diff -Nru ca-certificates-java-20170930ubuntu1/debian/changelog ca-certificates-java-20180516ubuntu1.18.04.1/debian/changelog --- ca-certificates-java-20170930ubuntu1/debian/changelog 2018-04-08 08:19:21.000000000 -0300 +++ ca-certificates-java-20180516ubuntu1.18.04.1/debian/changelog 2018-05-17 11:10:59.000000000 -0300 @@ -1,6 +1,73 @@ +ca-certificates-java (20180516ubuntu1.18.04.1) bionic; urgency=medium + + * Backport from Cosmic. (LP: #1770553) + + -- Tiago Stürmer Daitx Thu, 17 May 2018 14:10:59 +0000 + +ca-certificates-java (20180516ubuntu1) cosmic; urgency=low + + * Merge from Debian unstable (LP: #1771815). Remaining changes: + - debian/control: Bump javahelper build dependency. + - debian/rules: + + Explicitly depend on openjdk-11-jre-headless, needed to configure. + + Replace javac arguments '-source 1.7 -target 1.7' with '--release 7' + as, per JEP-247, it also takes care of setting the right -bootclasspath + argument. + + -- Tiago Stürmer Daitx Thu, 17 May 2018 13:03:29 +0000 + +ca-certificates-java (20180516) unstable; urgency=medium + + * Team upload. + + [ Tiago Stürmer Daitx ] + * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file + with the right configuration is already supplied by the openjdk packages. + * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME + and update PATH if a known jvm was found. + * debian/postinst.in: Detect PKCS12 cacert keystore generated by + previous ca-certificates-java and convert them to JKS. (Closes: #898678) + (LP: #1771363) + + [ Matthias Klose ] + * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to + configure. + + [ Emmanuel Bourg ] + * Use salsa.debian.org Vcs-* URLs + + -- Emmanuel Bourg Wed, 16 May 2018 23:00:38 +0200 + +ca-certificates-java (20180413ubuntu1) cosmic; urgency=medium + + * Merge from debian unstable. Remaining changes: (LP: #1769013, + LP: #1739631) + + debian/control: Bump javahelper build dependency. + + debian/rules: + - Explicitly depend on openjdk-11-jre-headless, needed to configure. + - Replace javac arguments '-source 1.7 -target 1.7' with '--release 7' + as, per JEP-247, it also takes care of setting the right -bootclasspath + argument. + * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file + with the right configuration is already supplied by the openjdk packages. + + -- Tiago Stürmer Daitx Fri, 04 May 2018 01:31:24 +0000 + +ca-certificates-java (20180413) unstable; urgency=medium + + * Team upload. + * Always generate a JKS keystore instead of using the default format + (Closes: #894979) + * Look for Java 10 and Java 11 when detecting the JRE + * Removed Damien Raude-Morvan from the uploaders (Closes: #889412) + * Standards-Version updated to 4.1.4 + * Switch to debhelper level 11 + + -- Emmanuel Bourg Fri, 13 Apr 2018 14:15:39 +0200 + ca-certificates-java (20170930ubuntu1) bionic; urgency=medium - [ Tiago Stürmer Daitx + [ Tiago Stürmer Daitx ] * debian/rules: - depend on default-jre-headless 2:1.9 or newer instead of openjdk-8-jre-headless. diff -Nru ca-certificates-java-20170930ubuntu1/debian/compat ca-certificates-java-20180516ubuntu1.18.04.1/debian/compat --- ca-certificates-java-20170930ubuntu1/debian/compat 2017-05-31 09:39:26.000000000 -0300 +++ ca-certificates-java-20180516ubuntu1.18.04.1/debian/compat 2018-05-17 00:44:44.000000000 -0300 @@ -1 +1 @@ -9 +11 diff -Nru ca-certificates-java-20170930ubuntu1/debian/control ca-certificates-java-20180516ubuntu1.18.04.1/debian/control --- ca-certificates-java-20170930ubuntu1/debian/control 2018-04-08 08:17:36.000000000 -0300 +++ ca-certificates-java-20180516ubuntu1.18.04.1/debian/control 2018-05-17 00:44:44.000000000 -0300 @@ -4,12 +4,11 @@ Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Java Maintainers Uploaders: Matthias Klose , - Damien Raude-Morvan , James Page -Build-Depends: debhelper (>= 9), default-jdk, javahelper (>= 0.63ubuntu1), junit4 -Standards-Version: 4.1.0 -Vcs-Git: https://anonscm.debian.org/git/pkg-java/ca-certificates-java.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/ca-certificates-java.git +Build-Depends: debhelper (>= 11), default-jdk, javahelper (>= 0.63ubuntu1), junit4 +Standards-Version: 4.1.4 +Vcs-Git: https://salsa.debian.org/java-team/ca-certificates-java.git +Vcs-Browser: https://salsa.debian.org/java-team/ca-certificates-java Package: ca-certificates-java Architecture: all diff -Nru ca-certificates-java-20170930ubuntu1/debian/jks-keystore.hook.in ca-certificates-java-20180516ubuntu1.18.04.1/debian/jks-keystore.hook.in --- ca-certificates-java-20170930ubuntu1/debian/jks-keystore.hook.in 2017-05-31 09:39:26.000000000 -0300 +++ ca-certificates-java-20180516ubuntu1.18.04.1/debian/jks-keystore.hook.in 2018-05-17 