diff options
Diffstat (limited to 'community/openjdk8')
| -rw-r--r-- | community/openjdk8/APKBUILD | 6 | ||||
| -rw-r--r-- | community/openjdk8/icedtea-jdk-tls-nist-curves.patch | 47 |
2 files changed, 51 insertions, 2 deletions
diff --git a/community/openjdk8/APKBUILD b/community/openjdk8/APKBUILD index 4f8db316d5..a954089bd0 100644 --- a/community/openjdk8/APKBUILD +++ b/community/openjdk8/APKBUILD @@ -6,7 +6,7 @@ _icedteaver=3.4.0 # pkgver is <JDK version>.<JDK update>.<JDK build> # Check http://icedtea.classpath.org/wiki/Main_Page when updating! pkgver=8.131.11 -pkgrel=1 +pkgrel=2 pkgdesc="OpenJDK 8 provided by IcedTea" url="http://icedtea.classpath.org/" arch="all" @@ -66,6 +66,7 @@ source="http://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.gz icedtea-jdk-includes.patch icedtea-jdk-getmntent-buffer.patch icedtea-autoconf-config.patch + icedtea-jdk-tls-nist-curves.patch " builddir="$srcdir/icedtea-$_icedteaver" @@ -286,4 +287,5 @@ b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec8 cdebe2c59657e7fd317a4841b2fbe95d9e8d7ee9d1593edf352ed7f49a92a42cbce82cbaa404d3f02c6d273eae03222a79559c09bf6cf439396c5ec5434f5458 icedtea-jdk-musl.patch e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc icedtea-jdk-includes.patch 7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211 icedtea-jdk-getmntent-buffer.patch -662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167 icedtea-autoconf-config.patch" +662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167 icedtea-autoconf-config.patch +313ba3467efad73120d307c16be8e793fa39de92d6c28c2faed11c14dd6f60e0f1a290f330d4dc849ae8f97c7bea84eec2d0be02c70bc9903664e22497dd2d22 icedtea-jdk-tls-nist-curves.patch" diff --git a/community/openjdk8/icedtea-jdk-tls-nist-curves.patch b/community/openjdk8/icedtea-jdk-tls-nist-curves.patch new file mode 100644 index 0000000000..24c4c44a53 --- /dev/null +++ b/community/openjdk8/icedtea-jdk-tls-nist-curves.patch @@ -0,0 +1,47 @@ +Bug #7404 TLS negotiation error in OpenJDK 8 u131 + +Fixes an OpenJDK 8 regression discovered in docker-library/openjdk#115 +on Alpine Linux 3.5 (u121) and 3.6 (u131) that causes TLS negotiation +errors for some clients. + +Root cause appears to be OpenJDK announcing support for NIST curves the +underlying NSS library does doesn't. This patch limits OpenJDK's +announcement to elliptic curves 23 (secp256r1), 24 (secp384r1), and 25 +(secp521r1). + +Related issues: + +* https://github.com/docker-library/openjdk/issues/115 +* https://bugs.alpinelinux.org/issues/7404 +* https://access.redhat.com/discussions/2339811 +* https://bugzilla.redhat.com/show_bug.cgi?id=1022017 +* https://bugzilla.redhat.com/show_bug.cgi?id=1348525 + +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java 2017-05-08 20:03:50.000000000 -0700 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java 2017-06-14 13:37:00.000000000 -0700 +@@ -168,21 +168,10 @@ + "contains no supported elliptic curves"); + } + } else { // default curves +- int[] ids; +- if (requireFips) { +- ids = new int[] { +- // only NIST curves in FIPS mode +- 23, 24, 25, 9, 10, 11, 12, 13, 14, +- }; +- } else { +- ids = new int[] { +- // NIST curves first +- 23, 24, 25, 9, 10, 11, 12, 13, 14, +- // non-NIST curves +- 22, +- }; +- } +- ++ int[] ids = new int[] { ++ // NSS currently only supports these three NIST curves ++ 23, 24, 25 ++ }; + idList = new ArrayList<>(ids.length); + for (int curveId : ids) { + if (isAvailableCurve(curveId)) { |