Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR #32

Closed
wants to merge 1 commit into from

Conversation

@sercher
Copy link

@sercher sercher commented Nov 25, 2020

Hello,

I would like to create a backport of 8233228 in 13u. The backport is already in production in 11u.

The proposed 8233228 patch is exactly the same as 15u version, except for Hunk #9 at line 258(299):

edec2fc#diff-499d805909084ecc06c50b4706f8a2b3ec70ab9aaf55d54a6156c518f85f1bd6

in which the 8244479 is already applied. In comparison, the 15u version applies 8244479 on top of 8233228, so the changes are in reverse order. Otherwise there are no code / logic changes in the code.

Thank you.

Best regards,
Sergey Chernyshev
BellSoft


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR ⚠️ Issue is not open.

Reviewers

Download

$ git fetch https://git.openjdk.java.net/jdk13u-dev pull/32/head:pull/32
$ git checkout pull/32

…igned JAR

Reviewed-by: mullan, xuelei, weijun
@bridgekeeper bridgekeeper bot added the oca label Nov 25, 2020
@bridgekeeper
Copy link

@bridgekeeper bridgekeeper bot commented Nov 25, 2020

Hi @sercher, welcome to this OpenJDK project and thanks for contributing!

We do not recognize you as Contributor and need to ensure you have signed the Oracle Contributor Agreement (OCA). If you have not signed the OCA, please follow the instructions. Please fill in your GitHub username in the "Username" field of the application. Once you have signed the OCA, please let us know by writing /signed in a comment in this pull request.

If you already are an OpenJDK Author, Committer or Reviewer, please click here to open a new issue so that we can record that fact. Please use "Add GitHub user sercher" as summary for the issue.

If you are contributing this work on behalf of your employer and your employer has signed the OCA, please let us know by writing /covered in a comment in this pull request.

@sercher
Copy link
Author

@sercher sercher commented Nov 25, 2020

/signed

@bridgekeeper
Copy link

@bridgekeeper bridgekeeper bot commented Nov 25, 2020

Thank you! Please allow for up to two weeks to process your OCA, although it is usually done within one to two business days. Also, please note that pull requests that are pending an OCA check will not usually be evaluated, so your patience is appreciated!

@sercher
Copy link
Author

@sercher sercher commented Nov 26, 2020

/covered

@bridgekeeper
Copy link

@bridgekeeper bridgekeeper bot commented Nov 26, 2020

Thank you! Please allow for a few business days to verify that your employer has signed the OCA. Also, please note that pull requests that are pending an OCA check will not usually be evaluated, so your patience is appreciated!

@alexeybakhtin
Copy link
Contributor

@alexeybakhtin alexeybakhtin commented Nov 26, 2020

I'm not a reviewer but Looks Good To Me

@yan-too
Copy link
Collaborator

@yan-too yan-too commented Nov 26, 2020

Sergey, please take a look at the comment in JBS issue regarding the CSR.

@mlbridge
Copy link

@mlbridge mlbridge bot commented Nov 26, 2020

Webrevs

yan-too
yan-too approved these changes Dec 1, 2020
@openjdk
Copy link

@openjdk openjdk bot commented Dec 1, 2020

⚠️ @sercher the full name on your profile does not match the author name in this pull requests' HEAD commit. If this pull request gets integrated then the author name from this pull requests' HEAD commit will be used for the resulting commit. If you wish to push a new commit with a different author name, then please run the following commands in a local repository of your personal fork:

$ git checkout backport-8233228
$ git commit -c user.name='Preferred Full Name' --allow-empty -m 'Update full name'
$ git push

@openjdk
Copy link

@openjdk openjdk bot commented Dec 1, 2020

@sercher This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR

Reviewed-by: yan

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 14 new commits pushed to the master branch:

  • 420ec53: 8230402: Allocation of compile task fails with assert: "Leaking compilation tasks?"
  • 74991c9: 8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose
  • dabaf4e: 8235183: Remove the "HACK CODE" in comment
  • e91e43b: 8236617: jtreg test containers/docker/TestMemoryAwareness.java fails after 8226575
  • c6f81a5: 8223940: Private key not supported by chosen signature algorithm
  • 80be64a: 8249183: JVM crash in "AwtFrame::WmSize" method
  • 5af784b: 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll
  • 89354b8: 8226575: OperatingSystemMXBean should be made container aware
  • 92da5d8: 8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
  • 91b19c9: 8230767: FlightRecorderListener returns null recording
  • ... and 4 more: https://git.openjdk.java.net/jdk13u-dev/compare/538464bfed56bbf3d7a039fce3cf29cf71724860...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@yan-too) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot added the ready label Dec 1, 2020
@sercher
Copy link
Author

@sercher sercher commented Dec 2, 2020

/integrate

@openjdk openjdk bot added the sponsor label Dec 2, 2020
@openjdk
Copy link

@openjdk openjdk bot commented Dec 2, 2020

@sercher
Your change (at version edec2fc) is now ready to be sponsored by a Committer.

@AlexanderScherbatiy
Copy link

@AlexanderScherbatiy AlexanderScherbatiy commented Dec 2, 2020

/sponsor

@openjdk openjdk bot closed this Dec 2, 2020
@openjdk
Copy link

@openjdk openjdk bot commented Dec 2, 2020

@AlexanderScherbatiy @sercher Since your change was applied there have been 14 commits pushed to the master branch:

  • 420ec53: 8230402: Allocation of compile task fails with assert: "Leaking compilation tasks?"
  • 74991c9: 8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose
  • dabaf4e: 8235183: Remove the "HACK CODE" in comment
  • e91e43b: 8236617: jtreg test containers/docker/TestMemoryAwareness.java fails after 8226575
  • c6f81a5: 8223940: Private key not supported by chosen signature algorithm
  • 80be64a: 8249183: JVM crash in "AwtFrame::WmSize" method
  • 5af784b: 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll
  • 89354b8: 8226575: OperatingSystemMXBean should be made container aware
  • 92da5d8: 8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
  • 91b19c9: 8230767: FlightRecorderListener returns null recording
  • ... and 4 more: https://git.openjdk.java.net/jdk13u-dev/compare/538464bfed56bbf3d7a039fce3cf29cf71724860...master

Your commit was automatically rebased without conflicts.

Pushed as commit b452c82.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@sercher sercher deleted the backport-8233228 branch Dec 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
4 participants