/hg/icedtea: 2 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Fri Sep 11 07:29:05 PDT 2009
changeset 0373c927e1e9 in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=0373c927e1e9
author: Andrew John Hughes <ahughes at redhat.com>
date: Fri Sep 11 14:09:28 2009 +0100
Bump to b71 and disable the intree EC provider.
2009-09-11 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Bump to b71. Turn on
DISABLE_INTREE_EC to prevent the intree EC provider being
built.
* patches/hotspot/default/icedtea-params-cast-size_t.patch:
Regenerated.
changeset 755ac518cabd in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=755ac518cabd
author: Andrew John Hughes <ahughes at redhat.com>
date: Fri Sep 11 15:32:10 2009 +0100
Support the PKCS11 EC provider with --enable-nss.
2009-09-04 Andrew John Hughes <ahughes at redhat.com>
* HACKING: Updated.
* Makefile.am: Add two new patches. Copy nss.cfg to
jre/lib/security if NSS is enabled.
* configure.ac:Check for NSS and set NSS_LIBDIR and ENABLE_NSS
if found.
* nss.cfg.in: Template for the nss configuration file.
* patches/icedtea-disable-intree-ec.patch: Turn off the new EC
provider in java.security as we don't build it.
* patches/icedtea-nss-6763530.patch: Fix for Sun bug 6763530
which is triggered by newer versions of NSS.
* patches/icedtea-nss-config.patch: Patch java.security with
the PCKS11 provider configuration.
diffstat:
9 files changed, 204 insertions(+), 49 deletions(-)
ChangeLog | 25 ++++++
HACKING | 2
Makefile.am | 56 ++++++++-----
configure.ac | 20 ++++
nss.cfg.in | 4
patches/hotspot/default/icedtea-params-cast-size_t.patch | 58 +++++++-------
patches/icedtea-disable-intree-ec.patch | 23 +++++
patches/icedtea-nss-6763530.patch | 55 +++++++++++++
patches/icedtea-nss-config.patch | 10 ++
diffs (425 lines):
diff -r d719734879cc -r 755ac518cabd ChangeLog
--- a/ChangeLog Thu Aug 27 17:40:22 2009 +0200
+++ b/ChangeLog Fri Sep 11 15:32:10 2009 +0100
@@ -1,3 +1,28 @@ 2009-08-27 Matthias Klose <doko at ubuntu
+2009-09-04 Andrew John Hughes <ahughes at redhat.com>
+
+ * HACKING: Updated.
+ * Makefile.am:
+ Add two new patches. Copy nss.cfg to jre/lib/security if
+ NSS is enabled.
+ * configure.ac:Check for NSS and set NSS_LIBDIR
+ and ENABLE_NSS if found.
+ * nss.cfg.in: Template for the nss configuration file.
+ * patches/icedtea-disable-intree-ec.patch: Turn off
+ the new EC provider in java.security as we don't build it.
+ * patches/icedtea-nss-6763530.patch:
+ Fix for Sun bug 6763530 which is triggered by newer
+ versions of NSS.
+ * patches/icedtea-nss-config.patch: Patch java.security
+ with the PCKS11 provider configuration.
+
+2009-09-11 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am:
+ Bump to b71. Turn on DISABLE_INTREE_EC to
+ prevent the intree EC provider being built.
+ * patches/hotspot/default/icedtea-params-cast-size_t.patch:
+ Regenerated.
+
2009-08-27 Matthias Klose <doko at ubuntu.com>
* acinclude.m4, configure.ac (FIND_PULSEAUDIO): Remove.
diff -r d719734879cc -r 755ac518cabd HACKING
--- a/HACKING Thu Aug 27 17:40:22 2009 +0200
+++ b/HACKING Fri Sep 11 15:32:10 2009 +0100
@@ -114,6 +114,8 @@ The following patches are only applied t
is broken in libgcj 4.3.
* icedtea-override.patch: Remove @Override annotation in
javax.management.AttributeValueExp (unsupported by ecj < 3.4).
