diff --git a/vendor/generate_jre.sh b/vendor/generate_jre.sh index ad0bd5d..4c843f2 100755 --- a/vendor/generate_jre.sh +++ b/vendor/generate_jre.sh @@ -3,7 +3,7 @@ # This script is used as a reference to generate a stripped-down JRE for the server rm -rf java/ -curl -L https://download.java.net/java/GA/jdk19/877d6127e982470ba2a7faa31cc93d04/36/GPL/openjdk-19_linux-x64_bin.tar.gz > openjdk.tar.gz +curl -L https://download.java.net/java/GA/jdk20/bdc68b4b9cbc4ebcb30745c85038d91d/36/GPL/openjdk-20_linux-x64_bin.tar.gz > openjdk.tar.gz tar -zxvf openjdk.tar.gz rm openjdk.tar.gz mv jdk* jdk/ diff --git a/vendor/java/bin/java b/vendor/java/bin/java index 7047bb3..b59eaf8 100755 Binary files a/vendor/java/bin/java and b/vendor/java/bin/java differ diff --git a/vendor/java/conf/security/java.security b/vendor/java/conf/security/java.security index 7cbbf08..e56c904 100644 --- a/vendor/java/conf/security/java.security +++ b/vendor/java/conf/security/java.security @@ -22,6 +22,12 @@ # the command line, set the key security.overridePropertiesFile # to false in the master security properties file. It is set to true # by default. +# +# If this properties file fails to load, the JDK implementation will throw +# an unspecified error when initializing the java.security.Security class. +# Properties in this file are typically parsed only once. If any of the +# properties are modified, applications should be restarted to ensure the +# changes are properly reflected. # In this file, various security properties are set for use by # java.security classes. This is where users can statically register @@ -731,8 +737,9 @@ http.auth.digest.disabledAlgorithms = MD5, SHA-1 # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \ # rsa_pkcs1_sha1, secp224r1 -jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ - DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL +jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \ + MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + ECDH # # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) @@ -1362,17 +1369,18 @@ jdk.io.permissionsUseCanonicalPath=false jdk.tls.alpnCharset=ISO_8859_1 # -# JNDI Object Factories Filter +# Global JNDI Object Factories Filter # # This filter is used by the JNDI runtime to control the set of object factory classes # which will be allowed to instantiate objects from object references returned by # naming/directory systems. The factory class named by the reference instance will be # matched against this filter. The filter property supports pattern-based filter syntax -# with the same format as jdk.serialFilter. +# with the same format as jdk.serialFilter. Limit patterns specified in the filter property +# are unused. # -# Each pattern is matched against the factory class name to allow or disallow it's -# instantiation. The access to a factory class is allowed unless the filter returns -# REJECTED. +# Each class name pattern is matched against the factory class name to allow or disallow its +# instantiation. The access to a factory class is allowed if the filter returns +# ALLOWED. # # Note: This property is currently used by the JDK Reference implementation. # It is not guaranteed to be examined and used by other implementations. @@ -1384,6 +1392,58 @@ jdk.tls.alpnCharset=ISO_8859_1 # instance to recreate the referenced object. #jdk.jndi.object.factoriesFilter=* +# +# Protocol Specific JNDI/LDAP Object Factories Filter +# +# This filter is used by the JNDI/LDAP provider implementation in the JDK to further control the +# set of object factory classes which will be allowed to instantiate objects from object +# references bound to LDAP contexts. The factory class named by the reference instance will +# be matched against this filter. The filter property supports pattern-based filter syntax +# with the same format as jdk.serialFilter. Limit patterns specified in the filter property +# are unused. +# +# Each class name pattern is matched against the factory class name to allow or disallow its +# instantiation. The access to a factory class is allowed only when it is not rejected by this filter +# or by the global filter defined by "jdk.jndi.object.factoriesFilter", and at least one of these +# two filters returns ALLOWED. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# +# If the system property jdk.jndi.ldap.object.factoriesFilter is also specified, it supersedes +# the security property value defined here. The default value of the property is +# "java.naming/com.sun.jndi.ldap.**;!*". +# +# The default pattern value allows any object factory class defined in the java.naming module +# to be specified by the reference instance, but rejects any other. +#jdk.jndi.ldap.object.factoriesFilter=java.naming/com.sun.jndi.ldap.**;!* + +# +# Protocol Specific JNDI/RMI Object Factories Filter +# +# This filter is used by the JNDI/RMI provider implementation in the JDK to further control the +# set of object factory classes which will be allowed to instantiate objects from object +# references bound to RMI names. The factory class named by the reference instance will +# be matched against this filter. The filter property supports pattern-based filter syntax +# with the same format as jdk.serialFilter. Limit patterns specified in the filter property +# are unused. +# +# Each class name pattern is matched against the factory class name to allow or disallow its +# instantiation. The access to a factory class is allowed only when it is not rejected by this filter +# or by the global filter defined by "jdk.jndi.object.factoriesFilter", and at least one of these +# two filters returns ALLOWED. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# +# If the system property jdk.jndi.rmi.object.factoriesFilter is also specified, it supersedes +# the security property value defined here. The default value of the property is +# "jdk.naming.rmi/com.sun.jndi.rmi.**;!*". +# +# The default pattern value allows any object factory class defined in the jdk.naming.rmi module +# to be specified by the reference instance, but rejects any other. +#jdk.jndi.rmi.object.factoriesFilter=jdk.naming.rmi/com.sun.jndi.rmi.**;!* + # # Policy for non-forwardable service ticket in a S4U2proxy request # diff --git a/vendor/java/lib/classlist b/vendor/java/lib/classlist index e1cbf0d..f6e2342 100644 --- a/vendor/java/lib/classlist +++ b/vendor/java/lib/classlist @@ -150,7 +150,6 @@ java/lang/Thread$FieldHolder java/lang/Thread$State java/lang/Thread$ThreadIdentifiers java/lang/Thread$UncaughtExceptionHandler -java/lang/ThreadDeath java/lang/ThreadGroup java/lang/ThreadLocal java/lang/ThreadLocal$ThreadLocalMap @@ -304,6 +303,26 @@ java/lang/ref/ReferenceQueue java/lang/ref/ReferenceQueue$Null java/lang/ref/SoftReference java/lang/ref/WeakReference +java/lang/reflect/AccessFlag +java/lang/reflect/AccessFlag$1 +java/lang/reflect/AccessFlag$10 +java/lang/reflect/AccessFlag$11 +java/lang/reflect/AccessFlag$12 +java/lang/reflect/AccessFlag$13 +java/lang/reflect/AccessFlag$14 +java/lang/reflect/AccessFlag$15 +java/lang/reflect/AccessFlag$16 +java/lang/reflect/AccessFlag$17 +java/lang/reflect/AccessFlag$18 +java/lang/reflect/AccessFlag$2 +java/lang/reflect/AccessFlag$3 +java/lang/reflect/AccessFlag$4 +java/lang/reflect/AccessFlag$5 +java/lang/reflect/AccessFlag$6 +java/lang/reflect/AccessFlag$7 +java/lang/reflect/AccessFlag$8 +java/lang/reflect/AccessFlag$9 +java/lang/reflect/AccessFlag$Location java/lang/reflect/AccessibleObject java/lang/reflect/AnnotatedElement java/lang/reflect/Array @@ -394,7 +413,6 @@ java/security/AccessController java/security/AllPermission java/security/BasicPermission java/security/BasicPermissionCollection -java/security/CodeSigner