community/openjdk8: update to IcedTea 3.14.0 / OpenJDK 8u232

Update openjdk8 pacakge to 8.232.09 / icedtea 3.14.0 - drop icedtea-jdk-tls-nist-curves.patch (applied upstream) - refresh icedtea-hotspot-musl.patch to apply against 3.14.0
author: tony mancill <tmancill@debian.org> 2019-11-20 16:10:47 -0800
committer: Natanael Copa <ncopa@alpinelinux.org> 2020-01-29 11:11:08 +0100
commit: 8b123517553dd682d6be9f5e6798a4681c90da7e (patch)
tree: b21b3efd93ca19774abbb1ea774a070e20b1756d /community
parent: 37674ae79d4a86d8c65e91229951ff777ec29540 (diff)
download: aports-8b123517553dd682d6be9f5e6798a4681c90da7e.tar.bz2
aports-8b123517553dd682d6be9f5e6798a4681c90da7e.tar.xz
3 files changed, 33 insertions, 64 deletions
diff --git a/community/openjdk8/APKBUILD b/community/openjdk8/APKBUILD
index 69b5bb654c..41e79bef7b 100644
--- a/community/openjdk8/APKBUILD
+++ b/community/openjdk8/APKBUILD
@@ -2,10 +2,10 @@
 # Contributor: Jakub Jirutka <jakub@jirutka.cz>
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openjdk8
-_icedteaver=3.13.0
+_icedteaver=3.14.0
 # pkgver is <JDK version>.<JDK update>.<JDK build>
 # Check https://icedtea.classpath.org/wiki/Main_Page when updating!
-pkgver=8.222.10
+pkgver=8.232.09
 pkgrel=0
 pkgdesc="OpenJDK 8 provided by IcedTea"
 url="https://icedtea.classpath.org/"
@@ -65,11 +65,28 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x
 	icedtea-jdk-includes.patch
 	icedtea-jdk-getmntent-buffer.patch
 	icedtea-autoconf-config.patch
-	icedtea-jdk-tls-nist-curves.patch
 	"
 builddir="$srcdir/icedtea-$_icedteaver"
 
 # secfixes:
+#   8.232.09-r0:
+#     - CVE-2019-2933
+#     - CVE-2019-2945
+#     - CVE-2019-2949
+#     - CVE-2019-2958
+#     - CVE-2019-2964
+#     - CVE-2019-2962
+#     - CVE-2019-2973
+#     - CVE-2019-2975
+#     - CVE-2019-2978
+#     - CVE-2019-2981
+#     - CVE-2019-2983
+#     - CVE-2019-2987
+#     - CVE-2019-2988
+#     - CVE-2019-2989
+#     - CVE-2019-2992
+#     - CVE-2019-2999
+#     - CVE-2019-2894
 #   8.222.10-r0:
 #     - CVE-2019-2745
 #     - CVE-2019-2762
@@ -300,17 +317,17 @@ demos() {
 		"$subpkgdir"/$_java_home/
 }
 
-sha512sums="312bcc6660360eb73b96801fdac0475d6b192bc3fcb80e250225cbb4dfe39ce178e0fa5154c509e7f5605113b34077a6f9c252a52024e568bab7ed6a74140f7c  icedtea-3.13.0.tar.xz
-e5e1072f43b024d8341e770eb8768d0161dd91f483cfa9a719790eb81458dd2a4da4e688a2c7828025f5b39247558ea69881176c53700cddd161708f0cedb764  openjdk-3.13.0.tar.xz
-834b8b09590f5b4f11bbc32af3222e1cb6bef14c44c34ae4d3f65b6320d1a78c297a341cadb76bb59156b434811510b83705d2d2994922c610ba1bafb3f59345  corba-3.13.0.tar.xz
-ccf05a50d6bc3b5ce1663bab4925cc738d32b9f1a9c696ada0cbbfe3477dc60556e5e7e9939394b2a932122500555ac9e56a935d3b8762d0ddf65201ddc48ba9  jaxp-3.13.0.tar.xz
-80a2539ba45e213de1f2a8e236709f3cd81c6c37ee1181474fd4f0d4d612a7cdf91eabdd6bea5d652e18e73c41c3f59a27a173d08d46ad0664628fd6ffecfc57  jaxws-3.13.0.tar.xz
-8b1c8e0e37a9830d67feaab52915c39faf75e94d8972925702f29eea0efd5dbc2f4deaff3b45b2f0f785235bd87c7bb10e62e7a9fb46c1c27e5fddfbbb5fdaa2  jdk-3.13.0.tar.xz
-2cd1cdbc8283f5000dd68365412ed36235cfcbecee3a79b8b6111c3a6431f817d4b1ea04463bb049abdf503fe354e4ddf7b71fee399b459e6cf98299703d6e2c  langtools-3.13.0.tar.xz
