rpms/java-1.8.0-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import java-1.8.0-openjdk-1.8.0.232.b09-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 10:57:15 -05:00 committed by Stepan Oksanichenko
parent 6079383309
commit 004dfac25d
31 changed files with 530 additions and 2162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u212-b04.tar.xz
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b09.tar.xz
SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz

2
.java-1.8.0-openjdk.metadata
View File

@ -1,2 +1,2 @@
ca52171b9a47c3efd4714f974ca4e6c27d890c55 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u212-b04.tar.xz
ca59ed55769893ca7a5bcff04612141f696ea2e9 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b09.tar.xz
cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz

35
SOURCES/8223219-fstack-protector-hotspot.patch
View File

@ -1,35 +0,0 @@
diff --git openjdk.orig/hotspot/make/bsd/makefiles/gcc.make openjdk/hotspot/make/bsd/makefiles/gcc.make
--- openjdk.orig/hotspot/make/bsd/makefiles/gcc.make
+++ openjdk/hotspot/make/bsd/makefiles/gcc.make
@@ -190,7 +190,7 @@
CFLAGS += -fno-exceptions
ifeq ($(USE_CLANG),)
CFLAGS += -pthread
- CFLAGS += -fcheck-new -fstack-protector
+ CFLAGS += -fcheck-new
# version 4 and above support fvisibility=hidden (matches jni_x86.h file)
# except 4.1.2 gives pointless warnings that can't be disabled (afaik)
ifneq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 3 \) \))" "0"
diff --git openjdk.orig/hotspot/make/linux/makefiles/gcc.make openjdk/hotspot/make/linux/makefiles/gcc.make
--- openjdk.orig/hotspot/make/linux/makefiles/gcc.make
+++ openjdk/hotspot/make/linux/makefiles/gcc.make
@@ -150,7 +150,7 @@
CFLAGS += -fno-exceptions
CFLAGS += -D_REENTRANT
ifeq ($(USE_CLANG),)
- CFLAGS += -fcheck-new -fstack-protector
+ CFLAGS += -fcheck-new
# version 4 and above support fvisibility=hidden (matches jni_x86.h file)
# except 4.1.2 gives pointless warnings that can't be disabled (afaik)
ifneq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 3 \) \))" "0"
diff --git openjdk.orig/hotspot/make/solaris/makefiles/gcc.make openjdk/hotspot/make/solaris/makefiles/gcc.make
--- openjdk.orig/hotspot/make/solaris/makefiles/gcc.make
+++ openjdk/hotspot/make/solaris/makefiles/gcc.make
@@ -75,7 +75,6 @@
CFLAGS += -fno-exceptions
CFLAGS += -D_REENTRANT
CFLAGS += -fcheck-new
-CFLAGS += -fstack-protector
ARCHFLAG = $(ARCHFLAG/$(BUILDARCH))

33
SOURCES/8223219-fstack-protector-root.patch
View File

@ -1,33 +0,0 @@
diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4
--- openjdk.orig/common/autoconf/flags.m4
+++ openjdk/common/autoconf/flags.m4
@@ -388,16 +388,8 @@
CFLAGS_JDK="${CFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
CXXFLAGS_JDK="${CXXFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
elif test "x$TOOLCHAIN_TYPE" = xgcc; then
- case $OPENJDK_TARGET_CPU_ARCH in
- x86 )
- LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector"
- LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector"
- ;;
- x86_64 )
- LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector"
- LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector"
- ;;
- esac
+ LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector"
+ LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector"
if test "x$OPENJDK_TARGET_OS" != xmacosx; then
LDFLAGS_JDK="$LDFLAGS_JDK -Wl,-z,relro"
LEGACY_EXTRA_LDFLAGS="$LEGACY_EXTRA_LDFLAGS -Wl,-z,relro"
@@ -464,10 +456,6 @@
ppc )
# on ppc we don't prevent gcc to omit frame pointer nor strict-aliasing
;;
- x86 )
- CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer -fstack-protector"
- CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing -fstack-protector"
- ;;
* )
CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer"
CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing"

7
SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh
View File

@ -129,10 +129,3 @@ rm -vf ${LCMS_SRC}/lcms2.h
rm -vf ${LCMS_SRC}/lcms2_internal.h
rm -vf ${LCMS_SRC}/lcms2_plugin.h
fi
# Get rid of in-tree SunEC until RH1656676 is implemented
echo "Removing SunEC native code"
mv -v openjdk/jdk/src/share/native/sun/security/ec/impl/ecc_impl.h .
rm -vrf openjdk/jdk/src/share/native/sun/security/ec/impl
mkdir openjdk/jdk/src/share/native/sun/security/ec/impl
mv -v ecc_impl.h openjdk/jdk/src/share/native/sun/security/ec/impl

28
SOURCES/jdk8064786-pr3599-fix_debug_build_after_8062808_Turn_on_the_wreturn_type_warning.patch
View File

@ -1,28 +0,0 @@
# HG changeset patch
# User goetz
# Date 1415873641 -3600
# Thu Nov 13 11:14:01 2014 +0100
# Node ID 1878c4c1d04e1f3c6f67a19d36c35863d6b5f906
# Parent 533473c67de6ff767710594639033c8e83523fe5
8064786, PR3599: Fix debug build after 8062808: Turn on the -Wreturn-type warning
Reviewed-by: stefank, tschatzl
diff --git openjdk.orig/hotspot/src/share/vm/prims/jni.cpp openjdk/hotspot/src/share/vm/prims/jni.cpp
--- openjdk.orig/hotspot/src/share/vm/prims/jni.cpp
+++ openjdk/hotspot/src/share/vm/prims/jni.cpp
@@ -708,6 +708,7 @@
THROW_OOP_(JNIHandles::resolve(obj), JNI_OK);
ShouldNotReachHere();
+ return 0; // Mute compiler.
JNI_END
#ifndef USDT2
@@ -734,6 +735,7 @@
Handle protection_domain (THREAD, k->protection_domain());
THROW_MSG_LOADER_(name, (char *)message, class_loader, protection_domain, JNI_OK);
ShouldNotReachHere();
+ return 0; // Mute compiler.
JNI_END

55
SOURCES/jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch
View File

@ -1,55 +0,0 @@
# HG changeset patch
# User coleenp
# Date 1525713256 -3600
# Mon May 07 18:14:16 2018 +0100
# Node ID bcbc64dfb629c5f188bbf59b8f986ad95963ed60
# Parent 07a1135a327362f157955d470fad5df07cc35164
8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers
Summary: change to include atomic.inline.hpp and allocation.inline.hpp only in .cpp files and some build fixes from Kim to build on ubuntu without devkits
Reviewed-by: kbarrett, sgehwolf, erikj
diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hotspot/make/linux/makefiles/zeroshark.make
--- openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make
+++ openjdk/hotspot/make/linux/makefiles/zeroshark.make
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
# Copyright 2007, 2008 Red Hat, Inc.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
@@ -25,8 +25,15 @@
# Setup common to Zero (non-Shark) and Shark versions of VM
-# override this from the main file because some version of llvm do not like -Wundef
-WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wunused-function -Wunused-value
+# Some versions of llvm do not like -Wundef
+ifeq ($(USE_CLANG), true)
+ WARNING_FLAGS += -Wno-undef
+endif
+# Suppress some warning flags that are normally turned on for hotspot,
+# because some of the zero code has not been updated accordingly.
+WARNING_FLAGS += -Wno-return-type \
+ -Wno-format-nonliteral -Wno-format-security \
+ -Wno-maybe-uninitialized
# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized
OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
@@ -42,5 +49,3 @@
ifeq ($(ARCH_DATA_MODEL), 64)
CFLAGS += -D_LP64=1
endif
-
-OPT_CFLAGS/compactingPermGenGen.o = -O1
diff --git openjdk.orig/hotspot/src/share/vm/runtime/java.cpp openjdk/hotspot/src/share/vm/runtime/java.cpp
--- openjdk.orig/hotspot/src/share/vm/runtime/java.cpp
+++ openjdk/hotspot/src/share/vm/runtime/java.cpp
@@ -45,6 +45,7 @@
#include "runtime/arguments.hpp"
#include "runtime/biasedLocking.hpp"
#include "runtime/compilationPolicy.hpp"
+#include "runtime/deoptimization.hpp"
#include "runtime/fprofiler.hpp"
#include "runtime/init.hpp"
#include "runtime/interfaceSupport.hpp"

12
SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch
View File

@ -17,8 +17,8 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots
# Copyright 2007, 2008 Red Hat, Inc.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
@@ -29,11 +29,6 @@
ifeq ($(USE_CLANG), true)
@@ -29,12 +29,7 @@
ifeq ($(JVM_VARIANT_ZEROSHARK), true)
WARNING_FLAGS += -Wno-undef
endif
-# Suppress some warning flags that are normally turned on for hotspot,
@ -26,9 +26,11 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots
-WARNING_FLAGS += -Wno-return-type \
- -Wno-format-nonliteral -Wno-format-security \
- -Wno-maybe-uninitialized
-
+
# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized
OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
# If FDLIBM_CFLAGS is non-empty it holds CFLAGS needed to be passed to
# the compiler so as to be able to produce optimized objects
diff --git openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
--- openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
+++ openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
@ -60,7 +62,7 @@ diff --git openjdk.orig/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp openjdk/h
switch (type) {
case T_VOID:
ftype = &ffi_type_void;
diff --git a/src/os_cpu/linux_zero/vm/os_linux_zero.cpp b/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
--- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
+++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
@@ -1,6 +1,6 @@