java/security/CodeSource java/security/Guard java/security/Permission @@ -723,6 +741,7 @@ java/util/concurrent/locks/AbstractOwnableSynchronizer java/util/concurrent/locks/AbstractQueuedSynchronizer java/util/concurrent/locks/AbstractQueuedSynchronizer$ConditionNode java/util/concurrent/locks/AbstractQueuedSynchronizer$ConditionObject +java/util/concurrent/locks/AbstractQueuedSynchronizer$ExclusiveNode java/util/concurrent/locks/AbstractQueuedSynchronizer$Node java/util/concurrent/locks/Condition java/util/concurrent/locks/Lock @@ -913,6 +932,7 @@ jdk/internal/access/JavaNetURLAccess jdk/internal/access/JavaNetUriAccess jdk/internal/access/JavaNioAccess jdk/internal/access/JavaSecurityAccess +jdk/internal/access/JavaSecurityPropertiesAccess jdk/internal/access/JavaUtilConcurrentFJPAccess jdk/internal/access/JavaUtilJarAccess jdk/internal/access/JavaUtilResourceBundleAccess @@ -984,6 +1004,7 @@ jdk/internal/math/MathUtils jdk/internal/misc/Blocker jdk/internal/misc/CDS jdk/internal/misc/CarrierThread +jdk/internal/misc/CarrierThreadLocal jdk/internal/misc/InnocuousThread jdk/internal/misc/InternalLock jdk/internal/misc/OSEnvironment @@ -1120,6 +1141,7 @@ sun/invoke/util/Wrapper$1 sun/invoke/util/Wrapper$Format sun/launcher/LauncherHelper sun/net/util/IPAddressUtil +sun/net/util/IPAddressUtil$MASKS sun/net/util/URLUtil sun/net/www/ParseUtil sun/net/www/protocol/file/Handler @@ -1341,6 +1363,7 @@ sun/util/spi/CalendarProvider @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStatic L_L @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStatic L_V @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStaticInit LL_L +@lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStaticInit L_L @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeVirtual L3_V @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeVirtual LL_L @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder newInvokeSpecial L3_L @@ -1409,7 +1432,9 @@ sun/util/spi/CalendarProvider @lambda-proxy java/lang/module/ModuleFinder$2 apply ()Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeStatic java/lang/module/ModuleFinder$2 lambda$findAll$2 (Ljava/lang/module/ModuleFinder;)Ljava/util/stream/Stream; (Ljava/lang/module/ModuleFinder;)Ljava/util/stream/Stream; @lambda-proxy java/lang/module/ModuleFinder$2 apply ()Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeVirtual java/util/Optional stream ()Ljava/util/stream/Stream; (Ljava/util/Optional;)Ljava/util/stream/Stream; @lambda-proxy java/lang/module/ModuleFinder$2 apply (Ljava/lang/String;)Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeStatic java/lang/module/ModuleFinder$2 lambda$find$0 (Ljava/lang/String;Ljava/lang/module/ModuleFinder;)Ljava/util/Optional; (Ljava/lang/module/ModuleFinder;)Ljava/util/Optional; +@lambda-proxy java/security/Security run ()Ljava/security/PrivilegedAction; ()Ljava/lang/Object; REF_invokeStatic java/security/Security lambda$static$0 ()Ljava/lang/Object; ()Ljava/lang/Object; @lambda-proxy java/text/DecimalFormatSymbols test ()Ljava/util/function/IntPredicate; (I)Z REF_invokeStatic java/text/DecimalFormatSymbols lambda$findNonFormatChar$0 (I)Z (I)Z +@lambda-proxy java/time/ZoneOffset apply ()Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeStatic java/time/ZoneOffset lambda$ofTotalSeconds$0 (Ljava/lang/Integer;)Ljava/time/ZoneOffset; (Ljava/lang/Integer;)Ljava/time/ZoneOffset; @lambda-proxy java/time/format/DateTimeFormatter queryFrom ()Ljava/time/temporal/TemporalQuery; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Object; REF_invokeStatic java/time/format/DateTimeFormatter lambda$static$0 (Ljava/time/temporal/TemporalAccessor;)Ljava/time/Period; (Ljava/time/temporal/TemporalAccessor;)Ljava/time/Period; @lambda-proxy java/time/format/DateTimeFormatter queryFrom ()Ljava/time/temporal/TemporalQuery; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Object; REF_invokeStatic