/hg/icedtea6: Add backports from IcedTea 2.x & OpenJDK 8
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Jul 22 12:27:31 UTC 2015
changeset 4c54ff50c546 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=4c54ff50c546
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Jul 22 13:27:06 2015 +0100
Add backports from IcedTea 2.x & OpenJDK 8
Backports
- PR2488, CVE-2015-4000: Make jdk8 mode the default for jdk.tls.ephemeralDHKeySize
- S4890063, PR2306, RH1214835: HPROF: default text truncated when using doe=n option
- S6562614, PR2555: Compiler warnings for gettimeofday in Inet4/Inet6AddressImpl.c
- S6956398, PR2486: make ephemeral DH key match the length of the certificate key
- S6989466, PR2555: Miscellaneous compiler warnings in java/lang, java/util, java/io, sun/misc native code
- S6991580, PR2309: IPv6 Nameservers in resolv.conf throws NumberFormatException
- S6997561, PR2479: A request for better error handling in JNDI
- S7007905, PR2298: javazic produces wrong line numbers
- S7017176, PR2479: Several JNDI tests are mssing GPL header
- S7058708, PR2298: Eliminate JDK build tools build warnings
- S7069870, PR2298: Parts of the JDK erroneously rely on generic array initializers with diamond
- S7090844, PR2298: Support a timezone whose offset is changed more than once in the future
- S7094377, PR2479: Com.sun.jndi.ldap.read.timeout doesn't work with ldaps.
- S7133138, PR2298: Improve io performance around timezone lookups
- S7170638, PR2495: Use DTRACE_PROBE[N] in JNI Set and SetStatic Field.
- S8000487, PR2479: Java JNDI connection library on ldap conn is not honoring configured timeout
- S8011709, PR2510: [parfait] False positive: memory leak in jdk/src/share/native/sun/font/layout/CanonShaping.cpp
- S8023052, PR2510: JVM crash in native layout
- S8039921, PR2468: SHA1WithDSA with key > 1024 bits not working
- S8041451, PR2480: com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request
- S8042855, PR2510: [parfait] Potential null pointer dereference in IndicLayoutEngine.cpp
- S8042857, PR2479: 14 stuck threads waiting for notification on LDAPRequest
- S8065238, PR2479: javax.naming.NamingException after upgrade to JDK 8
- S8074761, PR2469: Empty optional parameters of LDAP query are not interpreted as empty
- S8078654, PR2334: CloseTTFontFileFunc callback should be removed
- S8078666, PR2327: JVM fastdebug build compiled with GCC 5 asserts with "widen increases"
- S8081315, PR2406: Avoid giflib interlacing workaround with giflib 5.0.0 on
- S8081475, PR2495: SystemTap does not work when JDK is compiled with GCC 5
- S8087120, RH1206656, PR2554: [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms.
- PR2319: Checksum of policy JAR files changes on every build
- PR2460: Policy JAR files should be timestamped with the date of the policy file they hold
- PR2481, RH489586, RH1236619: OpenJDK can't handle spaces in zone names in /etc/sysconfig/clock
- PR2486: JSSE server is still limited to 768-bit DHE
diffstat:
ChangeLog | 42 +
Makefile.am | 38 +-
NEWS | 34 +
patches/hotspot/hs23/systemtap.patch | 140 -
patches/openjdk/4890063-hprof_truncation.patch | 20 +
patches/openjdk/6562615-compiler_warnings.patch | 33 +
patches/openjdk/6956398-ephemeraldhkeysize.patch | 760 ++
patches/openjdk/6989466-compiler_warnings.patch | 405 +
patches/openjdk/6991580-ipv6_nameservers.patch | 137 +
patches/openjdk/6997561-better_jndi_error_handling.patch | 143 +
patches/openjdk/7007905-javazic_line_numbers.patch | 20 +
patches/openjdk/7017176-missing_gpl_headers.patch | 129 +
patches/openjdk/7058708-javazic_warnings.patch | 2586 ++++++++++
patches/openjdk/7069870-generic_array_initializers.patch | 24 +