121
SOURCES/jdk8171000-pr3542-rh1402819-robot_createScreenCapture_crashes_in_wayland_mode.patch
View File

@ -1,121 +0,0 @@
# HG changeset patch
# User kaddepalli
# Date 1517818481 -19800
# Mon Feb 05 13:44:41 2018 +0530
# Node ID b77308735540644d4710244e3c88865067f2905a
# Parent 39bfc94b1f4265b645c2970a58389acc779dafe9
8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode
Reviewed-by: serb, mhalder
diff --git openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c openjdk/jdk/src/solaris/native/sun/awt/multiVis.c
--- openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c
+++ openjdk/jdk/src/solaris/native/sun/awt/multiVis.c
@@ -394,77 +394,48 @@
XRectangle bbox; /* bounding box of grabbed area */
list_ptr regions;/* list of regions to read from */
{
- image_region_type *reg;
- int32_t dst_x, dst_y; /* where in pixmap to write (UL) */
- int32_t diff;
-
- XImage *reg_image,*ximage ;
- int32_t srcRect_x,srcRect_y,srcRect_width,srcRect_height ;
- int32_t rem ;
- int32_t bytes_per_line;
- int32_t bitmap_unit;
-
- bitmap_unit = sizeof (long);
- if (format == ZPixmap)
- bytes_per_line = width*depth/8;
- else
- bytes_per_line = width/8;
-
-
- /* Find out how many more bytes are required for padding so that
- ** bytes per scan line will be multiples of bitmap_unit bits */
- if (format == ZPixmap) {
- rem = (bytes_per_line*8)%bitmap_unit;
- if (rem)
- bytes_per_line += (rem/8 + 1);
- }
+ XImage *ximage ;
ximage = XCreateImage(disp,fakeVis,(uint32_t) depth,format,0,NULL,
(uint32_t)width,(uint32_t)height,8,0);
- bytes_per_line = ximage->bytes_per_line;
-
- if (format == ZPixmap)
- ximage->data = malloc(height*bytes_per_line);
- else
- ximage->data = malloc(height*bytes_per_line*depth);
-
+ ximage->data = calloc(ximage->bytes_per_line*height*((format==ZPixmap)? 1 : depth), sizeof(char));
ximage->bits_per_pixel = depth; /** Valid only if format is ZPixmap ***/
- for (reg = (image_region_type *) first_in_list( regions); reg;
+ for (image_region_type* reg = (image_region_type *) first_in_list( regions); reg;
reg = (image_region_type *) next_in_list( regions))
{
- int32_t rect;
- struct my_XRegion *vis_reg;
- vis_reg = (struct my_XRegion *)(reg->visible_region);
- for (rect = 0;
- rect < vis_reg->numRects;
- rect++)
+ struct my_XRegion *vis_reg = (struct my_XRegion *)(reg->visible_region);
+ for (int32_t rect = 0; rect < vis_reg->numRects; rect++)
{
- /** ------------------------------------------------------------------------
- Intersect bbox with visible part of region giving src rect & output
- location. Width is the min right side minus the max left side.
- Similar for height. Offset src rect so x,y are relative to
- origin of win, not the root-relative visible rect of win.
- ------------------------------------------------------------------------ **/
- srcRect_width = MIN( vis_reg->rects[rect].x2, bbox.width + bbox.x)
- - MAX( vis_reg->rects[rect].x1, bbox.x);
+ /** ------------------------------------------------------------------------
+ Intersect bbox with visible part of region giving src rect & output
+ location. Width is the min right side minus the max left side.
+ Similar for height. Offset src rect so x,y are relative to
+ origin of win, not the root-relative visible rect of win.
+ ------------------------------------------------------------------------ **/
+ int32_t srcRect_width = MIN( vis_reg->rects[rect].x2, bbox.width + bbox.x)
+ - MAX( vis_reg->rects[rect].x1, bbox.x);
+
+ int32_t srcRect_height = MIN( vis_reg->rects[rect].y2, bbox.height + bbox.y)
+ - MAX( vis_reg->rects[rect].y1, bbox.y);
- srcRect_height = MIN( vis_reg->rects[rect].y2, bbox.height + bbox.y)
- - MAX( vis_reg->rects[rect].y1, bbox.y);
+ int32_t diff = bbox.x - vis_reg->rects[rect].x1;
+ int32_t srcRect_x = MAX( 0, diff) + (vis_reg->rects[rect].x1 - reg->x_rootrel - reg->border);
+ int32_t dst_x = MAX( 0, -diff) ;
- diff = bbox.x - vis_reg->rects[rect].x1;
- srcRect_x = MAX( 0, diff) + (vis_reg->rects[rect].x1 - reg->x_rootrel - reg->border);
- dst_x = MAX( 0, -diff) ;
- diff = bbox.y - vis_reg->rects[rect].y1;
- srcRect_y = MAX( 0, diff) + (vis_reg->rects[rect].y1 - reg->y_rootrel - reg->border);
- dst_y = MAX( 0, -diff) ;
- reg_image = XGetImage(disp,reg->win,srcRect_x,srcRect_y,
- (uint32_t) srcRect_width, (uint32_t) srcRect_height,AllPlanes,format) ;
- TransferImage(disp,reg_image,srcRect_width,
- srcRect_height,reg,ximage,dst_x,dst_y) ;
- XDestroyImage(reg_image);
- }
+ diff = bbox.y - vis_reg->rects[rect].y1;
+ int32_t srcRect_y = MAX( 0, diff) + (vis_reg->rects[rect].y1 - reg->y_rootrel - reg->border);
+ int32_t dst_y = MAX( 0, -diff) ;
+ XImage* reg_image = XGetImage(disp,reg->win,srcRect_x,srcRect_y,
+ (uint32_t) srcRect_width, (uint32_t) srcRect_height,AllPlanes,format) ;
+
+ if (reg_image) {
+ TransferImage(disp,reg_image,srcRect_width,
+ srcRect_height,reg,ximage,dst_x,dst_y) ;
+ XDestroyImage(reg_image);
+ }
+ }
}
return ximage ;
}

35
SOURCES/jdk8197546-pr3542-rh1402819-fix_for_8171000_breaks_solaris_linux_builds.patch
View File

@ -1,35 +0,0 @@
# HG changeset patch
# User prr
# Date 1518454604 28800
# Mon Feb 12 08:56:44 2018 -0800
# Node ID 556adf3a76aa81bf3918d7d46554dae7cc1d5c5c
# Parent b77308735540644d4710244e3c88865067f2905a
8197546: Fix for 8171000 breaks Solaris + Linux builds
Reviewed-by: serb, jdv
diff --git openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c openjdk/jdk/src/solaris/native/sun/awt/multiVis.c
--- openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c
+++ openjdk/jdk/src/solaris/native/sun/awt/multiVis.c
@@ -395,6 +395,8 @@
list_ptr regions;/* list of regions to read from */
{
XImage *ximage ;
+ image_region_type* reg;
+ int32_t rect;
ximage = XCreateImage(disp,fakeVis,(uint32_t) depth,format,0,NULL,
(uint32_t)width,(uint32_t)height,8,0);
@@ -402,11 +404,11 @@
ximage->data = calloc(ximage->bytes_per_line*height*((format==ZPixmap)? 1 : depth), sizeof(char));
ximage->bits_per_pixel = depth; /** Valid only if format is ZPixmap ***/
- for (image_region_type* reg = (image_region_type *) first_in_list( regions); reg;
+ for (reg = (image_region_type *) first_in_list( regions); reg;
reg = (image_region_type *) next_in_list( regions))
{
struct my_XRegion *vis_reg = (struct my_XRegion *)(reg->visible_region);
- for (int32_t rect = 0; rect < vis_reg->numRects; rect++)
+ for (rect = 0; rect < vis_reg->numRects; rect++)
{
/** ------------------------------------------------------------------------
Intersect bbox with visible part of region giving src rect & output

57
SOURCES/jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch
View File

@ -1,57 +0,0 @@
diff --git openjdk.orig/jdk/make/lib/CoreLibraries.gmk openjdk/jdk/make/lib/CoreLibraries.gmk
--- openjdk.orig/jdk/make/lib/CoreLibraries.gmk
+++ openjdk/jdk/make/lib/CoreLibraries.gmk
@@ -37,21 +37,32 @@ ifeq ($(OPENJDK_TARGET_OS), solaris)
endif
ifeq ($(OPENJDK_TARGET_OS), linux)
- ifeq ($(OPENJDK_TARGET_CPU), ppc64)
- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH
- else ifeq ($(OPENJDK_TARGET_CPU), ppc64le)
- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH
- else ifeq ($(OPENJDK_TARGET_CPU), aarch64)
- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH
- endif
-endif
-
-ifneq ($(OPENJDK_TARGET_OS), macosx)
+ BUILD_LIBFDLIBM_OPTIMIZATION := HIGH
+ LIBFDLIBM_CFLAGS_LINUX := -ffp-contract=off
# Unfortunately, '-ffp-contract' is only available since gcc 4.6. For ppc64le
# that's no problem since ppc64le support only appeared in gcc 4.8.3. But on
# ppc64 (big endian) we traditionally compiled with gcc 4.3 which only knows
# '-mno-fused-madd'. However, that's still not enough to get the float
# computations right - we additionally have to supply '-fno-strict-aliasing'.
+ #
+ #
+ ifeq ($(TOOLCHAIN_TYPE), gcc)
+ CC_VER_MAJOR := $(shell $(CC) -dumpversion | cut -d'.' -f1)
+ CC_VER_MINOR := $(shell $(CC) -dumpversion | cut -d'.' -f2)
+ endif
+ # Only GCC 4.6 and better have machine independent -ffp-contract=off.
+ # For other versions we need to explicitly set arch specific machine
+ # flags or keep optimization off.
+ ifeq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 6 \) \))" "0"
+ ifeq ($(OPENJDK_TARGET_CPU), ppc64)
+ LIBFDLIBM_CFLAGS_LINUX := -mno-fused-madd -fno-strict-aliasing
+ else
+ BUILD_LIBFDLIBM_OPTIMIZATION := NONE
+ endif
+ endif
+endif
+
+ifneq ($(OPENJDK_TARGET_OS), macosx)
$(eval $(call SetupNativeCompilation,BUILD_LIBFDLIBM, \
STATIC_LIBRARY := fdlibm, \
OUTPUT_DIR := $(JDK_OUTPUTDIR)/objs, \
@@ -62,9 +73,7 @@ ifneq ($(OPENJDK_TARGET_OS), macosx)
-I$(JDK_TOPDIR)/src/share/native/java/lang/fdlibm/include, \
CFLAGS_windows_debug := -DLOGGING, \
CFLAGS_aix := -qfloat=nomaf, \
- CFLAGS_linux_ppc64 := -mno-fused-madd -fno-strict-aliasing, \
- CFLAGS_linux_ppc64le := -ffp-contract=off, \
- CFLAGS_linux_aarch64 := -ffp-contract=off, \
+ CFLAGS_linux := $(LIBFDLIBM_CFLAGS_LINUX), \
ARFLAGS := $(ARFLAGS), \
OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libfdlibm, \
DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))

83
SOURCES/jdk8210425-rh1632174-01-compile_with_o2_and_ffp_contract_off_as_for_fdlibm.patch
View File

@ -1,83 +0,0 @@
diff --git openjdk.orig/hotspot/make/linux/makefiles/amd64.make openjdk/hotspot/make/linux/makefiles/amd64.make
--- openjdk.orig/hotspot/make/linux/makefiles/amd64.make
+++ openjdk/hotspot/make/linux/makefiles/amd64.make
@@ -22,10 +22,13 @@
#
#
-# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
-# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+ifeq ($(OPT_CFLAGS_NO_FMA),)
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+else
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+endif
# Must also specify if CPU is little endian
CFLAGS += -DVM_LITTLE_ENDIAN
diff --git openjdk.orig/hotspot/make/linux/makefiles/gcc.make openjdk/hotspot/make/linux/makefiles/gcc.make
--- openjdk.orig/hotspot/make/linux/makefiles/gcc.make
+++ openjdk/hotspot/make/linux/makefiles/gcc.make
@@ -225,6 +225,16 @@
OPT_CFLAGS/SIZE=-Os
OPT_CFLAGS/SPEED=-O3
+ifeq ($(USE_CLANG),)
+ # Only GCC 4.6 and better have machine independent -ffp-contract=off.
+ # For other versions we need to explicitly set arch specific machine
+ # flags or keep optimization off for them.
+ ifeq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 6 \) \))" "1"
+ OPT_CFLAGS_NO_FMA = -ffp-contract=off
+ endif
+endif
+
+
# Hotspot uses very unstrict aliasing turn this optimization off
# This option is added to CFLAGS rather than OPT_CFLAGS
# so that OPT_CFLAGS overrides get this option too.
diff --git openjdk.orig/hotspot/make/linux/makefiles/i486.make openjdk/hotspot/make/linux/makefiles/i486.make
--- openjdk.orig/hotspot/make/linux/makefiles/i486.make
+++ openjdk/hotspot/make/linux/makefiles/i486.make
@@ -24,10 +24,13 @@
# TLS helper, assembled from .s file
-# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
-# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+ifeq ($(OPT_CFLAGS_NO_FMA),)
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+else
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+endif
# Must also specify if CPU is little endian
CFLAGS += -DVM_LITTLE_ENDIAN
diff --git openjdk.orig/hotspot/make/linux/makefiles/ppc64.make openjdk/hotspot/make/linux/makefiles/ppc64.make
--- openjdk.orig/hotspot/make/linux/makefiles/ppc64.make
+++ openjdk/hotspot/make/linux/makefiles/ppc64.make
@@ -49,3 +49,17 @@
# Use Power8, this is the first CPU to support PPC64 LE with ELFv2 ABI.
CFLAGS += -mcpu=power7 -mtune=power8 -minsert-sched-nops=regroup_exact -mno-multiple -mno-string
endif
+
+ifeq ($(OPT_CFLAGS_NO_FMA),)
+ ifeq ($(OPENJDK_TARGET_CPU_ENDIAN),big)
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) -mno-fused-madd -fno-strict-aliasing
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) -mno-fused-madd -fno-strict-aliasing
+ else
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+ endif
+else
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+endif
+