java/time/format/DateTimeFormatter lambda$static$1 (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Boolean; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Boolean; @lambda-proxy java/time/format/DateTimeFormatterBuilder queryFrom ()Ljava/time/temporal/TemporalQuery; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Object; REF_invokeStatic java/time/format/DateTimeFormatterBuilder lambda$static$0 (Ljava/time/temporal/TemporalAccessor;)Ljava/time/ZoneId; (Ljava/time/temporal/TemporalAccessor;)Ljava/time/ZoneId; diff --git a/vendor/java/lib/jexec b/vendor/java/lib/jexec index beaf9aa..af1ad16 100755 Binary files a/vendor/java/lib/jexec and b/vendor/java/lib/jexec differ diff --git a/vendor/java/lib/jrt-fs.jar b/vendor/java/lib/jrt-fs.jar index f23f62d..e2a2f2d 100644 Binary files a/vendor/java/lib/jrt-fs.jar and b/vendor/java/lib/jrt-fs.jar differ diff --git a/vendor/java/lib/jspawnhelper b/vendor/java/lib/jspawnhelper index 9da7653..bc70c9d 100755 Binary files a/vendor/java/lib/jspawnhelper and b/vendor/java/lib/jspawnhelper differ diff --git a/vendor/java/lib/libawt.so b/vendor/java/lib/libawt.so index e1b9fd7..3bf820e 100644 Binary files a/vendor/java/lib/libawt.so and b/vendor/java/lib/libawt.so differ diff --git a/vendor/java/lib/libawt_headless.so b/vendor/java/lib/libawt_headless.so index b71b004..2284858 100644 Binary files a/vendor/java/lib/libawt_headless.so and b/vendor/java/lib/libawt_headless.so differ diff --git a/vendor/java/lib/libawt_xawt.so b/vendor/java/lib/libawt_xawt.so index acf87f9..a57c1a7 100644 Binary files a/vendor/java/lib/libawt_xawt.so and b/vendor/java/lib/libawt_xawt.so differ diff --git a/vendor/java/lib/libfontmanager.so b/vendor/java/lib/libfontmanager.so index ff4bf57..7d73c5c 100644 Binary files a/vendor/java/lib/libfontmanager.so and b/vendor/java/lib/libfontmanager.so differ diff --git a/vendor/java/lib/libinstrument.so b/vendor/java/lib/libinstrument.so index bdc3c24..d380399 100644 Binary files a/vendor/java/lib/libinstrument.so and b/vendor/java/lib/libinstrument.so differ diff --git a/vendor/java/lib/libj2gss.so b/vendor/java/lib/libj2gss.so index 8ee3959..27af208 100644 Binary files a/vendor/java/lib/libj2gss.so and b/vendor/java/lib/libj2gss.so differ diff --git a/vendor/java/lib/libjaas.so b/vendor/java/lib/libjaas.so index 8b11a4e..5ff86c4 100644 Binary files a/vendor/java/lib/libjaas.so and b/vendor/java/lib/libjaas.so differ diff --git a/vendor/java/lib/libjava.so b/vendor/java/lib/libjava.so index 77384bf..c50a7c7 100644 Binary files a/vendor/java/lib/libjava.so and b/vendor/java/lib/libjava.so differ diff --git a/vendor/java/lib/libjavajpeg.so b/vendor/java/lib/libjavajpeg.so index 2fac22c..e422f50 100644 Binary files a/vendor/java/lib/libjavajpeg.so and b/vendor/java/lib/libjavajpeg.so differ diff --git a/vendor/java/lib/libjawt.so b/vendor/java/lib/libjawt.so index 32b8016..76787bd 100644 Binary files a/vendor/java/lib/libjawt.so and b/vendor/java/lib/libjawt.so differ diff --git a/vendor/java/lib/libjimage.so b/vendor/java/lib/libjimage.so index e759167..a7b456c 100644 Binary files a/vendor/java/lib/libjimage.so and b/vendor/java/lib/libjimage.so differ diff --git a/vendor/java/lib/libjli.so b/vendor/java/lib/libjli.so index 20c2810..446591a 100644 Binary files a/vendor/java/lib/libjli.so and b/vendor/java/lib/libjli.so differ diff --git a/vendor/java/lib/libjsig.so b/vendor/java/lib/libjsig.so index 3927631..1d4b524 100644 Binary files a/vendor/java/lib/libjsig.so and b/vendor/java/lib/libjsig.so differ diff --git a/vendor/java/lib/libjsound.so b/vendor/java/lib/libjsound.so index d595595..2eb098a 100644 Binary files a/vendor/java/lib/libjsound.so and b/vendor/java/lib/libjsound.so differ diff --git a/vendor/java/lib/liblcms.so b/vendor/java/lib/liblcms.so index 86d322c..b7fc57d 