patches/openjdk/7090844-support_multi_offset_change_timezones.patch | 50 +
patches/openjdk/7094377-ldaps_timeout.patch | 162 +
patches/openjdk/7133138-timezone_io_improvement.patch | 205 +
patches/openjdk/7170638-systemtap.patch | 292 +
patches/openjdk/8000487-jndi_connection_not_honouring_timeout.patch | 720 ++
patches/openjdk/8011709-canonshaping_memory_leak.patch | 29 +
patches/openjdk/8023052-jvm_crash_in_native_layout.patch | 23 +
patches/openjdk/8039921-sha1_1024plus.patch | 87 +
patches/openjdk/8041451-ldap_read_timeout_abandon.patch | 21 +
patches/openjdk/8042855-indiclayoutengine_null_dereference.patch | 51 +
patches/openjdk/8042857-14_stuck_threads_on_ldaprequest.patch | 127 +
patches/openjdk/8065238-ldap_namingexception_8041451_regression.patch | 611 ++
patches/openjdk/8074761-ldap_empty_optional_params.patch | 168 +
patches/openjdk/8078654-closettfontfilefunc.patch | 42 +
patches/openjdk/8078666-widen_increases.patch | 45 +
patches/openjdk/8081315-giflib_interlacing.patch | 72 +
patches/openjdk/8081475-systemtap-gcc5.patch | 24 +
patches/openjdk/8087120-zero_gcc5.patch | 24 +
patches/pr2319-policy_jar_checksum.patch | 103 +
patches/pr2460-policy_jar_timestamp.patch | 108 +
patches/pr2481_sysconfig_clock_spaces.patch | 67 +
patches/pr2486-768_dh.patch | 52 +
patches/pr2488-1024_dh.patch | 53 +
37 files changed, 7504 insertions(+), 143 deletions(-)
diffs (truncated from 7829 to 500 lines):
diff -r 0a4af164d620 -r 4c54ff50c546 ChangeLog
--- a/ChangeLog Thu Apr 16 03:37:09 2015 +0100
+++ b/ChangeLog Wed Jul 22 13:27:06 2015 +0100
@@ -1,3 +1,45 @@
+2015-07-22 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * patches/hotspot/hs23/systemtap.patch:
+ Removed; replaced by backport of upstream version.
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add patches below. Swap
+ old SystemTap patch for a backport of 7170638.
+ * NEWS: Updated.
+ * patches/openjdk/4890063-hprof_truncation.patch,
+ * patches/openjdk/6562615-compiler_warnings.patch,
+ * patches/openjdk/6956398-ephemeraldhkeysize.patch,
+ * patches/openjdk/6989466-compiler_warnings.patch,
+ * patches/openjdk/6991580-ipv6_nameservers.patch,
+ * patches/openjdk/6997561-better_jndi_error_handling.patch,
+ * patches/openjdk/7007905-javazic_line_numbers.patch,
+ * patches/openjdk/7017176-missing_gpl_headers.patch,
+ * patches/openjdk/7058708-javazic_warnings.patch,
+ * patches/openjdk/7069870-generic_array_initializers.patch,
+ * patches/openjdk/7090844-support_multi_offset_change_timezones.patch,
+ * patches/openjdk/7094377-ldaps_timeout.patch,
+ * patches/openjdk/7133138-timezone_io_improvement.patch,
+ * patches/openjdk/7170638-systemtap.patch,
+ * patches/openjdk/8000487-jndi_connection_not_honouring_timeout.patch,
+ * patches/openjdk/8011709-canonshaping_memory_leak.patch,
+ * patches/openjdk/8023052-jvm_crash_in_native_layout.patch,
+ * patches/openjdk/8039921-sha1_1024plus.patch,
+ * patches/openjdk/8041451-ldap_read_timeout_abandon.patch,
+ * patches/openjdk/8042855-indiclayoutengine_null_dereference.patch,
+ * patches/openjdk/8042857-14_stuck_threads_on_ldaprequest.patch,
+ * patches/openjdk/8065238-ldap_namingexception_8041451_regression.patch,
+ * patches/openjdk/8074761-ldap_empty_optional_params.patch,
+ * patches/openjdk/8078654-closettfontfilefunc.patch,
+ * patches/openjdk/8078666-widen_increases.patch,
+ * patches/openjdk/8081315-giflib_interlacing.patch,
+ * patches/openjdk/8081475-systemtap-gcc5.patch,
+ * patches/openjdk/8087120-zero_gcc5.patch,
+ * patches/pr2319-policy_jar_checksum.patch,
+ * patches/pr2460-policy_jar_timestamp.patch,
+ * patches/pr2481_sysconfig_clock_spaces.patch,
+ * patches/pr2486-768_dh.patch,
+ * patches/pr2488-1024_dh.patch: Added.
