packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

I7PICQ: upgrade to jdk8u382-ga

Browse Source
This commit is contained in:
wanghao_hw 2023-08-01 15:30:06 +08:00
parent 991ceb0012
commit 2bfcae53f1
12 changed files with 2722 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2214
8014628-Support-AES-Encryption-with-HMAC-SHA2-for-Ke.patch Normal file
View File

File diff suppressed because it is too large Load Diff

314
8035986-KerberosKey-algorithm-names-are-not-specifie.patch Normal file
View File

@ -0,0 +1,314 @@
From ea08edece64add39a00a0bca558d11d41bf21513 Mon Sep 17 00:00:00 2001
Date: Thu, 27 Jul 2023 10:21:50 +0800
Subject: [PATCH] [Backport]8035986: KerberosKey algorithm names are not specified
---
.../javax/security/auth/kerberos/KerberosKey.java | 46 ++++++---
.../javax/security/auth/kerberos/KeyImpl.java | 26 ++---
.../classes/sun/security/krb5/EncryptionKey.java | 17 +++-
.../security/auth/kerberos/StandardNames.java | 108 +++++++++++++++++++++
4 files changed, 169 insertions(+), 28 deletions(-)
create mode 100644 jdk/test/javax/security/auth/kerberos/StandardNames.java
diff --git a/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java b/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java
index 5c8b65f27..a8d12131a 100644
--- a/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java
+++ b/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java
@@ -52,7 +52,20 @@ import javax.security.auth.DestroyFailedException;
* application depends on the default JGSS Kerberos mechanism to access the
* KerberosKey. In that case, however, the application will need an
* appropriate
- * {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.
+ * {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.<p>
+ *
+ * When creating a {@code KerberosKey} using the
+ * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor,
+ * an implementation may accept non-IANA algorithm names (For example,
+ * "ArcFourMac" for "rc4-hmac"), but the {@link #getAlgorithm} method
+ * must always return the IANA algorithm name.<p>
+ *
+ * @implNote Old algorithm names used before JDK 9 are supported in the
+ * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor in this
+ * implementation for compatibility reasons, which are "DES" (and null) for
+ * "des-cbc-md5", "DESede" for "des3-cbc-sha1-kd", "ArcFourHmac" for "rc4-hmac",
+ * "AES128" for "aes128-cts-hmac-sha1-96", and "AES256" for
+ * "aes256-cts-hmac-sha1-96".
*
* @author Mayank Upadhyay
* @since 1.4
@@ -73,7 +86,7 @@ public class KerberosKey implements SecretKey, Destroyable {
*
* @serial
*/
- private int versionNum;
+ private final int versionNum;
/**
* {@code KeyImpl} is serialized by writing out the ASN1 Encoded bytes
@@ -113,13 +126,16 @@ public class KerberosKey implements SecretKey, Destroyable {
}
/**
- * Constructs a KerberosKey from a principal's password.
+ * Constructs a KerberosKey from a principal's password using the specified
+ * algorithm name. The algorithm name (case insensitive) should be provided
+ * as the encryption type string defined on the IANA
+ * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a>
+ * page. The version number of the key generated will be 0.
*
* @param principal the principal that this password belongs to
* @param password the password that should be used to compute the key
* @param algorithm the name for the algorithm that this key will be
- * used for. This parameter may be null in which case the default
- * algorithm "DES" will be assumed.
+ * used for
* @throws IllegalArgumentException if the name of the
* algorithm passed is unsupported.
*/
@@ -128,6 +144,7 @@ public class KerberosKey implements SecretKey, Destroyable {
String algorithm) {
this.principal = principal;
+ this.versionNum = 0;
// Pass principal in for salt
key = new KeyImpl(principal, password, algorithm);
}
@@ -170,13 +187,18 @@ public class KerberosKey implements SecretKey, Destroyable {
*/
/**
- * Returns the standard algorithm name for this key. For
- * example, "DES" would indicate that this key is a DES key.
- * See Appendix A in the <a href=
- * "../../../../../technotes/guides/security/crypto/CryptoSpec.html#AppA">
- * Java Cryptography Architecture API Specification &amp; Reference
- * </a>
- * for information about standard algorithm names.
+ * Returns the standard algorithm name for this key. The algorithm names
+ * are the encryption type string defined on the IANA
+ * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a>
+ * page.
+ * <p>
+ * This method can return the following value not defined on the IANA page:
+ * <ol>
+ * <li>none: for etype equal to 0</li>
+ * <li>unknown: for etype greater than 0 but unsupported by
+ * the implementation</li>
+ * <li>private: for etype smaller than 0</li>
+ * </ol>
*
* @return the name of the algorithm associated with this key.
*/
diff --git a/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java b/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java
index f4ee94721..9d36d1e9e 100644
--- a/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java
+++ b/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java
@@ -36,7 +36,6 @@ import sun.security.krb5.PrincipalName;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.KrbException;
-import sun.security.krb5.KrbCryptoException;
import sun.security.util.DerValue;
/**
@@ -86,8 +85,12 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
try {
PrincipalName princ = new PrincipalName(principal.getName());
- EncryptionKey key =
- new EncryptionKey(password, princ.getSalt(), algorithm);
+ EncryptionKey key;
+ if ("none".equalsIgnoreCase(algorithm)) {
+ key = EncryptionKey.NULL_KEY;
