/hg/release/icedtea6-1.6: 2 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Mar 30 15:57:23 PDT 2010
changeset 566af2483fbb in /hg/release/icedtea6-1.6
details: http://icedtea.classpath.org/hg/release/icedtea6-1.6?cmd=changeset;node=566af2483fbb
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Mar 30 23:56:02 2010 +0100
Remove broken regexp usage in .hgignore.
2009-03-30 Andrew John Hughes <ahughes at redhat.com>
* .hgignore: Remove broken regexp usage which hides
too many files.
changeset 6728bebba215 in /hg/release/icedtea6-1.6
details: http://icedtea.classpath.org/hg/release/icedtea6-1.6?cmd=changeset;node=6728bebba215
author: Andrew John Hughes <ahughes at redhat.com>
date: Tue Mar 30 23:57:15 2010 +0100
Backport NSS bug fix.
2009-09-03 Andrew John Hughes <ahughes at redhat.com>
PR icedtea/356
* HACKING: Updated.
* Makefile.am: Add two new patches. Copy nss.cfg to
jre/lib/security if NSS is enabled.
* configure.ac:Check for NSS and set NSS_LIBDIR and ENABLE_NSS
if found.
* nss.cfg.in: Template for the nss configuration file.
* patches/icedtea-nss-6763530.patch: Fix for Sun bug 6763530
which is triggered by newer versions of NSS.
* patches/icedtea-nss-config.patch: Patch java.security with
the PCKS11 provider configuration.
diffstat:
8 files changed, 132 insertions(+), 7 deletions(-)
.hgignore | 11 +++----
ChangeLog | 22 ++++++++++++++
HACKING | 4 ++
Makefile.am | 13 ++++++++
configure.ac | 20 +++++++++++++
nss.cfg.in | 4 ++
patches/icedtea-nss-6763530.patch | 55 +++++++++++++++++++++++++++++++++++++
patches/icedtea-nss-config.patch | 10 ++++++
diffs (232 lines):
diff -r d48a4f542e7d -r 6728bebba215 .hgignore
--- a/.hgignore Tue Mar 30 23:04:54 2010 +0100
+++ b/.hgignore Tue Mar 30 23:57:15 2010 +0100
@@ -1,7 +1,4 @@ syntax: glob
syntax: glob
-*~
-
-syntax: regexp
configure
missing
aclocal.m4
@@ -9,7 +6,6 @@ cacao
cacao
netbeans
visualvm
-openjdk
bootstrap
debian
lib
@@ -464,9 +460,12 @@ rt/netscape/javascript/JSUtil.java
rt/netscape/javascript/JSUtil.java
generated/sun/awt/X11/generator/sizer.32.orig
pulseaudio/bin
-pulseaudio/.*\.o
+pulseaudio/*.o
pulseaudio/src/native/org_.*.h
-pulseaudio/.*jar
+pulseaudio/*.jar
pulse-java.jar
hotspot.tar.gz
ports/hotspot/src/cpu/zero/vm/bytecodes_arm.s
+
+syntax:regexp
+openjdk
diff -r d48a4f542e7d -r 6728bebba215 ChangeLog
--- a/ChangeLog Tue Mar 30 23:04:54 2010 +0100
+++ b/ChangeLog Tue Mar 30 23:57:15 2010 +0100
@@ -1,3 +1,25 @@ 2009-03-30 Andrew John Hughes <ahughes
+2009-09-03 Andrew John Hughes <ahughes at redhat.com>
+
+ PR icedtea/356
+ * HACKING: Updated.
+ * Makefile.am:
+ Add two new patches. Copy nss.cfg to jre/lib/security if
+ NSS is enabled.
+ * configure.ac:Check for NSS and set NSS_LIBDIR
+ and ENABLE_NSS if found.
+ * nss.cfg.in: Template for the nss configuration file.
+ * patches/icedtea-nss-6763530.patch:
+ Fix for Sun bug 6763530 which is triggered by newer
+ versions of NSS.
+ * patches/icedtea-nss-config.patch: Patch java.security
+ with the PCKS11 provider configuration.
+
+2009-03-30 Andrew John Hughes <ahughes at redhat.com>
+
+ * .hgignore:
+ Remove broken regexp usage which hides too
+ many files.