+* icedtea-nss-config.patch: Add the NSS PKCS11 security provider. (PR356)
+* icedtea-nss-6763530.patch: Fix PKCS11 provider when used with newer version of NSS (>=3.12.3) (PR356, S6763530).
The following patches are only applied to the icedtea-ecj bootstrap tree:
diff -r d719734879cc -r 755ac518cabd Makefile.am
--- a/Makefile.am Thu Aug 27 17:40:22 2009 +0200
+++ b/Makefile.am Fri Sep 11 15:32:10 2009 +0100
@@ -1,20 +1,20 @@ OPENJDK_VERSION = b70
-OPENJDK_VERSION = b70
-
-OPENJDK_CHANGESET = 1bbbd5c42f3a
-CORBA_CHANGESET = 309d97756352
-JAXP_CHANGESET = df9569f46ae8
-JAXWS_CHANGESET = c33dece1b2b3
-JDK_CHANGESET = 1b0f308e49c3
-LANGTOOLS_CHANGESET = 742987f2c0d2
-HOTSPOT_CHANGESET = 468ea732650d
-
-OPENJDK_MD5SUM = 84dabfc7b592490dcd4b2a232bde44ef
-CORBA_MD5SUM = ec0de438056ee14c48deb510c0d583dc
-JAXP_MD5SUM = 732708e633ffef87fb4095ecbbf4add0
-JAXWS_MD5SUM = 492e61bf7f96d3832b3246c01c716aa8
-JDK_MD5SUM = f286fbed4ffb4bb5d368e8cab11b50fd
-LANGTOOLS_MD5SUM = a0a13535ef6eec2292daa14f4cfe849d
-HOTSPOT_MD5SUM = 9e2a49be9371abe80c6fb1bd4ad3de3e
+OPENJDK_VERSION = b71
+
+OPENJDK_CHANGESET = 47425552fc70
+CORBA_CHANGESET = 109171aadcfa
+JAXP_CHANGESET = 6d4f2360ffe6
+JAXWS_CHANGESET = 75cfe6f615df
+JDK_CHANGESET = 2a1a7fb44226
+LANGTOOLS_CHANGESET = 70cd643d6217
+HOTSPOT_CHANGESET = 73abf11e8e61
+
+OPENJDK_MD5SUM = d0753b769317c497ae14d9ab089504f7
+CORBA_MD5SUM = 5cb4f5afbef00fd662c554b9dd7312a7
+JAXP_MD5SUM = 0203983e81a05e548f7fc7bed557bf2c
+JAXWS_MD5SUM = 07015564ab925a96cebf363814707d64
+JDK_MD5SUM = 9297009647ee6d3711fb59c3d3914404
+LANGTOOLS_MD5SUM = 70c0690c8ee523beb2a19dd1b7d2a9f9
+HOTSPOT_MD5SUM = 27eabf6067ac04edf002fad94671bbe1
CACAO_VERSION = 0.99.4
CACAO_MD5SUM = 63220327925ace13756ae334c55a3baa
@@ -1582,7 +1582,8 @@ ICEDTEA_ENV = \
ALT_NETX_DIST="$(abs_top_builddir)/netx.build" \
ALT_LIVECONNECT_DIST="$(abs_top_builddir)" \
DEBUG_CLASSFILES="true" \
- DEBUG_BINARIES="true"
+ DEBUG_BINARIES="true" \
+ DISABLE_INTREE_EC="true"
if WITH_CACAO
ICEDTEA_ENV += \
@@ -1670,7 +1671,8 @@ ICEDTEA_ENV_ECJ = \
ALT_NETX_DIST="$(abs_top_builddir)/netx.build" \
ALT_LIVECONNECT_DIST="$(abs_top_builddir)" \
DEBUG_CLASSFILES="true" \
- DEBUG_BINARIES="true"
+ DEBUG_BINARIES="true" \
+ DISABLE_INTREE_EC="true"
if WITH_CACAO
ICEDTEA_ENV_ECJ += \
@@ -2078,7 +2080,8 @@ ICEDTEA_PATCHES = \
patches/icedtea-jvmtiEnv.patch \
patches/icedtea-xml-encodinginfo.patch \
patches/icedtea-cc-interp-backedge.patch \
