Mercurial > hg > icedtea9

--- a/ChangeLog	Wed Mar 30 04:45:59 2016 +0100
+++ b/ChangeLog	Thu Mar 31 22:14:43 2016 +0100
@@ -1,3 +1,24 @@
+2015-07-13  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR2392: Make elliptic curve removal
+	optional
+	* INSTALL:
+	Document --enable-non-nss-curves.
+	* Makefile.am:
+	(ICEDTEA_PATCHES): Only apply
+	the RH1022017 patch when non-NSS
+	curves are not enabled.
+	* NEWS: Updated.
+	* acinclude.m4:
+	(IT_ENABLE_NON_NSS_CURVES): New
+	macro to allow non-NSS curves to
+	be turned on.
+	* configure.ac:
+	Invoke IT_ENABLE_NON_NSS_CURVES.
+	* fsg.sh.in:
+	Don't alter the curve list when
+	non-NSS curves are enabled.
+
 2016-03-29  Andrew John Hughes  <gnu_andrew@member.fsf.org>

 	Bump to icedtea-3.0.0pre10.
--- a/INSTALL	Wed Mar 30 04:45:59 2016 +0100
+++ b/INSTALL	Thu Mar 31 22:14:43 2016 +0100
@@ -189,6 +189,7 @@
 * --with-additional-vms=vm-list: Additional VMs to build using the system described
   below.
 * --enable-sunec: Build the SunEC crypto provider against system NSS.
+* --enable-non-nss-curves: Define curves beyond the three specified by NSS (NIST P-{256,384,521})

 Testing
 =======
--- a/Makefile.am	Wed Mar 30 04:45:59 2016 +0100
+++ b/Makefile.am	Thu Mar 31 22:14:43 2016 +0100
@@ -286,8 +286,7 @@

 ICEDTEA_PATCHES = \
 	patches/memory-limits.patch \
-	patches/override-redirect-metacity.patch \
-	patches/rh1022017.patch
+	patches/override-redirect-metacity.patch

 # Conditional patches

@@ -318,6 +317,10 @@
 	patches/disable-intree-ec.patch
 endif

+if !USE_NON_NSS_CURVES
+ICEDTEA_PATCHES += patches/rh1022017.patch
+endif
+
 if ENABLE_NSS
 if ENABLE_SUNEC
 ICEDTEA_PATCHES += patches/nss-config-with-sunec.patch
--- a/NEWS	Wed Mar 30 04:45:59 2016 +0100
+++ b/NEWS	Thu Mar 31 22:14:43 2016 +0100
@@ -104,6 +104,7 @@
   - PR2369: SunEC provider is partially installed
   - PR2377: PaX mark the installed JDK so it runs on hardened systems
   - PR2383: Location of docs directory in install-data-local is incorrect
+  - PR2392: Make elliptic curve removal optional
   - PR2400, RH1206656: Zero JVM crashes on startup when built with GCC 5
   - PR2407: Fix automatic enabling of the Zero build on non-JIT architectures which don't use CACAO or JamVM
   - PR2408: Enable Zero when Shark is enabled
--- a/acinclude.m4	Wed Mar 30 04:45:59 2016 +0100
+++ b/acinclude.m4	Thu Mar 31 22:14:43 2016 +0100
@@ -2289,3 +2289,19 @@
   AM_CONDITIONAL(DISABLE_NASHORN_CHECKSUM, test x"${ENABLE_NASHORN_CHECKSUM}" = "xno")
   AC_SUBST(ENABLE_NASHORN_CHECKSUM)
 ])
+
+AC_DEFUN_ONCE([IT_ENABLE_NON_NSS_CURVES],
+[
+  AC_MSG_CHECKING([whether to enable elliptic curves beyond those supported by NSS])
+  AC_ARG_ENABLE([non-nss-curves],
+	      [AS_HELP_STRING(--enable-non-nss-curves,register curves beyond the 3 NSS defines [[default=no]])],
+  [
+    ENABLE_NON_NSS_CURVES="${enableval}"
+  ],
+  [
+    ENABLE_NON_NSS_CURVES="no"
+  ])
+  AC_MSG_RESULT(${ENABLE_NON_NSS_CURVES})
+  AM_CONDITIONAL(USE_NON_NSS_CURVES, test x"${ENABLE_NON_NSS_CURVES}" = "xyes")
+  AC_SUBST(ENABLE_NON_NSS_CURVES)
+])
--- a/configure.ac	Wed Mar 30 04:45:59 2016 +0100
+++ b/configure.ac	Thu Mar 31 22:14:43 2016 +0100
@@ -125,6 +125,7 @@
 IT_ENABLE_JAR_COMPRESSION
 IT_ENABLE_ZERO_BUILD
 IT_CHECK_ADDITIONAL_VMS
+IT_ENABLE_NON_NSS_CURVES

 IT_WITH_VERSION_SUFFIX
 IT_ENABLE_HG
--- a/fsg.sh.in	Wed Mar 30 04:45:59 2016 +0100
+++ b/fsg.sh.in	Thu Mar 31 22:14:43 2016 +0100
@@ -13,5 +13,7 @@
 echo "Removing EC source code we don't build"
 rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl

-echo "Syncing EC list with NSS"
-patch -Np0 < @abs_top_srcdir@/patches/pr2126.patch
+if test "x@ENABLE_NON_NSS_CURVES@" = "xno"; then
+  echo "Syncing EC list with NSS"
+  patch -Np0 < @abs_top_srcdir@/patches/pr2126.patch
+fi