-60c144997b2566dc42698ca4cb888b92de6a9fdbb18e01703d00f54311ad56191862c61c89e3eff4d6c4793c98d3dafd5f723bc9a22db2329138d08e832ddc11  hotspot-3.13.0.tar.xz
-d86706393adabe5982092865addbe04c07781407d99b8d9ee49baf4224ec9b961bdf8498488548f043b099130b35ac017d846cc41874bcfb218520ee0b37004a  nashorn-3.13.0.tar.xz
+sha512sums="6cd366a1adde12b5cc2c0c64c0c353ebf9ad5b0ad79b77c5cca3acc93219752110eb222b74bd62180fe0bf5b063db12df6316c334d5940d1636c9d10824085ed  icedtea-3.14.0.tar.xz
+1e8009155a9ad39405e11704bb1f8b4c51ae0f64563baa7a7ce29a79613339e82b8776193a0076b993f8839b1c5959edff18cdadaa7f2f163fa5d3b7f7d60396  openjdk-3.14.0.tar.xz
+5aedab2cff0dd8b4cb98121643009593d10da9abd150ab938cf45f5b8f18cae5f31dcc31c30090b736cf52413a290b6b11e6fc42b3575ea50e213bf334a07159  corba-3.14.0.tar.xz
+16a34a65b20650f66eece6e33e82aefaf46bbf46c8332bac8c266405839168b924235395cbf7d6c5210d35b416ee0ab2ed0bd09c3f1c90195bff35d3db4b596d  jaxp-3.14.0.tar.xz
+706b9ce4d32c92adca44d9643e44ebe757e8503798e2b24b2591660774f4a4719f2015d3edb02f3374ec4b88c5b2f0b5578369345a9db4c5def1ff37f630bb5d  jaxws-3.14.0.tar.xz
+2e44c646bcbf56ce7e91be0fdb46db9887cfe7f538f866e61d757e657a4a3726caca50bd885355a85675451ea8ff9810bccb7ea026239219373688455dcc8476  jdk-3.14.0.tar.xz
+ceef08eb53e895156afd0ec342a045c3aa29551a7939803cd821121286ec05fb3538d3b46a44c99f1a2805163b6e7351ec42b1486aaf6a8ecb7fdccc526c410d  langtools-3.14.0.tar.xz
+258cca176c6f930268f189f77dd4e6bd683fb90fbd7866870d22ca42105292cedeca7d274b70979e59af15229ebba22da64444ef14c641066e10688286ec302d  hotspot-3.14.0.tar.xz
+59af524388b501c63c567dd36abbe29b3254b3f05191730740aec84e73f93cf77850ab36d9972528781bbf47a6541a75d7e80e26c4c425d6cbb6460e2b4bdbda  nashorn-3.14.0.tar.xz
 1f470432275d5beaa8b4e4352a2f24a4a00593546dc4f3bd857794c89e521e8e6d6abc540762bbd769be3e1e3da058e134dc5dc066d12b9b8a1f0656040a795c  fix-paxmark.patch
-09104b19f647dce9ba0835163c05cc7e5e3ec9852b277f22b2d7a02bd483968853544125a09e384e96ba8811f2bbdc9546e05e378582ec6a554ede797ca5ad98  icedtea-hotspot-musl.patch
+28709285390a997adbd56ebda42ef718fbc08daf572b8568f484436d255514f9d25f033e3333dff8aa352fc9846057ac5bb42fa955d3e5e44eddc96dc273c07c  icedtea-hotspot-musl.patch
 e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef  icedtea-hotspot-musl-ppc.patch
 19459dbb922f5a71cd15b53199481498626a783c24f91d2544d55b7dddd2cdb34a64bbf0226b99548612dd1743af01b3f9ff32c30abbbc90ce727ca2dbbbd1f9  icedtea-hotspot-noagent-musl.patch
 f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f  icedtea-jdk-execinfo.patch
@@ -319,5 +336,4 @@ b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec8
 1fbc32ddc528c7c0099dbc1e48f88d29dccf55e7b8997793aa1d3d8408003a1223d898cca4248e1a12d343d3feec5144f875e6cdac8460d763c73ab3ad7e49f9  icedtea-jdk-musl.patch
 e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc  icedtea-jdk-includes.patch
 7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211  icedtea-jdk-getmntent-buffer.patch
-662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167  icedtea-autoconf-config.patch
-9ea7ac942baf29cc619bc2e1acd59201b9f6d38f39a517b495d7613aec746459200c81afb57c5fcdcb856f6bc8b33f7566c8593fed07e5c73f43e08f1072d458  icedtea-jdk-tls-nist-curves.patch"
+662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167  icedtea-autoconf-config.patch"