22
SOURCES/jdk8210425-rh1632174-02-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_aarch64.patch
View File

@ -1,22 +0,0 @@
diff --git openjdk.orig/hotspot/make/linux/makefiles/aarch64.make openjdk/hotspot/make/linux/makefiles/aarch64.make
index 3d17326..7cdb498 100644
--- openjdk.orig/hotspot/make/linux/makefiles/aarch64.make
+++ openjdk/hotspot/make/linux/makefiles/aarch64.make
@@ -22,10 +22,13 @@
#
#
-# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
-# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+ifeq ($(OPT_CFLAGS_NO_FMA),)
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+else
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+endif
# Must also specify if CPU is little endian
CFLAGS += -DVM_LITTLE_ENDIAN

20
SOURCES/jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch
View File

@ -1,20 +0,0 @@
--- openjdk/hotspot/make/linux/makefiles/zeroshark.make
+++ openjdk/hotspot/make/linux/makefiles/zeroshark.make
@@ -30,10 +30,13 @@ ifeq ($(USE_CLANG), true)
WARNING_FLAGS += -Wno-undef
endif
-# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
-# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized
-OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+ifeq ($(OPT_CFLAGS_NO_FMA),)
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT)
+else
+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA)
+endif
# Specify that the CPU is little endian, if necessary
ifeq ($(ZERO_ENDIANNESS), little)

29
SOURCES/jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch
View File

@ -1,29 +0,0 @@
# HG changeset patch
# User sgehwolf
# Date 1537541916 -7200
# Fri Sep 21 16:58:36 2018 +0200
# Node ID 4010c90156d1bfeaf988dbfeb01520f2e3a66ea8
# Parent 54afe70c50b6a6685763d00883e5173c0ba3a19d
8210761: libjsig is being compiled without optimization
Reviewed-by: erikj, ihse
diff --git openjdk.orig/hotspot/make/linux/makefiles/jsig.make openjdk/hotspot/make/linux/makefiles/jsig.make
--- openjdk.orig/hotspot/make/linux/makefiles/jsig.make
+++ openjdk/hotspot/make/linux/makefiles/jsig.make
@@ -51,10 +51,15 @@
JSIG_DEBUG_CFLAGS = -g
endif
+# Optimize jsig lib at level -O3 unless it's a slowdebug build
+ifneq ($(DEBUG_LEVEL), slowdebug)
+ JSIG_OPT_FLAGS = $(OPT_CFLAGS)
+endif
+
$(LIBJSIG): $(JSIGSRCDIR)/jsig.c $(LIBJSIG_MAPFILE)
@echo Making signal interposition lib...
$(QUIETLY) $(CC) $(SYMFLAG) $(ARCHFLAG) $(SHARED_FLAG) $(PICFLAG) \
- $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl
+ $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(JSIG_OPT_FLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl
ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1)
ifneq ($(STRIP_POLICY),no_strip)
$(QUIETLY) $(OBJCOPY) --only-keep-debug $@ $(LIBJSIG_DEBUGINFO)

6
SOURCES/nss.fips.cfg.in Normal file
View File

@ -0,0 +1,6 @@
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = @NSS_SECMOD@
nssDbMode = readOnly
nssModule = fips

28
SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch
View File

@ -1,28 +0,0 @@
diff --git a/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
--- openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java
@@ -168,20 +168,10 @@
"contains no supported elliptic curves");
}
} else { // default curves
- int[] ids;
- if (requireFips) {
- ids = new int[] {
- // only NIST curves in FIPS mode
- 23, 24, 25, 9, 10, 11, 12, 13, 14,
- };
- } else {
- ids = new int[] {
- // NIST curves first
- 23, 24, 25, 9, 10, 11, 12, 13, 14,
- // non-NIST curves
- 22,
- };
- }
+ int[] ids = new int[] {
+ // NSS currently only supports these three NIST curves
+ 23, 24, 25
+ };
idList = new ArrayList<>(ids.length);
for (int curveId : ids) {

