,8 @@ index d2c10e0..20f657f 100644 -# include <fpu_control.h> +# include <linux/types.h> /* provides __u64 */ - #ifdef BUILTIN_SIM - #define REG_SP REG_RSP + #define REG_FP 29 + diff --git openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp index 38388cb..2505ba8 100644 --- openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp diff --git a/user/openjdk8/icedtea-jdk-getmntent-buffer.patch b/user/openjdk8/icedtea-jdk-getmntent-buffer.patch deleted file mode 100644 index 075a9d423..000000000 --- a/user/openjdk8/icedtea-jdk-getmntent-buffer.patch +++ /dev/null @@ -1,88 +0,0 @@ -Give a much bigger buffer to getmntent_r. - -https://bugs.alpinelinux.org/issues/7093 - -diff --git a/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c b/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -index c8500db..d0b85d6 100644 ---- openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -+++ openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -@@ -33,6 +33,7 @@ - #include <dlfcn.h> - #include <errno.h> - #include <mntent.h> -+#include <limits.h> - - #include "sun_nio_fs_LinuxNativeDispatcher.h" - -@@ -173,8 +174,8 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - jlong value, jobject entry) - { - struct mntent ent; -- char buf[1024]; -- int buflen = sizeof(buf); -+ char *buf = NULL; -+ const size_t buflen = PATH_MAX * 4; - struct mntent* m; - FILE* fp = jlong_to_ptr(value); - jsize len; -@@ -183,10 +184,17 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - char* dir; - char* fstype; - char* options; -+ jint res = -1; - -- m = getmntent_r(fp, &ent, (char*)&buf, buflen); -- if (m == NULL) -+ buf = malloc(buflen); -+ if (buf == NULL) { -+ JNU_ThrowOutOfMemoryError(env, "native heap"); - return -1; -+ } -+ m = getmntent_r(fp, &ent, buf, buflen); -+ if (m == NULL) -+ goto out; -+ - name = m->mnt_fsname; - dir = m->mnt_dir; - fstype = m->mnt_type; -@@ -195,32 +203,35 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - len = strlen(name); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)name); - (*env)->SetObjectField(env, entry, entry_name, bytes); - - len = strlen(dir); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)dir); - (*env)->SetObjectField(env, entry, entry_dir, bytes); - - len = strlen(fstype); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)fstype); - (*env)->SetObjectField(env, entry, entry_fstype, bytes); - - len = strlen(options); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)options); - (*env)->SetObjectField(env, entry, entry_options, bytes); - -- return 0; -+ res = 0; -+out: -+ free(buf); -+ return res; - } - - JNIEXPORT void JNICALL diff --git a/user/openjdk8/icedtea-jdk-includes.patch b/user/openjdk8/icedtea-jdk-includes.patch index 6443a1973..5acbb9efb 100644 --- a/user/openjdk8/icedtea-jdk-includes.patch +++ b/user/openjdk8/icedtea-jdk-includes.patch @@ -53,17 +53,6 @@ /* O Flags */ ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c -+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c -@@ -28,7 +28,7 @@ - #include <sys/types.h> - #include <sys/socket.h> - #if defined(__linux__) && !defined(USE_SELECT) --#include <sys/poll.h> -+#include <poll.h> - #endif - #include <netinet/tcp.h> /* Defines TCP_NODELAY, needed for 2.6 */ - #include <netinet/in.h> --- openjdk.orig/jdk/src/solaris/native/java/net/bsd_close.c +++ openjdk/jdk/src/solaris/native/java/net/bsd_close.c @@ -36,7 +36,7 @@ @@ -88,14 +77,14 @@ * Stack allocated by thread when doing blocking operation --- openjdk.orig/jdk/src/solaris/native/java/net/net_util_md.h +++ openjdk/jdk/src/solaris/native/java/net/net_util_md.h -@@ -33,7 +33,7 @@ - #include <unistd.h> - - #ifndef USE_SELECT +@@ -27,7 +27,7 @@ + #define NET_UTILS_MD_H + + #include <netdb.h> -#include <sys/poll.h> +#include <poll.h> - #endif - + #include <sys/socket.h> + int NET_Timeout(int s, long timeout); --- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c +++ openjdk/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c diff --git a/user/openjdk8/icedtea-jdk-musl.patch b/user/openjdk8/icedtea-jdk-musl.patch index 97946ba42..7dbd6872c 100644 --- a/user/openjdk8/icedtea-jdk-musl.patch +++ b/user/openjdk8/icedtea-jdk-musl.patch @@ -47,32 +47,10 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/Inet4AddressImpl.c openjdk #define HAS_GLIBC_GETHOSTBY_R 1 #endif -diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-02-06 11:23:47.047832009 +0000 -@@ -41,7 +41,6 @@ - #endif - #ifdef __linux__ - #include <unistd.h> --#include <sys/sysctl.h> - #include <sys/utsname.h> - #include <netinet/ip.h> - -diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-02-06 11:23:47.047832009 +0000 -@@ -43,7 +43,6 @@ - #endif - #ifdef __linux__ - #include <unistd.h> --#include <sys/sysctl.h> - #endif - - #include "jvm.h" diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/src/solaris/native/java/net/linux_close.c ---- openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/java/net/linux_close.c 2017-02-06 11:23:47.047832009 +0000 -@@ -56,7 +56,7 @@ +--- openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c 2020-04-29 12:33:10.000000000 +0000 ++++ openjdk/jdk/src/solaris/native/java/net/linux_close.c 2020-05-02 19:35:51.590000000 +0000 +@@ -58,7 +58,7 @@ typedef struct { /* * Signal to unblock thread */ @@ -80,8 +58,8 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/ +static int sigWakeup; /* - * The fd table and the number of file descriptors -@@ -95,6 +95,9 @@ + * fdTable holds one entry per file descriptor, up to a certain +@@ -147,6 +147,9 @@ static void __attribute((constructor)) i /* * Setup the signal handler */ diff --git a/user/openjdk8/icedtea-jdk-tls-nist-curves.patch b/user/openjdk8/icedtea-jdk-tls-nist-curves.patch deleted file mode 100644 index 75fb3af8c..000000000 --- a/user/openjdk8/icedtea-jdk-tls-nist-curves.patch +++ /dev/null @@ -1,47 +0,0 @@ -Bug #7404 TLS negotiation error in OpenJDK 8 u131 - -Fixes an OpenJDK 8 regression discovered in docker-library/openjdk#115 -on Alpine Linux 3.5 (u121) and 3.6 (u131) that causes TLS negotiation -errors for some clients. - -Root cause appears to be OpenJDK announcing support for NIST curves the -underlying NSS library does doesn't. This patch limits OpenJDK's -announcement to elliptic curves 23 (secp256r1), 24 (secp384r1), and 25 -(secp521r1). - -Related issues: - -* https://github.com/docker-library/openjdk/issues/115 -* https://bugs.alpinelinux.org/issues/7404 -* https://access.redhat.com/discussions/2339811 -* https://bugzilla.redhat.com/show_bug.cgi?id=1022017 -* https://bugzilla.redhat.com/show_bug.cgi?id=1348525 - ---- openjdk.orig/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java 2017-05-08 20:03:50.000000000 -0700 -+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java 2017-06-14 13:37:00.000000000 -0700 -@@ -168,21 +168,10 @@ - "contains no supported elliptic curves"); - } - } else { // default curves -- int[] ids; -- if (requireFips) { -- ids = new int[] { -- // only NIST curves in FIPS mode -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- }; -- } else { -- ids = new int[] { -- // NIST curves first -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- // non-NIST curves -- 22, -- }; -- } -- -+ int[] ids = new int[] { -+ // NSS currently only supports these three NIST curves -+ 23, 24, 25 -+ }; - idList = new ArrayList<>(ids.length); - for (int curveId : ids) { - if (isAvailableCurve(curveId)) { |