+
2009-03-30 Andrew John Hughes <ahughes at redhat.com>
* patches/icedtea-systemtap.patch:
diff -r d48a4f542e7d -r 6728bebba215 HACKING
--- a/HACKING Tue Mar 30 23:04:54 2010 +0100
+++ b/HACKING Tue Mar 30 23:57:15 2010 +0100
@@ -124,7 +124,9 @@ The following patches are only applied t
since b22 was from "before hg".
* icedtea-dnd-filelists.patch: Fix drag and drop behaviour when dragging a file list between JVMs (S5079469). Backported from OpenJDK.
* icedtea-signed-types-hot6.patch: Make use of unsigned/signed types explicit.
-* openjdk/6648816.patch: Backport of regression (NPE) fix in AccessControlContext
+* openjdk/6648816.patch: Backport of regression (NPE) fix in AccessControlContext (PR364/S6648816)
+* icedtea-nss-config.patch: Add the NSS PKCS11 security provider. (PR356)
+* icedtea-nss-6763530.patch: Fix PKCS11 provider when used with newer version of NSS (>=3.12.3) (PR356, S6763530).
The following patches are only applied to OpenJDK in IcedTea:
diff -r d48a4f542e7d -r 6728bebba215 Makefile.am
--- a/Makefile.am Tue Mar 30 23:04:54 2010 +0100
+++ b/Makefile.am Tue Mar 30 23:57:15 2010 +0100
@@ -723,6 +723,11 @@ ICEDTEA_PATCHES += patches/hotspot/$(HSB
ICEDTEA_PATCHES += patches/hotspot/$(HSBUILD)/systemtap.patch
endif
+if ENABLE_NSS
+ICEDTEA_PATCHES += patches/icedtea-nss-config.patch \
+ patches/icedtea-nss-6763530.patch
+endif
+
ICEDTEA_PATCHES += \
patches/icedtea-demo-swingapplet.patch \
patches/icedtea-awt-window-size.patch \
@@ -1283,6 +1288,10 @@ if ENABLE_SYSTEMTAP
cp $(abs_top_builddir)/tapset/jstack.stp \
$(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp
endif
+if ENABLE_NSS
+ cp $(abs_top_builddir)/nss.cfg \
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security;
+endif
@echo "IcedTea is served:" $(BUILD_OUTPUT_DIR)
mkdir -p stamps
touch stamps/icedtea.stamp
@@ -1375,6 +1384,10 @@ if ENABLE_SYSTEMTAP
fi; \
cp $(abs_top_builddir)/tapset/jstack.stp \
$(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp
+endif
+if ENABLE_NSS
+ cp $(abs_top_builddir)/nss.cfg \
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security;
endif
@echo "IcedTea (debug build) is served:" \
$(BUILD_OUTPUT_DIR)-debug
diff -r d48a4f542e7d -r 6728bebba215 configure.ac
--- a/configure.ac Tue Mar 30 23:04:54 2010 +0100
+++ b/configure.ac Tue Mar 30 23:57:15 2010 +0100
@@ -156,6 +156,14 @@ AC_ARG_ENABLE([systemtap],
[ENABLE_SYSTEMTAP="${enableval}"], [ENABLE_SYSTEMTAP='no'])
AM_CONDITIONAL([ENABLE_SYSTEMTAP], [test x$ENABLE_SYSTEMTAP = xyes])
AC_MSG_RESULT(${ENABLE_SYSTEMTAP})
+
+AC_MSG_CHECKING([whether to include the NSS-based security provider])
+AC_ARG_ENABLE([nss],
+ [AS_HELP_STRING([--enable-nss],
+ [Enable inclusion of NSS security provider])],
+ [ENABLE_NSS="${enableval}"], [ENABLE_NSS='no'])
+AM_CONDITIONAL([ENABLE_NSS], [test x$ENABLE_NSS = xyes])
+AC_MSG_RESULT(${ENABLE_NSS})
AC_MSG_CHECKING(how many parallel build jobs to execute)
AC_ARG_WITH([parallel-jobs],
@@ -525,6 +533,18 @@ return EXIT_SUCCESS;
AC_SUBST(MOZILLA_VERSION_COLLAPSED, $xulrunner_cv_collapsed_version)
fi
+if test "x${ENABLE_NSS}" = "xyes"
+then
+ PKG_CHECK_MODULES(NSS, nss, [NSS_FOUND=yes], [NSS_FOUND=no])
+ if test "x${NSS_FOUND}" = xno
+ then
+ AC_MSG_ERROR([Could not find NSS. Either install it or configure using --disable-nss.])