10:01:28.000000000 -0300 @@ -40,21 +40,17 @@ java-8-openjdk-$arch java-8-openjdk \ oracle-java8-jre-$arch oracle-java8-server-jre-$arch oracle-java8-jdk-$arch \ java-9-openjdk-$arch java-9-openjdk \ - oracle-java9-jre-$arch oracle-java9-server-jre-$arch oracle-java9-jdk-$arch; do -if [ -x /usr/lib/jvm/$jvm/bin/java ]; then + oracle-java9-jre-$arch oracle-java9-server-jre-$arch oracle-java9-jdk-$arch \ + java-10-openjdk-$arch java-10-openjdk \ + oracle-java10-jre-$arch oracle-java10-server-jre-$arch oracle-java10-jdk-$arch \ + java-11-openjdk-$arch java-11-openjdk \ + oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do + if [ -x /usr/lib/jvm/$jvm/bin/java ]; then + export JAVA_HOME=/usr/lib/jvm/$jvm + PATH=$JAVA_HOME/bin:$PATH break -fi + fi done -export JAVA_HOME=/usr/lib/jvm/$jvm -PATH=$JAVA_HOME/bin:$PATH - -temp_jvm_cfg= -if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then - # the jre is not yet configured, but jvm.cfg is needed to run it - temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg - mkdir -p /etc/${jvm%-$arch} - printf -- "-server KNOWN\n" > $temp_jvm_cfg -fi if dpkg-query --version >/dev/null; then nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1) diff -Nru ca-certificates-java-20170930ubuntu1/debian/postinst.in ca-certificates-java-20180516ubuntu1.18.04.1/debian/postinst.in --- ca-certificates-java-20170930ubuntu1/debian/postinst.in 2018-04-06 13:59:39.000000000 -0300 +++ ca-certificates-java-20180516ubuntu1.18.04.1/debian/postinst.in 2018-05-17 00:44:44.000000000 -0300 @@ -25,20 +25,51 @@ setup_path() { - for jvm in default-java \ - java-7-openjdk-$arch java-7-openjdk \ + for jvm in java-7-openjdk-$arch java-7-openjdk \ oracle-java7-jre-$arch oracle-java7-server-jre-$arch oracle-java7-jdk-$arch \ java-8-openjdk-$arch java-8-openjdk \ oracle-java8-jre-$arch oracle-java8-server-jre-$arch oracle-java8-jdk-$arch \ java-9-openjdk-$arch java-9-openjdk \ oracle-java9-jre-$arch oracle-java9-server-jre-$arch oracle-java9-jdk-$arch \ - java-11-openjdk-$arch java-11-openjdk; do - if [ -x /usr/lib/jvm/$jvm/bin/java ]; then - break + java-10-openjdk-$arch java-10-openjdk \ + oracle-java10-jre-$arch oracle-java10-server-jre-$arch oracle-java10-jdk-$arch \ + java-11-openjdk-$arch java-11-openjdk \ + oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do + if [ -x /usr/lib/jvm/$jvm/bin/java ]; then + export JAVA_HOME=/usr/lib/jvm/$jvm + PATH=$JAVA_HOME/bin:$PATH + break fi done - export JAVA_HOME=/usr/lib/jvm/$jvm - PATH=$JAVA_HOME/bin:$PATH +} + +check_proc() +{ + if ! mountpoint -q /proc; then + echo >&2 "the keytool command requires a mounted proc fs (/proc)." + exit 1 + fi +} + +convert_pkcs12_keystore_to_jks() +{ + if ! keytool -importkeystore \ + -srckeystore /etc/ssl/certs/java/cacerts \ + -destkeystore /etc/ssl/certs/java/cacerts.dpkg-new \ + -srcstoretype PKCS12 \ + -deststoretype JKS \ + -srcstorepass "$storepass" \ + -deststorepass "$storepass" \ + -noprompt; then + echo "failed to convert PKCS12 keystore to JKS" >&2 + exit 1 + fi + + # only update if /etc/default/cacerts allows + if [ "$cacerts_updates" = "yes" ]; then + mv -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old + mv -f /etc/ssl/certs/java/cacerts.dpkg-new /etc/ssl/certs/java/cacerts + fi } first_install() @@ -89,14 +120,19 @@ cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old fi fi - if [ -z "$2" -o -n "$FIXOLD" ]; then - setup_path - if ! mountpoint -q /proc; then - echo >&2 "the keytool command requires a mounted proc fs (/proc)." - exit 1 + setup_path + + if dpkg --compare-versions "$2" lt "20180516"; then + if [ -e /etc/ssl/certs/java/cacerts \ + -a "$(head -c4 /etc/ssl/certs/java/cacerts)" != "$(echo -en '\xfe\xed\xfe\xed')" ]; then + check_proc + convert_pkcs12_keystore_to_jks fi + fi + if [ -z "$2" -o -n "$FIXOLD" ]; then + check_proc trap do_cleanup EXIT first_install fi diff -Nru ca-certificates-java-20170930ubuntu1/src/main/java/org/debian/security/KeyStoreHandler.java ca-certificates-java-20180516ubuntu1.18.04.1/src/main/java/org/debian/security/KeyStoreHandler.java --- ca-certificates-java-20170930ubuntu1/src/main/java/org/debian/security/KeyStoreHandler.java 2017-05-31 09:39:26.000000000 -0300 +++ ca-certificates-java-20180516ubuntu1.18.04.1/src/main/java/org/debian/security/KeyStoreHandler.java 2018-05-17 00:44:43.000000000 -0300 @@ -56,7 +56,7 @@ * Try to open an existing keystore or create an new one. */ public void load() throws GeneralSecurityException, IOException, InvalidKeystorePasswordException { - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); + KeyStore ks = KeyStore.getInstance("JKS"); File file = new File(filename); FileInputStream in = null; if (file.canRead()) {