- patches/icedtea-netx.patch
+ patches/icedtea-netx.patch \
+ patches/icedtea-disable-intree-ec.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
@@ -2136,6 +2139,11 @@ if ENABLE_NPPLUGIN
if ENABLE_NPPLUGIN
ICEDTEA_PATCHES += patches/icedtea-liveconnect-dist.patch
endif
+endif
+
+if ENABLE_NSS
+ICEDTEA_PATCHES += patches/icedtea-nss-config.patch \
+ patches/icedtea-nss-6763530.patch
endif
ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES)
@@ -2758,6 +2766,10 @@ if ENABLE_SYSTEMTAP
$(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot.stp; \
fi
endif
+if ENABLE_NSS
+ cp $(abs_top_builddir)/nss.cfg \
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security;
+endif
@echo "IcedTea is served:" $(BUILD_OUTPUT_DIR)
mkdir -p stamps
touch stamps/icedtea.stamp
@@ -2843,6 +2855,10 @@ if ENABLE_SYSTEMTAP
cp $(abs_top_builddir)/tapset/hotspot.stp \
$(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot.stp; \
fi
+endif
+if ENABLE_NSS
+ cp $(abs_top_builddir)/nss.cfg \
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security;
endif
@echo "IcedTea (debug build) is served:" \
$(BUILD_OUTPUT_DIR)-debug
diff -r d719734879cc -r 755ac518cabd configure.ac
--- a/configure.ac Thu Aug 27 17:40:22 2009 +0200
+++ b/configure.ac Fri Sep 11 15:32:10 2009 +0100
@@ -141,6 +141,14 @@ AM_CONDITIONAL([ENABLE_SYSTEMTAP], [test
AM_CONDITIONAL([ENABLE_SYSTEMTAP], [test x$ENABLE_SYSTEMTAP = xyes])
AC_MSG_RESULT(${ENABLE_SYSTEMTAP})
+AC_MSG_CHECKING([whether to include elliptic curve cryptography support via NSS])
+AC_ARG_ENABLE([nss],
+ [AS_HELP_STRING([--enable-nss],
+ [Enable inclusion of NSS security provider])],
+ [ENABLE_NSS="${enableval}"], [ENABLE_NSS='no'])
+AM_CONDITIONAL([ENABLE_NSS], [test x$ENABLE_NSS = xyes])
+AC_MSG_RESULT(${ENABLE_NSS})
+
AC_MSG_CHECKING([how many parallel build jobs to execute])
AC_ARG_WITH([parallel-jobs],
[AS_HELP_STRING([--with-parallel-jobs],
@@ -444,6 +452,18 @@ then
AC_SUBST(GTK_LIBS)
fi
+if test "x${ENABLE_NSS}" = "xyes"
+then
+ PKG_CHECK_MODULES(NSS, nss, [NSS_FOUND=yes], [NSS_FOUND=no])
+ if test "x${NSS_FOUND}" = xno
+ then
+ AC_MSG_ERROR([Could not find NSS. Either install it or configure using --disable-nss.])
+ fi
+ NSS_LIBDIR=`$PKG_CONFIG --variable=libdir nss`
+ AC_SUBST(NSS_LIBDIR)
+ AC_CONFIG_FILES([nss.cfg])
+fi
+
if test "x${ZERO_BUILD_TRUE}" = x || test "x${ADD_ZERO_BUILD_TRUE}" = x; then
dnl Check for libffi headers and libraries.