diff --git a/community/openjdk8/icedtea-hotspot-musl.patch b/community/openjdk8/icedtea-hotspot-musl.patch
index cbbb5525f0..c18653b9b3 100644
--- a/community/openjdk8/icedtea-hotspot-musl.patch
+++ b/community/openjdk8/icedtea-hotspot-musl.patch
@@ -82,8 +82,8 @@ index d2c10e0..20f657f 100644
 -# include <fpu_control.h>
 +# include <linux/types.h>  /* provides __u64 */
  
- #ifdef BUILTIN_SIM
- #define REG_SP REG_RSP
+ #define REG_FP 29
+
 diff --git openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
 index 38388cb..2505ba8 100644
 --- openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
diff --git a/community/openjdk8/icedtea-jdk-tls-nist-curves.patch b/community/openjdk8/icedtea-jdk-tls-nist-curves.patch
deleted file mode 100644
index 75fb3af8cf..0000000000
--- a/community/openjdk8/icedtea-jdk-tls-nist-curves.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Bug #7404 TLS negotiation error in OpenJDK 8 u131
-
-Fixes an OpenJDK 8 regression discovered in docker-library/openjdk#115
-on Alpine Linux 3.5 (u121) and 3.6 (u131) that causes TLS negotiation
-errors for some clients.
-
-Root cause appears to be OpenJDK announcing support for NIST curves the
-underlying NSS library does doesn't. This patch limits OpenJDK's
-announcement to elliptic curves 23 (secp256r1), 24 (secp384r1), and 25
-(secp521r1).
-
-Related issues:
-
-* https://github.com/docker-library/openjdk/issues/115
-* https://bugs.alpinelinux.org/issues/7404
-* https://access.redhat.com/discussions/2339811
-* https://bugzilla.redhat.com/show_bug.cgi?id=1022017
-* https://bugzilla.redhat.com/show_bug.cgi?id=1348525
-
---- openjdk.orig/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java	2017-05-08 20:03:50.000000000 -0700
-+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java	2017-06-14 13:37:00.000000000 -0700
-@@ -168,21 +168,10 @@
-                     "contains no supported elliptic curves");
-             }
-         } else {        // default curves
--            int[] ids;
--            if (requireFips) {
--                ids = new int[] {
--                    // only NIST curves in FIPS mode
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                };
--            } else {
--                ids = new int[] {
--                    // NIST curves first
--                    23, 24, 25, 9, 10, 11, 12, 13, 14,
--                    // non-NIST curves
--                    22,
--                };
--            }
--
-+            int[] ids = new int[] {
-+                // NSS currently only supports these three NIST curves
-+                23, 24, 25
-+            };
-             idList = new ArrayList<>(ids.length);
-             for (int curveId : ids) {
-                 if (isAvailableCurve(curveId)) {
author	tony mancill <tmancill@debian.org>	2019-11-20 16:10:47 -0800
committer	Natanael Copa <ncopa@alpinelinux.org>	2020-01-29 11:11:08 +0100
commit	8b123517553dd682d6be9f5e6798a4681c90da7e (patch)
tree	b21b3efd93ca19774abbb1ea774a070e20b1756d /community
parent	37674ae79d4a86d8c65e91229951ff777ec29540 (diff)
download	aports-8b123517553dd682d6be9f5e6798a4681c90da7e.tar.bz2 aports-8b123517553dd682d6be9f5e6798a4681c90da7e.tar.xz