Mercurial > hg > icedtea11

changeset 2680:a79aaaaf910d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR3751: Update patch against 11.0.5 & JDK-8228825 2019-10-16 Andrew John Hughes <gnu_andrew@member.fsf.org> PR3751: Update patch against 11.0.5 & JDK-8228825 * patches/pr3751.patch: Curves supported over SSL are now limited upstream, as a result of CVE-2019-2894.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Wed, 16 Oct 2019 17:36:52 +0100
parents f1702bbbc1d2
children 79947984e110
files ChangeLog patches/pr3751.patch
diffstat 2 files changed, 7 insertions(+), 26 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Oct 01 20:10:30 2019 +0100
+++ b/ChangeLog	Wed Oct 16 17:36:52 2019 +0100
@@ -1,3 +1,10 @@
+2019-10-16  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR3751: Update patch against 11.0.5 & JDK-8228825
+	* patches/pr3751.patch:
+	Curves supported over SSL are now limited upstream,
+	as a result of CVE-2019-2894.
+
 2019-09-30  Andrew John Hughes  <gnu_andrew@member.fsf.org>
 
 	PR3751: Support secp256k1 in the default set of curves
--- a/patches/pr3751.patch	Tue Oct 01 20:10:30 2019 +0100
+++ b/patches/pr3751.patch	Wed Oct 16 17:36:52 2019 +0100
@@ -84,32 +84,6 @@
          SECP256_K1  (0x0016, "secp256k1", "1.3.132.0.10", false,
                              ProtocolVersion.PROTOCOLS_TO_12),
  
-@@ -521,12 +457,6 @@
-                         NamedGroup.SECP256_R1,
-                         NamedGroup.SECP384_R1,
-                         NamedGroup.SECP521_R1,
--                        NamedGroup.SECT283_K1,
--                        NamedGroup.SECT283_R1,
--                        NamedGroup.SECT409_K1,
--                        NamedGroup.SECT409_R1,
--                        NamedGroup.SECT571_K1,
--                        NamedGroup.SECT571_R1,
- 
-                         // FFDHE 2048
-                         NamedGroup.FFDHE_2048,
-@@ -541,12 +471,6 @@
-                         NamedGroup.SECP256_R1,
-                         NamedGroup.SECP384_R1,
-                         NamedGroup.SECP521_R1,
--                        NamedGroup.SECT283_K1,
--                        NamedGroup.SECT283_R1,
--                        NamedGroup.SECT409_K1,
--                        NamedGroup.SECT409_R1,
--                        NamedGroup.SECT571_K1,
--                        NamedGroup.SECT571_R1,
- 
-                         // non-NIST curves
-                         NamedGroup.SECP256_K1,
 diff --git a/src/java.base/share/classes/sun/security/util/CurveDB.java b/src/java.base/share/classes/sun/security/util/CurveDB.java
 --- a/src/java.base/share/classes/sun/security/util/CurveDB.java
 +++ b/src/java.base/share/classes/sun/security/util/CurveDB.java