+ } else {
+ key = new EncryptionKey(password, princ.getSalt(), algorithm);
+ }
this.keyBytes = key.getBytes();
this.keyType = key.getEType();
} catch (KrbException e) {
@@ -118,27 +121,28 @@ class KeyImpl implements SecretKey, Destroyable, Serializable {
switch (eType) {
case EncryptedData.ETYPE_DES_CBC_CRC:
+ return "des-cbc-crc";
+
case EncryptedData.ETYPE_DES_CBC_MD5:
- return "DES";
+ return "des-cbc-md5";
case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
- return "DESede";
+ return "des3-cbc-sha1-kd";
case EncryptedData.ETYPE_ARCFOUR_HMAC:
- return "ArcFourHmac";
+ return "rc4-hmac";
case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
- return "AES128";
+ return "aes128-cts-hmac-sha1-96";
case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
- return "AES256";
+ return "aes256-cts-hmac-sha1-96";
case EncryptedData.ETYPE_NULL:
- return "NULL";
+ return "none";
default:
- throw new IllegalArgumentException(
- "Unsupported encryption type: " + eType);
+ return eType > 0 ? "unknown" : "private";
}
}
diff --git a/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java b/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java
index 4823b2525..d484d7c55 100644
--- a/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java
+++ b/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java
@@ -271,15 +271,22 @@ public class EncryptionKey
String salt,
String algorithm) throws KrbCryptoException {
- if (algorithm == null || algorithm.equalsIgnoreCase("DES")) {
+ if (algorithm == null || algorithm.equalsIgnoreCase("DES")
+ || algorithm.equalsIgnoreCase("des-cbc-md5")) {
keyType = EncryptedData.ETYPE_DES_CBC_MD5;
- } else if (algorithm.equalsIgnoreCase("DESede")) {
+ } else if (algorithm.equalsIgnoreCase("des-cbc-crc")) {
+ keyType = EncryptedData.ETYPE_DES_CBC_CRC;
+ } else if (algorithm.equalsIgnoreCase("DESede")
+ || algorithm.equalsIgnoreCase("des3-cbc-sha1-kd")) {
keyType = EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD;
- } else if (algorithm.equalsIgnoreCase("AES128")) {
+ } else if (algorithm.equalsIgnoreCase("AES128")
+ || algorithm.equalsIgnoreCase("aes128-cts-hmac-sha1-96")) {
keyType = EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96;
- } else if (algorithm.equalsIgnoreCase("ArcFourHmac")) {
+ } else if (algorithm.equalsIgnoreCase("ArcFourHmac")
+ || algorithm.equalsIgnoreCase("rc4-hmac")) {
keyType = EncryptedData.ETYPE_ARCFOUR_HMAC;
- } else if (algorithm.equalsIgnoreCase("AES256")) {
+ } else if (algorithm.equalsIgnoreCase("AES256")
+ || algorithm.equalsIgnoreCase("aes256-cts-hmac-sha1-96")) {
keyType = EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96;
// validate if AES256 is enabled
if (!EType.isSupported(keyType)) {
diff --git a/jdk/test/javax/security/auth/kerberos/StandardNames.java b/jdk/test/javax/security/auth/kerberos/StandardNames.java
new file mode 100644
index 000000000..40590f6d0
--- /dev/null
+++ b/jdk/test/javax/security/auth/kerberos/StandardNames.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8035986
+ * @summary KerberosKey algorithm names are not specified
+ */
+
+import sun.security.krb5.EncryptedData;
+
+import javax.crypto.Cipher;
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import java.util.Locale;
+
+public class StandardNames {
+ static KerberosPrincipal kp = new KerberosPrincipal("user@REALM");
+ static char[] pass = "secret".toCharArray();
+ static byte[] keyBytes = new byte[1];
+
+ public static void main(String[] args) throws Exception {
+ for (EncType e: EncType.values()) {
+ if (e == EncType.e18) {
+ if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
+ System.out.println("Skipping aes256-cts-hmac-sha1-96");
+ continue;
+ }
+ }
+ checkByName(e.name, e);
+ checkByName(e.name.toUpperCase(Locale.US), e);
+ for (String n: e.oldnames) {
+ checkByName(n, e);
+ if (n != null) {
+ checkByName(n.toLowerCase(Locale.US), e);
+ }
+ }
+ checkByEType(e.etype, e.name);
+ }
+ checkByEType(100, "unknown");
+ checkByEType(-1, "private");
+
+ try {
+ System.out.println("unsupported");
+ new KerberosKey(kp, pass, "unsupported");
+ throw new Exception("unsupported");
+ } catch (IllegalArgumentException iae) {
+ // Expected
+ }
+ }
+
+ private static void checkByName(String n, EncType e) throws Exception {
+ System.out.println("CheckByName " + n);
+ KerberosKey k = new KerberosKey(kp, pass, n);
+ if (!k.getAlgorithm().equals(e.name)) throw new Exception(n);
+ if (k.getKeyType() != e.etype) throw new Exception(n);
+ if (k.getVersionNumber() != 0) throw new Exception(n);
+ }
+
+ private static void checkByEType(int i, String n) throws Exception {
+ System.out.println("CheckByInt " + i);
+ KerberosKey k = new KerberosKey(kp, keyBytes, i, 13);
+ if (!k.getAlgorithm().equals(n)) throw new Exception("" + i);
+ if (k.getKeyType() != i) throw new Exception("" + i);
+ if (k.getVersionNumber() != 13) throw new Exception("" + i);
+ }
+}
+
+enum EncType {
+ e0("none", EncryptedData.ETYPE_NULL),
+ e1("des-cbc-crc", EncryptedData.ETYPE_DES_CBC_CRC),
+ e3("des-cbc-md5", EncryptedData.ETYPE_DES_CBC_MD5, "DES", null),
+ e16("des3-cbc-sha1-kd", EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD, "DESede"),
+ e17("aes128-cts-hmac-sha1-96", EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, "AES128"),
+ e18("aes256-cts-hmac-sha1-96", EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96, "AES256"),
+ e23("rc4-hmac", EncryptedData.ETYPE_ARCFOUR_HMAC, "ArcFourHmac"),
+ ;
+
+ final String name;
+ final int etype;
+ final String[] oldnames;
+
+ EncType(String name, int etype, String... oldnames) {
+ this.name = name;
+ this.etype = etype;
+ this.oldnames = oldnames;
+ }
+}
--
2.12.3

