Mercurial > hg > icedtea6-hg

--- a/ChangeLog	Wed Jul 22 15:52:21 2015 +0100
+++ b/ChangeLog	Wed Jul 22 16:24:14 2015 +0100
@@ -1,3 +1,32 @@
+2015-07-15  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR2391: Make elliptic curve removal
+	optional
+	* acinclude.m4:
+	(IT_ENABLE_NON_NSS_CURVES): Check ${enableval}
+	to catch values other than yes/no.
+
+2015-07-13  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR2391: Make elliptic curve removal
+	optional
+	* INSTALL:
+	Document --enable-non-nss-curves.
+	* Makefile.am:
+	(ICEDTEA_PATCHES): Only apply
+	the RH1022017 patch when non-NSS
+	curves are not enabled.
+	* NEWS: Updated.
+	* acinclude.m4:
+	(IT_ENABLE_NON_NSS_CURVES): New
+	macro to allow non-NSS curves to
+	be turned on.
+	* configure.ac:
+	Invoke IT_ENABLE_NON_NSS_CURVES.
+	* fsg.sh.in:
+	Don't alter the curve list when
+	non-NSS curves are enabled.
+
 2015-07-22  Andrew John Hughes  <gnu.andrew@member.fsf.org>

 	PR2360: Ensure all stamp targets have aliases
--- a/INSTALL	Wed Jul 22 15:52:21 2015 +0100
+++ b/INSTALL	Wed Jul 22 16:24:14 2015 +0100
@@ -161,6 +161,7 @@
 * --with-additional-vms=vm-list: Additional VMs to build using the system described
   below.
 * --enable-lcms2: Use LCMS 2 backport from OpenJDK 7 rather than LCMS 1.
+* --enable-non-nss-curves: Define curves beyond the three specified by NSS (NIST P-{256,384,521})

 Testing
 =======
--- a/Makefile.am	Wed Jul 22 15:52:21 2015 +0100
+++ b/Makefile.am	Wed Jul 22 16:24:14 2015 +0100
@@ -689,7 +689,6 @@
 endif

 if ENABLE_NSS
-ICEDTEA_PATCHES += patches/rh1022017.patch
 NSS_PATCHES = patches/nss-config.patch
 else
 NSS_PATCHES = patches/nss-not-enabled-config.patch
@@ -725,6 +724,10 @@
 	patches/libraries-gif.patch
 endif

+if !USE_NON_NSS_CURVES
+ICEDTEA_PATCHES += patches/rh1022017.patch
+endif
+
 ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES)

 # Bootstrapping patches
--- a/NEWS	Wed Jul 22 15:52:21 2015 +0100
+++ b/NEWS	Wed Jul 22 16:24:14 2015 +0100
@@ -59,6 +59,7 @@
   - PR2340: Fail early if there is no native HotSpot JIT & all other options are disabled
   - PR2342: Update README & INSTALL files
   - PR2360: Ensure all stamp targets have aliases
+  - PR2391: Make elliptic curve removal optional
   - PR2460: Policy JAR files should be timestamped with the date of the policy file they hold
   - PR2481, RH489586, RH1236619: OpenJDK can't handle spaces in zone names in /etc/sysconfig/clock
   - PR2486: JSSE server is still limited to 768-bit DHE
--- a/acinclude.m4	Wed Jul 22 15:52:21 2015 +0100
+++ b/acinclude.m4	Wed Jul 22 16:24:14 2015 +0100
@@ -2384,3 +2384,26 @@
 AM_CONDITIONAL([CP64174], test x"${it_cv_cp64174}" = "xyes")
 AC_PROVIDE([$0])dnl
 ])
+
+AC_DEFUN_ONCE([IT_ENABLE_NON_NSS_CURVES],
+[
+  AC_MSG_CHECKING([whether to enable elliptic curves beyond those supported by NSS])
+  AC_ARG_ENABLE([non-nss-curves],
+	      [AS_HELP_STRING(--enable-non-nss-curves,register curves beyond the 3 NSS defines [[default=no]])],
+  [
+    case "${enableval}" in
+      no)
+	ENABLE_NON_NSS_CURVES=no
+        ;;
+      *)
+        ENABLE_NON_NSS_CURVES=yes
+        ;;
+    esac
+  ],
+  [
+    ENABLE_NON_NSS_CURVES="no"
+  ])
+  AC_MSG_RESULT(${ENABLE_NON_NSS_CURVES})
+  AM_CONDITIONAL(USE_NON_NSS_CURVES, test x"${ENABLE_NON_NSS_CURVES}" = "xyes")
+  AC_SUBST(ENABLE_NON_NSS_CURVES)
+])
--- a/configure.ac	Wed Jul 22 15:52:21 2015 +0100
+++ b/configure.ac	Wed Jul 22 16:24:14 2015 +0100
@@ -291,6 +291,7 @@
 IT_SET_SHARK_BUILD
 IT_ENABLE_ZERO_BUILD
 IT_CHECK_ADDITIONAL_VMS
+IT_ENABLE_NON_NSS_CURVES
 IT_ENABLE_HG
 IT_WITH_HG_REVISION
 IT_WITH_TZDATA_DIR
--- a/fsg.sh.in	Wed Jul 22 15:52:21 2015 +0100
+++ b/fsg.sh.in	Wed Jul 22 16:24:14 2015 +0100
@@ -90,5 +90,7 @@
     openjdk/jdk/src/solaris/doc/sun/man/man1/javaws.1 \
     openjdk/jdk/src/solaris/doc/sun/man/man1/ja/javaws.1

-echo "Syncing EC list with NSS"
-patch -Np0 < @abs_top_srcdir@/patches/pr2125.patch
+if test "x@ENABLE_NON_NSS_CURVES@" = "xno"; then
+  echo "Syncing EC list with NSS"
+  patch -Np0 < @abs_top_srcdir@/patches/pr2125.patch
+fi