699
SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch
View File

@ -1,699 +0,0 @@
# HG changeset patch
# User andrew
# Date 1453863246 0
# Wed Jan 27 02:54:06 2016 +0000
# Node ID 48c15869ecd568263249af4b9a4e98d4e57f9a8f
# Parent afd392dfaed501ac674a7cc3e37353ce300969c7
PR1983: Support using the system installation of NSS with the SunEC provider
Summary: Apply code changes from PR1699 & PR1742 & forward-port Makefile changes to the new build.
Updated 2017/07/04 to accomodate 8175110
diff -r 984a4af2ed4e make/lib/SecurityLibraries.gmk
--- openjdk/jdk/make/lib/SecurityLibraries.gmk
+++ openjdk/jdk/make/lib/SecurityLibraries.gmk
@@ -218,8 +218,17 @@
ifeq ($(ENABLE_INTREE_EC), yes)
- BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec \
+ BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec
+
+ ifeq ($(USE_EXTERNAL_NSS), true)
+ BUILD_LIBSUNEC_IMPL_DIR :=
+ BUILD_LIBSUNEC_FLAGS += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+ else
+ BUILD_LIBSUNEC_IMPL_DIR := \
+ $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl
+ BUILD_LIBSUNEC_FLAGS += \
-I$(JDK_TOPDIR)/src/share/native/sun/security/ec/impl
+ endif
#
# On sol-sparc...all libraries are compiled with -xregs=no%appl
@@ -235,8 +244,8 @@
$(eval $(call SetupNativeCompilation,BUILD_LIBSUNEC, \
LIBRARY := sunec, \
OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
- SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec \
- $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl, \
+ SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec/ECC_JNI.cpp \
+ $(BUILD_LIBSUNEC_IMPL_DIR), \
LANG := C++, \
OPTIMIZATION := LOW, \
CFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CFLAGS_JDKLIB)) \
@@ -245,11 +254,12 @@
CXXFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CXXFLAGS_JDKLIB)) \
$(BUILD_LIBSUNEC_FLAGS), \
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsunec/mapfile-vers, \
- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
+ LDFLAGS := $(subst -Xlinker --as-needed,, \
+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \
LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
LDFLAGS_SUFFIX := $(LIBCXX), \
- LDFLAGS_SUFFIX_linux := -lc, \
- LDFLAGS_SUFFIX_solaris := -lc, \
+ LDFLAGS_SUFFIX_linux := -lc $(NSS_LIBS), \
+ LDFLAGS_SUFFIX_solaris := -lc $(NSS_LIBS), \
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
-D "JDK_FNAME=sunec.dll" \
diff -r 984a4af2ed4e src/share/native/sun/security/ec/ECC_JNI.cpp
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
@@ -24,7 +24,7 @@
*/
#include <jni.h>
-#include "impl/ecc_impl.h"
+#include "ecc_impl.h"
#define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException"
#define INVALID_ALGORITHM_PARAMETER_EXCEPTION \
@@ -89,7 +89,7 @@
*/
JNIEXPORT jobjectArray
JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
{
ECPrivateKey *privKey = NULL; // contains both public and private values
ECParams *ecparams = NULL;
@@ -190,7 +190,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
{
jbyte* pDigestBuffer = NULL;
jint jDigestLength = env->GetArrayLength(digest);
@@ -299,7 +299,7 @@
*/
JNIEXPORT jboolean
JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
{
jboolean isValid = false;
@@ -384,7 +384,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
{
jbyteArray jSecret = NULL;
ECParams *ecparams = NULL;
diff -r 984a4af2ed4e src/share/native/sun/security/ec/ecc_impl.h
--- /dev/null
+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
@@ -0,0 +1,298 @@
+/*
+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* *********************************************************************
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * Dr Vipul Gupta <vipul.gupta@sun.com> and
+ * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Last Modified Date from the Original Code: May 2017
+ *********************************************************************** */
+
+#ifndef _ECC_IMPL_H
+#define _ECC_IMPL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <sys/types.h>
+
+#ifdef SYSTEM_NSS
+#include <secitem.h>
+#include <secerr.h>
+#include <keythi.h>
+#ifdef LEGACY_NSS
+#include <softoken.h>
+#else
+#include <blapi.h>
+#endif
+#else
+#include "ecl-exp.h"
+#endif
+
+/*
+ * Multi-platform definitions
+ */
+#ifdef __linux__
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum { B_FALSE, B_TRUE } boolean_t;
+#endif /* __linux__ */
+
+#ifdef _ALLBSD_SOURCE
+#include <stdint.h>
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#endif /* _ALLBSD_SOURCE */
+
+#ifdef AIX
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+#endif /* AIX */
+
+#ifdef _WIN32
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#define strdup _strdup /* Replace POSIX name with ISO C++ name */
+#endif /* _WIN32 */
+
+#ifndef _KERNEL
+#include <stdlib.h>
+#endif /* _KERNEL */
+
+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
+#define EC_MIN_KEY_LEN 112 /* min key length in bits */
+#define EC_MAX_KEY_LEN 571 /* max key length in bits */
+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
+
+/*
+ * Various structures and definitions from NSS are here.
+ */
+
+#ifndef SYSTEM_NSS
+#ifdef _KERNEL
+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
+#define PORT_Alloc(n, f) kmem_alloc((n), (f))
+#else
+#define PORT_ArenaAlloc(a, n, f) malloc((n))
+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) calloc(1, (n))
+#define PORT_Alloc(n, f) malloc((n))
+#endif
+
+#define PORT_NewArena(b) (char *)12345
+#define PORT_ArenaMark(a) NULL
+#define PORT_ArenaUnmark(a, b)
+#define PORT_ArenaRelease(a, m)
+#define PORT_FreeArena(a, b)
+#define PORT_Strlen(s) strlen((s))
+#define PORT_SetError(e)
+
+#define PRBool boolean_t
+#define PR_TRUE B_TRUE
+#define PR_FALSE B_FALSE
+
+#ifdef _KERNEL
+#define PORT_Assert ASSERT
+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
+#else
+#define PORT_Assert assert
+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
+#endif
+
+#endif
+
+#define CHECK_OK(func) if (func == NULL) goto cleanup
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+#ifndef SYSTEM_NSS
+typedef enum {
+ siBuffer = 0,
+ siClearDataBuffer = 1,
+ siCipherDataBuffer = 2,
+ siDERCertBuffer = 3,
+ siEncodedCertBuffer = 4,
+ siDERNameBuffer = 5,
+ siEncodedNameBuffer = 6,
+ siAsciiNameString = 7,
+ siAsciiString = 8,
+ siDEROID = 9,
+ siUnsignedInteger = 10,
+ siUTCTime = 11,
+ siGeneralizedTime = 12
+} SECItemType;
+
+typedef struct SECItemStr SECItem;
+
+struct SECItemStr {
+ SECItemType type;
+ unsigned char *data;
+ unsigned int len;
+};
+
+typedef SECItem SECKEYECParams;
+
+typedef enum { ec_params_explicit,
+ ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+ ec_field_GF2m
+} ECFieldType;
+
+struct ECFieldIDStr {
+ int size; /* field size in bits */
+ ECFieldType type;
+ union {
+ SECItem prime; /* prime p for (GFp) */
+ SECItem poly; /* irreducible binary polynomial for (GF2m) */
+ } u;
+ int k1; /* first coefficient of pentanomial or
+ * the only coefficient of trinomial
+ */
+ int k2; /* two remaining coefficients of pentanomial */
+ int k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+ SECItem a; /* contains octet stream encoding of
+ * field element (X9.62 section 4.3.3)
+ */
+ SECItem b;
+ SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+typedef void PRArenaPool;
+
+struct ECParamsStr {
+ PRArenaPool * arena;
+ ECParamsType type;
+ ECFieldID fieldID;
+ ECCurve curve;
+ SECItem base;
+ SECItem order;
+ int cofactor;
+ SECItem DEREncoding;
+ ECCurveName name;
+ SECItem curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* elliptic curve point encoded as
+ * octet stream.
+ */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* encoded ec point */
+ SECItem privateValue; /* private big integer */
+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef enum _SECStatus {
+ SECBufferTooSmall = -3,
+ SECWouldBlock = -2,
+ SECFailure = -1,
+ SECSuccess = 0
+} SECStatus;
+#endif
+
+#ifdef _KERNEL
+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
+#else
+/*
+ This function is no longer required because the random bytes are now
+ supplied by the caller. Force a failure.
+*/
+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
+#endif
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
+#define MP_TO_SEC_ERROR(err)
+
+#define SECITEM_TO_MPINT(it, mp) \
+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
+
+extern int ecc_knzero_random_generator(uint8_t *, size_t);
+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
+
+#ifdef SYSTEM_NSS
+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
+#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d)
+#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigestWithSeed(a,b,c,d,e)
+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
+#else
+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
+
+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
+ int);
+extern void SECITEM_FreeItem(SECItem *, boolean_t);
+
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
+ const unsigned char* random, int randomlen, int);
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
+ const unsigned char* random, int randomlen, int, int timing);
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
+ const SECItem *, int);
+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
+ SECItem *, int);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _ECC_IMPL_H */
diff -r 984a4af2ed4e src/share/native/sun/security/ec/impl/ecc_impl.h
--- openjdk/jdk/src/share/native/sun/security/ec/impl/ecc_impl.h
+++ /dev/null
@@ -1,271 +0,0 @@
-/*
- * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
- * Use is subject to license terms.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/* *********************************************************************
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com> and
- * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
- *
- * Last Modified Date from the Original Code: May 2017
- *********************************************************************** */
-
-#ifndef _ECC_IMPL_H
-#define _ECC_IMPL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <sys/types.h>
-#include "ecl-exp.h"
-
-/*
- * Multi-platform definitions
- */
-#ifdef __linux__
-#define B_FALSE FALSE
-#define B_TRUE TRUE
-typedef unsigned char uint8_t;
-typedef unsigned long ulong_t;
-typedef enum { B_FALSE, B_TRUE } boolean_t;
-#endif /* __linux__ */
-
-#ifdef _ALLBSD_SOURCE
-#include <stdint.h>
-#define B_FALSE FALSE
-#define B_TRUE TRUE
-typedef unsigned long ulong_t;
-typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
-#endif /* _ALLBSD_SOURCE */
-
-#ifdef AIX
-#define B_FALSE FALSE
-#define B_TRUE TRUE
-typedef unsigned char uint8_t;
-typedef unsigned long ulong_t;
-#endif /* AIX */
-
-#ifdef _WIN32
-typedef unsigned char uint8_t;
-typedef unsigned long ulong_t;
-typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
-#define strdup _strdup /* Replace POSIX name with ISO C++ name */
-#endif /* _WIN32 */
-
-#ifndef _KERNEL
-#include <stdlib.h>
-#endif /* _KERNEL */
-
-#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
-#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
-#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
-#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
-#define EC_MIN_KEY_LEN 112 /* min key length in bits */
-#define EC_MAX_KEY_LEN 571 /* max key length in bits */
-#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
-
-/*
- * Various structures and definitions from NSS are here.
- */
-
-#ifdef _KERNEL
-#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
-#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
-#define PORT_ArenaGrow(a, b, c, d) NULL
-#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
-#define PORT_Alloc(n, f) kmem_alloc((n), (f))
-#else
-#define PORT_ArenaAlloc(a, n, f) malloc((n))
-#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
-#define PORT_ArenaGrow(a, b, c, d) NULL
-#define PORT_ZAlloc(n, f) calloc(1, (n))
-#define PORT_Alloc(n, f) malloc((n))
-#endif
-
-#define PORT_NewArena(b) (char *)12345
-#define PORT_ArenaMark(a) NULL
-#define PORT_ArenaUnmark(a, b)
-#define PORT_ArenaRelease(a, m)
-#define PORT_FreeArena(a, b)
-#define PORT_Strlen(s) strlen((s))
-#define PORT_SetError(e)
-
-#define PRBool boolean_t
-#define PR_TRUE B_TRUE
-#define PR_FALSE B_FALSE
-
-#ifdef _KERNEL
-#define PORT_Assert ASSERT
-#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
-#else
-#define PORT_Assert assert
-#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
-#endif
-
-#define CHECK_OK(func) if (func == NULL) goto cleanup
-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
-
-typedef enum {
- siBuffer = 0,
- siClearDataBuffer = 1,
- siCipherDataBuffer = 2,
- siDERCertBuffer = 3,
- siEncodedCertBuffer = 4,
- siDERNameBuffer = 5,
- siEncodedNameBuffer = 6,
- siAsciiNameString = 7,
- siAsciiString = 8,
- siDEROID = 9,
- siUnsignedInteger = 10,
- siUTCTime = 11,
- siGeneralizedTime = 12
-} SECItemType;
-
-typedef struct SECItemStr SECItem;
-
-struct SECItemStr {
- SECItemType type;
- unsigned char *data;
- unsigned int len;
-};
-
-typedef SECItem SECKEYECParams;
-
-typedef enum { ec_params_explicit,
- ec_params_named
-} ECParamsType;
-
-typedef enum { ec_field_GFp = 1,
- ec_field_GF2m
-} ECFieldType;
-
-struct ECFieldIDStr {
- int size; /* field size in bits */
- ECFieldType type;
- union {
- SECItem prime; /* prime p for (GFp) */
- SECItem poly; /* irreducible binary polynomial for (GF2m) */
- } u;
- int k1; /* first coefficient of pentanomial or
- * the only coefficient of trinomial
- */
- int k2; /* two remaining coefficients of pentanomial */
- int k3;
-};
-typedef struct ECFieldIDStr ECFieldID;
-
-struct ECCurveStr {
- SECItem a; /* contains octet stream encoding of
- * field element (X9.62 section 4.3.3)
- */
- SECItem b;
- SECItem seed;
-};
-typedef struct ECCurveStr ECCurve;
-
-typedef void PRArenaPool;
-
-struct ECParamsStr {
- PRArenaPool * arena;
- ECParamsType type;
- ECFieldID fieldID;
- ECCurve curve;
- SECItem base;
- SECItem order;
- int cofactor;
- SECItem DEREncoding;
- ECCurveName name;
- SECItem curveOID;
-};
-typedef struct ECParamsStr ECParams;
-
-struct ECPublicKeyStr {
- ECParams ecParams;
- SECItem publicValue; /* elliptic curve point encoded as
- * octet stream.
- */
-};
-typedef struct ECPublicKeyStr ECPublicKey;
-
-struct ECPrivateKeyStr {
- ECParams ecParams;
- SECItem publicValue; /* encoded ec point */
- SECItem privateValue; /* private big integer */
- SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
-};
-typedef struct ECPrivateKeyStr ECPrivateKey;
-
-typedef enum _SECStatus {
- SECBufferTooSmall = -3,
- SECWouldBlock = -2,
- SECFailure = -1,
- SECSuccess = 0
-} SECStatus;
-
-#ifdef _KERNEL
-#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
-#else
-/*
- This function is no longer required because the random bytes are now
- supplied by the caller. Force a failure.
-*/
-#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
-#endif
-#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
-#define MP_TO_SEC_ERROR(err)
-
-#define SECITEM_TO_MPINT(it, mp) \
- CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
-
-extern int ecc_knzero_random_generator(uint8_t *, size_t);
-extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
-
-extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
-extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
-extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
- int);
-extern void SECITEM_FreeItem(SECItem *, boolean_t);
-/* This function has been modified to accept an array of random bytes */
-extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
- const unsigned char* random, int randomlen, int);
-/* This function has been modified to accept an array of random bytes */
-extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
- const unsigned char* random, int randomlen, int, int timing);
-extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
- const SECItem *, int);
-extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
- SECItem *, int);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _ECC_IMPL_H */
diff -r 984a4af2ed4e src/solaris/javavm/export/jni_md.h
--- openjdk/jdk/src/solaris/javavm/export/jni_md.h
+++ openjdk/jdk/src/solaris/javavm/export/jni_md.h
@@ -36,6 +36,11 @@
#define JNIEXPORT
#define JNIIMPORT
#endif
+#if (defined(__GNUC__)) || __has_attribute(unused)
+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
+#else
+ #define UNUSED(x) UNUSED_ ## x
+#endif
#define JNICALL

89
SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_root8.patch
View File

@ -1,89 +0,0 @@
# HG changeset patch
# User andrew
# Date 1453863007 0
# Wed Jan 27 02:50:07 2016 +0000
# Node ID f0635543beb309c4da1bb88c906a76ee4b75e16d
# Parent 4a5a0d4e1ae0feec2f47d17be380d6fcd5eff126
PR1983: Support using the system installation of NSS with the SunEC provider
Summary: Add new configure option --enable-system-nss
diff -r 92af9369869f common/autoconf/jdk-options.m4
--- openjdk/common/autoconf/jdk-options.m4 Thu Jan 21 22:17:02 2016 +0000
+++ openjdk/common/autoconf/jdk-options.m4 Wed Jan 27 05:32:12 2016 +0000
@@ -414,9 +414,10 @@
#
AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
[
- AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
+ AC_REQUIRE([LIB_SETUP_MISC_LIBS])
+ AC_MSG_CHECKING([if the elliptic curve crypto implementation is present])
- if test -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then
+ if test "x${system_nss}" = "xyes" -o -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then
ENABLE_INTREE_EC=yes
AC_MSG_RESULT([yes])
else
diff -r 92af9369869f common/autoconf/libraries.m4
--- openjdk/common/autoconf/libraries.m4 Thu Jan 21 22:17:02 2016 +0000
+++ openjdk/common/autoconf/libraries.m4 Wed Jan 27 05:32:12 2016 +0000
@@ -731,6 +731,47 @@
LIBDL="$LIBS"
AC_SUBST(LIBDL)
LIBS="$save_LIBS"
+
+ ###############################################################################
+ #
+ # Check for the NSS libraries
+ #
+
+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
+
+ # default is bundled
+ DEFAULT_SYSTEM_NSS=no
+
+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
+ [
+ case "${enableval}" in
+ yes)
+ system_nss=yes
+ ;;
+ *)
+ system_nss=no
+ ;;
+ esac
+ ],
+ [
+ system_nss=${DEFAULT_SYSTEM_NSS}
+ ])
+ AC_MSG_RESULT([$system_nss])
+
+ if test "x${system_nss}" = "xyes"; then
+ PKG_CHECK_MODULES(NSS, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes"; then
+ NSS_LIBS="$NSS_LIBS -lfreebl";
+ USE_EXTERNAL_NSS=true
+ else
+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
+ fi
+ else
+ USE_EXTERNAL_NSS=false
+ fi
+ AC_SUBST(USE_EXTERNAL_NSS)
+
])
AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP],
diff -r 92af9369869f common/autoconf/spec.gmk.in
--- openjdk/common/autoconf/spec.gmk.in Thu Jan 21 22:17:02 2016 +0000
+++ openjdk/common/autoconf/spec.gmk.in Wed Jan 27 05:32:12 2016 +0000
@@ -647,6 +647,9 @@
# Read-only single-machine data
INSTALL_SYSCONFDIR=@sysconfdir@
+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
+NSS_LIBS:=@NSS_LIBS@
+NSS_CFLAGS:=@NSS_CFLAGS@
####################################################
#