53
8179273-sun.net.httpserver.LeftOverInputStream-shoul.patch Normal file
View File

@ -0,0 +1,53 @@
From b1c3eca9320e83db1fe6fe281c2d4a8875e8f16b Mon Sep 17 00:00:00 2001
Date: Thu, 27 Jul 2023 20:07:00 +0800
Subject: [PATCH] [Backport]8179273: sun.net.httpserver.LeftOverInputStream should stop
attempting to drain the stream when the server is stopped
---
.../classes/sun/net/httpserver/LeftOverInputStream.java | 7 +++++--
jdk/src/share/classes/sun/net/httpserver/ServerImpl.java | 4 ++++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/jdk/src/share/classes/sun/net/httpserver/LeftOverInputStream.java b/jdk/src/share/classes/sun/net/httpserver/LeftOverInputStream.java
index c715d72ad..d3a6e1b08 100644
--- a/jdk/src/share/classes/sun/net/httpserver/LeftOverInputStream.java
+++ b/jdk/src/share/classes/sun/net/httpserver/LeftOverInputStream.java
@@ -41,8 +41,8 @@ import com.sun.net.httpserver.spi.*;
* isEOF() returns true, when all expected bytes have been read
*/
abstract class LeftOverInputStream extends FilterInputStream {
- ExchangeImpl t;
- ServerImpl server;
+ final ExchangeImpl t;
+ final ServerImpl server;
protected boolean closed = false;
protected boolean eof = false;
byte[] one = new byte [1];
@@ -109,6 +109,9 @@ abstract class LeftOverInputStream extends FilterInputStream {
int bufSize = 2048;
byte[] db = new byte [bufSize];
while (l > 0) {
+ if (server.isFinishing()) {
+ break;
+ }
long len = readImpl (db, 0, bufSize);
if (len == -1) {
eof = true;
diff --git a/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java b/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java
index a5adbf609..271a5bbc7 100644
--- a/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java
+++ b/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java
@@ -219,6 +219,10 @@ class ServerImpl {
return httpsConfig;
}
+ public final boolean isFinishing() {
+ return finished;
+ }
+
public void stop (int delay) {
if (delay < 0) {
throw new IllegalArgumentException ("negative delay parameter");
--
2.19.1

