Mercurial > hg > icedtea6
changeset 3199:6b864e0af52a
PR2391: Make elliptic curve removal optional
2015-07-15 Andrew John Hughes <gnu_andrew@member.fsf.org>
PR2391: Make elliptic curve removal
optional
* acinclude.m4:
(IT_ENABLE_NON_NSS_CURVES): Check ${enableval}
to catch values other than yes/no.
2015-07-13 Andrew John Hughes <gnu_andrew@member.fsf.org>
PR2391: Make elliptic curve removal
optional
* INSTALL:
Document --enable-non-nss-curves.
* Makefile.am:
(ICEDTEA_PATCHES): Only apply
the RH1022017 patch when non-NSS
curves are not enabled.
* NEWS: Updated.
* acinclude.m4:
(IT_ENABLE_NON_NSS_CURVES): New
macro to allow non-NSS curves to
be turned on.
* configure.ac:
Invoke IT_ENABLE_NON_NSS_CURVES.
* fsg.sh.in:
Don't alter the curve list when
non-NSS curves are enabled.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Wed, 22 Jul 2015 16:24:14 +0100 |
parents | c52b41d82358 |
children | ac50a5a2d297 |
files | ChangeLog INSTALL Makefile.am NEWS acinclude.m4 configure.ac fsg.sh.in |
diffstat | 7 files changed, 63 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 22 15:52:21 2015 +0100 +++ b/ChangeLog Wed Jul 22 16:24:14 2015 +0100 @@ -1,3 +1,32 @@ +2015-07-15 Andrew John Hughes <gnu_andrew@member.fsf.org> + + PR2391: Make elliptic curve removal + optional + * acinclude.m4: + (IT_ENABLE_NON_NSS_CURVES): Check ${enableval} + to catch values other than yes/no. + +2015-07-13 Andrew John Hughes <gnu_andrew@member.fsf.org> + + PR2391: Make elliptic curve removal + optional + * INSTALL: + Document --enable-non-nss-curves. + * Makefile.am: + (ICEDTEA_PATCHES): Only apply + the RH1022017 patch when non-NSS + curves are not enabled. + * NEWS: Updated. + * acinclude.m4: + (IT_ENABLE_NON_NSS_CURVES): New + macro to allow non-NSS curves to + be turned on. + * configure.ac: + Invoke IT_ENABLE_NON_NSS_CURVES. + * fsg.sh.in: + Don't alter the curve list when + non-NSS curves are enabled. + 2015-07-22 Andrew John Hughes <gnu.andrew@member.fsf.org> PR2360: Ensure all stamp targets have aliases
--- a/INSTALL Wed Jul 22 15:52:21 2015 +0100 +++ b/INSTALL Wed Jul 22 16:24:14 2015 +0100 @@ -161,6 +161,7 @@ * --with-additional-vms=vm-list: Additional VMs to build using the system described below. * --enable-lcms2: Use LCMS 2 backport from OpenJDK 7 rather than LCMS 1. +* --enable-non-nss-curves: Define curves beyond the three specified by NSS (NIST P-{256,384,521}) Testing =======
--- a/Makefile.am Wed Jul 22 15:52:21 2015 +0100 +++ b/Makefile.am Wed Jul 22 16:24:14 2015 +0100 @@ -689,7 +689,6 @@ endif if ENABLE_NSS -ICEDTEA_PATCHES += patches/rh1022017.patch NSS_PATCHES = patches/nss-config.patch else NSS_PATCHES = patches/nss-not-enabled-config.patch @@ -725,6 +724,10 @@ patches/libraries-gif.patch endif +if !USE_NON_NSS_CURVES +ICEDTEA_PATCHES += patches/rh1022017.patch +endif + ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES) # Bootstrapping patches
--- a/NEWS Wed Jul 22 15:52:21 2015 +0100 +++ b/NEWS Wed Jul 22 16:24:14 2015 +0100 @@ -59,6 +59,7 @@ - PR2340: Fail early if there is no native HotSpot JIT & all other options are disabled - PR2342: Update README & INSTALL files - PR2360: Ensure all stamp targets have aliases + - PR2391: Make elliptic curve removal optional - PR2460: Policy JAR files should be timestamped with the date of the policy file they hold - PR2481, RH489586, RH1236619: OpenJDK can't handle spaces in zone names in /etc/sysconfig/clock - PR2486: JSSE server is still limited to 768-bit DHE
--- a/acinclude.m4 Wed Jul 22 15:52:21 2015 +0100 +++ b/acinclude.m4 Wed Jul 22 16:24:14 2015 +0100 @@ -2384,3 +2384,26 @@ AM_CONDITIONAL([CP64174], test x"${it_cv_cp64174}" = "xyes") AC_PROVIDE([$0])dnl ]) + +AC_DEFUN_ONCE([IT_ENABLE_NON_NSS_CURVES], +[ + AC_MSG_CHECKING([whether to enable elliptic curves beyond those supported by NSS]) + AC_ARG_ENABLE([non-nss-curves], + [AS_HELP_STRING(--enable-non-nss-curves,register curves beyond the 3 NSS defines [[default=no]])], + [ + case "${enableval}" in + no) + ENABLE_NON_NSS_CURVES=no + ;; + *) + ENABLE_NON_NSS_CURVES=yes + ;; + esac + ], + [ + ENABLE_NON_NSS_CURVES="no" + ]) + AC_MSG_RESULT(${ENABLE_NON_NSS_CURVES}) + AM_CONDITIONAL(USE_NON_NSS_CURVES, test x"${ENABLE_NON_NSS_CURVES}" = "xyes") + AC_SUBST(ENABLE_NON_NSS_CURVES) +])
--- a/configure.ac Wed Jul 22 15:52:21 2015 +0100 +++ b/configure.ac Wed Jul 22 16:24:14 2015 +0100 @@ -291,6 +291,7 @@ IT_SET_SHARK_BUILD IT_ENABLE_ZERO_BUILD IT_CHECK_ADDITIONAL_VMS +IT_ENABLE_NON_NSS_CURVES IT_ENABLE_HG IT_WITH_HG_REVISION IT_WITH_TZDATA_DIR
--- a/fsg.sh.in Wed Jul 22 15:52:21 2015 +0100 +++ b/fsg.sh.in Wed Jul 22 16:24:14 2015 +0100 @@ -90,5 +90,7 @@ openjdk/jdk/src/solaris/doc/sun/man/man1/javaws.1 \ openjdk/jdk/src/solaris/doc/sun/man/man1/ja/javaws.1 -echo "Syncing EC list with NSS" -patch -Np0 < @abs_top_srcdir@/patches/pr2125.patch +if test "x@ENABLE_NON_NSS_CURVES@" = "xno"; then + echo "Syncing EC list with NSS" + patch -Np0 < @abs_top_srcdir@/patches/pr2125.patch +fi