From 28fdd34de44edcf8d1a08cc45cd564099e9268fc Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 4 May 2020 12:37:39 -0500
Subject: user/openjdk8: [CVE] bump to 8.252.09 (#269)

* Bootstrap using openjdk8. Note that it will need to be manually
  installed when building now...

* Cherrypick patch changes from Alpine:
  icedtea-jdk-tls-nist-curves.patch was integrated upstream, and
  icedtea-hotspot-musl.patch was rebased for 8u232.
  https://git.alpinelinux.org/aports/commit/community/openjdk8?id=04ec13ca9caa9a436001be92e674f230b9894894

* Rebase patches for 8u252-ga:
  In particular, icedtea-jdk-getmntent-buffer.patch is dropped since
  upstream takes a new approach by allocating a buffer according to the
  length of the longest line in mtab.

  https://bugs.openjdk.java.net/browse/JDK-8229872

* Use private variables (_) where applicable
---
 user/openjdk8/icedtea-jdk-tls-nist-curves.patch | 47 -------------------------
 1 file changed, 47 deletions(-)
 delete mode 100644 user/openjdk8/icedtea-jdk-tls-nist-curves.patch

(limited to 'user/openjdk8/icedtea-jdk-tls-nist-curves.patch')

diff --git a/user/openjdk8/icedtea-jdk-tls-nist-curves.patch b/user/openjdk8/icedtea-jdk-tls-nist-curves.patch
deleted file mode 100644
index 75fb3af8c..000000000
--- a/user/openjdk8/icedtea-jdk-tls-nist-curves.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Bug #7404 TLS negotiation error in OpenJDK 8 u131
-
-Fixes an OpenJDK 8 regression discovered in docker-library/openjdk#115
-on Alpine Linux 3.5 (u121) and 3.6 (u131) that causes TLS negotiation
-errors for some clients.
-
-Root cause appears to be OpenJDK announcing support for NIST curves the
-underlying NSS library does doesn't. This patch limits OpenJDK's
-announcement to elliptic curves 23 (secp256r1), 24 (secp384r1), and 25
-(secp521r1).
-
-Related issues:
-
-* https://github.com/docker-library/openjdk/issues/115
-* https://bugs.alpinelinux.org/issues/7404
-* https://access.redhat.com/discussions/2339811
-* https://bugzilla.redhat.com/show_bug.cgi?id=1022017
-* https://bugzilla.redhat.com/show_bug.cgi?id=1348525
-
---- openjdk.orig/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java	2017-05-08 20:03:50.000000000 -0700
-+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java	2017-06-14 13:37:00.000000000 -0700
-@@ -168,21 +168,10 @@
-                     "contains no supported elliptic curves");
-             }
-         } else {        // default curves
--            int[] ids;
--            if (requireFips) {
--                ids = new int[] {
--                    // only NIST curves in FIPS mode
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                };
--            } else {
--                ids = new int[] {
--                    // NIST curves first
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                    // non-NIST curves
--                    22,
--                };
--            }
--
-+            int[] ids = new int[] {
-+                // NSS currently only supports these three NIST curves
-+                23, 24, 25
-+            };
-             idList = new ArrayList<>(ids.length);
-             for (int curveId : ids) {
-                 if (isAvailableCurve(curveId)) {
-- 
cgit v1.2.3-60-g2f50