+
2015-04-16 Andrew John Hughes <gnu.andrew at redhat.com>
* NEWS: Add 1.13.7 release notes.
diff -r 0a4af164d620 -r 4c54ff50c546 Makefile.am
--- a/Makefile.am Thu Apr 16 03:37:09 2015 +0100
+++ b/Makefile.am Wed Jul 22 13:27:06 2015 +0100
@@ -612,7 +612,38 @@
patches/pr2197-jhat_man_page_url.patch \
patches/pr2201-support_giflib_5.1.patch \
patches/pr2211-check_dgifclosefile_return.patch \
- patches/pr2226-support_future_giflib_6_and_up.patch
+ patches/pr2226-support_future_giflib_6_and_up.patch \
+ patches/openjdk/4890063-hprof_truncation.patch \
+ patches/openjdk/6562615-compiler_warnings.patch \
+ patches/openjdk/6956398-ephemeraldhkeysize.patch \
+ patches/openjdk/6989466-compiler_warnings.patch \
+ patches/openjdk/6991580-ipv6_nameservers.patch \
+ patches/openjdk/7007905-javazic_line_numbers.patch \
+ patches/openjdk/7058708-javazic_warnings.patch \
+ patches/openjdk/7069870-generic_array_initializers.patch \
+ patches/openjdk/7090844-support_multi_offset_change_timezones.patch \
+ patches/openjdk/7133138-timezone_io_improvement.patch \
+ patches/openjdk/8011709-canonshaping_memory_leak.patch \
+ patches/openjdk/8023052-jvm_crash_in_native_layout.patch \
+ patches/openjdk/8039921-sha1_1024plus.patch \
+ patches/openjdk/8041451-ldap_read_timeout_abandon.patch \
+ patches/openjdk/8042855-indiclayoutengine_null_dereference.patch \
+ patches/openjdk/7094377-ldaps_timeout.patch \
+ patches/openjdk/6997561-better_jndi_error_handling.patch \
+ patches/openjdk/7017176-missing_gpl_headers.patch \
+ patches/openjdk/8000487-jndi_connection_not_honouring_timeout.patch \
+ patches/openjdk/8042857-14_stuck_threads_on_ldaprequest.patch \
+ patches/openjdk/8065238-ldap_namingexception_8041451_regression.patch \
+ patches/openjdk/8074761-ldap_empty_optional_params.patch \
+ patches/openjdk/8078654-closettfontfilefunc.patch \
+ patches/openjdk/8078666-widen_increases.patch \
+ patches/openjdk/8081315-giflib_interlacing.patch \
+ patches/openjdk/8087120-zero_gcc5.patch \
+ patches/pr2319-policy_jar_checksum.patch \
+ patches/pr2460-policy_jar_timestamp.patch \
+ patches/pr2481_sysconfig_clock_spaces.patch \
+ patches/pr2486-768_dh.patch \
+ patches/pr2488-1024_dh.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
@@ -646,9 +677,10 @@
endif
if ENABLE_SYSTEMTAP
-ICEDTEA_PATCHES += patches/hotspot/hs23/systemtap.patch \
+ICEDTEA_PATCHES += patches/openjdk/7170638-systemtap.patch \
patches/hotspot/hs23/systemtap_gc.patch \
- patches/hotspot/hs23/systemtap-alloc-size-workaround.patch
+ patches/hotspot/hs23/systemtap-alloc-size-workaround.patch \
+ patches/openjdk/8081475-systemtap-gcc5.patch
endif
if BUILD_JAMVM
diff -r 0a4af164d620 -r 4c54ff50c546 NEWS
--- a/NEWS Thu Apr 16 03:37:09 2015 +0100
+++ b/NEWS Wed Jul 22 13:27:06 2015 +0100
@@ -14,17 +14,51 @@
New in release 1.14.0 (201X-XX-XX):
+* Security fixes
+ - PR2488, CVE-2015-4000: Make jdk8 mode the default for jdk.tls.ephemeralDHKeySize
* Backports
+ - S4890063, PR2306, RH1214835: HPROF: default text truncated when using doe=n option
+ - S6562614, PR2555: Compiler warnings for gettimeofday in Inet4/Inet6AddressImpl.c
- S6611637: NullPointerException in sun.font.GlyphLayout$EngineRecord.init
- S6727719: Performance of TextLayout.getBounds()
- S6745225: Memory leak while drawing Attributed String
- S6904962: GlyphVector.getVisualBounds should not be affected by leading or trailing white space.