PKG_CHECK_MODULES(LIBFFI, libffi,[LIBFFI_FOUND=yes],[LIBFFI_FOUND=no])
diff -r d719734879cc -r 755ac518cabd nss.cfg.in
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nss.cfg.in Fri Sep 11 15:32:10 2009 +0100
@@ -0,0 +1,4 @@
+name = NSS
+nssLibraryDirectory = @NSS_LIBDIR@
+nssDbMode = noDb
+attributes = compatibility
diff -r d719734879cc -r 755ac518cabd patches/hotspot/default/icedtea-params-cast-size_t.patch
--- a/patches/hotspot/default/icedtea-params-cast-size_t.patch Thu Aug 27 17:40:22 2009 +0200
+++ b/patches/hotspot/default/icedtea-params-cast-size_t.patch Fri Sep 11 15:32:10 2009 +0100
@@ -1,7 +1,7 @@ diff -Nru openjdk.orig/hotspot/src/share
diff -Nru openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp 2008-09-01 01:47:18.000000000 +0100
-+++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp 2008-09-01 01:53:31.000000000 +0100
-@@ -938,7 +938,7 @@
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp 2009-06-30 14:25:09.000000000 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp 2009-09-04 18:12:23.000000000 +0100
+@@ -940,7 +940,7 @@
if (free_percentage < desired_free_percentage) {
size_t desired_capacity = (size_t)(used() / ((double) 1 - desired_free_percentage));
assert(desired_capacity >= capacity(), "invalid expansion size");
@@ -10,7 +10,7 @@ diff -Nru openjdk.orig/hotspot/src/share
}
if (expand_bytes > 0) {
if (PrintGCDetails && Verbose) {
-@@ -6044,7 +6044,7 @@
+@@ -6063,7 +6063,7 @@
HeapWord* curAddr = _markBitMap.startWord();
while (curAddr < _markBitMap.endWord()) {
size_t remaining = pointer_delta(_markBitMap.endWord(), curAddr);
@@ -19,7 +19,7 @@ diff -Nru openjdk.orig/hotspot/src/share
_markBitMap.clear_large_range(chunk);
if (ConcurrentMarkSweepThread::should_yield() &&
!foregroundGCIsActive() &&
-@@ -6332,7 +6332,7 @@
+@@ -6351,7 +6351,7 @@
return;
}
// Double capacity if possible
@@ -29,9 +29,9 @@ diff -Nru openjdk.orig/hotspot/src/share
// get the double capacity that we desired.
ReservedSpace rs(ReservedSpace::allocation_align_size_up(
diff -Nru openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp 2008-08-14 08:40:10.000000000 +0100
-+++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp 2008-09-01 01:49:59.000000000 +0100
-@@ -904,8 +904,8 @@
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp 2009-05-08 17:40:27.000000000 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp 2009-09-04 18:12:23.000000000 +0100
+@@ -863,8 +863,8 @@
void PSParallelCompact::initialize_dead_wood_limiter()
{
const size_t max = 100;
@@ -43,8 +43,8 @@ diff -Nru openjdk.orig/hotspot/src/share
DEBUG_ONLY(_dwl_initialized = true;)
_dwl_adjustment = normal_distribution(1.0);
diff -Nru openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPermGen.cpp openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPermGen.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPermGen.cpp 2008-08-14 08:40:10.000000000 +0100
-+++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPermGen.cpp 2008-09-01 01:52:42.000000000 +0100
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPermGen.cpp 2009-03-30 17:15:27.000000000 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPermGen.cpp 2009-09-04 18:12:23.000000000 +0100
@@ -63,7 +63,7 @@
_last_used = current_live;
@@ -55,9 +55,9 @@ diff -Nru openjdk.orig/hotspot/src/share
// Compute the desired size:
diff -Nru openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp
---- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp 2008-08-14 08:40:10.000000000 +0100
-+++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp 2008-09-01 02:58:03.000000000 +0100
-@@ -287,7 +287,7 @@
+--- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp 2009-03-30 17:15:27.000000000 +0100
++++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp 2009-09-04 18:12:23.000000000 +0100
+@@ -281,7 +281,7 @@
// yield a size that is too small) and bound it by MaxNewSize above.
// Ergonomics plays here by previously calculating the desired
// NewSize and MaxNewSize.