178
SOURCES/pr2127-sunec_provider_crashes_when_built_using_system_nss_thus_use_of_nss_memory_management_functions.patch
View File

@ -1,178 +0,0 @@
# HG changeset patch
# User andrew
# Date 1453866306 0
# Wed Jan 27 03:45:06 2016 +0000
# Node ID 0ff7720931e8dbf7de25720bdc93b18527ab89e8
# Parent 48c15869ecd568263249af4b9a4e98d4e57f9a8f
PR2127: SunEC provider crashes when built using system NSS
Summary: Use NSS memory management functions
diff -r 48c15869ecd5 -r 0ff7720931e8 src/share/native/sun/security/ec/ECC_JNI.cpp
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 02:54:06 2016 +0000
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000
@@ -32,6 +32,13 @@
#define INVALID_PARAMETER_EXCEPTION \
"java/security/InvalidParameterException"
#define KEY_EXCEPTION "java/security/KeyException"
+#define INTERNAL_ERROR "java/lang/InternalError"
+
+#ifdef SYSTEM_NSS
+#define SYSTEM_UNUSED(x) UNUSED(x)
+#else
+#define SYSTEM_UNUSED(x) x
+#endif
extern "C" {
@@ -49,8 +56,13 @@
/*
* Deep free of the ECParams struct
*/
-void FreeECParams(ECParams *ecparams, jboolean freeStruct)
+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
{
+#ifdef SYSTEM_NSS
+ // Needs to be freed using the matching method to the one
+ // that allocated it. PR_TRUE means the memory is zeroed.
+ PORT_FreeArena(ecparams->arena, PR_TRUE);
+#else
// Use B_FALSE to free the SECItem->data element, but not the SECItem itself
// Use B_TRUE to free both
@@ -64,6 +76,7 @@
SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
if (freeStruct)
free(ecparams);
+#endif
}
jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
@@ -108,6 +121,13 @@
goto cleanup;
}
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ goto cleanup;
+ }
+#endif
+
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -163,16 +183,26 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+#ifdef SYSTEM_NSS
+ if (SECOID_Shutdown() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
}
if (ecparams) {
FreeECParams(ecparams, true);
}
if (privKey) {
FreeECParams(&privKey->ecParams, false);
+#ifndef SYSTEM_NSS
+ // The entire ECPrivateKey is allocated in the arena
+ // when using system NSS, so only the in-tree version
+ // needs to clear these manually.
SECITEM_FreeItem(&privKey->version, B_FALSE);
SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
free(privKey);
+#endif
}
if (pSeedBuffer) {
@@ -223,6 +253,13 @@
goto cleanup;
}
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ goto cleanup;
+ }
+#endif
+
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -270,6 +307,11 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+#ifdef SYSTEM_NSS
+ if (SECOID_Shutdown() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
}
if (privKey.privateValue.data) {
env->ReleaseByteArrayElements(privateKey,
@@ -336,6 +378,13 @@
goto cleanup;
}
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ goto cleanup;
+ }
+#endif
+
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -356,9 +405,15 @@
cleanup:
{
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+#ifdef SYSTEM_NSS
+ if (SECOID_Shutdown() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+ }
if (pubKey.publicValue.data)
env->ReleaseByteArrayElements(publicKey,
@@ -419,6 +474,13 @@
goto cleanup;
}
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ goto cleanup;
+ }
+#endif
+
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -460,9 +522,15 @@
env->ReleaseByteArrayElements(publicKey,
(jbyte *) publicValue_item.data, JNI_ABORT);
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+#ifdef SYSTEM_NSS
+ if (SECOID_Shutdown() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+ }
if (ecparams)
FreeECParams(ecparams, true);

189
SOURCES/pr2815-race_condition_in_sunec_provider_with_system_nss_fix.patch
View File

@ -1,189 +0,0 @@
# HG changeset patch
# User andrew
# Date 1453867347 0
# Wed Jan 27 04:02:27 2016 +0000
# Node ID 26e2e029ee256e9815fdc324831a03d8582255e1
# Parent 0ff7720931e8dbf7de25720bdc93b18527ab89e8
PR2815: Race condition in SunEC provider with system NSS
Summary: Perform initialisation and shutdown only when library is loaded or SunEC is finalized respectively
diff -r 0ff7720931e8 -r 26e2e029ee25 make/mapfiles/libsunec/mapfile-vers
--- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 03:45:06 2016 +0000
+++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 04:02:27 2016 +0000
@@ -31,6 +31,8 @@
Java_sun_security_ec_ECDSASignature_signDigest;
Java_sun_security_ec_ECDSASignature_verifySignedDigest;
Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
+ Java_sun_security_ec_SunEC_initialize;
+ Java_sun_security_ec_SunEC_cleanup;
local:
*;
};
diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/classes/sun/security/ec/SunEC.java
--- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 03:45:06 2016 +0000
+++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 04:02:27 2016 +0000
@@ -58,6 +58,7 @@
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("sunec"); // check for native library
+ initialize();
return null;
}
});
@@ -81,4 +82,22 @@
}
}
+ /**
+ * Cleanup native resources during finalisation.
+ */
+ @Override
+ protected void finalize() {
+ cleanup();
+ }
+
+ /**
+ * Initialize the native code.
+ */
+ private static native void initialize();
+
+ /**
+ * Cleanup in the native layer.
+ */
+ private static native void cleanup();
+
}
diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/native/sun/security/ec/ECC_JNI.cpp
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 04:02:27 2016 +0000
@@ -121,13 +121,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -183,11 +176,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (ecparams) {
FreeECParams(ecparams, true);
@@ -253,13 +241,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -307,11 +288,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (privKey.privateValue.data) {
env->ReleaseByteArrayElements(privateKey,
@@ -378,13 +354,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -408,11 +377,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (pubKey.publicValue.data)
@@ -474,13 +438,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -525,11 +482,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (ecparams)
@@ -539,4 +491,26 @@
return jSecret;
}
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_initialize
+ (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+}
+
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_cleanup
+ (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+ if (SECOID_Shutdown() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+}
+
} /* extern "C" */

69
SOURCES/pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
View File

@ -5,42 +5,45 @@
# Node ID 3334efeacd8327a14b7d2f392f4546e3c29c594b
# Parent 6b81fd2227d14226f2121f2d51b464536925686e
PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
PR3575: System cacerts database handling should not affect jssecacerts
diff --git a/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java b/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
--- openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
@@ -174,15 +174,20 @@
storeFile = new File(storeFileName);
fis = getFileInputStream(storeFile);
} else {
- String javaHome = props.get("javaHome");
- storeFile = new File(javaHome + sep + "lib" + sep
- + "security" + sep +
- "jssecacerts");
+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
+ storeFile = new File(sep + "etc" + sep + "pki" + sep
+ + "java" + sep + "cacerts");
if ((fis = getFileInputStream(storeFile)) == null) {
+ String javaHome = props.get("javaHome");
storeFile = new File(javaHome + sep + "lib" + sep
- + "security" + sep +
- "cacerts");
- fis = getFileInputStream(storeFile);
+ + "security" + sep +
+ "jssecacerts");
+ if ((fis = getFileInputStream(storeFile)) == null) {
+ storeFile = new File(javaHome + sep + "lib" + sep
+ + "security" + sep +
+ "cacerts");
+ fis = getFileInputStream(storeFile);
+ }
}
}
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
@@ -72,7 +72,7 @@
* The preference of the default trusted KeyStore is:
* javax.net.ssl.trustStore
* jssecacerts
- * cacerts
+ * cacerts (system and local)
*/
private static final class TrustStoreDescriptor {
private static final String fileSep = File.separator;
@@ -83,6 +83,10 @@
defaultStorePath + fileSep + "cacerts";
private static final String jsseDefaultStore =
defaultStorePath + fileSep + "jssecacerts";
+ /* Check system cacerts DB: /etc/pki/java/cacerts */
+ private static final String systemStore =
+ fileSep + "etc" + fileSep + "pki" +
+ fileSep + "java" + fileSep + "cacerts";
diff --git a/src/share/classes/sun/security/tools/KeyStoreUtil.java b/src/share/classes/sun/security/tools/KeyStoreUtil.java
--- openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
// the trust store name
private final String storeName;
@@ -146,7 +150,8 @@
long temporaryTime = 0L;
if (!"NONE".equals(storePropName)) {
String[] fileNames =
- new String[] {storePropName, defaultStore};
+ new String[] {storePropName,
+ systemStore, defaultStore};
for (String fileName : fileNames) {
File f = new File(fileName);
if (f.isFile() && f.canRead()) {
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
@@ -87,9 +87,14 @@
@@ -108,9 +108,14 @@
throws Exception
{
String sep = File.separator;

24
SOURCES/pr2899-dont_use_withseed_versions_of_nss_functions_as_they_dont_fully_process_the_seed.patch
View File

@ -1,24 +0,0 @@
# HG changeset patch
# User andrew
# Date 1459313680 -3600
# Wed Mar 30 05:54:40 2016 +0100
# Node ID 9dc0eca5fa8926e6a952fa4f1931e78aa1f52443
# Parent 8957aff589013e671f02d38023d5ff245ef27e87
PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed
Contributed-by: Alex Kashchenko <akashche@redhat.com>
Updated 2017/07/04 to accomodate 8175110 by Andrew Hughes <gnu.andrew@redhat.com>
diff -r e5fdbb82bd49 src/share/native/sun/security/ec/ecc_impl.h
--- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
@@ -267,8 +267,8 @@
#ifdef SYSTEM_NSS
#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
-#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d)
-#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigestWithSeed(a,b,c,d,e)
+#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b)
+#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigest(a,b,c)
#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
#else

91
SOURCES/pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch
View File

@ -1,91 +0,0 @@
# HG changeset patch
# User andrew
# Date 1461349033 -3600
# Fri Apr 22 19:17:13 2016 +0100
# Node ID dab76de2f91cf1791c03560a3f45aaa69f8351fd
# Parent 3fa42705acab6d69b6141f47ebba4f85739a338c
PR2934: SunEC provider throwing KeyException with current NSS
Summary: Initialise the random number generator and feed the seed to it.
Updated 2017/07/04 to accomodate 8175110
diff -r 8aed1e903a4c src/share/native/sun/security/ec/ECC_JNI.cpp
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
@@ -134,8 +134,17 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
+#else
if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
jSeedLength, 0) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -267,8 +276,18 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+ != SECSuccess) {
+#else
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -499,6 +518,9 @@
if (SECOID_Init() != SECSuccess) {
ThrowException(env, INTERNAL_ERROR);
}
+ if (RNG_RNGInit() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
#endif
}
@@ -507,6 +529,7 @@
(JNIEnv *env, jclass UNUSED(clazz))
{
#ifdef SYSTEM_NSS
+ RNG_RNGShutdown();
if (SECOID_Shutdown() != SECSuccess) {
ThrowException(env, INTERNAL_ERROR);
}
diff -r 8aed1e903a4c src/share/native/sun/security/ec/ecc_impl.h
--- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
@@ -254,8 +254,10 @@
This function is no longer required because the random bytes are now
supplied by the caller. Force a failure.
*/
+#ifndef SYSTEM_NSS
#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
#endif
+#endif
#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
#define MP_TO_SEC_ERROR(err)
@@ -267,8 +269,6 @@
#ifdef SYSTEM_NSS
#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
-#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b)
-#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigest(a,b,c)
#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
#else