2
add-missing-test-case.patch
View File

@ -91,7 +91,7 @@ index 00000000..9b614024
--- /dev/null --- /dev/null
+++ b/version.txt +++ b/version.txt
@@ -0,0 +1 @@ @@ -0,0 +1 @@
+8.372.7.0.13 +8.382.5.0.13
-- --
2.23.0 2.23.0

33
enhance-java-heap-oom-err-log.patch Normal file
View File

@ -0,0 +1,33 @@
From 2e7ce3a50aca6b0633e2fb7b2d0ef3c9e7b6ebc4 Mon Sep 17 00:00:00 2001
Date: Thu, 27 Jul 2023 19:53:53 +0800
Subject: [PATCH] [Huawei]enhance java-heap-oom err log
---
.../src/share/vm/gc_interface/collectedHeap.inline.hpp | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp b/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp
index 8ed2df96a..ab4827a9b 100644
--- a/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp
+++ b/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp
@@ -156,8 +156,16 @@ HeapWord* CollectedHeap::common_mem_allocate_noinit(KlassHandle klass, size_t si
if (!gc_overhead_limit_was_exceeded) {
+ ResourceMark rm;
+ tty->print_cr("OOM caused by java heap space occurred, allocate size: %zu bytes, type: %s", size * HeapWordSize, klass->signature_name());
+ Universe::heap()->print_on(tty);
+
+ if (THREAD->is_Java_thread()) {
+ tty->print_cr("current stack trace:");
+ ((JavaThread*)THREAD)->print_stack_on(tty);
+ }
// -XX:+HeapDumpOnOutOfMemoryError and -XX:OnOutOfMemoryError support
- report_java_out_of_memory("Java heap space");
+ report_java_out_of_memory(err_msg("Java heap space, allocate size: %zu bytes, type: %s", size * HeapWordSize, klass->signature_name()));
if (JvmtiExport::should_post_resource_exhausted()) {
JvmtiExport::post_resource_exhausted(
--
2.19.1

9
fix-the-issue-that-cert-of-geotrustglobalca-expired.patch
View File

@ -46,7 +46,7 @@ diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun
index c1423dc5b..8bca06c52 100644 index c1423dc5b..8bca06c52 100644
--- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
+++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
@@ -111,8 +111,6 @@ public class VerifyCACerts { @@ -112,8 +112,6 @@ public class VerifyCACerts {
"7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2"); "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
put("digicerthighassuranceevrootca [jdk]", put("digicerthighassuranceevrootca [jdk]",
"74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF"); "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF");
@ -55,11 +55,14 @@ index c1423dc5b..8bca06c52 100644
put("geotrustprimaryca [jdk]", put("geotrustprimaryca [jdk]",
"37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C"); "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C");
put("geotrustprimarycag2 [jdk]", put("geotrustprimarycag2 [jdk]",
@@ -242,7 +240,6 @@ public class VerifyCACerts { @@ -258,8 +256,8 @@ public class VerifyCACerts {
@SuppressWarnings("serial")
private static final HashSet<String> EXPIRY_EXC_ENTRIES = new HashSet<String>() { private static final HashSet<String> EXPIRY_EXC_ENTRIES = new HashSet<String>() {
{ {
// Valid until: Sat May 21 04:00:00 GMT 2022 - // Valid until: Sat May 21 04:00:00 GMT 2022
- add("geotrustglobalca [jdk]"); - add("geotrustglobalca [jdk]");
+ // Valid until: Sat Sep 30 04:20:49 GMT 2023
+ add("secomscrootca1 [jdk]");
} }
}; };