+ - S6956398, PR2486: make ephemeral DH key match the length of the certificate key
+ - S6989466, PR2555: Miscellaneous compiler warnings in java/lang, java/util, java/io, sun/misc native code
+ - S6991580, PR2309: IPv6 Nameservers in resolv.conf throws NumberFormatException
+ - S6997561, PR2479: A request for better error handling in JNDI
+ - S7007905, PR2298: javazic produces wrong line numbers
+ - S7017176, PR2479: Several JNDI tests are mssing GPL header
+ - S7058708, PR2298: Eliminate JDK build tools build warnings
+ - S7069870, PR2298: Parts of the JDK erroneously rely on generic array initializers with diamond
+ - S7090844, PR2298: Support a timezone whose offset is changed more than once in the future
+ - S7094377, PR2479: Com.sun.jndi.ldap.read.timeout doesn't work with ldaps.
+ - S7133138, PR2298: Improve io performance around timezone lookups
- S7151089: PS NUMA: NUMA allocator should not attempt to free pages when using SHM large pages
+ - S7170638, PR2495: Use DTRACE_PROBE[N] in JNI Set and SetStatic Field.
+ - S8000487, PR2479: Java JNDI connection library on ldap conn is not honoring configured timeout
+ - S8011709, PR2510: [parfait] False positive: memory leak in jdk/src/share/native/sun/font/layout/CanonShaping.cpp
- S8013057: Detect mmap() commit failures in Linux and Solaris os::commit_memory() impls and call vm_exit_out_of_memory()
+ - S8023052, PR2510: JVM crash in native layout
- S8026887: Make issues due to failed large pages allocations easier to debug
+ - S8039921, PR2468: SHA1WithDSA with key > 1024 bits not working
+ - S8041451, PR2480: com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request
+ - S8042855, PR2510: [parfait] Potential null pointer dereference in IndicLayoutEngine.cpp
+ - S8042857, PR2479: 14 stuck threads waiting for notification on LDAPRequest
+ - S8065238, PR2479: javax.naming.NamingException after upgrade to JDK 8
+ - S8074761, PR2469: Empty optional parameters of LDAP query are not interpreted as empty
+ - S8078654, PR2334: CloseTTFontFileFunc callback should be removed
+ - S8078666, PR2327: JVM fastdebug build compiled with GCC 5 asserts with "widen increases"
+ - S8081315, PR2406: Avoid giflib interlacing workaround with giflib 5.0.0 on
+ - S8081475, PR2495: SystemTap does not work when JDK is compiled with GCC 5
+ - S8087120, RH1206656, PR2554: [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms.
* Bug fixes
- PR1886: IcedTea does not checksum supplied tarballs
- PR2083: Add support for building Zero on AArch64
+ - PR2319: Checksum of policy JAR files changes on every build
+ - PR2460: Policy JAR files should be timestamped with the date of the policy file they hold
+ - PR2481, RH489586, RH1236619: OpenJDK can't handle spaces in zone names in /etc/sysconfig/clock
+ - PR2486: JSSE server is still limited to 768-bit DHE
New in release 1.13.7 (2015-04-14):
diff -r 0a4af164d620 -r 4c54ff50c546 patches/hotspot/hs23/systemtap.patch
--- a/patches/hotspot/hs23/systemtap.patch Thu Apr 16 03:37:09 2015 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,140 +0,0 @@
-diff -Nru openjdk.orig/hotspot/make/linux/makefiles/dtrace.make openjdk/hotspot/make/linux/makefiles/dtrace.make
---- openjdk.orig/hotspot/make/linux/makefiles/dtrace.make 2012-02-22 14:54:31.000000000 +0000
-+++ openjdk/hotspot/make/linux/makefiles/dtrace.make 2012-03-18 18:54:13.482968139 +0000
-@@ -25,3 +25,7 @@
- # Linux does not build jvm_db
- LIBJVM_DB =
-
-+# But it does have a Systemtap dtrace compatible sys/sdt.h
-+CFLAGS += -DDTRACE_ENABLED
-+
-+# It doesn't support HAVE_DTRACE_H though.