28
SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
View File

@ -7,9 +7,21 @@
PR3083, RH1346460: Regression in SSL debug output without an ECC provider
Summary: Return null rather than throwing an exception when there's no ECC provider.
diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/Debug.java
--- openjdk/jdk/src/share/classes/sun/security/util/Debug.java Mon Jul 04 17:08:12 2016 +0100
+++ openjdk/jdk/src/share/classes/sun/security/util/Debug.java Mon Jul 04 18:21:29 2016 +0100
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
+++ openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
@@ -121,7 +121,7 @@
private static void ensureCurveIsSupported(ECParameterSpec ecSpec)
throws InvalidAlgorithmParameterException {
- AlgorithmParameters ecParams = ECUtil.getECParameters(null);
+ AlgorithmParameters ecParams = ECUtil.getECParameters(null, true);
byte[] encodedParams;
try {
ecParams.init(ecSpec);
diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java openjdk/jdk/src/share/classes/sun/security/util/Debug.java
--- openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java
+++ openjdk/jdk/src/share/classes/sun/security/util/Debug.java
@@ -73,6 +73,7 @@
System.err.println("certpath PKIX CertPathBuilder and");
System.err.println(" CertPathValidator debugging");
@ -18,9 +30,9 @@ diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/Debug.j
System.err.println("gssloginconfig");
System.err.println(" GSS LoginConfigImpl debugging");
System.err.println("configfile JAAS ConfigFile loading");
diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/ECUtil.java
--- openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java Mon Jul 04 17:08:12 2016 +0100
+++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java Mon Jul 04 18:21:29 2016 +0100
diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
--- openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java
+++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
@@ -41,6 +41,9 @@
public class ECUtil {
@ -34,11 +46,11 @@ diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/ECUtil.
@@ -90,6 +93,10 @@
}
private static AlgorithmParameters getECParameters(Provider p) {
public static AlgorithmParameters getECParameters(Provider p) {
+ return getECParameters(p, false);
+ }
+
+ private static AlgorithmParameters getECParameters(Provider p, boolean throwException) {
+ public static AlgorithmParameters getECParameters(Provider p, boolean throwException) {
try {
if (p != null) {
return AlgorithmParameters.getInstance("EC", p);

67
SOURCES/pr3479-rh1486025-sunec_provider_can_have_multiple_instances_leading_to_premature_nss_shutdown.patch
View File

@ -1,67 +0,0 @@
# HG changeset patch
# User andrew
# Date 1508194072 -3600
# Mon Oct 16 23:47:52 2017 +0100
# Node ID 5dcb55da00c1531264934559c9f10c2e0ae46420
# Parent bf62c56e3604fee0018b19f65fd56c76dc156630
PR3479, RH1486025: ECC and NSS JVM crash
Summary: SunEC provider can have multiple instances, leading to premature NSS shutdown
Contributed-by: Martin Balao <mbalao@redhat.com>
diff --git a/make/mapfiles/libsunec/mapfile-vers b/make/mapfiles/libsunec/mapfile-vers
--- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers
+++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers
@@ -32,7 +32,6 @@
Java_sun_security_ec_ECDSASignature_verifySignedDigest;
Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
Java_sun_security_ec_SunEC_initialize;
- Java_sun_security_ec_SunEC_cleanup;
local:
*;
};
diff --git a/src/share/classes/sun/security/ec/SunEC.java b/src/share/classes/sun/security/ec/SunEC.java
--- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
+++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
@@ -83,21 +83,8 @@
}
/**
- * Cleanup native resources during finalisation.
- */
- @Override
- protected void finalize() {
- cleanup();
- }
-
- /**
* Initialize the native code.
*/
private static native void initialize();
- /**
- * Cleanup in the native layer.
- */
- private static native void cleanup();
-
}
diff --git a/src/share/native/sun/security/ec/ECC_JNI.cpp b/src/share/native/sun/security/ec/ECC_JNI.cpp
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
@@ -525,14 +525,12 @@
}
JNIEXPORT void
-JNICALL Java_sun_security_ec_SunEC_cleanup
- (JNIEnv *env, jclass UNUSED(clazz))
+JNICALL JNI_OnUnload
+ (JavaVM *vm, void *reserved)
{
#ifdef SYSTEM_NSS
RNG_RNGShutdown();
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
+ SECOID_Shutdown();
#endif
}

42
SOURCES/pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch
View File

@ -1,42 +0,0 @@
# HG changeset patch
# User andrew
# Date 1525111445 -3600
# Mon Apr 30 19:04:05 2018 +0100
# Node ID 388fc8da23044317c160678ffa8ff541c216a255
# Parent 556adf3a76aa81bf3918d7d46554dae7cc1d5c5c
PR3575: System cacerts database handling should not affect jssecacerts
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
@@ -162,7 +162,7 @@
* Try:
* javax.net.ssl.trustStore (if this variable exists, stop)
* jssecacerts
- * cacerts
+ * cacerts (system and local)
*
* If none exists, we use an empty keystore.
*/
@@ -174,14 +174,14 @@
storeFile = new File(storeFileName);
fis = getFileInputStream(storeFile);
} else {
- /* Check system cacerts DB first; /etc/pki/java/cacerts */
- storeFile = new File(sep + "etc" + sep + "pki" + sep
- + "java" + sep + "cacerts");
+ String javaHome = props.get("javaHome");
+ storeFile = new File(javaHome + sep + "lib" + sep
+ + "security" + sep +
+ "jssecacerts");
if ((fis = getFileInputStream(storeFile)) == null) {
- String javaHome = props.get("javaHome");
- storeFile = new File(javaHome + sep + "lib" + sep
- + "security" + sep +
- "jssecacerts");
+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
+ storeFile = new File(sep + "etc" + sep + "pki" + sep
+ + "java" + sep + "cacerts");
if ((fis = getFileInputStream(storeFile)) == null) {
storeFile = new File(javaHome + sep + "lib" + sep
+ "security" + sep +

14
SOURCES/pr3634-fix_shenandoah_for_size_t_on_s390.patch
View File

@ -1,14 +0,0 @@
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp
@@ -524,8 +524,8 @@
region_size = max_heap_size / ShenandoahTargetNumRegions;
// Now make sure that we don't go over or under our limits.
- region_size = MAX2(ShenandoahMinRegionSize, region_size);
- region_size = MIN2(ShenandoahMaxRegionSize, region_size);
+ region_size = MAX2<size_t>(ShenandoahMinRegionSize, region_size);
+ region_size = MIN2<size_t>(ShenandoahMaxRegionSize, region_size);
} else {
if (ShenandoahHeapRegionSize > initial_heap_size / MIN_NUM_REGIONS) {

208
SOURCES/rh1655466-global_crypto_and_fips.patch Normal file
View File

@ -0,0 +1,208 @@
diff --git a/src/share/classes/javopenjdk.orig/jdk/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
@@ -191,27 +191,7 @@
if (disableSystemProps == null &&
"true".equalsIgnoreCase(props.getProperty
("security.useSystemPropertiesFile"))) {
-
- // now load the system file, if it exists, so its values
- // will win if they conflict with the earlier values
- try (BufferedInputStream bis =
- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
- props.load(bis);
- loadedProps = true;
-
- if (sdebug != null) {
- sdebug.println("reading system security properties file " +
- SYSTEM_PROPERTIES);
- sdebug.println(props.toString());
- }
- } catch (IOException e) {
- if (sdebug != null) {
- sdebug.println
- ("unable to load security properties from " +
- SYSTEM_PROPERTIES);
- e.printStackTrace();
- }
- }
+ loadedProps = loadedProps && SystemConfigurator.configure(props);
}
if (!loadedProps) {
diff --git a/src/share/classes/javopenjdk.orig/jdk/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
new file mode 100644
--- /dev/null
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.security;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+
+import java.nio.file.Files;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+
+import java.util.Iterator;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.function.Consumer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import sun.security.util.Debug;
+
+/**
+ * Internal class to align OpenJDK with global crypto-policies.
+ * Called from java.security.Security class initialization,
+ * during startup.
+ *
+ */
+
+class SystemConfigurator {
+
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+
+ private static final String CRYPTO_POLICIES_BASE_DIR =
+ "/etc/crypto-policies";
+
+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+ private static final String CRYPTO_POLICIES_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/config";
+
+ private static final class SecurityProviderInfo {
+ int number;
+ String key;
+ String value;
+ SecurityProviderInfo(int number, String key, String value) {
+ this.number = number;
+ this.key = key;
+ this.value = value;
+ }
+ }
+
+ /*
+ * Invoked when java.security.Security class is initialized, if
+ * java.security.disableSystemPropertiesFile property is not set and
+ * security.useSystemPropertiesFile is true.
+ */
+ static boolean configure(Properties props) {
+ boolean loadedProps = false;
+
+ try (BufferedInputStream bis =
+ new BufferedInputStream(
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
+ props.load(bis);
+ loadedProps = true;
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load security properties from " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ e.printStackTrace();
+ }
+ }
+
+ try {
+ if (enableFips()) {
+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
+ loadedProps = false;
+ // Remove all security providers
+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
+ while (i.hasNext()) {
+ Entry<Object, Object> e = i.next();
+ if (((String) e.getKey()).startsWith("security.provider")) {
+ if (sdebug != null) { sdebug.println("Removing provider: " + e); }
+ i.remove();
+ }
+ }
+ // Add FIPS security providers
+ String fipsProviderValue = null;
+ for (int n = 1;
+ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) {
+ String fipsProviderKey = "security.provider." + n;
+ if (sdebug != null) {
+ sdebug.println("Adding provider " + n + ": " +
+ fipsProviderKey + "=" + fipsProviderValue);
+ }
+ props.put(fipsProviderKey, fipsProviderValue);
+ }
+ loadedProps = true;
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load FIPS configuration");
+ e.printStackTrace();
+ }
+ }
+ return loadedProps;
+ }
+
+ /*
+ * FIPS is enabled only if crypto-policies are set to "FIPS"
+ * and the com.redhat.fips property is true.
+ */
+ private static boolean enableFips() throws Exception {
+ boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "false"));
+ if (fipsEnabled) {
+ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+ return pattern.matcher(cryptoPoliciesConfig).find();
+ } else {
+ return false;
+ }
+ }
+}
diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
--- openjdk.orig/jdk/src/share/lib/security/java.security-linux
+++ openjdk/jdk/src/share/lib/security/java.security-linux
@@ -77,6 +77,14 @@
#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
#
+# Security providers used when global crypto-policies are set to FIPS.
+#
+fips.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.fips.cfg
+fips.provider.2=sun.security.provider.Sun
+fips.provider.3=sun.security.ec.SunEC
+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
+
+#
# Sun Provider SecureRandom seed source.
#
# Select the primary source of seed data for the "SHA1PRNG" and