4
fix_X509TrustManagerImpl_symantec_distrust.patch
View File

@ -40,13 +40,13 @@ index 54e1bfa0d..c1423dc5b 100644
// The numbers of certs now. // The numbers of certs now.
- private static final int COUNT = 83; - private static final int COUNT = 83;
+ private static final int COUNT = 84; + private static final int COUNT = 91;
// SHA-256 of cacerts, can be generated with // SHA-256 of cacerts, can be generated with
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
private static final String CHECKSUM private static final String CHECKSUM
- = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20"; - = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20";
+ = "DE:42:B4:05:C8:64:19:5A:16:14:D8:F2:04:DE:66:D6:1B:86:BD:D3:F7:05:75:31:4F:B5:23:FE:8D:58:0B:49"; + = "81:65:90:49:CF:39:8A:7B:B6:7E:88:9D:A3:E9:D4:31:0E:9B:D0:50:9E:09:76:37:E9:2A:14:74:17:6E:12:EF";
// map of cert alias to SHA-256 fingerprint // map of cert alias to SHA-256 fingerprint
@SuppressWarnings("serial") @SuppressWarnings("serial")

38
fixing-a-bug-in-the-processing-of-default-attributes.patch Normal file
View File

@ -0,0 +1,38 @@
From 93a6617cd05d494c7a761c5565e412f03aefb569 Mon Sep 17 00:00:00 2001
Date: Thu, 27 Jul 2023 12:45:54 +0800
Subject: [PATCH] [Huawei]Fixing a bug in the processing of default attributes
---
.../apache/xerces/internal/impl/xs/XMLSchemaValidator.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java b/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java
index 020e35cd4..7a2b8efb5 100644
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java
@@ -2943,9 +2943,11 @@ public class XMLSchemaValidator
attName =
new QName(null, currDecl.fName, currDecl.fName, currDecl.fTargetNamespace);
String normalized = (defaultValue != null) ? defaultValue.stringValue() : "";
- int attrIndex = attributes.addAttribute(attName, "CDATA", normalized);
+ int attrIndex;
if (attributes instanceof XMLAttributesImpl) {
XMLAttributesImpl attrs = (XMLAttributesImpl) attributes;
+ attrIndex = attrs.getLength();
+ attrs.addAttributeNS(attName, "CDATA", normalized);
boolean schemaId =
defaultValue != null
&& defaultValue.memberType != null
@@ -2953,6 +2955,9 @@ public class XMLSchemaValidator
: currDecl.fType.isIDType();
attrs.setSchemaId(attrIndex, schemaId);
}
+ else {
+ attrIndex = attributes.addAttribute(attName, "CDATA", normalized);
+ }
if (fAugPSVI) {
--
2.19.1

BIN
jdk8u-jdk8u372-b07.tar.xz → jdk8u-jdk8u382-b05.tar.xz
View File

Binary file not shown.