100644 Binary files a/vendor/java/lib/liblcms.so and b/vendor/java/lib/liblcms.so differ diff --git a/vendor/java/lib/libmanagement.so b/vendor/java/lib/libmanagement.so index ee88c8a..65b5513 100644 Binary files a/vendor/java/lib/libmanagement.so and b/vendor/java/lib/libmanagement.so differ diff --git a/vendor/java/lib/libmlib_image.so b/vendor/java/lib/libmlib_image.so index 9f92dd0..7a966cc 100644 Binary files a/vendor/java/lib/libmlib_image.so and b/vendor/java/lib/libmlib_image.so differ diff --git a/vendor/java/lib/libnet.so b/vendor/java/lib/libnet.so index 7762707..c060a5f 100644 Binary files a/vendor/java/lib/libnet.so and b/vendor/java/lib/libnet.so differ diff --git a/vendor/java/lib/libnio.so b/vendor/java/lib/libnio.so index 5ec6c80..842cc71 100644 Binary files a/vendor/java/lib/libnio.so and b/vendor/java/lib/libnio.so differ diff --git a/vendor/java/lib/libprefs.so b/vendor/java/lib/libprefs.so index 29e4393..9415331 100644 Binary files a/vendor/java/lib/libprefs.so and b/vendor/java/lib/libprefs.so differ diff --git a/vendor/java/lib/libsplashscreen.so b/vendor/java/lib/libsplashscreen.so index aebaf7d..4c2244c 100644 Binary files a/vendor/java/lib/libsplashscreen.so and b/vendor/java/lib/libsplashscreen.so differ diff --git a/vendor/java/lib/libsyslookup.so b/vendor/java/lib/libsyslookup.so index 767ebeb..eff9d90 100644 Binary files a/vendor/java/lib/libsyslookup.so and b/vendor/java/lib/libsyslookup.so differ diff --git a/vendor/java/lib/libverify.so b/vendor/java/lib/libverify.so index f964150..f0c05bc 100644 Binary files a/vendor/java/lib/libverify.so and b/vendor/java/lib/libverify.so differ diff --git a/vendor/java/lib/libzip.so b/vendor/java/lib/libzip.so index 712a6c8..ea24b9d 100644 Binary files a/vendor/java/lib/libzip.so and b/vendor/java/lib/libzip.so differ diff --git a/vendor/java/lib/modules b/vendor/java/lib/modules index fc3aa6e..ee4edd0 100644 Binary files a/vendor/java/lib/modules and b/vendor/java/lib/modules differ diff --git a/vendor/java/lib/security/default.policy b/vendor/java/lib/security/default.policy index 20f53b1..2a01c06 100644 --- a/vendor/java/lib/security/default.policy +++ b/vendor/java/lib/security/default.policy @@ -19,6 +19,7 @@ grant codeBase "jrt:/java.net.http" { permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.ref"; permission java.lang.RuntimePermission "modifyThread"; permission java.net.SocketPermission "*","connect,resolve"; // required if the HTTPClient is configured to use a local bind address @@ -133,6 +134,7 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" { permission java.lang.RuntimePermission "accessClassInPackage.com.sun.crypto.provider"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.access"; permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; diff --git a/vendor/java/lib/server/libjsig.so b/vendor/java/lib/server/libjsig.so index 3927631..1d4b524 100644 Binary files a/vendor/java/lib/server/libjsig.so and b/vendor/java/lib/server/libjsig.so differ diff --git a/vendor/java/lib/server/libjvm.so b/vendor/java/lib/server/libjvm.so index fec6cdf..cca4909 100644 Binary files a/vendor/java/lib/server/libjvm.so and b/vendor/java/lib/server/libjvm.so differ diff --git a/vendor/java/lib/tzdb.dat b/vendor/java/lib/tzdb.dat index 4bfbcc3..84a5550 100644 Binary files a/vendor/java/lib/tzdb.dat and b/vendor/java/lib/tzdb.dat differ diff --git a/vendor/java/release b/vendor/java/release index 26d2b07..96c7abe 100644 --- a/vendor/java/release +++ b/vendor/java/release @@ -1,2 +1,2 @@ -JAVA_VERSION="19" +JAVA_VERSION="20" MODULES="java.base java.datatransfer java.xml java.prefs java.desktop java.instrument java.logging java.management java.security.sasl java.naming java.net.http java.scripting java.security.jgss java.transaction.xa java.sql jdk.crypto.ec jdk.security.auth jdk.unsupported jdk.zipfs"