-diff -Nru openjdk.orig/hotspot/src/share/vm/prims/jni.cpp openjdk/hotspot/src/share/vm/prims/jni.cpp
---- openjdk.orig/hotspot/src/share/vm/prims/jni.cpp 2012-02-22 14:54:31.000000000 +0000
-+++ openjdk/hotspot/src/share/vm/prims/jni.cpp 2012-03-18 18:54:13.502968466 +0000
-@@ -2818,10 +2818,7 @@
- JNI_QUICK_ENTRY(void, jni_Set##Result##Field(JNIEnv *env, jobject obj, jfieldID fieldID, Argument value)) \
- JNIWrapper("Set" XSTR(Result) "Field"); \
- \
-- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, Set##Result##Field__entry, \
-- ( JNIEnv*, jobject, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \
-- HS_DTRACE_PROBE_N(hotspot_jni, Set##Result##Field__entry, \
-- ( env, obj, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \
-+ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID, value),DTRACE_PROBE3(hotspot_jni, Set##Result##Field__entry, env, obj, fieldID)); \
- \
- oop o = JNIHandles::resolve_non_null(obj); \
- klassOop k = o->klass(); \
-@@ -3128,10 +3125,7 @@
- \
- JNI_ENTRY(void, jni_SetStatic##Result##Field(JNIEnv *env, jclass clazz, jfieldID fieldID, Argument value)) \
- JNIWrapper("SetStatic" XSTR(Result) "Field"); \
-- HS_DTRACE_PROBE_CDECL_N(hotspot_jni, SetStatic##Result##Field__entry,\
-- ( JNIEnv*, jclass, jfieldID FP_SELECT_##Result(COMMA Argument,/*empty*/) ) ); \
-- HS_DTRACE_PROBE_N(hotspot_jni, SetStatic##Result##Field__entry, \
-- ( env, clazz, fieldID FP_SELECT_##Result(COMMA value,/*empty*/) ) ); \
-+ FP_SELECT_##Result(DTRACE_PROBE4(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID, value),DTRACE_PROBE3(hotspot_jni, SetStatic##Result##Field__entry, env, clazz, fieldID)); \
- \
- JNIid* id = jfieldIDWorkaround::from_static_jfieldID(fieldID); \
- assert(id->is_static_field_id(), "invalid static field id"); \
---- openjdk.orig/hotspot/src/share/vm/utilities/dtrace.hpp 2012-02-22 15:54:31.000000000 +0100
-+++ openjdk/hotspot/src/share/vm/utilities/dtrace.hpp 2012-03-27 13:12:15.857491730 +0200
-@@ -1,5 +1,6 @@
- /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2009, 2012 Red Hat, Inc.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -32,12 +33,15 @@
- #define DTRACE_ONLY(x) x
- #define NOT_DTRACE(x)
-
-+#if defined(SOLARIS)
- // Work around dtrace tail call bug 6672627 until it is fixed in solaris 10.
- #define HS_DTRACE_WORKAROUND_TAIL_CALL_BUG() \
- do { volatile size_t dtrace_workaround_tail_call_bug = 1; } while (0)
-
--#if defined(SOLARIS)
- #define USDT1 1
-+#elif defined(LINUX)
-+#define USDT1 1
-+#define HS_DTRACE_WORKAROUND_TAIL_CALL_BUG()
- #elif defined(__APPLE__)
- #define USDT2 1
- #include <sys/types.h>
-@@ -63,6 +67,11 @@
- #define DTRACE_PROBE3(a,b,c,d,e) {;}
- #define DTRACE_PROBE4(a,b,c,d,e,f) {;}
- #define DTRACE_PROBE5(a,b,c,d,e,f,g) {;}
-+#define DTRACE_PROBE6(a,b,c,d,e,f,g,h) {;}
-+#define DTRACE_PROBE7(a,b,c,d,e,f,g,h,i) {;}
-+#define DTRACE_PROBE8(a,b,c,d,e,f,g,h,i,j) {;}
-+#define DTRACE_PROBE9(a,b,c,d,e,f,g,h,i,j,k) {;}
-+#define DTRACE_PROBE10(a,b,c,d,e,f,g,h,i,j,k,l) {;}
-
- #else /* USDT2 */
-
-@@ -76,10 +85,19 @@
- #define HS_DTRACE_PROBE_FN(provider,name)\
- __dtrace_##provider##___##name
-
-+#ifdef SOLARIS
-+// Solaris dtrace needs actual extern function decls.