44
openjdk-1.8.0.spec
View File

@ -146,13 +146,13 @@
%global origin_nice OpenJDK %global origin_nice OpenJDK
%global top_level_dir_name %{origin} %global top_level_dir_name %{origin}
%global repo jdk8u %global repo jdk8u
%global revision jdk8u372-b07 %global revision jdk8u382-b05
%global full_revision %{repo}-%{revision} %global full_revision %{repo}-%{revision}
# Define IcedTea version used for SystemTap tapsets and desktop files # Define IcedTea version used for SystemTap tapsets and desktop files
%global icedteaver 3.15.0 %global icedteaver 3.15.0
%global updatever 372 %global updatever 382
%global buildver b07 %global buildver b05
# priority must be 7 digits in total. The expression is workarounding tip # priority must be 7 digits in total. The expression is workarounding tip
%global priority 1800%{updatever} %global priority 1800%{updatever}
@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
Name: java-%{javaver}-%{origin} Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver} Version: %{javaver}.%{updatever}.%{buildver}
Release: 2 Release: 0
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages # and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a # also included the epoch in their virtual provides. This created a
@ -1146,7 +1146,6 @@ Patch262: add-configuration-option-of-huawei-internal-version-shown-in-release-f
Patch263: The-code-style-is-fixed-and-test-cases-are-added.patch Patch263: The-code-style-is-fixed-and-test-cases-are-added.patch
# 8u352 # 8u352
Patch265: cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
Patch266: 8065895-Synchronous-signals-during-error-reporting-may-terminate-or-hang-vm-process.patch Patch266: 8065895-Synchronous-signals-during-error-reporting-may-terminate-or-hang-vm-process.patch
Patch273: 8257695-linux-Add-process-memory-information-to-hs-e.patch Patch273: 8257695-linux-Add-process-memory-information-to-hs-e.patch
Patch274: 8261167-print_process_memory_info-add-a-close-call-a.patch Patch274: 8261167-print_process_memory_info-add-a-close-call-a.patch
@ -1174,7 +1173,6 @@ Patch295: Fix-AsyncGCLog-s-content-consistent-bug.patch
# 8u362 # 8u362
Patch296: 8178968-AArch64-Remove-non-standard-code-cache-size.patch Patch296: 8178968-AArch64-Remove-non-standard-code-cache-size.patch
Patch297: 8185736-missing-default-exception-handler-in-calls-t.patch
Patch298: Add-CMS-s-trim-test-cases-and-fix-failure.patch Patch298: Add-CMS-s-trim-test-cases-and-fix-failure.patch
Patch299: Disable-cds-on-x86-32.patch Patch299: Disable-cds-on-x86-32.patch
Patch300: Disable-no-compressedOop-cds-on-x86-32.patch Patch300: Disable-no-compressedOop-cds-on-x86-32.patch
@ -1241,6 +1239,14 @@ Patch358: 0053-8146987-Improve-Parallel-GC-Full-GC-by-caching-resul.patch
Patch359: 0054-Fix-jmap-heapdump-symbols-when-the-class-is-loaded-f.patch Patch359: 0054-Fix-jmap-heapdump-symbols-when-the-class-is-loaded-f.patch
Patch360: 0055-Fix-CodelistTest.java-Failed-to-Execute-CodelistTest.patch Patch360: 0055-Fix-CodelistTest.java-Failed-to-Execute-CodelistTest.patch
# 8u382
Patch361: print-more-information-when-AbortVMOnException.patch
Patch362: 8035986-KerberosKey-algorithm-names-are-not-specifie.patch
Patch363: fixing-a-bug-in-the-processing-of-default-attributes.patch
Patch364: enhance-java-heap-oom-err-log.patch
Patch365: 8014628-Support-AES-Encryption-with-HMAC-SHA2-for-Ke.patch
Patch366: 8179273-sun.net.httpserver.LeftOverInputStream-shoul.patch
############################################# #############################################
# #
# Upstreamable patches # Upstreamable patches
@ -1726,7 +1732,6 @@ pushd %{top_level_dir_name}
%patch261 -p1 %patch261 -p1
%patch262 -p1 %patch262 -p1
%patch263 -p1 %patch263 -p1
%patch265 -p1
%patch266 -p1 %patch266 -p1
%patch273 -p1 %patch273 -p1
%patch274 -p1 %patch274 -p1
@ -1752,7 +1757,6 @@ pushd %{top_level_dir_name}
%patch294 -p1 %patch294 -p1
%patch295 -p1 %patch295 -p1
%patch296 -p1 %patch296 -p1
%patch297 -p1
%patch298 -p1 %patch298 -p1
%patch299 -p1 %patch299 -p1
%patch300 -p1 %patch300 -p1
@ -1816,6 +1820,12 @@ pushd %{top_level_dir_name}
%patch358 -p1 %patch358 -p1
%patch359 -p1 %patch359 -p1
%patch360 -p1 %patch360 -p1
%patch361 -p1
%patch362 -p1
%patch363 -p1
%patch364 -p1
%patch365 -p1
%patch366 -p1
popd popd
# System library fixes # System library fixes
@ -1924,7 +1934,6 @@ bash ${top_srcdir_abs_path}/configure \
--with-vendor-vm-bug-url="https://gitee.com/src-openeuler/openjdk-1.8.0/issues/" \ --with-vendor-vm-bug-url="https://gitee.com/src-openeuler/openjdk-1.8.0/issues/" \
--with-debug-level=$debugbuild \ --with-debug-level=$debugbuild \
--enable-unlimited-crypto \ --enable-unlimited-crypto \
--with-zlib=system \
--enable-kae=yes \ --enable-kae=yes \
--with-stdc++lib=dynamic \ --with-stdc++lib=dynamic \
--with-extra-cflags="$EXTRA_CFLAGS" \ --with-extra-cflags="$EXTRA_CFLAGS" \
@ -2440,6 +2449,23 @@ cjc.mainProgram(arg)
%endif %endif
%changelog %changelog
* Mon Jul 31 2023 wanghao_hw <wanghao564@huawei.com> - 1:1.8.0.382-b05.0
- add Huawei-Print-more-information-when-AbortVMOnException.patch
- deleted patch 8185736-missing-default-exception-handler-in-calls-t.patch
- deleted patch cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
- modified update-cacerts-and-VerifyCACerts.java-test.patch
- modified add-missing-test-case.patch
- modified fix-the-issue-that-cert-of-geotrustglobalca-expired.patch
- modified update-cacerts-and-VerifyCACerts.java-test.patch
- modified fix_X509TrustManagerImpl_symantec_distrust.patch
- add 8035986-KerberosKey-algorithm-names-are-not-specifie.patch
- add fixing-a-bug-in-the-processing-of-default-attributes.patch
- add enhance-java-heap-oom-err-log.patch
- add 8014628-Support-AES-Encryption-with-HMAC-SHA2-for-Ke.patch
- add 8179273-sun.net.httpserver.LeftOverInputStream-shoul.patch
- del --with-zlib=system
- upgrade to jdk8u382-b05
* Thu Jun 29 2023 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.372-b07.2 * Thu Jun 29 2023 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.372-b07.2
- 0002-8179498-attach-in-linux-should-be-relative-to-proc-p.patch - 0002-8179498-attach-in-linux-should-be-relative-to-proc-p.patch
- 0003-8187408-AbstractQueuedSynchronizer-wait-queue-corrup.patch - 0003-8187408-AbstractQueuedSynchronizer-wait-queue-corrup.patch