28
SOURCES/s390-8214206_fix.patch
View File

@ -7,10 +7,22 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.
address base = create_new_base_array(num_target_elems, target_elem_size_in_bytes);
- initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, log2_intptr(mapping_granularity_in_bytes));
+ initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes,
+ log2_intptr((uintptr_t) mapping_granularity_in_bytes));
+ log2_long(mapping_granularity_in_bytes));
}
size_t bias() const { return _bias; }
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
@@ -135,7 +135,7 @@
void BinaryMagnitudeSeq::add(size_t val) {
Atomic::add(val, &_sum);
- int mag = log2_intptr(val) + 1;
+ int mag = log2_long(val) + 1;
// Defensively saturate for product bits:
if (mag < 0) {
diff --git openjdk.orig/hotspot/src/share/vm/runtime/os.cpp openjdk/hotspot/src/share/vm/runtime/os.cpp
--- openjdk.orig/hotspot/src/share/vm/runtime/os.cpp
+++ openjdk/hotspot/src/share/vm/runtime/os.cpp
@ -19,19 +31,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/os.cpp openjdk/hotspot/src/
void os::set_memory_serialize_page(address page) {
- int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64);
+ int count = log2_intptr((uintptr_t) sizeof(class JavaThread)) - log2_int(64);
+ int count = log2_long(sizeof(class JavaThread)) - log2_int(64);
_mem_serialize_page = (volatile int32_t *)page;
// We initialize the serialization page shift count here
// We assume a cache line size of 64 bytes
diff --git openjdk.orig/hotspot/src/share/vm/utilities/numberSeq.cpp openjdk/hotspot/src/share/vm/utilities/numberSeq.cpp
--- openjdk.orig/hotspot/src/share/vm/utilities/numberSeq.cpp
+++ openjdk/hotspot/src/share/vm/utilities/numberSeq.cpp
@@ -369,7 +369,7 @@
void BinaryMagnitudeSeq::add(size_t val) {
Atomic::add(val, &_sum);
- int mag = log2_intptr(val) + 1;
+ int mag = log2_intptr((uintptr_t) val) + 1;
// Defensively saturate for product bits:
if (mag < 0) {