@@ -67,9 +67,9 @@ diff -Nru openjdk.orig/hotspot/src/share
assert(max_new_size > 0, "All paths should set max_new_size");
diff -Nru openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp
---- openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp 2008-08-14 08:40:11.000000000 +0100
-+++ openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp 2008-09-01 01:49:59.000000000 +0100
-@@ -222,7 +222,7 @@
+--- openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp 2009-03-30 17:15:27.000000000 +0100
++++ openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp 2009-09-04 18:12:23.000000000 +0100
+@@ -221,7 +221,7 @@
size_t init_sz;
if (TLABSize > 0) {
@@ -79,27 +79,27 @@ diff -Nru openjdk.orig/hotspot/src/share
// Startup issue - main thread initialized before heap initialized.
init_sz = min_size();
diff -Nru openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp
---- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp 2008-09-01 01:47:17.000000000 +0100
-+++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2008-09-01 01:58:01.000000000 +0100
-@@ -1025,7 +1025,7 @@
- // for "short" pauses ~ 4M*ParallelGCThreads
- if (FLAG_IS_DEFAULT(MaxNewSize)) { // MaxNewSize not set at command-line
+--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp 2009-09-04 16:27:02.000000000 +0100
++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp 2009-09-04 18:13:00.000000000 +0100
+@@ -1064,7 +1064,7 @@
+ // NewSize was set on the command line and it is larger than
+ // preferred_max_new_size.
if (!FLAG_IS_DEFAULT(NewSize)) { // NewSize explicitly set at command-line
- FLAG_SET_ERGO(uintx, MaxNewSize, MAX2(NewSize, preferred_max_new_size));
+ FLAG_SET_ERGO(uintx, MaxNewSize, MAX2((size_t) NewSize, preferred_max_new_size));
} else {
FLAG_SET_ERGO(uintx, MaxNewSize, preferred_max_new_size);
}
-@@ -1038,7 +1038,7 @@
- // Old to Young gen size so as to shift the collection load
- // to the old generation concurrent collector
- if (FLAG_IS_DEFAULT(NewRatio)) {
+@@ -1083,7 +1083,7 @@
+ // there was no obvious reason. Also limit to the case where
+ // MaxNewSize has not been set.
+
- FLAG_SET_ERGO(intx, NewRatio, MAX2(NewRatio, new_ratio));
+ FLAG_SET_ERGO(intx, NewRatio, MAX2((intx) NewRatio, new_ratio));
- size_t min_new = align_size_up(ScaleForWordSize(min_new_default), os::vm_page_size());
- size_t prev_initial_size = initial_heap_size();
-@@ -1067,8 +1067,8 @@
+ // Code along this path potentially sets NewSize and OldSize
+
+@@ -1125,8 +1125,8 @@
// Unless explicitly requested otherwise, make young gen
// at least min_new, and at most preferred_max_new_size.
if (FLAG_IS_DEFAULT(NewSize)) {
@@ -110,7 +110,7 @@ diff -Nru openjdk.orig/hotspot/src/share
if(PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
tty->print_cr("Ergo set NewSize: " SIZE_FORMAT, NewSize);
-@@ -1079,7 +1079,7 @@
+@@ -1137,7 +1137,7 @@
// later NewRatio will decide how it grows; see above.