24
print-more-information-when-AbortVMOnException.patch Normal file
View File

@ -0,0 +1,24 @@
From e6def0e384c2d21b2b153250153c47780fd640e4 Mon Sep 17 00:00:00 2001
Date: Wed, 5 Jul 2023 16:36:11 +0800
Subject: [PATCH] [Huawei]Print more information when AbortVMOnException
---
hotspot/src/share/vm/utilities/exceptions.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hotspot/src/share/vm/utilities/exceptions.cpp b/hotspot/src/share/vm/utilities/exceptions.cpp
index 8b25cf8c4..eabe3b9ee 100644
--- a/hotspot/src/share/vm/utilities/exceptions.cpp
+++ b/hotspot/src/share/vm/utilities/exceptions.cpp
@@ -483,7 +483,7 @@ void Exceptions::debug_check_abort(const char *value_string, const char* message
strstr(AbortVMOnException, value_string)) {
if (AbortVMOnExceptionMessage == NULL || (message != NULL &&
strstr(message, AbortVMOnExceptionMessage))) {
- fatal(err_msg("Saw %s, aborting", value_string));
+ fatal(err_msg("Saw %s : %s, aborting", value_string, message));
}
}
}
--
2.12.3

4
update-cacerts-and-VerifyCACerts.java-test.patch
View File

@ -257,13 +257,13 @@ index dd107fc..791ddb6 100644
+ File.separator + "security" + File.separator + "cacerts"; + File.separator + "security" + File.separator + "cacerts";
// The numbers of certs now. // The numbers of certs now.
- private static final int COUNT = 90; - private static final int COUNT = 97;
+ private static final int COUNT = 83; + private static final int COUNT = 83;
// SHA-256 of cacerts, can be generated with // SHA-256 of cacerts, can be generated with
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
private static final String CHECKSUM private static final String CHECKSUM
- = "21:8C:35:29:4C:E2:49:D2:83:30:DF:8B:5E:39:F8:8C:D6:C5:2B:59:05:32:74:E5:79:A5:91:9F:3C:57:B9:E3"; - = "72:C7:B8:9E:54:94:D2:D9:C0:E5:9F:F7:C3:8C:3B:18:D7:42:23:82:51:F2:AD:A1:14:26:E0:4A:F2:5F:AE:80";
+ = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20"; + = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20";
// map of cert alias to SHA-256 fingerprint // map of cert alias to SHA-256 fingerprint