391
SPECS/java-1.8.0-openjdk.spec
View File

@ -76,13 +76,6 @@
%global include_debug_build 0
%endif
# Shenandoah HotSpot used everywhere, but built only on x86_64 and AArch64
%ifarch x86_64 %{aarch64}
%global use_shenandoah_hotspot 1
%else
%global use_shenandoah_hotspot 0
%endif
%if %{include_debug_build}
%global build_loop2 %{debug_suffix}
%else
@ -102,11 +95,12 @@
%endif
%if %{bootstrap_build}
%global targets bootcycle-images docs
%global release_targets bootcycle-images zip-docs
%else
%global targets all
%global release_targets images zip-docs
%endif
# No docs nor bootcycle for debug builds
%global debug_targets images
# Filter out flags from the optflags macro that cause problems with the OpenJDK build
# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs)
@ -188,8 +182,6 @@
%global archinstall %{_arch}
%endif
%ifarch %{jit_arches}
%global with_systemtap 1
%else
@ -206,18 +198,37 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
%global shenandoah_revision aarch64-shenandoah-jdk8u212-b04
%global shenandoah_revision aarch64-shenandoah-jdk8u232-b09
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
%global revision %{shenandoah_revision}
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
# eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%)
%global whole_update %(VERSION=%{revision}; echo ${VERSION%%-*})
%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*})
# eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{revision}; echo ${VERSION##*-})
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
%global extraver %{nil}
%global eaprefix %{nil}
%else
%global milestone ea
%global milestone_version "-ea"
%global extraver .%{milestone}
%global eaprefix 0.
%endif
# priority must be 7 digits in total. The expression is workarounding tip
%global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999})
@ -377,7 +388,9 @@ alternatives \\
--install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
--slave %{_bindir}/extcheck extcheck %{sdkbindir -- %{?1}}/extcheck \\
--slave %{_bindir}/hsdb hsdb %{sdkbindir -- %{?1}}/hsdb \\
--slave %{_bindir}/idlj idlj %{sdkbindir -- %{?1}}/idlj \\
--slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\
--slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\
@ -556,8 +569,6 @@ exit 0
%dir %{_jvmdir}/%{jredir -- %{?1}}
%dir %{_jvmdir}/%{jredir -- %{?1}}/bin
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib
%{_jvmdir}/%{jredir -- %{?1}}/bin/clhsdb
%{_jvmdir}/%{jredir -- %{?1}}/bin/hsdb
%{_jvmdir}/%{jredir -- %{?1}}/bin/java
%{_jvmdir}/%{jredir -- %{?1}}/bin/jjs
%{_jvmdir}/%{jredir -- %{?1}}/bin/keytool
@ -601,7 +612,9 @@ exit 0
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/policytool-%{uniquesuffix -- %{?1}}.1*
%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.cfg
%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.fips.cfg
%ifarch %{jit_arches}
%ifnarch %{power64}
%attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/server/classes.jsa
@ -838,7 +851,9 @@ Requires: libXcomposite%{?_isa}
Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# for java-X-openjdk package's desktop binding
%if 0%{?fedora} || 0%{?rhel} >= 8
Recommends: gtk2%{?_isa}
%endif
Provides: java-%{javaver}-%{origin} = %{epoch}:%{version}-%{release}
@ -861,9 +876,6 @@ Requires: javapackages-filesystem
Requires: tzdata-java >= 2015d
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
# there is a need to depend on the exact version of NSS
Requires: nss%{?_isa} %{NSS_BUILDTIME_VERSION}
Requires: nss-softokn%{?_isa} %{NSSSOFTOKN_BUILDTIME_VERSION}
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
# considered as regression
@ -880,7 +892,9 @@ Requires(postun): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch
Requires(postun): chkconfig >= 1.7
# for optional support of kernel stream control, card reader and printing bindings
%if 0%{?fedora} || 0%{?rhel} >= 8
Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa}
%endif
# Standard JPackage base provides
Provides: jre-headless%{?1} = %{epoch}:%{javaver}
@ -975,7 +989,7 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
Release: 3%{?dist}
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -1037,6 +1051,9 @@ Source13: TestCryptoLevel.java
# Ensure ECDSA is working
Source14: TestECDSA.java
# nss fips configuration file
Source15: nss.fips.cfg.in
Source20: repackReproduciblePolycies.sh
# New versions of config files with aarch64 support. This is not upstream yet.
@ -1057,12 +1074,12 @@ Source101: config.sub
Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
# Restrict access to java-atk-wrapper classes
Patch3: rh1648644-java_access_bridge_privileged_security.patch
# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS
# Not currently suitable to go upstream as it disables curves
# for all providers unconditionally
Patch525: pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch
# Turn on AssumeMP by default on RHEL systems
Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch
# RH1648249: Add PKCS11 provider to java.security
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
Patch1001: rh1655466-global_crypto_and_fips.patch
#############################################
#
@ -1087,24 +1104,9 @@ Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
# PR3601: Fix additional -Wreturn-type issues introduced by 8061651
Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
# Support for building the SunEC provider with the system NSS installation
# PR1983: Support using the system installation of NSS with the SunEC provider
# PR2127: SunEC provider crashes when built using system NSS
# PR2815: Race condition in SunEC provider with system NSS
# PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed
# PR2934: SunEC provider throwing KeyException with current NSS
# PR3479, RH1486025: ECC and NSS JVM crash
Patch513: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch
Patch514: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_root8.patch
Patch515: pr2127-sunec_provider_crashes_when_built_using_system_nss_thus_use_of_nss_memory_management_functions.patch
Patch516: pr2815-race_condition_in_sunec_provider_with_system_nss_fix.patch
Patch517: pr2899-dont_use_withseed_versions_of_nss_functions_as_they_dont_fully_process_the_seed.patch
Patch518: pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch
Patch519: pr3479-rh1486025-sunec_provider_can_have_multiple_instances_leading_to_premature_nss_shutdown.patch
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
Patch540: pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch
Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
# PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy
Patch300: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# PR3655: Allow use of system crypto policy to be disabled by the user
@ -1144,20 +1146,12 @@ Patch107: s390-8214206_fix.patch
Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch
# S8154313: Generated javadoc scattered all over the place
Patch400: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch
# 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode
Patch563: jdk8171000-pr3542-rh1402819-robot_createScreenCapture_crashes_in_wayland_mode.patch
# 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds
Patch564: jdk8197546-pr3542-rh1402819-fix_for_8171000_breaks_solaris_linux_builds.patch
# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch
# 8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers
Patch573: jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch
# 8143245, PR3548: Zero build requires disabled warnings
Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch
# 8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8
Patch575: jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch
# 8064786, PR3599: Fix debug build after 8062808: Turn on the -Wreturn-type warning
Patch576: jdk8064786-pr3599-fix_debug_build_after_8062808_Turn_on_the_wreturn_type_warning.patch
# 8062808, PR3548: Turn on the -Wreturn-type warning
Patch577: jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch
# s390: JDK-8203030, Type fixing for s390
@ -1166,23 +1160,6 @@ Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
Patch202: jdk8035341-allow_using_system_installed_libpng.patch
# 8042159: Allow using a system-installed lcms2
Patch203: jdk8042159-allow_using_system_installed_lcms2.patch
# 8210761: libjsig is being compiled without optimization
Patch620: jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch
# 8210416: [linux] Poor StrictMath performance due to non-optimized compilation
Patch622: jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch
# 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
# Upstream 8u part.
Patch623: jdk8210425-rh1632174-01-compile_with_o2_and_ffp_contract_off_as_for_fdlibm.patch
# 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
# Aarch64-port 8u local part
Patch624: jdk8210425-rh1632174-02-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_aarch64.patch
# 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
# Zero part of the fix for (arm/s390 arches)
Patch625: jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch
# JDK-8223219: Backport of JDK-8199552 to OpenJDK 8 leads to duplicate -fstack-protector flags,
# overriding --with-extra-cflags
Patch626: 8223219-fstack-protector-root.patch
Patch627: 8223219-fstack-protector-hotspot.patch
#############################################
#
@ -1213,8 +1190,6 @@ Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch
# and should be upstreamed to the appropriate
# trees.
#############################################
# PR3634: Shenandoah still broken on s390 with aarch64-shenandoah-jdk8u181-b16
Patch582: pr3634-fix_shenandoah_for_size_t_on_s390.patch
#############################################
#
@ -1223,7 +1198,6 @@ Patch582: pr3634-fix_shenandoah_for_size_t_on_s390.patch
# This section includes patches to code other
# that from OpenJDK.
#############################################
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
#############################################
#
@ -1238,19 +1212,20 @@ BuildRequires: cups-devel
BuildRequires: desktop-file-utils
# elfutils only are OK for build without AOT
BuildRequires: elfutils-devel
BuildRequires: fontconfig
BuildRequires: fontconfig-devel
BuildRequires: freetype-devel
BuildRequires: giflib-devel
BuildRequires: gcc-c++
BuildRequires: gdb
BuildRequires: gtk2-devel
BuildRequires: lcms2-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
BuildRequires: libxslt
BuildRequires: libX11-devel
BuildRequires: libXext-devel
BuildRequires: libXi-devel
BuildRequires: libXinerama-devel
BuildRequires: libXrender-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
# Requirements for setting up the nss.cfg
@ -1274,8 +1249,6 @@ BuildRequires: libffi-devel
BuildRequires: tzdata-java >= 2015d
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
# Build requirements for SunEC system NSS support
BuildRequires: nss-softokn-freebl-devel >= 3.16.1
%if %{with_systemtap}
BuildRequires: systemtap-sdt-devel
@ -1397,6 +1370,7 @@ The java-%{origin}-src-slowdebug sub-package contains the complete %{origin_nice
Summary: %{origin_nice} %{majorver} API documentation
Group: Documentation
Requires: javapackages-filesystem
Obsoletes: javadoc-debug
BuildArch: noarch
%{java_javadoc_rpo %{nil}}
@ -1410,6 +1384,7 @@ The %{origin_nice} %{majorver} API documentation.
Summary: %{origin_nice} %{majorver} API documentation compressed in single archive
Group: Documentation
Requires: javapackages-filesystem
Obsoletes: javadoc-zip-debug
BuildArch: noarch
%{java_javadoc_rpo %{nil}}
@ -1418,33 +1393,6 @@ BuildArch: noarch
The %{origin_nice} %{majorver} API documentation compressed in single archive.
%endif
%if %{include_debug_build}
%package javadoc-slowdebug
Summary: %{origin_nice} %{majorver} API documentation %{for_debug}
Group: Documentation
Requires: javapackages-filesystem
BuildArch: noarch
%{java_javadoc_rpo -- %{debug_suffix_unquoted}}
%description javadoc-slowdebug
The %{origin_nice} %{majorver} API documentation %{for_debug}.
%endif
%if %{include_debug_build}
%package javadoc-zip-slowdebug
Summary: %{origin_nice} %{majorver} API documentation compressed in single archive %{for_debug}
Group: Documentation
Requires: javapackages-filesystem
BuildArch: noarch
%{java_javadoc_rpo -- %{debug_suffix_unquoted}}
%description javadoc-zip-slowdebug
The %{origin_nice} %{majorver} API documentation compressed in single archive %{for_debug}.
%endif
%if %{include_normal_build}
%package accessibility
Summary: %{origin_nice} %{majorver} accessibility connector
@ -1489,6 +1437,10 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 ] ; then
echo "You have disabled both include_debug_build and include_normal_build. That is a no go."
exit 13
fi
echo "Update version: %{updatever}"
echo "Build number: %{buildver}"
echo "Milestone: %{milestone}"
%setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}`
@ -1541,39 +1493,21 @@ sh %{SOURCE12}
%patch502
%patch504
%patch512
%patch513
%patch514
%patch515
%patch516
%patch517
%patch518
%patch519
%patch400
%patch523
%patch528
%patch529
%patch531
%patch530
%patch563
%patch564
%patch571
%patch573
%patch574
%patch575
%patch576
%patch577
%patch620
%patch622
%patch623
%patch624
%patch625
%patch626
%patch627
# RPM-only fixes
%patch525
%patch539
%patch540
%patch1000
%patch1001
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@ -1581,9 +1515,6 @@ sh %{SOURCE12}
%endif
# Shenandoah patches
%patch582
%patch1000
# Extract systemtap tapsets
%if %{with_systemtap}
@ -1629,6 +1560,9 @@ done
# Setup nss.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE15} > nss.fips.cfg
sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@ -1676,20 +1610,17 @@ top_dir_abs_path=$(pwd)/%{top_level_dir_name}
mkdir -p %{buildoutputdir -- $suffix}
pushd %{buildoutputdir -- $suffix}
NSS_LIBS="%{NSS_LIBS} -lfreebl" \
NSS_CFLAGS="%{NSS_CFLAGS}" \
bash ../../configure \
%ifnarch %{jit_arches}
--with-jvm-variants=zero \
%endif
--with-native-debug-symbols=internal \
--with-milestone="fcs" \
--with-milestone=%{milestone} \
--with-update-version=%{updatever} \
--with-build-number=%{buildver} \
--with-boot-jdk=/usr/lib/jvm/java-openjdk \
--with-debug-level=$debugbuild \
--enable-unlimited-crypto \
--enable-system-nss \
--with-zlib=system \
--with-libjpeg=system \
--with-giflib=system \
@ -1704,13 +1635,17 @@ bash ../../configure \
cat spec.gmk
cat hotspot-spec.gmk
# Debug builds don't need same targets as release for
# build speed-up
maketargets="%{release_targets}"
if echo $debugbuild | grep -q "debug" ; then
maketargets="%{debug_targets}"
fi
make \
JAVAC_FLAGS=-g \
LOG=trace \
SCTP_WERROR= \
%{targets} || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false )
make zip-docs
$maketargets || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false )
# the build (erroneously) removes read permissions from some jars
# this is a regression in OpenJDK 7 (our compiler):
@ -1735,6 +1670,9 @@ export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/jre/lib/security/
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
install -m 644 nss.fips.cfg $JAVA_HOME/jre/lib/security/
# Use system-wide tzdata
rm $JAVA_HOME/jre/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat
@ -1906,12 +1844,13 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien
popd
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
fi
# Install icons and menu entries
for s in 16 24 32 48 ; do
@ -1973,7 +1912,7 @@ touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/securi
# moving config files to /etc
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/unlimited/
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/limited/
for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy.jar lib/security/policy/unlimited/local_policy.jar lib/security/policy/limited/US_export_policy.jar lib/security/policy/limited/local_policy.jar lib/security/java.policy lib/security/java.security lib/security/blacklisted.certs lib/logging.properties lib/calendars.properties lib/security/nss.cfg ; do
for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy.jar lib/security/policy/unlimited/local_policy.jar lib/security/policy/limited/US_export_policy.jar lib/security/policy/limited/local_policy.jar lib/security/java.policy lib/security/java.security lib/security/blacklisted.certs lib/logging.properties lib/calendars.properties lib/security/nss.cfg lib/security/nss.fips.cfg ; do
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/$file
ln -sf %{etcjavadir -- $suffix}/$file $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file
done
@ -2093,17 +2032,6 @@ require "copy_jdk_configs.lua"
%posttrans devel-slowdebug
%{posttrans_devel -- %{debug_suffix_unquoted}}
%post javadoc-slowdebug
%{post_javadoc -- %{debug_suffix_unquoted}}
%postun javadoc-slowdebug
%{postun_javadoc -- %{debug_suffix_unquoted}}
%post javadoc-zip-slowdebug
%{post_javadoc_zip -- %{debug_suffix_unquoted}}
%postun javadoc-zip-slowdebug
%{postun_javadoc_zip -- %{debug_suffix_unquoted}}
%endif
%if %{include_normal_build}
@ -2161,17 +2089,172 @@ require "copy_jdk_configs.lua"
%files src-slowdebug
%{files_src -- %{debug_suffix_unquoted}}
%files javadoc-slowdebug
%{files_javadoc -- %{debug_suffix_unquoted}}
%files javadoc-zip-slowdebug
%{files_javadoc_zip -- %{debug_suffix_unquoted}}
%files accessibility-slowdebug
%{files_accessibility -- %{debug_suffix_unquoted}}
%endif
%changelog
* Thu Nov 14 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-3
- Bump release number for RHEL 8.2.0.
- Resolves: rhbz#1753423
* Fri Oct 25 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-2
- Disable FIPS mode support unless com.redhat.fips is set to "true".
- Resolves: rhbz#1655466
* Fri Oct 11 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-1
- Update to aarch64-shenandoah-jdk8u232-b09.
- Switch to GA mode for final release.
- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream.
- Resolves: rhbz#1753423
* Fri Oct 11 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b08-0.1.ea
- Update to aarch64-shenandoah-jdk8u232-b08.
- Resolves: rhbz#1753423
* Fri Oct 11 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b05-0.2.ea
- Update to aarch64-shenandoah-jdk8u232-b05-shenandoah-merge-2019-09-09.
- Resolves: rhbz#1753423
* Thu Oct 10 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u232-b05.
- Drop upstreamed patch JDK-8141570/PR3548.
- Adjust context of JDK-8143245/PR3548 to apply against upstream JDK-8141570.
- Resolves: rhbz#1753423
* Mon Oct 07 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u232-b01.
- Switch to EA mode.
- Drop JDK-8210761/RH1632174 as now upstream.
- Drop JDK-8223219 as now upstream.
- JDK-8226870 removed clhsdb and hdsdb from the JRE bin directory, so we should do likewise.
- Add alternatives support for these two new SDK binaries.
- Resolves: rhbz#1753423
* Fri Sep 27 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b10-3
- SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
- Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
- Resolves: rhbz#1750752
* Wed Aug 21 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b10-2
- nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
- Resolves: rhbz#1655466
* Thu Aug 15 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b10-2
- Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
- Resolves: rhbz#1655466
* Thu Aug 15 2019 Martin Balao <mbalao@redhat.com> - 1:1.8.0.222.b10-2
- Support the FIPS mode crypto policy on RHEL 8.
- Resolves: rhbz#1655466
* Thu Jul 11 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b10-1
- Update to aarch64-shenandoah-jdk8u222-b10.
- Resolves: rhbz#1724452
* Tue Jul 09 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b09-2
- Drop NSS runtime dependencies and patches to link against it.
- Resolves: rhbz#1678557
* Tue Jul 09 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b09-1
- Update to aarch64-shenandoah-jdk8u222-b09.
- Switch to GA mode for final release.
- Resolves: rhbz#1724452
* Tue Jul 09 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b08-0.1.ea
- Update to aarch64-shenandoah-jdk8u222-b08.
- Adjust PR3083/RH134640 to apply after JDK-8182999
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b07-0.1.ea
- Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13.
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b06-0.1.ea
- Update to aarch64-shenandoah-jdk8u222-b06.
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u222-b05.
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u222-b04.
- Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream.
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u222-b03.
- Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u.
- Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes.
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u222-b02.
- Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100).
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-2
- Switch to EA mode
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-1
- fontconfig build requirement should be fontconfig-devel, previously masked by Gtk2+ dependency
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-1
- Allow Recommends and Suggests on Fedora platforms too.
- Resolves: rhbz#1724452
* Mon Jul 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-1
- Add missing build requirements for libXext-devel and libXrender-devel, previously masked by Gtk2+ dependency.
- Resolves: rhbz#1724452
* Sun Jul 07 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-1
- Add new tarball to new format sources file.
- Resolves: rhbz#1724452
* Sun Jul 07 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-1
- Drop unnecessary build requirement on gtk2-devel, as OpenJDK searches for Gtk+ at runtime.
- Resolves: rhbz#1724452
* Sun Jul 07 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-1
- Make use of Recommends and Suggests dependent on RHEL 8+ environment.
- Resolves: rhbz#1724452
* Sun Jul 07 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b01-1
- Update to aarch64-shenandoah-jdk8u222-b01.
- Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575.
- Drop 8171000 & 8197546 as applied upstream.
- Resolves: rhbz#1724452
* Wed Jul 03 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.212.b04-5
- Obsolete javadoc-debug and javadoc-debug-zip packages via javadoc and javadoc-zip respectively.
- Resolves: rhbz#1724452
* Wed Jul 03 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:1.8.0.212.b04-5
- Include 'ea' designator in Release when appropriate.
- Resolves: rhbz#1724452
* Wed Jul 03 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:1.8.0.212.b04-5
- Don't produce javadoc/javadoc-zip sub packages for the debug variant build.
- Don't perform a bootcycle build for the debug variant build.
- Resolves: rhbz#1724452
* Wed Jul 03 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.212.b04-5
- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately.
- Drop unused use_shenandoah_hotspot variable.
- Resolves: rhbz#1724452
* Fri Jun 14 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.212.b04-4
- Update to aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30.
- Update version logic to handle -shenandoah* tag suffix.
- Drop PR3634 as applied upstream.
- Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp
- Update 8214206 to use log2_long rather than casting to intptr_t, which may be smaller than size_t.
- Resolves: rhbz#1688365
- Resolves: rhbz#1688382
* Thu May 02 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.212.b04-3
- Remove additions to EXTRA_CFLAGS and EXTRA_CPP_FLAGS which are now made by upstream.
- Resolves: rhbz#1693468