- #define HS_DTRACE_PROBE_DECL_N(provider,name,args) \
- DTRACE_ONLY(extern "C" void HS_DTRACE_PROBE_FN(provider,name) args)
- #define HS_DTRACE_PROBE_CDECL_N(provider,name,args) \
- DTRACE_ONLY(extern void HS_DTRACE_PROBE_FN(provider,name) args)
-+#elif defined(LINUX)
-+// Systemtap dtrace compatible probes on GNU/Linux don't.
-+#define HS_DTRACE_PROBE_DECL_N(provider,name,args)
-+#define HS_DTRACE_PROBE_CDECL_N(provider,name,args)
-+#else
-+#error "USDT1 enabled for unknown os"
-+#endif
-
- /* Dtrace probe declarations */
- #define HS_DTRACE_PROBE_DECL(provider,name) \
-@@ -118,6 +136,8 @@
- uintptr_t,uintptr_t,uintptr_t))
-
- /* Dtrace probe definitions */
-+#if defined(SOLARIS)
-+// Solaris dtrace uses actual function calls.
- #define HS_DTRACE_PROBE_N(provider,name, args) \
- DTRACE_ONLY(HS_DTRACE_PROBE_FN(provider,name) args)
-
-@@ -153,6 +173,34 @@
- HS_DTRACE_PROBE_N(provider,name,((uintptr_t)a0,(uintptr_t)a1,(uintptr_t)a2,\
- (uintptr_t)a3,(uintptr_t)a4,(uintptr_t)a5,(uintptr_t)a6,(uintptr_t)a7,\
- (uintptr_t)a8,(uintptr_t)a9))
-+#elif defined(LINUX)
-+// Systemtap dtrace compatible probes on GNU/Linux use direct macros.
-+#define HS_DTRACE_PROBE(provider,name) HS_DTRACE_PROBE0(provider,name)
-+#define HS_DTRACE_PROBE0(provider,name)\
-+ DTRACE_PROBE(provider,name)
-+#define HS_DTRACE_PROBE1(provider,name,a0)\
-+ DTRACE_PROBE1(provider,name,a0)
-+#define HS_DTRACE_PROBE2(provider,name,a0,a1)\
-+ DTRACE_PROBE2(provider,name,a0,a1)
-+#define HS_DTRACE_PROBE3(provider,name,a0,a1,a2)\
-+ DTRACE_PROBE3(provider,name,a0,a1,a2)
-+#define HS_DTRACE_PROBE4(provider,name,a0,a1,a2,a3)\
-+ DTRACE_PROBE4(provider,name,a0,a1,a2,a3)
-+#define HS_DTRACE_PROBE5(provider,name,a0,a1,a2,a3,a4)\
-+ DTRACE_PROBE5(provider,name,a0,a1,a2,a3,a4)
-+#define HS_DTRACE_PROBE6(provider,name,a0,a1,a2,a3,a4,a5)\
-+ DTRACE_PROBE6(provider,name,a0,a1,a2,a3,a4,a5)
-+#define HS_DTRACE_PROBE7(provider,name,a0,a1,a2,a3,a4,a5,a6)\
-+ DTRACE_PROBE7(provider,name,a0,a1,a2,a3,a4,a5,a6)
-+#define HS_DTRACE_PROBE8(provider,name,a0,a1,a2,a3,a4,a5,a6,a7)\
-+ DTRACE_PROBE8(provider,name,a0,a1,a2,a3,a4,a5,a6,a7)
-+#define HS_DTRACE_PROBE9(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)\
-+ DTRACE_PROBE9(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)
-+#define HS_DTRACE_PROBE10(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)\
-+ DTRACE_PROBE10(provider,name,a0,a1,a2,a3,a4,a5,a6,a7,a8)
-+#else
-+#error "USDT1 enabled for unknown os"
-+#endif
-
- #endif /* !USDT2 */
-
diff -r 0a4af164d620 -r 4c54ff50c546 patches/openjdk/4890063-hprof_truncation.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/4890063-hprof_truncation.patch Wed Jul 22 13:27:06 2015 +0100
@@ -0,0 +1,20 @@
+# HG changeset patch
+# User andrew
+# Date 1429893959 -3600
+# Fri Apr 24 17:45:59 2015 +0100
+# Node ID 4e3ea67d3b694f3a67c367b305820f5e14fae105
+# Parent 7014c4be418d9b64c6bae792f41eb788f1ad9ac1
+4890063, PR2306, RH1214835: HPROF: default text truncated when using doe=n option
+
+diff -r 7014c4be418d -r 4e3ea67d3b69 src/share/demo/jvmti/hprof/hprof_init.c
+--- openjdk/jdk/src/share/demo/jvmti/hprof/hprof_init.c Wed Apr 15 00:49:12 2015 +0100
++++ openjdk/jdk/src/share/demo/jvmti/hprof/hprof_init.c Fri Apr 24 17:45:59 2015 +0100