if (FLAG_IS_DEFAULT(OldSize)) {
if (max_heap > NewSize) {
diff -r d719734879cc -r 755ac518cabd patches/icedtea-disable-intree-ec.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-disable-intree-ec.patch Fri Sep 11 15:32:10 2009 +0100
@@ -0,0 +1,23 @@
+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security openjdk/jdk/src/share/lib/security/java.security
+--- openjdk.orig/jdk/src/share/lib/security/java.security 2009-09-10 19:04:25.000000000 +0100
++++ openjdk/jdk/src/share/lib/security/java.security 2009-09-11 14:53:07.000000000 +0100
+@@ -45,13 +45,12 @@
+ #
+ security.provider.1=sun.security.provider.Sun
+ security.provider.2=sun.security.rsa.SunRsaSign
+-security.provider.3=sun.security.ec.SunEC
+-security.provider.4=com.sun.net.ssl.internal.ssl.Provider
+-security.provider.5=com.sun.crypto.provider.SunJCE
+-security.provider.6=sun.security.jgss.SunProvider
+-security.provider.7=com.sun.security.sasl.Provider
+-security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
+-security.provider.9=sun.security.smartcardio.SunPCSC
++security.provider.3=com.sun.net.ssl.internal.ssl.Provider
++security.provider.4=com.sun.crypto.provider.SunJCE
++security.provider.5=sun.security.jgss.SunProvider
++security.provider.6=com.sun.security.sasl.Provider
++security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
++security.provider.8=sun.security.smartcardio.SunPCSC
+
+ #
+ # Select the source of seed data for SecureRandom. By default an
diff -r d719734879cc -r 755ac518cabd patches/icedtea-nss-6763530.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-nss-6763530.patch Fri Sep 11 15:32:10 2009 +0100
@@ -0,0 +1,55 @@
+diff -r 1f83d4e42eda src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Mon Aug 31 12:55:15 2009 +0900
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Thu Sep 03 18:47:40 2009 +0100
+@@ -40,6 +40,8 @@
+ import sun.security.pkcs11.wrapper.*;
+ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+
++import sun.security.util.DerValue;
++
+ /**
+ * EC KeyFactory implemenation.
+ *
+@@ -201,7 +203,14 @@
+
+ private PublicKey generatePublic(ECPoint point, ECParameterSpec params) throws PKCS11Exception {
+ byte[] encodedParams = ECParameters.encodeParameters(params);
+- byte[] encodedPoint = ECParameters.encodePoint(point, params.getCurve());
++ DerValue pkECPoint = new DerValue(DerValue.tag_OctetString,
++ ECParameters.encodePoint(point, params.getCurve()));
++ byte[] encodedPoint = null;
++ try {
++ encodedPoint = pkECPoint.toByteArray();
++ } catch (IOException e) {
++ throw new IllegalArgumentException("Could not DER encode point", e);
++ }
+ CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
+ new CK_ATTRIBUTE(CKA_CLASS, CKO_PUBLIC_KEY),
+ new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_EC),
+diff -r 1f83d4e42eda src/share/classes/sun/security/pkcs11/P11Key.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Mon Aug 31 12:55:15 2009 +0900
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Thu Sep 03 18:47:40 2009 +0100
+@@ -44,6 +44,8 @@
+ import sun.security.pkcs11.wrapper.*;
+ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+
++import sun.security.util.DerValue;
++
+ /**
+ * Key implementation classes.
+ *
+@@ -1014,10 +1016,13 @@
+ };
+ fetchAttributes(attributes);
+ try {
++ DerValue wECPoint = new DerValue(attributes[0].getByteArray());
++ if (wECPoint.getTag() != DerValue.tag_OctetString)
++ throw new IOException("Unexpected tag: " + wECPoint.getTag());
+ params = P11ECKeyFactory.decodeParameters
+ (attributes[1].getByteArray());
+ w = P11ECKeyFactory.decodePoint
+- (attributes[0].getByteArray(), params.getCurve());
++ (wECPoint.getDataBytes(), params.getCurve());
+ } catch (Exception e) {
+ throw new RuntimeException("Could not parse key values", e);
+ }
diff -r d719734879cc -r 755ac518cabd patches/icedtea-nss-config.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-nss-config.patch Fri Sep 11 15:32:10 2009 +0100
@@ -0,0 +1,10 @@
+--- openjdk.orig/jdk/src/share/lib/security/java.security 2009-08-25 11:43:59.000000000 +0100
++++ openjdk/jdk/src/share/lib/security/java.security 2009-08-27 14:23:54.000000000 +0100
+@@ -51,6 +51,7 @@
+ security.provider.6=com.sun.security.sasl.Provider
+ security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
+ security.provider.8=sun.security.smartcardio.SunPCSC
++security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
+
+ #
+ # Select the source of seed data for SecureRandom. By default an
More information about the distro-pkg-dev
mailing list