+ fi
+ NSS_LIBDIR=`$PKG_CONFIG --variable=libdir nss`
+ AC_SUBST(NSS_LIBDIR)
+ AC_CONFIG_FILES([nss.cfg])
+fi
+
AC_MSG_CHECKING(for --with-additional-vms)
AC_ARG_WITH(additional-vms,
AC_HELP_STRING([--with-additional-vms=vm-list], [build additional virtual machines. Valid value is a comma separated string with the backend names `cacao', `zero' and `shark'.]),
diff -r d48a4f542e7d -r 6728bebba215 nss.cfg.in
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nss.cfg.in Tue Mar 30 23:57:15 2010 +0100
@@ -0,0 +1,4 @@
+name = NSS
+nssLibraryDirectory = @NSS_LIBDIR@
+nssDbMode = noDb
+attributes = compatibility
diff -r d48a4f542e7d -r 6728bebba215 patches/icedtea-nss-6763530.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-nss-6763530.patch Tue Mar 30 23:57:15 2010 +0100
@@ -0,0 +1,55 @@
+diff -r 1f83d4e42eda src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Mon Aug 31 12:55:15 2009 +0900
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Thu Sep 03 18:47:40 2009 +0100
+@@ -40,6 +40,8 @@
+ import sun.security.pkcs11.wrapper.*;
+ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+
++import sun.security.util.DerValue;
++
+ /**
+ * EC KeyFactory implemenation.
+ *
+@@ -201,7 +203,14 @@
+
+ private PublicKey generatePublic(ECPoint point, ECParameterSpec params) throws PKCS11Exception {
+ byte[] encodedParams = ECParameters.encodeParameters(params);
+- byte[] encodedPoint = ECParameters.encodePoint(point, params.getCurve());
++ DerValue pkECPoint = new DerValue(DerValue.tag_OctetString,
++ ECParameters.encodePoint(point, params.getCurve()));
++ byte[] encodedPoint = null;
++ try {
++ encodedPoint = pkECPoint.toByteArray();
++ } catch (IOException e) {
++ throw new IllegalArgumentException("Could not DER encode point", e);
++ }
+ CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
+ new CK_ATTRIBUTE(CKA_CLASS, CKO_PUBLIC_KEY),
+ new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_EC),
+diff -r 1f83d4e42eda src/share/classes/sun/security/pkcs11/P11Key.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Mon Aug 31 12:55:15 2009 +0900
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Thu Sep 03 18:47:40 2009 +0100
+@@ -44,6 +44,8 @@
+ import sun.security.pkcs11.wrapper.*;
+ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+
++import sun.security.util.DerValue;
++
+ /**
+ * Key implementation classes.
+ *
+@@ -1014,10 +1016,13 @@
+ };
+ fetchAttributes(attributes);
+ try {
++ DerValue wECPoint = new DerValue(attributes[0].getByteArray());
++ if (wECPoint.getTag() != DerValue.tag_OctetString)
++ throw new IOException("Unexpected tag: " + wECPoint.getTag());
+ params = P11ECKeyFactory.decodeParameters
+ (attributes[1].getByteArray());
+ w = P11ECKeyFactory.decodePoint
+- (attributes[0].getByteArray(), params.getCurve());
++ (wECPoint.getDataBytes(), params.getCurve());
+ } catch (Exception e) {
+ throw new RuntimeException("Could not parse key values", e);
+ }
diff -r d48a4f542e7d -r 6728bebba215 patches/icedtea-nss-config.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/icedtea-nss-config.patch Tue Mar 30 23:57:15 2010 +0100
@@ -0,0 +1,10 @@
+--- openjdk.orig/jdk/src/share/lib/security/java.security 2009-08-25 11:43:59.000000000 +0100
++++ openjdk/jdk/src/share/lib/security/java.security 2009-08-27 14:23:54.000000000 +0100
+@@ -51,6 +51,7 @@
+ security.provider.6=com.sun.security.sasl.Provider
+ security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
+ security.provider.8=sun.security.smartcardio.SunPCSC
++security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
+
+ #
+ # Select the source of seed data for SecureRandom. By default an
More information about the distro-pkg-dev
mailing list