+@@ -1361,7 +1361,7 @@
+ } rawMonitorExit(gdata->dump_lock);
+
+ /* Dump everything if we need to */
+- if (gdata->dump_on_exit && need_to_dump) {
++ if (gdata->dump_on_exit || need_to_dump) {
+
+ dump_all_data(env);
+ }
diff -r 0a4af164d620 -r 4c54ff50c546 patches/openjdk/6562615-compiler_warnings.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/6562615-compiler_warnings.patch Wed Jul 22 13:27:06 2015 +0100
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User andrew
+# Date 1247326988 -3600
+# Sat Jul 11 16:43:08 2009 +0100
+# Node ID 880896883a4757145a278ecb55e6b730124a2e47
+# Parent 6f26e2e5f4f3eb6722541d37007739b174de5142
+6562614, PR2555: Compiler warnings for gettimeofday in Inet4/Inet6AddressImpl.c
+Summary: Add missing header to remove compiler warnings.
+Reviewed-by: martin
+Contributed-by: Matthew Flaschen <matthew.flaschen at gatech.edu>
+
+diff -r 6f26e2e5f4f3 -r 880896883a47 src/solaris/native/java/net/Inet4AddressImpl.c
+--- openjdk/jdk/src/solaris/native/java/net/Inet4AddressImpl.c Fri Jul 10 17:27:13 2009 +0800
++++ openjdk/jdk/src/solaris/native/java/net/Inet4AddressImpl.c Sat Jul 11 16:43:08 2009 +0100
+@@ -24,6 +24,7 @@
+ */
+
+ #include <errno.h>
++#include <sys/time.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netinet/in_systm.h>
+diff -r 6f26e2e5f4f3 -r 880896883a47 src/solaris/native/java/net/Inet6AddressImpl.c
+--- openjdk/jdk/src/solaris/native/java/net/Inet6AddressImpl.c Fri Jul 10 17:27:13 2009 +0800
++++ openjdk/jdk/src/solaris/native/java/net/Inet6AddressImpl.c Sat Jul 11 16:43:08 2009 +0100
+@@ -24,6 +24,7 @@
+ */
+
+ #include <errno.h>
++#include <sys/time.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
diff -r 0a4af164d620 -r 4c54ff50c546 patches/openjdk/6956398-ephemeraldhkeysize.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/6956398-ephemeraldhkeysize.patch Wed Jul 22 13:27:06 2015 +0100
@@ -0,0 +1,760 @@
+# HG changeset patch
+# User xuelei
+# Date 1428081992 -3600
+# Fri Apr 03 18:26:32 2015 +0100
+# Node ID e7690bee9a7722b20bde481fb2da0bb6b903a258
+# Parent bf4c2a6c354db2c6b6d036908749a27eef1c5968
+6956398, PR2486: make ephemeral DH key match the length of the certificate key
+Reviewed-by: weijun
+
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java 2015-04-10 16:39:22.000000000 +0100
++++ openjdk/jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java 2015-07-22 02:13:30.458962919 +0100
+@@ -47,6 +47,8 @@
+
+ import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
+
++import sun.security.util.KeyUtil;
++import sun.security.action.GetPropertyAction;
+ import sun.security.ssl.HandshakeMessage.*;
+ import sun.security.ssl.CipherSuite.*;
+ import static sun.security.ssl.CipherSuite.*;
+@@ -97,6 +99,50 @@
+
+ private SupportedEllipticCurvesExtension supportedCurves;
+
++ // Flag to use smart ephemeral DH key which size matches the corresponding
++ // authentication key
++ private static final boolean useSmartEphemeralDHKeys;
++
++ // Flag to use legacy ephemeral DH key which size is 512 bits for
++ // exportable cipher suites, and 768 bits for others
++ private static final boolean useLegacyEphemeralDHKeys;
++
++ // The customized ephemeral DH key size for non-exportable cipher suites.
