openjdk-17: Add patch for CVE-2022-21449

packages/openjdk-17/CVE-2022-21449.patch

@@ -0,0 +1,76 @@
+From 2d4103a3d929e05edca98e7703e0869077966be7 Mon Sep 17 00:00:00 2001
+From: Aleksei Voitylov <avoitylov@openjdk.org>
+Date: Mon, 10 Jan 2022 21:08:58 +0000
+Subject: [PATCH] 8277233: Improve ECDSA signature support
+
+Reviewed-by: mbaesken
+Backport-of: 34714d63f1be267c2bc2ae7a55f936deab8ea6d2
+---
+ .../share/classes/sun/security/provider/DSA.java    |  5 +++--
+ .../classes/sun/security/ec/ECDSAOperations.java    | 13 +++++++++++--
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/java.base/share/classes/sun/security/provider/DSA.java b/src/java.base/share/classes/sun/security/provider/DSA.java
+index a7c42a1f35a..6cbc7d0fbc9 100644
+--- a/src/java.base/share/classes/sun/security/provider/DSA.java
++++ b/src/java.base/share/classes/sun/security/provider/DSA.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -362,7 +362,8 @@ protected boolean engineVerify(byte[] signature, int offset, int length)
+             s = new BigInteger(1, s.toByteArray());
+         }
+ 
+-        if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)) {
++        if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)
++                && r.signum() > 0 && s.signum() > 0) {
+             BigInteger w = generateW(presetP, presetQ, presetG, s);
+             BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r);
+             return v.equals(r);
+diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
+index 00010d28d1b..af6b1e160ca 100644
+--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
++++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -30,6 +30,7 @@
+ import sun.security.util.math.*;
+ import static sun.security.ec.ECOperations.IntermediateValueException;
+ 
++import java.math.BigInteger;
+ import java.security.ProviderException;
+ import java.security.spec.*;
+ import java.util.Arrays;
+@@ -200,7 +201,8 @@ public boolean verifySignedDigest(byte[] digest, byte[] sig, ECPoint pp) {
+ 
+         IntegerFieldModuloP field = ecOps.getField();
+         IntegerFieldModuloP orderField = ecOps.getOrderField();
+-        int length = (orderField.getSize().bitLength() + 7) / 8;
++        BigInteger mod = orderField.getSize();
++        int length = (mod.bitLength() + 7) / 8;
+ 
+         byte[] r;
+         byte[] s;
+@@ -218,6 +220,13 @@ public boolean verifySignedDigest(byte[] digest, byte[] sig, ECPoint pp) {
+             System.arraycopy(sig, encodeLength, s, length - encodeLength, encodeLength);
+         }
+ 
++        BigInteger rb = new BigInteger(1, r);
++        BigInteger sb = new BigInteger(1, s);
++        if (rb.signum() == 0 || sb.signum() == 0
++                || rb.compareTo(mod) >= 0 || sb.compareTo(mod) >= 0) {
++            return false;
++        }
++
+         ArrayUtil.reverse(r);
+         ArrayUtil.reverse(s);
+         IntegerModuloP ri = orderField.getElement(r);

packages/openjdk-17/build.sh

@@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Java development kit and runtime"
 TERMUX_PKG_LICENSE="GPL-2.0"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION=17.0
-TERMUX_PKG_REVISION=18
+TERMUX_PKG_REVISION=19
 TERMUX_PKG_SRCURL=https://github.com/termux/openjdk-mobile-termux/archive/ec285598849a27f681ea6269342cf03cf382eb56.tar.gz
 TERMUX_PKG_SHA256=d7c6ead9d80d0f60d98d0414e9dc87f5e18a304e420f5cd21f1aa3210c1a1528
 TERMUX_PKG_DEPENDS="freetype, giflib, libandroid-shmem, libandroid-spawn, libiconv, zlib, xorgproto, libx11, libxcursor, libxext, cups, fontconfig, libjpeg-turbo, libpng, libxrender, libxtst, libxrandr, libxt, libxi"