++ private static final int customizedDHKeySize;
++
++ static {
++ String property = AccessController.doPrivileged(
++ new GetPropertyAction("jdk.tls.ephemeralDHKeySize"));
++ if (property == null || property.length() == 0) {
++ useLegacyEphemeralDHKeys = false;
++ useSmartEphemeralDHKeys = false;
++ customizedDHKeySize = -1;
++ } else if ("matched".equals(property)) {
++ useLegacyEphemeralDHKeys = false;
++ useSmartEphemeralDHKeys = true;
++ customizedDHKeySize = -1;
++ } else if ("legacy".equals(property)) {
++ useLegacyEphemeralDHKeys = true;
++ useSmartEphemeralDHKeys = false;
++ customizedDHKeySize = -1;
++ } else {
++ useLegacyEphemeralDHKeys = false;
++ useSmartEphemeralDHKeys = false;
++
++ try {
++ customizedDHKeySize = parseUnsignedInt(property);
++ if (customizedDHKeySize < 1024 || customizedDHKeySize > 2048) {
++ throw new IllegalArgumentException(
++ "Customized DH key size should be positive integer " +
++ "between 1024 and 2048 bits, inclusive");
++ }
++ } catch (NumberFormatException nfe) {
++ throw new IllegalArgumentException(
++ "Invalid system property jdk.tls.ephemeralDHKeySize");
++ }
++ }
++ }
++
+ /*
+ * Constructor ... use the keys found in the auth context.
+ */
+@@ -875,7 +921,7 @@
+ return false;
+ }
+ } else if (keyExchange == K_DHE_RSA) {
+- setupEphemeralDHKeys(suite.exportable);
++ setupEphemeralDHKeys(suite.exportable, privateKey);
+ } else if (keyExchange == K_ECDHE_RSA) {
+ if (setupEphemeralECDHKeys() == false) {
+ return false;
+@@ -887,7 +933,8 @@
+ if (setupPrivateKeyAndChain("DSA") == false) {
+ return false;
+ }
+- setupEphemeralDHKeys(suite.exportable);
++
++ setupEphemeralDHKeys(suite.exportable, privateKey);
+ break;
+ case K_ECDHE_ECDSA:
+ // need EC cert signed using EC
+@@ -921,7 +968,7 @@
+ break;
+ case K_DH_ANON:
+ // no certs needed for anonymous
+- setupEphemeralDHKeys(suite.exportable);
++ setupEphemeralDHKeys(suite.exportable, null);
+ break;
+ case K_ECDH_ANON:
+ // no certs needed for anonymous
+@@ -962,15 +1009,70 @@
+ * Acquire some "ephemeral" Diffie-Hellman keys for this handshake.
+ * We don't reuse these, for improved forward secrecy.
+ */
+- private void setupEphemeralDHKeys(boolean export) {
++ private void setupEphemeralDHKeys(boolean export, Key key) {
+ /*
+- * Diffie-Hellman keys ... we use 768 bit private keys due
+- * to the "use twice as many key bits as bits you want secret"
+- * rule of thumb, assuming we want the same size premaster
+- * secret with Diffie-Hellman and RSA key exchanges. Except
+- * that exportable ciphers max out at 512 bits modulus values.
++ * 768 bits ephemeral DH private keys were used to be used in
++ * ServerKeyExchange except that exportable ciphers max out at 512
++ * bits modulus values. We still adhere to this behavior in legacy
++ * mode (system property "jdk.tls.ephemeralDHKeySize" is defined
++ * as "legacy").
++ *
++ * Old JDK (JDK 7 and previous) releases don't support DH keys bigger
++ * than 1024 bits. We have to consider the compatibility requirement.
++ * 1024 bits DH key is always used for non-exportable cipher suites
++ * in default mode (system property "jdk.tls.ephemeralDHKeySize"
++ * is not defined).
++ *
++ * However, if applications want more stronger strength, setting
++ * system property "jdk.tls.ephemeralDHKeySize" to "matched"
++ * is a workaround to use ephemeral DH key which size matches the
++ * corresponding authentication key. For example, if the public key
++ * size of an authentication certificate is 2048 bits, then the
++ * ephemeral DH key size should be 2048 bits accordingly unless
++ * the cipher suite is exportable. This key sizing scheme keeps
More information about the distro-pkg-dev
mailing list